mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:wolfssl/wolfssl

This commit is contained in:
toddouska 2015-11-16 13:20:26 -08:00
parent ca7956b50d 4e7935f5f5
commit 5e80bf46bf
44 changed files with 1079 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/ROWLEY-CROSSWORKS-ARM/hw.h
View File

@ -10,4 +10,4 @@ uint32_t hw_get_time_sec(void);
uint32_t hw_get_time_msec(void);
void hw_uart_printchar(int c);
void hw_watchdog_disable(void);
int hw_rand(void);
uint32_t hw_rand(void);

2
IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
View File

@ -167,7 +167,7 @@ void hw_uart_printchar(int c)
UART_PORT->D = (uint8_t)c; /* Send the character */
}
int hw_rand(void)
uint32_t hw_rand(void)
{
while((RNG->SR & RNG_SR_OREG_LVL(0xF)) == 0) {}; /* Wait until FIFO has a value available */
return RNG->OR; /* Return next value in FIFO output register */

2
IDE/ROWLEY-CROSSWORKS-ARM/user_libc.c
View File

@ -29,7 +29,7 @@ double current_time(int reset)
return time;
}
int custom_rand_generate(void)
uint32_t custom_rand_generate(void)
{
return hw_rand();
}

3
IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
View File

@ -18,7 +18,8 @@
/* Custom functions */
extern int custom_rand_generate(void);
#define CUSTOM_RAND_GENERATE custom_rand_generate
#define CUSTOM_RAND_GENERATE custom_rand_generate
#define CUSTOM_RAND_TYPE word32
#define WOLFSSL_USER_CURRTIME
/* Debugging - Optional */

20
IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
View File

@ -10,12 +10,14 @@
project_type="Library" />
<folder Name="Source Files">
<configuration Name="Common" filter="c;cpp;cxx;cc;h;s;inc" />
<folder
Name="wolfcrypt"
exclude="*.asm;*.s"
filter=""
path="../../wolfcrypt"
recurse="Yes" />
<folder Name="wolfcrypt">
<folder Name="benchmark" path="../../wolfcrypt/benchmark" />
<folder Name="src" path="../../wolfcrypt/src" />
<folder Name="test" path="../../wolfcrypt/test" />
<folder Name="user-crypto" path="../../wolfcrypt/user-crypto">
<configuration Name="Common" build_exclude_from_build="Yes" />
</folder>
</folder>
<folder
Name="wolfssl"
exclude="*.asm;*.s"
@ -24,6 +26,12 @@
recurse="Yes" />
<file file_name="user_settings.h" />
<file file_name="README.md" />
<folder
Name="source"
exclude=""
filter=""
path="../../src"
recurse="No" />
</folder>
</project>
<project Name="test">

281
IDE/WORKBENCH/README.md
View File

@ -1,150 +1,175 @@
## Wind River Workbench using VxWorks with wolfSSL
###1 SETUP:
####1.1 Steps
####1 Necessary Files if Using VxWorks Simulator
The following files are required to replicate this build:
* vxsim\_linux\_1\_0\_2\_2 (directory)
* compilers/gnu-4.8.1.5/include/c++/4.8
* compilers/gnu-4.8.1.5/include/c++/4.8/i586-wrs-vxworks
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include-fixed
* vsb\_vxsim\_linux/share/h
* vsb\_vxsim\_linux/krnl/h/system
* vsb\_vxsim\_linux/krnl/h/public
* vsb\_vxsim\_linux/krnl/configlette
* vsb\_vxsim\_linux/h
Note: This project was tested with a pre-built image in the VxWorks distribution
called vip\_vxsim\_linux\_gnu.
####2 Steps to Add wolfSSL to Workbench Project
1. Start by creating a new VxWorks image in Workbench by going to File > New >
Project and then select VxWorks Image Project.
2. Include the path to the wolfSSL header files(wolfssl/wolfssl):
Right click the project and go to Properties > Build Properties > Paths.
Choose Browse and select the wolfssl directory. Click ok.
3. Add preprocessor definitions:
Right click on project, go to Properties > Build Properties > Variables.
Project and then selecting VxWorks Image Project.
2. Right click on the project and go to Import > General > Filesystem. Choose the path
to the wolfSSL library here. Uncheck everything except the examples, src and
wolfcrypt directories. Uncheck the following:
wolfcrypt/src/aes_asm.asm
wolfcrypt/src/aes_asm.s
examples/echoclient/
examples/echoserver/
wolcrypt/user-crypto
Leave "Create top level folder" unchecked. Click Finish.
3. To include the path to the wolfSSL header files, right click on the project and go to Properties > Build Properties > Paths.
Choose Browse and select:
<path_to_wolfssl>/
Click ok.
4. In \<path\_to\_wolfssl\>/wolfssl/wolfcrypt/settings.h, uncomment #define WOLFSSL_VXWORKS
5. If not using a filesystem, right click on project, go to Properties >
Build Properties > Variables.
Highlight EXTRA\_DEFINE. Click Edit and add the following to this line:
-DWOLFSSL\_VXWORKS.
This can also be done in wolfssl/wolfcrypt/settings.h by uncommenting the
#define WOLFSSL_VXWORKS
line.
If there is not a filesystem set up, add -DUSE\_CERT\_BUFFERS\_2048 and
-DNO\_FILESYSTEM to the variables or #define USE\_CERT\_BUFFERS\_2048 and
\#define NO\_FILESYSTEM at the top of settings.h.
If there is a filesystem, paths may need to be changed to the path of
filesystem for certificate files in wolfssl/test.h.
4. Right click on the project and go to Import > Filesystem. Choose the path
to the wolfSSL library here. Uncheck everything except the src and wolfcrypt
directories.
In the wolfcrypt/src folder, uncheck aes\_asm.asm and aes\_asm.s.
5. If NO\_\_DEV\_RANDOM remains defined in wolfssl/wolfcrypt/settings.h under
\#ifdef WOLFSSL\_VXWORKS, a new GenerateSeed() function will need to be defined
-DUSE_CERT_BUFFERS_2048 -DNO_FILESYSTEM
USE\_CERT\_BUFFERS is only necessary for the wolfCrypt test and benchmark applications.
6. If using the VxWorks simulator add the following to EXTRA\_DEFINE:
-DVXWORKS_SIM /* only if using the VxWorks simulator */
7. If using a filesystem and running the wolfCrypt test and benchmark applications, copy the certs folder in \<path\_to\_wolfssl\>/wolfssl to the Wind River Workbench workspace folder. This is where the simulator looks for the filesystem.
8. If NO\_DEV\_RANDOM is defined in \<path\_to\_wolfssl\>wolfssl/wolfcrypt/settings.h inside the
\#ifdef WOLFSSL\_VXWORKS block, a new GenerateSeed() function will need to be defined
in wolfcrypt/src/random.c.
####1.2 Testing wolfSSL with VxWorks:
#####1.2.1 wolfCrypt Test Application
####3 Testing wolfSSL with VxWorks:
#####3.1 wolfCrypt Test and Benchmark Applications
The wolfCrypt test application will test each of the cryptographic algorithms
and output the status for each. This should return success for each algorithm
if everything is working.
and output the status for each as a success or failure. The benchmark application will output the runtime of
the cryptographic algorithms in milliseconds.
1. In usrAppInit.c, make a call to the wolfCrypt test application by adding
the following to the usrAppInit() function:
typedef struct func_args {
int argc;
char** argv;
int return_code;
} func_args;
func_args args;
wolfcrypt_test(&args);
2. Include these header files in usrAppInit.c:
1. Include the following at the top of usrAppInit.c:
#include <wolfcrypt/test/test.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/test.h>
3. Start the simulator and check that all wolfCrypt tests pass. If there is a
certificate file error, adjust the caCert file locations in
wolfcrypt/test/test.c or wolfssl/test.h to those of the filesystem in use.
extern int benchmark_test(void* args);
#####1.2.2 Example Client
The wolfSSL example client can be found in wolfssl/examples/client.
2. In usrAppInit.c, make a call to the wolfCrypt test and benchmark applications
by adding the following to the usrAppInit() function:
1. Add client.c and client.h from the examples/client folder to the Workbench
project.
2. In usrAppInit.c, inlucde the func\_args as described in the Test Application
typedef struct func_args {
int argc;
char** argv;
int return_code;
tcp_ready* signal;
callback_functions *callbacks;
} func_args;
func_args args;
wolfcrypt_test(&args);
benchmark_test(&args);
3. Right click on the project and select "Build Project".
4. To run the VxWorks simulator, click the dropdown list next to "VxWorks Simulator" at the top of Workbench and go to "Open Connection Details". Add the correct Kernel Image file. This will be located in ```workspace/<project\_name>/default/vxWorks```. Click Apply. Start the simulator by clicking the green, "Connect 'VxWorks Simulator'" button to the right of the "VxWorks Simulator" dropdown list. Verify in the simulator terminal that all wolfCrypt tests pass.
#####3.2 Example Client
The wolfSSL example client.c file can be found in \<path\_to\_wolfssl\>/wolfssl/examples/client.
1. Add the following include to usrAppInit.c:
#include <examples/client/client.h>
2. In usrAppInit.c, include the func\_args as described in the Test Application
section, and add a call to the client function:
client_test(&args);
3. Add the client.h header file to the includes at the top of usrAppInit.c.
4. The wolfSSLIP will need to be changed to the IP address the server is
running on. If using the VxWorks Simulator, localhost will not work. NAT should
be selected in the Simulator Connection Advanced setup.
5. Start the example server from within the wolfSSL directory on the host
machine:
./examples/server/server -d -b
The -d option disables peer checks, -b allows for binding to any interface.
6. Start the example client in Workbench.
#####1.2.3 Example Server
The example server requires more configuration than the client if using the
VxWorks simulator.
1. Add server.c and server.h from the wolfssl/examples/server folder to the
Workbench project.
2. In usrAppInit.c, inlcude the func\args as described in the Test and Client
applications and add a call to the server function:
client_test(&args);
func_args args = { 0 };
tcp_ready ready;
InitTcpReady(&ready);
args.signal = &ready;
3. The char* host in examples/client/client.c will need to be changed to the IP address to connect to. For example:
char* host = "192.168.15.1";
4. Right click on the project and select "Build Project".
5. If using the VxWorks Simulator, localhost will not work. NAT should be selected in the Simulator Connection Advanced setup. To do this, click the dropdown button next to VxWorks Simulator at the top of Workbench and select "Open Connection Details". Make sure the correct kernel image file is selected for you project as stated in section 3.1 step 4. Then click Advanced and select NAT as the Network Config. Click OK and Apply.
6. There is an example server in \<path\_to\_wolfssl\> that can be used for testing the client. wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on setting up the example server. From within \<path\_to\_wolfssl\>/wolfssl, the following command can be used to run the server on the host machine:
./examples/server/server -d -b
7. Start the example client in Workbench by following step 3 in section 3.1.
8. The following output should be expected in the simulator terminal:
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Server response: I hear you fa shizzle!
#####3.3 Example Server
The example server requires more configuration than the client if using the
VxWorks simulator.
Note: The wolfSSL example server and client cannot run at the same time on the VxWorks simulator. Either remove or comment out the ```client_test(&args);``` line.
1. Add the following include to usrAppInit.c:
#include </examples/server/server.h>
2. In usrAppInit.c, after the ```func_args args;``` call, add:
tcp_ready ready;
ready.ready = 0;
ready.port = 0;
args.signal = &ready;
server_test(&args);
3. Add the server.h header file to the includes at the top of usrAppInit.c.
4. Start the server by following the directions in Section 2 for setting up
the VxWorks Simulator.
5. Start the client on the host machine:
./examples/client/client -d
The -d option disables peer checks.
Note: If there are certificate file errors, the file paths in wolfssl/test.h
will need to be adjusted to follow the paths located on the filesystem used
by the VxWorks project.
3. Right click on the project and select "Build Project".
####1.3 Necessary Files
The following files are required to replicate this build:
* vxsim\_linux\_1\_0\_2\_2 (directory)
* Includes
* compilers/gnu-4.8.1.5/include/c++/4.8
* compilers/gnu-4.8.1.5/include/c++/4.8/i586-wrs-vxworks
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include-fixed
* vsb\_vxsim\_linux/share/h
* vsb\_vxsim\_linux/krnl/h/system
* vsb\_vxsim\_linux/krnl/h/public
* vsb\_vxsim\_linux/krnl/configlette
* vsb\_vxsim\_linux/h
* usrAppInit.c (should be created when with new VxWorks image)
* Include this at the top:
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
#include <wolfssl/ssl.h> /* name change portability layer */
#include <wolfssl/test.h>
extern int benchmark_test(void* args);
extern THREAD\_RETURN WOLFSSL\_THREAD client\_test(void* args);
extern THREAD\_RETURN WOLFSSL\_THREAD server\_test(void* args);
* Inside main function UsrAppInit (void):
func\_args args = { 0 };
tcp\_ready ready;
InitTcpReady(&ready);
args.signal = &ready;
benchmark\_test(NULL);
wolfcrypt\_test(NULL);
/* client\_test(NULL); */
/*server\_test(&args);*/
* usrRtpAppInit.c (should be created when with new VxWorks image)
Leave unchanged
* This project was tested with a pre-built image in the VxWorks distribution
called vsb\_vxsim\_linux.
4. Start the server and complete the following:
Go to "Open Connection Details" under VxWorks Simulator which is in the connections
dropdown. Follow step 4 of section 3.1 to select the correct kernel image for the simulator. In "Open Connection Details" of the simulator, go to "Advanced...". Select simnetd from the Network Config dropdown and enter
192.168.200.1 as the IP address. To connect to the server running on the VxWorks Simulator, enter these commands
into the host machine's terminal from any directory (for Ubuntu 14.04):
###2 VXWORKS SIMULATOR:
######The VxWorks simulator was used for testing the wolfSSL example applications (server, client, benchmark, and test).
######These are the steps to reproduce this testing method.
sudo openvpn --mktun --dev tap0
Note: openvpn may need to be installed first.
In Wind River directory on the host machine:
Go to "Open Connection Details" under VxWorks Simulator which is in the connections
dropdown. Choose the corresponding kernel image, typically called
project/default/VxWorks. Select simnetd from the dropdown and enter
192.168.200.1 as the IP address.
sudo vxworks-7/host/x86-linux2/bin/vxsimnetd
This will start the vxsimnetd application. Leave it running in the background.
5. There is an example client in \<path\_to\_wolfssl\>/wolfssl/examples. Again, wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on how to set up the client. From within \<path\_to\_wolfssl\>/wolfssl, the following command can be used to run the client on the host machine:
./examples/client/client -h 192.168.200.1 -d
The -d option disables peer checks.
6. The following output should be expected in the simulator terminal:
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Client message: hello wolfssl!
To connect to a server running on the VxWorks Simulator, enter these commands
into the host terminal (for Ubuntu 14.04):
sudo openvpn --mktun --dev tap0
In Wind River directory:
sudo vxworks-7/host/x86-linux2/bin/vxsimnetd
This will start the vxsimnetd application. Leave it open. The IP address to
connect to the server is the same as above.

4
configure.ac
View File

@ -70,6 +70,7 @@ m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
AC_CHECK_FUNCS([gethostbyname])
AC_CHECK_FUNCS([getaddrinfo])
AC_CHECK_FUNCS([gettimeofday])
AC_CHECK_FUNCS([gmtime_r])
AC_CHECK_FUNCS([inet_ntoa])
AC_CHECK_FUNCS([memset])
AC_CHECK_FUNCS([socket])
@ -1966,7 +1967,8 @@ then
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
fi
if test "x$ENABLED_PKCALLBACKS" = "xno"
then

4
examples/client/client.c
View File

@ -905,7 +905,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
| WOLFSSL_OCSP_URL_OVERRIDE);
}
else
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
wolfSSL_CTX_EnableOCSP(ctx, 0);
}
#endif
@ -1007,7 +1007,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS)
err_sys("UseCertificateStatusRequest failed");
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
wolfSSL_CTX_EnableOCSP(ctx, 0);
}
#endif

1
examples/client/client.vcxproj
View File

@ -193,6 +193,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

1
examples/echoclient/echoclient.vcxproj
View File

@ -194,6 +194,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

1
examples/echoserver/echoserver.vcxproj
View File

@ -194,6 +194,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

4
examples/server/server.c
View File

@ -314,7 +314,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
fdOpenSession(Task_self());
#endif
#ifndef WOLFSSL_VXWORKS
#ifdef WOLFSSL_VXWORKS
useAnyAddr = 1;
#else
while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:L:ieB:"))
!= -1) {
switch (ch) {

1
examples/server/server.vcxproj
View File

@ -194,6 +194,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

3
src/include.am
View File

@ -95,7 +95,8 @@ src_libwolfssl_la_SOURCES += \
wolfcrypt/src/logging.c \
wolfcrypt/src/wc_encrypt.c \
wolfcrypt/src/wc_port.c \
wolfcrypt/src/error.c
wolfcrypt/src/error.c \
wolfcrypt/src/signature.c
if BUILD_MEMORY
src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c

64
src/ssl.c
View File

@ -2382,7 +2382,7 @@ int wolfSSL_Init(void)
static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
int passwordSz, EncryptedInfo* info)
{
int ret;
int ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK
byte* key = NULL;
@ -2434,7 +2434,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
key, info->iv);
#endif /* NO_DES3 */
#ifndef NO_AES
else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_128_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
@ -2444,8 +2444,6 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_256_KEY_SIZE, info->iv);
#endif /* NO_AES */
else
ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -2465,7 +2463,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
int passwordSz, EncryptedInfo* info)
{
int ret;
int ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK
byte* key = NULL;
@ -2509,7 +2507,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
#endif /* NO_DES3 */
#ifndef NO_AES
else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_128_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
@ -2519,8 +2517,6 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_256_KEY_SIZE, info->iv);
#endif /* NO_AES */
else
ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -2555,6 +2551,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
int sz = (int)longSz;
int encrypted_key = 0;
(void)dynamicType;
(void)heap;
WOLFSSL_ENTER("PemToDer");
switch (type) {
@ -8332,17 +8331,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
/* SSL_SUCCESS on ok */
/* return SSL_SUCCESS on ok, 0 on failure to match API compatibility */
int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type, byte* key,
byte* iv, int enc)
{
#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_IDEA)
int ret = -1; /* failure local, during function 0 means success
because internal functions work that way */
(void)iv;
(void)enc;
#else
int ret = 0;
#endif
WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
if (ctx == NULL) {
@ -8475,7 +8472,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_AES */
#ifndef NO_DES3
else if (ctx->cipherType == DES_CBC_TYPE ||
if (ctx->cipherType == DES_CBC_TYPE ||
(type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
WOLFSSL_MSG(EVP_DES_CBC);
ctx->cipherType = DES_CBC_TYPE;
@ -8515,7 +8512,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
#endif /* NO_DES3 */
#ifndef NO_RC4
else if (ctx->cipherType == ARC4_TYPE || (type &&
if (ctx->cipherType == ARC4_TYPE || (type &&
XSTRNCMP(type, "ARC4", 4) == 0)) {
WOLFSSL_MSG("ARC4");
ctx->cipherType = ARC4_TYPE;
@ -8523,10 +8520,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ctx->keyLen = 16; /* default to 128 */
if (key)
wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
ret = 0; /* success */
}
#endif /* NO_RC4 */
#ifdef HAVE_IDEA
else if (ctx->cipherType == IDEA_CBC_TYPE ||
if (ctx->cipherType == IDEA_CBC_TYPE ||
(type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
WOLFSSL_MSG(EVP_IDEA_CBC);
ctx->cipherType = IDEA_CBC_TYPE;
@ -8534,8 +8532,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key) {
ret = wc_IdeaSetKey(&ctx->cipher.idea, key, ctx->keyLen, iv,
ctx->enc ? IDEA_ENCRYPTION : IDEA_DECRYPTION);
ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen,
iv, ctx->enc ? IDEA_ENCRYPTION :
IDEA_DECRYPTION);
if (ret != 0)
return ret;
}
@ -8544,17 +8543,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
wc_IdeaSetIV(&ctx->cipher.idea, iv);
}
#endif /* HAVE_IDEA */
else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
XSTRNCMP(type, "NULL", 4) == 0)) {
WOLFSSL_MSG("NULL cipher");
ctx->cipherType = NULL_CIPHER_TYPE;
ctx->keyLen = 0;
ret = 0; /* success */
}
if (ret == 0)
return SSL_SUCCESS;
else
return 0; /* failure */
return SSL_SUCCESS;
return 0; /* overall failure */
}
@ -9953,13 +9953,10 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
int wolfSSL_get_shutdown(const WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_get_shutdown");
#ifdef HAVE_STUNNEL
return (ssl->options.sentNotify << 1) | (ssl->options.closeNotify);
#else
return (ssl->options.isClosed ||
ssl->options.connReset ||
ssl->options.sentNotify);
#endif
/* in OpenSSL, SSL_SENT_SHUTDOWN = 1, when closeNotifySent *
* SSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
return ((ssl->options.closeNotify||ssl->options.connReset) << 1)
| (ssl->options.sentNotify);
}
@ -9971,6 +9968,7 @@ int wolfSSL_session_reused(WOLFSSL* ssl)
#ifdef OPENSSL_EXTRA
void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
{
/* No need to free since cache is static */
(void)session;
}
#endif
@ -10413,10 +10411,10 @@ char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len)
}
WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) /* what's ref count */
WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
{
(void)ssl;
return 0;
/* sessions are stored statically, no need for reference count */
return wolfSSL_get_session(ssl);
}

2
src/tls.c
View File

@ -1921,7 +1921,7 @@ static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
size += ENUM_LEN + 2 * OPAQUE16_LEN;
if (csr->request.ocsp.nonceSz)
size += MAX_OCSP_EXT_SZ;
size += OCSP_NONCE_EXT_SZ;
}
}
#endif

1
testsuite/testsuite.vcxproj
View File

@ -193,6 +193,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

1
tirtos/include.am
View File

@ -6,6 +6,7 @@ EXTRA_DIST += \
tirtos/README \
tirtos/wolfssl.bld \
tirtos/wolfssl.mak \
tirtos/products.mak \
tirtos/packages/ti/net/wolfssl/package.bld \
tirtos/packages/ti/net/wolfssl/package.xdc \
tirtos/packages/ti/net/wolfssl/package.xs \

30
tirtos/products.mak Normal file
View File

@ -0,0 +1,30 @@
#
# ======== products.mak ========
#
#
# Read the http://processors.wiki.ti.com/index.php/Using_wolfSSL_with_TI-RTOS
# for instructions to download the software required.
# XDC_INSTALL_DIR is the path to XDCtools directory.
XDC_INSTALL_DIR =
# BIOS_INSTALL_DIR is the path to TI-RTOS Kernel (SYS/BIOS) directory. If you
# have installed TI-RTOS, it is located in the products/bios_* path.
BIOS_INSTALL_DIR =
# NDK_INSTALL_DIR is the path to TI-RTOS NDK directory. If you have
# installed TI-RTOS, it is located in the products/ndk_* path.
NDK_INSTALL_DIR =
# TIVAWARE_INSTALL_DIR is the path to Tivaware driverlib directory. If you have
# installed TI-RTOS, it is located in the products/TivaWare_* path.
TIVAWARE_INSTALL_DIR =
# Define the code generation tools path for TI, IAR and GCC ARM compilers.
# If you have installed Code Composer Studio, the TI and GCC compiler are
# located in the ccsv*/tools/compiler/* path.
#
# Leave assignment empty to disable any toolchain.
ti.targets.arm.elf.M4F =
iar.targets.arm.M4F =
gnu.targets.arm.M4F =

14
tirtos/wolfssl.bld
View File

@ -34,7 +34,7 @@
var armOpts = " -ms ";
var gnuOpts = " -D_POSIX_SOURCE ";
var iarOpts = " --diag_suppress=Pa134 ";
var TivaWareDir = "";
var ndkDir = "";
/* Uncomment the following lines to build libraries for debug mode: */
// Pkg.attrs.profile = "debug";
@ -57,7 +57,7 @@ var ccOpts = {
for (arg = 0; arg < arguments.length; arg++) {
/*
* Get the compiler's installation directory.
* For "ti.targets.arm.elf.M4F=/vendors/arm/6.1.0",
* For "ti.targets.arm.elf.M4F=/vendors/arm/6.1.0",
* we get "/vendors/arm/6.1.0"
*/
var targetName = arguments[arg].split("=")[0];
@ -68,8 +68,8 @@ for (arg = 0; arg < arguments.length; arg++) {
continue;
}
if (targetName.match(/^TIVAWARE/) ) {
TivaWareDir = rootDir;
if (targetName.match(/^NDK/) ) {
ndkDir = rootDir;
continue;
}
@ -81,9 +81,9 @@ for (arg = 0; arg < arguments.length; arg++) {
}
/* Include Path (needed to find NDK headers) */
var ndkPath = "$(NDK_INSTALL_DIR)/packages/ti/ndk/";
var wolfsslPathInclude = " -I" + ndkPath + "/inc/bsd -DWOLFSSL_TIRTOS ";
var wolfsslPathInclude = " -I" + ndkDir + "/packages/ti/ndk/inc/bsd "
+ "-DWOLFSSL_TIRTOS ";
/* lib/ is a generated directory that 'xdc clean' should remove */
var Pkg = xdc.useModule('xdc.bld.PackageContents');
var Pkg = xdc.useModule('xdc.bld.PackageContents');
Pkg.generatedFiles.$add("lib/");

32
tirtos/wolfssl.mak
View File

@ -1,27 +1,17 @@
#
# ======== wolfssl.mak ========
#
include ./products.mak
# USER OPTIONAL STEP: These variables are set when building wolfssl
# through the tirtos.mak
# Set up dependencies
XDC_INSTALL_DIR ?= C:/ti/xdctools_3_24_02_30
SYSBIOS_INSTALL_DIR ?= C:/ti/bios_6_34_01_14
NDK_INSTALL_DIR ?= C:/ti/ndk_2_24_00_02
TIRTOS_INSTALLATION_DIR ?= C:/ti/tirtos_tivac_2_00_00_22
TIVAWARE ?= C:/ti/tivaware
WOLFSSL_INSTALL_DIR ?= C:/wolfssl/wolfssl-2.9.4
# Enable older TI-RTOS 2.14-based variables
ifeq ($(BIOS_INSTALL_DIR),)
BIOS_INSTALL_DIR=$(SYSBIOS_INSTALL_DIR)
endif
ifeq ($(TIVAWARE_INSTALL_DIR),)
TIVAWARE_INSTALL_DIR=$(TIVAWARE)
endif
#
# Set location of various cgtools
# These variables can be set here or on the command line. These
# variables are set when building wolfssl through tirtos.mak
# USER OPTIONAL STEP: user can define below paths to compilers
ti.targets.arm.elf.M4F ?=
gnu.targets.arm.M4F ?=
iar.targets.arm.M4F ?=
WOLFSSL_INSTALL_DIR=$(CURDIR)/../
#
# Set XDCARGS to some of the variables above. XDCARGS are passed
@ -40,12 +30,12 @@ XDCARGS= \
ti.targets.arm.elf.M4F=\"$(ti.targets.arm.elf.M4F)\" \
gnu.targets.arm.M4F=\"$(gnu.targets.arm.M4F)\" \
iar.targets.arm.M4F=\"$(iar.targets.arm.M4F)\" \
TIVAWARE=\"$(TIVAWARE)\"
NDK=\"$(NDK_INSTALL_DIR)\"
#
# Set XDCPATH to contain necessary repositories.
#
XDCPATH = $(SYSBIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIRTOS_INSTALLATION_DIR)/packages;$(TIVAWARE);
XDCPATH = $(BIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIVAWARE_INSTALL_DIR)
export XDCPATH
#

47
wolfcrypt/src/aes.c
View File

@ -2651,19 +2651,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
#endif
enum {
CTR_SZ = 4
NONCE_SZ = 12,
CTR_SZ = 4
};
static INLINE void InitGcmCounter(byte* inOutCtr)
{
inOutCtr[AES_BLOCK_SIZE - 4] = 0;
inOutCtr[AES_BLOCK_SIZE - 3] = 0;
inOutCtr[AES_BLOCK_SIZE - 2] = 0;
inOutCtr[AES_BLOCK_SIZE - 1] = 1;
}
static INLINE void IncrementGcmCounter(byte* inOutCtr)
{
int i;
@ -2752,6 +2744,12 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
XMEMSET(iv, 0, AES_BLOCK_SIZE);
ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
#ifdef WOLFSSL_AESNI
/* AES-NI code generates its own H value. */
if (haveAESNI)
return ret;
#endif /* WOLFSSL_AESNI */
if (ret == 0) {
wc_AesEncrypt(aes, iv, aes->H);
#ifdef GCM_TABLE
@ -3696,6 +3694,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* p = in;
byte* c = out;
byte counter[AES_BLOCK_SIZE];
byte initialCounter[AES_BLOCK_SIZE];
byte *ctr ;
byte scratch[AES_BLOCK_SIZE];
@ -3715,9 +3714,15 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
ctr = counter ;
#endif
XMEMSET(ctr, 0, AES_BLOCK_SIZE);
XMEMCPY(ctr, iv, ivSz);
InitGcmCounter(ctr);
XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
if (ivSz == NONCE_SZ) {
XMEMCPY(initialCounter, iv, ivSz);
initialCounter[AES_BLOCK_SIZE - 1] = 1;
}
else {
GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
}
XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
#ifdef WOLFSSL_PIC32MZ_CRYPT
if(blocks)
@ -3744,8 +3749,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
}
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
InitGcmCounter(ctr);
wc_AesEncrypt(aes, ctr, scratch);
wc_AesEncrypt(aes, initialCounter, scratch);
xorbuf(authTag, scratch, authTagSz);
return 0;
@ -3762,6 +3766,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* c = in;
byte* p = out;
byte counter[AES_BLOCK_SIZE];
byte initialCounter[AES_BLOCK_SIZE];
byte *ctr ;
byte scratch[AES_BLOCK_SIZE];
@ -3782,9 +3787,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
ctr = counter ;
#endif
XMEMSET(ctr, 0, AES_BLOCK_SIZE);
XMEMCPY(ctr, iv, ivSz);
InitGcmCounter(ctr);
XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
if (ivSz == NONCE_SZ) {
XMEMCPY(initialCounter, iv, ivSz);
initialCounter[AES_BLOCK_SIZE - 1] = 1;
}
else {
GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
}
XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
/* Calculate the authTag again using the received auth data and the
* cipher text. */

123
wolfcrypt/src/aes_asm.asm
View File

@ -981,69 +981,86 @@ MAKE_RK256_b:
gfmul PROC
; xmm0 holds operand a (128 bits)
; xmm1 holds operand b (128 bits)
; rdi holds the pointer to output (128 bits)
movdqa %xmm0, %xmm3
pclmulqdq $0, %xmm1, %xmm3 ; xmm3 holds a0*b0
movdqa %xmm0, %xmm4
pclmulqdq $16, %xmm1, %xmm4 ; xmm4 holds a0*b1
movdqa %xmm0, %xmm5
pclmulqdq $1, %xmm1, %xmm5 ; xmm5 holds a1*b0
movdqa %xmm0, %xmm6
pclmulqdq $17, %xmm1, %xmm6 ; xmm6 holds a1*b1
pxor %xmm5, %xmm4 ; xmm4 holds a0*b1 + a1*b0
movdqa %xmm4, %xmm5
psrldq $8, %xmm4
pslldq $8, %xmm5
pxor %xmm5, %xmm3
pxor %xmm4, %xmm6 ; <xmm6:xmm3> holds the result of
; r8 holds the pointer to output (128 bits)
; convert to what we had for att&t convention
movdqa xmm0, [rcx]
movdqa xmm1, [rdx]
; on microsoft xmm6-xmm15 are non volaitle, let's save on stack and restore at end
sub rsp,8+4*16 ; 8 = align stack , 4 xmm6-9 16 bytes each
movdqa [rsp+0], xmm6
movdqa [rsp+16], xmm7
movdqa [rsp+32], xmm8
movdqa [rsp+48], xmm9
movdqa xmm3, xmm0
pclmulqdq xmm3, xmm1, 0 ; xmm3 holds a0*b0
movdqa xmm4, xmm0
pclmulqdq xmm4, xmm1, 16 ; xmm4 holds a0*b1
movdqa xmm5, xmm0
pclmulqdq xmm5, xmm1, 1 ; xmm5 holds a1*b0
movdqa xmm6, xmm0
pclmulqdq xmm6, xmm1, 17 ; xmm6 holds a1*b1
pxor xmm4, xmm5 ; xmm4 holds a0*b1 + a1*b0
movdqa xmm5, xmm4
psrldq xmm4, 8
pslldq xmm5, 8
pxor xmm3, xmm5
pxor xmm6, xmm4 ; <xmm6:xmm3> holds the result of
; the carry-less multiplication of
; xmm0 by xmm1
; shift the result by one bit position to the left cope for the fact
; that bits are reversed
movdqa %xmm3, %xmm7
movdqa %xmm6, %xmm8
pslld $1, %xmm3
pslld $1, %xmm6
psrld $31, %xmm7
psrld $31, %xmm8
movdqa %xmm7, %xmm9
pslldq $4, %xmm8
pslldq $4, %xmm7
psrldq $12, %xmm9
por %xmm7, %xmm3
por %xmm8, %xmm6
por %xmm9, %xmm6
movdqa xmm7, xmm3
movdqa xmm8, xmm6
pslld xmm3, 1
pslld xmm6, 1
psrld xmm7, 31
psrld xmm8, 31
movdqa xmm9, xmm7
pslldq xmm8, 4
pslldq xmm7, 4
psrldq xmm9, 12
por xmm3, xmm7
por xmm6, xmm8
por xmm6, xmm9
; first phase of the reduction
movdqa %xmm3, %xmm7
movdqa %xmm3, %xmm8
movdqa %xmm3, %xmm9
pslld $31, %xmm7 ; packed right shifting << 31
pslld $30, %xmm8 ; packed right shifting shift << 30
pslld $25, %xmm9 ; packed right shifting shift << 25
pxor %xmm8, %xmm7 ; xor the shifted versions
pxor %xmm9, %xmm7
movdqa xmm7, xmm3
movdqa xmm8, xmm3
movdqa xmm9, xmm3
pslld xmm7, 31 ; packed right shifting << 31
pslld xmm8, 30 ; packed right shifting shift << 30
pslld xmm9, 25 ; packed right shifting shift << 25
pxor xmm7, xmm8 ; xor the shifted versions
pxor xmm7, xmm9
movdqa %xmm7, %xmm8
pslldq $12, %xmm7
psrldq $4, %xmm8
pxor %xmm7, %xmm3 ; first phase of the reduction complete
movdqa %xmm3,%xmm2 ; second phase of the reduction
movdqa %xmm3,%xmm4
movdqa %xmm3,%xmm5
psrld $1, %xmm2 ; packed left shifting >> 1
psrld $2, %xmm4 ; packed left shifting >> 2
psrld $7, %xmm5 ; packed left shifting >> 7
movdqa xmm8, xmm7
pslldq xmm7, 12
psrldq xmm8, 4
pxor xmm3, xmm7 ; first phase of the reduction complete
movdqa xmm2, xmm3 ; second phase of the reduction
movdqa xmm4, xmm3
movdqa xmm5, xmm3
psrld xmm2, 1 ; packed left shifting >> 1
psrld xmm4, 2 ; packed left shifting >> 2
psrld xmm5, 7 ; packed left shifting >> 7
pxor %xmm4, %xmm2 ; xor the shifted versions
pxor %xmm5, %xmm2
pxor %xmm8, %xmm2
pxor %xmm2, %xmm3
pxor %xmm3, %xmm6 ; the result is in xmm6
movdqu %xmm6, (%rdi) ; store the result
pxor xmm2, xmm4 ; xor the shifted versions
pxor xmm2, xmm5
pxor xmm2, xmm8
pxor xmm3, xmm2
pxor xmm6, xmm3 ; the result is in xmm6
movdqu [r8],xmm6 ; store the result
; restore xmm6 and xmm7
; restore non volatile xmms from stack
movdqa xmm6, [rsp+0]
movdqa xmm7, [rsp+16]
movdqa xmm8, [rsp+32]
movdqa xmm9, [rsp+48]
add rsp,8+4*16 ; 8 = align stack , 4 xmm6-9 16 bytes each
ret
gfmul ENDP

49
wolfcrypt/src/asn.c
View File

@ -200,7 +200,12 @@
/* uses complete <time.h> facility */
#include <time.h>
#define XTIME(tl) time((tl))
#define XGMTIME(c, t) gmtime((c))
#ifdef HAVE_GMTIME_R
#define XGMTIME(c, t) gmtime_r((c), (t))
#define NEED_TMP_TIME
#else
#define XGMTIME(c, t) gmtime((c))
#endif
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#endif
@ -2554,8 +2559,11 @@ int ValidateDate(const byte* date, byte format, int dateType)
struct tm* localTime;
struct tm* tmpTime = NULL;
int i = 0;
int timeDiff = 0 ;
int diffHH = 0 ; int diffMM = 0 ;
int diffSign = 0 ;
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES)
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) || defined(NEED_TMP_TIME)
struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage;
#else
@ -2584,11 +2592,18 @@ int ValidateDate(const byte* date, byte format, int dateType)
GetTime((int*)&certTime.tm_min, date, &i);
GetTime((int*)&certTime.tm_sec, date, &i);
if (date[i] != 'Z') { /* only Zulu supported for this profile */
WOLFSSL_MSG("Only Zulu time supported for this profile");
if ((date[i] == '+') || (date[i] == '-')) {
WOLFSSL_MSG("Using time differential, not Zulu") ;
diffSign = date[i++] == '+' ? 1 : -1 ;
GetTime(&diffHH, date, &i);
GetTime(&diffMM, date, &i);
timeDiff = diffSign * (diffHH*60 + diffMM) * 60 ;
} else if (date[i] != 'Z') {
WOLFSSL_MSG("UTCtime, niether Zulu or time differential") ;
return 0;
}
ltime -= (time_t)timeDiff ;
localTime = XGMTIME(&ltime, tmpTime);
if (localTime == NULL) {
@ -5744,7 +5759,7 @@ static int SetValidity(byte* output, int daysValid)
struct tm* tmpTime = NULL;
struct tm local;
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES)
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) || defined(NEED_TMP_TIME)
/* for use with gmtime_r */
struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage;
@ -8569,6 +8584,17 @@ static int DecodeOcspRespExtensions(byte* source,
}
if (oid == OCSP_NONCE_OID) {
/* get data inside extra OCTET_STRING */
if (source[idx++] != ASN_OCTET_STRING) {
WOLFSSL_MSG("\tfail: should be an OCTET STRING");
return ASN_PARSE_E;
}
if (GetLength(source, &idx, &length, sz) < 0) {
WOLFSSL_MSG("\tfail: extension data length");
return ASN_PARSE_E;
}
resp->nonce = source + idx;
resp->nonceSz = length;
}
@ -8673,7 +8699,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
int length;
word32 idx = *ioIndex;
word32 end_index;
int ret;
int ret = -1;
WOLFSSL_ENTER("DecodeBasicOcspResponse");
@ -8732,13 +8758,9 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
else {
Signer* ca = GetCA(cm, resp->issuerHash);
if (ca)
ret = ConfirmSignature(resp->response, resp->responseSz,
ca->publicKey, ca->pubKeySize, ca->keyOID,
resp->sig, resp->sigSz, resp->sigOID, NULL);
if (!ca || ret == 0)
{
if (!ca || !ConfirmSignature(resp->response, resp->responseSz,
ca->publicKey, ca->pubKeySize, ca->keyOID,
resp->sig, resp->sigSz, resp->sigOID, NULL)) {
WOLFSSL_MSG("\tOCSP Confirm signature failed");
return ASN_OCSP_CONFIRM_E;
}
@ -9378,4 +9400,3 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
#endif /* WOLFSSL_SEP */

2
wolfcrypt/src/ecc.c
View File

@ -3254,7 +3254,7 @@ int wc_ecc_sig_size(ecc_key* key)
if (sz <= 0)
return sz;
return sz * 2 + SIG_HEADER_SZ + 4; /* (4) worst case estimate */
return (sz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ;
}

3
wolfcrypt/src/error.c
View File

@ -361,6 +361,9 @@ const char* wc_GetErrorString(int error)
case WC_INIT_E:
return "wolfCrypt Initialize Failure error";
case SIG_VERIFY_E:
return "Signature verify error";
default:
return "unknown error number";

128
wolfcrypt/src/hash.c
View File

@ -27,10 +27,130 @@
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#if !defined(WOLFSSL_TI_HASH)
#include <wolfssl/wolfcrypt/hash.h>
#ifdef WOLFSSL_MD2
#include <wolfssl/wolfcrypt/md2.h>
#endif
#ifndef NO_MD4
#include <wolfssl/wolfcrypt/md4.h>
#endif
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
#endif
/* Get Hash digest size */
int wc_HashGetDigestSize(enum wc_HashType hash_type)
{
int dig_size = BAD_FUNC_ARG;
switch(hash_type)
{
#ifdef WOLFSSL_MD2
case WC_HASH_TYPE_MD2:
dig_size = MD2_DIGEST_SIZE;
break;
#endif
#ifndef NO_MD4
case WC_HASH_TYPE_MD4:
dig_size = MD4_DIGEST_SIZE;
break;
#endif
#ifndef NO_MD5
case WC_HASH_TYPE_MD5:
dig_size = MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case WC_HASH_TYPE_SHA:
dig_size = SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case WC_HASH_TYPE_SHA256:
dig_size = SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case WC_HASH_TYPE_SHA384:
dig_size = SHA384_DIGEST_SIZE;
break;
#endif /* WOLFSSL_SHA384 */
case WC_HASH_TYPE_SHA512:
dig_size = SHA512_DIGEST_SIZE;
break;
#endif /* WOLFSSL_SHA512 */
case WC_HASH_TYPE_NONE:
default:
break;
}
return dig_size;
}
/* Generic Hashing Wrapper */
int wc_Hash(enum wc_HashType hash_type, const byte* data,
word32 data_len, byte* hash, word32 hash_len)
{
int ret = BAD_FUNC_ARG;
word32 dig_size;
/* Validate hash buffer size */
dig_size = wc_HashGetDigestSize(hash_type);
if (hash_len < dig_size) {
return BUFFER_E;
}
switch(hash_type)
{
#ifdef WOLFSSL_MD2
case WC_HASH_TYPE_MD2:
ret = wc_Md2Hash(data, data_len, hash);
break;
#endif
#ifndef NO_MD4
case WC_HASH_TYPE_MD4:
ret = wc_Md4Hash(data, data_len, hash);
break;
#endif
#ifndef NO_MD5
case WC_HASH_TYPE_MD5:
ret = wc_Md5Hash(data, data_len, hash);
break;
#endif
#ifndef NO_SHA
case WC_HASH_TYPE_SHA:
ret = wc_ShaHash(data, data_len, hash);
break;
#endif
#ifndef NO_SHA256
case WC_HASH_TYPE_SHA256:
ret = wc_Sha256Hash(data, data_len, hash);
break;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case WC_HASH_TYPE_SHA384:
ret = wc_Sha384Hash(data, data_len, hash);
break;
#endif /* WOLFSSL_SHA384 */
case WC_HASH_TYPE_SHA512:
ret = wc_Sha512Hash(data, data_len, hash);
break;
#endif /* WOLFSSL_SHA512 */
case WC_HASH_TYPE_NONE:
default:
WOLFSSL_MSG("wc_Hash: Bad hash type");
break;
}
return ret;
}
#if !defined(WOLFSSL_TI_HASH)
#if !defined(NO_MD5)
void wc_Md5GetHash(Md5* md5, byte* hash)
{
@ -55,7 +175,7 @@ int wc_ShaGetHash(Sha* sha, byte* hash)
return ret ;
}
WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
void wc_ShaRestorePos(Sha* s1, Sha* s2) {
*s1 = *s2 ;
}
@ -102,7 +222,7 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash)
return ret ;
}
WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
*s1 = *s2 ;
}

10
wolfcrypt/src/idea.c
View File

@ -48,7 +48,7 @@ static INLINE word16 idea_mult(word16 x, word16 y)
mul = (long)x * (long)y;
if (mul) {
res = (mul & IDEA_MASK) - (mul >> 16);
res = (mul & IDEA_MASK) - ((word32)mul >> 16);
if (res <= 0)
res += IDEA_MODULO;
@ -211,17 +211,17 @@ void wc_IdeaCipher(Idea *idea, byte* out, const byte* in)
x[3] = idea_mult(x[3], idea->skey[skey_idx++]);
t2 = x[0] ^ x[2];
t2 = idea_mult(t2, idea->skey[skey_idx++]);
t2 = idea_mult((word16)t2, idea->skey[skey_idx++]);
t1 = (t2 + (x[1] ^ x[3])) & IDEA_MASK;
t1 = idea_mult(t1, idea->skey[skey_idx++]);
t1 = idea_mult((word16)t1, idea->skey[skey_idx++]);
t2 = (t1 + t2) & IDEA_MASK;
x[0] ^= t1;
x[3] ^= t2;
t2 ^= x[1];
x[1] = x[2] ^ t1;
x[2] = t2;
x[1] = x[2] ^ (word16)t1;
x[2] = (word16)t2;
}
x[0] = idea_mult(x[0], idea->skey[skey_idx++]);

3
wolfcrypt/src/integer.c
View File

@ -3828,7 +3828,8 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || \
defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN)
defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN) || \
defined(OPENSSL_EXTRA)
/* single digit addition */
int mp_add_d (mp_int* a, mp_digit b, mp_int* c)

2
wolfcrypt/src/logging.c
View File

@ -119,6 +119,8 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
fflush(stdout) ;
printf("%s\n", logMessage);
fflush(stdout) ;
#elif defined(WOLFSSL_LOG_PRINTF)
printf("%s\n", logMessage);
#else
fprintf(stderr, "%s\n", logMessage);
#endif

71
wolfcrypt/src/port/pic32/pic32mz-hash.c
View File

@ -72,7 +72,7 @@ static void reset_engine(pic32mz_desc *desc, int algo)
uc_desc->bd[i].NXTPTR = KVA_TO_PA(&uc_desc->bd[0]);
XMEMSET((void *)&dataBuffer[i], 0, PIC32_BLOCK_SIZE);
}
uc_desc->bd[0].BD_CTRL.SA_FETCH_EN = 1; // Fetch the security association on the first BD
uc_desc->bd[0].BD_CTRL.SA_FETCH_EN = 1; /* Fetch the security association on the first BD */
desc->dbPtr = 0;
desc->currBd = 0;
desc->msgSize = 0;
@ -86,49 +86,45 @@ static void reset_engine(pic32mz_desc *desc, int algo)
#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x80000)
static void update_data_size(pic32mz_desc *desc, word32 msgSize)
{
desc->msgSize = msgSize;
}
static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
static void update_engine(pic32mz_desc *desc, const byte *input, word32 len,
word32 *hash)
{
int total ;
pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
// Add the data to the current buffer. If the buffer fills, start processing it
// and fill the next one.
/* Add the data to the current buffer. If the buffer fills, start processing it
and fill the next one. */
while (len)
{
// If the engine is processing the current BD, spin.
// if (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN)
// continue;
/* If the engine is processing the current BD, spin.
if (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN)
continue; */
if (desc->msgSize)
{
// If we've been given the message size, we can process along the
// way.
// Enable the current buffer descriptor if it is full.
/* If we've been given the message size, we can process along the
way.
Enable the current buffer descriptor if it is full. */
if (desc->dbPtr >= PIC32_BLOCK_SIZE)
{
// Wrap up the buffer descriptor and enable it so the engine can process
/* Wrap up the buffer descriptor and enable it so the engine can process */
uc_desc->bd[desc->currBd].MSGLEN = desc->msgSize;
uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = desc->dbPtr;
uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0;
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0;
//SYS_DEVCON_DataCacheClean((word32)desc, sizeof(pic32mz_desc));
/* SYS_DEVCON_DataCacheClean((word32)desc, sizeof(pic32mz_desc)); */
uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN = 1;
// Move to the next buffer descriptor, or wrap around.
/* Move to the next buffer descriptor, or wrap around. */
desc->currBd++;
if (desc->currBd >= PIC32MZ_MAX_BD)
desc->currBd = 0;
// Wait until the engine has processed the new BD.
/* Wait until the engine has processed the new BD. */
while (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN);
uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
desc->dbPtr = 0;
}
if (!PIC32MZ_IF_RAM(input)) // If we're inputting from flash, let the BD have the address and max the buffer size
if (!PIC32MZ_IF_RAM(input)) /* If we're inputting from flash, let the BD have
the address and max the buffer size */
{
uc_desc->bd[desc->currBd].SRCADDR = KVA_TO_PA(input);
total = (len > PIC32MZ_MAX_BLOCK ? PIC32MZ_MAX_BLOCK : len);
@ -140,7 +136,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
{
if (len > PIC32_BLOCK_SIZE - desc->dbPtr)
{
// We have more data than can be put in the buffer. Fill what we can.
/* We have more data than can be put in the buffer. Fill what we can.*/
total = PIC32_BLOCK_SIZE - desc->dbPtr;
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total);
len -= total;
@ -149,7 +145,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
}
else
{
// Fill up what we have, but don't turn on the engine.
/* Fill up what we have, but don't turn on the engine.*/
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len);
desc->dbPtr += len;
len = 0;
@ -158,13 +154,13 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
}
else
{
// We have to buffer everything and keep track of how much has been
// added in order to get a total size. If the buffer fills, we move
// to the next one. If we try to add more when the last buffer is
// full, we error out.
/* We have to buffer everything and keep track of how much has been
added in order to get a total size. If the buffer fills, we move
to the next one. If we try to add more when the last buffer is
full, we error out. */
if (desc->dbPtr == PIC32_BLOCK_SIZE)
{
// We filled the last BD buffer, so move on to the next one
/* We filled the last BD buffer, so move on to the next one */
uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0;
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0;
uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = PIC32_BLOCK_SIZE;
@ -178,7 +174,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
}
if (len > PIC32_BLOCK_SIZE - desc->dbPtr)
{
// We have more data than can be put in the buffer. Fill what we can.
/* We have more data than can be put in the buffer. Fill what we can. */
total = PIC32_BLOCK_SIZE - desc->dbPtr;
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total);
len -= total;
@ -188,7 +184,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
}
else
{
// Fill up what we have
/* Fill up what we have */
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len);
desc->dbPtr += len;
desc->processed += len;
@ -199,7 +195,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
}
static void start_engine(pic32mz_desc *desc) {
// Wrap up the last buffer descriptor and enable it
/* Wrap up the last buffer descriptor and enable it */
int i ;
int bufferLen ;
pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
@ -212,8 +208,8 @@ static void start_engine(pic32mz_desc *desc) {
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 1;
if (desc->msgSize == 0)
{
// We were not given the size, so now we have to go through every BD
// and give it what will be processed, and enable them.
/* We were not given the size, so now we have to go through every BD
and give it what will be processed, and enable them. */
for (i = desc->currBd; i >= 0; i--)
{
uc_desc->bd[i].MSGLEN = desc->processed;
@ -251,17 +247,6 @@ void wait_engine(pic32mz_desc *desc, char *hash, int hash_sz) {
}
}
static int fillBuff(char *buff, int *bufflen, const char *data, int len, int blocksz)
{
int room, copysz ;
room = blocksz - *bufflen ;
copysz = (len <= room) ? len : room ;
XMEMCPY(buff, data, copysz) ;
*bufflen += copysz ;
return (*bufflen == blocksz) ? 1 : 0 ;
}
#endif
#ifndef NO_MD5

49
wolfcrypt/src/random.c
View File

@ -32,6 +32,12 @@
#include <wolfssl/wolfcrypt/random.h>
#if defined(CUSTOM_RAND_GENERATE) && !defined(CUSTOM_RAND_TYPE)
/* To maintain compatiblity the default return vaule from CUSTOM_RAND_GENERATE is byte */
#define CUSTOM_RAND_TYPE byte
#endif
#ifdef HAVE_FIPS
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
{
@ -973,8 +979,22 @@ static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz)
#endif /* HAVE_INTEL_RDGEN */
#if defined(USE_WINDOWS_API)
/* wc_GenerateSeed Implementations */
#if defined(CUSTOM_RAND_GENERATE_SEED)
/* Implement your own random generation function
* Return 0 to indicate success
* int rand_gen_seed(byte* output, word32 sz);
* #define CUSTOM_RAND_GENERATE_SEED rand_gen_seed */
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
(void)os;
return CUSTOM_RAND_GENERATE_SEED(output, sz);
}
#elif defined(USE_WINDOWS_API)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
@ -1088,7 +1108,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS)
#ifdef FREESCALE_K70_RNGA
#if defined(FREESCALE_K70_RNGA) || defined(FREESCALE_RNGA)
/*
* wc_Generates a RNG seed using the Random Number Generator Accelerator
* on the Kinetis K70. Documentation located in Chapter 37 of
@ -1122,7 +1142,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(FREESCALE_K53_RNGB)
#elif defined(FREESCALE_K53_RNGB) || defined(FREESCALE_RNGB)
/*
* wc_Generates a RNG seed using the Random Number Generator (RNGB)
* on the Kinetis K53. Documentation located in Chapter 33 of
@ -1165,7 +1185,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
TRNG_DRV_GetRandomData(TRNG_INSTANCE, output, sz);
return(0);
return 0;
}
#else
@ -1273,12 +1293,25 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
word32 i;
word32 i = 0;
(void)os;
for (i = 0; i < sz; i++ )
output[i] = CUSTOM_RAND_GENERATE();
while (i < sz)
{
/* If not aligned or there is odd/remainder */
if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz ||
((wolfssl_word)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0
) {
/* Single byte at a time */
output[i++] = (byte)CUSTOM_RAND_GENERATE();
}
else {
/* Use native 8, 16, 32 or 64 copy instruction */
*((CUSTOM_RAND_TYPE*)&output[i]) = CUSTOM_RAND_GENERATE();
i += sizeof(CUSTOM_RAND_TYPE);
}
}
return 0;
}

234
wolfcrypt/src/signature.c Normal file
View File

@ -0,0 +1,234 @@
/* signature.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/signature.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifndef NO_SIG_WRAPPER
int wc_SignatureGetSize(enum wc_SignatureType sig_type,
const void* key, word32 key_len)
{
int sig_len = BAD_FUNC_ARG;
switch(sig_type) {
#ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC:
{
if (key_len >= sizeof(ecc_key)) {
sig_len = wc_ecc_sig_size((ecc_key*)key);
}
else {
WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size");
}
break;
}
#endif
#ifndef NO_RSA
case WC_SIGNATURE_TYPE_RSA:
if (key_len >= sizeof(RsaKey)) {
sig_len = wc_RsaEncryptSize((RsaKey*)key);
}
else {
WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size");
}
break;
#endif
case WC_SIGNATURE_TYPE_NONE:
default:
break;
}
return sig_len;
}
int wc_SignatureVerify(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
const byte* sig, word32 sig_len,
const void* key, word32 key_len)
{
int ret, hash_len;
byte *hash_data = NULL;
/* Check arguments */
if (data == NULL || data_len <= 0 || sig == NULL || sig_len <= 0 ||
key == NULL || key_len <= 0) {
return BAD_FUNC_ARG;
}
/* Validate signature len (1 to max is okay) */
if ((int)sig_len > wc_SignatureGetSize(sig_type, key, key_len)) {
WOLFSSL_MSG("wc_SignatureVerify: Invalid sig type/len");
return BAD_FUNC_ARG;
}
/* Validate hash size */
hash_len = wc_HashGetDigestSize(hash_type);
if (hash_len <= 0) {
WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len");
return BAD_FUNC_ARG;
}
/* Allocate temporary buffer for hash data */
hash_data = XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (hash_data == NULL) {
return MEMORY_E;
}
/* Perform hash of data */
ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len);
if(ret == 0) {
/* Verify signature using hash as data */
switch(sig_type) {
#ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC:
{
int is_valid_sig = 0;
/* Perform verification of signature using provided ECC key */
ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len, &is_valid_sig, (ecc_key*)key);
if (ret != 0 || is_valid_sig != 1) {
ret = SIG_VERIFY_E;
}
break;
}
#endif
#ifndef NO_RSA
case WC_SIGNATURE_TYPE_RSA:
{
byte *plain_data = XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (plain_data) {
/* Perform verification of signature using provided RSA key */
ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, hash_len, (RsaKey*)key);
if (ret != hash_len || XMEMCMP(plain_data, hash_data, hash_len) != 0) {
ret = SIG_VERIFY_E;
}
XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
else {
ret = MEMORY_E;
}
break;
}
#endif
case WC_SIGNATURE_TYPE_NONE:
default:
ret = BAD_FUNC_ARG;
break;
}
}
if (hash_data) {
XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
int wc_SignatureGenerate(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len, RNG* rng)
{
int ret, hash_len;
byte *hash_data = NULL;
/* Check arguments */
if (data == NULL || data_len <= 0 || sig == NULL || sig_len == NULL ||
*sig_len <= 0 || key == NULL || key_len <= 0) {
return BAD_FUNC_ARG;
}
/* Validate signature len (needs to be at least max) */
if ((int)*sig_len < wc_SignatureGetSize(sig_type, key, key_len)) {
WOLFSSL_MSG("wc_SignatureGenerate: Invalid sig type/len");
return BAD_FUNC_ARG;
}
/* Validate hash size */
hash_len = wc_HashGetDigestSize(hash_type);
if (hash_len <= 0) {
WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len");
return BAD_FUNC_ARG;
}
/* Allocate temporary buffer for hash data */
hash_data = XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (hash_data == NULL) {
return MEMORY_E;
}
/* Perform hash of data */
ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len);
if (ret == 0) {
/* Create signature using hash as data */
switch(sig_type) {
#ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC:
{
/* Create signature using provided ECC key */
ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key);
break;
}
#endif
#ifndef NO_RSA
case WC_SIGNATURE_TYPE_RSA:
/* Create signature using provided RSA key */
ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, (RsaKey*)key, rng);
if (ret > 0) {
*sig_len = ret;
}
break;
#endif
case WC_SIGNATURE_TYPE_NONE:
default:
ret = BAD_FUNC_ARG;
break;
}
}
if (hash_data) {
XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
#endif /* NO_SIG_WRAPPER */

2
wolfcrypt/src/tfm.c
View File

@ -2716,7 +2716,7 @@ void fp_gcd(fp_int *a, fp_int *b, fp_int *c)
#endif /* WOLFSSL_KEY_GEN */
#if defined(HAVE_ECC) || !defined(NO_PWDBASED)
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(OPENSSL_EXTRA)
/* c = a + b */
void fp_add_d(fp_int *a, fp_digit b, fp_int *c)
{

175
wolfcrypt/test/test.c
View File

@ -2729,20 +2729,6 @@ int aesgcm_test(void)
* Counter Mode of Operation (GCM) by McGrew and
* Viega.
*/
const byte k[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
const byte iv[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
@ -2762,7 +2748,21 @@ int aesgcm_test(void)
0xab, 0xad, 0xda, 0xd2
};
const byte c[] =
const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
const byte c1[] =
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
@ -2774,38 +2774,99 @@ int aesgcm_test(void)
0xbc, 0xc9, 0xf6, 0x62
};
const byte t[] =
const byte t1[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
byte t2[sizeof(t)];
byte p2[sizeof(c)];
byte c2[sizeof(p)];
#ifndef HAVE_FIPS
/* Test Case 12, uses same plaintext and AAD data. */
const byte k2[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
};
int result;
const byte iv2[] =
{
0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b
};
memset(t2, 0, sizeof(t2));
memset(c2, 0, sizeof(c2));
memset(p2, 0, sizeof(p2));
const byte c2[] =
{
0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
0xe9, 0xb7, 0x37, 0x3b
};
wc_AesGcmSetKey(&enc, k, sizeof(k));
const byte t2[] =
{
0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
};
#endif /* HAVE_FIPS */
byte resultT[sizeof(t1)];
byte resultP[sizeof(p)];
byte resultC[sizeof(p)];
int result;
memset(resultT, 0, sizeof(resultT));
memset(resultC, 0, sizeof(resultC));
memset(resultP, 0, sizeof(resultP));
wc_AesGcmSetKey(&enc, k1, sizeof(k1));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
wc_AesGcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
t2, sizeof(t2), a, sizeof(a));
if (memcmp(c, c2, sizeof(c2)))
wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
resultT, sizeof(resultT), a, sizeof(a));
if (memcmp(c1, resultC, sizeof(resultC)))
return -68;
if (memcmp(t, t2, sizeof(t2)))
if (memcmp(t1, resultT, sizeof(resultT)))
return -69;
result = wc_AesGcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
t2, sizeof(t2), a, sizeof(a));
result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC),
iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
if (result != 0)
return -70;
if (memcmp(p, p2, sizeof(p2)))
if (memcmp(p, resultP, sizeof(resultP)))
return -71;
#ifndef HAVE_FIPS
memset(resultT, 0, sizeof(resultT));
memset(resultC, 0, sizeof(resultC));
memset(resultP, 0, sizeof(resultP));
wc_AesGcmSetKey(&enc, k2, sizeof(k2));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
resultT, sizeof(resultT), a, sizeof(a));
if (memcmp(c2, resultC, sizeof(resultC)))
return -230;
if (memcmp(t2, resultT, sizeof(resultT)))
return -231;
result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC),
iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a));
if (result != 0)
return -232;
if (memcmp(p, resultP, sizeof(resultP)))
return -233;
#endif /* HAVE_FIPS */
return 0;
}
@ -5337,6 +5398,23 @@ int dsa_test(void)
#ifdef WOLFCRYPT_HAVE_SRP
static int generate_random_salt(byte *buf, word32 size)
{
int ret = -1;
WC_RNG rng;
if(NULL == buf || !size)
return -1;
if (buf && size && wc_InitRng(&rng) == 0) {
ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
wc_FreeRng(&rng);
}
return ret;
}
int srp_test(void)
{
Srp cli, srv;
@ -5371,26 +5449,29 @@ int srp_test(void)
0x02
};
byte salt[] = {
0xB2, 0xE5, 0x8E, 0xCC, 0xD0, 0xCF, 0x9D, 0x10, 0x3A, 0x56
};
byte salt[10];
byte verifier[] = {
0x7C, 0xAB, 0x17, 0xFE, 0x54, 0x3E, 0x8C, 0x13, 0xF2, 0x3D, 0x21, 0xE7,
0xD2, 0xAF, 0xAF, 0xDB, 0xA1, 0x52, 0x69, 0x9D, 0x49, 0x01, 0x79, 0x91,
0xCF, 0xD1, 0x3F, 0xE5, 0x28, 0x72, 0xCA, 0xBE, 0x13, 0xD1, 0xC2, 0xDA,
0x65, 0x34, 0x55, 0x8F, 0x34, 0x0E, 0x05, 0xB8, 0xB4, 0x0F, 0x7F, 0x6B,
0xBB, 0xB0, 0x6B, 0x50, 0xD8, 0xB1, 0xCC, 0xB7, 0x81, 0xFE, 0xD4, 0x42,
0xF5, 0x11, 0xBC, 0x8A, 0x28, 0xEB, 0x50, 0xB3, 0x46, 0x08, 0xBA, 0x24,
0xA2, 0xFB, 0x7F, 0x2E, 0x0A, 0xA5, 0x33, 0xCC
};
byte verifier[80];
word32 v_size = sizeof(verifier);
/* generating random salt */
r = generate_random_salt(salt, sizeof(salt));
/* client knows username and password. */
/* server knows N, g, salt and verifier. */
r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
if (!r) r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz);
/* loading N, g and salt in advance to generate the verifier. */
if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N),
g, sizeof(g),
salt, sizeof(salt));
if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
if (!r) r = wc_SrpGetVerifier(&cli, verifier, &v_size);
/* client sends username to server */
if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
@ -5398,15 +5479,11 @@ int srp_test(void)
if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N),
g, sizeof(g),
salt, sizeof(salt));
if (!r) r = wc_SrpSetVerifier(&srv, verifier, sizeof(verifier));
if (!r) r = wc_SrpSetVerifier(&srv, verifier, v_size);
if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz);
/* server sends N, g, salt and B to client */
if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N),
g, sizeof(g),
salt, sizeof(salt));
if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz);
if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
serverPubKey, serverPubKeySz);

1
wolfssl.vcxproj
View File

@ -176,6 +176,7 @@
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OptimizeReferences>false</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

2
wolfssl/test.h
View File

@ -503,7 +503,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
#elif defined(WOLFSSL_TIRTOS)
struct hostent* entry = DNSGetHostByName(peer);
#elif defined(WOLFSSL_VXWORKS)
struct hostent* entry = (struct hostent*)hostGetByName(peer);
struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
#else
struct hostent* entry = gethostbyname(peer);
#endif

1
wolfssl/wolfcrypt/asn.h
View File

@ -187,6 +187,7 @@ enum Misc_ASN {
MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif
OCSP_NONCE_EXT_SZ = 37, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
EIGHTK_BUF = 8192, /* Tmp buffer size */

3
wolfssl/wolfcrypt/ecc.h
View File

@ -41,7 +41,8 @@ enum {
ECC_BUFSIZE = 256, /* for exported keys temp buffer */
ECC_MINSIZE = 20, /* MIN Private Key size */
ECC_MAXSIZE = 66, /* MAX Private Key size */
ECC_MAXSIZE_GEN = 74 /* MAX Buffer size required when generating ECC keys*/
ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
ECC_MAX_PAD_SZ = 4 /* ECC maximum padding size */
};

1
wolfssl/wolfcrypt/error-crypt.h
View File

@ -162,6 +162,7 @@ enum {
CERTPOLICIES_E = -227, /* setting Certificate Policies error */
WC_INIT_E = -228, /* wolfcrypt failed to initialize */
SIG_VERIFY_E = -229, /* wolfcrypt signature verify error */
MIN_CODE_E = -300 /* errors -101 - -299 */
};

38
wolfssl/wolfcrypt/hash.h
View File

@ -28,10 +28,42 @@
extern "C" {
#endif
/* Hash types */
enum wc_HashType {
WC_HASH_TYPE_NONE = 0,
#ifdef WOLFSSL_MD2
WC_HASH_TYPE_MD2 = 1,
#endif
#ifndef NO_MD4
WC_HASH_TYPE_MD4 = 2,
#endif
#ifndef NO_MD5
WC_HASH_TYPE_MD5 = 3,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA = 4,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256 = 5,
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384 = 6,
#endif /* WOLFSSL_SHA384 */
WC_HASH_TYPE_SHA512 = 7,
#endif /* WOLFSSL_SHA512 */
};
WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
const byte* data, word32 data_len,
byte* hash, word32 hash_len);
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*);
#if defined(WOLFSSL_TI_HASH)
WOLFSSL_API void wc_Md5Free(Md5*);
#else
@ -42,7 +74,7 @@ WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
#ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h>
WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ;
WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*);
WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
#if defined(WOLFSSL_TI_HASH)
WOLFSSL_API void wc_ShaFree(Sha*);
@ -54,7 +86,7 @@ WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h>
WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ;
WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*);
WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
#if defined(WOLFSSL_TI_HASH)
WOLFSSL_API void wc_Sha256Free(Sha256*);

1
wolfssl/wolfcrypt/include.am
View File

@ -42,6 +42,7 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/sha256.h \
wolfssl/wolfcrypt/sha512.h \
wolfssl/wolfcrypt/sha.h \
wolfssl/wolfcrypt/signature.h \
wolfssl/wolfcrypt/blake2.h \
wolfssl/wolfcrypt/blake2-int.h \
wolfssl/wolfcrypt/blake2-impl.h \

5
wolfssl/wolfcrypt/settings.h
View File

@ -305,6 +305,10 @@
#ifdef WOLFSSL_VXWORKS
/* VxWorks simulator incorrectly detects building for i386 */
#ifdef VXWORKS_SIM
#define TFM_NO_ASM
#endif
#define WOLFSSL_HAVE_MIN
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
@ -449,6 +453,7 @@ static char *fgets(char *buff, int sz, FILE *fp)
#define USE_CERT_BUFFERS_2048
#define NO_ERROR_STRINGS
#define USER_TIME
#define HAVE_ECC
#ifdef __IAR_SYSTEMS_ICC__
#pragma diag_suppress=Pa089

63
wolfssl/wolfcrypt/signature.h Normal file
View File

@ -0,0 +1,63 @@
/* signature.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef WOLF_CRYPT_SIGNATURE_H
#define WOLF_CRYPT_SIGNATURE_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef __cplusplus
extern "C" {
#endif
enum wc_SignatureType {
WC_SIGNATURE_TYPE_NONE = 0,
#ifdef HAVE_ECC
WC_SIGNATURE_TYPE_ECC = 1,
#endif
#ifndef NO_RSA
WC_SIGNATURE_TYPE_RSA = 2,
#endif
};
WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type,
const void* key, word32 key_len);
WOLFSSL_API int wc_SignatureVerify(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
const byte* sig, word32 sig_len,
const void* key, word32 key_len);
WOLFSSL_API int wc_SignatureGenerate(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len,
RNG* rng);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_SIGNATURE_H */