mirror of https://github.com/wolfSSL/wolfssl
add session tickets to echoserver example too
This commit is contained in:
toddouska
parent
ebf73fab5d
commit
8ff17b66f3
|
|
@ -53,7 +53,6 @@
|
|||
|
||||
#include "examples/echoserver/echoserver.h"
|
||||
|
||||
|
||||
#define SVR_COMMAND_SIZE 256
|
||||
|
||||
static void SignalReady(void* args, word16 port)
|
||||
|
|
@ -143,6 +142,13 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
if (TicketInit() != 0)
|
||||
err_sys("unable to setup Session Ticket Key context");
|
||||
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
|
||||
#endif
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
if (doPSK == 0) {
|
||||
#ifdef HAVE_NTRU
|
||||
|
|
@ -337,6 +343,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||
fdCloseSession(Task_self());
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
TicketCleanup();
|
||||
#endif
|
||||
|
||||
#ifndef CYASSL_TIRTOS
|
||||
return 0;
|
||||
#endif
|
||||
|
|
@ -382,5 +393,3 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||
#endif /* NO_MAIN_DRIVER */
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -64,15 +64,6 @@
|
|||
int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
|
||||
static int TicketInit(void);
|
||||
static void TicketCleanup(void);
|
||||
static int myTicketEncCb(WOLFSSL* ssl, byte key_name[16], byte iv[16],
|
||||
byte mac[32], int enc, byte* ticket, int inLen,
|
||||
int* outLen);
|
||||
#endif
|
||||
|
||||
|
||||
static void NonBlockingSSL_Accept(SSL* ssl)
|
||||
|
|
@ -755,88 +746,3 @@ while (1) { /* allow resume option */
|
|||
#endif
|
||||
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
typedef struct key_ctx {
|
||||
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
|
||||
byte key[16]; /* cipher key */
|
||||
} key_ctx;
|
||||
|
||||
static key_ctx myKey_ctx;
|
||||
static RNG rng;
|
||||
|
||||
static int TicketInit(void)
|
||||
{
|
||||
int ret = wc_InitRng(&rng);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
|
||||
if (ret != 0) return ret;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void TicketCleanup(void)
|
||||
{
|
||||
wc_FreeRng(&rng);
|
||||
}
|
||||
|
||||
static int myTicketEncCb(WOLFSSL* ssl,
|
||||
byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
||||
byte iv[WOLFSSL_TICKET_IV_SZ],
|
||||
byte mac[WOLFSSL_TICKET_MAC_SZ],
|
||||
int enc, byte* ticket, int inLen, int* outLen)
|
||||
{
|
||||
(void)ssl;
|
||||
|
||||
int ret;
|
||||
word16 sLen = htons(inLen);
|
||||
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
|
||||
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
|
||||
byte* tmp = aad;
|
||||
|
||||
if (enc) {
|
||||
XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
|
||||
|
||||
ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
|
||||
/* build aad from key name, iv, and length */
|
||||
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
|
||||
tmp += WOLFSSL_TICKET_NAME_SZ;
|
||||
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
tmp += WOLFSSL_TICKET_IV_SZ;
|
||||
XMEMCPY(tmp, &sLen, 2);
|
||||
|
||||
ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
|
||||
aad, aadSz,
|
||||
ticket, inLen,
|
||||
ticket,
|
||||
mac);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
*outLen = inLen; /* no padding in this mode */
|
||||
} else {
|
||||
/* decrypt */
|
||||
/* build aad from key name, iv, and length */
|
||||
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
|
||||
tmp += WOLFSSL_TICKET_NAME_SZ;
|
||||
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
tmp += WOLFSSL_TICKET_IV_SZ;
|
||||
XMEMCPY(tmp, &sLen, 2);
|
||||
|
||||
ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
|
||||
aad, aadSz,
|
||||
ticket, inLen,
|
||||
mac,
|
||||
ticket);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
*outLen = inLen; /* no padding in this mode */
|
||||
}
|
||||
|
||||
return WOLFSSL_TICKET_RET_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1835,5 +1835,95 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
|
|||
return tempfn;
|
||||
}
|
||||
|
||||
#endif /* wolfSSL_TEST_H */
|
||||
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
|
||||
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
|
||||
|
||||
typedef struct key_ctx {
|
||||
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
|
||||
byte key[16]; /* cipher key */
|
||||
} key_ctx;
|
||||
|
||||
static key_ctx myKey_ctx;
|
||||
static RNG rng;
|
||||
|
||||
static INLINE int TicketInit(void)
|
||||
{
|
||||
int ret = wc_InitRng(&rng);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
|
||||
if (ret != 0) return ret;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static INLINE void TicketCleanup(void)
|
||||
{
|
||||
wc_FreeRng(&rng);
|
||||
}
|
||||
|
||||
static INLINE int myTicketEncCb(WOLFSSL* ssl,
|
||||
byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
||||
byte iv[WOLFSSL_TICKET_IV_SZ],
|
||||
byte mac[WOLFSSL_TICKET_MAC_SZ],
|
||||
int enc, byte* ticket, int inLen, int* outLen)
|
||||
{
|
||||
(void)ssl;
|
||||
|
||||
int ret;
|
||||
word16 sLen = htons(inLen);
|
||||
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
|
||||
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
|
||||
byte* tmp = aad;
|
||||
|
||||
if (enc) {
|
||||
XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
|
||||
|
||||
ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
|
||||
/* build aad from key name, iv, and length */
|
||||
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
|
||||
tmp += WOLFSSL_TICKET_NAME_SZ;
|
||||
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
tmp += WOLFSSL_TICKET_IV_SZ;
|
||||
XMEMCPY(tmp, &sLen, 2);
|
||||
|
||||
ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
|
||||
aad, aadSz,
|
||||
ticket, inLen,
|
||||
ticket,
|
||||
mac);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
*outLen = inLen; /* no padding in this mode */
|
||||
} else {
|
||||
/* decrypt */
|
||||
/* build aad from key name, iv, and length */
|
||||
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
|
||||
tmp += WOLFSSL_TICKET_NAME_SZ;
|
||||
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
tmp += WOLFSSL_TICKET_IV_SZ;
|
||||
XMEMCPY(tmp, &sLen, 2);
|
||||
|
||||
ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
|
||||
aad, aadSz,
|
||||
ticket, inLen,
|
||||
mac,
|
||||
ticket);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
*outLen = inLen; /* no padding in this mode */
|
||||
}
|
||||
|
||||
return WOLFSSL_TICKET_RET_OK;
|
||||
}
|
||||
|
||||
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
|
||||
|
||||
#endif /* wolfSSL_TEST_H */
|
||||
|
|
|
|||
Loading…
Reference in New Issue