From b85637e06baa1ca858b8438c7e67d6dcdbf3e38e Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Mon, 27 Jul 2015 10:43:49 -0600 Subject: [PATCH 001/102] Fixed bug when getting PEM encoded sz. Add idx check --- src/ssl.c | 2 +- wolfcrypt/src/coding.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5b7cc6f5e..0cb454215 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15481,7 +15481,7 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, word32 szNeeded = 0; WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem"); - if (!chain || !outLen) + if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain)) return BAD_FUNC_ARG; /* Null output buffer return size needed in outLen */ diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 21d10f9e9..c631d2960 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -225,7 +225,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, } *i = idx; - return getSzOnly ? LENGTH_ONLY_E : 0; + return 0; } @@ -319,6 +319,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, return ASN_INPUT_E; *outLen = i; + if(ret == 0) + return getSzOnly ? LENGTH_ONLY_E : 0; return ret; } From 38fb8caec8bed251cd5b7f585dace5d7db89e7b7 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 27 Jul 2015 14:56:26 -0700 Subject: [PATCH 002/102] restore FIPS des3 build w/o opensslextra --- wolfcrypt/src/des3.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index ee068a0bc..cab21a9b3 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -91,12 +91,6 @@ void wc_Des_SetIV(Des* des, const byte* iv) } -int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des_CbcEncryptWithKey(out, in, sz, key, iv); -} - int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, const byte* key, const byte* iv) { @@ -110,12 +104,6 @@ int wc_Des3_SetIV(Des3* des, const byte* iv) } -int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des3_CbcEncryptWithKey(out, in, sz, key, iv); -} - int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, const byte* key, const byte* iv) { From 388d023df664e634daa46f2ac1e77eec178021b9 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 28 Jul 2015 09:29:47 -0700 Subject: [PATCH 003/102] put rsa non public enums back into c file for FIPS --- src/ssl.c | 4 ++-- wolfcrypt/src/rsa.c | 16 ++++++++++++++++ wolfssl/wolfcrypt/rsa.h | 13 ------------- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 0cb454215..637db8d61 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12514,8 +12514,8 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex"); - if (rsa == NULL || rsa->internal == NULL || - bits < RSA_MIN_SIZE || bits > RSA_MAX_SIZE) { + if (rsa == NULL || rsa->internal == NULL) { + /* bit size checked during make key call */ WOLFSSL_MSG("bad arguments"); return SSL_FAILURE; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index bc85a949e..5cd6e6331 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -144,6 +144,22 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, word32 outLen, RsaKey* key); #endif +enum { + RSA_PUBLIC_ENCRYPT = 0, + RSA_PUBLIC_DECRYPT = 1, + RSA_PRIVATE_ENCRYPT = 2, + RSA_PRIVATE_DECRYPT = 3, + + RSA_BLOCK_TYPE_1 = 1, + RSA_BLOCK_TYPE_2 = 2, + + RSA_MIN_SIZE = 512, + RSA_MAX_SIZE = 4096, + + RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ +}; + + int wc_InitRsaKey(RsaKey* key, void* heap) { #ifdef HAVE_CAVIUM diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 1f12df941..df650b3db 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -47,19 +47,6 @@ enum { RSA_PUBLIC = 0, RSA_PRIVATE = 1, - - RSA_PUBLIC_ENCRYPT = 0, - RSA_PUBLIC_DECRYPT = 1, - RSA_PRIVATE_ENCRYPT = 2, - RSA_PRIVATE_DECRYPT = 3, - - RSA_BLOCK_TYPE_1 = 1, - RSA_BLOCK_TYPE_2 = 2, - - RSA_MIN_SIZE = 512, - RSA_MAX_SIZE = 4096, - - RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ }; From 480bab467d1bd77a96b0525ac34165ebc804c81f Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 28 Jul 2015 09:35:28 -0700 Subject: [PATCH 004/102] fix warning --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index 637db8d61..f5edfdd7c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12511,6 +12511,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, (void)cb; (void)bn; + (void)bits; WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex"); From 2f3b7b05bac54576dd3a2928e979b382e4c94cee Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 28 Jul 2015 16:30:10 -0700 Subject: [PATCH 005/102] move wc_ShaHash() outside of sha.[hc] --- wolfcrypt/src/asn.c | 1 + wolfcrypt/src/hash.c | 33 +++++++++++++++++++++++++++++++++ wolfcrypt/src/sha.c | 30 ------------------------------ wolfssl/wolfcrypt/hash.h | 1 + wolfssl/wolfcrypt/sha.h | 1 - 5 files changed, 35 insertions(+), 31 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 05d882457..53562e943 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -42,6 +42,7 @@ #include #include +#include #ifndef NO_RC4 diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 55a1f6a1d..f9ed38f41 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -24,6 +24,7 @@ #endif #include +#include #if !defined(WOLFSSL_TI_HASH) @@ -55,8 +56,40 @@ int wc_ShaGetHash(Sha* sha, byte* hash) WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) { *s1 = *s2 ; } + +int wc_ShaHash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha* sha; +#else + Sha sha[1]; #endif +#ifdef WOLFSSL_SMALL_STACK + sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha == NULL) + return MEMORY_E; +#endif + + if ((ret = wc_InitSha(sha)) != 0) { + WOLFSSL_MSG("wc_InitSha failed"); + } + else { + wc_ShaUpdate(sha, data, len); + wc_ShaFinal(sha, hash); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; + +} + +#endif /* !defined(NO_SHA) */ + #if !defined(NO_SHA256) int wc_Sha256GetHash(Sha256* sha256, byte* hash) { diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index be8cf17af..b7f119d50 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -421,36 +421,6 @@ int wc_ShaFinal(Sha* sha, byte* hash) #endif /* STM32F2_HASH */ -int wc_ShaHash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha* sha; -#else - Sha sha[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha(sha)) != 0) { - WOLFSSL_MSG("wc_InitSha failed"); - } - else { - wc_ShaUpdate(sha, data, len); - wc_ShaFinal(sha, hash); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; - -} #endif /* HAVE_FIPS */ #endif /* WOLFSSL_TI_HASH */ diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index ad1062809..2dfc1cc30 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -31,6 +31,7 @@ WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; #include WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; +WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); #endif #ifndef NO_SHA256 #include diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 80a2c9832..76a08ba92 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -76,7 +76,6 @@ typedef struct Sha { WOLFSSL_API int wc_InitSha(Sha*); WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32); WOLFSSL_API int wc_ShaFinal(Sha*, byte*); -WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); #ifdef __cplusplus } /* extern "C" */ From 9d2b7117960f21247f76b80431d8fed203f2c464 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 28 Jul 2015 16:34:23 -0700 Subject: [PATCH 006/102] add wc_Sha256Hash() outside of sha256.[hc] --- wolfcrypt/src/hash.c | 33 +++++++++++++++++++++++++++++++++ wolfcrypt/src/sha256.c | 31 ------------------------------- wolfssl/wolfcrypt/hash.h | 1 + wolfssl/wolfcrypt/sha256.h | 1 - 4 files changed, 34 insertions(+), 32 deletions(-) diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index f9ed38f41..7ed3f45b2 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -103,7 +103,40 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash) WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) { *s1 = *s2 ; } + +int wc_Sha256Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha256* sha256; +#else + Sha256 sha256[1]; #endif +#ifdef WOLFSSL_SMALL_STACK + sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha256 == NULL) + return MEMORY_E; #endif + if ((ret = wc_InitSha256(sha256)) != 0) { + WOLFSSL_MSG("InitSha256 failed"); + } + else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) { + WOLFSSL_MSG("Sha256Update failed"); + } + else if ((ret = wc_Sha256Final(sha256, hash)) != 0) { + WOLFSSL_MSG("Sha256Final failed"); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* !defined(NO_SHA256) */ + + +#endif /* !defined(WOLFSSL_TI_HASH) */ + diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index f9f02b003..6b81ff095 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -545,37 +545,6 @@ int wc_Sha256Final(Sha256* sha256, byte* hash) -int wc_Sha256Hash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha256* sha256; -#else - Sha256 sha256[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha256(sha256)) != 0) { - WOLFSSL_MSG("InitSha256 failed"); - } - else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) { - WOLFSSL_MSG("Sha256Update failed"); - } - else if ((ret = wc_Sha256Final(sha256, hash)) != 0) { - WOLFSSL_MSG("Sha256Final failed"); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2dfc1cc30..2cc59d746 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -37,6 +37,7 @@ WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); #include WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; +WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); #endif #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 7cf6d8677..b7d0df1b6 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -74,7 +74,6 @@ typedef struct Sha256 { WOLFSSL_API int wc_InitSha256(Sha256*); WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32); WOLFSSL_API int wc_Sha256Final(Sha256*, byte*); -WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); #ifdef __cplusplus } /* extern "C" */ From e97a60c647370f68d11c6ad803ef38b745ce7167 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 28 Jul 2015 16:41:32 -0700 Subject: [PATCH 007/102] move wc_Sha512/384 Hash() outside of sha512.[hc] --- wolfcrypt/src/hash.c | 69 ++++++++++++++++++++++++++++++++++++++ wolfcrypt/src/sha512.c | 62 ---------------------------------- wolfssl/wolfcrypt/hash.h | 13 ++++++- wolfssl/wolfcrypt/sha512.h | 2 -- 4 files changed, 81 insertions(+), 65 deletions(-) diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 7ed3f45b2..1f47cd66d 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -138,5 +138,74 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash) #endif /* !defined(NO_SHA256) */ +#if defined(WOLFSSL_SHA512) +int wc_Sha512Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha512* sha512; +#else + Sha512 sha512[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha512 == NULL) + return MEMORY_E; +#endif + + if ((ret = wc_InitSha512(sha512)) != 0) { + WOLFSSL_MSG("InitSha512 failed"); + } + else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) { + WOLFSSL_MSG("Sha512Update failed"); + } + else if ((ret = wc_Sha512Final(sha512, hash)) != 0) { + WOLFSSL_MSG("Sha512Final failed"); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#if defined(WOLFSSL_SHA384) +int wc_Sha384Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha384* sha384; +#else + Sha384 sha384[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha384 == NULL) + return MEMORY_E; +#endif + + if ((ret = wc_InitSha384(sha384)) != 0) { + WOLFSSL_MSG("InitSha384 failed"); + } + else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) { + WOLFSSL_MSG("Sha384Update failed"); + } + else if ((ret = wc_Sha384Final(sha384, hash)) != 0) { + WOLFSSL_MSG("Sha384Final failed"); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* defined(WOLFSSL_SHA384) */ +#endif /* defined(WOLFSSL_SHA512) */ + #endif /* !defined(WOLFSSL_TI_HASH) */ diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 8e52da909..d9c4fa0d1 100755 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -609,37 +609,6 @@ int wc_Sha512Final(Sha512* sha512, byte* hash) } -int wc_Sha512Hash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha512* sha512; -#else - Sha512 sha512[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha512(sha512)) != 0) { - WOLFSSL_MSG("InitSha512 failed"); - } - else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) { - WOLFSSL_MSG("Sha512Update failed"); - } - else if ((ret = wc_Sha512Final(sha512, hash)) != 0) { - WOLFSSL_MSG("Sha512Final failed"); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} #if defined(HAVE_INTEL_AVX1) @@ -1563,37 +1532,6 @@ int wc_Sha384Final(Sha384* sha384, byte* hash) } -int wc_Sha384Hash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha384* sha384; -#else - Sha384 sha384[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha384(sha384)) != 0) { - WOLFSSL_MSG("InitSha384 failed"); - } - else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) { - WOLFSSL_MSG("Sha384Update failed"); - } - else if ((ret = wc_Sha384Final(sha384, hash)) != 0) { - WOLFSSL_MSG("Sha384Final failed"); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} #if defined(HAVE_INTEL_AVX1) diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2cc59d746..ef620e32f 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -27,12 +27,14 @@ WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; #endif + #ifndef NO_SHA #include WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); #endif + #ifndef NO_SHA256 #include WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); @@ -40,4 +42,13 @@ WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); #endif -#endif +#ifdef WOLFSSL_SHA512 +#include +WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); + #if defined(WOLFSSL_SHA384) + WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); + #endif /* defined(WOLFSSL_SHA384) */ +#endif /* WOLFSSL_SHA512 */ + + +#endif /* WOLF_CRYPT_HASH_H */ diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 83f07c738..455d83854 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -64,7 +64,6 @@ typedef struct Sha512 { WOLFSSL_API int wc_InitSha512(Sha512*); WOLFSSL_API int wc_Sha512Update(Sha512*, const byte*, word32); WOLFSSL_API int wc_Sha512Final(Sha512*, byte*); -WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); #if defined(WOLFSSL_SHA384) @@ -91,7 +90,6 @@ typedef struct Sha384 { WOLFSSL_API int wc_InitSha384(Sha384*); WOLFSSL_API int wc_Sha384Update(Sha384*, const byte*, word32); WOLFSSL_API int wc_Sha384Final(Sha384*, byte*); -WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); #endif /* WOLFSSL_SHA384 */ From b8fac462cd56598ca1c7e5ebf62c5c12fa9a50c9 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 28 Jul 2015 16:55:58 -0700 Subject: [PATCH 008/102] No oneshot Hash() in FIPS c files anymore --- wolfcrypt/src/sha.c | 5 ----- wolfcrypt/src/sha256.c | 5 ----- wolfcrypt/src/sha512.c | 9 --------- 3 files changed, 19 deletions(-) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index b7f119d50..984d7343d 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -57,11 +57,6 @@ return ShaFinal_fips(sha,out); } - int wc_ShaHash(const byte* data, word32 sz, byte* out) - { - return ShaHash(data, sz, out); - } - #else /* else build without fips */ #if defined(WOLFSSL_TI_HASH) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 6b81ff095..3dc1f4a8e 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -49,11 +49,6 @@ int wc_Sha256Final(Sha256* sha, byte* out) } -int wc_Sha256Hash(const byte* data, word32 len, byte* out) -{ - return Sha256Hash(data, len, out); -} - #else /* else build without fips */ #if !defined(NO_SHA256) && defined(WOLFSSL_TI_HASH) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index d9c4fa0d1..e5fa61dc1 100755 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -47,11 +47,6 @@ int wc_Sha512Final(Sha512* sha, byte* out) } -int wc_Sha512Hash(const byte* data, word32 len, byte* out) -{ - return Sha512Hash(data, len, out); -} - #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM) int wc_InitSha384(Sha384* sha) @@ -72,10 +67,6 @@ int wc_Sha384Final(Sha384* sha, byte* out) } -int wc_Sha384Hash(const byte* data, word32 len, byte* out) -{ - return Sha384Hash(data, len, out); -} #endif /* WOLFSSL_SHA384 */ #else /* else build without using fips */ #include From 12ffa1b77810d896501c6a345adbc1256f4bc6ba Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 29 Jul 2015 10:43:54 -0700 Subject: [PATCH 009/102] fix small stack with hash changes --- wolfcrypt/src/hash.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 1f47cd66d..d397e91fa 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -25,6 +25,7 @@ #include #include +#include #if !defined(WOLFSSL_TI_HASH) From 6d172fce32245bc45fa0ac7c2009187f4b987c51 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 29 Jul 2015 14:40:57 -0700 Subject: [PATCH 010/102] hash.h should pull in types before checking defines --- wolfssl/wolfcrypt/hash.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index ef620e32f..2b35d5a6a 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -22,6 +22,8 @@ #ifndef WOLF_CRYPT_HASH_H #define WOLF_CRYPT_HASH_H +#include + #ifndef NO_MD5 #include WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); From 011fdc110386cbaaa10a9f8872108f35d69019e6 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 30 Jul 2015 12:42:25 -0700 Subject: [PATCH 011/102] move AES oneshot calls out of aes.[hc] --- src/include.am | 1 + src/ssl.c | 1 + wolfcrypt/src/aes.c | 66 -------------------------- wolfcrypt/src/wc_encrypt.c | 87 ++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/aes.h | 6 --- wolfssl/wolfcrypt/include.am | 1 + wolfssl/wolfcrypt/wc_encrypt.h | 47 ++++++++++++++++++ 7 files changed, 137 insertions(+), 72 deletions(-) create mode 100644 wolfcrypt/src/wc_encrypt.c create mode 100644 wolfssl/wolfcrypt/wc_encrypt.h diff --git a/src/include.am b/src/include.am index 80ed4de80..b4ba39ddd 100644 --- a/src/include.am +++ b/src/include.am @@ -74,6 +74,7 @@ endif src_libwolfssl_la_SOURCES += \ wolfcrypt/src/logging.c \ + wolfcrypt/src/wc_encrypt.c \ wolfcrypt/src/wc_port.c \ wolfcrypt/src/error.c diff --git a/src/ssl.c b/src/ssl.c index f5edfdd7c..45b28926c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -57,6 +57,7 @@ #include #include #include + #include #ifdef WOLFSSL_SHA512 #include #endif diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c9f8c74ad..9382edaf9 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -55,19 +55,6 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) } -int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv); -} - -int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv); -} - - /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) @@ -1727,59 +1714,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } -int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Aes* aes = NULL; -#else - Aes aes[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (aes == NULL) - return MEMORY_E; -#endif - - ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); - if (ret == 0) - ret = wc_AesCbcDecrypt(aes, out, in, inSz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Aes* aes = NULL; -#else - Aes aes[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (aes == NULL) - return MEMORY_E; -#endif - - ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); - if (ret == 0) - ret = wc_AesCbcEncrypt(aes, out, in, inSz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} /* AES-DIRECT */ diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c new file mode 100644 index 000000000..c46401c3b --- /dev/null +++ b/wolfcrypt/src/wc_encrypt.c @@ -0,0 +1,87 @@ +/* wc_encrypt.c + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include + + +#ifndef NO_AES +int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes = NULL; +#else + Aes aes[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (aes == NULL) + return MEMORY_E; +#endif + + ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); + if (ret == 0) + ret = wc_AesCbcDecrypt(aes, out, in, inSz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes = NULL; +#else + Aes aes[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (aes == NULL) + return MEMORY_E; +#endif + + ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); + if (ret == 0) + ret = wc_AesCbcEncrypt(aes, out, in, inSz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* !NO_AES */ + diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index d99558cbb..29e18f088 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -133,12 +133,6 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); -WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, - const byte* iv); -WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, - const byte* iv); /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 1f3a726b8..67949fc28 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -29,6 +29,7 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/md5.h \ wolfssl/wolfcrypt/misc.h \ wolfssl/wolfcrypt/pkcs7.h \ + wolfssl/wolfcrypt/wc_encrypt.h \ wolfssl/wolfcrypt/wc_port.h \ wolfssl/wolfcrypt/pwdbased.h \ wolfssl/wolfcrypt/rabbit.h \ diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h new file mode 100644 index 000000000..5b9d86ece --- /dev/null +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -0,0 +1,47 @@ +/* wc_encrypt.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef WOLF_CRYPT_ENCRYPT_H +#define WOLF_CRYPT_ENCRYPT_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifndef NO_AES +WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, + const byte* iv); +WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, + const byte* iv); +#endif /* NO_AES */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_ENCRYPT_H */ + From 78cc76b3cda29eb11efd284b51465602d0225fbc Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 30 Jul 2015 12:51:33 -0700 Subject: [PATCH 012/102] move DES oneshot APIs out of des.[hc] --- wolfcrypt/src/des3.c | 123 --------------------------------- wolfcrypt/src/wc_encrypt.c | 116 ++++++++++++++++++++++++++++++- wolfssl/wolfcrypt/des3.h | 12 ---- wolfssl/wolfcrypt/wc_encrypt.h | 17 ++++- 4 files changed, 131 insertions(+), 137 deletions(-) diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index cab21a9b3..a26f109c2 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -91,25 +91,12 @@ void wc_Des_SetIV(Des* des, const byte* iv) } -int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des_CbcDecryptWithKey(out, in, sz, key, iv); -} - - int wc_Des3_SetIV(Des3* des, const byte* iv) { return Des3_SetIV_fips(des, iv); } -int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des3_CbcDecryptWithKey(out, in, sz, key, iv); -} - #ifdef HAVE_CAVIUM /* Initiliaze Des3 for use with Nitrox device */ @@ -1489,61 +1476,6 @@ void wc_Des_SetIV(Des* des, const byte* iv) } -int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des* des = NULL; -#else - Des des[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des == NULL) - return MEMORY_E; -#endif - - ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION); - if (ret == 0) - ret = wc_Des_CbcEncrypt(des, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des* des = NULL; -#else - Des des[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des == NULL) - return MEMORY_E; -#endif - - ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION); - if (ret == 0) - ret = wc_Des_CbcDecrypt(des, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - int wc_Des3_SetIV(Des3* des, const byte* iv) { if (des && iv) @@ -1555,61 +1487,6 @@ int wc_Des3_SetIV(Des3* des, const byte* iv) } -int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des3* des3 = NULL; -#else - Des3 des3[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des3 == NULL) - return MEMORY_E; -#endif - - ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION); - if (ret == 0) - ret = wc_Des3_CbcEncrypt(des3, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des3* des3 = NULL; -#else - Des3 des3[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des3 == NULL) - return MEMORY_E; -#endif - - ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION); - if (ret == 0) - ret = wc_Des3_CbcDecrypt(des3, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - #ifdef HAVE_CAVIUM #include "cavium_common.h" diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index c46401c3b..db8390ddc 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -25,6 +25,7 @@ #include #include +#include #include #include @@ -48,7 +49,7 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); if (ret == 0) - ret = wc_AesCbcDecrypt(aes, out, in, inSz); + ret = wc_AesCbcDecrypt(aes, out, in, inSz); #ifdef WOLFSSL_SMALL_STACK XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -85,3 +86,116 @@ int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, } #endif /* !NO_AES */ + +#ifndef NO_DES3 +int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des* des = NULL; +#else + Des des[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des == NULL) + return MEMORY_E; +#endif + + ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION); + if (ret == 0) + ret = wc_Des_CbcEncrypt(des, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des* des = NULL; +#else + Des des[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des == NULL) + return MEMORY_E; +#endif + + ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION); + if (ret == 0) + ret = wc_Des_CbcDecrypt(des, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des3* des3 = NULL; +#else + Des3 des3[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des3 == NULL) + return MEMORY_E; +#endif + + ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION); + if (ret == 0) + ret = wc_Des3_CbcEncrypt(des3, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des3* des3 = NULL; +#else + Des3 des3[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des3 == NULL) + return MEMORY_E; +#endif + + ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION); + if (ret == 0) + ret = wc_Des3_CbcDecrypt(des3, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* !NO_DES3 */ diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h index c0d9394a2..a61e5e2e1 100644 --- a/wolfssl/wolfcrypt/des3.h +++ b/wolfssl/wolfcrypt/des3.h @@ -92,12 +92,6 @@ WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); -WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); -WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); @@ -106,12 +100,6 @@ WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz); WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); -WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); -WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); #ifdef HAVE_CAVIUM WOLFSSL_API int wc_Des3_InitCavium(Des3*, int); diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h index 5b9d86ece..f5425a03a 100644 --- a/wolfssl/wolfcrypt/wc_encrypt.h +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -36,9 +36,24 @@ WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, const byte* key, word32 keySz, const byte* iv); -#endif /* NO_AES */ +#endif /* !NO_AES */ +#ifndef NO_DES3 +WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +#endif /* !NO_DES3 */ + #ifdef __cplusplus } /* extern "C" */ #endif From 2cbb30745eb6d575646f3bab1b8e33322c93ec9d Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 30 Jul 2015 12:59:17 -0700 Subject: [PATCH 013/102] bump dev version --- configure.ac | 2 +- support/wolfssl.pc | 2 +- wolfssl/version.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 718675ae9..08acfd7aa 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index f95d19b7a..619d3a7c2 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.2 +Version: 3.6.3 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index f5a990a10..c14cdc514 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.2" -#define LIBWOLFSSL_VERSION_HEX 0x03006002 +#define LIBWOLFSSL_VERSION_STRING "3.6.3" +#define LIBWOLFSSL_VERSION_HEX 0x03006003 #ifdef __cplusplus } From e1513c30d262e5c772e3bf48da2b6b6b8cf4719d Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 30 Jul 2015 14:24:45 -0700 Subject: [PATCH 014/102] added a pre-push hook. move fips test to pre-push check --- autogen.sh | 1 + commit-tests.sh | 8 -------- pre-push.sh | 19 +++++++++++++++++++ 3 files changed, 20 insertions(+), 8 deletions(-) create mode 100755 pre-push.sh diff --git a/autogen.sh b/autogen.sh index f0042765d..d817ee781 100755 --- a/autogen.sh +++ b/autogen.sh @@ -9,6 +9,7 @@ if test -d .git; then mkdir .git/hooks fi ln -s -f ../../pre-commit.sh .git/hooks/pre-commit + ln -s -f ../../pre-push.sh .git/hooks/pre-push fi # Set HAVE_FIPS_SOURCE to 1 in your .profile if you have access to the FIPS diff --git a/commit-tests.sh b/commit-tests.sh index eae91ab19..d7a95af48 100755 --- a/commit-tests.sh +++ b/commit-tests.sh @@ -31,12 +31,4 @@ make -j 8 test; RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1 -if [ -n "$HAVE_FIPS_SOURCE" ]; -then - echo -e "\n\nTesting with FIPS release code...\n\n" - ./fips-check.sh - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1 -fi - exit 0 diff --git a/pre-push.sh b/pre-push.sh new file mode 100755 index 000000000..f5a065bd1 --- /dev/null +++ b/pre-push.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# +# +# Our "pre-push" hook. + +RESULT=0 + +if [ -n "$HAVE_FIPS_SOURCE" ]; +then + echo -e "\n\nTesting with FIPS release code...\n\n" + ./fips-check.sh --no-keep + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1 +fi + +[ $RESULT -ne 0 ] && echo "\nOops, your push failed\n" && exit 1 + +echo "\nPush tests passed!\n" +exit 0 From bcaa8cde06ef3db0e9a66a1493ad8627fdeba36a Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 30 Jul 2015 14:32:16 -0700 Subject: [PATCH 015/102] fix pre-push calling fips-check with unimplemented option --- fips-check.sh | 10 +++++----- pre-push.sh | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index d47cb1c32..a60050fe7 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -79,13 +79,13 @@ linux) esac git clone . $TEST_DIR -[ $? -ne 0 ] && echo -e "\n\nCouldn't duplicate current working directory.\n\n" && exit 1 +[ $? -ne 0 ] && echo "\n\nCouldn't duplicate current working directory.\n\n" && exit 1 pushd $TEST_DIR # make a clone of the last FIPS release tag git clone -b $CTAO_VERSION $CTAO_REPO old-tree -[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1 +[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1 for MOD in ${WC_MODS[@]} do @@ -102,7 +102,7 @@ cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH # clone the FIPS repository git clone -b $FIPS_VERSION $FIPS_REPO fips -[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1 +[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1 for SRC in ${FIPS_SRCS[@]} do @@ -113,7 +113,7 @@ done ./autogen.sh ./configure --enable-fips make -[ $? -ne 0 ] && echo -e "\n\nMake failed. Debris left for analysis." && exit 1 +[ $? -ne 0 ] && echo "\n\nMake failed. Debris left for analysis." && exit 1 NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'` if [ -n "$NEWHASH" ]; then @@ -122,7 +122,7 @@ if [ -n "$NEWHASH" ]; then fi make test -[ $? -ne 0 ] && echo -e "\n\nTest failed. Debris left for analysis." && exit 1 +[ $? -ne 0 ] && echo "\n\nTest failed. Debris left for analysis." && exit 1 # Clean up popd diff --git a/pre-push.sh b/pre-push.sh index f5a065bd1..5315eecb9 100755 --- a/pre-push.sh +++ b/pre-push.sh @@ -7,8 +7,8 @@ RESULT=0 if [ -n "$HAVE_FIPS_SOURCE" ]; then - echo -e "\n\nTesting with FIPS release code...\n\n" - ./fips-check.sh --no-keep + echo "\n\nTesting with FIPS release code...\n\n" + ./fips-check.sh RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1 fi From 27371263b78bd75878a89b7d5186b0553b229d03 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 30 Jul 2015 14:47:52 -0700 Subject: [PATCH 016/102] move variable declaration to beginning of block --- wolfcrypt/src/asn.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 53562e943..0faea7dcb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4914,11 +4914,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */ if (sizes[i] <= MAX_SEQ_SZ) { + int err; + /* leading zero */ if (lbit) tmps[i][sizes[i]-1] = 0x00; - int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); + err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); if (err == MP_OKAY) { sizes[i] += (rawLen-lbit); /* lbit included in rawLen */ intTotalLen += sizes[i]; From 97853dc3c25a43aebae7a1414fbba42cf0b2e37e Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 30 Jul 2015 16:31:14 -0700 Subject: [PATCH 017/102] keep resume script from endless loop on bad startup --- scripts/resume.test | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/resume.test b/scripts/resume.test index 17bfd8c9f..b0592af90 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -6,6 +6,7 @@ resume_port=11112 no_pid=-1 server_pid=$no_pid +counter=0 remove_ready_file() { @@ -41,9 +42,10 @@ remove_ready_file ./examples/server/server -r -R -p $resume_port & server_pid=$! -while [ ! -s /tmp/wolfssl_server_ready ]; do +while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do echo -e "waiting for server_ready file..." sleep 0.1 + counter=$((counter+ 1)) done ./examples/client/client -r -p $resume_port From 95db44def33260e4799735473aa4110e532a1f05 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 30 Jul 2015 16:33:14 -0700 Subject: [PATCH 018/102] remove autogen clone of fips repo; pre-push runs fips-check if fips directory exists --- autogen.sh | 11 ----------- pre-push.sh | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/autogen.sh b/autogen.sh index d817ee781..89e475c0b 100755 --- a/autogen.sh +++ b/autogen.sh @@ -12,17 +12,6 @@ if test -d .git; then ln -s -f ../../pre-push.sh .git/hooks/pre-push fi -# Set HAVE_FIPS_SOURCE to 1 in your .profile if you have access to the FIPS -# repository. (Hint: If you don't work for us, you don't. This will fail.) -if test -n "$HAVE_FIPS_SOURCE" -a ! -d ./fips; then - git clone git@github.com:wolfSSL/fips.git - SAVEDIR=`pwd` - cd ./ctaocrypt/src - ln -sf ../../fips/fips.c - ln -sf ../../fips/fips_test.c - cd $SAVEDIR -fi - # If this is a source checkout then call autoreconf with error as well if test -d .git; then WARNINGS="all,error" diff --git a/pre-push.sh b/pre-push.sh index 5315eecb9..f53b27c23 100755 --- a/pre-push.sh +++ b/pre-push.sh @@ -5,7 +5,7 @@ RESULT=0 -if [ -n "$HAVE_FIPS_SOURCE" ]; +if [ -d ./fips ]; then echo "\n\nTesting with FIPS release code...\n\n" ./fips-check.sh From cc604d23befdfc6f097815e285dc85a09b47e0b0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 30 Jul 2015 16:45:31 -0700 Subject: [PATCH 019/102] fix psk no server hint sanity check --- src/internal.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index fa4208c44..e4b6d9536 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4780,9 +4780,17 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) } } if (ssl->msgsReceived.got_server_key_exchange == 0) { + int pskNoServerHint = 0; /* not required in this case */ + + #ifndef NO_PSK + if (ssl->specs.kea == psk_kea && + ssl->arrays->server_hint[0] == 0) + pskNoServerHint = 1; + #endif if (ssl->specs.static_ecdh == 1 || ssl->specs.kea == rsa_kea || - ssl->specs.kea == ntru_kea) { + ssl->specs.kea == ntru_kea || + pskNoServerHint) { WOLFSSL_MSG("No KeyExchange required"); } else { WOLFSSL_MSG("No ServerKeyExchange before ServerDone"); From 1470789ac6de254aa653830c9940ceca63b095bc Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 11:13:05 -0700 Subject: [PATCH 020/102] fix build 483 with wc_encrypt --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 45b28926c..e543e68d3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -36,6 +36,8 @@ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_KEY_GEN) #include + /* openssl headers end, wolfssl internal headers next */ + #include #endif #ifdef OPENSSL_EXTRA @@ -57,7 +59,6 @@ #include #include #include - #include #ifdef WOLFSSL_SHA512 #include #endif From 75b9d809b3f477b756545996c8cc3e4fa5307912 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 11:24:34 -0700 Subject: [PATCH 021/102] fix build 267 case 932, certgen w/o sha --- wolfcrypt/test/test.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 26ee84d4c..f85ee6373 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3726,6 +3726,10 @@ int rsa_test(void) wc_InitCert(&myCert); +#ifdef NO_SHA + myCert.sigType = CTC_SHA256wRSA; +#endif + strncpy(myCert.subject.country, "US", CTC_NAME_SIZE); strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE); strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE); From 59e894d6a42335f517aafe83f5d009518efb242e Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 11:35:16 -0700 Subject: [PATCH 022/102] fix build 267 case 1044, dhe + psk w/o aes --- wolfssl/internal.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 66c0d18cd..bed49725b 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -366,13 +366,17 @@ typedef byte word24[3]; #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) #ifndef NO_SHA256 - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #ifndef NO_AES + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #endif #ifdef HAVE_NULL_CIPHER #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 #endif #endif #ifdef WOLFSSL_SHA384 - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #ifndef NO_AES + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #endif #ifdef HAVE_NULL_CIPHER #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 #endif From c14398cb7a4ae03f2f766c97e3298ce53cfe91a0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 11:40:14 -0700 Subject: [PATCH 023/102] fix build 267 case 1197, pwdbases -des3 warning --- wolfcrypt/src/asn.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0faea7dcb..5629bfc75 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -905,6 +905,9 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, byte key[MAX_KEY_SIZE]; #endif + (void)input; + (void)length; + switch (id) { case PBE_MD5_DES: typeH = MD5; From 409b044ec71f329f5389da6870346cc4ceeb5a8d Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 11:44:09 -0700 Subject: [PATCH 024/102] fix build 267, case 1299 ocsp + iopool (no stdlib) --- src/io.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/io.c b/src/io.c index a55fa8450..fac843b40 100644 --- a/src/io.c +++ b/src/io.c @@ -527,6 +527,8 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) #ifdef HAVE_OCSP +#include /* atoi() */ + static int Word16ToString(char* d, word16 number) { From 16b012002817bfd9e8bf44cec08a0eb46b58b2de Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 11:57:35 -0700 Subject: [PATCH 025/102] fix build 267, base 1361 fp ecc w/ no memory --- wolfcrypt/src/ecc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index a14a9e08d..ea5fb0a3d 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4331,7 +4331,9 @@ static int accel_fp_mul2add(int idx1, int idx2, if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) { mp_clear(&tka); mp_clear(&tkb); +#ifdef WOLFSSL_SMALL_STACK XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return err; } From 3fb10301f6e8caba7e00baade0113953516157ea Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 16:29:35 -0700 Subject: [PATCH 026/102] fix build 267, case 743 blak2b w/o md5 --- src/tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tls.c b/src/tls.c index 39f36bb17..8c61557ce 100644 --- a/src/tls.c +++ b/src/tls.c @@ -310,7 +310,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, /* If a cipher suite wants an algorithm better than sha256, it * should use better. */ - if (hash_type < sha256_mac) + if (hash_type < sha256_mac || hash_type == blake2b_mac) hash_type = sha256_mac; ret = p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, hash_type); @@ -350,7 +350,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) { int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash); if (ret != 0) From 2ade35c65ae66f60d2d33ddd54fc7e53bf9ad87c Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Jul 2015 16:43:59 -0700 Subject: [PATCH 027/102] expose have 128bit type to options flags --- configure.ac | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configure.ac b/configure.ac index 08acfd7aa..bc15219aa 100644 --- a/configure.ac +++ b/configure.ac @@ -2128,6 +2128,12 @@ then AM_CFLAGS="$AM_CFLAGS -wd10006" fi +# Expose HAVE___UINT128_T to options flags" +if test "$ac_cv_type___uint128_t" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T" +fi + LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS From 303fb2bb62440f2d644f90ffe54e236350711bec Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 31 Jul 2015 21:51:04 -0600 Subject: [PATCH 028/102] Option for no PSK Id Hint and test cases update comment file reference --- examples/server/server.c | 19 ++++- tests/suites.c | 11 +++ tests/test-psk-no-id.conf | 169 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 197 insertions(+), 2 deletions(-) create mode 100644 tests/test-psk-no-id.conf diff --git a/examples/server/server.c b/examples/server/server.c index 118a7e98e..cba04bc48 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -158,6 +158,9 @@ static void Usage(void) #ifdef HAVE_ANON printf("-a Anonymous server\n"); #endif +#ifndef NO_PSK + printf("-I Do not send PSK identity hint\n"); +#endif } THREAD_RETURN CYASSL_THREAD server_test(void* args) @@ -199,6 +202,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; +#ifndef NO_PSK + int doNotSendPskIdentityHint = 1; +#endif + #ifdef HAVE_SNI char* sniHostName = NULL; #endif @@ -230,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) fdOpenSession(Task_self()); #endif - while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:Z:S:oO:D:")) + while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:")) != -1) { switch (ch) { case '?' : @@ -363,6 +370,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) useAnon = 1; #endif break; + case 'I': + #ifndef NO_PSK + doNotSendPskIdentityHint = 0; + #endif + break; default: Usage(); @@ -500,7 +512,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) if (usePsk) { #ifndef NO_PSK SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); - SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); + + if (doNotSendPskIdentityHint == 1) + SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); + if (cipherList == NULL) { const char *defaultCipherList; #if defined(HAVE_AESGCM) && !defined(NO_DH) diff --git a/tests/suites.c b/tests/suites.c index cb30cdf25..4095581e9 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -476,6 +476,17 @@ int SuiteTest(void) } #endif +#ifndef NO_PSK + /* add psk extra suites */ + strcpy(argv0[1], "tests/test-psk-no-id.conf"); + printf("starting psk no identity extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } +#endif + printf(" End Cipher Suite Tests\n"); wolfSSL_CTX_free(cipherSuiteCtx); diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf new file mode 100644 index 000000000..8dff242db --- /dev/null +++ b/tests/test-psk-no-id.conf @@ -0,0 +1,169 @@ +################################# +# ^ Make sure to leave a blank line here. As suites.c parses this file +# and determines if it's executing a test or not based on every other blank +# line. +# +# Begin No PSK Identity Hint +################################# +# No Hint server TLSv1 PSK-AES128 +-s +-I +-v 1 +-l PSK-AES128-CBC-SHA + +# No Hint client TLSv1 PSK-AES128 +-s +-v 1 +-l PSK-AES128-CBC-SHA + +# No Hint server TLSv1 PSK-AES256 +-s +-I +-v 1 +-l PSK-AES256-CBC-SHA + +# No Hint client TLSv1 PSK-AES256 +-s +-v 1 +-l PSK-AES256-CBC-SHA + +# No Hint server TLSv1.1 PSK-AES128 +-s +-I +-v 2 +-l PSK-AES128-CBC-SHA + +# No Hint client TLSv1.1 PSK-AES128 +-s +-v 2 +-l PSK-AES128-CBC-SHA + +# No Hint server TLSv1.1 PSK-AES256 +-s +-I +-v 2 +-l PSK-AES256-CBC-SHA + +# No Hint client TLSv1.1 PSK-AES256 +-s +-v 2 +-l PSK-AES256-CBC-SHA + +# No Hint server TLSv1.2 PSK-AES128 +-s +-I +-v 3 +-l PSK-AES128-CBC-SHA + +# No Hint client TLSv1.2 PSK-AES128 +-s +-v 3 +-l PSK-AES128-CBC-SHA + +# No Hint server TLSv1.2 PSK-AES256 +-s +-I +-v 3 +-l PSK-AES256-CBC-SHA + +# No Hint client TLSv1.2 PSK-AES256 +-s +-v 3 +-l PSK-AES256-CBC-SHA + +# No Hint server TLSv1.0 PSK-AES128-SHA256 +-s +-I +-v 1 +-l PSK-AES128-CBC-SHA256 + +# No Hint client TLSv1.0 PSK-AES128-SHA256 +-s +-v 1 +-l PSK-AES128-CBC-SHA256 + +# No Hint server TLSv1.1 PSK-AES128-SHA256 +-s +-I +-v 2 +-l PSK-AES128-CBC-SHA256 + +# No Hint client TLSv1.1 PSK-AES128-SHA256 +-s +-v 2 +-l PSK-AES128-CBC-SHA256 + +# No Hint server TLSv1.2 PSK-AES128-SHA256 +-s +-I +-v 3 +-l PSK-AES128-CBC-SHA256 + +# No Hint client TLSv1.2 PSK-AES128-SHA256 +-s +-v 3 +-l PSK-AES128-CBC-SHA256 + +# No Hint server TLSv1.0 PSK-AES256-SHA384 +-s +-I +-v 1 +-l PSK-AES256-CBC-SHA384 + +# No Hint client TLSv1.0 PSK-AES256-SHA384 +-s +-v 1 +-l PSK-AES256-CBC-SHA384 + +# No Hint server TLSv1.1 PSK-AES256-SHA384 +-s +-I +-v 2 +-l PSK-AES256-CBC-SHA384 + +# No Hint client TLSv1.1 PSK-AES256-SHA384 +-s +-v 2 +-l PSK-AES256-CBC-SHA384 + +# No Hint server TLSv1.2 PSK-AES256-SHA384 +-s +-I +-v 3 +-l PSK-AES256-CBC-SHA384 + +# No Hint client TLSv1.2 PSK-AES256-SHA384 +-s +-v 3 +-l PSK-AES256-CBC-SHA384 + +# server TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-I +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-I +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +####################### +# ^ End no PSK Identity Hint +####################### +################################# +# Handshake message structure is different for +# Diffie Helman Ephemeral do not test those. +################################# + From f8feb339fcfcdfd517b1c3c4892d1a299773d7b2 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Mon, 3 Aug 2015 10:13:42 -0600 Subject: [PATCH 029/102] updates to FREERTOS settings --- wolfssl/wolfcrypt/settings.h | 5 ++++- wolfssl/wolfcrypt/types.h | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index af8e690ff..34c5dc8eb 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -307,6 +307,10 @@ #ifdef FREERTOS + #include "FreeRTOS.h" + /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */ + #define XMALLOC(s, h, type) pvPortMalloc((s)) + #define XFREE(p, h, type) vPortFree((p)) #ifndef NO_WRITEV #define NO_WRITEV #endif @@ -328,7 +332,6 @@ #endif #ifndef SINGLE_THREADED - #include "FreeRTOS.h" #include "semphr.h" #endif #endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index a5ff1d3f2..795d2c9c5 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -143,6 +143,9 @@ #ifdef HAVE_THREAD_LS #if defined(_MSC_VER) #define THREAD_LS_T __declspec(thread) + /* Thread local storage only in FreeRTOS v8.2.1 and higher */ + #elif defined(FREERTOS) + #define THREAD_LS_T #else #define THREAD_LS_T __thread #endif @@ -176,7 +179,7 @@ #define XREALLOC(p, n, h, t) realloc((p), (n)) #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ - && !defined(WOLFSSL_LEANPSK) + && !defined(WOLFSSL_LEANPSK) && !defined(FREERTOS) /* default C runtime, can install different routines at runtime via cbs */ #include #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) From 37ba6aeee739c3d7a1dd7cec684ab796af7ecbab Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 3 Aug 2015 09:32:51 -0700 Subject: [PATCH 030/102] fix psk no identify hint example logic --- examples/server/server.c | 6 +++--- tests/include.am | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index cba04bc48..c0687a195 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -203,7 +203,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) char** argv = ((func_args*)args)->argv; #ifndef NO_PSK - int doNotSendPskIdentityHint = 1; + int sendPskIdentityHint = 1; #endif #ifdef HAVE_SNI @@ -372,7 +372,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) break; case 'I': #ifndef NO_PSK - doNotSendPskIdentityHint = 0; + sendPskIdentityHint = 0; #endif break; @@ -513,7 +513,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifndef NO_PSK SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); - if (doNotSendPskIdentityHint == 1) + if (sendPskIdentityHint == 1) SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); if (cipherList == NULL) { diff --git a/tests/include.am b/tests/include.am index 006458523..f276f3af0 100644 --- a/tests/include.am +++ b/tests/include.am @@ -19,5 +19,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la endif EXTRA_DIST += tests/unit.h EXTRA_DIST += tests/test.conf \ + tests/test-qsh.conf \ + tests/test-psk-no-id.conf \ tests/test-dtls.conf DISTCLEANFILES+= tests/.libs/unit.test From 273a0dd4d5a95e38112d014773e5470b84917797 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Mon, 3 Aug 2015 11:04:18 -0600 Subject: [PATCH 031/102] re-format test-psk-no-id.conf add README --- tests/CONF_FILES_README.md | 4 ++++ tests/README | 1 + tests/test-psk-no-id.conf | 15 --------------- 3 files changed, 5 insertions(+), 15 deletions(-) create mode 100644 tests/CONF_FILES_README.md create mode 100644 tests/README diff --git a/tests/CONF_FILES_README.md b/tests/CONF_FILES_README.md new file mode 100644 index 000000000..ab260c25d --- /dev/null +++ b/tests/CONF_FILES_README.md @@ -0,0 +1,4 @@ +suites.c is a dynamicically written program where new test cases can be written +and added to as needed. When creating a new configure file for a test be sure +to use the exact formatting as the existing configure files. Reference test.conf +for an example. diff --git a/tests/README b/tests/README new file mode 100644 index 000000000..669d024ff --- /dev/null +++ b/tests/README @@ -0,0 +1 @@ +Before creating any new configure files (.conf) read the CONF_FILES_README.md diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf index 8dff242db..9669dc5bc 100644 --- a/tests/test-psk-no-id.conf +++ b/tests/test-psk-no-id.conf @@ -1,10 +1,3 @@ -################################# -# ^ Make sure to leave a blank line here. As suites.c parses this file -# and determines if it's executing a test or not based on every other blank -# line. -# -# Begin No PSK Identity Hint -################################# # No Hint server TLSv1 PSK-AES128 -s -I @@ -159,11 +152,3 @@ -v 3 -l PSK-AES256-GCM-SHA384 -####################### -# ^ End no PSK Identity Hint -####################### -################################# -# Handshake message structure is different for -# Diffie Helman Ephemeral do not test those. -################################# - From 08959624f22d91eb90b38a3bfc1ca9d4bdd36be1 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 3 Aug 2015 15:30:07 -0700 Subject: [PATCH 032/102] fix ed25519 with external hash functions --- wolfcrypt/src/ed25519.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index ba0dcbe53..b6f6434b4 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -32,6 +32,7 @@ #include #include +#include #ifdef NO_INLINE #include #else From daf01977a1677017df4286051279cffd0c5bca8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 6 Jul 2015 12:53:53 -0300 Subject: [PATCH 033/102] adds SRP client and server structures. --- wolfcrypt/src/srp.c | 22 ++++++++++++ wolfssl/wolfcrypt/srp.h | 78 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 wolfcrypt/src/srp.c create mode 100644 wolfssl/wolfcrypt/srp.h diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c new file mode 100644 index 000000000..a0a22cf47 --- /dev/null +++ b/wolfcrypt/src/srp.c @@ -0,0 +1,22 @@ +/* srp.c + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h new file mode 100644 index 000000000..23bdeb947 --- /dev/null +++ b/wolfssl/wolfcrypt/srp.h @@ -0,0 +1,78 @@ +/* srp.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef WOLF_CRYPT_SRP_H +#define WOLF_CRYPT_SRP_H + +#include + +#ifdef HAVE_SRP + +/* Select the largest available hash for the buffer size. */ +#if defined(WOLFSSL_SHA512) + SRP_MAX_DIGEST_SIZE = SHA512_DIGEST_SIZE, +#elif defined(WOLFSSL_SHA384) + SRP_MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE, +#elif !defined(NO_SHA256) + SRP_MAX_DIGEST_SIZE = SHA256_DIGEST_SIZE, +#elif !defined(NO_SHA) + SRP_MAX_DIGEST_SIZE = SHA_DIGEST_SIZE, +#else + #error "You have to have some kind of SHA hash if you want to use SRP." +#endif + +typedef struct { + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ + mp_int g; /**< Generator. A generator modulo N. */ + mp_int a; /**< Private ephemeral value. Random. */ + mp_int A; /**< Public ephemeral value. pow(g, a, N) */ + mp_int B; /**< Server's public ephemeral value. */ + mp_int s; /**< Session key. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ + byte x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */ + byte u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter. */ + byte type; /**< Hash type, SHA[1:256:384:512] */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ + byte* salt; /**< Small salt. */ + word32 saltSz; /**< Salt length. */ + byte* pswd; /**< Password. */ + word32 pswdSz; /**< Password length. */ +} SrpClient; + +typedef struct { + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ + mp_int g; /**< Generator. A generator modulo N. */ + mp_int b; /**< Private ephemeral value. */ + mp_int B; /**< Public ephemeral value. */ + mp_int A; /**< Client's public ephemeral value. */ + mp_int s; /**< Session key. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ + mp_int v; /**< Verifier. v = pow(g, x, N) */ + byte u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter. */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ + byte* salt; /**< Small salt. */ + word32 saltSz; /**< Salt length. */ +} SrpServer; + +#endif /* HAVE_SRP */ +#endif /* WOLF_CRYPT_SRP_H */ From 6d7b5bd2f8020d70f0169b24beb2948d385b59c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 6 Jul 2015 14:10:20 -0300 Subject: [PATCH 034/102] adds srp files to build process. --- configure.ac | 106 ++++++++++++++++++++--------------- src/include.am | 5 +- wolfcrypt/src/srp.c | 6 +- wolfssl/wolfcrypt/include.am | 2 +- wolfssl/wolfcrypt/srp.h | 56 ++++++++++++------ 5 files changed, 109 insertions(+), 66 deletions(-) diff --git a/configure.ac b/configure.ac index bc15219aa..cb3cbaed3 100644 --- a/configure.ac +++ b/configure.ac @@ -85,7 +85,7 @@ AC_CHECK_TYPES(__uint128_t) AC_C_BIGENDIAN # mktime check takes forever on some systems, if time supported it would be # highly unusual for mktime to be missing -#AC_FUNC_MKTIME +#AC_FUNC_MKTIME AC_PROG_CC AC_PROG_CC_C_O @@ -199,7 +199,7 @@ fi AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"]) -# Fortress build +# Fortress build AC_ARG_ENABLE([fortress], [ --enable-fortress Enable SSL fortress build (default: disabled)], [ ENABLED_FORTRESS=$enableval ], @@ -217,7 +217,7 @@ then fi -# ssl bump build +# ssl bump build AC_ARG_ENABLE([bump], [ --enable-bump Enable SSL Bump build (default: disabled)], [ ENABLED_BUMP=$enableval ], @@ -231,7 +231,7 @@ fi ENABLED_SLOWMATH="yes" -# lean psk build +# lean psk build AC_ARG_ENABLE([leanpsk], [ --enable-leanpsk Enable Lean PSK build (default: disabled)], [ ENABLED_LEANPSK=$enableval ], @@ -287,7 +287,7 @@ then fi -# Persistent session cache +# Persistent session cache AC_ARG_ENABLE([savesession], [ --enable-savesession Enable persistent session cache (default: disabled)], [ ENABLED_SAVESESSION=$enableval ], @@ -300,7 +300,7 @@ then fi -# Persistent cert cache +# Persistent cert cache AC_ARG_ENABLE([savecert], [ --enable-savecert Enable persistent cert cache (default: disabled)], [ ENABLED_SAVECERT=$enableval ], @@ -313,7 +313,7 @@ then fi -# Atomic User Record Layer +# Atomic User Record Layer AC_ARG_ENABLE([atomicuser], [ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)], [ ENABLED_ATOMICUSER=$enableval ], @@ -326,7 +326,7 @@ then fi -# Public Key Callbacks +# Public Key Callbacks AC_ARG_ENABLE([pkcallbacks], [ --enable-pkcallbacks Enable Public Key Callbacks (default: disabled)], [ ENABLED_PKCALLBACKS=$enableval ], @@ -491,7 +491,7 @@ fi AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"]) -# NULL CIPHER +# NULL CIPHER AC_ARG_ENABLE([nullcipher], [ --enable-nullcipher Enable wolfSSL NULL cipher support (default: disabled)], [ ENABLED_NULL_CIPHER=$enableval ], @@ -650,7 +650,7 @@ then fi -# HKDF +# HKDF AC_ARG_ENABLE([hkdf], [ --enable-hkdf Enable HKDF (HMAC-KDF) support (default: disabled)], [ ENABLED_HKDF=$enableval ], @@ -792,7 +792,7 @@ if test "$ENABLED_FPECC" = "yes" then if test "$ENABLED_ECC" = "no" then - AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) + AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) fi AM_CFLAGS="$AM_CFLAGS -DFP_ECC" fi @@ -809,17 +809,17 @@ if test "$ENABLED_ECC_ENCRYPT" = "yes" then if test "$ENABLED_ECC" = "no" then - AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.]) + AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.]) fi if test "$ENABLED_HKDF" = "no" then - AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.]) + AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.]) fi AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT" fi -# PSK +# PSK AC_ARG_ENABLE([psk], [ --enable-psk Enable PSK (default: disabled)], [ ENABLED_PSK=$enableval ], @@ -857,7 +857,7 @@ else fi -# OLD TLS +# OLD TLS AC_ARG_ENABLE([oldtls], [ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)], [ ENABLED_OLD_TLS=$enableval ], @@ -877,7 +877,7 @@ else fi -# STACK SIZE info for examples +# STACK SIZE info for examples AC_ARG_ENABLE([stacksize], [ --enable-stacksize Enable stack size info on examples (default: disabled)], [ ENABLED_STACKSIZE=$enableval ], @@ -892,7 +892,7 @@ then fi -# MEMORY +# MEMORY AC_ARG_ENABLE([memory], [ --enable-memory Enable memory callbacks (default: enabled)], [ ENABLED_MEMORY=$enableval ], @@ -914,7 +914,7 @@ fi AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"]) -# RSA +# RSA AC_ARG_ENABLE([rsa], [ --enable-rsa Enable RSA (default: enabled)], [ ENABLED_RSA=$enableval ], @@ -1119,7 +1119,7 @@ fi AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"]) -# ARC4 +# ARC4 AC_ARG_ENABLE([arc4], [ --enable-arc4 Enable ARC4 (default: disabled)], [ ENABLED_ARC4=$enableval ], @@ -1146,7 +1146,7 @@ fi AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"]) -# MD5 +# MD5 AC_ARG_ENABLE([md5], [ --enable-md5 Enable MD5 (default: enabled)], [ ENABLED_MD5=$enableval ], @@ -1168,7 +1168,7 @@ fi AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"]) -# SHA +# SHA AC_ARG_ENABLE([sha], [ --enable-sha Enable SHA (default: enabled)], [ ENABLED_SHA=$enableval ], @@ -1190,7 +1190,7 @@ fi AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"]) -# Web Server Build +# Web Server Build AC_ARG_ENABLE([webserver], [ --enable-webserver Enable Web Server (default: disabled)], [ ENABLED_WEBSERVER=$enableval ], @@ -1204,7 +1204,7 @@ fi -# HC128 +# HC128 AC_ARG_ENABLE([hc128], [ --enable-hc128 Enable HC-128 (default: disabled)], [ ENABLED_HC128=$enableval ], @@ -1350,7 +1350,7 @@ else fi -# Filesystem Build +# Filesystem Build AC_ARG_ENABLE([filesystem], [ --enable-filesystem Enable Filesystem support (default: enabled)], [ ENABLED_FILESYSTEM=$enableval ], @@ -1370,7 +1370,7 @@ else fi -# inline Build +# inline Build AC_ARG_ENABLE([inline], [ --enable-inline Enable inline functions (default: enabled)], [ ENABLED_INLINE=$enableval ], @@ -1492,7 +1492,7 @@ AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"]) if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes" then - AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) + AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) fi # SNI @@ -1648,6 +1648,22 @@ then fi +# Secure Remote Password +AC_ARG_ENABLE([srp], + [ --enable-srp Enable Secure Remote Password (default: disabled)], + [ ENABLED_SRP=$enableval ], + [ ENABLED_SRP=no ] + ) + +if test "x$ENABLED_SRP" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP" +fi + +AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"]) + + + # Small Stack AC_ARG_ENABLE([smallstack], [ --enable-smallstack Enable Small Stack Usage (default: disabled)], @@ -1684,7 +1700,7 @@ fi AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"]) -# Test certs, use internal cert functions for extra testing +# Test certs, use internal cert functions for extra testing AC_ARG_ENABLE([testcert], [ --enable-testcert Enable Test Cert (default: disabled)], [ ENABLED_TESTCERT=$enableval ], @@ -1715,7 +1731,7 @@ then fi -# Certificate Service Support +# Certificate Service Support AC_ARG_ENABLE([certservice], [ --enable-certservice Enable cert service (default: disabled)], [ ENABLED_CERT_SERVICE=$enableval ], @@ -1957,7 +1973,7 @@ AC_ARG_WITH([libz], AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"]) -# cavium +# cavium trycaviumdir="" AC_ARG_WITH([cavium], [ --with-cavium=PATH PATH to cavium/software dir ], @@ -2183,7 +2199,7 @@ touch ctaocrypt/src/fips.c touch ctaocrypt/src/fips_test.c echo -# generate user options header +# generate user options header echo "---" echo "Generating user options header..." @@ -2193,7 +2209,7 @@ OPTION_FILE="wolfssl/options.h" #fi rm -f $OPTION_FILE -echo "/* wolfssl options.h" > $OPTION_FILE +echo "/* wolfssl options.h" > $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE @@ -2202,13 +2218,13 @@ echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FI echo " *" >> $OPTION_FILE echo " */" >> $OPTION_FILE -echo "" >> $OPTION_FILE -echo "#pragma once" >> $OPTION_FILE -echo "" >> $OPTION_FILE -echo "#ifdef __cplusplus" >> $OPTION_FILE -echo "extern \"C\" {" >> $OPTION_FILE -echo "#endif" >> $OPTION_FILE -echo "" >> $OPTION_FILE +echo "" >> $OPTION_FILE +echo "#pragma once" >> $OPTION_FILE +echo "" >> $OPTION_FILE +echo "#ifdef __cplusplus" >> $OPTION_FILE +echo "extern \"C\" {" >> $OPTION_FILE +echo "#endif" >> $OPTION_FILE +echo "" >> $OPTION_FILE for option in $OPTION_FLAGS; do defonly=`echo $option | sed 's/-D//'` @@ -2244,11 +2260,11 @@ for option in $OPTION_FLAGS; do fi done -echo "" >> $OPTION_FILE -echo "#ifdef __cplusplus" >> $OPTION_FILE -echo "}" >> $OPTION_FILE -echo "#endif" >> $OPTION_FILE -echo "" >> $OPTION_FILE +echo "" >> $OPTION_FILE +echo "#ifdef __cplusplus" >> $OPTION_FILE +echo "}" >> $OPTION_FILE +echo "#endif" >> $OPTION_FILE +echo "" >> $OPTION_FILE echo #backwards compatability for those who have included options or version @@ -2279,7 +2295,7 @@ echo " * Debug enabled: $ax_enable_debug" echo " * Warnings as failure: $ac_cv_warnings_as_errors" echo " * make -j: $enable_jobserver" echo " * VCS checkout: $ac_cv_vcs_checkout" -echo +echo echo " Features " echo " * Single threaded: $ENABLED_SINGLETHREADED" echo " * Filesystem: $ENABLED_FILESYSTEM" @@ -2351,10 +2367,10 @@ echo " * Session Ticket: $ENABLED_SESSION_TICKET" echo " * All TLS Extensions: $ENABLED_TLSX" echo " * PKCS#7 $ENABLED_PKCS7" echo " * wolfSCEP $ENABLED_WOLFSCEP" +echo " * Secure Remote Password $ENABLED_SRP" echo " * Small Stack: $ENABLED_SMALL_STACK" echo " * valgrind unit tests: $ENABLED_VALGRIND" echo " * LIBZ: $ENABLED_LIBZ" echo " * Examples: $ENABLED_EXAMPLES" echo "" echo "---" - diff --git a/src/include.am b/src/include.am index b4ba39ddd..6c2629bc0 100644 --- a/src/include.am +++ b/src/include.am @@ -201,6 +201,10 @@ if BUILD_PKCS7 src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c endif +if BUILD_SRP +src_libwolfssl_la_SOURCES += wolfcrypt/src/srp.c +endif + # ssl files src_libwolfssl_la_SOURCES += \ src/internal.c \ @@ -220,4 +224,3 @@ endif if BUILD_SNIFFER src_libwolfssl_la_SOURCES += src/sniffer.c endif - diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index a0a22cf47..66a4f00cd 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -19,4 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ - +#ifdef WOLFCRYPT_HAVE_SRP + +#include + +#endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 67949fc28..8387ed7df 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -46,6 +46,7 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/blake2-int.h \ wolfssl/wolfcrypt/blake2-impl.h \ wolfssl/wolfcrypt/tfm.h \ + wolfssl/wolfcrypt/srp.h \ wolfssl/wolfcrypt/types.h \ wolfssl/wolfcrypt/visibility.h \ wolfssl/wolfcrypt/logging.h \ @@ -57,4 +58,3 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ wolfssl/wolfcrypt/port/ti/ti-hash.h \ wolfssl/wolfcrypt/port/ti/ti-ccm.h - diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 23bdeb947..f6a3edc10 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -19,12 +19,30 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -#ifndef WOLF_CRYPT_SRP_H -#define WOLF_CRYPT_SRP_H +#ifndef WOLFCRYPT_SRP_H +#define WOLFCRYPT_SRP_H #include +#include +#include +#include +#include -#ifdef HAVE_SRP +#ifdef WOLFCRYPT_HAVE_SRP + +enum { +#ifdef NO_SHA + SRP_SHA = 1, +#endif +#ifdef NO_SHA256 + SRP_SHA256 = 2, +#endif +#ifndef WOLFSSL_SHA384 + SRP_SHA384 = 3, +#endif +#ifndef WOLFSSL_SHA512 + SRP_SHA512 = 4, +#endif /* Select the largest available hash for the buffer size. */ #if defined(WOLFSSL_SHA512) @@ -38,41 +56,43 @@ #else #error "You have to have some kind of SHA hash if you want to use SRP." #endif +}; typedef struct { - mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ - mp_int g; /**< Generator. A generator modulo N. */ mp_int a; /**< Private ephemeral value. Random. */ mp_int A; /**< Public ephemeral value. pow(g, a, N) */ mp_int B; /**< Server's public ephemeral value. */ - mp_int s; /**< Session key. */ - byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ byte x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */ - byte u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter. */ - byte type; /**< Hash type, SHA[1:256:384:512] */ - byte* user; /**< Username, login. */ - word32 userSz; /**< Username length. */ - byte* salt; /**< Small salt. */ - word32 saltSz; /**< Salt length. */ byte* pswd; /**< Password. */ word32 pswdSz; /**< Password length. */ } SrpClient; typedef struct { - mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ - mp_int g; /**< Generator. A generator modulo N. */ mp_int b; /**< Private ephemeral value. */ mp_int B; /**< Public ephemeral value. */ mp_int A; /**< Client's public ephemeral value. */ + mp_int v; /**< Verifier. v = pow(g, x, N) */ +} SrpServer; + +typedef struct { + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ + mp_int g; /**< Generator. A generator modulo N. */ mp_int s; /**< Session key. */ byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ - mp_int v; /**< Verifier. v = pow(g, x, N) */ byte u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter. */ + byte type; /**< Hash type, SHA[1:256:384:512] */ + byte side; /**< Client or Server side. */ byte* user; /**< Username, login. */ word32 userSz; /**< Username length. */ byte* salt; /**< Small salt. */ word32 saltSz; /**< Salt length. */ -} SrpServer; + union { + SrpClient client; + SrpServer server; + } specific; +} Srp; -#endif /* HAVE_SRP */ +int SrpInit(Srp* srp, byte* N, word32 nSz, byte* g, word32 gSz); + +#endif /* WOLFCRYPT_HAVE_SRP */ #endif /* WOLF_CRYPT_SRP_H */ From dfa956d22772e183c8b0890512162baad9d94e22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 7 Jul 2015 12:01:47 -0300 Subject: [PATCH 035/102] adds wc_SrpInit() with unit tests. --- tests/include.am | 1 + tests/srp.c | 91 +++++++++++++++++++++++++++++ tests/unit.c | 5 +- tests/unit.h | 6 +- wolfcrypt/src/hmac.c | 41 +++++++------- wolfcrypt/src/srp.c | 123 ++++++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/srp.h | 49 ++++++++++++---- 7 files changed, 279 insertions(+), 37 deletions(-) create mode 100644 tests/srp.c diff --git a/tests/include.am b/tests/include.am index f276f3af0..802ec5ad1 100644 --- a/tests/include.am +++ b/tests/include.am @@ -11,6 +11,7 @@ tests_unit_test_SOURCES = \ tests/api.c \ tests/suites.c \ tests/hash.c \ + tests/srp.c \ examples/client/client.c \ examples/server/server.c tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) diff --git a/tests/srp.c b/tests/srp.c new file mode 100644 index 000000000..4b8879b43 --- /dev/null +++ b/tests/srp.c @@ -0,0 +1,91 @@ +/* srp.c SRP unit tests + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#include +#include + +#ifdef WOLFCRYPT_HAVE_SRP + +static void test_SrpInit(void) +{ + byte N[] = { + 0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c, + 0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f, + 0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3, + 0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4, + 0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27, + 0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3, + 0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a, + 0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8, + 0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e, + 0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d, + 0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3 + }; + + byte g[] = { + 0x02 + }; + + Srp srp; + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N), + g, sizeof(g))); + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE, N, sizeof(N), + g, sizeof(g))); + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N), + g, sizeof(g))); + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N), + g, sizeof(g))); + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, NULL, sizeof(N), + g, sizeof(g))); + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N), + NULL, sizeof(g))); + + AssertIntEQ(0, + wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N), + g, sizeof(g))); +} + +#endif + +void SrpTest(void) +{ +#ifdef WOLFCRYPT_HAVE_SRP + test_SrpInit(); +#endif +} diff --git a/tests/unit.c b/tests/unit.c index 73ae2bcd7..3a7f2452c 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -77,6 +77,8 @@ int unit_test(int argc, char** argv) } #endif + SrpTest(); + #ifdef HAVE_CAVIUM CspShutdown(CAVIUM_DEV_ID); #endif @@ -92,7 +94,7 @@ void wait_tcp_ready(func_args* args) (void)args; #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) pthread_mutex_lock(&args->signal->mutex); - + if (!args->signal->ready) pthread_cond_wait(&args->signal->cond, &args->signal->mutex); args->signal->ready = 0; /* reset */ @@ -176,4 +178,3 @@ void FreeTcpReady(tcp_ready* ready) (void)ready; #endif } - diff --git a/tests/unit.h b/tests/unit.h index bccd6d2ce..997186291 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -76,9 +76,9 @@ void ApiTest(void); -int SuiteTest(void); -int HashTest(void); +int SuiteTest(void); +int HashTest(void); +void SrpTest(void); #endif /* CyaSSL_UNIT_H */ - diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 242adfa55..50716f5d9 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -134,31 +134,31 @@ static int InitHmac(Hmac* hmac, int type) ret = wc_InitSha(&hmac->hash.sha); break; #endif - + #ifndef NO_SHA256 case SHA256: ret = wc_InitSha256(&hmac->hash.sha256); break; #endif - + #ifdef WOLFSSL_SHA384 case SHA384: ret = wc_InitSha384(&hmac->hash.sha384); break; #endif - + #ifdef WOLFSSL_SHA512 case SHA512: ret = wc_InitSha512(&hmac->hash.sha512); break; #endif - - #ifdef HAVE_BLAKE2 + + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); break; #endif - + default: return BAD_FUNC_ARG; } @@ -287,7 +287,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: { hmac_block_size = BLAKE2B_BLOCKBYTES; @@ -367,7 +367,7 @@ static int HmacKeyInnerHash(Hmac* hmac) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES); @@ -438,7 +438,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length); if (ret != 0) @@ -570,7 +570,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: { ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash, @@ -622,7 +622,7 @@ int wc_HmacInitCavium(Hmac* hmac, int devId) hmac->devId = devId; hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC; hmac->data = NULL; /* buffered input data */ - + hmac->innerHashKeyed = 0; return 0; @@ -650,7 +650,7 @@ static void HmacCaviumFinal(Hmac* hmac, byte* hash) (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId, hmac->devId) != 0) { WOLFSSL_MSG("Cavium Hmac failed"); - } + } hmac->innerHashKeyed = 0; /* tell update to start over if used again */ } @@ -685,7 +685,7 @@ static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length) if (hmac->dataLen) XMEMCPY(tmp, hmac->data, hmac->dataLen); XMEMCPY(tmp + hmac->dataLen, msg, add); - + hmac->dataLen += add; XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); hmac->data = tmp; @@ -751,31 +751,31 @@ static INLINE int GetHashSizeByType(int type) return SHA_DIGEST_SIZE; break; #endif - + #ifndef NO_SHA256 case SHA256: return SHA256_DIGEST_SIZE; break; #endif - + #ifdef WOLFSSL_SHA384 case SHA384: return SHA384_DIGEST_SIZE; break; #endif - + #ifdef WOLFSSL_SHA512 case SHA512: return SHA512_DIGEST_SIZE; break; #endif - - #ifdef HAVE_BLAKE2 + + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: return BLAKE2B_OUTBYTES; break; #endif - + default: return BAD_FUNC_ARG; break; @@ -824,7 +824,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, localSalt = tmp; saltSz = hashSz; } - + do { ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); if (ret != 0) @@ -876,4 +876,3 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, #endif /* HAVE_FIPS */ #endif /* NO_HMAC */ - diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 66a4f00cd..19862ae66 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -19,8 +19,131 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + #ifdef WOLFCRYPT_HAVE_SRP #include +#include + +static int SrpHashInit(Srp* srp) +{ + switch (srp->type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return wc_InitSha(&srp->hash.sha); + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: + return wc_InitSha256(&srp->hash.sha256); + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: + return wc_InitSha384(&srp->hash.sha384); + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: + return wc_InitSha512(&srp->hash.sha512); + #endif + + default: return BAD_FUNC_ARG; + } +} + +static int SrpHashUpdate(Srp* srp, byte* data, word32 size) +{ + switch (srp->type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return wc_ShaUpdate(&srp->hash.sha, data, size); + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: + return wc_Sha256Update(&srp->hash.sha256, data, size); + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: + return wc_Sha384Update(&srp->hash.sha384, data, size); + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: + return wc_Sha512Update(&srp->hash.sha512, data, size); + #endif + + default: return BAD_FUNC_ARG; + } +} + +static int SrpHashFinal(Srp* srp, byte* digest) +{ + switch (srp->type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return wc_ShaFinal(&srp->hash.sha, digest); + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: return + wc_Sha256Final(&srp->hash.sha256, digest); + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: return + wc_Sha384Final(&srp->hash.sha384, digest); + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: return + wc_Sha512Final(&srp->hash.sha512, digest); + #endif + + default: return BAD_FUNC_ARG; + } +} + +int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz, + byte* g, word32 gSz) +{ + int ret = 0; + + if (!srp || !N || !g) + return BAD_FUNC_ARG; + + if (side != SRP_CLIENT_SIDE && side != SRP_SERVER_SIDE) + return BAD_FUNC_ARG; + + srp->side = side; + srp->type = type; /* a valid type is checked inside SrpHashXXX functions. */ + + if (mp_init_multi(&srp->N, &srp->g, &srp->s, 0, 0, 0) != MP_OKAY) + return MP_INIT_E; + + if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) + ret = MP_READ_E; + + if (ret == 0 && mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY) + ret = MP_READ_E; + + if (ret == 0) ret = SrpHashInit(srp); + if (ret == 0) ret = SrpHashUpdate(srp, N, nSz); + if (ret == 0) ret = SrpHashUpdate(srp, g, gSz); + if (ret == 0) ret = SrpHashFinal(srp, srp->k); + + if (ret != 0) { + mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->s); + } + + return ret; +} #endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index f6a3edc10..b4ac77895 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -19,6 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ +#ifdef WOLFCRYPT_HAVE_SRP + #ifndef WOLFCRYPT_SRP_H #define WOLFCRYPT_SRP_H @@ -28,20 +30,24 @@ #include #include -#ifdef WOLFCRYPT_HAVE_SRP +#ifdef __cplusplus + extern "C" { +#endif enum { -#ifdef NO_SHA - SRP_SHA = 1, + SRP_CLIENT_SIDE = 0, + SRP_SERVER_SIDE = 1, +#ifndef NO_SHA + SRP_TYPE_SHA = 1, #endif -#ifdef NO_SHA256 - SRP_SHA256 = 2, +#ifndef NO_SHA256 + SRP_TYPE_SHA256 = 2, #endif -#ifndef WOLFSSL_SHA384 - SRP_SHA384 = 3, +#ifdef WOLFSSL_SHA384 + SRP_TYPE_SHA384 = 3, #endif -#ifndef WOLFSSL_SHA512 - SRP_SHA512 = 4, +#ifdef WOLFSSL_SHA512 + SRP_TYPE_SHA512 = 4, #endif /* Select the largest available hash for the buffer size. */ @@ -58,6 +64,21 @@ enum { #endif }; +typedef union { + #ifndef NO_SHA + Sha sha; + #endif + #ifndef NO_SHA256 + Sha256 sha256; + #endif + #ifdef WOLFSSL_SHA384 + Sha384 sha384; + #endif + #ifdef WOLFSSL_SHA512 + Sha512 sha512; + #endif +} SrpHash; + typedef struct { mp_int a; /**< Private ephemeral value. Random. */ mp_int A; /**< Public ephemeral value. pow(g, a, N) */ @@ -90,9 +111,15 @@ typedef struct { SrpClient client; SrpServer server; } specific; + SrpHash hash; /**< Hash object. */ } Srp; -int SrpInit(Srp* srp, byte* N, word32 nSz, byte* g, word32 gSz); +WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz, + byte* g, word32 gSz); +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFCRYPT_SRP_H */ #endif /* WOLFCRYPT_HAVE_SRP */ -#endif /* WOLF_CRYPT_SRP_H */ From 119dd0250e27933d77d005cb8e02b8b8007946b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 13 Jul 2015 16:10:29 -0300 Subject: [PATCH 036/102] fixes field types in SRP structure; adds new memory allocation type (DYNAMIC_TYPE_SRP); improves wc_SrpInit; adds wc_SrpTerm(), wc_SrpSetUsername(), wc_SrpSetParams(), wc_SrpSetPassword(); --- tests/srp.c | 117 ++++++++++++++++++++++----------- wolfcrypt/src/srp.c | 132 +++++++++++++++++++++++++++++++++----- wolfssl/wolfcrypt/srp.h | 27 +++++--- wolfssl/wolfcrypt/types.h | 3 +- 4 files changed, 212 insertions(+), 67 deletions(-) diff --git a/tests/srp.c b/tests/srp.c index 4b8879b43..a2d59c829 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -30,55 +30,92 @@ #ifdef WOLFCRYPT_HAVE_SRP +static char username[] = "username"; + +static byte N[] = { + 0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c, + 0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f, + 0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3, + 0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4, + 0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27, + 0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3, + 0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a, + 0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8, + 0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e, + 0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d, + 0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3 +}; + +static byte g[] = { + 0x02 +}; + +static byte salt[] = { + 'r', 'a', 'n', 'd', 'o', 'm' +}; + static void test_SrpInit(void) { - byte N[] = { - 0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c, - 0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f, - 0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3, - 0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4, - 0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27, - 0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3, - 0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a, - 0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8, - 0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e, - 0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d, - 0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3 - }; - - byte g[] = { - 0x02 - }; - Srp srp; - AssertIntEQ(BAD_FUNC_ARG, - wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N), - g, sizeof(g))); + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, 255 )); - AssertIntEQ(BAD_FUNC_ARG, - wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE, N, sizeof(N), - g, sizeof(g))); + /* success */ + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); - AssertIntEQ(BAD_FUNC_ARG, - wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N), - g, sizeof(g))); + wc_SrpTerm(&srp); +} - AssertIntEQ(BAD_FUNC_ARG, - wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N), - g, sizeof(g))); +static void test_SrpSetUsername(void) +{ + Srp srp; - AssertIntEQ(BAD_FUNC_ARG, - wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, NULL, sizeof(N), - g, sizeof(g))); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); - AssertIntEQ(BAD_FUNC_ARG, - wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N), - NULL, sizeof(g))); + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL)); - AssertIntEQ(0, - wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N), - g, sizeof(g))); + /* success */ + AssertIntEQ(0, wc_SrpSetUsername(&srp, username)); + AssertIntEQ((int) XSTRLEN(username), srp.usernameSz); + AssertIntEQ(0, XMEMCMP(srp.username, username, srp.usernameSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpSetParams(void) +{ + Srp srp; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, NULL, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N, sizeof(N), + NULL, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + NULL, sizeof(salt))); + + /* success */ + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + AssertIntEQ(sizeof(salt), srp.saltSz); + AssertIntEQ(0, XMEMCMP(srp.salt, salt, srp.saltSz)); + + wc_SrpTerm(&srp); } #endif @@ -87,5 +124,7 @@ void SrpTest(void) { #ifdef WOLFCRYPT_HAVE_SRP test_SrpInit(); + test_SrpSetUsername(); + test_SrpSetParams(); #endif } diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 19862ae66..780044017 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -111,39 +111,137 @@ static int SrpHashFinal(Srp* srp, byte* digest) } } -int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz, - byte* g, word32 gSz) +int wc_SrpInit(Srp* srp, byte type, byte side) { int ret = 0; - if (!srp || !N || !g) + if (!srp) return BAD_FUNC_ARG; if (side != SRP_CLIENT_SIDE && side != SRP_SERVER_SIDE) return BAD_FUNC_ARG; - srp->side = side; - srp->type = type; /* a valid type is checked inside SrpHashXXX functions. */ + if (type != SRP_TYPE_SHA && type != SRP_TYPE_SHA256 && + type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512) + return BAD_FUNC_ARG; - if (mp_init_multi(&srp->N, &srp->g, &srp->s, 0, 0, 0) != MP_OKAY) + srp->side = side; srp->type = type; + srp->salt = NULL; srp->saltSz = 0; + srp->username = NULL; srp->usernameSz = 0; + + if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY) return MP_INIT_E; - if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) - ret = MP_READ_E; - - if (ret == 0 && mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY) - ret = MP_READ_E; - - if (ret == 0) ret = SrpHashInit(srp); - if (ret == 0) ret = SrpHashUpdate(srp, N, nSz); - if (ret == 0) ret = SrpHashUpdate(srp, g, gSz); - if (ret == 0) ret = SrpHashFinal(srp, srp->k); + if (srp->side == SRP_CLIENT_SIDE) { + if (mp_init_multi(&srp->specific.client.a, + &srp->specific.client.A, + &srp->specific.client.B, + &srp->specific.client.password, 0, 0) != MP_OKAY) + ret = MP_INIT_E; + } + else { + if (mp_init_multi(&srp->specific.server.b, + &srp->specific.server.B, + &srp->specific.server.A, + &srp->specific.server.verifier, 0, 0) != MP_OKAY) + ret = MP_INIT_E; + } if (ret != 0) { - mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->s); + mp_clear(&srp->N); mp_clear(&srp->g); + mp_clear(&srp->s); mp_clear(&srp->u); } return ret; } +void wc_SrpTerm(Srp* srp) { + if (srp) { + mp_clear(&srp->N); mp_clear(&srp->g); + mp_clear(&srp->s); mp_clear(&srp->u); + + XMEMSET(srp->salt, 0, srp->saltSz); + XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); + XMEMSET(srp->username, 0, srp->usernameSz); + XFREE(srp->username, NULL, DYNAMIC_TYPE_SRP); + + if (srp->side == SRP_CLIENT_SIDE) { + mp_clear(&srp->specific.client.a); + mp_clear(&srp->specific.client.A); + mp_clear(&srp->specific.client.B); + mp_clear(&srp->specific.client.password); + + XMEMSET(srp->specific.client.x, 0, SRP_MAX_DIGEST_SIZE); + } + else { + mp_clear(&srp->specific.server.b); + mp_clear(&srp->specific.server.B); + mp_clear(&srp->specific.server.A); + mp_clear(&srp->specific.server.verifier); + } + } +} + +int wc_SrpSetUsername(Srp* srp, const char* username) { + if (!srp || !username) + return BAD_FUNC_ARG; + + srp->username = (byte*)XMALLOC(XSTRLEN(username), NULL, DYNAMIC_TYPE_SRP); + if (srp->username == NULL) + return MEMORY_E; + + srp->usernameSz = (word32) XSTRLEN(username); + XMEMCPY(srp->username, username, srp->usernameSz); + + return 0; +} + +int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, + const byte* g, word32 gSz, + const byte* salt, word32 saltSz) +{ + int ret = 0; + + if (!srp || !N || !g || !salt) + return BAD_FUNC_ARG; + + if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) + return MP_READ_E; + + if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY) + return MP_READ_E; + + if ((ret = SrpHashInit(srp)) != 0) + return ret; + + if ((ret = SrpHashUpdate(srp, (byte*) N, nSz)) != 0) + return ret; + + if ((ret = SrpHashUpdate(srp, (byte*) g, gSz)) != 0) + return ret; + + if ((ret = SrpHashFinal(srp, srp->k)) != 0) + return ret; + + srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP); + if (srp->salt == NULL) + return MEMORY_E; + + XMEMCPY(srp->salt, salt, saltSz); + srp->saltSz = saltSz; + + return 0; +} + +int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) { + if (!srp || !password || srp->side != SRP_CLIENT_SIDE) + return BAD_FUNC_ARG; + + if (mp_read_unsigned_bin(&srp->specific.client.password, password, size) + != MP_OKAY) + return MP_READ_E; + + return 0; +} + #endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index b4ac77895..f79042b83 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -84,27 +84,26 @@ typedef struct { mp_int A; /**< Public ephemeral value. pow(g, a, N) */ mp_int B; /**< Server's public ephemeral value. */ byte x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */ - byte* pswd; /**< Password. */ - word32 pswdSz; /**< Password length. */ + mp_int password; /**< Password. */ } SrpClient; typedef struct { mp_int b; /**< Private ephemeral value. */ mp_int B; /**< Public ephemeral value. */ mp_int A; /**< Client's public ephemeral value. */ - mp_int v; /**< Verifier. v = pow(g, x, N) */ + mp_int verifier; /**< Verifier. v = pow(g, x, N) */ } SrpServer; typedef struct { + byte side; /**< Client or Server side. */ + byte type; /**< Hash type, SHA[1:256:384:512] */ mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ mp_int g; /**< Generator. A generator modulo N. */ mp_int s; /**< Session key. */ byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ - byte u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter. */ - byte type; /**< Hash type, SHA[1:256:384:512] */ - byte side; /**< Client or Server side. */ - byte* user; /**< Username, login. */ - word32 userSz; /**< Username length. */ + mp_int u; /**< Random scrambling parameeter. */ + byte* username; /**< Username, login. */ + word32 usernameSz; /**< Username length. */ byte* salt; /**< Small salt. */ word32 saltSz; /**< Salt length. */ union { @@ -114,8 +113,16 @@ typedef struct { SrpHash hash; /**< Hash object. */ } Srp; -WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz, - byte* g, word32 gSz); +WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side); +WOLFSSL_API void wc_SrpTerm(Srp* srp); + +WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const char* user); + +WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, + const byte* g, word32 gSz, + const byte* salt, word32 saltSz); + +WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 795d2c9c5..060ed0239 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -271,7 +271,8 @@ DYNAMIC_TYPE_TLSX = 43, DYNAMIC_TYPE_OCSP = 44, DYNAMIC_TYPE_SIGNATURE = 45, - DYNAMIC_TYPE_HASHES = 46 + DYNAMIC_TYPE_HASHES = 46, + DYNAMIC_TYPE_SRP = 47, }; /* max error buffer string size */ From 8b23b86659ca3ef185f67b5ed206d469573445b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Wed, 15 Jul 2015 19:22:47 -0300 Subject: [PATCH 037/102] Adds hash type directly inside SrpHash and removes temp hash from Srp struct. --- wolfcrypt/src/srp.c | 134 ++++++++++++++++++++++++++++------------ wolfssl/wolfcrypt/srp.h | 36 ++++++----- 2 files changed, 113 insertions(+), 57 deletions(-) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 780044017..555f3172c 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -30,84 +30,117 @@ #include #include -static int SrpHashInit(Srp* srp) +static int SrpHashInit(SrpHash* hash, int type) { - switch (srp->type) { + hash->type = type; + + switch (type) { #ifndef NO_SHA case SRP_TYPE_SHA: - return wc_InitSha(&srp->hash.sha); + return wc_InitSha(&hash->data.sha); #endif #ifndef NO_SHA256 case SRP_TYPE_SHA256: - return wc_InitSha256(&srp->hash.sha256); + return wc_InitSha256(&hash->data.sha256); #endif #ifdef WOLFSSL_SHA384 case SRP_TYPE_SHA384: - return wc_InitSha384(&srp->hash.sha384); + return wc_InitSha384(&hash->data.sha384); #endif #ifdef WOLFSSL_SHA512 case SRP_TYPE_SHA512: - return wc_InitSha512(&srp->hash.sha512); + return wc_InitSha512(&hash->data.sha512); #endif - default: return BAD_FUNC_ARG; + default: + return BAD_FUNC_ARG; } } -static int SrpHashUpdate(Srp* srp, byte* data, word32 size) +static int SrpHashUpdate(SrpHash* hash, byte* data, word32 size) { - switch (srp->type) { + switch (hash->type) { #ifndef NO_SHA case SRP_TYPE_SHA: - return wc_ShaUpdate(&srp->hash.sha, data, size); + return wc_ShaUpdate(&hash->data.sha, data, size); #endif #ifndef NO_SHA256 case SRP_TYPE_SHA256: - return wc_Sha256Update(&srp->hash.sha256, data, size); + return wc_Sha256Update(&hash->data.sha256, data, size); #endif #ifdef WOLFSSL_SHA384 case SRP_TYPE_SHA384: - return wc_Sha384Update(&srp->hash.sha384, data, size); + return wc_Sha384Update(&hash->data.sha384, data, size); #endif #ifdef WOLFSSL_SHA512 case SRP_TYPE_SHA512: - return wc_Sha512Update(&srp->hash.sha512, data, size); + return wc_Sha512Update(&hash->data.sha512, data, size); #endif - default: return BAD_FUNC_ARG; + default: + return BAD_FUNC_ARG; } } -static int SrpHashFinal(Srp* srp, byte* digest) +static int SrpHashFinal(SrpHash* hash, byte* digest) { - switch (srp->type) { + switch (hash->type) { #ifndef NO_SHA case SRP_TYPE_SHA: - return wc_ShaFinal(&srp->hash.sha, digest); + return wc_ShaFinal(&hash->data.sha, digest); #endif #ifndef NO_SHA256 - case SRP_TYPE_SHA256: return - wc_Sha256Final(&srp->hash.sha256, digest); + case SRP_TYPE_SHA256: + return wc_Sha256Final(&hash->data.sha256, digest); #endif #ifdef WOLFSSL_SHA384 - case SRP_TYPE_SHA384: return - wc_Sha384Final(&srp->hash.sha384, digest); + case SRP_TYPE_SHA384: + return wc_Sha384Final(&hash->data.sha384, digest); #endif #ifdef WOLFSSL_SHA512 - case SRP_TYPE_SHA512: return - wc_Sha512Final(&srp->hash.sha512, digest); + case SRP_TYPE_SHA512: + return wc_Sha512Final(&hash->data.sha512, digest); #endif - default: return BAD_FUNC_ARG; + default: + return BAD_FUNC_ARG; + } +} + +static word32 SrpHashSize(byte type) +{ + switch (type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return SHA_DIGEST_SIZE; + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: + return SHA256_DIGEST_SIZE; + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: + return SHA384_DIGEST_SIZE; + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: + return SHA512_DIGEST_SIZE; + #endif + + default: + return 0; } } @@ -115,6 +148,8 @@ int wc_SrpInit(Srp* srp, byte type, byte side) { int ret = 0; + /* validating params */ + if (!srp) return BAD_FUNC_ARG; @@ -125,6 +160,8 @@ int wc_SrpInit(Srp* srp, byte type, byte side) type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512) return BAD_FUNC_ARG; + /* initializing common data */ + srp->side = side; srp->type = type; srp->salt = NULL; srp->saltSz = 0; srp->username = NULL; srp->usernameSz = 0; @@ -132,21 +169,31 @@ int wc_SrpInit(Srp* srp, byte type, byte side) if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY) return MP_INIT_E; + /* initializing client specific data */ + if (srp->side == SRP_CLIENT_SIDE) { - if (mp_init_multi(&srp->specific.client.a, - &srp->specific.client.A, - &srp->specific.client.B, - &srp->specific.client.password, 0, 0) != MP_OKAY) + ret = SrpHashInit(&srp->specific.client.proof, type); + + if (ret == 0 && mp_init_multi(&srp->specific.client.a, + &srp->specific.client.A, + &srp->specific.client.B, + &srp->specific.client.x, + 0, 0) != MP_OKAY) ret = MP_INIT_E; } - else { + + /* initializing server specific data */ + + if (srp->side == SRP_SERVER_SIDE) { if (mp_init_multi(&srp->specific.server.b, &srp->specific.server.B, &srp->specific.server.A, - &srp->specific.server.verifier, 0, 0) != MP_OKAY) + &srp->specific.server.v, 0, 0) != MP_OKAY) ret = MP_INIT_E; } + /* undo initializations on error */ + if (ret != 0) { mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->s); mp_clear(&srp->u); @@ -169,15 +216,16 @@ void wc_SrpTerm(Srp* srp) { mp_clear(&srp->specific.client.a); mp_clear(&srp->specific.client.A); mp_clear(&srp->specific.client.B); - mp_clear(&srp->specific.client.password); + mp_clear(&srp->specific.client.x); - XMEMSET(srp->specific.client.x, 0, SRP_MAX_DIGEST_SIZE); + XMEMSET(&srp->specific.client.proof, 0, sizeof(SrpHash)); } - else { + + if (srp->side == SRP_SERVER_SIDE) { mp_clear(&srp->specific.server.b); mp_clear(&srp->specific.server.B); mp_clear(&srp->specific.server.A); - mp_clear(&srp->specific.server.verifier); + mp_clear(&srp->specific.server.v); } } } @@ -200,6 +248,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, const byte* g, word32 gSz, const byte* salt, word32 saltSz) { + SrpHash hash; int ret = 0; if (!srp || !N || !g || !salt) @@ -211,16 +260,16 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY) return MP_READ_E; - if ((ret = SrpHashInit(srp)) != 0) + if ((ret = SrpHashInit(&hash, srp->type)) != 0) return ret; - if ((ret = SrpHashUpdate(srp, (byte*) N, nSz)) != 0) + if ((ret = SrpHashUpdate(&hash, (byte*) N, nSz)) != 0) return ret; - if ((ret = SrpHashUpdate(srp, (byte*) g, gSz)) != 0) + if ((ret = SrpHashUpdate(&hash, (byte*) g, gSz)) != 0) return ret; - if ((ret = SrpHashFinal(srp, srp->k)) != 0) + if ((ret = SrpHashFinal(&hash, srp->k)) != 0) return ret; srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP); @@ -234,11 +283,16 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, } int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) { + byte digest[SRP_MAX_DIGEST_SIZE]; + if (!srp || !password || srp->side != SRP_CLIENT_SIDE) return BAD_FUNC_ARG; - if (mp_read_unsigned_bin(&srp->specific.client.password, password, size) - != MP_OKAY) + (void) size; + /* TODO: calculate digest. */ + + if (mp_read_unsigned_bin(&srp->specific.client.x, digest, + SrpHashSize(srp->type)) != MP_OKAY) return MP_READ_E; return 0; diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index f79042b83..b75ac547a 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -64,34 +64,37 @@ enum { #endif }; -typedef union { - #ifndef NO_SHA - Sha sha; - #endif - #ifndef NO_SHA256 - Sha256 sha256; - #endif - #ifdef WOLFSSL_SHA384 - Sha384 sha384; - #endif - #ifdef WOLFSSL_SHA512 - Sha512 sha512; - #endif +typedef struct { + byte type; + union { + #ifndef NO_SHA + Sha sha; + #endif + #ifndef NO_SHA256 + Sha256 sha256; + #endif + #ifdef WOLFSSL_SHA384 + Sha384 sha384; + #endif + #ifdef WOLFSSL_SHA512 + Sha512 sha512; + #endif + } data; } SrpHash; typedef struct { mp_int a; /**< Private ephemeral value. Random. */ mp_int A; /**< Public ephemeral value. pow(g, a, N) */ mp_int B; /**< Server's public ephemeral value. */ - byte x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */ - mp_int password; /**< Password. */ + mp_int x; /**< Priv key. H(salt, H(user, ":", pswd)) */ + SrpHash proof; /**< Client proof. Sent to Server. */ } SrpClient; typedef struct { mp_int b; /**< Private ephemeral value. */ mp_int B; /**< Public ephemeral value. */ mp_int A; /**< Client's public ephemeral value. */ - mp_int verifier; /**< Verifier. v = pow(g, x, N) */ + mp_int v; /**< Verifier. v = pow(g, x, N) */ } SrpServer; typedef struct { @@ -110,7 +113,6 @@ typedef struct { SrpClient client; SrpServer server; } specific; - SrpHash hash; /**< Hash object. */ } Srp; WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side); From 6d5efccc55df7519c4b1b9d83cbef32384627b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Thu, 16 Jul 2015 16:03:18 -0300 Subject: [PATCH 038/102] finishes SrpSetPassword(), SrpSetVerifier(), SrpGetVerifier(); updates client_proof during SrpSetParams(); --- tests/srp.c | 11 +-- wolfcrypt/src/srp.c | 186 +++++++++++++++++++++++++++------------- wolfssl/wolfcrypt/srp.h | 11 ++- 3 files changed, 141 insertions(+), 67 deletions(-) diff --git a/tests/srp.c b/tests/srp.c index a2d59c829..765d8f81f 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -30,7 +30,7 @@ #ifdef WOLFCRYPT_HAVE_SRP -static char username[] = "username"; +static char user[] = "user"; static byte N[] = { 0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c, @@ -76,13 +76,13 @@ static void test_SrpSetUsername(void) AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); /* invalid params */ - AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, user)); AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL)); /* success */ - AssertIntEQ(0, wc_SrpSetUsername(&srp, username)); - AssertIntEQ((int) XSTRLEN(username), srp.usernameSz); - AssertIntEQ(0, XMEMCMP(srp.username, username, srp.usernameSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, user)); + AssertIntEQ((int) XSTRLEN(user), srp.userSz); + AssertIntEQ(0, XMEMCMP(srp.user, user, srp.userSz)); wc_SrpTerm(&srp); } @@ -92,6 +92,7 @@ static void test_SrpSetParams(void) Srp srp; AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, user)); /* invalid params */ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N, sizeof(N), diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 555f3172c..73d79ad4f 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -60,7 +60,7 @@ static int SrpHashInit(SrpHash* hash, int type) } } -static int SrpHashUpdate(SrpHash* hash, byte* data, word32 size) +static int SrpHashUpdate(SrpHash* hash, const byte* data, word32 size) { switch (hash->type) { #ifndef NO_SHA @@ -146,10 +146,9 @@ static word32 SrpHashSize(byte type) int wc_SrpInit(Srp* srp, byte type, byte side) { - int ret = 0; + int r; /* validating params */ - if (!srp) return BAD_FUNC_ARG; @@ -161,64 +160,51 @@ int wc_SrpInit(Srp* srp, byte type, byte side) return BAD_FUNC_ARG; /* initializing common data */ - - srp->side = side; srp->type = type; - srp->salt = NULL; srp->saltSz = 0; - srp->username = NULL; srp->usernameSz = 0; + srp->side = side; srp->type = type; + srp->salt = NULL; srp->saltSz = 0; + srp->user = NULL; srp->userSz = 0; if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY) return MP_INIT_E; + r = SrpHashInit(&srp->client_proof, type); + if (!r) r = SrpHashInit(&srp->server_proof, type); + /* initializing client specific data */ - - if (srp->side == SRP_CLIENT_SIDE) { - ret = SrpHashInit(&srp->specific.client.proof, type); - - if (ret == 0 && mp_init_multi(&srp->specific.client.a, - &srp->specific.client.A, - &srp->specific.client.B, - &srp->specific.client.x, - 0, 0) != MP_OKAY) - ret = MP_INIT_E; - } + if (!r && srp->side == SRP_CLIENT_SIDE) + r = mp_init_multi(&srp->specific.client.a, &srp->specific.client.A, + &srp->specific.client.B, &srp->specific.client.x,0,0); /* initializing server specific data */ - - if (srp->side == SRP_SERVER_SIDE) { - if (mp_init_multi(&srp->specific.server.b, - &srp->specific.server.B, - &srp->specific.server.A, - &srp->specific.server.v, 0, 0) != MP_OKAY) - ret = MP_INIT_E; - } + if (!r && srp->side == SRP_SERVER_SIDE) + r = mp_init_multi(&srp->specific.server.b, &srp->specific.server.B, + &srp->specific.server.A, &srp->specific.server.v,0,0); /* undo initializations on error */ - - if (ret != 0) { + if (r != 0) { mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->s); mp_clear(&srp->u); } - return ret; + return r; } -void wc_SrpTerm(Srp* srp) { +void wc_SrpTerm(Srp* srp) +{ if (srp) { mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->s); mp_clear(&srp->u); XMEMSET(srp->salt, 0, srp->saltSz); XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); - XMEMSET(srp->username, 0, srp->usernameSz); - XFREE(srp->username, NULL, DYNAMIC_TYPE_SRP); + XMEMSET(srp->user, 0, srp->userSz); + XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP); if (srp->side == SRP_CLIENT_SIDE) { mp_clear(&srp->specific.client.a); mp_clear(&srp->specific.client.A); mp_clear(&srp->specific.client.B); mp_clear(&srp->specific.client.x); - - XMEMSET(&srp->specific.client.proof, 0, sizeof(SrpHash)); } if (srp->side == SRP_SERVER_SIDE) { @@ -227,19 +213,22 @@ void wc_SrpTerm(Srp* srp) { mp_clear(&srp->specific.server.A); mp_clear(&srp->specific.server.v); } + + XMEMSET(srp, 0, sizeof(Srp)); } } -int wc_SrpSetUsername(Srp* srp, const char* username) { - if (!srp || !username) +int wc_SrpSetUsername(Srp* srp, const char* user) +{ + if (!srp || !user) return BAD_FUNC_ARG; - srp->username = (byte*)XMALLOC(XSTRLEN(username), NULL, DYNAMIC_TYPE_SRP); - if (srp->username == NULL) + srp->user = (byte*)XMALLOC(XSTRLEN(user), NULL, DYNAMIC_TYPE_SRP); + if (srp->user == NULL) return MEMORY_E; - srp->usernameSz = (word32) XSTRLEN(username); - XMEMCPY(srp->username, username, srp->usernameSz); + srp->userSz = (word32) XSTRLEN(user); + XMEMCPY(srp->user, user, srp->userSz); return 0; } @@ -249,28 +238,26 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, const byte* salt, word32 saltSz) { SrpHash hash; - int ret = 0; + byte digest1[SRP_MAX_DIGEST_SIZE]; + byte digest2[SRP_MAX_DIGEST_SIZE]; + int i, j, r; - if (!srp || !N || !g || !salt) + if (!srp || !srp->user || !N || !g || !salt) return BAD_FUNC_ARG; + /* Set N */ if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) return MP_READ_E; + /* Set g */ if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY) return MP_READ_E; - if ((ret = SrpHashInit(&hash, srp->type)) != 0) - return ret; - - if ((ret = SrpHashUpdate(&hash, (byte*) N, nSz)) != 0) - return ret; - - if ((ret = SrpHashUpdate(&hash, (byte*) g, gSz)) != 0) - return ret; - - if ((ret = SrpHashFinal(&hash, srp->k)) != 0) - return ret; + /* Set salt */ + if (srp->salt) { + XMEMSET(srp->salt, 0, srp->saltSz); + XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); + } srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP); if (srp->salt == NULL) @@ -279,20 +266,101 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, XMEMCPY(srp->salt, salt, saltSz); srp->saltSz = saltSz; - return 0; + /* Set k = H(N, g) */ + r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); + if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); + if (!r) r = SrpHashFinal(&hash, srp->k); + + /* Update client proof */ + + /* digest1 = H(N) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); + if (!r) r = SrpHashFinal(&hash, digest1); + + /* digest2 = H(g) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); + if (!r) r = SrpHashFinal(&hash, digest2); + + /* digest1 = H(N) ^ H(g) */ + for (i = 0, j = SrpHashSize(srp->type); i < j; i++) + digest1[i] ^= digest2[i]; + + /* digest2 = H(user) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); + if (!r) r = SrpHashFinal(&hash, digest2); + + /* Client proof = H( H(N) ^ H(g) | H(user) | salt) */ + if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j); + if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j); + if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz); + + return r; } -int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) { +int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) +{ + SrpHash hash; byte digest[SRP_MAX_DIGEST_SIZE]; + int r; - if (!srp || !password || srp->side != SRP_CLIENT_SIDE) + if (!srp || !srp->user || !password || srp->side != SRP_CLIENT_SIDE) return BAD_FUNC_ARG; - (void) size; - /* TODO: calculate digest. */ + /* digest = H(username | ':' | password) */ + r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); + if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1); + if (!r) r = SrpHashUpdate(&hash, password, size); + if (!r) r = SrpHashFinal(&hash, digest); - if (mp_read_unsigned_bin(&srp->specific.client.x, digest, + /* digest = H(salt | H(username | ':' | password)) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz); + if (!r) r = SrpHashUpdate(&hash, digest, SrpHashSize(srp->type)); + if (!r) r = SrpHashFinal(&hash, digest); + + /* Set x (private key) */ + if (!r && mp_read_unsigned_bin(&srp->specific.client.x, digest, SrpHashSize(srp->type)) != MP_OKAY) + r = MP_READ_E; + + XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE); + + return r; +} + +int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) +{ + mp_int v; + int r; + + if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE) + return BAD_FUNC_ARG; + + r = mp_init(&v); + + /* v = g ^ x % N */ + if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.x, &srp->N, &v); + if (!r) r = (int)*size < mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY; + if (!r) r = mp_to_unsigned_bin(&v, verifier); + if (!r) *size = mp_unsigned_bin_size(&srp->specific.server.v); + + mp_clear(&v); + + return r; +} + +int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size) +{ + if (!srp || !verifier || srp->side != SRP_SERVER_SIDE) + return BAD_FUNC_ARG; + + if (mp_read_unsigned_bin(&srp->specific.server.v, verifier, size) + != MP_OKAY) return MP_READ_E; return 0; diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index b75ac547a..b89733847 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -87,7 +87,6 @@ typedef struct { mp_int A; /**< Public ephemeral value. pow(g, a, N) */ mp_int B; /**< Server's public ephemeral value. */ mp_int x; /**< Priv key. H(salt, H(user, ":", pswd)) */ - SrpHash proof; /**< Client proof. Sent to Server. */ } SrpClient; typedef struct { @@ -105,10 +104,12 @@ typedef struct { mp_int s; /**< Session key. */ byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ mp_int u; /**< Random scrambling parameeter. */ - byte* username; /**< Username, login. */ - word32 usernameSz; /**< Username length. */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ byte* salt; /**< Small salt. */ word32 saltSz; /**< Salt length. */ + SrpHash client_proof; /**< Client proof. Sent to Server. */ + SrpHash server_proof; /**< Server proof. Sent to Client. */ union { SrpClient client; SrpServer server; @@ -126,6 +127,10 @@ WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size); +WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size); + +WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size); + #ifdef __cplusplus } /* extern "C" */ #endif From 6ee788277fbe8d9d3ad8ab1e5009560f6d052eb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sat, 25 Jul 2015 21:03:36 -0300 Subject: [PATCH 039/102] adds tests to SrpSetPassword(), SrpSetVerifier(), SrpGetVerifier(); adds SrpGenPublic() and SrpSetPrivate() with unit tests; fixes k with left pad at g; adds new error SRP_CALL_ORDER_E to force the functions to be called in the right order. --- tests/srp.c | 196 ++++++++++++++++++++++++++++---- tests/unit.h | 4 +- wolfcrypt/src/srp.c | 135 ++++++++++++++++++++-- wolfssl/wolfcrypt/error-crypt.h | 4 +- wolfssl/wolfcrypt/srp.h | 20 ++-- 5 files changed, 318 insertions(+), 41 deletions(-) diff --git a/tests/srp.c b/tests/srp.c index 765d8f81f..7ec4a25c8 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -30,20 +30,19 @@ #ifdef WOLFCRYPT_HAVE_SRP -static char user[] = "user"; +static byte username[] = "user"; +static word32 usernameSz = 4; + +static byte password[] = "password"; +static word32 passwordSz = 8; static byte N[] = { - 0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c, - 0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f, - 0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3, - 0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4, - 0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27, - 0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3, - 0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a, - 0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8, - 0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e, - 0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d, - 0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3 + 0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E, + 0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3, + 0x7C, 0x0F, 0xC0, 0x44, 0x3E, 0xF7, 0x56, 0xEA, 0x2C, 0x6B, 0x8E, 0xEB, + 0x75, 0x5A, 0x1C, 0x72, 0x30, 0x27, 0x66, 0x3C, 0xAA, 0x26, 0x5E, 0xF7, + 0x85, 0xB8, 0xFF, 0x6A, 0x9B, 0x35, 0x22, 0x7A, 0x52, 0xD8, 0x66, 0x33, + 0xDB, 0xDF, 0xCA, 0x43 }; static byte g[] = { @@ -51,7 +50,46 @@ static byte g[] = { }; static byte salt[] = { - 'r', 'a', 'n', 'd', 'o', 'm' + 0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18 +}; + +static byte verifier[] = { + 0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61, + 0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47, + 0xA1, 0xFA, 0x9D, 0x25, 0x7B, 0x02, 0x88, 0x0A, 0xE8, 0x5A, 0xBA, 0x8B, + 0xA2, 0xD3, 0x8A, 0x62, 0x46, 0x8C, 0xEC, 0x52, 0xBE, 0xDE, 0xFC, 0x75, + 0xF5, 0xDB, 0x9C, 0x8C, 0x9B, 0x34, 0x7A, 0xE7, 0x4A, 0x5F, 0xBB, 0x96, + 0x38, 0x19, 0xAB, 0x24 +}; + +static byte a[] = { + 0x37, 0x95, 0xF2, 0xA6, 0xF1, 0x6F, 0x0D, 0x58, 0xBF, 0xED, 0x44, 0x87, + 0xE0, 0xB6, 0xCC, 0x1C, 0xA0, 0x50, 0xC6, 0x61, 0xBB, 0x36, 0xE0, 0x9A, + 0xF3, 0xF7, 0x1E, 0x7A, 0x61, 0x86, 0x5A, 0xF5 +}; + +static byte A[] = { + 0x8D, 0x28, 0xC5, 0x6A, 0x46, 0x5C, 0x82, 0xDB, 0xC7, 0xF6, 0x8B, 0x62, + 0x1A, 0xAD, 0xA1, 0x76, 0x1B, 0x55, 0xFF, 0xAB, 0x10, 0x2F, 0xFF, 0x4A, + 0xAA, 0x46, 0xAD, 0x33, 0x64, 0xDE, 0x28, 0x2E, 0x82, 0x7A, 0xBE, 0xEA, + 0x32, 0xFC, 0xD6, 0x14, 0x01, 0x71, 0xE6, 0xC8, 0xC9, 0x53, 0x69, 0x55, + 0xE1, 0xF8, 0x3D, 0xDD, 0xC7, 0xD5, 0x21, 0xCE, 0xFF, 0x17, 0xFC, 0x23, + 0xBF, 0xCF, 0x2D, 0xB0 +}; + +static byte b[] = { + 0x2B, 0xDD, 0x30, 0x30, 0x53, 0xAF, 0xD8, 0x3A, 0xE7, 0xE0, 0x17, 0x82, + 0x39, 0x44, 0x2C, 0xDB, 0x30, 0x88, 0x0F, 0xC8, 0x88, 0xC2, 0xB2, 0xC1, + 0x78, 0x43, 0x2F, 0xD5, 0x60, 0xD4, 0xDA, 0x43 +}; + +static byte B[] = { + 0xB5, 0x80, 0x36, 0x7F, 0x50, 0x89, 0xC1, 0x04, 0x42, 0x98, 0xD7, 0x6A, + 0x37, 0x8E, 0xF1, 0x81, 0x52, 0xC5, 0x7A, 0xA1, 0xD5, 0xB7, 0x66, 0x84, + 0xA1, 0x3E, 0x32, 0x82, 0x2B, 0x3A, 0xB5, 0xD7, 0x3D, 0x50, 0xF1, 0x58, + 0xBD, 0x89, 0x75, 0xC7, 0x51, 0xCF, 0x6C, 0x03, 0xD4, 0xCA, 0xD5, 0x6E, + 0x97, 0x4D, 0xA3, 0x1E, 0x19, 0x0B, 0xF0, 0xAA, 0x7D, 0x14, 0x90, 0x80, + 0x0E, 0xC7, 0x92, 0xAD }; static void test_SrpInit(void) @@ -76,13 +114,13 @@ static void test_SrpSetUsername(void) AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); /* invalid params */ - AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, user)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz)); /* success */ - AssertIntEQ(0, wc_SrpSetUsername(&srp, user)); - AssertIntEQ((int) XSTRLEN(user), srp.userSz); - AssertIntEQ(0, XMEMCMP(srp.user, user, srp.userSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ((int) usernameSz, srp.userSz); + AssertIntEQ(0, XMEMCMP(srp.user, username, usernameSz)); wc_SrpTerm(&srp); } @@ -92,7 +130,14 @@ static void test_SrpSetParams(void) Srp srp; AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); - AssertIntEQ(0, wc_SrpSetUsername(&srp, user)); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); /* invalid params */ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N, sizeof(N), @@ -119,6 +164,117 @@ static void test_SrpSetParams(void) wc_SrpTerm(&srp); } +static void test_SrpSetPassword(void) +{ + Srp srp; + byte v[64]; + word32 vSz = 0; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, + wc_SrpSetPassword(&srp, password, passwordSz)); + AssertIntEQ(SRP_CALL_ORDER_E, + wc_SrpGetVerifier(&srp, v, &vSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL, passwordSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v, &vSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz)); + AssertIntEQ(BUFFER_E, wc_SrpGetVerifier(&srp, v, &vSz)); + + /* success */ + vSz = sizeof(v); + AssertIntEQ(0, wc_SrpGetVerifier(&srp, v, &vSz)); + AssertIntEQ(vSz, sizeof(verifier)); + AssertIntEQ(0, XMEMCMP(verifier, v, vSz)); + + /* invalid params - client side srp */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz)); + + wc_SrpTerm(&srp); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v, vSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpGenPublic(void) +{ + Srp srp; + byte public[64]; + word32 publicSz = 0; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(NULL, public, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, NULL, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, public, NULL)); + AssertIntEQ(BUFFER_E, wc_SrpGenPublic(&srp, public, &publicSz)); + + /* success */ + publicSz = sizeof(public); + AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a))); + AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz)); + AssertIntEQ(publicSz, sizeof(A)); + AssertIntEQ(0, XMEMCMP(public, A, publicSz)); + + wc_SrpTerm(&srp); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier))); + + /* success */ + AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b))); + AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz)); + AssertIntEQ(publicSz, sizeof(B)); + AssertIntEQ(0, XMEMCMP(public, B, publicSz)); + + wc_SrpTerm(&srp); +} + #endif void SrpTest(void) @@ -127,5 +283,7 @@ void SrpTest(void) test_SrpInit(); test_SrpSetUsername(); test_SrpSetParams(); + test_SrpSetPassword(); + test_SrpGenPublic(); #endif } diff --git a/tests/unit.h b/tests/unit.h index 997186291..1a038a21f 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -27,8 +27,8 @@ #define Fail(description, result) do { \ printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ - printf("\n\n test: "); printf description; \ - printf("\n\n result: "); printf result; \ + printf("\n expected: "); printf description; \ + printf("\n result: "); printf result; printf("\n\n"); \ abort(); \ } while(0) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 73d79ad4f..48219d49b 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -28,6 +28,7 @@ #ifdef WOLFCRYPT_HAVE_SRP #include +#include #include static int SrpHashInit(SrpHash* hash, int type) @@ -218,21 +219,20 @@ void wc_SrpTerm(Srp* srp) } } -int wc_SrpSetUsername(Srp* srp, const char* user) +int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size) { - if (!srp || !user) + if (!srp || !username) return BAD_FUNC_ARG; - srp->user = (byte*)XMALLOC(XSTRLEN(user), NULL, DYNAMIC_TYPE_SRP); + srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP); if (srp->user == NULL) return MEMORY_E; - srp->userSz = (word32) XSTRLEN(user); - XMEMCPY(srp->user, user, srp->userSz); + srp->userSz = size; + XMEMCPY(srp->user, username, srp->userSz); return 0; } - int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, const byte* g, word32 gSz, const byte* salt, word32 saltSz) @@ -240,11 +240,15 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, SrpHash hash; byte digest1[SRP_MAX_DIGEST_SIZE]; byte digest2[SRP_MAX_DIGEST_SIZE]; + byte pad = 0; int i, j, r; - if (!srp || !srp->user || !N || !g || !salt) + if (!srp || !N || !g || !salt || nSz < gSz) return BAD_FUNC_ARG; + if (!srp->user) + return SRP_CALL_ORDER_E; + /* Set N */ if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) return MP_READ_E; @@ -269,6 +273,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, /* Set k = H(N, g) */ r = SrpHashInit(&hash, srp->type); if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); + for (i = 0; (word32)i < nSz - gSz; i++) + SrpHashUpdate(&hash, &pad, 1); if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); if (!r) r = SrpHashFinal(&hash, srp->k); @@ -307,9 +313,12 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) byte digest[SRP_MAX_DIGEST_SIZE]; int r; - if (!srp || !srp->user || !password || srp->side != SRP_CLIENT_SIDE) + if (!srp || !password || srp->side != SRP_CLIENT_SIDE) return BAD_FUNC_ARG; + if (!srp->salt) + return SRP_CALL_ORDER_E; + /* digest = H(username | ':' | password) */ r = SrpHashInit(&hash, srp->type); if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); @@ -341,13 +350,16 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE) return BAD_FUNC_ARG; + if (mp_iszero(&srp->specific.client.x)) + return SRP_CALL_ORDER_E; + r = mp_init(&v); /* v = g ^ x % N */ if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.x, &srp->N, &v); - if (!r) r = (int)*size < mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY; + if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY; if (!r) r = mp_to_unsigned_bin(&v, verifier); - if (!r) *size = mp_unsigned_bin_size(&srp->specific.server.v); + if (!r) *size = mp_unsigned_bin_size(&v); mp_clear(&v); @@ -366,4 +378,107 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size) return 0; } +int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) { + if (!srp || !private || !size) + return BAD_FUNC_ARG; + + return mp_read_unsigned_bin(srp->type == SRP_CLIENT_SIDE + ? &srp->specific.client.a + : &srp->specific.server.b, private, size); +} + +static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) { + RNG rng; + int r = wc_InitRng(&rng); + + if (!r) r = wc_RNG_GenerateBlock(&rng, private, size); + if (!r) r = wc_SrpSetPrivate(srp, private, size); + if (!r) wc_FreeRng(&rng); + + return r; +} + +int wc_SrpGenPublic(Srp* srp, byte* public, word32* size) +{ + byte* buf; + word32 len; + int r = 0; + + if (!srp || (!public && size) || (public && !size)) + return BAD_FUNC_ARG; + + if (srp->side == SRP_CLIENT_SIDE && mp_iszero(&srp->N)) + return SRP_CALL_ORDER_E; + + if (srp->side == SRP_SERVER_SIDE && (mp_iszero(&srp->N) || + mp_iszero(&srp->specific.server.v))) + return SRP_CALL_ORDER_E; + + len = mp_unsigned_bin_size(&srp->N); + if (size && *size < len) + return BUFFER_E; + + buf = public ? public : (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_SRP); + if (!buf) + return MEMORY_E; + + if (srp->side == SRP_CLIENT_SIDE) { + /* a = random() */ + if (mp_iszero(&srp->specific.client.a)) + r = wc_SrpGenPrivate(srp, buf, len); + + /* A = g ^ a % N */ + if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.a, + &srp->N, &srp->specific.client.A); + + /* extract public key to buffer */ + XMEMSET(buf, 0, len); + if (!r) r = mp_to_unsigned_bin(&srp->specific.client.A, buf); + if (!r) len = mp_unsigned_bin_size(&srp->specific.client.A); + + /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */ + if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len); + + /* Server proof = H(A) */ + if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len); + + } else { + mp_int i, j; + + if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) { + /* b = random() */ + if (mp_iszero(&srp->specific.server.b)) + r = wc_SrpGenPrivate(srp, buf, len); + + /* B = (k * v + (g ^ b % N)) % N */ + if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type)); + if (!r) r = mp_exptmod(&srp->g, &srp->specific.server.b, + &srp->N, &srp->specific.server.B); + if (!r) r = mp_mul(&i, &srp->specific.server.v, &j); + if (!r) r = mp_add(&j, &srp->specific.server.B, &i); + if (!r) r = mp_mod(&i, &srp->N, &srp->specific.server.B); + + /* extract public key to buffer */ + XMEMSET(buf, 0, len); + if (!r) r = mp_to_unsigned_bin(&srp->specific.server.B, buf); + if (!r) len = mp_unsigned_bin_size(&srp->specific.server.B); + + /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */ + if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len); + + /* Server proof = H(A) */ + if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len); + + mp_clear(&i); mp_clear(&j); + } + } + + if (public) + *size = len; + else + XFREE(buf, NULL, DYNAMIC_TYPE_SRP); + + return r; +} + #endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 79991fdf4..31847de9c 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -151,6 +151,8 @@ enum { ECC_INF_E = -215, /* ECC point infinity error */ ECC_PRIV_KEY_E = -216, /* ECC private key not valid error */ + SRP_CALL_ORDER_E = -217, /* SRP function called in the wrong order. */ + MIN_CODE_E = -300 /* errors -101 - -299 */ }; @@ -163,5 +165,3 @@ WOLFSSL_API const char* wc_GetErrorString(int error); } /* extern "C" */ #endif #endif /* WOLF_CRYPT_ERROR_H */ - - diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index b89733847..8f6f9c081 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -116,20 +116,24 @@ typedef struct { } specific; } Srp; -WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side); +WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side); WOLFSSL_API void wc_SrpTerm(Srp* srp); -WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const char* user); +WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size); -WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, - const byte* g, word32 gSz, - const byte* salt, word32 saltSz); +WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, + const byte* g, word32 gSz, + const byte* salt, word32 saltSz); -WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size); +WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size); -WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size); +WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size); -WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size); +WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size); + +WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size); + +WOLFSSL_API int wc_SrpGenPublic(Srp* srp, byte* public, word32* size); #ifdef __cplusplus } /* extern "C" */ From ba0c75011b519011f09a834bbc67ebb85efe97ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 28 Jul 2015 14:55:46 -0300 Subject: [PATCH 040/102] adds secret computation. --- wolfcrypt/src/srp.c | 278 ++++++++++++++++++++++++++-------------- wolfssl/wolfcrypt/srp.h | 39 ++---- 2 files changed, 193 insertions(+), 124 deletions(-) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 48219d49b..03345ac21 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -150,6 +150,7 @@ int wc_SrpInit(Srp* srp, byte type, byte side) int r; /* validating params */ + if (!srp) return BAD_FUNC_ARG; @@ -160,61 +161,46 @@ int wc_SrpInit(Srp* srp, byte type, byte side) type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512) return BAD_FUNC_ARG; - /* initializing common data */ + /* initializing variables */ + + if ((r = SrpHashInit(&srp->client_proof, type)) != 0) + return r; + + if ((r = SrpHashInit(&srp->server_proof, type)) != 0) + return r; + + if ((r = mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0)) != 0) + return r; + + if ((r = mp_init_multi(&srp->auth, &srp->peer, &srp->priv, &srp->pub, + 0, 0)) != 0) { + /* undo previous initializations on error */ + mp_clear(&srp->N); mp_clear(&srp->g); + mp_clear(&srp->s); mp_clear(&srp->u); + + return r; + } + srp->side = side; srp->type = type; srp->salt = NULL; srp->saltSz = 0; srp->user = NULL; srp->userSz = 0; - if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY) - return MP_INIT_E; - - r = SrpHashInit(&srp->client_proof, type); - if (!r) r = SrpHashInit(&srp->server_proof, type); - - /* initializing client specific data */ - if (!r && srp->side == SRP_CLIENT_SIDE) - r = mp_init_multi(&srp->specific.client.a, &srp->specific.client.A, - &srp->specific.client.B, &srp->specific.client.x,0,0); - - /* initializing server specific data */ - if (!r && srp->side == SRP_SERVER_SIDE) - r = mp_init_multi(&srp->specific.server.b, &srp->specific.server.B, - &srp->specific.server.A, &srp->specific.server.v,0,0); - - /* undo initializations on error */ - if (r != 0) { - mp_clear(&srp->N); mp_clear(&srp->g); - mp_clear(&srp->s); mp_clear(&srp->u); - } - - return r; + return 0; } void wc_SrpTerm(Srp* srp) { if (srp) { - mp_clear(&srp->N); mp_clear(&srp->g); - mp_clear(&srp->s); mp_clear(&srp->u); + mp_clear(&srp->N); mp_clear(&srp->g); + mp_clear(&srp->s); mp_clear(&srp->u); + mp_clear(&srp->auth); mp_clear(&srp->peer); + mp_clear(&srp->priv); mp_clear(&srp->pub); XMEMSET(srp->salt, 0, srp->saltSz); XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); XMEMSET(srp->user, 0, srp->userSz); XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP); - if (srp->side == SRP_CLIENT_SIDE) { - mp_clear(&srp->specific.client.a); - mp_clear(&srp->specific.client.A); - mp_clear(&srp->specific.client.B); - mp_clear(&srp->specific.client.x); - } - - if (srp->side == SRP_SERVER_SIDE) { - mp_clear(&srp->specific.server.b); - mp_clear(&srp->specific.server.B); - mp_clear(&srp->specific.server.A); - mp_clear(&srp->specific.server.v); - } - XMEMSET(srp, 0, sizeof(Srp)); } } @@ -233,6 +219,7 @@ int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size) return 0; } + int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, const byte* g, word32 gSz, const byte* salt, word32 saltSz) @@ -311,6 +298,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) { SrpHash hash; byte digest[SRP_MAX_DIGEST_SIZE]; + word32 digestSz; int r; if (!srp || !password || srp->side != SRP_CLIENT_SIDE) @@ -319,6 +307,8 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) if (!srp->salt) return SRP_CALL_ORDER_E; + digestSz = SrpHashSize(srp->type); + /* digest = H(username | ':' | password) */ r = SrpHashInit(&hash, srp->type); if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); @@ -329,13 +319,11 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) /* digest = H(salt | H(username | ':' | password)) */ if (!r) r = SrpHashInit(&hash, srp->type); if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz); - if (!r) r = SrpHashUpdate(&hash, digest, SrpHashSize(srp->type)); + if (!r) r = SrpHashUpdate(&hash, digest, digestSz); if (!r) r = SrpHashFinal(&hash, digest); /* Set x (private key) */ - if (!r && mp_read_unsigned_bin(&srp->specific.client.x, digest, - SrpHashSize(srp->type)) != MP_OKAY) - r = MP_READ_E; + if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz); XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE); @@ -350,13 +338,13 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE) return BAD_FUNC_ARG; - if (mp_iszero(&srp->specific.client.x)) + if (mp_iszero(&srp->auth)) return SRP_CALL_ORDER_E; r = mp_init(&v); /* v = g ^ x % N */ - if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.x, &srp->N, &v); + if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v); if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY; if (!r) r = mp_to_unsigned_bin(&v, verifier); if (!r) *size = mp_unsigned_bin_size(&v); @@ -371,23 +359,19 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size) if (!srp || !verifier || srp->side != SRP_SERVER_SIDE) return BAD_FUNC_ARG; - if (mp_read_unsigned_bin(&srp->specific.server.v, verifier, size) - != MP_OKAY) - return MP_READ_E; - - return 0; + return mp_read_unsigned_bin(&srp->auth, verifier, size); } -int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) { +int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) +{ if (!srp || !private || !size) return BAD_FUNC_ARG; - return mp_read_unsigned_bin(srp->type == SRP_CLIENT_SIDE - ? &srp->specific.client.a - : &srp->specific.server.b, private, size); + return mp_read_unsigned_bin(&srp->priv, private, size); } -static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) { +static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) +{ RNG rng; int r = wc_InitRng(&rng); @@ -407,11 +391,10 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size) if (!srp || (!public && size) || (public && !size)) return BAD_FUNC_ARG; - if (srp->side == SRP_CLIENT_SIDE && mp_iszero(&srp->N)) + if (mp_iszero(&srp->N)) return SRP_CALL_ORDER_E; - if (srp->side == SRP_SERVER_SIDE && (mp_iszero(&srp->N) || - mp_iszero(&srp->specific.server.v))) + if (srp->side == SRP_SERVER_SIDE && mp_iszero(&srp->auth)) return SRP_CALL_ORDER_E; len = mp_unsigned_bin_size(&srp->N); @@ -422,55 +405,44 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size) if (!buf) return MEMORY_E; + /* priv = random() */ + if (mp_iszero(&srp->priv)) + r = wc_SrpGenPrivate(srp, buf, len); + + /* client side: A = g ^ a % N */ if (srp->side == SRP_CLIENT_SIDE) { - /* a = random() */ - if (mp_iszero(&srp->specific.client.a)) - r = wc_SrpGenPrivate(srp, buf, len); - /* A = g ^ a % N */ - if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.a, - &srp->N, &srp->specific.client.A); + if (!r) r = mp_exptmod(&srp->g, &srp->priv, + &srp->N, &srp->pub); - /* extract public key to buffer */ - XMEMSET(buf, 0, len); - if (!r) r = mp_to_unsigned_bin(&srp->specific.client.A, buf); - if (!r) len = mp_unsigned_bin_size(&srp->specific.client.A); + /* server side: B = (k * v + (g ^ b % N)) % N */ + } else { + mp_int i, j; + if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) { + if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type)); + if (!r) r = mp_exptmod(&srp->g, &srp->priv, + &srp->N, &srp->pub); + if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j); + if (!r) r = mp_add(&j, &srp->pub, &i); + if (!r) r = mp_mod(&i, &srp->N, &srp->pub); + + mp_clear(&i); mp_clear(&j); + } + } + + /* extract public key to buffer */ + XMEMSET(buf, 0, len); + if (!r) r = mp_to_unsigned_bin(&srp->pub, buf); + if (!r) len = mp_unsigned_bin_size(&srp->pub); + + /* update proofs */ + if (srp->side == SRP_CLIENT_SIDE) { /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */ if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len); /* Server proof = H(A) */ if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len); - - } else { - mp_int i, j; - - if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) { - /* b = random() */ - if (mp_iszero(&srp->specific.server.b)) - r = wc_SrpGenPrivate(srp, buf, len); - - /* B = (k * v + (g ^ b % N)) % N */ - if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type)); - if (!r) r = mp_exptmod(&srp->g, &srp->specific.server.b, - &srp->N, &srp->specific.server.B); - if (!r) r = mp_mul(&i, &srp->specific.server.v, &j); - if (!r) r = mp_add(&j, &srp->specific.server.B, &i); - if (!r) r = mp_mod(&i, &srp->N, &srp->specific.server.B); - - /* extract public key to buffer */ - XMEMSET(buf, 0, len); - if (!r) r = mp_to_unsigned_bin(&srp->specific.server.B, buf); - if (!r) len = mp_unsigned_bin_size(&srp->specific.server.B); - - /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */ - if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len); - - /* Server proof = H(A) */ - if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len); - - mp_clear(&i); mp_clear(&j); - } } if (public) @@ -481,4 +453,112 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size) return r; } +static int wc_SrpSetU(Srp* srp, byte* peersKey, word32 peersKeySz) +{ + SrpHash hash; + byte digest[SRP_MAX_DIGEST_SIZE]; + byte* public = NULL; + word32 publicSz = 0; + word32 modulusSz = mp_unsigned_bin_size(&srp->N); + byte pad = 0; + word32 i; + int r = SrpHashInit(&hash, srp->type); + + if (!r && srp->side == SRP_CLIENT_SIDE) { + publicSz = mp_unsigned_bin_size(&srp->pub); + public = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP); + + if (public == NULL) + r = MEMORY_E; + + /* H(A) */ + if (!r) r = mp_to_unsigned_bin(&srp->pub, public); + for (i = 0; i < modulusSz - publicSz; i++) + SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, public, publicSz); + + /* H(A | B) */ + if (!r) r = mp_read_unsigned_bin(&srp->peer, + peersKey, peersKeySz); + for (i = 0; i < modulusSz - peersKeySz; i++) + SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz); + + /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */ + if (!r) r = SrpHashUpdate(&srp->client_proof, peersKey, peersKeySz); + + } else if (!r && srp->side == SRP_SERVER_SIDE) { + publicSz = mp_unsigned_bin_size(&srp->pub); + public = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP); + + if (public == NULL) + r = MEMORY_E; + + /* H(A) */ + if (!r) r = mp_read_unsigned_bin(&srp->peer, + peersKey, peersKeySz); + for (i = 0; i < modulusSz - peersKeySz; i++) + SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz); + + /* H(A | B) */ + if (!r) r = mp_to_unsigned_bin(&srp->pub, public); + for (i = 0; i < modulusSz - publicSz; i++) + SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, public, publicSz); + } + + if (!r) r = SrpHashFinal(&hash, digest); + if (!r) r = mp_read_unsigned_bin(&srp->u, digest, SrpHashSize(srp->type)); + + XFREE(public, NULL, DYNAMIC_TYPE_SRP); + + return r; +} + +WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz) +{ + mp_int i, j; + int r; + + if (!srp || !peersKey || peersKeySz == 0) + return BAD_FUNC_ARG; + + if ((r = mp_init_multi(&i, &j, 0, 0, 0, 0)) != MP_OKAY) + return r; + + r = wc_SrpSetU(srp, peersKey, peersKeySz); + + if (!r && srp->side == SRP_CLIENT_SIDE) { + r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type)); + + /* i = B - k * v */ + if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j); + if (!r) r = mp_mulmod(&i, &j, &srp->N, &srp->s); + if (!r) r = mp_sub(&srp->peer, &srp->s, &i); + + /* j = a + u * x */ + if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &srp->s); + if (!r) r = mp_add(&srp->priv, &srp->s, &j); + + /* s = i ^ j % N */ + if (!r) r = mp_exptmod(&i, &j, &srp->N, &srp->s); + + } else if (!r && srp->side == SRP_SERVER_SIDE) { + /* i = v ^ u % N */ + if (!r) r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i); + + /* j = A * i % N */ + if (!r) r = mp_mulmod(&srp->peer, &i, &srp->N, &j); + + /* s = j * b % N */ + if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &srp->s); + } + + mp_clear(&i); + mp_clear(&j); + + return r; +} + #endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 8f6f9c081..7b19a4025 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -83,40 +83,27 @@ typedef struct { } SrpHash; typedef struct { - mp_int a; /**< Private ephemeral value. Random. */ - mp_int A; /**< Public ephemeral value. pow(g, a, N) */ - mp_int B; /**< Server's public ephemeral value. */ - mp_int x; /**< Priv key. H(salt, H(user, ":", pswd)) */ -} SrpClient; - -typedef struct { - mp_int b; /**< Private ephemeral value. */ - mp_int B; /**< Public ephemeral value. */ - mp_int A; /**< Client's public ephemeral value. */ - mp_int v; /**< Verifier. v = pow(g, x, N) */ -} SrpServer; - -typedef struct { - byte side; /**< Client or Server side. */ - byte type; /**< Hash type, SHA[1:256:384:512] */ - mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ - mp_int g; /**< Generator. A generator modulo N. */ - mp_int s; /**< Session key. */ - byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ - mp_int u; /**< Random scrambling parameeter. */ + byte side; /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */ + byte type; /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */ byte* user; /**< Username, login. */ word32 userSz; /**< Username length. */ byte* salt; /**< Small salt. */ word32 saltSz; /**< Salt length. */ + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ + mp_int g; /**< Generator. A generator modulo N. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ + mp_int auth; /**< Priv key. H(salt, H(user, ":", pswd)) */ + mp_int priv; /**< Private ephemeral value. */ + mp_int pub; /**< Public ephemeral value. */ + mp_int peer; /**< Peer's public ephemeral value. */ + mp_int u; /**< Random scrambling parameeter. */ SrpHash client_proof; /**< Client proof. Sent to Server. */ SrpHash server_proof; /**< Server proof. Sent to Client. */ - union { - SrpClient client; - SrpServer server; - } specific; + mp_int s; /**< Session key. */ } Srp; WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side); + WOLFSSL_API void wc_SrpTerm(Srp* srp); WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size); @@ -135,6 +122,8 @@ WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size); WOLFSSL_API int wc_SrpGenPublic(Srp* srp, byte* public, word32* size); +WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz); + #ifdef __cplusplus } /* extern "C" */ #endif From 490d063deca5c9103172a6fb6cfd5be72562c88d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 28 Jul 2015 18:59:15 -0300 Subject: [PATCH 041/102] adds key computation. removes unnecessary fields from the srp struct. --- tests/srp.c | 115 +++++++++++++++---- wolfcrypt/src/srp.c | 239 ++++++++++++++++++++-------------------- wolfssl/wolfcrypt/srp.h | 37 +++---- 3 files changed, 233 insertions(+), 158 deletions(-) diff --git a/tests/srp.c b/tests/srp.c index 7ec4a25c8..02e97d0f4 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -5,16 +5,16 @@ * This file is part of wolfSSL. (formerly known as CyaSSL) * * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU Geteral Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * GNU Geteral Public License for more details. * - * You should have received a copy of the GNU General Public License + * You should have received a copy of the GNU Geteral Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -92,6 +92,13 @@ static byte B[] = { 0x0E, 0xC7, 0x92, 0xAD }; +static byte key[] = { + 0x66, 0x00, 0x9D, 0x58, 0xB3, 0xD2, 0x0D, 0x4B, 0x69, 0x7F, 0xCF, 0x48, + 0xFF, 0x8F, 0x15, 0x81, 0x4C, 0x4B, 0xFE, 0x9D, 0x85, 0x77, 0x88, 0x60, + 0x1D, 0x1E, 0x51, 0xCF, 0x75, 0xCC, 0x58, 0x00, 0xE7, 0x8D, 0x22, 0x87, + 0x13, 0x6C, 0x88, 0x55 +}; + static void test_SrpInit(void) { Srp srp; @@ -218,63 +225,126 @@ static void test_SrpSetPassword(void) wc_SrpTerm(&srp); } -static void test_SrpGenPublic(void) +static void test_SrpGetPublic(void) { Srp srp; byte public[64]; word32 publicSz = 0; AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); - - /* invalid call order */ - AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz)); - - /* fix call order */ AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt))); + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz)); + /* invalid params */ - AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(NULL, public, &publicSz)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, NULL, &publicSz)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, public, NULL)); - AssertIntEQ(BUFFER_E, wc_SrpGenPublic(&srp, public, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, public, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, public, NULL)); + AssertIntEQ(BUFFER_E, wc_SrpGetPublic(&srp, public, &publicSz)); /* success */ publicSz = sizeof(public); - AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL)); - AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a))); - AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz)); + AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz)); AssertIntEQ(publicSz, sizeof(A)); AssertIntEQ(0, XMEMCMP(public, A, publicSz)); wc_SrpTerm(&srp); - AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt))); /* invalid call order */ - AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz)); + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz)); /* fix call order */ AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier))); /* success */ - AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL)); - AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b))); - AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz)); + AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz)); AssertIntEQ(publicSz, sizeof(B)); AssertIntEQ(0, XMEMCMP(public, B, publicSz)); wc_SrpTerm(&srp); } +static void test_SrpComputeKey(void) +{ + Srp cli, srv; + byte clientPubKey[64]; + byte serverPubKey[64]; + word32 clientPubKeySz = 64; + word32 serverPubKeySz = 64; + + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(0, wc_SrpSetParams(&srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz)); + AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL, + clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + NULL, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + clientPubKey, 0, + serverPubKey, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + NULL, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + serverPubKey, 0)); + + /* success */ + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key))); + AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key))); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + #endif void SrpTest(void) @@ -284,6 +354,7 @@ void SrpTest(void) test_SrpSetUsername(); test_SrpSetParams(); test_SrpSetPassword(); - test_SrpGenPublic(); + test_SrpGetPublic(); + test_SrpComputeKey(); #endif } diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 03345ac21..a41c43109 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -169,18 +169,10 @@ int wc_SrpInit(Srp* srp, byte type, byte side) if ((r = SrpHashInit(&srp->server_proof, type)) != 0) return r; - if ((r = mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0)) != 0) + if ((r = mp_init_multi(&srp->N, &srp->g, &srp->auth, + &srp->priv, &srp->u, 0)) != 0) return r; - if ((r = mp_init_multi(&srp->auth, &srp->peer, &srp->priv, &srp->pub, - 0, 0)) != 0) { - /* undo previous initializations on error */ - mp_clear(&srp->N); mp_clear(&srp->g); - mp_clear(&srp->s); mp_clear(&srp->u); - - return r; - } - srp->side = side; srp->type = type; srp->salt = NULL; srp->saltSz = 0; srp->user = NULL; srp->userSz = 0; @@ -192,9 +184,8 @@ void wc_SrpTerm(Srp* srp) { if (srp) { mp_clear(&srp->N); mp_clear(&srp->g); - mp_clear(&srp->s); mp_clear(&srp->u); - mp_clear(&srp->auth); mp_clear(&srp->peer); - mp_clear(&srp->priv); mp_clear(&srp->pub); + mp_clear(&srp->auth); mp_clear(&srp->priv); + mp_clear(&srp->u); XMEMSET(srp->salt, 0, srp->saltSz); XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); @@ -367,6 +358,9 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) if (!srp || !private || !size) return BAD_FUNC_ARG; + if (mp_iszero(&srp->auth)) + return SRP_CALL_ORDER_E; + return mp_read_unsigned_bin(&srp->priv, private, size); } @@ -382,38 +376,32 @@ static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) return r; } -int wc_SrpGenPublic(Srp* srp, byte* public, word32* size) +int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) { - byte* buf; - word32 len; - int r = 0; + mp_int pubkey; + word32 modulusSz; + int r = mp_init(&pubkey); - if (!srp || (!public && size) || (public && !size)) + if (r != 0) + return r; + + if (!srp || !public || !size) return BAD_FUNC_ARG; - if (mp_iszero(&srp->N)) + if (mp_iszero(&srp->auth)) return SRP_CALL_ORDER_E; - if (srp->side == SRP_SERVER_SIDE && mp_iszero(&srp->auth)) - return SRP_CALL_ORDER_E; - - len = mp_unsigned_bin_size(&srp->N); - if (size && *size < len) + modulusSz = mp_unsigned_bin_size(&srp->N); + if (*size < modulusSz) return BUFFER_E; - buf = public ? public : (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_SRP); - if (!buf) - return MEMORY_E; - /* priv = random() */ if (mp_iszero(&srp->priv)) - r = wc_SrpGenPrivate(srp, buf, len); + r = wc_SrpGenPrivate(srp, public, modulusSz); /* client side: A = g ^ a % N */ if (srp->side == SRP_CLIENT_SIDE) { - - if (!r) r = mp_exptmod(&srp->g, &srp->priv, - &srp->N, &srp->pub); + if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey); /* server side: B = (k * v + (g ^ b % N)) % N */ } else { @@ -421,142 +409,159 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size) if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) { if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type)); - if (!r) r = mp_exptmod(&srp->g, &srp->priv, - &srp->N, &srp->pub); + if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey); if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j); - if (!r) r = mp_add(&j, &srp->pub, &i); - if (!r) r = mp_mod(&i, &srp->N, &srp->pub); + if (!r) r = mp_add(&j, &pubkey, &i); + if (!r) r = mp_mod(&i, &srp->N, &pubkey); mp_clear(&i); mp_clear(&j); } } /* extract public key to buffer */ - XMEMSET(buf, 0, len); - if (!r) r = mp_to_unsigned_bin(&srp->pub, buf); - if (!r) len = mp_unsigned_bin_size(&srp->pub); - - /* update proofs */ - if (srp->side == SRP_CLIENT_SIDE) { - /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */ - if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len); - - /* Server proof = H(A) */ - if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len); - } - - if (public) - *size = len; - else - XFREE(buf, NULL, DYNAMIC_TYPE_SRP); + XMEMSET(public, 0, modulusSz); + if (!r) r = mp_to_unsigned_bin(&pubkey, public); + if (!r) *size = mp_unsigned_bin_size(&pubkey); + mp_clear(&pubkey); return r; } -static int wc_SrpSetU(Srp* srp, byte* peersKey, word32 peersKeySz) +static int wc_SrpSetU(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz) { SrpHash hash; byte digest[SRP_MAX_DIGEST_SIZE]; - byte* public = NULL; - word32 publicSz = 0; word32 modulusSz = mp_unsigned_bin_size(&srp->N); byte pad = 0; word32 i; int r = SrpHashInit(&hash, srp->type); - if (!r && srp->side == SRP_CLIENT_SIDE) { - publicSz = mp_unsigned_bin_size(&srp->pub); - public = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP); + /* H(A) */ + for (i = 0; !r && i < modulusSz - clientPubKeySz; i++) + r = SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz); - if (public == NULL) - r = MEMORY_E; + /* H(A | B) */ + for (i = 0; !r && i < modulusSz - serverPubKeySz; i++) + r = SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz); - /* H(A) */ - if (!r) r = mp_to_unsigned_bin(&srp->pub, public); - for (i = 0; i < modulusSz - publicSz; i++) - SrpHashUpdate(&hash, &pad, 1); - if (!r) r = SrpHashUpdate(&hash, public, publicSz); + /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */ + if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz); + if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz); - /* H(A | B) */ - if (!r) r = mp_read_unsigned_bin(&srp->peer, - peersKey, peersKeySz); - for (i = 0; i < modulusSz - peersKeySz; i++) - SrpHashUpdate(&hash, &pad, 1); - if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz); - - /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */ - if (!r) r = SrpHashUpdate(&srp->client_proof, peersKey, peersKeySz); - - } else if (!r && srp->side == SRP_SERVER_SIDE) { - publicSz = mp_unsigned_bin_size(&srp->pub); - public = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP); - - if (public == NULL) - r = MEMORY_E; - - /* H(A) */ - if (!r) r = mp_read_unsigned_bin(&srp->peer, - peersKey, peersKeySz); - for (i = 0; i < modulusSz - peersKeySz; i++) - SrpHashUpdate(&hash, &pad, 1); - if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz); - - /* H(A | B) */ - if (!r) r = mp_to_unsigned_bin(&srp->pub, public); - for (i = 0; i < modulusSz - publicSz; i++) - SrpHashUpdate(&hash, &pad, 1); - if (!r) r = SrpHashUpdate(&hash, public, publicSz); - } + /* server proof = H(A) */ + if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz); + /* set u */ if (!r) r = SrpHashFinal(&hash, digest); if (!r) r = mp_read_unsigned_bin(&srp->u, digest, SrpHashSize(srp->type)); - XFREE(public, NULL, DYNAMIC_TYPE_SRP); - return r; } -WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz) +static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) { - mp_int i, j; + SrpHash hash; + byte digest[SRP_MAX_DIGEST_SIZE]; + word32 digestSz = SrpHashSize(srp->type); + int r; + word32 i = 0; + word32 pos = 0; + byte cnt[4]; + + for (i = 0; pos < digestSz * 2; i++) { + cnt[0] = (i >> 24) & 0xFF; + cnt[1] = (i >> 16) & 0xFF; + cnt[2] = (i >> 8) & 0xFF; + cnt[3] = i & 0xFF; + + r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, secret, size); + if (!r) r = SrpHashUpdate(&hash, cnt, 4); + + if(pos + digestSz > digestSz * 2) { + if (!r) r = SrpHashFinal(&hash, digest); + XMEMCPY(srp->key + pos, digest, digestSz * 2 - pos); + pos = digestSz * 2; + } + else { + if (!r) r = SrpHashFinal(&hash, srp->key + pos); + pos += digestSz; + } + } + + XMEMSET(digest, 0, sizeof(digest)); + XMEMSET(&hash, 0, sizeof(SrpHash)); + + return r; +} + +WOLFSSL_API int wc_SrpComputeKey(Srp* srp, + byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz) +{ + byte* secret; + word32 secretSz; + mp_int i, j, s; int r; - if (!srp || !peersKey || peersKeySz == 0) + if (!srp || !clientPubKey || clientPubKeySz == 0 + || !serverPubKey || serverPubKeySz == 0) return BAD_FUNC_ARG; - if ((r = mp_init_multi(&i, &j, 0, 0, 0, 0)) != MP_OKAY) + if (mp_iszero(&srp->priv)) + return SRP_CALL_ORDER_E; + + if ((r = mp_init_multi(&i, &j, &s, 0, 0, 0)) != MP_OKAY) return r; - r = wc_SrpSetU(srp, peersKey, peersKeySz); + secretSz = mp_unsigned_bin_size(&srp->N); + secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP); + if (secret == NULL) { + mp_clear(&i); mp_clear(&j); mp_clear(&s); + return MEMORY_E; + } + + r = wc_SrpSetU(srp, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); if (!r && srp->side == SRP_CLIENT_SIDE) { - r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type)); - /* i = B - k * v */ + r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type)); if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j); - if (!r) r = mp_mulmod(&i, &j, &srp->N, &srp->s); - if (!r) r = mp_sub(&srp->peer, &srp->s, &i); + if (!r) r = mp_mulmod(&i, &j, &srp->N, &s); + if (!r) r = mp_read_unsigned_bin(&j, serverPubKey, serverPubKeySz); + if (!r) r = mp_sub(&j, &s, &i); /* j = a + u * x */ - if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &srp->s); - if (!r) r = mp_add(&srp->priv, &srp->s, &j); + if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &s); + if (!r) r = mp_add(&srp->priv, &s, &j); - /* s = i ^ j % N */ - if (!r) r = mp_exptmod(&i, &j, &srp->N, &srp->s); + /* secret = i ^ j % N */ + if (!r) r = mp_exptmod(&i, &j, &srp->N, &s); } else if (!r && srp->side == SRP_SERVER_SIDE) { /* i = v ^ u % N */ - if (!r) r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i); + r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i); /* j = A * i % N */ - if (!r) r = mp_mulmod(&srp->peer, &i, &srp->N, &j); + if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz); + if (!r) r = mp_mulmod(&s, &i, &srp->N, &j); - /* s = j * b % N */ - if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &srp->s); + /* secret = j * b % N */ + if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &s); } - mp_clear(&i); - mp_clear(&j); + if (!r) r = mp_to_unsigned_bin(&s, secret); + if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s)); + + /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */ + if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, sizeof(srp->key)); + + XFREE(secret, NULL, DYNAMIC_TYPE_SRP); + mp_clear(&i); mp_clear(&j); mp_clear(&s); return r; } diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 7b19a4025..9b76de8b4 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -83,23 +83,21 @@ typedef struct { } SrpHash; typedef struct { - byte side; /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */ - byte type; /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */ - byte* user; /**< Username, login. */ - word32 userSz; /**< Username length. */ - byte* salt; /**< Small salt. */ - word32 saltSz; /**< Salt length. */ - mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ - mp_int g; /**< Generator. A generator modulo N. */ - byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ - mp_int auth; /**< Priv key. H(salt, H(user, ":", pswd)) */ - mp_int priv; /**< Private ephemeral value. */ - mp_int pub; /**< Public ephemeral value. */ - mp_int peer; /**< Peer's public ephemeral value. */ - mp_int u; /**< Random scrambling parameeter. */ - SrpHash client_proof; /**< Client proof. Sent to Server. */ - SrpHash server_proof; /**< Server proof. Sent to Client. */ - mp_int s; /**< Session key. */ + byte side; /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */ + byte type; /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ + byte* salt; /**< Small salt. */ + word32 saltSz; /**< Salt length. */ + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ + mp_int g; /**< Generator. A generator modulo N. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ + mp_int auth; /**< client: x = H(salt, H(user, ":", pswd)) */ + mp_int priv; /**< Private ephemeral value. */ + mp_int u; /**< Random scrambling parameeter. */ + SrpHash client_proof; /**< Client proof. Sent to Server. */ + SrpHash server_proof; /**< Server proof. Sent to Client. */ + byte key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key. */ } Srp; WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side); @@ -120,9 +118,10 @@ WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size); WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size); -WOLFSSL_API int wc_SrpGenPublic(Srp* srp, byte* public, word32* size); +WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size); -WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz); +WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz); #ifdef __cplusplus } /* extern "C" */ From 53224281d2091f2555a4eadbfba545f7ec26e536 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Thu, 30 Jul 2015 16:27:12 -0300 Subject: [PATCH 042/102] adds proof getter and verifier for both sides. --- tests/srp.c | 82 +++++++++++++++++++++++++++++++++ wolfcrypt/src/srp.c | 66 ++++++++++++++++++++++++-- wolfssl/wolfcrypt/error-crypt.h | 1 + wolfssl/wolfcrypt/srp.h | 4 ++ 4 files changed, 148 insertions(+), 5 deletions(-) diff --git a/tests/srp.c b/tests/srp.c index 02e97d0f4..0e3af9c4a 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -99,6 +99,16 @@ static byte key[] = { 0x13, 0x6C, 0x88, 0x55 }; +static byte client_proof[] = { + 0x0D, 0x49, 0xE1, 0x9C, 0x3A, 0x88, 0x43, 0x15, 0x45, 0xA8, 0xAC, 0xAB, + 0xEA, 0x15, 0x1A, 0xEE, 0xF9, 0x38, 0x4D, 0x21 +}; + +static byte server_proof[] = { + 0xBD, 0xB1, 0x20, 0x70, 0x46, 0xC9, 0xD6, 0xCC, 0xE2, 0x1D, 0x75, 0xA2, + 0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75 +}; + static void test_SrpInit(void) { Srp srp; @@ -345,6 +355,77 @@ static void test_SrpComputeKey(void) wc_SrpTerm(&srv); } +static void test_SrpGetProofAndVerify(void) +{ + Srp cli, srv; + byte clientPubKey[64]; + byte serverPubKey[64]; + word32 clientPubKeySz = 64; + word32 serverPubKeySz = 64; + byte clientProof[SRP_MAX_DIGEST_SIZE]; + byte serverProof[SRP_MAX_DIGEST_SIZE]; + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(0, wc_SrpSetParams(&srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz)); + + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key))); + + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key))); + + /* invalid params */ + serverProofSz = 0; + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL, &clientProofSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL)); + AssertIntEQ(BUFFER_E, wc_SrpGetProof(&srv, serverProof,&serverProofSz)); + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz)); + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpVerifyPeersProof(&cli, NULL, clientProofSz)); + AssertIntEQ(BUFFER_E, + wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz)); + serverProofSz = SRP_MAX_DIGEST_SIZE; + + /* success */ + AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz)); + AssertIntEQ(0, XMEMCMP(clientProof, client_proof, sizeof(client_proof))); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz)); + AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz)); + AssertIntEQ(0, XMEMCMP(serverProof, server_proof, sizeof(server_proof))); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz)); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + #endif void SrpTest(void) @@ -356,5 +437,6 @@ void SrpTest(void) test_SrpSetPassword(); test_SrpGetPublic(); test_SrpComputeKey(); + test_SrpGetProofAndVerify(); #endif } diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index a41c43109..95881b9c9 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -163,6 +163,8 @@ int wc_SrpInit(Srp* srp, byte type, byte side) /* initializing variables */ + XMEMSET(srp, 0, sizeof(Srp)); + if ((r = SrpHashInit(&srp->client_proof, type)) != 0) return r; @@ -498,11 +500,11 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) return r; } -WOLFSSL_API int wc_SrpComputeKey(Srp* srp, - byte* clientPubKey, word32 clientPubKeySz, - byte* serverPubKey, word32 serverPubKeySz) +int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz) { byte* secret; + word32 digestSz; word32 secretSz; mp_int i, j, s; int r; @@ -524,12 +526,14 @@ WOLFSSL_API int wc_SrpComputeKey(Srp* srp, return MEMORY_E; } + digestSz = SrpHashSize(srp->type); + r = wc_SrpSetU(srp, clientPubKey, clientPubKeySz, serverPubKey, serverPubKeySz); if (!r && srp->side == SRP_CLIENT_SIDE) { /* i = B - k * v */ - r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type)); + r = mp_read_unsigned_bin(&i, srp->k, digestSz); if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j); if (!r) r = mp_mulmod(&i, &j, &srp->N, &s); if (!r) r = mp_read_unsigned_bin(&j, serverPubKey, serverPubKeySz); @@ -558,7 +562,7 @@ WOLFSSL_API int wc_SrpComputeKey(Srp* srp, if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s)); /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */ - if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, sizeof(srp->key)); + if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, digestSz * 2); XFREE(secret, NULL, DYNAMIC_TYPE_SRP); mp_clear(&i); mp_clear(&j); mp_clear(&s); @@ -566,4 +570,56 @@ WOLFSSL_API int wc_SrpComputeKey(Srp* srp, return r; } +int wc_SrpGetProof(Srp* srp, byte* proof, word32* size) +{ + int r; + + if (!srp || !proof || !size) + return BAD_FUNC_ARG; + + if (*size < SrpHashSize(srp->type)) + return BUFFER_E; + + if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE + ? &srp->client_proof + : &srp->server_proof, proof)) != 0) + return r; + + *size = SrpHashSize(srp->type); + + if (srp->side == SRP_CLIENT_SIDE) { + /* server proof = H( A | client proof | K) */ + if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, (*size) * 2); + } + + return r; +} + +int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size) +{ + byte digest[SRP_MAX_DIGEST_SIZE]; + int r; + + if (!srp || !proof) + return BAD_FUNC_ARG; + + if (size != SrpHashSize(srp->type)) + return BUFFER_E; + + r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof + : &srp->client_proof, digest); + + if (srp->side == SRP_SERVER_SIDE) { + /* server proof = H( A | client proof | K) */ + if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, size * 2); + } + + if (!r && XMEMCMP(proof, digest, size) != 0) + r = SRP_VERIFY_E; + + return r; +} + #endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 31847de9c..84714e462 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -152,6 +152,7 @@ enum { ECC_PRIV_KEY_E = -216, /* ECC private key not valid error */ SRP_CALL_ORDER_E = -217, /* SRP function called in the wrong order. */ + SRP_VERIFY_E = -218, /* SRP proof verification failed. */ MIN_CODE_E = -300 /* errors -101 - -299 */ }; diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 9b76de8b4..56cf41329 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -123,6 +123,10 @@ WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size); WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, byte* serverPubKey, word32 serverPubKeySz); +WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size); + +WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size); + #ifdef __cplusplus } /* extern "C" */ #endif From 1d99bd333903c3bfd28dc2f633cf282ca7191d3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 3 Aug 2015 12:30:56 -0300 Subject: [PATCH 043/102] removes u from srp struct. --- wolfcrypt/src/srp.c | 179 +++++++++++++++++++++------------------- wolfssl/wolfcrypt/srp.h | 3 +- 2 files changed, 97 insertions(+), 85 deletions(-) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 95881b9c9..96dda59a3 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -172,7 +172,7 @@ int wc_SrpInit(Srp* srp, byte type, byte side) return r; if ((r = mp_init_multi(&srp->N, &srp->g, &srp->auth, - &srp->priv, &srp->u, 0)) != 0) + &srp->priv, 0, 0)) != 0) return r; srp->side = side; srp->type = type; @@ -187,7 +187,6 @@ void wc_SrpTerm(Srp* srp) if (srp) { mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->auth); mp_clear(&srp->priv); - mp_clear(&srp->u); XMEMSET(srp->salt, 0, srp->saltSz); XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); @@ -429,68 +428,32 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) return r; } -static int wc_SrpSetU(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, - byte* serverPubKey, word32 serverPubKeySz) -{ - SrpHash hash; - byte digest[SRP_MAX_DIGEST_SIZE]; - word32 modulusSz = mp_unsigned_bin_size(&srp->N); - byte pad = 0; - word32 i; - int r = SrpHashInit(&hash, srp->type); - - /* H(A) */ - for (i = 0; !r && i < modulusSz - clientPubKeySz; i++) - r = SrpHashUpdate(&hash, &pad, 1); - if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz); - - /* H(A | B) */ - for (i = 0; !r && i < modulusSz - serverPubKeySz; i++) - r = SrpHashUpdate(&hash, &pad, 1); - if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz); - - /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */ - if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz); - if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz); - - /* server proof = H(A) */ - if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz); - - /* set u */ - if (!r) r = SrpHashFinal(&hash, digest); - if (!r) r = mp_read_unsigned_bin(&srp->u, digest, SrpHashSize(srp->type)); - - return r; -} - static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) { SrpHash hash; byte digest[SRP_MAX_DIGEST_SIZE]; - word32 digestSz = SrpHashSize(srp->type); + word32 i, j, digestSz = SrpHashSize(srp->type); + byte counter[4]; int r; - word32 i = 0; - word32 pos = 0; - byte cnt[4]; - for (i = 0; pos < digestSz * 2; i++) { - cnt[0] = (i >> 24) & 0xFF; - cnt[1] = (i >> 16) & 0xFF; - cnt[2] = (i >> 8) & 0xFF; - cnt[3] = i & 0xFF; + for (i = j = 0; j < 2 * digestSz; i++) { + counter[0] = (i >> 24) & 0xFF; + counter[1] = (i >> 16) & 0xFF; + counter[2] = (i >> 8) & 0xFF; + counter[3] = i & 0xFF; r = SrpHashInit(&hash, srp->type); if (!r) r = SrpHashUpdate(&hash, secret, size); - if (!r) r = SrpHashUpdate(&hash, cnt, 4); + if (!r) r = SrpHashUpdate(&hash, counter, 4); - if(pos + digestSz > digestSz * 2) { + if(j + digestSz > 2 * digestSz) { if (!r) r = SrpHashFinal(&hash, digest); - XMEMCPY(srp->key + pos, digest, digestSz * 2 - pos); - pos = digestSz * 2; + XMEMCPY(srp->key + j, digest, 2 * digestSz - j); + j = 2 * digestSz; } else { - if (!r) r = SrpHashFinal(&hash, srp->key + pos); - pos += digestSz; + if (!r) r = SrpHashFinal(&hash, srp->key + j); + j += digestSz; } } @@ -503,12 +466,16 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, byte* serverPubKey, word32 serverPubKeySz) { - byte* secret; - word32 digestSz; - word32 secretSz; - mp_int i, j, s; + SrpHash hash; + byte *secret; + byte digest[SRP_MAX_DIGEST_SIZE]; + word32 i, secretSz, digestSz; + mp_int u, s, temp1, temp2; + byte pad = 0; int r; + /* validating params */ + if (!srp || !clientPubKey || clientPubKeySz == 0 || !serverPubKey || serverPubKeySz == 0) return BAD_FUNC_ARG; @@ -516,56 +483,84 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, if (mp_iszero(&srp->priv)) return SRP_CALL_ORDER_E; - if ((r = mp_init_multi(&i, &j, &s, 0, 0, 0)) != MP_OKAY) + /* initializing variables */ + + if ((r = SrpHashInit(&hash, srp->type)) != 0) return r; + digestSz = SrpHashSize(srp->type); secretSz = mp_unsigned_bin_size(&srp->N); - secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP); - if (secret == NULL) { - mp_clear(&i); mp_clear(&j); mp_clear(&s); + + if ((secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP)) == NULL) return MEMORY_E; + + if ((r = mp_init_multi(&u, &s, &temp1, &temp2, 0, 0)) != MP_OKAY) { + XFREE(secret, NULL, DYNAMIC_TYPE_SRP); + return r; } - digestSz = SrpHashSize(srp->type); + /* building u (random scrambling parameeter) */ - r = wc_SrpSetU(srp, clientPubKey, clientPubKeySz, - serverPubKey, serverPubKeySz); + /* H(A) */ + for (i = 0; !r && i < secretSz - clientPubKeySz; i++) + r = SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz); + + /* H(A | B) */ + for (i = 0; !r && i < secretSz - serverPubKeySz; i++) + r = SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz); + + /* set u */ + if (!r) r = SrpHashFinal(&hash, digest); + if (!r) r = mp_read_unsigned_bin(&u, digest, SrpHashSize(srp->type)); + + /* building s (secret) */ if (!r && srp->side == SRP_CLIENT_SIDE) { - /* i = B - k * v */ - r = mp_read_unsigned_bin(&i, srp->k, digestSz); - if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j); - if (!r) r = mp_mulmod(&i, &j, &srp->N, &s); - if (!r) r = mp_read_unsigned_bin(&j, serverPubKey, serverPubKeySz); - if (!r) r = mp_sub(&j, &s, &i); + /* temp1 = B - k * v */ + r = mp_read_unsigned_bin(&temp1, srp->k, digestSz); + if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &temp2); + if (!r) r = mp_mulmod(&temp1, &temp2, &srp->N, &s); + if (!r) r = mp_read_unsigned_bin(&temp2, serverPubKey, serverPubKeySz); + if (!r) r = mp_sub(&temp2, &s, &temp1); - /* j = a + u * x */ - if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &s); - if (!r) r = mp_add(&srp->priv, &s, &j); + /* temp2 = a + u * x */ + if (!r) r = mp_mulmod(&u, &srp->auth, &srp->N, &s); + if (!r) r = mp_add(&srp->priv, &s, &temp2); - /* secret = i ^ j % N */ - if (!r) r = mp_exptmod(&i, &j, &srp->N, &s); + /* secret = temp1 ^ temp2 % N */ + if (!r) r = mp_exptmod(&temp1, &temp2, &srp->N, &s); } else if (!r && srp->side == SRP_SERVER_SIDE) { - /* i = v ^ u % N */ - r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i); + /* temp1 = v ^ u % N */ + r = mp_exptmod(&srp->auth, &u, &srp->N, &temp1); - /* j = A * i % N */ + /* temp2 = A * temp1 % N */ if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz); - if (!r) r = mp_mulmod(&s, &i, &srp->N, &j); + if (!r) r = mp_mulmod(&s, &temp1, &srp->N, &temp2); - /* secret = j * b % N */ - if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &s); + /* secret = temp2 * b % N */ + if (!r) r = mp_exptmod(&temp2, &srp->priv, &srp->N, &s); } + /* building session key from secret */ + if (!r) r = mp_to_unsigned_bin(&s, secret); if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s)); - /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */ - if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, digestSz * 2); + /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */ + + if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz); + if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz); + if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, 2 * digestSz); + + /* updating server proof = H(A) */ + + if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz); XFREE(secret, NULL, DYNAMIC_TYPE_SRP); - mp_clear(&i); mp_clear(&j); mp_clear(&s); + mp_clear(&u); mp_clear(&s); mp_clear(&temp1); mp_clear(&temp2); return r; } @@ -590,7 +585,7 @@ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size) if (srp->side == SRP_CLIENT_SIDE) { /* server proof = H( A | client proof | K) */ if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size); - if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, (*size) * 2); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * (*size)); } return r; @@ -613,7 +608,7 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size) if (srp->side == SRP_SERVER_SIDE) { /* server proof = H( A | client proof | K) */ if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size); - if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, size * 2); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * size); } if (!r && XMEMCMP(proof, digest, size) != 0) @@ -622,4 +617,20 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size) return r; } +int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size) +{ + word32 sz; + + if (!srp || !key || !size) + return BAD_FUNC_ARG; + + if (*size < (sz = SrpHashSize(srp->type))) + return BUFFER_E; + + XMEMCPY(key, srp->key, sz); + *size = sz; + + return 0; +} + #endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 56cf41329..7dd4808e2 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -94,7 +94,6 @@ typedef struct { byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ mp_int auth; /**< client: x = H(salt, H(user, ":", pswd)) */ mp_int priv; /**< Private ephemeral value. */ - mp_int u; /**< Random scrambling parameeter. */ SrpHash client_proof; /**< Client proof. Sent to Server. */ SrpHash server_proof; /**< Server proof. Sent to Client. */ byte key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key. */ @@ -127,6 +126,8 @@ WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size); WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size); +WOLFSSL_API int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size); + #ifdef __cplusplus } /* extern "C" */ #endif From f31c32bea24e011e9d01559d6dce494e11f0e2f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 3 Aug 2015 17:47:19 -0300 Subject: [PATCH 044/102] adds docs using doxygen style. --- wolfcrypt/src/srp.c | 12 +- wolfssl/wolfcrypt/srp.h | 252 ++++++++++++++++++++++++++++++++++------ 2 files changed, 221 insertions(+), 43 deletions(-) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 96dda59a3..be3a39c3b 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -31,7 +31,7 @@ #include #include -static int SrpHashInit(SrpHash* hash, int type) +static int SrpHashInit(SrpHash* hash, SrpType type) { hash->type = type; @@ -117,7 +117,7 @@ static int SrpHashFinal(SrpHash* hash, byte* digest) } } -static word32 SrpHashSize(byte type) +static word32 SrpHashSize(SrpType type) { switch (type) { #ifndef NO_SHA @@ -145,7 +145,7 @@ static word32 SrpHashSize(byte type) } } -int wc_SrpInit(Srp* srp, byte type, byte side) +int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) { int r; @@ -257,7 +257,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); if (!r) r = SrpHashFinal(&hash, srp->k); - /* Update client proof */ + /* update client proof */ /* digest1 = H(N) */ if (!r) r = SrpHashInit(&hash, srp->type); @@ -278,7 +278,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); if (!r) r = SrpHashFinal(&hash, digest2); - /* Client proof = H( H(N) ^ H(g) | H(user) | salt) */ + /* client proof = H( H(N) ^ H(g) | H(user) | salt) */ if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j); if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j); if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz); @@ -365,6 +365,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) return mp_read_unsigned_bin(&srp->priv, private, size); } +/** Generates random data using wolfcrypt RNG. */ static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) { RNG rng; @@ -428,6 +429,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) return r; } +/** Computes the session key using the interleaved hash. */ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) { SrpHash hash; diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 7dd4808e2..639468cf7 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -34,36 +34,48 @@ extern "C" { #endif -enum { - SRP_CLIENT_SIDE = 0, - SRP_SERVER_SIDE = 1, -#ifndef NO_SHA - SRP_TYPE_SHA = 1, -#endif -#ifndef NO_SHA256 - SRP_TYPE_SHA256 = 2, -#endif -#ifdef WOLFSSL_SHA384 - SRP_TYPE_SHA384 = 3, -#endif -#ifdef WOLFSSL_SHA512 - SRP_TYPE_SHA512 = 4, -#endif - /* Select the largest available hash for the buffer size. */ #if defined(WOLFSSL_SHA512) - SRP_MAX_DIGEST_SIZE = SHA512_DIGEST_SIZE, + #define SRP_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE #elif defined(WOLFSSL_SHA384) - SRP_MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE, + #define SRP_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE #elif !defined(NO_SHA256) - SRP_MAX_DIGEST_SIZE = SHA256_DIGEST_SIZE, + #define SRP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE #elif !defined(NO_SHA) - SRP_MAX_DIGEST_SIZE = SHA_DIGEST_SIZE, + #define SRP_MAX_DIGEST_SIZE SHA_DIGEST_SIZE #else #error "You have to have some kind of SHA hash if you want to use SRP." #endif -}; +/** + * SRP side, client or server. + */ +typedef enum { + SRP_CLIENT_SIDE = 0, + SRP_SERVER_SIDE = 1, +} SrpSide; + +/** + * SRP hash type, SHA[1|256|384|512]. + */ +typedef enum { + #ifndef NO_SHA + SRP_TYPE_SHA = 1, + #endif + #ifndef NO_SHA256 + SRP_TYPE_SHA256 = 2, + #endif + #ifdef WOLFSSL_SHA384 + SRP_TYPE_SHA384 = 3, + #endif + #ifdef WOLFSSL_SHA512 + SRP_TYPE_SHA512 = 4, + #endif +} SrpType; + +/** + * SRP hash struct. + */ typedef struct { byte type; union { @@ -83,49 +95,213 @@ typedef struct { } SrpHash; typedef struct { - byte side; /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */ - byte type; /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */ - byte* user; /**< Username, login. */ - word32 userSz; /**< Username length. */ - byte* salt; /**< Small salt. */ - word32 saltSz; /**< Salt length. */ - mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */ - mp_int g; /**< Generator. A generator modulo N. */ - byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ - mp_int auth; /**< client: x = H(salt, H(user, ":", pswd)) */ - mp_int priv; /**< Private ephemeral value. */ - SrpHash client_proof; /**< Client proof. Sent to Server. */ - SrpHash server_proof; /**< Server proof. Sent to Client. */ - byte key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key. */ + SrpSide side; /**< Client or Server, @see SrpSide.*/ + SrpType type; /**< Hash type, @see SrpType. */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ + byte* salt; /**< Small salt. */ + word32 saltSz; /**< Salt length. */ + mp_int N; /**< N = 2q+1, [q, N] are primes. */ + /**< a.k.a. modulus. */ + mp_int g; /**< Generator modulo N. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ + mp_int auth; /**< x = H(salt + H(user:pswd)) */ + /**< v = g ^ x % N */ + mp_int priv; /**< Private ephemeral value. */ + SrpHash client_proof; /**< Client proof. Sent to Server. */ + SrpHash server_proof; /**< Server proof. Sent to Client. */ + byte key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key. */ } Srp; -WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side); +/** + * Initializes the Srp struct for usage. + * + * @param[out] srp the Srp structure to be initialized. + * @param[in] type the hash type to be used. + * @param[in] side the side of the communication. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side); +/** + * Releases the Srp struct resources after usage. + * + * @param[in,out] srp the Srp structure to be terminated. + */ WOLFSSL_API void wc_SrpTerm(Srp* srp); +/** + * Sets the username. + * + * This function MUST be called after wc_SrpInit. + * + * @param[in,out] srp the Srp structure. + * @param[in] username the buffer containing the username. + * @param[in] size the username size in bytes + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size); + +/** + * Sets the srp parameeters based on the username. + * + * This function MUST be called after wc_SrpSetUsername. + * + * @param[in,out] srp the Srp structure. + * @param[in] N the Modulus. N = 2q+1, [q, N] are primes. + * @param[in] nSz the N size in bytes. + * @param[in] g the Generator modulo N. + * @param[in] gSz the g size in bytes + * @param[in] salt a small random salt. Specific for each username. + * @param[in] saltSz the salt size in bytes + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, const byte* g, word32 gSz, const byte* salt, word32 saltSz); +/** + * Sets the password. + * + * Setting the password does not persists the clear password data in the + * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores + * it in the auth field. + * + * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[in] password the buffer containing the password. + * @param[in] size the password size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size); +/** + * Sets the password. + * + * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[in] verifier the buffer containing the verifier. + * @param[in] size the verifier size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size); +/** + * Gets the verifier. + * + * The client calculates the verifier with v = g ^ x % N. + * This function MAY be called after wc_SrpSetPassword and is SERVER SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[out] verifier the buffer to write the verifier. + * @param[in,out] size the buffer size in bytes. Will be updated with the + * verifier size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size); +/** + * Sets the private ephemeral value. + * + * The private ephemeral value is known as: + * a at the client side. a = random() + * b at the server side. b = random() + * This function is handy for unit test cases or if the developer wants to use + * an external random source to set the ephemeral value. + * This function MAY be called before wc_SrpGetPublic. + * + * @param[in,out] srp the Srp structure. + * @param[in] private the ephemeral value. + * @param[in] size the private size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size); +/** + * Gets the public ephemeral value. + * + * The public ephemeral value is known as: + * A at the client side. A = g ^ a % N + * B at the server side. B = (k * v + (g ˆ b % N)) % N + * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier. + * + * @param[in,out] srp the Srp structure. + * @param[out] public the buffer to write the public ephemeral value. + * @param[in,out] size the the buffer size in bytes. Will be updated with + * the ephemeral value size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size); -WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, - byte* serverPubKey, word32 serverPubKeySz); +/** + * Computes the session key. + * + * This function is handy for unit test cases or if the developer wants to use + * an external random source to set the ephemeral value. + * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier. + * + * @param[in,out] srp the Srp structure. + * @param[out] public the buffer to write the public ephemeral value. + * @param[in,out] size the the buffer size in bytes. Will be updated with + the ephemeral value size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpComputeKey(Srp* srp, + byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz); + +/** + * Gets the proof. + * + * This function MUST be called after wc_SrpComputeKey. + * + * @param[in,out] srp the Srp structure. + * @param[out] proof the buffer to write the proof. + * @param[in,out] size the buffer size in bytes. Will be updated with the + * proof size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size); +/** + * Verifies the peers proof. + * + * This function MUST be called before wc_SrpGetSessionKey. + * + * @param[in,out] srp the Srp structure. + * @param[in] proof the peers proof. + * @param[in] size the proof size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size); +/** + * Gets the session key. + * + * This function MUST be called after wc_SrpVerifyPeersProof. + * + * @param[in,out] srp the Srp structure. + * @param[out] key the buffer to write the key. + * @param[in,out] size the buffer size in bytes. Will be updated with the + * key size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ WOLFSSL_API int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size); #ifdef __cplusplus From 12b84451531fcda54ae8eca9c8927609f4902df0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 4 Aug 2015 13:36:58 -0300 Subject: [PATCH 045/102] adds key generation function callback option. --- tests/srp.c | 254 ++++++++++++++++++++++++++++++++++++++++ wolfcrypt/src/srp.c | 82 +++++++++---- wolfssl/wolfcrypt/srp.h | 55 ++++----- 3 files changed, 335 insertions(+), 56 deletions(-) diff --git a/tests/srp.c b/tests/srp.c index 0e3af9c4a..691bbdabe 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -26,6 +26,7 @@ #include #include +#include #include #ifdef WOLFCRYPT_HAVE_SRP @@ -426,6 +427,258 @@ static void test_SrpGetProofAndVerify(void) wc_SrpTerm(&srv); } +static int sha512_key_gen(Srp* srp, byte* secret, word32 size) +{ + Sha512 hash; + int r; + + srp->key = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP); + if (srp->key == NULL) + return MEMORY_E; + + srp->keySz = SHA512_DIGEST_SIZE; + + r = wc_InitSha512(&hash); + if (!r) r = wc_Sha512Update(&hash, secret, size); + if (!r) r = wc_Sha512Final(&hash, srp->key); + + XMEMSET(&hash, 0, sizeof(Sha512)); + + return r; +} + +static void test_SrpKeyGenFunc_cb(void) +{ + Srp cli, srv; + byte clientPubKey[1024]; + byte serverPubKey[1024]; + word32 clientPubKeySz = 1024; + word32 serverPubKeySz = 1024; + byte clientProof[SRP_MAX_DIGEST_SIZE]; + byte serverProof[SRP_MAX_DIGEST_SIZE]; + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + byte username_[] = "alice"; + word32 usernameSz_ = 5; + + byte password_[] = "password123"; + word32 passwordSz_ = 11; + + byte N_[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + + byte g_[] = { + 0x05 + }; + + byte salt_[] = { + 0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E, 0xB5, 0xA7, 0x27, 0x67, + 0x3A, 0x24, 0x41, 0xEE + }; + + byte verifier_[] = { + 0x9B, 0x5E, 0x06, 0x17, 0x01, 0xEA, 0x7A, 0xEB, 0x39, 0xCF, 0x6E, 0x35, + 0x19, 0x65, 0x5A, 0x85, 0x3C, 0xF9, 0x4C, 0x75, 0xCA, 0xF2, 0x55, 0x5E, + 0xF1, 0xFA, 0xF7, 0x59, 0xBB, 0x79, 0xCB, 0x47, 0x70, 0x14, 0xE0, 0x4A, + 0x88, 0xD6, 0x8F, 0xFC, 0x05, 0x32, 0x38, 0x91, 0xD4, 0xC2, 0x05, 0xB8, + 0xDE, 0x81, 0xC2, 0xF2, 0x03, 0xD8, 0xFA, 0xD1, 0xB2, 0x4D, 0x2C, 0x10, + 0x97, 0x37, 0xF1, 0xBE, 0xBB, 0xD7, 0x1F, 0x91, 0x24, 0x47, 0xC4, 0xA0, + 0x3C, 0x26, 0xB9, 0xFA, 0xD8, 0xED, 0xB3, 0xE7, 0x80, 0x77, 0x8E, 0x30, + 0x25, 0x29, 0xED, 0x1E, 0xE1, 0x38, 0xCC, 0xFC, 0x36, 0xD4, 0xBA, 0x31, + 0x3C, 0xC4, 0x8B, 0x14, 0xEA, 0x8C, 0x22, 0xA0, 0x18, 0x6B, 0x22, 0x2E, + 0x65, 0x5F, 0x2D, 0xF5, 0x60, 0x3F, 0xD7, 0x5D, 0xF7, 0x6B, 0x3B, 0x08, + 0xFF, 0x89, 0x50, 0x06, 0x9A, 0xDD, 0x03, 0xA7, 0x54, 0xEE, 0x4A, 0xE8, + 0x85, 0x87, 0xCC, 0xE1, 0xBF, 0xDE, 0x36, 0x79, 0x4D, 0xBA, 0xE4, 0x59, + 0x2B, 0x7B, 0x90, 0x4F, 0x44, 0x2B, 0x04, 0x1C, 0xB1, 0x7A, 0xEB, 0xAD, + 0x1E, 0x3A, 0xEB, 0xE3, 0xCB, 0xE9, 0x9D, 0xE6, 0x5F, 0x4B, 0xB1, 0xFA, + 0x00, 0xB0, 0xE7, 0xAF, 0x06, 0x86, 0x3D, 0xB5, 0x3B, 0x02, 0x25, 0x4E, + 0xC6, 0x6E, 0x78, 0x1E, 0x3B, 0x62, 0xA8, 0x21, 0x2C, 0x86, 0xBE, 0xB0, + 0xD5, 0x0B, 0x5B, 0xA6, 0xD0, 0xB4, 0x78, 0xD8, 0xC4, 0xE9, 0xBB, 0xCE, + 0xC2, 0x17, 0x65, 0x32, 0x6F, 0xBD, 0x14, 0x05, 0x8D, 0x2B, 0xBD, 0xE2, + 0xC3, 0x30, 0x45, 0xF0, 0x38, 0x73, 0xE5, 0x39, 0x48, 0xD7, 0x8B, 0x79, + 0x4F, 0x07, 0x90, 0xE4, 0x8C, 0x36, 0xAE, 0xD6, 0xE8, 0x80, 0xF5, 0x57, + 0x42, 0x7B, 0x2F, 0xC0, 0x6D, 0xB5, 0xE1, 0xE2, 0xE1, 0xD7, 0xE6, 0x61, + 0xAC, 0x48, 0x2D, 0x18, 0xE5, 0x28, 0xD7, 0x29, 0x5E, 0xF7, 0x43, 0x72, + 0x95, 0xFF, 0x1A, 0x72, 0xD4, 0x02, 0x77, 0x17, 0x13, 0xF1, 0x68, 0x76, + 0xDD, 0x05, 0x0A, 0xE5, 0xB7, 0xAD, 0x53, 0xCC, 0xB9, 0x08, 0x55, 0xC9, + 0x39, 0x56, 0x64, 0x83, 0x58, 0xAD, 0xFD, 0x96, 0x64, 0x22, 0xF5, 0x24, + 0x98, 0x73, 0x2D, 0x68, 0xD1, 0xD7, 0xFB, 0xEF, 0x10, 0xD7, 0x80, 0x34, + 0xAB, 0x8D, 0xCB, 0x6F, 0x0F, 0xCF, 0x88, 0x5C, 0xC2, 0xB2, 0xEA, 0x2C, + 0x3E, 0x6A, 0xC8, 0x66, 0x09, 0xEA, 0x05, 0x8A, 0x9D, 0xA8, 0xCC, 0x63, + 0x53, 0x1D, 0xC9, 0x15, 0x41, 0x4D, 0xF5, 0x68, 0xB0, 0x94, 0x82, 0xDD, + 0xAC, 0x19, 0x54, 0xDE, 0xC7, 0xEB, 0x71, 0x4F, 0x6F, 0xF7, 0xD4, 0x4C, + 0xD5, 0xB8, 0x6F, 0x6B, 0xD1, 0x15, 0x81, 0x09, 0x30, 0x63, 0x7C, 0x01, + 0xD0, 0xF6, 0x01, 0x3B, 0xC9, 0x74, 0x0F, 0xA2, 0xC6, 0x33, 0xBA, 0x89 + }; + + byte a_[] = { + 0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD, 0x19, 0x89, 0x80, 0x6F, + 0x04, 0x07, 0x21, 0x0B, 0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56, + 0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93 + }; + + byte A_[] = { + 0xFA, 0xB6, 0xF5, 0xD2, 0x61, 0x5D, 0x1E, 0x32, 0x35, 0x12, 0xE7, 0x99, + 0x1C, 0xC3, 0x74, 0x43, 0xF4, 0x87, 0xDA, 0x60, 0x4C, 0xA8, 0xC9, 0x23, + 0x0F, 0xCB, 0x04, 0xE5, 0x41, 0xDC, 0xE6, 0x28, 0x0B, 0x27, 0xCA, 0x46, + 0x80, 0xB0, 0x37, 0x4F, 0x17, 0x9D, 0xC3, 0xBD, 0xC7, 0x55, 0x3F, 0xE6, + 0x24, 0x59, 0x79, 0x8C, 0x70, 0x1A, 0xD8, 0x64, 0xA9, 0x13, 0x90, 0xA2, + 0x8C, 0x93, 0xB6, 0x44, 0xAD, 0xBF, 0x9C, 0x00, 0x74, 0x5B, 0x94, 0x2B, + 0x79, 0xF9, 0x01, 0x2A, 0x21, 0xB9, 0xB7, 0x87, 0x82, 0x31, 0x9D, 0x83, + 0xA1, 0xF8, 0x36, 0x28, 0x66, 0xFB, 0xD6, 0xF4, 0x6B, 0xFC, 0x0D, 0xDB, + 0x2E, 0x1A, 0xB6, 0xE4, 0xB4, 0x5A, 0x99, 0x06, 0xB8, 0x2E, 0x37, 0xF0, + 0x5D, 0x6F, 0x97, 0xF6, 0xA3, 0xEB, 0x6E, 0x18, 0x20, 0x79, 0x75, 0x9C, + 0x4F, 0x68, 0x47, 0x83, 0x7B, 0x62, 0x32, 0x1A, 0xC1, 0xB4, 0xFA, 0x68, + 0x64, 0x1F, 0xCB, 0x4B, 0xB9, 0x8D, 0xD6, 0x97, 0xA0, 0xC7, 0x36, 0x41, + 0x38, 0x5F, 0x4B, 0xAB, 0x25, 0xB7, 0x93, 0x58, 0x4C, 0xC3, 0x9F, 0xC8, + 0xD4, 0x8D, 0x4B, 0xD8, 0x67, 0xA9, 0xA3, 0xC1, 0x0F, 0x8E, 0xA1, 0x21, + 0x70, 0x26, 0x8E, 0x34, 0xFE, 0x3B, 0xBE, 0x6F, 0xF8, 0x99, 0x98, 0xD6, + 0x0D, 0xA2, 0xF3, 0xE4, 0x28, 0x3C, 0xBE, 0xC1, 0x39, 0x3D, 0x52, 0xAF, + 0x72, 0x4A, 0x57, 0x23, 0x0C, 0x60, 0x4E, 0x9F, 0xBC, 0xE5, 0x83, 0xD7, + 0x61, 0x3E, 0x6B, 0xFF, 0xD6, 0x75, 0x96, 0xAD, 0x12, 0x1A, 0x87, 0x07, + 0xEE, 0xC4, 0x69, 0x44, 0x95, 0x70, 0x33, 0x68, 0x6A, 0x15, 0x5F, 0x64, + 0x4D, 0x5C, 0x58, 0x63, 0xB4, 0x8F, 0x61, 0xBD, 0xBF, 0x19, 0xA5, 0x3E, + 0xAB, 0x6D, 0xAD, 0x0A, 0x18, 0x6B, 0x8C, 0x15, 0x2E, 0x5F, 0x5D, 0x8C, + 0xAD, 0x4B, 0x0E, 0xF8, 0xAA, 0x4E, 0xA5, 0x00, 0x88, 0x34, 0xC3, 0xCD, + 0x34, 0x2E, 0x5E, 0x0F, 0x16, 0x7A, 0xD0, 0x45, 0x92, 0xCD, 0x8B, 0xD2, + 0x79, 0x63, 0x93, 0x98, 0xEF, 0x9E, 0x11, 0x4D, 0xFA, 0xAA, 0xB9, 0x19, + 0xE1, 0x4E, 0x85, 0x09, 0x89, 0x22, 0x4D, 0xDD, 0x98, 0x57, 0x6D, 0x79, + 0x38, 0x5D, 0x22, 0x10, 0x90, 0x2E, 0x9F, 0x9B, 0x1F, 0x2D, 0x86, 0xCF, + 0xA4, 0x7E, 0xE2, 0x44, 0x63, 0x54, 0x65, 0xF7, 0x10, 0x58, 0x42, 0x1A, + 0x01, 0x84, 0xBE, 0x51, 0xDD, 0x10, 0xCC, 0x9D, 0x07, 0x9E, 0x6F, 0x16, + 0x04, 0xE7, 0xAA, 0x9B, 0x7C, 0xF7, 0x88, 0x3C, 0x7D, 0x4C, 0xE1, 0x2B, + 0x06, 0xEB, 0xE1, 0x60, 0x81, 0xE2, 0x3F, 0x27, 0xA2, 0x31, 0xD1, 0x84, + 0x32, 0xD7, 0xD1, 0xBB, 0x55, 0xC2, 0x8A, 0xE2, 0x1F, 0xFC, 0xF0, 0x05, + 0xF5, 0x75, 0x28, 0xD1, 0x5A, 0x88, 0x88, 0x1B, 0xB3, 0xBB, 0xB7, 0xFE + }; + + byte b_[] = { + 0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50, 0x47, 0x1E, 0x81, 0xF0, + 0x0F, 0x69, 0x28, 0xE0, 0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4, + 0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20 + }; + + byte B_[] = { + 0x40, 0xF5, 0x70, 0x88, 0xA4, 0x82, 0xD4, 0xC7, 0x73, 0x33, 0x84, 0xFE, + 0x0D, 0x30, 0x1F, 0xDD, 0xCA, 0x90, 0x80, 0xAD, 0x7D, 0x4F, 0x6F, 0xDF, + 0x09, 0xA0, 0x10, 0x06, 0xC3, 0xCB, 0x6D, 0x56, 0x2E, 0x41, 0x63, 0x9A, + 0xE8, 0xFA, 0x21, 0xDE, 0x3B, 0x5D, 0xBA, 0x75, 0x85, 0xB2, 0x75, 0x58, + 0x9B, 0xDB, 0x27, 0x98, 0x63, 0xC5, 0x62, 0x80, 0x7B, 0x2B, 0x99, 0x08, + 0x3C, 0xD1, 0x42, 0x9C, 0xDB, 0xE8, 0x9E, 0x25, 0xBF, 0xBD, 0x7E, 0x3C, + 0xAD, 0x31, 0x73, 0xB2, 0xE3, 0xC5, 0xA0, 0xB1, 0x74, 0xDA, 0x6D, 0x53, + 0x91, 0xE6, 0xA0, 0x6E, 0x46, 0x5F, 0x03, 0x7A, 0x40, 0x06, 0x25, 0x48, + 0x39, 0xA5, 0x6B, 0xF7, 0x6D, 0xA8, 0x4B, 0x1C, 0x94, 0xE0, 0xAE, 0x20, + 0x85, 0x76, 0x15, 0x6F, 0xE5, 0xC1, 0x40, 0xA4, 0xBA, 0x4F, 0xFC, 0x9E, + 0x38, 0xC3, 0xB0, 0x7B, 0x88, 0x84, 0x5F, 0xC6, 0xF7, 0xDD, 0xDA, 0x93, + 0x38, 0x1F, 0xE0, 0xCA, 0x60, 0x84, 0xC4, 0xCD, 0x2D, 0x33, 0x6E, 0x54, + 0x51, 0xC4, 0x64, 0xCC, 0xB6, 0xEC, 0x65, 0xE7, 0xD1, 0x6E, 0x54, 0x8A, + 0x27, 0x3E, 0x82, 0x62, 0x84, 0xAF, 0x25, 0x59, 0xB6, 0x26, 0x42, 0x74, + 0x21, 0x59, 0x60, 0xFF, 0xF4, 0x7B, 0xDD, 0x63, 0xD3, 0xAF, 0xF0, 0x64, + 0xD6, 0x13, 0x7A, 0xF7, 0x69, 0x66, 0x1C, 0x9D, 0x4F, 0xEE, 0x47, 0x38, + 0x26, 0x03, 0xC8, 0x8E, 0xAA, 0x09, 0x80, 0x58, 0x1D, 0x07, 0x75, 0x84, + 0x61, 0xB7, 0x77, 0xE4, 0x35, 0x6D, 0xDA, 0x58, 0x35, 0x19, 0x8B, 0x51, + 0xFE, 0xEA, 0x30, 0x8D, 0x70, 0xF7, 0x54, 0x50, 0xB7, 0x16, 0x75, 0xC0, + 0x8C, 0x7D, 0x83, 0x02, 0xFD, 0x75, 0x39, 0xDD, 0x1F, 0xF2, 0xA1, 0x1C, + 0xB4, 0x25, 0x8A, 0xA7, 0x0D, 0x23, 0x44, 0x36, 0xAA, 0x42, 0xB6, 0xA0, + 0x61, 0x5F, 0x3F, 0x91, 0x5D, 0x55, 0xCC, 0x3B, 0x96, 0x6B, 0x27, 0x16, + 0xB3, 0x6E, 0x4D, 0x1A, 0x06, 0xCE, 0x5E, 0x5D, 0x2E, 0xA3, 0xBE, 0xE5, + 0xA1, 0x27, 0x0E, 0x87, 0x51, 0xDA, 0x45, 0xB6, 0x0B, 0x99, 0x7B, 0x0F, + 0xFD, 0xB0, 0xF9, 0x96, 0x2F, 0xEE, 0x4F, 0x03, 0xBE, 0xE7, 0x80, 0xBA, + 0x0A, 0x84, 0x5B, 0x1D, 0x92, 0x71, 0x42, 0x17, 0x83, 0xAE, 0x66, 0x01, + 0xA6, 0x1E, 0xA2, 0xE3, 0x42, 0xE4, 0xF2, 0xE8, 0xBC, 0x93, 0x5A, 0x40, + 0x9E, 0xAD, 0x19, 0xF2, 0x21, 0xBD, 0x1B, 0x74, 0xE2, 0x96, 0x4D, 0xD1, + 0x9F, 0xC8, 0x45, 0xF6, 0x0E, 0xFC, 0x09, 0x33, 0x8B, 0x60, 0xB6, 0xB2, + 0x56, 0xD8, 0xCA, 0xC8, 0x89, 0xCC, 0xA3, 0x06, 0xCC, 0x37, 0x0A, 0x0B, + 0x18, 0xC8, 0xB8, 0x86, 0xE9, 0x5D, 0xA0, 0xAF, 0x52, 0x35, 0xFE, 0xF4, + 0x39, 0x30, 0x20, 0xD2, 0xB7, 0xF3, 0x05, 0x69, 0x04, 0x75, 0x90, 0x42 + }; + + byte key_[] = { + 0x5C, 0xBC, 0x21, 0x9D, 0xB0, 0x52, 0x13, 0x8E, 0xE1, 0x14, 0x8C, 0x71, + 0xCD, 0x44, 0x98, 0x96, 0x3D, 0x68, 0x25, 0x49, 0xCE, 0x91, 0xCA, 0x24, + 0xF0, 0x98, 0x46, 0x8F, 0x06, 0x01, 0x5B, 0xEB, 0x6A, 0xF2, 0x45, 0xC2, + 0x09, 0x3F, 0x98, 0xC3, 0x65, 0x1B, 0xCA, 0x83, 0xAB, 0x8C, 0xAB, 0x2B, + 0x58, 0x0B, 0xBF, 0x02, 0x18, 0x4F, 0xEF, 0xDF, 0x26, 0x14, 0x2F, 0x73, + 0xDF, 0x95, 0xAC, 0x50 + }; + + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE)); + + AssertIntEQ(0, wc_SrpSetUsername(&cli, username_, usernameSz_)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username_, usernameSz_)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, N_, sizeof(N_), + g_, sizeof(g_), + salt_, sizeof(salt_))); + AssertIntEQ(0, wc_SrpSetParams(&srv, N_, sizeof(N_), + g_, sizeof(g_), + salt_, sizeof(salt_))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password_, passwordSz_)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier_, sizeof(verifier_))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, a_, sizeof(a_))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, A_, clientPubKeySz)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srv, b_, sizeof(b_))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, B_, serverPubKeySz)); + + cli.keyGenFunc_cb = sha512_key_gen; + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, key_, sizeof(key_))); + + srv.keyGenFunc_cb = sha512_key_gen; + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(srv.key, key_, sizeof(key_))); + + AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz)); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz)); + + AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz)); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz)); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + #endif void SrpTest(void) @@ -438,5 +691,6 @@ void SrpTest(void) test_SrpGetPublic(); test_SrpComputeKey(); test_SrpGetProofAndVerify(); + test_SrpKeyGenFunc_cb(); #endif } diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index be3a39c3b..66e7e7fda 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -31,6 +31,42 @@ #include #include +/** Computes the session key using the Mask Generation Function 1. */ +static int wc_SrpSetK(Srp* srp, byte* secret, word32 size); + +#include +static inline void LogHex(byte* data, word32 length) +{ + #define LINE_LEN 16 + + word32 i; + + printf("\t"); + + if (!data) { + printf("NULL\n"); + return; + } + + for (i = 0; i < LINE_LEN; i++) { + if (i < length) + printf("%02x ", data[i]); + else + printf(" "); + } + + printf("| "); + + for (i = 0; i < LINE_LEN; i++) + if (i < length) + printf("%c", 31 < data[i] && data[i] < 127 ? data[i] : '.'); + + printf("\n"); + + if (length > LINE_LEN) + LogHex(data + LINE_LEN, length - LINE_LEN); +} + static int SrpHashInit(SrpHash* hash, SrpType type) { hash->type = type; @@ -178,6 +214,9 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) srp->side = side; srp->type = type; srp->salt = NULL; srp->saltSz = 0; srp->user = NULL; srp->userSz = 0; + srp->key = NULL; srp->keySz = 0; + + srp->keyGenFunc_cb = wc_SrpSetK; return 0; } @@ -192,6 +231,8 @@ void wc_SrpTerm(Srp* srp) XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); XMEMSET(srp->user, 0, srp->userSz); XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP); + XMEMSET(srp->key, 0, srp->keySz); + XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP); XMEMSET(srp, 0, sizeof(Srp)); } @@ -429,7 +470,6 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) return r; } -/** Computes the session key using the interleaved hash. */ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) { SrpHash hash; @@ -438,7 +478,13 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) byte counter[4]; int r; - for (i = j = 0; j < 2 * digestSz; i++) { + srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP); + if (srp->key == NULL) + return MEMORY_E; + + srp->keySz = 2 * digestSz; + + for (i = j = 0; j < srp->keySz; i++) { counter[0] = (i >> 24) & 0xFF; counter[1] = (i >> 16) & 0xFF; counter[2] = (i >> 8) & 0xFF; @@ -448,10 +494,10 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) if (!r) r = SrpHashUpdate(&hash, secret, size); if (!r) r = SrpHashUpdate(&hash, counter, 4); - if(j + digestSz > 2 * digestSz) { + if(j + digestSz > srp->keySz) { if (!r) r = SrpHashFinal(&hash, digest); - XMEMCPY(srp->key + j, digest, 2 * digestSz - j); - j = 2 * digestSz; + XMEMCPY(srp->key + j, digest, srp->keySz - j); + j = srp->keySz; } else { if (!r) r = SrpHashFinal(&hash, srp->key + j); @@ -549,13 +595,15 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, /* building session key from secret */ if (!r) r = mp_to_unsigned_bin(&s, secret); - if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s)); + if (!r) r = srp->keyGenFunc_cb(srp, secret, mp_unsigned_bin_size(&s)); + printf("key\n"); + LogHex(srp->key, srp->keySz); /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */ if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz); if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz); - if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, 2 * digestSz); + if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, srp->keySz); /* updating server proof = H(A) */ @@ -587,7 +635,7 @@ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size) if (srp->side == SRP_CLIENT_SIDE) { /* server proof = H( A | client proof | K) */ if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size); - if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * (*size)); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz); } return r; @@ -610,7 +658,7 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size) if (srp->side == SRP_SERVER_SIDE) { /* server proof = H( A | client proof | K) */ if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size); - if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * size); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz); } if (!r && XMEMCMP(proof, digest, size) != 0) @@ -619,20 +667,4 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size) return r; } -int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size) -{ - word32 sz; - - if (!srp || !key || !size) - return BAD_FUNC_ARG; - - if (*size < (sz = SrpHashSize(srp->type))) - return BUFFER_E; - - XMEMCPY(key, srp->key, sz); - *size = sz; - - return 0; -} - #endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 639468cf7..ba917d2ad 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -94,23 +94,30 @@ typedef struct { } data; } SrpHash; -typedef struct { - SrpSide side; /**< Client or Server, @see SrpSide.*/ - SrpType type; /**< Hash type, @see SrpType. */ - byte* user; /**< Username, login. */ - word32 userSz; /**< Username length. */ - byte* salt; /**< Small salt. */ - word32 saltSz; /**< Salt length. */ - mp_int N; /**< N = 2q+1, [q, N] are primes. */ - /**< a.k.a. modulus. */ - mp_int g; /**< Generator modulo N. */ - byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */ - mp_int auth; /**< x = H(salt + H(user:pswd)) */ - /**< v = g ^ x % N */ - mp_int priv; /**< Private ephemeral value. */ - SrpHash client_proof; /**< Client proof. Sent to Server. */ - SrpHash server_proof; /**< Server proof. Sent to Client. */ - byte key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key. */ +typedef struct Srp { + SrpSide side; /**< Client or Server, @see SrpSide. */ + SrpType type; /**< Hash type, @see SrpType. */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ + byte* salt; /**< Small salt. */ + word32 saltSz; /**< Salt length. */ + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes.*/ + mp_int g; /**< Generator. A generator modulo N. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. k = H(N, g) */ + mp_int auth; /**< Client: x = H(salt + H(user:pswd)) */ + /**< Server: v = g ^ x % N */ + mp_int priv; /**< Private ephemeral value. */ + SrpHash client_proof; /**< Client proof. Sent to the Server. */ + SrpHash server_proof; /**< Server proof. Sent to the Client. */ + byte* key; /**< Session key. */ + word32 keySz; /**< Session key length. */ + int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size); + /**< Function responsible for generating the session key. */ + /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the */ + /**< key buffer for this structure and set keySz to the buffer size. */ + /**< The default function used by this implementation is a modified */ + /**< version of t_mgf1 that uses the proper hash function according */ + /**< to srp->type. */ } Srp; /** @@ -290,20 +297,6 @@ WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size); */ WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size); -/** - * Gets the session key. - * - * This function MUST be called after wc_SrpVerifyPeersProof. - * - * @param[in,out] srp the Srp structure. - * @param[out] key the buffer to write the key. - * @param[in,out] size the buffer size in bytes. Will be updated with the - * key size. - * - * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h - */ -WOLFSSL_API int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size); - #ifdef __cplusplus } /* extern "C" */ #endif From 690cb147465532a0d45df40b5b6bb28cbf5401bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 4 Aug 2015 14:48:17 -0300 Subject: [PATCH 046/102] makes sure random values are safe. --- wolfcrypt/src/error.c | 9 ++++ wolfcrypt/src/srp.c | 76 +++++++++++++++------------------ wolfssl/wolfcrypt/error-crypt.h | 1 + wolfssl/wolfcrypt/srp.h | 3 ++ 4 files changed, 48 insertions(+), 41 deletions(-) diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 7d1d5ebe7..37b78422a 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -328,6 +328,15 @@ const char* wc_GetErrorString(int error) case ECC_PRIV_KEY_E: return " ECC private key is not valid error"; + case SRP_CALL_ORDER_E: + return "SRP function called in the wrong order error"; + + case SRP_VERIFY_E: + return "SRP proof verification error"; + + case SRP_BAD_KEY_E: + return "SRP bad key values error"; + default: return "unknown error number"; diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 66e7e7fda..6e8b22d2f 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -32,40 +32,7 @@ #include /** Computes the session key using the Mask Generation Function 1. */ -static int wc_SrpSetK(Srp* srp, byte* secret, word32 size); - -#include -static inline void LogHex(byte* data, word32 length) -{ - #define LINE_LEN 16 - - word32 i; - - printf("\t"); - - if (!data) { - printf("NULL\n"); - return; - } - - for (i = 0; i < LINE_LEN; i++) { - if (i < length) - printf("%02x ", data[i]); - else - printf(" "); - } - - printf("| "); - - for (i = 0; i < LINE_LEN; i++) - if (i < length) - printf("%c", 31 < data[i] && data[i] < 127 ? data[i] : '.'); - - printf("\n"); - - if (length > LINE_LEN) - LogHex(data + LINE_LEN, length - LINE_LEN); -} +static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size); static int SrpHashInit(SrpHash* hash, SrpType type) { @@ -216,7 +183,7 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) srp->user = NULL; srp->userSz = 0; srp->key = NULL; srp->keySz = 0; - srp->keyGenFunc_cb = wc_SrpSetK; + srp->keyGenFunc_cb = wc_SrpSetKey; return 0; } @@ -273,10 +240,16 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) return MP_READ_E; + if (mp_count_bits(&srp->N) < SRP_DEFAULT_MIN_BITS) + return BAD_FUNC_ARG; + /* Set g */ if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY) return MP_READ_E; + if (mp_cmp(&srp->N, &srp->g) != MP_GT) + return BAD_FUNC_ARG; + /* Set salt */ if (srp->salt) { XMEMSET(srp->salt, 0, srp->saltSz); @@ -397,13 +370,23 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size) int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) { + mp_int p; + int r; + if (!srp || !private || !size) return BAD_FUNC_ARG; if (mp_iszero(&srp->auth)) return SRP_CALL_ORDER_E; - return mp_read_unsigned_bin(&srp->priv, private, size); + r = mp_init(&p); + if (!r) r = mp_read_unsigned_bin(&p, private, size); + if (!r) r = mp_mod(&p, &srp->N, &srp->priv); + if (!r) r = mp_iszero(&srp->priv) ? SRP_BAD_KEY_E : 0; + + mp_clear(&p); + + return r; } /** Generates random data using wolfcrypt RNG. */ @@ -452,6 +435,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) { if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type)); + if (!r) r = mp_iszero(&i) ? SRP_BAD_KEY_E : 0; if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey); if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j); if (!r) r = mp_add(&j, &pubkey, &i); @@ -470,7 +454,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) return r; } -static int wc_SrpSetK(Srp* srp, byte* secret, word32 size) +static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) { SrpHash hash; byte digest[SRP_MAX_DIGEST_SIZE]; @@ -566,11 +550,15 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, /* building s (secret) */ if (!r && srp->side == SRP_CLIENT_SIDE) { - /* temp1 = B - k * v */ + + /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */ r = mp_read_unsigned_bin(&temp1, srp->k, digestSz); + if (!r) r = mp_iszero(&temp1) ? SRP_BAD_KEY_E : 0; if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &temp2); if (!r) r = mp_mulmod(&temp1, &temp2, &srp->N, &s); if (!r) r = mp_read_unsigned_bin(&temp2, serverPubKey, serverPubKeySz); + if (!r) r = mp_iszero(&temp2) ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_cmp(&temp2, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0; if (!r) r = mp_sub(&temp2, &s, &temp1); /* temp2 = a + u * x */ @@ -584,10 +572,18 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, /* temp1 = v ^ u % N */ r = mp_exptmod(&srp->auth, &u, &srp->N, &temp1); - /* temp2 = A * temp1 % N */ + /* temp2 = A * temp1 % N; rejects A == 0, A >= N */ if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz); + if (!r) r = mp_iszero(&s) ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_cmp(&s, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0; if (!r) r = mp_mulmod(&s, &temp1, &srp->N, &temp2); + /* rejects A * v ^ u % N >= 1, A * v ^ u % N == -1 % N */ + if (!r) r = mp_read_unsigned_bin(&temp1, (const byte*)"\001", 1); + if (!r) r = mp_cmp(&temp2, &temp1) != MP_GT ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_sub(&srp->N, &temp1, &s); + if (!r) r = mp_cmp(&temp2, &s) == MP_EQ ? SRP_BAD_KEY_E : 0; + /* secret = temp2 * b % N */ if (!r) r = mp_exptmod(&temp2, &srp->priv, &srp->N, &s); } @@ -596,8 +592,6 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, if (!r) r = mp_to_unsigned_bin(&s, secret); if (!r) r = srp->keyGenFunc_cb(srp, secret, mp_unsigned_bin_size(&s)); - printf("key\n"); - LogHex(srp->key, srp->keySz); /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 84714e462..340d1db75 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -153,6 +153,7 @@ enum { SRP_CALL_ORDER_E = -217, /* SRP function called in the wrong order. */ SRP_VERIFY_E = -218, /* SRP proof verification failed. */ + SRP_BAD_KEY_E = -219, /* SRP bad ephemeral values. */ MIN_CODE_E = -300 /* errors -101 - -299 */ }; diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index ba917d2ad..3992a07ea 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -47,6 +47,9 @@ #error "You have to have some kind of SHA hash if you want to use SRP." #endif +/* Set the minimum number of bits acceptable in an SRP modulus */ +#define SRP_DEFAULT_MIN_BITS 512 + /** * SRP side, client or server. */ From 114e3edc279d99ef01f1e804d1f49acf9c5f517f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 4 Aug 2015 16:02:44 -0300 Subject: [PATCH 047/102] add srp example to test.c --- wolfcrypt/test/test.c | 104 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f85ee6373..b7888b0c2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include @@ -179,6 +180,7 @@ int camellia_test(void); int rsa_test(void); int dh_test(void); int dsa_test(void); +int srp_test(void); int random_test(void); int pwdbased_test(void); int ripemd_test(void); @@ -500,6 +502,13 @@ int wolfcrypt_test(void* args) printf( "DSA test passed!\n"); #endif +#ifdef WOLFCRYPT_HAVE_SRP + if ( (ret = srp_test()) != 0) + return err_sys("SRP test failed!\n", ret); + else + printf( "SRP test passed!\n"); +#endif + #ifndef NO_PWDBASED if ( (ret = pwdbased_test()) != 0) return err_sys("PWDBASED test failed!\n", ret); @@ -4541,6 +4550,101 @@ int dsa_test(void) #endif /* NO_DSA */ +#ifdef WOLFCRYPT_HAVE_SRP + +int srp_test(void) +{ + Srp cli, srv; + int r; + + byte clientPubKey[80]; /* A */ + byte serverPubKey[80]; /* B */ + word32 clientPubKeySz = 80; + word32 serverPubKeySz = 80; + byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */ + byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */ + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + byte username[] = "user"; + word32 usernameSz = 4; + + byte password[] = "password"; + word32 passwordSz = 8; + + byte N[] = { + 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F, + 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4, + 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7, + 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22, + 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37, + 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15, + 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83 + }; + + byte g[] = { + 0x02 + }; + + byte salt[] = { + 0xB2, 0xE5, 0x8E, 0xCC, 0xD0, 0xCF, 0x9D, 0x10, 0x3A, 0x56 + }; + + byte verifier[] = { + 0x7C, 0xAB, 0x17, 0xFE, 0x54, 0x3E, 0x8C, 0x13, 0xF2, 0x3D, 0x21, 0xE7, + 0xD2, 0xAF, 0xAF, 0xDB, 0xA1, 0x52, 0x69, 0x9D, 0x49, 0x01, 0x79, 0x91, + 0xCF, 0xD1, 0x3F, 0xE5, 0x28, 0x72, 0xCA, 0xBE, 0x13, 0xD1, 0xC2, 0xDA, + 0x65, 0x34, 0x55, 0x8F, 0x34, 0x0E, 0x05, 0xB8, 0xB4, 0x0F, 0x7F, 0x6B, + 0xBB, 0xB0, 0x6B, 0x50, 0xD8, 0xB1, 0xCC, 0xB7, 0x81, 0xFE, 0xD4, 0x42, + 0xF5, 0x11, 0xBC, 0x8A, 0x28, 0xEB, 0x50, 0xB3, 0x46, 0x08, 0xBA, 0x24, + 0xA2, 0xFB, 0x7F, 0x2E, 0x0A, 0xA5, 0x33, 0xCC + }; + + /* client knows username and password. */ + /* server knows N, g, salt and verifier. */ + + r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE); + if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz); + + /* client sends username to server */ + + if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE); + if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz); + if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)); + if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz); + + /* server sends N, g, salt and B to client */ + + if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz); + if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz); + if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz); + + /* client sends A and M1 to server */ + + if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz); + if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz); + + /* server sends M2 to client */ + + if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); + + return r; +} + +#endif /* WOLFCRYPT_HAVE_SRP */ #ifdef OPENSSL_EXTRA From 121a24ba152050b5588c98cc9546abf4be92d800 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Tue, 4 Aug 2015 15:11:01 -0600 Subject: [PATCH 048/102] update logic for ECC FASTMATH KEY-GEN and COMP-KEY --- wolfcrypt/src/integer.c | 4 +++- wolfcrypt/src/tfm.c | 9 ++++++--- wolfssl/wolfcrypt/integer.h | 2 +- wolfssl/wolfcrypt/types.h | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 5a79191b6..da58dd0a6 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -4535,12 +4535,14 @@ LBL_U:mp_clear (&v); #endif /* WOLFSSL_KEY_GEN */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) /* chars used in radix conversions */ const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\ abcdefghijklmnopqrstuvwxyz+/"; +#endif +#ifdef HAVE_ECC /* read a string [ASCII] in a given radix */ int mp_read_radix (mp_int * a, const char *str, int radix) { diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 5c5f60bda..7e45f1f6d 100755 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2264,6 +2264,7 @@ static const int lnz[16] = { 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0 }; +#ifdef WOLFSSL_KEY_GEN /* swap the elements of two integers, for cases where you can't simply swap the * mp_int pointers around */ @@ -2275,6 +2276,7 @@ static void fp_exch (fp_int * a, fp_int * b) *a = *b; *b = t; } +#endif /* Counts the number of lsbs which are zero before the first zero bit */ int fp_cnt_lsb(fp_int *a) @@ -2724,12 +2726,14 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c) #endif /* HAVE_ECC || !NO_PWDBASED */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) /* chars used in radix conversions */ static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\ abcdefghijklmnopqrstuvwxyz+/"; +#endif +#ifdef HAVE_ECC static int fp_read_radix(fp_int *a, const char *str, int radix) { int y, neg; @@ -2842,6 +2846,7 @@ int mp_cnt_lsb(fp_int* a) #endif /* HAVE_COMP_KEY */ +#endif /* HAVE_ECC */ #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) @@ -2953,7 +2958,5 @@ int mp_toradix (mp_int *a, char *str, int radix) #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ -#endif /* HAVE_ECC */ - #endif /* USE_FAST_MATH */ diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 8e43a395b..16ee0cc7b 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -307,7 +307,7 @@ int mp_radix_size (mp_int * a, int radix, int *size); #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c); #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) int mp_read_radix(mp_int* a, const char* str, int radix); #endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 795d2c9c5..3d379e216 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -215,7 +215,7 @@ #ifndef CTYPE_USER #include - #if defined(HAVE_ECC) || defined(HAVE_OCSP) + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || defined(WOLFSSL_KEY_GEN) #define XTOUPPER(c) toupper((c)) #define XISALPHA(c) isalpha((c)) #endif From b15e5b1747a4622140312d5cf023429ffe9c2c66 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Tue, 4 Aug 2015 15:31:40 -0600 Subject: [PATCH 049/102] updated existing projects to include wc_encrypt.c --- wolfssl.vcproj | 4 ++++ wolfssl.vcxproj | 1 + 2 files changed, 5 insertions(+) diff --git a/wolfssl.vcproj b/wolfssl.vcproj index b4a4543ad..f81f47fbd 100755 --- a/wolfssl.vcproj +++ b/wolfssl.vcproj @@ -291,6 +291,10 @@ RelativePath=".\src\tls.c" > + + + From 92b725dfd769005780f8ebd99d80855d0ccbe26d Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 5 Aug 2015 11:16:21 -0600 Subject: [PATCH 050/102] DLL-Debug-32 tested and linking properly --- IDE/WIN/test.vcxproj | 13 ++++++++----- IDE/WIN/wolfssl-fips.vcxproj | 14 +++++++++----- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj index 38e264b20..73d6d0864 100644 --- a/IDE/WIN/test.vcxproj +++ b/IDE/WIN/test.vcxproj @@ -140,6 +140,7 @@ true Console + MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) false @@ -187,7 +188,7 @@ Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -200,13 +201,14 @@ Console MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + false Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -216,6 +218,7 @@ true Console + MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) false @@ -223,7 +226,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) MultiThreadedDLL Level3 @@ -243,7 +246,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) MultiThreadedDLL Level3 @@ -271,4 +274,4 @@ - + \ No newline at end of file diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index c63c79bd1..62d288e6c 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -132,7 +132,7 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) true EnableFastChecks MultiThreadedDebugDLL @@ -140,6 +140,9 @@ ProgramDatabase 4206;4214;4706;%(DisableSpecificWarnings) + + ws2_32.lib;%(AdditionalDependencies) + @@ -157,7 +160,7 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL Level4 @@ -187,7 +190,7 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 @@ -212,7 +215,7 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 @@ -287,6 +290,7 @@ + @@ -307,4 +311,4 @@ - + \ No newline at end of file From f45ef26977455844c79faf139c71938d2e8cb440 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 5 Aug 2015 11:28:07 -0600 Subject: [PATCH 051/102] DLL-x64 and Debug-x64 removed x86 constraint --- IDE/WIN/test.vcxproj | 2 -- 1 file changed, 2 deletions(-) diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj index 73d6d0864..a06928cf5 100644 --- a/IDE/WIN/test.vcxproj +++ b/IDE/WIN/test.vcxproj @@ -140,7 +140,6 @@ true Console - MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) false @@ -218,7 +217,6 @@ true Console - MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) false From 42a50d2caf4f609c99dca923d39a14eb69db85a7 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 5 Aug 2015 15:41:46 -0600 Subject: [PATCH 052/102] Release x64 tested and working --- IDE/WIN/test.vcxproj | 9 +++++---- IDE/WIN/wolfssl-fips.vcxproj | 5 +---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj index a06928cf5..41a53901c 100644 --- a/IDE/WIN/test.vcxproj +++ b/IDE/WIN/test.vcxproj @@ -1,5 +1,5 @@  - + Debug @@ -152,16 +152,16 @@ Level3 ProgramDatabase + true true Console + MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) true true - MachineX86 UseLinkTimeCodeGeneration - false @@ -207,12 +207,13 @@ Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL Level3 ProgramDatabase + false true diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index 62d288e6c..70af4ad98 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -169,8 +169,6 @@ ws2_32.lib;%(AdditionalDependencies) - false - true @@ -178,11 +176,10 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + WIN32;OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 - ProgramDatabase From 865d88ce3e79c975bbd5ac5c5548de6d0ae4a904 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 5 Aug 2015 15:55:05 -0600 Subject: [PATCH 053/102] rewind tool version --- IDE/WIN/test.vcxproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj index 41a53901c..06ad22bd3 100644 --- a/IDE/WIN/test.vcxproj +++ b/IDE/WIN/test.vcxproj @@ -1,5 +1,5 @@  - + Debug From d050c1058128a7532e68d176dfcaf7847ffa46ae Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Sat, 1 Aug 2015 18:28:18 +0200 Subject: [PATCH 054/102] add support for curve 25519 and Ed25519 in OpenSSH refactor curve25519 and Ed25519 code fix warning in PEM_xxx_mem_xxx functions --- configure.ac | 10 + cyassl/openssl/ec25519.h | 3 + cyassl/openssl/ed25519.h | 3 + cyassl/openssl/include.am | 2 + src/ssl.c | 323 ++++++++++++++++++++++++++++++++- wolfcrypt/src/curve25519.c | 310 +++++++++++++++++++++---------- wolfcrypt/src/ed25519.c | 278 ++++++++++++++++++---------- wolfcrypt/src/fe_operations.c | 21 ++- wolfcrypt/test/test.c | 21 +++ wolfssl/openssl/ec25519.h | 23 +++ wolfssl/openssl/ed25519.h | 26 +++ wolfssl/openssl/include.am | 2 + wolfssl/openssl/pem.h | 6 +- wolfssl/wolfcrypt/curve25519.h | 43 ++++- wolfssl/wolfcrypt/ed25519.h | 21 ++- 15 files changed, 888 insertions(+), 204 deletions(-) create mode 100644 cyassl/openssl/ec25519.h create mode 100644 cyassl/openssl/ed25519.h create mode 100644 wolfssl/openssl/ec25519.h create mode 100644 wolfssl/openssl/ed25519.h diff --git a/configure.ac b/configure.ac index bc15219aa..0acd28feb 100644 --- a/configure.ac +++ b/configure.ac @@ -733,6 +733,11 @@ AC_ARG_ENABLE([curve25519], ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_CURVE25519="yes" +fi + if test "$ENABLED_CURVE25519" = "small" then AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL" @@ -758,6 +763,11 @@ AC_ARG_ENABLE([ed25519], ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_ED25519="yes" +fi + if test "$ENABLED_ED25519" = "small" then AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL" diff --git a/cyassl/openssl/ec25519.h b/cyassl/openssl/ec25519.h new file mode 100644 index 000000000..6ee894506 --- /dev/null +++ b/cyassl/openssl/ec25519.h @@ -0,0 +1,3 @@ +/* ec25519.h */ + +#include diff --git a/cyassl/openssl/ed25519.h b/cyassl/openssl/ed25519.h new file mode 100644 index 000000000..240cbcaaf --- /dev/null +++ b/cyassl/openssl/ed25519.h @@ -0,0 +1,3 @@ +/* ed25519.h */ + +#include diff --git a/cyassl/openssl/include.am b/cyassl/openssl/include.am index 88950eeec..f5c3c56e9 100644 --- a/cyassl/openssl/include.am +++ b/cyassl/openssl/include.am @@ -13,6 +13,8 @@ nobase_include_HEADERS+= \ cyassl/openssl/ecdsa.h \ cyassl/openssl/ecdh.h \ cyassl/openssl/ec.h \ + cyassl/openssl/ec25519.h \ + cyassl/openssl/ed25519.h \ cyassl/openssl/engine.h \ cyassl/openssl/err.h \ cyassl/openssl/evp.h \ diff --git a/src/ssl.c b/src/ssl.c index e543e68d3..358879f19 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -50,6 +50,8 @@ #include #include #include + #include + #include #include #include /* openssl headers end, wolfssl internal headers next */ @@ -59,6 +61,8 @@ #include #include #include + #include + #include #ifdef WOLFSSL_SHA512 #include #endif @@ -12635,8 +12639,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) return SSL_FAILURE; } - if (dsa->inSet == 0) - { + if (dsa->inSet == 0) { WOLFSSL_MSG("No DSA internal set, do it"); if (SetDsaInternal(dsa) != SSL_SUCCESS) { @@ -13496,7 +13499,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, */ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - byte **pem, int *plen) + unsigned char **pem, int *plen) { byte *der, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; @@ -14867,7 +14870,7 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc, int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - byte **pem, int *plen) + unsigned char **pem, int *plen) { byte *der, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; @@ -15040,7 +15043,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - byte **pem, int *plen) + unsigned char **pem, int *plen) { byte *der, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; @@ -16330,3 +16333,313 @@ const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) return sess->sessionID; } #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519) +/* return 1 if success, 0 if error + * output keys are little endian format + */ +int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + int ret = SSL_FAILURE; + int initTmpRng = 0; + RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + RNG *tmpRNG = NULL; +#else + RNG tmpRNG[1]; +#endif + + WOLFSSL_ENTER("wolfSSL_EC25519_generate_key"); + + if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE || + pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + +#ifdef WOLFSSL_SMALL_STACK + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return SSL_FAILURE; +#endif + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init, trying global"); + if (initGlobalRNG == 0) + WOLFSSL_MSG("Global RNG no Init"); + else + rng = &globalRNG; + } + + if (rng) { + curve25519_key key; + + if (wc_curve25519_init(&key) != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_init failed"); + else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY) + WOLFSSL_MSG("wc_curve25519_make_key failed"); + /* export key pair */ + else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub, + pubSz, EC25519_LITTLE_ENDIAN) + != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed"); + else + ret = SSL_SUCCESS; + + wc_curve25519_free(&key); + } + + if (initTmpRng) + wc_FreeRng(tmpRNG); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* return 1 if success, 0 if error + * input and output keys are little endian format + */ +int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, + const unsigned char *pub, unsigned int pubSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + int ret = SSL_FAILURE; + curve25519_key privkey, pubkey; + + WOLFSSL_ENTER("wolfSSL_EC25519_shared_key"); + + if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE || + priv == NULL || privSz < CURVE25519_KEYSIZE || + pub == NULL || pubSz < CURVE25519_KEYSIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + + /* import private key */ + if (wc_curve25519_init(&privkey) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init privkey failed"); + return ret; + } + if (wc_curve25519_import_private_ex(priv, privSz, &privkey, + EC25519_LITTLE_ENDIAN) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_import_private_ex failed"); + wc_curve25519_free(&privkey); + return ret; + } + + /* import public key */ + if (wc_curve25519_init(&pubkey) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init pubkey failed"); + wc_curve25519_free(&privkey); + return ret; + } + if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey, + EC25519_LITTLE_ENDIAN) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_import_public_ex failed"); + wc_curve25519_free(&privkey); + wc_curve25519_free(&pubkey); + return ret; + } + + if (wc_curve25519_shared_secret_ex(&privkey, &pubkey, + shared, sharedSz, + EC25519_LITTLE_ENDIAN) != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); + else + ret = SSL_SUCCESS; + + wc_curve25519_free(&privkey); + wc_curve25519_free(&pubkey); + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} +#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) +/* return 1 if success, 0 if error + * output keys are little endian format + */ +int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + int ret = SSL_FAILURE; + int initTmpRng = 0; + RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + RNG *tmpRNG = NULL; +#else + RNG tmpRNG[1]; +#endif + + WOLFSSL_ENTER("wolfSSL_ED25519_generate_key"); + + if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE || + pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + +#ifdef WOLFSSL_SMALL_STACK + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return SSL_FATAL_ERROR; +#endif + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init, trying global"); + if (initGlobalRNG == 0) + WOLFSSL_MSG("Global RNG no Init"); + else + rng = &globalRNG; + } + + if (rng) { + ed25519_key key; + + if (wc_ed25519_init(&key) != MP_OKAY) + WOLFSSL_MSG("wc_ed25519_init failed"); + else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY) + WOLFSSL_MSG("wc_ed25519_make_key failed"); + /* export private key */ + else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY) + WOLFSSL_MSG("wc_ed25519_export_key failed"); + else + ret = SSL_SUCCESS; + + wc_ed25519_free(&key); + } + + if (initTmpRng) + wc_FreeRng(tmpRNG); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* return 1 if success, 0 if error + * input and output keys are little endian format + * priv is a buffer containing private and public part of key + */ +int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, + unsigned char *sig, unsigned int *sigSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + ed25519_key key; + int ret = SSL_FAILURE; + + WOLFSSL_ENTER("wolfSSL_ED25519_sign"); + + if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE || + msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + + /* import key */ + if (wc_ed25519_init(&key) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init failed"); + return ret; + } + if (wc_ed25519_import_private_key(priv, privSz/2, + priv+(privSz/2), ED25519_PUB_KEY_SIZE, + &key) != MP_OKAY){ + WOLFSSL_MSG("wc_ed25519_import_private failed"); + wc_ed25519_free(&key); + return ret; + } + + if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); + else + ret = SSL_SUCCESS; + + wc_ed25519_free(&key); + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* return 1 if success, 0 if error + * input and output keys are little endian format + * pub is a buffer containing public part of key + */ +int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, + const unsigned char *sig, unsigned int sigSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + ed25519_key key; + int ret = SSL_FAILURE, check = 0; + + WOLFSSL_ENTER("wolfSSL_ED25519_verify"); + + if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE || + msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + + /* import key */ + if (wc_ed25519_init(&key) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init failed"); + return ret; + } + if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){ + WOLFSSL_MSG("wc_ed25519_import_public failed"); + wc_ed25519_free(&key); + return ret; + } + + if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz, + &check, &key)) != MP_OKAY) { + WOLFSSL_MSG("wc_ed25519_verify_msg failed"); + fprintf(stderr, "err code = %d, sigSz=%d, msgSz=%d\n", ret, sigSz, msgSz); + } + else if (!check) + WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)"); + else + ret = SSL_SUCCESS; + + wc_ed25519_free(&key); + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +#endif /* OPENSSL_EXTRA && HAVE_ED25519 */ + diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index b745a046c..2380e371e 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -46,94 +46,96 @@ const curve25519_set_type curve25519_sets[] = { }; - int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key) { - unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; - unsigned char n[CURVE25519_KEYSIZE]; - unsigned char p[CURVE25519_KEYSIZE]; - int i; - int ret; + unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; + int ret; - if (key == NULL || rng == NULL) - return ECC_BAD_ARG_E; + if (key == NULL || rng == NULL) + return BAD_FUNC_ARG; - /* currently only a key size of 32 bytes is used */ - if (keysize != CURVE25519_KEYSIZE) - return ECC_BAD_ARG_E; + /* currently only a key size of 32 bytes is used */ + if (keysize != CURVE25519_KEYSIZE) + return ECC_BAD_ARG_E; - /* get random number from RNG */ - ret = wc_RNG_GenerateBlock(rng, n, keysize); - if (ret != 0) - return ret; + /* random number for private key */ + ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize); + if (ret != 0) + return ret; - for (i = 0; i < keysize; ++i) key->k.point[i] = n[i]; - key->k.point[ 0] &= 248; - key->k.point[31] &= 127; - key->k.point[31] |= 64; + /* Clamp the private key */ + key->k.point[0] &= 248; + key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */ + key->k.point[CURVE25519_KEYSIZE-1] |= 64; - /* compute public key */ - ret = curve25519(p, key->k.point, basepoint); + /* compute public key */ + ret = curve25519(key->p.point, key->k.point, basepoint); + if (ret != 0) { + ForceZero(key->k.point, keysize); + ForceZero(key->p.point, keysize); + return ret; + } - /* store keys in big endian format */ - for (i = 0; i < keysize; ++i) n[i] = key->k.point[i]; - for (i = 0; i < keysize; ++i) { - key->p.point[keysize - i - 1] = p[i]; - key->k.point[keysize - i - 1] = n[i]; - } - - ForceZero(n, keysize); - ForceZero(p, keysize); - - return ret; + return ret; } - int wc_curve25519_shared_secret(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen) { - unsigned char k[CURVE25519_KEYSIZE]; - unsigned char p[CURVE25519_KEYSIZE]; + return wc_curve25519_shared_secret_ex(private_key, public_key, + out, outlen, EC25519_BIG_ENDIAN); +} + +int wc_curve25519_shared_secret_ex(curve25519_key* private_key, + curve25519_key* public_key, + byte* out, word32* outlen, int endian) +{ unsigned char o[CURVE25519_KEYSIZE]; int ret = 0; - int i; /* sanity check */ - if (private_key == NULL || public_key == NULL || out == NULL || - outlen == NULL) + if (private_key == NULL || public_key == NULL || + out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) return BAD_FUNC_ARG; /* avoid implementation fingerprinting */ - if (public_key->p.point[0] > 0x7F) + if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F) return ECC_BAD_ARG_E; - XMEMSET(p, 0, sizeof(p)); - XMEMSET(k, 0, sizeof(k)); - XMEMSET(out, 0, CURVE25519_KEYSIZE); - - for (i = 0; i < CURVE25519_KEYSIZE; ++i) { - p[i] = public_key->p.point [CURVE25519_KEYSIZE - i - 1]; - k[i] = private_key->k.point[CURVE25519_KEYSIZE - i - 1]; + ret = curve25519(o, private_key->k.point, public_key->p.point); + if (ret != 0) { + ForceZero(o, CURVE25519_KEYSIZE); + return ret; } - ret = curve25519(o , k, p); + if (endian == EC25519_BIG_ENDIAN) { + int i; + /* put shared secret key in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + out[i] = o[CURVE25519_KEYSIZE - i -1]; + } + else /* put shared secret key in Little Endian format */ + XMEMCPY(out, o, CURVE25519_KEYSIZE); + *outlen = CURVE25519_KEYSIZE; - for (i = 0; i < CURVE25519_KEYSIZE; ++i) { - out[i] = o[CURVE25519_KEYSIZE - i -1]; - } - - ForceZero(p, sizeof(p)); - ForceZero(k, sizeof(k)); ForceZero(o, sizeof(o)); return ret; } - -/* curve25519 uses a serialized string for key representation */ +/* export curve25519 public key (Big endian) + * return 0 on success */ int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen) +{ + return wc_curve25519_export_public_ex(key, out, outLen, EC25519_BIG_ENDIAN); +} + +/* export curve25519 public key (Big or Little endian) + * return 0 on success */ +int wc_curve25519_export_public_ex(curve25519_key* key, byte* out, + word32* outLen, int endian) { word32 keySz; @@ -143,30 +145,59 @@ int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen) /* check size of outgoing key */ keySz = wc_curve25519_size(key); - /* copy in public key */ - XMEMCPY(out, key->p.point, keySz); + /* check and set outgoing key size */ + if (*outLen < keySz) { + *outLen = keySz; + return ECC_BAD_ARG_E; + } *outLen = keySz; + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* read keys in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + out[i] = key->p.point[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(out, key->p.point, keySz); + return 0; } -/* import curve25519 public key - return 0 on success */ +/* import curve25519 public key (Big endian) + * return 0 on success */ int wc_curve25519_import_public(const byte* in, word32 inLen, curve25519_key* key) +{ + return wc_curve25519_import_public_ex(in, inLen, key, EC25519_BIG_ENDIAN); +} + +/* import curve25519 public key (Big or Little endian) + * return 0 on success */ +int wc_curve25519_import_public_ex(const byte* in, word32 inLen, + curve25519_key* key, int endian) { word32 keySz; /* sanity check */ if (key == NULL || in == NULL) - return ECC_BAD_ARG_E; + return BAD_FUNC_ARG; /* check size of incoming keys */ keySz = wc_curve25519_size(key); if (inLen != keySz) return ECC_BAD_ARG_E; - XMEMCPY(key->p.point, in, inLen); + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* read keys in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + key->p.point[i] = in[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(key->p.point, in, inLen); key->dp = &curve25519_sets[0]; @@ -174,63 +205,159 @@ int wc_curve25519_import_public(const byte* in, word32 inLen, } -/* export curve25519 private key only raw, outLen is in/out size - return 0 on success */ +/* export curve25519 private key only raw (Big endian) + * outLen is in/out size + * return 0 on success */ int wc_curve25519_export_private_raw(curve25519_key* key, byte* out, word32* outLen) +{ + return wc_curve25519_export_private_raw_ex(key, out, outLen, + EC25519_BIG_ENDIAN); +} + +/* export curve25519 private key only raw (Big or Little endian) + * outLen is in/out size + * return 0 on success */ +int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out, + word32* outLen, int endian) { word32 keySz; /* sanity check */ if (key == NULL || out == NULL || outLen == NULL) - return ECC_BAD_ARG_E; + return BAD_FUNC_ARG; + /* check size of outgoing buffer */ keySz = wc_curve25519_size(key); + if (*outLen < keySz) { + *outLen = keySz; + return ECC_BAD_ARG_E; + } *outLen = keySz; - XMEMSET(out, 0, keySz); - XMEMCPY(out, key->k.point, keySz); + + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* put the key in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + out[i] = key->k.point[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(out, key->k.point, keySz); return 0; } - -/* curve25519 private key import. - Public key to match private key needs to be imported too */ -int wc_curve25519_import_private_raw(const byte* priv, word32 privSz, - const byte* pub, word32 pubSz, curve25519_key* key) +/* curve25519 key pair export (Big or Little endian) + * return 0 on success */ +int wc_curve25519_export_key_raw(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz) { - int ret = 0; - word32 keySz; + return wc_curve25519_export_key_raw_ex(key, priv, privSz, + pub, pubSz, EC25519_BIG_ENDIAN); +} - /* sanity check */ - if (key == NULL || priv == NULL || pub == NULL) - return ECC_BAD_ARG_E; +/* curve25519 key pair export (Big or Little endian) + * return 0 on success */ +int wc_curve25519_export_key_raw_ex(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz, + int endian) +{ + int ret; - /* check size of incoming keys */ - keySz = wc_curve25519_size(key); - if (privSz != keySz || pubSz != keySz) - return ECC_BAD_ARG_E; + /* export private part */ + ret = wc_curve25519_export_private_raw_ex(key, priv, privSz, endian); + if (ret != 0) + return ret; - XMEMCPY(key->k.point, priv, privSz); - XMEMCPY(key->p.point, pub, pubSz); - - return ret; + /* export public part */ + return wc_curve25519_export_public_ex(key, pub, pubSz, endian); } +/* curve25519 private key import (Big endian) + * Public key to match private key needs to be imported too + * return 0 on success */ +int wc_curve25519_import_private_raw(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve25519_key* key) +{ + return wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, + key, EC25519_BIG_ENDIAN); +} + +/* curve25519 private key import (Big or Little endian) + * Public key to match private key needs to be imported too + * return 0 on success */ +int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve25519_key* key, int endian) +{ + int ret; + + /* import private part */ + ret = wc_curve25519_import_private_ex(priv, privSz, key, endian); + if (ret != 0) + return ret; + + /* import public part */ + return wc_curve25519_import_public_ex(pub, pubSz, key, endian); +} + +/* curve25519 private key import only. (Big endian) + * return 0 on success */ +int wc_curve25519_import_private(const byte* priv, word32 privSz, + curve25519_key* key) +{ + return wc_curve25519_import_private_ex(priv, privSz, + key, EC25519_BIG_ENDIAN); +} + +/* curve25519 private key import only. (Big or Little endian) + * return 0 on success */ +int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, + curve25519_key* key, int endian) +{ + /* sanity check */ + if (key == NULL || priv == NULL) + return BAD_FUNC_ARG; + + /* check size of incoming keys */ + if ((int)privSz != wc_curve25519_size(key)) + return ECC_BAD_ARG_E; + + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* read the key in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + key->k.point[i] = priv[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(key->k.point, priv, privSz); + + key->dp = &curve25519_sets[0]; + + /* Clamp the key */ + key->k.point[0] &= 248; + key->k.point[privSz-1] &= 63; /* same &=127 because |=64 after */ + key->k.point[privSz-1] |= 64; + + return 0; +} + int wc_curve25519_init(curve25519_key* key) { - word32 keySz; - if (key == NULL) - return ECC_BAD_ARG_E; + return BAD_FUNC_ARG; /* currently the format for curve25519 */ key->dp = &curve25519_sets[0]; - keySz = key->dp->size; - XMEMSET(key->k.point, 0, keySz); - XMEMSET(key->p.point, 0, keySz); + XMEMSET(key->k.point, 0, key->dp->size); + XMEMSET(key->p.point, 0, key->dp->size); return 0; } @@ -251,7 +378,8 @@ void wc_curve25519_free(curve25519_key* key) /* get key size */ int wc_curve25519_size(curve25519_key* key) { - if (key == NULL) return 0; + if (key == NULL) + return 0; return key->dp->size; } diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index b6f6434b4..7ddfc3af2 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -39,14 +39,12 @@ #include #endif - -/* - generate an ed25519 key pair. - returns 0 on success +/* generate an ed25519 key pair. + * returns 0 on success */ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) { - byte az[64]; + byte az[ED25519_PRV_KEY_SIZE]; int ret; ge_p3 A; @@ -57,16 +55,25 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) if (keySz != ED25519_KEY_SIZE) return BAD_FUNC_ARG; - ret = 0; - ret |= wc_RNG_GenerateBlock(rng, key->k, 32); - ret |= wc_Sha512Hash(key->k, 32, az); - az[0] &= 248; - az[31] &= 63; + ret = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + if (ret != 0) { + ForceZero(key->k, ED25519_KEY_SIZE); + return ret; + } + + /* apply clamp */ + az[0] &= 248; + az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ az[31] |= 64; ge_scalarmult_base(&A, az); ge_p3_tobytes(key->p, &A); - XMEMMOVE(key->k + 32, key->p, 32); + + /* put public key after private key, on the same buffer */ + XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); return ret; } @@ -76,43 +83,54 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) in contains the message to sign inlen is the length of the message to sign out is the buffer to write the signature - outlen [in/out] input size of out buf - output gets set as the final length of out + outLen [in/out] input size of out buf + output gets set as the final length of out key is the ed25519 key to use when signing return 0 on success */ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, - word32 *outlen, ed25519_key* key) + word32 *outLen, ed25519_key* key) { ge_p3 R; byte nonce[SHA512_DIGEST_SIZE]; byte hram[SHA512_DIGEST_SIZE]; - byte az[64]; - word32 sigSz; + byte az[ED25519_PRV_KEY_SIZE]; Sha512 sha; - int ret = 0; + int ret; /* sanity check on arguments */ - if (in == NULL || out == NULL || outlen == NULL || key == NULL) + if (in == NULL || out == NULL || outLen == NULL || key == NULL) return BAD_FUNC_ARG; /* check and set up out length */ - ret = 0; - sigSz = wc_ed25519_sig_size(key); - if (*outlen < sigSz) - return BAD_FUNC_ARG; - *outlen = sigSz; + if (*outLen < ED25519_SIG_SIZE) { + *outLen = ED25519_SIG_SIZE; + return BUFFER_E; + } + *outLen = ED25519_SIG_SIZE; /* step 1: create nonce to use where nonce is r in r = H(h_b, ... ,h_2b-1,M) */ - ret |= wc_Sha512Hash(key->k,32,az); + ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + + /* apply clamp */ az[0] &= 248; - az[31] &= 63; + az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ az[31] |= 64; - ret |= wc_InitSha512(&sha); - ret |= wc_Sha512Update(&sha, az + 32, 32); - ret |= wc_Sha512Update(&sha, in, inlen); - ret |= wc_Sha512Final(&sha, nonce); + + ret = wc_InitSha512(&sha); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, az + ED25519_KEY_SIZE, ED25519_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, in, inlen); + if (ret != 0) + return ret; + ret = wc_Sha512Final(&sha, nonce); + if (ret != 0) + return ret; + sc_reduce(nonce); /* step 2: computing R = rB where rB is the scalar multiplication of @@ -122,13 +140,24 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, /* step 3: hash R + public key + message getting H(R,A,M) then creating S = (r + H(R,A,M)a) mod l */ - ret |= wc_InitSha512(&sha); - ret |= wc_Sha512Update(&sha, out, 32); - ret |= wc_Sha512Update(&sha, key->p, 32); - ret |= wc_Sha512Update(&sha, in, inlen); - ret |= wc_Sha512Final(&sha, hram); + ret = wc_InitSha512(&sha); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, out, ED25519_SIG_SIZE/2); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, in, inlen); + if (ret != 0) + return ret; + ret = wc_Sha512Final(&sha, hram); + if (ret != 0) + return ret; + sc_reduce(hram); - sc_muladd(out + 32, hram, az, nonce); + sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); return ret; } @@ -144,11 +173,10 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, word32 msglen, int* stat, ed25519_key* key) { - byte rcheck[32]; + byte rcheck[ED25519_KEY_SIZE]; byte h[SHA512_DIGEST_SIZE]; ge_p3 A; ge_p2 R; - word32 sigSz; int ret; Sha512 sha; @@ -156,14 +184,11 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, if (sig == NULL || msg == NULL || stat == NULL || key == NULL) return BAD_FUNC_ARG; - ret = 0; + /* set verification failed by default */ *stat = 0; - sigSz = wc_ed25519_size(key); /* check on basics needed to verify signature */ - if (siglen < sigSz) - return BAD_FUNC_ARG; - if (sig[63] & 224) + if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224)) return BAD_FUNC_ARG; /* uncompress A (public key), test if valid, and negate it */ @@ -171,24 +196,41 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, return BAD_FUNC_ARG; /* find H(R,A,M) and store it as h */ - ret |= wc_InitSha512(&sha); - ret |= wc_Sha512Update(&sha, sig, 32); - ret |= wc_Sha512Update(&sha, key->p, 32); - ret |= wc_Sha512Update(&sha, msg, msglen); - ret |= wc_Sha512Final(&sha, h); + ret = wc_InitSha512(&sha); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, sig, ED25519_SIG_SIZE/2); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, msg, msglen); + if (ret != 0) + return ret; + ret = wc_Sha512Final(&sha, h); + if (ret != 0) + return ret; + sc_reduce(h); /* Uses a fast single-signature verification SB = R + H(R,A,M)A becomes SB - H(R,A,M)A saving decompression of R */ - ret |= ge_double_scalarmult_vartime(&R, h, &A, sig + 32); + ret = ge_double_scalarmult_vartime(&R, h, &A, sig + (ED25519_SIG_SIZE/2)); + if (ret != 0) + return ret; + ge_tobytes(rcheck, &R); /* comparison of R created to R in sig */ - ret |= ConstantCompare(rcheck, sig, 32); + ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2); + if (ret != 0) + return ret; - *stat = (ret == 0)? 1: 0; + /* set the verification status */ + *stat = 1; return ret; } @@ -223,19 +265,17 @@ void wc_ed25519_free(ed25519_key* key) */ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen) { - word32 keySz; - /* sanity check on arguments */ if (key == NULL || out == NULL || outLen == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - if (*outLen < keySz) { - *outLen = keySz; + if (*outLen < ED25519_PUB_KEY_SIZE) { + *outLen = ED25519_PUB_KEY_SIZE; return BUFFER_E; } - *outLen = keySz; - XMEMCPY(out, key->p, keySz); + + *outLen = ED25519_PUB_KEY_SIZE; + XMEMCPY(out, key->p, ED25519_PUB_KEY_SIZE); return 0; } @@ -249,37 +289,35 @@ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen) */ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) { - word32 keySz; int ret; /* sanity check on arguments */ if (in == NULL || key == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - - if (inLen < keySz) + if (inLen < ED25519_PUB_KEY_SIZE) return BAD_FUNC_ARG; /* compressed prefix according to draft http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-02.txt */ - if (in[0] == 0x40) { + if (in[0] == 0x40 && inLen > ED25519_PUB_KEY_SIZE) { /* key is stored in compressed format so just copy in */ - XMEMCPY(key->p, (in + 1), keySz); + XMEMCPY(key->p, (in + 1), ED25519_PUB_KEY_SIZE); return 0; } /* importing uncompressed public key */ - if (in[0] == 0x04) { + if (in[0] == 0x04 && inLen > 2*ED25519_PUB_KEY_SIZE) { /* pass in (x,y) and store compressed key */ - ret = ge_compress_key(key->p, (in+1), (in+1+keySz), keySz); + ret = ge_compress_key(key->p, in+1, + in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE); return ret; } /* if not specified compressed or uncompressed check key size if key size is equal to compressed key size copy in key */ - if (inLen == keySz) { - XMEMCPY(key->p, in, keySz); + if (inLen == ED25519_PUB_KEY_SIZE) { + XMEMCPY(key->p, in, ED25519_PUB_KEY_SIZE); return 0; } @@ -294,77 +332,129 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) int wc_ed25519_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ed25519_key* key) { - word32 keySz; int ret; /* sanity check on arguments */ if (priv == NULL || pub == NULL || key == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - /* key size check */ - if (privSz < keySz || pubSz < keySz) + if (privSz < ED25519_KEY_SIZE || pubSz < ED25519_PUB_KEY_SIZE) return BAD_FUNC_ARG; - XMEMCPY(key->k, priv, keySz); + /* import public key */ ret = wc_ed25519_import_public(pub, pubSz, key); - XMEMCPY((key->k + keySz), key->p, keySz); + if (ret != 0) + return ret; + + /* make the private key (priv + pub) */ + XMEMCPY(key->k, priv, ED25519_KEY_SIZE); + XMEMCPY(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); return ret; } /* - outLen should contain the size of out buffer when input. outLen is than set - to the final output length. - returns 0 on success + export private key only (secret part so 32 bytes) + outLen should contain the size of out buffer when input. outLen is than set + to the final output length. + returns 0 on success */ int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen) { - word32 keySz; - /* sanity checks on arguments */ if (key == NULL || out == NULL || outLen == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - if (*outLen < keySz) { - *outLen = keySz; + if (*outLen < ED25519_KEY_SIZE) { + *outLen = ED25519_KEY_SIZE; return BUFFER_E; } - *outLen = keySz; - XMEMCPY(out, key->k, keySz); + + *outLen = ED25519_KEY_SIZE; + XMEMCPY(out, key->k, ED25519_KEY_SIZE); return 0; } +/* + export private key, including public part + outLen should contain the size of out buffer when input. outLen is than set + to the final output length. + returns 0 on success + */ +int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen) +{ + /* sanity checks on arguments */ + if (key == NULL || out == NULL || outLen == NULL) + return BAD_FUNC_ARG; -/* is the compressed key size in bytes */ + if (*outLen < ED25519_PRV_KEY_SIZE) { + *outLen = ED25519_PRV_KEY_SIZE; + return BUFFER_E; + } + + *outLen = ED25519_PRV_KEY_SIZE; + XMEMCPY(out, key->k, ED25519_PRV_KEY_SIZE); + + return 0; +} + +/* export full private key and public key + return 0 on success + */ +int wc_ed25519_export_key(ed25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz) +{ + int ret; + + /* export 'full' private part */ + ret = wc_ed25519_export_private(key, priv, privSz); + if (ret != 0) + return ret; + + /* export public part */ + ret = wc_ed25519_export_public(key, pub, pubSz); + + return ret; +} + +/* returns the private key size (secret only) in bytes */ int wc_ed25519_size(ed25519_key* key) { - word32 keySz; - if (key == NULL) return BAD_FUNC_ARG; - keySz = ED25519_KEY_SIZE; - - return keySz; + return ED25519_KEY_SIZE; } +/* returns the private key size (secret + public) in bytes */ +int wc_ed25519_priv_size(ed25519_key* key) +{ + if (key == NULL) + return BAD_FUNC_ARG; + + return ED25519_PRV_KEY_SIZE; +} + +/* returns the compressed key size in bytes (public key) */ +int wc_ed25519_pub_size(ed25519_key* key) +{ + if (key == NULL) + return BAD_FUNC_ARG; + + return ED25519_PUB_KEY_SIZE; +} /* returns the size of signature in bytes */ int wc_ed25519_sig_size(ed25519_key* key) { - word32 sigSz; - if (key == NULL) return BAD_FUNC_ARG; - sigSz = ED25519_SIG_SIZE; - - return sigSz; + return ED25519_SIG_SIZE; } #endif /* HAVE_ED25519 */ diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index da07c951c..d78467e21 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -107,8 +107,9 @@ void fe_0(fe h) int curve25519(byte* q, byte* n, byte* p) { +#if 0 unsigned char e[32]; - unsigned int i; +#endif fe x1; fe x2; fe z2; @@ -120,10 +121,16 @@ int curve25519(byte* q, byte* n, byte* p) unsigned int swap; unsigned int b; - for (i = 0;i < 32;++i) e[i] = n[i]; - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; + /* Clamp already done during key generation and import */ +#if 0 + { + unsigned int i; + for (i = 0;i < 32;++i) e[i] = n[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + } +#endif fe_frombytes(x1,p); fe_1(x2); @@ -133,7 +140,11 @@ int curve25519(byte* q, byte* n, byte* p) swap = 0; for (pos = 254;pos >= 0;--pos) { +#if 0 b = e[pos / 8] >> (pos & 7); +#else + b = n[pos / 8] >> (pos & 7); +#endif b &= 1; swap ^= b; fe_cswap(x2,x3,swap); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f85ee6373..6f26c9d06 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -5514,6 +5514,27 @@ int curve25519_test(void) if (XMEMCMP(ss, sharedB, y)) return -1017; + /* test with 1 generated key and 1 from known test vector */ + if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) + != 0) + return -1018; + + if (wc_curve25519_make_key(&rng, 32, &userB) != 0) + return -1019; + + if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) + return -1020; + + if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -1021; + + /* compare shared secret keys to test they are the same */ + if (y != x) + return -1022; + + if (XMEMCMP(sharedA, sharedB, x)) + return -1023; + /* clean up keys when done */ wc_curve25519_free(&pubKey); wc_curve25519_free(&userB); diff --git a/wolfssl/openssl/ec25519.h b/wolfssl/openssl/ec25519.h new file mode 100644 index 000000000..9ae255c6d --- /dev/null +++ b/wolfssl/openssl/ec25519.h @@ -0,0 +1,23 @@ +/* ec25519.h */ + +#ifndef WOLFSSL_EC25519_H_ +#define WOLFSSL_EC25519_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); + +WOLFSSL_API +int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, + const unsigned char *pub, unsigned int pubSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/wolfssl/openssl/ed25519.h b/wolfssl/openssl/ed25519.h new file mode 100644 index 000000000..8244555df --- /dev/null +++ b/wolfssl/openssl/ed25519.h @@ -0,0 +1,26 @@ +/* ed25519.h */ + +#ifndef WOLFSSL_ED25519_H_ +#define WOLFSSL_ED25519_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); +WOLFSSL_API +int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, + unsigned char *sig, unsigned int *sigSz); +WOLFSSL_API +int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, + const unsigned char *sig, unsigned int sigSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index 9d415962f..21d99ef00 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -13,6 +13,8 @@ nobase_include_HEADERS+= \ wolfssl/openssl/ecdsa.h \ wolfssl/openssl/ecdh.h \ wolfssl/openssl/ec.h \ + wolfssl/openssl/ec25519.h \ + wolfssl/openssl/ed25519.h \ wolfssl/openssl/engine.h \ wolfssl/openssl/err.h \ wolfssl/openssl/evp.h \ diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 7da6074a9..f21525818 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -28,7 +28,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, WOLFSSL_API int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - byte **pem, int *plen); + unsigned char **pem, int *plen); WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x, pem_password_cb *cb, void *u); @@ -54,7 +54,7 @@ WOLFSSL_API int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - byte **pem, int *plen); + unsigned char **pem, int *plen); WOLFSSL_API int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x); @@ -73,7 +73,7 @@ WOLFSSL_API int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - byte **pem, int *plen); + unsigned char **pem, int *plen); WOLFSSL_API int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key); diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 11715775f..ae795baca 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -42,7 +42,8 @@ typedef struct { } curve25519_set_type; -/* ECC point */ +/* ECC point, the internal structure is Little endian + * the mathematical functions used the endianess */ typedef struct { byte point[CURVE25519_KEYSIZE]; }ECPoint; @@ -58,6 +59,11 @@ typedef struct { ECPoint k; /* private key */ } curve25519_key; +enum { + EC25519_LITTLE_ENDIAN=0, + EC25519_BIG_ENDIAN=1 +}; + WOLFSSL_API int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key); @@ -66,6 +72,11 @@ int wc_curve25519_shared_secret(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen); +WOLFSSL_API +int wc_curve25519_shared_secret_ex(curve25519_key* private_key, + curve25519_key* public_key, + byte* out, word32* outlen, int endian); + WOLFSSL_API int wc_curve25519_init(curve25519_key* key); @@ -74,21 +85,49 @@ void wc_curve25519_free(curve25519_key* key); /* raw key helpers */ +WOLFSSL_API +int wc_curve25519_import_private(const byte* priv, word32 privSz, + curve25519_key* key); +WOLFSSL_API +int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, + curve25519_key* key, int endian); + WOLFSSL_API int wc_curve25519_import_private_raw(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, curve25519_key* key); WOLFSSL_API +int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve25519_key* key, int endian); +WOLFSSL_API int wc_curve25519_export_private_raw(curve25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out, + word32* outLen, int endian); WOLFSSL_API int wc_curve25519_import_public(const byte* in, word32 inLen, curve25519_key* key); +WOLFSSL_API +int wc_curve25519_import_public_ex(const byte* in, word32 inLen, + curve25519_key* key, int endian); WOLFSSL_API int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_curve25519_export_public_ex(curve25519_key* key, byte* out, + word32* outLen, int endian); - +WOLFSSL_API +int wc_curve25519_export_key_raw(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); +WOLFSSL_API +int wc_curve25519_export_key_raw_ex(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz, + int endian); /* size helper */ WOLFSSL_API int wc_curve25519_size(curve25519_key* key); diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 6f9a19989..3a8e287b3 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -46,14 +46,17 @@ "-121665/121666", value of d */ -#define ED25519_KEY_SIZE 32 -#define ED25519_SIG_SIZE 64 +#define ED25519_KEY_SIZE 32 /* private key only */ +#define ED25519_SIG_SIZE 64 +#define ED25519_PUB_KEY_SIZE 32 /* compressed */ +/* both private and public key */ +#define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE) /* An ED25519 Key */ typedef struct { - byte p[32]; /* compressed public key */ - byte k[64]; /* private key : 32 secret -- 32 public */ + byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */ + byte k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */ } ed25519_key; @@ -78,11 +81,21 @@ WOLFSSL_API int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen); WOLFSSL_API int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed25519_export_key(ed25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); /* size helper */ WOLFSSL_API int wc_ed25519_size(ed25519_key* key); WOLFSSL_API +int wc_ed25519_priv_size(ed25519_key* key); +WOLFSSL_API +int wc_ed25519_pub_size(ed25519_key* key); +WOLFSSL_API int wc_ed25519_sig_size(ed25519_key* key); #ifdef __cplusplus From aa0852bf719dd255a560432e3770008a4a434376 Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Mon, 3 Aug 2015 09:05:02 +0200 Subject: [PATCH 055/102] Fix Curve25519 test --- wolfcrypt/test/test.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6f26c9d06..c5d79f3d3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -5461,9 +5461,11 @@ int curve25519_test(void) return -1003; /* find shared secret key */ + x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) return -1004; + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) return -1005; @@ -5475,6 +5477,7 @@ int curve25519_test(void) return -1007; /* export a public key and import it for another user */ + x = sizeof(exportBuf); if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0) return -1008; @@ -5483,6 +5486,7 @@ int curve25519_test(void) /* test shared key after importing a public key */ XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) return -1010; @@ -5500,6 +5504,7 @@ int curve25519_test(void) /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0) return -1014; @@ -5508,6 +5513,7 @@ int curve25519_test(void) /* test swaping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) return -1016; @@ -5522,9 +5528,11 @@ int curve25519_test(void) if (wc_curve25519_make_key(&rng, 32, &userB) != 0) return -1019; + x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) return -1020; + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) return -1021; From 590f3e1ca04c54ddc1604cf1f6b453e17df03cbd Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 6 Aug 2015 08:50:16 -0700 Subject: [PATCH 056/102] Merge pull request #113 from lfcrypto/wolfssl add check of ret value --- wolfcrypt/src/ed25519.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 7ddfc3af2..e3d6d06db 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -112,6 +112,8 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, /* step 1: create nonce to use where nonce is r in r = H(h_b, ... ,h_2b-1,M) */ ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + if (ret != 0) + return ret; /* apply clamp */ az[0] &= 248; @@ -130,7 +132,7 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, ret = wc_Sha512Final(&sha, nonce); if (ret != 0) return ret; - + sc_reduce(nonce); /* step 2: computing R = rB where rB is the scalar multiplication of From 716ab20afaa71610d2b606dc41d1c866c5860788 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 6 Aug 2015 10:25:47 -0600 Subject: [PATCH 057/102] Update MPLABX project files, define WOLFSSL_HAVE_MIN in MICROCHIP_PIC32 --- mplabx/wolfssl.X/nbproject/configurations.xml | 11 ++++++++++- wolfssl/wolfcrypt/settings.h | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/mplabx/wolfssl.X/nbproject/configurations.xml b/mplabx/wolfssl.X/nbproject/configurations.xml index 3eab93236..043adc04e 100755 --- a/mplabx/wolfssl.X/nbproject/configurations.xml +++ b/mplabx/wolfssl.X/nbproject/configurations.xml @@ -50,6 +50,15 @@ ../../wolfcrypt/src/tfm.c ../../wolfcrypt/src/wc_port.c ../../wolfcrypt/src/port/pic32/pic32mz-hash.c + ../../wolfcrypt/src/hash.c + ../../wolfcrypt/src/chacha20_poly1305.c + ../../wolfcrypt/src/curve25519.c + ../../wolfcrypt/src/ed25519.c + ../../wolfcrypt/src/fe_low_mem.c + ../../wolfcrypt/src/fe_operations.c + ../../wolfcrypt/src/ge_low_mem.c + ../../wolfcrypt/src/ge_operations.c + ../../wolfcrypt/src/wc_encrypt.c ../../src/crl.c @@ -85,7 +94,7 @@ PKOBSKDEPlatformTool XC32 - + 1.33 4 diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 34c5dc8eb..567afd746 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -178,6 +178,7 @@ #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define NEED_AES_TABLES + #define WOLFSSL_HAVE_MIN #endif #ifdef WOLFSSL_MICROCHIP_PIC32MZ From 08111ab59fa67a29114c76f05926278e567c6038 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 6 Aug 2015 10:43:55 -0600 Subject: [PATCH 058/102] fix for test failure with --enable-hc128 --disable-md5 --- wolfssl/internal.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index bed49725b..4bf21ae56 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -331,7 +331,9 @@ typedef byte word24[3]; #endif #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) - #define BUILD_TLS_RSA_WITH_HC_128_MD5 + #ifndef NO_MD5 + #define BUILD_TLS_RSA_WITH_HC_128_MD5 + #endif #if !defined(NO_SHA) #define BUILD_TLS_RSA_WITH_HC_128_SHA #endif From 9397b9e10f0fc9c57c42dda72c6c63a2b0f2cb39 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Thu, 6 Aug 2015 16:40:36 -0600 Subject: [PATCH 059/102] move MBED GenerateSeed() due to duplicated code --- wolfcrypt/src/random.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4a1f7ea5b..3dbb26dfd 100755 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1017,18 +1017,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } -#elif defined(MBED) - -/* write a real one !!!, just for testing board */ -int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) -{ - int i; - for (i = 0; i < sz; i++ ) - output[i] = i; - - return 0; -} - #elif defined(MICROCHIP_PIC32) #ifdef MICROCHIP_MPLAB_HARMONY @@ -1225,7 +1213,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } -#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) +#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED) #warning "write a real random seed!!!!, just for testing now" From 0a037d39fff06f26a7dd4b624e4f0aa332dfa8ff Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 7 Aug 2015 09:37:22 -0700 Subject: [PATCH 060/102] fix srp request; forcezero, check mp_init(), no leaks --- wolfcrypt/src/srp.c | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 6e8b22d2f..7d9560911 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -31,6 +31,12 @@ #include #include +#ifdef NO_INLINE + #include +#else + #include +#endif + /** Computes the session key using the Mask Generation Function 1. */ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size); @@ -194,14 +200,14 @@ void wc_SrpTerm(Srp* srp) mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->auth); mp_clear(&srp->priv); - XMEMSET(srp->salt, 0, srp->saltSz); + ForceZero(srp->salt, srp->saltSz); XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); - XMEMSET(srp->user, 0, srp->userSz); + ForceZero(srp->user, srp->userSz); XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP); - XMEMSET(srp->key, 0, srp->keySz); + ForceZero(srp->key, srp->keySz); XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP); - XMEMSET(srp, 0, sizeof(Srp)); + ForceZero(srp, sizeof(Srp)); } } @@ -252,7 +258,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, /* Set salt */ if (srp->salt) { - XMEMSET(srp->salt, 0, srp->saltSz); + ForceZero(srp->salt, srp->saltSz); XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); } @@ -284,8 +290,10 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, if (!r) r = SrpHashFinal(&hash, digest2); /* digest1 = H(N) ^ H(g) */ - for (i = 0, j = SrpHashSize(srp->type); i < j; i++) - digest1[i] ^= digest2[i]; + if (r == 0) { + for (i = 0, j = SrpHashSize(srp->type); i < j; i++) + digest1[i] ^= digest2[i]; + } /* digest2 = H(user) */ if (!r) r = SrpHashInit(&hash, srp->type); @@ -331,7 +339,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) /* Set x (private key) */ if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz); - XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE); + ForceZero(digest, SRP_MAX_DIGEST_SIZE); return r; } @@ -348,6 +356,8 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) return SRP_CALL_ORDER_E; r = mp_init(&v); + if (r != MP_OKAY) + return MP_INIT_E; /* v = g ^ x % N */ if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v); @@ -380,6 +390,8 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) return SRP_CALL_ORDER_E; r = mp_init(&p); + if (r != MP_OKAY) + return MP_INIT_E; if (!r) r = mp_read_unsigned_bin(&p, private, size); if (!r) r = mp_mod(&p, &srp->N, &srp->priv); if (!r) r = mp_iszero(&srp->priv) ? SRP_BAD_KEY_E : 0; @@ -406,10 +418,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) { mp_int pubkey; word32 modulusSz; - int r = mp_init(&pubkey); - - if (r != 0) - return r; + int r; if (!srp || !public || !size) return BAD_FUNC_ARG; @@ -421,6 +430,10 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) if (*size < modulusSz) return BUFFER_E; + r = mp_init(&pubkey); + if (r != MP_OKAY) + return MP_INIT_E; + /* priv = random() */ if (mp_iszero(&srp->priv)) r = wc_SrpGenPrivate(srp, public, modulusSz); @@ -460,7 +473,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) byte digest[SRP_MAX_DIGEST_SIZE]; word32 i, j, digestSz = SrpHashSize(srp->type); byte counter[4]; - int r; + int r = BAD_FUNC_ARG; srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP); if (srp->key == NULL) @@ -489,8 +502,8 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) } } - XMEMSET(digest, 0, sizeof(digest)); - XMEMSET(&hash, 0, sizeof(SrpHash)); + ForceZero(digest, sizeof(digest)); + ForceZero(&hash, sizeof(SrpHash)); return r; } From 5d40c5f566cd872f349113102dfe6b287a0684b0 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 7 Aug 2015 11:53:19 -0600 Subject: [PATCH 061/102] Rename RNG to WC_RNG for Freescale, add NO_OLD_RNGNAME define to completely remove RNG type usage --- .../Projects/CryptBenchmark/benchmark.c | 2 +- IDE/MDK5-ARM/Projects/CryptTest/test.c | 16 +-- IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c | 2 +- IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c | 18 +-- mcapi/crypto.c | 14 +- mcapi/mcapi_test.c | 2 +- src/internal.c | 6 +- src/ssl.c | 124 +++++++++--------- src/tls.c | 4 +- swig/wolfssl.i | 6 +- swig/wolfssl_adds.c | 4 +- wolfcrypt/benchmark/benchmark.c | 2 +- wolfcrypt/src/asn.c | 16 +-- wolfcrypt/src/curve25519.c | 2 +- wolfcrypt/src/dh.c | 4 +- wolfcrypt/src/dsa.c | 6 +- wolfcrypt/src/ecc.c | 14 +- wolfcrypt/src/ed25519.c | 2 +- wolfcrypt/src/integer.c | 2 +- wolfcrypt/src/pkcs7.c | 4 +- wolfcrypt/src/random.c | 32 ++--- wolfcrypt/src/rsa.c | 14 +- wolfcrypt/src/srp.c | 2 +- wolfcrypt/src/tfm.c | 6 +- wolfcrypt/test/test.c | 22 ++-- wolfssl/internal.h | 2 +- wolfssl/test.h | 12 +- wolfssl/wolfcrypt/asn_public.h | 9 +- wolfssl/wolfcrypt/curve25519.h | 2 +- wolfssl/wolfcrypt/dh.h | 2 +- wolfssl/wolfcrypt/dsa.h | 6 +- wolfssl/wolfcrypt/ecc.h | 10 +- wolfssl/wolfcrypt/ed25519.h | 2 +- wolfssl/wolfcrypt/integer.h | 2 +- wolfssl/wolfcrypt/pkcs7.h | 4 +- wolfssl/wolfcrypt/random.h | 24 ++-- wolfssl/wolfcrypt/rsa.h | 6 +- wolfssl/wolfcrypt/settings.h | 6 + wolfssl/wolfcrypt/tfm.h | 2 +- 39 files changed, 214 insertions(+), 201 deletions(-) diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c index fa13b8b80..9ee281329 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c @@ -797,7 +797,7 @@ void bench_blake2(void) #if !defined(NO_RSA) || !defined(NO_DH) \ || defined(CYASSL_KEYGEN) || defined(HAVE_ECC) -static RNG rng; +static WC_RNG rng; #endif #ifndef NO_RSA diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c index 167832eae..9b9bf3537 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/test.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c @@ -2667,7 +2667,7 @@ int random_test(void) int random_test(void) { - RNG rng; + WC_RNG rng; byte block[32]; int ret; @@ -2693,7 +2693,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out); byte GetEntropy(ENTROPY_CMD cmd, byte* out) { - static RNG rng; + static WC_RNG rng; if (cmd == INIT) return (InitRng(&rng) == 0) ? 1 : 0; @@ -2768,7 +2768,7 @@ int rsa_test(void) byte* tmp; size_t bytes; RsaKey key; - RNG rng; + WC_RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; @@ -3652,7 +3652,7 @@ int dh_test(void) byte agree2[256]; DhKey key; DhKey key2; - RNG rng; + WC_RNG rng; #ifdef USE_CERT_BUFFERS_1024 @@ -3725,7 +3725,7 @@ int dsa_test(void) word32 idx = 0; byte tmp[1024]; DsaKey key; - RNG rng; + WC_RNG rng; Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; @@ -4200,7 +4200,7 @@ int hkdf_test(void) int ecc_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[1024]; byte sharedB[1024]; byte sig[1024]; @@ -4300,7 +4300,7 @@ int ecc_test(void) int ecc_encrypt_test(void) { - RNG rng; + WC_RNG rng; int ret; ecc_key userA, userB; byte msg[48]; @@ -4669,7 +4669,7 @@ int pkcs7signed_test(void) char data[] = "Hello World"; word32 dataSz, outSz, certDerSz, keyDerSz; PKCS7 msg; - RNG rng; + WC_RNG rng; byte transIdOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c index 528c0a76f..faf6b7793 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c @@ -772,7 +772,7 @@ void bench_blake2(void) #if !defined(NO_RSA) || !defined(NO_DH) \ || defined(CYASSL_KEYGEN) || defined(HAVE_ECC) -static RNG rng; +static WC_RNG rng; #endif #ifndef NO_RSA diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c index 43f9e7952..751cfdf85 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c @@ -2583,7 +2583,7 @@ int camellia_test(void) int random_test(void) { - RNG rng; + WC_RNG rng; byte block[32]; int ret; @@ -2607,7 +2607,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out); byte GetEntropy(ENTROPY_CMD cmd, byte* out) { - static RNG rng; + static WC_RNG rng; if (cmd == INIT) return (InitRng(&rng) == 0) ? 1 : 0; @@ -2682,7 +2682,7 @@ int rsa_test(void) byte* tmp; size_t bytes; RsaKey key; - RNG rng; + WC_RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; @@ -3558,7 +3558,7 @@ int dh_test(void) byte agree2[256]; DhKey key; DhKey key2; - RNG rng; + WC_RNG rng; #ifdef USE_CERT_BUFFERS_1024 @@ -3631,7 +3631,7 @@ int dsa_test(void) word32 idx = 0; byte tmp[1024]; DsaKey key; - RNG rng; + WC_RNG rng; Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; @@ -4098,7 +4098,7 @@ int hkdf_test(void) int ecc_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[1024]; byte sharedB[1024]; byte sig[1024]; @@ -4198,7 +4198,7 @@ int ecc_test(void) int ecc_encrypt_test(void) { - RNG rng; + WC_RNG rng; int ret; ecc_key userA, userB; byte msg[48]; @@ -4563,8 +4563,8 @@ int pkcs7signed_test(void) byte* out; char data[] = "Hello World"; word32 dataSz, outSz, certDerSz, keyDerSz; - PKCS7 msg; - RNG rng; + PKCS7 msg; + WC_RNG rng; byte transIdOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, diff --git a/mcapi/crypto.c b/mcapi/crypto.c index ef947567b..4cb890c48 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -285,13 +285,13 @@ int CRYPT_HUFFMAN_DeCompress(unsigned char* out, unsigned int outSz, /* RNG Initialize, < 0 on error */ int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng) { - typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(RNG) ? 1 : -1]; + typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(WC_RNG) ? 1 : -1]; (void)sizeof(rng_test); if (rng == NULL) return BAD_FUNC_ARG; - return InitRng((RNG*)rng); + return InitRng((WC_RNG*)rng); } @@ -301,7 +301,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b) if (rng == NULL || b == NULL) return BAD_FUNC_ARG; - return RNG_GenerateByte((RNG*)rng, (byte*)b); + return RNG_GenerateByte((WC_RNG*)rng, (byte*)b); } @@ -312,7 +312,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b, if (rng == NULL || b == NULL) return BAD_FUNC_ARG; - return RNG_GenerateBlock((RNG*)rng, b, sz); + return RNG_GenerateBlock((WC_RNG*)rng, b, sz); } @@ -512,7 +512,7 @@ int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out, return BAD_FUNC_ARG; return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder, - (RNG*)rng); + (WC_RNG*)rng); } @@ -614,7 +614,7 @@ int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, int keySz) if (ecc == NULL || rng == NULL) return BAD_FUNC_ARG; - return wc_ecc_make_key((RNG*)rng, keySz, (ecc_key*)ecc->holder); + return wc_ecc_make_key((WC_RNG*)rng, keySz, (ecc_key*)ecc->holder); } @@ -649,7 +649,7 @@ int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, in == NULL) return BAD_FUNC_ARG; - ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (RNG*)rng, + ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (WC_RNG*)rng, (ecc_key*)ecc->holder); *usedSz = inOut; diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index e7d9665ed..b7bf06292 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -69,7 +69,7 @@ static byte ourData[OUR_DATA_SIZE]; static byte* key = NULL; static byte* iv = NULL; static CRYPT_RNG_CTX mcRng; -static RNG defRng; +static WC_RNG defRng; static int check_md5(void); static int check_sha(void); diff --git a/src/internal.c b/src/internal.c index e4b6d9536..4a822dcaa 100644 --- a/src/internal.c +++ b/src/internal.c @@ -244,7 +244,7 @@ static int QSH_FreeAll(WOLFSSL* ssl) #ifdef HAVE_NTRU -static RNG* rng; +static WC_RNG* rng; static wolfSSL_Mutex* rngMutex; static word32 GetEntropy(unsigned char* out, word32 num_bytes) @@ -252,7 +252,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes) int ret = 0; if (rng == NULL) { - if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) + if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) return DRBG_OUT_OF_MEMORY; wc_InitRng(rng); } @@ -1765,7 +1765,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif /* NO_PSK */ /* RNG */ - ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG); + ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap, DYNAMIC_TYPE_RNG); if (ssl->rng == NULL) { WOLFSSL_MSG("RNG Memory error"); return MEMORY_E; diff --git a/src/ssl.c b/src/ssl.c index 358879f19..3cb82827f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10920,7 +10920,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) #endif -static RNG globalRNG; +static WC_RNG globalRNG; static int initGlobalRNG = 0; /* SSL_SUCCESS on ok */ @@ -10947,19 +10947,19 @@ int wolfSSL_RAND_seed(const void* seed, int len) /* SSL_SUCCESS on ok */ int wolfSSL_RAND_bytes(unsigned char* buf, int num) { - int ret = 0; - int initTmpRng = 0; - RNG* rng = NULL; + int ret = 0; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_RAND_bytes"); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return ret; #endif @@ -11285,12 +11285,12 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) int ret = 0; int len = bits / 8; int initTmpRng = 0; - RNG* rng = NULL; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; byte* buff = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; byte buff[1024]; #endif @@ -11303,7 +11303,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (buff == NULL || tmpRNG == NULL) { XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -11926,23 +11926,23 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) word32 pubSz = 768; word32 privSz = 768; int initTmpRng = 0; - RNG* rng = NULL; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK unsigned char* pub = NULL; unsigned char* priv = NULL; - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else unsigned char pub [768]; unsigned char priv[768]; - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_MSG("wolfSSL_DH_generate_key"); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); - pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL || pub == NULL || priv == NULL) { XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -12530,13 +12530,13 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, #ifdef WOLFSSL_KEY_GEN { #ifdef WOLFSSL_SMALL_STACK - RNG* rng = NULL; + WC_RNG* rng = NULL; #else - RNG rng[1]; + WC_RNG rng[1]; #endif #ifdef WOLFSSL_SMALL_STACK - rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (rng == NULL) return SSL_FAILURE; #endif @@ -12651,15 +12651,15 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) #ifdef WOLFSSL_KEY_GEN { int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -12724,15 +12724,15 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, #ifdef WOLFSSL_KEY_GEN { int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -12776,13 +12776,13 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa) { - int ret = SSL_FATAL_ERROR; - int initTmpRng = 0; - RNG* rng = NULL; + int ret = SSL_FATAL_ERROR; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); @@ -12803,7 +12803,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -12875,17 +12875,17 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) { - word32 outLen; - word32 signSz; - int initTmpRng = 0; - RNG* rng = NULL; - int ret = 0; + word32 outLen; + word32 signSz; + int initTmpRng = 0; + WC_RNG* rng = NULL; + int ret = 0; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; - byte* encodedSig = NULL; + WC_RNG* tmpRNG = NULL; + byte* encodedSig = NULL; #else - RNG tmpRNG[1]; - byte encodedSig[MAX_ENCODED_SIG_SZ]; + WC_RNG tmpRNG[1]; + byte encodedSig[MAX_ENCODED_SIG_SZ]; #endif WOLFSSL_MSG("wolfSSL_RSA_sign"); @@ -12913,7 +12913,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return 0; @@ -14024,12 +14024,12 @@ int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) { - int initTmpRng = 0; - RNG* rng = NULL; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key"); @@ -14041,7 +14041,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return 0; #endif @@ -14659,12 +14659,12 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, WOLFSSL_EC_KEY *key) { WOLFSSL_ECDSA_SIG *sig = NULL; - int initTmpRng = 0; - RNG* rng = NULL; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign"); @@ -14686,7 +14686,7 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return NULL; #endif @@ -16347,11 +16347,11 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, #else /* WOLFSSL_KEY_GEN */ int ret = SSL_FAILURE; int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_EC25519_generate_key"); @@ -16363,7 +16363,7 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FAILURE; #endif @@ -16485,11 +16485,11 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, #else /* WOLFSSL_KEY_GEN */ int ret = SSL_FAILURE; int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_ED25519_generate_key"); @@ -16501,7 +16501,7 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif diff --git a/src/tls.c b/src/tls.c index 8c61557ce..59bafa0ed 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2058,7 +2058,7 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) #ifdef HAVE_QSH -static RNG* rng; +static WC_RNG* rng; static wolfSSL_Mutex* rngMutex; static void TLSX_QSH_FreeAll(QSHScheme* list) @@ -2841,7 +2841,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes) int ret = 0; if (rng == NULL) { - if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) + if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) return DRBG_OUT_OF_MEMORY; wc_InitRng(rng); } diff --git a/swig/wolfssl.i b/swig/wolfssl.i index a03e79cbc..286e263e4 100644 --- a/swig/wolfssl.i +++ b/swig/wolfssl.i @@ -27,7 +27,7 @@ /* defn adds */ char* wolfSSL_error_string(int err); int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port); - RNG* GetRng(void); + WC_RNG* GetRng(void); RsaKey* GetRsaPrivateKey(const char* file); void FillSignStr(unsigned char*, const char*, int); %} @@ -44,11 +44,11 @@ int wolfSSL_Init(void); char* wolfSSL_error_string(int); int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port); -int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, RNG* rng); +int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng); int wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key); -RNG* GetRng(void); +WC_RNG* GetRng(void); RsaKey* GetRsaPrivateKey(const char* file); void FillSignStr(unsigned char*, const char*, int); diff --git a/swig/wolfssl_adds.c b/swig/wolfssl_adds.c index e12ccac74..00267c926 100644 --- a/swig/wolfssl_adds.c +++ b/swig/wolfssl_adds.c @@ -182,9 +182,9 @@ char* wolfSSL_error_string(int err) } -RNG* GetRng(void) +WC_RNG* GetRng(void) { - RNG* rng = (RNG*)malloc(sizeof(RNG)); + WC_RNG* rng = (WC_RNG*)malloc(sizeof(WC_RNG)); if (rng) if (wc_InitRng(rng) != 0) { diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index e68af6177..c9a15e277 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -194,7 +194,7 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #if !defined(NO_RSA) || !defined(NO_DH) \ || defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC) #define HAVE_LOCAL_RNG - static RNG rng; + static WC_RNG rng; #endif /* use kB instead of mB for embedded benchmarking */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5629bfc75..c9aafe289 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5761,7 +5761,7 @@ static int SetName(byte* output, CertName* name) /* encode info from cert into DER encoded format */ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, - RNG* rng, const byte* ntruKey, word16 ntruSz) + WC_RNG* rng, const byte* ntruKey, word16 ntruSz) { int ret; @@ -5933,7 +5933,7 @@ static int WriteCertBody(DerCert* der, byte* buffer) /* Make RSA signature from buffer (sz), write to sig (sigSz) */ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, - RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, int sigAlgoType) { int encSigSz, digestSz, typeH = 0, ret = 0; @@ -6058,7 +6058,7 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz, /* Make an x509 Certificate v3 any key type from cert input, write to buffer */ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, - RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, const byte* ntruKey, word16 ntruSz) { int ret; @@ -6095,7 +6095,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, - ecc_key* eccKey, RNG* rng) + ecc_key* eccKey, WC_RNG* rng) { return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0); } @@ -6104,7 +6104,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, #ifdef HAVE_NTRU int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, - const byte* ntruKey, word16 keySz, RNG* rng) + const byte* ntruKey, word16 keySz, WC_RNG* rng) { return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz); } @@ -6320,7 +6320,7 @@ int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, - RsaKey* rsaKey, ecc_key* eccKey, RNG* rng) + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) { int sigSz; #ifdef WOLFSSL_SMALL_STACK @@ -6357,7 +6357,7 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, - RsaKey* key, RNG* rng) + RsaKey* key, WC_RNG* rng) { int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng); @@ -7589,7 +7589,7 @@ int EncodeOcspRequest(OcspRequest* req) extSz = 0; if (req->useNonce) { - RNG rng; + WC_RNG rng; if (wc_InitRng(&rng) != 0) { WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce."); } else { diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 2380e371e..56c5f04e0 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -46,7 +46,7 @@ const curve25519_set_type curve25519_sets[] = { }; -int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key) +int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; int ret; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index bc4ce11d3..22db2298b 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -83,7 +83,7 @@ static word32 DiscreteLogWorkFactor(word32 n) } -static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) +static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz) { int ret; word32 sz = mp_unsigned_bin_size(&key->p); @@ -132,7 +132,7 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz, } -int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz, +int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz) { int ret = GeneratePrivate(key, rng, priv, privSz); diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index dc0e20e4b..d7f523653 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -85,7 +85,7 @@ void wc_FreeDsaKey(DsaKey* key) #ifdef WOLFSSL_KEY_GEN -int wc_MakeDsaKey(RNG *rng, DsaKey *dsa) +int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) { unsigned char *buf; int qsize, err; @@ -146,7 +146,7 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa) } /* modulus_size in bits */ -int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa) +int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) { mp_int tmp, tmp2; int err, msize, qsize, @@ -341,7 +341,7 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa) #endif /* WOLFSSL_KEY_GEN */ -int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng) +int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) { mp_int k, kInv, r, s, H; int ret, sz; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ea5fb0a3d..c8a8f87e6 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1652,7 +1652,7 @@ int wc_ecc_point_is_at_infinity(ecc_point* p) } -static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) +static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp) { int err; ecc_point* base; @@ -1775,7 +1775,7 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) return MP_OKAY if successful, upon error all allocated memory will be freed */ -int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key) +int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key) { int x, err; @@ -1835,7 +1835,7 @@ int wc_ecc_init(ecc_key* key) return MP_OKAY if successful */ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, - RNG* rng, ecc_key* key) + WC_RNG* rng, ecc_key* key) { mp_int r; mp_int s; @@ -1870,7 +1870,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, s [out] The destination for s component of the signature return MP_OKAY if successful */ -int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng, +int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, ecc_key* key, mp_int *r, mp_int *s) { mp_int e; @@ -4834,7 +4834,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) } -static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng) +static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, WC_RNG* rng) { byte* saltBuffer = NULL; @@ -4866,7 +4866,7 @@ static void ecc_ctx_init(ecEncCtx* ctx, int flags) /* allow ecc context reset so user doesn't have to init/free for resue */ -int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng) +int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng) { if (ctx == NULL || rng == NULL) return BAD_FUNC_ARG; @@ -4877,7 +4877,7 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng) /* alloc/init and set defaults, return new Context */ -ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng) +ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng) { int ret = 0; ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index e3d6d06db..2e5f6545e 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -42,7 +42,7 @@ /* generate an ed25519 key pair. * returns 0 on success */ -int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) +int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) { byte az[ED25519_PRV_KEY_SIZE]; int ret; diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index da58dd0a6..aadc04ed4 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -4284,7 +4284,7 @@ static int mp_prime_is_divisible (mp_int * a, int *result) static const int USE_BBS = 1; -int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap) +int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap) { int err, res, type; byte* buf; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 84c26421a..c581cf5fb 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -945,7 +945,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) /* create ASN.1 fomatted RecipientInfo structure, returns sequence size */ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, int keyEncAlgo, int blockKeySz, - RNG* rng, byte* contentKeyPlain, + WC_RNG* rng, byte* contentKeyPlain, byte* contentKeyEnc, int* keyEncSz, byte* out, word32 outSz) { @@ -1178,7 +1178,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) byte envDataSeq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; - RNG rng; + WC_RNG rng; int contentKeyEncSz, blockKeySz; byte contentKeyPlain[MAX_CONTENT_KEY_LEN]; #ifdef WOLFSSL_SMALL_STACK diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 3dbb26dfd..339114d96 100755 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -39,33 +39,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) } #ifdef HAVE_CAVIUM - int wc_InitRngCavium(RNG* rng, int i) + int wc_InitRngCavium(WC_RNG* rng, int i) { return InitRngCavium(rng, i); } #endif -int wc_InitRng(RNG* rng) +int wc_InitRng(WC_RNG* rng) { return InitRng_fips(rng); } -int wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz) +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz) { return RNG_GenerateBlock_fips(rng, b, sz); } -int wc_RNG_GenerateByte(RNG* rng, byte* b) +int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { return RNG_GenerateByte(rng, b); } #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - int wc_FreeRng(RNG* rng) + int wc_FreeRng(WC_RNG* rng) { return FreeRng_fips(rng); } @@ -434,7 +434,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg) /* Get seed and key cipher */ -int wc_InitRng(RNG* rng) +int wc_InitRng(WC_RNG* rng) { int ret = BAD_FUNC_ARG; @@ -487,7 +487,7 @@ int wc_InitRng(RNG* rng) /* place a generated block in output */ -int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { int ret; @@ -536,13 +536,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) } -int wc_RNG_GenerateByte(RNG* rng, byte* b) +int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { return wc_RNG_GenerateBlock(rng, b, 1); } -int wc_FreeRng(RNG* rng) +int wc_FreeRng(WC_RNG* rng) { int ret = BAD_FUNC_ARG; @@ -687,7 +687,7 @@ static int wc_RNG_HealthTestLocal(int reseed) #else /* HAVE_HASHDRBG || NO_RC4 */ /* Get seed and key cipher */ -int wc_InitRng(RNG* rng) +int wc_InitRng(WC_RNG* rng) { int ret; #ifdef WOLFSSL_SMALL_STACK @@ -736,11 +736,11 @@ int wc_InitRng(RNG* rng) } #ifdef HAVE_CAVIUM - static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz); + static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz); #endif /* place a generated block in output */ -int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { #ifdef HAVE_INTEL_RDGEN if(IS_INTEL_RDRAND) @@ -757,13 +757,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) } -int wc_RNG_GenerateByte(RNG* rng, byte* b) +int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { return wc_RNG_GenerateBlock(rng, b, 1); } -int wc_FreeRng(RNG* rng) +int wc_FreeRng(WC_RNG* rng) { (void)rng; return 0; @@ -776,7 +776,7 @@ int wc_FreeRng(RNG* rng) #include "cavium_common.h" /* Initiliaze RNG for use with Nitrox device */ -int wc_InitRngCavium(RNG* rng, int devId) +int wc_InitRngCavium(WC_RNG* rng, int devId) { if (rng == NULL) return -1; @@ -788,7 +788,7 @@ int wc_InitRngCavium(RNG* rng, int devId) } -static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { wolfssl_word offset = 0; word32 requestId; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 5cd6e6331..6f4c3a595 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -43,7 +43,7 @@ int wc_FreeRsaKey(RsaKey* key) int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng) + word32 outLen, RsaKey* key, WC_RNG* rng) { return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng); } @@ -64,7 +64,7 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng) + word32 outLen, RsaKey* key, WC_RNG* rng) { return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng); } @@ -96,7 +96,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, return RsaFlattenPublicKey(key, a, aSz, b, bSz); } #ifdef WOLFSSL_KEY_GEN - int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) + int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { return MakeRsaKey(key, size, e, rng); } @@ -219,7 +219,7 @@ int wc_FreeRsaKey(RsaKey* key) } static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, - word32 pkcsBlockLen, byte padValue, RNG* rng) + word32 pkcsBlockLen, byte padValue, WC_RNG* rng) { if (inputLen == 0) return 0; @@ -391,7 +391,7 @@ done: int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key, RNG* rng) + RsaKey* key, WC_RNG* rng) { int sz, ret; @@ -537,7 +537,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, /* for Rsa Sign */ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key, RNG* rng) + RsaKey* key, WC_RNG* rng) { int sz, ret; @@ -604,7 +604,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, #ifdef WOLFSSL_KEY_GEN /* Make an RSA key for size bits, with e specified, 65537 is a good e */ -int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) +int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { mp_int p, q, tmp1, tmp2, tmp3; int err; diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 7d9560911..5d893c929 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -404,7 +404,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) /** Generates random data using wolfcrypt RNG. */ static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) { - RNG rng; + WC_RNG rng; int r = wc_InitRng(&rng); if (!r) r = wc_RNG_GenerateBlock(&rng, private, size); diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 7e45f1f6d..021928d6e 100755 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2412,7 +2412,7 @@ int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c) void fp_gcd(fp_int *a, fp_int *b, fp_int *c); void fp_lcm(fp_int *a, fp_int *b, fp_int *c); int fp_isprime(fp_int *a); -int fp_randprime(fp_int* N, int len, RNG* rng, void* heap); +int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap); int mp_gcd(fp_int *a, fp_int *b, fp_int *c) { @@ -2435,7 +2435,7 @@ int mp_prime_is_prime(mp_int* a, int t, int* result) return MP_OKAY; } -int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap) +int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap) { int err; @@ -2589,7 +2589,7 @@ int fp_isprime(fp_int *a) return FP_YES; } -int fp_randprime(fp_int* N, int len, RNG* rng, void* heap) +int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap) { static const int USE_BBS = 1; int err, type; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d81f9d288..c11e77034 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3253,7 +3253,7 @@ int random_test(void) int random_test(void) { - RNG rng; + WC_RNG rng; byte block[32]; int ret; @@ -3281,7 +3281,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out); byte GetEntropy(ENTROPY_CMD cmd, byte* out) { - static RNG rng; + static WC_RNG rng; if (cmd == INIT) return (wc_InitRng(&rng) == 0) ? 1 : 0; @@ -3353,7 +3353,7 @@ int rsa_test(void) byte* tmp; size_t bytes; RsaKey key; - RNG rng; + WC_RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; @@ -4308,7 +4308,7 @@ int dh_test(void) byte agree2[256]; DhKey key; DhKey key2; - RNG rng; + WC_RNG rng; #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024); @@ -4397,7 +4397,7 @@ int dsa_test(void) word32 idx = 0; byte tmp[1024]; DsaKey key; - RNG rng; + WC_RNG rng; Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; @@ -5108,7 +5108,7 @@ typedef struct rawEccVector { int ecc_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[1024]; byte sharedB[1024]; byte sig[1024]; @@ -5364,7 +5364,7 @@ int ecc_test(void) int ecc_encrypt_test(void) { - RNG rng; + WC_RNG rng; int ret; ecc_key userA, userB; byte msg[48]; @@ -5499,7 +5499,7 @@ int ecc_encrypt_test(void) int curve25519_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[32]; byte sharedB[32]; byte exportBuf[32]; @@ -5662,7 +5662,7 @@ int curve25519_test(void) #ifdef HAVE_ED25519 int ed25519_test(void) { - RNG rng; + WC_RNG rng; byte out[ED25519_SIG_SIZE]; byte exportPKey[ED25519_KEY_SIZE]; byte exportSKey[ED25519_KEY_SIZE]; @@ -6312,8 +6312,8 @@ int pkcs7signed_test(void) byte* out; char data[] = "Hello World"; word32 dataSz, outSz, certDerSz, keyDerSz; - PKCS7 msg; - RNG rng; + PKCS7 msg; + WC_RNG rng; byte transIdOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 4bf21ae56..7950cf056 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2221,7 +2221,7 @@ struct WOLFSSL { HS_Hashes* hsHashes; void* IOCB_ReadCtx; void* IOCB_WriteCtx; - RNG* rng; + WC_RNG* rng; void* verifyCbCtx; /* cert verify callback user ctx*/ VerifyCallback verifyCallback; /* cert verification callback */ void* heap; /* for user overrides */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 4c95d72c8..028e81be3 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1606,7 +1606,7 @@ static INLINE void FreeAtomicUser(WOLFSSL* ssl) static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) { - RNG rng; + WC_RNG rng; int ret; word32 idx = 0; ecc_key myKey; @@ -1657,7 +1657,7 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) { - RNG rng; + WC_RNG rng; int ret; word32 idx = 0; RsaKey myKey; @@ -1715,7 +1715,7 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, int ret; word32 idx = 0; RsaKey myKey; - RNG rng; + WC_RNG rng; (void)ssl; (void)ctx; @@ -1820,8 +1820,8 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num) int x, size; static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz"; - RNG rng; - byte out; + WC_RNG rng; + byte out; if (tempfn == NULL || len < 1 || num < 1 || len <= num) { printf("Bad input\n"); @@ -1862,7 +1862,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num) } key_ctx; static key_ctx myKey_ctx; - static RNG rng; + static WC_RNG rng; static INLINE int TicketInit(void) { diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 04f77851a..7aea6f927 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -149,15 +149,15 @@ typedef struct Cert { */ WOLFSSL_API void wc_InitCert(Cert*); WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, - ecc_key*, RNG*); + ecc_key*, WC_RNG*); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, RsaKey*, ecc_key*); #endif WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, - word32 derSz, RsaKey*, ecc_key*, RNG*); + word32 derSz, RsaKey*, ecc_key*, WC_RNG*); WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, - RNG*); + WC_RNG*); WOLFSSL_API int wc_SetIssuer(Cert*, const char*); WOLFSSL_API int wc_SetSubject(Cert*, const char*); #ifdef WOLFSSL_ALT_NAMES @@ -170,7 +170,8 @@ WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); #ifdef HAVE_NTRU WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, - const byte* ntruKey, word16 keySz, RNG*); + const byte* ntruKey, word16 keySz, + WC_RNG*); #endif #endif /* WOLFSSL_CERT_GEN */ diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index ae795baca..cb1dad032 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -65,7 +65,7 @@ enum { }; WOLFSSL_API -int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key); +int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); WOLFSSL_API int wc_curve25519_shared_secret(curve25519_key* private_key, diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 7cee7dce3..a116eab7c 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -43,7 +43,7 @@ typedef struct DhKey { WOLFSSL_API void wc_InitDhKey(DhKey* key); WOLFSSL_API void wc_FreeDhKey(DhKey* key); -WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, +WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz); WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, word32 privSz, const byte* otherPub, diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index 115c18c6e..1d26a3d69 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -57,7 +57,7 @@ typedef struct DsaKey { WOLFSSL_API void wc_InitDsaKey(DsaKey* key); WOLFSSL_API void wc_FreeDsaKey(DsaKey* key); WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, - DsaKey* key, RNG* rng); + DsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer); WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, @@ -67,8 +67,8 @@ WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen); #ifdef WOLFSSL_KEY_GEN -WOLFSSL_API int wc_MakeDsaKey(RNG *rng, DsaKey *dsa); -WOLFSSL_API int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa); +WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa); +WOLFSSL_API int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa); #endif #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 6630a1ae8..0075f0d14 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -134,7 +134,7 @@ extern const ecc_set_type ecc_sets[]; WOLFSSL_API -int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key); +int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); WOLFSSL_API int wc_ecc_check_key(ecc_key* key); WOLFSSL_API @@ -145,9 +145,9 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen); WOLFSSL_API int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, - RNG* rng, ecc_key* key); + WC_RNG* rng, ecc_key* key); WOLFSSL_API -int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng, +int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, ecc_key* key, mp_int *r, mp_int *s); WOLFSSL_API int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, @@ -248,11 +248,11 @@ enum ecFlags { typedef struct ecEncCtx ecEncCtx; WOLFSSL_API -ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng); +ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); WOLFSSL_API void wc_ecc_ctx_free(ecEncCtx*); WOLFSSL_API -int wc_ecc_ctx_reset(ecEncCtx*, RNG*); /* reset for use again w/o alloc/free */ +int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */ WOLFSSL_API const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 3a8e287b3..606ff4145 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -61,7 +61,7 @@ typedef struct { WOLFSSL_API -int wc_ed25519_make_key(RNG* rng, int keysize, ed25519_key* key); +int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key); WOLFSSL_API int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, word32 *outlen, ed25519_key* key); diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 16ee0cc7b..099b9f4e3 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -315,7 +315,7 @@ int mp_radix_size (mp_int * a, int radix, int *size); int mp_prime_is_prime (mp_int * a, int t, int *result); int mp_gcd (mp_int * a, mp_int * b, mp_int * c); int mp_lcm (mp_int * a, mp_int * b, mp_int * c); - int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap); + int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); #endif int mp_cnt_lsb(mp_int *a); diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index e39a12b9d..32a46faf2 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -73,7 +73,7 @@ typedef struct PKCS7 { word32 contentSz; /* content size */ int contentOID; /* PKCS#7 content type OID sum */ - RNG* rng; + WC_RNG* rng; int hashOID; int encryptOID; /* key encryption algorithm OID */ @@ -100,7 +100,7 @@ WOLFSSL_LOCAL int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid, word32 maxIdx); WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, int keyEncAlgo, int blockKeySz, - RNG* rng, byte* contentKeyPlain, + WC_RNG* rng, byte* contentKeyPlain, byte* contentKeyEnc, int* keyEncSz, byte* out, word32 outSz); diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 989e53230..741d2531f 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -84,11 +84,11 @@ struct DRBG; /* Private DRBG state */ /* Hash-based Deterministic Random Bit Generator */ -typedef struct RNG { +typedef struct WC_RNG { struct DRBG* drbg; OS_Seed seed; byte status; -} RNG; +} WC_RNG; #else /* HAVE_HASHDRBG || NO_RC4 */ @@ -99,36 +99,42 @@ typedef struct RNG { /* secure Random Number Generator */ -typedef struct RNG { +typedef struct WC_RNG { OS_Seed seed; Arc4 cipher; #ifdef HAVE_CAVIUM int devId; /* nitrox device id */ word32 magic; /* using cavium magic */ #endif -} RNG; +} WC_RNG; #endif /* HAVE_HASH_DRBG || NO_RC4 */ #endif /* HAVE_FIPS */ +/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts, + * can't be used with CTaoCrypt FIPS */ +#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS) + #define RNG WC_RNG +#endif + WOLFSSL_LOCAL int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) #ifdef HAVE_CAVIUM - WOLFSSL_API int wc_InitRngCavium(RNG*, int); + WOLFSSL_API int wc_InitRngCavium(WC_RNG*, int); #endif #endif /* HAVE_HASH_DRBG || NO_RC4 */ -WOLFSSL_API int wc_InitRng(RNG*); -WOLFSSL_API int wc_RNG_GenerateBlock(RNG*, byte*, word32 sz); -WOLFSSL_API int wc_RNG_GenerateByte(RNG*, byte*); -WOLFSSL_API int wc_FreeRng(RNG*); +WOLFSSL_API int wc_InitRng(WC_RNG*); +WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); +WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); +WOLFSSL_API int wc_FreeRng(WC_RNG*); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index df650b3db..ec6ef7b91 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -77,13 +77,13 @@ WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng); + word32 outLen, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng); + word32 outLen, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, @@ -105,7 +105,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); #ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng); + WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); #endif #ifdef HAVE_CAVIUM diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 567afd746..5fb09d2b6 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -118,6 +118,12 @@ #endif +/* make sure old RNG name is used with CTaoCrypt FIPS */ +#ifdef HAVE_FIPS + #define WC_RNG RNG +#endif + + #ifdef IPHONE #define SIZEOF_LONG_LONG 8 #endif diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 157d58da4..ac24eb93c 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -718,7 +718,7 @@ int mp_radix_size (mp_int * a, int radix, int *size); int mp_gcd(fp_int *a, fp_int *b, fp_int *c); int mp_lcm(fp_int *a, fp_int *b, fp_int *c); int mp_prime_is_prime(mp_int* a, int t, int* result); -int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap); +int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); int mp_exch(mp_int *a, mp_int *b); #endif /* WOLFSSL_KEY_GEN */ From a80777179b9780577e80b96181531aa5565fa4bd Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 7 Aug 2015 14:36:47 -0600 Subject: [PATCH 062/102] update MPLABX README --- mplabx/README | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mplabx/README b/mplabx/README index fcc6c00c1..a78955cde 100644 --- a/mplabx/README +++ b/mplabx/README @@ -25,13 +25,13 @@ Included Project Files /mplabx/wolfssl.X/dist/default/production/wolfssl.X.a 2. wolfCrypt Test App (wolfcrypt_test.X) - + This project tests the wolfCrypt cryptography modules. It is generally a good idea to run this first on an embedded system after compiling wolfSSL in order to verify all underlying crypto is working correctly. 3. wolfCrypt Benchmark App (wolfcrypt_benchmark.X) - + This project builds the wolfCrypt benchmark application. For the benchmark timer, adjust CLOCK value under "#elif defined MICROCHIP_PIC32" in wolfcrypt/benchmark/benchmark.c @@ -40,7 +40,7 @@ PIC32MX/PIC32MZ --------------- The projects are set for PIC32MX by default. For PIC32MZ, change project -properties->Devices and add "CYASSL_MICROCHIP_PIC32M" to +properties->Devices and add "WOLFSSL_MICROCHIP_PIC32MZ" to XC32-gcc->Preprocessing and messages-> Preprocessor macros. From 0cd893a51b561be08cdbe77aab47f832fae22d4c Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 7 Aug 2015 16:22:31 -0600 Subject: [PATCH 063/102] Freescale: Use new I/O where applicable --- src/internal.c | 6 +++++- src/keys.c | 6 +++++- wolfcrypt/benchmark/benchmark.c | 6 +++++- wolfcrypt/src/asn.c | 6 +++++- wolfcrypt/src/integer.c | 6 +++++- wolfcrypt/src/logging.c | 6 +++++- wolfcrypt/test/test.c | 6 +++++- wolfssl/ssl.h | 6 +++++- wolfssl/wolfcrypt/settings.h | 6 +++++- 9 files changed, 45 insertions(+), 9 deletions(-) diff --git a/src/internal.c b/src/internal.c index 4a822dcaa..ac18d46ec 100644 --- a/src/internal.c +++ b/src/internal.c @@ -46,7 +46,11 @@ #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif diff --git a/src/keys.c b/src/keys.c index 1b15dbb93..2c232a762 100644 --- a/src/keys.c +++ b/src/keys.c @@ -31,7 +31,11 @@ #include #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index c9a15e277..ba36e1563 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -32,7 +32,11 @@ #ifdef FREESCALE_MQX #include - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c9aafe289..b17b44154 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -67,7 +67,11 @@ #ifdef WOLFSSL_DEBUG_ENCODING #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index aadc04ed4..49b3fe195 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -47,7 +47,11 @@ #ifdef SHOW_GEN #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 321530616..f2d155bb0 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -90,7 +90,11 @@ void wolfSSL_Debugging_OFF(void) #ifdef DEBUG_WOLFSSL #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include /* for default printf stuff */ #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c11e77034..71c62f99b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -126,8 +126,12 @@ #ifdef FREESCALE_MQX #include - #include #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 25b86a6c5..863dcb0c9 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -32,7 +32,11 @@ #ifndef NO_FILESYSTEM #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include /* ERR_printf */ #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5fb09d2b6..6c10ddf2a 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -464,7 +464,11 @@ #include "mqx.h" #ifndef NO_FILESYSTEM #include "mfs.h" - #include "fio.h" + #if MQX_USE_IO_OLD + #include "fio.h" + #else + #include "nio.h" + #endif #endif #ifndef SINGLE_THREADED #include "mutex.h" From 8b0d7cc8da80bcb4e81f4c9a107fb6397a5fe2b4 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 7 Aug 2015 15:43:34 -0700 Subject: [PATCH 064/102] don't let sniffer try to parse handshake messages after the handshake has completed, new error for secure renegotiation not supported --- src/sniffer.c | 11 ++++++++++- wolfssl/sniffer_error.h | 1 + wolfssl/sniffer_error.rc | 1 + 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/sniffer.c b/src/sniffer.c index b961f7bd7..a12dafe57 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -239,7 +239,8 @@ static const char* const msgTable[] = "Decrypt Keys Not Set Up", "Late Key Load Error", "Got Certificate Status msg", - "RSA Key Missing Error" + "RSA Key Missing Error", + "Secure Renegotiation Not Supported" }; @@ -1816,6 +1817,14 @@ static int DoHandShake(const byte* input, int* sslBytes, SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE); return -1; } + + /* A session's arrays are released when the handshake is completed. */ + if (session->sslServer->arrays == NULL && + session->sslClient->arrays == NULL) { + + SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE); + return -1; + } switch (type) { case hello_verify_request: diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h index ad89a50d9..56fada416 100644 --- a/wolfssl/sniffer_error.h +++ b/wolfssl/sniffer_error.h @@ -107,6 +107,7 @@ #define CLIENT_HELLO_LATE_KEY_STR 72 #define GOT_CERT_STATUS_STR 73 #define RSA_KEY_MISSING_STR 74 +#define NO_SECURE_RENEGOTIATION 75 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/wolfssl/sniffer_error.rc b/wolfssl/sniffer_error.rc index 8bcd6926c..3c748193e 100644 --- a/wolfssl/sniffer_error.rc +++ b/wolfssl/sniffer_error.rc @@ -89,5 +89,6 @@ STRINGTABLE 72, "Late Key Load Error" 73, "Got Certificate Status msg" 74, "RSA Key Missing Error" + 75, "Secure Renegotiation Not Supported" } From e16ff732730c04fdcf12bfe00fd552028c284575 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 8 Aug 2015 10:12:05 +0900 Subject: [PATCH 065/102] Added wc_encrypt.c and other *.c files. --- IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp index 3888c46f6..61982d704 100644 --- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp +++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp @@ -1956,9 +1956,15 @@ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\error.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_low_mem.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_operations.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_low_mem.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_operations.c @@ -2022,9 +2028,15 @@ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha512.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\srp.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\tfm.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_encrypt.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c From 106abb873f25a861b49d7c48c631e48c72c36081 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Sat, 8 Aug 2015 23:52:32 -0700 Subject: [PATCH 066/102] skip the sanity check on a duplicate change cipher spec message in DTLS mode, they are allowed --- src/internal.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/internal.c b/src/internal.c index ac18d46ec..dd83b86ae 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6686,6 +6686,22 @@ int ProcessReply(WOLFSSL* ssl) } #endif + /* Check for duplicate CCS message in DTLS mode. + * DTLS allows for duplicate messages, and it should be + * skipped. */ + if (ssl->options.dtls && + ssl->msgsReceived.got_change_cipher) { + + WOLFSSL_MSG("Duplicate ChangeCipher msg"); + if (ssl->curSize != 1) { + WOLFSSL_MSG("Malicious or corrupted" + " duplicate ChangeCipher msg"); + return LENGTH_ERROR; + } + ssl->buffers.inputBuffer.idx++; + break; + } + ret = SanityCheckMsgReceived(ssl, change_cipher_hs); if (ret != 0) return ret; From e179da07d035113b343a1e9d843bd5948732d3fa Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Mon, 10 Aug 2015 01:54:25 -0400 Subject: [PATCH 067/102] fix mixed declarations by moving them to their block start In Visual Studio <= 2012 C99 mixed declarations aren't supported. --- src/internal.c | 9 ++++++--- wolfcrypt/src/asn.c | 4 +++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index dd83b86ae..3c7704a8a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14069,15 +14069,18 @@ int DoSessionTicket(WOLFSSL* ssl, #endif if (TLSX_SupportExtensions(ssl)) { int ret = 0; - /* auto populate extensions supported unless user defined */ - if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0) - return ret; #else if (IsAtLeastTLSv1_2(ssl)) { #endif /* Process the hello extension. Skip unsupported. */ word16 totalExtSz; +#ifdef HAVE_TLS_EXTENSIONS + /* auto populate extensions supported unless user defined */ + if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0) + return ret; +#endif + if ((i - begin) + OPAQUE16_LEN > helloSz) return BUFFER_ERROR; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b17b44154..7b21b0aab 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1492,11 +1492,13 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */ if (sizes[i] <= MAX_SEQ_SZ) { + int err; + /* leading zero */ if (lbit) tmps[i][sizes[i]-1] = 0x00; - int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); + err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); if (err == MP_OKAY) { sizes[i] += (rawLen-lbit); /* lbit included in rawLen */ intTotalLen += sizes[i]; From 4b74e9654276bafd8659df8a23b9954ccd52d19b Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 10 Aug 2015 09:34:16 -0600 Subject: [PATCH 068/102] remove stdio.h from dsa.c --- wolfcrypt/src/dsa.c | 1 - 1 file changed, 1 deletion(-) diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index d7f523653..13d4c9bb9 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -18,7 +18,6 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -#include #ifdef HAVE_CONFIG_H #include From 51b9d2bf9dc71fc17c7ebf876a62b7ce0e0be22d Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 10 Aug 2015 10:25:00 -0600 Subject: [PATCH 069/102] DLL-Debug-x64 working --- IDE/WIN/wolfssl-fips.vcxproj | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index 70af4ad98..a73963c9d 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -161,7 +161,8 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) - EnableFastChecks + true + EnableFastChecks MultiThreadedDebugDLL Level4 ProgramDatabase @@ -169,6 +170,7 @@ ws2_32.lib;%(AdditionalDependencies) + false @@ -193,6 +195,9 @@ Level3 ProgramDatabase + + ws2_32.lib;%(AdditionalDependencies) + @@ -218,6 +223,9 @@ Level3 ProgramDatabase + + ws2_32.lib;%(AdditionalDependencies) + From c4cbcff6e097a6067d029c6e74aa5b1e47364003 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 10 Aug 2015 10:27:24 -0600 Subject: [PATCH 070/102] remove hard tabs --- IDE/WIN/wolfssl-fips.vcxproj | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index a73963c9d..18b40270a 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -195,7 +195,7 @@ Level3 ProgramDatabase - + ws2_32.lib;%(AdditionalDependencies) @@ -223,7 +223,7 @@ Level3 ProgramDatabase - + ws2_32.lib;%(AdditionalDependencies) From d367f7ac937bac932900567b569c7ca54be00af3 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 10 Aug 2015 11:59:19 -0700 Subject: [PATCH 071/102] Add wc_encrypt.c to the iOS Xcode project files. --- IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj | 8 ++++++++ IDE/iOS/wolfssl.xcodeproj/project.pbxproj | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj index e24cc16eb..e2ae6f02b 100644 --- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj +++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj @@ -165,6 +165,8 @@ 521648271A8AC2990062516A /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481A1A8AC2990062516A /* sha512.c */; }; 521648281A8AC2990062516A /* wolfcrypt_first.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481B1A8AC2990062516A /* wolfcrypt_first.c */; }; 521648291A8AC2990062516A /* wolfcrypt_last.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481C1A8AC2990062516A /* wolfcrypt_last.c */; }; + 522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE101B7929C80031F454 /* wc_encrypt.c */; }; + 522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE121B7929E70031F454 /* wc_encrypt.h */; }; 525BE5BA1B38853E0054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5B91B38853E0054BBCD /* hash.c */; }; 525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5BB1B3885580054BBCD /* hash.h */; }; /* End PBXBuildFile section */ @@ -176,6 +178,7 @@ dstPath = include/wolfssl/wolfcrypt; dstSubfolderSpec = 7; files = ( + 522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */, 525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */, 521646CD1A8A7FF30062516A /* aes.h in CopyFiles */, 521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */, @@ -473,6 +476,8 @@ 5216481A1A8AC2990062516A /* sha512.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha512.c; path = ../../ctaocrypt/src/sha512.c; sourceTree = ""; }; 5216481B1A8AC2990062516A /* wolfcrypt_first.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_first.c; path = ../../ctaocrypt/src/wolfcrypt_first.c; sourceTree = ""; }; 5216481C1A8AC2990062516A /* wolfcrypt_last.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_last.c; path = ../../ctaocrypt/src/wolfcrypt_last.c; sourceTree = ""; }; + 522DBE101B7929C80031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; }; + 522DBE121B7929E70031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = ""; }; 525BE5B91B38853E0054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = ""; }; 525BE5BB1B3885580054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = ""; }; 52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -613,6 +618,7 @@ 521646861A8993770062516A /* tfm.h */, 521646871A8993770062516A /* types.h */, 521646881A8993770062516A /* visibility.h */, + 522DBE121B7929E70031F454 /* wc_encrypt.h */, 521646891A8993770062516A /* wc_port.h */, ); name = wolfCrypt; @@ -680,6 +686,7 @@ 5216462E1A8992CC0062516A /* sha256.c */, 5216462F1A8992CC0062516A /* sha512.c */, 521646301A8992CC0062516A /* tfm.c */, + 522DBE101B7929C80031F454 /* wc_encrypt.c */, 521646311A8992CC0062516A /* wc_port.c */, ); name = wolfCrypt; @@ -828,6 +835,7 @@ 521646351A8992CC0062516A /* blake2b.c in Sources */, 5216464C1A8992CC0062516A /* ripemd.c in Sources */, 521646451A8992CC0062516A /* memory.c in Sources */, + 522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */, 5216463C1A8992CC0062516A /* ecc.c in Sources */, 5216464F1A8992CC0062516A /* sha256.c in Sources */, 521646371A8992CC0062516A /* chacha.c in Sources */, diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj index 96743a577..9b6943fda 100644 --- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj +++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj @@ -153,6 +153,8 @@ 5216472A1A8A80100062516A /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BE1A8993F50062516A /* types.h */; }; 5216472B1A8A80100062516A /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BF1A8993F50062516A /* visibility.h */; }; 5216472C1A8A80100062516A /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646C01A8993F50062516A /* wc_port.h */; }; + 522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */; }; + 522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE0E1B7927290031F454 /* wc_encrypt.h */; }; 525BE5341B3869110054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; }; 525BE5361B3869780054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; }; /* End PBXBuildFile section */ @@ -164,6 +166,7 @@ dstPath = include/wolfssl/wolfcrypt; dstSubfolderSpec = 7; files = ( + 522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */, 525BE5361B3869780054BBCD /* hash.h in CopyFiles */, 521646CD1A8A7FF30062516A /* aes.h in CopyFiles */, 521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */, @@ -449,6 +452,8 @@ 521646BE1A8993F50062516A /* types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = types.h; path = ../../cyassl/ctaocrypt/types.h; sourceTree = ""; }; 521646BF1A8993F50062516A /* visibility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = visibility.h; path = ../../cyassl/ctaocrypt/visibility.h; sourceTree = ""; }; 521646C01A8993F50062516A /* wc_port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_port.h; path = ../../cyassl/ctaocrypt/wc_port.h; sourceTree = ""; }; + 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; }; + 522DBE0E1B7927290031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = ""; }; 525BE5331B3869110054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = ""; }; 525BE5351B3869430054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = ""; }; 52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -589,6 +594,7 @@ 521646861A8993770062516A /* tfm.h */, 521646871A8993770062516A /* types.h */, 521646881A8993770062516A /* visibility.h */, + 522DBE0E1B7927290031F454 /* wc_encrypt.h */, 521646891A8993770062516A /* wc_port.h */, ); name = wolfCrypt; @@ -655,6 +661,7 @@ 5216462E1A8992CC0062516A /* sha256.c */, 5216462F1A8992CC0062516A /* sha512.c */, 521646301A8992CC0062516A /* tfm.c */, + 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */, 521646311A8992CC0062516A /* wc_port.c */, ); name = wolfCrypt; @@ -764,6 +771,7 @@ 5216460F1A89928E0062516A /* ssl.c in Sources */, 5216464D1A8992CC0062516A /* rsa.c in Sources */, 5216464B1A8992CC0062516A /* random.c in Sources */, + 522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */, 521646101A89928E0062516A /* tls.c in Sources */, 5216460D1A89928E0062516A /* ocsp.c in Sources */, 521646431A8992CC0062516A /* md4.c in Sources */, From 241e375b3404ebe75a462e5f2e037436d4f04e55 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 10 Aug 2015 13:30:57 -0600 Subject: [PATCH 072/102] add wc_encrypt and hash to the MYSQL cmake --- IDE/MYSQL/CMakeLists_wolfCrypt.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt index 6c6f6b13f..62184780b 100644 --- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt +++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt @@ -29,14 +29,15 @@ SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c src/integer.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c src/misc.c src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c - src/tfm.c src/wc_port.c + src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c ../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h ../wolfssl/wolfcrypt/camellia.h ../wolfssl/wolfcrypt/chacha.h ../wolfssl/wolfcrypt/coding.h ../wolfssl/wolfcrypt/compress.h ../wolfssl/wolfcrypt/des3.h ../wolfssl/wolfcrypt/dh.h ../wolfssl/wolfcrypt/dsa.h ../wolfssl/wolfcrypt/ecc.h ../wolfssl/wolfcrypt/error-crypt.h ../wolfssl/wolfcrypt/hc128.h ../wolfssl/wolfcrypt/hmac.h ../wolfssl/wolfcrypt/integer.h ../wolfssl/wolfcrypt/logging.h ../wolfssl/wolfcrypt/md2.h ../wolfssl/wolfcrypt/md4.h ../wolfssl/wolfcrypt/md5.h ../wolfssl/wolfcrypt/memory.h ../wolfssl/wolfcrypt/misc.h ../wolfssl/wolfcrypt/pkcs7.h ../wolfssl/wolfcrypt/poly1305.h ../wolfssl/wolfcrypt/pwdbased.h ../wolfssl/wolfcrypt/rabbit.h ../wolfssl/wolfcrypt/random.h ../wolfssl/wolfcrypt/ripemd.h ../wolfssl/wolfcrypt/rsa.h ../wolfssl/wolfcrypt/sha.h ../wolfssl/wolfcrypt/sha256.h ../wolfssl/wolfcrypt/sha512.h - ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h + ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h ../wolfssl/wolfcrypt/wc_encrypt.h + ../wolfssl/wolfcrypt/hash.h ) ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES}) From ffa75d40e02bd1079439722c18bd1031aca70632 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 11 Aug 2015 12:25:40 -0700 Subject: [PATCH 073/102] disable static dh cipher suites in non max strength build by default --- wolfssl/internal.h | 60 ++++++++++++++++++++++++++---------- wolfssl/wolfcrypt/settings.h | 3 ++ 2 files changed, 47 insertions(+), 16 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7950cf056..898356645 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -391,46 +391,66 @@ typedef byte word24[3]; #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #endif #endif /* NO_SHA */ #ifndef NO_SHA256 #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + #endif #endif #ifdef WOLFSSL_SHA384 #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + #endif #endif #if defined (HAVE_AESGCM) #if !defined(NO_RSA) - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #endif #if defined(WOLFSSL_SHA384) - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #endif #endif #endif - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + #endif #if defined(WOLFSSL_SHA384) - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + #endif #endif #endif #endif /* NO_AES */ @@ -438,22 +458,30 @@ typedef byte word24[3]; #if !defined(NO_SHA) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + #endif #endif #endif #if !defined(NO_DES3) #ifndef NO_SHA #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + #endif #endif /* NO_SHA */ #endif #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 6c10ddf2a..fb6f9543a 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -111,6 +111,9 @@ /* Uncomment next line if building for VxWorks */ /* #define WOLFSSL_VXWORKS */ +/* Uncomment next line to enable deprecated less secure static DH suites */ +/* #define WOLFSSL_STATIC_DH */ + #include #ifdef WOLFSSL_USER_SETTINGS From b0bc9e0f0d77f61dbf848b9f549f872f557690a7 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 11 Aug 2015 15:14:19 -0600 Subject: [PATCH 074/102] Remove hard tabs, update DLL-x64-Release --- IDE/WIN/wolfssl-fips.vcxproj | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index 18b40270a..898eb020f 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -170,7 +170,7 @@ ws2_32.lib;%(AdditionalDependencies) - false + false @@ -225,6 +225,7 @@ ws2_32.lib;%(AdditionalDependencies) + false From 30f6bc1e2743acb7626da41fa5b06a7584b69785 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 12 Aug 2015 16:45:40 +0900 Subject: [PATCH 075/102] MDK4, wolfSSL name change --- .../MDK-ARM/CyaSSL/config-BARE-METAL.h | 291 -- IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h | 329 -- .../MDK-ARM/CyaSSL/config-RTX-TCP-FS.h | 351 -- .../MDK-ARM/{CyaSSL => wolfSSL}/Retarget.c | 6 +- .../MDK-ARM/{CyaSSL => wolfSSL}/cert_data.c | 2 +- .../MDK-ARM/{CyaSSL => wolfSSL}/cert_data.h | 4 +- .../MDK-ARM/{CyaSSL => wolfSSL}/main.c | 34 +- .../MDK-ARM/{CyaSSL => wolfSSL}/shell.c | 86 +- .../ssl-dummy.c => wolfSSL/time-CortexM3-4.c} | 36 +- .../{CyaSSL/config.h => wolfSSL/time-dummy.c} | 40 +- .../wolfssl_MDK_ARM.c} | 108 +- .../wolfssl_MDK_ARM.h} | 67 +- IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj | 3510 ----------------- IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt | 1187 ++---- IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj | 2699 ++++--------- ...PC43xx.uvopt => MDK-ARM-wolfSSL-Lib.uvopt} | 2241 +++++------ .../Projects/MDK-ARM-wolfSSL-Lib.uvproj | 2138 ++++++++++ IDE/MDK-ARM/Projects/Readme.txt | 8 + IDE/MDK-ARM/Projects/conifg-WOLFLIB.h | 0 examples/echoclient/echoclient.c | 16 +- examples/echoserver/echoserver.c | 10 +- examples/server/server.c | 12 +- wolfcrypt/src/asn.c | 19 +- wolfcrypt/test/test.c | 6 - wolfssl/wolfcrypt/random.h | 7 - 25 files changed, 4385 insertions(+), 8822 deletions(-) delete mode 100644 IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h delete mode 100644 IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h delete mode 100644 IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/Retarget.c (98%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/cert_data.c (96%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/cert_data.h (95%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/main.c (85%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/shell.c (90%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/ssl-dummy.c => wolfSSL/time-CortexM3-4.c} (61%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/config.h => wolfSSL/time-dummy.c} (56%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/cyassl_MDK_ARM.c => wolfSSL/wolfssl_MDK_ARM.c} (71%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/cyassl_MDK_ARM.h => wolfSSL/wolfssl_MDK_ARM.h} (58%) delete mode 100644 IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj rename IDE/MDK-ARM/Projects/{MDK-ARM-LPC43xx.uvopt => MDK-ARM-wolfSSL-Lib.uvopt} (55%) create mode 100644 IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj create mode 100644 IDE/MDK-ARM/Projects/Readme.txt create mode 100644 IDE/MDK-ARM/Projects/conifg-WOLFLIB.h diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h deleted file mode 100644 index 56178bf79..000000000 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h +++ /dev/null @@ -1,291 +0,0 @@ -/* config-BEREFOOT.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - - -/**** CyaSSL for KEIL-RL Configuration ****/ - -#define __CORTEX_M3__ -#define CYASSL_MDK_ARM -#define NO_WRITEV -#define NO_CYASSL_DIR -#define NO_MAIN_DRIVER - -#define CYASSL_DER_LOAD -#define HAVE_NULL_CIPHER - -#define SINGLE_THREADED -#define NO_FILESYSTEM -#define NO_TLS - -#define NO_ECHOSERVER -#define NO_ECHOCLIENT -#define NO_SIMPLE_SERVER -#define NO_SIMPLE_CLIENT - -// <<< Use Configuration Wizard in Context Menu >>> - -// Build Target: KEIL-BAREFOOT -// Single Threaded, No File System, No TCP-net -// -// Command Shell -#define MDK_CONF_SHELL 1 -#if MDK_CONF_SHELL == 1 -#define CYASSL_MDK_SHELL -#endif -// -// CyaSSL Apps -// Crypt/Cipher -// Cert Storage <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) -#define MDK_CONF_CERT_BUFF 1 -#if MDK_CONF_CERT_BUFF == 1 -#define USE_CERT_BUFFERS_1024 -#elif MDK_CONF_CERT_BUFF == 2 -#define USE_CERT_BUFFERS_2048 -#endif - -// Crypt/Cipher Test Suite -#define MDK_CONF_CTaoCryptTest 1 -#if MDK_CONF_CTaoCryptTest == 0 -#define NO_CRYPT_TEST -#endif -// -// Crypt/Cipher Benchmark -#define MDK_CONF_CTaoCryptBenchmark 1 -#if MDK_CONF_CTaoCryptBenchmark == 0 -#define NO_CRYPT_BENCHMARK -#define BENCH_EMBEDDED -#endif -// -// - -// STM32 Hardware Crypt -// STM32F2 Hardware RNG -#define MDK_CONF_STM32F2_RNG 0 -#if MDK_CONF_STM32F2_RNG == 1 -#define STM32F2_RNG -#else -#define NO_DEV_RANDOM -#endif -// -// STM32F2 Hardware Crypt -#define MDK_CONF_STM32F2_CRYPTO 0 -#if MDK_CONF_STM32F2_CRYPTO == 1 -#define STM32F2_CRYPTO -#endif -// - -// - - -// CTaoCrypt Library - -// MD5, SHA, SHA-256, AES, RC4, ASN, RSA -// -// MD2 -#define MDK_CONF_MD2 0 -#if MDK_CONF_MD2 == 1 -#define CYASSL_MD2 -#endif -// -// MD4 -#define MDK_CONF_MD4 1 -#if MDK_CONF_MD4 == 0 -#define NO_MD4 -#endif -// -// SHA-384 -// This has to be with SHA512 -#define MDK_CONF_SHA384 0 -#if MDK_CONF_SHA384 == 1 -#define CYASSL_SHA384 -#endif -// -// SHA-512 -#define MDK_CONF_SHA512 0 -#if MDK_CONF_SHA512 == 1 -#define CYASSL_SHA512 -#endif -// -// RIPEMD -#define MDK_CONF_RIPEMD 0 -#if MDK_CONF_RIPEMD == 1 -#define CYASSL_RIPEMD -#endif -// -// HMAC -#define MDK_CONF_HMAC 1 -#if MDK_CONF_HMAC == 0 -#define NO_HMAC -#endif -// -// HC128 -#define MDK_CONF_HC128 0 -#if MDK_CONF_HC128 == 1 -#define HAVE_HC128 -#endif -// -// RABBIT -#define MDK_CONF_RABBIT 1 -#if MDK_CONF_RABBI == 0 -#define NO_RABBIT -#endif -// - -// AEAD -#define MDK_CONF_AEAD 0 -#if MDK_CONF_AEAD == 1 -#define HAVE_AEAD -#endif -// -// DES3 -#define MDK_CONF_DES3 1 -#if MDK_CONF_DES3 == 0 -#define NO_DES3 -#endif -// -// CAMELLIA -#define MDK_CONF_CAMELLIA 0 -#if MDK_CONF_CAMELLIA == 1 -#define HAVE_CAMELLIA -#endif -// - -// DH -// need this for CYASSL_SERVER, OPENSSL_EXTRA -#define MDK_CONF_DH 1 -#if MDK_CONF_DH == 0 -#define NO_DH -#endif -// -// DSA -#define MDK_CONF_DSA 1 -#if MDK_CONF_DSA == 0 -#define NO_DSA -#endif -// -// PWDBASED -#define MDK_CONF_PWDBASED 1 -#if MDK_CONF_PWDBASED == 0 -#define NO_PWDBASED -#endif -// - -// ECC -#define MDK_CONF_ECC 0 -#if MDK_CONF_ECC == 1 -#define HAVE_ECC -#endif -// -// PSK -#define MDK_CONF_PSK 1 -#if MDK_CONF_PSK == 0 -#define NO_PSK -#endif -// -// AESCCM (Turn off Hardware Crypt) -#define MDK_CONF_AESCCM 0 -#if MDK_CONF_AESCCM == 1 -#define HAVE_AESCCM -#endif -// -// AESGCM (Turn off Hardware Crypt) -#define MDK_CONF_AESGCM 0 -#if MDK_CONF_AESGCM == 1 -#define HAVE_AESGCM -#define BUILD_AESGCM -#endif -// -// NTRU (need License, "crypto_ntru.h") -#define MDK_CONF_NTRU 0 -#if MDK_CONF_NTRU == 1 -#define HAVE_NTRU -#endif -// -// - -// Others - -// Inline -#define MDK_CONF_INLINE 0 -#if MDK_CONF_INLINE == 0 -#define NO_INLINE -#endif -// -// Debug -// Debug Message -#define MDK_CONF_DebugMessage 0 -#if MDK_CONF_DebugMessage == 1 -#define DEBUG_CYASSL -#endif -// -// Check malloc -#define MDK_CONF_CheckMalloc 1 -#if MDK_CONF_CheckMalloc == 1 -#define CYASSL_MALLOC_CHECK -#endif -// - - -// -// ErrNo.h -#define MDK_CONF_ErrNo 0 -#if MDK_CONF_ErrNo == 1 -#define HAVE_ERRNO -#endif -// -// zlib (need "zlib.h") -#define MDK_CONF_LIBZ 0 -#if MDK_CONF_LIBZ == 1 -#define HAVE_LIBZ -#endif -// -// CAVIUM (need CAVIUM headers) -#define MDK_CONF_CAVIUM 0 -#if MDK_CONF_CAVIUM == 1 -#define HAVE_CAVIUM -#endif -// - -// Error Strings -#define MDK_CONF_ErrorStrings 1 -#if MDK_CONF_ErrorStrings == 0 -#define NO_ERROR_STRINGS -#endif -// - -// Small Stack -#define MDK_CONF_SmallStack 1 -#if MDK_CONF_SmallStack == 0 -#define NO_CYASSL_SMALL_STACK -#endif -// -// Use Fast Math -#define MDK_CONF_FASTMATH 0 -#if MDK_CONF_FASTMATH == 1 -#define USE_FAST_MATH -#endif -// - - -// - -// -// <<< end of configuration section >>> diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h deleted file mode 100644 index 6d348a719..000000000 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h +++ /dev/null @@ -1,329 +0,0 @@ -/* config-FS.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - - -/**** CyaSSL for KEIL-RL Configuration ****/ - -#define __CORTEX_M3__ -#define CYASSL_KEIL_RL -#define NO_WRITEV -#define NO_CYASSL_DIR -#define NO_MAIN_DRIVER - - -#define CYASSL_DER_LOAD -#define HAVE_NULL_CIPHER - -#define SINGLE_THREADED - -#define NO_ECHOSERVER -#define NO_ECHOCLIENT -#define NO_SIMPLE_SERVER -#define NO_SIMPLE_CLIENT - -// <<< Use Configuration Wizard in Context Menu >>> - -// Build Target: KEIL-FS -// Single Threaded, With File System, No TCP-net -// -// Command Shell -#define MDK_CONF_SHELL 1 -#if MDK_CONF_SHELL == 1 -#define CYASSL_MDK_SHELL -#endif -// -// CyaSSL Apps -// Crypt/Cipher -// Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) -#define MDK_CONF_CERT_BUFF 0 -#if MDK_CONF_CERT_BUFF== 1 -#define USE_CERT_BUFFERS_1024 -#elif MDK_CONF_CERT_BUFF == 2 -#define USE_CERT_BUFFERS_2048 -#endif - -// Crypt/Cipher Test Suite -#define MDK_CONF_CTaoCryptTest 1 -#if MDK_CONF_CTaoCryptTest == 0 -#define NO_CRYPT_TEST -#endif -// -// Crypt/Cipher Benchmark -#define MDK_CONF_CTaoCryptBenchmark 1 -#if MDK_CONF_CTaoCryptBenchmark == 0 -#define NO_CRYPT_BENCHMARK -#endif -// -// - -// STM32 Hardware Crypt -// STM32F2 Hardware RNG -#define MDK_CONF_STM32F2_RNG 0 -#if MDK_CONF_STM32F2_RNG == 1 -#define STM32F2_RNG -#else -#define NO_DEV_RANDOM -#endif -// -// STM32F2 Hardware Crypt -#define MDK_CONF_STM32F2_CRYPTO 0 -#if MDK_CONF_STM32F2_CRYPTO == 1 -#define STM32F2_CRYPTO -#endif -// - -// - -// CyaSSL Library -// SSL (Included by default) -// - -// TLS -#define MDK_CONF_TLS 1 -#if MDK_CONF_TLS == 0 -#define NO_TLS -#endif -// - -// CertGen -#define MDK_CONF_CERT_GEN 0 -#if MDK_CONF_CERT_GEN == 1 -#define CYASSL_CERT_GEN -#endif -// -// KeyGen -#define MDK_CONF_KEY_GEN 0 -#if MDK_CONF_KEY_GEN == 1 -#define CYASSL_KEY_GEN -#endif -// -// CRL -#define MDK_CONF_DER_LOAD 0 -#if MDK_CONF_DER_LOAD == 1 -#define CYASSL_DER_LOAD -#endif -// -// OpenSSL Extra -#define MDK_CONF_OPENSSL_EXTRA 0 -#if MDK_CONF_OPENSSL_EXTRA == 1 -#define OPENSSL_EXTRA -#endif -// -// CRL Monitor, OCSP (not supported with KEIL) -// - -// - -// CTaoCrypt Library - -// MD5, SHA, SHA-256, AES, RC4, ASN, RSA -// - -// MD2 -#define MDK_CONF_MD2 0 -#if MDK_CONF_MD2 == 1 -#define CYASSL_MD2 -#endif -// -// MD4 -#define MDK_CONF_MD4 1 -#if MDK_CONF_MD4 == 0 -#define NO_MD4 -#endif -// -// SHA-384 -// This has to be with SHA512 -#define MDK_CONF_SHA384 0 -#if MDK_CONF_SHA384 == 1 -#define CYASSL_SHA384 -#endif -// -// SHA-512 -#define MDK_CONF_SHA512 0 -#if MDK_CONF_SHA512 == 1 -#define CYASSL_SHA512 -#endif -// -// RIPEMD -#define MDK_CONF_RIPEMD 0 -#if MDK_CONF_RIPEMD == 1 -#define CYASSL_RIPEMD -#endif -// -// HMAC -#define MDK_CONF_HMAC 1 -#if MDK_CONF_HMAC == 0 -#define NO_HMAC -#endif -// -// HC128 -#define MDK_CONF_HC128 0 -#if MDK_CONF_HC128 == 1 -#define HAVE_HC128 -#endif -// -// RABBIT -#define MDK_CONF_RABBIT 1 -#if MDK_CONF_RABBI == 0 -#define NO_RABBIT -#endif -// - -// AEAD -#define MDK_CONF_AEAD 0 -#if MDK_CONF_AEAD == 1 -#define HAVE_AEAD -#endif -// -// DES3 -#define MDK_CONF_DES3 1 -#if MDK_CONF_DES3 == 0 -#define NO_DES3 -#endif -// -// CAMELLIA -#define MDK_CONF_CAMELLIA 0 -#if MDK_CONF_CAMELLIA == 1 -#define HAVE_CAMELLIA -#endif -// - -// DH -// need this for CYASSL_SERVER, OPENSSL_EXTRA -#define MDK_CONF_DH 1 -#if MDK_CONF_DH == 0 -#define NO_DH -#endif -// -// DSA -#define MDK_CONF_DSA 1 -#if MDK_CONF_DSA == 0 -#define NO_DSA -#endif -// -// PWDBASED -#define MDK_CONF_PWDBASED 1 -#if MDK_CONF_PWDBASED == 0 -#define NO_PWDBASED -#endif -// - -// ECC -#define MDK_CONF_ECC 0 -#if MDK_CONF_ECC == 1 -#define HAVE_ECC -#endif -// -// PSK -#define MDK_CONF_PSK 1 -#if MDK_CONF_PSK == 0 -#define NO_PSK -#endif -// -// AESCCM (Turn off Hardware Crypt) -#define MDK_CONF_AESCCM 0 -#if MDK_CONF_AESCCM == 1 -#define HAVE_AESCCM -#endif -// -// AESGCM (Turn off Hardware Crypt) -#define MDK_CONF_AESGCM 0 -#if MDK_CONF_AESGCM == 1 -#define HAVE_AESGCM -#define BUILD_AESGCM -#endif -// -// NTRU (need License, "crypto_ntru.h") -#define MDK_CONF_NTRU 0 -#if MDK_CONF_NTRU == 1 -#define HAVE_NTRU -#endif -// -// - -// Others - -// Inline -#define MDK_CONF_INLINE 0 -#if MDK_CONF_INLINE == 0 -#define NO_INLINE -#endif -// -// Debug -// Debug Message -#define MDK_CONF_DebugMessage 0 -#if MDK_CONF_DebugMessage == 1 -#define DEBUG_CYASSL -#endif -// -// Check malloc -#define MDK_CONF_CheckMalloc 1 -#if MDK_CONF_CheckMalloc == 1 -#define CYASSL_MALLOC_CHECK -#endif -// - - -// -// ErrNo.h -#define MDK_CONF_ErrNo 0 -#if MDK_CONF_ErrNo == 1 -#define HAVE_ERRNO -#endif -// -// zlib (need "zlib.h") -#define MDK_CONF_LIBZ 0 -#if MDK_CONF_LIBZ == 1 -#define HAVE_LIBZ -#endif -// -// CAVIUM (need CAVIUM headers) -#define MDK_CONF_CAVIUM 0 -#if MDK_CONF_CAVIUM == 1 -#define HAVE_CAVIUM -#endif -// - -// Error Strings -#define MDK_CONF_ErrorStrings 1 -#if MDK_CONF_ErrorStrings == 0 -#define NO_ERROR_STRINGS -#endif -// - -// Small Stack -#define MDK_CONF_SmallStack 1 -#if MDK_CONF_SmallStack == 0 -#define NO_CYASSL_SMALL_STACK -#endif -// -// Use Fast Math -#define MDK_CONF_FASTMATH 0 -#if MDK_CONF_FASTMATH == 1 -#define USE_FAST_MATH -#endif -// - - -// - -// -// <<< end of configuration section >>> diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h deleted file mode 100644 index 4f513ef14..000000000 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h +++ /dev/null @@ -1,351 +0,0 @@ -/* config-RTX-TCP-FS.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - - -/**** CyaSSL for KEIL-RL Configuration ****/ - -#define __CORTEX_M3__ -#define CYASSL_MDK_ARM -#define NO_WRITEV -#define NO_CYASSL_DIR -#define NO_MAIN_DRIVER - - -#define CYASSL_DER_LOAD -#define HAVE_NULL_CIPHER - -#define HAVE_KEIL_RTX -#define CYASSL_KEIL_TCP_NET - - -// <<< Use Configuration Wizard in Context Menu >>> -// Build Target: KEIL-RTX-TCP-FS -// RTOS, File System and TCP-net -// -// Command Shell -#define MDK_CONF_SHELL 1 -#if MDK_CONF_SHELL == 1 -#define CYASSL_MDK_SHELL -#endif -// -// CyaSSL Apps -// Crypt/Cipher -// Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) -#define MDK_CONF_CERT_BUFF 0 -#if MDK_CONF_CERT_BUFF== 1 -#define USE_CERT_BUFFERS_1024 -#elif MDK_CONF_CERT_BUFF == 2 -#define USE_CERT_BUFFERS_2048 -#endif - -// Crypt/Cipher Test Suite -#define MDK_CONF_CTaoCryptTest 1 -#if MDK_CONF_CTaoCryptTest == 0 -#define NO_CRYPT_TEST -#endif -// -// Crypt/Cipher Benchmark -#define MDK_CONF_CTaoCryptBenchmark 1 -#if MDK_CONF_CTaoCryptBenchmark == 0 -#define NO_CRYPT_BENCHMARK -#define BENCH_EMBEDDED -#endif -// -// -// SSL/TLS Server/Client -// echoServer -#define MDK_CONF_echoServer 1 -#if MDK_CONF_echoServer == 0 -#define NO_ECHOSERVER -#endif -// -// echoClient -#define MDK_CONF_echoClient 1 -#if MDK_CONF_echoClient == 0 -#define NO_ECHOCLIENT -#endif -// -// SimpleServer -#define MDK_CONF_simpleServer 1 -#if MDK_CONF_simpleServer == 0 -#define NO_SIMPLE_SERVER -#endif -// -// SimpleCliet -#define MDK_CONF_simpleClient 1 -#if MDK_CONF_simpleClient == 0 -#define NO_SIMPLE_CLIENT -#endif -// -// -// -// STM32 Hardware Crypt -// STM32F2 Hardware RNG -#define MDK_CONF_STM32F2_RNG 0 -#if MDK_CONF_STM32F2_RNG == 1 -#define STM32F2_RNG -#else -#define NO_DEV_RANDOM -#endif -// -// STM32F2 Hardware Crypt -#define MDK_CONF_STM32F2_CRYPTO 0 -#if MDK_CONF_STM32F2_CRYPTO == 1 -#define STM32F2_CRYPTO -#endif -// - -// - -// CyaSSL Library -// SSL (Included by default) -// - -// TLS -#define MDK_CONF_TLS 1 -#if MDK_CONF_TLS == 0 -#define NO_TLS -#endif -// - -// CertGen -#define MDK_CONF_CERT_GEN 0 -#if MDK_CONF_CERT_GEN == 1 -#define CYASSL_CERT_GEN -#endif -// -// KeyGen -#define MDK_CONF_KEY_GEN 0 -#if MDK_CONF_KEY_GEN == 1 -#define CYASSL_KEY_GEN -#endif -// -// CRL -#define MDK_CONF_DER_LOAD 0 -#if MDK_CONF_DER_LOAD == 1 -#define CYASSL_DER_LOAD -#endif -// -// OpenSSL Extra -#define MDK_CONF_OPENSSL_EXTRA 1 -#if MDK_CONF_OPENSSL_EXTRA == 1 -#define OPENSSL_EXTRA -#endif -// -// CRL Monitor, OCSP (not supported with KEIL) -// - -// - -// CTaoCrypt Library - -// MD5, SHA, SHA-256, AES, RC4, ASN, RSA -// -// MD2 -#define MDK_CONF_MD2 0 -#if MDK_CONF_MD2 == 1 -#define CYASSL_MD2 -#endif -// -// MD4 -#define MDK_CONF_MD4 1 -#if MDK_CONF_MD4 == 0 -#define NO_MD4 -#endif -// -// SHA-384 -// This has to be with SHA512 -#define MDK_CONF_SHA384 0 -#if MDK_CONF_SHA384 == 1 -#define CYASSL_SHA384 -#endif -// -// SHA-512 -#define MDK_CONF_SHA512 0 -#if MDK_CONF_SHA512 == 1 -#define CYASSL_SHA512 -#endif -// -// RIPEMD -#define MDK_CONF_RIPEMD 1 -#if MDK_CONF_RIPEMD == 1 -#define CYASSL_RIPEMD -#endif -// -// HMAC -#define MDK_CONF_HMAC 1 -#if MDK_CONF_HMAC == 0 -#define NO_HMAC -#endif -// -// HC128 -#define MDK_CONF_HC128 0 -#if MDK_CONF_HC128 == 1 -#define HAVE_HC128 -#endif -// -// RABBIT -#define MDK_CONF_RABBIT 1 -#if MDK_CONF_RABBI == 0 -#define NO_RABBIT -#endif -// - -// AEAD -#define MDK_CONF_AEAD 0 -#if MDK_CONF_AEAD == 1 -#define HAVE_AEAD -#endif -// -// DES3 -#define MDK_CONF_DES3 1 -#if MDK_CONF_DES3 == 0 -#define NO_DES3 -#endif -// -// CAMELLIA -#define MDK_CONF_CAMELLIA 0 -#if MDK_CONF_CAMELLIA == 1 -#define HAVE_CAMELLIA -#endif -// - -// DH -// need this for CYASSL_SERVER, OPENSSL_EXTRA -#define MDK_CONF_DH 1 -#if MDK_CONF_DH == 0 -#define NO_DH -#endif -// -// DSA -#define MDK_CONF_DSA 1 -#if MDK_CONF_DSA == 0 -#define NO_DSA -#endif -// -// PWDBASED -#define MDK_CONF_PWDBASED 1 -#if MDK_CONF_PWDBASED == 0 -#define NO_PWDBASED -#endif -// - -// ECC -#define MDK_CONF_ECC 1 -#if MDK_CONF_ECC == 1 -#define HAVE_ECC -#endif -// -// PSK -#define MDK_CONF_PSK 1 -#if MDK_CONF_PSK == 0 -#define NO_PSK -#endif -// -// AESCCM (Turn off Hardware Crypt) -#define MDK_CONF_AESCCM 0 -#if MDK_CONF_AESCCM == 1 -#define HAVE_AESCCM -#endif -// -// AESGCM (Turn off Hardware Crypt) -#define MDK_CONF_AESGCM 0 -#if MDK_CONF_AESGCM == 1 -#define HAVE_AESGCM -#define BUILD_AESGCM -#endif -// -// NTRU (need License, "crypto_ntru.h") -#define MDK_CONF_NTRU 0 -#if MDK_CONF_NTRU == 1 -#define HAVE_NTRU -#endif -// -// - -// Others - -// Inline -#define MDK_CONF_INLINE 0 -#if MDK_CONF_INLINE == 0 -#define NO_INLINE -#endif -// -// Debug -// Debug Message -#define MDK_CONF_DEBUG_MSG 0 -#if MDK_CONF_DEBUG_MSG == 1 -#define DEBUG_CYASSL -#endif -// -// Check malloc -#define MDK_CONF_CHECK_MALLOC 1 -#if MDK_CONF_CHECK_MALLOC == 1 -#define CYASSL_MALLOC_CHECK -#endif -// - - -// -// ErrNo.h -#define MDK_CONF_ERR_NO 0 -#if MDK_CONF_ERR_NO == 1 -#define HAVE_ERRNO -#endif -// -// zlib (need "zlib.h") -#define MDK_CONF_LIBZ 0 -#if MDK_CONF_LIBZ == 1 -#define HAVE_LIBZ -#endif -// -// CAVIUM (need CAVIUM headers) -#define MDK_CONF_CAVIUM 0 -#if MDK_CONF_CAVIUM == 1 -#define HAVE_CAVIUM -#endif -// - -// Error Strings -#define MDK_CONF_ErrorStrings 1 -#if MDK_CONF_ErrorStrings == 0 -#define NO_ERROR_STRINGS -#endif -// - -// Small Stack -#define MDK_CONF_SMALL_STACK 1 -#if MDK_CONF_SMALL_STACK == 0 -#define NO_CYASSL_SMALL_STACK -#endif -// -// Use Fast Math -#define MDK_CONF_FASTMATH 0 -#if MDK_CONF_FASTMATH == 1 -#define USE_FAST_MATH -#endif -// - - -// - -// -// <<< end of configuration section >>> diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c similarity index 98% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c index bb59c8ce1..573247983 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c @@ -55,7 +55,9 @@ int sendchar (int c) int getkey (void) { int ch = SER_GetChar(); - + #if defined (HAVE_KEIL_RTX) + os_itv_wait (); + #endif if (ch < 0) { return 0; } @@ -250,7 +252,7 @@ char *_sys_command_string (char *cmd, int len) void _sys_exit (int return_code) { -#ifdef CYASSL_MDK_SHELL +#ifdef WOLFSSL_MDK_SHELL return ; #else /* Endless loop. */ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c similarity index 96% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c index d6cef016d..a29e8fcbb 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c @@ -24,5 +24,5 @@ #endif /* Define initial data for cert buffers */ -#include +#include diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h similarity index 95% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h index 6629ee051..d06afdd1d 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h @@ -1,5 +1,5 @@ -#ifndef CYASSL_CERT_DATA_H -#define CYASSL_CERT_DATA_H +#ifndef WOLFSSL_CERT_DATA_H +#define WOLFSSL_CERT_DATA_H #ifdef USE_CERT_BUFFERS_1024 extern const unsigned char client_key_der_1024[] ; diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c similarity index 85% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c index db48b833d..a12d16249 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c @@ -23,12 +23,12 @@ #include #endif -#include -#include +#include +#include #include #include -#include "cyassl_MDK_ARM.h" +#include "wolfssl_MDK_ARM.h" /*----------------------------------------------------------------------------- * Initialize a Flash Memory Card @@ -53,11 +53,11 @@ static void init_card (void) /*----------------------------------------------------------------------------- * TCP/IP tasks *----------------------------------------------------------------------------*/ -#ifdef CYASSL_KEIL_TCP_NET +#ifdef WOLFSSL_KEIL_TCP_NET __task void tcp_tick (void) { - CYASSL_MSG("Time tick started.") ; + WOLFSSL_MSG("Time tick started.") ; #if defined (HAVE_KEIL_RTX) os_itv_set (10); #endif @@ -73,7 +73,7 @@ __task void tcp_tick (void) __task void tcp_poll (void) { - CYASSL_MSG("TCP polling started.\n") ; + WOLFSSL_MSG("TCP polling started.\n") ; while (1) { main_TcpNet (); #if defined (HAVE_KEIL_RTX) @@ -83,13 +83,13 @@ __task void tcp_poll (void) } #endif -#if defined(HAVE_KEIL_RTX) && defined(CYASSL_MDK_SHELL) +#if defined(HAVE_KEIL_RTX) && defined(WOLFSSL_MDK_SHELL) #define SHELL_STACKSIZE 1000 static unsigned char Shell_stack[SHELL_STACKSIZE] ; #endif -#if defined(CYASSL_MDK_SHELL) +#if defined(WOLFSSL_MDK_SHELL) extern void shell_main(void) ; #endif @@ -104,14 +104,14 @@ extern void SER_Init(void) ; /*** This is the parent task entry ***/ void main_task (void) { - #ifdef CYASSL_KEIL_TCP_NET + #ifdef WOLFSSL_KEIL_TCP_NET init_TcpNet (); os_tsk_create (tcp_tick, 2); os_tsk_create (tcp_poll, 1); #endif - #ifdef CYASSL_MDK_SHELL + #ifdef WOLFSSL_MDK_SHELL #ifdef HAVE_KEIL_RTX os_tsk_create_user(shell_main, 1, Shell_stack, SHELL_STACKSIZE) ; #else @@ -127,7 +127,7 @@ void main_task (void) #endif #ifdef HAVE_KEIL_RTX - CYASSL_MSG("Terminating tcp_main\n") ; + WOLFSSL_MSG("Terminating tcp_main\n") ; os_tsk_delete_self (); #endif @@ -137,28 +137,24 @@ void main_task (void) int myoptind = 0; char* myoptarg = NULL; -#if defined(DEBUG_CYASSL) - extern void CyaSSL_Debugging_ON(void) ; +#if defined(DEBUG_WOLFSSL) + extern void wolfSSL_Debugging_ON(void) ; #endif /*** main entry ***/ -extern void init_time(void) ; extern void SystemInit(void); int main() { SystemInit(); - SER_Init() ; #if !defined(NO_FILESYSTEM) init_card () ; /* initializing SD card */ #endif - init_time() ; - - #if defined(DEBUG_CYASSL) + #if defined(DEBUG_WOLFSSL) printf("Turning ON Debug message\n") ; - CyaSSL_Debugging_ON() ; + wolfSSL_Debugging_ON() ; #endif #ifdef HAVE_KEIL_RTX diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c similarity index 90% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c index 58b645e0e..446efbe20 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c @@ -19,26 +19,26 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ - /*** tiny Shell for CyaSSL apps ***/ + /*** tiny Shell for wolfSSL apps ***/ #ifdef HAVE_CONFIG_H #include #endif -#include "cyassl/internal.h" -#undef RNG -#include +#include -#if defined(CYASSL_MDK_ARM) +#include + +#if defined(WOLFSSL_MDK_ARM) #include #include #include #include - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif -#ifdef CYASSL_KEIL_NET -#include "cyassl/test.h" +#ifdef WOLFSSL_KEIL_NET +#include "wolfassl/test.h" #else typedef struct func_args { int argc; @@ -66,7 +66,7 @@ typedef struct func_args { #define ctaocrypt_test command_not_found #endif -#ifndef CYASSL_KEIL_NET +#ifndef WOLFSSL_KEIL_NET #define ipaddr_comm command_not_found #endif @@ -75,7 +75,7 @@ typedef struct func_args { #endif -#if !defined(DEBUG_CYASSL) +#if !defined(DEBUG_WOLFSSL) #define dbg_comm command_not_found #endif @@ -87,11 +87,11 @@ void command_not_found(void *argv) { extern void echoclient_test(void *args) ; extern void echoserver_test(void *args) ; extern void benchmark_test(void *args) ; -extern void ctaocrypt_test(void *args) ; +extern void wolfcrypt_test(void *args) ; extern void client_test(void *args) ; extern void server_test(void *args) ; extern void kill_task(void *args) ; -extern void time_main(void *args) ; + extern void ipaddr_comm(void *args) ; extern void stack_comm(void *args) ; extern void for_command(void *args) ; @@ -103,7 +103,7 @@ extern void help_comm(void *arg) ; #ifndef NO_MD5 extern void md5_test(void *arg) ; #endif -#ifdef CYASSL_MD2 +#ifdef WOLFSSL_MD2 extern void md2_test(void *arg) ; #endif #ifndef NO_MD4 @@ -115,15 +115,15 @@ extern void sha_test(void *arg) ; #ifndef NO_SHA256 extern void sha256_test(void *arg) ; #endif -#ifdef CYASSL_SHA384 +#ifdef WOLFSSL_SHA384 extern void sha384_test(void *arg) ; #endif -#ifdef CYASSL_SHA512 +#ifdef WOLFSSL_SHA512 extern void sha512_test(void *arg) ; #endif -#ifdef CYASSL_RIPEMD +#ifdef WOLFSSL_RIPEMD extern void ripemd_test(void *arg) ; #endif #ifndef NO_HMAC @@ -136,7 +136,7 @@ extern void hmac_sha_test(void *arg) ; extern void hmac_sha256_test(void *arg) ; #endif - #ifdef CYASSL_SHA384 + #ifdef WOLFSSL_SHA384 extern void hmac_sha384_test(void *arg) ; #endif #endif @@ -206,10 +206,9 @@ static struct { "echoclient", echoclient_test, "echoserver", echoserver_test, "benchmark", benchmark_test, - "test", ctaocrypt_test, + "test", wolfcrypt_test, "client", client_test, "server", server_test, - "time", time_main, /* get/set RTC: [-d yy/mm/dd] [-t hh:mm:ss]*/ "ipaddr", ipaddr_comm, /* TBD */ "stack", stack_comm, /* On/Off check stack size */ "for", for_command, /* iterate next command X times */ @@ -220,7 +219,7 @@ static struct { "ec", echoclient_test, "es", echoserver_test, "bm", benchmark_test, - "te", ctaocrypt_test, + "te", wolfcrypt_test, "cl", client_test, "sv", server_test, "ip", ipaddr_comm, @@ -233,7 +232,7 @@ static struct { #ifndef NO_MD5 "md5", md5_test, #endif -#ifdef CYASSL_MD2 +#ifdef WOLFSSL_MD2 "md2", md2_test, #endif #ifndef NO_MD4 @@ -243,13 +242,13 @@ static struct { #ifndef NO_SHA256 "sha256", sha256_test, #endif -#ifdef CYASSL_SHA384 +#ifdef WOLFSSL_SHA384 "sha384", sha384_test, #endif -#ifdef CYASSL_SHA512 +#ifdef WOLFSSL_SHA512 "sha512", sha512_test, #endif -#ifdef CYASSL_RIPEMD +#ifdef WOLFSSL_RIPEMD "ripemd", ripemd_test, #endif #ifndef NO_HMAC @@ -260,7 +259,7 @@ static struct { #ifndef NO_SHA256 "hmac_sha256", hmac_sha256_test, #endif - #ifdef CYASSL_SHA384 + #ifdef WOLFSSL_SHA384 "hmac_sha384", hmac_sha384_test, #endif #endif @@ -362,18 +361,18 @@ static int BackGround = 0 ; /* 1: background job is running */ /************* Embedded Shell Commands **********************************/ #define IP_SIZE 16 -#ifdef CYASSL_KEIL_NET +#ifdef WOLFSSL_KEIL_NET static void ipaddr_comm(void *args) { if(((func_args *)args)->argc == 1) { - printf("IP addr: %s, port %d\n", yasslIP, yasslPort) ; + printf("IP addr: %s, port %d\n", wolfSSLIP, wolfSSLPort) ; } else { if(BackGround != 0) { printf("Cannot change IP addr while background server is running\n") ; } else if(((func_args *)args)->argc == 3 && ((func_args *)args)->argv[1][0] == '-'&& ((func_args *)args)->argv[1][1] == 'a' ) { -/* strcpy(yasslIP, ((func_args *)args)->argv[2]) ; */ +/* strcpy(wolfSSLIP, ((func_args *)args)->argv[2]) ; */ } else if(((func_args *)args)->argc == 3 && ((func_args *)args)->argv[1][0] == '-' && ((func_args *)args)->argv[1][1] == 'p' ) { @@ -442,20 +441,20 @@ static void for_command(void *args) } -#if defined(DEBUG_CYASSL) +#if defined(DEBUG_WOLFSSL) -static int CyasslDebug = 1 ; +static int wolfsslDebug = 1 ; static void dbg_comm(void *args) { - if(CyasslDebug == 1) { - CyasslDebug = 0 ; + if(wolfsslDebug == 1) { + wolfsslDebug = 0 ; printf("Turning OFF Debug message\n") ; - CyaSSL_Debugging_OFF() ; + wolfSSL_Debugging_OFF() ; } else { - CyasslDebug = 1 ; + wolfsslDebug = 1 ; printf("Turning ON Debug message\n") ; - CyaSSL_Debugging_ON() ; + wolfSSL_Debugging_ON() ; } } #endif @@ -467,20 +466,20 @@ static void help_comm(void *args) -#define BG_JOB_STACK_SIZE 12000 +#define BG_JOB_STACK_SIZE 16000 #if (!defined(NO_SIMPLE_SERVER) && !defined(NO_ECHOSERVER)) && \ defined(HAVE_KEIL_RTX) static char bg_job_stack[BG_JOB_STACK_SIZE] ; #endif -#define COMMAND_STACK_SIZE 12000 +#define COMMAND_STACK_SIZE 16000 #if defined(HAVE_KEIL_RTX) static char command_stack[COMMAND_STACK_SIZE] ; #endif #ifdef HAVE_KEIL_RTX -static CyaSSL_Mutex command_mutex ; +static wolfSSL_Mutex command_mutex ; #endif /*********** Invoke Forground Command *********************/ @@ -491,7 +490,7 @@ static void command_invoke(void *args) func = (void(*)(void *))((func_args *)args)->argv[0] ; #ifdef HAVE_KEIL_RTX - LockMutex((CyaSSL_Mutex *)&command_mutex) ; + LockMutex((wolfSSL_Mutex *)&command_mutex) ; #endif iteration = for_iteration ; for(i=0; i< iteration; i++) { @@ -509,7 +508,7 @@ static void command_invoke(void *args) if(iteration > 1) for_iteration = 1 ; #ifdef HAVE_KEIL_RTX - UnLockMutex((CyaSSL_Mutex *)&command_mutex) ; + UnLockMutex((wolfSSL_Mutex *)&command_mutex) ; os_tsk_delete_self() ; #endif } @@ -525,7 +524,7 @@ static void bg_job_invoke(void *args) func = (void(*)(void *))((func_args *)args)->argv[0] ; func(args) ; /* invoke command */ stack_check(bg_job_stack, BG_JOB_STACK_SIZE) ; - #ifdef CYASSL_KEIL_NET + #ifdef WOLFSSL_KEIL_NET init_TcpNet (); #endif BackGround = 0 ; @@ -550,7 +549,6 @@ void shell_main(void) { #if defined(HAVE_KEIL_RTX) InitMutex(&command_mutex) ; #endif - time_main(NULL) ; printf("Starting Shell\n") ; while(1) { if(getline(line, LINESIZE, &args, &bf_flg) > 0) { @@ -559,14 +557,14 @@ void shell_main(void) { args.argv[0] = (char *) commandTable[i].func ; if(bf_flg == FORGROUND) { #ifdef HAVE_KEIL_RTX - UnLockMutex((CyaSSL_Mutex *)&command_mutex) ; + UnLockMutex((wolfSSL_Mutex *)&command_mutex) ; os_tsk_create_user_ex( (void(*)(void *))&command_invoke, 7, command_stack, COMMAND_STACK_SIZE, &args) ; #else command_invoke(&args) ; #endif #ifdef HAVE_KEIL_RTX - LockMutex((CyaSSL_Mutex *)&command_mutex) ; + LockMutex((wolfSSL_Mutex *)&command_mutex) ; #endif } else { #if (!defined(NO_SIMPLE_SERVER) && \ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c similarity index 61% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c index aee366966..ca5046138 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c @@ -1,4 +1,4 @@ -/* ssl-dummy.c +/* time-STM32F2.c * * Copyright (C) 2006-2015 wolfSSL Inc. * @@ -18,36 +18,24 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ - + #ifdef HAVE_CONFIG_H #include #endif -#include -#include -#include -#include -Signer* GetCA(void* vp, byte* hash) -{ - Signer*s ; - return s ; -} - -int CyaSSL_dtls(CYASSL* ssl) +#include +#define DWT ((DWT_Type *) (0xE0001000UL) ) +typedef struct { - return ssl->options.dtls; -} + uint32_t CTRL; /*!< Offset: 0x000 (R/W) Control Register */ + uint32_t CYCCNT; /*!< Offset: 0x004 (R/W) Cycle Count Register */ +} DWT_Type; -int CyaSSL_get_using_nonblock(CYASSL* ssl) -{ - CYASSL_ENTER("CyaSSL_get_using_nonblock"); - CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock); - return ssl->options.usingNonblock; -} +extern uint32_t SystemCoreClock ; -Signer* GetCAByName(void* vp, byte* hash) +double current_time(int reset) { - Signer * ca ; - return(ca) ; + if(reset) DWT->CYCCNT = 0 ; + return ((double)DWT->CYCCNT/SystemCoreClock) ; } diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c similarity index 56% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c index fff7a5ab8..ba1a6a734 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c @@ -1,4 +1,4 @@ -/* config.h +/* time-dummy.c.c * * Copyright (C) 2006-2015 wolfSSL Inc. * @@ -16,31 +16,19 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ - - -/**** CyaSSL for KEIL-RL Configuration ****/ - -#define __CORTEX_M3__ -#define CYASSL_MDK_ARM -#define NO_WRITEV -#define NO_CYASSL_DIR - -/* for Retarget.c */ -#define STDIO -#define BENCH_EMBEDDED - -#define CYASSL_DER_LOAD -#define HAVE_NULL_CIPHER - -#if defined(MDK_CONF_RTX_TCP_FS) -#include "config-RTX-TCP-FS.h" -#elif defined(MDK_CONF_TCP_FS) -#include "config-TCP-FS.h" -#elif defined(MDK_CONF_FS) -#include "config-FS.h" -#elif defined(MDK_CONF_BARE_METAL) -#include "config-BARE-METAL.h" + +#ifdef HAVE_CONFIG_H + #include #endif +#include "time.h" + +struct tm *wolfssl_MDK_gmtime(const time_t *c) +{ + static struct tm date ; + return(&date) ; +} + +time_t time(time_t * t) { return 0 ; } diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c similarity index 71% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c index 23ca2f63c..ab71b87ab 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c @@ -1,4 +1,4 @@ -/* cyassl_MDK_ARM.c +/* wolfssl_KEIL_RL.c * * Copyright (C) 2006-2015 wolfSSL Inc. * @@ -27,22 +27,29 @@ #include #endif -#include -#if defined (CYASSL_MDK5) - #include "cmsis_os.h" - #if defined(CYASSL_KEIL_TCP_NET) - #include "rl_net.h" - #endif -#else - #include +#include + +#if defined(WOLFSSL_MDK_ARM) + #include + #include + + #if defined(WOLFSSL_MDK5) + #include "cmsis_os.h" + #include "rl_fs.h" + #include "rl_net.h" + #else + #include "rtl.h" + #endif + + #include "wolfssl_MDK_ARM.h" #endif -#include "cyassl_MDK_ARM.h" +#include "wolfssl_MDK_ARM.h" -#include -#include +#include +#include -#if defined (CYASSL_CMSIS_RTOS) +#if defined (WOLFSSL_CMSIS_RTOS) #define os_dly_wait(t) osDelay(10*t) #endif @@ -50,7 +57,7 @@ /** KEIL-RL TCPnet ****/ /** TCPnet BSD socket does not have following functions. **/ -#if defined(CYASSL_KEIL_TCP_NET) +#if defined(WOLFSSL_KEIL_TCP_NET) char *inet_ntoa(struct in_addr in) { #define NAMESIZE 16 @@ -69,10 +76,10 @@ unsigned long inet_addr(const char *cp) /*** tcp_connect is actually associated with following syassl_tcp_connect. ***/ -int Cyassl_connect(int sd, const struct sockaddr* sa, int sz) +int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) { int ret = 0 ; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) SOCKADDR_IN addr ; @@ -83,100 +90,100 @@ int Cyassl_connect(int sd, const struct sockaddr* sa, int sz) ret = connect(sd, (SOCKADDR *)&addr, sizeof(addr)) ; os_dly_wait(50); } while(ret == SCK_EWOULDBLOCK) ; - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Connect return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif - #endif /* CYASSL_KEIL_TCP_NET */ + #endif /* WOLFSSL_KEIL_TCP_NET */ return(ret ) ; } -int Cyassl_accept(int sd, struct sockaddr *addr, int *addrlen) +int wolfssl_accept(int sd, struct sockaddr *addr, int *addrlen) { int ret = 0 ; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) while(1) { #undef accept /* Go to KEIL TCPnet accept */ ret = accept(sd, addr, addrlen) ; if(ret != SCK_EWOULDBLOCK) break ; os_dly_wait(1); } - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Accept return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif - #endif /* CYASSL_KEIL_TCP_NET */ + #endif /* WOLFSSL_KEIL_TCP_NET */ return(ret ) ; } -int Cyassl_recv(int sd, void *buf, size_t len, int flags) +int wolfssl_recv(int sd, void *buf, size_t len, int flags) { int ret = 0; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) while(1) { #undef recv /* Go to KEIL TCPnet recv */ ret = recv(sd, buf, len, flags) ; if((ret != SCK_EWOULDBLOCK) &&( ret != SCK_ETIMEOUT)) break ; os_dly_wait(1); } - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Recv return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif - #endif /* CYASSL_KEIL_TCP_NET */ + #endif /* WOLFSSL_KEIL_TCP_NET */ return(ret ) ; } -int Cyassl_send(int sd, const void *buf, size_t len, int flags) +int wolfssl_send(int sd, const void *buf, size_t len, int flags) { int ret = 0 ; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) while(1) { #undef send /* Go to KEIL TCPnet send */ ret = send(sd, buf, len, flags) ; if(ret != SCK_EWOULDBLOCK) break ; os_dly_wait(1); } - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Send return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif -#endif /* CYASSL_KEIL_TCP_NET */ +#endif /* WOLFSSL_KEIL_TCP_NET */ return(ret) ; } -#endif /* CYASSL_KEIL_TCP_NET */ +#endif /* WOLFSSL_KEIL_TCP_NET */ -#if defined(CYASSL_KEIL_TCP_NET) -void Cyassl_sleep(int t) +#if defined(WOLFSSL_KEIL_TCP_NET) +void wolfssl_sleep(int t) { #if defined(HAVE_KEIL_RTX) os_dly_wait(t/1000+1) ; #endif } -int Cyassl_tcp_select(int sd, int timeout) +int wolfssl_tcp_select(int sd, int timeout) { return 0 ; @@ -184,9 +191,7 @@ int Cyassl_tcp_select(int sd, int timeout) } #endif -extern int strlen(const char *s) ; - -FILE * CyaSSL_fopen(const char *name, const char *openmode) +FILE * wolfSSL_fopen(const char *name, const char *openmode) { int i ; FILE * ret ; #define PATHSIZE 100 @@ -206,30 +211,23 @@ FILE * CyaSSL_fopen(const char *name, const char *openmode) return(ret) ; } -#if defined (CYASSL_MDK5) #define getkey getchar #define sendchar putchar -#else -extern int getkey(void) ; -extern int sendchar(int c) ; -#endif -char * Cyassl_fgets ( char * str, int num, FILE * f ) +char * wolfssl_fgets ( char * str, int num, FILE * f ) { int i ; for(i = 0 ; i< num ; i++) { while((str[i] = getkey()) == 0) { - #if defined (HAVE_KEIL_RTX) - #if !defined(CYASSL_CMSIS_RTOS) - os_tsk_pass (); - #else - osThreadYield (); - #endif - #endif + #if defined (HAVE_KEIL_RTX) && !defined(WOLFSSL_CMSIS_RTOS) + os_tsk_pass (); + #elif defined(WOLFSSL_CMSIS_RTOS) + osThreadYield (); + #endif } if(str[i] == '\n' || str[i] == '\012' || str[i] == '\015') { - sendchar('\n') ; + sendchar('\n') ; str[i++] = '\n' ; str[i] = '\0' ; break ; diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h similarity index 58% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h index dbcfcf68e..665fc62c0 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h @@ -1,4 +1,4 @@ -/* cyassl_KEIL_RL.h +/* wolfssl_KEIL_RL.h * * Copyright (C) 2006-2015 wolfSSL Inc. * @@ -22,16 +22,16 @@ /******************************************************************************/ /** This file is for defining types, values for specific to KEIL-MDK-ARM. **/ /******************************************************************************/ -#ifndef CYASSL_KEIL_RL_H -#define CYASSL_KEIL_RL_H +#ifndef WOLFSSL_KEIL_RL_H +#define WOLFSSL_KEIL_RL_H #include /* Go to STDIN */ -#define fgets(buff, sz, fd) Cyassl_fgets(buff, sz, fd) -extern char * Cyassl_fgets ( char * str, int num, FILE * f ) ; +#define fgets(buff, sz, fd) wolfssl_fgets(buff, sz, fd) +extern char * wolfssl_fgets ( char * str, int num, FILE * f ) ; #define SOCKET_T int @@ -43,7 +43,7 @@ typedef long fd_mask; #define NFDBITS (sizeof(fd_mask) * NUMBITSPERBYTE) /* bits per mask */ typedef struct fd_set { - fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS]; + fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS]; } fd_set; /*** #include ***/ @@ -52,39 +52,37 @@ struct timeval { long tv_usec; /* microseconds */ }; +#if defined(WOLFSSL_KEIL_TCP_NET) -/*** #include **/ -/* - int select(int nfds, fd_set *readfds, fd_set *writefds, - fd_set *exceptfds, const struct timeval *timeout); - void FD_CLR(int fd, fd_set *set); - int FD_ISSET(int fd, fd_set *set); - void FD_SET(int fd, fd_set *set); - void FD_ZERO(fd_set *set); -*/ +#if defined(WOLFSSL_MDK5) +#define SCK_EWOULDBLOCK BSD_ERROR_WOULDBLOCK +#define SCK_ETIMEOUT BSD_ERROR_TIMEOUT +#include "rl_net.h" +#endif + typedef int socklen_t ; /* for avoiding conflict with KEIL-TCPnet BSD socket */ -/* Bodies are in cyassl_KEIL_RL.c */ -#define connect Cyassl_connect -#define accept Cyassl_accept -#define recv Cyassl_recv -#define send Cyassl_send -#define sleep Cyassl_sleep +/* Bodies are in wolfssl_KEIL_RL.c */ +#define connect(a,b,c) wolfssl_connect(a, (struct sockaddr* )(b), c) +#define accept wolfssl_accept +#define recv wolfssl_recv +#define send wolfssl_send +#define sleep wolfssl_sleep /* for avoiding conflicting with KEIL-TCPnet TCP socket */ /* Bodies are in test.h */ -#define tcp_connect Cyassl_tcp_connect -#define tcp_socket Cyassl_tcp_soket -#define tcp_listen Cyassl_tcp_listen -#define tcp_select Cyassl_tcp_select +#define tcp_connect wolfssl_tcp_connect +#define tcp_socket wolfssl_tcp_soket +#define tcp_listen wolfssl_tcp_listen +#define tcp_select wolfssl_tcp_select -extern int Cyassl_connect(int sd, const struct sockaddr * sa, int sz) ; -extern int Cyassl_accept(int sd, struct sockaddr *addr, socklen_t *addrlen); -extern int Cyassl_recv(int sd, void *buf, size_t len, int flags); -extern int Cyassl_send(int sd, const void *buf, size_t len, int flags); -extern void Cyassl_sleep(int sec) ; -extern int Cyassl_tcp_select(int sd, int timeout) ; +extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ; +extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen); +extern int wolfssl_recv(int sd, void *buf, size_t len, int flags); +extern int wolfssl_send(int sd, const void *buf, size_t len, int flags); +extern void wolfssl_sleep(int sec) ; +extern int wolfssl_tcp_select(int sd, int timeout) ; /** KEIL-RL TCPnet ****/ /* TCPnet BSD socket does not have following functions. */ @@ -95,9 +93,6 @@ extern int setsockopt(int sockfd, int level, int optname, extern int select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, const struct timeval *timeout); -/* CyaSSL MDK-ARM time functions */ -#include -struct tm *Cyassl_MDK_gmtime(const time_t *c) ; -extern double current_time(void) ; +#endif /* WOLFSSL_KEIL_TCP_NET */ -#endif /* CYASSL_KEIL_RL_H */ +#endif /* WOLFSSL_KEIL_RL_H */ diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj deleted file mode 100644 index 6504d782a..000000000 --- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj +++ /dev/null @@ -1,3510 +0,0 @@ - - - - 1.1 - -
### uVision Project, (C) Keil Software
- - - - MDK-RTX-TCP-FS - 0x4 - ARM-ADS - - - LPC4357 - NXP (founded by Philips) - IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2 - - "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code") - UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000) - 6414 - LPC43xx.H - - - - - - - - - - SFD\NXP\LPC43xx\LPC43xx.SFR - 0 - - - - NXP\LPC43xx\ - NXP\LPC43xx\ - - 0 - 0 - 0 - 0 - 1 - - .\MDK-RTX-TCP-FS\ - LCP43xx-MDK-RTX-TCP-FS - 1 - 0 - 0 - 1 - 1 - .\Lst\ - 1 - 0 - 0 - - 0 - 0 - - - 0 - 0 - 0 - 0 - - - 0 - 0 - - - 0 - 0 - - - 1 - 0 - $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000) - - 0 - 0 - - 0 - - - - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 3 - - - - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - - 1 - 0 - 0 - 0 - 16 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - - - 1 - 1 - 0 - 1 - 1 - 1 - 0 - 1 - 0 - - 0 - 9 - - - - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - - 1 - 0 - 0 - 1 - 1 - 4100 - - 0 - BIN\ULP2CM3.DLL - "" () - - - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - "Cortex-M4" - - 1 - 0 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 8 - 0 - 0 - 0 - 3 - 3 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 1 - 1 - 0 - 0 - 1 - 1 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 1 - 0x1a000000 - 0x80000 - - - 0 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x1a000000 - 0x80000 - - - 1 - 0x1b000000 - 0x80000 - - - 0 - 0x10080000 - 0xa000 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 0 - 0x20000000 - 0x10000 - - - - - - 1 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - - - HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_RTX_TCP_FS - - ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include - - - - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - - 1 - 0 - 0 - 0 - 1 - 0 - - - - - - - - - - - - - - CyaSSL Apps - - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - server.c - 1 - ..\..\..\examples\server\server.c - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - - - LPC43xx - - - lpc43xx_rtc.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - - - lpc43xx_timer.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - - - lpc43xx_cgu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - - - lpc43xx_scu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - - - - - MDK-ARM - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - RTX_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - - - TCPD_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCP_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - - - Serial.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - - - ETH_LPC43xx.c - 1 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - - - SDIO_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - - - system_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - internal.c - 1 - ..\..\..\src\internal.c - - - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Configuration - - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - Net_Config.c - 1 - ..\MDK-ARM\config\Net_Config.c - - - config.h - 5 - ..\MDK-ARM\CyaSSL\config.h - - - RTX_Conf_CM.c - 1 - ..\MDK-ARM\config\RTX_Conf_CM.c - - - Net_Debug.c - 1 - ..\MDK-ARM\config\Net_Debug.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-FS.h - - - config-RTX-TCP-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - - - config-BARE-METAL.h - 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h - - - startup_LPC43xx.s - 2 - ..\LPC43xx\startup_LPC43xx.s - - - - - CyaSSL-MDK - - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - - - Retarget.c - 1 - ..\MDK-ARM\CyaSSL\Retarget.c - - - time-LCP43xx.c - 1 - ..\LPC43xx\time-LCP43xx.c - - - - - - - MDK-FS - 0x4 - ARM-ADS - - - LPC4357 - NXP (founded by Philips) - IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2 - - "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code") - UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000) - 6414 - LPC43xx.H - - - - - - - - - - SFD\NXP\LPC43xx\LPC43xx.SFR - 0 - - - - NXP\LPC43xx\ - NXP\LPC43xx\ - - 0 - 0 - 0 - 0 - 1 - - .\MDK-FS\ - LCP43xx-MDK-FS - 1 - 0 - 0 - 1 - 1 - .\Lst\ - 1 - 0 - 0 - - 0 - 0 - - - 0 - 0 - 0 - 0 - - - 0 - 0 - - - 0 - 0 - - - 1 - 0 - $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000) - - 0 - 0 - - 0 - - - - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 3 - - - - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - - 1 - 0 - 0 - 0 - 16 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - - 0 - 9 - - - - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - - 1 - 0 - 0 - 1 - 1 - 4100 - - 0 - BIN\ULP2CM3.DLL - "" () - - - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - "Cortex-M4" - - 0 - 0 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 8 - 0 - 0 - 0 - 3 - 3 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 1 - 1 - 0 - 0 - 1 - 1 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 1 - 0x1a000000 - 0x80000 - - - 0 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x1a000000 - 0x80000 - - - 1 - 0x1b000000 - 0x80000 - - - 0 - 0x10080000 - 0xa000 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 0 - 0x20000000 - 0x10000 - - - - - - 1 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - - - HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_FS - - ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include - - - - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - - 1 - 0 - 0 - 0 - 1 - 0 - - - - - - - - - - - - - - CyaSSL Apps - - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - server.c - 1 - ..\..\..\examples\server\server.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - - - LPC43xx - - - lpc43xx_rtc.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - - - lpc43xx_timer.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - - - lpc43xx_cgu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - - - lpc43xx_scu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - - - - - MDK-ARM - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - RTX_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCPD_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCP_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - Serial.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - - - ETH_LPC43xx.c - 1 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - SDIO_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - - - system_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - internal.c - 1 - ..\..\..\src\internal.c - - - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - - - Configuration - - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - Net_Config.c - 1 - ..\MDK-ARM\config\Net_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config.h - 5 - ..\MDK-ARM\CyaSSL\config.h - - - RTX_Conf_CM.c - 1 - ..\MDK-ARM\config\RTX_Conf_CM.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - Net_Debug.c - 1 - ..\MDK-ARM\config\Net_Debug.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-FS.h - - - config-RTX-TCP-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - - - config-BARE-METAL.h - 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h - - - startup_LPC43xx.s - 2 - ..\LPC43xx\startup_LPC43xx.s - - - - - CyaSSL-MDK - - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - - - Retarget.c - 1 - ..\MDK-ARM\CyaSSL\Retarget.c - - - time-LCP43xx.c - 1 - ..\LPC43xx\time-LCP43xx.c - - - - - - - MDK-BARE-METAL - 0x4 - ARM-ADS - - - LPC4357 - NXP (founded by Philips) - IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2 - - "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code") - UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000) - 6414 - LPC43xx.H - - - - - - - - - - SFD\NXP\LPC43xx\LPC43xx.SFR - 0 - - - - NXP\LPC43xx\ - NXP\LPC43xx\ - - 0 - 0 - 0 - 0 - 1 - - .\MDK-BARE-METAL\ - LCP43xx-MDK-BARE-METAL - 1 - 0 - 0 - 1 - 1 - .\Lst\ - 1 - 0 - 0 - - 0 - 0 - - - 0 - 0 - 0 - 0 - - - 0 - 0 - - - 0 - 0 - - - 1 - 0 - $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000) - - 0 - 0 - - 0 - - - - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 3 - - - - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - - 1 - 0 - 0 - 0 - 16 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - - 0 - 9 - - - - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - - 1 - 0 - 0 - 1 - 1 - 4100 - - 0 - BIN\ULP2CM3.DLL - "" () - - - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - "Cortex-M4" - - 0 - 0 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 8 - 0 - 0 - 0 - 3 - 3 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 1 - 1 - 0 - 0 - 1 - 1 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 1 - 0x1a000000 - 0x80000 - - - 0 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x1a000000 - 0x80000 - - - 1 - 0x1b000000 - 0x80000 - - - 0 - 0x10080000 - 0xa000 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 0 - 0x20000000 - 0x10000 - - - - - - 1 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - - - HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_BARE_METAL - - ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include - - - - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - - 1 - 0 - 0 - 0 - 1 - 0 - - - - - - - - - - - - - - CyaSSL Apps - - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - server.c - 1 - ..\..\..\examples\server\server.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - - - LPC43xx - - - lpc43xx_rtc.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - - - lpc43xx_timer.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - - - lpc43xx_cgu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - - - lpc43xx_scu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - - - - - MDK-ARM - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - RTX_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCPD_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCP_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - Serial.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - - - ETH_LPC43xx.c - 1 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - SDIO_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - system_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - internal.c - 1 - ..\..\..\src\internal.c - - - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - - - Configuration - - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - Net_Config.c - 1 - ..\MDK-ARM\config\Net_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config.h - 5 - ..\MDK-ARM\CyaSSL\config.h - - - RTX_Conf_CM.c - 1 - ..\MDK-ARM\config\RTX_Conf_CM.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - Net_Debug.c - 1 - ..\MDK-ARM\config\Net_Debug.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-FS.h - - - config-RTX-TCP-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - - - config-BARE-METAL.h - 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h - - - startup_LPC43xx.s - 2 - ..\LPC43xx\startup_LPC43xx.s - - - - - CyaSSL-MDK - - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - - - Retarget.c - 1 - ..\MDK-ARM\CyaSSL\Retarget.c - - - time-LCP43xx.c - 1 - ..\LPC43xx\time-LCP43xx.c - - - - - - - - diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt index f051310b2..cb7029ea6 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt +++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt @@ -13,6 +13,7 @@ *.txt; *.h; *.inc *.plm *.cpp + 0 @@ -31,6 +32,7 @@ 1 0 1 + 0 1 @@ -76,16 +78,6 @@ 0 255 - - SARMCM3.DLL - -MPU - DARMSTM.DLL - -pSTM32F207IG - SARMCM3.DLL - -MPU - TARMSTM.DLL - -pSTM32F207IG - 0 1 @@ -97,16 +89,18 @@ 1 1 1 - 0 + 1 1 1 1 0 1 0 + 1 + 1 0 0 - 9 + 7 @@ -116,14 +110,19 @@ - ..\MDK-ARM\config\STM32_SWO.ini + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini BIN\ULP2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + 0 UL2CM3 - UL2CM3(-S0 -C0 -P0 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 -FP0($$Device:STM32F207IG$Flash\STM32F2xx_1024.flm)) + -UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 0 @@ -143,10 +142,18 @@ 0 ULP2CM3 - -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + 1 + 0 + 0x802f36c + 0 + + 0 @@ -192,6 +199,7 @@ 1 1 0 + 0 1 @@ -234,19 +242,9 @@ 1 0 - 1 + 0 255 - - SARMCM3.DLL - -MPU - DARMSTM.DLL - -pSTM32F207IG - SARMCM3.DLL - -MPU - TARMSTM.DLL - -pSTM32F207IG - 0 1 @@ -265,9 +263,11 @@ 0 1 0 + 1 + 1 0 0 - 9 + 1 @@ -277,10 +277,20 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + 0 DLGTARM @@ -294,12 +304,12 @@ 0 DLGUARM - + (105=-1,-1,-1,-1,0) 0 ULP2CM3 - -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 @@ -348,6 +358,7 @@ 1 1 0 + 0 1 @@ -390,19 +401,9 @@ 1 0 - 0 + 1 255 - - SARMCM3.DLL - -MPU - DARMSTM.DLL - -pSTM32F207IG - SARMCM3.DLL - -MPU - TARMSTM.DLL - -pSTM32F207IG - 0 1 @@ -421,9 +422,11 @@ 0 1 0 + 1 + 1 0 0 - 9 + 1 @@ -433,10 +436,20 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + 0 DLGTARM @@ -450,15 +463,64 @@ 0 DLGUARM - + (105=-1,-1,-1,-1,0) 0 ULP2CM3 - -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 - + + + 0 + 0 + 542 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\shell.c + + + + + 1 + 0 + 150 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\main.c + + + + + 2 + 0 + 540 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\shell.c + + + + 0 @@ -494,7 +556,7 @@ - CyaSSL Apps + wolfSSL Apps 1 0 0 @@ -505,13 +567,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoclient\echoclient.c - echoclient.c + ..\..\..\examples\client\client.c + client.c 0 0 @@ -521,13 +580,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoserver\echoserver.c - echoserver.c + ..\MDK-ARM\wolfSSL\shell.c + shell.c 0 0 @@ -537,13 +593,10 @@ 1 0 0 - 5 0 - 0 - 0 0 - ..\..\..\ctaocrypt\test\test.c - test.c + ..\..\..\examples\server\server.c + server.c 0 0 @@ -553,13 +606,10 @@ 1 0 0 - 21 0 - 0 - 0 0 - ..\..\..\ctaocrypt\benchmark\benchmark.c - benchmark.c + ..\MDK-ARM\wolfSSL\main.c + main.c 0 0 @@ -569,13 +619,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\client\client.c - client.c + ..\..\..\wolfcrypt\test\test.c + test.c 0 0 @@ -585,13 +632,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\server\server.c - server.c + ..\..\..\wolfcrypt\benchmark\benchmark.c + benchmark.c 0 0 @@ -601,13 +645,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\shell.c - shell.c + ..\..\..\examples\echoclient\echoclient.c + echoclient.c 0 0 @@ -617,40 +658,13 @@ 1 0 0 - 0 0 - 106 - 149 0 - ..\MDK-ARM\CyaSSL\main.c - main.c + ..\..\..\examples\echoserver\echoserver.c + echoserver.c 0 0 - - 1 - 9 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\cert_data.c - cert_data.c - 0 - 0 - - - - - STM32F2xx_StdPeriph_Lib - 1 - 0 - 0 - 0 @@ -660,786 +674,93 @@ 0 0 - 3 - 10 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - Serial.c - 0 - 0 - - - 3 - 11 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - SDIO_STM32F2xx.c - 0 - 0 - - - 3 - 12 + 2 + 9 4 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - FS_CM3.lib - 0 - 0 - - - 3 - 13 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib RTX_CM3.lib 0 0 - 3 - 14 + 2 + 10 1 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c ETH_STM32F2xx.c 0 0 - 3 - 15 + 2 + 11 4 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib TCPD_CM3.lib 0 0 - 3 - 16 + 2 + 12 4 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib TCP_CM3.lib 0 0 - 3 - 17 + 2 + 13 1 0 0 - 0 0 - 0 - 0 0 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c system_stm32f2xx.c 0 0 - - - - CyaSSL Library - 1 - 0 - 0 - 0 - 4 - 18 + 2 + 14 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\src\crl.c - crl.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c + SDIO_STM32F2xx.c 0 0 - 4 - 19 - 1 + 2 + 15 + 4 0 0 - 0 0 - 0 - 0 0 - ..\..\..\src\internal.c - internal.c - 0 - 0 - - - 4 - 20 - 1 - 0 - 0 - 23 - 0 - 0 - 0 - 0 - ..\..\..\src\io.c - io.c - 0 - 0 - - - 4 - 21 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\keys.c - keys.c - 0 - 0 - - - 4 - 22 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\ocsp.c - ocsp.c - 0 - 0 - - - 4 - 23 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\sniffer.c - sniffer.c - 0 - 0 - - - 4 - 24 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\ssl.c - ssl.c - 0 - 0 - - - 4 - 25 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\tls.c - tls.c - 0 - 0 - - - 4 - 26 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - ssl-dummy.c - 0 - 0 - - - - - Crypt/Cipher Library - 1 - 0 - 0 - 0 - - 5 - 27 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\aes.c - aes.c - 0 - 0 - - - 5 - 28 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\arc4.c - arc4.c - 0 - 0 - - - 5 - 29 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asm.c - asm.c - 0 - 0 - - - 5 - 30 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asn.c - asn.c - 0 - 0 - - - 5 - 31 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\camellia.c - camellia.c - 0 - 0 - - - 5 - 32 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\coding.c - coding.c - 0 - 0 - - - 5 - 33 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\des3.c - des3.c - 0 - 0 - - - 5 - 34 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dh.c - dh.c - 0 - 0 - - - 5 - 35 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dsa.c - dsa.c - 0 - 0 - - - 5 - 36 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc.c - ecc.c - 0 - 0 - - - 5 - 37 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc_fp.c - ecc_fp.c - 0 - 0 - - - 5 - 38 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\error.c - error.c - 0 - 0 - - - 5 - 39 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hc128.c - hc128.c - 0 - 0 - - - 5 - 40 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hmac.c - hmac.c - 0 - 0 - - - 5 - 41 - 1 - 0 - 0 - 19 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\integer.c - integer.c - 0 - 0 - - - 5 - 42 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\logging.c - logging.c - 0 - 0 - - - 5 - 43 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md2.c - md2.c - 0 - 0 - - - 5 - 44 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md4.c - md4.c - 0 - 0 - - - 5 - 45 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md5.c - md5.c - 0 - 0 - - - 5 - 46 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\memory.c - memory.c - 0 - 0 - - - 5 - 47 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\misc.c - misc.c - 0 - 0 - - - 5 - 48 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\wc_port.c - wc_port.c - 0 - 0 - - - 5 - 49 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\pwdbased.c - pwdbased.c - 0 - 0 - - - 5 - 50 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\rabbit.c - rabbit.c - 0 - 0 - - - 5 - 51 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\random.c - random.c - 0 - 0 - - - 5 - 52 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ripemd.c - ripemd.c - 0 - 0 - - - 5 - 53 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\rsa.c - rsa.c - 0 - 0 - - - 5 - 54 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha.c - sha.c - 0 - 0 - - - 5 - 55 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha256.c - sha256.c - 0 - 0 - - - 5 - 56 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha512.c - sha512.c - 0 - 0 - - - 5 - 57 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\tfm.c - tfm.c + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib + FS_CM3.lib 0 0 @@ -1452,31 +773,12 @@ 0 0 - 6 - 58 + 3 + 16 1 0 0 - 0 0 - 0 - 0 - 0 - ..\MDK-ARM\config\File_Config.c - File_Config.c - 0 - 0 - - - 6 - 59 - 1 - 0 - 0 - 0 - 0 - 0 - 0 0 ..\MDK-ARM\config\Net_Config.c Net_Config.c @@ -1484,31 +786,25 @@ 0 - 6 - 60 + 3 + 17 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h config.h 0 0 - 6 - 61 + 3 + 18 1 0 0 - 0 0 - 0 - 0 0 ..\MDK-ARM\config\RTX_Conf_CM.c RTX_Conf_CM.c @@ -1516,15 +812,12 @@ 0 - 6 - 62 + 3 + 19 1 0 0 - 0 0 - 0 - 0 0 ..\MDK-ARM\config\Net_Debug.c Net_Debug.c @@ -1532,122 +825,174 @@ 0 - 6 - 63 + 3 + 20 5 0 0 - 0 0 - 1 - 1 0 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-FS.h 0 0 - 6 - 64 + 3 + 21 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-RTX-TCP-FS.h 0 0 - 6 - 65 + 3 + 22 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h config-BARE-METAL.h 0 0 - 6 - 66 + 3 + 23 2 0 0 - 0 0 - 152 - 169 0 - ..\MDK-ARM\config\startup_stm32f2xx.s + ..\STM32F2xx\startup_stm32f2xx.s startup_stm32f2xx.s 0 0 + + 3 + 24 + 1 + 0 + 0 + 0 + 0 + C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + File_Config.c + 0 + 0 + + + 3 + 25 + 5 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + config-WOLFLIB.h + 0 + 0 + - CyaSSL-MDK + wolfSSL-MDK 1 0 0 0 - 7 - 67 + 4 + 26 1 0 0 - 0 0 - 182 - 222 0 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - cyassl_MDK_ARM.c - 0 - 0 - - - 7 - 68 - 1 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c Retarget.c 0 0 - 7 - 69 + 4 + 27 1 0 0 - 1 0 - 0 - 0 0 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c - time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + time-CortexM3-4.c + 0 + 0 + + + 4 + 28 + 1 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\time-dummy.c + time-dummy.c + 0 + 0 + + + 4 + 29 + 1 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + wolfssl_MDK_ARM.c + 0 + 0 + + + 4 + 30 + 1 + 0 + 0 + 0 + 0 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + Serial.c + 0 + 0 + + + + + wolfSSL-Lib + 1 + 0 + 0 + 0 + + 5 + 31 + 4 + 0 + 0 + 0 + 0 + .\wolfSSL-lib\wolfSSL.lib + wolfSSL.lib 0 0 diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj index f7cf9b176..345a4d485 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj +++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj @@ -30,6 +30,7 @@ SFD\ST\STM32F2xx\STM32F20x.sfr + 0 0 @@ -71,6 +72,8 @@ 0 0 + 0 + 0 0 @@ -97,6 +100,7 @@ 3 + 1 SARMCM3.DLL @@ -126,20 +130,22 @@ 1 1 0 + 1 1 1 - 0 + 1 1 1 1 0 1 0 + 1 0 - 9 + 7 @@ -152,7 +158,7 @@ - ..\MDK-ARM\config\STM32_SWO.ini + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini BIN\ULP2CM3.DLL @@ -169,6 +175,10 @@ BIN\ULP2CM3.DLL "" () + + + + 0 @@ -347,11 +357,13 @@ 0 0 0 + 0 + 0 HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS - ..\MDK-ARM\CyaSSL;C:..\STM32F2xx_StdPeriph_Lib\inc;..\..\..\ + ..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC @@ -363,6 +375,7 @@ 0 0 0 + 0 @@ -379,6 +392,7 @@ 0 0x08000000 0x20000000 + @@ -390,8 +404,38 @@ - CyaSSL Apps + wolfSSL Apps + + client.c + 1 + ..\..\..\examples\client\client.c + + + shell.c + 1 + ..\MDK-ARM\wolfSSL\shell.c + + + server.c + 1 + ..\..\..\examples\server\server.c + + + main.c + 1 + ..\MDK-ARM\wolfSSL\main.c + + + test.c + 1 + ..\..\..\wolfcrypt\test\test.c + + + benchmark.c + 1 + ..\..\..\wolfcrypt\benchmark\benchmark.c + echoclient.c 1 @@ -402,78 +446,25 @@ 1 ..\..\..\examples\echoserver\echoserver.c - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - server.c - 1 - ..\..\..\examples\server\server.c - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - STM32F2xx_StdPeriph_Lib - MDK-ARM - - Serial.c - 1 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - - - SDIO_STM32F2xx.c - 1 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - RTX_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib ETH_STM32F2xx.c 1 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c TCPD_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib 2 @@ -489,6 +480,7 @@ 11 + 1 @@ -496,313 +488,28 @@ TCP_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib system_stm32f2xx.c 1 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - internal.c + SDIO_STM32F2xx.c 1 - ..\..\..\src\internal.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + FS_CM3.lib + 4 + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib Configuration - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - Net_Config.c 1 @@ -811,7 +518,7 @@ config.h 5 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h RTX_Conf_CM.c @@ -837,6 +544,7 @@ 11 + 1 @@ -853,6 +561,8 @@ 0 2 2 + 2 + 2 @@ -866,42 +576,91 @@ config-FS.h 5 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-RTX-TCP-FS.h 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-BARE-METAL.h 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h startup_stm32f2xx.s 2 - ..\MDK-ARM\config\startup_stm32f2xx.s + ..\STM32F2xx\startup_stm32f2xx.s + + + File_Config.c + 1 + C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h - CyaSSL-MDK + wolfSSL-MDK - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - Retarget.c 1 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c - time-STM32F2xx.c + time-CortexM3-4.c 1 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + + + time-dummy.c + 1 + ..\MDK-ARM\wolfSSL\time-dummy.c + + + wolfssl_MDK_ARM.c + 1 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + + + Serial.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + + + + + wolfSSL-Lib + + + wolfSSL.lib + 4 + .\wolfSSL-lib\wolfSSL.lib + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + @@ -931,6 +690,7 @@ SFD\ST\STM32F2xx\STM32F20x.sfr + 0 0 @@ -972,6 +732,8 @@ 0 0 + 0 + 0 0 @@ -998,6 +760,7 @@ 3 + 1 SARMCM3.DLL @@ -1027,6 +790,7 @@ 1 1 0 + 1 1 @@ -1038,9 +802,10 @@ 0 1 0 + 1 0 - 9 + 1 @@ -1053,8 +818,8 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL @@ -1066,10 +831,14 @@ 1 4100 - 0 + 1 BIN\ULP2CM3.DLL "" () + + + + 0 @@ -1248,11 +1017,13 @@ 0 0 0 + 0 + 0 - HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS + HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM MDK_CONF_FS - ..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX\..\..\..\ + ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\ @@ -1264,6 +1035,7 @@ 0 0 0 + 0 @@ -1280,6 +1052,7 @@ 0 0x08000000 0x20000000 + @@ -1291,8 +1064,124 @@ - CyaSSL Apps + wolfSSL Apps + + client.c + 1 + ..\..\..\examples\client\client.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 0 + 2 + 2 + 2 + 2 + + + + + + + + + + + + shell.c + 1 + ..\MDK-ARM\wolfSSL\shell.c + + + server.c + 1 + ..\..\..\examples\server\server.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 0 + 2 + 2 + 2 + 2 + + + + + + + + + + + + main.c + 1 + ..\MDK-ARM\wolfSSL\main.c + + + test.c + 1 + ..\..\..\wolfcrypt\test\test.c + + + benchmark.c + 1 + ..\..\..\wolfcrypt\benchmark\benchmark.c + echoclient.c 1 @@ -1312,6 +1201,7 @@ 11 + 1 @@ -1325,9 +1215,11 @@ 2 2 2 - 0 + 2 2 2 + 2 + 2 @@ -1357,6 +1249,7 @@ 11 + 1 @@ -1370,9 +1263,11 @@ 2 2 2 - 0 + 2 2 2 + 2 + 2 @@ -1383,148 +1278,15 @@ - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - server.c - 1 - ..\..\..\examples\server\server.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - STM32F2xx_StdPeriph_Lib - MDK-ARM - - Serial.c - 1 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - - - SDIO_STM32F2xx.c - 1 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - RTX_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib 2 @@ -1532,7 +1294,7 @@ 0 0 0 - 0 + 1 2 2 2 @@ -1540,6 +1302,7 @@ 11 + 1 @@ -1547,7 +1310,7 @@ ETH_STM32F2xx.c 1 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c 2 @@ -1563,6 +1326,7 @@ 11 + 1 @@ -1579,6 +1343,8 @@ 0 2 2 + 2 + 2 @@ -1592,7 +1358,7 @@ TCPD_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib 2 @@ -1608,6 +1374,7 @@ 11 + 1 @@ -1615,7 +1382,7 @@ TCP_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib 2 @@ -1631,6 +1398,7 @@ 11 + 1 @@ -1638,548 +1406,23 @@ system_stm32f2xx.c 1 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - internal.c + SDIO_STM32F2xx.c 1 - ..\..\..\src\internal.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c - io.c - 1 - ..\..\..\src\io.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - keys.c - 1 - ..\..\..\src\keys.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - tls.c - 1 - ..\..\..\src\tls.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c + FS_CM3.lib + 4 + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib Configuration - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - Net_Config.c 1 @@ -2199,6 +1442,7 @@ 11 + 1 @@ -2215,6 +1459,8 @@ 0 2 2 + 2 + 2 @@ -2228,7 +1474,7 @@ config.h 5 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h RTX_Conf_CM.c @@ -2249,6 +1495,7 @@ 11 + 1 @@ -2265,6 +1512,8 @@ 0 2 2 + 2 + 2 @@ -2294,6 +1543,7 @@ 11 + 1 @@ -2310,6 +1560,8 @@ 0 2 2 + 2 + 2 @@ -2323,42 +1575,72 @@ config-FS.h 5 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-RTX-TCP-FS.h 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-BARE-METAL.h 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h startup_stm32f2xx.s 2 - ..\MDK-ARM\config\startup_stm32f2xx.s + ..\STM32F2xx\startup_stm32f2xx.s + + + File_Config.c + 1 + C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h - CyaSSL-MDK + wolfSSL-MDK - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - Retarget.c 1 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c - time-STM32F2xx.c + time-CortexM3-4.c 1 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + + + time-dummy.c + 1 + ..\MDK-ARM\wolfSSL\time-dummy.c + + + wolfssl_MDK_ARM.c + 1 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + + + Serial.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + + + + + wolfSSL-Lib + + + wolfSSL.lib + 4 + .\wolfSSL-lib\wolfSSL.lib @@ -2388,6 +1670,7 @@ SFD\ST\STM32F2xx\STM32F20x.sfr + 0 0 @@ -2401,8 +1684,8 @@ 0 1 - .\MDK-BARE-METAL\ - STM32F2xx-MDK-BARE-METAL + .\MDK-BAREMETAL\ + STM32F2xx-BARE-METAL 1 0 0 @@ -2429,6 +1712,8 @@ 0 0 + 0 + 0 0 @@ -2455,6 +1740,7 @@ 3 + 1 SARMCM3.DLL @@ -2484,6 +1770,7 @@ 1 1 0 + 1 1 @@ -2495,9 +1782,10 @@ 0 1 0 + 1 0 - 9 + 1 @@ -2510,8 +1798,8 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL @@ -2523,10 +1811,14 @@ 1 4100 - 0 + 1 BIN\ULP2CM3.DLL "" () + + + + 0 @@ -2542,11 +1834,11 @@ 1 1 0 - 1 + 0 1 0 0 - 1 + 0 1 1 1 @@ -2705,11 +1997,13 @@ 0 0 0 + 0 + 0 HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_BARE_METAL - ..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX;..\..\..\ + ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\ @@ -2721,6 +2015,7 @@ 0 0 0 + 0 @@ -2737,6 +2032,7 @@ 0 0x08000000 0x20000000 + @@ -2748,108 +2044,8 @@ - CyaSSL Apps + wolfSSL Apps - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - client.c 1 @@ -2869,6 +2065,7 @@ 11 + 1 @@ -2885,6 +2082,56 @@ 0 2 2 + 2 + 2 + + + + + + + + + + + + shell.c + 1 + ..\MDK-ARM\wolfSSL\shell.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 @@ -2914,6 +2161,7 @@ 11 + 1 @@ -2930,6 +2178,8 @@ 0 2 2 + 2 + 2 @@ -2940,106 +2190,212 @@ - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - main.c 1 - ..\MDK-ARM\CyaSSL\main.c + ..\MDK-ARM\wolfSSL\main.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + - cert_data.c + test.c 1 - ..\MDK-ARM\CyaSSL\cert_data.c + ..\..\..\wolfcrypt\test\test.c + + + benchmark.c + 1 + ..\..\..\wolfcrypt\benchmark\benchmark.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + echoclient.c + 1 + ..\..\..\examples\echoclient\echoclient.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + echoserver.c + 1 + ..\..\..\examples\echoserver\echoserver.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + - - STM32F2xx_StdPeriph_Lib - MDK-ARM - - Serial.c - 1 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - - - SDIO_STM32F2xx.c - 1 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - RTX_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib 2 @@ -3047,7 +2403,7 @@ 0 0 0 - 0 + 1 2 2 2 @@ -3055,6 +2411,7 @@ 11 + 1 @@ -3062,7 +2419,7 @@ ETH_STM32F2xx.c 1 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c 2 @@ -3078,6 +2435,7 @@ 11 + 1 @@ -3094,6 +2452,8 @@ 0 2 2 + 2 + 2 @@ -3107,7 +2467,7 @@ TCPD_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib 2 @@ -3123,6 +2483,7 @@ 11 + 1 @@ -3130,7 +2491,7 @@ TCP_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib 2 @@ -3146,6 +2507,7 @@ 11 + 1 @@ -3153,17 +2515,12 @@ system_stm32f2xx.c 1 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - - - - CyaSSL Library - - crl.c + SDIO_STM32F2xx.c 1 - ..\..\..\src\crl.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c 2 @@ -3179,6 +2536,7 @@ 11 + 1 @@ -3192,9 +2550,11 @@ 2 2 2 - 0 + 2 2 2 + 2 + 2 @@ -3206,575 +2566,15 @@ - internal.c - 1 - ..\..\..\src\internal.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - io.c - 1 - ..\..\..\src\io.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - keys.c - 1 - ..\..\..\src\keys.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - tls.c - 1 - ..\..\..\src\tls.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + FS_CM3.lib + 4 + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib Configuration - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - Net_Config.c 1 @@ -3794,6 +2594,7 @@ 11 + 1 @@ -3810,6 +2611,8 @@ 0 2 2 + 2 + 2 @@ -3823,7 +2626,7 @@ config.h 5 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h RTX_Conf_CM.c @@ -3844,6 +2647,7 @@ 11 + 1 @@ -3860,6 +2664,8 @@ 0 2 2 + 2 + 2 @@ -3889,6 +2695,7 @@ 11 + 1 @@ -3905,6 +2712,8 @@ 0 2 2 + 2 + 2 @@ -3918,42 +2727,244 @@ config-FS.h 5 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-RTX-TCP-FS.h 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-BARE-METAL.h 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h startup_stm32f2xx.s 2 - ..\MDK-ARM\config\startup_stm32f2xx.s + ..\STM32F2xx\startup_stm32f2xx.s + + + File_Config.c + 1 + C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h - CyaSSL-MDK + wolfSSL-MDK - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - Retarget.c 1 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + - time-STM32F2xx.c + time-CortexM3-4.c 1 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + + + time-dummy.c + 1 + ..\MDK-ARM\wolfSSL\time-dummy.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + wolfssl_MDK_ARM.c + 1 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + Serial.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + + + + + wolfSSL-Lib + + + wolfSSL.lib + 4 + .\wolfSSL-lib\wolfSSL.lib diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt similarity index 55% rename from IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt rename to IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt index 1e83de18e..973311568 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt +++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt @@ -13,6 +13,7 @@ *.txt; *.h; *.inc *.plm *.cpp + 0 @@ -21,16 +22,17 @@ - MDK-RTX-TCP-FS + MDK-RTX-TCP-FS-Lib 0x4 ARM-ADS - 12000000 + 25000000 1 - 0 - 1 - 0 + 1 + 0 + 1 + 0 1 @@ -43,7 +45,7 @@ 79 66 8 - .\Lst\ + .\Flash\ 1 @@ -75,17 +77,358 @@ 0 1 - 8 - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - + 255 + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + 1 + 0 + 0 + 7 + + + + + + + + + + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\ULP2CM3.DLL + + + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + 0 + DLGTARM + (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) + + + 0 + ARMDBGFLAGS + + + + 0 + DLGUARM + + + + 0 + ULP2CM3 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + + + 0 + + + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + + + + + + + + MDK-FS-Lib + 0x4 + ARM-ADS + + 25000000 + + 1 + 1 + 1 + 0 + 0 + + + 1 + 65535 + 0 + 0 + 0 + + + 79 + 66 + 8 + .\Flash\ + + + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + + + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + + + 1 + 0 + 0 + + 255 + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + + + + + + + + + + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + 0 + DLGTARM + (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) + + + 0 + ARMDBGFLAGS + + + + 0 + DLGUARM + (105=-1,-1,-1,-1,0) + + + 0 + ULP2CM3 + -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + + + 0 + 0 + 150 + 1 +
134219020
+ 0 + 0 + 0 + 0 + 0 + 1 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c + + + + + 1 + 0 + 542 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c + + + + + + 0 + + + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + + + + + + + + wolfSSL-Lib + 0x4 + ARM-ADS + + 25000000 + + 1 + 1 + 1 + 0 + 0 + + + 1 + 65535 + 0 + 0 + 0 + + + 79 + 66 + 8 + .\Flash\ + + + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + + + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + + + 1 + 0 + 0 + + 255 0 1 @@ -104,9 +447,11 @@ 0 1 0 + 1 + 1 0 0 - 9 + 1 @@ -116,10 +461,20 @@ - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + 0 DLGTARM @@ -133,29 +488,48 @@ 0 DLGUARM - + (105=-1,-1,-1,-1,0) 0 ULP2CM3 - -UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 - - - - 1 - 0 - 0x10005960 - - - - - 0 - Reset Peripherals - Per_Reset() - - + + + 0 + 0 + 150 + 1 +
134218980
+ 0 + 0 + 0 + 0 + 0 + 1 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c + + + + + 1 + 0 + 542 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c + + + + 0 @@ -170,347 +544,7 @@ 1 0 0 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - MDK-FS - 0x4 - ARM-ADS - - 12000000 - - 1 - 1 - 1 - 0 - - - 1 - 65535 - 0 - 0 - 0 - - - 79 - 66 - 8 - .\Lst\ - - - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - - - 1 - 0 - 0 - - 8 - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 9 - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - 0 - DLGTARM - (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) - - - 0 - ARMDBGFLAGS - - - - 0 - DLGUARM - - - - 0 - ULP2CM3 - -UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000 - - - - - - 1 - 0 - 0x10005960 - - - - - 0 - Reset Peripherals - Per_Reset() - - - - 0 - - - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - MDK-BARE-METAL - 0x4 - ARM-ADS - - 12000000 - - 1 - 1 - 1 - 0 - - - 1 - 65535 - 0 - 0 - 0 - - - 79 - 66 - 8 - .\Lst\ - - - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - - - 1 - 0 - 0 - - 8 - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 9 - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - 0 - DLGTARM - (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) - - - 0 - ARMDBGFLAGS - - - - 0 - DLGUARM - - - - 0 - ULP2CM3 - -UP1135060 -O975 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000 - - - - - - 1 - 0 - 0x10005960 - - - - - 0 - Reset Peripherals - Per_Reset() - - - - 0 - - - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 1 + 0 0 0 0 @@ -531,24 +565,21 @@ - CyaSSL Apps - 1 + Crypt + 0 0 0 0 1 1 - 1 + 5 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoclient\echoclient.c - echoclient.c + ..\MDK-ARM\wolfSSL\config-FS.h + config-FS.h 0 0 @@ -558,13 +589,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoserver\echoserver.c - echoserver.c + ..\..\..\wolfcrypt\src\aes.c + aes.c 0 0 @@ -574,13 +602,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\ctaocrypt\test\test.c - test.c + ..\..\..\wolfcrypt\src\arc4.c + arc4.c 0 0 @@ -590,13 +615,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\ctaocrypt\benchmark\benchmark.c - benchmark.c + ..\..\..\wolfcrypt\src\asm.c + asm.c 0 0 @@ -606,13 +628,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\client\client.c - client.c + ..\..\..\wolfcrypt\src\asn.c + asn.c 0 0 @@ -622,13 +641,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\server\server.c - server.c + ..\..\..\wolfcrypt\src\blake2b.c + blake2b.c 0 0 @@ -638,13 +654,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\shell.c - shell.c + ..\..\..\wolfcrypt\src\camellia.c + camellia.c 0 0 @@ -654,13 +667,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\main.c - main.c + ..\..\..\wolfcrypt\src\chacha.c + chacha.c 0 0 @@ -670,242 +680,522 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\cert_data.c - cert_data.c + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + chacha20_poly1305.c 0 0 - - - - LPC43xx - 1 - 0 - 0 - 0 - 2 + 1 10 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - lpc43xx_rtc.c + ..\..\..\wolfcrypt\src\coding.c + coding.c 0 0 - 2 + 1 11 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - lpc43xx_timer.c + ..\..\..\wolfcrypt\src\compress.c + compress.c 0 0 - 2 + 1 12 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - lpc43xx_cgu.c + ..\..\..\wolfcrypt\src\curve25519.c + curve25519.c 0 0 - 2 + 1 13 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - lpc43xx_scu.c + ..\..\..\wolfcrypt\src\des3.c + des3.c + 0 + 0 + + + 1 + 14 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\dh.c + dh.c + 0 + 0 + + + 1 + 15 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\dsa.c + dsa.c + 0 + 0 + + + 1 + 16 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ecc.c + ecc.c + 0 + 0 + + + 1 + 17 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ecc_fp.c + ecc_fp.c + 0 + 0 + + + 1 + 18 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ed25519.c + ed25519.c + 0 + 0 + + + 1 + 19 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\error.c + error.c + 0 + 0 + + + 1 + 20 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\fe_operations.c + fe_operations.c + 0 + 0 + + + 1 + 21 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ge_operations.c + ge_operations.c + 0 + 0 + + + 1 + 22 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\hc128.c + hc128.c + 0 + 0 + + + 1 + 23 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\hmac.c + hmac.c + 0 + 0 + + + 1 + 24 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\integer.c + integer.c + 0 + 0 + + + 1 + 25 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\logging.c + logging.c + 0 + 0 + + + 1 + 26 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\md2.c + md2.c + 0 + 0 + + + 1 + 27 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\md4.c + md4.c + 0 + 0 + + + 1 + 28 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\md5.c + md5.c + 0 + 0 + + + 1 + 29 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\memory.c + memory.c + 0 + 0 + + + 1 + 30 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\pkcs7.c + pkcs7.c + 0 + 0 + + + 1 + 31 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\poly1305.c + poly1305.c + 0 + 0 + + + 1 + 32 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\pwdbased.c + pwdbased.c + 0 + 0 + + + 1 + 33 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\rabbit.c + rabbit.c + 0 + 0 + + + 1 + 34 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\random.c + random.c + 0 + 0 + + + 1 + 35 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ripemd.c + ripemd.c + 0 + 0 + + + 1 + 36 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\rsa.c + rsa.c + 0 + 0 + + + 1 + 37 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\sha.c + sha.c + 0 + 0 + + + 1 + 38 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\sha256.c + sha256.c + 0 + 0 + + + 1 + 39 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\sha512.c + sha512.c + 0 + 0 + + + 1 + 40 + 1 + 1 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\tfm.c + tfm.c + 0 + 0 + + + 1 + 41 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\wc_port.c + wc_port.c + 0 + 0 + + + 1 + 42 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\fe_low_mem.c + fe_low_mem.c + 0 + 0 + + + 1 + 43 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ge_low_mem.c + ge_low_mem.c + 0 + 0 + + + 1 + 44 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\hash.c + hash.c + 0 + 0 + + + 1 + 45 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\misc.c + misc.c + 0 + 0 + + + 1 + 46 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\srp.c + srp.c + 0 + 0 + + + 1 + 47 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\wc_encrypt.c + wc_encrypt.c 0 0 - MDK-ARM + SSL 1 0 0 0 - 3 - 14 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - FS_CM3.lib - 0 - 0 - - - 3 - 15 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - RTX_CM3.lib - 0 - 0 - - - 3 - 16 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - TCPD_CM3.lib - 0 - 0 - - - 3 - 17 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - TCP_CM3.lib - 0 - 0 - - - 3 - 18 + 2 + 48 1 0 0 - 0 0 - 0 - 0 - 0 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - Serial.c - 0 - 0 - - - 3 - 19 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - ETH_LPC43xx.c - 0 - 0 - - - 3 - 20 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - SDIO_LPC43xx.c - 0 - 0 - - - 3 - 21 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - system_LPC43xx.c - 0 - 0 - - - - - CyaSSL Library - 0 - 0 - 0 - 0 - - 4 - 22 - 1 - 0 - 0 - 0 - 0 - 0 - 0 0 ..\..\..\src\crl.c crl.c @@ -913,15 +1203,12 @@ 0 - 4 - 23 + 2 + 49 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\internal.c internal.c @@ -929,15 +1216,12 @@ 0 - 4 - 24 + 2 + 50 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\io.c io.c @@ -945,15 +1229,12 @@ 0 - 4 - 25 + 2 + 51 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\keys.c keys.c @@ -961,15 +1242,12 @@ 0 - 4 - 26 + 2 + 52 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\ocsp.c ocsp.c @@ -977,15 +1255,12 @@ 0 - 4 - 27 + 2 + 53 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\sniffer.c sniffer.c @@ -993,15 +1268,12 @@ 0 - 4 - 28 + 2 + 54 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\ssl.c ssl.c @@ -1009,746 +1281,75 @@ 0 - 4 - 29 + 2 + 55 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\tls.c tls.c 0 0 - - 4 - 30 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - ssl-dummy.c - 0 - 0 - - Crypt/Cipher Library + Config 1 0 0 0 - 5 - 31 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\aes.c - aes.c - 0 - 0 - - - 5 - 32 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\arc4.c - arc4.c - 0 - 0 - - - 5 - 33 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asm.c - asm.c - 0 - 0 - - - 5 - 34 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asn.c - asn.c - 0 - 0 - - - 5 - 35 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\camellia.c - camellia.c - 0 - 0 - - - 5 - 36 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\coding.c - coding.c - 0 - 0 - - - 5 - 37 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\des3.c - des3.c - 0 - 0 - - - 5 - 38 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dh.c - dh.c - 0 - 0 - - - 5 - 39 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dsa.c - dsa.c - 0 - 0 - - - 5 - 40 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc.c - ecc.c - 0 - 0 - - - 5 - 41 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc_fp.c - ecc_fp.c - 0 - 0 - - - 5 - 42 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\error.c - error.c - 0 - 0 - - - 5 - 43 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hc128.c - hc128.c - 0 - 0 - - - 5 - 44 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hmac.c - hmac.c - 0 - 0 - - - 5 - 45 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\integer.c - integer.c - 0 - 0 - - - 5 - 46 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\logging.c - logging.c - 0 - 0 - - - 5 - 47 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md2.c - md2.c - 0 - 0 - - - 5 - 48 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md4.c - md4.c - 0 - 0 - - - 5 - 49 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md5.c - md5.c - 0 - 0 - - - 5 - 50 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\memory.c - memory.c - 0 - 0 - - - 5 - 51 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\misc.c - misc.c - 0 - 0 - - - 5 - 52 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\pwdbased.c - pwdbased.c - 0 - 0 - - - 5 - 53 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\rabbit.c - rabbit.c - 0 - 0 - - - 5 - 54 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\random.c - random.c - 0 - 0 - - - 5 - 55 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ripemd.c - ripemd.c - 0 - 0 - - - 5 + 3 56 - 1 + 5 0 0 - 0 0 - 0 - 0 0 - ..\..\..\ctaocrypt\src\rsa.c - rsa.c + .\Readme.txt + Readme.txt 0 0 - 5 + 3 57 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha.c - sha.c - 0 - 0 - - - 5 - 58 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha256.c - sha256.c - 0 - 0 - - - 5 - 59 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha512.c - sha512.c - 0 - 0 - - - 5 - 60 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\tfm.c - tfm.c - 0 - 0 - - - 5 - 61 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\wc_port.c - wc_port.c - 0 - 0 - - - - - Configuration - 1 - 0 - 0 - 0 - - 6 - 62 - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\File_Config.c - File_Config.c - 0 - 0 - - - 6 - 63 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\Net_Config.c - Net_Config.c - 0 - 0 - - - 6 - 64 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config.h - config.h - 0 - 0 - - - 6 - 65 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\RTX_Conf_CM.c - RTX_Conf_CM.c - 0 - 0 - - - 6 - 66 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\Net_Debug.c - Net_Debug.c - 0 - 0 - - - 6 - 67 - 5 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\config-FS.h - config-FS.h - 0 - 0 - - - 6 - 68 - 5 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - config-RTX-TCP-FS.h - 0 - 0 - - - 6 - 69 - 5 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h config-BARE-METAL.h 0 0 - 6 - 70 - 2 + 3 + 58 + 5 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\startup_LPC43xx.s - startup_LPC43xx.s - 0 - 0 - - - - - CyaSSL-MDK - 1 - 0 - 0 - 0 - - 7 - 71 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - cyassl_MDK_ARM.c + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + config-RTX-TCP-FS.h 0 0 - 7 - 72 - 1 + 3 + 59 + 5 0 0 - 8 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\Retarget.c - Retarget.c - 0 - 0 - - - 7 - 73 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\LPC43xx\time-LCP43xx.c - time-LCP43xx.c + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + config-WOLFLIB.h 0 0 diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj new file mode 100644 index 000000000..7997abb80 --- /dev/null +++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj @@ -0,0 +1,2138 @@ + + + + 1.1 + +
### uVision Project, (C) Keil Software
+ + + + MDK-RTX-TCP-FS-Lib + 0x4 + ARM-ADS + + + STM32F207IG + STMicroelectronics + IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3") + + "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code") + UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000) + 5124 + stm32f2xx.h + + + + + + + + + + SFD\ST\STM32F2xx\STM32F20x.sfr + 0 + 0 + + + + ST\STM32F2xx\ + ST\STM32F2xx\ + + 0 + 0 + 0 + 0 + 1 + + .\wolfSSL-Lib\ + wolfSSL + 0 + 1 + 0 + 1 + 1 + .\Flash\ + 1 + 0 + 0 + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + + 0 + + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 3 + + + 1 + + + SARMCM3.DLL + -MPU + DARMSTM.DLL + -pSTM32F207IG + SARMCM3.DLL + -MPU + TARMSTM.DLL + -pSTM32F207IG + + + + 1 + 0 + 0 + 0 + 16 + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + + + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + + 0 + 7 + + + + + + + + + + + + + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\ULP2CM3.DLL + + + + + 1 + 0 + 0 + 1 + 1 + 4100 + + 1 + BIN\ULP2CM3.DLL + "" () + + + + + 0 + + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + "Cortex-M3" + + 1 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 8 + 0 + 0 + 0 + 3 + 3 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 1 + 0x8000000 + 0x100000 + + + 0 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x8000000 + 0x100000 + + + 1 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 0 + 0x0 + 0x0 + + + + + + 1 + 4 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS + + ..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + 1 + 0 + 0x08000000 + 0x20000000 + + + + + + + + + + + + + Crypt + + + config-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-FS.h + + + aes.c + 1 + ..\..\..\wolfcrypt\src\aes.c + + + arc4.c + 1 + ..\..\..\wolfcrypt\src\arc4.c + + + asm.c + 1 + ..\..\..\wolfcrypt\src\asm.c + + + asn.c + 1 + ..\..\..\wolfcrypt\src\asn.c + + + blake2b.c + 1 + ..\..\..\wolfcrypt\src\blake2b.c + + + camellia.c + 1 + ..\..\..\wolfcrypt\src\camellia.c + + + chacha.c + 1 + ..\..\..\wolfcrypt\src\chacha.c + + + chacha20_poly1305.c + 1 + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + coding.c + 1 + ..\..\..\wolfcrypt\src\coding.c + + + compress.c + 1 + ..\..\..\wolfcrypt\src\compress.c + + + curve25519.c + 1 + ..\..\..\wolfcrypt\src\curve25519.c + + + des3.c + 1 + ..\..\..\wolfcrypt\src\des3.c + + + dh.c + 1 + ..\..\..\wolfcrypt\src\dh.c + + + dsa.c + 1 + ..\..\..\wolfcrypt\src\dsa.c + + + ecc.c + 1 + ..\..\..\wolfcrypt\src\ecc.c + + + ecc_fp.c + 1 + ..\..\..\wolfcrypt\src\ecc_fp.c + + + ed25519.c + 1 + ..\..\..\wolfcrypt\src\ed25519.c + + + error.c + 1 + ..\..\..\wolfcrypt\src\error.c + + + fe_operations.c + 1 + ..\..\..\wolfcrypt\src\fe_operations.c + + + ge_operations.c + 1 + ..\..\..\wolfcrypt\src\ge_operations.c + + + hc128.c + 1 + ..\..\..\wolfcrypt\src\hc128.c + + + hmac.c + 1 + ..\..\..\wolfcrypt\src\hmac.c + + + integer.c + 1 + ..\..\..\wolfcrypt\src\integer.c + + + logging.c + 1 + ..\..\..\wolfcrypt\src\logging.c + + + md2.c + 1 + ..\..\..\wolfcrypt\src\md2.c + + + md4.c + 1 + ..\..\..\wolfcrypt\src\md4.c + + + md5.c + 1 + ..\..\..\wolfcrypt\src\md5.c + + + memory.c + 1 + ..\..\..\wolfcrypt\src\memory.c + + + pkcs7.c + 1 + ..\..\..\wolfcrypt\src\pkcs7.c + + + poly1305.c + 1 + ..\..\..\wolfcrypt\src\poly1305.c + + + pwdbased.c + 1 + ..\..\..\wolfcrypt\src\pwdbased.c + + + rabbit.c + 1 + ..\..\..\wolfcrypt\src\rabbit.c + + + random.c + 1 + ..\..\..\wolfcrypt\src\random.c + + + ripemd.c + 1 + ..\..\..\wolfcrypt\src\ripemd.c + + + rsa.c + 1 + ..\..\..\wolfcrypt\src\rsa.c + + + sha.c + 1 + ..\..\..\wolfcrypt\src\sha.c + + + sha256.c + 1 + ..\..\..\wolfcrypt\src\sha256.c + + + sha512.c + 1 + ..\..\..\wolfcrypt\src\sha512.c + + + tfm.c + 1 + ..\..\..\wolfcrypt\src\tfm.c + + + wc_port.c + 1 + ..\..\..\wolfcrypt\src\wc_port.c + + + fe_low_mem.c + 1 + ..\..\..\wolfcrypt\src\fe_low_mem.c + + + ge_low_mem.c + 1 + ..\..\..\wolfcrypt\src\ge_low_mem.c + + + hash.c + 1 + ..\..\..\wolfcrypt\src\hash.c + + + misc.c + 1 + ..\..\..\wolfcrypt\src\misc.c + + + srp.c + 1 + ..\..\..\wolfcrypt\src\srp.c + + + wc_encrypt.c + 1 + ..\..\..\wolfcrypt\src\wc_encrypt.c + + + + + SSL + + + crl.c + 1 + ..\..\..\src\crl.c + + + internal.c + 1 + ..\..\..\src\internal.c + + + io.c + 1 + ..\..\..\src\io.c + + + keys.c + 1 + ..\..\..\src\keys.c + + + ocsp.c + 1 + ..\..\..\src\ocsp.c + + + sniffer.c + 1 + ..\..\..\src\sniffer.c + + + ssl.c + 1 + ..\..\..\src\ssl.c + + + tls.c + 1 + ..\..\..\src\tls.c + + + + + Config + + + Readme.txt + 5 + .\Readme.txt + + + config-BARE-METAL.h + 5 + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h + + + config-RTX-TCP-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + + + + + + + MDK-FS-Lib + 0x4 + ARM-ADS + + + STM32F207IG + STMicroelectronics + IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3") + + "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code") + UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000) + 5124 + stm32f2xx.h + + + + + + + + + + SFD\ST\STM32F2xx\STM32F20x.sfr + 0 + 0 + + + + ST\STM32F2xx\ + ST\STM32F2xx\ + + 0 + 0 + 0 + 0 + 1 + + .\wolfSSL-Lib\ + wolfSSL + 0 + 1 + 0 + 1 + 1 + .\Flash\ + 1 + 0 + 0 + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + + 0 + + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 3 + + + 1 + + + SARMCM3.DLL + -MPU + DARMSTM.DLL + -pSTM32F207IG + SARMCM3.DLL + -MPU + TARMSTM.DLL + -pSTM32F207IG + + + + 1 + 0 + 0 + 0 + 16 + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + + + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + + 0 + 1 + + + + + + + + + + + + + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + + + + 1 + 0 + 0 + 1 + 1 + 4100 + + 1 + BIN\ULP2CM3.DLL + "" () + + + + + 0 + + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + "Cortex-M3" + + 0 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 8 + 0 + 0 + 0 + 3 + 3 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 1 + 0x8000000 + 0x100000 + + + 0 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x8000000 + 0x100000 + + + 1 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 0 + 0x0 + 0x0 + + + + + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS + + ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\ + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + 1 + 0 + 0x08000000 + 0x20000000 + + + + + + + + + + + + + Crypt + + + config-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-FS.h + + + aes.c + 1 + ..\..\..\wolfcrypt\src\aes.c + + + arc4.c + 1 + ..\..\..\wolfcrypt\src\arc4.c + + + asm.c + 1 + ..\..\..\wolfcrypt\src\asm.c + + + asn.c + 1 + ..\..\..\wolfcrypt\src\asn.c + + + blake2b.c + 1 + ..\..\..\wolfcrypt\src\blake2b.c + + + camellia.c + 1 + ..\..\..\wolfcrypt\src\camellia.c + + + chacha.c + 1 + ..\..\..\wolfcrypt\src\chacha.c + + + chacha20_poly1305.c + 1 + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + coding.c + 1 + ..\..\..\wolfcrypt\src\coding.c + + + compress.c + 1 + ..\..\..\wolfcrypt\src\compress.c + + + curve25519.c + 1 + ..\..\..\wolfcrypt\src\curve25519.c + + + des3.c + 1 + ..\..\..\wolfcrypt\src\des3.c + + + dh.c + 1 + ..\..\..\wolfcrypt\src\dh.c + + + dsa.c + 1 + ..\..\..\wolfcrypt\src\dsa.c + + + ecc.c + 1 + ..\..\..\wolfcrypt\src\ecc.c + + + ecc_fp.c + 1 + ..\..\..\wolfcrypt\src\ecc_fp.c + + + ed25519.c + 1 + ..\..\..\wolfcrypt\src\ed25519.c + + + error.c + 1 + ..\..\..\wolfcrypt\src\error.c + + + fe_operations.c + 1 + ..\..\..\wolfcrypt\src\fe_operations.c + + + ge_operations.c + 1 + ..\..\..\wolfcrypt\src\ge_operations.c + + + hc128.c + 1 + ..\..\..\wolfcrypt\src\hc128.c + + + hmac.c + 1 + ..\..\..\wolfcrypt\src\hmac.c + + + integer.c + 1 + ..\..\..\wolfcrypt\src\integer.c + + + logging.c + 1 + ..\..\..\wolfcrypt\src\logging.c + + + md2.c + 1 + ..\..\..\wolfcrypt\src\md2.c + + + md4.c + 1 + ..\..\..\wolfcrypt\src\md4.c + + + md5.c + 1 + ..\..\..\wolfcrypt\src\md5.c + + + memory.c + 1 + ..\..\..\wolfcrypt\src\memory.c + + + pkcs7.c + 1 + ..\..\..\wolfcrypt\src\pkcs7.c + + + poly1305.c + 1 + ..\..\..\wolfcrypt\src\poly1305.c + + + pwdbased.c + 1 + ..\..\..\wolfcrypt\src\pwdbased.c + + + rabbit.c + 1 + ..\..\..\wolfcrypt\src\rabbit.c + + + random.c + 1 + ..\..\..\wolfcrypt\src\random.c + + + ripemd.c + 1 + ..\..\..\wolfcrypt\src\ripemd.c + + + rsa.c + 1 + ..\..\..\wolfcrypt\src\rsa.c + + + sha.c + 1 + ..\..\..\wolfcrypt\src\sha.c + + + sha256.c + 1 + ..\..\..\wolfcrypt\src\sha256.c + + + sha512.c + 1 + ..\..\..\wolfcrypt\src\sha512.c + + + tfm.c + 1 + ..\..\..\wolfcrypt\src\tfm.c + + + wc_port.c + 1 + ..\..\..\wolfcrypt\src\wc_port.c + + + fe_low_mem.c + 1 + ..\..\..\wolfcrypt\src\fe_low_mem.c + + + ge_low_mem.c + 1 + ..\..\..\wolfcrypt\src\ge_low_mem.c + + + hash.c + 1 + ..\..\..\wolfcrypt\src\hash.c + + + misc.c + 1 + ..\..\..\wolfcrypt\src\misc.c + + + srp.c + 1 + ..\..\..\wolfcrypt\src\srp.c + + + wc_encrypt.c + 1 + ..\..\..\wolfcrypt\src\wc_encrypt.c + + + + + SSL + + + crl.c + 1 + ..\..\..\src\crl.c + + + internal.c + 1 + ..\..\..\src\internal.c + + + io.c + 1 + ..\..\..\src\io.c + + + keys.c + 1 + ..\..\..\src\keys.c + + + ocsp.c + 1 + ..\..\..\src\ocsp.c + + + sniffer.c + 1 + ..\..\..\src\sniffer.c + + + ssl.c + 1 + ..\..\..\src\ssl.c + + + tls.c + 1 + ..\..\..\src\tls.c + + + + + Config + + + Readme.txt + 5 + .\Readme.txt + + + config-BARE-METAL.h + 5 + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h + + + config-RTX-TCP-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + + + + + + + wolfSSL-Lib + 0x4 + ARM-ADS + + + STM32F207IG + STMicroelectronics + IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3") + + "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code") + UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000) + 5124 + stm32f2xx.h + + + + + + + + + + SFD\ST\STM32F2xx\STM32F20x.sfr + 0 + 0 + + + + ST\STM32F2xx\ + ST\STM32F2xx\ + + 0 + 0 + 0 + 0 + 1 + + .\wolfSSL-Lib\ + wolfSSL + 0 + 1 + 0 + 1 + 1 + .\Flash\ + 1 + 0 + 0 + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + + 0 + + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 3 + + + 1 + + + SARMCM3.DLL + -MPU + DARMSTM.DLL + -pSTM32F207IG + SARMCM3.DLL + -MPU + TARMSTM.DLL + -pSTM32F207IG + + + + 1 + 0 + 0 + 0 + 16 + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + + + 1 + 1 + 0 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + + 0 + 1 + + + + + + + + + + + + + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + + + + 1 + 0 + 0 + 1 + 1 + 4100 + + 1 + BIN\ULP2CM3.DLL + "" () + + + + + 0 + + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + 0 + 0 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + "Cortex-M3" + + 0 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 8 + 0 + 0 + 0 + 3 + 3 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 1 + 0x8000000 + 0x100000 + + + 0 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x8000000 + 0x100000 + + + 1 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 0 + 0x0 + 0x0 + + + + + + 1 + 4 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + HAVE_CONFIG_H MDK_WOLFLIB + + ..\..\..\;.\;..\MDK-ARM\wolfSSL + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + 1 + 0 + 0x08000000 + 0x20000000 + + + + + + + + + + + + + Crypt + + + config-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-FS.h + + + aes.c + 1 + ..\..\..\wolfcrypt\src\aes.c + + + arc4.c + 1 + ..\..\..\wolfcrypt\src\arc4.c + + + asm.c + 1 + ..\..\..\wolfcrypt\src\asm.c + + + asn.c + 1 + ..\..\..\wolfcrypt\src\asn.c + + + blake2b.c + 1 + ..\..\..\wolfcrypt\src\blake2b.c + + + camellia.c + 1 + ..\..\..\wolfcrypt\src\camellia.c + + + chacha.c + 1 + ..\..\..\wolfcrypt\src\chacha.c + + + chacha20_poly1305.c + 1 + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + coding.c + 1 + ..\..\..\wolfcrypt\src\coding.c + + + compress.c + 1 + ..\..\..\wolfcrypt\src\compress.c + + + curve25519.c + 1 + ..\..\..\wolfcrypt\src\curve25519.c + + + des3.c + 1 + ..\..\..\wolfcrypt\src\des3.c + + + dh.c + 1 + ..\..\..\wolfcrypt\src\dh.c + + + dsa.c + 1 + ..\..\..\wolfcrypt\src\dsa.c + + + ecc.c + 1 + ..\..\..\wolfcrypt\src\ecc.c + + + ecc_fp.c + 1 + ..\..\..\wolfcrypt\src\ecc_fp.c + + + ed25519.c + 1 + ..\..\..\wolfcrypt\src\ed25519.c + + + error.c + 1 + ..\..\..\wolfcrypt\src\error.c + + + fe_operations.c + 1 + ..\..\..\wolfcrypt\src\fe_operations.c + + + ge_operations.c + 1 + ..\..\..\wolfcrypt\src\ge_operations.c + + + hc128.c + 1 + ..\..\..\wolfcrypt\src\hc128.c + + + hmac.c + 1 + ..\..\..\wolfcrypt\src\hmac.c + + + integer.c + 1 + ..\..\..\wolfcrypt\src\integer.c + + + logging.c + 1 + ..\..\..\wolfcrypt\src\logging.c + + + md2.c + 1 + ..\..\..\wolfcrypt\src\md2.c + + + md4.c + 1 + ..\..\..\wolfcrypt\src\md4.c + + + md5.c + 1 + ..\..\..\wolfcrypt\src\md5.c + + + memory.c + 1 + ..\..\..\wolfcrypt\src\memory.c + + + pkcs7.c + 1 + ..\..\..\wolfcrypt\src\pkcs7.c + + + poly1305.c + 1 + ..\..\..\wolfcrypt\src\poly1305.c + + + pwdbased.c + 1 + ..\..\..\wolfcrypt\src\pwdbased.c + + + rabbit.c + 1 + ..\..\..\wolfcrypt\src\rabbit.c + + + random.c + 1 + ..\..\..\wolfcrypt\src\random.c + + + ripemd.c + 1 + ..\..\..\wolfcrypt\src\ripemd.c + + + rsa.c + 1 + ..\..\..\wolfcrypt\src\rsa.c + + + sha.c + 1 + ..\..\..\wolfcrypt\src\sha.c + + + sha256.c + 1 + ..\..\..\wolfcrypt\src\sha256.c + + + sha512.c + 1 + ..\..\..\wolfcrypt\src\sha512.c + + + tfm.c + 1 + ..\..\..\wolfcrypt\src\tfm.c + + + wc_port.c + 1 + ..\..\..\wolfcrypt\src\wc_port.c + + + fe_low_mem.c + 1 + ..\..\..\wolfcrypt\src\fe_low_mem.c + + + ge_low_mem.c + 1 + ..\..\..\wolfcrypt\src\ge_low_mem.c + + + hash.c + 1 + ..\..\..\wolfcrypt\src\hash.c + + + misc.c + 1 + ..\..\..\wolfcrypt\src\misc.c + + + srp.c + 1 + ..\..\..\wolfcrypt\src\srp.c + + + wc_encrypt.c + 1 + ..\..\..\wolfcrypt\src\wc_encrypt.c + + + + + SSL + + + crl.c + 1 + ..\..\..\src\crl.c + + + internal.c + 1 + ..\..\..\src\internal.c + + + io.c + 1 + ..\..\..\src\io.c + + + keys.c + 1 + ..\..\..\src\keys.c + + + ocsp.c + 1 + ..\..\..\src\ocsp.c + + + sniffer.c + 1 + ..\..\..\src\sniffer.c + + + ssl.c + 1 + ..\..\..\src\ssl.c + + + tls.c + 1 + ..\..\..\src\tls.c + + + + + Config + + + Readme.txt + 5 + .\Readme.txt + + + config-BARE-METAL.h + 5 + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h + + + config-RTX-TCP-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + + + + + + + + diff --git a/IDE/MDK-ARM/Projects/Readme.txt b/IDE/MDK-ARM/Projects/Readme.txt new file mode 100644 index 000000000..87ba83c96 --- /dev/null +++ b/IDE/MDK-ARM/Projects/Readme.txt @@ -0,0 +1,8 @@ + +Use appropriate config file for the target library. + +Configfile files Target +config-WOLFLIB.h: wolfSSL-Lib /* for general use wolfSSL library */ +config-BARE-METAL.h: MDK-BAREMETAL-Lib /* for linking with MDK-BAREMETAL target in MDK-ARM-STM32F2xx project */ +config-FS.h: MDK-FS-Lib /* for linking with MDK-FS target in MDK-ARM-STM32F2xx project */ +config-RTX-TCP-FS.h: MDK-RTX-TCP-FS-Lib /* for linking with MDK-RTX-TCP-FS target in MDK-ARM-STM32F2xx project */ diff --git a/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h b/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h new file mode 100644 index 000000000..e69de29bb diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 594d146cf..7910d50d1 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -29,11 +29,11 @@ #include #include -#if defined(CYASSL_MDK_ARM) +#if defined(WOLFSSL_MDK_ARM) #include #include - #if defined(CYASSL_MDK5) + #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" #include "rl_fs.h" #include "rl_net.h" @@ -41,7 +41,7 @@ #include "rtl.h" #endif - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif #include @@ -74,7 +74,7 @@ void echoclient_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ -#ifndef CYASSL_MDK_SHELL +#ifndef WOLFSSL_MDK_SHELL argc = ((func_args*)args)->argc; argv = ((func_args*)args)->argv; #endif @@ -103,7 +103,7 @@ void echoclient_test(void* args) doPSK = 1; #endif -#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_SHELL) +#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_SHELL) port = ((func_args*)args)->signal->port; #endif @@ -153,7 +153,7 @@ void echoclient_test(void* args) SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif - #if defined(CYASSL_MDK_ARM) + #if defined(WOLFSSL_MDK_ARM) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif @@ -194,7 +194,7 @@ void echoclient_test(void* args) break; } - #ifndef CYASSL_MDK_SHELL + #ifndef WOLFSSL_MDK_SHELL while (sendSz) { int got; if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) { @@ -260,7 +260,7 @@ void echoclient_test(void* args) args.argv = argv; CyaSSL_Init(); -#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) +#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) CyaSSL_Debugging_ON(); #endif #ifndef CYASSL_TIRTOS diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index db499ae08..999aa9b55 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -29,11 +29,11 @@ #include /* ecc_fp_free */ #endif -#if defined(CYASSL_MDK_ARM) +#if defined(WOLFSSL_MDK_ARM) #include #include - #if defined(CYASSL_MDK5) + #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" #include "rl_fs.h" #include "rl_net.h" @@ -41,7 +41,7 @@ #include "rtl.h" #endif - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif #include @@ -83,7 +83,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) int outCreated = 0; int shutDown = 0; int useAnyAddr = 0; - word16 port = yasslPort; + word16 port = wolfSSLPort; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; @@ -114,7 +114,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #endif #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ - !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ + !defined(CYASSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif diff --git a/examples/server/server.c b/examples/server/server.c index c0687a195..3163aae2f 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -34,11 +34,11 @@ #define WOLFSSL_TRACK_MEMORY #endif -#if defined(CYASSL_MDK_ARM) +#if defined(WOLFSSL_MDK_ARM) #include #include - #if defined(CYASSL_MDK5) + #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" #include "rl_fs.h" #include "rl_net.h" @@ -46,7 +46,7 @@ #include "rtl.h" #endif - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif #include #include @@ -179,7 +179,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int version = SERVER_DEFAULT_VERSION; int doCliCertCheck = 1; int useAnyAddr = 0; - word16 port = yasslPort; + word16 port = wolfSSLPort; int usePsk = 0; int useAnon = 0; int doDTLS = 0; @@ -659,7 +659,7 @@ while (1) { /* allow resume option */ if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) err_sys("SSL_write failed"); - #if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX) + #if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX) os_dly_wait(500) ; #elif defined (CYASSL_TIRTOS) Task_yield(); @@ -729,7 +729,7 @@ while (1) { /* allow resume option */ args.argv = argv; CyaSSL_Init(); -#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) +#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) CyaSSL_Debugging_ON(); #endif if (CurrentDir("_build")) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b17b44154..bfefcec3c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -113,19 +113,7 @@ #define XTIME(t1) mqx_time((t1)) #define XGMTIME(c, t) mqx_gmtime((c), (t)) #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) -#elif defined(WOLFSSL_MDK_ARM) - #if defined(WOLFSSL_MDK5) - #include "cmsis_os.h" - #else - #include - #endif - #undef RNG - #include "wolfssl_MDK_ARM.h" - #undef RNG - #define RNG wolfSSL_RNG /*for avoiding name conflict in "stm32f2xx.h" */ - #define XTIME(tl) (0) - #define XGMTIME(c, t) wolfssl_MDK_gmtime((c)) - #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) + #elif defined(USER_TIME) /* user time, and gmtime compatible functions, there is a gmtime implementation here that WINCE uses, so really just need some ticks @@ -1456,7 +1444,8 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) word32 seqSz, verSz, rawLen, intTotalLen = 0; word32 sizes[DSA_INTS]; int i, j, outLen, ret = 0, lbit; - + int err ; + byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; byte* tmps[DSA_INTS]; @@ -1496,7 +1485,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) if (lbit) tmps[i][sizes[i]-1] = 0x00; - int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); + err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); if (err == MP_OKAY) { sizes[i] += (rawLen-lbit); /* lbit included in rawLen */ intTotalLen += sizes[i]; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 71c62f99b..273eabf02 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -99,13 +99,7 @@ #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \ || !defined(NO_DH) /* include test cert and key buffers for use with NO_FILESYSTEM */ - #if defined(WOLFSSL_MDK_ARM) - #include "cert_data.h" - /* use certs_test.c for initial data, so other - commands can share the data. */ - #else #include - #endif #endif #if defined(WOLFSSL_MDK_ARM) diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 741d2531f..97048ffc2 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -67,13 +67,6 @@ typedef struct OS_Seed { #endif } OS_Seed; - -#if defined(WOLFSSL_MDK_ARM) -#undef RNG -#define RNG wolfSSL_RNG /* for avoiding name conflict in "stm32f2xx.h" */ -#endif - - #if defined(HAVE_HASHDRBG) || defined(NO_RC4) From 9af596dfffaf0657fdf37be7f88a35cb26ec0d89 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 12 Aug 2015 17:55:18 +0900 Subject: [PATCH 076/102] add config files --- .../MDK-ARM/wolfSSL/config-BARE-METAL.h | 292 +++++++++++++++ IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h | 329 ++++++++++++++++ .../MDK-ARM/wolfSSL/config-RTX-TCP-FS.h | 353 ++++++++++++++++++ IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h | 13 + IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h | 55 +++ wolfcrypt/benchmark/benchmark.c | 7 +- 6 files changed, 1043 insertions(+), 6 deletions(-) create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h new file mode 100644 index 000000000..5ce08dc3d --- /dev/null +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h @@ -0,0 +1,292 @@ +/* config-BEREFOOT.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +/**** wolfSSL for KEIL-RL Configuration ****/ + +#define __CORTEX_M3__ +#define WOLFSSL_MDK_ARM +#define NO_WRITEV +#define NO_WOLFSSL_DIR +//#define NO_MAIN_DRIVER + +#define WOLFSSL_DER_LOAD +#define HAVE_NULL_CIPHER + +#define SINGLE_THREADED +#define NO_FILESYSTEM +#define NO_TLS +#define WOLFSSL_USER_IO + +#define NO_ECHOSERVER +#define NO_ECHOCLIENT +#define NO_SIMPLE_SERVER +#define NO_SIMPLE_CLIENT + +// <<< Use Configuration Wizard in Context Menu >>> + +// Build Target: KEIL-BAREFOOT +// Single Threaded, No File System, No TCP-net +// +// Command Shell +#define MDK_CONF_SHELL 1 +#if MDK_CONF_SHELL == 1 +#define WOLFSSL_MDK_SHELL +#endif +// +// wolfSSL Apps +// Crypt/Cipher +// Cert Storage <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) +#define MDK_CONF_CERT_BUFF 1 +#if MDK_CONF_CERT_BUFF == 1 +#define USE_CERT_BUFFERS_1024 +#elif MDK_CONF_CERT_BUFF == 2 +#define USE_CERT_BUFFERS_2048 +#endif + +// Crypt/Cipher Test Suite +#define MDK_CONF_CTaoCryptTest 1 +#if MDK_CONF_CTaoCryptTest == 0 +#define NO_CRYPT_TEST +#endif +// +// Crypt/Cipher Benchmark +#define MDK_CONF_CTaoCryptBenchmark 1 +#if MDK_CONF_CTaoCryptBenchmark == 0 +#define NO_CRYPT_BENCHMARK +#define BENCH_EMBEDDED +#endif +// +// + +// STM32 Hardware Crypt +// STM32F2 Hardware RNG +#define MDK_CONF_STM32F2_RNG 0 +#if MDK_CONF_STM32F2_RNG == 1 +#define STM32F2_RNG +#else +#define NO_DEV_RANDOM +#endif +// +// STM32F2 Hardware Crypt +#define MDK_CONF_STM32F2_CRYPTO 0 +#if MDK_CONF_STM32F2_CRYPTO == 1 +#define STM32F2_CRYPTO +#endif +// + +// + + +// wolfCrypt Library + +// MD5, SHA, SHA-256, AES, RC4, ASN, RSA +// +// MD2 +#define MDK_CONF_MD2 0 +#if MDK_CONF_MD2 == 1 +#define WOLFSSL_MD2 +#endif +// +// MD4 +#define MDK_CONF_MD4 1 +#if MDK_CONF_MD4 == 0 +#define NO_MD4 +#endif +// +// SHA-384 +// This has to be with SHA512 +#define MDK_CONF_SHA384 0 +#if MDK_CONF_SHA384 == 1 +#define WOLFSSL_SHA384 +#endif +// +// SHA-512 +#define MDK_CONF_SHA512 0 +#if MDK_CONF_SHA512 == 1 +#define WOLFSSL_SHA512 +#endif +// +// RIPEMD +#define MDK_CONF_RIPEMD 0 +#if MDK_CONF_RIPEMD == 1 +#define WOLFSSL_RIPEMD +#endif +// +// HMAC +#define MDK_CONF_HMAC 1 +#if MDK_CONF_HMAC == 0 +#define NO_HMAC +#endif +// +// HC128 +#define MDK_CONF_HC128 0 +#if MDK_CONF_HC128 == 1 +#define HAVE_HC128 +#endif +// +// RABBIT +#define MDK_CONF_RABBIT 1 +#if MDK_CONF_RABBI == 0 +#define NO_RABBIT +#endif +// + +// AEAD +#define MDK_CONF_AEAD 0 +#if MDK_CONF_AEAD == 1 +#define HAVE_AEAD +#endif +// +// DES3 +#define MDK_CONF_DES3 1 +#if MDK_CONF_DES3 == 0 +#define NO_DES3 +#endif +// +// CAMELLIA +#define MDK_CONF_CAMELLIA 0 +#if MDK_CONF_CAMELLIA == 1 +#define HAVE_CAMELLIA +#endif +// + +// DH +// need this for WOLFSSL_SERVER, OPENSSL_EXTRA +#define MDK_CONF_DH 1 +#if MDK_CONF_DH == 0 +#define NO_DH +#endif +// +// DSA +#define MDK_CONF_DSA 1 +#if MDK_CONF_DSA == 0 +#define NO_DSA +#endif +// +// PWDBASED +#define MDK_CONF_PWDBASED 1 +#if MDK_CONF_PWDBASED == 0 +#define NO_PWDBASED +#endif +// + +// ECC +#define MDK_CONF_ECC 0 +#if MDK_CONF_ECC == 1 +#define HAVE_ECC +#endif +// +// PSK +#define MDK_CONF_PSK 1 +#if MDK_CONF_PSK == 0 +#define NO_PSK +#endif +// +// AESCCM (Turn off Hardware Crypt) +#define MDK_CONF_AESCCM 0 +#if MDK_CONF_AESCCM == 1 +#define HAVE_AESCCM +#endif +// +// AESGCM (Turn off Hardware Crypt) +#define MDK_CONF_AESGCM 0 +#if MDK_CONF_AESGCM == 1 +#define HAVE_AESGCM +#define BUILD_AESGCM +#endif +// +// NTRU (need License, "crypto_ntru.h") +#define MDK_CONF_NTRU 0 +#if MDK_CONF_NTRU == 1 +#define HAVE_NTRU +#endif +// +// + +// Others + +// Inline +#define MDK_CONF_INLINE 0 +#if MDK_CONF_INLINE == 0 +#define NO_INLINE +#endif +// +// Debug +// Debug Message +#define MDK_CONF_DebugMessage 0 +#if MDK_CONF_DebugMessage == 1 +#define DEBUG_WOLFSSL +#endif +// +// Check malloc +#define MDK_CONF_CheckMalloc 1 +#if MDK_CONF_CheckMalloc == 1 +#define WOLFSSL_MALLOC_CHECK +#endif +// + + +// +// ErrNo.h +#define MDK_CONF_ErrNo 0 +#if MDK_CONF_ErrNo == 1 +#define HAVE_ERRNO +#endif +// +// zlib (need "zlib.h") +#define MDK_CONF_LIBZ 0 +#if MDK_CONF_LIBZ == 1 +#define HAVE_LIBZ +#endif +// +// CAVIUM (need CAVIUM headers) +#define MDK_CONF_CAVIUM 0 +#if MDK_CONF_CAVIUM == 1 +#define HAVE_CAVIUM +#endif +// + +// Error Strings +#define MDK_CONF_ErrorStrings 1 +#if MDK_CONF_ErrorStrings == 0 +#define NO_ERROR_STRINGS +#endif +// + +// Small Stack +#define MDK_CONF_SmallStack 1 +#if MDK_CONF_SmallStack == 0 +#define NO_WOLFSSL_SMALL_STACK +#endif +// +// Use Fast Math +#define MDK_CONF_FASTMATH 0 +#if MDK_CONF_FASTMATH == 1 +#define USE_FAST_MATH +#endif +// + + +// + +// +// <<< end of configuration section >>> diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h new file mode 100644 index 000000000..37c92f446 --- /dev/null +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h @@ -0,0 +1,329 @@ +/* config-FS.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +/**** wolfSSL for KEIL-RL Configuration ****/ + +#define __CORTEX_M3__ +#define WOLFSSL_KEIL_RL +#define NO_WRITEV +#define NO_WOLFSSL_DIR +#define NO_MAIN_DRIVER +#define WOLFSSL_USER_IO + +#define WOLFSSL_DER_LOAD +#define HAVE_NULL_CIPHER + +#define SINGLE_THREADED + +#define NO_ECHOSERVER +#define NO_ECHOCLIENT +#define NO_SIMPLE_SERVER +#define NO_SIMPLE_CLIENT + +// <<< Use Configuration Wizard in Context Menu >>> + +// Build Target: KEIL-FS +// Single Threaded, With File System, No TCP-net +// +// Command Shell +#define MDK_CONF_SHELL 1 +#if MDK_CONF_SHELL == 1 +#define WOLFSSL_MDK_SHELL +#endif +// +// wolfSSL Apps +// Crypt/Cipher +// Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) +#define MDK_CONF_CERT_BUFF 0 +#if MDK_CONF_CERT_BUFF== 1 +#define USE_CERT_BUFFERS_1024 +#elif MDK_CONF_CERT_BUFF == 2 +#define USE_CERT_BUFFERS_2048 +#endif + +// Crypt/Cipher Test Suite +#define MDK_CONF_CTaoCryptTest 1 +#if MDK_CONF_CTaoCryptTest == 0 +#define NO_CRYPT_TEST +#endif +// +// Crypt/Cipher Benchmark +#define MDK_CONF_CTaoCryptBenchmark 1 +#if MDK_CONF_CTaoCryptBenchmark == 0 +#define NO_CRYPT_BENCHMARK +#endif +// +// + +// STM32 Hardware Crypt +// STM32F2 Hardware RNG +#define MDK_CONF_STM32F2_RNG 0 +#if MDK_CONF_STM32F2_RNG == 1 +#define STM32F2_RNG +#else +#define NO_DEV_RANDOM +#endif +// +// STM32F2 Hardware Crypt +#define MDK_CONF_STM32F2_CRYPTO 0 +#if MDK_CONF_STM32F2_CRYPTO == 1 +#define STM32F2_CRYPTO +#endif +// + +// + +// wolfSSL Library +// SSL (Included by default) +// + +// TLS +#define MDK_CONF_TLS 1 +#if MDK_CONF_TLS == 0 +#define NO_TLS +#endif +// + +// CertGen +#define MDK_CONF_CERT_GEN 0 +#if MDK_CONF_CERT_GEN == 1 +#define WOLFSSL_CERT_GEN +#endif +// +// KeyGen +#define MDK_CONF_KEY_GEN 0 +#if MDK_CONF_KEY_GEN == 1 +#define WOLFSSL_KEY_GEN +#endif +// +// CRL +#define MDK_CONF_DER_LOAD 0 +#if MDK_CONF_DER_LOAD == 1 +#define WOLFSSL_DER_LOAD +#endif +// +// OpenSSL Extra +#define MDK_CONF_OPENSSL_EXTRA 0 +#if MDK_CONF_OPENSSL_EXTRA == 1 +#define OPENSSL_EXTRA +#endif +// +// CRL Monitor, OCSP (not supported with KEIL) +// + +// + +// wolfCrypt Library + +// MD5, SHA, SHA-256, AES, RC4, ASN, RSA +// + +// MD2 +#define MDK_CONF_MD2 0 +#if MDK_CONF_MD2 == 1 +#define WOLFSSL_MD2 +#endif +// +// MD4 +#define MDK_CONF_MD4 1 +#if MDK_CONF_MD4 == 0 +#define NO_MD4 +#endif +// +// SHA-384 +// This has to be with SHA512 +#define MDK_CONF_SHA384 0 +#if MDK_CONF_SHA384 == 1 +#define WOLFSSL_SHA384 +#endif +// +// SHA-512 +#define MDK_CONF_SHA512 0 +#if MDK_CONF_SHA512 == 1 +#define WOLFSSL_SHA512 +#endif +// +// RIPEMD +#define MDK_CONF_RIPEMD 0 +#if MDK_CONF_RIPEMD == 1 +#define WOLFSSL_RIPEMD +#endif +// +// HMAC +#define MDK_CONF_HMAC 1 +#if MDK_CONF_HMAC == 0 +#define NO_HMAC +#endif +// +// HC128 +#define MDK_CONF_HC128 0 +#if MDK_CONF_HC128 == 1 +#define HAVE_HC128 +#endif +// +// RABBIT +#define MDK_CONF_RABBIT 1 +#if MDK_CONF_RABBI == 0 +#define NO_RABBIT +#endif +// + +// AEAD +#define MDK_CONF_AEAD 0 +#if MDK_CONF_AEAD == 1 +#define HAVE_AEAD +#endif +// +// DES3 +#define MDK_CONF_DES3 1 +#if MDK_CONF_DES3 == 0 +#define NO_DES3 +#endif +// +// CAMELLIA +#define MDK_CONF_CAMELLIA 0 +#if MDK_CONF_CAMELLIA == 1 +#define HAVE_CAMELLIA +#endif +// + +// DH +// need this for WOLFSSL_SERVER, OPENSSL_EXTRA +#define MDK_CONF_DH 1 +#if MDK_CONF_DH == 0 +#define NO_DH +#endif +// +// DSA +#define MDK_CONF_DSA 1 +#if MDK_CONF_DSA == 0 +#define NO_DSA +#endif +// +// PWDBASED +#define MDK_CONF_PWDBASED 1 +#if MDK_CONF_PWDBASED == 0 +#define NO_PWDBASED +#endif +// + +// ECC +#define MDK_CONF_ECC 0 +#if MDK_CONF_ECC == 1 +#define HAVE_ECC +#endif +// +// PSK +#define MDK_CONF_PSK 1 +#if MDK_CONF_PSK == 0 +#define NO_PSK +#endif +// +// AESCCM (Turn off Hardware Crypt) +#define MDK_CONF_AESCCM 0 +#if MDK_CONF_AESCCM == 1 +#define HAVE_AESCCM +#endif +// +// AESGCM (Turn off Hardware Crypt) +#define MDK_CONF_AESGCM 0 +#if MDK_CONF_AESGCM == 1 +#define HAVE_AESGCM +#define BUILD_AESGCM +#endif +// +// NTRU (need License, "crypto_ntru.h") +#define MDK_CONF_NTRU 0 +#if MDK_CONF_NTRU == 1 +#define HAVE_NTRU +#endif +// +// + +// Others + +// Inline +#define MDK_CONF_INLINE 0 +#if MDK_CONF_INLINE == 0 +#define NO_INLINE +#endif +// +// Debug +// Debug Message +#define MDK_CONF_DebugMessage 0 +#if MDK_CONF_DebugMessage == 1 +#define DEBUG_WOLFSSL +#endif +// +// Check malloc +#define MDK_CONF_CheckMalloc 1 +#if MDK_CONF_CheckMalloc == 1 +#define WOLFSSL_MALLOC_CHECK +#endif +// + + +// +// ErrNo.h +#define MDK_CONF_ErrNo 0 +#if MDK_CONF_ErrNo == 1 +#define HAVE_ERRNO +#endif +// +// zlib (need "zlib.h") +#define MDK_CONF_LIBZ 0 +#if MDK_CONF_LIBZ == 1 +#define HAVE_LIBZ +#endif +// +// CAVIUM (need CAVIUM headers) +#define MDK_CONF_CAVIUM 0 +#if MDK_CONF_CAVIUM == 1 +#define HAVE_CAVIUM +#endif +// + +// Error Strings +#define MDK_CONF_ErrorStrings 1 +#if MDK_CONF_ErrorStrings == 0 +#define NO_ERROR_STRINGS +#endif +// + +// Small Stack +#define MDK_CONF_SmallStack 1 +#if MDK_CONF_SmallStack == 0 +#define NO_WOLFSSL_SMALL_STACK +#endif +// +// Use Fast Math +#define MDK_CONF_FASTMATH 0 +#if MDK_CONF_FASTMATH == 1 +#define USE_FAST_MATH +#endif +// + + +// + +// +// <<< end of configuration section >>> diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h new file mode 100644 index 000000000..454b86bce --- /dev/null +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h @@ -0,0 +1,353 @@ +/* config-RTX-TCP-FS.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + + +/**** wolfSSL for MDK-RTX-TCP-FS Configuration ****/ + +#define __CORTEX_M3__ +#define WOLFSSL_MDK_ARM +#define NO_WRITEV +#define NO_WOLFSSL_DIR +#define NO_MAIN_DRIVER + +#define WOLFSSL_DER_LOAD +#define HAVE_NULL_CIPHER + +#define HAVE_KEIL_RTX +#define WOLFSSL_KEIL_TCP_NET + + +// <<< Use Configuration Wizard in Context Menu >>> +// Build Target: KEIL-RTX-TCP-FS +// RTOS, File System and TCP-net +// +// Command Shell +#define MDK_CONF_SHELL 1 +#if MDK_CONF_SHELL == 1 +#define WOLFSSL_MDK_SHELL +#endif +// +// wolfSSL Apps +// Crypt/Cipher +// Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) +#define MDK_CONF_CERT_BUFF 0 +#if MDK_CONF_CERT_BUFF== 1 +#define USE_CERT_BUFFERS_1024 +#elif MDK_CONF_CERT_BUFF == 2 +#define USE_CERT_BUFFERS_2048 +#endif + +// Crypt/Cipher Test Suite +#define MDK_CONF_CTaoCryptTest 1 +#if MDK_CONF_CTaoCryptTest == 0 +#define NO_CRYPT_TEST +#endif +// +// Crypt/Cipher Benchmark +#define MDK_CONF_CTaoCryptBenchmark 1 +#if MDK_CONF_CTaoCryptBenchmark == 0 +#define NO_CRYPT_BENCHMARK +#define BENCH_EMBEDDED +#endif +// +// +// SSL/TLS Server/Client +// echoServer +#define MDK_CONF_echoServer 1 +#if MDK_CONF_echoServer == 0 +#define NO_ECHOSERVER +#endif +// +// echoClient +#define MDK_CONF_echoClient 1 +#if MDK_CONF_echoClient == 0 +#define NO_ECHOCLIENT +#endif +// +// SimpleServer +#define MDK_CONF_simpleServer 1 +#if MDK_CONF_simpleServer == 0 +#define NO_SIMPLE_SERVER +#endif +// +// SimpleCliet +#define MDK_CONF_simpleClient 1 +#if MDK_CONF_simpleClient == 0 +#define NO_SIMPLE_CLIENT +#endif +// +// +// +// STM32 Hardware Crypt +// STM32F2 Hardware RNG +#define MDK_CONF_STM32F2_RNG 0 +#if MDK_CONF_STM32F2_RNG == 1 +#define STM32F2_RNG +#else +#define NO_DEV_RANDOM +#endif +// +// STM32F2 Hardware Crypt +#define MDK_CONF_STM32F2_CRYPTO 0 +#if MDK_CONF_STM32F2_CRYPTO == 1 +#define STM32F2_CRYPTO +#endif +// + +// + +// wolfSSL Library +// SSL (Included by default) +// + +// TLS +#define MDK_CONF_TLS 1 +#if MDK_CONF_TLS == 0 +#define NO_TLS +#endif +// + +// CertGen +#define MDK_CONF_CERT_GEN 0 +#if MDK_CONF_CERT_GEN == 1 +#define WOLFSSL_CERT_GEN +#endif +// +// KeyGen +#define MDK_CONF_KEY_GEN 0 +#if MDK_CONF_KEY_GEN == 1 +#define WOLFSSL_KEY_GEN +#endif +// +// CRL +#define MDK_CONF_DER_LOAD 0 +#if MDK_CONF_DER_LOAD == 1 +#define WOLFSSL_DER_LOAD +#endif +// +// OpenSSL Extra +#define MDK_CONF_OPENSSL_EXTRA 0 +#if MDK_CONF_OPENSSL_EXTRA == 1 +#define OPENSSL_EXTRA +#endif +// +// CRL Monitor, OCSP (not supported with KEIL) +// + +// + +// wolfCrypt Library + +// MD5, SHA, SHA-256, AES, RC4, ASN, RSA +// +// MD2 +#define MDK_CONF_MD2 0 +#if MDK_CONF_MD2 == 1 +#define WOLFSSL_MD2 +#endif +// +// MD4 +#define MDK_CONF_MD4 0 +#if MDK_CONF_MD4 == 0 +#define NO_MD4 +#endif +// +// SHA-384 +// This has to be with SHA512 +#define MDK_CONF_SHA384 0 +#if MDK_CONF_SHA384 == 1 +#define WOLFSSL_SHA384 +#endif +// +// SHA-512 +#define MDK_CONF_SHA512 0 +#if MDK_CONF_SHA512 == 1 +#define WOLFSSL_SHA512 +#endif +// +// RIPEMD +#define MDK_CONF_RIPEMD 0 +#if MDK_CONF_RIPEMD == 1 +#define WOLFSSL_RIPEMD +#endif +// +// HMAC +#define MDK_CONF_HMAC 1 +#if MDK_CONF_HMAC == 0 +#define NO_HMAC +#endif +// +// HC128 +#define MDK_CONF_HC128 0 +#if MDK_CONF_HC128 == 1 +#define HAVE_HC128 +#endif +// +// RABBIT +#define MDK_CONF_RABBIT 1 +#if MDK_CONF_RABBI == 0 +#define NO_RABBIT +#endif +// + +// AEAD +#define MDK_CONF_AEAD 0 +#if MDK_CONF_AEAD == 1 +#define HAVE_AEAD +#endif +// +// DES3 +#define MDK_CONF_DES3 0 +#if MDK_CONF_DES3 == 0 +#define NO_DES3 +#endif +// +// CAMELLIA +#define MDK_CONF_CAMELLIA 0 +#if MDK_CONF_CAMELLIA == 1 +#define HAVE_CAMELLIA +#endif +// + +// DH +// need this for WOLFSSL_SERVER, OPENSSL_EXTRA +#define MDK_CONF_DH 1 +#if MDK_CONF_DH == 0 +#define NO_DH +#endif +// +// DSA +#define MDK_CONF_DSA 1 +#if MDK_CONF_DSA == 0 +#define NO_DSA +#endif +// +// PWDBASED +#define MDK_CONF_PWDBASED 1 +#if MDK_CONF_PWDBASED == 0 +#define NO_PWDBASED +#endif +// + +// ECC +#define MDK_CONF_ECC 0 +#if MDK_CONF_ECC == 1 +#define HAVE_ECC +#endif +// +// PSK +#define MDK_CONF_PSK 1 +#if MDK_CONF_PSK == 0 +#define NO_PSK +#endif +// +// AESCCM (Turn off Hardware Crypt) +#define MDK_CONF_AESCCM 0 +#if MDK_CONF_AESCCM == 1 +#define HAVE_AESCCM +#endif +// +// AESGCM (Turn off Hardware Crypt) +#define MDK_CONF_AESGCM 0 +#if MDK_CONF_AESGCM == 1 +#define HAVE_AESGCM +#define BUILD_AESGCM +#endif +// +// NTRU (need License, "crypto_ntru.h") +#define MDK_CONF_NTRU 0 +#if MDK_CONF_NTRU == 1 +#define HAVE_NTRU +#endif +// +// + +// Others + +// Inline +#define MDK_CONF_INLINE 0 +#if MDK_CONF_INLINE == 0 +#define NO_INLINE +#endif +// +// Debug +// Debug Message +#define MDK_CONF_DEBUG_MSG 0 +#if MDK_CONF_DEBUG_MSG == 1 +#define DEBUG_WOLFSSL +#endif +// +// Check malloc +#define MDK_CONF_CHECK_MALLOC 1 +#if MDK_CONF_CHECK_MALLOC == 1 +#define WOLFSSL_MALLOC_CHECK +#endif +// + + +// +// ErrNo.h +#define MDK_CONF_ERR_NO 0 +#if MDK_CONF_ERR_NO == 1 +#define HAVE_ERRNO +#endif +// +// zlib (need "zlib.h") +#define MDK_CONF_LIBZ 0 +#if MDK_CONF_LIBZ == 1 +#define HAVE_LIBZ +#endif +// +// CAVIUM (need CAVIUM headers) +#define MDK_CONF_CAVIUM 0 +#if MDK_CONF_CAVIUM == 1 +#define HAVE_CAVIUM +#endif +// + +// Error Strings +#define MDK_CONF_ErrorStrings 0 +#if MDK_CONF_ErrorStrings == 0 +#define NO_ERROR_STRINGS +#endif +// + +// Small Stack +#define MDK_CONF_SMALL_STACK 1 +#if MDK_CONF_SMALL_STACK == 0 +#define NO_WOLFSSL_SMALL_STACK +#endif +// +// Use Fast Math +#define MDK_CONF_FASTMATH 1 +#if MDK_CONF_FASTMATH == 1 +#define USE_FAST_MATH +#define TFM_TIMING_RESISTANT +#endif +// + + +// + +// +// <<< end of configuration section >>> + diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h new file mode 100644 index 000000000..3f4ddf4f6 --- /dev/null +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h @@ -0,0 +1,13 @@ + +#define SINGLE_THREADED /* or define RTOS option */ + +#define WOLFSSL_USER_IO /* Use own TCP/IP lib */ + +#define NO_DEV_RANDOM +#define WOLFSSL_MDK_ARM + +#define NO_WOLFSSL_DIR +#define NO_WRITEV + +#define USE_FAST_MATH +#define TFM_TIMING_RESISTANT diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h new file mode 100644 index 000000000..3f5c11191 --- /dev/null +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h @@ -0,0 +1,55 @@ +/* config.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef MDK_CONFIG_H__ +#define MDK_CONFIG_H__ +/**** wolfSSL for KEIL-RL Configuration ****/ + +#define __CORTEX_M3__ +#define WOLFSSL_MDK_ARM + +#define NO_WRITEV +#define NO_WOLFSSL_DIR +#define NO_MAIN_DRIVER + +/* for Retarget.c */ +#define STDIO +#define BENCH_EMBEDDED + +#define WOLFSSL_DER_LOAD +#define HAVE_NULL_CIPHER +#define WOLFSSL_USER_TIME +#define NO_TIME_H +static int ValidateDate(const unsigned char* date, unsigned char format, int dateType){ return 1; } + +#if defined(MDK_CONF_RTX_TCP_FS) +#include "config-RTX-TCP-FS.h" +#elif defined(MDK_CONF_TCP_FS) +#include "config-TCP-FS.h" +#elif defined(MDK_CONF_FS) +#include "config-FS.h" +#elif defined(MDK_CONF_BARE_METAL) +#include "config-BARE-METAL.h" +#elif defined(MDK_WOLFLIB) +#include "config-WOLFLIB.h" +#endif + +#endif diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index ba36e1563..938a4a641 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -105,19 +105,14 @@ #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \ || !defined(NO_DH) /* include test cert and key buffers for use with NO_FILESYSTEM */ - #if defined(WOLFSSL_MDK_ARM) - #include "cert_data.h" /* use certs_test.c for initial data, - so other commands can share the data. */ - #else #include - #endif #endif #ifdef HAVE_BLAKE2 #include void bench_blake2(void); -#endif +#endif #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ From 3af082de395654aff041eedc0c07873a2f37561d Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 12 Aug 2015 17:58:49 +0900 Subject: [PATCH 077/102] Remove unused file --- IDE/MDK-ARM/Projects/conifg-WOLFLIB.h | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 IDE/MDK-ARM/Projects/conifg-WOLFLIB.h diff --git a/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h b/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h deleted file mode 100644 index e69de29bb..000000000 From 2b35a8242e23dc1066719f22f7a392742b792786 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 12 Aug 2015 19:49:30 +0900 Subject: [PATCH 078/102] MKD file reference path --- IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt | 16 ++++----- IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj | 36 +++++++++---------- .../Projects/MDK-ARM-wolfSSL-Lib.uvopt | 4 +-- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt index cb7029ea6..173f3e1b0 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt +++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt @@ -242,7 +242,7 @@ 1 0 - 0 + 1 255 @@ -401,7 +401,7 @@ 1 0 - 1 + 0 255 @@ -780,7 +780,7 @@ 0 0 0 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c Net_Config.c 0 0 @@ -806,8 +806,8 @@ 0 0 0 - ..\MDK-ARM\config\RTX_Conf_CM.c - RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c + RTX_Config.c 0 0 @@ -819,7 +819,7 @@ 0 0 0 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c Net_Debug.c 0 0 @@ -871,7 +871,7 @@ 0 0 0 - ..\STM32F2xx\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s startup_stm32f2xx.s 0 0 @@ -884,7 +884,7 @@ 0 0 0 - C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c File_Config.c 0 0 diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj index 345a4d485..b194c1113 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj +++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj @@ -513,7 +513,7 @@ Net_Config.c 1 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c config.h @@ -521,14 +521,14 @@ ..\MDK-ARM\wolfSSL\config.h - RTX_Conf_CM.c + RTX_Config.c 1 - ..\MDK-ARM\config\RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c Net_Debug.c 1 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c 2 @@ -591,12 +591,12 @@ startup_stm32f2xx.s 2 - ..\STM32F2xx\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s File_Config.c 1 - C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c config-WOLFLIB.h @@ -1426,7 +1426,7 @@ Net_Config.c 1 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c 2 @@ -1477,9 +1477,9 @@ ..\MDK-ARM\wolfSSL\config.h - RTX_Conf_CM.c + RTX_Config.c 1 - ..\MDK-ARM\config\RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c 2 @@ -1527,7 +1527,7 @@ Net_Debug.c 1 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c 2 @@ -1590,12 +1590,12 @@ startup_stm32f2xx.s 2 - ..\STM32F2xx\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s File_Config.c 1 - C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c config-WOLFLIB.h @@ -2578,7 +2578,7 @@ Net_Config.c 1 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c 2 @@ -2629,9 +2629,9 @@ ..\MDK-ARM\wolfSSL\config.h - RTX_Conf_CM.c + RTX_Config.c 1 - ..\MDK-ARM\config\RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c 2 @@ -2679,7 +2679,7 @@ Net_Debug.c 1 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c 2 @@ -2742,12 +2742,12 @@ startup_stm32f2xx.s 2 - ..\STM32F2xx\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s File_Config.c 1 - C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c 2 diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt index 973311568..69f64de42 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt +++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt @@ -75,7 +75,7 @@ 1 0 - 1 + 0 255 @@ -234,7 +234,7 @@ 1 0 - 0 + 1 255 From 910fd79a1d7aad3efeebe7ce46888961ecefe0e6 Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Wed, 12 Aug 2015 13:58:23 -0600 Subject: [PATCH 079/102] Changes to remove scan-build warnings when compiling with full build --- src/sniffer.c | 1 - wolfcrypt/test/test.c | 98 +++++++++++++++++++++++++++++++++++++++---- wolfssl/test.h | 2 + 3 files changed, 93 insertions(+), 8 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index a12dafe57..b71861767 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1323,7 +1323,6 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, wc_FreeRsaKey(&key); return -1; } - ret = 0; /* not in error state */ session->sslServer->arrays->preMasterSz = SECRET_LEN; /* store for client side as well */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 71c62f99b..c8d9b97ef 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3491,19 +3491,25 @@ int rsa_test(void) FILE* pemFile; ret = wc_InitRsaKey(&genKey, 0); - if (ret != 0) + if (ret != 0) { + free(tmp); return -300; + } ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng); - if (ret != 0) + if (ret != 0) { + free(tmp); return -301; + } der = (byte*)malloc(FOURK_BUF); if (der == NULL) { + free(tmp); wc_FreeRsaKey(&genKey); return -307; } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { + free(tmp); free(der); wc_FreeRsaKey(&genKey); return -308; @@ -3513,6 +3519,7 @@ int rsa_test(void) if (derSz < 0) { free(der); free(pem); + free(tmp); return -302; } @@ -3524,6 +3531,7 @@ int rsa_test(void) if (!keyFile) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -303; } @@ -3532,6 +3540,7 @@ int rsa_test(void) if (ret != derSz) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -313; } @@ -3540,6 +3549,7 @@ int rsa_test(void) if (pemSz < 0) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -304; } @@ -3552,6 +3562,7 @@ int rsa_test(void) if (!pemFile) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -305; } @@ -3560,6 +3571,7 @@ int rsa_test(void) if (ret != pemSz) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -314; } @@ -3568,6 +3580,7 @@ int rsa_test(void) if (ret != 0) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -3060; } @@ -3576,6 +3589,7 @@ int rsa_test(void) if (ret != 0) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&derIn); wc_FreeRsaKey(&genKey); return -306; @@ -3603,10 +3617,13 @@ int rsa_test(void) #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -309; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { + free(tmp); free(derCert); return -310; } @@ -3627,6 +3644,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); return -401; } @@ -3636,6 +3654,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -402; } FreeDecodedCert(&decode); @@ -3649,6 +3668,7 @@ int rsa_test(void) if (!derFile) { free(derCert); free(pem); + free(tmp); return -403; } ret = (int)fwrite(derCert, 1, certSz, derFile); @@ -3656,6 +3676,7 @@ int rsa_test(void) if (ret != certSz) { free(derCert); free(pem); + free(tmp); return -414; } @@ -3663,6 +3684,7 @@ int rsa_test(void) if (pemSz < 0) { free(derCert); free(pem); + free(tmp); return -404; } @@ -3674,6 +3696,7 @@ int rsa_test(void) if (!pemFile) { free(derCert); free(pem); + free(tmp); return -405; } ret = (int)fwrite(pem, 1, pemSz, pemFile); @@ -3681,6 +3704,7 @@ int rsa_test(void) if (ret != pemSz) { free(derCert); free(pem); + free(tmp); return -406; } free(pem); @@ -3704,11 +3728,14 @@ int rsa_test(void) #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -311; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(derCert); + free(tmp); return -312; } @@ -3717,6 +3744,7 @@ int rsa_test(void) if (!file3) { free(derCert); free(pem); + free(tmp); return -412; } @@ -3727,12 +3755,14 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -411; } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); if (ret != 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -413; } @@ -3755,6 +3785,7 @@ int rsa_test(void) if (ret < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -405; } @@ -3763,6 +3794,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -407; } @@ -3772,6 +3804,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -408; } @@ -3783,6 +3816,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -409; } @@ -3797,6 +3831,7 @@ int rsa_test(void) if (!derFile) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -410; } @@ -3805,6 +3840,7 @@ int rsa_test(void) if (ret != certSz) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -416; } @@ -3813,6 +3849,7 @@ int rsa_test(void) if (pemSz < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -411; } @@ -3825,6 +3862,7 @@ int rsa_test(void) if (!pemFile) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -412; } @@ -3832,6 +3870,7 @@ int rsa_test(void) if (ret != pemSz) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -415; } @@ -3859,11 +3898,14 @@ int rsa_test(void) #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -5311; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(derCert); + free(tmp); return -5312; } @@ -3872,6 +3914,7 @@ int rsa_test(void) if (!file3) { free(derCert); free(pem); + free(tmp); return -5412; } @@ -3883,6 +3926,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -5413; } @@ -3902,6 +3946,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5405; } @@ -3910,6 +3955,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5407; } @@ -3919,6 +3965,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5408; } @@ -3926,6 +3973,7 @@ int rsa_test(void) InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { + free(tmp); free(pem); free(derCert); wc_ecc_free(&caKey); @@ -3943,6 +3991,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5410; } ret = (int)fwrite(derCert, 1, certSz, derFile); @@ -3951,6 +4000,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5414; } @@ -3959,6 +4009,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5411; } @@ -3971,6 +4022,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5412; } ret = (int)fwrite(pem, 1, pemSz, pemFile); @@ -3978,6 +4030,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5415; } fclose(pemFile); @@ -4003,11 +4056,14 @@ int rsa_test(void) DecodedCert decode; #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -311; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(derCert); + free(tmp); return -312; } @@ -4024,6 +4080,7 @@ int rsa_test(void) if (rc != DRBG_OK) { free(derCert); free(pem); + free(tmp); return -448; } @@ -4033,6 +4090,7 @@ int rsa_test(void) if (rc != NTRU_OK) { free(derCert); free(pem); + free(tmp); return -449; } @@ -4042,6 +4100,7 @@ int rsa_test(void) if (rc != NTRU_OK) { free(derCert); free(pem); + free(tmp); return -450; } @@ -4050,6 +4109,7 @@ int rsa_test(void) if (rc != NTRU_OK) { free(derCert); free(pem); + free(tmp); return -451; } @@ -4058,6 +4118,7 @@ int rsa_test(void) if (!caFile) { free(derCert); free(pem); + free(tmp); return -452; } @@ -4068,12 +4129,14 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -453; } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { free(derCert); free(pem); + free(tmp); return -454; } @@ -4092,6 +4155,7 @@ int rsa_test(void) free(derCert); free(pem); wc_FreeRsaKey(&caKey); + free(tmp); return -455; } @@ -4101,6 +4165,7 @@ int rsa_test(void) free(derCert); free(pem); wc_FreeRsaKey(&caKey); + free(tmp); return -456; } @@ -4110,6 +4175,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); return -457; } @@ -4120,6 +4186,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -458; } FreeDecodedCert(&decode); @@ -4128,6 +4195,7 @@ int rsa_test(void) if (!derFile) { free(derCert); free(pem); + free(tmp); return -459; } ret = (int)fwrite(derCert, 1, certSz, derFile); @@ -4135,6 +4203,7 @@ int rsa_test(void) if (ret != certSz) { free(derCert); free(pem); + free(tmp); return -473; } @@ -4142,6 +4211,7 @@ int rsa_test(void) if (pemSz < 0) { free(derCert); free(pem); + free(tmp); return -460; } @@ -4149,6 +4219,7 @@ int rsa_test(void) if (!pemFile) { free(derCert); free(pem); + free(tmp); return -461; } ret = (int)fwrite(pem, 1, pemSz, pemFile); @@ -4156,6 +4227,7 @@ int rsa_test(void) if (ret != pemSz) { free(derCert); free(pem); + free(tmp); return -474; } @@ -4163,6 +4235,7 @@ int rsa_test(void) if (!ntruPrivFile) { free(derCert); free(pem); + free(tmp); return -462; } ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile); @@ -4170,6 +4243,7 @@ int rsa_test(void) if (ret != private_key_len) { free(pem); free(derCert); + free(tmp); return -475; } free(pem); @@ -4186,11 +4260,14 @@ int rsa_test(void) FILE* reqFile; der = (byte*)malloc(FOURK_BUF); - if (der == NULL) + if (der == NULL) { + free(tmp); return -463; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(der); + free(tmp); return -464; } @@ -4212,6 +4289,7 @@ int rsa_test(void) if (derSz < 0) { free(pem); free(der); + free(tmp); return -465; } @@ -4220,6 +4298,7 @@ int rsa_test(void) if (derSz < 0) { free(pem); free(der); + free(tmp); return -466; } @@ -4227,6 +4306,7 @@ int rsa_test(void) if (pemSz < 0) { free(pem); free(der); + free(tmp); return -467; } @@ -4238,6 +4318,7 @@ int rsa_test(void) if (!reqFile) { free(pem); free(der); + free(tmp); return -468; } @@ -4246,6 +4327,7 @@ int rsa_test(void) if (ret != derSz) { free(pem); free(der); + free(tmp); return -471; } @@ -4257,6 +4339,7 @@ int rsa_test(void) if (!reqFile) { free(pem); free(der); + free(tmp); return -469; } ret = (int)fwrite(pem, 1, pemSz, reqFile); @@ -4264,6 +4347,7 @@ int rsa_test(void) if (ret != pemSz) { free(pem); free(der); + free(tmp); return -470; } diff --git a/wolfssl/test.h b/wolfssl/test.h index 028e81be3..add257133 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1520,6 +1520,8 @@ static INLINE int myDecryptVerifyCb(WOLFSSL* ssl, /* decrypt */ ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); + if (ret != 0) + return ret; if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) { *padSz = wolfSSL_GetAeadMacSize(ssl); From f6c5231e68f3ca1bb5a7a9a0fee013a2c7c04f69 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 12 Aug 2015 14:30:12 -0600 Subject: [PATCH 080/102] fix shadowed declaration on power pc (shadowed asn.h Oid_Types enum) --- wolfssl/wolfcrypt/pwdbased.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h index 0173beef8..068dc5149 100644 --- a/wolfssl/wolfcrypt/pwdbased.h +++ b/wolfssl/wolfcrypt/pwdbased.h @@ -51,9 +51,9 @@ WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen, int kLen, int typeH, int purpose); /* helper functions */ -WOLFSSL_LOCAL int GetDigestSize(int hashType); -WOLFSSL_LOCAL int GetPKCS12HashSizes(int hashType, word32* v, word32* u); -WOLFSSL_LOCAL int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, +WOLFSSL_LOCAL int GetDigestSize(int typeH); +WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u); +WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen, byte* Ai, word32 u, int iterations); From 46e7e9acf94d9153f0b52180413c36fb3c17ea2a Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 12 Aug 2015 16:39:13 -0700 Subject: [PATCH 081/102] disable SSLv3 by default --- configure.ac | 18 ++++++++++++++++ examples/client/client.c | 11 +++++----- examples/echoclient/echoclient.c | 4 +++- examples/echoserver/echoserver.c | 4 +++- examples/server/server.c | 4 +++- src/internal.c | 4 ++-- src/sniffer.c | 2 +- src/ssl.c | 20 +++++++++--------- tests/api.c | 6 ++++-- tests/suites.c | 35 ++++++++++++++++++++++++++++++-- 10 files changed, 83 insertions(+), 25 deletions(-) diff --git a/configure.ac b/configure.ac index 9f11a50b3..dfce641b1 100644 --- a/configure.ac +++ b/configure.ac @@ -887,6 +887,19 @@ else fi +# SSLv3 +AC_ARG_ENABLE([sslv3], + [ --enable-sslv3 Enable SSL version 3.0 (default: disabled)], + [ ENABLED_SSLV3=$enableval ], + [ ENABLED_SSLV3=no] + ) + +if test "$ENABLED_SSLV3" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3" +fi + + # STACK SIZE info for examples AC_ARG_ENABLE([stacksize], [ --enable-stacksize Enable stack size info on examples (default: disabled)], @@ -2128,6 +2141,10 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" ENABLED_OLD_TLS=no]) +AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ + test "x$ENABLED_SSLV3" = "xyes"], + [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])]) + # OPTIMIZE FLAGS if test "$GCC" = "yes" @@ -2359,6 +2376,7 @@ echo " * STUNNEL: $ENABLED_STUNNEL" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" echo " * Old TLS Versions: $ENABLED_OLD_TLS" +echo " * SSL version 3.0: $ENABLED_SSLV3" echo " * OCSP: $ENABLED_OCSP" echo " * CRL: $ENABLED_CRL" echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR" diff --git a/examples/client/client.c b/examples/client/client.c index 5838c67b9..cb9c40f33 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -525,16 +525,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef USE_WOLFSSL_MEMORY if (trackMemory) - InitMemoryTracker(); + InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 case 0: method = wolfSSLv3_client_method(); break; - - + #endif + #ifndef NO_TLS case 1: method = wolfTLSv1_client_method(); @@ -544,9 +545,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) method = wolfTLSv1_1_client_method(); break; #endif /* NO_TLS */ - + #endif /* NO_OLD_TLS */ - + #ifndef NO_TLS case 3: method = wolfTLSv1_2_client_method(); diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 594d146cf..bbf82ea9e 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -111,8 +111,10 @@ void echoclient_test(void* args) method = DTLSv1_2_client_method(); #elif !defined(NO_TLS) method = CyaSSLv23_client_method(); -#else +#elif defined(WOLFSSL_ALLOW_SSLV3) method = SSLv3_client_method(); +#else + #error "no valid client method type" #endif ctx = SSL_CTX_new(method); diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index db499ae08..cb512f4d8 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -132,8 +132,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) method = CyaDTLSv1_2_server_method(); #elif !defined(NO_TLS) method = CyaSSLv23_server_method(); -#else +#elif defined(WOLFSSL_ALLOW_SSLV3) method = CyaSSLv3_server_method(); +#else + #error "no valid server method built in" #endif ctx = CyaSSL_CTX_new(method); /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ diff --git a/examples/server/server.c b/examples/server/server.c index c0687a195..7f0c07d61 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -402,14 +402,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef USE_CYASSL_MEMORY if (trackMemory) - InitMemoryTracker(); + InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 case 0: method = SSLv3_server_method(); break; + #endif #ifndef NO_TLS case 1: diff --git a/src/internal.c b/src/internal.c index 3c7704a8a..bd04bdbec 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2371,7 +2371,7 @@ DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item) #endif /* WOLFSSL_DTLS */ -#ifndef NO_OLD_TLS +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) ProtocolVersion MakeSSLv3(void) { @@ -2382,7 +2382,7 @@ ProtocolVersion MakeSSLv3(void) return pv; } -#endif /* NO_OLD_TLS */ +#endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */ #ifdef WOLFSSL_DTLS diff --git a/src/sniffer.c b/src/sniffer.c index a12dafe57..9219d93ef 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1118,7 +1118,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, sniffer->server = serverIp; sniffer->port = port; - sniffer->ctx = SSL_CTX_new(SSLv3_client_method()); + sniffer->ctx = SSL_CTX_new(TLSv1_client_method()); if (!sniffer->ctx) { SetError(MEMORY_STR, error, NULL, 0); #ifdef HAVE_SNI diff --git a/src/ssl.c b/src/ssl.c index 3cb82827f..2b34f41dc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1765,7 +1765,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl) static int SetMinVersionHelper(byte* minVersion, int version) { switch (version) { -#ifndef NO_OLD_TLS +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) case WOLFSSL_SSLV3: *minVersion = SSLv3_MINOR; break; @@ -1836,7 +1836,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) } switch (version) { -#ifndef NO_OLD_TLS +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) case WOLFSSL_SSLV3: ssl->version = MakeSSLv3(); break; @@ -3026,16 +3026,16 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, static INLINE WOLFSSL_METHOD* cm_pick_method(void) { #ifndef NO_WOLFSSL_CLIENT - #ifdef NO_OLD_TLS - return wolfTLSv1_2_client_method(); - #else + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_client_method(); + #else + return wolfTLSv1_2_client_method(); #endif #elif !defined(NO_WOLFSSL_SERVER) - #ifdef NO_OLD_TLS - return wolfTLSv1_2_server_method(); - #else + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_server_method(); + #else + return wolfTLSv1_2_server_method(); #endif #else return NULL; @@ -5335,7 +5335,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) /* client only parts */ #ifndef NO_WOLFSSL_CLIENT - #ifndef NO_OLD_TLS + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv3_client_method(void) { WOLFSSL_METHOD* method = @@ -5623,7 +5623,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) /* server only parts */ #ifndef NO_WOLFSSL_SERVER - #ifndef NO_OLD_TLS + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv3_server_method(void) { WOLFSSL_METHOD* method = diff --git a/tests/api.c b/tests/api.c index 02d9cd9b6..a34ecebbc 100644 --- a/tests/api.c +++ b/tests/api.c @@ -101,8 +101,10 @@ static void test_wolfSSL_Method_Allocators(void) TEST_METHOD_ALLOCATOR(a, AssertNull) #ifndef NO_OLD_TLS - TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); - TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); + #ifdef WOLFSSL_ALLOW_SSLV3 + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); + #endif TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); diff --git a/tests/suites.c b/tests/suites.c index 4095581e9..bd8a8da3f 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -36,7 +36,7 @@ #define MAX_COMMAND_SZ 240 #define MAX_SUITE_SZ 80 #define NOT_BUILT_IN -123 -#ifdef NO_OLD_TLS +#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) #define VERSION_TOO_OLD -124 #endif @@ -52,6 +52,28 @@ static char flagSep[] = " "; static char svrPort[] = "0"; +#ifndef WOLFSSL_ALLOW_SSLV3 +/* if the protocol version is sslv3 return 1, else 0 */ +static int IsSslVersion(const char* line) +{ + const char* find = "-v "; + char* begin = strstr(line, find); + + if (begin) { + int version = -1; + + begin += 3; + + version = atoi(begin); + + if (version == 0) + return 1; + } + + return 0; +} +#endif /* !WOLFSSL_ALLOW_SSLV3 */ + #ifdef NO_OLD_TLS /* if the protocol version is less than tls 1.2 return 1, else 0 */ static int IsOldTlsVersion(const char* line) @@ -71,7 +93,7 @@ static int IsOldTlsVersion(const char* line) } return 0; -} +} #endif /* NO_OLD_TLS */ @@ -168,6 +190,15 @@ static int execute_test_case(int svr_argc, char** svr_argv, return NOT_BUILT_IN; } +#ifndef WOLFSSL_ALLOW_SSLV3 + if (IsSslVersion(commandLine) == 1) { + #ifdef DEBUG_SUITE_TESTS + printf("protocol version on line %s is too old\n", commandLine); + #endif + return VERSION_TOO_OLD; + } +#endif + #ifdef NO_OLD_TLS if (IsOldTlsVersion(commandLine) == 1) { #ifdef DEBUG_SUITE_TESTS From e9f63f0e17407b976dbc73f25731d65669b644fd Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 11 Aug 2015 15:38:52 -0600 Subject: [PATCH 082/102] Release-32 working --- IDE/WIN/wolfssl-fips.vcxproj | 2 ++ 1 file changed, 2 insertions(+) diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index 898eb020f..5f007c9bf 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -182,6 +182,8 @@ MultiThreadedDLL true Level3 + ProgramDatabase + false From 6e2dcdbb7399e0fce2a7c38dde6be3ab6addb146 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 13 Aug 2015 11:59:29 -0600 Subject: [PATCH 083/102] reset to vs 2010 toolset in .sln file --- IDE/WIN/wolfssl-fips.sln | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/IDE/WIN/wolfssl-fips.sln b/IDE/WIN/wolfssl-fips.sln index f1fecbbae..306616419 100644 --- a/IDE/WIN/wolfssl-fips.sln +++ b/IDE/WIN/wolfssl-fips.sln @@ -1,5 +1,5 @@  -Microsoft Visual Studio Solution File, Format Version 12.00 +Microsoft Visual Studio Solution File, Format Version 10.00 # Visual Studio Express 2012 for Windows Desktop Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" EndProject From fb35dc61db3d91fb9704542b71bb3119925d7edf Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 13 Aug 2015 11:05:07 -0700 Subject: [PATCH 084/102] disable static rsa cipher suites in non max strength build by default --- wolfssl/internal.h | 80 +++++++++++++++++++++--------------- wolfssl/wolfcrypt/settings.h | 11 +++++ 2 files changed, 58 insertions(+), 33 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 898356645..87162e935 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -211,11 +211,13 @@ typedef byte word24[3]; #ifndef WOLFSSL_MAX_STRENGTH #if !defined(NO_RSA) && !defined(NO_RC4) - #if !defined(NO_SHA) - #define BUILD_SSL_RSA_WITH_RC4_128_SHA - #endif - #if !defined(NO_MD5) - #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_SSL_RSA_WITH_RC4_128_SHA + #endif + #if !defined(NO_MD5) + #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #endif #endif #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA @@ -224,7 +226,9 @@ typedef byte word24[3]; #if !defined(NO_RSA) && !defined(NO_DES3) #if !defined(NO_SHA) - #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA + #if defined(WOLFSSL_STATIC_RSA) + #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA + #endif #if !defined(NO_TLS) && defined(HAVE_NTRU) #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA #endif @@ -233,43 +237,49 @@ typedef byte word24[3]; #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #if defined(WOLFSSL_STATIC_RSA) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #endif #if defined(HAVE_NTRU) #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA #endif #endif - #if !defined (NO_SHA256) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - #endif - #if defined (HAVE_AESGCM) - #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - #if defined (WOLFSSL_SHA384) - #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #if defined(WOLFSSL_STATIC_RSA) + #if !defined (NO_SHA256) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + #endif + #if defined (HAVE_AESGCM) + #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 + #if defined (WOLFSSL_SHA384) + #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #if defined (HAVE_AESCCM) + #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 + #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 + #endif + #if defined(HAVE_BLAKE2) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 #endif - #endif - #if defined (HAVE_AESCCM) - #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 - #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 - #endif - #if defined(HAVE_BLAKE2) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 #endif #endif #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) #ifndef NO_RSA - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - #endif + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + #endif #ifndef NO_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 #endif + #endif #if !defined(NO_DH) #if !defined(NO_SHA) #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA @@ -310,11 +320,13 @@ typedef byte word24[3]; #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) #if !defined(NO_RSA) - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_NULL_SHA - #endif - #ifndef NO_SHA256 - #define BUILD_TLS_RSA_WITH_NULL_SHA256 + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_NULL_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_NULL_SHA256 + #endif #endif #endif #if !defined(NO_PSK) @@ -330,6 +342,7 @@ typedef byte word24[3]; #endif #endif +#if defined(WOLFSSL_STATIC_RSA) #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) #ifndef NO_MD5 #define BUILD_TLS_RSA_WITH_HC_128_MD5 @@ -347,6 +360,7 @@ typedef byte word24[3]; #define BUILD_TLS_RSA_WITH_RABBIT_SHA #endif #endif +#endif #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ !defined(NO_RSA) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index fb6f9543a..8cdd73898 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -114,6 +114,9 @@ /* Uncomment next line to enable deprecated less secure static DH suites */ /* #define WOLFSSL_STATIC_DH */ +/* Uncomment next line to enable deprecated less secure static RSA suites */ +/* #define WOLFSSL_STATIC_RSA */ + #include #ifdef WOLFSSL_USER_SETTINGS @@ -813,6 +816,14 @@ #define HAVE_HASHDRBG #endif + +/* sniffer requires static RSA cipher suites */ +#ifdef WOLFSSL_SNIFFER + #ifndef WOLFSSL_STATIC_RSA + #define WOLFSSL_STATIC_RSA + #endif +#endif + /* Place any other flags or defines here */ From 8cc9c62911d60c2a1ca90b0b01d12d3ce707274d Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 13 Aug 2015 14:29:56 -0700 Subject: [PATCH 085/102] skip past the pad and mac when skipping a finished message in DTLS --- src/internal.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/internal.c b/src/internal.c index bd04bdbec..25cbf17f0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5193,6 +5193,8 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->keys.dtls_expected_peer_handshake_number) { /* Already saw this message and processed it. It can be ignored. */ *inOutIdx += fragSz; + if(type == finished ) + *inOutIdx += ssl->keys.padSz; ret = 0; } else if (fragSz < size) { From e6ab7de9239a8da565de827a2f2f679fb6d585af Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 14 Aug 2015 07:44:13 +0900 Subject: [PATCH 086/102] TI hardware hash driver memory leak in dummy rounds --- src/internal.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 25cbf17f0..a7cd5b8e8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5940,11 +5940,13 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz) { Md5 md5; int i; + byte dummy[MD5_DIGEST_SIZE] ; wc_InitMd5(&md5); for (i = 0; i < rounds; i++) wc_Md5Update(&md5, data, sz); + wc_Md5Final(&md5, dummy) ; /* in case needed to release resources */ } @@ -5954,11 +5956,13 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz) { Sha sha; int i; + byte dummy[SHA_DIGEST_SIZE] ; wc_InitSha(&sha); /* no error check on purpose, dummy round */ for (i = 0; i < rounds; i++) wc_ShaUpdate(&sha, data, sz); + wc_ShaFinal(&sha, dummy) ; /* in case needed to release resources */ } #endif @@ -5969,6 +5973,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) { Sha256 sha256; int i; + byte dummy[SHA256_DIGEST_SIZE] ; wc_InitSha256(&sha256); /* no error check on purpose, dummy round */ @@ -5976,7 +5981,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) wc_Sha256Update(&sha256, data, sz); /* no error check on purpose, dummy round */ } - + wc_Sha256Final(&sha256, dummy) ; /* in case needed to release resources */ } #endif @@ -5988,6 +5993,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) { Sha384 sha384; int i; + byte dummy[SHA384_DIGEST_SIZE] ; wc_InitSha384(&sha384); /* no error check on purpose, dummy round */ @@ -5995,6 +6001,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) wc_Sha384Update(&sha384, data, sz); /* no error check on purpose, dummy round */ } + wc_Sha384Final(&sha384, dummy) ; /* in case needed to release resources */ } #endif @@ -6006,6 +6013,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) { Sha512 sha512; int i; + byte dummy[SHA512_DIGEST_SIZE] ; wc_InitSha512(&sha512); /* no error check on purpose, dummy round */ @@ -6013,6 +6021,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) wc_Sha512Update(&sha512, data, sz); /* no error check on purpose, dummy round */ } + wc_Sha512Final(&sha512, dummy) ; /* in case needed to release resources */ } #endif From 0f9f4ea7e08fc2f06e66d5cd5ffdfe47c759b7c2 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 14 Aug 2015 09:58:44 -0600 Subject: [PATCH 087/102] add macro blocks to make it easier on embedded devices and fix declaration after executable code --- wolfcrypt/src/fe_low_mem.c | 3 ++- wolfcrypt/src/fe_operations.c | 2 ++ wolfcrypt/src/ge_low_mem.c | 6 ++++-- wolfcrypt/src/ge_operations.c | 2 ++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 80834f54c..2dc914c81 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -27,6 +27,7 @@ #include +#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */ #if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) #include @@ -593,4 +594,4 @@ void fe_sqrt(byte *r, const byte *a) } #endif /* HAVE_CURVE25519 or HAVE_ED25519 */ - +#endif /* CURVED25519_SMALL */ diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index d78467e21..9259403ec 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -27,6 +27,7 @@ #include +#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */ #if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) #include @@ -1405,4 +1406,5 @@ void fe_cmov(fe f,const fe g,unsigned int b) f[9] = f9 ^ x9; } #endif /* HAVE ED25519 or CURVE25519 */ +#endif /* not defined CURVED25519_SMALL */ diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c index 43c533c69..f8dba9266 100644 --- a/wolfcrypt/src/ge_low_mem.c +++ b/wolfcrypt/src/ge_low_mem.c @@ -27,7 +27,8 @@ #include -#ifdef HAVE_ED25519 +#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */ +#if defined(HAVE_ED25519) #include #include @@ -71,12 +72,12 @@ int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, { byte tmp[F25519_SIZE]; byte parity; + byte pt[32]; int i; fe_copy(tmp, xIn); parity = (tmp[0] & 1) << 7; - byte pt[32]; fe_copy(pt, yIn); pt[31] |= parity; @@ -555,4 +556,5 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h, } #endif /* HAVE_ED25519 */ +#endif /* CURVED25519_SMALL */ diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index 665cfe89b..259b5b144 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -28,6 +28,7 @@ #include +#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */ #ifdef HAVE_ED25519 #include @@ -2600,4 +2601,5 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h) s[31] ^= fe_isnegative(x) << 7; } #endif /* HAVE_ED25519 */ +#endif /* not defined CURVED25519_SMALL */ From d12308a05325750d01dd806fbb4bd34a4a606d09 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 14 Aug 2015 11:06:42 -0700 Subject: [PATCH 088/102] SendCertificate fragments the message based on max_fragment setting for TLS and DTLS. --- src/internal.c | 365 ++++++++++++++++++++++++++++++++------------- src/ssl.c | 12 +- wolfssl/internal.h | 1 + 3 files changed, 274 insertions(+), 104 deletions(-) diff --git a/src/internal.c b/src/internal.c index 25cbf17f0..0755a9496 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2277,7 +2277,7 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ, fragSz + DTLS_HANDSHAKE_HEADER_SZ); else { - /* If fragOffet is non-zero, this is an additional fragment that + /* If fragOffset is non-zero, this is an additional fragment that * needs to be copied to its location in the message buffer. Also * copy the total size of the message over the fragment size. The * hash routines look at a defragmented message if it had actually @@ -2535,6 +2535,45 @@ ProtocolVersion MakeDTLSv1_2(void) #endif /* USE_WINDOWS_API */ +static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) +{ +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx); +#endif +#ifndef NO_OLD_TLS +#ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz); +#endif +#ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz); +#endif +#endif + + if (IsAtLeastTLSv1_2(ssl)) { + int ret; + +#ifndef NO_SHA256 + ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SHA384 + ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SHA512 + ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz); + if (ret != 0) + return ret; +#endif + } + + return 0; +} + + /* add output to md5 and sha handshake hashes, exclude record header */ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) { @@ -2658,10 +2697,13 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl /* add handshake header for message */ -static void AddHandShakeHeader(byte* output, word32 length, byte type, - WOLFSSL* ssl) +static void AddHandShakeHeader(byte* output, word32 length, + word32 fragOffset, word32 fragLength, + byte type, WOLFSSL* ssl) { HandShakeHeader* hs; + (void)fragOffset; + (void)fragLength; (void)ssl; /* handshake header */ @@ -2675,8 +2717,8 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type, /* dtls handshake header extensions */ dtls = (DtlsHandShakeHeader*)output; c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq); - c32to24(0, dtls->fragment_offset); - c32to24(length, dtls->fragment_length); + c32to24(fragOffset, dtls->fragment_offset); + c32to24(fragLength, dtls->fragment_length); } #endif } @@ -2685,16 +2727,37 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type, /* add both headers for handshake message */ static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) { - if (!ssl->options.dtls) { - AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl); - AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl); - } + word32 lengthAdj = HANDSHAKE_HEADER_SZ; + word32 outputAdj = RECORD_HEADER_SZ; + #ifdef WOLFSSL_DTLS - else { - AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl); - AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl); + if (ssl->options.dtls) { + lengthAdj += DTLS_HANDSHAKE_EXTRA; + outputAdj += DTLS_RECORD_EXTRA; } #endif + + AddRecordHeader(output, length + lengthAdj, handshake, ssl); + AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl); +} + + +static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, + word32 length, byte type, WOLFSSL* ssl) +{ + word32 lengthAdj = HANDSHAKE_HEADER_SZ; + word32 outputAdj = RECORD_HEADER_SZ; + (void)fragSz; + +#ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + lengthAdj += DTLS_HANDSHAKE_EXTRA; + outputAdj += DTLS_RECORD_EXTRA; + } +#endif + + AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl); + AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl); } @@ -4018,15 +4081,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, c24to32(input + *inOutIdx, &listSz); *inOutIdx += OPAQUE24_LEN; -#ifdef HAVE_MAX_FRAGMENT - if (listSz > ssl->max_fragment) { - SendAlert(ssl, alert_fatal, record_overflow); - return BUFFER_E; - } -#else if (listSz > MAX_RECORD_SIZE) return BUFFER_E; -#endif if ((*inOutIdx - begin) + listSz != size) return BUFFER_ERROR; @@ -7281,7 +7337,7 @@ int SendFinished(WOLFSSL* ssl) output = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; - AddHandShakeHeader(input, finishedSz, finished, ssl); + AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); /* make finished hashes */ hashes = (Hashes*)&input[headerSz]; @@ -7362,117 +7418,226 @@ int SendFinished(WOLFSSL* ssl) return SendBuffered(ssl); } + #ifndef NO_CERTS int SendCertificate(WOLFSSL* ssl) { - int sendSz, length, ret = 0; - word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - word32 certSz, listSz; - byte* output = 0; + int length, ret = 0; + word32 certSz, certChainSz, headerSz, listSz, maxFragment, payloadSz; if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher) return 0; /* not needed */ if (ssl->options.sendVerify == SEND_BLANK_CERT) { certSz = 0; + certChainSz = 0; + headerSz = CERT_HEADER_SZ; length = CERT_HEADER_SZ; listSz = 0; } else { certSz = ssl->buffers.certificate.length; + headerSz = 2 * CERT_HEADER_SZ; /* list + cert size */ - length = certSz + 2 * CERT_HEADER_SZ; + length = certSz + headerSz; listSz = certSz + CERT_HEADER_SZ; /* may need to send rest of chain, already has leading size(s) */ - if (ssl->buffers.certChain.buffer) { - length += ssl->buffers.certChain.length; - listSz += ssl->buffers.certChain.length; + if (certSz) { + certChainSz = ssl->buffers.certChain.length; + length += certChainSz; + listSz += certChainSz; } } - sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + payloadSz = length; + + if (ssl->fragOffset != 0) + length -= (ssl->fragOffset + headerSz); + + if (!ssl->options.dtls) { + maxFragment = MAX_RECORD_SIZE; + } + else { #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - - if (ssl->keys.encryptionOn) - sendSz += MAX_MSG_EXTRA; - - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; - - /* get ouput buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - AddHeaders(output, length, certificate, ssl); - - /* list total */ - c32to24(listSz, output + i); - i += CERT_HEADER_SZ; - - /* member */ - if (certSz) { - c32to24(certSz, output + i); - i += CERT_HEADER_SZ; - XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz); - i += certSz; - - /* send rest of chain? */ - if (ssl->buffers.certChain.buffer) { - XMEMCPY(output + i, ssl->buffers.certChain.buffer, - ssl->buffers.certChain.length); - i += ssl->buffers.certChain.length; - } + maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ + - DTLS_HANDSHAKE_HEADER_SZ - 100; + #endif /* WOLFSSL_DTLS */ } - if (ssl->keys.encryptionOn) { - byte* input; - int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */ + #ifdef HAVE_MAX_FRAGMENT + if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment) + maxFragment = ssl->max_fragment; + #endif /* HAVE_MAX_FRAGMENT */ - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (input == NULL) - return MEMORY_E; + while (length > 0 && ret == 0) { + byte* output = NULL; + word32 fragSz; /* How much of the certificate data are we copying? */ + word32 i = RECORD_HEADER_SZ; + int sendSz = RECORD_HEADER_SZ; - XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); - sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); - XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (!ssl->options.dtls) { + if (ssl->fragOffset == 0) { + if (headerSz + certSz + certChainSz <= + maxFragment - HANDSHAKE_HEADER_SZ) { - if (sendSz < 0) - return sendSz; - } else { - ret = HashOutput(ssl, output, sendSz, 0); - if (ret != 0) + fragSz = headerSz + certSz + certChainSz; + } + else { + fragSz = maxFragment - HANDSHAKE_HEADER_SZ; + } + sendSz += fragSz + HANDSHAKE_HEADER_SZ; + i += HANDSHAKE_HEADER_SZ; + } + else { + fragSz = min(length, maxFragment); + sendSz += fragSz; + } + + if (ssl->keys.encryptionOn) + sendSz += MAX_MSG_EXTRA; + } + else { + #ifdef WOLFSSL_DTLS + fragSz = min(length, maxFragment); + sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA + + HANDSHAKE_HEADER_SZ; + i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA + + HANDSHAKE_HEADER_SZ; + #endif + } + + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) return ret; + + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + if (ssl->fragOffset == 0) { + if (!ssl->options.dtls) { + AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl); + HashOutputRaw(ssl, output + RECORD_HEADER_SZ, + HANDSHAKE_HEADER_SZ); + } + else { + #ifdef WOLFSSL_DTLS + AddHeaders(output, payloadSz, certificate, ssl); + HashOutputRaw(ssl, + output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA, + HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA); + /* Adding the headers increments these, decrement them for + * actual message header. */ + ssl->keys.dtls_sequence_number--; + ssl->keys.dtls_handshake_number--; + AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl); + ssl->keys.dtls_handshake_number--; + #endif /* WOLFSSL_DTLS */ + } + + /* list total */ + c32to24(listSz, output + i); + HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); + i += CERT_HEADER_SZ; + length -= CERT_HEADER_SZ; + fragSz -= CERT_HEADER_SZ; + if (certSz) { + c32to24(certSz, output + i); + HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); + i += CERT_HEADER_SZ; + length -= CERT_HEADER_SZ; + fragSz -= CERT_HEADER_SZ; + + HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz); + if (certChainSz) { + HashOutputRaw(ssl, + ssl->buffers.certChain.buffer, certChainSz); + } + } + } + else { + if (!ssl->options.dtls) { + AddRecordHeader(output, fragSz, handshake, ssl); + } + else { + #ifdef WOLFSSL_DTLS + AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz, + payloadSz, certificate, ssl); + ssl->keys.dtls_handshake_number--; + #endif /* WOLFSSL_DTLS */ + } + } + + /* member */ + if (certSz && ssl->fragOffset < certSz) { + word32 copySz = min(certSz - ssl->fragOffset, fragSz); + XMEMCPY(output + i, + ssl->buffers.certificate.buffer + ssl->fragOffset, copySz); + i += copySz; + ssl->fragOffset += copySz; + length -= copySz; + fragSz -= copySz; + } + if (certChainSz && fragSz) { + word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz); + XMEMCPY(output + i, + ssl->buffers.certChain.buffer + ssl->fragOffset - certSz, + copySz); + i += copySz; + ssl->fragOffset += copySz; + length -= copySz; + fragSz -= copySz; + } + + if (ssl->keys.encryptionOn) { + byte* input; + int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */ + + input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (input == NULL) + return MEMORY_E; + + XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); + sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); + XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (sendSz < 0) + return sendSz; + } + + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) + return ret; + } + #endif + + #ifdef WOLFSSL_CALLBACKS + if (ssl->hsInfoOn) + AddPacketName("Certificate", &ssl->handShakeInfo); + if (ssl->toInfoOn) + AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz, + ssl->heap); + #endif + + ssl->buffers.outputBuffer.length += sendSz; + if (!ssl->options.groupMessages) + ret = SendBuffered(ssl); } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) - return ret; - } - #endif + if (ret != WANT_WRITE) { + /* Clean up the fragment offset. */ + ssl->fragOffset = 0; + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) + ssl->keys.dtls_handshake_number++; + #endif + if (ssl->options.side == WOLFSSL_SERVER_END) + ssl->options.serverState = SERVER_CERT_COMPLETE; + } - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); - if (ssl->toInfoOn) - AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz, - ssl->heap); - #endif - - if (ssl->options.side == WOLFSSL_SERVER_END) - ssl->options.serverState = SERVER_CERT_COMPLETE; - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) - return 0; - else - return SendBuffered(ssl); + return ret; } diff --git a/src/ssl.c b/src/ssl.c index 2b34f41dc..b30e97537 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5408,8 +5408,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) if (ssl->buffers.outputBuffer.length > 0) { if ( (ssl->error = SendBuffered(ssl)) == 0) { - ssl->options.connectState++; - WOLFSSL_MSG("connect state: Advanced from buffered send"); + if (ssl->fragOffset == 0) { + ssl->options.connectState++; + WOLFSSL_MSG("connect state: Advanced from buffered send"); + } } else { WOLFSSL_ERROR(ssl->error); @@ -5724,8 +5726,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) if (ssl->buffers.outputBuffer.length > 0) { if ( (ssl->error = SendBuffered(ssl)) == 0) { - ssl->options.acceptState++; - WOLFSSL_MSG("accept state: Advanced from buffered send"); + if (ssl->fragOffset == 0) { + ssl->options.acceptState++; + WOLFSSL_MSG("accept state: Advanced from buffered send"); + } } else { WOLFSSL_ERROR(ssl->error); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 87162e935..dcada77e5 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2284,6 +2284,7 @@ struct WOLFSSL { int rflags; /* user read flags */ int wflags; /* user write flags */ word32 timeout; /* session timeout */ + word32 fragOffset; /* fragment offset */ word16 curSize; RecordLayerHeader curRL; MsgsReceived msgsReceived; /* peer messages received */ From 7fa4302a806d8afd6ff28cfa4e3158a790968888 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 14 Aug 2015 12:49:30 -0700 Subject: [PATCH 089/102] disable static PSK cipher suites by default --- examples/echoclient/echoclient.c | 2 ++ examples/echoserver/echoserver.c | 2 ++ wolfssl/internal.h | 10 +++++++--- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index bbf82ea9e..257648762 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -143,6 +143,8 @@ void echoclient_test(void* args) CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; + #elif defined(HAVE_AESGCM) && !defined(NO_DH) + defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index cb512f4d8..1a3581069 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -210,6 +210,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; + #elif defined(HAVE_AESGCM) && !defined(NO_DH) + defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 87162e935..79829f3a1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -293,6 +293,7 @@ typedef byte word24[3]; #endif #endif +#if defined(WOLFSSL_STATIC_PSK) #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) #if !defined(NO_SHA) #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA @@ -317,6 +318,7 @@ typedef byte word24[3]; #endif #endif #endif +#endif #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) #if !defined(NO_RSA) @@ -329,7 +331,7 @@ typedef byte word24[3]; #endif #endif #endif - #if !defined(NO_PSK) + #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) #if !defined(NO_SHA) #define BUILD_TLS_PSK_WITH_NULL_SHA #endif @@ -574,7 +576,8 @@ typedef byte word24[3]; #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ - defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) #undef BUILD_AES #define BUILD_AES #endif @@ -582,7 +585,8 @@ typedef byte word24[3]; #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ - defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) + defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) #define BUILD_AESGCM #endif From a4cbc3b9438b2431e594d8459210605aba37cac0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 14 Aug 2015 12:58:00 -0700 Subject: [PATCH 090/102] fix google external test w/o ecdhe --- examples/client/client.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/examples/client/client.c b/examples/client/client.c index cb9c40f33..1dedf320f 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -499,6 +499,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) done = 1; /* external cert chain most likely has SHA */ #endif + #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) + if (!XSTRNCMP(domain, "www.google.com", 14)) { + done = 1; /* google needs ECDHE or static RSA */ + } + #endif + if (done) { printf("external test can't be run in this mode"); From 34ac1a33f3216a67504d39d145aa9407e516c451 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 14 Aug 2015 15:21:23 -0600 Subject: [PATCH 091/102] Freescale: Add support for KSDK (FREESCALE_KSDK_MQX) --- src/internal.c | 4 ++-- src/io.c | 32 ++++++++++++++++++++--------- wolfcrypt/src/asn.c | 6 +++--- wolfcrypt/src/random.c | 2 +- wolfssl/internal.h | 2 +- wolfssl/ssl.h | 2 +- wolfssl/wolfcrypt/settings.h | 40 ++++++++++++++++++++++++++++++------ wolfssl/wolfcrypt/types.h | 3 ++- wolfssl/wolfcrypt/wc_port.h | 4 ++-- 9 files changed, 68 insertions(+), 27 deletions(-) diff --git a/src/internal.c b/src/internal.c index 0755a9496..ab6f3a3e9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -45,7 +45,7 @@ #endif #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) - #ifdef FREESCALE_MQX + #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD #include #else @@ -2479,7 +2479,7 @@ ProtocolVersion MakeDTLSv1_2(void) #endif -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) word32 LowResTimer(void) { diff --git a/src/io.c b/src/io.c index fac843b40..5bd24273f 100644 --- a/src/io.c +++ b/src/io.c @@ -57,6 +57,8 @@ #elif defined(FREESCALE_MQX) #include #include + #elif defined(FREESCALE_KSDK_MQX) + #include #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" @@ -129,15 +131,25 @@ #define SOCKET_EPIPE SYS_NET_EPIPE #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED -#elif defined(FREESCALE_MQX) - /* RTCS doesn't have an EWOULDBLOCK error */ - #define SOCKET_EWOULDBLOCK EAGAIN - #define SOCKET_EAGAIN EAGAIN - #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET - #define SOCKET_EINTR EINTR - #define SOCKET_EPIPE EPIPE - #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED - #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #if MQX_USE_IO_OLD + /* RTCS old I/O doesn't have an EWOULDBLOCK */ + #define SOCKET_EWOULDBLOCK EAGAIN + #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET + #define SOCKET_EINTR EINTR + #define SOCKET_EPIPE EPIPE + #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED + #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED + #else + #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK + #define SOCKET_EAGAIN NIO_EAGAIN + #define SOCKET_ECONNRESET NIO_ECONNRESET + #define SOCKET_EINTR NIO_EINTR + #define SOCKET_EPIPE NIO_EPIPE + #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED + #define SOCKET_ECONNABORTED NIO_ECONNABORTED + #endif #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK @@ -200,7 +212,7 @@ static INLINE int TranslateReturnCode(int old, int sd) { (void)sd; -#ifdef FREESCALE_MQX +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) if (old == 0) { errno = SOCKET_EWOULDBLOCK; return -1; /* convert to BSD style wouldblock as error */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7b21b0aab..242c341b5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -66,7 +66,7 @@ #endif #ifdef WOLFSSL_DEBUG_ENCODING - #ifdef FREESCALE_MQX + #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD #include #else @@ -109,7 +109,7 @@ #define XTIME(t1) pic32_time((t1)) #define XGMTIME(c, t) gmtime((c)) #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #define XTIME(t1) mqx_time((t1)) #define XGMTIME(c, t) mqx_gmtime((c), (t)) #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) @@ -338,7 +338,7 @@ time_t pic32_time(time_t* timer) #endif /* MICROCHIP_TCPIP */ -#ifdef FREESCALE_MQX +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) time_t mqx_time(time_t* timer) { diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 339114d96..dbf608f2e 100755 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1080,7 +1080,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #endif /* WOLFSSL_MIC32MZ_RNG */ -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #ifdef FREESCALE_K70_RNGA /* diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 028ce0bed..6fe87a9f1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -115,7 +115,7 @@ /* do nothing */ #elif defined(EBSNET) /* do nothing */ -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) /* do nothing */ #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 863dcb0c9..f1c492afa 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -31,7 +31,7 @@ #include #ifndef NO_FILESYSTEM - #ifdef FREESCALE_MQX + #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD #include #else diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 8cdd73898..717ea6391 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -72,9 +72,12 @@ /* Uncomment next line if building wolfSSL for LSR */ /* #define WOLFSSL_LSR */ -/* Uncomment next line if building wolfSSL for Freescale MQX/RTCS/MFS */ +/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */ /* #define FREESCALE_MQX */ +/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */ +/* #define FREESCALE_KSDK_MQX */ + /* Uncomment next line if using STM32F2 */ /* #define WOLFSSL_STM32F2 */ @@ -470,11 +473,7 @@ #include "mqx.h" #ifndef NO_FILESYSTEM #include "mfs.h" - #if MQX_USE_IO_OLD - #include "fio.h" - #else - #include "nio.h" - #endif + #include "fio.h" #endif #ifndef SINGLE_THREADED #include "mutex.h" @@ -485,6 +484,35 @@ /* Note: MQX has no realloc, using fastmath above */ #endif +#ifdef FREESCALE_KSDK_MQX + #define SIZEOF_LONG_LONG 8 + #define NO_WRITEV + #define NO_DEV_RANDOM + #define NO_RABBIT + #define NO_WOLFSSL_DIR + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define NO_OLD_RNGNAME + #define FREESCALE_K70_RNGA + /* #define FREESCALE_K53_RNGB */ + #include + #ifndef NO_FILESYSTEM + #if MQX_USE_IO_OLD + #include + #else + #include + #include + #endif + #endif + #ifndef SINGLE_THREADED + #include + #endif + + #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s)) + #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));} + #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */ +#endif + #ifdef WOLFSSL_STM32F2 #define SIZEOF_LONG_LONG 8 #define NO_DEV_RANDOM diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 0675af337..4a1dc31f8 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -179,7 +179,8 @@ #define XREALLOC(p, n, h, t) realloc((p), (n)) #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ - && !defined(WOLFSSL_LEANPSK) && !defined(FREERTOS) + && !defined(FREESCALE_KSDK_MQX) && !defined(WOLFSSL_LEANPSK) \ + && !defined(FREERTOS) /* default C runtime, can install different routines at runtime via cbs */ #include #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index c13f394f6..b525b5d54 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -53,7 +53,7 @@ /* do nothing */ #elif defined(EBSNET) /* do nothing */ -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) /* do nothing */ #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) @@ -98,7 +98,7 @@ typedef OS_MUTEX wolfSSL_Mutex; #elif defined(EBSNET) typedef RTP_MUTEX wolfSSL_Mutex; - #elif defined(FREESCALE_MQX) + #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) typedef MUTEX_STRUCT wolfSSL_Mutex; #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_CMSIS_RTOS) From 4fb0519b37665e5c02ef27baabdee74b2cc6f1c8 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 14 Aug 2015 15:06:12 -0700 Subject: [PATCH 092/102] clean up GCC and VS build warnings --- src/internal.c | 9 ++++++--- src/ssl.c | 6 ++---- wolfssl/wolfcrypt/wc_port.h | 11 ++++++++--- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/src/internal.c b/src/internal.c index ab6f3a3e9..26841116c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7422,8 +7422,9 @@ int SendFinished(WOLFSSL* ssl) #ifndef NO_CERTS int SendCertificate(WOLFSSL* ssl) { - int length, ret = 0; - word32 certSz, certChainSz, headerSz, listSz, maxFragment, payloadSz; + int ret = 0; + word32 certSz, certChainSz, headerSz, listSz, payloadSz; + word32 length, maxFragment; if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher) return 0; /* not needed */ @@ -7448,6 +7449,8 @@ int SendCertificate(WOLFSSL* ssl) length += certChainSz; listSz += certChainSz; } + else + certChainSz = 0; } payloadSz = length; @@ -7472,7 +7475,7 @@ int SendCertificate(WOLFSSL* ssl) while (length > 0 && ret == 0) { byte* output = NULL; - word32 fragSz; /* How much of the certificate data are we copying? */ + word32 fragSz = 0; word32 i = RECORD_HEADER_SZ; int sendSz = RECORD_HEADER_SZ; diff --git a/src/ssl.c b/src/ssl.c index b30e97537..2676c0c17 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -97,17 +97,15 @@ #endif /* WOLFSSSL_HAVE_MIN */ -#ifndef WOLFSSL_HAVE_MAX +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_HAVE_MAX) #define WOLFSSL_HAVE_MAX -#ifdef WOLFSSL_DTLS static INLINE word32 max(word32 a, word32 b) { return a > b ? a : b; } -#endif /* WOLFSSL_DTLS */ -#endif /* WOLFSSL_HAVE_MAX */ +#endif /* WOLFSSL_DTLS && !WOLFSSL_HAVE_MAX */ #ifndef WOLFSSL_LEANPSK diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index b525b5d54..da747f017 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -194,9 +194,14 @@ WOLFSSL_LOCAL int UnLockMutex(wolfSSL_Mutex*); /* Windows API defines its own min() macro. */ -#if defined(USE_WINDOWS_API) && defined(min) - #define WOLFSSL_HAVE_MIN -#endif +#if defined(USE_WINDOWS_API) + #ifdef min + #define WOLFSSL_HAVE_MIN + #endif /* min */ + #ifdef max + #define WOLFSSL_HAVE_MAX + #endif /* max */ +#endif /* USE_WINDOWS_API */ #ifdef __cplusplus From 6376736129ec972fbd9f300d9f35ac62a0971b65 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 15 Aug 2015 16:51:23 +0900 Subject: [PATCH 093/102] HashFree for TI hash memory leak --- src/internal.c | 15 +++++---------- wolfcrypt/src/hash.c | 16 +++++++++++++--- wolfcrypt/src/port/ti/ti-hash.c | 28 ++++++++++++++++++++++++++++ wolfssl/wolfcrypt/hash.h | 5 +++++ 4 files changed, 51 insertions(+), 13 deletions(-) mode change 100644 => 100755 wolfcrypt/src/hash.c mode change 100644 => 100755 wolfcrypt/src/port/ti/ti-hash.c mode change 100644 => 100755 wolfssl/wolfcrypt/hash.h diff --git a/src/internal.c b/src/internal.c index a7cd5b8e8..b2e5a360e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5940,13 +5940,12 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz) { Md5 md5; int i; - byte dummy[MD5_DIGEST_SIZE] ; wc_InitMd5(&md5); for (i = 0; i < rounds; i++) wc_Md5Update(&md5, data, sz); - wc_Md5Final(&md5, dummy) ; /* in case needed to release resources */ + wc_Md5Free(&md5) ; /* in case needed to release resources */ } @@ -5956,13 +5955,12 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz) { Sha sha; int i; - byte dummy[SHA_DIGEST_SIZE] ; wc_InitSha(&sha); /* no error check on purpose, dummy round */ for (i = 0; i < rounds; i++) wc_ShaUpdate(&sha, data, sz); - wc_ShaFinal(&sha, dummy) ; /* in case needed to release resources */ + wc_ShaFree(&sha) ; /* in case needed to release resources */ } #endif @@ -5973,7 +5971,6 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) { Sha256 sha256; int i; - byte dummy[SHA256_DIGEST_SIZE] ; wc_InitSha256(&sha256); /* no error check on purpose, dummy round */ @@ -5981,7 +5978,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) wc_Sha256Update(&sha256, data, sz); /* no error check on purpose, dummy round */ } - wc_Sha256Final(&sha256, dummy) ; /* in case needed to release resources */ + wc_Sha256Free(&sha256) ; /* in case needed to release resources */ } #endif @@ -5993,7 +5990,6 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) { Sha384 sha384; int i; - byte dummy[SHA384_DIGEST_SIZE] ; wc_InitSha384(&sha384); /* no error check on purpose, dummy round */ @@ -6001,7 +5997,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) wc_Sha384Update(&sha384, data, sz); /* no error check on purpose, dummy round */ } - wc_Sha384Final(&sha384, dummy) ; /* in case needed to release resources */ + wc_Sha384Free(&sha384) ; /* in case needed to release resources */ } #endif @@ -6013,7 +6009,6 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) { Sha512 sha512; int i; - byte dummy[SHA512_DIGEST_SIZE] ; wc_InitSha512(&sha512); /* no error check on purpose, dummy round */ @@ -6021,7 +6016,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) wc_Sha512Update(&sha512, data, sz); /* no error check on purpose, dummy round */ } - wc_Sha512Final(&sha512, dummy) ; /* in case needed to release resources */ + wc_Sha512Free(&sha512) ; /* in case needed to release resources */ } #endif diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c old mode 100644 new mode 100755 index d397e91fa..5adb06552 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -42,6 +42,9 @@ void wc_Md5GetHash(Md5* md5, byte* hash) WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) { *m1 = *m2 ; } + +WOLFSSL_API void wc_Md5Free(Md5* md5) { (void) md5 ; } + #endif #if !defined(NO_SHA) @@ -89,6 +92,8 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash) } +WOLFSSL_API void wc_ShaFree(Sha* sha) { (void) sha ; } + #endif /* !defined(NO_SHA) */ #if !defined(NO_SHA256) @@ -136,8 +141,12 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash) return ret; } + +WOLFSSL_API void wc_Sha256Free(Sha256* sha256) { (void)sha256 ; } + #endif /* !defined(NO_SHA256) */ +#endif /* !defined(WOLFSSL_TI_HASH) */ #if defined(WOLFSSL_SHA512) int wc_Sha512Hash(const byte* data, word32 len, byte* hash) @@ -172,6 +181,8 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* hash) return ret; } +WOLFSSL_API void wc_Sha512Free(Sha512* sha512) { (void)sha512 ; } + #if defined(WOLFSSL_SHA384) int wc_Sha384Hash(const byte* data, word32 len, byte* hash) { @@ -205,8 +216,7 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* hash) return ret; } +WOLFSSL_API void wc_Sha384Free(Sha384* sha384) { (void) sha384 ; } + #endif /* defined(WOLFSSL_SHA384) */ #endif /* defined(WOLFSSL_SHA512) */ - -#endif /* !defined(WOLFSSL_TI_HASH) */ - diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c old mode 100644 new mode 100755 index 04e6650b6..56526af86 --- a/wolfcrypt/src/port/ti/ti-hash.c +++ b/wolfcrypt/src/port/ti/ti-hash.c @@ -151,6 +151,13 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3 return ret; } +static int hashFree(wolfssl_TI_Hash *hash) +{ + XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); + hashInit(hash) ; + return 0 ; +} + #if !defined(NO_MD5) WOLFSSL_API void wc_InitMd5(Md5* md5) { @@ -183,6 +190,11 @@ WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash) return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ; } +WOLFSSL_API void wc_Md5Free(Md5* md5) +{ + hashFree((wolfssl_TI_Hash *)md5) ; +} + #endif /* NO_MD5 */ #if !defined(NO_SHA) @@ -217,6 +229,11 @@ WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash) return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ; } +WOLFSSL_API void wc_ShaFree(Sha* sha) +{ + hashFree((wolfssl_TI_Hash *)sha) ; +} + #endif /* NO_SHA */ #if defined(HAVE_SHA224) @@ -251,6 +268,11 @@ WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash) return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ; } +WOLFSSL_API void wc_Sha224Free(Sha224* sha224) +{ + hashFree((wolfssl_TI_Hash *)sha224) ; +} + #endif /* HAVE_SHA224 */ #if !defined(NO_SHA256) @@ -284,6 +306,12 @@ WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash) { return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ; } + +WOLFSSL_API void wc_Sha256Free(Sha256* sha256) +{ + hashFree((wolfssl_TI_Hash *)sha256) ; +} + #endif #endif diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h old mode 100644 new mode 100755 index 2b35d5a6a..3b4e33af8 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -28,6 +28,7 @@ #include WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; +WOLFSSL_API void wc_Md5Free(Md5*); #endif #ifndef NO_SHA @@ -35,6 +36,7 @@ WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); +WOLFSSL_API void wc_ShaFree(Sha*); #endif #ifndef NO_SHA256 @@ -42,13 +44,16 @@ WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); +WOLFSSL_API void wc_Sha256Free(Sha256*); #endif #ifdef WOLFSSL_SHA512 #include WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); +WOLFSSL_API void wc_Sha512Free(Sha512*); #if defined(WOLFSSL_SHA384) WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); + WOLFSSL_API void wc_Sha384Free(Sha384*); #endif /* defined(WOLFSSL_SHA384) */ #endif /* WOLFSSL_SHA512 */ From c812379924bb730357966a080057a39ccfa37c5d Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 17 Aug 2015 14:39:40 -0700 Subject: [PATCH 094/102] fix shadow decl in DsaKeyToDer() --- wolfcrypt/src/asn.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ac1f68d2d..1640072a4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1444,8 +1444,8 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) word32 seqSz, verSz, rawLen, intTotalLen = 0; word32 sizes[DSA_INTS]; int i, j, outLen, ret = 0, lbit; - int err ; - + int err; + byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; byte* tmps[DSA_INTS]; @@ -1481,8 +1481,6 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */ if (sizes[i] <= MAX_SEQ_SZ) { - int err; - /* leading zero */ if (lbit) tmps[i][sizes[i]-1] = 0x00; From 049a4c64603154a85965f9d362afdd166e00ffb6 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 17 Aug 2015 16:47:39 -0700 Subject: [PATCH 095/102] fix C++ mode warnings --- src/ssl.c | 36 ++++++++++++++++++----------------- tests/suites.c | 4 ++-- wolfcrypt/src/fe_operations.c | 2 +- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2676c0c17..30e266011 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13534,7 +13534,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, } /* Key to DER */ - derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len); + derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, der, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_RsaKeyToDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -13747,7 +13747,8 @@ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) if (eckey->pub_key->internal != NULL) { /* set the internal public key */ - if (wc_ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != MP_OKAY) { + if (wc_ecc_copy_point(&key->pubkey, + (ecc_point*)eckey->pub_key->internal) != MP_OKAY) { WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); return SSL_FATAL_ERROR; } @@ -13958,7 +13959,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) } XMEMSET(external->internal, 0, sizeof(ecc_key)); - wc_ecc_init(external->internal); + wc_ecc_init((ecc_key*)external->internal); /* public key */ external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), @@ -13970,7 +13971,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) } XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT)); - key = external->internal; + key = (ecc_key*)external->internal; external->pub_key->internal = (ecc_point*)&key->pubkey; /* curve group */ @@ -14309,15 +14310,15 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, return SSL_FAILURE; } - if (mp_init(order->internal) != MP_OKAY) { + if (mp_init((mp_int*)order->internal) != MP_OKAY) { WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure"); return SSL_FAILURE; } - if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order, - 16) != MP_OKAY) { + if (mp_read_radix((mp_int*)order->internal, + ecc_sets[group->curve_idx].order, 16) != MP_OKAY) { WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); - mp_clear(order->internal); + mp_clear((mp_int*)order->internal); return SSL_FAILURE; } @@ -14356,7 +14357,8 @@ int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, if (out != NULL) wolfssl_EC_POINT_dump("i2d p", p); #endif - err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len); + err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal, + out, len); if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) { WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); return SSL_FAILURE; @@ -14379,7 +14381,7 @@ int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, } if (wc_ecc_import_point_der(in, len, group->curve_idx, - p->internal) != MP_OKAY) { + (ecc_point*)p->internal) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_import_point_der failed"); return SSL_FAILURE; } @@ -14602,7 +14604,7 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, } } - ret = wc_ecc_point_is_at_infinity(point->internal); + ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal); if (ret <= 0) { WOLFSSL_MSG("ecc_point_is_at_infinity failure"); return SSL_FAILURE; @@ -14904,7 +14906,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, } /* Key to DER */ - derSz = wc_EccKeyToDer(ecc->internal, der, der_max_len); + derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, der, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -15077,7 +15079,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, } /* Key to DER */ - derSz = wc_DsaKeyToDer(dsa->internal, der, der_max_len); + derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, der, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -16020,11 +16022,11 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) if(pSz <= 0 || gSz <= 0) return SSL_FATAL_ERROR; - p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); + p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); if(!p) return MEMORY_E; - g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); + g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); if(!g) { XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); return MEMORY_E; @@ -16066,10 +16068,10 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, (void)cb1; (void)cb2; (void)cb3; - if(XSTRNCMP(data, "redirect index", 14) == 0) { + if(XSTRNCMP((const char*)data, "redirect index", 14) == 0) { return 0; } - else if(XSTRNCMP(data, "addr index", 10) == 0) { + else if(XSTRNCMP((const char*)data, "addr index", 10) == 0) { return 1; } return SSL_FAILURE; diff --git a/tests/suites.c b/tests/suites.c index bd8a8da3f..4ffe25398 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -57,7 +57,7 @@ static char svrPort[] = "0"; static int IsSslVersion(const char* line) { const char* find = "-v "; - char* begin = strstr(line, find); + const char* begin = strstr(line, find); if (begin) { int version = -1; @@ -79,7 +79,7 @@ static int IsSslVersion(const char* line) static int IsOldTlsVersion(const char* line) { const char* find = "-v "; - char* begin = strstr(line, find); + const char* begin = strstr(line, find); if (begin) { int version = -1; diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 9259403ec..0908a755c 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -1318,7 +1318,7 @@ Preconditions: |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static const unsigned char zero[32]; +static const unsigned char zero[32] = {0}; int fe_isnonzero(const fe f) { From 5cffea7aac43c855ce9e74086b5bd348410be25d Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 17 Aug 2015 17:27:29 -0700 Subject: [PATCH 096/102] clean static analysis report in cert fragmentation --- src/internal.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/internal.c b/src/internal.c index 26841116c..36d2086ab 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7458,10 +7458,8 @@ int SendCertificate(WOLFSSL* ssl) if (ssl->fragOffset != 0) length -= (ssl->fragOffset + headerSz); - if (!ssl->options.dtls) { - maxFragment = MAX_RECORD_SIZE; - } - else { + maxFragment = MAX_RECORD_SIZE; + if (ssl->options.dtls) { #ifdef WOLFSSL_DTLS maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ - DTLS_HANDSHAKE_HEADER_SZ - 100; @@ -7590,7 +7588,6 @@ int SendCertificate(WOLFSSL* ssl) i += copySz; ssl->fragOffset += copySz; length -= copySz; - fragSz -= copySz; } if (ssl->keys.encryptionOn) { From 82aaff9e43046b30d5aa96596155099142a99e3f Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 18 Aug 2015 11:22:51 +0900 Subject: [PATCH 097/102] Eliminate hash free in DoRound with non-TI case --- wolfcrypt/src/hash.c | 10 ---------- wolfssl/wolfcrypt/hash.h | 26 +++++++++++++++++++++++--- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 5adb06552..58fce69f8 100755 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -43,8 +43,6 @@ WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) { *m1 = *m2 ; } -WOLFSSL_API void wc_Md5Free(Md5* md5) { (void) md5 ; } - #endif #if !defined(NO_SHA) @@ -92,8 +90,6 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash) } -WOLFSSL_API void wc_ShaFree(Sha* sha) { (void) sha ; } - #endif /* !defined(NO_SHA) */ #if !defined(NO_SHA256) @@ -142,8 +138,6 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash) return ret; } -WOLFSSL_API void wc_Sha256Free(Sha256* sha256) { (void)sha256 ; } - #endif /* !defined(NO_SHA256) */ #endif /* !defined(WOLFSSL_TI_HASH) */ @@ -181,8 +175,6 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* hash) return ret; } -WOLFSSL_API void wc_Sha512Free(Sha512* sha512) { (void)sha512 ; } - #if defined(WOLFSSL_SHA384) int wc_Sha384Hash(const byte* data, word32 len, byte* hash) { @@ -216,7 +208,5 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* hash) return ret; } -WOLFSSL_API void wc_Sha384Free(Sha384* sha384) { (void) sha384 ; } - #endif /* defined(WOLFSSL_SHA384) */ #endif /* defined(WOLFSSL_SHA512) */ diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 3b4e33af8..50e5d88be 100755 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -28,7 +28,11 @@ #include WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; -WOLFSSL_API void wc_Md5Free(Md5*); +#if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_Md5Free(Md5*); +#else + #define wc_Md5Free(d) +#endif #endif #ifndef NO_SHA @@ -36,7 +40,11 @@ WOLFSSL_API void wc_Md5Free(Md5*); WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); -WOLFSSL_API void wc_ShaFree(Sha*); +#if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_ShaFree(Sha*); +#else + #define wc_ShaFree(d) +#endif #endif #ifndef NO_SHA256 @@ -44,16 +52,28 @@ WOLFSSL_API void wc_ShaFree(Sha*); WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); -WOLFSSL_API void wc_Sha256Free(Sha256*); +#if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_Sha256Free(Sha256*); +#else + #define wc_Sha256Free(d) +#endif #endif #ifdef WOLFSSL_SHA512 #include WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); +#if defined(WOLFSSL_TI_HASH) WOLFSSL_API void wc_Sha512Free(Sha512*); +#else +#define wc_Sha512Free(d) +#endif #if defined(WOLFSSL_SHA384) WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); + #if defined(WOLFSSL_TI_HASH) WOLFSSL_API void wc_Sha384Free(Sha384*); + #else + #define wc_Sha384Free(d) + #endif #endif /* defined(WOLFSSL_SHA384) */ #endif /* WOLFSSL_SHA512 */ From 3b9ec2c1199fb467f5b60d39626d6204c02db5cb Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 18 Aug 2015 12:31:34 -0700 Subject: [PATCH 098/102] add extern C to hash.h --- wolfssl/wolfcrypt/hash.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 50e5d88be..4cdd85f11 100755 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -24,6 +24,10 @@ #include +#ifdef __cplusplus + extern "C" { +#endif + #ifndef NO_MD5 #include WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); @@ -63,19 +67,23 @@ WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); #include WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); #if defined(WOLFSSL_TI_HASH) -WOLFSSL_API void wc_Sha512Free(Sha512*); + WOLFSSL_API void wc_Sha512Free(Sha512*); #else -#define wc_Sha512Free(d) + #define wc_Sha512Free(d) #endif #if defined(WOLFSSL_SHA384) WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); #if defined(WOLFSSL_TI_HASH) - WOLFSSL_API void wc_Sha384Free(Sha384*); + WOLFSSL_API void wc_Sha384Free(Sha384*); #else - #define wc_Sha384Free(d) + #define wc_Sha384Free(d) #endif #endif /* defined(WOLFSSL_SHA384) */ #endif /* WOLFSSL_SHA512 */ +#ifdef __cplusplus + } /* extern "C" */ +#endif + #endif /* WOLF_CRYPT_HASH_H */ From b0d90918f9ee0d6da5a5d9916e9b09a9aa14c156 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 18 Aug 2015 21:00:17 -0700 Subject: [PATCH 099/102] fix issue between certificate fragmentation and secure renegotiation --- src/internal.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index 8844c9ac8..73d837847 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7523,15 +7523,17 @@ int SendCertificate(WOLFSSL* ssl) if (ssl->fragOffset == 0) { if (!ssl->options.dtls) { AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl); - HashOutputRaw(ssl, output + RECORD_HEADER_SZ, - HANDSHAKE_HEADER_SZ); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, output + RECORD_HEADER_SZ, + HANDSHAKE_HEADER_SZ); } else { #ifdef WOLFSSL_DTLS AddHeaders(output, payloadSz, certificate, ssl); - HashOutputRaw(ssl, - output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA, - HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, + output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA, + HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA); /* Adding the headers increments these, decrement them for * actual message header. */ ssl->keys.dtls_sequence_number--; @@ -7543,21 +7545,24 @@ int SendCertificate(WOLFSSL* ssl) /* list total */ c32to24(listSz, output + i); - HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); i += CERT_HEADER_SZ; length -= CERT_HEADER_SZ; fragSz -= CERT_HEADER_SZ; if (certSz) { c32to24(certSz, output + i); - HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); i += CERT_HEADER_SZ; length -= CERT_HEADER_SZ; fragSz -= CERT_HEADER_SZ; - HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz); - if (certChainSz) { - HashOutputRaw(ssl, - ssl->buffers.certChain.buffer, certChainSz); + if (!ssl->keys.encryptionOn) { + HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz); + if (certChainSz) + HashOutputRaw(ssl, ssl->buffers.certChain.buffer, + certChainSz); } } } From b3aa98147ad02106a535b8cf293af023f971d761 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 19 Aug 2015 12:29:20 -0700 Subject: [PATCH 100/102] fix description text for enable-sslv3 configure option --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index dfce641b1..73aab6651 100644 --- a/configure.ac +++ b/configure.ac @@ -889,7 +889,7 @@ fi # SSLv3 AC_ARG_ENABLE([sslv3], - [ --enable-sslv3 Enable SSL version 3.0 (default: disabled)], + [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])], [ ENABLED_SSLV3=$enableval ], [ ENABLED_SSLV3=no] ) From dfb8d34d0b06099f612f050a1887b316023ffbc0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 19 Aug 2015 14:18:48 -0700 Subject: [PATCH 101/102] 3.6.6 release notes --- README | 20 ++++++++++++++++++-- README.md | 20 ++++++++++++++++++-- configure.ac | 4 ++-- rpm/spec.in | 2 +- support/wolfssl.pc | 2 +- wolfssl/version.h | 4 ++-- 6 files changed, 42 insertions(+), 10 deletions(-) diff --git a/README b/README index 74abbb0e8..84a0acb92 100644 --- a/README +++ b/README @@ -34,13 +34,29 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** -wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) +wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) -Release 3.6.2 of wolfSSL is an intermediate custom release including: +Release 3.6.6 of wolfSSL has bug fixes and new features including: - OpenSSH compatibility with --enable-openssh - stunnel compatibility with --enable-stunnel - lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freesacle I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html diff --git a/README.md b/README.md index edbfb9d35..e5e7bcb85 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,29 @@ before calling wolfSSL_new(); Though it's not recommended. - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error add -fdebug-types-section to C_EXTRA_FLAGS -#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) +#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) -##Release 3.6.2 of wolfSSL is an intermediate custom release including: +##Release 3.6.6 of wolfSSL has bug fixes and new features including: - OpenSSH compatibility with --enable-openssh - stunnel compatibility with --enable-stunnel - lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freesacle I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html diff --git a/configure.ac b/configure.ac index 73aab6651..57d6eb83d 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=0:2:0 +WOLFSSL_LIBRARY_VERSION=0:3:0 # | | | # +------+ | +---+ # | | | diff --git a/rpm/spec.in b/rpm/spec.in index 2c5de469b..b9d4b21c7 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so.0 -%{_libdir}/libwolfssl.so.0.0.2 +%{_libdir}/libwolfssl.so.0.0.3 %files devel %defattr(-,root,root,-) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 619d3a7c2..a461151f9 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.3 +Version: 3.6.6 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index c14cdc514..8f69cdc53 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.3" -#define LIBWOLFSSL_VERSION_HEX 0x03006003 +#define LIBWOLFSSL_VERSION_STRING "3.6.6" +#define LIBWOLFSSL_VERSION_HEX 0x03006006 #ifdef __cplusplus } From 2f1836d9852835e5befa52c3ae328c693c3c4d01 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 19 Aug 2015 16:52:16 -0700 Subject: [PATCH 102/102] fix snifftest bsd build --- sslSniffer/sslSnifferTest/snifftest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 8ffe24d5a..155a14954 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -60,6 +60,7 @@ int main(void) #ifndef _WIN32 #include /* AF_INET */ #include + #include #endif typedef unsigned char byte;