2012-08-03 23:19:24 -07:00
|
|
|
/* suites.c
|
|
|
|
|
*
|
2016-03-17 16:02:13 -06:00
|
|
|
* Copyright (C) 2006-2016 wolfSSL Inc.
|
2012-08-03 23:19:24 -07:00
|
|
|
*
|
2016-03-17 16:02:13 -06:00
|
|
|
* This file is part of wolfSSL.
|
2012-08-03 23:19:24 -07:00
|
|
|
*
|
2015-01-06 12:14:15 -07:00
|
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
2012-08-03 23:19:24 -07:00
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
2015-01-06 12:14:15 -07:00
|
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
2012-08-03 23:19:24 -07:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2016-03-17 16:02:13 -06:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
2012-08-03 23:19:24 -07:00
|
|
|
*/
|
|
|
|
|
|
2016-03-17 16:02:13 -06:00
|
|
|
|
2012-09-21 13:29:04 -07:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-02-25 13:34:29 -08:00
|
|
|
#include <wolfssl/wolfcrypt/settings.h>
|
2013-04-10 12:17:23 -07:00
|
|
|
|
2012-08-03 23:19:24 -07:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stdio.h>
|
2012-09-21 13:29:04 -07:00
|
|
|
#include <string.h>
|
2015-02-25 13:34:29 -08:00
|
|
|
#include <wolfssl/ssl.h>
|
2012-08-06 17:14:31 -07:00
|
|
|
#include <tests/unit.h>
|
2012-08-03 23:19:24 -07:00
|
|
|
|
|
|
|
|
|
|
|
|
|
#define MAX_ARGS 40
|
2012-08-06 17:14:31 -07:00
|
|
|
#define MAX_COMMAND_SZ 240
|
2017-04-04 14:31:47 -07:00
|
|
|
#define MAX_SUITE_SZ 80
|
2013-03-11 12:02:22 -07:00
|
|
|
#define NOT_BUILT_IN -123
|
2015-08-12 16:39:13 -07:00
|
|
|
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
|
2014-03-02 10:59:03 -08:00
|
|
|
#define VERSION_TOO_OLD -124
|
|
|
|
|
#endif
|
2012-08-06 17:14:31 -07:00
|
|
|
|
2012-09-19 23:38:41 -07:00
|
|
|
#include "examples/client/client.h"
|
|
|
|
|
#include "examples/server/server.h"
|
2012-08-03 23:19:24 -07:00
|
|
|
|
2017-06-26 23:05:32 -07:00
|
|
|
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
|
2015-01-07 13:17:57 -07:00
|
|
|
static WOLFSSL_CTX* cipherSuiteCtx = NULL;
|
2014-03-02 11:06:41 -08:00
|
|
|
static char nonblockFlag[] = "-N";
|
|
|
|
|
static char noVerifyFlag[] = "-d";
|
2016-09-09 23:16:52 -07:00
|
|
|
static char disableEMSFlag[] = "-n";
|
2014-03-02 11:06:41 -08:00
|
|
|
static char flagSep[] = " ";
|
2016-02-08 15:44:22 -08:00
|
|
|
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
|
|
|
|
|
static char portFlag[] = "-p";
|
|
|
|
|
static char svrPort[] = "0";
|
|
|
|
|
#endif
|
2017-04-05 11:21:11 -07:00
|
|
|
static char forceDefCipherListFlag[] = "-H";
|
2013-03-11 10:59:08 -07:00
|
|
|
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
static int devId = INVALID_DEVID;
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-03-11 17:37:08 -07:00
|
|
|
|
2015-08-12 16:39:13 -07:00
|
|
|
#ifndef WOLFSSL_ALLOW_SSLV3
|
|
|
|
|
/* if the protocol version is sslv3 return 1, else 0 */
|
|
|
|
|
static int IsSslVersion(const char* line)
|
|
|
|
|
{
|
|
|
|
|
const char* find = "-v ";
|
2015-08-17 16:47:39 -07:00
|
|
|
const char* begin = strstr(line, find);
|
2015-08-12 16:39:13 -07:00
|
|
|
|
|
|
|
|
if (begin) {
|
|
|
|
|
int version = -1;
|
|
|
|
|
|
|
|
|
|
begin += 3;
|
|
|
|
|
|
|
|
|
|
version = atoi(begin);
|
|
|
|
|
|
|
|
|
|
if (version == 0)
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#endif /* !WOLFSSL_ALLOW_SSLV3 */
|
|
|
|
|
|
2013-03-11 17:37:08 -07:00
|
|
|
#ifdef NO_OLD_TLS
|
2013-03-12 15:56:58 -07:00
|
|
|
/* if the protocol version is less than tls 1.2 return 1, else 0 */
|
2013-03-11 17:37:08 -07:00
|
|
|
static int IsOldTlsVersion(const char* line)
|
|
|
|
|
{
|
|
|
|
|
const char* find = "-v ";
|
2015-08-17 16:47:39 -07:00
|
|
|
const char* begin = strstr(line, find);
|
2013-03-11 17:37:08 -07:00
|
|
|
|
|
|
|
|
if (begin) {
|
|
|
|
|
int version = -1;
|
|
|
|
|
|
|
|
|
|
begin += 3;
|
|
|
|
|
|
|
|
|
|
version = atoi(begin);
|
|
|
|
|
|
|
|
|
|
if (version < 3)
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2015-08-12 16:39:13 -07:00
|
|
|
}
|
2013-03-11 17:37:08 -07:00
|
|
|
#endif /* NO_OLD_TLS */
|
|
|
|
|
|
|
|
|
|
|
2013-03-11 10:59:08 -07:00
|
|
|
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
|
|
|
|
|
static int IsValidCipherSuite(const char* line, char* suite)
|
|
|
|
|
{
|
|
|
|
|
int found = 0;
|
|
|
|
|
int valid = 0;
|
|
|
|
|
|
|
|
|
|
const char* find = "-l ";
|
2014-02-07 14:52:44 -08:00
|
|
|
const char* begin = strstr(line, find);
|
|
|
|
|
const char* end;
|
2013-03-11 10:59:08 -07:00
|
|
|
|
|
|
|
|
suite[0] = '\0';
|
|
|
|
|
|
|
|
|
|
if (begin) {
|
|
|
|
|
begin += 3;
|
|
|
|
|
|
2016-06-29 11:11:25 -07:00
|
|
|
end = XSTRSTR(begin, " ");
|
2013-03-11 10:59:08 -07:00
|
|
|
|
|
|
|
|
if (end) {
|
|
|
|
|
long len = end - begin;
|
|
|
|
|
if (len > MAX_SUITE_SZ) {
|
|
|
|
|
printf("suite too long!\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-06-29 11:11:25 -07:00
|
|
|
XMEMCPY(suite, begin, len);
|
2013-03-11 10:59:08 -07:00
|
|
|
suite[len] = '\0';
|
|
|
|
|
}
|
|
|
|
|
else
|
2016-06-29 11:11:25 -07:00
|
|
|
XSTRNCPY(suite, begin, MAX_SUITE_SZ);
|
2013-03-11 10:59:08 -07:00
|
|
|
|
|
|
|
|
suite[MAX_SUITE_SZ] = '\0';
|
|
|
|
|
found = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-07 09:55:58 -06:00
|
|
|
/* if QSH not enabled then do not use QSH suite */
|
|
|
|
|
#ifdef HAVE_QSH
|
2016-06-29 11:11:25 -07:00
|
|
|
if (XSTRNCMP(suite, "QSH", 3) == 0) {
|
2015-07-07 09:55:58 -06:00
|
|
|
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
|
2017-10-11 09:09:52 -07:00
|
|
|
!= WOLFSSL_SUCCESS)
|
2015-07-07 09:55:58 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-03-11 10:59:08 -07:00
|
|
|
if (found) {
|
2017-10-11 09:09:52 -07:00
|
|
|
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
|
2013-03-11 10:59:08 -07:00
|
|
|
valid = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return valid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-03-11 12:02:22 -07:00
|
|
|
static int execute_test_case(int svr_argc, char** svr_argv,
|
2013-03-11 11:07:46 -07:00
|
|
|
int cli_argc, char** cli_argv,
|
2016-09-09 23:16:52 -07:00
|
|
|
int addNoVerify, int addNonBlocking,
|
2017-04-05 11:21:11 -07:00
|
|
|
int addDisableEMS, int forceSrvDefCipherList,
|
|
|
|
|
int forceCliDefCipherList)
|
2012-08-03 23:19:24 -07:00
|
|
|
{
|
2015-01-07 13:17:57 -07:00
|
|
|
#ifdef WOLFSSL_TIRTOS
|
2014-05-08 15:52:20 -07:00
|
|
|
func_args cliArgs = {0};
|
|
|
|
|
func_args svrArgs = {0};
|
|
|
|
|
cliArgs.argc = cli_argc;
|
|
|
|
|
cliArgs.argv = cli_argv;
|
|
|
|
|
svrArgs.argc = svr_argc;
|
|
|
|
|
svrArgs.argv = svr_argv;
|
|
|
|
|
#else
|
2013-06-19 15:45:06 -03:00
|
|
|
func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
|
|
|
|
|
func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
|
2014-05-08 15:52:20 -07:00
|
|
|
#endif
|
2012-08-03 23:19:24 -07:00
|
|
|
|
2012-08-06 17:14:31 -07:00
|
|
|
tcp_ready ready;
|
|
|
|
|
THREAD_TYPE serverThread;
|
|
|
|
|
char commandLine[MAX_COMMAND_SZ];
|
2013-03-11 10:59:08 -07:00
|
|
|
char cipherSuite[MAX_SUITE_SZ+1];
|
2012-08-06 17:14:31 -07:00
|
|
|
int i;
|
2017-04-04 14:31:47 -07:00
|
|
|
size_t added;
|
2012-08-07 15:06:53 -07:00
|
|
|
static int tests = 1;
|
2017-07-25 15:07:58 -07:00
|
|
|
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
|
|
|
|
|
char portNumber[8];
|
|
|
|
|
#endif
|
2012-08-06 17:14:31 -07:00
|
|
|
|
2017-04-04 14:31:47 -07:00
|
|
|
/* Is Valid Cipher and Version Checks */
|
|
|
|
|
/* build command list for the Is checks below */
|
2012-08-06 17:14:31 -07:00
|
|
|
commandLine[0] = '\0';
|
2017-04-04 14:31:47 -07:00
|
|
|
added = 0;
|
|
|
|
|
for (i = 0; i < svrArgs.argc; i++) {
|
2016-06-29 11:11:25 -07:00
|
|
|
added += XSTRLEN(svr_argv[i]) + 2;
|
2013-02-14 14:09:41 -08:00
|
|
|
if (added >= MAX_COMMAND_SZ) {
|
2017-04-04 14:31:47 -07:00
|
|
|
printf("server command line too long\n");
|
2013-02-14 14:09:41 -08:00
|
|
|
break;
|
|
|
|
|
}
|
2012-08-07 15:06:53 -07:00
|
|
|
strcat(commandLine, svr_argv[i]);
|
2013-03-25 08:41:44 -07:00
|
|
|
strcat(commandLine, flagSep);
|
2012-08-06 17:14:31 -07:00
|
|
|
}
|
2013-03-11 12:02:22 -07:00
|
|
|
if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
|
2013-03-11 12:12:04 -07:00
|
|
|
#ifdef DEBUG_SUITE_TESTS
|
|
|
|
|
printf("cipher suite %s not supported in build\n", cipherSuite);
|
|
|
|
|
#endif
|
2013-03-11 12:02:22 -07:00
|
|
|
return NOT_BUILT_IN;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-12 16:39:13 -07:00
|
|
|
#ifndef WOLFSSL_ALLOW_SSLV3
|
|
|
|
|
if (IsSslVersion(commandLine) == 1) {
|
|
|
|
|
#ifdef DEBUG_SUITE_TESTS
|
|
|
|
|
printf("protocol version on line %s is too old\n", commandLine);
|
|
|
|
|
#endif
|
|
|
|
|
return VERSION_TOO_OLD;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2013-03-11 17:37:08 -07:00
|
|
|
#ifdef NO_OLD_TLS
|
|
|
|
|
if (IsOldTlsVersion(commandLine) == 1) {
|
|
|
|
|
#ifdef DEBUG_SUITE_TESTS
|
|
|
|
|
printf("protocol version on line %s is too old\n", commandLine);
|
|
|
|
|
#endif
|
|
|
|
|
return VERSION_TOO_OLD;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-04-04 14:31:47 -07:00
|
|
|
/* Build Client Command */
|
2013-02-18 14:12:03 -08:00
|
|
|
if (addNoVerify) {
|
2017-04-04 14:31:47 -07:00
|
|
|
printf("repeating test with client cert request off\n");
|
|
|
|
|
if (svrArgs.argc >= MAX_ARGS)
|
2013-02-18 14:12:03 -08:00
|
|
|
printf("server command line too long\n");
|
2017-04-04 14:31:47 -07:00
|
|
|
else
|
|
|
|
|
svr_argv[svrArgs.argc++] = noVerifyFlag;
|
2013-03-11 11:07:46 -07:00
|
|
|
}
|
|
|
|
|
if (addNonBlocking) {
|
2017-04-04 14:31:47 -07:00
|
|
|
printf("repeating test with non blocking on\n");
|
|
|
|
|
if (svrArgs.argc >= MAX_ARGS)
|
2013-03-11 11:07:46 -07:00
|
|
|
printf("server command line too long\n");
|
2017-04-04 14:31:47 -07:00
|
|
|
else
|
|
|
|
|
svr_argv[svrArgs.argc++] = nonblockFlag;
|
2013-02-18 14:12:03 -08:00
|
|
|
}
|
2015-01-07 13:17:57 -07:00
|
|
|
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
|
2017-04-04 14:31:47 -07:00
|
|
|
/* add port */
|
|
|
|
|
if (svrArgs.argc + 2 > MAX_ARGS)
|
2013-03-27 10:22:50 -07:00
|
|
|
printf("cannot add the magic port number flag to server\n");
|
2017-04-04 14:31:47 -07:00
|
|
|
else {
|
|
|
|
|
svr_argv[svrArgs.argc++] = portFlag;
|
|
|
|
|
svr_argv[svrArgs.argc++] = svrPort;
|
2013-03-27 10:22:50 -07:00
|
|
|
}
|
|
|
|
|
#endif
|
2017-04-04 14:31:47 -07:00
|
|
|
if (forceSrvDefCipherList) {
|
|
|
|
|
if (svrArgs.argc >= MAX_ARGS)
|
|
|
|
|
printf("cannot add the force def cipher list flag to server\n");
|
|
|
|
|
else
|
|
|
|
|
svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
|
|
|
|
|
}
|
2012-08-07 15:06:53 -07:00
|
|
|
|
2017-04-04 14:31:47 -07:00
|
|
|
/* update server flags list */
|
2012-08-07 15:06:53 -07:00
|
|
|
commandLine[0] = '\0';
|
2013-02-14 14:09:41 -08:00
|
|
|
added = 0;
|
2017-04-04 14:31:47 -07:00
|
|
|
for (i = 0; i < svrArgs.argc; i++) {
|
|
|
|
|
added += XSTRLEN(svr_argv[i]) + 2;
|
2013-02-14 14:09:41 -08:00
|
|
|
if (added >= MAX_COMMAND_SZ) {
|
2017-04-04 14:31:47 -07:00
|
|
|
printf("server command line too long\n");
|
2013-02-14 14:09:41 -08:00
|
|
|
break;
|
|
|
|
|
}
|
2017-04-04 14:31:47 -07:00
|
|
|
strcat(commandLine, svr_argv[i]);
|
2013-03-25 08:41:44 -07:00
|
|
|
strcat(commandLine, flagSep);
|
2012-08-07 15:06:53 -07:00
|
|
|
}
|
2017-04-04 14:31:47 -07:00
|
|
|
printf("trying server command line[%d]: %s\n", tests, commandLine);
|
|
|
|
|
|
|
|
|
|
tests++; /* test count */
|
2012-08-06 17:14:31 -07:00
|
|
|
|
|
|
|
|
InitTcpReady(&ready);
|
|
|
|
|
|
2015-01-07 13:17:57 -07:00
|
|
|
#ifdef WOLFSSL_TIRTOS
|
2014-09-08 19:40:03 -07:00
|
|
|
fdOpenSession(Task_self());
|
2014-05-08 15:52:20 -07:00
|
|
|
#endif
|
|
|
|
|
|
2012-08-06 17:14:31 -07:00
|
|
|
/* start server */
|
|
|
|
|
svrArgs.signal = &ready;
|
|
|
|
|
start_thread(server_test, &svrArgs, &serverThread);
|
|
|
|
|
wait_tcp_ready(&svrArgs);
|
2017-04-04 14:31:47 -07:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Build Client Command */
|
|
|
|
|
if (addNonBlocking) {
|
|
|
|
|
if (cliArgs.argc >= MAX_ARGS)
|
|
|
|
|
printf("cannot add the non block flag to client\n");
|
|
|
|
|
else
|
|
|
|
|
cli_argv[cliArgs.argc++] = nonblockFlag;
|
|
|
|
|
}
|
|
|
|
|
if (addDisableEMS) {
|
|
|
|
|
printf("repeating test without extended master secret\n");
|
|
|
|
|
if (cliArgs.argc >= MAX_ARGS)
|
|
|
|
|
printf("cannot add the disable EMS flag to client\n");
|
|
|
|
|
else
|
|
|
|
|
cli_argv[cliArgs.argc++] = disableEMSFlag;
|
|
|
|
|
}
|
|
|
|
|
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
|
|
|
|
|
if (ready.port != 0) {
|
|
|
|
|
if (cliArgs.argc + 2 > MAX_ARGS)
|
|
|
|
|
printf("cannot add the magic port number flag to client\n");
|
|
|
|
|
else {
|
|
|
|
|
snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
|
|
|
|
|
cli_argv[cliArgs.argc++] = portFlag;
|
|
|
|
|
cli_argv[cliArgs.argc++] = portNumber;
|
2013-03-26 22:00:39 -07:00
|
|
|
}
|
2017-04-04 14:31:47 -07:00
|
|
|
}
|
|
|
|
|
#endif
|
2017-04-05 11:21:11 -07:00
|
|
|
if (forceCliDefCipherList) {
|
|
|
|
|
if (cliArgs.argc >= MAX_ARGS)
|
|
|
|
|
printf("cannot add the force def cipher list flag to client\n");
|
|
|
|
|
else
|
|
|
|
|
cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
|
|
|
|
|
}
|
2017-04-04 14:31:47 -07:00
|
|
|
|
|
|
|
|
commandLine[0] = '\0';
|
|
|
|
|
added = 0;
|
|
|
|
|
for (i = 0; i < cliArgs.argc; i++) {
|
|
|
|
|
added += XSTRLEN(cli_argv[i]) + 2;
|
|
|
|
|
if (added >= MAX_COMMAND_SZ) {
|
|
|
|
|
printf("client command line too long\n");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
strcat(commandLine, cli_argv[i]);
|
|
|
|
|
strcat(commandLine, flagSep);
|
|
|
|
|
}
|
|
|
|
|
printf("trying client command line[%d]: %s\n", tests, commandLine);
|
|
|
|
|
|
2012-08-06 17:14:31 -07:00
|
|
|
/* start client */
|
|
|
|
|
client_test(&cliArgs);
|
|
|
|
|
|
2017-04-04 14:31:47 -07:00
|
|
|
/* verify results */
|
2012-08-06 17:14:31 -07:00
|
|
|
if (cliArgs.return_code != 0) {
|
|
|
|
|
printf("client_test failed\n");
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
join_thread(serverThread);
|
2017-04-04 14:31:47 -07:00
|
|
|
if (svrArgs.return_code != 0) {
|
2012-08-06 17:14:31 -07:00
|
|
|
printf("server_test failed\n");
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-07 13:17:57 -07:00
|
|
|
#ifdef WOLFSSL_TIRTOS
|
2014-09-08 19:40:03 -07:00
|
|
|
fdCloseSession(Task_self());
|
2014-05-08 15:52:20 -07:00
|
|
|
#endif
|
2012-08-06 17:14:31 -07:00
|
|
|
FreeTcpReady(&ready);
|
2017-04-04 14:31:47 -07:00
|
|
|
|
2013-03-11 12:02:22 -07:00
|
|
|
return 0;
|
2012-08-03 23:19:24 -07:00
|
|
|
}
|
|
|
|
|
|
2012-09-19 23:38:41 -07:00
|
|
|
static void test_harness(void* vargs)
|
2012-08-03 23:19:24 -07:00
|
|
|
{
|
|
|
|
|
func_args* args = (func_args*)vargs;
|
|
|
|
|
char* script;
|
2012-08-07 15:06:53 -07:00
|
|
|
long sz, len;
|
|
|
|
|
int cliMode = 0; /* server or client command flag, server first */
|
2013-03-11 12:02:22 -07:00
|
|
|
int ret;
|
2012-08-03 23:19:24 -07:00
|
|
|
FILE* file;
|
2012-08-07 15:06:53 -07:00
|
|
|
char* svrArgs[MAX_ARGS];
|
|
|
|
|
int svrArgsSz;
|
|
|
|
|
char* cliArgs[MAX_ARGS];
|
|
|
|
|
int cliArgsSz;
|
2012-08-03 23:19:24 -07:00
|
|
|
char* cursor;
|
|
|
|
|
char* comment;
|
2012-09-20 15:39:15 -07:00
|
|
|
const char* fname = "tests/test.conf";
|
2012-08-03 23:19:24 -07:00
|
|
|
|
|
|
|
|
if (args->argc == 1) {
|
|
|
|
|
printf("notice: using default file %s\n", fname);
|
|
|
|
|
}
|
|
|
|
|
else if(args->argc != 2) {
|
|
|
|
|
printf("usage: harness [FILE]\n");
|
|
|
|
|
args->return_code = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
fname = args->argv[1];
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-10 09:57:29 -07:00
|
|
|
file = fopen(fname, "rb");
|
2012-08-03 23:19:24 -07:00
|
|
|
if (file == NULL) {
|
|
|
|
|
fprintf(stderr, "unable to open %s\n", fname);
|
|
|
|
|
args->return_code = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
fseek(file, 0, SEEK_END);
|
|
|
|
|
sz = ftell(file);
|
|
|
|
|
rewind(file);
|
2013-02-14 14:09:41 -08:00
|
|
|
if (sz <= 0) {
|
2012-08-03 23:19:24 -07:00
|
|
|
fprintf(stderr, "%s is empty\n", fname);
|
|
|
|
|
fclose(file);
|
|
|
|
|
args->return_code = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
script = (char*)malloc(sz+1);
|
|
|
|
|
if (script == 0) {
|
|
|
|
|
fprintf(stderr, "unable to allocte script buffer\n");
|
|
|
|
|
fclose(file);
|
|
|
|
|
args->return_code = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
len = fread(script, 1, sz, file);
|
|
|
|
|
if (len != sz) {
|
|
|
|
|
fprintf(stderr, "read error\n");
|
|
|
|
|
fclose(file);
|
2013-02-14 14:09:41 -08:00
|
|
|
free(script);
|
2012-08-03 23:19:24 -07:00
|
|
|
args->return_code = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-04-04 14:31:47 -07:00
|
|
|
|
2012-08-03 23:19:24 -07:00
|
|
|
fclose(file);
|
|
|
|
|
script[sz] = 0;
|
|
|
|
|
|
|
|
|
|
cursor = script;
|
2012-08-07 15:06:53 -07:00
|
|
|
svrArgsSz = 1;
|
|
|
|
|
svrArgs[0] = args->argv[0];
|
|
|
|
|
cliArgsSz = 1;
|
|
|
|
|
cliArgs[0] = args->argv[0];
|
2012-08-03 23:19:24 -07:00
|
|
|
|
|
|
|
|
while (*cursor != 0) {
|
2012-08-07 15:06:53 -07:00
|
|
|
int do_it = 0;
|
2012-08-03 23:19:24 -07:00
|
|
|
|
|
|
|
|
switch (*cursor) {
|
|
|
|
|
case '\n':
|
2012-08-07 15:06:53 -07:00
|
|
|
/* A blank line triggers test case execution or switches
|
|
|
|
|
to client mode if we don't have the client command yet */
|
|
|
|
|
if (cliMode == 0)
|
|
|
|
|
cliMode = 1; /* switch to client mode processing */
|
|
|
|
|
else
|
|
|
|
|
do_it = 1; /* Do It, we have server and client */
|
2012-08-03 23:19:24 -07:00
|
|
|
cursor++;
|
|
|
|
|
break;
|
|
|
|
|
case '#':
|
|
|
|
|
/* Ignore lines that start with a #. */
|
|
|
|
|
comment = strsep(&cursor, "\n");
|
2013-03-11 12:09:49 -07:00
|
|
|
#ifdef DEBUG_SUITE_TESTS
|
2012-08-03 23:19:24 -07:00
|
|
|
printf("%s\n", comment);
|
2013-03-12 09:52:16 -07:00
|
|
|
#else
|
|
|
|
|
(void)comment;
|
2013-03-11 12:09:49 -07:00
|
|
|
#endif
|
2012-08-03 23:19:24 -07:00
|
|
|
break;
|
|
|
|
|
case '-':
|
|
|
|
|
/* Parameters start with a -. They end in either a newline
|
2012-08-07 15:06:53 -07:00
|
|
|
* or a space. Capture until either, save in Args list. */
|
|
|
|
|
if (cliMode)
|
|
|
|
|
cliArgs[cliArgsSz++] = strsep(&cursor, " \n");
|
|
|
|
|
else
|
|
|
|
|
svrArgs[svrArgsSz++] = strsep(&cursor, " \n");
|
2012-08-03 23:19:24 -07:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
/* Anything from cursor until end of line that isn't the above
|
|
|
|
|
* is data for a paramter. Just up until the next newline in
|
2012-08-07 15:06:53 -07:00
|
|
|
* the Args list. */
|
|
|
|
|
if (cliMode)
|
|
|
|
|
cliArgs[cliArgsSz++] = strsep(&cursor, "\n");
|
|
|
|
|
else
|
|
|
|
|
svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
|
|
|
|
|
if (*cursor == 0) /* eof */
|
2017-04-04 14:31:47 -07:00
|
|
|
do_it = 1;
|
2012-08-07 15:06:53 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
|
|
|
|
|
fprintf(stderr, "too many arguments, forcing test run\n");
|
|
|
|
|
do_it = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (do_it) {
|
2016-09-09 23:16:52 -07:00
|
|
|
ret = execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
|
2013-03-11 12:02:22 -07:00
|
|
|
/* don't repeat if not supported in build */
|
|
|
|
|
if (ret == 0) {
|
2017-04-04 14:31:47 -07:00
|
|
|
/* test with default cipher list on server side */
|
|
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
|
|
|
|
|
/* test with default cipher list on client side */
|
|
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
|
|
|
|
cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
|
2017-04-04 14:31:47 -07:00
|
|
|
|
2016-09-09 23:16:52 -07:00
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
|
2016-09-09 23:16:52 -07:00
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
|
2016-09-09 23:16:52 -07:00
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
|
2016-09-09 23:16:52 -07:00
|
|
|
#ifdef HAVE_EXTENDED_MASTER
|
|
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
|
2016-09-09 23:16:52 -07:00
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
|
2016-09-09 23:16:52 -07:00
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
|
2016-09-09 23:16:52 -07:00
|
|
|
execute_test_case(svrArgsSz, svrArgs,
|
2017-04-05 11:21:11 -07:00
|
|
|
cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
|
2016-09-09 23:16:52 -07:00
|
|
|
#endif
|
2013-03-11 12:02:22 -07:00
|
|
|
}
|
2012-08-07 15:06:53 -07:00
|
|
|
svrArgsSz = 1;
|
|
|
|
|
cliArgsSz = 1;
|
|
|
|
|
cliMode = 0;
|
2012-08-03 23:19:24 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(script);
|
|
|
|
|
args->return_code = 0;
|
|
|
|
|
}
|
2017-06-26 23:05:32 -07:00
|
|
|
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
|
2012-08-03 23:19:24 -07:00
|
|
|
|
|
|
|
|
|
|
|
|
|
int SuiteTest(void)
|
|
|
|
|
{
|
2017-06-26 23:05:32 -07:00
|
|
|
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
|
2012-08-03 23:19:24 -07:00
|
|
|
func_args args;
|
2012-10-31 15:25:39 -07:00
|
|
|
char argv0[2][80];
|
2012-08-06 17:14:31 -07:00
|
|
|
char* myArgv[2];
|
2012-08-03 23:19:24 -07:00
|
|
|
|
2012-08-06 17:14:31 -07:00
|
|
|
printf(" Begin Cipher Suite Tests\n");
|
|
|
|
|
|
|
|
|
|
/* setup */
|
|
|
|
|
myArgv[0] = argv0[0];
|
|
|
|
|
myArgv[1] = argv0[1];
|
2012-08-03 23:19:24 -07:00
|
|
|
args.argv = myArgv;
|
2012-08-06 17:14:31 -07:00
|
|
|
strcpy(argv0[0], "SuiteTest");
|
2012-08-03 23:19:24 -07:00
|
|
|
|
2016-06-04 19:03:48 -06:00
|
|
|
#ifdef WOLFSSL_STATIC_MEMORY
|
|
|
|
|
byte memory[200000];
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-03-07 17:44:40 -08:00
|
|
|
(void)test_harness;
|
|
|
|
|
|
2015-02-25 13:34:29 -08:00
|
|
|
cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
|
2013-03-11 10:59:08 -07:00
|
|
|
if (cipherSuiteCtx == NULL) {
|
|
|
|
|
printf("can't get cipher suite ctx\n");
|
2016-02-23 17:03:52 -07:00
|
|
|
exit(EXIT_FAILURE);
|
2013-03-11 10:59:08 -07:00
|
|
|
}
|
|
|
|
|
|
2016-06-04 19:03:48 -06:00
|
|
|
/* load in static memory buffer if enabled */
|
|
|
|
|
#ifdef WOLFSSL_STATIC_MEMORY
|
|
|
|
|
if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
|
|
|
|
|
memory, sizeof(memory), 0, 1)
|
2017-10-11 09:09:52 -07:00
|
|
|
!= WOLFSSL_SUCCESS) {
|
2016-06-04 19:03:48 -06:00
|
|
|
printf("unable to load static memory and create ctx");
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
2016-06-04 19:03:48 -06:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
if (wolfAsync_DevOpen(&devId) < 0) {
|
|
|
|
|
printf("Async device open failed");
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
}
|
|
|
|
|
wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId);
|
|
|
|
|
#endif /* WOLFSSL_ASYNC_CRYPT */
|
|
|
|
|
|
2012-08-06 17:14:31 -07:00
|
|
|
/* default case */
|
|
|
|
|
args.argc = 1;
|
|
|
|
|
printf("starting default cipher suite tests\n");
|
2012-08-03 23:19:24 -07:00
|
|
|
test_harness(&args);
|
2012-08-06 17:14:31 -07:00
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
2012-08-06 17:14:31 -07:00
|
|
|
}
|
2012-08-03 23:19:24 -07:00
|
|
|
|
2012-08-06 17:14:31 -07:00
|
|
|
/* any extra cases will need another argument */
|
|
|
|
|
args.argc = 2;
|
2012-08-03 23:19:24 -07:00
|
|
|
|
2016-11-24 01:31:07 +10:00
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
/* add TLSv13 extra suites */
|
|
|
|
|
strcpy(argv0[1], "tests/test-tls13.conf");
|
|
|
|
|
printf("starting TLSv13 extra cipher suite tests\n");
|
|
|
|
|
test_harness(&args);
|
|
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2017-05-30 16:04:24 +10:00
|
|
|
#if defined(HAVE_CURVE25519) && defined(HAVE_ED25519)
|
|
|
|
|
/* add ED25519 certificate cipher suite tests */
|
|
|
|
|
strcpy(argv0[1], "tests/test-ed25519.conf");
|
|
|
|
|
printf("starting ED25519 extra cipher suite tests\n");
|
|
|
|
|
test_harness(&args);
|
|
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2015-07-07 09:55:58 -06:00
|
|
|
#ifdef WOLFSSL_DTLS
|
2012-08-08 17:09:09 -07:00
|
|
|
/* add dtls extra suites */
|
|
|
|
|
strcpy(argv0[1], "tests/test-dtls.conf");
|
|
|
|
|
printf("starting dtls extra cipher suite tests\n");
|
|
|
|
|
test_harness(&args);
|
|
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
2015-07-07 09:55:58 -06:00
|
|
|
}
|
|
|
|
|
#endif
|
2016-08-29 15:15:59 -07:00
|
|
|
#ifdef WOLFSSL_SCTP
|
|
|
|
|
/* add dtls-sctp extra suites */
|
|
|
|
|
strcpy(argv0[1], "tests/test-sctp.conf");
|
|
|
|
|
printf("starting dtls-sctp extra cipher suite tests\n");
|
|
|
|
|
test_harness(&args);
|
|
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
2016-08-29 15:15:59 -07:00
|
|
|
}
|
|
|
|
|
#endif
|
2016-02-11 13:49:07 -07:00
|
|
|
#ifndef WC_STRICT_SIG
|
2016-02-23 17:03:52 -07:00
|
|
|
#if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
|
2016-02-11 13:49:07 -07:00
|
|
|
/* add extra signature test suites */
|
|
|
|
|
strcpy(argv0[1], "tests/test-sig.conf");
|
|
|
|
|
printf("starting sig extra cipher suite tests\n");
|
|
|
|
|
test_harness(&args);
|
|
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
2016-02-11 13:49:07 -07:00
|
|
|
}
|
2016-02-23 17:03:52 -07:00
|
|
|
#endif /* HAVE_RSA and HAVE_ECC */
|
|
|
|
|
#endif /* !WC_STRICT_SIG */
|
2015-07-07 09:55:58 -06:00
|
|
|
#ifdef HAVE_QSH
|
2016-02-11 13:49:07 -07:00
|
|
|
/* add QSH extra suites */
|
2015-07-07 09:55:58 -06:00
|
|
|
strcpy(argv0[1], "tests/test-qsh.conf");
|
|
|
|
|
printf("starting qsh extra cipher suite tests\n");
|
|
|
|
|
test_harness(&args);
|
|
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
2012-08-08 17:09:09 -07:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-07-31 21:51:04 -06:00
|
|
|
#ifndef NO_PSK
|
|
|
|
|
/* add psk extra suites */
|
|
|
|
|
strcpy(argv0[1], "tests/test-psk-no-id.conf");
|
|
|
|
|
printf("starting psk no identity extra cipher suite tests\n");
|
|
|
|
|
test_harness(&args);
|
|
|
|
|
if (args.return_code != 0) {
|
|
|
|
|
printf("error from script %d\n", args.return_code);
|
2017-04-10 14:19:20 -07:00
|
|
|
args.return_code = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
2015-07-31 21:51:04 -06:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
exit:
|
2012-08-06 17:14:31 -07:00
|
|
|
printf(" End Cipher Suite Tests\n");
|
|
|
|
|
|
2015-02-25 13:34:29 -08:00
|
|
|
wolfSSL_CTX_free(cipherSuiteCtx);
|
|
|
|
|
wolfSSL_Cleanup();
|
2013-03-11 10:59:08 -07:00
|
|
|
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
wolfAsync_DevClose(&devId);
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-08-06 17:14:31 -07:00
|
|
|
return args.return_code;
|
2017-06-26 23:05:32 -07:00
|
|
|
#else
|
|
|
|
|
return NOT_COMPILED_IN;
|
|
|
|
|
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
|
2012-08-06 17:14:31 -07:00
|
|
|
}
|