mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 09:55:32 +00:00
Merge changes to config examples and configuration issues
This commit is contained in:
commit
2a45d1c8bb
|
@ -16,6 +16,8 @@ Features
|
||||||
* Support for parsing and verifying RSASSA-PSS signatures in the X.509
|
* Support for parsing and verifying RSASSA-PSS signatures in the X.509
|
||||||
modules (certificates, CRLs and CSRs).
|
modules (certificates, CRLs and CSRs).
|
||||||
* Blowfish in the cipher layer now supports variable length keys.
|
* Blowfish in the cipher layer now supports variable length keys.
|
||||||
|
* Add example config.h for PSK with CCM, optimized for low RAM usage.
|
||||||
|
* Optimize for RAM usage in example config.h for NSA Suite B profile.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is
|
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is
|
||||||
|
|
55
configs/config-ccm-psk-tls1_2.h
Normal file
55
configs/config-ccm-psk-tls1_2.h
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
/*
|
||||||
|
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
|
||||||
|
* Distinguishing features:
|
||||||
|
* - no bignum, no PK, no X509
|
||||||
|
* - fully modern and secure (provided the pre-shared keys have high entropy)
|
||||||
|
* - very low record overhead if using the CCM-8 suites
|
||||||
|
* - optimized for low RAM usage
|
||||||
|
*
|
||||||
|
* See README.txt for usage instructions.
|
||||||
|
*/
|
||||||
|
#ifndef POLARSSL_CONFIG_H
|
||||||
|
#define POLARSSL_CONFIG_H
|
||||||
|
|
||||||
|
/* System support */
|
||||||
|
//#define POLARSSL_HAVE_IPV6 /* Optional */
|
||||||
|
//#define POLARSSL_HAVE_TIME /* Optionnaly used in Hello messages */
|
||||||
|
/* Other POLARSSL_HAVE_XXX flags irrelevant for this configuration */
|
||||||
|
|
||||||
|
/* PolarSSL feature support */
|
||||||
|
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
|
||||||
|
#define POLARSSL_SSL_PROTO_TLS1_2
|
||||||
|
|
||||||
|
/* PolarSSL modules */
|
||||||
|
#define POLARSSL_AES_C
|
||||||
|
#define POLARSSL_CCM_C
|
||||||
|
#define POLARSSL_CIPHER_C
|
||||||
|
#define POLARSSL_CTR_DRBG_C
|
||||||
|
#define POLARSSL_ENTROPY_C
|
||||||
|
#define POLARSSL_MD_C
|
||||||
|
#define POLARSSL_NET_C
|
||||||
|
#define POLARSSL_SHA256_C
|
||||||
|
#define POLARSSL_SSL_CLI_C
|
||||||
|
#define POLARSSL_SSL_SRV_C
|
||||||
|
#define POLARSSL_SSL_TLS_C
|
||||||
|
|
||||||
|
/* Save RAM at the expense of ROM */
|
||||||
|
#define POLARSSL_AES_ROM_TABLES
|
||||||
|
|
||||||
|
/*
|
||||||
|
* You should adjust this to the exact number of sources you're using: default
|
||||||
|
* is the "platform_entropy_poll" source, but you may want to add other ones
|
||||||
|
* Minimum is 2 for the entropy test suite.
|
||||||
|
*/
|
||||||
|
#define ENTROPY_MAX_SOURCES 2
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Save RAM at the expense of interoperability: do this only if you control
|
||||||
|
* both ends of the connection! (See coments in "polarssl/ssl.h".)
|
||||||
|
* The optimal size here depends on the typical size of records.
|
||||||
|
*/
|
||||||
|
#define SSL_MAX_CONTENT_LEN 512
|
||||||
|
|
||||||
|
#include "check_config.h"
|
||||||
|
|
||||||
|
#endif /* POLARSSL_CONFIG_H */
|
53
configs/config-picocoin.h
Normal file
53
configs/config-picocoin.h
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
/*
|
||||||
|
* Reduced configuration used by Picocoin.
|
||||||
|
*
|
||||||
|
* See README.txt for usage instructions.
|
||||||
|
*
|
||||||
|
* Distinguishing features:
|
||||||
|
* - no SSL/TLS;
|
||||||
|
* - no X.509;
|
||||||
|
* - ECDSA/PK and some other chosen crypto bits.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef POLARSSL_CONFIG_H
|
||||||
|
#define POLARSSL_CONFIG_H
|
||||||
|
|
||||||
|
/* System support */
|
||||||
|
#define POLARSSL_HAVE_LONGLONG
|
||||||
|
#define POLARSSL_HAVE_ASM
|
||||||
|
#define POLARSSL_HAVE_TIME
|
||||||
|
#define POLARSSL_HAVE_IPV6
|
||||||
|
|
||||||
|
/* PolarSSL feature support */
|
||||||
|
#define POLARSSL_CIPHER_MODE_CBC
|
||||||
|
#define POLARSSL_CIPHER_PADDING_PKCS7
|
||||||
|
#define POLARSSL_ECP_DP_SECP256K1_ENABLED
|
||||||
|
#define POLARSSL_ECDSA_DETERMINISTIC
|
||||||
|
#define POLARSSL_PK_PARSE_EC_EXTENDED
|
||||||
|
#define POLARSSL_ERROR_STRERROR_DUMMY
|
||||||
|
#define POLARSSL_FS_IO
|
||||||
|
|
||||||
|
/* PolarSSL modules */
|
||||||
|
#define POLARSSL_AESNI_C
|
||||||
|
#define POLARSSL_AES_C
|
||||||
|
#define POLARSSL_ASN1_PARSE_C
|
||||||
|
#define POLARSSL_ASN1_WRITE_C
|
||||||
|
#define POLARSSL_BASE64_C
|
||||||
|
#define POLARSSL_BIGNUM_C
|
||||||
|
#define POLARSSL_ECDSA_C
|
||||||
|
#define POLARSSL_ECP_C
|
||||||
|
#define POLARSSL_ENTROPY_C
|
||||||
|
#define POLARSSL_HMAC_DRBG_C
|
||||||
|
#define POLARSSL_MD_C
|
||||||
|
#define POLARSSL_OID_C
|
||||||
|
#define POLARSSL_PADLOCK_C
|
||||||
|
#define POLARSSL_PK_C
|
||||||
|
#define POLARSSL_PK_PARSE_C
|
||||||
|
#define POLARSSL_PK_WRITE_C
|
||||||
|
#define POLARSSL_RIPEMD160_C
|
||||||
|
#define POLARSSL_SHA1_C
|
||||||
|
#define POLARSSL_SHA256_C
|
||||||
|
|
||||||
|
#include "check_config.h"
|
||||||
|
|
||||||
|
#endif /* POLARSSL_CONFIG_H */
|
|
@ -2,15 +2,19 @@
|
||||||
* Custom compact configuration for TLS 1.0 with PSK and RC4
|
* Custom compact configuration for TLS 1.0 with PSK and RC4
|
||||||
* Distinguishing features: no bignum, no PK, no X509.
|
* Distinguishing features: no bignum, no PK, no X509.
|
||||||
*
|
*
|
||||||
|
* WARNING: RC4 is in the process of being deprecated!
|
||||||
|
* This configuration is kept for testing purposes only, DO NOT USE it!
|
||||||
|
* For a safe and lean PSK-based configuration, see config-ccm-psk-tls1_2.h
|
||||||
|
*
|
||||||
* See README.txt for usage instructions.
|
* See README.txt for usage instructions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef POLARSSL_CONFIG_H
|
#ifndef POLARSSL_CONFIG_H
|
||||||
#define POLARSSL_CONFIG_H
|
#define POLARSSL_CONFIG_H
|
||||||
|
|
||||||
/* System support */
|
/* System support */
|
||||||
#define POLARSSL_HAVE_TIME
|
//#define POLARSSL_HAVE_IPV6 /* Optional */
|
||||||
#define POLARSSL_HAVE_IPV6
|
//#define POLARSSL_HAVE_TIME /* Optionnaly used in Hello messages */
|
||||||
|
/* Other POLARSSL_HAVE_XXX flags irrelevant for this configuration */
|
||||||
|
|
||||||
/* PolarSSL feature support */
|
/* PolarSSL feature support */
|
||||||
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
|
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
|
||||||
|
@ -19,15 +23,12 @@
|
||||||
/* PolarSSL modules */
|
/* PolarSSL modules */
|
||||||
#define POLARSSL_AES_C
|
#define POLARSSL_AES_C
|
||||||
#define POLARSSL_ARC4_C
|
#define POLARSSL_ARC4_C
|
||||||
#define POLARSSL_ASN1_PARSE_C
|
|
||||||
#define POLARSSL_ASN1_WRITE_C
|
|
||||||
#define POLARSSL_CIPHER_C
|
#define POLARSSL_CIPHER_C
|
||||||
#define POLARSSL_CTR_DRBG_C
|
#define POLARSSL_CTR_DRBG_C
|
||||||
#define POLARSSL_ENTROPY_C
|
#define POLARSSL_ENTROPY_C
|
||||||
#define POLARSSL_MD_C
|
#define POLARSSL_MD_C
|
||||||
#define POLARSSL_MD5_C
|
#define POLARSSL_MD5_C
|
||||||
#define POLARSSL_NET_C
|
#define POLARSSL_NET_C
|
||||||
#define POLARSSL_OID_C
|
|
||||||
#define POLARSSL_SHA1_C
|
#define POLARSSL_SHA1_C
|
||||||
#define POLARSSL_SHA256_C
|
#define POLARSSL_SHA256_C
|
||||||
#define POLARSSL_SSL_CLI_C
|
#define POLARSSL_SSL_CLI_C
|
||||||
|
|
|
@ -1,6 +1,14 @@
|
||||||
/*
|
/*
|
||||||
* Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
|
* Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
|
||||||
*
|
*
|
||||||
|
* Distinguishing features:
|
||||||
|
* - no RSA or classic DH, fully based on ECC
|
||||||
|
* - optimized for low RAM usage
|
||||||
|
*
|
||||||
|
* Possible improvements:
|
||||||
|
* - if 128-bit security is enough, disable secp384r1 and SHA-512
|
||||||
|
* - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
|
||||||
|
*
|
||||||
* See README.txt for usage instructions.
|
* See README.txt for usage instructions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -48,8 +56,34 @@
|
||||||
#define POLARSSL_CERTS_C
|
#define POLARSSL_CERTS_C
|
||||||
#define POLARSSL_PEM_PARSE_C
|
#define POLARSSL_PEM_PARSE_C
|
||||||
|
|
||||||
/* For testing with compat.sh */
|
/* Save RAM at the expense of ROM */
|
||||||
#define POLARSSL_FS_IO
|
#define POLARSSL_AES_ROM_TABLES
|
||||||
|
|
||||||
|
/* Save RAM by adjusting to our exact needs */
|
||||||
|
#define POLARSSL_ECP_MAX_BITS 384
|
||||||
|
#define POLARSSL_MPI_MAX_SIZE 48 // 384 bits is 48 bytes
|
||||||
|
|
||||||
|
/* Save RAM at the expense of speed, see ecp.h */
|
||||||
|
#define POLARSSL_ECP_WINDOW_SIZE 2
|
||||||
|
#define POLARSSL_ECP_FIXED_POINT_OPTIM 0
|
||||||
|
|
||||||
|
/* Uncomment for a significant speed benefit at the expense of some ROM */
|
||||||
|
//#define POLARSSL_ECP_NIST_OPTIM
|
||||||
|
|
||||||
|
/*
|
||||||
|
* You should adjust this to the exact number of sources you're using: default
|
||||||
|
* is the "platform_entropy_poll" source, but you may want to add other ones.
|
||||||
|
* Minimum is 2 for the entropy test suite.
|
||||||
|
*/
|
||||||
|
#define ENTROPY_MAX_SOURCES 2
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Save RAM at the expense of interoperability: do this only if you control
|
||||||
|
* both ends of the connection! (See coments in "polarssl/ssl.h".)
|
||||||
|
* The minimum size here depends on the certificate chain used as well as the
|
||||||
|
* typical size of records.
|
||||||
|
*/
|
||||||
|
#define SSL_MAX_CONTENT_LEN 1024
|
||||||
|
|
||||||
#include "polarssl/check_config.h"
|
#include "polarssl/check_config.h"
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
#include POLARSSL_CONFIG_FILE
|
#include POLARSSL_CONFIG_FILE
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
|
||||||
#define POLARSSL_CIPHER_MODE_AEAD
|
#define POLARSSL_CIPHER_MODE_AEAD
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -534,25 +534,21 @@ int cipher_set_iv( cipher_context_t *ctx,
|
||||||
*/
|
*/
|
||||||
int cipher_reset( cipher_context_t *ctx );
|
int cipher_reset( cipher_context_t *ctx );
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
/**
|
/**
|
||||||
* \brief Add additional data (for AEAD ciphers).
|
* \brief Add additional data (for AEAD ciphers).
|
||||||
* This function has no effect for non-AEAD ciphers.
|
* Currently only supported with GCM.
|
||||||
* For AEAD ciphers, it may or may not be called
|
* Must be called exactly once, after cipher_reset().
|
||||||
* repeatedly, and/or interleaved with calls to
|
|
||||||
* cipher_udpate(), depending on the cipher.
|
|
||||||
* E.g. for GCM is must be called exactly once, right
|
|
||||||
* after cipher_reset().
|
|
||||||
*
|
*
|
||||||
* \param ctx generic cipher context
|
* \param ctx generic cipher context
|
||||||
* \param ad Additional data to use.
|
* \param ad Additional data to use.
|
||||||
* \param ad_len Length of ad.
|
* \param ad_len Length of ad.
|
||||||
*
|
*
|
||||||
* \returns 0 on success, or a specific error code.
|
* \return 0 on success, or a specific error code.
|
||||||
*/
|
*/
|
||||||
int cipher_update_ad( cipher_context_t *ctx,
|
int cipher_update_ad( cipher_context_t *ctx,
|
||||||
const unsigned char *ad, size_t ad_len );
|
const unsigned char *ad, size_t ad_len );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Generic cipher update function. Encrypts/decrypts
|
* \brief Generic cipher update function. Encrypts/decrypts
|
||||||
|
@ -606,10 +602,10 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input,
|
||||||
int cipher_finish( cipher_context_t *ctx,
|
int cipher_finish( cipher_context_t *ctx,
|
||||||
unsigned char *output, size_t *olen );
|
unsigned char *output, size_t *olen );
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
/**
|
/**
|
||||||
* \brief Write tag for AEAD ciphers.
|
* \brief Write tag for AEAD ciphers.
|
||||||
* No effect for other ciphers.
|
* Currently only supported with GCM.
|
||||||
* Must be called after cipher_finish().
|
* Must be called after cipher_finish().
|
||||||
*
|
*
|
||||||
* \param ctx Generic cipher context
|
* \param ctx Generic cipher context
|
||||||
|
@ -623,9 +619,8 @@ int cipher_write_tag( cipher_context_t *ctx,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Check tag for AEAD ciphers.
|
* \brief Check tag for AEAD ciphers.
|
||||||
* No effect for other ciphers.
|
* Currently only supported with GCM.
|
||||||
* Calling time depends on the cipher:
|
* Must be called after cipher_finish().
|
||||||
* for GCM, must be called after cipher_finish().
|
|
||||||
*
|
*
|
||||||
* \param ctx Generic cipher context
|
* \param ctx Generic cipher context
|
||||||
* \param tag Buffer holding the tag
|
* \param tag Buffer holding the tag
|
||||||
|
@ -635,7 +630,7 @@ int cipher_write_tag( cipher_context_t *ctx,
|
||||||
*/
|
*/
|
||||||
int cipher_check_tag( cipher_context_t *ctx,
|
int cipher_check_tag( cipher_context_t *ctx,
|
||||||
const unsigned char *tag, size_t tag_len );
|
const unsigned char *tag, size_t tag_len );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Generic all-in-one encryption/decryption
|
* \brief Generic all-in-one encryption/decryption
|
||||||
|
|
|
@ -234,24 +234,22 @@ int cipher_reset( cipher_context_t *ctx )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
int cipher_update_ad( cipher_context_t *ctx,
|
int cipher_update_ad( cipher_context_t *ctx,
|
||||||
const unsigned char *ad, size_t ad_len )
|
const unsigned char *ad, size_t ad_len )
|
||||||
{
|
{
|
||||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||||
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C)
|
|
||||||
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
||||||
{
|
{
|
||||||
return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
|
return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
|
||||||
ctx->iv, ctx->iv_size, ad, ad_len );
|
ctx->iv, ctx->iv_size, ad, ad_len );
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
|
||||||
int cipher_update( cipher_context_t *ctx, const unsigned char *input,
|
int cipher_update( cipher_context_t *ctx, const unsigned char *input,
|
||||||
size_t ilen, unsigned char *output, size_t *olen )
|
size_t ilen, unsigned char *output, size_t *olen )
|
||||||
|
@ -724,7 +722,7 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
|
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
int cipher_write_tag( cipher_context_t *ctx,
|
int cipher_write_tag( cipher_context_t *ctx,
|
||||||
unsigned char *tag, size_t tag_len )
|
unsigned char *tag, size_t tag_len )
|
||||||
{
|
{
|
||||||
|
@ -734,10 +732,8 @@ int cipher_write_tag( cipher_context_t *ctx,
|
||||||
if( POLARSSL_ENCRYPT != ctx->operation )
|
if( POLARSSL_ENCRYPT != ctx->operation )
|
||||||
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C)
|
|
||||||
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
||||||
return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
|
return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
|
||||||
#endif
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -753,7 +749,6 @@ int cipher_check_tag( cipher_context_t *ctx,
|
||||||
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C)
|
|
||||||
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
||||||
{
|
{
|
||||||
unsigned char check_tag[16];
|
unsigned char check_tag[16];
|
||||||
|
@ -778,11 +773,10 @@ int cipher_check_tag( cipher_context_t *ctx,
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_GCM_C */
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Packet-oriented wrapper for non-AEAD modes
|
* Packet-oriented wrapper for non-AEAD modes
|
||||||
|
|
|
@ -62,12 +62,12 @@
|
||||||
#define polarssl_free free
|
#define polarssl_free free
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_FS_IO)
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void polarssl_zeroize( void *v, size_t n ) {
|
static void polarssl_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_FS_IO)
|
|
||||||
/*
|
/*
|
||||||
* Load all data from a file into a given buffer.
|
* Load all data from a file into a given buffer.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1105,23 +1105,23 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#endif /* POLARSSL_SHA1_C */
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#if defined(POLARSSL_CCM_C)
|
#if defined(POLARSSL_CCM_C)
|
||||||
{ TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
|
{ TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
|
||||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
{ TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
|
{ TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
|
||||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||||
{ TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
|
{ TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
|
||||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
{ TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
|
{ TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
|
||||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||||
|
@ -1241,23 +1241,23 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#endif /* POLARSSL_SHA1_C */
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#if defined(POLARSSL_CCM_C)
|
#if defined(POLARSSL_CCM_C)
|
||||||
{ TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
|
{ TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
|
||||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
{ TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
|
{ TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
|
||||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||||
{ TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
|
{ TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
|
||||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
{ TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
|
{ TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
|
||||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||||
|
|
|
@ -148,8 +148,10 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
||||||
size_t *olen )
|
size_t *olen )
|
||||||
{
|
{
|
||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
unsigned char *sig_alg_list = buf + 6;
|
|
||||||
size_t sig_alg_len = 0;
|
size_t sig_alg_len = 0;
|
||||||
|
#if defined(POLARSSL_RSA_C) || defined(POLARSSL_ECDSA_C)
|
||||||
|
unsigned char *sig_alg_list = buf + 6;
|
||||||
|
#endif
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
|
|
|
@ -63,8 +63,13 @@ int main( int argc, char *argv[] )
|
||||||
#define DFL_FILENAME "keyfile.key"
|
#define DFL_FILENAME "keyfile.key"
|
||||||
#define DFL_DEBUG_LEVEL 0
|
#define DFL_DEBUG_LEVEL 0
|
||||||
#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
|
#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
|
||||||
|
#if defined(POLARSSL_PEM_WRITE_C)
|
||||||
#define DFL_OUTPUT_FILENAME "keyfile.pem"
|
#define DFL_OUTPUT_FILENAME "keyfile.pem"
|
||||||
#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
|
#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
|
||||||
|
#else
|
||||||
|
#define DFL_OUTPUT_FILENAME "keyfile.der"
|
||||||
|
#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* global options
|
* global options
|
||||||
|
@ -88,6 +93,7 @@ static int write_public_key( pk_context *key, const char *output_file )
|
||||||
|
|
||||||
memset(output_buf, 0, 16000);
|
memset(output_buf, 0, 16000);
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PEM_WRITE_C)
|
||||||
if( opt.output_format == OUTPUT_FORMAT_PEM )
|
if( opt.output_format == OUTPUT_FORMAT_PEM )
|
||||||
{
|
{
|
||||||
if( ( ret = pk_write_pubkey_pem( key, output_buf, 16000 ) ) != 0 )
|
if( ( ret = pk_write_pubkey_pem( key, output_buf, 16000 ) ) != 0 )
|
||||||
|
@ -96,6 +102,7 @@ static int write_public_key( pk_context *key, const char *output_file )
|
||||||
len = strlen( (char *) output_buf );
|
len = strlen( (char *) output_buf );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
#endif
|
||||||
{
|
{
|
||||||
if( ( ret = pk_write_pubkey_der( key, output_buf, 16000 ) ) < 0 )
|
if( ( ret = pk_write_pubkey_der( key, output_buf, 16000 ) ) < 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -127,6 +134,8 @@ static int write_private_key( pk_context *key, const char *output_file )
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
|
||||||
memset(output_buf, 0, 16000);
|
memset(output_buf, 0, 16000);
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PEM_WRITE_C)
|
||||||
if( opt.output_format == OUTPUT_FORMAT_PEM )
|
if( opt.output_format == OUTPUT_FORMAT_PEM )
|
||||||
{
|
{
|
||||||
if( ( ret = pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
|
if( ( ret = pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
|
||||||
|
@ -135,6 +144,7 @@ static int write_private_key( pk_context *key, const char *output_file )
|
||||||
len = strlen( (char *) output_buf );
|
len = strlen( (char *) output_buf );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
#endif
|
||||||
{
|
{
|
||||||
if( ( ret = pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
|
if( ( ret = pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -157,14 +167,23 @@ static int write_private_key( pk_context *key, const char *output_file )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PEM_WRITE_C)
|
||||||
|
#define USAGE_OUT \
|
||||||
|
" output_file=%%s default: keyfile.pem\n" \
|
||||||
|
" output_format=pem|der default: pem\n"
|
||||||
|
#else
|
||||||
|
#define USAGE_OUT \
|
||||||
|
" output_file=%%s default: keyfile.der\n" \
|
||||||
|
" output_format=der default: der\n"
|
||||||
|
#endif
|
||||||
|
|
||||||
#define USAGE \
|
#define USAGE \
|
||||||
"\n usage: key_app param=<>...\n" \
|
"\n usage: key_app param=<>...\n" \
|
||||||
"\n acceptable parameters:\n" \
|
"\n acceptable parameters:\n" \
|
||||||
" mode=private|public default: none\n" \
|
" mode=private|public default: none\n" \
|
||||||
" filename=%%s default: keyfile.key\n" \
|
" filename=%%s default: keyfile.key\n" \
|
||||||
" output_mode=private|public default: none\n" \
|
" output_mode=private|public default: none\n" \
|
||||||
" output_file=%%s default: keyfile.pem\n" \
|
USAGE_OUT \
|
||||||
" output_format=pem|der default: pem\n" \
|
|
||||||
"\n"
|
"\n"
|
||||||
|
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
|
@ -222,9 +241,12 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "output_format" ) == 0 )
|
else if( strcmp( p, "output_format" ) == 0 )
|
||||||
{
|
{
|
||||||
|
#if defined(POLARSSL_PEM_WRITE_C)
|
||||||
if( strcmp( q, "pem" ) == 0 )
|
if( strcmp( q, "pem" ) == 0 )
|
||||||
opt.output_format = OUTPUT_FORMAT_PEM;
|
opt.output_format = OUTPUT_FORMAT_PEM;
|
||||||
else if( strcmp( q, "der" ) == 0 )
|
else
|
||||||
|
#endif
|
||||||
|
if( strcmp( q, "der" ) == 0 )
|
||||||
opt.output_format = OUTPUT_FORMAT_DER;
|
opt.output_format = OUTPUT_FORMAT_DER;
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
|
|
|
@ -29,6 +29,22 @@
|
||||||
#include POLARSSL_CONFIG_FILE
|
#include POLARSSL_CONFIG_FILE
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if !defined(POLARSSL_ENTROPY_C) || \
|
||||||
|
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
|
||||||
|
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
|
||||||
|
#include <stdio.h>
|
||||||
|
int main( int argc, char *argv[] )
|
||||||
|
{
|
||||||
|
((void) argc);
|
||||||
|
((void) argv);
|
||||||
|
|
||||||
|
printf("POLARSSL_ENTROPY_C and/or "
|
||||||
|
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
|
||||||
|
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
@ -304,20 +320,6 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
|
||||||
" force_ciphersuite=<name> default: all enabled\n"\
|
" force_ciphersuite=<name> default: all enabled\n"\
|
||||||
" acceptable ciphersuite names:\n"
|
" acceptable ciphersuite names:\n"
|
||||||
|
|
||||||
#if !defined(POLARSSL_ENTROPY_C) || \
|
|
||||||
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
|
|
||||||
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
|
|
||||||
int main( int argc, char *argv[] )
|
|
||||||
{
|
|
||||||
((void) argc);
|
|
||||||
((void) argv);
|
|
||||||
|
|
||||||
printf("POLARSSL_ENTROPY_C and/or "
|
|
||||||
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
|
|
||||||
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
int ret = 0, len, server_fd, i, written, frags;
|
int ret = 0, len, server_fd, i, written, frags;
|
||||||
|
|
|
@ -29,6 +29,22 @@
|
||||||
#include POLARSSL_CONFIG_FILE
|
#include POLARSSL_CONFIG_FILE
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if !defined(POLARSSL_ENTROPY_C) || \
|
||||||
|
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
|
||||||
|
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
|
||||||
|
#include <stdio.h>
|
||||||
|
int main( int argc, char *argv[] )
|
||||||
|
{
|
||||||
|
((void) argc);
|
||||||
|
((void) argv);
|
||||||
|
|
||||||
|
printf("POLARSSL_ENTROPY_C and/or "
|
||||||
|
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
|
||||||
|
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && defined(POLARSSL_FS_IO)
|
||||||
#define POLARSSL_SNI
|
#define POLARSSL_SNI
|
||||||
#endif
|
#endif
|
||||||
|
@ -312,21 +328,6 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
|
||||||
" force_ciphersuite=<name> default: all enabled\n" \
|
" force_ciphersuite=<name> default: all enabled\n" \
|
||||||
" acceptable ciphersuite names:\n"
|
" acceptable ciphersuite names:\n"
|
||||||
|
|
||||||
#if !defined(POLARSSL_ENTROPY_C) || \
|
|
||||||
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
|
|
||||||
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
|
|
||||||
int main( int argc, char *argv[] )
|
|
||||||
{
|
|
||||||
((void) argc);
|
|
||||||
((void) argv);
|
|
||||||
|
|
||||||
printf("POLARSSL_ENTROPY_C and/or "
|
|
||||||
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
|
|
||||||
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Used by sni_parse and psk_parse to handle coma-separated lists
|
* Used by sni_parse and psk_parse to handle coma-separated lists
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -16,7 +16,11 @@ my %configs = (
|
||||||
'config-mini-tls1_1.h'
|
'config-mini-tls1_1.h'
|
||||||
=> '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
|
=> '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
|
||||||
'config-suite-b.h'
|
'config-suite-b.h'
|
||||||
=> "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM'",
|
=> "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p PolarSSL",
|
||||||
|
'config-picocoin.h'
|
||||||
|
=> 0,
|
||||||
|
'config-ccm-psk-tls1_2.h'
|
||||||
|
=> '-m tls1_2 -f \'TLS-PSK.*AES.*CCM\'',
|
||||||
);
|
);
|
||||||
|
|
||||||
# If no config-name is provided, use all known configs.
|
# If no config-name is provided, use all known configs.
|
||||||
|
@ -59,10 +63,18 @@ while( my ($conf, $args) = each %configs ) {
|
||||||
|
|
||||||
system( "make" ) and abort "Failed to build: $conf\n";
|
system( "make" ) and abort "Failed to build: $conf\n";
|
||||||
system( "make $test" ) and abort "Failed test suite: $conf\n";
|
system( "make $test" ) and abort "Failed test suite: $conf\n";
|
||||||
|
|
||||||
|
if( $args )
|
||||||
|
{
|
||||||
print "\nrunning compat.sh $args\n";
|
print "\nrunning compat.sh $args\n";
|
||||||
system( "cd tests && ./compat.sh $args" )
|
system( "cd tests && ./compat.sh $args" )
|
||||||
and abort "Failed compat.sh: $conf\n";
|
and abort "Failed compat.sh: $conf\n";
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "\nskipping compat.sh\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||||
system( "make clean" );
|
system( "make clean" );
|
||||||
|
|
|
@ -60,7 +60,7 @@ void cipher_null_args( )
|
||||||
TEST_ASSERT( cipher_reset( NULL ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
TEST_ASSERT( cipher_reset( NULL ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
TEST_ASSERT( cipher_reset( &ctx ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
TEST_ASSERT( cipher_reset( &ctx ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( cipher_update_ad( NULL, buf, 0 )
|
TEST_ASSERT( cipher_update_ad( NULL, buf, 0 )
|
||||||
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
TEST_ASSERT( cipher_update_ad( &ctx, buf, 0 )
|
TEST_ASSERT( cipher_update_ad( &ctx, buf, 0 )
|
||||||
|
@ -77,7 +77,7 @@ void cipher_null_args( )
|
||||||
TEST_ASSERT( cipher_finish( &ctx, buf, &olen )
|
TEST_ASSERT( cipher_finish( &ctx, buf, &olen )
|
||||||
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( cipher_write_tag( NULL, buf, olen )
|
TEST_ASSERT( cipher_write_tag( NULL, buf, olen )
|
||||||
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
TEST_ASSERT( cipher_write_tag( &ctx, buf, olen )
|
TEST_ASSERT( cipher_write_tag( &ctx, buf, olen )
|
||||||
|
@ -157,10 +157,10 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
|
||||||
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
|
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
|
||||||
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
|
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
|
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
|
||||||
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
|
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
/* encode length number of bytes from inbuf */
|
/* encode length number of bytes from inbuf */
|
||||||
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
|
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
|
||||||
|
@ -174,9 +174,9 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
|
||||||
TEST_ASSERT( 0 == cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
|
TEST_ASSERT( 0 == cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
|
||||||
total_len += outlen;
|
total_len += outlen;
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( 0 == cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
|
TEST_ASSERT( 0 == cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
TEST_ASSERT( total_len == length ||
|
TEST_ASSERT( total_len == length ||
|
||||||
( total_len % cipher_get_block_size( &ctx_enc ) == 0 &&
|
( total_len % cipher_get_block_size( &ctx_enc ) == 0 &&
|
||||||
|
@ -195,9 +195,9 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
|
||||||
TEST_ASSERT( 0 == cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
|
TEST_ASSERT( 0 == cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
|
||||||
total_len += outlen;
|
total_len += outlen;
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( 0 == cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
|
TEST_ASSERT( 0 == cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
/* check result */
|
/* check result */
|
||||||
TEST_ASSERT( total_len == length );
|
TEST_ASSERT( total_len == length );
|
||||||
|
@ -250,9 +250,9 @@ void enc_fail( int cipher_id, int pad_mode, int key_len,
|
||||||
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
|
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
|
||||||
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, 16 ) );
|
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, 16 ) );
|
||||||
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
|
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( 0 == cipher_update_ad( &ctx, NULL, 0 ) );
|
TEST_ASSERT( 0 == cipher_update_ad( &ctx, NULL, 0 ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
/* encode length number of bytes from inbuf */
|
/* encode length number of bytes from inbuf */
|
||||||
TEST_ASSERT( 0 == cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
|
TEST_ASSERT( 0 == cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
|
||||||
|
@ -297,9 +297,9 @@ void dec_empty_buf()
|
||||||
|
|
||||||
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
|
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
|
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
/* decode 0-byte string */
|
/* decode 0-byte string */
|
||||||
TEST_ASSERT( 0 == cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
|
TEST_ASSERT( 0 == cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
|
||||||
|
@ -359,10 +359,10 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
|
||||||
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
|
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
|
||||||
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
|
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
|
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
|
||||||
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, NULL, 0 ) );
|
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, NULL, 0 ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
/* encode length number of bytes from inbuf */
|
/* encode length number of bytes from inbuf */
|
||||||
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
|
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
|
||||||
|
@ -416,7 +416,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
|
||||||
unsigned char ad[200];
|
unsigned char ad[200];
|
||||||
unsigned char tag[20];
|
unsigned char tag[20];
|
||||||
size_t key_len, iv_len, cipher_len, clear_len;
|
size_t key_len, iv_len, cipher_len, clear_len;
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
size_t ad_len, tag_len;
|
size_t ad_len, tag_len;
|
||||||
#endif
|
#endif
|
||||||
cipher_context_t ctx;
|
cipher_context_t ctx;
|
||||||
|
@ -435,7 +435,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
|
||||||
iv_len = unhexify( iv, hex_iv );
|
iv_len = unhexify( iv, hex_iv );
|
||||||
cipher_len = unhexify( cipher, hex_cipher );
|
cipher_len = unhexify( cipher, hex_cipher );
|
||||||
clear_len = unhexify( clear, hex_clear );
|
clear_len = unhexify( clear, hex_clear );
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
ad_len = unhexify( ad, hex_ad );
|
ad_len = unhexify( ad, hex_ad );
|
||||||
tag_len = unhexify( tag, hex_tag );
|
tag_len = unhexify( tag, hex_tag );
|
||||||
#else
|
#else
|
||||||
|
@ -455,9 +455,9 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
|
||||||
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
|
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
|
||||||
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, iv_len ) );
|
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, iv_len ) );
|
||||||
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
|
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( 0 == cipher_update_ad( &ctx, ad, ad_len ) );
|
TEST_ASSERT( 0 == cipher_update_ad( &ctx, ad, ad_len ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
/* decode buffer and check tag */
|
/* decode buffer and check tag */
|
||||||
total_len = 0;
|
total_len = 0;
|
||||||
|
@ -466,9 +466,9 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
|
||||||
TEST_ASSERT( finish_result == cipher_finish( &ctx, output + outlen,
|
TEST_ASSERT( finish_result == cipher_finish( &ctx, output + outlen,
|
||||||
&outlen ) );
|
&outlen ) );
|
||||||
total_len += outlen;
|
total_len += outlen;
|
||||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
#if defined(POLARSSL_GCM_C)
|
||||||
TEST_ASSERT( tag_result == cipher_check_tag( &ctx, tag, tag_len ) );
|
TEST_ASSERT( tag_result == cipher_check_tag( &ctx, tag, tag_len ) );
|
||||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
#endif
|
||||||
|
|
||||||
/* check plaintext only if everything went fine */
|
/* check plaintext only if everything went fine */
|
||||||
if( 0 == finish_result && 0 == tag_result )
|
if( 0 == finish_result && 0 == tag_result )
|
||||||
|
|
|
@ -23,7 +23,7 @@ depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||||
ecdsa_prim_test_vectors:POLARSSL_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315"
|
ecdsa_prim_test_vectors:POLARSSL_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315"
|
||||||
|
|
||||||
ECDSA primitive rfc 4754 p384
|
ECDSA primitive rfc 4754 p384
|
||||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||||
ecdsa_prim_test_vectors:POLARSSL_ECP_DP_SECP384R1:"0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F"
|
ecdsa_prim_test_vectors:POLARSSL_ECP_DP_SECP384R1:"0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F"
|
||||||
|
|
||||||
ECDSA primitive rfc 4754 p521
|
ECDSA primitive rfc 4754 p521
|
||||||
|
|
|
@ -269,7 +269,7 @@ depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||||
ecp_tls_read_group:"030017":0:256
|
ecp_tls_read_group:"030017":0:256
|
||||||
|
|
||||||
ECP tls read group #5 (OK, buffer continues)
|
ECP tls read group #5 (OK, buffer continues)
|
||||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||||
ecp_tls_read_group:"0300180000":0:384
|
ecp_tls_read_group:"0300180000":0:384
|
||||||
|
|
||||||
ECP tls write-read group #1
|
ECP tls write-read group #1
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
* END_DEPENDENCIES
|
* END_DEPENDENCIES
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
|
||||||
void pk_write_pubkey_check( char *key_file )
|
void pk_write_pubkey_check( char *key_file )
|
||||||
{
|
{
|
||||||
pk_context key;
|
pk_context key;
|
||||||
|
@ -40,7 +40,7 @@ void pk_write_pubkey_check( char *key_file )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
|
||||||
void pk_write_key_check( char *key_file )
|
void pk_write_key_check( char *key_file )
|
||||||
{
|
{
|
||||||
pk_context key;
|
pk_context key;
|
||||||
|
|
|
@ -142,7 +142,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
|
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */
|
||||||
void x509_dn_gets( char *crt_file, char *entity, char *result_str )
|
void x509_dn_gets( char *crt_file, char *entity, char *result_str )
|
||||||
{
|
{
|
||||||
x509_crt crt;
|
x509_crt crt;
|
||||||
|
@ -169,7 +169,7 @@ void x509_dn_gets( char *crt_file, char *entity, char *result_str )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
|
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */
|
||||||
void x509_time_expired( char *crt_file, char *entity, int result )
|
void x509_time_expired( char *crt_file, char *entity, int result )
|
||||||
{
|
{
|
||||||
x509_crt crt;
|
x509_crt crt;
|
||||||
|
@ -189,7 +189,7 @@ void x509_time_expired( char *crt_file, char *entity, int result )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
|
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */
|
||||||
void x509_time_future( char *crt_file, char *entity, int result )
|
void x509_time_future( char *crt_file, char *entity, int result )
|
||||||
{
|
{
|
||||||
x509_crt crt;
|
x509_crt crt;
|
||||||
|
@ -316,7 +316,7 @@ void x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */
|
||||||
void x509_oid_desc( char *oid_str, char *ref_desc )
|
void x509_oid_desc( char *oid_str, char *ref_desc )
|
||||||
{
|
{
|
||||||
x509_buf oid;
|
x509_buf oid;
|
||||||
|
@ -341,7 +341,7 @@ void x509_oid_desc( char *oid_str, char *ref_desc )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */
|
||||||
void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
|
void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
|
||||||
{
|
{
|
||||||
x509_buf oid;
|
x509_buf oid;
|
||||||
|
|
Loading…
Reference in a new issue