mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Intel IPP crypto for RSA 

add user-crypto makefile

update README for IPP crypto

place user crypto in wolfcrypt and use autotools

adjust distributed files

move openssl compatibility consumption

auto use IPP RSA -- IPP directory containing shared libraries local

return value of wolfSSL_BN and formating of debug

openssh testing

make sure IPP not built when fips is

ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default

try to only set library once

only use static IPP if fast rsa is enabled

make print out for user crypto more pretty
This commit is contained in:
Jacob Barthelmeh 2015-09-28 10:06:30 -06:00
parent ac79effa42
commit ee5a11b8d9
25 changed files with 2804 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.gitignore vendored
View File

@ -152,3 +152,18 @@ mqx/wolfcrypt_test/SaAnalysispointsManager.apconfig
mqx/wolfcrypt_benchmark/.settings
mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
# User Crypto example build
wolfcrypt/user-crypto/aclocal.m4
wolfcrypt/user-crypto/config.guess
wolfcrypt/user-crypto/autom4te.cache
wolfcrypt/user-crypto/config.log
wolfcrypt/user-crypto/config.status
wolfcrypt/user-crypto/config.sub
wolfcrypt/user-crypto/depcomp
wolfcrypt/user-crypto/install-sh
wolfcrypt/user-crypto/libtool
wolfcrypt/user-crypto/ltmain.sh
wolfcrypt/user-crypto/m4
wolfcrypt/user-crypto/missing
wolfcrypt/user-crypto/Makefile.in

11
Makefile.am
View File

@ -17,6 +17,7 @@ BUILT_SOURCES=
EXTRA_DIST=
dist_doc_DATA=
dist_noinst_SCRIPTS =
noinst_SCRIPTS =
check_SCRIPTS =
#includes additional rules from aminclude.am
@ -58,6 +59,16 @@ EXTRA_DIST+= gencertbuf.pl
EXTRA_DIST+= README.md
EXTRA_DIST+= LICENSING
EXTRA_DIST+= INSTALL
EXTRA_DIST+= IPP/
# user crypto plug in example
EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac
EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh
EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h
EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c
EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep
EXTRA_DIST+= wolfcrypt/user-crypto/README.txt
EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am
include cyassl/include.am
include wolfssl/include.am

198
configure.ac
View File

@ -106,6 +106,8 @@ OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
LIB_ADD=
LIB_STATIC_ADD=
thread_ls_on=no
# Thread local storage
@ -1483,11 +1485,68 @@ fi
AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
# USER CRYPTO
ENABLED_USER_CRYPTO="no"
ENABLED_USER_RSA="no"
AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
trycryptodir=""
AC_ARG_WITH([user-crypto],
[AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
[
CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
LIBS="$LIBS -lusercrypto"
if test "x$withval" != "xno" ; then
trycryptodir=$withval
fi
if test "x$withval" == "xyes" ; then
trycryptodir="/usr/local"
fi
LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
#Look for RSA Init function in usercrypto lib
AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
if test "x$user_rsa_linked" == "xyes" ; then
AC_MSG_NOTICE([User user_rsa.h being used])
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
ENABLED_USER_RSA=yes
ENABLED_USER_CRYPTO=yes
fi
#Display check and find result of link attempts
AC_MSG_CHECKING([for USER_CRYPTO])
if test "x$ENABLED_USER_CRYPTO" == "xno" ; then
AC_MSG_RESULT([no])
AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
Specify its path using --with-user-crypto=/dir/])
else
AC_MSG_RESULT([yes])
# Check if .la is available if not then rely on exported path
AC_CHECK_FILE($trycryptodir/lib/libusercrypto.la, [LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"], [LIB_ADD="-lusercrypto $LIB_ADD"])
AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
fi
]
)
AM_CONDITIONAL([BUILD_USER_RSA], [test "x$ENABLED_USER_RSA" == "xyes"] )
AM_CONDITIONAL([BUILD_USER_CRYPTO], [test "x$ENABLED_USER_CRYPTO" = "xyes"])
if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
then
AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
fi
# NTRU
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
[ --with-ntru=PATH Path to NTRU install (default /usr/) ],
[AS_HELP_STRING([--with-ntru=PATH],[Path to NTRU install (default /usr/)])],
[
AC_MSG_CHECKING([for NTRU])
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
@ -1503,7 +1562,7 @@ AC_ARG_WITH([ntru],
tryntrudir="/usr"
fi
LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryntrudir/lib"
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
@ -2095,6 +2154,137 @@ AC_ARG_WITH([cavium],
)
# Fast RSA using Intel IPP
ippdir="${srcdir}/IPP"
ipplib="lib" # if autoconf guesses 32 changes lib directory
fastRSA_headers=no
# set up variables used
IPPLIBS=
IPPHEADERS=
IPPLINK=
AC_ARG_ENABLE([fast-rsa],
[AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
[ ENABLED_FAST_RSA=$enableval ],
[ ENABLED_FAST_RSA=no ],
)
if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
if test "$enable_shared" = "no" && test "$ENABLED_USER_RSA" = "yes"; then
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected
fi
case $host_os in
*darwin*)
ipplib="$ipplib/mac_static"
AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
Dynamic IPP libraries supported on Mac])
break;;
*linux*)
ipplib="$ipplib/linux_static"
break;;
*)
ENABLED_FAST_RSA=no
esac
AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no])
AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a"
else
# just check link and see if user has already exported paths
if test "$ENABLED_FAST_RSA" = "yes"
then
AC_MSG_NOTICE([Checking if IPP crypto library installed])
AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [LIBS="$LIBS -lippcore"; fastRSA_headers=yes], [AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]); fastRSA_headers=no])], [fastRSA_headers=no])
if test "$fastRSA_headers" = "yes"; then
AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
fi
fi
# Don't cache the result so it can be checked again
AS_UNSET([ac_cv_header_ippcp_h])
AS_UNSET([ac_cv_header_ipp_h])
if test "$fastRSA_headers" = "no"; then
dnl set default paths
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_NOTICE([Using local IPP crypto library])
# build and default locations on linux and mac
STORE_LDFLAGS=${LDFLAGS}
STORE_CPPFLAGS=${CPPFLAGS}
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected
fi
# using LDFLAGS instead of AM_ temporarily to test link to library
LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
CPPFLAGS="-I$ippdir/include"
AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [], [ENABLED_FAST_RSA=no])], [ENABLED_FAST_RSA=no])
if test "$ENABLED_FAST_RSA" = "yes"; then
# was succesfull so add tested LDFLAGS to AM_ flags
AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
case $host_os in
*darwin*)
name="$ippdir/$ipplib/libippcp"
IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
break;;
*linux*)
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
name="$ippdir/$ipplib/libippcp"
IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
else
name="$ippdir/$ipplib/libippcp"
IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
fi
break;;
*)
ENABLED_FAST_RSA=no
esac
fi
# restore LDFLAGS to user set
LDFLAGS=${STORE_LDFLAGS}
CPPFLAGS=${STORE_CPPFLAGS}
IPPHEADERS="${srcdir}/IPP/include/*.h"
fi
fi # end of if found exported paths
fi # end of if for shared library
else # if user rsa is set than do not use fast rsa option
ENABLED_FAST_RSA=no
fi # end of if for user rsa crypto
AC_MSG_CHECKING([for fast RSA])
if test "$ENABLED_FAST_RSA" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
# add in user crypto header that uses Intel IPP
AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
if test "$enable_shared" = "yes"; then
LIBS="$LIBS -lippcore"
LIB_ADD="-lippcp -lippcore $LIB_ADD"
else
LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
AC_SUBST([IPPLIBS])
AC_SUBST([IPPHEADERS])
AC_SUBST([IPPLINK])
# Found IPP library now build in user crypto to use it
AM_CONDITIONAL([BUILD_FAST_RSA], [test "x$ENABLED_FAST_RSA" = "xyes"])
# microchip api
AC_ARG_ENABLE([mcapi],
[ --enable-mcapi Enable Microchip API (default: disabled)],
@ -2263,6 +2453,8 @@ CREATE_HEX_VERSION
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_CFLAGS])
AC_SUBST([AM_LDFLAGS])
AC_SUBST([LIB_ADD])
AC_SUBST([LIB_STATIC_ADD])
# FINAL
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
@ -2470,5 +2662,7 @@ echo " * Small Stack: $ENABLED_SMALL_STACK"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
echo ""
echo "---"

2
examples/client/include.am
View File

@ -5,7 +5,7 @@ if BUILD_EXAMPLES
noinst_PROGRAMS += examples/client/client
noinst_HEADERS += examples/client/client.h
examples_client_client_SOURCES = examples/client/client.c
examples_client_client_LDADD = src/libwolfssl.la
examples_client_client_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_client_client_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += examples/client/client.sln

2
examples/echoclient/include.am
View File

@ -7,7 +7,7 @@ if BUILD_EXAMPLES
noinst_PROGRAMS += examples/echoclient/echoclient
noinst_HEADERS += examples/echoclient/echoclient.h
examples_echoclient_echoclient_SOURCES = examples/echoclient/echoclient.c
examples_echoclient_echoclient_LDADD = src/libwolfssl.la
examples_echoclient_echoclient_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_echoclient_echoclient_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += examples/echoclient/echoclient.sln

2
examples/echoserver/include.am
View File

@ -7,7 +7,7 @@ if BUILD_EXAMPLES
noinst_PROGRAMS += examples/echoserver/echoserver
noinst_HEADERS += examples/echoserver/echoserver.h
examples_echoserver_echoserver_SOURCES = examples/echoserver/echoserver.c
examples_echoserver_echoserver_LDADD = src/libwolfssl.la
examples_echoserver_echoserver_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_echoserver_echoserver_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += examples/echoserver/echoserver.sln

2
examples/server/include.am
View File

@ -7,7 +7,7 @@ if BUILD_EXAMPLES
noinst_PROGRAMS += examples/server/server
noinst_HEADERS += examples/server/server.h
examples_server_server_SOURCES = examples/server/server.c
examples_server_server_LDADD = src/libwolfssl.la
examples_server_server_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_server_server_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += examples/server/server.sln

23
src/include.am
View File

@ -4,12 +4,25 @@
lib_LTLIBRARIES+= src/libwolfssl.la
src_libwolfssl_la_SOURCES =
src_libwolfssl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${WOLFSSL_LIBRARY_VERSION}
src_libwolfssl_la_LIBADD = $(LIBM)
src_libwolfssl_la_LIBADD = $(LIBM) $(LIB_ADD) $(LIB_STATIC_ADD)
src_libwolfssl_la_CFLAGS = -DBUILDING_WOLFSSL $(AM_CFLAGS)
src_libwolfssl_la_CPPFLAGS = -DBUILDING_WOLFSSL $(AM_CPPFLAGS)
# install the packaged IPP libraries
if BUILD_FAST_RSA
# Link needed IPP libraries
noinst_SCRIPTS+=IPP_links
IPP_links:
@$(IPPLINK)
ippdir = $(libdir)
ipp_DATA = $(IPPLIBS)
include_HEADERS+=$(IPPHEADERS)
endif # BUILD_FAST_RSA
# fips first file
if BUILD_FIPS
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_first.c
@ -52,9 +65,15 @@ src_libwolfssl_la_SOURCES += \
wolfcrypt/src/sha256.c \
wolfcrypt/src/hash.c
if !BUILD_USER_RSA
if BUILD_RSA
if BUILD_FAST_RSA
src_libwolfssl_la_SOURCES += wolfcrypt/user-crypto/src/rsa.c
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
endif
endif
endif
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c

8
src/ssl.c
View File

@ -12407,7 +12407,8 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
#endif /* NO_RSA */
#if !defined(NO_RSA) || !defined(NO_DSA)
#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)) \
|| !defined(NO_DSA) || defined(HAVE_ECC)
static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
{
WOLFSSL_MSG("Entering SetIndividualExternal");
@ -12559,7 +12560,8 @@ static int SetDsaInternal(WOLFSSL_DSA* dsa)
#endif /* NO_DSA */
#ifndef NO_RSA
#if !defined(NO_RSA)
#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
/* WolfSSL -> OpenSSL */
static int SetRsaExternal(WOLFSSL_RSA* rsa)
{
@ -12688,7 +12690,7 @@ static int SetRsaInternal(WOLFSSL_RSA* rsa)
return SSL_SUCCESS;
}
#endif /* HAVE_USER_RSA */
/* return compliant with OpenSSL
* 1 if success, 0 if error

2
sslSniffer/sslSnifferTest/include.am
View File

@ -5,7 +5,7 @@
if BUILD_SNIFFTEST
noinst_PROGRAMS += sslSniffer/sslSnifferTest/snifftest
sslSniffer_sslSnifferTest_snifftest_SOURCES = sslSniffer/sslSnifferTest/snifftest.c
sslSniffer_sslSnifferTest_snifftest_LDADD = src/libwolfssl.la -lpcap
sslSniffer_sslSnifferTest_snifftest_LDADD = src/libwolfssl.la -lpcap $(LIB_STATIC_ADD)
sslSniffer_sslSnifferTest_snifftest_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += sslSniffer/sslSniffer.vcproj

2
tests/include.am
View File

@ -15,7 +15,7 @@ tests_unit_test_SOURCES = \
examples/client/client.c \
examples/server/server.c
tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
tests_unit_test_LDADD = src/libwolfssl.la
tests_unit_test_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
tests_unit_test_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += tests/unit.h

2
testsuite/include.am
View File

@ -14,7 +14,7 @@ testsuite_testsuite_test_SOURCES = \
examples/server/server.c \
testsuite/testsuite.c
testsuite_testsuite_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
testsuite_testsuite_test_LDADD = src/libwolfssl.la
testsuite_testsuite_test_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
testsuite_testsuite_test_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += testsuite/testsuite.sln

2
wolfcrypt/benchmark/include.am
View File

@ -3,7 +3,7 @@
noinst_PROGRAMS += wolfcrypt/benchmark/benchmark
wolfcrypt_benchmark_benchmark_SOURCES = wolfcrypt/benchmark/benchmark.c
wolfcrypt_benchmark_benchmark_LDADD = src/libwolfssl.la
wolfcrypt_benchmark_benchmark_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
wolfcrypt_benchmark_benchmark_DEPENDENCIES = src/libwolfssl.la
EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln
EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj

30
wolfcrypt/src/asn.c
View File

@ -802,6 +802,7 @@ static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
#endif /* HAVE_CAVIUM */
#ifndef HAVE_USER_RSA
int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
word32 inSz)
{
@ -831,7 +832,7 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
return 0;
}
#endif /* HAVE_USER_RSA */
#endif /* NO_RSA */
/* Remove PKCS8 header, move beginning of traditional to beginning of input */
@ -1256,6 +1257,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
#ifndef NO_RSA
#ifndef HAVE_USER_RSA
int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
word32 inSz)
{
@ -1350,7 +1352,7 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
return 0;
}
#endif /* HAVE_USER_RSA */
#endif
#ifndef NO_DH
@ -5051,7 +5053,9 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))
/* USER RSA ifdef portions used instead of refactor in consideration for
possible fips build */
/* Write a public RSA key to output */
static int SetRsaPublicKey(byte* output, RsaKey* key,
int outLen, int with_header)
@ -5084,15 +5088,24 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
return MEMORY_E;
#endif
#ifdef HAVE_USER_RSA
leadingBit = wc_Rsa_leading_bit(key->n);
rawLen = wc_Rsa_unsigned_bin_size(key->n) + leadingBit;
#else
leadingBit = mp_leading_bit(&key->n);
rawLen = mp_unsigned_bin_size(&key->n) + leadingBit;
#endif
n[0] = ASN_INTEGER;
nSz = SetLength(rawLen, n + 1) + 1; /* int tag */
if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
if (leadingBit)
n[nSz] = 0;
#ifdef HAVE_USER_RSA
err = wc_Rsa_to_unsigned_bin(key->n, n + nSz, rawLen);
#else
err = mp_to_unsigned_bin(&key->n, n + nSz + leadingBit);
#endif
if (err == MP_OKAY)
nSz += rawLen;
else {
@ -5120,15 +5133,24 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
}
#endif
#ifdef HAVE_USER_RSA
leadingBit = wc_Rsa_leading_bit(key->e);
rawLen = wc_Rsa_unsigned_bin_size(key->e) + leadingBit;
#else
leadingBit = mp_leading_bit(&key->e);
rawLen = mp_unsigned_bin_size(&key->e) + leadingBit;
#endif
e[0] = ASN_INTEGER;
eSz = SetLength(rawLen, e + 1) + 1; /* int tag */
if ( (eSz + rawLen) < MAX_RSA_E_SZ) {
if (leadingBit)
e[eSz] = 0;
#ifdef HAVE_USER_RSA
err = wc_Rsa_to_unsigned_bin(key->e, e + eSz, rawLen);
#else
err = mp_to_unsigned_bin(&key->e, e + eSz + leadingBit);
#endif
if (err == MP_OKAY)
eSz += rawLen;
else {
@ -5227,7 +5249,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
defined(WOLFSSL_KEY_GEN)) */
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
static mp_int* GetRsaInt(RsaKey* key, int idx)

2
wolfcrypt/test/include.am
View File

@ -7,7 +7,7 @@ check_PROGRAMS+= wolfcrypt/test/testwolfcrypt
endif
noinst_PROGRAMS+= wolfcrypt/test/testwolfcrypt
wolfcrypt_test_testwolfcrypt_SOURCES = wolfcrypt/test/test.c
wolfcrypt_test_testwolfcrypt_LDADD = src/libwolfssl.la
wolfcrypt_test_testwolfcrypt_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
wolfcrypt_test_testwolfcrypt_DEPENDENCIES = src/libwolfssl.la
noinst_HEADERS += wolfcrypt/test/test.h
EXTRA_DIST += wolfcrypt/test/test.sln

9
wolfcrypt/user-crypto/Makefile.am Normal file
View File

@ -0,0 +1,9 @@
AM_CFLAGS=-I m4
#add in wolfssl directory
AM_CPPFLAGS+=-I$(abs_srcdir)/../../ -I$(srcdir)/include/
lib_LTLIBRARIES = lib/libusercrypto.la
lib_libusercrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
lib_libusercrypto_la_LDFLAGS = $(AM_LDFLAGS)
lib_libusercrypto_la_SOURCES = src/rsa.c
include_HEADERS = include/user_rsa.h

77
wolfcrypt/user-crypto/README.txt Normal file
View File

@ -0,0 +1,77 @@
/*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/*
Created to use intel's IPP see their license for linking to intel's IPP library
*/
##BUILDING ON 64BIT MAC OSX
Tested and developed on MAC OSX linking to IPP v9.0
for me exporting the IPP library was needed. As an example it was
export DYLD_LIBRARY_PATH="/opt/intel/ipp/lib"
first go to the root wolfssl dir and run ./autogen.sh && ./configure it with desired settings then make. This is to set up the define options and wolfssl library for the user crypto to link to.
Then go to the wolfssl/user-crypto directory and run ./autogen.sh && ./configure then make make install this creates a usercrypto library to use
Finally go back to the root wolfssl directory and follow these build instructions
building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
An example build would be
./configure --with-user-crypto CPPFLAGS=-I/opt/intel/ipp/include --enable-lighty
##BUILDING IN 32BIT UBUNTU
Tested on UBUNTU 32 bit linking to IPP v9.0
for me exporting the IPP library. As an example it was
export LD_LIBRARY_PATH="/opt/intel/ipp/lib/ia32_lin/:$LD_LIBRARY_PATH"
first go to the root wolfssl dir and configure it with desired settings and make install. This is to set up the define options and wolfssl library for the user crypto to link to.
For me on Ubuntu the IPP libraries had been installed into /opt/intel/ipp/lib/ia32_lin/ so the ./configure LDFLAGS=-L/opt/intel/ipp/lib/ia32_lin was needed to be looking at that directory.
Run make && make install from the directory wolfssl_root/wolfssl/user-crypto/ this creates a usercrypto library to use
Finally go back to the root wolfssl directory and follow these build instructions
building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
./configure --with-user-crypto=root_wolfssl/wolfssl/user-crypto CPPFLAGS=-I/opt/intel/ipp/include (plus any desired additional flags)
##THINGS TO CHECK FOR IF NOT ABLE TO LINK WITH USERCRYPTO LIB
Check that the path has been exported for the IPP library. If usercrypto is unable to use the function to init an RSA key then the link to it will fail in configure. Check for this by $DYLD_LIBRARY_PATH on mac or $LD_LIBRARY_PATH on ubuntu. If the directory for the Intel IPP libraries are not displayed than use "export DYLD_LIBRARY_PATH=path_to_ipp_libraries:$DYLD_LIBRARY_PATH".
##CREATING OWN RSA CRYPTO PLUGIN
It is required to have a header file named user_rsa.h. This is what is looked for by wolfssl/wolfcrypt/rsa.h and should contain the user defined rsa key struct.
It is required to have a library called usercrypto. This is linked to when configuring wolfSSL with the option --with-user-crypto
It is required when compiled with RSA cert generation to have key struct elements named n and e containing the corresponding big numbers. And the three helper functions to work with the big numbers. These functions are called by wolfcrypt/src/asn.c when working with certificates.
To view the needed functions look at wolfssl/wolfcrypt/rsa.h they will be extern functions surronded by HAVE_USER_RSA define.
Cert Generation for other sign and verify such as ECC are not yet supported.
When building with openssl compatibility layer extra developent needs to be done, having the two functions SetRsaExernal and SetRsaInternal
wolfSSL does not take responsibility for the strength of security of third party cryptography libraries plugged in by the user.

23
wolfcrypt/user-crypto/autogen.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/sh
#
# Create configure and makefile stuff...
#
# Git hooks should come before autoreconf.
if test -d .git; then
if ! test -d .git/hooks; then
mkdir .git/hooks
fi
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
ln -s -f ../../pre-push.sh .git/hooks/pre-push
fi
# If this is a source checkout then call autoreconf with error as well
if test -d .git; then
WARNINGS="all,error"
else
WARNINGS="all"
fi
autoreconf --install --force --verbose

44
wolfcrypt/user-crypto/configure.ac Normal file
View File

@ -0,0 +1,44 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
AC_PREREQ([2.63])
AC_INIT([usercypto], [0.1], [])
AC_CONFIG_SRCDIR([src/rsa.c])
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
LT_PREREQ([2.2])
LT_INIT([disable-static])
LT_LANG([C++])
LT_LANG([C])
# Checks for programs.
AC_PROG_CC
AC_CONFIG_MACRO_DIR([m4])
# Checks for libraries.
AM_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -L/opt/intel/ipp/lib -lippcp -lippcore"
# Path to find wolfssl/options and other includes
AM_CPPFLAGS=$CPPFLAGS
CPPFLAGS="$CPPFLAGS -I../../ -I/opt/intel/ipp/include"
AC_CHECK_LIB([ippcore], [ippGetStatusString], [], [AC_MSG_ERROR([ippcore library needed ./configure LDFLAGS=/path/to/ipp/lib])])
AC_CHECK_LIB([ippcp], [ippsRSA_InitPublicKey], [], [AC_MSG_ERROR([ippcp library needed ./configure LDFLAGS=/path/to/ipp/lib])])
# check headers
AC_CHECK_HEADER([ippcp.h], [], [AC_MSG_ERROR([ippcp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
AC_CHECK_HEADER([ipp.h], [], [AC_MSG_ERROR([ipp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
LDFLAGS=$AM_LDFLAGS
CPPFLAGS=$AM_CPPFLAGS
AM_LDFLAGS="-L/opt/intel/ipp/lib -lippcp -lippcore"
AM_CPPFLAGS="-I/opt/intel/ipp/include"
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_LDFLAGS])
AC_C_INLINE
AC_CONFIG_FILES([Makefile])
AC_OUTPUT

129
wolfcrypt/user-crypto/include/user_rsa.h Normal file
View File

@ -0,0 +1,129 @@
/* user_rsa.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/*
Created to use intel's IPP see their license for linking to intel's IPP library
*/
#ifndef USER_WOLF_CRYPT_RSA_H
#define USER_WOLF_CRYPT_RSA_H
#include <wolfssl/wolfcrypt/settings.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/random.h>
/* intels crypto */
#include <ipp.h>
#include <ippcp.h>
#ifdef __cplusplus
extern "C" {
#endif
/* needed for WOLFSSL_RSA type but use macro guard against redefine */
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TYPES_DEFINED) \
&& !defined(WOLFSSL_RSA_TYPE_DEFINED)
struct WOLFSSL_RSA;
typedef struct WOLFSSL_RSA WOLFSSL_RSA;
#define WOLFSSL_RSA_TYPE_DEFINED
#endif
enum {
RSA_PUBLIC = 0,
RSA_PRIVATE = 1,
};
/* RSA */
typedef struct RsaKey {
IppsBigNumState* n;
IppsBigNumState* e;
IppsBigNumState* dipp;
IppsBigNumState* pipp;
IppsBigNumState* qipp;
IppsBigNumState* dPipp;
IppsBigNumState* dQipp;
IppsBigNumState* uipp;
int nSz, eSz, dSz;
IppsRSAPublicKeyState* pPub;
IppsRSAPrivateKeyState* pPrv;
word32 prvSz; /* size of private key */
word32 sz; /* size of signature */
int type; /* public or private */
void* heap; /* for user memory overrides */
} RsaKey;
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*);
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng);
WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
RsaKey* key);
WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng);
WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
RsaKey* key);
WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32);
WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32);
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
const byte* e, word32 eSz, RsaKey* key);
#ifdef WOLFSSL_KEY_GEN
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
#endif
WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
word32*);
#ifdef WOLFSSL_CERT_GEN
/* abstracted BN operations with RSA key */
WOLFSSL_API int wc_Rsa_leading_bit(void* BN);
WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN);
/* return MP_OKAY on success */
WOLFSSL_API int wc_Rsa_to_unsigned_bin(void* BN, byte* in, int inLen);
#endif
#ifdef OPENSSL_EXTRA /* abstracted functions to deal with rsa key */
WOLFSSL_API int SetRsaExternal(WOLFSSL_RSA* rsa);
WOLFSSL_API int SetRsaInternal(WOLFSSL_RSA* rsa);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_RSA */
#endif /* USER_WOLF_CRYPT_RSA_H */

0
wolfcrypt/user-crypto/lib/.gitkeep Normal file
View File

BIN
wolfcrypt/user-crypto/lib/libusercrypto.dylib Executable file
View File

Binary file not shown.

2227
wolfcrypt/user-crypto/src/rsa.c Normal file
View File

File diff suppressed because it is too large Load Diff

4
wolfssl/ssl.h
View File

@ -78,7 +78,11 @@ typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
#define WOLFSSL_TYPES_DEFINED
#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_RSA WOLFSSL_RSA;
#define WOLFSSL_RSA_TYPE_DEFINED
#endif
typedef struct WOLFSSL_DSA WOLFSSL_DSA;
typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;

11
wolfssl/wolfcrypt/rsa.h
View File

@ -26,6 +26,11 @@
#ifndef NO_RSA
/* allow for user to plug in own crypto */
#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))
#include "user_rsa.h"
#else
#ifdef HAVE_FIPS
/* for fips @wc_fips */
#include <cyassl/ctaocrypt/rsa.h>
@ -41,7 +46,8 @@
extern "C" {
#endif
#ifndef HAVE_FIPS /* avoid redefinition of structs */
/* avoid redefinition of structs */
#if !defined(HAVE_FIPS)
#define WOLFSSL_RSA_CAVIUM_MAGIC 0xBEEF0006
enum {
@ -72,7 +78,6 @@ typedef struct RsaKey {
} RsaKey;
#endif /*HAVE_FIPS */
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*);
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
@ -113,7 +118,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
WOLFSSL_API int wc_RsaInitCavium(RsaKey*, int);
WOLFSSL_API void wc_RsaFreeCavium(RsaKey*);
#endif
#endif /* HAVE_USER_RSA */
#ifdef __cplusplus
} /* extern "C" */
#endif