10 #include <wolfssl/wolfcrypt/types.h>
11 #include <wolfssl/wolfcrypt/error-crypt.h>
12 #include <wolfssl/wolfcrypt/random.h>
15 #include <wolfssl/wolfcrypt/aes.h>
16 #include <wolfssl/wolfcrypt/arc4.h>
17 #include <wolfssl/wolfcrypt/hmac.h>
19 #ifdef HAVE_PK_CALLBACKS
20 #include <wolfssl/wolfcrypt/asn.h>
22 #include <wolfssl/wolfcrypt/ecc.h>
24 #endif /*HAVE_PK_CALLBACKS */
26 #ifdef USE_WINDOWS_API
29 #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
33 #define SOCKET_T SOCKET
34 #define SNPRINTF _snprintf
35 #elif defined(WOLFSSL_MDK_ARM)
37 #elif defined(WOLFSSL_TIRTOS)
40 #include <sys/types.h>
41 #include <arpa/inet.h>
42 #include <sys/socket.h>
43 #include <ti/sysbios/knl/Task.h>
45 char *h_name; /* official name of host */
46 char **h_aliases; /* alias list */
47 int h_addrtype; /* host address type */
48 int h_length; /* length of address */
49 char **h_addr_list; /* list of addresses from name server */
54 #include <sys/types.h>
55 #ifndef WOLFSSL_LEANPSK
58 #include <netinet/in.h>
59 #include <netinet/tcp.h>
60 #include <arpa/inet.h>
61 #include <sys/ioctl.h>
63 #include <sys/socket.h>
72 #include <signal.h> /* ignore SIGPIPE */
74 #define SNPRINTF snprintf
75 #endif /* USE_WINDOWS_API */
78 #include "cavium_sysdep.h"
79 #include "cavium_common.h"
80 #include "cavium_ioctl.h"
84 /* disable conversion warning */
85 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
86 #pragma warning(disable:4244 4996)
90 #if defined(__MACH__) || defined(USE_WINDOWS_API)
92 typedef int socklen_t;
97 /* HPUX doesn't use socklent_t for third parameter to accept, unless
98 _XOPEN_SOURCE_EXTENDED is defined */
99 #if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)
100 typedef socklen_t* ACCEPT_THIRD_T;
102 #if defined _XOPEN_SOURCE_EXTENDED
103 typedef socklen_t* ACCEPT_THIRD_T;
105 typedef int* ACCEPT_THIRD_T;
110 #ifdef USE_WINDOWS_API
111 #define CloseSocket(s) closesocket(s)
112 #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
113 #elif defined(WOLFSSL_MDK_ARM)
114 #define CloseSocket(s) closesocket(s)
117 #define CloseSocket(s) close(s)
122 #ifdef SINGLE_THREADED
123 typedef unsigned int THREAD_RETURN;
124 typedef void* THREAD_TYPE;
125 #define WOLFSSL_THREAD
127 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
128 typedef void* THREAD_RETURN;
129 typedef pthread_t THREAD_TYPE;
130 #define WOLFSSL_THREAD
132 #define WAIT_OBJECT_0 0L
133 #elif defined(WOLFSSL_MDK_ARM)
134 typedef unsigned int THREAD_RETURN;
135 typedef int THREAD_TYPE;
136 #define WOLFSSL_THREAD
137 #elif defined(WOLFSSL_TIRTOS)
138 typedef void THREAD_RETURN;
139 typedef Task_Handle THREAD_TYPE;
140 #define WOLFSSL_THREAD
142 typedef unsigned int THREAD_RETURN;
143 typedef intptr_t THREAD_TYPE;
144 #define WOLFSSL_THREAD __stdcall
150 typedef struct sockaddr_in6 SOCKADDR_IN_T;
151 #define AF_INET_V AF_INET6
153 typedef struct sockaddr_in SOCKADDR_IN_T;
154 #define AF_INET_V AF_INET
158 #define SERVER_DEFAULT_VERSION 3
159 #define SERVER_DTLS_DEFAULT_VERSION (-2)
160 #define SERVER_INVALID_VERSION (-99)
161 #define CLIENT_DEFAULT_VERSION 3
162 #define CLIENT_DTLS_DEFAULT_VERSION (-2)
163 #define CLIENT_INVALID_VERSION (-99)
164 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
165 #define DEFAULT_MIN_DHKEY_BITS 2048
167 #define DEFAULT_MIN_DHKEY_BITS 1024
170 /* all certs relative to wolfSSL home directory now */
171 #define caCert "./certs/ca-cert.pem"
172 #define eccCert "./certs/server-ecc.pem"
173 #define eccKey "./certs/ecc-key.pem"
174 #define svrCert "./certs/server-cert.pem"
175 #define svrKey "./certs/server-key.pem"
176 #define cliCert "./certs/client-cert.pem"
177 #define cliKey "./certs/client-key.pem"
178 #define ntruCert "./certs/ntru-cert.pem"
179 #define ntruKey "./certs/ntru-key.raw"
180 #define dhParam "./certs/dh2048.pem"
181 #define cliEccKey "./certs/ecc-client-key.pem"
182 #define cliEccCert "./certs/client-ecc-cert.pem"
183 #define crlPemDir "./certs/crl"
185 typedef struct tcp_ready {
186 word16 ready; /* predicate */
188 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
189 pthread_mutex_t mutex;
195 void InitTcpReady(tcp_ready*);
196 void FreeTcpReady(tcp_ready*);
198 typedef WOLFSSL_METHOD* (*method_provider)(void);
199 typedef void (*ctx_callback)(WOLFSSL_CTX* ctx);
200 typedef void (*ssl_callback)(WOLFSSL* ssl);
202 typedef struct callback_functions {
203 method_provider method;
204 ctx_callback ctx_ready;
205 ssl_callback ssl_ready;
206 ssl_callback on_result;
207 } callback_functions;
209 typedef struct func_args {
214 callback_functions *callbacks;
217 void wait_tcp_ready(func_args*);
219 typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
221 void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
222 void join_thread(THREAD_TYPE);
226 static const char* const wolfSSLIP = "127.0.0.1";
228 static const char* const wolfSSLIP = "::1";
230 static const word16 wolfSSLPort = 11111;
232 static INLINE void err_sys(const char* msg)
234 printf("wolfSSL error: %s\n", msg);
240 #define MY_EX_USAGE 2
243 extern char* myoptarg;
245 static INLINE int mygetopt(int argc, char** argv, const char* optstring)
247 static char* next = NULL;
253 next = NULL; /* we're starting new/over */
255 if (next == NULL || *next == '\0') {
259 if (myoptind >= argc || argv[myoptind][0] != '-' ||
260 argv[myoptind][1] == '\0') {
263 myoptarg = argv[myoptind];
268 if (strcmp(argv[myoptind], "--") == 0) {
273 myoptarg = argv[myoptind];
278 next = argv[myoptind];
284 /* The C++ strchr can return a different value */
285 cp = (char*)strchr(optstring, c);
287 if (cp == NULL || c == ':')
297 else if (myoptind < argc) {
298 myoptarg = argv[myoptind];
309 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
311 static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
315 strncpy(passwd, "yassl123", sz);
322 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
324 static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
327 char* issuer = wolfSSL_X509_NAME_oneline(
328 wolfSSL_X509_get_issuer_name(x509), 0, 0);
329 char* subject = wolfSSL_X509_NAME_oneline(
330 wolfSSL_X509_get_subject_name(x509), 0, 0);
333 int sz = sizeof(serial);
335 printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
337 while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
338 printf(" altname = %s\n", altName);
340 ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
341 if (ret == SSL_SUCCESS) {
346 /* testsuite has multiple threads writing to stdout, get output
347 message ready to write once */
348 strLen = sprintf(serialMsg, " serial number");
349 for (i = 0; i < sz; i++)
350 sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
351 printf("%s\n", serialMsg);
354 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
355 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
358 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
361 static INLINE void showPeer(WOLFSSL* ssl)
364 WOLFSSL_CIPHER* cipher;
365 #ifdef KEEP_PEER_CERT
366 WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
368 ShowX509(peer, "peer's cert info:");
370 printf("peer has no cert!\n");
372 printf("SSL version is %s\n", wolfSSL_get_version(ssl));
374 cipher = wolfSSL_get_current_cipher(ssl);
375 printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
377 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
379 WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl);
380 int count = wolfSSL_get_chain_count(chain);
383 for (i = 0; i < count; i++) {
385 unsigned char buffer[3072];
386 WOLFSSL_X509* chainX509;
388 wolfSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
390 printf("cert %d has length %d data = \n%s\n", i, length, buffer);
392 chainX509 = wolfSSL_get_chain_X509(chain, i);
394 ShowX509(chainX509, "session cert info:");
396 printf("get_chain_X509 failed\n");
397 wolfSSL_FreeX509(chainX509);
405 static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
406 word16 port, int udp)
412 memset(addr, 0, sizeof(SOCKADDR_IN_T));
415 /* peer could be in human readable form */
416 if ( (peer != INADDR_ANY) && isalpha((int)peer[0])) {
417 #ifdef WOLFSSL_MDK_ARM
419 struct hostent* entry = gethostbyname(peer, &err);
420 #elif defined(WOLFSSL_TIRTOS)
421 struct hostent* entry = DNSGetHostByName(peer);
423 struct hostent* entry = gethostbyname(peer);
427 memcpy(&addr->sin_addr.s_addr, entry->h_addr_list[0],
432 err_sys("no entry for host");
438 #if defined(WOLFSSL_MDK_ARM)
439 addr->sin_family = PF_INET;
441 addr->sin_family = AF_INET_V;
443 addr->sin_port = htons(port);
444 if (peer == INADDR_ANY)
445 addr->sin_addr.s_addr = INADDR_ANY;
448 addr->sin_addr.s_addr = inet_addr(peer);
451 addr->sin6_family = AF_INET_V;
452 addr->sin6_port = htons(port);
453 if (peer == INADDR_ANY)
454 addr->sin6_addr = in6addr_any;
456 #ifdef HAVE_GETADDRINFO
457 struct addrinfo hints;
458 struct addrinfo* answer = NULL;
462 memset(&hints, 0, sizeof(hints));
464 hints.ai_family = AF_INET_V;
465 hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
466 hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
468 SNPRINTF(strPort, sizeof(strPort), "%d", port);
471 ret = getaddrinfo(peer, strPort, &hints, &answer);
472 if (ret < 0 || answer == NULL)
473 err_sys("getaddrinfo failed");
475 memcpy(addr, answer->ai_addr, answer->ai_addrlen);
476 freeaddrinfo(answer);
478 printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
479 addr->sin6_addr = in6addr_loopback;
486 static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
489 *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
491 *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
493 #ifdef USE_WINDOWS_API
494 if (*sockfd == INVALID_SOCKET)
495 err_sys("socket failed\n");
496 #elif defined(WOLFSSL_TIRTOS)
498 err_sys("socket failed\n");
501 err_sys("socket failed\n");
504 #ifndef USE_WINDOWS_API
508 socklen_t len = sizeof(on);
509 int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
511 err_sys("setsockopt SO_NOSIGPIPE failed\n");
513 #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS)
514 /* nothing to define */
515 #else /* no S_NOSIGPIPE */
516 signal(SIGPIPE, SIG_IGN);
517 #endif /* S_NOSIGPIPE */
519 #if defined(TCP_NODELAY)
523 socklen_t len = sizeof(on);
524 int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
526 err_sys("setsockopt TCP_NODELAY failed\n");
529 #endif /* USE_WINDOWS_API */
532 static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
536 build_addr(&addr, ip, port, udp);
537 tcp_socket(sockfd, udp);
540 if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
541 err_sys("tcp connect failed");
546 static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
548 if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
549 err_sys("tcp connect failed");
561 #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_TIRTOS)
562 static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
564 fd_set recvfds, errfds;
565 SOCKET_T nfds = socketfd + 1;
566 struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
570 FD_SET(socketfd, &recvfds);
572 FD_SET(socketfd, &errfds);
574 result = select(nfds, &recvfds, NULL, &errfds, &timeout);
578 else if (result > 0) {
579 if (FD_ISSET(socketfd, &recvfds))
580 return TEST_RECV_READY;
581 else if(FD_ISSET(socketfd, &errfds))
582 return TEST_ERROR_READY;
585 return TEST_SELECT_FAIL;
587 #elif defined(WOLFSSL_TIRTOS)
588 static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
590 return TEST_RECV_READY;
592 #endif /* !WOLFSSL_MDK_ARM */
595 static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
600 /* don't use INADDR_ANY by default, firewall may block, make user switch
602 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp);
603 tcp_socket(sockfd, udp);
605 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)
608 socklen_t len = sizeof(on);
609 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
611 err_sys("setsockopt SO_REUSEADDR failed\n");
615 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
616 err_sys("tcp bind failed");
618 if (listen(*sockfd, 5) != 0)
619 err_sys("tcp listen failed");
621 #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
623 socklen_t len = sizeof(addr);
624 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
626 *port = ntohs(addr.sin_port);
628 *port = ntohs(addr.sin6_port);
636 static INLINE int udp_read_connect(SOCKET_T sockfd)
638 SOCKADDR_IN_T cliaddr;
641 socklen_t len = sizeof(cliaddr);
643 n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
644 (struct sockaddr*)&cliaddr, &len);
646 if (connect(sockfd, (const struct sockaddr*)&cliaddr,
647 sizeof(cliaddr)) != 0)
648 err_sys("udp connect failed");
651 err_sys("recvfrom failed");
656 static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
657 int useAnyAddr, word16 port, func_args* args)
662 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1);
663 tcp_socket(sockfd, 1);
666 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)
669 socklen_t len = sizeof(on);
670 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
672 err_sys("setsockopt SO_REUSEADDR failed\n");
676 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
677 err_sys("tcp bind failed");
679 #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
681 socklen_t len = sizeof(addr);
682 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
684 port = ntohs(addr.sin_port);
686 port = ntohs(addr.sin6_port);
692 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
693 /* signal ready to accept data */
695 tcp_ready* ready = args->signal;
696 pthread_mutex_lock(&ready->mutex);
699 pthread_cond_signal(&ready->cond);
700 pthread_mutex_unlock(&ready->mutex);
702 #elif defined (WOLFSSL_TIRTOS)
704 tcp_ready* ready = args->signal;
709 *clientfd = udp_read_connect(*sockfd);
712 static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
713 func_args* args, word16 port, int useAnyAddr,
714 int udp, int ready_file)
716 SOCKADDR_IN_T client;
717 socklen_t client_len = sizeof(client);
720 udp_accept(sockfd, clientfd, useAnyAddr, port, args);
724 tcp_listen(sockfd, &port, useAnyAddr, udp);
726 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
727 /* signal ready to tcp_accept */
729 tcp_ready* ready = args->signal;
730 pthread_mutex_lock(&ready->mutex);
733 pthread_cond_signal(&ready->cond);
734 pthread_mutex_unlock(&ready->mutex);
736 #elif defined (WOLFSSL_TIRTOS)
738 tcp_ready* ready = args->signal;
744 #ifndef NO_FILESYSTEM
745 #ifndef USE_WINDOWS_API
746 FILE* srf = fopen("/tmp/wolfssl_server_ready", "w");
748 FILE* srf = fopen("wolfssl_server_ready", "w");
758 *clientfd = accept(*sockfd, (struct sockaddr*)&client,
759 (ACCEPT_THIRD_T)&client_len);
760 #ifdef USE_WINDOWS_API
761 if (*clientfd == INVALID_SOCKET)
762 err_sys("tcp accept failed");
765 err_sys("tcp accept failed");
770 static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
772 #ifdef USE_WINDOWS_API
773 unsigned long blocking = 1;
774 int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
775 if (ret == SOCKET_ERROR)
776 err_sys("ioctlsocket failed");
777 #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS)
778 /* non blocking not suppported, for now */
780 int flags = fcntl(*sockfd, F_GETFL, 0);
782 err_sys("fcntl get failed");
783 flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
785 err_sys("fcntl set failed");
792 static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
793 char* identity, unsigned int id_max_len, unsigned char* key,
794 unsigned int key_max_len)
800 /* identity is OpenSSL testing default for openssl s_client, keep same */
801 strncpy(identity, "Client_identity", id_max_len);
804 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
811 return 4; /* length of key in octets or 0 for error */
815 static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
816 unsigned char* key, unsigned int key_max_len)
821 /* identity is OpenSSL testing default for openssl s_client, keep same */
822 if (strncmp(identity, "Client_identity", 15) != 0)
825 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
832 return 4; /* length of key in octets or 0 for error */
838 #ifdef USE_WINDOWS_API
840 #define WIN32_LEAN_AND_MEAN
843 static INLINE double current_time()
846 static LARGE_INTEGER freq;
851 QueryPerformanceFrequency(&freq);
855 QueryPerformanceCounter(&count);
857 return (double)count.QuadPart / freq.QuadPart;
860 #elif defined(WOLFSSL_TIRTOS)
861 extern double current_time();
864 #if !defined(WOLFSSL_MDK_ARM)
865 #include <sys/time.h>
867 static INLINE double current_time(void)
870 gettimeofday(&tv, 0);
872 return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
876 #endif /* USE_WINDOWS_API */
879 #if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
887 static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
889 /* test buffer load */
892 FILE* file = fopen(fname, "rb");
895 err_sys("can't open file for buffer load "
896 "Please run from wolfSSL home directory if not");
897 fseek(file, 0, SEEK_END);
900 fread(buff, sizeof(buff), 1, file);
902 if (type == WOLFSSL_CA) {
903 if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM)
905 err_sys("can't load buffer ca file");
907 else if (type == WOLFSSL_CERT) {
908 if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, sz,
909 SSL_FILETYPE_PEM) != SSL_SUCCESS)
910 err_sys("can't load buffer cert file");
912 else if (type == WOLFSSL_KEY) {
913 if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz,
914 SSL_FILETYPE_PEM) != SSL_SUCCESS)
915 err_sys("can't load buffer key file");
919 #endif /* NO_FILESYSTEM */
921 #ifdef VERIFY_CALLBACK
923 static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
926 char buffer[WOLFSSL_MAX_ERROR_SZ];
932 printf("In verification callback, error = %d, %s\n", store->error,
933 wolfSSL_ERR_error_string(store->error, buffer));
935 peer = store->current_cert;
937 char* issuer = wolfSSL_X509_NAME_oneline(
938 wolfSSL_X509_get_issuer_name(peer), 0, 0);
939 char* subject = wolfSSL_X509_NAME_oneline(
940 wolfSSL_X509_get_subject_name(peer), 0, 0);
941 printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
943 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
944 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
947 printf("peer has no cert!\n");
949 printf("Subject's domain name is %s\n", store->domain);
951 printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n");
955 #endif /* VERIFY_CALLBACK */
958 static INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
960 char buffer[WOLFSSL_MAX_ERROR_SZ];
963 printf("In verification callback, error = %d, %s\n", store->error,
964 wolfSSL_ERR_error_string(store->error, buffer));
965 printf("Subject's domain name is %s\n", store->domain);
967 if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
968 printf("Overriding cert date error as example for bad clock testing\n");
971 printf("Cert error is not date error, not overriding\n");
979 static INLINE void CRL_CallBack(const char* url)
981 printf("CRL callback url = %s\n", url);
987 static INLINE void SetDH(WOLFSSL* ssl)
990 static unsigned char p[] =
992 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
993 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
994 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
995 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
996 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
997 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
998 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
999 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1000 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1001 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1002 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1006 static unsigned char g[] =
1011 wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
1014 static INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
1017 static unsigned char p[] =
1019 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
1020 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
1021 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
1022 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
1023 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
1024 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
1025 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
1026 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1027 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1028 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1029 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1033 static unsigned char g[] =
1038 wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
1044 static INLINE void CaCb(unsigned char* der, int sz, int type)
1047 printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
1050 #endif /* !NO_CERTS */
1054 static INLINE int OpenNitroxDevice(int dma_mode,int dev_id)
1056 Csp1CoreAssignment core_assign;
1059 if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
1061 if (Csp1GetDevType(&device))
1063 if (device != NPX_DEVICE) {
1064 if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
1065 (Uint32 *)&core_assign)!= 0)
1068 CspShutdown(CAVIUM_DEV_ID);
1070 return CspInitialize(dma_mode, dev_id);
1073 #endif /* HAVE_CAVIUM */
1076 #ifdef USE_WINDOWS_API
1078 /* do back x number of directories */
1079 static INLINE void ChangeDirBack(int x)
1081 char path[MAX_PATH];
1084 strncpy(path, "..\\", MAX_PATH);
1086 strncpy(path, "..\\..\\", MAX_PATH);
1088 strncpy(path, "..\\..\\..\\", MAX_PATH);
1090 strncpy(path, "..\\..\\..\\..\\", MAX_PATH);
1092 strncpy(path, ".\\", MAX_PATH);
1094 SetCurrentDirectoryA(path);
1097 /* does current dir contain str */
1098 static INLINE int CurrentDir(const char* str)
1100 char path[MAX_PATH];
1103 GetCurrentDirectoryA(sizeof(path), path);
1105 baseName = strrchr(path, '\\');
1111 if (strstr(baseName, str))
1117 #elif defined(WOLFSSL_MDK_ARM)
1118 /* KEIL-RL File System does not support relative directry */
1119 #elif defined(WOLFSSL_TIRTOS)
1123 #define MAX_PATH 256
1126 /* do back x number of directories */
1127 static INLINE void ChangeDirBack(int x)
1129 char path[MAX_PATH];
1132 strncpy(path, "../", MAX_PATH);
1134 strncpy(path, "../../", MAX_PATH);
1136 strncpy(path, "../../../", MAX_PATH);
1138 strncpy(path, "../../../../", MAX_PATH);
1140 strncpy(path, "./", MAX_PATH);
1142 if (chdir(path) < 0)
1143 printf("chdir to %s failed\n", path);
1146 /* does current dir contain str */
1147 static INLINE int CurrentDir(const char* str)
1149 char path[MAX_PATH];
1152 if (getcwd(path, sizeof(path)) == NULL) {
1153 printf("no current dir?\n");
1157 baseName = strrchr(path, '/');
1163 if (strstr(baseName, str))
1169 #endif /* USE_WINDOWS_API */
1172 #ifdef USE_WOLFSSL_MEMORY
1174 typedef struct memoryStats {
1175 size_t totalAllocs; /* number of allocations */
1176 size_t totalBytes; /* total number of bytes allocated */
1177 size_t peakBytes; /* concurrent max bytes */
1178 size_t currentBytes; /* total current bytes in use */
1181 typedef struct memHint {
1182 size_t thisSize; /* size of this memory */
1183 void* thisMemory; /* actual memory for user */
1186 typedef struct memoryTrack {
1189 byte alignit[16]; /* make sure we have strong alignment */
1193 #if defined(WOLFSSL_TRACK_MEMORY)
1194 #define DO_MEM_STATS
1195 static memoryStats ourMemStats;
1198 static INLINE void* TrackMalloc(size_t sz)
1205 mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
1209 mt->u.hint.thisSize = sz;
1210 mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack);
1213 ourMemStats.totalAllocs++;
1214 ourMemStats.totalBytes += sz;
1215 ourMemStats.currentBytes += sz;
1216 if (ourMemStats.currentBytes > ourMemStats.peakBytes)
1217 ourMemStats.peakBytes = ourMemStats.currentBytes;
1220 return mt->u.hint.thisMemory;
1224 static INLINE void TrackFree(void* ptr)
1231 mt = (memoryTrack*)ptr;
1232 --mt; /* same as minus sizeof(memoryTrack), removes header */
1235 ourMemStats.currentBytes -= mt->u.hint.thisSize;
1242 static INLINE void* TrackRealloc(void* ptr, size_t sz)
1244 void* ret = TrackMalloc(sz);
1247 /* if realloc is bigger, don't overread old ptr */
1248 memoryTrack* mt = (memoryTrack*)ptr;
1249 --mt; /* same as minus sizeof(memoryTrack), removes header */
1251 if (mt->u.hint.thisSize < sz)
1252 sz = mt->u.hint.thisSize;
1256 memcpy(ret, ptr, sz);
1264 static INLINE void InitMemoryTracker(void)
1266 if (wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0)
1267 err_sys("wolfSSL SetAllocators failed for track memory");
1270 ourMemStats.totalAllocs = 0;
1271 ourMemStats.totalBytes = 0;
1272 ourMemStats.peakBytes = 0;
1273 ourMemStats.currentBytes = 0;
1277 static INLINE void ShowMemoryTracker(void)
1280 printf("total Allocs = %9lu\n",
1281 (unsigned long)ourMemStats.totalAllocs);
1282 printf("total Bytes = %9lu\n",
1283 (unsigned long)ourMemStats.totalBytes);
1284 printf("peak Bytes = %9lu\n",
1285 (unsigned long)ourMemStats.peakBytes);
1286 printf("current Bytes = %9lu\n",
1287 (unsigned long)ourMemStats.currentBytes);
1291 #endif /* USE_WOLFSSL_MEMORY */
1294 #ifdef HAVE_STACK_SIZE
1296 typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
1299 static INLINE void StackSizeCheck(func_args* args, thread_func tf)
1302 unsigned char* myStack;
1303 int stackSize = 1024*128;
1304 pthread_attr_t myAttr;
1307 #ifdef PTHREAD_STACK_MIN
1308 if (stackSize < PTHREAD_STACK_MIN)
1309 stackSize = PTHREAD_STACK_MIN;
1312 ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
1314 err_sys("posix_memalign failed\n");
1316 memset(myStack, 0x01, stackSize);
1318 ret = pthread_attr_init(&myAttr);
1320 err_sys("attr_init failed");
1322 ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
1324 err_sys("attr_setstackaddr failed");
1326 ret = pthread_create(&threadId, &myAttr, tf, args);
1328 perror("pthread_create failed");
1332 ret = pthread_join(threadId, NULL);
1334 err_sys("pthread_join failed");
1336 for (i = 0; i < stackSize; i++) {
1337 if (myStack[i] != 0x01) {
1342 used = stackSize - i;
1343 printf("stack used = %d\n", used);
1347 #endif /* HAVE_STACK_SIZE */
1353 --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
1357 #ifdef HAVE_STACK_SIZE
1358 /* client only for now, setrlimit will fail if pthread_create() called */
1359 /* STACK_SIZE does pthread_create() on client */
1360 #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
1361 #endif /* HAVE_STACK_SIZE */
1363 static INLINE void StackTrap(void)
1366 if (getrlimit(RLIMIT_STACK, &rl) != 0)
1367 err_sys("getrlimit failed");
1368 printf("rlim_cur = %llu\n", rl.rlim_cur);
1369 rl.rlim_cur = 1024*21; /* adjust trap size here */
1370 if (setrlimit(RLIMIT_STACK, &rl) != 0) {
1371 perror("setrlimit");
1372 err_sys("setrlimit failed");
1376 #else /* STACK_TRAP */
1378 static INLINE void StackTrap(void)
1382 #endif /* STACK_TRAP */
1387 /* Atomic Encrypt Context example */
1388 typedef struct AtomicEncCtx {
1389 int keySetup; /* have we done key setup yet */
1390 Aes aes; /* for aes example */
1394 /* Atomic Decrypt Context example */
1395 typedef struct AtomicDecCtx {
1396 int keySetup; /* have we done key setup yet */
1397 Aes aes; /* for aes example */
1401 static INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
1402 const unsigned char* macIn, unsigned int macInSz, int macContent,
1403 int macVerify, unsigned char* encOut, const unsigned char* encIn,
1404 unsigned int encSz, void* ctx)
1408 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
1409 AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
1410 const char* tlsStr = "TLS";
1412 /* example supports (d)tls aes */
1413 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
1414 printf("myMacEncryptCb not using AES\n");
1418 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
1419 printf("myMacEncryptCb not using (D)TLS\n");
1423 /* hmac, not needed if aead mode */
1424 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
1426 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
1427 wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
1430 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
1433 ret = wc_HmacUpdate(&hmac, macIn, macInSz);
1436 ret = wc_HmacFinal(&hmac, macOut);
1441 /* encrypt setup on first time */
1442 if (encCtx->keySetup == 0) {
1443 int keyLen = wolfSSL_GetKeySize(ssl);
1447 if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
1448 key = wolfSSL_GetClientWriteKey(ssl);
1449 iv = wolfSSL_GetClientWriteIV(ssl);
1452 key = wolfSSL_GetServerWriteKey(ssl);
1453 iv = wolfSSL_GetServerWriteIV(ssl);
1456 ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
1458 printf("AesSetKey failed in myMacEncryptCb\n");
1461 encCtx->keySetup = 1;
1465 return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
1469 static INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
1470 unsigned char* decOut, const unsigned char* decIn,
1471 unsigned int decSz, int macContent, int macVerify,
1472 unsigned int* padSz, void* ctx)
1474 AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
1478 int digestSz = wolfSSL_GetHmacSize(ssl);
1479 unsigned int pad = 0;
1480 unsigned int padByte = 0;
1482 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
1483 byte verify[MAX_DIGEST_SIZE];
1484 const char* tlsStr = "TLS";
1486 /* example supports (d)tls aes */
1487 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
1488 printf("myMacEncryptCb not using AES\n");
1492 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
1493 printf("myMacEncryptCb not using (D)TLS\n");
1498 if (decCtx->keySetup == 0) {
1499 int keyLen = wolfSSL_GetKeySize(ssl);
1503 /* decrypt is from other side (peer) */
1504 if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
1505 key = wolfSSL_GetClientWriteKey(ssl);
1506 iv = wolfSSL_GetClientWriteIV(ssl);
1509 key = wolfSSL_GetServerWriteKey(ssl);
1510 iv = wolfSSL_GetServerWriteIV(ssl);
1513 ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
1515 printf("AesSetKey failed in myDecryptVerifyCb\n");
1518 decCtx->keySetup = 1;
1522 ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
1524 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
1525 *padSz = wolfSSL_GetAeadMacSize(ssl);
1526 return 0; /* hmac, not needed if aead mode */
1529 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
1530 pad = *(decOut + decSz - 1);
1532 if (wolfSSL_IsTLSv1_1(ssl))
1533 ivExtra = wolfSSL_GetCipherBlockSize(ssl);
1536 *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
1537 macInSz = decSz - ivExtra - digestSz - pad - padByte;
1539 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
1541 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
1542 wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
1545 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
1548 ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
1551 ret = wc_HmacFinal(&hmac, verify);
1555 if (memcmp(verify, decOut + decSz - digestSz - pad - padByte,
1557 printf("myDecryptVerify verify failed\n");
1565 static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
1567 AtomicEncCtx* encCtx;
1568 AtomicDecCtx* decCtx;
1570 encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
1572 err_sys("AtomicEncCtx malloc failed");
1573 memset(encCtx, 0, sizeof(AtomicEncCtx));
1575 decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
1576 if (decCtx == NULL) {
1578 err_sys("AtomicDecCtx malloc failed");
1580 memset(decCtx, 0, sizeof(AtomicDecCtx));
1582 wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
1583 wolfSSL_SetMacEncryptCtx(ssl, encCtx);
1585 wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
1586 wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
1590 static INLINE void FreeAtomicUser(WOLFSSL* ssl)
1592 AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl);
1593 AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl);
1599 #endif /* ATOMIC_USER */
1602 #ifdef HAVE_PK_CALLBACKS
1606 static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
1607 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
1617 ret = wc_InitRng(&rng);
1621 wc_ecc_init(&myKey);
1623 ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
1625 ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
1626 wc_ecc_free(&myKey);
1633 static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
1634 const byte* hash, word32 hashSz, const byte* key, word32 keySz,
1635 int* result, void* ctx)
1643 wc_ecc_init(&myKey);
1645 ret = wc_ecc_import_x963(key, keySz, &myKey);
1647 ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
1648 wc_ecc_free(&myKey);
1653 #endif /* HAVE_ECC */
1657 static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
1658 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
1668 ret = wc_InitRng(&rng);
1672 wc_InitRsaKey(&myKey, NULL);
1674 ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
1676 ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
1677 if (ret > 0) { /* save and convert to 0 success */
1681 wc_FreeRsaKey(&myKey);
1688 static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
1690 const byte* key, word32 keySz,
1700 wc_InitRsaKey(&myKey, NULL);
1702 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
1704 ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
1705 wc_FreeRsaKey(&myKey);
1711 static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
1712 byte* out, word32* outSz, const byte* key,
1713 word32 keySz, void* ctx)
1723 ret = wc_InitRng(&rng);
1727 wc_InitRsaKey(&myKey, NULL);
1729 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
1731 ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
1734 ret = 0; /* reset to success */
1737 wc_FreeRsaKey(&myKey);
1743 static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
1745 const byte* key, word32 keySz, void* ctx)
1754 wc_InitRsaKey(&myKey, NULL);
1756 ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
1758 ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
1760 wc_FreeRsaKey(&myKey);
1767 static INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
1773 wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
1774 wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
1775 #endif /* HAVE_ECC */
1777 wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
1778 wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
1779 wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
1780 wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
1784 #endif /* HAVE_PK_CALLBACKS */
1790 #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
1791 || defined(_MSC_VER)
1793 /* HP/UX doesn't have strsep, needed by test/suites.c */
1794 static INLINE char* strsep(char **stringp, const char *delim)
1803 if ((end = strpbrk(start, delim))) {
1813 #endif /* __hpux__ and others */
1815 /* Create unique filename, len is length of tempfn name, assuming
1816 len does not include null terminating character,
1817 num is number of characters in tempfn name to randomize */
1818 static INLINE const char* mymktemp(char *tempfn, int len, int num)
1821 static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1822 "abcdefghijklmnopqrstuvwxyz";
1826 if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
1827 printf("Bad input\n");
1833 if (wc_InitRng(&rng) != 0) {
1834 printf("InitRng failed\n");
1838 for (x = size; x > size - num; x--) {
1839 if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
1840 printf("RNG_GenerateBlock failed\n");
1843 tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
1854 #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
1855 defined(HAVE_POLY1305)
1857 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
1859 typedef struct key_ctx {
1860 byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
1861 byte key[16]; /* cipher key */
1864 static key_ctx myKey_ctx;
1867 static INLINE int TicketInit(void)
1869 int ret = wc_InitRng(&rng);
1870 if (ret != 0) return ret;
1872 ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
1873 if (ret != 0) return ret;
1875 ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
1876 if (ret != 0) return ret;
1881 static INLINE void TicketCleanup(void)
1886 static INLINE int myTicketEncCb(WOLFSSL* ssl,
1887 byte key_name[WOLFSSL_TICKET_NAME_SZ],
1888 byte iv[WOLFSSL_TICKET_IV_SZ],
1889 byte mac[WOLFSSL_TICKET_MAC_SZ],
1890 int enc, byte* ticket, int inLen, int* outLen,
1897 word16 sLen = htons(inLen);
1898 byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
1899 int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
1903 XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
1905 ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
1906 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
1908 /* build aad from key name, iv, and length */
1909 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
1910 tmp += WOLFSSL_TICKET_NAME_SZ;
1911 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
1912 tmp += WOLFSSL_TICKET_IV_SZ;
1913 XMEMCPY(tmp, &sLen, 2);
1915 ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
1920 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
1921 *outLen = inLen; /* no padding in this mode */
1925 /* see if we know this key */
1926 if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
1927 printf("client presented unknown ticket key name ");
1928 return WOLFSSL_TICKET_RET_FATAL;
1931 /* build aad from key name, iv, and length */
1932 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
1933 tmp += WOLFSSL_TICKET_NAME_SZ;
1934 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
1935 tmp += WOLFSSL_TICKET_IV_SZ;
1936 XMEMCPY(tmp, &sLen, 2);
1938 ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
1943 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
1944 *outLen = inLen; /* no padding in this mode */
1947 return WOLFSSL_TICKET_RET_OK;
1950 #endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
1952 #endif /* wolfSSL_TEST_H */
projects / freertos / blob