wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
Revision 3:6f956bdb3073, committed 2016-04-28
- Comitter:
- wolfSSL
- Date:
- Thu Apr 28 00:56:55 2016 +0000
- Parent:
- 2:28278596c2a2
- Child:
- 4:1b0d80432c79
- Commit message:
- wolfSSL 3.9.0
Changed in this revision
--- a/src/crl.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,791 +0,0 @@
-/* crl.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Name change compatibility layer no longer needs included here */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_CRL
-
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
-
-#include <dirent.h>
-#include <sys/stat.h>
-#include <string.h>
-
-#ifdef HAVE_CRL_MONITOR
- static int StopMonitor(int mfd);
-#endif
-
-
-/* Initialze CRL members */
-int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
-{
- WOLFSSL_ENTER("InitCRL");
-
- crl->cm = cm;
- crl->crlList = NULL;
- crl->monitors[0].path = NULL;
- crl->monitors[1].path = NULL;
-#ifdef HAVE_CRL_MONITOR
- crl->tid = 0;
- crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
-#endif
- if (InitMutex(&crl->crlLock) != 0)
- return BAD_MUTEX_E;
-
- return 0;
-}
-
-
-/* Initialze CRL Entry */
-static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
-{
- WOLFSSL_ENTER("InitCRL_Entry");
-
- XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
- /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
- * copy the hash here if needed for optimized comparisons */
- XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
- XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
- crle->lastDateFormat = dcrl->lastDateFormat;
- crle->nextDateFormat = dcrl->nextDateFormat;
-
- crle->certs = dcrl->certs; /* take ownsership */
- dcrl->certs = NULL;
- crle->totalCerts = dcrl->totalCerts;
-
- return 0;
-}
-
-
-/* Free all CRL Entry resources */
-static void FreeCRL_Entry(CRL_Entry* crle)
-{
- RevokedCert* tmp = crle->certs;
-
- WOLFSSL_ENTER("FreeCRL_Entry");
-
- while(tmp) {
- RevokedCert* next = tmp->next;
- XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
- tmp = next;
- }
-}
-
-
-
-/* Free all CRL resources */
-void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
-{
- CRL_Entry* tmp = crl->crlList;
-
- WOLFSSL_ENTER("FreeCRL");
-
- if (crl->monitors[0].path)
- XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
-
- if (crl->monitors[1].path)
- XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
-
- while(tmp) {
- CRL_Entry* next = tmp->next;
- FreeCRL_Entry(tmp);
- XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
- tmp = next;
- }
-
-#ifdef HAVE_CRL_MONITOR
- if (crl->tid != 0) {
- WOLFSSL_MSG("stopping monitor thread");
- if (StopMonitor(crl->mfd) == 0)
- pthread_join(crl->tid, NULL);
- else {
- WOLFSSL_MSG("stop monitor failed, cancel instead");
- pthread_cancel(crl->tid);
- }
- }
-#endif
- FreeMutex(&crl->crlLock);
- if (dynamic) /* free self */
- XFREE(crl, NULL, DYNAMIC_TYPE_CRL);
-}
-
-
-/* Is the cert ok with CRL, return 0 on success */
-int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
-{
- CRL_Entry* crle;
- int foundEntry = 0;
- int ret = 0;
-
- WOLFSSL_ENTER("CheckCertCRL");
-
- if (LockMutex(&crl->crlLock) != 0) {
- WOLFSSL_MSG("LockMutex failed");
- return BAD_MUTEX_E;
- }
-
- crle = crl->crlList;
-
- while (crle) {
- if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
- WOLFSSL_MSG("Found CRL Entry on list");
- WOLFSSL_MSG("Checking next date validity");
-
- if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
- WOLFSSL_MSG("CRL next date is no longer valid");
- ret = ASN_AFTER_DATE_E;
- }
- else
- foundEntry = 1;
- break;
- }
- crle = crle->next;
- }
-
- if (foundEntry) {
- RevokedCert* rc = crle->certs;
-
- while (rc) {
- if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
- WOLFSSL_MSG("Cert revoked");
- ret = CRL_CERT_REVOKED;
- break;
- }
- rc = rc->next;
- }
- }
-
- UnLockMutex(&crl->crlLock);
-
- if (foundEntry == 0) {
- WOLFSSL_MSG("Couldn't find CRL for status check");
- ret = CRL_MISSING;
- if (crl->cm->cbMissingCRL) {
- char url[256];
-
- WOLFSSL_MSG("Issuing missing CRL callback");
- url[0] = '\0';
- if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
- XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
- url[cert->extCrlInfoSz] = '\0';
- }
- else {
- WOLFSSL_MSG("CRL url too long");
- }
- crl->cm->cbMissingCRL(url);
- }
- }
-
-
- return ret;
-}
-
-
-/* Add Decoded CRL, 0 on success */
-static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl)
-{
- CRL_Entry* crle;
-
- WOLFSSL_ENTER("AddCRL");
-
- crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
- if (crle == NULL) {
- WOLFSSL_MSG("alloc CRL Entry failed");
- return -1;
- }
-
- if (InitCRL_Entry(crle, dcrl) < 0) {
- WOLFSSL_MSG("Init CRL Entry failed");
- XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
- return -1;
- }
-
- if (LockMutex(&crl->crlLock) != 0) {
- WOLFSSL_MSG("LockMutex failed");
- FreeCRL_Entry(crle);
- XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
- return BAD_MUTEX_E;
- }
- crle->next = crl->crlList;
- crl->crlList = crle;
- UnLockMutex(&crl->crlLock);
-
- return 0;
-}
-
-
-/* Load CRL File of type, SSL_SUCCESS on ok */
-int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type)
-{
- int ret = SSL_SUCCESS;
- const byte* myBuffer = buff; /* if DER ok, otherwise switch */
- buffer der;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCRL* dcrl;
-#else
- DecodedCRL dcrl[1];
-#endif
-
- der.buffer = NULL;
-
- WOLFSSL_ENTER("BufferLoadCRL");
-
- if (crl == NULL || buff == NULL || sz == 0)
- return BAD_FUNC_ARG;
-
- if (type == SSL_FILETYPE_PEM) {
- int eccKey = 0; /* not used */
- EncryptedInfo info;
- info.ctx = NULL;
-
- ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
- if (ret == 0) {
- myBuffer = der.buffer;
- sz = der.length;
- }
- else {
- WOLFSSL_MSG("Pem to Der failed");
- return -1;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dcrl == NULL) {
- if (der.buffer)
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
-
- return MEMORY_E;
- }
-#endif
-
- InitDecodedCRL(dcrl);
- ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
- if (ret != 0) {
- WOLFSSL_MSG("ParseCRL error");
- }
- else {
- ret = AddCRL(crl, dcrl);
- if (ret != 0) {
- WOLFSSL_MSG("AddCRL error");
- }
- }
-
- FreeDecodedCRL(dcrl);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (der.buffer)
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
-
- return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */
-}
-
-
-#ifdef HAVE_CRL_MONITOR
-
-
-/* read in new CRL entries and save new list */
-static int SwapLists(WOLFSSL_CRL* crl)
-{
- int ret;
- CRL_Entry* newList;
-#ifdef WOLFSSL_SMALL_STACK
- WOLFSSL_CRL* tmp;
-#else
- WOLFSSL_CRL tmp[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return MEMORY_E;
-#endif
-
- if (InitCRL(tmp, crl->cm) < 0) {
- WOLFSSL_MSG("Init tmp CRL failed");
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return -1;
- }
-
- if (crl->monitors[0].path) {
- ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
- if (ret != SSL_SUCCESS) {
- WOLFSSL_MSG("PEM LoadCRL on dir change failed");
- FreeCRL(tmp, 0);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return -1;
- }
- }
-
- if (crl->monitors[1].path) {
- ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
- if (ret != SSL_SUCCESS) {
- WOLFSSL_MSG("DER LoadCRL on dir change failed");
- FreeCRL(tmp, 0);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return -1;
- }
- }
-
- if (LockMutex(&crl->crlLock) != 0) {
- WOLFSSL_MSG("LockMutex failed");
- FreeCRL(tmp, 0);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return -1;
- }
-
- newList = tmp->crlList;
-
- /* swap lists */
- tmp->crlList = crl->crlList;
- crl->crlList = newList;
-
- UnLockMutex(&crl->crlLock);
-
- FreeCRL(tmp, 0);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-
-#if (defined(__MACH__) || defined(__FreeBSD__))
-
-#include <sys/types.h>
-#include <sys/event.h>
-#include <sys/time.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-#ifdef __MACH__
- #define XEVENT_MODE O_EVTONLY
-#elif defined(__FreeBSD__)
- #define XEVENT_MODE EVFILT_VNODE
-#endif
-
-
-/* we need a unique kqueue user filter fd for crl in case user is doing custom
- * events too */
-#ifndef CRL_CUSTOM_FD
- #define CRL_CUSTOM_FD 123456
-#endif
-
-
-/* shutdown monitor thread, 0 on success */
-static int StopMonitor(int mfd)
-{
- struct kevent change;
-
- /* trigger custom shutdown */
- EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
- if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
- WOLFSSL_MSG("kevent trigger customer event failed");
- return -1;
- }
-
- return 0;
-}
-
-
-/* OS X monitoring */
-static void* DoMonitor(void* arg)
-{
- int fPEM, fDER;
- struct kevent change;
-
- WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
-
- WOLFSSL_ENTER("DoMonitor");
-
- crl->mfd = kqueue();
- if (crl->mfd == -1) {
- WOLFSSL_MSG("kqueue failed");
- return NULL;
- }
-
- /* listen for custom shutdown event */
- EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
- if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
- WOLFSSL_MSG("kevent monitor customer event failed");
- close(crl->mfd);
- return NULL;
- }
-
- fPEM = -1;
- fDER = -1;
-
- if (crl->monitors[0].path) {
- fPEM = open(crl->monitors[0].path, XEVENT_MODE);
- if (fPEM == -1) {
- WOLFSSL_MSG("PEM event dir open failed");
- close(crl->mfd);
- return NULL;
- }
- }
-
- if (crl->monitors[1].path) {
- fDER = open(crl->monitors[1].path, XEVENT_MODE);
- if (fDER == -1) {
- WOLFSSL_MSG("DER event dir open failed");
- close(crl->mfd);
- return NULL;
- }
- }
-
- if (fPEM != -1)
- EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
- NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
-
- if (fDER != -1)
- EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
- NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
-
- for (;;) {
- struct kevent event;
- int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
-
- WOLFSSL_MSG("Got kevent");
-
- if (numEvents == -1) {
- WOLFSSL_MSG("kevent problem, continue");
- continue;
- }
-
- if (event.filter == EVFILT_USER) {
- WOLFSSL_MSG("Got user shutdown event, breaking out");
- break;
- }
-
- if (SwapLists(crl) < 0) {
- WOLFSSL_MSG("SwapLists problem, continue");
- }
- }
-
- if (fPEM != -1)
- close(fPEM);
- if (fDER != -1)
- close(fDER);
-
- close(crl->mfd);
-
- return NULL;
-}
-
-
-#elif defined(__linux__)
-
-#include <sys/types.h>
-#include <sys/inotify.h>
-#include <sys/eventfd.h>
-#include <unistd.h>
-
-
-#ifndef max
- static INLINE int max(int a, int b)
- {
- return a > b ? a : b;
- }
-#endif /* max */
-
-
-/* shutdown monitor thread, 0 on success */
-static int StopMonitor(int mfd)
-{
- word64 w64 = 1;
-
- /* write to our custom event */
- if (write(mfd, &w64, sizeof(w64)) < 0) {
- WOLFSSL_MSG("StopMonitor write failed");
- return -1;
- }
-
- return 0;
-}
-
-
-/* linux monitoring */
-static void* DoMonitor(void* arg)
-{
- int notifyFd;
- int wd = -1;
- WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
-#ifdef WOLFSSL_SMALL_STACK
- char* buff;
-#else
- char buff[8192];
-#endif
-
- WOLFSSL_ENTER("DoMonitor");
-
- crl->mfd = eventfd(0, 0); /* our custom shutdown event */
- if (crl->mfd < 0) {
- WOLFSSL_MSG("eventfd failed");
- return NULL;
- }
-
- notifyFd = inotify_init();
- if (notifyFd < 0) {
- WOLFSSL_MSG("inotify failed");
- close(crl->mfd);
- return NULL;
- }
-
- if (crl->monitors[0].path) {
- wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE |
- IN_DELETE);
- if (wd < 0) {
- WOLFSSL_MSG("PEM notify add watch failed");
- close(crl->mfd);
- close(notifyFd);
- return NULL;
- }
- }
-
- if (crl->monitors[1].path) {
- wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE |
- IN_DELETE);
- if (wd < 0) {
- WOLFSSL_MSG("DER notify add watch failed");
- close(crl->mfd);
- close(notifyFd);
- return NULL;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buff == NULL)
- return NULL;
-#endif
-
- for (;;) {
- fd_set readfds;
- int result;
- int length;
-
- FD_ZERO(&readfds);
- FD_SET(notifyFd, &readfds);
- FD_SET(crl->mfd, &readfds);
-
- result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
-
- WOLFSSL_MSG("Got notify event");
-
- if (result < 0) {
- WOLFSSL_MSG("select problem, continue");
- continue;
- }
-
- if (FD_ISSET(crl->mfd, &readfds)) {
- WOLFSSL_MSG("got custom shutdown event, breaking out");
- break;
- }
-
- length = read(notifyFd, buff, 8192);
- if (length < 0) {
- WOLFSSL_MSG("notify read problem, continue");
- continue;
- }
-
- if (SwapLists(crl) < 0) {
- WOLFSSL_MSG("SwapLists problem, continue");
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (wd > 0)
- inotify_rm_watch(notifyFd, wd);
- close(crl->mfd);
- close(notifyFd);
-
- return NULL;
-}
-
-
-#else
-
-#error "CRL monitor only currently supported on linux or mach"
-
-#endif /* MACH or linux */
-
-
-/* Start Monitoring the CRL path(s) in a thread */
-static int StartMonitorCRL(WOLFSSL_CRL* crl)
-{
- pthread_attr_t attr;
-
- WOLFSSL_ENTER("StartMonitorCRL");
-
- if (crl == NULL)
- return BAD_FUNC_ARG;
-
- if (crl->tid != 0) {
- WOLFSSL_MSG("Monitor thread already running");
- return MONITOR_RUNNING_E;
- }
-
- pthread_attr_init(&attr);
-
- if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
- WOLFSSL_MSG("Thread creation error");
- return THREAD_CREATE_E;
- }
-
- return SSL_SUCCESS;
-}
-
-
-#else /* HAVE_CRL_MONITOR */
-
-static int StartMonitorCRL(WOLFSSL_CRL* crl)
-{
- (void)crl;
-
- WOLFSSL_ENTER("StartMonitorCRL");
- WOLFSSL_MSG("Not compiled in");
-
- return NOT_COMPILED_IN;
-}
-
-#endif /* HAVE_CRL_MONITOR */
-
-
-/* Load CRL path files of type, SSL_SUCCESS on ok */
-int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
-{
- struct dirent* entry;
- DIR* dir;
- int ret = SSL_SUCCESS;
-#ifdef WOLFSSL_SMALL_STACK
- char* name;
-#else
- char name[MAX_FILENAME_SZ];
-#endif
-
- WOLFSSL_ENTER("LoadCRL");
- if (crl == NULL)
- return BAD_FUNC_ARG;
-
- dir = opendir(path);
- if (dir == NULL) {
- WOLFSSL_MSG("opendir path crl load failed");
- return BAD_PATH_ERROR;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (name == NULL)
- return MEMORY_E;
-#endif
-
- while ( (entry = readdir(dir)) != NULL) {
- struct stat s;
-
- XMEMSET(name, 0, MAX_FILENAME_SZ);
- XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
- XSTRNCAT(name, "/", 1);
- XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
-
- if (stat(name, &s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- continue;
- }
- if (s.st_mode & S_IFREG) {
-
- if (type == SSL_FILETYPE_PEM) {
- if (strstr(entry->d_name, ".pem") == NULL) {
- WOLFSSL_MSG("not .pem file, skipping");
- continue;
- }
- }
- else {
- if (strstr(entry->d_name, ".der") == NULL &&
- strstr(entry->d_name, ".crl") == NULL) {
-
- WOLFSSL_MSG("not .der or .crl file, skipping");
- continue;
- }
- }
-
- if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
- != SSL_SUCCESS) {
- WOLFSSL_MSG("CRL file load failed, continuing");
- }
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (monitor & WOLFSSL_CRL_MONITOR) {
- WOLFSSL_MSG("monitor path requested");
-
- if (type == SSL_FILETYPE_PEM) {
- crl->monitors[0].path = strdup(path);
- crl->monitors[0].type = SSL_FILETYPE_PEM;
- if (crl->monitors[0].path == NULL)
- ret = MEMORY_E;
- } else {
- crl->monitors[1].path = strdup(path);
- crl->monitors[1].type = SSL_FILETYPE_ASN1;
- if (crl->monitors[1].path == NULL)
- ret = MEMORY_E;
- }
-
- if (monitor & WOLFSSL_CRL_START_MON) {
- WOLFSSL_MSG("start monitoring requested");
-
- ret = StartMonitorCRL(crl);
- }
- }
-
- closedir(dir);
-
- return ret;
-}
-
-#endif /* HAVE_CRL */
-
--- a/src/internal.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,14389 +0,0 @@
-/* internal.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
-#include <wolfssl/wolfcrypt/asn.h>
-#include <wolfssl/wolfcrypt/dh.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef HAVE_LIBZ
- #include "zlib.h"
-#endif
-
-#ifdef HAVE_NTRU
- #include "ntru_crypto.h"
-#endif
-
-#if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
- #ifdef FREESCALE_MQX
- #include <fio.h>
- #else
- #include <stdio.h>
- #endif
-#endif
-
-#ifdef __sun
- #include <sys/filio.h>
-#endif
-
-#ifndef TRUE
- #define TRUE 1
-#endif
-#ifndef FALSE
- #define FALSE 0
-#endif
-
-#ifdef _MSC_VER
- /* disable for while(0) cases at the .c level for now */
- #pragma warning(disable:4127)
-#endif
-
-#if defined(WOLFSSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
- #error \
-WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
-#endif
-
-#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION)
- #error Cannot use both secure-renegotiation and renegotiation-indication
-#endif
-
-static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
- const byte* input, int inSz, int type);
-
-#ifndef NO_WOLFSSL_CLIENT
- static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
- word32);
- static int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, word32);
- static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, word32*,
- word32);
- #ifndef NO_CERTS
- static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*,
- word32);
- #endif
- #ifdef HAVE_SESSION_TICKET
- static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32*,
- word32);
- #endif
-#endif
-
-
-#ifndef NO_WOLFSSL_SERVER
- static int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, word32);
- static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32);
- #if !defined(NO_RSA) || defined(HAVE_ECC)
- static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32);
- #endif
-#endif
-
-
-#ifdef WOLFSSL_DTLS
- static INLINE int DtlsCheckWindow(DtlsState* state);
- static INLINE int DtlsUpdateWindow(DtlsState* state);
-#endif
-
-
-typedef enum {
- doProcessInit = 0,
-#ifndef NO_WOLFSSL_SERVER
- runProcessOldClientHello,
-#endif
- getRecordLayerHeader,
- getData,
- runProcessingOneMessage
-} processReply;
-
-#ifndef NO_OLD_TLS
-static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
- int content, int verify);
-
-#endif
-
-#ifndef NO_CERTS
-static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
-#endif
-
-static void PickHashSigAlgo(WOLFSSL* ssl,
- const byte* hashSigAlgo, word32 hashSigAlgoSz);
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-int IsTLS(const WOLFSSL* ssl)
-{
- if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
- return 1;
-
- return 0;
-}
-
-
-int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
-{
- if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
- return 1;
- if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
- return 1;
-
- return 0;
-}
-
-
-#ifdef HAVE_NTRU
-
-static byte GetEntropy(ENTROPY_CMD cmd, byte* out)
-{
- /* TODO: add locking? */
- static RNG rng;
-
- if (cmd == INIT)
- return (wc_InitRng(&rng) == 0) ? 1 : 0;
-
- if (out == NULL)
- return 0;
-
- if (cmd == GET_BYTE_OF_ENTROPY)
- return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
-
- if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
- *out = 1;
- return 1;
- }
-
- return 0;
-}
-
-#endif /* HAVE_NTRU */
-
-/* used by ssl.c too */
-void c32to24(word32 in, word24 out)
-{
- out[0] = (in >> 16) & 0xff;
- out[1] = (in >> 8) & 0xff;
- out[2] = in & 0xff;
-}
-
-
-#ifdef WOLFSSL_DTLS
-
-static INLINE void c32to48(word32 in, byte out[6])
-{
- out[0] = 0;
- out[1] = 0;
- out[2] = (in >> 24) & 0xff;
- out[3] = (in >> 16) & 0xff;
- out[4] = (in >> 8) & 0xff;
- out[5] = in & 0xff;
-}
-
-#endif /* WOLFSSL_DTLS */
-
-
-/* convert 16 bit integer to opaque */
-static INLINE void c16toa(word16 u16, byte* c)
-{
- c[0] = (u16 >> 8) & 0xff;
- c[1] = u16 & 0xff;
-}
-
-
-#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
- || defined(HAVE_AESGCM)
-/* convert 32 bit integer to opaque */
-static INLINE void c32toa(word32 u32, byte* c)
-{
- c[0] = (u32 >> 24) & 0xff;
- c[1] = (u32 >> 16) & 0xff;
- c[2] = (u32 >> 8) & 0xff;
- c[3] = u32 & 0xff;
-}
-#endif
-
-
-/* convert a 24 bit integer into a 32 bit one */
-static INLINE void c24to32(const word24 u24, word32* u32)
-{
- *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
-}
-
-
-/* convert opaque to 16 bit integer */
-static INLINE void ato16(const byte* c, word16* u16)
-{
- *u16 = (word16) ((c[0] << 8) | (c[1]));
-}
-
-
-#if defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET)
-
-/* convert opaque to 32 bit integer */
-static INLINE void ato32(const byte* c, word32* u32)
-{
- *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
-}
-
-#endif /* WOLFSSL_DTLS */
-
-
-#ifdef HAVE_LIBZ
-
- /* alloc user allocs to work with zlib */
- static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
- {
- (void)opaque;
- return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
- }
-
-
- static void myFree(void* opaque, void* memory)
- {
- (void)opaque;
- XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
- }
-
-
- /* init zlib comp/decomp streams, 0 on success */
- static int InitStreams(WOLFSSL* ssl)
- {
- ssl->c_stream.zalloc = (alloc_func)myAlloc;
- ssl->c_stream.zfree = (free_func)myFree;
- ssl->c_stream.opaque = (voidpf)ssl->heap;
-
- if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
- return ZLIB_INIT_ERROR;
-
- ssl->didStreamInit = 1;
-
- ssl->d_stream.zalloc = (alloc_func)myAlloc;
- ssl->d_stream.zfree = (free_func)myFree;
- ssl->d_stream.opaque = (voidpf)ssl->heap;
-
- if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
-
- return 0;
- }
-
-
- static void FreeStreams(WOLFSSL* ssl)
- {
- if (ssl->didStreamInit) {
- deflateEnd(&ssl->c_stream);
- inflateEnd(&ssl->d_stream);
- }
- }
-
-
- /* compress in to out, return out size or error */
- static int myCompress(WOLFSSL* ssl, byte* in, int inSz, byte* out, int outSz)
- {
- int err;
- int currTotal = (int)ssl->c_stream.total_out;
-
- ssl->c_stream.next_in = in;
- ssl->c_stream.avail_in = inSz;
- ssl->c_stream.next_out = out;
- ssl->c_stream.avail_out = outSz;
-
- err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
- if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
-
- return (int)ssl->c_stream.total_out - currTotal;
- }
-
-
- /* decompress in to out, returnn out size or error */
- static int myDeCompress(WOLFSSL* ssl, byte* in,int inSz, byte* out,int outSz)
- {
- int err;
- int currTotal = (int)ssl->d_stream.total_out;
-
- ssl->d_stream.next_in = in;
- ssl->d_stream.avail_in = inSz;
- ssl->d_stream.next_out = out;
- ssl->d_stream.avail_out = outSz;
-
- err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
- if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
-
- return (int)ssl->d_stream.total_out - currTotal;
- }
-
-#endif /* HAVE_LIBZ */
-
-
-void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv)
-{
- method->version = pv;
- method->side = WOLFSSL_CLIENT_END;
- method->downgrade = 0;
-}
-
-
-/* Initialze SSL context, return 0 on success */
-int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
-{
- XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
-
- ctx->method = method;
- ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
- ctx->heap = ctx; /* defaults to self */
- ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
- ctx->minDowngrade = TLSv1_MINOR; /* current default */
-
- if (InitMutex(&ctx->countMutex) < 0) {
- WOLFSSL_MSG("Mutex error on CTX init");
- return BAD_MUTEX_E;
- }
-
-#ifndef NO_DH
- ctx->minDhKeySz = MIN_DHKEY_SZ;
-#endif
-
-#ifdef HAVE_ECC
- ctx->eccTempKeySz = ECDHE_SIZE;
-#endif
-
-#ifndef WOLFSSL_USER_IO
- ctx->CBIORecv = EmbedReceive;
- ctx->CBIOSend = EmbedSend;
- #ifdef WOLFSSL_DTLS
- if (method->version.major == DTLS_MAJOR) {
- ctx->CBIORecv = EmbedReceiveFrom;
- ctx->CBIOSend = EmbedSendTo;
- ctx->CBIOCookie = EmbedGenerateCookie;
- }
- #endif
-#endif /* WOLFSSL_USER_IO */
-
-#ifdef HAVE_NETX
- ctx->CBIORecv = NetX_Receive;
- ctx->CBIOSend = NetX_Send;
-#endif
-
-#ifdef HAVE_NTRU
- if (method->side == WOLFSSL_CLIENT_END)
- ctx->haveNTRU = 1; /* always on cliet side */
- /* server can turn on by loading key */
-#endif
-#ifdef HAVE_ECC
- if (method->side == WOLFSSL_CLIENT_END) {
- ctx->haveECDSAsig = 1; /* always on cliet side */
- ctx->haveStaticECC = 1; /* server can turn on by loading key */
- }
-#endif
-
-#ifdef HAVE_CAVIUM
- ctx->devId = NO_CAVIUM_DEVICE;
-#endif
-
-#ifndef NO_CERTS
- ctx->cm = wolfSSL_CertManagerNew();
- if (ctx->cm == NULL) {
- WOLFSSL_MSG("Bad Cert Manager New");
- return BAD_CERT_MANAGER_ERROR;
- }
-#endif
-
-#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
- ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
-#endif
-
- return 0;
-}
-
-
-/* In case contexts are held in array and don't want to free actual ctx */
-void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
-{
- XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
- if (ctx->suites)
- XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
-
-#ifndef NO_DH
- XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
- XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
-#endif
-#ifndef NO_CERTS
- XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
- XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
- XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
- wolfSSL_CertManagerFree(ctx->cm);
-#endif
-#ifdef HAVE_TLS_EXTENSIONS
- TLSX_FreeAll(ctx->extensions);
-#endif
-}
-
-
-void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
-{
- int doFree = 0;
-
- if (LockMutex(&ctx->countMutex) != 0) {
- WOLFSSL_MSG("Couldn't lock count mutex");
- return;
- }
- ctx->refCount--;
- if (ctx->refCount == 0)
- doFree = 1;
- UnLockMutex(&ctx->countMutex);
-
- if (doFree) {
- WOLFSSL_MSG("CTX ref count down to 0, doing full free");
- SSL_CtxResourceFree(ctx);
- FreeMutex(&ctx->countMutex);
- XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
- }
- else {
- (void)ctx;
- WOLFSSL_MSG("CTX ref count not 0 yet, no free");
- }
-}
-
-
-/* Set cipher pointers to null */
-void InitCiphers(WOLFSSL* ssl)
-{
-#ifdef BUILD_ARC4
- ssl->encrypt.arc4 = NULL;
- ssl->decrypt.arc4 = NULL;
-#endif
-#ifdef BUILD_DES3
- ssl->encrypt.des3 = NULL;
- ssl->decrypt.des3 = NULL;
-#endif
-#ifdef BUILD_AES
- ssl->encrypt.aes = NULL;
- ssl->decrypt.aes = NULL;
-#endif
-#ifdef HAVE_CAMELLIA
- ssl->encrypt.cam = NULL;
- ssl->decrypt.cam = NULL;
-#endif
-#ifdef HAVE_HC128
- ssl->encrypt.hc128 = NULL;
- ssl->decrypt.hc128 = NULL;
-#endif
-#ifdef BUILD_RABBIT
- ssl->encrypt.rabbit = NULL;
- ssl->decrypt.rabbit = NULL;
-#endif
-#ifdef HAVE_CHACHA
- ssl->encrypt.chacha = NULL;
- ssl->decrypt.chacha = NULL;
-#endif
-#ifdef HAVE_POLY1305
- ssl->auth.poly1305 = NULL;
-#endif
- ssl->encrypt.setup = 0;
- ssl->decrypt.setup = 0;
-#ifdef HAVE_ONE_TIME_AUTH
- ssl->auth.setup = 0;
-#endif
-}
-
-
-/* Free ciphers */
-void FreeCiphers(WOLFSSL* ssl)
-{
- (void)ssl;
-#ifdef BUILD_ARC4
- #ifdef HAVE_CAVIUM
- if (ssl->devId != NO_CAVIUM_DEVICE) {
- wc_Arc4FreeCavium(ssl->encrypt.arc4);
- wc_Arc4FreeCavium(ssl->decrypt.arc4);
- }
- #endif
- XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
- XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef BUILD_DES3
- #ifdef HAVE_CAVIUM
- if (ssl->devId != NO_CAVIUM_DEVICE) {
- wc_Des3_FreeCavium(ssl->encrypt.des3);
- wc_Des3_FreeCavium(ssl->decrypt.des3);
- }
- #endif
- XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
- XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef BUILD_AES
- #ifdef HAVE_CAVIUM
- if (ssl->devId != NO_CAVIUM_DEVICE) {
- wc_AesFreeCavium(ssl->encrypt.aes);
- wc_AesFreeCavium(ssl->decrypt.aes);
- }
- #endif
- XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
- XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CAMELLIA
- XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
- XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_HC128
- XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
- XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef BUILD_RABBIT
- XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
- XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CHACHA
- XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
- XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_POLY1305
- XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-}
-
-
-void InitCipherSpecs(CipherSpecs* cs)
-{
- cs->bulk_cipher_algorithm = INVALID_BYTE;
- cs->cipher_type = INVALID_BYTE;
- cs->mac_algorithm = INVALID_BYTE;
- cs->kea = INVALID_BYTE;
- cs->sig_algo = INVALID_BYTE;
-
- cs->hash_size = 0;
- cs->static_ecdh = 0;
- cs->key_size = 0;
- cs->iv_size = 0;
- cs->block_size = 0;
-}
-
-static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
- int haveRSAsig, int haveAnon)
-{
- int idx = 0;
-
- if (haveECDSAsig) {
- #ifdef WOLFSSL_SHA512
- suites->hashSigAlgo[idx++] = sha512_mac;
- suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
- #endif
- #ifdef WOLFSSL_SHA384
- suites->hashSigAlgo[idx++] = sha384_mac;
- suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
- #endif
- #ifndef NO_SHA256
- suites->hashSigAlgo[idx++] = sha256_mac;
- suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
- #endif
- #ifndef NO_SHA
- suites->hashSigAlgo[idx++] = sha_mac;
- suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
- #endif
- }
-
- if (haveRSAsig) {
- #ifdef WOLFSSL_SHA512
- suites->hashSigAlgo[idx++] = sha512_mac;
- suites->hashSigAlgo[idx++] = rsa_sa_algo;
- #endif
- #ifdef WOLFSSL_SHA384
- suites->hashSigAlgo[idx++] = sha384_mac;
- suites->hashSigAlgo[idx++] = rsa_sa_algo;
- #endif
- #ifndef NO_SHA256
- suites->hashSigAlgo[idx++] = sha256_mac;
- suites->hashSigAlgo[idx++] = rsa_sa_algo;
- #endif
- #ifndef NO_SHA
- suites->hashSigAlgo[idx++] = sha_mac;
- suites->hashSigAlgo[idx++] = rsa_sa_algo;
- #endif
- }
-
- if (haveAnon) {
- #ifdef HAVE_ANON
- suites->hashSigAlgo[idx++] = sha_mac;
- suites->hashSigAlgo[idx++] = anonymous_sa_algo;
- #endif
- }
-
- suites->hashSigAlgoSz = (word16)idx;
-}
-
-void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
- word16 havePSK, word16 haveDH, word16 haveNTRU,
- word16 haveECDSAsig, word16 haveStaticECC, int side)
-{
- word16 idx = 0;
- int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
- int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
- int haveRSAsig = 1;
-
- (void)tls; /* shut up compiler */
- (void)tls1_2;
- (void)haveDH;
- (void)havePSK;
- (void)haveNTRU;
- (void)haveStaticECC;
-
- if (suites == NULL) {
- WOLFSSL_MSG("InitSuites pointer error");
- return;
- }
-
- if (suites->setSuites)
- return; /* trust user settings, don't override */
-
- if (side == WOLFSSL_SERVER_END && haveStaticECC) {
- haveRSA = 0; /* can't do RSA with ECDSA key */
- (void)haveRSA; /* some builds won't read */
- }
-
- if (side == WOLFSSL_SERVER_END && haveECDSAsig) {
- haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
- (void)haveRSAsig; /* non ecc builds won't read */
- }
-
-#ifdef WOLFSSL_DTLS
- if (pv.major == DTLS_MAJOR) {
- tls = 1;
- tls1_2 = pv.minor <= DTLSv1_2_MINOR;
- }
-#endif
-
-#ifdef HAVE_RENEGOTIATION_INDICATION
- if (side == WOLFSSL_CLIENT_END) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
- }
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
- if (tls && haveNTRU && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
- if (tls && haveNTRU && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
- if (tls && haveNTRU && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
- if (tls && haveNTRU && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- if (tls1_2 && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- if (tls1_2 && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- if (tls1_2 && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- if (tls1_2 && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- if (tls1_2 && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- if (tls1_2 && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- if (tls1_2 && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- if (tls1_2 && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- if (tls1_2 && haveDH && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- if (tls1_2 && haveDH && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
- if (tls1_2 && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
- if (tls1_2 && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- if (tls1_2 && haveECDSAsig) {
- suites->suites[idx++] = CHACHA_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- if (tls && haveRSA) {
- suites->suites[idx++] = CHACHA_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- if (tls && haveRSA) {
- suites->suites[idx++] = CHACHA_BYTE;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- if (tls1_2 && haveRSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- if (tls1_2 && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- if (tls1_2 && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- if (tls1_2 && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- if (tls1_2 && haveRSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- if (tls1_2 && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- if (tls1_2 && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- if (tls1_2 && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- if (tls && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- if (tls && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- if (tls && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- if (tls && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- if (tls && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- if (tls && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- if (tls && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- if (tls && haveECDSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- if (tls && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- if (tls && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
- if (tls && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- if (tls && haveRSAsig && haveStaticECC) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- if (tls1_2 && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
- }
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
- if (tls1_2 && haveECDSAsig) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- if (tls1_2 && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- if (tls1_2 && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- if (tls && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- if (tls && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
- if (tls1_2 && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
- if (tls && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- if (tls && haveDH && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
- if (tls && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- if (tls && haveDH && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
- if (tls && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
- if (tls && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
- if (tls && haveDH && havePSK) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
- if (tls && haveDH && havePSK) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
- if (tls && havePSK) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
- if (tls && havePSK) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
- if (tls && havePSK) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
- if (tls && havePSK) {
- suites->suites[idx++] = ECC_BYTE;
- suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
- if (tls && haveDH && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
- if (tls && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
- if (tls && haveDH && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
- if (tls && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
- if (tls && havePSK) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
- }
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
- if (haveRSA ) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
- }
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
- if (haveRSA ) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
- }
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
- if (haveRSA ) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- if (tls && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA
- if (tls && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- if (tls && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- if (tls && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
- }
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- if (tls && haveDH && haveRSA) {
- suites->suites[idx++] = 0;
- suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
- }
-#endif
-
- suites->suiteSz = idx;
-
- InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0);
-}
-
-
-#ifndef NO_CERTS
-
-
-void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
-{
- (void)dynamicFlag;
-
- if (name != NULL) {
- name->name = name->staticName;
- name->dynamicName = 0;
-#ifdef OPENSSL_EXTRA
- XMEMSET(&name->fullName, 0, sizeof(DecodedName));
-#endif /* OPENSSL_EXTRA */
- }
-}
-
-
-void FreeX509Name(WOLFSSL_X509_NAME* name)
-{
- if (name != NULL) {
- if (name->dynamicName)
- XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN);
-#ifdef OPENSSL_EXTRA
- if (name->fullName.fullName != NULL)
- XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509);
-#endif /* OPENSSL_EXTRA */
- }
-}
-
-
-/* Initialize wolfSSL X509 type */
-void InitX509(WOLFSSL_X509* x509, int dynamicFlag)
-{
- InitX509Name(&x509->issuer, 0);
- InitX509Name(&x509->subject, 0);
- x509->version = 0;
- x509->pubKey.buffer = NULL;
- x509->sig.buffer = NULL;
- x509->derCert.buffer = NULL;
- x509->altNames = NULL;
- x509->altNamesNext = NULL;
- x509->dynamicMemory = (byte)dynamicFlag;
- x509->isCa = 0;
-#ifdef HAVE_ECC
- x509->pkCurveOID = 0;
-#endif /* HAVE_ECC */
-#ifdef OPENSSL_EXTRA
- x509->pathLength = 0;
- x509->basicConstSet = 0;
- x509->basicConstCrit = 0;
- x509->basicConstPlSet = 0;
- x509->subjAltNameSet = 0;
- x509->subjAltNameCrit = 0;
- x509->authKeyIdSet = 0;
- x509->authKeyIdCrit = 0;
- x509->authKeyId = NULL;
- x509->authKeyIdSz = 0;
- x509->subjKeyIdSet = 0;
- x509->subjKeyIdCrit = 0;
- x509->subjKeyId = NULL;
- x509->subjKeyIdSz = 0;
- x509->keyUsageSet = 0;
- x509->keyUsageCrit = 0;
- x509->keyUsage = 0;
- #ifdef WOLFSSL_SEP
- x509->certPolicySet = 0;
- x509->certPolicyCrit = 0;
- #endif /* WOLFSSL_SEP */
-#endif /* OPENSSL_EXTRA */
-}
-
-
-/* Free wolfSSL X509 type */
-void FreeX509(WOLFSSL_X509* x509)
-{
- if (x509 == NULL)
- return;
-
- FreeX509Name(&x509->issuer);
- FreeX509Name(&x509->subject);
- if (x509->pubKey.buffer)
- XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
- XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE);
- #ifdef OPENSSL_EXTRA
- XFREE(x509->authKeyId, NULL, 0);
- XFREE(x509->subjKeyId, NULL, 0);
- #endif /* OPENSSL_EXTRA */
- if (x509->altNames)
- FreeAltNames(x509->altNames, NULL);
- if (x509->dynamicMemory)
- XFREE(x509, NULL, DYNAMIC_TYPE_X509);
-}
-
-#endif /* NO_CERTS */
-
-
-/* init everything to 0, NULL, default values before calling anything that may
- fail so that desctructor has a "good" state to cleanup */
-int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
-{
- int ret;
- byte haveRSA = 0;
- byte havePSK = 0;
- byte haveAnon = 0;
-
- (void) haveAnon;
-
- XMEMSET(ssl, 0, sizeof(WOLFSSL));
-
- ssl->ctx = ctx; /* only for passing to calls, options could change */
- ssl->version = ctx->method->version;
-
-#ifndef NO_RSA
- haveRSA = 1;
-#endif
-
- ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
- ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
-
- ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
- ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
-
-#ifdef KEEP_PEER_CERT
- InitX509(&ssl->peerCert, 0);
-#endif
-
-#ifdef HAVE_ECC
- ssl->eccTempKeySz = ctx->eccTempKeySz;
- ssl->pkCurveOID = ctx->pkCurveOID;
-#endif
-
- ssl->timeout = ctx->timeout;
- ssl->rfd = -1; /* set to invalid descriptor */
- ssl->wfd = -1;
-
- ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
- ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
-
-#ifdef HAVE_NETX
- ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
- ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
-#endif
-#ifdef WOLFSSL_DTLS
- ssl->dtls_expected_rx = MAX_MTU;
-#endif
-
- ssl->verifyCallback = ctx->verifyCallback;
- ssl->options.side = ctx->method->side;
- ssl->options.downgrade = ctx->method->downgrade;
- ssl->options.minDowngrade = ctx->minDowngrade;
-
- if (ssl->options.side == WOLFSSL_SERVER_END)
- ssl->options.haveDH = ctx->haveDH;
-
- ssl->options.haveNTRU = ctx->haveNTRU;
- ssl->options.haveECDSAsig = ctx->haveECDSAsig;
- ssl->options.haveStaticECC = ctx->haveStaticECC;
-
-#ifndef NO_PSK
- havePSK = ctx->havePSK;
- ssl->options.havePSK = ctx->havePSK;
- ssl->options.client_psk_cb = ctx->client_psk_cb;
- ssl->options.server_psk_cb = ctx->server_psk_cb;
-#endif /* NO_PSK */
-
-#ifdef HAVE_ANON
- haveAnon = ctx->haveAnon;
- ssl->options.haveAnon = ctx->haveAnon;
-#endif
-
- ssl->options.serverState = NULL_STATE;
- ssl->options.clientState = NULL_STATE;
- ssl->options.connectState = CONNECT_BEGIN;
- ssl->options.acceptState = ACCEPT_BEGIN;
- ssl->options.handShakeState = NULL_STATE;
- ssl->options.processReply = doProcessInit;
-
-#ifndef NO_DH
- ssl->options.minDhKeySz = ctx->minDhKeySz;
-#endif
-
-#ifdef WOLFSSL_DTLS
- ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
- ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
- ssl->dtls_timeout = ssl->dtls_timeout_init;
-#endif
-
- ssl->options.sessionCacheOff = ctx->sessionCacheOff;
- ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
-
- ssl->options.verifyPeer = ctx->verifyPeer;
- ssl->options.verifyNone = ctx->verifyNone;
- ssl->options.failNoCert = ctx->failNoCert;
- ssl->options.sendVerify = ctx->sendVerify;
-
- #ifndef NO_OLD_TLS
- ssl->hmac = SSL_hmac; /* default to SSLv3 */
- #else
- ssl->hmac = TLS_hmac;
- #endif
-
- ssl->heap = ctx->heap; /* defaults to self */
-
- ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
- ssl->options.partialWrite = ctx->partialWrite;
- ssl->options.quietShutdown = ctx->quietShutdown;
- ssl->options.groupMessages = ctx->groupMessages;
-
-#ifndef NO_DH
- if (ssl->options.side == WOLFSSL_SERVER_END) {
- ssl->buffers.serverDH_P = ctx->serverDH_P;
- ssl->buffers.serverDH_G = ctx->serverDH_G;
- }
-#endif
-#ifndef NO_CERTS
- /* ctx still owns certificate, certChain, key, dh, and cm */
- ssl->buffers.certificate = ctx->certificate;
- ssl->buffers.certChain = ctx->certChain;
- ssl->buffers.key = ctx->privateKey;
-#endif
-
-#ifdef WOLFSSL_DTLS
- ssl->buffers.dtlsCtx.fd = -1;
-#endif
-
- ssl->cipher.ssl = ssl;
-
-#ifdef HAVE_CAVIUM
- ssl->devId = ctx->devId;
-#endif
-
-#ifdef HAVE_TLS_EXTENSIONS
-#ifdef HAVE_MAX_FRAGMENT
- ssl->max_fragment = MAX_RECORD_SIZE;
-#endif
-#endif
-
- /* default alert state (none) */
- ssl->alert_history.last_rx.code = -1;
- ssl->alert_history.last_rx.level = -1;
- ssl->alert_history.last_tx.code = -1;
- ssl->alert_history.last_tx.level = -1;
-
- InitCiphers(ssl);
- InitCipherSpecs(&ssl->specs);
-
- /* all done with init, now can return errors, call other stuff */
-
- /* hsHashes */
- ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
- DYNAMIC_TYPE_HASHES);
- if (ssl->hsHashes == NULL) {
- WOLFSSL_MSG("HS_Hashes Memory error");
- return MEMORY_E;
- }
-
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
- wc_InitMd5(&ssl->hsHashes->hashMd5);
-#endif
-#ifndef NO_SHA
- ret = wc_InitSha(&ssl->hsHashes->hashSha);
- if (ret != 0) {
- return ret;
- }
-#endif
-#endif
-#ifndef NO_SHA256
- ret = wc_InitSha256(&ssl->hsHashes->hashSha256);
- if (ret != 0) {
- return ret;
- }
-#endif
-#ifdef WOLFSSL_SHA384
- ret = wc_InitSha384(&ssl->hsHashes->hashSha384);
- if (ret != 0) {
- return ret;
- }
-#endif
-#ifdef WOLFSSL_SHA512
- ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
- if (ret != 0) {
- return ret;
- }
-#endif
-
- /* increment CTX reference count */
- if (LockMutex(&ctx->countMutex) != 0) {
- WOLFSSL_MSG("Couldn't lock CTX count mutex");
- return BAD_MUTEX_E;
- }
- ctx->refCount++;
- UnLockMutex(&ctx->countMutex);
-
- /* arrays */
- ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
- DYNAMIC_TYPE_ARRAYS);
- if (ssl->arrays == NULL) {
- WOLFSSL_MSG("Arrays Memory error");
- return MEMORY_E;
- }
- XMEMSET(ssl->arrays, 0, sizeof(Arrays));
-
-#ifndef NO_PSK
- if (ctx->server_hint[0]) { /* set in CTX */
- XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN);
- ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
- }
-#endif /* NO_PSK */
-
- /* RNG */
- ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
- if (ssl->rng == NULL) {
- WOLFSSL_MSG("RNG Memory error");
- return MEMORY_E;
- }
-
- if ( (ret = wc_InitRng(ssl->rng)) != 0) {
- WOLFSSL_MSG("RNG Init error");
- return ret;
- }
-
- /* suites */
- ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
- DYNAMIC_TYPE_SUITES);
- if (ssl->suites == NULL) {
- WOLFSSL_MSG("Suites Memory error");
- return MEMORY_E;
- }
- if (ctx->suites)
- *ssl->suites = *ctx->suites;
- else
- XMEMSET(ssl->suites, 0, sizeof(Suites));
-
-
-#ifndef NO_CERTS
- /* make sure server has cert and key unless using PSK or Anon */
- if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon)
- if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
- WOLFSSL_MSG("Server missing certificate and/or private key");
- return NO_PRIVATE_KEY;
- }
-#endif
-#ifdef HAVE_SECRET_CALLBACK
- ssl->sessionSecretCb = NULL;
- ssl->sessionSecretCtx = NULL;
-#endif
-
- /* make sure server has DH parms, and add PSK if there, add NTRU too */
- if (ssl->options.side == WOLFSSL_SERVER_END)
- InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
- ssl->options.haveDH, ssl->options.haveNTRU,
- ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
- ssl->options.side);
- else
- InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE,
- ssl->options.haveNTRU, ssl->options.haveECDSAsig,
- ssl->options.haveStaticECC, ssl->options.side);
-
- return 0;
-}
-
-
-/* free use of temporary arrays */
-void FreeArrays(WOLFSSL* ssl, int keep)
-{
- if (ssl->arrays && keep) {
- /* keeps session id for user retrieval */
- XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
- ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
- }
- XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
- ssl->arrays = NULL;
-}
-
-
-/* In case holding SSL object in array and don't want to free actual ssl */
-void SSL_ResourceFree(WOLFSSL* ssl)
-{
- /* Note: any resources used during the handshake should be released in the
- * function FreeHandshakeResources(). Be careful with the special cases
- * like the RNG which may optionally be kept for the whole session. (For
- * example with the RNG, it isn't used beyond the handshake except when
- * using stream ciphers where it is retained. */
-
- FreeCiphers(ssl);
- FreeArrays(ssl, 0);
- wc_FreeRng(ssl->rng);
- XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
- XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
- XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
- XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
-
-#ifndef NO_DH
- XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- /* parameters (p,g) may be owned by ctx */
- if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
- XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- }
-#endif
-#ifndef NO_CERTS
- if (ssl->buffers.weOwnCert)
- XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
- if (ssl->buffers.weOwnCertChain)
- XFREE(ssl->buffers.certChain.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
- if (ssl->buffers.weOwnKey)
- XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
-#endif
-#ifndef NO_RSA
- if (ssl->peerRsaKey) {
- wc_FreeRsaKey(ssl->peerRsaKey);
- XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
- }
-#endif
- if (ssl->buffers.inputBuffer.dynamicFlag)
- ShrinkInputBuffer(ssl, FORCED_FREE);
- if (ssl->buffers.outputBuffer.dynamicFlag)
- ShrinkOutputBuffer(ssl);
-#ifdef WOLFSSL_DTLS
- if (ssl->dtls_pool != NULL) {
- DtlsPoolReset(ssl);
- XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE);
- }
- if (ssl->dtls_msg_list != NULL) {
- DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
- ssl->dtls_msg_list = NULL;
- }
- XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
- ssl->buffers.dtlsCtx.peer.sa = NULL;
-#endif
-#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
- FreeX509(&ssl->peerCert);
-#endif
-#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
- wolfSSL_BIO_free(ssl->biord);
- if (ssl->biord != ssl->biowr) /* in case same as write */
- wolfSSL_BIO_free(ssl->biowr);
-#endif
-#ifdef HAVE_LIBZ
- FreeStreams(ssl);
-#endif
-#ifdef HAVE_ECC
- if (ssl->peerEccKey) {
- if (ssl->peerEccKeyPresent)
- wc_ecc_free(ssl->peerEccKey);
- XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
- }
- if (ssl->peerEccDsaKey) {
- if (ssl->peerEccDsaKeyPresent)
- wc_ecc_free(ssl->peerEccDsaKey);
- XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
- }
- if (ssl->eccTempKey) {
- if (ssl->eccTempKeyPresent)
- wc_ecc_free(ssl->eccTempKey);
- XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
- }
-#endif
-#ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
- #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-#ifdef HAVE_TLS_EXTENSIONS
- TLSX_FreeAll(ssl->extensions);
-#endif
-#ifdef HAVE_NETX
- if (ssl->nxCtx.nxPacket)
- nx_packet_release(ssl->nxCtx.nxPacket);
-#endif
-}
-
-#ifdef WOLFSSL_TI_HASH
-static void HashFinal(WOLFSSL * ssl) {
- byte dummyHash[32] ;
-#ifndef NO_MD5
- wc_Md5Final(&(ssl->hsHashes->hashMd5), dummyHash) ;
-#endif
-#ifndef NO_SHA
- wc_ShaFinal(&(ssl->hsHashes->hashSha), dummyHash) ;
-#endif
-#ifndef NO_SHA256
- wc_Sha256Final(&(ssl->hsHashes->hashSha256), dummyHash) ;
-#endif
-}
-#else
-
- #define HashFinal(ssl)
-
-#endif
-
-/* Free any handshake resources no longer needed */
-void FreeHandshakeResources(WOLFSSL* ssl)
-{
-
- HashFinal(ssl) ;
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
- WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
- return;
- }
-#endif
-
- /* input buffer */
- if (ssl->buffers.inputBuffer.dynamicFlag)
- ShrinkInputBuffer(ssl, NO_FORCED_FREE);
-
- /* suites */
- XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
- ssl->suites = NULL;
-
- /* hsHashes */
- XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
- ssl->hsHashes = NULL;
-
- /* RNG */
- if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) {
- wc_FreeRng(ssl->rng);
- XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
- ssl->rng = NULL;
- }
-
-#ifdef WOLFSSL_DTLS
- /* DTLS_POOL */
- if (ssl->options.dtls && ssl->dtls_pool != NULL) {
- DtlsPoolReset(ssl);
- XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
- ssl->dtls_pool = NULL;
- }
-#endif
-
- /* arrays */
- if (ssl->options.saveArrays == 0)
- FreeArrays(ssl, 1);
-
-#ifndef NO_RSA
- /* peerRsaKey */
- if (ssl->peerRsaKey) {
- wc_FreeRsaKey(ssl->peerRsaKey);
- XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
- ssl->peerRsaKey = NULL;
- }
-#endif
-
-#ifdef HAVE_ECC
- if (ssl->peerEccKey)
- {
- if (ssl->peerEccKeyPresent) {
- wc_ecc_free(ssl->peerEccKey);
- ssl->peerEccKeyPresent = 0;
- }
- XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
- ssl->peerEccKey = NULL;
- }
- if (ssl->peerEccDsaKey)
- {
- if (ssl->peerEccDsaKeyPresent) {
- wc_ecc_free(ssl->peerEccDsaKey);
- ssl->peerEccDsaKeyPresent = 0;
- }
- XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
- ssl->peerEccDsaKey = NULL;
- }
- if (ssl->eccTempKey)
- {
- if (ssl->eccTempKeyPresent) {
- wc_ecc_free(ssl->eccTempKey);
- ssl->eccTempKeyPresent = 0;
- }
- XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
- ssl->eccTempKey = NULL;
- }
-#endif
-#ifndef NO_DH
- XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- ssl->buffers.serverDH_Priv.buffer = NULL;
- XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- ssl->buffers.serverDH_Pub.buffer = NULL;
- /* parameters (p,g) may be owned by ctx */
- if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
- XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- ssl->buffers.serverDH_G.buffer = NULL;
- XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
- ssl->buffers.serverDH_P.buffer = NULL;
- }
-#endif
-#ifndef NO_CERTS
- if (ssl->buffers.weOwnCert) {
- XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
- ssl->buffers.certificate.buffer = NULL;
- }
- if (ssl->buffers.weOwnCertChain) {
- XFREE(ssl->buffers.certChain.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
- ssl->buffers.certChain.buffer = NULL;
- }
- if (ssl->buffers.weOwnKey) {
- XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
- ssl->buffers.key.buffer = NULL;
- }
-#endif
-#ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
- ssl->buffers.peerEccDsaKey.buffer = NULL;
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
- ssl->buffers.peerRsaKey.buffer = NULL;
- #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-}
-
-
-void FreeSSL(WOLFSSL* ssl)
-{
- FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
- SSL_ResourceFree(ssl);
- XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL);
-}
-
-
-#ifdef WOLFSSL_DTLS
-
-int DtlsPoolInit(WOLFSSL* ssl)
-{
- if (ssl->dtls_pool == NULL) {
- DtlsPool *pool = (DtlsPool*)XMALLOC(sizeof(DtlsPool),
- ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
- if (pool == NULL) {
- WOLFSSL_MSG("DTLS Buffer Pool Memory error");
- return MEMORY_E;
- }
- else {
- int i;
-
- for (i = 0; i < DTLS_POOL_SZ; i++) {
- pool->buf[i].length = 0;
- pool->buf[i].buffer = NULL;
- }
- pool->used = 0;
- ssl->dtls_pool = pool;
- }
- }
- return 0;
-}
-
-
-int DtlsPoolSave(WOLFSSL* ssl, const byte *src, int sz)
-{
- DtlsPool *pool = ssl->dtls_pool;
- if (pool != NULL && pool->used < DTLS_POOL_SZ) {
- buffer *pBuf = &pool->buf[pool->used];
- pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
- if (pBuf->buffer == NULL) {
- WOLFSSL_MSG("DTLS Buffer Memory error");
- return MEMORY_ERROR;
- }
- XMEMCPY(pBuf->buffer, src, sz);
- pBuf->length = (word32)sz;
- pool->used++;
- }
- return 0;
-}
-
-
-void DtlsPoolReset(WOLFSSL* ssl)
-{
- DtlsPool *pool = ssl->dtls_pool;
- if (pool != NULL) {
- buffer *pBuf;
- int i, used;
-
- used = pool->used;
- for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) {
- XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
- pBuf->buffer = NULL;
- pBuf->length = 0;
- }
- pool->used = 0;
- }
- ssl->dtls_timeout = ssl->dtls_timeout_init;
-}
-
-
-int DtlsPoolTimeout(WOLFSSL* ssl)
-{
- int result = -1;
- if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
- ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
- result = 0;
- }
- return result;
-}
-
-
-int DtlsPoolSend(WOLFSSL* ssl)
-{
- int ret;
- DtlsPool *pool = ssl->dtls_pool;
-
- if (pool != NULL && pool->used > 0) {
- int i;
- for (i = 0; i < pool->used; i++) {
- int sendResult;
- buffer* buf = &pool->buf[i];
-
- DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)buf->buffer;
-
- word16 message_epoch;
- ato16(dtls->epoch, &message_epoch);
- if (message_epoch == ssl->keys.dtls_epoch) {
- /* Increment record sequence number on retransmitted handshake
- * messages */
- c32to48(ssl->keys.dtls_sequence_number, dtls->sequence_number);
- ssl->keys.dtls_sequence_number++;
- }
- else {
- /* The Finished message is sent with the next epoch, keep its
- * sequence number */
- }
-
- if ((ret = CheckAvailableSize(ssl, buf->length)) != 0)
- return ret;
-
- XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length);
- ssl->buffers.outputBuffer.idx = 0;
- ssl->buffers.outputBuffer.length = buf->length;
-
- sendResult = SendBuffered(ssl);
- if (sendResult < 0) {
- return sendResult;
- }
- }
- }
- return 0;
-}
-
-
-/* functions for managing DTLS datagram reordering */
-
-/* Need to allocate space for the handshake message header. The hashing
- * routines assume the message pointer is still within the buffer that
- * has the headers, and will include those headers in the hash. The store
- * routines need to take that into account as well. New will allocate
- * extra space for the headers. */
-DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
-{
- DtlsMsg* msg = NULL;
-
- msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
-
- if (msg != NULL) {
- msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
- heap, DYNAMIC_TYPE_NONE);
- if (msg->buf != NULL) {
- msg->next = NULL;
- msg->seq = 0;
- msg->sz = sz;
- msg->fragSz = 0;
- msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
- }
- else {
- XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
- msg = NULL;
- }
- }
-
- return msg;
-}
-
-void DtlsMsgDelete(DtlsMsg* item, void* heap)
-{
- (void)heap;
-
- if (item != NULL) {
- if (item->buf != NULL)
- XFREE(item->buf, heap, DYNAMIC_TYPE_NONE);
- XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
- }
-}
-
-
-void DtlsMsgListDelete(DtlsMsg* head, void* heap)
-{
- DtlsMsg* next;
- while (head) {
- next = head->next;
- DtlsMsgDelete(head, heap);
- head = next;
- }
-}
-
-
-void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
- word32 fragOffset, word32 fragSz)
-{
- if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
- fragOffset <= msg->sz && (fragOffset + fragSz) <= msg->sz) {
-
- msg->seq = seq;
- msg->type = type;
- msg->fragSz += fragSz;
- /* If fragOffset is zero, this is either a full message that is out
- * of order, or the first fragment of a fragmented message. Copy the
- * handshake message header with the message data. Zero length messages
- * like Server Hello Done should be saved as well. */
- if (fragOffset == 0)
- XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
- fragSz + DTLS_HANDSHAKE_HEADER_SZ);
- else {
- /* If fragOffet is non-zero, this is an additional fragment that
- * needs to be copied to its location in the message buffer. Also
- * copy the total size of the message over the fragment size. The
- * hash routines look at a defragmented message if it had actually
- * come across as a single handshake message. */
- XMEMCPY(msg->msg + fragOffset, data, fragSz);
- }
- c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
- }
-}
-
-
-DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
-{
- while (head != NULL && head->seq != seq) {
- head = head->next;
- }
- return head;
-}
-
-
-DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data,
- word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
-{
-
- /* See if seq exists in the list. If it isn't in the list, make
- * a new item of size dataSz, copy fragSz bytes from data to msg->msg
- * starting at offset fragOffset, and add fragSz to msg->fragSz. If
- * the seq is in the list and it isn't full, copy fragSz bytes from
- * data to msg->msg starting at offset fragOffset, and add fragSz to
- * msg->fragSz. The new item should be inserted into the list in its
- * proper position.
- *
- * 1. Find seq in list, or where seq should go in list. If seq not in
- * list, create new item and insert into list. Either case, keep
- * pointer to item.
- * 2. If msg->fragSz + fragSz < sz, copy data to msg->msg at offset
- * fragOffset. Add fragSz to msg->fragSz.
- */
-
- if (head != NULL) {
- DtlsMsg* cur = DtlsMsgFind(head, seq);
- if (cur == NULL) {
- cur = DtlsMsgNew(dataSz, heap);
- if (cur != NULL) {
- DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz);
- head = DtlsMsgInsert(head, cur);
- }
- }
- else {
- DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz);
- }
- }
- else {
- head = DtlsMsgNew(dataSz, heap);
- DtlsMsgSet(head, seq, data, type, fragOffset, fragSz);
- }
-
- return head;
-}
-
-
-/* DtlsMsgInsert() is an in-order insert. */
-DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
-{
- if (head == NULL || item->seq < head->seq) {
- item->next = head;
- head = item;
- }
- else if (head->next == NULL) {
- head->next = item;
- }
- else {
- DtlsMsg* cur = head->next;
- DtlsMsg* prev = head;
- while (cur) {
- if (item->seq < cur->seq) {
- item->next = cur;
- prev->next = item;
- break;
- }
- prev = cur;
- cur = cur->next;
- }
- if (cur == NULL) {
- prev->next = item;
- }
- }
-
- return head;
-}
-
-#endif /* WOLFSSL_DTLS */
-
-#ifndef NO_OLD_TLS
-
-ProtocolVersion MakeSSLv3(void)
-{
- ProtocolVersion pv;
- pv.major = SSLv3_MAJOR;
- pv.minor = SSLv3_MINOR;
-
- return pv;
-}
-
-#endif /* NO_OLD_TLS */
-
-
-#ifdef WOLFSSL_DTLS
-
-ProtocolVersion MakeDTLSv1(void)
-{
- ProtocolVersion pv;
- pv.major = DTLS_MAJOR;
- pv.minor = DTLS_MINOR;
-
- return pv;
-}
-
-ProtocolVersion MakeDTLSv1_2(void)
-{
- ProtocolVersion pv;
- pv.major = DTLS_MAJOR;
- pv.minor = DTLSv1_2_MINOR;
-
- return pv;
-}
-
-#endif /* WOLFSSL_DTLS */
-
-
-
-
-#ifdef USE_WINDOWS_API
-
- word32 LowResTimer(void)
- {
- static int init = 0;
- static LARGE_INTEGER freq;
- LARGE_INTEGER count;
-
- if (!init) {
- QueryPerformanceFrequency(&freq);
- init = 1;
- }
-
- QueryPerformanceCounter(&count);
-
- return (word32)(count.QuadPart / freq.QuadPart);
- }
-
-#elif defined(HAVE_RTP_SYS)
-
- #include "rtptime.h"
-
- word32 LowResTimer(void)
- {
- return (word32)rtp_get_system_sec();
- }
-
-
-#elif defined(MICRIUM)
-
- word32 LowResTimer(void)
- {
- NET_SECURE_OS_TICK clk;
-
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- clk = NetSecure_OS_TimeGet();
- #endif
- return (word32)clk;
- }
-
-
-#elif defined(MICROCHIP_TCPIP_V5)
-
- word32 LowResTimer(void)
- {
- return (word32) TickGet();
- }
-
-
-#elif defined(MICROCHIP_TCPIP)
-
- #if defined(MICROCHIP_MPLAB_HARMONY)
-
- #include <system/tmr/sys_tmr.h>
-
- word32 LowResTimer(void)
- {
- return (word32) SYS_TMR_TickCountGet();
- }
-
- #else
-
- word32 LowResTimer(void)
- {
- return (word32) SYS_TICK_Get();
- }
-
- #endif
-
-#elif defined(FREESCALE_MQX)
-
- word32 LowResTimer(void)
- {
- TIME_STRUCT mqxTime;
-
- _time_get_elapsed(&mqxTime);
-
- return (word32) mqxTime.SECONDS;
- }
-
-#elif defined(WOLFSSL_TIRTOS)
-
- word32 LowResTimer(void)
- {
- return (word32) Seconds_get();
- }
-
-#elif defined(USER_TICKS)
-#if 0
- word32 LowResTimer(void)
- {
- /*
- write your own clock tick function if don't want time(0)
- needs second accuracy but doesn't have to correlated to EPOCH
- */
- }
-#endif
-
-#elif defined(TIME_OVERRIDES)
-
- /* use same asn time overrides unless user wants tick override above */
-
- #ifndef HAVE_TIME_T_TYPE
- typedef long time_t;
- #endif
- extern time_t XTIME(time_t * timer);
-
- word32 LowResTimer(void)
- {
- return (word32) XTIME(0);
- }
-
-#else /* !USE_WINDOWS_API && !HAVE_RTP_SYS && !MICRIUM && !USER_TICKS */
-
- #include <time.h>
-
- word32 LowResTimer(void)
- {
- return (word32)time(0);
- }
-
-
-#endif /* USE_WINDOWS_API */
-
-
-/* add output to md5 and sha handshake hashes, exclude record header */
-static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
-{
- const byte* adj = output + RECORD_HEADER_SZ + ivSz;
- sz -= RECORD_HEADER_SZ;
-
-#ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
-#endif
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- adj += DTLS_RECORD_EXTRA;
- sz -= DTLS_RECORD_EXTRA;
- }
-#endif
-#ifndef NO_OLD_TLS
-#ifndef NO_SHA
- wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
-#endif
-#ifndef NO_MD5
- wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
-#endif
-#endif
-
- if (IsAtLeastTLSv1_2(ssl)) {
- int ret;
-
-#ifndef NO_SHA256
- ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
- if (ret != 0)
- return ret;
-#endif
-#ifdef WOLFSSL_SHA384
- ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
- if (ret != 0)
- return ret;
-#endif
-#ifdef WOLFSSL_SHA512
- ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
- if (ret != 0)
- return ret;
-#endif
- }
-
- return 0;
-}
-
-
-/* add input to md5 and sha handshake hashes, include handshake header */
-static int HashInput(WOLFSSL* ssl, const byte* input, int sz)
-{
- const byte* adj = input - HANDSHAKE_HEADER_SZ;
- sz += HANDSHAKE_HEADER_SZ;
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- adj -= DTLS_HANDSHAKE_EXTRA;
- sz += DTLS_HANDSHAKE_EXTRA;
- }
-#endif
-
-#ifndef NO_OLD_TLS
-#ifndef NO_SHA
- wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
-#endif
-#ifndef NO_MD5
- wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
-#endif
-#endif
-
- if (IsAtLeastTLSv1_2(ssl)) {
- int ret;
-
-#ifndef NO_SHA256
- ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
- if (ret != 0)
- return ret;
-#endif
-#ifdef WOLFSSL_SHA384
- ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
- if (ret != 0)
- return ret;
-#endif
-#ifdef WOLFSSL_SHA512
- ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
- if (ret != 0)
- return ret;
-#endif
- }
-
- return 0;
-}
-
-
-/* add record layer header for message */
-static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl)
-{
- RecordLayerHeader* rl;
-
- /* record layer header */
- rl = (RecordLayerHeader*)output;
- rl->type = type;
- rl->pvMajor = ssl->version.major; /* type and version same in each */
- rl->pvMinor = ssl->version.minor;
-
- if (!ssl->options.dtls)
- c16toa((word16)length, rl->length);
- else {
-#ifdef WOLFSSL_DTLS
- DtlsRecordLayerHeader* dtls;
-
- /* dtls record layer header extensions */
- dtls = (DtlsRecordLayerHeader*)output;
- c16toa(ssl->keys.dtls_epoch, dtls->epoch);
- c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number);
- c16toa((word16)length, dtls->length);
-#endif
- }
-}
-
-
-/* add handshake header for message */
-static void AddHandShakeHeader(byte* output, word32 length, byte type,
- WOLFSSL* ssl)
-{
- HandShakeHeader* hs;
- (void)ssl;
-
- /* handshake header */
- hs = (HandShakeHeader*)output;
- hs->type = type;
- c32to24(length, hs->length); /* type and length same for each */
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- DtlsHandShakeHeader* dtls;
-
- /* dtls handshake header extensions */
- dtls = (DtlsHandShakeHeader*)output;
- c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
- c32to24(0, dtls->fragment_offset);
- c32to24(length, dtls->fragment_length);
- }
-#endif
-}
-
-
-/* add both headers for handshake message */
-static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
-{
- if (!ssl->options.dtls) {
- AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl);
- AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl);
- }
-#ifdef WOLFSSL_DTLS
- else {
- AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl);
- AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl);
- }
-#endif
-}
-
-
-/* return bytes received, -1 on error */
-static int Receive(WOLFSSL* ssl, byte* buf, word32 sz)
-{
- int recvd;
-
- if (ssl->ctx->CBIORecv == NULL) {
- WOLFSSL_MSG("Your IO Recv callback is null, please set");
- return -1;
- }
-
-retry:
- recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
- if (recvd < 0)
- switch (recvd) {
- case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */
- return -1;
-
- case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */
- return WANT_READ;
-
- case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
- #ifdef USE_WINDOWS_API
- if (ssl->options.dtls) {
- goto retry;
- }
- #endif
- ssl->options.connReset = 1;
- return -1;
-
- case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
- /* see if we got our timeout */
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->toInfoOn) {
- struct itimerval timeout;
- getitimer(ITIMER_REAL, &timeout);
- if (timeout.it_value.tv_sec == 0 &&
- timeout.it_value.tv_usec == 0) {
- XSTRNCPY(ssl->timeoutInfo.timeoutName,
- "recv() timeout", MAX_TIMEOUT_NAME_SZ);
- WOLFSSL_MSG("Got our timeout");
- return WANT_READ;
- }
- }
- #endif
- goto retry;
-
- case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
- ssl->options.isClosed = 1;
- return -1;
-
- case WOLFSSL_CBIO_ERR_TIMEOUT:
-#ifdef WOLFSSL_DTLS
- if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0)
- goto retry;
- else
-#endif
- return -1;
-
- default:
- return recvd;
- }
-
- return recvd;
-}
-
-
-/* Switch dynamic output buffer back to static, buffer is assumed clear */
-void ShrinkOutputBuffer(WOLFSSL* ssl)
-{
- WOLFSSL_MSG("Shrinking output buffer\n");
- XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
- ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
- ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
- ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
- ssl->buffers.outputBuffer.dynamicFlag = 0;
- ssl->buffers.outputBuffer.offset = 0;
-}
-
-
-/* Switch dynamic input buffer back to static, keep any remaining input */
-/* forced free means cleaning up */
-void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
-{
- int usedLength = ssl->buffers.inputBuffer.length -
- ssl->buffers.inputBuffer.idx;
- if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
- return;
-
- WOLFSSL_MSG("Shrinking input buffer\n");
-
- if (!forcedFree && usedLength)
- XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
- ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
- usedLength);
-
- XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
- ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
- ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
- ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
- ssl->buffers.inputBuffer.dynamicFlag = 0;
- ssl->buffers.inputBuffer.offset = 0;
- ssl->buffers.inputBuffer.idx = 0;
- ssl->buffers.inputBuffer.length = usedLength;
-}
-
-int SendBuffered(WOLFSSL* ssl)
-{
- if (ssl->ctx->CBIOSend == NULL) {
- WOLFSSL_MSG("Your IO Send callback is null, please set");
- return SOCKET_ERROR_E;
- }
-
- while (ssl->buffers.outputBuffer.length > 0) {
- int sent = ssl->ctx->CBIOSend(ssl,
- (char*)ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.idx,
- (int)ssl->buffers.outputBuffer.length,
- ssl->IOCB_WriteCtx);
- if (sent < 0) {
- switch (sent) {
-
- case WOLFSSL_CBIO_ERR_WANT_WRITE: /* would block */
- return WANT_WRITE;
-
- case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
- ssl->options.connReset = 1;
- break;
-
- case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
- /* see if we got our timeout */
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->toInfoOn) {
- struct itimerval timeout;
- getitimer(ITIMER_REAL, &timeout);
- if (timeout.it_value.tv_sec == 0 &&
- timeout.it_value.tv_usec == 0) {
- XSTRNCPY(ssl->timeoutInfo.timeoutName,
- "send() timeout", MAX_TIMEOUT_NAME_SZ);
- WOLFSSL_MSG("Got our timeout");
- return WANT_WRITE;
- }
- }
- #endif
- continue;
-
- case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
- ssl->options.connReset = 1; /* treat same as reset */
- break;
-
- default:
- return SOCKET_ERROR_E;
- }
-
- return SOCKET_ERROR_E;
- }
-
- if (sent > (int)ssl->buffers.outputBuffer.length) {
- WOLFSSL_MSG("SendBuffered() out of bounds read");
- return SEND_OOB_READ_E;
- }
-
- ssl->buffers.outputBuffer.idx += sent;
- ssl->buffers.outputBuffer.length -= sent;
- }
-
- ssl->buffers.outputBuffer.idx = 0;
-
- if (ssl->buffers.outputBuffer.dynamicFlag)
- ShrinkOutputBuffer(ssl);
-
- return 0;
-}
-
-
-/* Grow the output buffer */
-static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
-{
- byte* tmp;
- byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
- RECORD_HEADER_SZ;
- byte align = WOLFSSL_GENERAL_ALIGNMENT;
- /* the encrypted data will be offset from the front of the buffer by
- the header, if the user wants encrypted alignment they need
- to define their alignment requirement */
-
- if (align) {
- while (align < hdrSz)
- align *= 2;
- }
-
- tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
- ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
- WOLFSSL_MSG("growing output buffer\n");
-
- if (!tmp) return MEMORY_E;
- if (align)
- tmp += align - hdrSz;
-
- if (ssl->buffers.outputBuffer.length)
- XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
- ssl->buffers.outputBuffer.length);
-
- if (ssl->buffers.outputBuffer.dynamicFlag)
- XFREE(ssl->buffers.outputBuffer.buffer -
- ssl->buffers.outputBuffer.offset, ssl->heap,
- DYNAMIC_TYPE_OUT_BUFFER);
- ssl->buffers.outputBuffer.dynamicFlag = 1;
- if (align)
- ssl->buffers.outputBuffer.offset = align - hdrSz;
- else
- ssl->buffers.outputBuffer.offset = 0;
- ssl->buffers.outputBuffer.buffer = tmp;
- ssl->buffers.outputBuffer.bufferSize = size +
- ssl->buffers.outputBuffer.length;
- return 0;
-}
-
-
-/* Grow the input buffer, should only be to read cert or big app data */
-int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
-{
- byte* tmp;
- byte hdrSz = DTLS_RECORD_HEADER_SZ;
- byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
- /* the encrypted data will be offset from the front of the buffer by
- the dtls record header, if the user wants encrypted alignment they need
- to define their alignment requirement. in tls we read record header
- to get size of record and put actual data back at front, so don't need */
-
- if (align) {
- while (align < hdrSz)
- align *= 2;
- }
- tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap,
- DYNAMIC_TYPE_IN_BUFFER);
- WOLFSSL_MSG("growing input buffer\n");
-
- if (!tmp) return MEMORY_E;
- if (align)
- tmp += align - hdrSz;
-
- if (usedLength)
- XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.idx, usedLength);
-
- if (ssl->buffers.inputBuffer.dynamicFlag)
- XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
- ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
-
- ssl->buffers.inputBuffer.dynamicFlag = 1;
- if (align)
- ssl->buffers.inputBuffer.offset = align - hdrSz;
- else
- ssl->buffers.inputBuffer.offset = 0;
- ssl->buffers.inputBuffer.buffer = tmp;
- ssl->buffers.inputBuffer.bufferSize = size + usedLength;
- ssl->buffers.inputBuffer.idx = 0;
- ssl->buffers.inputBuffer.length = usedLength;
-
- return 0;
-}
-
-
-/* check available size into output buffer, make room if needed */
-int CheckAvailableSize(WOLFSSL *ssl, int size)
-{
-
- if (size < 0) {
- WOLFSSL_MSG("CheckAvailableSize() called with negative number");
- return BAD_FUNC_ARG;
- }
-
- if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
- < (word32)size) {
- if (GrowOutputBuffer(ssl, size) < 0)
- return MEMORY_E;
- }
-
- return 0;
-}
-
-
-/* do all verify and sanity checks on record header */
-static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- RecordLayerHeader* rh, word16 *size)
-{
- if (!ssl->options.dtls) {
-#ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD,
- ssl->fuzzerCtx);
-#endif
- XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
- *inOutIdx += RECORD_HEADER_SZ;
- ato16(rh->length, size);
- }
- else {
-#ifdef WOLFSSL_DTLS
- /* type and version in same sport */
- XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
- *inOutIdx += ENUM_LEN + VERSION_SZ;
- ato16(input + *inOutIdx, &ssl->keys.dtls_state.curEpoch);
- *inOutIdx += 4; /* advance past epoch, skip first 2 seq bytes for now */
- ato32(input + *inOutIdx, &ssl->keys.dtls_state.curSeq);
- *inOutIdx += 4; /* advance past rest of seq */
- ato16(input + *inOutIdx, size);
- *inOutIdx += LENGTH_SZ;
-#ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, input + *inOutIdx - LENGTH_SZ - 8 - ENUM_LEN -
- VERSION_SZ, ENUM_LEN + VERSION_SZ + 8 + LENGTH_SZ,
- FUZZ_HEAD, ssl->fuzzerCtx);
-#endif
-#endif
- }
-
- /* catch version mismatch */
- if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){
- if (ssl->options.side == WOLFSSL_SERVER_END &&
- ssl->options.acceptState == ACCEPT_BEGIN)
- WOLFSSL_MSG("Client attempting to connect with different version");
- else if (ssl->options.side == WOLFSSL_CLIENT_END &&
- ssl->options.downgrade &&
- ssl->options.connectState < FIRST_REPLY_DONE)
- WOLFSSL_MSG("Server attempting to accept with different version");
- else {
- WOLFSSL_MSG("SSL version error");
- return VERSION_ERROR; /* only use requested version */
- }
- }
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if (DtlsCheckWindow(&ssl->keys.dtls_state) != 1)
- return SEQUENCE_ERROR;
- }
-#endif
-
- /* record layer length check */
-#ifdef HAVE_MAX_FRAGMENT
- if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
- SendAlert(ssl, alert_fatal, record_overflow);
- return LENGTH_ERROR;
- }
-#else
- if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
- return LENGTH_ERROR;
-#endif
-
- /* verify record type here as well */
- switch (rh->type) {
- case handshake:
- case change_cipher_spec:
- case application_data:
- case alert:
- break;
- case no_type:
- default:
- WOLFSSL_MSG("Unknown Record Type");
- return UNKNOWN_RECORD_TYPE;
- }
-
- /* haven't decrypted this record yet */
- ssl->keys.decryptedCur = 0;
-
- return 0;
-}
-
-
-static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- byte *type, word32 *size, word32 totalSz)
-{
- const byte *ptr = input + *inOutIdx;
- (void)ssl;
-
- *inOutIdx += HANDSHAKE_HEADER_SZ;
- if (*inOutIdx > totalSz)
- return BUFFER_E;
-
- *type = ptr[0];
- c24to32(&ptr[1], size);
-
- return 0;
-}
-
-
-#ifdef WOLFSSL_DTLS
-static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
- word32* inOutIdx, byte *type, word32 *size,
- word32 *fragOffset, word32 *fragSz,
- word32 totalSz)
-{
- word32 idx = *inOutIdx;
-
- *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
- if (*inOutIdx > totalSz)
- return BUFFER_E;
-
- *type = input[idx++];
- c24to32(input + idx, size);
- idx += BYTE3_LEN;
-
- ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
- idx += DTLS_HANDSHAKE_SEQ_SZ;
-
- c24to32(input + idx, fragOffset);
- idx += DTLS_HANDSHAKE_FRAG_SZ;
- c24to32(input + idx, fragSz);
-
- return 0;
-}
-#endif
-
-
-#ifndef NO_OLD_TLS
-/* fill with MD5 pad size since biggest required */
-static const byte PAD1[PAD_MD5] =
- { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
- };
-static const byte PAD2[PAD_MD5] =
- { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
- };
-
-/* calculate MD5 hash for finished */
-#ifdef WOLFSSL_TI_HASH
-#include <wolfssl/wolfcrypt/hash.h>
-#endif
-
-static void BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
-{
-
- byte md5_result[MD5_DIGEST_SIZE];
-
-#ifdef WOLFSSL_SMALL_STACK
- Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#else
- Md5 md5[1];
- Md5 md5_2[1];
-#endif
-
- /* make md5 inner */
- md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
-
- wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
- wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
- wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
- wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
- wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
-
- /* make md5 outer */
- wc_InitMd5(md5_2) ;
- wc_Md5Update(md5_2, ssl->arrays->masterSecret,SECRET_LEN);
- wc_Md5Update(md5_2, PAD2, PAD_MD5);
- wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
- wc_Md5Final(md5_2, hashes->md5);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-}
-
-
-/* calculate SHA hash for finished */
-static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
-{
- byte sha_result[SHA_DIGEST_SIZE];
-
-#ifdef WOLFSSL_SMALL_STACK
- Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#else
- Sha sha[1];
- Sha sha2[1] ;
-#endif
- /* make sha inner */
- sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
-
- wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER);
- wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
- wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
- wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
- wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
-
- /* make sha outer */
- wc_InitSha(sha2) ;
- wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
- wc_ShaUpdate(sha2, PAD2, PAD_SHA);
- wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
- wc_ShaFinal(sha2, hashes->sha);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-}
-#endif
-
-/* Finished doesn't support SHA512, not SHA512 cipher suites yet */
-static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- #ifdef WOLFSSL_SHA384
- Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-#else
- #ifdef WOLFSSL_SHA384
- Sha384 sha384[1];
- #endif
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- if (ssl == NULL
- #ifdef WOLFSSL_SHA384
- || sha384 == NULL
- #endif
- ) {
- #ifdef WOLFSSL_SHA384
- XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return MEMORY_E;
- }
-#endif
-
- /* store current states, building requires get_digest which resets state */
-#ifdef WOLFSSL_SHA384
- sha384[0] = ssl->hsHashes->hashSha384;
-#endif
-
-#ifndef NO_TLS
- if (ssl->options.tls) {
- ret = BuildTlsFinished(ssl, hashes, sender);
- }
-#endif
-#ifndef NO_OLD_TLS
- if (!ssl->options.tls) {
- BuildMD5(ssl, hashes, sender);
- BuildSHA(ssl, hashes, sender);
- }
-#endif
-
- /* restore */
- if (IsAtLeastTLSv1_2(ssl)) {
- #ifdef WOLFSSL_SHA384
- ssl->hsHashes->hashSha384 = sha384[0];
- #endif
- }
-
-#ifdef WOLFSSL_SMALL_STACK
-#ifdef WOLFSSL_SHA384
- XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-#endif
-
- return ret;
-}
-
-
- /* cipher requirements */
- enum {
- REQUIRES_RSA,
- REQUIRES_DHE,
- REQUIRES_ECC_DSA,
- REQUIRES_ECC_STATIC,
- REQUIRES_PSK,
- REQUIRES_NTRU,
- REQUIRES_RSA_SIG
- };
-
-
-
- /* Does this cipher suite (first, second) have the requirement
- an ephemeral key exchange will still require the key for signing
- the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
- static int CipherRequires(byte first, byte second, int requirement)
- {
-
- if (first == CHACHA_BYTE) {
-
- switch (second) {
-
- case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
- }
- }
-
- /* ECC extensions */
- if (first == ECC_BYTE) {
-
- switch (second) {
-
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-
-#ifndef NO_DES3
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-#endif
-
-#ifndef NO_RC4
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_ECDH_RSA_WITH_RC4_128_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-#endif
-#endif /* NO_RSA */
-
-#ifndef NO_DES3
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-#endif
-#ifndef NO_RC4
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-#endif
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-#endif
-
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-
- case TLS_RSA_WITH_AES_128_CCM_8 :
- case TLS_RSA_WITH_AES_256_CCM_8 :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- break;
-
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-#endif
-
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
- case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- break;
-
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
- if (requirement == REQUIRES_ECC_DSA)
- return 1;
- if (requirement == REQUIRES_ECC_STATIC)
- return 1;
- break;
-
- case TLS_PSK_WITH_AES_128_CCM:
- case TLS_PSK_WITH_AES_256_CCM:
- case TLS_PSK_WITH_AES_128_CCM_8:
- case TLS_PSK_WITH_AES_256_CCM_8:
- if (requirement == REQUIRES_PSK)
- return 1;
- break;
-
- case TLS_DHE_PSK_WITH_AES_128_CCM:
- case TLS_DHE_PSK_WITH_AES_256_CCM:
- if (requirement == REQUIRES_PSK)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-
- default:
- WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
- return 0;
- } /* switch */
- } /* if */
- if (first != ECC_BYTE) { /* normal suites */
- switch (second) {
-
-#ifndef NO_RSA
- case SSL_RSA_WITH_RC4_128_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_NTRU_RSA_WITH_RC4_128_SHA :
- if (requirement == REQUIRES_NTRU)
- return 1;
- break;
-
- case SSL_RSA_WITH_RC4_128_MD5 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
- if (requirement == REQUIRES_NTRU)
- return 1;
- break;
-
- case TLS_RSA_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_AES_128_CBC_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_NTRU)
- return 1;
- break;
-
- case TLS_RSA_WITH_AES_256_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_AES_256_CBC_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_NULL_SHA :
- case TLS_RSA_WITH_NULL_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
- if (requirement == REQUIRES_NTRU)
- return 1;
- break;
-#endif
-
- case TLS_PSK_WITH_AES_128_GCM_SHA256 :
- case TLS_PSK_WITH_AES_256_GCM_SHA384 :
- case TLS_PSK_WITH_AES_128_CBC_SHA256 :
- case TLS_PSK_WITH_AES_256_CBC_SHA384 :
- case TLS_PSK_WITH_AES_128_CBC_SHA :
- case TLS_PSK_WITH_AES_256_CBC_SHA :
- case TLS_PSK_WITH_NULL_SHA384 :
- case TLS_PSK_WITH_NULL_SHA256 :
- case TLS_PSK_WITH_NULL_SHA :
- if (requirement == REQUIRES_PSK)
- return 1;
- break;
-
- case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
- case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
- case TLS_DHE_PSK_WITH_NULL_SHA384 :
- case TLS_DHE_PSK_WITH_NULL_SHA256 :
- if (requirement == REQUIRES_DHE)
- return 1;
- if (requirement == REQUIRES_PSK)
- return 1;
- break;
-
-#ifndef NO_RSA
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-
- case TLS_RSA_WITH_HC_128_MD5 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_HC_128_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_HC_128_B2B256:
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_AES_128_CBC_B2B256:
- case TLS_RSA_WITH_AES_256_CBC_B2B256:
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_RABBIT_SHA :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_RSA_WITH_AES_128_GCM_SHA256 :
- case TLS_RSA_WITH_AES_256_GCM_SHA384 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- break;
-
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
- if (requirement == REQUIRES_RSA)
- return 1;
- if (requirement == REQUIRES_RSA_SIG)
- return 1;
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-#endif
-#ifdef HAVE_ANON
- case TLS_DH_anon_WITH_AES_128_CBC_SHA :
- if (requirement == REQUIRES_DHE)
- return 1;
- break;
-#endif
-
- default:
- WOLFSSL_MSG("Unsupported cipher suite, CipherRequires");
- return 0;
- } /* switch */
- } /* if ECC / Normal suites else */
-
- return 0;
- }
-
-
-#ifndef NO_CERTS
-
-
-/* Match names with wildcards, each wildcard can represent a single name
- component or fragment but not mulitple names, i.e.,
- *.z.com matches y.z.com but not x.y.z.com
-
- return 1 on success */
-static int MatchDomainName(const char* pattern, int len, const char* str)
-{
- char p, s;
-
- if (pattern == NULL || str == NULL || len <= 0)
- return 0;
-
- while (len > 0) {
-
- p = (char)XTOLOWER((unsigned char)*pattern++);
- if (p == 0)
- break;
-
- if (p == '*') {
- while (--len > 0 &&
- (p = (char)XTOLOWER((unsigned char)*pattern++)) == '*')
- ;
-
- if (len == 0)
- p = '\0';
-
- while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') {
- if (s == p)
- break;
- if (s == '.')
- return 0;
- str++;
- }
- }
- else {
- if (p != (char)XTOLOWER((unsigned char) *str))
- return 0;
- }
-
- if (*str != '\0')
- str++;
-
- if (len > 0)
- len--;
- }
-
- return *str == '\0';
-}
-
-
-/* try to find an altName match to domain, return 1 on success */
-static int CheckAltNames(DecodedCert* dCert, char* domain)
-{
- int match = 0;
- DNS_entry* altName = NULL;
-
- WOLFSSL_MSG("Checking AltNames");
-
- if (dCert)
- altName = dCert->altNames;
-
- while (altName) {
- WOLFSSL_MSG(" individual AltName check");
-
- if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
- match = 1;
- break;
- }
-
- altName = altName->next;
- }
-
- return match;
-}
-
-
-#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
-
-/* Copy parts X509 needs from Decoded cert, 0 on success */
-int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
-{
- int ret = 0;
-
- if (x509 == NULL || dCert == NULL)
- return BAD_FUNC_ARG;
-
- x509->version = dCert->version + 1;
-
- XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
- x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
- x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
-#ifdef OPENSSL_EXTRA
- if (dCert->issuerName.fullName != NULL) {
- XMEMCPY(&x509->issuer.fullName,
- &dCert->issuerName, sizeof(DecodedName));
- x509->issuer.fullName.fullName = (char*)XMALLOC(
- dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
- if (x509->issuer.fullName.fullName != NULL)
- XMEMCPY(x509->issuer.fullName.fullName,
- dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
- }
-#endif /* OPENSSL_EXTRA */
-
- XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
- x509->subject.name[ASN_NAME_MAX - 1] = '\0';
- x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
-#ifdef OPENSSL_EXTRA
- if (dCert->subjectName.fullName != NULL) {
- XMEMCPY(&x509->subject.fullName,
- &dCert->subjectName, sizeof(DecodedName));
- x509->subject.fullName.fullName = (char*)XMALLOC(
- dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
- if (x509->subject.fullName.fullName != NULL)
- XMEMCPY(x509->subject.fullName.fullName,
- dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
- }
-#endif /* OPENSSL_EXTRA */
-
- XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
- x509->serialSz = dCert->serialSz;
- if (dCert->subjectCNLen < ASN_NAME_MAX) {
- XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
- x509->subjectCN[dCert->subjectCNLen] = '\0';
- }
- else
- x509->subjectCN[0] = '\0';
-
-#ifdef WOLFSSL_SEP
- {
- int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
- if (minSz > 0) {
- x509->deviceTypeSz = minSz;
- XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
- }
- else
- x509->deviceTypeSz = 0;
- minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
- if (minSz != 0) {
- x509->hwTypeSz = minSz;
- XMEMCPY(x509->hwType, dCert->hwType, minSz);
- }
- else
- x509->hwTypeSz = 0;
- minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
- if (minSz != 0) {
- x509->hwSerialNumSz = minSz;
- XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
- }
- else
- x509->hwSerialNumSz = 0;
- }
-#endif /* WOLFSSL_SEP */
- {
- int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ);
- if (minSz != 0) {
- x509->notBeforeSz = minSz;
- XMEMCPY(x509->notBefore, dCert->beforeDate, minSz);
- }
- else
- x509->notBeforeSz = 0;
- minSz = min(dCert->afterDateLen, MAX_DATE_SZ);
- if (minSz != 0) {
- x509->notAfterSz = minSz;
- XMEMCPY(x509->notAfter, dCert->afterDate, minSz);
- }
- else
- x509->notAfterSz = 0;
- }
-
- if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
- x509->pubKey.buffer = (byte*)XMALLOC(
- dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- if (x509->pubKey.buffer != NULL) {
- x509->pubKeyOID = dCert->keyOID;
- x509->pubKey.length = dCert->pubKeySize;
- XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
- }
- else
- ret = MEMORY_E;
- }
-
- if (dCert->signature != NULL && dCert->sigLength != 0) {
- x509->sig.buffer = (byte*)XMALLOC(
- dCert->sigLength, NULL, DYNAMIC_TYPE_SIGNATURE);
- if (x509->sig.buffer == NULL) {
- ret = MEMORY_E;
- }
- else {
- XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
- x509->sig.length = dCert->sigLength;
- x509->sigOID = dCert->signatureOID;
- }
- }
-
- /* store cert for potential retrieval */
- x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
- DYNAMIC_TYPE_CERT);
- if (x509->derCert.buffer == NULL) {
- ret = MEMORY_E;
- }
- else {
- XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx);
- x509->derCert.length = dCert->maxIdx;
- }
-
- x509->altNames = dCert->altNames;
- dCert->weOwnAltNames = 0;
- x509->altNamesNext = x509->altNames; /* index hint */
-
- x509->isCa = dCert->isCA;
-#ifdef OPENSSL_EXTRA
- x509->pathLength = dCert->pathLength;
- x509->keyUsage = dCert->extKeyUsage;
-
- x509->basicConstSet = dCert->extBasicConstSet;
- x509->basicConstCrit = dCert->extBasicConstCrit;
- x509->basicConstPlSet = dCert->extBasicConstPlSet;
- x509->subjAltNameSet = dCert->extSubjAltNameSet;
- x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
- x509->authKeyIdSet = dCert->extAuthKeyIdSet;
- x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
- if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
- x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0);
- if (x509->authKeyId != NULL) {
- XMEMCPY(x509->authKeyId,
- dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
- x509->authKeyIdSz = dCert->extAuthKeyIdSz;
- }
- else
- ret = MEMORY_E;
- }
- x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
- x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
- if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
- x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0);
- if (x509->subjKeyId != NULL) {
- XMEMCPY(x509->subjKeyId,
- dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
- x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
- }
- else
- ret = MEMORY_E;
- }
- x509->keyUsageSet = dCert->extKeyUsageSet;
- x509->keyUsageCrit = dCert->extKeyUsageCrit;
- #ifdef WOLFSSL_SEP
- x509->certPolicySet = dCert->extCertPolicySet;
- x509->certPolicyCrit = dCert->extCertPolicyCrit;
- #endif /* WOLFSSL_SEP */
-#endif /* OPENSSL_EXTRA */
-#ifdef HAVE_ECC
- x509->pkCurveOID = dCert->pkCurveOID;
-#endif /* HAVE_ECC */
-
- return ret;
-}
-
-#endif /* KEEP_PEER_CERT || SESSION_CERTS */
-
-
-static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
- word32 size)
-{
- word32 listSz;
- word32 begin = *inOutIdx;
- int ret = 0;
- int anyError = 0;
- int totalCerts = 0; /* number of certs in certs buffer */
- int count;
- buffer certs[MAX_CHAIN_DEPTH];
-
-#ifdef WOLFSSL_SMALL_STACK
- char* domain = NULL;
- DecodedCert* dCert = NULL;
- WOLFSSL_X509_STORE_CTX* store = NULL;
-#else
- char domain[ASN_NAME_MAX];
- DecodedCert dCert[1];
- WOLFSSL_X509_STORE_CTX store[1];
-#endif
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
- if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo);
- #endif
-
- if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
- return BUFFER_ERROR;
-
- c24to32(input + *inOutIdx, &listSz);
- *inOutIdx += OPAQUE24_LEN;
-
-#ifdef HAVE_MAX_FRAGMENT
- if (listSz > ssl->max_fragment) {
- SendAlert(ssl, alert_fatal, record_overflow);
- return BUFFER_E;
- }
-#else
- if (listSz > MAX_RECORD_SIZE)
- return BUFFER_E;
-#endif
-
- if ((*inOutIdx - begin) + listSz != size)
- return BUFFER_ERROR;
-
- WOLFSSL_MSG("Loading peer's cert chain");
- /* first put cert chain into buffer so can verify top down
- we're sent bottom up */
- while (listSz) {
- word32 certSz;
-
- if (totalCerts >= MAX_CHAIN_DEPTH)
- return MAX_CHAIN_ERROR;
-
- if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
- return BUFFER_ERROR;
-
- c24to32(input + *inOutIdx, &certSz);
- *inOutIdx += OPAQUE24_LEN;
-
- if ((*inOutIdx - begin) + certSz > size)
- return BUFFER_ERROR;
-
- certs[totalCerts].length = certSz;
- certs[totalCerts].buffer = input + *inOutIdx;
-
-#ifdef SESSION_CERTS
- if (ssl->session.chain.count < MAX_CHAIN_DEPTH &&
- certSz < MAX_X509_SIZE) {
- ssl->session.chain.certs[ssl->session.chain.count].length = certSz;
- XMEMCPY(ssl->session.chain.certs[ssl->session.chain.count].buffer,
- input + *inOutIdx, certSz);
- ssl->session.chain.count++;
- } else {
- WOLFSSL_MSG("Couldn't store chain cert for session");
- }
-#endif
-
- *inOutIdx += certSz;
- listSz -= certSz + CERT_HEADER_SZ;
-
- totalCerts++;
- WOLFSSL_MSG(" Put another cert into chain");
- }
-
- count = totalCerts;
-
-#ifdef WOLFSSL_SMALL_STACK
- dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (dCert == NULL)
- return MEMORY_E;
-#endif
-
- /* verify up to peer's first */
- while (count > 1) {
- buffer myCert = certs[count - 1];
- byte* subjectHash;
-
- InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap);
- ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone,
- ssl->ctx->cm);
- #ifndef NO_SKID
- subjectHash = dCert->extSubjKeyId;
- #else
- subjectHash = dCert->subjectHash;
- #endif
-
- if (ret == 0 && dCert->isCA == 0) {
- WOLFSSL_MSG("Chain cert is not a CA, not adding as one");
- }
- else if (ret == 0 && ssl->options.verifyNone) {
- WOLFSSL_MSG("Chain cert not verified by option, not adding as CA");
- }
- else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {
- buffer add;
- add.length = myCert.length;
- add.buffer = (byte*)XMALLOC(myCert.length, ssl->heap,
- DYNAMIC_TYPE_CA);
- WOLFSSL_MSG("Adding CA from chain");
-
- if (add.buffer == NULL)
- return MEMORY_E;
- XMEMCPY(add.buffer, myCert.buffer, myCert.length);
-
- ret = AddCA(ssl->ctx->cm, add, WOLFSSL_CHAIN_CA,
- ssl->ctx->verifyPeer);
- if (ret == 1) ret = 0; /* SSL_SUCCESS for external */
- }
- else if (ret != 0) {
- WOLFSSL_MSG("Failed to verify CA from chain");
- }
- else {
- WOLFSSL_MSG("Verified CA from chain and already had it");
- }
-
-#if defined(HAVE_OCSP) || defined(HAVE_CRL)
- if (ret == 0) {
- int doCrlLookup = 1;
- (void)doCrlLookup;
-#ifdef HAVE_OCSP
- if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) {
- WOLFSSL_MSG("Doing Non Leaf OCSP check");
- ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert);
- doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
- if (ret != 0) {
- doCrlLookup = 0;
- WOLFSSL_MSG("\tOCSP Lookup not ok");
- }
- }
-#endif /* HAVE_OCSP */
-
-#ifdef HAVE_CRL
- if (doCrlLookup && ssl->ctx->cm->crlEnabled
- && ssl->ctx->cm->crlCheckAll) {
- WOLFSSL_MSG("Doing Non Leaf CRL check");
- ret = CheckCertCRL(ssl->ctx->cm->crl, dCert);
-
- if (ret != 0) {
- WOLFSSL_MSG("\tCRL check not ok");
- }
- }
-#endif /* HAVE_CRL */
- }
-#endif /* HAVE_OCSP || HAVE_CRL */
-
- if (ret != 0 && anyError == 0)
- anyError = ret; /* save error from last time */
-
- FreeDecodedCert(dCert);
- count--;
- }
-
- /* peer's, may not have one if blank client cert sent by TLSv1.2 */
- if (count) {
- buffer myCert = certs[0];
- int fatal = 0;
-
- WOLFSSL_MSG("Verifying Peer's cert");
-
- InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap);
- ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone,
- ssl->ctx->cm);
- if (ret == 0) {
- WOLFSSL_MSG("Verified Peer's cert");
- fatal = 0;
- }
- else if (ret == ASN_PARSE_E) {
- WOLFSSL_MSG("Got Peer cert ASN PARSE ERROR, fatal");
- fatal = 1;
- }
- else {
- WOLFSSL_MSG("Failed to verify Peer's cert");
- if (ssl->verifyCallback) {
- WOLFSSL_MSG("\tCallback override available, will continue");
- fatal = 0;
- }
- else {
- WOLFSSL_MSG("\tNo callback override available, fatal");
- fatal = 1;
- }
- }
-
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (fatal == 0 && ssl->secure_renegotiation
- && ssl->secure_renegotiation->enabled) {
-
- if (ssl->keys.encryptionOn) {
- /* compare against previous time */
- if (XMEMCMP(dCert->subjectHash,
- ssl->secure_renegotiation->subject_hash,
- SHA_DIGEST_SIZE) != 0) {
- WOLFSSL_MSG("Peer sent different cert during scr, fatal");
- fatal = 1;
- ret = SCR_DIFFERENT_CERT_E;
- }
- }
-
- /* cache peer's hash */
- if (fatal == 0) {
- XMEMCPY(ssl->secure_renegotiation->subject_hash,
- dCert->subjectHash, SHA_DIGEST_SIZE);
- }
- }
-#endif
-
-#if defined(HAVE_OCSP) || defined(HAVE_CRL)
- if (fatal == 0) {
- int doCrlLookup = 1;
- (void)doCrlLookup;
-#ifdef HAVE_OCSP
- if (ssl->ctx->cm->ocspEnabled) {
- ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert);
- doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
- if (ret != 0) {
- WOLFSSL_MSG("\tOCSP Lookup not ok");
- fatal = 0;
- }
- }
-#endif /* HAVE_OCSP */
-
-#ifdef HAVE_CRL
- if (doCrlLookup && ssl->ctx->cm->crlEnabled) {
- WOLFSSL_MSG("Doing Leaf CRL check");
- ret = CheckCertCRL(ssl->ctx->cm->crl, dCert);
- if (ret != 0) {
- WOLFSSL_MSG("\tCRL check not ok");
- fatal = 0;
- }
- }
-#endif /* HAVE_CRL */
- }
-#endif /* HAVE_OCSP || HAVE_CRL */
-
-#ifdef KEEP_PEER_CERT
- {
- /* set X509 format for peer cert even if fatal */
- int copyRet = CopyDecodedToX509(&ssl->peerCert, dCert);
- if (copyRet == MEMORY_E)
- fatal = 1;
- }
-#endif
-
-#ifndef IGNORE_KEY_EXTENSIONS
- if (dCert->extKeyUsageSet) {
- if ((ssl->specs.kea == rsa_kea) &&
- (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
- ret = KEYUSE_ENCIPHER_E;
- }
- if ((ssl->specs.sig_algo == rsa_sa_algo ||
- (ssl->specs.sig_algo == ecc_dsa_sa_algo &&
- !ssl->specs.static_ecdh)) &&
- (dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
- WOLFSSL_MSG("KeyUse Digital Sig not set");
- ret = KEYUSE_SIGNATURE_E;
- }
- }
-
- if (dCert->extExtKeyUsageSet) {
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- if ((dCert->extExtKeyUsage &
- (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) {
- WOLFSSL_MSG("ExtKeyUse Server Auth not set");
- ret = EXTKEYUSE_AUTH_E;
- }
- }
- else {
- if ((dCert->extExtKeyUsage &
- (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) {
- WOLFSSL_MSG("ExtKeyUse Client Auth not set");
- ret = EXTKEYUSE_AUTH_E;
- }
- }
- }
-#endif /* IGNORE_KEY_EXTENSIONS */
-
- if (fatal) {
- FreeDecodedCert(dCert);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ssl->error = ret;
- return ret;
- }
- ssl->options.havePeerCert = 1;
-
-#ifdef WOLFSSL_SMALL_STACK
- domain = (char*)XMALLOC(ASN_NAME_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (domain == NULL) {
- FreeDecodedCert(dCert);
- XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
- /* store for callback use */
- if (dCert->subjectCNLen < ASN_NAME_MAX) {
- XMEMCPY(domain, dCert->subjectCN, dCert->subjectCNLen);
- domain[dCert->subjectCNLen] = '\0';
- }
- else
- domain[0] = '\0';
-
- if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
- if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
- (char*)ssl->buffers.domainName.buffer) == 0) {
- WOLFSSL_MSG("DomainName match on common name failed");
- if (CheckAltNames(dCert,
- (char*)ssl->buffers.domainName.buffer) == 0 ) {
- WOLFSSL_MSG("DomainName match on alt names failed too");
- ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */
- }
- }
- }
-
- /* decode peer key */
- switch (dCert->keyOID) {
- #ifndef NO_RSA
- case RSAk:
- {
- word32 idx = 0;
- int keyRet = 0;
-
- if (ssl->peerRsaKey == NULL) {
- ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey),
- ssl->heap, DYNAMIC_TYPE_RSA);
- if (ssl->peerRsaKey == NULL) {
- WOLFSSL_MSG("PeerRsaKey Memory error");
- keyRet = MEMORY_E;
- } else {
- keyRet = wc_InitRsaKey(ssl->peerRsaKey,
- ssl->ctx->heap);
- }
- } else if (ssl->peerRsaKeyPresent) {
- /* don't leak on reuse */
- wc_FreeRsaKey(ssl->peerRsaKey);
- ssl->peerRsaKeyPresent = 0;
- keyRet = wc_InitRsaKey(ssl->peerRsaKey, ssl->heap);
- }
-
- if (keyRet != 0 || wc_RsaPublicKeyDecode(dCert->publicKey,
- &idx, ssl->peerRsaKey, dCert->pubKeySize) != 0) {
- ret = PEER_KEY_ERROR;
- }
- else {
- ssl->peerRsaKeyPresent = 1;
- #ifdef HAVE_PK_CALLBACKS
- #ifndef NO_RSA
- ssl->buffers.peerRsaKey.buffer =
- (byte*)XMALLOC(dCert->pubKeySize,
- ssl->heap, DYNAMIC_TYPE_RSA);
- if (ssl->buffers.peerRsaKey.buffer == NULL)
- ret = MEMORY_ERROR;
- else {
- XMEMCPY(ssl->buffers.peerRsaKey.buffer,
- dCert->publicKey, dCert->pubKeySize);
- ssl->buffers.peerRsaKey.length =
- dCert->pubKeySize;
- }
- #endif /* NO_RSA */
- #endif /*HAVE_PK_CALLBACKS */
- }
- }
- break;
- #endif /* NO_RSA */
- #ifdef HAVE_NTRU
- case NTRUk:
- {
- if (dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
- ret = PEER_KEY_ERROR;
- }
- else {
- XMEMCPY(ssl->peerNtruKey, dCert->publicKey,
- dCert->pubKeySize);
- ssl->peerNtruKeyLen = (word16)dCert->pubKeySize;
- ssl->peerNtruKeyPresent = 1;
- }
- }
- break;
- #endif /* HAVE_NTRU */
- #ifdef HAVE_ECC
- case ECDSAk:
- {
- if (ssl->peerEccDsaKey == NULL) {
- /* alloc/init on demand */
- ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
- ssl->ctx->heap, DYNAMIC_TYPE_ECC);
- if (ssl->peerEccDsaKey == NULL) {
- WOLFSSL_MSG("PeerEccDsaKey Memory error");
- return MEMORY_E;
- }
- wc_ecc_init(ssl->peerEccDsaKey);
- } else if (ssl->peerEccDsaKeyPresent) {
- /* don't leak on reuse */
- wc_ecc_free(ssl->peerEccDsaKey);
- ssl->peerEccDsaKeyPresent = 0;
- wc_ecc_init(ssl->peerEccDsaKey);
- }
- if (wc_ecc_import_x963(dCert->publicKey, dCert->pubKeySize,
- ssl->peerEccDsaKey) != 0) {
- ret = PEER_KEY_ERROR;
- }
- else {
- ssl->peerEccDsaKeyPresent = 1;
- #ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- ssl->buffers.peerEccDsaKey.buffer =
- (byte*)XMALLOC(dCert->pubKeySize,
- ssl->heap, DYNAMIC_TYPE_ECC);
- if (ssl->buffers.peerEccDsaKey.buffer == NULL)
- ret = MEMORY_ERROR;
- else {
- XMEMCPY(ssl->buffers.peerEccDsaKey.buffer,
- dCert->publicKey, dCert->pubKeySize);
- ssl->buffers.peerEccDsaKey.length =
- dCert->pubKeySize;
- }
- #endif /* HAVE_ECC */
- #endif /*HAVE_PK_CALLBACKS */
- }
- }
- break;
- #endif /* HAVE_ECC */
- default:
- break;
- }
-
- FreeDecodedCert(dCert);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX),
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (store == NULL) {
- XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- if (anyError != 0 && ret == 0)
- ret = anyError;
-
- if (ret != 0) {
- if (!ssl->options.verifyNone) {
- int why = bad_certificate;
-
- if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E)
- why = certificate_expired;
- if (ssl->verifyCallback) {
- int ok;
-
- store->error = ret;
- store->error_depth = totalCerts;
- store->discardSessionCerts = 0;
- store->domain = domain;
- store->userCtx = ssl->verifyCbCtx;
-#ifdef KEEP_PEER_CERT
- store->current_cert = &ssl->peerCert;
-#else
- store->current_cert = NULL;
-#endif
-#ifdef FORTRESS
- store->ex_data = ssl;
-#endif
- ok = ssl->verifyCallback(0, store);
- if (ok) {
- WOLFSSL_MSG("Verify callback overriding error!");
- ret = 0;
- }
- #ifdef SESSION_CERTS
- if (store->discardSessionCerts) {
- WOLFSSL_MSG("Verify callback requested discard sess certs");
- ssl->session.chain.count = 0;
- }
- #endif
- }
- if (ret != 0) {
- SendAlert(ssl, alert_fatal, why); /* try to send */
- ssl->options.isClosed = 1;
- }
- }
- ssl->error = ret;
- }
-#ifdef WOLFSSL_ALWAYS_VERIFY_CB
- else {
- if (ssl->verifyCallback) {
- int ok;
-
- store->error = ret;
- store->error_depth = totalCerts;
- store->discardSessionCerts = 0;
- store->domain = domain;
- store->userCtx = ssl->verifyCbCtx;
-#ifdef KEEP_PEER_CERT
- store->current_cert = &ssl->peerCert;
-#endif
- store->ex_data = ssl;
-
- ok = ssl->verifyCallback(1, store);
- if (!ok) {
- WOLFSSL_MSG("Verify callback overriding valid certificate!");
- ret = -1;
- SendAlert(ssl, alert_fatal, bad_certificate);
- ssl->options.isClosed = 1;
- }
- #ifdef SESSION_CERTS
- if (store->discardSessionCerts) {
- WOLFSSL_MSG("Verify callback requested discard sess certs");
- ssl->session.chain.count = 0;
- }
- #endif
- }
- }
-#endif
-
- if (ssl->options.verifyNone &&
- (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
- WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
- ret = ssl->error = 0;
- }
-
- if (ret == 0 && ssl->options.side == WOLFSSL_CLIENT_END)
- ssl->options.serverState = SERVER_CERT_COMPLETE;
-
- if (ssl->keys.encryptionOn) {
- *inOutIdx += ssl->keys.padSz;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(store, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#endif /* !NO_CERTS */
-
-
-static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- word32 size, word32 totalSz)
-{
- (void)input;
-
- if (size) /* must be 0 */
- return BUFFER_ERROR;
-
- if (ssl->keys.encryptionOn) {
- /* access beyond input + size should be checked against totalSz */
- if (*inOutIdx + ssl->keys.padSz > totalSz)
- return BUFFER_E;
-
- *inOutIdx += ssl->keys.padSz;
- }
-
- if (ssl->options.side == WOLFSSL_SERVER_END) {
- SendAlert(ssl, alert_fatal, unexpected_message); /* try */
- return FATAL_ERROR;
- }
-#ifdef HAVE_SECURE_RENEGOTIATION
- else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
- ssl->secure_renegotiation->startScr = 1;
- return 0;
- }
-#endif
- else {
- return SendAlert(ssl, alert_warning, no_renegotiation);
- }
-}
-
-
-int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
- word32 totalSz, int sniff)
-{
- word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ);
-
- if (finishedSz != size)
- return BUFFER_ERROR;
-
- /* check against totalSz */
- if (*inOutIdx + size + ssl->keys.padSz > totalSz)
- return BUFFER_E;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
- if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
- #endif
-
- if (sniff == NO_SNIFF) {
- if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
- WOLFSSL_MSG("Verify finished error on hashes");
- return VERIFY_FINISHED_ERROR;
- }
- }
-
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation) {
- /* save peer's state */
- if (ssl->options.side == WOLFSSL_CLIENT_END)
- XMEMCPY(ssl->secure_renegotiation->server_verify_data,
- input + *inOutIdx, TLS_FINISHED_SZ);
- else
- XMEMCPY(ssl->secure_renegotiation->client_verify_data,
- input + *inOutIdx, TLS_FINISHED_SZ);
- }
-#endif
-
- /* force input exhaustion at ProcessReply consuming padSz */
- *inOutIdx += size + ssl->keys.padSz;
-
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- ssl->options.serverState = SERVER_FINISHED_COMPLETE;
- if (!ssl->options.resuming) {
- ssl->options.handShakeState = HANDSHAKE_DONE;
- ssl->options.handShakeDone = 1;
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- /* Other side has received our Finished, go to next epoch */
- ssl->keys.dtls_epoch++;
- ssl->keys.dtls_sequence_number = 1;
- }
-#endif
- }
- }
- else {
- ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
- if (ssl->options.resuming) {
- ssl->options.handShakeState = HANDSHAKE_DONE;
- ssl->options.handShakeDone = 1;
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- /* Other side has received our Finished, go to next epoch */
- ssl->keys.dtls_epoch++;
- ssl->keys.dtls_sequence_number = 1;
- }
-#endif
- }
- }
-
- return 0;
-}
-
-
-/* Make sure no duplicates, no fast forward, or other problems; 0 on success */
-static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
-{
- /* verify not a duplicate, mark received, check state */
- switch (type) {
-
-#ifndef NO_WOLFSSL_CLIENT
- case hello_request:
- if (ssl->msgsReceived.got_hello_request) {
- WOLFSSL_MSG("Duplicate HelloRequest received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_hello_request = 1;
-
- break;
-#endif
-
-#ifndef NO_WOLFSSL_SERVER
- case client_hello:
- if (ssl->msgsReceived.got_client_hello) {
- WOLFSSL_MSG("Duplicate ClientHello received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_client_hello = 1;
-
- break;
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
- case server_hello:
- if (ssl->msgsReceived.got_server_hello) {
- WOLFSSL_MSG("Duplicate ServerHello received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_server_hello = 1;
-
- break;
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
- case hello_verify_request:
- if (ssl->msgsReceived.got_hello_verify_request) {
- WOLFSSL_MSG("Duplicate HelloVerifyRequest received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_hello_verify_request = 1;
-
- break;
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
- case session_ticket:
- if (ssl->msgsReceived.got_session_ticket) {
- WOLFSSL_MSG("Duplicate SessionTicket received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_session_ticket = 1;
-
- break;
-#endif
-
- case certificate:
- if (ssl->msgsReceived.got_certificate) {
- WOLFSSL_MSG("Duplicate Certificate received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_certificate = 1;
-
-#ifndef NO_WOLFSSL_CLIENT
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- if ( ssl->msgsReceived.got_server_hello == 0) {
- WOLFSSL_MSG("No ServerHello before Cert");
- return OUT_OF_ORDER_E;
- }
- }
-#endif
-#ifndef NO_WOLFSSL_SERVER
- if (ssl->options.side == WOLFSSL_SERVER_END) {
- if ( ssl->msgsReceived.got_client_hello == 0) {
- WOLFSSL_MSG("No ClientHello before Cert");
- return OUT_OF_ORDER_E;
- }
- }
-#endif
- break;
-
-#ifndef NO_WOLFSSL_CLIENT
- case server_key_exchange:
- if (ssl->msgsReceived.got_server_key_exchange) {
- WOLFSSL_MSG("Duplicate ServerKeyExchange received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_server_key_exchange = 1;
-
- if ( ssl->msgsReceived.got_server_hello == 0) {
- WOLFSSL_MSG("No ServerHello before Cert");
- return OUT_OF_ORDER_E;
- }
-
- break;
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
- case certificate_request:
- if (ssl->msgsReceived.got_certificate_request) {
- WOLFSSL_MSG("Duplicate CertificateRequest received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_certificate_request = 1;
-
- break;
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
- case server_hello_done:
- if (ssl->msgsReceived.got_server_hello_done) {
- WOLFSSL_MSG("Duplicate ServerHelloDone received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_server_hello_done = 1;
-
- if (ssl->msgsReceived.got_certificate == 0) {
- if (ssl->specs.kea == psk_kea ||
- ssl->specs.kea == dhe_psk_kea ||
- ssl->options.usingAnon_cipher) {
- WOLFSSL_MSG("No Cert required");
- } else {
- WOLFSSL_MSG("No Certificate before ServerHelloDone");
- return OUT_OF_ORDER_E;
- }
- }
- if (ssl->msgsReceived.got_server_key_exchange == 0) {
- if (ssl->specs.static_ecdh == 1 ||
- ssl->specs.kea == rsa_kea ||
- ssl->specs.kea == ntru_kea) {
- WOLFSSL_MSG("No KeyExchange required");
- } else {
- WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
- return OUT_OF_ORDER_E;
- }
- }
- break;
-#endif
-
-#ifndef NO_WOLFSSL_SERVER
- case certificate_verify:
- if (ssl->msgsReceived.got_certificate_verify) {
- WOLFSSL_MSG("Duplicate CertificateVerify received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_certificate_verify = 1;
-
- if ( ssl->msgsReceived.got_certificate == 0) {
- WOLFSSL_MSG("No Cert before CertVerify");
- return OUT_OF_ORDER_E;
- }
- break;
-#endif
-
-#ifndef NO_WOLFSSL_SERVER
- case client_key_exchange:
- if (ssl->msgsReceived.got_client_key_exchange) {
- WOLFSSL_MSG("Duplicate ClientKeyExchange received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_client_key_exchange = 1;
-
- if (ssl->msgsReceived.got_client_hello == 0) {
- WOLFSSL_MSG("No ClientHello before ClientKeyExchange");
- return OUT_OF_ORDER_E;
- }
- break;
-#endif
-
- case finished:
- if (ssl->msgsReceived.got_finished) {
- WOLFSSL_MSG("Duplicate Finished received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_finished = 1;
-
- if (ssl->msgsReceived.got_change_cipher == 0) {
- WOLFSSL_MSG("Finished received before ChangeCipher");
- return NO_CHANGE_CIPHER_E;
- }
-
- break;
-
- case change_cipher_hs:
- if (ssl->msgsReceived.got_change_cipher) {
- WOLFSSL_MSG("Duplicate ChangeCipher received");
- return DUPLICATE_MSG_E;
- }
- ssl->msgsReceived.got_change_cipher = 1;
-
-#ifndef NO_WOLFSSL_CLIENT
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- if (!ssl->options.resuming &&
- ssl->msgsReceived.got_server_hello_done == 0) {
- WOLFSSL_MSG("No ServerHelloDone before ChangeCipher");
- return OUT_OF_ORDER_E;
- }
- }
-#endif
-#ifndef NO_WOLFSSL_SERVER
- if (ssl->options.side == WOLFSSL_SERVER_END) {
- if (!ssl->options.resuming &&
- ssl->msgsReceived.got_client_key_exchange == 0) {
- WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
- return OUT_OF_ORDER_E;
- }
- }
-#endif
-
- break;
-
- default:
- WOLFSSL_MSG("Unknown message type");
- return SANITY_MSG_E;
- }
-
- return 0;
-}
-
-
-static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
- byte type, word32 size, word32 totalSz)
-{
- int ret = 0;
- (void)totalSz;
-
- WOLFSSL_ENTER("DoHandShakeMsgType");
-
- /* make sure can read the message */
- if (*inOutIdx + size > totalSz)
- return INCOMPLETE_DATA;
-
- /* sanity check msg received */
- if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
- WOLFSSL_MSG("Sanity Check on handshake message type received failed");
- return ret;
- }
-
-#ifdef WOLFSSL_CALLBACKS
- /* add name later, add on record and handshake header part back on */
- if (ssl->toInfoOn) {
- int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add,
- size + add, ssl->heap);
- AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
- }
-#endif
-
- if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
- WOLFSSL_MSG("HandShake message after handshake complete");
- SendAlert(ssl, alert_fatal, unexpected_message);
- return OUT_OF_ORDER_E;
- }
-
- if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls == 0 &&
- ssl->options.serverState == NULL_STATE && type != server_hello) {
- WOLFSSL_MSG("First server message not server hello");
- SendAlert(ssl, alert_fatal, unexpected_message);
- return OUT_OF_ORDER_E;
- }
-
- if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls &&
- type == server_hello_done &&
- ssl->options.serverState < SERVER_HELLO_COMPLETE) {
- WOLFSSL_MSG("Server hello done received before server hello in DTLS");
- SendAlert(ssl, alert_fatal, unexpected_message);
- return OUT_OF_ORDER_E;
- }
-
- if (ssl->options.side == WOLFSSL_SERVER_END &&
- ssl->options.clientState == NULL_STATE && type != client_hello) {
- WOLFSSL_MSG("First client message not client hello");
- SendAlert(ssl, alert_fatal, unexpected_message);
- return OUT_OF_ORDER_E;
- }
-
- /* above checks handshake state */
- /* hello_request not hashed */
- if (type != hello_request) {
- ret = HashInput(ssl, input + *inOutIdx, size);
- if (ret != 0) return ret;
- }
-
- switch (type) {
-
- case hello_request:
- WOLFSSL_MSG("processing hello request");
- ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz);
- break;
-
-#ifndef NO_WOLFSSL_CLIENT
- case hello_verify_request:
- WOLFSSL_MSG("processing hello verify request");
- ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
- break;
-
- case server_hello:
- WOLFSSL_MSG("processing server hello");
- ret = DoServerHello(ssl, input, inOutIdx, size);
- break;
-
-#ifndef NO_CERTS
- case certificate_request:
- WOLFSSL_MSG("processing certificate request");
- ret = DoCertificateRequest(ssl, input, inOutIdx, size);
- break;
-#endif
-
- case server_key_exchange:
- WOLFSSL_MSG("processing server key exchange");
- ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
- break;
-
-#ifdef HAVE_SESSION_TICKET
- case session_ticket:
- WOLFSSL_MSG("processing session ticket");
- ret = DoSessionTicket(ssl, input, inOutIdx, size);
- break;
-#endif /* HAVE_SESSION_TICKET */
-#endif
-
-#ifndef NO_CERTS
- case certificate:
- WOLFSSL_MSG("processing certificate");
- ret = DoCertificate(ssl, input, inOutIdx, size);
- break;
-#endif
-
- case server_hello_done:
- WOLFSSL_MSG("processing server hello done");
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddLateName("ServerHelloDone", &ssl->timeoutInfo);
- #endif
- ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
- if (ssl->keys.encryptionOn) {
- *inOutIdx += ssl->keys.padSz;
- }
- if (ssl->options.resuming) {
- WOLFSSL_MSG("Not resuming as thought");
- ssl->options.resuming = 0;
- }
- break;
-
- case finished:
- WOLFSSL_MSG("processing finished");
- ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
- break;
-
-#ifndef NO_WOLFSSL_SERVER
- case client_hello:
- WOLFSSL_MSG("processing client hello");
- ret = DoClientHello(ssl, input, inOutIdx, size);
- break;
-
- case client_key_exchange:
- WOLFSSL_MSG("processing client key exchange");
- ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
- break;
-
-#if !defined(NO_RSA) || defined(HAVE_ECC)
- case certificate_verify:
- WOLFSSL_MSG("processing certificate verify");
- ret = DoCertificateVerify(ssl, input, inOutIdx, size);
- break;
-#endif /* !NO_RSA || HAVE_ECC */
-
-#endif /* !NO_WOLFSSL_SERVER */
-
- default:
- WOLFSSL_MSG("Unknown handshake message type");
- ret = UNKNOWN_HANDSHAKE_TYPE;
- break;
- }
-
- WOLFSSL_LEAVE("DoHandShakeMsgType()", ret);
- return ret;
-}
-
-
-static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
- word32 totalSz)
-{
- byte type;
- word32 size;
- int ret = 0;
-
- WOLFSSL_ENTER("DoHandShakeMsg()");
-
- if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size, totalSz) != 0)
- return PARSE_ERROR;
-
- ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
-
- WOLFSSL_LEAVE("DoHandShakeMsg()", ret);
- return ret;
-}
-
-
-#ifdef WOLFSSL_DTLS
-
-static INLINE int DtlsCheckWindow(DtlsState* state)
-{
- word32 cur;
- word32 next;
- DtlsSeq window;
-
- if (state->curEpoch == state->nextEpoch) {
- next = state->nextSeq;
- window = state->window;
- }
- else if (state->curEpoch < state->nextEpoch) {
- next = state->prevSeq;
- window = state->prevWindow;
- }
- else {
- return 0;
- }
-
- cur = state->curSeq;
-
- if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) {
- return 0;
- }
- else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) {
- return 0;
- }
-
- return 1;
-}
-
-
-static INLINE int DtlsUpdateWindow(DtlsState* state)
-{
- word32 cur;
- word32* next;
- DtlsSeq* window;
-
- if (state->curEpoch == state->nextEpoch) {
- next = &state->nextSeq;
- window = &state->window;
- }
- else {
- next = &state->prevSeq;
- window = &state->prevWindow;
- }
-
- cur = state->curSeq;
-
- if (cur < *next) {
- *window |= ((DtlsSeq)1 << (*next - cur - 1));
- }
- else {
- *window <<= (1 + cur - *next);
- *window |= 1;
- *next = cur + 1;
- }
-
- return 1;
-}
-
-
-static int DtlsMsgDrain(WOLFSSL* ssl)
-{
- DtlsMsg* item = ssl->dtls_msg_list;
- int ret = 0;
-
- /* While there is an item in the store list, and it is the expected
- * message, and it is complete, and there hasn't been an error in the
- * last messge... */
- while (item != NULL &&
- ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
- item->fragSz == item->sz &&
- ret == 0) {
- word32 idx = 0;
- ssl->keys.dtls_expected_peer_handshake_number++;
- ret = DoHandShakeMsgType(ssl, item->msg,
- &idx, item->type, item->sz, item->sz);
- ssl->dtls_msg_list = item->next;
- DtlsMsgDelete(item, ssl->heap);
- item = ssl->dtls_msg_list;
- }
-
- return ret;
-}
-
-
-static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
- word32 totalSz)
-{
- byte type;
- word32 size;
- word32 fragOffset, fragSz;
- int ret = 0;
-
- WOLFSSL_ENTER("DoDtlsHandShakeMsg()");
- if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
- &size, &fragOffset, &fragSz, totalSz) != 0)
- return PARSE_ERROR;
-
- if (*inOutIdx + fragSz > totalSz)
- return INCOMPLETE_DATA;
-
- /* Check the handshake sequence number first. If out of order,
- * add the current message to the list. If the message is in order,
- * but it is a fragment, add the current message to the list, then
- * check the head of the list to see if it is complete, if so, pop
- * it out as the current message. If the message is complete and in
- * order, process it. Check the head of the list to see if it is in
- * order, if so, process it. (Repeat until list exhausted.) If the
- * head is out of order, return for more processing.
- */
- if (ssl->keys.dtls_peer_handshake_number >
- ssl->keys.dtls_expected_peer_handshake_number) {
- /* Current message is out of order. It will get stored in the list.
- * Storing also takes care of defragmentation. */
- ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
- ssl->keys.dtls_peer_handshake_number, input + *inOutIdx,
- size, type, fragOffset, fragSz, ssl->heap);
- *inOutIdx += fragSz;
- ret = 0;
- }
- else if (ssl->keys.dtls_peer_handshake_number <
- ssl->keys.dtls_expected_peer_handshake_number) {
- /* Already saw this message and processed it. It can be ignored. */
- *inOutIdx += fragSz;
- ret = 0;
- }
- else if (fragSz < size) {
- /* Since this branch is in order, but fragmented, dtls_msg_list will be
- * pointing to the message with this fragment in it. Check it to see
- * if it is completed. */
- ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
- ssl->keys.dtls_peer_handshake_number, input + *inOutIdx,
- size, type, fragOffset, fragSz, ssl->heap);
- *inOutIdx += fragSz;
- ret = 0;
- if (ssl->dtls_msg_list != NULL &&
- ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz)
- ret = DtlsMsgDrain(ssl);
- }
- else {
- /* This branch is in order next, and a complete message. */
- ssl->keys.dtls_expected_peer_handshake_number++;
- ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
- if (ret == 0 && ssl->dtls_msg_list != NULL)
- ret = DtlsMsgDrain(ssl);
- }
-
- WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
- return ret;
-}
-#endif
-
-
-#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
- || defined(HAVE_AESGCM)
-static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify)
-{
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if (verify)
- return ssl->keys.dtls_state.curSeq; /* explicit from peer */
- else
- return ssl->keys.dtls_sequence_number - 1; /* already incremented */
- }
-#endif
- if (verify)
- return ssl->keys.peer_sequence_number++;
- else
- return ssl->keys.sequence_number++;
-}
-#endif
-
-
-#ifdef HAVE_AEAD
-static INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
-{
- int i;
- for (i = AEAD_EXP_IV_SZ-1; i >= 0; i--) {
- if (++ssl->keys.aead_exp_IV[i]) return;
- }
-}
-
-
-#if defined(HAVE_POLY1305) && defined(HAVE_CHACHA)
-/*more recent rfc's concatonate input for poly1305 differently*/
-static int Poly1305Tag(WOLFSSL* ssl, byte* additional, const byte* out,
- byte* cipher, word16 sz, byte* tag)
-{
- int ret = 0;
- int paddingSz = 0;
- int msglen = (sz - ssl->specs.aead_mac_size);
- word32 keySz = 32;
- int blockSz = 16;
- byte padding[16];
-
- if (msglen < 0)
- return INPUT_CASE_ERROR;
-
- XMEMSET(padding, 0, sizeof(padding));
-
- if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
- return ret;
-
- /* additional input to poly1305 */
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional, blockSz)) != 0)
- return ret;
-
- /* cipher input */
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
- return ret;
-
- /* handle padding for cipher input to make it 16 bytes long */
- if (msglen % 16 != 0) {
- paddingSz = (16 - (sz - ssl->specs.aead_mac_size) % 16);
- if (paddingSz < 0)
- return INPUT_CASE_ERROR;
-
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, paddingSz))
- != 0)
- return ret;
- }
-
- /* add size of AD and size of cipher to poly input */
- XMEMSET(padding, 0, sizeof(padding));
- padding[0] = blockSz;
-
- /* 32 bit size of cipher to 64 bit endian */
- padding[8] = msglen & 0xff;
- padding[9] = (msglen >> 8) & 0xff;
- padding[10] = (msglen >>16) & 0xff;
- padding[11] = (msglen >>24) & 0xff;
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding)))
- != 0)
- return ret;
-
- /* generate tag */
- if ((ret = wc_Poly1305Final(ssl->auth.poly1305, tag)) != 0)
- return ret;
-
- return ret;
-}
-
-
-/* Used for the older version of creating AEAD tags with Poly1305 */
-static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
- byte* cipher, word16 sz, byte* tag)
-{
- int ret = 0;
- int msglen = (sz - ssl->specs.aead_mac_size);
- word32 keySz = 32;
- byte padding[8]; /* used to temporarly store lengths */
-
-#ifdef CHACHA_AEAD_TEST
- printf("Using old version of poly1305 input.\n");
-#endif
-
- if (msglen < 0)
- return INPUT_CASE_ERROR;
-
- if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
- return ret;
-
- /* add TLS compressed length and additional input to poly1305 */
- additional[AEAD_AUTH_DATA_SZ - 2] = (msglen >> 8) & 0xff;
- additional[AEAD_AUTH_DATA_SZ - 1] = msglen & 0xff;
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
- AEAD_AUTH_DATA_SZ)) != 0)
- return ret;
-
- /* length of additional input plus padding */
- XMEMSET(padding, 0, sizeof(padding));
- padding[0] = AEAD_AUTH_DATA_SZ;
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
- sizeof(padding))) != 0)
- return ret;
-
-
- /* add cipher info and then its length */
- XMEMSET(padding, 0, sizeof(padding));
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
- return ret;
-
- /* 32 bit size of cipher to 64 bit endian */
- padding[0] = msglen & 0xff;
- padding[1] = (msglen >> 8) & 0xff;
- padding[2] = (msglen >> 16) & 0xff;
- padding[3] = (msglen >> 24) & 0xff;
- if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding)))
- != 0)
- return ret;
-
- /* generate tag */
- if ((ret = wc_Poly1305Final(ssl->auth.poly1305, tag)) != 0)
- return ret;
-
- return ret;
-}
-
-
-static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
- word16 sz)
-{
- const byte* additionalSrc = input - RECORD_HEADER_SZ;
- int ret = 0;
- byte tag[POLY1305_AUTH_SZ];
- byte additional[CHACHA20_BLOCK_SIZE];
- byte nonce[AEAD_NONCE_SZ];
- byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
- #ifdef CHACHA_AEAD_TEST
- int i;
- #endif
-
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(nonce, 0, AEAD_NONCE_SZ);
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
-
- /* get nonce */
- c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ
- + AEAD_SEQ_OFFSET);
-
- /* opaque SEQ number stored for AD */
- c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET);
-
- /* Store the type, version. Unfortunately, they are in
- * the input buffer ahead of the plaintext. */
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- c16toa(ssl->keys.dtls_epoch, additional);
- additionalSrc -= DTLS_HANDSHAKE_EXTRA;
- }
- #endif
-
- XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
-
- #ifdef CHACHA_AEAD_TEST
- printf("Encrypt Additional : ");
- for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
- printf("%02x", additional[i]);
- }
- printf("\n\n");
- printf("input before encryption :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", input[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
-
- /* set the nonce for chacha and get poly1305 key */
- if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0)
- return ret;
-
- if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, cipher,
- cipher, sizeof(cipher))) != 0)
- return ret;
-
- /* encrypt the plain text */
- if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out, input,
- sz - ssl->specs.aead_mac_size)) != 0)
- return ret;
-
- /* get the tag : future use of hmac could go here*/
- if (ssl->options.oldPoly == 1) {
- if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out,
- cipher, sz, tag)) != 0)
- return ret;
- }
- else {
- if ((ret = Poly1305Tag(ssl, additional, (const byte* )out,
- cipher, sz, tag)) != 0)
- return ret;
- }
-
- /* append tag to ciphertext */
- XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag));
-
- AeadIncrementExpIV(ssl);
- ForceZero(nonce, AEAD_NONCE_SZ);
-
- #ifdef CHACHA_AEAD_TEST
- printf("mac tag :\n");
- for (i = 0; i < 16; i++) {
- printf("%02x", tag[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n\noutput after encrypt :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", out[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
-
- return ret;
-}
-
-
-static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
- word16 sz)
-{
- byte additional[CHACHA20_BLOCK_SIZE];
- byte nonce[AEAD_NONCE_SZ];
- byte tag[POLY1305_AUTH_SZ];
- byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
- int ret = 0;
-
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(nonce, 0, AEAD_NONCE_SZ);
- XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
-
- #ifdef CHACHA_AEAD_TEST
- int i;
- printf("input before decrypt :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", input[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
-
- /* get nonce */
- c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ
- + AEAD_SEQ_OFFSET);
-
- /* sequence number field is 64-bits, we only use 32-bits */
- c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
-
- /* get AD info */
- additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
- additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
- additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
- /* Store the type, version. */
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- c16toa(ssl->keys.dtls_state.curEpoch, additional);
- #endif
-
- #ifdef CHACHA_AEAD_TEST
- printf("Decrypt Additional : ");
- for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
- printf("%02x", additional[i]);
- }
- printf("\n\n");
- #endif
-
- /* set nonce and get poly1305 key */
- if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0)
- return ret;
-
- if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, cipher,
- cipher, sizeof(cipher))) != 0)
- return ret;
-
- /* get the tag : future use of hmac could go here*/
- if (ssl->options.oldPoly == 1) {
- if ((ret = Poly1305TagOld(ssl, additional, input, cipher,
- sz, tag)) != 0)
- return ret;
- }
- else {
- if ((ret = Poly1305Tag(ssl, additional, input, cipher,
- sz, tag)) != 0)
- return ret;
- }
-
- /* check mac sent along with packet */
- if (ConstantCompare(input + sz - ssl->specs.aead_mac_size, tag,
- ssl->specs.aead_mac_size) != 0) {
- WOLFSSL_MSG("Mac did not match");
- SendAlert(ssl, alert_fatal, bad_record_mac);
- ForceZero(nonce, AEAD_NONCE_SZ);
- return VERIFY_MAC_ERROR;
- }
-
- /* if mac was good decrypt message */
- if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain, input,
- sz - ssl->specs.aead_mac_size)) != 0)
- return ret;
-
- #ifdef CHACHA_AEAD_TEST
- printf("plain after decrypt :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", plain[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
-
- return ret;
-}
-#endif /* HAVE_CHACHA && HAVE_POLY1305 */
-#endif /* HAVE_AEAD */
-
-
-static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
-{
- int ret = 0;
-
- (void)out;
- (void)input;
- (void)sz;
-
- if (ssl->encrypt.setup == 0) {
- WOLFSSL_MSG("Encrypt ciphers not setup");
- return ENCRYPT_ERROR;
- }
-
-#ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx);
-#endif
-
- switch (ssl->specs.bulk_cipher_algorithm) {
- #ifdef BUILD_ARC4
- case wolfssl_rc4:
- wc_Arc4Process(ssl->encrypt.arc4, out, input, sz);
- break;
- #endif
-
- #ifdef BUILD_DES3
- case wolfssl_triple_des:
- ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
- break;
- #endif
-
- #ifdef BUILD_AES
- case wolfssl_aes:
- ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
- break;
- #endif
-
- #ifdef BUILD_AESGCM
- case wolfssl_aes_gcm:
- {
- byte additional[AEAD_AUTH_DATA_SZ];
- byte nonce[AEAD_NONCE_SZ];
- const byte* additionalSrc = input - 5;
-
- XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
-
- /* sequence number field is 64-bits, we only use 32-bits */
- c32toa(GetSEQIncrement(ssl, 0),
- additional + AEAD_SEQ_OFFSET);
-
- /* Store the type, version. Unfortunately, they are in
- * the input buffer ahead of the plaintext. */
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- c16toa(ssl->keys.dtls_epoch, additional);
- additionalSrc -= DTLS_HANDSHAKE_EXTRA;
- }
- #endif
- XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
-
- /* Store the length of the plain text minus the explicit
- * IV length minus the authentication tag size. */
- c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- additional + AEAD_LEN_OFFSET);
- XMEMCPY(nonce,
- ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
- XMEMCPY(nonce + AEAD_IMP_IV_SZ,
- ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
- ret = wc_AesGcmEncrypt(ssl->encrypt.aes,
- out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
- sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- nonce, AEAD_NONCE_SZ,
- out + sz - ssl->specs.aead_mac_size,
- ssl->specs.aead_mac_size,
- additional, AEAD_AUTH_DATA_SZ);
- if (ret == 0)
- AeadIncrementExpIV(ssl);
- ForceZero(nonce, AEAD_NONCE_SZ);
- }
- break;
- #endif
-
- #ifdef HAVE_AESCCM
- case wolfssl_aes_ccm:
- {
- byte additional[AEAD_AUTH_DATA_SZ];
- byte nonce[AEAD_NONCE_SZ];
- const byte* additionalSrc = input - 5;
-
- XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
-
- /* sequence number field is 64-bits, we only use 32-bits */
- c32toa(GetSEQIncrement(ssl, 0),
- additional + AEAD_SEQ_OFFSET);
-
- /* Store the type, version. Unfortunately, they are in
- * the input buffer ahead of the plaintext. */
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- c16toa(ssl->keys.dtls_epoch, additional);
- additionalSrc -= DTLS_HANDSHAKE_EXTRA;
- }
- #endif
- XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
-
- /* Store the length of the plain text minus the explicit
- * IV length minus the authentication tag size. */
- c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- additional + AEAD_LEN_OFFSET);
- XMEMCPY(nonce,
- ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
- XMEMCPY(nonce + AEAD_IMP_IV_SZ,
- ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
- wc_AesCcmEncrypt(ssl->encrypt.aes,
- out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
- sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- nonce, AEAD_NONCE_SZ,
- out + sz - ssl->specs.aead_mac_size,
- ssl->specs.aead_mac_size,
- additional, AEAD_AUTH_DATA_SZ);
- AeadIncrementExpIV(ssl);
- ForceZero(nonce, AEAD_NONCE_SZ);
- }
- break;
- #endif
-
- #ifdef HAVE_CAMELLIA
- case wolfssl_camellia:
- wc_CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
- break;
- #endif
-
- #ifdef HAVE_HC128
- case wolfssl_hc128:
- ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
- break;
- #endif
-
- #ifdef BUILD_RABBIT
- case wolfssl_rabbit:
- ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
- break;
- #endif
-
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- case wolfssl_chacha:
- ret = ChachaAEADEncrypt(ssl, out, input, sz);
- break;
- #endif
-
- #ifdef HAVE_NULL_CIPHER
- case wolfssl_cipher_null:
- if (input != out) {
- XMEMMOVE(out, input, sz);
- }
- break;
- #endif
-
- default:
- WOLFSSL_MSG("wolfSSL Encrypt programming error");
- ret = ENCRYPT_ERROR;
- }
-
- return ret;
-}
-
-
-
-static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
- word16 sz)
-{
- int ret = 0;
-
- (void)plain;
- (void)input;
- (void)sz;
-
- if (ssl->decrypt.setup == 0) {
- WOLFSSL_MSG("Decrypt ciphers not setup");
- return DECRYPT_ERROR;
- }
-
- switch (ssl->specs.bulk_cipher_algorithm) {
- #ifdef BUILD_ARC4
- case wolfssl_rc4:
- wc_Arc4Process(ssl->decrypt.arc4, plain, input, sz);
- break;
- #endif
-
- #ifdef BUILD_DES3
- case wolfssl_triple_des:
- ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
- break;
- #endif
-
- #ifdef BUILD_AES
- case wolfssl_aes:
- ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
- break;
- #endif
-
- #ifdef BUILD_AESGCM
- case wolfssl_aes_gcm:
- {
- byte additional[AEAD_AUTH_DATA_SZ];
- byte nonce[AEAD_NONCE_SZ];
-
- XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
-
- /* sequence number field is 64-bits, we only use 32-bits */
- c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- c16toa(ssl->keys.dtls_state.curEpoch, additional);
- #endif
-
- additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
- additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
- additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
- c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- additional + AEAD_LEN_OFFSET);
- XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
- XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
- if (wc_AesGcmDecrypt(ssl->decrypt.aes,
- plain + AEAD_EXP_IV_SZ,
- input + AEAD_EXP_IV_SZ,
- sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- nonce, AEAD_NONCE_SZ,
- input + sz - ssl->specs.aead_mac_size,
- ssl->specs.aead_mac_size,
- additional, AEAD_AUTH_DATA_SZ) < 0) {
- SendAlert(ssl, alert_fatal, bad_record_mac);
- ret = VERIFY_MAC_ERROR;
- }
- ForceZero(nonce, AEAD_NONCE_SZ);
- }
- break;
- #endif
-
- #ifdef HAVE_AESCCM
- case wolfssl_aes_ccm:
- {
- byte additional[AEAD_AUTH_DATA_SZ];
- byte nonce[AEAD_NONCE_SZ];
-
- XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
-
- /* sequence number field is 64-bits, we only use 32-bits */
- c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- c16toa(ssl->keys.dtls_state.curEpoch, additional);
- #endif
-
- additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
- additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
- additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
- c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- additional + AEAD_LEN_OFFSET);
- XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
- XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
- if (wc_AesCcmDecrypt(ssl->decrypt.aes,
- plain + AEAD_EXP_IV_SZ,
- input + AEAD_EXP_IV_SZ,
- sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
- nonce, AEAD_NONCE_SZ,
- input + sz - ssl->specs.aead_mac_size,
- ssl->specs.aead_mac_size,
- additional, AEAD_AUTH_DATA_SZ) < 0) {
- SendAlert(ssl, alert_fatal, bad_record_mac);
- ret = VERIFY_MAC_ERROR;
- }
- ForceZero(nonce, AEAD_NONCE_SZ);
- }
- break;
- #endif
-
- #ifdef HAVE_CAMELLIA
- case wolfssl_camellia:
- wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
- break;
- #endif
-
- #ifdef HAVE_HC128
- case wolfssl_hc128:
- ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
- break;
- #endif
-
- #ifdef BUILD_RABBIT
- case wolfssl_rabbit:
- ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
- break;
- #endif
-
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- case wolfssl_chacha:
- ret = ChachaAEADDecrypt(ssl, plain, input, sz);
- break;
- #endif
-
- #ifdef HAVE_NULL_CIPHER
- case wolfssl_cipher_null:
- if (input != plain) {
- XMEMMOVE(plain, input, sz);
- }
- break;
- #endif
-
- default:
- WOLFSSL_MSG("wolfSSL Decrypt programming error");
- ret = DECRYPT_ERROR;
- }
-
- return ret;
-}
-
-
-/* check cipher text size for sanity */
-static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
-{
-#ifdef HAVE_TRUNCATED_HMAC
- word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
- : ssl->specs.hash_size;
-#else
- word32 minLength = ssl->specs.hash_size; /* covers stream */
-#endif
-
- if (ssl->specs.cipher_type == block) {
- if (encryptSz % ssl->specs.block_size) {
- WOLFSSL_MSG("Block ciphertext not block size");
- return SANITY_CIPHER_E;
- }
-
- minLength++; /* pad byte */
-
- if (ssl->specs.block_size > minLength)
- minLength = ssl->specs.block_size;
-
- if (ssl->options.tls1_1)
- minLength += ssl->specs.block_size; /* explicit IV */
- }
- else if (ssl->specs.cipher_type == aead) {
- minLength = ssl->specs.aead_mac_size; /* authTag size */
- if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
- minLength += AEAD_EXP_IV_SZ; /* explicit IV */
- }
-
- if (encryptSz < minLength) {
- WOLFSSL_MSG("Ciphertext not minimum size");
- return SANITY_CIPHER_E;
- }
-
- return 0;
-}
-
-
-#ifndef NO_OLD_TLS
-
-static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
-{
- Md5 md5;
- int i;
-
- wc_InitMd5(&md5);
-
- for (i = 0; i < rounds; i++)
- wc_Md5Update(&md5, data, sz);
-}
-
-
-
-/* do a dummy sha round */
-static INLINE void ShaRounds(int rounds, const byte* data, int sz)
-{
- Sha sha;
- int i;
-
- wc_InitSha(&sha); /* no error check on purpose, dummy round */
-
- for (i = 0; i < rounds; i++)
- wc_ShaUpdate(&sha, data, sz);
-}
-#endif
-
-
-#ifndef NO_SHA256
-
-static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
-{
- Sha256 sha256;
- int i;
-
- wc_InitSha256(&sha256); /* no error check on purpose, dummy round */
-
- for (i = 0; i < rounds; i++) {
- wc_Sha256Update(&sha256, data, sz);
- /* no error check on purpose, dummy round */
- }
-
-}
-
-#endif
-
-
-#ifdef WOLFSSL_SHA384
-
-static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
-{
- Sha384 sha384;
- int i;
-
- wc_InitSha384(&sha384); /* no error check on purpose, dummy round */
-
- for (i = 0; i < rounds; i++) {
- wc_Sha384Update(&sha384, data, sz);
- /* no error check on purpose, dummy round */
- }
-}
-
-#endif
-
-
-#ifdef WOLFSSL_SHA512
-
-static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
-{
- Sha512 sha512;
- int i;
-
- wc_InitSha512(&sha512); /* no error check on purpose, dummy round */
-
- for (i = 0; i < rounds; i++) {
- wc_Sha512Update(&sha512, data, sz);
- /* no error check on purpose, dummy round */
- }
-}
-
-#endif
-
-
-#ifdef WOLFSSL_RIPEMD
-
-static INLINE void RmdRounds(int rounds, const byte* data, int sz)
-{
- RipeMd ripemd;
- int i;
-
- wc_InitRipeMd(&ripemd);
-
- for (i = 0; i < rounds; i++)
- wc_RipeMdUpdate(&ripemd, data, sz);
-}
-
-#endif
-
-
-/* Do dummy rounds */
-static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
-{
- switch (type) {
-
- case no_mac :
- break;
-
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
- case md5_mac :
- Md5Rounds(rounds, data, sz);
- break;
-#endif
-
-#ifndef NO_SHA
- case sha_mac :
- ShaRounds(rounds, data, sz);
- break;
-#endif
-#endif
-
-#ifndef NO_SHA256
- case sha256_mac :
- Sha256Rounds(rounds, data, sz);
- break;
-#endif
-
-#ifdef WOLFSSL_SHA384
- case sha384_mac :
- Sha384Rounds(rounds, data, sz);
- break;
-#endif
-
-#ifdef WOLFSSL_SHA512
- case sha512_mac :
- Sha512Rounds(rounds, data, sz);
- break;
-#endif
-
-#ifdef WOLFSSL_RIPEMD
- case rmd_mac :
- RmdRounds(rounds, data, sz);
- break;
-#endif
-
- default:
- WOLFSSL_MSG("Bad round type");
- break;
- }
-}
-
-
-/* do number of compression rounds on dummy data */
-static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
-{
- if (rounds)
- DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
-}
-
-
-/* check all length bytes for the pad value, return 0 on success */
-static int PadCheck(const byte* a, byte pad, int length)
-{
- int i;
- int compareSum = 0;
-
- for (i = 0; i < length; i++) {
- compareSum |= a[i] ^ pad;
- }
-
- return compareSum;
-}
-
-
-/* get compression extra rounds */
-static INLINE int GetRounds(int pLen, int padLen, int t)
-{
- int roundL1 = 1; /* round up flags */
- int roundL2 = 1;
-
- int L1 = COMPRESS_CONSTANT + pLen - t;
- int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
-
- L1 -= COMPRESS_UPPER;
- L2 -= COMPRESS_UPPER;
-
- if ( (L1 % COMPRESS_LOWER) == 0)
- roundL1 = 0;
- if ( (L2 % COMPRESS_LOWER) == 0)
- roundL2 = 0;
-
- L1 /= COMPRESS_LOWER;
- L2 /= COMPRESS_LOWER;
-
- L1 += roundL1;
- L2 += roundL2;
-
- return L1 - L2;
-}
-
-
-/* timing resistant pad/verify check, return 0 on success */
-static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
- int pLen, int content)
-{
- byte verify[MAX_DIGEST_SIZE];
- byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
- byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
- int ret = 0;
-
- (void)dmy;
-
- if ( (t + padLen + 1) > pLen) {
- WOLFSSL_MSG("Plain Len not long enough for pad/mac");
- PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
- ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
- ConstantCompare(verify, input + pLen - t, t);
-
- return VERIFY_MAC_ERROR;
- }
-
- if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
- WOLFSSL_MSG("PadCheck failed");
- PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
- ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
- ConstantCompare(verify, input + pLen - t, t);
-
- return VERIFY_MAC_ERROR;
- }
-
- PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
- ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
-
- CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
-
- if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
- WOLFSSL_MSG("Verify MAC compare failed");
- return VERIFY_MAC_ERROR;
- }
-
- if (ret != 0)
- return VERIFY_MAC_ERROR;
- return 0;
-}
-
-
-int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
-{
- word32 msgSz = ssl->keys.encryptSz;
- word32 idx = *inOutIdx;
- int dataSz;
- int ivExtra = 0;
- byte* rawData = input + idx; /* keep current for hmac */
-#ifdef HAVE_LIBZ
- byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
-#endif
-
- if (ssl->options.handShakeDone == 0) {
- WOLFSSL_MSG("Received App data before a handshake completed");
- SendAlert(ssl, alert_fatal, unexpected_message);
- return OUT_OF_ORDER_E;
- }
-
- if (ssl->specs.cipher_type == block) {
- if (ssl->options.tls1_1)
- ivExtra = ssl->specs.block_size;
- }
- else if (ssl->specs.cipher_type == aead) {
- if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
- ivExtra = AEAD_EXP_IV_SZ;
- }
-
- dataSz = msgSz - ivExtra - ssl->keys.padSz;
- if (dataSz < 0) {
- WOLFSSL_MSG("App data buffer error, malicious input?");
- return BUFFER_ERROR;
- }
-
- /* read data */
- if (dataSz) {
- int rawSz = dataSz; /* keep raw size for idx adjustment */
-
-#ifdef HAVE_LIBZ
- if (ssl->options.usingCompression) {
- dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
- if (dataSz < 0) return dataSz;
- }
-#endif
- idx += rawSz;
-
- ssl->buffers.clearOutputBuffer.buffer = rawData;
- ssl->buffers.clearOutputBuffer.length = dataSz;
- }
-
- idx += ssl->keys.padSz;
-
-#ifdef HAVE_LIBZ
- /* decompress could be bigger, overwrite after verify */
- if (ssl->options.usingCompression)
- XMEMMOVE(rawData, decomp, dataSz);
-#endif
-
- *inOutIdx = idx;
- return 0;
-}
-
-
-/* process alert, return level */
-static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
- word32 totalSz)
-{
- byte level;
- byte code;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("Alert", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- /* add record header back on to info + 2 byte level, data */
- AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx -
- RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
- #endif
-
- /* make sure can read the message */
- if (*inOutIdx + ALERT_SIZE > totalSz)
- return BUFFER_E;
-
- level = input[(*inOutIdx)++];
- code = input[(*inOutIdx)++];
- ssl->alert_history.last_rx.code = code;
- ssl->alert_history.last_rx.level = level;
- *type = code;
- if (level == alert_fatal) {
- ssl->options.isClosed = 1; /* Don't send close_notify */
- }
-
- WOLFSSL_MSG("Got alert");
- if (*type == close_notify) {
- WOLFSSL_MSG(" close notify");
- ssl->options.closeNotify = 1;
- }
- WOLFSSL_ERROR(*type);
- if (ssl->keys.encryptionOn) {
- if (*inOutIdx + ssl->keys.padSz > totalSz)
- return BUFFER_E;
- *inOutIdx += ssl->keys.padSz;
- }
-
- return level;
-}
-
-static int GetInputData(WOLFSSL *ssl, word32 size)
-{
- int in;
- int inSz;
- int maxLength;
- int usedLength;
- int dtlsExtra = 0;
-
-
- /* check max input length */
- usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
- maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
- inSz = (int)(size - usedLength); /* from last partial read */
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if (size < ssl->dtls_expected_rx)
- dtlsExtra = (int)(ssl->dtls_expected_rx - size);
- inSz = ssl->dtls_expected_rx;
- }
-#endif
-
- if (inSz > maxLength) {
- if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
- return MEMORY_E;
- }
-
- if (inSz <= 0)
- return BUFFER_ERROR;
-
- /* Put buffer data at start if not there */
- if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
- XMEMMOVE(ssl->buffers.inputBuffer.buffer,
- ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
- usedLength);
-
- /* remove processed data */
- ssl->buffers.inputBuffer.idx = 0;
- ssl->buffers.inputBuffer.length = usedLength;
-
- /* read data from network */
- do {
- in = Receive(ssl,
- ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.length,
- inSz);
- if (in == -1)
- return SOCKET_ERROR_E;
-
- if (in == WANT_READ)
- return WANT_READ;
-
- if (in > inSz)
- return RECV_OVERFLOW_E;
-
- ssl->buffers.inputBuffer.length += in;
- inSz -= in;
-
- } while (ssl->buffers.inputBuffer.length < size);
-
- return 0;
-}
-
-
-static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
- int content, word32* padSz)
-{
- int ivExtra = 0;
- int ret;
- word32 pad = 0;
- word32 padByte = 0;
-#ifdef HAVE_TRUNCATED_HMAC
- word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
- : ssl->specs.hash_size;
-#else
- word32 digestSz = ssl->specs.hash_size;
-#endif
- byte verify[MAX_DIGEST_SIZE];
-
- if (ssl->specs.cipher_type == block) {
- if (ssl->options.tls1_1)
- ivExtra = ssl->specs.block_size;
- pad = *(input + msgSz - ivExtra - 1);
- padByte = 1;
-
- if (ssl->options.tls) {
- ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
- content);
- if (ret != 0)
- return ret;
- }
- else { /* sslv3, some implementations have bad padding, but don't
- * allow bad read */
- int badPadLen = 0;
- byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
- byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
-
- (void)dmy;
-
- if (pad > (msgSz - digestSz - 1)) {
- WOLFSSL_MSG("Plain Len not long enough for pad/mac");
- pad = 0; /* no bad read */
- badPadLen = 1;
- }
- PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
- ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
- content, 1);
- if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
- digestSz) != 0)
- return VERIFY_MAC_ERROR;
- if (ret != 0 || badPadLen)
- return VERIFY_MAC_ERROR;
- }
- }
- else if (ssl->specs.cipher_type == stream) {
- ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
- if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
- return VERIFY_MAC_ERROR;
- }
- if (ret != 0)
- return VERIFY_MAC_ERROR;
- }
-
- if (ssl->specs.cipher_type == aead) {
- *padSz = ssl->specs.aead_mac_size;
- }
- else {
- *padSz = digestSz + pad + padByte;
- }
-
- return 0;
-}
-
-
-/* process input requests, return 0 is done, 1 is call again to complete, and
- negative number is error */
-int ProcessReply(WOLFSSL* ssl)
-{
- int ret = 0, type, readSz;
- int atomicUser = 0;
- word32 startIdx = 0;
-#ifdef WOLFSSL_DTLS
- int used;
-#endif
-
-#ifdef ATOMIC_USER
- if (ssl->ctx->DecryptVerifyCb)
- atomicUser = 1;
-#endif
-
- if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE){
- WOLFSSL_MSG("ProcessReply retry in error state, not allowed");
- return ssl->error;
- }
-
- for (;;) {
- switch (ssl->options.processReply) {
-
- /* in the WOLFSSL_SERVER case, get the first byte for detecting
- * old client hello */
- case doProcessInit:
-
- readSz = RECORD_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- readSz = DTLS_RECORD_HEADER_SZ;
- #endif
-
- /* get header or return error */
- if (!ssl->options.dtls) {
- if ((ret = GetInputData(ssl, readSz)) < 0)
- return ret;
- } else {
- #ifdef WOLFSSL_DTLS
- /* read ahead may already have header */
- used = ssl->buffers.inputBuffer.length -
- ssl->buffers.inputBuffer.idx;
- if (used < readSz)
- if ((ret = GetInputData(ssl, readSz)) < 0)
- return ret;
- #endif
- }
-
-#ifdef OLD_HELLO_ALLOWED
-
- /* see if sending SSLv2 client hello */
- if ( ssl->options.side == WOLFSSL_SERVER_END &&
- ssl->options.clientState == NULL_STATE &&
- ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
- != handshake) {
- byte b0, b1;
-
- ssl->options.processReply = runProcessOldClientHello;
-
- /* sanity checks before getting size at front */
- if (ssl->buffers.inputBuffer.buffer[
- ssl->buffers.inputBuffer.idx + 2] != OLD_HELLO_ID) {
- WOLFSSL_MSG("Not a valid old client hello");
- return PARSE_ERROR;
- }
-
- if (ssl->buffers.inputBuffer.buffer[
- ssl->buffers.inputBuffer.idx + 3] != SSLv3_MAJOR &&
- ssl->buffers.inputBuffer.buffer[
- ssl->buffers.inputBuffer.idx + 3] != DTLS_MAJOR) {
- WOLFSSL_MSG("Not a valid version in old client hello");
- return PARSE_ERROR;
- }
-
- /* how many bytes need ProcessOldClientHello */
- b0 =
- ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
- b1 =
- ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
- ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
- }
- else {
- ssl->options.processReply = getRecordLayerHeader;
- continue;
- }
-
- /* in the WOLFSSL_SERVER case, run the old client hello */
- case runProcessOldClientHello:
-
- /* get sz bytes or return error */
- if (!ssl->options.dtls) {
- if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
- return ret;
- } else {
- #ifdef WOLFSSL_DTLS
- /* read ahead may already have */
- used = ssl->buffers.inputBuffer.length -
- ssl->buffers.inputBuffer.idx;
- if (used < ssl->curSize)
- if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
- return ret;
- #endif /* WOLFSSL_DTLS */
- }
-
- ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
- &ssl->buffers.inputBuffer.idx,
- ssl->buffers.inputBuffer.length -
- ssl->buffers.inputBuffer.idx,
- ssl->curSize);
- if (ret < 0)
- return ret;
-
- else if (ssl->buffers.inputBuffer.idx ==
- ssl->buffers.inputBuffer.length) {
- ssl->options.processReply = doProcessInit;
- return 0;
- }
-
-#endif /* OLD_HELLO_ALLOWED */
-
- /* get the record layer header */
- case getRecordLayerHeader:
-
- ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
- &ssl->buffers.inputBuffer.idx,
- &ssl->curRL, &ssl->curSize);
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
- ssl->options.processReply = doProcessInit;
- ssl->buffers.inputBuffer.length = 0;
- ssl->buffers.inputBuffer.idx = 0;
- continue;
- }
-#endif
- if (ret != 0)
- return ret;
-
- ssl->options.processReply = getData;
-
- /* retrieve record layer data */
- case getData:
-
- /* get sz bytes or return error */
- if (!ssl->options.dtls) {
- if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
- return ret;
- } else {
-#ifdef WOLFSSL_DTLS
- /* read ahead may already have */
- used = ssl->buffers.inputBuffer.length -
- ssl->buffers.inputBuffer.idx;
- if (used < ssl->curSize)
- if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
- return ret;
-#endif
- }
-
- ssl->options.processReply = runProcessingOneMessage;
- startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
-
- /* the record layer is here */
- case runProcessingOneMessage:
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls &&
- ssl->keys.dtls_state.curEpoch < ssl->keys.dtls_state.nextEpoch)
- ssl->keys.decryptedCur = 1;
- #endif
-
- if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0)
- {
- ret = SanityCheckCipherText(ssl, ssl->curSize);
- if (ret < 0)
- return ret;
-
- if (atomicUser) {
- #ifdef ATOMIC_USER
- ret = ssl->ctx->DecryptVerifyCb(ssl,
- ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.idx,
- ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.idx,
- ssl->curSize, ssl->curRL.type, 1,
- &ssl->keys.padSz, ssl->DecryptVerifyCtx);
- if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
- ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
- /* go past TLSv1.1 IV */
- if (ssl->specs.cipher_type == aead &&
- ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
- ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ;
- #endif /* ATOMIC_USER */
- }
- else {
- ret = Decrypt(ssl, ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.idx,
- ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.idx,
- ssl->curSize);
- if (ret < 0) {
- WOLFSSL_ERROR(ret);
- return DECRYPT_ERROR;
- }
- if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
- ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
- /* go past TLSv1.1 IV */
- if (ssl->specs.cipher_type == aead &&
- ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
- ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ;
-
- ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.idx,
- ssl->curSize, ssl->curRL.type,
- &ssl->keys.padSz);
- }
- if (ret < 0) {
- WOLFSSL_ERROR(ret);
- return DECRYPT_ERROR;
- }
- ssl->keys.encryptSz = ssl->curSize;
- ssl->keys.decryptedCur = 1;
- }
-
- if (ssl->options.dtls) {
- #ifdef WOLFSSL_DTLS
- DtlsUpdateWindow(&ssl->keys.dtls_state);
- #endif /* WOLFSSL_DTLS */
- }
-
- WOLFSSL_MSG("received record layer msg");
-
- switch (ssl->curRL.type) {
- case handshake :
- /* debugging in DoHandShakeMsg */
- if (!ssl->options.dtls) {
- ret = DoHandShakeMsg(ssl,
- ssl->buffers.inputBuffer.buffer,
- &ssl->buffers.inputBuffer.idx,
- ssl->buffers.inputBuffer.length);
- }
- else {
-#ifdef WOLFSSL_DTLS
- ret = DoDtlsHandShakeMsg(ssl,
- ssl->buffers.inputBuffer.buffer,
- &ssl->buffers.inputBuffer.idx,
- ssl->buffers.inputBuffer.length);
-#endif
- }
- if (ret != 0)
- return ret;
- break;
-
- case change_cipher_spec:
- WOLFSSL_MSG("got CHANGE CIPHER SPEC");
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ChangeCipher", &ssl->handShakeInfo);
- /* add record header back on info */
- if (ssl->toInfoOn) {
- AddPacketInfo("ChangeCipher", &ssl->timeoutInfo,
- ssl->buffers.inputBuffer.buffer +
- ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
- 1 + RECORD_HEADER_SZ, ssl->heap);
- AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
- }
- #endif
-
- ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
- if (ret != 0)
- return ret;
-
-#ifdef HAVE_SESSION_TICKET
- if (ssl->options.side == WOLFSSL_CLIENT_END &&
- ssl->expect_session_ticket) {
- WOLFSSL_MSG("Expected session ticket missing");
- return SESSION_TICKET_EXPECT_E;
- }
-#endif
-
- if (ssl->keys.encryptionOn && ssl->options.handShakeDone) {
- ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
- ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx;
- }
-
- if (ssl->curSize != 1) {
- WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg");
- return LENGTH_ERROR;
- }
- #ifndef NO_CERTS
- if (ssl->options.side == WOLFSSL_SERVER_END &&
- ssl->options.verifyPeer &&
- ssl->options.havePeerCert)
- if (!ssl->options.havePeerVerify) {
- WOLFSSL_MSG("client didn't send cert verify");
- return NO_PEER_VERIFY;
- }
- #endif
-
-
- ssl->buffers.inputBuffer.idx++;
- ssl->keys.encryptionOn = 1;
-
- /* setup decrypt keys for following messages */
- if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
- return ret;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- DtlsPoolReset(ssl);
- ssl->keys.dtls_state.nextEpoch++;
- ssl->keys.dtls_state.nextSeq = 0;
- }
- #endif
-
- #ifdef HAVE_LIBZ
- if (ssl->options.usingCompression)
- if ( (ret = InitStreams(ssl)) != 0)
- return ret;
- #endif
- ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
- ssl->options.side == WOLFSSL_CLIENT_END ?
- server : client);
- if (ret != 0)
- return ret;
- break;
-
- case application_data:
- WOLFSSL_MSG("got app DATA");
- if ((ret = DoApplicationData(ssl,
- ssl->buffers.inputBuffer.buffer,
- &ssl->buffers.inputBuffer.idx))
- != 0) {
- WOLFSSL_ERROR(ret);
- return ret;
- }
- break;
-
- case alert:
- WOLFSSL_MSG("got ALERT!");
- ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
- &ssl->buffers.inputBuffer.idx, &type,
- ssl->buffers.inputBuffer.length);
- if (ret == alert_fatal)
- return FATAL_ERROR;
- else if (ret < 0)
- return ret;
-
- /* catch warnings that are handled as errors */
- if (type == close_notify)
- return ssl->error = ZERO_RETURN;
-
- if (type == decrypt_error)
- return FATAL_ERROR;
- break;
-
- default:
- WOLFSSL_ERROR(UNKNOWN_RECORD_TYPE);
- return UNKNOWN_RECORD_TYPE;
- }
-
- ssl->options.processReply = doProcessInit;
-
- /* input exhausted? */
- if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length)
- return 0;
-
- /* more messages per record */
- else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
- WOLFSSL_MSG("More messages in record");
- #ifdef WOLFSSL_DTLS
- /* read-ahead but dtls doesn't bundle messages per record */
- if (ssl->options.dtls) {
- ssl->options.processReply = doProcessInit;
- continue;
- }
- #endif
- ssl->options.processReply = runProcessingOneMessage;
-
- if (ssl->keys.encryptionOn) {
- WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
- ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
- }
-
- continue;
- }
- /* more records */
- else {
- WOLFSSL_MSG("More records in input");
- ssl->options.processReply = doProcessInit;
- continue;
- }
-
- default:
- WOLFSSL_MSG("Bad process input state, programming error");
- return INPUT_CASE_ERROR;
- }
- }
-}
-
-
-int SendChangeCipher(WOLFSSL* ssl)
-{
- byte *output;
- int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
- int idx = RECORD_HEADER_SZ;
- int ret;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA;
- idx += DTLS_RECORD_EXTRA;
- }
- #endif
-
- /* are we in scr */
- if (ssl->keys.encryptionOn && ssl->options.handShakeDone) {
- sendSz += MAX_MSG_EXTRA;
- }
-
- /* check for avalaible size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddRecordHeader(output, 1, change_cipher_spec, ssl);
-
- output[idx] = 1; /* turn it on */
-
- if (ssl->keys.encryptionOn && ssl->options.handShakeDone) {
- byte input[ENUM_LEN];
- int inputSz = ENUM_LEN;
-
- input[0] = 1; /* turn it on */
- sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
- change_cipher_spec);
- if (sendSz < 0)
- return sendSz;
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz,
- ssl->heap);
- #endif
- ssl->buffers.outputBuffer.length += sendSz;
-
- if (ssl->options.groupMessages)
- return 0;
- #ifdef WOLFSSL_DTLS
- else if (ssl->options.dtls) {
- /* If using DTLS, force the ChangeCipherSpec message to be in the
- * same datagram as the finished message. */
- return 0;
- }
- #endif
- else
- return SendBuffered(ssl);
-}
-
-
-#ifndef NO_OLD_TLS
-static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
- int content, int verify)
-{
- byte result[MAX_DIGEST_SIZE];
- word32 digestSz = ssl->specs.hash_size; /* actual sizes */
- word32 padSz = ssl->specs.pad_size;
- int ret = 0;
-
- Md5 md5;
- Sha sha;
-
- /* data */
- byte seq[SEQ_SZ];
- byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
- const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
-
-#ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
-#endif
-
- XMEMSET(seq, 0, SEQ_SZ);
- conLen[0] = (byte)content;
- c16toa((word16)sz, &conLen[ENUM_LEN]);
- c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
-
- if (ssl->specs.mac_algorithm == md5_mac) {
- wc_InitMd5(&md5);
- /* inner */
- wc_Md5Update(&md5, macSecret, digestSz);
- wc_Md5Update(&md5, PAD1, padSz);
- wc_Md5Update(&md5, seq, SEQ_SZ);
- wc_Md5Update(&md5, conLen, sizeof(conLen));
- /* in buffer */
- wc_Md5Update(&md5, in, sz);
- wc_Md5Final(&md5, result);
- /* outer */
- wc_Md5Update(&md5, macSecret, digestSz);
- wc_Md5Update(&md5, PAD2, padSz);
- wc_Md5Update(&md5, result, digestSz);
- wc_Md5Final(&md5, digest);
- }
- else {
- ret = wc_InitSha(&sha);
- if (ret != 0)
- return ret;
- /* inner */
- wc_ShaUpdate(&sha, macSecret, digestSz);
- wc_ShaUpdate(&sha, PAD1, padSz);
- wc_ShaUpdate(&sha, seq, SEQ_SZ);
- wc_ShaUpdate(&sha, conLen, sizeof(conLen));
- /* in buffer */
- wc_ShaUpdate(&sha, in, sz);
- wc_ShaFinal(&sha, result);
- /* outer */
- wc_ShaUpdate(&sha, macSecret, digestSz);
- wc_ShaUpdate(&sha, PAD2, padSz);
- wc_ShaUpdate(&sha, result, digestSz);
- wc_ShaFinal(&sha, digest);
- }
- return 0;
-}
-
-#ifndef NO_CERTS
-static void BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
-{
- byte md5_result[MD5_DIGEST_SIZE];
-
-#ifdef WOLFSSL_SMALL_STACK
- Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#else
- Md5 md5[1];
- Md5 md5_2[1];
-#endif
-
- /* make md5 inner */
- md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
- wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
- wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
- wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
- wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
-
- /* make md5 outer */
- wc_InitMd5(md5_2) ;
- wc_Md5Update(md5_2, ssl->arrays->masterSecret, SECRET_LEN);
- wc_Md5Update(md5_2, PAD2, PAD_MD5);
- wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
-
- wc_Md5Final(md5_2, digest);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-}
-
-
-static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
-{
- byte sha_result[SHA_DIGEST_SIZE];
-
-#ifdef WOLFSSL_SMALL_STACK
- Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#else
- Sha sha[1];
- Sha sha2[1];
-#endif
-
- /* make sha inner */
- sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
- wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
- wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
- wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
- wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
-
- /* make sha outer */
- wc_InitSha(sha2) ;
- wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
- wc_ShaUpdate(sha2, PAD2, PAD_SHA);
- wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
-
- wc_ShaFinal(sha2, digest);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-}
-#endif /* NO_CERTS */
-#endif /* NO_OLD_TLS */
-
-
-#ifndef NO_CERTS
-
-static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
-{
- /* store current states, building requires get_digest which resets state */
- #ifdef WOLFSSL_SHA384
- Sha384 sha384 = ssl->hsHashes->hashSha384;
- #endif
- #ifdef WOLFSSL_SHA512
- Sha512 sha512 = ssl->hsHashes->hashSha512;
- #endif
-
- if (ssl->options.tls) {
-#if ! defined( NO_OLD_TLS )
- wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
- wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
-#endif
- if (IsAtLeastTLSv1_2(ssl)) {
- int ret;
-
- #ifndef NO_SHA256
- ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,hashes->sha256);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA384
- ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,hashes->sha384);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_Sha512Final(&ssl->hsHashes->hashSha512,hashes->sha512);
- if (ret != 0)
- return ret;
- #endif
- }
- }
-#if ! defined( NO_OLD_TLS )
- else {
- BuildMD5_CertVerify(ssl, hashes->md5);
- BuildSHA_CertVerify(ssl, hashes->sha);
- }
-
- /* restore */
-#endif
- if (IsAtLeastTLSv1_2(ssl)) {
- #ifdef WOLFSSL_SHA384
- ssl->hsHashes->hashSha384 = sha384;
- #endif
- #ifdef WOLFSSL_SHA512
- ssl->hsHashes->hashSha512 = sha512;
- #endif
- }
-
- return 0;
-}
-
-#endif /* WOLFSSL_LEANPSK */
-
-/* Build SSL Message, encrypted */
-static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
- const byte* input, int inSz, int type)
-{
-#ifdef HAVE_TRUNCATED_HMAC
- word32 digestSz = min(ssl->specs.hash_size,
- ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size);
-#else
- word32 digestSz = ssl->specs.hash_size;
-#endif
- word32 sz = RECORD_HEADER_SZ + inSz + digestSz;
- word32 pad = 0, i;
- word32 idx = RECORD_HEADER_SZ;
- word32 ivSz = 0; /* TLSv1.1 IV */
- word32 headerSz = RECORD_HEADER_SZ;
- word16 size;
- byte iv[AES_BLOCK_SIZE]; /* max size */
- int ret = 0;
- int atomicUser = 0;
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sz += DTLS_RECORD_EXTRA;
- idx += DTLS_RECORD_EXTRA;
- headerSz += DTLS_RECORD_EXTRA;
- }
-#endif
-
-#ifdef ATOMIC_USER
- if (ssl->ctx->MacEncryptCb)
- atomicUser = 1;
-#endif
-
- if (ssl->specs.cipher_type == block) {
- word32 blockSz = ssl->specs.block_size;
- if (ssl->options.tls1_1) {
- ivSz = blockSz;
- sz += ivSz;
-
- if (ivSz > (word32)sizeof(iv))
- return BUFFER_E;
-
- ret = wc_RNG_GenerateBlock(ssl->rng, iv, ivSz);
- if (ret != 0)
- return ret;
-
- }
- sz += 1; /* pad byte */
- pad = (sz - headerSz) % blockSz;
- pad = blockSz - pad;
- sz += pad;
- }
-
-#ifdef HAVE_AEAD
- if (ssl->specs.cipher_type == aead) {
- if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
- ivSz = AEAD_EXP_IV_SZ;
-
- sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
- XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
- }
-#endif
- if (sz > (word32)outSz) {
- WOLFSSL_MSG("Oops, want to write past output buffer size");
- return BUFFER_E;
- }
- size = (word16)(sz - headerSz); /* include mac and digest */
- AddRecordHeader(output, size, (byte)type, ssl);
-
- /* write to output */
- if (ivSz) {
- XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv)));
- idx += ivSz;
- }
- XMEMCPY(output + idx, input, inSz);
- idx += inSz;
-
- if (type == handshake) {
- ret = HashOutput(ssl, output, headerSz + inSz, ivSz);
- if (ret != 0)
- return ret;
- }
-
- if (ssl->specs.cipher_type == block) {
- word32 tmpIdx = idx + digestSz;
-
- for (i = 0; i <= pad; i++)
- output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */
- }
-
- if (atomicUser) { /* User Record Layer Callback handling */
-#ifdef ATOMIC_USER
- if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx,
- output + headerSz + ivSz, inSz, type, 0,
- output + headerSz, output + headerSz, size,
- ssl->MacEncryptCtx)) != 0)
- return ret;
-#endif
- }
- else {
- if (ssl->specs.cipher_type != aead) {
-#ifdef HAVE_TRUNCATED_HMAC
- if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) {
- #ifdef WOLFSSL_SMALL_STACK
- byte* hmac = NULL;
- #else
- byte hmac[MAX_DIGEST_SIZE];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (hmac == NULL)
- return MEMORY_E;
- #endif
-
- ret = ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz,
- type, 0);
- XMEMCPY(output + idx, hmac, digestSz);
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- } else
-#endif
- ret = ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz,
- type, 0);
- }
- if (ret != 0)
- return ret;
-
- if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0)
- return ret;
- }
-
- return sz;
-}
-
-
-int SendFinished(WOLFSSL* ssl)
-{
- int sendSz,
- finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
- FINISHED_SZ;
- byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
- byte *output;
- Hashes* hashes;
- int ret;
- int headerSz = HANDSHAKE_HEADER_SZ;
- int outputSz;
-
- #ifdef WOLFSSL_DTLS
- word32 sequence_number = ssl->keys.dtls_sequence_number;
- word16 epoch = ssl->keys.dtls_epoch;
- #endif
-
- /* setup encrypt keys */
- if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
- return ret;
-
- /* check for available size */
- outputSz = sizeof(input) + MAX_MSG_EXTRA;
- if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
- return ret;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- /* Send Finished message with the next epoch, but don't commit that
- * change until the other end confirms its reception. */
- headerSz += DTLS_HANDSHAKE_EXTRA;
- ssl->keys.dtls_epoch++;
- ssl->keys.dtls_sequence_number = 0; /* reset after epoch change */
- }
- #endif
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHandShakeHeader(input, finishedSz, finished, ssl);
-
- /* make finished hashes */
- hashes = (Hashes*)&input[headerSz];
- ret = BuildFinished(ssl, hashes,
- ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
- if (ret != 0) return ret;
-
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation) {
- if (ssl->options.side == WOLFSSL_CLIENT_END)
- XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
- TLS_FINISHED_SZ);
- else
- XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
- TLS_FINISHED_SZ);
- }
-#endif
-
- sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
- handshake);
- if (sendSz < 0)
- return BUILD_MSG_ERROR;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- ssl->keys.dtls_epoch = epoch;
- ssl->keys.dtls_sequence_number = sequence_number;
- }
- #endif
-
- if (!ssl->options.resuming) {
-#ifndef NO_SESSION_CACHE
- AddSession(ssl); /* just try */
-#endif
- if (ssl->options.side == WOLFSSL_SERVER_END) {
- ssl->options.handShakeState = HANDSHAKE_DONE;
- ssl->options.handShakeDone = 1;
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- /* Other side will soon receive our Finished, go to next
- * epoch. */
- ssl->keys.dtls_epoch++;
- ssl->keys.dtls_sequence_number = 1;
- }
- #endif
- }
- }
- else {
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- ssl->options.handShakeState = HANDSHAKE_DONE;
- ssl->options.handShakeDone = 1;
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- /* Other side will soon receive our Finished, go to next
- * epoch. */
- ssl->keys.dtls_epoch++;
- ssl->keys.dtls_sequence_number = 1;
- }
- #endif
- }
- }
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz,
- ssl->heap);
- #endif
-
- ssl->buffers.outputBuffer.length += sendSz;
-
- return SendBuffered(ssl);
-}
-
-#ifndef NO_CERTS
-int SendCertificate(WOLFSSL* ssl)
-{
- int sendSz, length, ret = 0;
- word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- word32 certSz, listSz;
- byte* output = 0;
-
- if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
- return 0; /* not needed */
-
- if (ssl->options.sendVerify == SEND_BLANK_CERT) {
- certSz = 0;
- length = CERT_HEADER_SZ;
- listSz = 0;
- }
- else {
- certSz = ssl->buffers.certificate.length;
- /* list + cert size */
- length = certSz + 2 * CERT_HEADER_SZ;
- listSz = certSz + CERT_HEADER_SZ;
-
- /* may need to send rest of chain, already has leading size(s) */
- if (ssl->buffers.certChain.buffer) {
- length += ssl->buffers.certChain.length;
- listSz += ssl->buffers.certChain.length;
- }
- }
- sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- }
- #endif
-
- if (ssl->keys.encryptionOn)
- sendSz += MAX_MSG_EXTRA;
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, certificate, ssl);
-
- /* list total */
- c32to24(listSz, output + i);
- i += CERT_HEADER_SZ;
-
- /* member */
- if (certSz) {
- c32to24(certSz, output + i);
- i += CERT_HEADER_SZ;
- XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz);
- i += certSz;
-
- /* send rest of chain? */
- if (ssl->buffers.certChain.buffer) {
- XMEMCPY(output + i, ssl->buffers.certChain.buffer,
- ssl->buffers.certChain.length);
- i += ssl->buffers.certChain.length;
- }
- }
-
- if (ssl->keys.encryptionOn) {
- byte* input;
- int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
-
- input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (input == NULL)
- return MEMORY_E;
-
- XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
- sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
- XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (sendSz < 0)
- return sendSz;
- } else {
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
- return ret;
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
- ssl->heap);
- #endif
-
- if (ssl->options.side == WOLFSSL_SERVER_END)
- ssl->options.serverState = SERVER_CERT_COMPLETE;
-
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- return 0;
- else
- return SendBuffered(ssl);
-}
-
-
-int SendCertificateRequest(WOLFSSL* ssl)
-{
- byte *output;
- int ret;
- int sendSz;
- word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
-
- int typeTotal = 1; /* only 1 for now */
- int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
-
- if (IsAtLeastTLSv1_2(ssl))
- reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
-
- if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
- return 0; /* not needed */
-
- sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- }
- #endif
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, reqSz, certificate_request, ssl);
-
- /* write to output */
- output[i++] = (byte)typeTotal; /* # of types */
-#ifdef HAVE_ECC
- if (ssl->options.cipherSuite0 == ECC_BYTE &&
- ssl->specs.sig_algo == ecc_dsa_sa_algo) {
- output[i++] = ecdsa_sign;
- } else
-#endif /* HAVE_ECC */
- {
- output[i++] = rsa_sign;
- }
-
- /* supported hash/sig */
- if (IsAtLeastTLSv1_2(ssl)) {
- c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
- i += LENGTH_SZ;
-
- XMEMCPY(&output[i],
- ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
- i += ssl->suites->hashSigAlgoSz;
- }
-
- c16toa(0, &output[i]); /* auth's */
- /* if add more to output, adjust i
- i += REQ_HEADER_SZ; */
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
-
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
- return ret;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("CertificateRequest", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output,
- sendSz, ssl->heap);
- #endif
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- return 0;
- else
- return SendBuffered(ssl);
-}
-#endif /* !NO_CERTS */
-
-
-int SendData(WOLFSSL* ssl, const void* data, int sz)
-{
- int sent = 0, /* plainText size */
- sendSz,
- ret,
- dtlsExtra = 0;
-
- if (ssl->error == WANT_WRITE)
- ssl->error = 0;
-
- if (ssl->options.handShakeState != HANDSHAKE_DONE) {
- int err;
- WOLFSSL_MSG("handshake not complete, trying to finish");
- if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS)
- return err;
- }
-
- /* last time system socket output buffer was full, try again to send */
- if (ssl->buffers.outputBuffer.length > 0) {
- WOLFSSL_MSG("output buffer was full, trying to send again");
- if ( (ssl->error = SendBuffered(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset)
- return 0; /* peer reset */
- return ssl->error;
- }
- else {
- /* advance sent to previous sent + plain size just sent */
- sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
- WOLFSSL_MSG("sent write buffered data");
-
- if (sent > sz) {
- WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
- return ssl->error = BAD_FUNC_ARG;
- }
- }
- }
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- dtlsExtra = DTLS_RECORD_EXTRA;
- }
-#endif
-
- for (;;) {
-#ifdef HAVE_MAX_FRAGMENT
- int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE));
-#else
- int len = min(sz - sent, OUTPUT_RECORD_SIZE);
-#endif
- byte* out;
- byte* sendBuffer = (byte*)data + sent; /* may switch on comp */
- int buffSz = len; /* may switch on comp */
- int outputSz;
-#ifdef HAVE_LIBZ
- byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
-#endif
-
- if (sent == sz) break;
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- len = min(len, MAX_UDP_SIZE);
- buffSz = len;
- }
-#endif
-
- /* check for available size */
- outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA;
- if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
- return ssl->error = ret;
-
- /* get ouput buffer */
- out = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
-#ifdef HAVE_LIBZ
- if (ssl->options.usingCompression) {
- buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
- if (buffSz < 0) {
- return buffSz;
- }
- sendBuffer = comp;
- }
-#endif
- sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
- application_data);
- if (sendSz < 0)
- return BUILD_MSG_ERROR;
-
- ssl->buffers.outputBuffer.length += sendSz;
-
- if ( (ret = SendBuffered(ssl)) < 0) {
- WOLFSSL_ERROR(ret);
- /* store for next call if WANT_WRITE or user embedSend() that
- doesn't present like WANT_WRITE */
- ssl->buffers.plainSz = len;
- ssl->buffers.prevSent = sent;
- if (ret == SOCKET_ERROR_E && ssl->options.connReset)
- return 0; /* peer reset */
- return ssl->error = ret;
- }
-
- sent += len;
-
- /* only one message per attempt */
- if (ssl->options.partialWrite == 1) {
- WOLFSSL_MSG("Paritial Write on, only sending one record");
- break;
- }
- }
-
- return sent;
-}
-
-/* process input data */
-int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
-{
- int size;
-
- WOLFSSL_ENTER("ReceiveData()");
-
- if (ssl->error == WANT_READ)
- ssl->error = 0;
-
- if (ssl->error != 0 && ssl->error != WANT_WRITE) {
- WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
- return ssl->error;
- }
-
- if (ssl->options.handShakeState != HANDSHAKE_DONE) {
- int err;
- WOLFSSL_MSG("Handshake not complete, trying to finish");
- if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS)
- return err;
- }
-
-#ifdef HAVE_SECURE_RENEGOTIATION
-startScr:
- if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
- int err;
- ssl->secure_renegotiation->startScr = 0; /* only start once */
- WOLFSSL_MSG("Need to start scr, server requested");
- if ( (err = wolfSSL_Rehandshake(ssl)) != SSL_SUCCESS)
- return err;
- }
-#endif
-
- while (ssl->buffers.clearOutputBuffer.length == 0) {
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- if (ssl->error == ZERO_RETURN) {
- WOLFSSL_MSG("Zero return, no more data coming");
- return 0; /* no more data coming */
- }
- if (ssl->error == SOCKET_ERROR_E) {
- if (ssl->options.connReset || ssl->options.isClosed) {
- WOLFSSL_MSG("Peer reset or closed, connection done");
- ssl->error = SOCKET_PEER_CLOSED_E;
- WOLFSSL_ERROR(ssl->error);
- return 0; /* peer reset or closed */
- }
- }
- return ssl->error;
- }
- #ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation &&
- ssl->secure_renegotiation->startScr) {
- goto startScr;
- }
- #endif
- }
-
- if (sz < (int)ssl->buffers.clearOutputBuffer.length)
- size = sz;
- else
- size = ssl->buffers.clearOutputBuffer.length;
-
- XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
-
- if (peek == 0) {
- ssl->buffers.clearOutputBuffer.length -= size;
- ssl->buffers.clearOutputBuffer.buffer += size;
- }
-
- if (ssl->buffers.clearOutputBuffer.length == 0 &&
- ssl->buffers.inputBuffer.dynamicFlag)
- ShrinkInputBuffer(ssl, NO_FORCED_FREE);
-
- WOLFSSL_LEAVE("ReceiveData()", size);
- return size;
-}
-
-
-/* send alert message */
-int SendAlert(WOLFSSL* ssl, int severity, int type)
-{
- byte input[ALERT_SIZE];
- byte *output;
- int sendSz;
- int ret;
- int outputSz;
- int dtlsExtra = 0;
-
- /* if sendalert is called again for nonbloking */
- if (ssl->options.sendAlertState != 0) {
- ret = SendBuffered(ssl);
- if (ret == 0)
- ssl->options.sendAlertState = 0;
- return ret;
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- dtlsExtra = DTLS_RECORD_EXTRA;
- #endif
-
- /* check for available size */
- outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra;
- if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- input[0] = (byte)severity;
- input[1] = (byte)type;
- ssl->alert_history.last_tx.code = type;
- ssl->alert_history.last_tx.level = severity;
- if (severity == alert_fatal) {
- ssl->options.isClosed = 1; /* Don't send close_notify */
- }
-
- /* only send encrypted alert if handshake actually complete, otherwise
- other side may not be able to handle it */
- if (ssl->keys.encryptionOn && ssl->options.handShakeDone)
- sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert);
- else {
-
- AddRecordHeader(output, ALERT_SIZE, alert, ssl);
- output += RECORD_HEADER_SZ;
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- output += DTLS_RECORD_EXTRA;
- #endif
- XMEMCPY(output, input, ALERT_SIZE);
-
- sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- sendSz += DTLS_RECORD_EXTRA;
- #endif
- }
- if (sendSz < 0)
- return BUILD_MSG_ERROR;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("Alert", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap);
- #endif
-
- ssl->buffers.outputBuffer.length += sendSz;
- ssl->options.sendAlertState = 1;
-
- return SendBuffered(ssl);
-}
-
-const char* wolfSSL_ERR_reason_error_string(unsigned long e)
-{
-#ifdef NO_ERROR_STRINGS
-
- (void)e;
- return "no support for error strings built in";
-
-#else
-
- int error = (int)e;
-
- /* pass to wolfCrypt */
- if (error < MAX_CODE_E && error > MIN_CODE_E) {
- return wc_GetErrorString(error);
- }
-
- switch (error) {
-
- case UNSUPPORTED_SUITE :
- return "unsupported cipher suite";
-
- case INPUT_CASE_ERROR :
- return "input state error";
-
- case PREFIX_ERROR :
- return "bad index to key rounds";
-
- case MEMORY_ERROR :
- return "out of memory";
-
- case VERIFY_FINISHED_ERROR :
- return "verify problem on finished";
-
- case VERIFY_MAC_ERROR :
- return "verify mac problem";
-
- case PARSE_ERROR :
- return "parse error on header";
-
- case SIDE_ERROR :
- return "wrong client/server type";
-
- case NO_PEER_CERT :
- return "peer didn't send cert";
-
- case UNKNOWN_HANDSHAKE_TYPE :
- return "weird handshake type";
-
- case SOCKET_ERROR_E :
- return "error state on socket";
-
- case SOCKET_NODATA :
- return "expected data, not there";
-
- case INCOMPLETE_DATA :
- return "don't have enough data to complete task";
-
- case UNKNOWN_RECORD_TYPE :
- return "unknown type in record hdr";
-
- case DECRYPT_ERROR :
- return "error during decryption";
-
- case FATAL_ERROR :
- return "revcd alert fatal error";
-
- case ENCRYPT_ERROR :
- return "error during encryption";
-
- case FREAD_ERROR :
- return "fread problem";
-
- case NO_PEER_KEY :
- return "need peer's key";
-
- case NO_PRIVATE_KEY :
- return "need the private key";
-
- case NO_DH_PARAMS :
- return "server missing DH params";
-
- case RSA_PRIVATE_ERROR :
- return "error during rsa priv op";
-
- case MATCH_SUITE_ERROR :
- return "can't match cipher suite";
-
- case BUILD_MSG_ERROR :
- return "build message failure";
-
- case BAD_HELLO :
- return "client hello malformed";
-
- case DOMAIN_NAME_MISMATCH :
- return "peer subject name mismatch";
-
- case WANT_READ :
- case SSL_ERROR_WANT_READ :
- return "non-blocking socket wants data to be read";
-
- case NOT_READY_ERROR :
- return "handshake layer not ready yet, complete first";
-
- case PMS_VERSION_ERROR :
- return "premaster secret version mismatch error";
-
- case VERSION_ERROR :
- return "record layer version error";
-
- case WANT_WRITE :
- case SSL_ERROR_WANT_WRITE :
- return "non-blocking socket write buffer full";
-
- case BUFFER_ERROR :
- return "malformed buffer input error";
-
- case VERIFY_CERT_ERROR :
- return "verify problem on certificate";
-
- case VERIFY_SIGN_ERROR :
- return "verify problem based on signature";
-
- case CLIENT_ID_ERROR :
- return "psk client identity error";
-
- case SERVER_HINT_ERROR:
- return "psk server hint error";
-
- case PSK_KEY_ERROR:
- return "psk key callback error";
-
- case NTRU_KEY_ERROR:
- return "NTRU key error";
-
- case NTRU_DRBG_ERROR:
- return "NTRU drbg error";
-
- case NTRU_ENCRYPT_ERROR:
- return "NTRU encrypt error";
-
- case NTRU_DECRYPT_ERROR:
- return "NTRU decrypt error";
-
- case ZLIB_INIT_ERROR:
- return "zlib init error";
-
- case ZLIB_COMPRESS_ERROR:
- return "zlib compress error";
-
- case ZLIB_DECOMPRESS_ERROR:
- return "zlib decompress error";
-
- case GETTIME_ERROR:
- return "gettimeofday() error";
-
- case GETITIMER_ERROR:
- return "getitimer() error";
-
- case SIGACT_ERROR:
- return "sigaction() error";
-
- case SETITIMER_ERROR:
- return "setitimer() error";
-
- case LENGTH_ERROR:
- return "record layer length error";
-
- case PEER_KEY_ERROR:
- return "cant decode peer key";
-
- case ZERO_RETURN:
- case SSL_ERROR_ZERO_RETURN:
- return "peer sent close notify alert";
-
- case ECC_CURVETYPE_ERROR:
- return "Bad ECC Curve Type or unsupported";
-
- case ECC_CURVE_ERROR:
- return "Bad ECC Curve or unsupported";
-
- case ECC_PEERKEY_ERROR:
- return "Bad ECC Peer Key";
-
- case ECC_MAKEKEY_ERROR:
- return "ECC Make Key failure";
-
- case ECC_EXPORT_ERROR:
- return "ECC Export Key failure";
-
- case ECC_SHARED_ERROR:
- return "ECC DHE shared failure";
-
- case NOT_CA_ERROR:
- return "Not a CA by basic constraint error";
-
- case BAD_PATH_ERROR:
- return "Bad path for opendir error";
-
- case BAD_CERT_MANAGER_ERROR:
- return "Bad Cert Manager error";
-
- case OCSP_CERT_REVOKED:
- return "OCSP Cert revoked";
-
- case CRL_CERT_REVOKED:
- return "CRL Cert revoked";
-
- case CRL_MISSING:
- return "CRL missing, not loaded";
-
- case MONITOR_RUNNING_E:
- return "CRL monitor already running";
-
- case THREAD_CREATE_E:
- return "Thread creation problem";
-
- case OCSP_NEED_URL:
- return "OCSP need URL";
-
- case OCSP_CERT_UNKNOWN:
- return "OCSP Cert unknown";
-
- case OCSP_LOOKUP_FAIL:
- return "OCSP Responder lookup fail";
-
- case MAX_CHAIN_ERROR:
- return "Maximum Chain Depth Exceeded";
-
- case COOKIE_ERROR:
- return "DTLS Cookie Error";
-
- case SEQUENCE_ERROR:
- return "DTLS Sequence Error";
-
- case SUITES_ERROR:
- return "Suites Pointer Error";
-
- case SSL_NO_PEM_HEADER:
- return "No PEM Header Error";
-
- case OUT_OF_ORDER_E:
- return "Out of order message, fatal";
-
- case BAD_KEA_TYPE_E:
- return "Bad KEA type found";
-
- case SANITY_CIPHER_E:
- return "Sanity check on ciphertext failed";
-
- case RECV_OVERFLOW_E:
- return "Receive callback returned more than requested";
-
- case GEN_COOKIE_E:
- return "Generate Cookie Error";
-
- case NO_PEER_VERIFY:
- return "Need peer certificate verify Error";
-
- case FWRITE_ERROR:
- return "fwrite Error";
-
- case CACHE_MATCH_ERROR:
- return "Cache restore header match Error";
-
- case UNKNOWN_SNI_HOST_NAME_E:
- return "Unrecognized host name Error";
-
- case KEYUSE_SIGNATURE_E:
- return "Key Use digitalSignature not set Error";
-
- case KEYUSE_ENCIPHER_E:
- return "Key Use keyEncipherment not set Error";
-
- case EXTKEYUSE_AUTH_E:
- return "Ext Key Use server/client auth not set Error";
-
- case SEND_OOB_READ_E:
- return "Send Callback Out of Bounds Read Error";
-
- case SECURE_RENEGOTIATION_E:
- return "Invalid Renegotiation Error";
-
- case SESSION_TICKET_LEN_E:
- return "Session Ticket Too Long Error";
-
- case SESSION_TICKET_EXPECT_E:
- return "Session Ticket Error";
-
- case SCR_DIFFERENT_CERT_E:
- return "Peer sent different cert during SCR";
-
- case SESSION_SECRET_CB_E:
- return "Session Secret Callback Error";
-
- case NO_CHANGE_CIPHER_E:
- return "Finished received from peer before Change Cipher Error";
-
- case SANITY_MSG_E:
- return "Sanity Check on message order Error";
-
- case DUPLICATE_MSG_E:
- return "Duplicate HandShake message Error";
-
- case SNI_UNSUPPORTED:
- return "Protocol version does not support SNI Error";
-
- case SOCKET_PEER_CLOSED_E:
- return "Peer closed underlying transport Error";
-
- case BAD_TICKET_KEY_CB_SZ:
- return "Bad user session ticket key callback Size Error";
-
- case BAD_TICKET_MSG_SZ:
- return "Bad session ticket message Size Error";
-
- case BAD_TICKET_ENCRYPT:
- return "Bad user ticket callback encrypt Error";
-
- case DH_KEY_SIZE_E:
- return "DH key too small Error";
-
- default :
- return "unknown error number";
- }
-
-#endif /* NO_ERROR_STRINGS */
-}
-
-void SetErrorString(int error, char* str)
-{
- XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ);
-}
-
-
-/* be sure to add to cipher_name_idx too !!!! */
-static const char* const cipher_names[] =
-{
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
- "RC4-SHA",
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
- "RC4-MD5",
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
- "DES-CBC3-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
- "AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
- "AES256-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
- "NULL-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
- "NULL-SHA256",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- "DHE-RSA-AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- "DHE-RSA-AES256-SHA",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- "DHE-PSK-AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- "DHE-PSK-AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
- "PSK-AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
- "PSK-AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- "DHE-PSK-AES256-CBC-SHA384",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- "DHE-PSK-AES128-CBC-SHA256",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
- "PSK-AES256-CBC-SHA384",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
- "PSK-AES128-CBC-SHA256",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
- "PSK-AES128-CBC-SHA",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
- "PSK-AES256-CBC-SHA",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
- "DHE-PSK-AES128-CCM",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
- "DHE-PSK-AES256-CCM",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
- "PSK-AES128-CCM",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
- "PSK-AES256-CCM",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
- "PSK-AES128-CCM-8",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
- "PSK-AES256-CCM-8",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
- "DHE-PSK-NULL-SHA384",
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
- "DHE-PSK-NULL-SHA256",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
- "PSK-NULL-SHA384",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
- "PSK-NULL-SHA256",
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
- "PSK-NULL-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
- "HC128-MD5",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
- "HC128-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
- "HC128-B2B256",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
- "AES128-B2B256",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
- "AES256-B2B256",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
- "RABBIT-SHA",
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
- "NTRU-RC4-SHA",
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
- "NTRU-DES-CBC3-SHA",
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
- "NTRU-AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
- "NTRU-AES256-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
- "AES128-CCM-8",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
- "AES256-CCM-8",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- "ECDHE-ECDSA-AES128-CCM-8",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
- "ECDHE-ECDSA-AES256-CCM-8",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- "ECDHE-RSA-AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- "ECDHE-RSA-AES256-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- "ECDHE-ECDSA-AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- "ECDHE-ECDSA-AES256-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- "ECDHE-RSA-RC4-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- "ECDHE-RSA-DES-CBC3-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- "ECDHE-ECDSA-RC4-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- "ECDHE-ECDSA-DES-CBC3-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
- "AES128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
- "AES256-SHA256",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- "DHE-RSA-AES128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- "DHE-RSA-AES256-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- "ECDH-RSA-AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- "ECDH-RSA-AES256-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- "ECDH-ECDSA-AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- "ECDH-ECDSA-AES256-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
- "ECDH-RSA-RC4-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- "ECDH-RSA-DES-CBC3-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- "ECDH-ECDSA-RC4-SHA",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- "ECDH-ECDSA-DES-CBC3-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
- "AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
- "AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- "DHE-RSA-AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- "DHE-RSA-AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- "ECDHE-RSA-AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- "ECDHE-RSA-AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- "ECDHE-ECDSA-AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- "ECDHE-ECDSA-AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- "ECDH-RSA-AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- "ECDH-RSA-AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- "ECDH-ECDSA-AES128-GCM-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- "ECDH-ECDSA-AES256-GCM-SHA384",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- "CAMELLIA128-SHA",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- "DHE-RSA-CAMELLIA128-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- "CAMELLIA256-SHA",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- "DHE-RSA-CAMELLIA256-SHA",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- "CAMELLIA128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- "DHE-RSA-CAMELLIA128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- "CAMELLIA256-SHA256",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- "DHE-RSA-CAMELLIA256-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- "ECDHE-RSA-AES128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- "ECDHE-ECDSA-AES128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- "ECDH-RSA-AES128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- "ECDH-ECDSA-AES128-SHA256",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- "ECDHE-RSA-AES256-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- "ECDHE-ECDSA-AES256-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- "ECDH-RSA-AES256-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- "ECDH-ECDSA-AES256-SHA384",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- "ECDHE-RSA-CHACHA20-POLY1305",
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- "ECDHE-ECDSA-CHACHA20-POLY1305",
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- "DHE-RSA-CHACHA20-POLY1305",
-#endif
-
-#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
- "ADH-AES128-SHA",
-#endif
-
-#ifdef HAVE_RENEGOTIATION_INDICATION
- "RENEGOTIATION-INFO",
-#endif
-};
-
-
-/* cipher suite number that matches above name table */
-static int cipher_name_idx[] =
-{
-
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
- SSL_RSA_WITH_RC4_128_SHA,
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
- SSL_RSA_WITH_RC4_128_MD5,
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
- TLS_RSA_WITH_NULL_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
- TLS_RSA_WITH_NULL_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
- TLS_PSK_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
- TLS_PSK_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
- TLS_PSK_WITH_AES_256_CBC_SHA384,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
- TLS_PSK_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
- TLS_PSK_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
- TLS_DHE_PSK_WITH_AES_128_CCM,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
- TLS_DHE_PSK_WITH_AES_256_CCM,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
- TLS_PSK_WITH_AES_128_CCM,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
- TLS_PSK_WITH_AES_256_CCM,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
- TLS_PSK_WITH_AES_128_CCM_8,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
- TLS_PSK_WITH_AES_256_CCM_8,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
- TLS_DHE_PSK_WITH_NULL_SHA384,
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
- TLS_DHE_PSK_WITH_NULL_SHA256,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
- TLS_PSK_WITH_NULL_SHA384,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
- TLS_PSK_WITH_NULL_SHA256,
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
- TLS_PSK_WITH_NULL_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
- TLS_RSA_WITH_HC_128_MD5,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
- TLS_RSA_WITH_HC_128_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
- TLS_RSA_WITH_HC_128_B2B256,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
- TLS_RSA_WITH_AES_128_CBC_B2B256,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
- TLS_RSA_WITH_AES_256_CBC_B2B256,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
- TLS_RSA_WITH_RABBIT_SHA,
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
- TLS_NTRU_RSA_WITH_RC4_128_SHA,
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
- TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
- TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
- TLS_RSA_WITH_AES_128_CCM_8,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
- TLS_RSA_WITH_AES_256_CCM_8,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
- TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
- TLS_ECDH_RSA_WITH_RC4_128_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-#endif
-
-#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
- TLS_DH_anon_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef HAVE_RENEGOTIATION_INDICATION
- TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
-#endif
-};
-
-
-/* returns the cipher_names array */
-const char* const* GetCipherNames(void)
-{
- return cipher_names;
-}
-
-
-/* returns the size of the cipher_names array */
-int GetCipherNamesSize(void)
-{
- return (int)(sizeof(cipher_names) / sizeof(char*));
-}
-
-
-/**
-Set the enabled cipher suites.
-
-@param [out] suites Suites structure.
-@param [in] list List of cipher suites, only supports full name from
- cipher_name[] delimited by ':'.
-
-@return true on success, else false.
-*/
-int SetCipherList(Suites* suites, const char* list)
-{
- int ret = 0;
- int idx = 0;
- int haveRSAsig = 0;
- int haveECDSAsig = 0;
- int haveAnon = 0;
- const int suiteSz = GetCipherNamesSize();
- char* next = (char*)list;
-
- if (suites == NULL || list == NULL) {
- WOLFSSL_MSG("SetCipherList parameter error");
- return 0;
- }
-
- if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
- return 1; /* wolfSSL defualt */
-
- do {
- char* current = next;
- char name[MAX_SUITE_NAME + 1];
- int i;
- word32 length;
-
- next = XSTRSTR(next, ":");
- length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
- : (word32)(next - current));
-
- XSTRNCPY(name, current, length);
- name[(length == sizeof(name)) ? length - 1 : length] = 0;
-
- for (i = 0; i < suiteSz; i++) {
- if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
- suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
- : (XSTRSTR(name, "EC")) ? ECC_BYTE
- : (XSTRSTR(name, "CCM")) ? ECC_BYTE
- : 0x00; /* normal */
-
- suites->suites[idx++] = (byte)cipher_name_idx[i];
-
- /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA
- * suites don't necessarily have RSA in the name. */
- if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
- haveECDSAsig = 1;
- else if (XSTRSTR(name, "ADH"))
- haveAnon = 1;
- else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL))
- haveRSAsig = 1;
-
- ret = 1; /* found at least one */
- break;
- }
- }
- }
- while (next++); /* ++ needed to skip ':' */
-
- if (ret) {
- suites->setSuites = 1;
- suites->suiteSz = (word16)idx;
- InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveAnon);
- }
-
- return ret;
-}
-
-
-static void PickHashSigAlgo(WOLFSSL* ssl,
- const byte* hashSigAlgo, word32 hashSigAlgoSz)
-{
- word32 i;
-
- ssl->suites->sigAlgo = ssl->specs.sig_algo;
- ssl->suites->hashAlgo = sha_mac;
-
- /* i+1 since peek a byte ahead for type */
- for (i = 0; (i+1) < hashSigAlgoSz; i += 2) {
- if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
- if (hashSigAlgo[i] == sha_mac) {
- break;
- }
- #ifndef NO_SHA256
- else if (hashSigAlgo[i] == sha256_mac) {
- ssl->suites->hashAlgo = sha256_mac;
- break;
- }
- #endif
- #ifdef WOLFSSL_SHA384
- else if (hashSigAlgo[i] == sha384_mac) {
- ssl->suites->hashAlgo = sha384_mac;
- break;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- else if (hashSigAlgo[i] == sha512_mac) {
- ssl->suites->hashAlgo = sha512_mac;
- break;
- }
- #endif
- }
- }
-}
-
-
-#ifdef WOLFSSL_CALLBACKS
-
- /* Initialisze HandShakeInfo */
- void InitHandShakeInfo(HandShakeInfo* info)
- {
- int i;
-
- info->cipherName[0] = 0;
- for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
- info->packetNames[i][0] = 0;
- info->numberPackets = 0;
- info->negotiationError = 0;
- }
-
- /* Set Final HandShakeInfo parameters */
- void FinishHandShakeInfo(HandShakeInfo* info, const WOLFSSL* ssl)
- {
- int i;
- int sz = sizeof(cipher_name_idx)/sizeof(int);
-
- for (i = 0; i < sz; i++)
- if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) {
- if (ssl->options.cipherSuite0 == ECC_BYTE)
- continue; /* ECC suites at end */
- XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ);
- break;
- }
-
- /* error max and min are negative numbers */
- if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR)
- info->negotiationError = ssl->error;
- }
-
-
- /* Add name to info packet names, increase packet name count */
- void AddPacketName(const char* name, HandShakeInfo* info)
- {
- if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
- XSTRNCPY(info->packetNames[info->numberPackets++], name,
- MAX_PACKETNAME_SZ);
- }
- }
-
-
- /* Initialisze TimeoutInfo */
- void InitTimeoutInfo(TimeoutInfo* info)
- {
- int i;
-
- info->timeoutName[0] = 0;
- info->flags = 0;
-
- for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
- info->packets[i].packetName[0] = 0;
- info->packets[i].timestamp.tv_sec = 0;
- info->packets[i].timestamp.tv_usec = 0;
- info->packets[i].bufferValue = 0;
- info->packets[i].valueSz = 0;
- }
- info->numberPackets = 0;
- info->timeoutValue.tv_sec = 0;
- info->timeoutValue.tv_usec = 0;
- }
-
-
- /* Free TimeoutInfo */
- void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
- {
- int i;
- (void)heap;
- for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
- if (info->packets[i].bufferValue) {
- XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
- info->packets[i].bufferValue = 0;
- }
-
- }
-
-
- /* Add PacketInfo to TimeoutInfo */
- void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data,
- int sz, void* heap)
- {
- if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
- Timeval currTime;
-
- /* may add name after */
- if (name)
- XSTRNCPY(info->packets[info->numberPackets].packetName, name,
- MAX_PACKETNAME_SZ);
-
- /* add data, put in buffer if bigger than static buffer */
- info->packets[info->numberPackets].valueSz = sz;
- if (sz < MAX_VALUE_SZ)
- XMEMCPY(info->packets[info->numberPackets].value, data, sz);
- else {
- info->packets[info->numberPackets].bufferValue =
- XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
- if (!info->packets[info->numberPackets].bufferValue)
- /* let next alloc catch, just don't fill, not fatal here */
- info->packets[info->numberPackets].valueSz = 0;
- else
- XMEMCPY(info->packets[info->numberPackets].bufferValue,
- data, sz);
- }
- gettimeofday(&currTime, 0);
- info->packets[info->numberPackets].timestamp.tv_sec =
- currTime.tv_sec;
- info->packets[info->numberPackets].timestamp.tv_usec =
- currTime.tv_usec;
- info->numberPackets++;
- }
- }
-
-
- /* Add packet name to previsouly added packet info */
- void AddLateName(const char* name, TimeoutInfo* info)
- {
- /* make sure we have a valid previous one */
- if (info->numberPackets > 0 && info->numberPackets <
- MAX_PACKETS_HANDSHAKE) {
- XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name,
- MAX_PACKETNAME_SZ);
- }
- }
-
- /* Add record header to previsouly added packet info */
- void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
- {
- /* make sure we have a valid previous one */
- if (info->numberPackets > 0 && info->numberPackets <
- MAX_PACKETS_HANDSHAKE) {
- if (info->packets[info->numberPackets - 1].bufferValue)
- XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
- RECORD_HEADER_SZ);
- else
- XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
- RECORD_HEADER_SZ);
- }
- }
-
-#endif /* WOLFSSL_CALLBACKS */
-
-
-
-/* client only parts */
-#ifndef NO_WOLFSSL_CLIENT
-
- int SendClientHello(WOLFSSL* ssl)
- {
- byte *output;
- word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- int sendSz;
- int idSz = ssl->options.resuming
- ? ssl->session.sessionIDSz
- : 0;
- int ret;
-
- if (ssl->suites == NULL) {
- WOLFSSL_MSG("Bad suites pointer in SendClientHello");
- return SUITES_ERROR;
- }
-
-#ifdef HAVE_SESSION_TICKET
- if (ssl->options.resuming && ssl->session.ticketLen > 0) {
- SessionTicket* ticket;
-
- ticket = TLSX_SessionTicket_Create(0,
- ssl->session.ticket, ssl->session.ticketLen);
- if (ticket == NULL) return MEMORY_E;
-
- ret = TLSX_UseSessionTicket(&ssl->extensions, ticket);
- if (ret != SSL_SUCCESS) return ret;
-
- idSz = 0;
- }
-#endif
-
- length = VERSION_SZ + RAN_LEN
- + idSz + ENUM_LEN
- + ssl->suites->suiteSz + SUITE_LEN
- + COMP_LEN + ENUM_LEN;
-
-#ifdef HAVE_TLS_EXTENSIONS
- length += TLSX_GetRequestSize(ssl);
-#else
- if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
- length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ;
- }
-#endif
- sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- length += ENUM_LEN; /* cookie */
- if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
- sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
- idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
- }
-#endif
-
- if (ssl->keys.encryptionOn)
- sendSz += MAX_MSG_EXTRA;
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, client_hello, ssl);
-
- /* client hello, first version */
- output[idx++] = ssl->version.major;
- output[idx++] = ssl->version.minor;
- ssl->chVersion = ssl->version; /* store in case changed */
-
- /* then random */
- if (ssl->options.connectState == CONNECT_BEGIN) {
- ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
- if (ret != 0)
- return ret;
-
- /* store random */
- XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
- } else {
-#ifdef WOLFSSL_DTLS
- /* send same random on hello again */
- XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
-#endif
- }
- idx += RAN_LEN;
-
- /* then session id */
- output[idx++] = (byte)idSz;
- if (idSz) {
- XMEMCPY(output + idx, ssl->session.sessionID,
- ssl->session.sessionIDSz);
- idx += ssl->session.sessionIDSz;
- }
-
- /* then DTLS cookie */
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- byte cookieSz = ssl->arrays->cookieSz;
-
- output[idx++] = cookieSz;
- if (cookieSz) {
- XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
- idx += cookieSz;
- }
- }
-#endif
- /* then cipher suites */
- c16toa(ssl->suites->suiteSz, output + idx);
- idx += 2;
- XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
- idx += ssl->suites->suiteSz;
-
- /* last, compression */
- output[idx++] = COMP_LEN;
- if (ssl->options.usingCompression)
- output[idx++] = ZLIB_COMPRESSION;
- else
- output[idx++] = NO_COMPRESSION;
-
-#ifdef HAVE_TLS_EXTENSIONS
- idx += TLSX_WriteRequest(ssl, output + idx);
-
- (void)idx; /* suppress analyzer warning, keep idx current */
-#else
- if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
- {
- int i;
- /* add in the extensions length */
- c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx);
- idx += 2;
-
- c16toa(HELLO_EXT_SIG_ALGO, output + idx);
- idx += 2;
- c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx);
- idx += 2;
- c16toa(ssl->suites->hashSigAlgoSz, output + idx);
- idx += 2;
- for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
- output[idx] = ssl->suites->hashSigAlgo[i];
- }
- }
-#endif
-
- if (ssl->keys.encryptionOn) {
- byte* input;
- int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
-
- input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (input == NULL)
- return MEMORY_E;
-
- XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
- sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
- XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (sendSz < 0)
- return sendSz;
- } else {
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
- return ret;
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
-
- ssl->options.clientState = CLIENT_HELLO_COMPLETE;
-
-#ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz,
- ssl->heap);
-#endif
-
- ssl->buffers.outputBuffer.length += sendSz;
-
- return SendBuffered(ssl);
- }
-
-
- static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input,
- word32* inOutIdx, word32 size)
- {
- ProtocolVersion pv;
- byte cookieSz;
- word32 begin = *inOutIdx;
-
-#ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
- &ssl->handShakeInfo);
- if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
-#endif
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- DtlsPoolReset(ssl);
- }
-#endif
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size)
- return BUFFER_ERROR;
-
- XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
- *inOutIdx += OPAQUE16_LEN;
-
- cookieSz = input[(*inOutIdx)++];
-
- if (cookieSz) {
- if ((*inOutIdx - begin) + cookieSz > size)
- return BUFFER_ERROR;
-
-#ifdef WOLFSSL_DTLS
- if (cookieSz <= MAX_COOKIE_LEN) {
- XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
- ssl->arrays->cookieSz = cookieSz;
- }
-#endif
- *inOutIdx += cookieSz;
- }
-
- ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
- return 0;
- }
-
-
- static INLINE int DSH_CheckSessionId(WOLFSSL* ssl)
- {
- int ret = 0;
-
-#ifdef HAVE_SECRET_CALLBACK
- /* If a session secret callback exists, we are using that
- * key instead of the saved session key. */
- ret = ret || (ssl->sessionSecretCb != NULL);
-#endif
-
-#ifdef HAVE_SESSION_TICKET
- /* server may send blank ticket which may not be expected to indicate
- * exisiting one ok but will also be sending a new one */
- ret = ret || (ssl->session.ticketLen > 0);
-#endif
-
- ret = ret ||
- (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
- ssl->session.sessionID, ID_LEN) == 0);
-
- return ret;
- }
-
- static int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- word32 helloSz)
- {
- byte cs0; /* cipher suite bytes 0, 1 */
- byte cs1;
- ProtocolVersion pv;
- byte compression;
- word32 i = *inOutIdx;
- word32 begin = i;
-
-#ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
- if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
-#endif
-
- /* protocol version, random and session id length check */
- if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
- return BUFFER_ERROR;
-
- /* protocol version */
- XMEMCPY(&pv, input + i, OPAQUE16_LEN);
- i += OPAQUE16_LEN;
-
- if (pv.minor > ssl->version.minor) {
- WOLFSSL_MSG("Server using higher version, fatal error");
- return VERSION_ERROR;
- }
- else if (pv.minor < ssl->version.minor) {
- WOLFSSL_MSG("server using lower version");
-
- if (!ssl->options.downgrade) {
- WOLFSSL_MSG(" no downgrade allowed, fatal error");
- return VERSION_ERROR;
- }
- if (pv.minor < ssl->options.minDowngrade) {
- WOLFSSL_MSG(" version below minimum allowed, fatal error");
- return VERSION_ERROR;
- }
-
- #ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation &&
- ssl->secure_renegotiation->enabled &&
- ssl->options.handShakeDone) {
- WOLFSSL_MSG("Server changed version during scr");
- return VERSION_ERROR;
- }
- #endif
-
- if (pv.minor == SSLv3_MINOR) {
- /* turn off tls */
- WOLFSSL_MSG(" downgrading to SSLv3");
- ssl->options.tls = 0;
- ssl->options.tls1_1 = 0;
- ssl->version.minor = SSLv3_MINOR;
- }
- else if (pv.minor == TLSv1_MINOR) {
- /* turn off tls 1.1+ */
- WOLFSSL_MSG(" downgrading to TLSv1");
- ssl->options.tls1_1 = 0;
- ssl->version.minor = TLSv1_MINOR;
- }
- else if (pv.minor == TLSv1_1_MINOR) {
- WOLFSSL_MSG(" downgrading to TLSv1.1");
- ssl->version.minor = TLSv1_1_MINOR;
- }
- }
-
- /* random */
- XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
- i += RAN_LEN;
-
- /* session id */
- ssl->arrays->sessionIDSz = input[i++];
-
- if (ssl->arrays->sessionIDSz > ID_LEN) {
- WOLFSSL_MSG("Invalid session ID size");
- ssl->arrays->sessionIDSz = 0;
- return BUFFER_ERROR;
- }
- else if (ssl->arrays->sessionIDSz) {
- if ((i - begin) + ssl->arrays->sessionIDSz > helloSz)
- return BUFFER_ERROR;
-
- XMEMCPY(ssl->arrays->sessionID, input + i,
- ssl->arrays->sessionIDSz);
- i += ssl->arrays->sessionIDSz;
- ssl->options.haveSessionId = 1;
- }
-
-
- /* suite and compression */
- if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
- return BUFFER_ERROR;
-
- cs0 = input[i++];
- cs1 = input[i++];
-
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled &&
- ssl->options.handShakeDone) {
- if (ssl->options.cipherSuite0 != cs0 ||
- ssl->options.cipherSuite != cs1) {
- WOLFSSL_MSG("Server changed cipher suite during scr");
- return MATCH_SUITE_ERROR;
- }
- }
-#endif
-
- ssl->options.cipherSuite0 = cs0;
- ssl->options.cipherSuite = cs1;
- compression = input[i++];
-
- if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
- WOLFSSL_MSG("Server refused compression, turning off");
- ssl->options.usingCompression = 0; /* turn off if server refused */
- }
-
- *inOutIdx = i;
-
- /* tls extensions */
- if ( (i - begin) < helloSz) {
-#ifdef HAVE_TLS_EXTENSIONS
- if (TLSX_SupportExtensions(ssl)) {
- int ret = 0;
- word16 totalExtSz;
-
- if ((i - begin) + OPAQUE16_LEN > helloSz)
- return BUFFER_ERROR;
-
- ato16(&input[i], &totalExtSz);
- i += OPAQUE16_LEN;
-
- if ((i - begin) + totalExtSz > helloSz)
- return BUFFER_ERROR;
-
- if ((ret = TLSX_Parse(ssl, (byte *) input + i,
- totalExtSz, 0, NULL)))
- return ret;
-
- i += totalExtSz;
- *inOutIdx = i;
- }
- else
-#endif
- *inOutIdx = begin + helloSz; /* skip extensions */
- }
-
- ssl->options.serverState = SERVER_HELLO_COMPLETE;
-
- if (ssl->keys.encryptionOn) {
- *inOutIdx += ssl->keys.padSz;
- }
-
-#ifdef HAVE_SECRET_CALLBACK
- if (ssl->sessionSecretCb != NULL) {
- int secretSz = SECRET_LEN, ret;
- ret = ssl->sessionSecretCb(ssl, ssl->session.masterSecret,
- &secretSz, ssl->sessionSecretCtx);
- if (ret != 0 || secretSz != SECRET_LEN)
- return SESSION_SECRET_CB_E;
- }
-#endif /* HAVE_SECRET_CALLBACK */
-
- if (ssl->options.resuming) {
- if (DSH_CheckSessionId(ssl)) {
- if (SetCipherSpecs(ssl) == 0) {
- int ret = -1;
-
- XMEMCPY(ssl->arrays->masterSecret,
- ssl->session.masterSecret, SECRET_LEN);
- #ifdef NO_OLD_TLS
- ret = DeriveTlsKeys(ssl);
- #else
- #ifndef NO_TLS
- if (ssl->options.tls)
- ret = DeriveTlsKeys(ssl);
- #endif
- if (!ssl->options.tls)
- ret = DeriveKeys(ssl);
- #endif
- ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
-
- return ret;
- }
- else {
- WOLFSSL_MSG("Unsupported cipher suite, DoServerHello");
- return UNSUPPORTED_SUITE;
- }
- }
- else {
- WOLFSSL_MSG("Server denied resumption attempt");
- ssl->options.resuming = 0; /* server denied resumption try */
- }
- }
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- DtlsPoolReset(ssl);
- }
- #endif
-
- return SetCipherSpecs(ssl);
- }
-
-
- /* Make sure client setup is valid for this suite, true on success */
- int VerifyClientSuite(WOLFSSL* ssl)
- {
- int havePSK = 0;
- byte first = ssl->options.cipherSuite0;
- byte second = ssl->options.cipherSuite;
-
- WOLFSSL_ENTER("VerifyClientSuite");
-
- #ifndef NO_PSK
- havePSK = ssl->options.havePSK;
- #endif
-
- if (CipherRequires(first, second, REQUIRES_PSK)) {
- WOLFSSL_MSG("Requires PSK");
- if (havePSK == 0) {
- WOLFSSL_MSG("Don't have PSK");
- return 0;
- }
- }
-
- return 1; /* success */
- }
-
-
-#ifndef NO_CERTS
- /* just read in and ignore for now TODO: */
- static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*
- inOutIdx, word32 size)
- {
- word16 len;
- word32 begin = *inOutIdx;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("CertificateRequest", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddLateName("CertificateRequest", &ssl->timeoutInfo);
- #endif
-
- if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
- return BUFFER_ERROR;
-
- len = input[(*inOutIdx)++];
-
- if ((*inOutIdx - begin) + len > size)
- return BUFFER_ERROR;
-
- /* types, read in here */
- *inOutIdx += len;
-
- /* signature and hash signature algorithm */
- if (IsAtLeastTLSv1_2(ssl)) {
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &len);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + len > size)
- return BUFFER_ERROR;
-
- PickHashSigAlgo(ssl, input + *inOutIdx, len);
- *inOutIdx += len;
- }
-
- /* authorities */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &len);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + len > size)
- return BUFFER_ERROR;
-
- while (len) {
- word16 dnSz;
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &dnSz);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + dnSz > size)
- return BUFFER_ERROR;
-
- *inOutIdx += dnSz;
- len -= OPAQUE16_LEN + dnSz;
- }
-
- /* don't send client cert or cert verify if user hasn't provided
- cert and private key */
- if (ssl->buffers.certificate.buffer && ssl->buffers.key.buffer)
- ssl->options.sendVerify = SEND_CERT;
- else if (IsTLS(ssl))
- ssl->options.sendVerify = SEND_BLANK_CERT;
-
- if (ssl->keys.encryptionOn)
- *inOutIdx += ssl->keys.padSz;
-
- return 0;
- }
-#endif /* !NO_CERTS */
-
-
-#ifdef HAVE_ECC
-
- static int CheckCurveId(int oid)
- {
- int ret = 0;
-
- switch (oid) {
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
- case WOLFSSL_ECC_SECP160R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
- case WOLFSSL_ECC_SECP192R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
- case WOLFSSL_ECC_SECP224R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
- case WOLFSSL_ECC_SECP256R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
- case WOLFSSL_ECC_SECP384R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
- case WOLFSSL_ECC_SECP521R1:
-#endif
- break;
-
- default:
- ret = -1;
- }
-
- return ret;
- }
-
-#endif /* HAVE_ECC */
-
- static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
- word32* inOutIdx, word32 size)
- {
- word16 length = 0;
- word32 begin = *inOutIdx;
- int ret = 0;
- #define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0)
-
- (void)length; /* shut up compiler warnings */
- (void)begin;
- (void)ssl;
- (void)input;
- (void)size;
- (void)ret;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
- #endif
-
- #ifndef NO_PSK
- if (ssl->specs.kea == psk_kea) {
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx,
- min(length, MAX_PSK_ID_LEN));
-
- ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
- *inOutIdx += length;
-
- return 0;
- }
- #endif
- #ifndef NO_DH
- if (ssl->specs.kea == diffie_hellman_kea)
- {
- /* p */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- if (length < ssl->options.minDhKeySz) {
- WOLFSSL_MSG("Server using a DH key that is too small");
- SendAlert(ssl, alert_fatal, handshake_failure);
- return DH_KEY_SIZE_E;
- }
-
- ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
- DYNAMIC_TYPE_DH);
-
- if (ssl->buffers.serverDH_P.buffer)
- ssl->buffers.serverDH_P.length = length;
- else
- return MEMORY_ERROR;
-
- XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
- *inOutIdx += length;
-
- ssl->options.dhKeySz = length;
-
- /* g */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap,
- DYNAMIC_TYPE_DH);
-
- if (ssl->buffers.serverDH_G.buffer)
- ssl->buffers.serverDH_G.length = length;
- else
- return MEMORY_ERROR;
-
- XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length);
- *inOutIdx += length;
-
- /* pub */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap,
- DYNAMIC_TYPE_DH);
-
- if (ssl->buffers.serverDH_Pub.buffer)
- ssl->buffers.serverDH_Pub.length = length;
- else
- return MEMORY_ERROR;
-
- XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length);
- *inOutIdx += length;
- } /* dh_kea */
- #endif /* NO_DH */
-
- #ifdef HAVE_ECC
- if (ssl->specs.kea == ecc_diffie_hellman_kea)
- {
- byte b;
-
- if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN + OPAQUE8_LEN > size)
- return BUFFER_ERROR;
-
- b = input[(*inOutIdx)++];
-
- if (b != named_curve)
- return ECC_CURVETYPE_ERROR;
-
- *inOutIdx += 1; /* curve type, eat leading 0 */
- b = input[(*inOutIdx)++];
-
- if (CheckCurveId(b) != 0) {
- return ECC_CURVE_ERROR;
- }
-
- length = input[(*inOutIdx)++];
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- if (ssl->peerEccKey == NULL) {
- /* alloc/init on demand */
- ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
- ssl->ctx->heap, DYNAMIC_TYPE_ECC);
- if (ssl->peerEccKey == NULL) {
- WOLFSSL_MSG("PeerEccKey Memory error");
- return MEMORY_E;
- }
- wc_ecc_init(ssl->peerEccKey);
- } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
- wc_ecc_free(ssl->peerEccKey);
- ssl->peerEccKeyPresent = 0;
- wc_ecc_init(ssl->peerEccKey);
- }
-
- if (wc_ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey) != 0)
- return ECC_PEERKEY_ERROR;
-
- *inOutIdx += length;
- ssl->peerEccKeyPresent = 1;
- }
- #endif /* HAVE_ECC */
-
- #if !defined(NO_DH) && !defined(NO_PSK)
- if (ssl->specs.kea == dhe_psk_kea) {
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx,
- min(length, MAX_PSK_ID_LEN));
-
- ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
- *inOutIdx += length;
-
- /* p */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- if (length < ssl->options.minDhKeySz) {
- WOLFSSL_MSG("Server using a DH key that is too small");
- SendAlert(ssl, alert_fatal, handshake_failure);
- return DH_KEY_SIZE_E;
- }
-
- ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
- DYNAMIC_TYPE_DH);
-
- if (ssl->buffers.serverDH_P.buffer)
- ssl->buffers.serverDH_P.length = length;
- else
- return MEMORY_ERROR;
-
- XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
- *inOutIdx += length;
-
- ssl->options.dhKeySz = length;
-
- /* g */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap,
- DYNAMIC_TYPE_DH);
-
- if (ssl->buffers.serverDH_G.buffer)
- ssl->buffers.serverDH_G.length = length;
- else
- return MEMORY_ERROR;
-
- XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length);
- *inOutIdx += length;
-
- /* pub */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap,
- DYNAMIC_TYPE_DH);
-
- if (ssl->buffers.serverDH_Pub.buffer)
- ssl->buffers.serverDH_Pub.length = length;
- else
- return MEMORY_ERROR;
-
- XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length);
- *inOutIdx += length;
- }
- #endif /* !NO_DH || !NO_PSK */
-
- #if !defined(NO_DH) || defined(HAVE_ECC)
- if (!ssl->options.usingAnon_cipher &&
- (ssl->specs.kea == ecc_diffie_hellman_kea ||
- ssl->specs.kea == diffie_hellman_kea))
- {
-#ifndef NO_OLD_TLS
-#ifdef WOLFSSL_SMALL_STACK
- Md5* md5 = NULL;
- Sha* sha = NULL;
-#else
- Md5 md5[1];
- Sha sha[1];
-#endif
-#endif
-#ifndef NO_SHA256
-#ifdef WOLFSSL_SMALL_STACK
- Sha256* sha256 = NULL;
- byte* hash256 = NULL;
-#else
- Sha256 sha256[1];
- byte hash256[SHA256_DIGEST_SIZE];
-#endif
-#endif
-#ifdef WOLFSSL_SHA384
-#ifdef WOLFSSL_SMALL_STACK
- Sha384* sha384 = NULL;
- byte* hash384 = NULL;
-#else
- Sha384 sha384[1];
- byte hash384[SHA384_DIGEST_SIZE];
-#endif
-#endif
-#ifdef WOLFSSL_SHA512
-#ifdef WOLFSSL_SMALL_STACK
- Sha512* sha512 = NULL;
- byte* hash512 = NULL;
-#else
- Sha512 sha512[1];
- byte hash512[SHA512_DIGEST_SIZE];
-#endif
-#endif
-#ifdef WOLFSSL_SMALL_STACK
- byte* hash = NULL;
- byte* messageVerify = NULL;
-#else
- byte hash[FINISHED_SZ];
- byte messageVerify[MAX_DH_SZ];
-#endif
- byte hashAlgo = sha_mac;
- byte sigAlgo = ssl->specs.sig_algo;
- word16 verifySz = (word16) (*inOutIdx - begin);
-
-#ifndef NO_OLD_TLS
- byte doMd5 = 0;
- byte doSha = 0;
-#endif
-#ifndef NO_SHA256
- byte doSha256 = 0;
-#endif
-#ifdef WOLFSSL_SHA384
- byte doSha384 = 0;
-#endif
-#ifdef WOLFSSL_SHA512
- byte doSha512 = 0;
-#endif
-
- (void)hash;
- (void)sigAlgo;
- (void)hashAlgo;
-
- /* save message for hash verify */
- if (verifySz > MAX_DH_SZ)
- ERROR_OUT(BUFFER_ERROR, done);
-
- #ifdef WOLFSSL_SMALL_STACK
- messageVerify = (byte*)XMALLOC(MAX_DH_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (messageVerify == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
-
- XMEMCPY(messageVerify, input + begin, verifySz);
-
- if (IsAtLeastTLSv1_2(ssl)) {
- byte setHash = 0;
- if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
- ERROR_OUT(BUFFER_ERROR, done);
-
- hashAlgo = input[(*inOutIdx)++];
- sigAlgo = input[(*inOutIdx)++];
-
- switch (hashAlgo) {
- case sha512_mac:
- #ifdef WOLFSSL_SHA512
- doSha512 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha384_mac:
- #ifdef WOLFSSL_SHA384
- doSha384 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha256_mac:
- #ifndef NO_SHA256
- doSha256 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha_mac:
- #ifndef NO_OLD_TLS
- doSha = 1;
- setHash = 1;
- #endif
- break;
-
- default:
- ERROR_OUT(ALGO_ID_E, done);
- }
-
- if (setHash == 0) {
- ERROR_OUT(ALGO_ID_E, done);
- }
-
- } else {
- /* only using sha and md5 for rsa */
- #ifndef NO_OLD_TLS
- doSha = 1;
- if (sigAlgo == rsa_sa_algo) {
- doMd5 = 1;
- }
- #else
- ERROR_OUT(ALGO_ID_E, done);
- #endif
- }
-
- /* signature */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- ERROR_OUT(BUFFER_ERROR, done);
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + length > size)
- ERROR_OUT(BUFFER_ERROR, done);
-
- /* inOutIdx updated at the end of the function */
-
- /* verify signature */
- #ifdef WOLFSSL_SMALL_STACK
- hash = (byte*)XMALLOC(FINISHED_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (hash == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
-
-#ifndef NO_OLD_TLS
- /* md5 */
- #ifdef WOLFSSL_SMALL_STACK
- if (doMd5) {
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- if (doMd5) {
- wc_InitMd5(md5);
- wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
- wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
- wc_Md5Update(md5, messageVerify, verifySz);
- wc_Md5Final(md5, hash);
- }
- /* sha */
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha) {
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha == NULL)
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- if (doSha) {
- ret = wc_InitSha(sha);
- if (ret != 0) goto done;
- wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
- wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
- wc_ShaUpdate(sha, messageVerify, verifySz);
- wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
- }
-#endif
-
-#ifndef NO_SHA256
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha256) {
- sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha256 == NULL || hash256 == NULL)
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- if (doSha256) {
- if (!(ret = wc_InitSha256(sha256))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
- RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
- RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz)))
- ret = wc_Sha256Final(sha256, hash256);
- if (ret != 0) goto done;
- }
-#endif
-
-#ifdef WOLFSSL_SHA384
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha384) {
- sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha384 == NULL || hash384 == NULL)
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- if (doSha384) {
- if (!(ret = wc_InitSha384(sha384))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
- RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
- RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz)))
- ret = wc_Sha384Final(sha384, hash384);
- if (ret != 0) goto done;
- }
-#endif
-
-#ifdef WOLFSSL_SHA512
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha512) {
- sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha512 == NULL || hash512 == NULL)
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- if (doSha512) {
- if (!(ret = wc_InitSha512(sha512))
- && !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
- RAN_LEN))
- && !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
- RAN_LEN))
- && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
- ret = wc_Sha512Final(sha512, hash512);
- if (ret != 0) goto done;
- }
-#endif
-
-#ifndef NO_RSA
- /* rsa */
- if (sigAlgo == rsa_sa_algo)
- {
- byte* out = NULL;
- byte doUserRsa = 0;
- word32 verifiedSz = 0;
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->RsaVerifyCb)
- doUserRsa = 1;
- #endif /*HAVE_PK_CALLBACKS */
-
- if (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)
- ERROR_OUT(NO_PEER_KEY, done);
-
- if (doUserRsa) {
- #ifdef HAVE_PK_CALLBACKS
- verifiedSz = ssl->ctx->RsaVerifyCb(ssl,
- (byte *)input + *inOutIdx,
- length, &out,
- ssl->buffers.peerRsaKey.buffer,
- ssl->buffers.peerRsaKey.length,
- ssl->RsaVerifyCtx);
- #endif /*HAVE_PK_CALLBACKS */
- }
- else
- verifiedSz = wc_RsaSSL_VerifyInline((byte *)input + *inOutIdx,
- length, &out, ssl->peerRsaKey);
-
- if (IsAtLeastTLSv1_2(ssl)) {
- word32 encSigSz;
-#ifndef NO_OLD_TLS
- byte* digest = &hash[MD5_DIGEST_SIZE];
- int typeH = SHAh;
- int digestSz = SHA_DIGEST_SIZE;
-#else
- byte* digest = hash256;
- int typeH = SHA256h;
- int digestSz = SHA256_DIGEST_SIZE;
-#endif
-#ifdef WOLFSSL_SMALL_STACK
- byte* encodedSig = NULL;
-#else
- byte encodedSig[MAX_ENCODED_SIG_SZ];
-#endif
-
- if (hashAlgo == sha_mac) {
- #ifndef NO_SHA
- digest = &hash[MD5_DIGEST_SIZE];
- typeH = SHAh;
- digestSz = SHA_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = hash256;
- typeH = SHA256h;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = hash384;
- typeH = SHA384h;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = hash512;
- typeH = SHA512h;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
-
- if (digest == NULL)
- ERROR_OUT(ALGO_ID_E, done);
- encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz,
- typeH);
- if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig,
- min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
- ret = VERIFY_SIGN_ERROR;
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret != 0)
- goto done;
- }
- else if (verifiedSz != FINISHED_SZ || !out || XMEMCMP(out,
- hash, FINISHED_SZ) != 0)
- ERROR_OUT(VERIFY_SIGN_ERROR, done);
- } else
-#endif
-#ifdef HAVE_ECC
- /* ecdsa */
- if (sigAlgo == ecc_dsa_sa_algo) {
- int verify = 0;
-#ifndef NO_OLD_TLS
- byte* digest = &hash[MD5_DIGEST_SIZE];
- word32 digestSz = SHA_DIGEST_SIZE;
-#else
- byte* digest = hash256;
- word32 digestSz = SHA256_DIGEST_SIZE;
-#endif
- byte doUserEcc = 0;
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->EccVerifyCb)
- doUserEcc = 1;
- #endif
-
- if (!ssl->peerEccDsaKeyPresent)
- ERROR_OUT(NO_PEER_KEY, done);
-
- if (IsAtLeastTLSv1_2(ssl)) {
- if (hashAlgo == sha_mac) {
- #ifndef NO_SHA
- digest = &hash[MD5_DIGEST_SIZE];
- digestSz = SHA_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = hash256;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = hash384;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = hash512;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
- }
- if (doUserEcc) {
- #ifdef HAVE_PK_CALLBACKS
- ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, length,
- digest, digestSz,
- ssl->buffers.peerEccDsaKey.buffer,
- ssl->buffers.peerEccDsaKey.length,
- &verify, ssl->EccVerifyCtx);
- #endif
- }
- else {
- ret = wc_ecc_verify_hash(input + *inOutIdx, length,
- digest, digestSz, &verify, ssl->peerEccDsaKey);
- }
- if (ret != 0 || verify == 0)
- ERROR_OUT(VERIFY_SIGN_ERROR, done);
- }
- else
-#endif /* HAVE_ECC */
- ERROR_OUT(ALGO_ID_E, done);
-
- /* signature length */
- *inOutIdx += length;
-
- ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
-
- done:
-#ifdef WOLFSSL_SMALL_STACK
- #ifndef NO_OLD_TLS
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifndef NO_SHA256
- XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SHA384
- XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SHA512
- XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(messageVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- if (ret != 0)
- return ret;
- }
-
- if (ssl->keys.encryptionOn) {
- *inOutIdx += ssl->keys.padSz;
- }
-
- return 0;
-#else /* !NO_DH or HAVE_ECC */
- return NOT_COMPILED_IN; /* not supported by build */
-#endif /* !NO_DH or HAVE_ECC */
-
- #undef ERROR_OUT
- }
-
-
- int SendClientKeyExchange(WOLFSSL* ssl)
- {
-#ifdef WOLFSSL_SMALL_STACK
- byte* encSecret = NULL;
-#else
- byte encSecret[MAX_ENCRYPT_SZ];
-#endif
- word32 encSz = 0;
- word32 idx = 0;
- int ret = 0;
- byte doUserRsa = 0;
-
- (void)doUserRsa;
-
-#ifdef HAVE_PK_CALLBACKS
- #ifndef NO_RSA
- if (ssl->ctx->RsaEncCb)
- doUserRsa = 1;
- #endif /* NO_RSA */
-#endif /*HAVE_PK_CALLBACKS */
-
- #ifdef WOLFSSL_SMALL_STACK
- encSecret = (byte*)XMALLOC(MAX_ENCRYPT_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encSecret == NULL)
- return MEMORY_E;
- #endif
-
- switch (ssl->specs.kea) {
- #ifndef NO_RSA
- case rsa_kea:
- ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
- SECRET_LEN);
- if (ret != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
-
- ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
- ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
- ssl->arrays->preMasterSz = SECRET_LEN;
-
- if (ssl->peerRsaKey == NULL || ssl->peerRsaKeyPresent == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NO_PEER_KEY;
- }
-
- if (doUserRsa) {
- #ifdef HAVE_PK_CALLBACKS
- #ifndef NO_RSA
- encSz = MAX_ENCRYPT_SZ;
- ret = ssl->ctx->RsaEncCb(ssl,
- ssl->arrays->preMasterSecret,
- SECRET_LEN,
- encSecret, &encSz,
- ssl->buffers.peerRsaKey.buffer,
- ssl->buffers.peerRsaKey.length,
- ssl->RsaEncCtx);
- #endif /* NO_RSA */
- #endif /*HAVE_PK_CALLBACKS */
- }
- else {
- ret = wc_RsaPublicEncrypt(ssl->arrays->preMasterSecret,
- SECRET_LEN, encSecret, MAX_ENCRYPT_SZ,
- ssl->peerRsaKey, ssl->rng);
- if (ret > 0) {
- encSz = ret;
- ret = 0; /* set success to 0 */
- }
- }
- break;
- #endif
- #ifndef NO_DH
- case diffie_hellman_kea:
- {
- buffer serverP = ssl->buffers.serverDH_P;
- buffer serverG = ssl->buffers.serverDH_G;
- buffer serverPub = ssl->buffers.serverDH_Pub;
- #ifdef WOLFSSL_SMALL_STACK
- byte* priv = NULL;
- #else
- byte priv[ENCRYPT_LEN];
- #endif
- word32 privSz = 0;
- DhKey key;
-
- if (serverP.buffer == 0 || serverG.buffer == 0 ||
- serverPub.buffer == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NO_PEER_KEY;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- priv = (byte*)XMALLOC(ENCRYPT_LEN, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL) {
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #endif
-
- wc_InitDhKey(&key);
- ret = wc_DhSetKey(&key, serverP.buffer, serverP.length,
- serverG.buffer, serverG.length);
- if (ret == 0)
- /* for DH, encSecret is Yc, agree is pre-master */
- ret = wc_DhGenerateKeyPair(&key, ssl->rng, priv, &privSz,
- encSecret, &encSz);
- if (ret == 0)
- ret = wc_DhAgree(&key, ssl->arrays->preMasterSecret,
- &ssl->arrays->preMasterSz, priv, privSz,
- serverPub.buffer, serverPub.length);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- wc_FreeDhKey(&key);
- }
- break;
- #endif /* NO_DH */
- #ifndef NO_PSK
- case psk_kea:
- {
- byte* pms = ssl->arrays->preMasterSecret;
-
- ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
- ssl->arrays->server_hint, ssl->arrays->client_identity,
- MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
- if (ssl->arrays->psk_keySz == 0 ||
- ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return PSK_KEY_ERROR;
- }
- encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
- if (encSz > MAX_PSK_ID_LEN) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return CLIENT_ID_ERROR;
- }
- XMEMCPY(encSecret, ssl->arrays->client_identity, encSz);
-
- /* make psk pre master secret */
- /* length of key + length 0s + length of key + key */
- c16toa((word16)ssl->arrays->psk_keySz, pms);
- pms += 2;
- XMEMSET(pms, 0, ssl->arrays->psk_keySz);
- pms += ssl->arrays->psk_keySz;
- c16toa((word16)ssl->arrays->psk_keySz, pms);
- pms += 2;
- XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
- ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->psk_keySz = 0; /* No further need */
- }
- break;
- #endif /* NO_PSK */
- #if !defined(NO_DH) && !defined(NO_PSK)
- case dhe_psk_kea:
- {
- byte* pms = ssl->arrays->preMasterSecret;
- byte* es = encSecret;
- buffer serverP = ssl->buffers.serverDH_P;
- buffer serverG = ssl->buffers.serverDH_G;
- buffer serverPub = ssl->buffers.serverDH_Pub;
- #ifdef WOLFSSL_SMALL_STACK
- byte* priv = NULL;
- #else
- byte priv[ENCRYPT_LEN];
- #endif
- word32 privSz = 0;
- word32 pubSz = 0;
- word32 esSz = 0;
- DhKey key;
-
- if (serverP.buffer == 0 || serverG.buffer == 0 ||
- serverPub.buffer == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NO_PEER_KEY;
- }
-
- ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
- ssl->arrays->server_hint, ssl->arrays->client_identity,
- MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
- if (ssl->arrays->psk_keySz == 0 ||
- ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return PSK_KEY_ERROR;
- }
- esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
-
- if (esSz > MAX_PSK_ID_LEN) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return CLIENT_ID_ERROR;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- priv = (byte*)XMALLOC(ENCRYPT_LEN, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL) {
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #endif
- c16toa((word16)esSz, es);
- es += OPAQUE16_LEN;
- XMEMCPY(es, ssl->arrays->client_identity, esSz);
- es += esSz;
- encSz = esSz + OPAQUE16_LEN;
-
- wc_InitDhKey(&key);
- ret = wc_DhSetKey(&key, serverP.buffer, serverP.length,
- serverG.buffer, serverG.length);
- if (ret == 0)
- /* for DH, encSecret is Yc, agree is pre-master */
- ret = wc_DhGenerateKeyPair(&key, ssl->rng, priv, &privSz,
- es + OPAQUE16_LEN, &pubSz);
- if (ret == 0)
- ret = wc_DhAgree(&key, pms + OPAQUE16_LEN,
- &ssl->arrays->preMasterSz, priv, privSz,
- serverPub.buffer, serverPub.length);
- wc_FreeDhKey(&key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
-
- c16toa((word16)pubSz, es);
- encSz += pubSz + OPAQUE16_LEN;
- c16toa((word16)ssl->arrays->preMasterSz, pms);
- ssl->arrays->preMasterSz += OPAQUE16_LEN;
- pms += ssl->arrays->preMasterSz;
-
- /* make psk pre master secret */
- /* length of key + length 0s + length of key + key */
- c16toa((word16)ssl->arrays->psk_keySz, pms);
- pms += OPAQUE16_LEN;
- XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->preMasterSz +=
- ssl->arrays->psk_keySz + OPAQUE16_LEN;
- ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->psk_keySz = 0; /* No further need */
- }
- break;
- #endif /* !NO_DH && !NO_PSK */
- #ifdef HAVE_NTRU
- case ntru_kea:
- {
- word32 rc;
- word16 cipherLen = MAX_ENCRYPT_SZ;
- DRBG_HANDLE drbg;
- static uint8_t const wolfsslStr[] = {
- 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
- };
-
- ret = wc_RNG_GenerateBlock(ssl->rng,
- ssl->arrays->preMasterSecret, SECRET_LEN);
- if (ret != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
-
- ssl->arrays->preMasterSz = SECRET_LEN;
-
- if (ssl->peerNtruKeyPresent == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NO_PEER_KEY;
- }
-
- rc = ntru_crypto_drbg_instantiate(MAX_NTRU_BITS, wolfsslStr,
- sizeof(wolfsslStr), GetEntropy,
- &drbg);
- if (rc != DRBG_OK) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NTRU_DRBG_ERROR;
- }
-
- rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
- ssl->peerNtruKey,
- ssl->arrays->preMasterSz,
- ssl->arrays->preMasterSecret,
- &cipherLen, encSecret);
- ntru_crypto_drbg_uninstantiate(drbg);
- if (rc != NTRU_OK) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NTRU_ENCRYPT_ERROR;
- }
-
- encSz = cipherLen;
- ret = 0;
- }
- break;
- #endif /* HAVE_NTRU */
- #ifdef HAVE_ECC
- case ecc_diffie_hellman_kea:
- {
- ecc_key myKey;
- ecc_key* peerKey = NULL;
- word32 size = MAX_ENCRYPT_SZ;
-
- if (ssl->specs.static_ecdh) {
- /* TODO: EccDsa is really fixed Ecc change naming */
- if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent ||
- !ssl->peerEccDsaKey->dp) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NO_PEER_KEY;
- }
- peerKey = ssl->peerEccDsaKey;
- }
- else {
- if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
- !ssl->peerEccKey->dp) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NO_PEER_KEY;
- }
- peerKey = ssl->peerEccKey;
- }
-
- if (peerKey == NULL) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return NO_PEER_KEY;
- }
-
- wc_ecc_init(&myKey);
- ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
- if (ret != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ECC_MAKEKEY_ERROR;
- }
-
- /* precede export with 1 byte length */
- ret = wc_ecc_export_x963(&myKey, encSecret + 1, &size);
- encSecret[0] = (byte)size;
- encSz = size + 1;
-
- if (ret != 0)
- ret = ECC_EXPORT_ERROR;
- else {
- size = sizeof(ssl->arrays->preMasterSecret);
- ret = wc_ecc_shared_secret(&myKey, peerKey,
- ssl->arrays->preMasterSecret, &size);
- if (ret != 0)
- ret = ECC_SHARED_ERROR;
- }
-
- ssl->arrays->preMasterSz = size;
- wc_ecc_free(&myKey);
- }
- break;
- #endif /* HAVE_ECC */
- default:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ALGO_ID_E; /* unsupported kea */
- }
-
- if (ret == 0) {
- byte *output;
- int sendSz;
- word32 tlsSz = 0;
-
- if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea)
- tlsSz = 2;
-
- if (ssl->specs.kea == ecc_diffie_hellman_kea ||
- ssl->specs.kea == dhe_psk_kea) /* always off */
- tlsSz = 0;
-
- sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
- idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
- idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
- }
- #endif
-
- if (ssl->keys.encryptionOn)
- sendSz += MAX_MSG_EXTRA;
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl);
-
- if (tlsSz) {
- c16toa((word16)encSz, &output[idx]);
- idx += 2;
- }
- XMEMCPY(output + idx, encSecret, encSz);
- idx += encSz;
-
- if (ssl->keys.encryptionOn) {
- byte* input;
- int inputSz = idx-RECORD_HEADER_SZ; /* buildmsg adds rechdr */
-
- input = (byte*)XMALLOC(inputSz, ssl->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (input == NULL) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return MEMORY_E;
- }
-
- XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
- sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
- handshake);
- XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (sendSz < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return sendSz;
- }
- } else {
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- }
- #endif
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo,
- output, sendSz, ssl->heap);
- #endif
-
- ssl->buffers.outputBuffer.length += sendSz;
-
- if (ssl->options.groupMessages)
- ret = 0;
- else
- ret = SendBuffered(ssl);
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- if (ret == 0 || ret == WANT_WRITE) {
- int tmpRet = MakeMasterSecret(ssl);
- if (tmpRet != 0)
- ret = tmpRet; /* save WANT_WRITE unless more serious */
- ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
- }
- /* No further need for PMS */
- ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
- ssl->arrays->preMasterSz = 0;
-
- return ret;
- }
-
-#ifndef NO_CERTS
- int SendCertificateVerify(WOLFSSL* ssl)
- {
- byte *output;
- int sendSz = MAX_CERT_VERIFY_SZ, length, ret;
- word32 idx = 0;
- word32 sigOutSz = 0;
-#ifndef NO_RSA
- RsaKey key;
- int initRsaKey = 0;
-#endif
- int usingEcc = 0;
-#ifdef HAVE_ECC
- ecc_key eccKey;
-#endif
-
- (void)idx;
-
- if (ssl->options.sendVerify == SEND_BLANK_CERT)
- return 0; /* sent blank cert, can't verify */
-
- if (ssl->keys.encryptionOn)
- sendSz += MAX_MSG_EXTRA;
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
- if (ret != 0)
- return ret;
-
-#ifdef HAVE_ECC
- wc_ecc_init(&eccKey);
-#endif
-#ifndef NO_RSA
- ret = wc_InitRsaKey(&key, ssl->heap);
- if (ret == 0) initRsaKey = 1;
- if (ret == 0)
- ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key,
- ssl->buffers.key.length);
- if (ret == 0)
- sigOutSz = wc_RsaEncryptSize(&key);
- else
-#endif
- {
- #ifdef HAVE_ECC
- WOLFSSL_MSG("Trying ECC client cert, RSA didn't work");
-
- idx = 0;
- ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &eccKey,
- ssl->buffers.key.length);
- if (ret == 0) {
- WOLFSSL_MSG("Using ECC client cert");
- usingEcc = 1;
- sigOutSz = MAX_ENCODED_SIG_SZ;
- }
- else {
- WOLFSSL_MSG("Bad client cert type");
- }
- #endif
- }
- if (ret == 0) {
- byte* verify = (byte*)&output[RECORD_HEADER_SZ +
- HANDSHAKE_HEADER_SZ];
-#ifndef NO_OLD_TLS
- byte* signBuffer = ssl->hsHashes->certHashes.md5;
-#else
- byte* signBuffer = NULL;
-#endif
- word32 signSz = FINISHED_SZ;
- word32 extraSz = 0; /* tls 1.2 hash/sig */
-#ifdef WOLFSSL_SMALL_STACK
- byte* encodedSig = NULL;
-#else
- byte encodedSig[MAX_ENCODED_SIG_SZ];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL) {
- #ifndef NO_RSA
- if (initRsaKey)
- wc_FreeRsaKey(&key);
- #endif
- #ifdef HAVE_ECC
- wc_ecc_free(&eccKey);
- #endif
- return MEMORY_E;
- }
-#endif
-
- (void)encodedSig;
- (void)signSz;
- (void)signBuffer;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- #endif
- length = sigOutSz;
- if (IsAtLeastTLSv1_2(ssl)) {
- verify[0] = ssl->suites->hashAlgo;
- verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo;
- extraSz = HASH_SIG_SIZE;
- }
-
- if (usingEcc) {
-#ifdef HAVE_ECC
- word32 localSz = MAX_ENCODED_SIG_SZ;
- word32 digestSz;
- byte* digest;
- byte doUserEcc = 0;
-#ifndef NO_OLD_TLS
- /* old tls default */
- digestSz = SHA_DIGEST_SIZE;
- digest = ssl->hsHashes->certHashes.sha;
-#else
- /* new tls default */
- digestSz = SHA256_DIGEST_SIZE;
- digest = ssl->hsHashes->certHashes.sha256;
-#endif
-
- #ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- if (ssl->ctx->EccSignCb)
- doUserEcc = 1;
- #endif /* HAVE_ECC */
- #endif /*HAVE_PK_CALLBACKS */
-
- if (IsAtLeastTLSv1_2(ssl)) {
- if (ssl->suites->hashAlgo == sha_mac) {
- #ifndef NO_SHA
- digest = ssl->hsHashes->certHashes.sha;
- digestSz = SHA_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = ssl->hsHashes->certHashes.sha256;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = ssl->hsHashes->certHashes.sha384;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = ssl->hsHashes->certHashes.sha512;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
- }
-
- if (doUserEcc) {
- #ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- ret = ssl->ctx->EccSignCb(ssl, digest, digestSz,
- encodedSig, &localSz,
- ssl->buffers.key.buffer,
- ssl->buffers.key.length,
- ssl->EccSignCtx);
- #endif /* HAVE_ECC */
- #endif /*HAVE_PK_CALLBACKS */
- }
- else {
- ret = wc_ecc_sign_hash(digest, digestSz, encodedSig,
- &localSz, ssl->rng, &eccKey);
- }
- if (ret == 0) {
- length = localSz;
- c16toa((word16)length, verify + extraSz); /* prepend hdr */
- XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length);
- }
-#endif
- }
-#ifndef NO_RSA
- else {
- byte doUserRsa = 0;
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->RsaSignCb)
- doUserRsa = 1;
- #endif /*HAVE_PK_CALLBACKS */
-
- if (IsAtLeastTLSv1_2(ssl)) {
- /*
- * MSVC Compiler complains because it can not
- * guarantee any of the conditionals will succeed in
- * assigning a value before wc_EncodeSignature executes.
- */
- byte* digest = NULL;
- int digestSz = 0;
- int typeH = 0;
- int didSet = 0;
-
- if (ssl->suites->hashAlgo == sha_mac) {
- #ifndef NO_SHA
- digest = ssl->hsHashes->certHashes.sha;
- typeH = SHAh;
- digestSz = SHA_DIGEST_SIZE;
- didSet = 1;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = ssl->hsHashes->certHashes.sha256;
- typeH = SHA256h;
- digestSz = SHA256_DIGEST_SIZE;
- didSet = 1;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = ssl->hsHashes->certHashes.sha384;
- typeH = SHA384h;
- digestSz = SHA384_DIGEST_SIZE;
- didSet = 1;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = ssl->hsHashes->certHashes.sha512;
- typeH = SHA512h;
- digestSz = SHA512_DIGEST_SIZE;
- didSet = 1;
- #endif
- }
-
- if (didSet == 0) {
- /* defaults */
- #ifndef NO_OLD_TLS
- digest = ssl->hsHashes->certHashes.sha;
- digestSz = SHA_DIGEST_SIZE;
- typeH = SHAh;
- #else
- digest = ssl->hsHashes->certHashes.sha256;
- digestSz = SHA256_DIGEST_SIZE;
- typeH = SHA256h;
- #endif
- }
-
- signSz = wc_EncodeSignature(encodedSig, digest,digestSz,typeH);
- signBuffer = encodedSig;
- }
-
- c16toa((word16)length, verify + extraSz); /* prepend hdr */
- if (doUserRsa) {
- #ifdef HAVE_PK_CALLBACKS
- #ifndef NO_RSA
- word32 ioLen = ENCRYPT_LEN;
- ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
- verify + extraSz + VERIFY_HEADER,
- &ioLen,
- ssl->buffers.key.buffer,
- ssl->buffers.key.length,
- ssl->RsaSignCtx);
- #endif /* NO_RSA */
- #endif /*HAVE_PK_CALLBACKS */
- }
- else {
- ret = wc_RsaSSL_Sign(signBuffer, signSz, verify + extraSz +
- VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng);
- }
-
- if (ret > 0)
- ret = 0; /* RSA reset */
- }
-#endif
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (ret == 0) {
- AddHeaders(output, length + extraSz + VERIFY_HEADER,
- certificate_verify, ssl);
-
- sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length +
- extraSz + VERIFY_HEADER;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- }
- #endif
-
- if (ssl->keys.encryptionOn) {
- byte* input;
- int inputSz = sendSz - RECORD_HEADER_SZ;
- /* build msg adds rec hdr */
- input = (byte*)XMALLOC(inputSz, ssl->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (input == NULL)
- ret = MEMORY_E;
- else {
- XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
- sendSz = BuildMessage(ssl, output,
- MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA,
- input, inputSz, handshake);
- XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (sendSz < 0)
- ret = sendSz;
- }
- } else {
- ret = HashOutput(ssl, output, sendSz, 0);
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
- }
- }
-#ifndef NO_RSA
- if (initRsaKey)
- wc_FreeRsaKey(&key);
-#endif
-#ifdef HAVE_ECC
- wc_ecc_free(&eccKey);
-#endif
-
- if (ret == 0) {
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("CertificateVerify", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("CertificateVerify", &ssl->timeoutInfo,
- output, sendSz, ssl->heap);
- #endif
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- return 0;
- else
- return SendBuffered(ssl);
- }
- else
- return ret;
- }
-#endif /* NO_CERTS */
-
-#ifdef HAVE_SESSION_TICKET
-int DoSessionTicket(WOLFSSL* ssl,
- const byte* input, word32* inOutIdx, word32 size)
-{
- word32 begin = *inOutIdx;
- word32 lifetime;
- word16 length;
-
- if (ssl->expect_session_ticket == 0) {
- WOLFSSL_MSG("Unexpected session ticket");
- return SESSION_TICKET_EXPECT_E;
- }
-
- if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
- return BUFFER_ERROR;
-
- ato32(input + *inOutIdx, &lifetime);
- *inOutIdx += OPAQUE32_LEN;
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &length);
- *inOutIdx += OPAQUE16_LEN;
-
- if (length > sizeof(ssl->session.ticket))
- return SESSION_TICKET_LEN_E;
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- /* If the received ticket including its length is greater than
- * a length value, the save it. Otherwise, don't save it. */
- if (length > 0) {
- XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
- *inOutIdx += length;
- ssl->session.ticketLen = length;
- ssl->timeout = lifetime;
- if (ssl->session_ticket_cb != NULL) {
- ssl->session_ticket_cb(ssl,
- ssl->session.ticket, ssl->session.ticketLen,
- ssl->session_ticket_ctx);
- }
- /* Create a fake sessionID based on the ticket, this will
- * supercede the existing session cache info. */
- ssl->options.haveSessionId = 1;
- XMEMCPY(ssl->arrays->sessionID,
- ssl->session.ticket + length - ID_LEN, ID_LEN);
-#ifndef NO_SESSION_CACHE
- AddSession(ssl);
-#endif
-
- }
- else {
- ssl->session.ticketLen = 0;
- }
-
- if (ssl->keys.encryptionOn) {
- *inOutIdx += ssl->keys.padSz;
- }
-
- ssl->expect_session_ticket = 0;
-
- return 0;
-}
-#endif /* HAVE_SESSION_TICKET */
-
-#endif /* NO_WOLFSSL_CLIENT */
-
-
-#ifndef NO_WOLFSSL_SERVER
-
- int SendServerHello(WOLFSSL* ssl)
- {
- byte *output;
- word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- int sendSz;
- int ret;
- byte sessIdSz = ID_LEN;
-
- length = VERSION_SZ + RAN_LEN
- + ID_LEN + ENUM_LEN
- + SUITE_LEN
- + ENUM_LEN;
-
-#ifdef HAVE_TLS_EXTENSIONS
- length += TLSX_GetResponseSize(ssl);
-
- #ifdef HAVE_SESSION_TICKET
- if (ssl->options.useTicket && ssl->arrays->sessionIDSz == 0) {
- /* no session id */
- length -= ID_LEN;
- sessIdSz = 0;
- }
- #endif /* HAVE_SESSION_TICKET */
-#endif
-
- /* check for avalaible size */
- if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
- AddHeaders(output, length, server_hello, ssl);
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- }
- #endif
- /* now write to output */
- /* first version */
- output[idx++] = ssl->version.major;
- output[idx++] = ssl->version.minor;
-
- /* then random */
- if (!ssl->options.resuming) {
- ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
- RAN_LEN);
- if (ret != 0)
- return ret;
- }
-
- XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
- idx += RAN_LEN;
-
-#ifdef SHOW_SECRETS
- {
- int j;
- printf("server random: ");
- for (j = 0; j < RAN_LEN; j++)
- printf("%02x", ssl->arrays->serverRandom[j]);
- printf("\n");
- }
-#endif
- /* then session id */
- output[idx++] = sessIdSz;
- if (sessIdSz) {
-
- if (!ssl->options.resuming) {
- ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID,
- sessIdSz);
- if (ret != 0) return ret;
- }
-
- XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
- idx += sessIdSz;
- }
-
- /* then cipher suite */
- output[idx++] = ssl->options.cipherSuite0;
- output[idx++] = ssl->options.cipherSuite;
-
- /* then compression */
- if (ssl->options.usingCompression)
- output[idx++] = ZLIB_COMPRESSION;
- else
- output[idx++] = NO_COMPRESSION;
-
- /* last, extensions */
-#ifdef HAVE_TLS_EXTENSIONS
- TLSX_WriteResponse(ssl, output + idx);
-#endif
-
- ssl->buffers.outputBuffer.length += sendSz;
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
-
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
- return ret;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerHello", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz,
- ssl->heap);
- #endif
-
- ssl->options.serverState = SERVER_HELLO_COMPLETE;
-
- if (ssl->options.groupMessages)
- return 0;
- else
- return SendBuffered(ssl);
- }
-
-
-#ifdef HAVE_ECC
-
- static byte SetCurveId(int size)
- {
- switch(size) {
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
- case 20:
- return WOLFSSL_ECC_SECP160R1;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
- case 24:
- return WOLFSSL_ECC_SECP192R1;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
- case 28:
- return WOLFSSL_ECC_SECP224R1;
-#endif
-#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
- case 32:
- return WOLFSSL_ECC_SECP256R1;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
- case 48:
- return WOLFSSL_ECC_SECP384R1;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
- case 66:
- return WOLFSSL_ECC_SECP521R1;
-#endif
- default:
- return 0;
- }
- }
-
-#endif /* HAVE_ECC */
-
-
- int SendServerKeyExchange(WOLFSSL* ssl)
- {
- int ret = 0;
- (void)ssl;
- #define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0)
-
- #ifndef NO_PSK
- if (ssl->specs.kea == psk_kea)
- {
- byte *output;
- word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- int sendSz;
- if (ssl->arrays->server_hint[0] == 0) return 0; /* don't send */
-
- /* include size part */
- length = (word32)XSTRLEN(ssl->arrays->server_hint);
- if (length > MAX_PSK_ID_LEN)
- return SERVER_HINT_ERROR;
-
- length += HINT_LEN_SZ;
- sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- }
- #endif
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, server_key_exchange, ssl);
-
- /* key data */
- c16toa((word16)(length - HINT_LEN_SZ), output + idx);
- idx += HINT_LEN_SZ;
- XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ);
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- #endif
-
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
- return ret;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output,
- sendSz, ssl->heap);
- #endif
-
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- ret = 0;
- else
- ret = SendBuffered(ssl);
- ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
- }
- #endif /*NO_PSK */
-
- #if !defined(NO_DH) && !defined(NO_PSK)
- if (ssl->specs.kea == dhe_psk_kea) {
- byte *output;
- word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- word32 hintLen;
- int sendSz;
- DhKey dhKey;
-
- if (ssl->buffers.serverDH_P.buffer == NULL ||
- ssl->buffers.serverDH_G.buffer == NULL)
- return NO_DH_PARAMS;
-
- if (ssl->buffers.serverDH_Pub.buffer == NULL) {
- ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
- ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
- DYNAMIC_TYPE_DH);
- if (ssl->buffers.serverDH_Pub.buffer == NULL)
- return MEMORY_E;
- }
-
- if (ssl->buffers.serverDH_Priv.buffer == NULL) {
- ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
- ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
- DYNAMIC_TYPE_DH);
- if (ssl->buffers.serverDH_Priv.buffer == NULL)
- return MEMORY_E;
- }
-
- wc_InitDhKey(&dhKey);
- ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
- ssl->buffers.serverDH_P.length,
- ssl->buffers.serverDH_G.buffer,
- ssl->buffers.serverDH_G.length);
- if (ret == 0)
- ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng,
- ssl->buffers.serverDH_Priv.buffer,
- &ssl->buffers.serverDH_Priv.length,
- ssl->buffers.serverDH_Pub.buffer,
- &ssl->buffers.serverDH_Pub.length);
- wc_FreeDhKey(&dhKey);
- if (ret != 0)
- return ret;
-
- length = LENGTH_SZ * 3 + /* p, g, pub */
- ssl->buffers.serverDH_P.length +
- ssl->buffers.serverDH_G.length +
- ssl->buffers.serverDH_Pub.length;
-
- /* include size part */
- hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
- if (hintLen > MAX_PSK_ID_LEN)
- return SERVER_HINT_ERROR;
- length += hintLen + HINT_LEN_SZ;
- sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- }
- #endif
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, server_key_exchange, ssl);
-
- /* key data */
- c16toa((word16)hintLen, output + idx);
- idx += HINT_LEN_SZ;
- XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen);
- idx += hintLen;
-
- /* add p, g, pub */
- c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
- idx += LENGTH_SZ;
- XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
- ssl->buffers.serverDH_P.length);
- idx += ssl->buffers.serverDH_P.length;
-
- /* g */
- c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
- idx += LENGTH_SZ;
- XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
- ssl->buffers.serverDH_G.length);
- idx += ssl->buffers.serverDH_G.length;
-
- /* pub */
- c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
- idx += LENGTH_SZ;
- XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
- ssl->buffers.serverDH_Pub.length);
- idx += ssl->buffers.serverDH_Pub.length;
- (void)idx; /* suppress analyzer warning, and keep idx current */
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- #endif
-
- ret = HashOutput(ssl, output, sendSz, 0);
-
- if (ret != 0)
- return ret;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output,
- sendSz, ssl->heap);
- #endif
-
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- ret = 0;
- else
- ret = SendBuffered(ssl);
- ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
- }
- #endif /* !NO_DH && !NO_PSK */
-
- #ifdef HAVE_ECC
- if (ssl->specs.kea == ecc_diffie_hellman_kea)
- {
- byte *output;
- word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- int sendSz;
- word32 sigSz;
- word32 preSigSz, preSigIdx;
- #ifndef NO_RSA
- RsaKey rsaKey;
- #endif
- ecc_key dsaKey;
- #ifdef WOLFSSL_SMALL_STACK
- byte* exportBuf = NULL;
- #else
- byte exportBuf[MAX_EXPORT_ECC_SZ];
- #endif
- word32 expSz = MAX_EXPORT_ECC_SZ;
-
- #ifndef NO_OLD_TLS
- byte doMd5 = 0;
- byte doSha = 0;
- #endif
- #ifndef NO_SHA256
- byte doSha256 = 0;
- #endif
- #ifdef WOLFSSL_SHA384
- byte doSha384 = 0;
- #endif
- #ifdef WOLFSSL_SHA512
- byte doSha512 = 0;
- #endif
-
- if (ssl->specs.static_ecdh) {
- WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchagne");
- return 0;
- }
-
- /* curve type, named curve, length(1) */
- length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
- /* pub key size */
- WOLFSSL_MSG("Using ephemeral ECDH");
-
- /* need ephemeral key now, create it if missing */
- if (ssl->eccTempKey == NULL) {
- /* alloc/init on demand */
- ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
- ssl->ctx->heap, DYNAMIC_TYPE_ECC);
- if (ssl->eccTempKey == NULL) {
- WOLFSSL_MSG("EccTempKey Memory error");
- return MEMORY_E;
- }
- wc_ecc_init(ssl->eccTempKey);
- }
- if (ssl->eccTempKeyPresent == 0) {
- if (wc_ecc_make_key(ssl->rng, ssl->eccTempKeySz,
- ssl->eccTempKey) != 0) {
- return ECC_MAKEKEY_ERROR;
- }
- ssl->eccTempKeyPresent = 1;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (exportBuf == NULL)
- return MEMORY_E;
- #endif
-
- if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0)
- ERROR_OUT(ECC_EXPORT_ERROR, done_a);
- length += expSz;
-
- preSigSz = length;
- preSigIdx = idx;
-
- #ifndef NO_RSA
- ret = wc_InitRsaKey(&rsaKey, ssl->heap);
- if (ret != 0)
- goto done_a;
- #endif
-
- wc_ecc_init(&dsaKey);
-
- /* sig length */
- length += LENGTH_SZ;
-
- if (!ssl->buffers.key.buffer) {
- #ifndef NO_RSA
- wc_FreeRsaKey(&rsaKey);
- #endif
- wc_ecc_free(&dsaKey);
- ERROR_OUT(NO_PRIVATE_KEY, done_a);
- }
-
- #ifndef NO_RSA
- if (ssl->specs.sig_algo == rsa_sa_algo) {
- /* rsa sig size */
- word32 i = 0;
- ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i,
- &rsaKey, ssl->buffers.key.length);
- if (ret != 0)
- goto done_a;
- sigSz = wc_RsaEncryptSize(&rsaKey);
- } else
- #endif
-
- if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
- /* ecdsa sig size */
- word32 i = 0;
- ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
- &dsaKey, ssl->buffers.key.length);
- if (ret != 0)
- goto done_a;
- sigSz = wc_ecc_sig_size(&dsaKey); /* worst case estimate */
- }
- else {
- #ifndef NO_RSA
- wc_FreeRsaKey(&rsaKey);
- #endif
- wc_ecc_free(&dsaKey);
- ERROR_OUT(ALGO_ID_E, done_a); /* unsupported type */
- }
- length += sigSz;
-
- if (IsAtLeastTLSv1_2(ssl))
- length += HASH_SIG_SIZE;
-
- sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- preSigIdx = idx;
- }
- #endif
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
- #ifndef NO_RSA
- wc_FreeRsaKey(&rsaKey);
- #endif
- wc_ecc_free(&dsaKey);
- goto done_a;
- }
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- /* record and message headers will be added below, when we're sure
- of the sig length */
-
- /* key exchange data */
- output[idx++] = named_curve;
- output[idx++] = 0x00; /* leading zero */
- output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey));
- output[idx++] = (byte)expSz;
- XMEMCPY(output + idx, exportBuf, expSz);
- idx += expSz;
- if (IsAtLeastTLSv1_2(ssl)) {
- byte setHash = 0;
-
- output[idx++] = ssl->suites->hashAlgo;
- output[idx++] = ssl->suites->sigAlgo;
-
- switch (ssl->suites->hashAlgo) {
- case sha512_mac:
- #ifdef WOLFSSL_SHA512
- doSha512 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha384_mac:
- #ifdef WOLFSSL_SHA384
- doSha384 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha256_mac:
- #ifndef NO_SHA256
- doSha256 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha_mac:
- #ifndef NO_OLD_TLS
- doSha = 1;
- setHash = 1;
- #endif
- break;
-
- default:
- WOLFSSL_MSG("Bad hash sig algo");
- break;
- }
-
- if (setHash == 0) {
- #ifndef NO_RSA
- wc_FreeRsaKey(&rsaKey);
- #endif
- wc_ecc_free(&dsaKey);
- ERROR_OUT(ALGO_ID_E, done_a);
- }
- } else {
- /* only using sha and md5 for rsa */
- #ifndef NO_OLD_TLS
- doSha = 1;
- if (ssl->suites->sigAlgo == rsa_sa_algo) {
- doMd5 = 1;
- }
- #else
- #ifndef NO_RSA
- wc_FreeRsaKey(&rsaKey);
- #endif
- wc_ecc_free(&dsaKey);
- ERROR_OUT(ALGO_ID_E, done_a);
- #endif
- }
-
- /* Signtaure length will be written later, when we're sure what it
- is */
-
- #ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE,
- ssl->fuzzerCtx);
- #endif
-
- /* do signature */
- {
- #ifndef NO_OLD_TLS
- #ifdef WOLFSSL_SMALL_STACK
- Md5* md5 = NULL;
- Sha* sha = NULL;
- #else
- Md5 md5[1];
- Sha sha[1];
- #endif
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- byte* hash = NULL;
- #else
- byte hash[FINISHED_SZ];
- #endif
- #ifndef NO_SHA256
- #ifdef WOLFSSL_SMALL_STACK
- Sha256* sha256 = NULL;
- byte* hash256 = NULL;
- #else
- Sha256 sha256[1];
- byte hash256[SHA256_DIGEST_SIZE];
- #endif
- #endif
- #ifdef WOLFSSL_SHA384
- #ifdef WOLFSSL_SMALL_STACK
- Sha384* sha384 = NULL;
- byte* hash384 = NULL;
- #else
- Sha384 sha384[1];
- byte hash384[SHA384_DIGEST_SIZE];
- #endif
- #endif
- #ifdef WOLFSSL_SHA512
- #ifdef WOLFSSL_SMALL_STACK
- Sha512* sha512 = NULL;
- byte* hash512 = NULL;
- #else
- Sha512 sha512[1];
- byte hash512[SHA512_DIGEST_SIZE];
- #endif
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- hash = (byte*)XMALLOC(FINISHED_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (hash == NULL)
- ERROR_OUT(MEMORY_E, done_a);
- #endif
-
- #ifndef NO_OLD_TLS
- /* md5 */
- #ifdef WOLFSSL_SMALL_STACK
- if (doMd5) {
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
- }
- #endif
- if (doMd5) {
- wc_InitMd5(md5);
- wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
- wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
- wc_Md5Update(md5, output + preSigIdx, preSigSz);
- wc_Md5Final(md5, hash);
- }
- /* sha */
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha) {
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
- }
- #endif
- if (doSha) {
- ret = wc_InitSha(sha);
- if (ret != 0) goto done_a2;
- wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
- wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
- wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
- wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
- }
- #endif
-
- #ifndef NO_SHA256
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha256) {
- sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha256 == NULL || hash256 == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
- }
- #endif
-
- if (doSha256) {
- if (!(ret = wc_InitSha256(sha256))
- && !(ret = wc_Sha256Update(sha256,
- ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha256Update(sha256,
- ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha256Update(sha256,
- output + preSigIdx, preSigSz)))
- ret = wc_Sha256Final(sha256, hash256);
-
- if (ret != 0) goto done_a2;
- }
- #endif
-
- #ifdef WOLFSSL_SHA384
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha384) {
- sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha384 == NULL || hash384 == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
- }
- #endif
-
- if (doSha384) {
- if (!(ret = wc_InitSha384(sha384))
- && !(ret = wc_Sha384Update(sha384,
- ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha384Update(sha384,
- ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha384Update(sha384,
- output + preSigIdx, preSigSz)))
- ret = wc_Sha384Final(sha384, hash384);
-
- if (ret != 0) goto done_a2;
- }
- #endif
-
- #ifdef WOLFSSL_SHA512
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha512) {
- sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha512 == NULL || hash512 == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
- }
- #endif
-
- if (doSha512) {
- if (!(ret = wc_InitSha512(sha512))
- && !(ret = wc_Sha512Update(sha512,
- ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha512Update(sha512,
- ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha512Update(sha512,
- output + preSigIdx, preSigSz)))
- ret = wc_Sha512Final(sha512, hash512);
-
- if (ret != 0) goto done_a2;
- }
- #endif
-
- #ifndef NO_RSA
- if (ssl->suites->sigAlgo == rsa_sa_algo) {
- byte* signBuffer = hash;
- word32 signSz = FINISHED_SZ;
- byte doUserRsa = 0;
- #ifdef WOLFSSL_SMALL_STACK
- byte* encodedSig = NULL;
- #else
- byte encodedSig[MAX_ENCODED_SIG_SZ];
- #endif
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->RsaSignCb)
- doUserRsa = 1;
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
- #endif
-
- if (IsAtLeastTLSv1_2(ssl)) {
- byte* digest = &hash[MD5_DIGEST_SIZE];
- int typeH = SHAh;
- int digestSz = SHA_DIGEST_SIZE;
-
- if (ssl->suites->hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = hash256;
- typeH = SHA256h;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = hash384;
- typeH = SHA384h;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = hash512;
- typeH = SHA512h;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
-
- if (digest == NULL) {
- #ifndef NO_RSA
- wc_FreeRsaKey(&rsaKey);
- #endif
- wc_ecc_free(&dsaKey);
- ERROR_OUT(ALGO_ID_E, done_a2);
- }
- signSz = wc_EncodeSignature(encodedSig, digest,
- digestSz, typeH);
- signBuffer = encodedSig;
- }
- /* write sig size here */
- c16toa((word16)sigSz, output + idx);
- idx += LENGTH_SZ;
-
- if (doUserRsa) {
- #ifdef HAVE_PK_CALLBACKS
- word32 ioLen = sigSz;
- ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
- output + idx, &ioLen,
- ssl->buffers.key.buffer,
- ssl->buffers.key.length,
- ssl->RsaSignCtx);
- #endif /*HAVE_PK_CALLBACKS */
- }
- else
- ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx,
- sigSz, &rsaKey, ssl->rng);
-
- wc_FreeRsaKey(&rsaKey);
- wc_ecc_free(&dsaKey);
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- if (ret < 0)
- goto done_a2;
- } else
- #endif
-
- if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
- #ifndef NO_OLD_TLS
- byte* digest = &hash[MD5_DIGEST_SIZE];
- word32 digestSz = SHA_DIGEST_SIZE;
- #else
- byte* digest = hash256;
- word32 digestSz = SHA256_DIGEST_SIZE;
- #endif
- word32 sz = sigSz;
- byte doUserEcc = 0;
-
- #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC)
- if (ssl->ctx->EccSignCb)
- doUserEcc = 1;
- #endif
-
- if (IsAtLeastTLSv1_2(ssl)) {
- if (ssl->suites->hashAlgo == sha_mac) {
- #ifndef NO_SHA
- digest = &hash[MD5_DIGEST_SIZE];
- digestSz = SHA_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = hash256;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = hash384;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = hash512;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
- }
-
- if (doUserEcc) {
- #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC)
- ret = ssl->ctx->EccSignCb(ssl, digest, digestSz,
- output + LENGTH_SZ + idx, &sz,
- ssl->buffers.key.buffer,
- ssl->buffers.key.length,
- ssl->EccSignCtx);
- #endif
- }
- else {
- ret = wc_ecc_sign_hash(digest, digestSz,
- output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey);
- }
- #ifndef NO_RSA
- wc_FreeRsaKey(&rsaKey);
- #endif
- wc_ecc_free(&dsaKey);
-
- if (ret < 0)
- goto done_a2;
-
- /* Now that we know the real sig size, write it. */
- c16toa((word16)sz, output + idx);
-
- /* And adjust length and sendSz from estimates */
- length += sz - sigSz;
- sendSz += sz - sigSz;
- }
-
- done_a2:
- #ifdef WOLFSSL_SMALL_STACK
- #ifndef NO_OLD_TLS
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef NO_SHA256
- XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SHA384
- XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SHA512
- XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
-
- if (ret < 0)
- goto done_a;
- }
-
- AddHeaders(output, length, server_key_exchange, ssl);
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- goto done_a;
- #endif
-
- if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0)
- goto done_a;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
- output, sendSz, ssl->heap);
- #endif
-
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- ret = 0;
- else
- ret = SendBuffered(ssl);
- ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
-
- done_a:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- return ret;
- }
- #endif /* HAVE_ECC */
-
- #if !defined(NO_DH) && !defined(NO_RSA)
- if (ssl->specs.kea == diffie_hellman_kea) {
- byte *output;
- word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- int sendSz;
- word32 sigSz = 0, i = 0;
- word32 preSigSz = 0, preSigIdx = 0;
- RsaKey rsaKey;
- DhKey dhKey;
-
- if (ssl->buffers.serverDH_P.buffer == NULL ||
- ssl->buffers.serverDH_G.buffer == NULL)
- return NO_DH_PARAMS;
-
- if (ssl->buffers.serverDH_Pub.buffer == NULL) {
- ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
- ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
- DYNAMIC_TYPE_DH);
- if (ssl->buffers.serverDH_Pub.buffer == NULL)
- return MEMORY_E;
- }
-
- if (ssl->buffers.serverDH_Priv.buffer == NULL) {
- ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
- ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
- DYNAMIC_TYPE_DH);
- if (ssl->buffers.serverDH_Priv.buffer == NULL)
- return MEMORY_E;
- }
-
- wc_InitDhKey(&dhKey);
- ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
- ssl->buffers.serverDH_P.length,
- ssl->buffers.serverDH_G.buffer,
- ssl->buffers.serverDH_G.length);
- if (ret == 0)
- ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng,
- ssl->buffers.serverDH_Priv.buffer,
- &ssl->buffers.serverDH_Priv.length,
- ssl->buffers.serverDH_Pub.buffer,
- &ssl->buffers.serverDH_Pub.length);
- wc_FreeDhKey(&dhKey);
-
- if (ret != 0) return ret;
-
- length = LENGTH_SZ * 3; /* p, g, pub */
- length += ssl->buffers.serverDH_P.length +
- ssl->buffers.serverDH_G.length +
- ssl->buffers.serverDH_Pub.length;
-
- preSigIdx = idx;
- preSigSz = length;
-
- if (!ssl->options.usingAnon_cipher) {
- ret = wc_InitRsaKey(&rsaKey, ssl->heap);
- if (ret != 0) return ret;
-
- /* sig length */
- length += LENGTH_SZ;
-
- if (!ssl->buffers.key.buffer)
- return NO_PRIVATE_KEY;
-
- ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey,
- ssl->buffers.key.length);
- if (ret == 0) {
- sigSz = wc_RsaEncryptSize(&rsaKey);
- length += sigSz;
- }
- else {
- wc_FreeRsaKey(&rsaKey);
- return ret;
- }
-
- if (IsAtLeastTLSv1_2(ssl))
- length += HASH_SIG_SIZE;
- }
-
- sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- preSigIdx = idx;
- }
- #endif
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
- if (!ssl->options.usingAnon_cipher)
- wc_FreeRsaKey(&rsaKey);
- return ret;
- }
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, server_key_exchange, ssl);
-
- /* add p, g, pub */
- c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
- idx += LENGTH_SZ;
- XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
- ssl->buffers.serverDH_P.length);
- idx += ssl->buffers.serverDH_P.length;
-
- /* g */
- c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
- idx += LENGTH_SZ;
- XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
- ssl->buffers.serverDH_G.length);
- idx += ssl->buffers.serverDH_G.length;
-
- /* pub */
- c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
- idx += LENGTH_SZ;
- XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
- ssl->buffers.serverDH_Pub.length);
- idx += ssl->buffers.serverDH_Pub.length;
-
- #ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE,
- ssl->fuzzerCtx);
- #endif
-
- /* Add signature */
- if (!ssl->options.usingAnon_cipher) {
- #ifndef NO_OLD_TLS
- #ifdef WOLFSSL_SMALL_STACK
- Md5* md5 = NULL;
- Sha* sha = NULL;
- #else
- Md5 md5[1];
- Sha sha[1];
- #endif
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- byte* hash = NULL;
- #else
- byte hash[FINISHED_SZ];
- #endif
- #ifndef NO_SHA256
- #ifdef WOLFSSL_SMALL_STACK
- Sha256* sha256 = NULL;
- byte* hash256 = NULL;
- #else
- Sha256 sha256[1];
- byte hash256[SHA256_DIGEST_SIZE];
- #endif
- #endif
- #ifdef WOLFSSL_SHA384
- #ifdef WOLFSSL_SMALL_STACK
- Sha384* sha384 = NULL;
- byte* hash384 = NULL;
- #else
- Sha384 sha384[1];
- byte hash384[SHA384_DIGEST_SIZE];
- #endif
- #endif
- #ifdef WOLFSSL_SHA512
- #ifdef WOLFSSL_SMALL_STACK
- Sha512* sha512 = NULL;
- byte* hash512 = NULL;
- #else
- Sha512 sha512[1];
- byte hash512[SHA512_DIGEST_SIZE];
- #endif
- #endif
-
- #ifndef NO_OLD_TLS
- byte doMd5 = 0;
- byte doSha = 0;
- #endif
- #ifndef NO_SHA256
- byte doSha256 = 0;
- #endif
- #ifdef WOLFSSL_SHA384
- byte doSha384 = 0;
- #endif
- #ifdef WOLFSSL_SHA512
- byte doSha512 = 0;
- #endif
-
- /* Add hash/signature algo ID */
- if (IsAtLeastTLSv1_2(ssl)) {
- byte setHash = 0;
-
- output[idx++] = ssl->suites->hashAlgo;
- output[idx++] = ssl->suites->sigAlgo;
-
- switch (ssl->suites->hashAlgo) {
- case sha512_mac:
- #ifdef WOLFSSL_SHA512
- doSha512 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha384_mac:
- #ifdef WOLFSSL_SHA384
- doSha384 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha256_mac:
- #ifndef NO_SHA256
- doSha256 = 1;
- setHash = 1;
- #endif
- break;
-
- case sha_mac:
- #ifndef NO_OLD_TLS
- doSha = 1;
- setHash = 1;
- #endif
- break;
-
- default:
- WOLFSSL_MSG("Bad hash sig algo");
- break;
- }
-
- if (setHash == 0) {
- wc_FreeRsaKey(&rsaKey);
- return ALGO_ID_E;
- }
- } else {
- /* only using sha and md5 for rsa */
- #ifndef NO_OLD_TLS
- doSha = 1;
- if (ssl->suites->sigAlgo == rsa_sa_algo) {
- doMd5 = 1;
- }
- #else
- wc_FreeRsaKey(&rsaKey);
- return ALGO_ID_E;
- #endif
- }
-
- /* signature size */
- c16toa((word16)sigSz, output + idx);
- idx += LENGTH_SZ;
-
- /* do signature */
- #ifdef WOLFSSL_SMALL_STACK
- hash = (byte*)XMALLOC(FINISHED_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (hash == NULL)
- return MEMORY_E; /* No heap commitment before this point,
- from now on, the resources are freed
- at done_b. */
- #endif
-
- #ifndef NO_OLD_TLS
- /* md5 */
- #ifdef WOLFSSL_SMALL_STACK
- if (doMd5) {
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- ERROR_OUT(MEMORY_E, done_b);
- }
- #endif
- if (doMd5) {
- wc_InitMd5(md5);
- wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
- wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
- wc_Md5Update(md5, output + preSigIdx, preSigSz);
- wc_Md5Final(md5, hash);
- }
-
- /* sha */
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha) {
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha == NULL)
- ERROR_OUT(MEMORY_E, done_b);
- }
- #endif
-
- if (doSha) {
- if ((ret = wc_InitSha(sha)) != 0)
- goto done_b;
- wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
- wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
- wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
- wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
- }
- #endif
-
- #ifndef NO_SHA256
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha256) {
- sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha256 == NULL || hash256 == NULL)
- ERROR_OUT(MEMORY_E, done_b);
- }
- #endif
-
- if (doSha256) {
- if (!(ret = wc_InitSha256(sha256))
- && !(ret = wc_Sha256Update(sha256,
- ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha256Update(sha256,
- ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha256Update(sha256,
- output + preSigIdx, preSigSz)))
- ret = wc_Sha256Final(sha256, hash256);
-
- if (ret != 0) goto done_b;
- }
- #endif
-
- #ifdef WOLFSSL_SHA384
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha384) {
- sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha384 == NULL || hash384 == NULL)
- ERROR_OUT(MEMORY_E, done_b);
- }
- #endif
-
- if (doSha384) {
- if (!(ret = wc_InitSha384(sha384))
- && !(ret = wc_Sha384Update(sha384,
- ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha384Update(sha384,
- ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha384Update(sha384,
- output + preSigIdx, preSigSz)))
- ret = wc_Sha384Final(sha384, hash384);
-
- if (ret != 0) goto done_b;
- }
- #endif
-
- #ifdef WOLFSSL_SHA512
- #ifdef WOLFSSL_SMALL_STACK
- if (doSha512) {
- sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha512 == NULL || hash512 == NULL)
- ERROR_OUT(MEMORY_E, done_b);
- }
- #endif
-
- if (doSha512) {
- if (!(ret = wc_InitSha512(sha512))
- && !(ret = wc_Sha512Update(sha512,
- ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha512Update(sha512,
- ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha512Update(sha512,
- output + preSigIdx, preSigSz)))
- ret = wc_Sha512Final(sha512, hash512);
-
- if (ret != 0) goto done_b;
- }
- #endif
-
- #ifndef NO_RSA
- if (ssl->suites->sigAlgo == rsa_sa_algo) {
- byte* signBuffer = hash;
- word32 signSz = FINISHED_SZ;
- #ifdef WOLFSSL_SMALL_STACK
- byte* encodedSig = NULL;
- #else
- byte encodedSig[MAX_ENCODED_SIG_SZ];
- #endif
- byte doUserRsa = 0;
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->RsaSignCb)
- doUserRsa = 1;
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL)
- ERROR_OUT(MEMORY_E, done_b);
- #endif
-
- if (IsAtLeastTLSv1_2(ssl)) {
- byte* digest = &hash[MD5_DIGEST_SIZE];
- int typeH = SHAh;
- int digestSz = SHA_DIGEST_SIZE;
-
- if (ssl->suites->hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = hash256;
- typeH = SHA256h;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = hash384;
- typeH = SHA384h;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (ssl->suites->hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = hash512;
- typeH = SHA512h;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
-
- if (digest == NULL) {
- ret = ALGO_ID_E;
- } else {
- signSz = wc_EncodeSignature(encodedSig, digest,
- digestSz, typeH);
- signBuffer = encodedSig;
- }
- }
- if (doUserRsa && ret == 0) {
- #ifdef HAVE_PK_CALLBACKS
- word32 ioLen = sigSz;
- ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
- output + idx, &ioLen,
- ssl->buffers.key.buffer,
- ssl->buffers.key.length,
- ssl->RsaSignCtx);
- #endif
- } else if (ret == 0) {
- ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx,
- sigSz, &rsaKey, ssl->rng);
- }
-
- wc_FreeRsaKey(&rsaKey);
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- #endif
-
- done_b:
- #ifdef WOLFSSL_SMALL_STACK
- #ifndef NO_OLD_TLS
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef NO_SHA256
- XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SHA384
- XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SHA512
- XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
-
- if (ret < 0) return ret;
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- #endif
-
- if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0)
- return ret;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
- output, sendSz, ssl->heap);
- #endif
-
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- ret = 0;
- else
- ret = SendBuffered(ssl);
- ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
- }
- #endif /* NO_DH */
-
- return ret;
- #undef ERROR_OUT
- }
-
-
- /* Make sure server cert/key are valid for this suite, true on success */
- static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)
- {
- int haveRSA = !ssl->options.haveStaticECC;
- int havePSK = 0;
- byte first;
- byte second;
-
- WOLFSSL_ENTER("VerifyServerSuite");
-
- if (ssl->suites == NULL) {
- WOLFSSL_MSG("Suites pointer error");
- return 0;
- }
-
- first = ssl->suites->suites[idx];
- second = ssl->suites->suites[idx+1];
-
- #ifndef NO_PSK
- havePSK = ssl->options.havePSK;
- #endif
-
- if (ssl->options.haveNTRU)
- haveRSA = 0;
-
- if (CipherRequires(first, second, REQUIRES_RSA)) {
- WOLFSSL_MSG("Requires RSA");
- if (haveRSA == 0) {
- WOLFSSL_MSG("Don't have RSA");
- return 0;
- }
- }
-
- if (CipherRequires(first, second, REQUIRES_DHE)) {
- WOLFSSL_MSG("Requires DHE");
- if (ssl->options.haveDH == 0) {
- WOLFSSL_MSG("Don't have DHE");
- return 0;
- }
- }
-
- if (CipherRequires(first, second, REQUIRES_ECC_DSA)) {
- WOLFSSL_MSG("Requires ECCDSA");
- if (ssl->options.haveECDSAsig == 0) {
- WOLFSSL_MSG("Don't have ECCDSA");
- return 0;
- }
- }
-
- if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
- WOLFSSL_MSG("Requires static ECC");
- if (ssl->options.haveStaticECC == 0) {
- WOLFSSL_MSG("Don't have static ECC");
- return 0;
- }
- }
-
- if (CipherRequires(first, second, REQUIRES_PSK)) {
- WOLFSSL_MSG("Requires PSK");
- if (havePSK == 0) {
- WOLFSSL_MSG("Don't have PSK");
- return 0;
- }
- }
-
- if (CipherRequires(first, second, REQUIRES_NTRU)) {
- WOLFSSL_MSG("Requires NTRU");
- if (ssl->options.haveNTRU == 0) {
- WOLFSSL_MSG("Don't have NTRU");
- return 0;
- }
- }
-
- if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
- WOLFSSL_MSG("Requires RSA Signature");
- if (ssl->options.side == WOLFSSL_SERVER_END &&
- ssl->options.haveECDSAsig == 1) {
- WOLFSSL_MSG("Don't have RSA Signature");
- return 0;
- }
- }
-
-#ifdef HAVE_SUPPORTED_CURVES
- if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
- WOLFSSL_MSG("Don't have matching curves");
- return 0;
- }
-#endif
-
- /* ECCDHE is always supported if ECC on */
-
- return 1;
- }
-
-
- static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
- {
- word16 i, j;
-
- WOLFSSL_ENTER("MatchSuite");
-
- /* & 0x1 equivalent % 2 */
- if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
- return MATCH_SUITE_ERROR;
-
- if (ssl->suites == NULL)
- return SUITES_ERROR;
- /* start with best, if a match we are good */
- for (i = 0; i < ssl->suites->suiteSz; i += 2)
- for (j = 0; j < peerSuites->suiteSz; j += 2)
- if (ssl->suites->suites[i] == peerSuites->suites[j] &&
- ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
-
- if (VerifyServerSuite(ssl, i)) {
- int result;
- WOLFSSL_MSG("Verified suite validity");
- ssl->options.cipherSuite0 = ssl->suites->suites[i];
- ssl->options.cipherSuite = ssl->suites->suites[i+1];
- result = SetCipherSpecs(ssl);
- if (result == 0)
- PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
- peerSuites->hashSigAlgoSz);
- return result;
- }
- else {
- WOLFSSL_MSG("Could not verify suite validity, continue");
- }
- }
-
- return MATCH_SUITE_ERROR;
- }
-
-
-#ifdef OLD_HELLO_ALLOWED
-
- /* process old style client hello, deprecate? */
- int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- word32 inSz, word16 sz)
- {
- word32 idx = *inOutIdx;
- word16 sessionSz;
- word16 randomSz;
- word16 i, j;
- ProtocolVersion pv;
- Suites clSuites;
-
- (void)inSz;
- WOLFSSL_MSG("Got old format client hello");
-#ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ClientHello", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddLateName("ClientHello", &ssl->timeoutInfo);
-#endif
-
- /* manually hash input since different format */
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
- wc_Md5Update(&ssl->hsHashes->hashMd5, input + idx, sz);
-#endif
-#ifndef NO_SHA
- wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
-#endif
-#endif
-#ifndef NO_SHA256
- if (IsAtLeastTLSv1_2(ssl)) {
- int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,
- input + idx, sz);
- if (shaRet != 0)
- return shaRet;
- }
-#endif
-
- /* does this value mean client_hello? */
- idx++;
-
- /* version */
- pv.major = input[idx++];
- pv.minor = input[idx++];
- ssl->chVersion = pv; /* store */
-
- if (ssl->version.minor > pv.minor) {
- byte haveRSA = 0;
- byte havePSK = 0;
- if (!ssl->options.downgrade) {
- WOLFSSL_MSG("Client trying to connect with lesser version");
- return VERSION_ERROR;
- }
- if (pv.minor < ssl->options.minDowngrade) {
- WOLFSSL_MSG(" version below minimum allowed, fatal error");
- return VERSION_ERROR;
- }
- if (pv.minor == SSLv3_MINOR) {
- /* turn off tls */
- WOLFSSL_MSG(" downgrading to SSLv3");
- ssl->options.tls = 0;
- ssl->options.tls1_1 = 0;
- ssl->version.minor = SSLv3_MINOR;
- }
- else if (pv.minor == TLSv1_MINOR) {
- WOLFSSL_MSG(" downgrading to TLSv1");
- /* turn off tls 1.1+ */
- ssl->options.tls1_1 = 0;
- ssl->version.minor = TLSv1_MINOR;
- }
- else if (pv.minor == TLSv1_1_MINOR) {
- WOLFSSL_MSG(" downgrading to TLSv1.1");
- ssl->version.minor = TLSv1_1_MINOR;
- }
-#ifndef NO_RSA
- haveRSA = 1;
-#endif
-#ifndef NO_PSK
- havePSK = ssl->options.havePSK;
-#endif
-
- InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
- ssl->options.haveDH, ssl->options.haveNTRU,
- ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
- ssl->options.side);
- }
-
- /* suite size */
- ato16(&input[idx], &clSuites.suiteSz);
- idx += 2;
-
- if (clSuites.suiteSz > MAX_SUITE_SZ)
- return BUFFER_ERROR;
- clSuites.hashSigAlgoSz = 0;
-
- /* session size */
- ato16(&input[idx], &sessionSz);
- idx += 2;
-
- if (sessionSz > ID_LEN)
- return BUFFER_ERROR;
-
- /* random size */
- ato16(&input[idx], &randomSz);
- idx += 2;
-
- if (randomSz > RAN_LEN)
- return BUFFER_ERROR;
-
- /* suites */
- for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
- byte first = input[idx++];
- if (!first) { /* implicit: skip sslv2 type */
- XMEMCPY(&clSuites.suites[j], &input[idx], 2);
- j += 2;
- }
- idx += 2;
- }
- clSuites.suiteSz = j;
-
- /* session id */
- if (sessionSz) {
- XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
- ssl->arrays->sessionIDSz = (byte)sessionSz;
- idx += sessionSz;
- ssl->options.resuming = 1;
- }
-
- /* random */
- if (randomSz < RAN_LEN)
- XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
- XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
- randomSz);
- idx += randomSz;
-
- if (ssl->options.usingCompression)
- ssl->options.usingCompression = 0; /* turn off */
-
- ssl->options.clientState = CLIENT_HELLO_COMPLETE;
- *inOutIdx = idx;
-
- ssl->options.haveSessionId = 1;
- /* DoClientHello uses same resume code */
- if (ssl->options.resuming) { /* let's try */
- int ret = -1;
- WOLFSSL_SESSION* session = GetSession(ssl,
- ssl->arrays->masterSecret);
- #ifdef HAVE_SESSION_TICKET
- if (ssl->options.useTicket == 1) {
- session = &ssl->session;
- }
- #endif
-
- if (!session) {
- WOLFSSL_MSG("Session lookup for resume failed");
- ssl->options.resuming = 0;
- } else {
- if (MatchSuite(ssl, &clSuites) < 0) {
- WOLFSSL_MSG("Unsupported cipher suite, OldClientHello");
- return UNSUPPORTED_SUITE;
- }
- #ifdef SESSION_CERTS
- ssl->session = *session; /* restore session certs. */
- #endif
-
- ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
- RAN_LEN);
- if (ret != 0)
- return ret;
-
- #ifdef NO_OLD_TLS
- ret = DeriveTlsKeys(ssl);
- #else
- #ifndef NO_TLS
- if (ssl->options.tls)
- ret = DeriveTlsKeys(ssl);
- #endif
- if (!ssl->options.tls)
- ret = DeriveKeys(ssl);
- #endif
- ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
-
- return ret;
- }
- }
-
- return MatchSuite(ssl, &clSuites);
- }
-
-#endif /* OLD_HELLO_ALLOWED */
-
-
- static int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- word32 helloSz)
- {
- byte b;
- ProtocolVersion pv;
- Suites clSuites;
- word32 i = *inOutIdx;
- word32 begin = i;
-
-#ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
- if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
-#endif
-
- /* protocol version, random and session id length check */
- if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
- return BUFFER_ERROR;
-
- /* protocol version */
- XMEMCPY(&pv, input + i, OPAQUE16_LEN);
- ssl->chVersion = pv; /* store */
- i += OPAQUE16_LEN;
-
- if (ssl->version.minor > pv.minor) {
- byte haveRSA = 0;
- byte havePSK = 0;
-
- if (!ssl->options.downgrade) {
- WOLFSSL_MSG("Client trying to connect with lesser version");
- return VERSION_ERROR;
- }
- if (pv.minor < ssl->options.minDowngrade) {
- WOLFSSL_MSG(" version below minimum allowed, fatal error");
- return VERSION_ERROR;
- }
-
- if (pv.minor == SSLv3_MINOR) {
- /* turn off tls */
- WOLFSSL_MSG(" downgrading to SSLv3");
- ssl->options.tls = 0;
- ssl->options.tls1_1 = 0;
- ssl->version.minor = SSLv3_MINOR;
- }
- else if (pv.minor == TLSv1_MINOR) {
- /* turn off tls 1.1+ */
- WOLFSSL_MSG(" downgrading to TLSv1");
- ssl->options.tls1_1 = 0;
- ssl->version.minor = TLSv1_MINOR;
- }
- else if (pv.minor == TLSv1_1_MINOR) {
- WOLFSSL_MSG(" downgrading to TLSv1.1");
- ssl->version.minor = TLSv1_1_MINOR;
- }
-#ifndef NO_RSA
- haveRSA = 1;
-#endif
-#ifndef NO_PSK
- havePSK = ssl->options.havePSK;
-#endif
- InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
- ssl->options.haveDH, ssl->options.haveNTRU,
- ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
- ssl->options.side);
- }
-
- /* random */
- XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
- i += RAN_LEN;
-
-#ifdef SHOW_SECRETS
- {
- int j;
- printf("client random: ");
- for (j = 0; j < RAN_LEN; j++)
- printf("%02x", ssl->arrays->clientRandom[j]);
- printf("\n");
- }
-#endif
-
- /* session id */
- b = input[i++];
-
- if (b == ID_LEN) {
- if ((i - begin) + ID_LEN > helloSz)
- return BUFFER_ERROR;
-
- XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
- ssl->arrays->sessionIDSz = ID_LEN;
- i += ID_LEN;
- ssl->options.resuming = 1; /* client wants to resume */
- WOLFSSL_MSG("Client wants to resume session");
- }
- else if (b) {
- WOLFSSL_MSG("Invalid session ID size");
- return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
- }
-
- #ifdef WOLFSSL_DTLS
- /* cookie */
- if (ssl->options.dtls) {
-
- if ((i - begin) + OPAQUE8_LEN > helloSz)
- return BUFFER_ERROR;
-
- b = input[i++];
-
- if (b) {
- byte cookie[MAX_COOKIE_LEN];
-
- if (b > MAX_COOKIE_LEN)
- return BUFFER_ERROR;
-
- if ((i - begin) + b > helloSz)
- return BUFFER_ERROR;
-
- if (ssl->ctx->CBIOCookie == NULL) {
- WOLFSSL_MSG("Your Cookie callback is null, please set");
- return COOKIE_ERROR;
- }
-
- if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
- ssl->IOCB_CookieCtx) != COOKIE_SZ)
- || (b != COOKIE_SZ)
- || (XMEMCMP(cookie, input + i, b) != 0)) {
- return COOKIE_ERROR;
- }
-
- i += b;
- }
- }
- #endif
-
- /* suites */
- if ((i - begin) + OPAQUE16_LEN > helloSz)
- return BUFFER_ERROR;
-
- ato16(&input[i], &clSuites.suiteSz);
- i += OPAQUE16_LEN;
-
- /* suites and compression length check */
- if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
- return BUFFER_ERROR;
-
- if (clSuites.suiteSz > MAX_SUITE_SZ)
- return BUFFER_ERROR;
-
- XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
- i += clSuites.suiteSz;
- clSuites.hashSigAlgoSz = 0;
-
- /* compression length */
- b = input[i++];
-
- if ((i - begin) + b > helloSz)
- return BUFFER_ERROR;
-
- if (ssl->options.usingCompression) {
- int match = 0;
-
- while (b--) {
- byte comp = input[i++];
-
- if (comp == ZLIB_COMPRESSION)
- match = 1;
- }
-
- if (!match) {
- WOLFSSL_MSG("Not matching compression, turning off");
- ssl->options.usingCompression = 0; /* turn off */
- }
- }
- else
- i += b; /* ignore, since we're not on */
-
- *inOutIdx = i;
-
- /* tls extensions */
- if ((i - begin) < helloSz) {
-#ifdef HAVE_TLS_EXTENSIONS
- if (TLSX_SupportExtensions(ssl)) {
- int ret = 0;
-#else
- if (IsAtLeastTLSv1_2(ssl)) {
-#endif
- /* Process the hello extension. Skip unsupported. */
- word16 totalExtSz;
-
- if ((i - begin) + OPAQUE16_LEN > helloSz)
- return BUFFER_ERROR;
-
- ato16(&input[i], &totalExtSz);
- i += OPAQUE16_LEN;
-
- if ((i - begin) + totalExtSz > helloSz)
- return BUFFER_ERROR;
-
-#ifdef HAVE_TLS_EXTENSIONS
- if ((ret = TLSX_Parse(ssl, (byte *) input + i,
- totalExtSz, 1, &clSuites)))
- return ret;
-
- i += totalExtSz;
-#else
- while (totalExtSz) {
- word16 extId, extSz;
-
- if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
- return BUFFER_ERROR;
-
- ato16(&input[i], &extId);
- i += OPAQUE16_LEN;
- ato16(&input[i], &extSz);
- i += OPAQUE16_LEN;
-
- if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
- return BUFFER_ERROR;
-
- if (extId == HELLO_EXT_SIG_ALGO) {
- ato16(&input[i], &clSuites.hashSigAlgoSz);
- i += OPAQUE16_LEN;
-
- if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
- return BUFFER_ERROR;
-
- XMEMCPY(clSuites.hashSigAlgo, &input[i],
- min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
- i += clSuites.hashSigAlgoSz;
-
- if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
- clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX;
- }
- else
- i += extSz;
-
- totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
- }
-#endif
- *inOutIdx = i;
- }
- else
- *inOutIdx = begin + helloSz; /* skip extensions */
- }
-
- ssl->options.clientState = CLIENT_HELLO_COMPLETE;
- ssl->options.haveSessionId = 1;
-
- /* ProcessOld uses same resume code */
- if (ssl->options.resuming && (!ssl->options.dtls ||
- ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
- int ret = -1;
- WOLFSSL_SESSION* session = GetSession(ssl,
- ssl->arrays->masterSecret);
- #ifdef HAVE_SESSION_TICKET
- if (ssl->options.useTicket == 1) {
- session = &ssl->session;
- }
- #endif
-
- if (!session) {
- WOLFSSL_MSG("Session lookup for resume failed");
- ssl->options.resuming = 0;
- }
- else {
- if (MatchSuite(ssl, &clSuites) < 0) {
- WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
- return UNSUPPORTED_SUITE;
- }
- #ifdef SESSION_CERTS
- ssl->session = *session; /* restore session certs. */
- #endif
-
- ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
- RAN_LEN);
- if (ret != 0)
- return ret;
-
- #ifdef NO_OLD_TLS
- ret = DeriveTlsKeys(ssl);
- #else
- #ifndef NO_TLS
- if (ssl->options.tls)
- ret = DeriveTlsKeys(ssl);
- #endif
- if (!ssl->options.tls)
- ret = DeriveKeys(ssl);
- #endif
- ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
-
- return ret;
- }
- }
- return MatchSuite(ssl, &clSuites);
- }
-
-#if !defined(NO_RSA) || defined(HAVE_ECC)
- static int DoCertificateVerify(WOLFSSL* ssl, byte* input, word32* inOutIdx,
- word32 size)
- {
- word16 sz = 0;
- int ret = VERIFY_CERT_ERROR; /* start in error state */
- byte hashAlgo = sha_mac;
- byte sigAlgo = anonymous_sa_algo;
- word32 begin = *inOutIdx;
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("CertificateVerify", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddLateName("CertificateVerify", &ssl->timeoutInfo);
- #endif
-
-
- if (IsAtLeastTLSv1_2(ssl)) {
- if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
- return BUFFER_ERROR;
-
- hashAlgo = input[(*inOutIdx)++];
- sigAlgo = input[(*inOutIdx)++];
- }
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &sz);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + sz > size || sz > ENCRYPT_LEN)
- return BUFFER_ERROR;
-
- /* RSA */
-#ifndef NO_RSA
- if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
- byte* out = NULL;
- int outLen = 0;
- byte doUserRsa = 0;
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->RsaVerifyCb)
- doUserRsa = 1;
- #endif /*HAVE_PK_CALLBACKS */
-
- WOLFSSL_MSG("Doing RSA peer cert verify");
-
- if (doUserRsa) {
- #ifdef HAVE_PK_CALLBACKS
- outLen = ssl->ctx->RsaVerifyCb(ssl, input + *inOutIdx, sz,
- &out,
- ssl->buffers.peerRsaKey.buffer,
- ssl->buffers.peerRsaKey.length,
- ssl->RsaVerifyCtx);
- #endif /*HAVE_PK_CALLBACKS */
- }
- else {
- outLen = wc_RsaSSL_VerifyInline(input + *inOutIdx, sz, &out,
- ssl->peerRsaKey);
- }
-
- if (IsAtLeastTLSv1_2(ssl)) {
-#ifdef WOLFSSL_SMALL_STACK
- byte* encodedSig = NULL;
-#else
- byte encodedSig[MAX_ENCODED_SIG_SZ];
-#endif
- word32 sigSz;
- byte* digest = ssl->hsHashes->certHashes.sha;
- int typeH = SHAh;
- int digestSz = SHA_DIGEST_SIZE;
-
-#ifdef WOLFSSL_SMALL_STACK
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL)
- return MEMORY_E;
-#endif
-
- if (sigAlgo != rsa_sa_algo) {
- WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
- }
-
- if (hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = ssl->hsHashes->certHashes.sha256;
- typeH = SHA256h;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = ssl->hsHashes->certHashes.sha384;
- typeH = SHA384h;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = ssl->hsHashes->certHashes.sha512;
- typeH = SHA512h;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
-
- sigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
-
- if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig,
- min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
- ret = 0; /* verified */
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- }
- else {
- if (outLen == FINISHED_SZ && out && XMEMCMP(out,
- &ssl->hsHashes->certHashes,
- FINISHED_SZ) == 0) {
- ret = 0; /* verified */
- }
- }
- }
-#endif
-#ifdef HAVE_ECC
- if (ssl->peerEccDsaKeyPresent) {
- int verify = 0;
- int err = -1;
- byte* digest = ssl->hsHashes->certHashes.sha;
- word32 digestSz = SHA_DIGEST_SIZE;
- byte doUserEcc = 0;
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->EccVerifyCb)
- doUserEcc = 1;
- #endif
-
- WOLFSSL_MSG("Doing ECC peer cert verify");
-
- if (IsAtLeastTLSv1_2(ssl)) {
- if (sigAlgo != ecc_dsa_sa_algo) {
- WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
- }
-
- if (hashAlgo == sha256_mac) {
- #ifndef NO_SHA256
- digest = ssl->hsHashes->certHashes.sha256;
- digestSz = SHA256_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha384_mac) {
- #ifdef WOLFSSL_SHA384
- digest = ssl->hsHashes->certHashes.sha384;
- digestSz = SHA384_DIGEST_SIZE;
- #endif
- }
- else if (hashAlgo == sha512_mac) {
- #ifdef WOLFSSL_SHA512
- digest = ssl->hsHashes->certHashes.sha512;
- digestSz = SHA512_DIGEST_SIZE;
- #endif
- }
- }
-
- if (doUserEcc) {
- #ifdef HAVE_PK_CALLBACKS
- ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, sz, digest,
- digestSz,
- ssl->buffers.peerEccDsaKey.buffer,
- ssl->buffers.peerEccDsaKey.length,
- &verify, ssl->EccVerifyCtx);
- #endif
- }
- else {
- err = wc_ecc_verify_hash(input + *inOutIdx, sz, digest,
- digestSz, &verify, ssl->peerEccDsaKey);
- }
-
- if (err == 0 && verify == 1)
- ret = 0; /* verified */
- }
-#endif
- *inOutIdx += sz;
-
- if (ret == 0)
- ssl->options.havePeerVerify = 1;
-
- return ret;
- }
-#endif /* !NO_RSA || HAVE_ECC */
-
- int SendServerHelloDone(WOLFSSL* ssl)
- {
- byte *output;
- int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- int ret;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- #endif
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, 0, server_hello_done, ssl);
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return 0;
- }
- #endif
-
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
- return ret;
-
-#ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz,
- ssl->heap);
-#endif
- ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
-
- ssl->buffers.outputBuffer.length += sendSz;
-
- return SendBuffered(ssl);
- }
-
-
-#ifdef HAVE_SESSION_TICKET
-
-#define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
- WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
-#define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
-
- /* our ticket format */
- typedef struct InternalTicket {
- ProtocolVersion pv; /* version when ticket created */
- byte suite[SUITE_LEN]; /* cipher suite when created */
- byte msecret[SECRET_LEN]; /* master secret */
- word32 timestamp; /* born on */
- } InternalTicket;
-
- /* fit within SESSION_TICKET_LEN */
- typedef struct ExternalTicket {
- byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */
- byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */
- byte enc_len[LENGTH_SZ]; /* encrypted length */
- byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
- byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */
- /* !! if add to structure, add to TICKET_FIXED_SZ !! */
- } ExternalTicket;
-
- /* create a new session ticket, 0 on success */
- static int CreateTicket(WOLFSSL* ssl)
- {
- InternalTicket it;
- ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
- int encLen;
- int ret;
- byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */
-
- /* build internal */
- it.pv.major = ssl->version.major;
- it.pv.minor = ssl->version.minor;
-
- it.suite[0] = ssl->options.cipherSuite0;
- it.suite[1] = ssl->options.cipherSuite;
-
- XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
- c32toa(LowResTimer(), (byte*)&it.timestamp);
-
- /* build external */
- XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
-
- /* encrypt */
- encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */
- ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
- et->enc_ticket, sizeof(InternalTicket),
- &encLen, ssl->ctx->ticketEncCtx);
- if (ret == WOLFSSL_TICKET_RET_OK) {
- if (encLen < (int)sizeof(InternalTicket) ||
- encLen > WOLFSSL_TICKET_ENC_SZ) {
- WOLFSSL_MSG("Bad user ticket encrypt size");
- return BAD_TICKET_KEY_CB_SZ;
- }
-
- /* sanity checks on encrypt callback */
-
- /* internal ticket can't be the same if encrypted */
- if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
- WOLFSSL_MSG("User ticket encrypt didn't encrypt");
- return BAD_TICKET_ENCRYPT;
- }
-
- XMEMSET(zeros, 0, sizeof(zeros));
-
- /* name */
- if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
- WOLFSSL_MSG("User ticket encrypt didn't set name");
- return BAD_TICKET_ENCRYPT;
- }
-
- /* iv */
- if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
- WOLFSSL_MSG("User ticket encrypt didn't set iv");
- return BAD_TICKET_ENCRYPT;
- }
-
- /* mac */
- if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
- WOLFSSL_MSG("User ticket encrypt didn't set mac");
- return BAD_TICKET_ENCRYPT;
- }
-
- /* set size */
- c16toa((word16)encLen, et->enc_len);
- ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
- if (encLen < WOLFSSL_TICKET_ENC_SZ) {
- /* move mac up since whole enc buffer not used */
- XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
- }
- }
-
- return ret;
- }
-
-
- /* Parse ticket sent by client, returns callback return value */
- int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
- {
- ExternalTicket* et;
- InternalTicket* it;
- int ret;
- int outLen;
- word16 inLen;
-
- if (len > SESSION_TICKET_LEN ||
- len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
- return BAD_TICKET_MSG_SZ;
- }
-
- et = (ExternalTicket*)input;
- it = (InternalTicket*)et->enc_ticket;
-
- /* decrypt */
- ato16(et->enc_len, &inLen);
- if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
- return BAD_TICKET_MSG_SZ;
- }
- outLen = inLen; /* may be reduced by user padding */
- ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
- et->enc_ticket + inLen, 0,
- et->enc_ticket, inLen, &outLen,
- ssl->ctx->ticketEncCtx);
- if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
- if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
- WOLFSSL_MSG("Bad user ticket decrypt len");
- return BAD_TICKET_KEY_CB_SZ;
- }
-
- /* get master secret */
- if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE)
- XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
-
- return ret;
- }
-
-
- /* send Session Ticket */
- int SendTicket(WOLFSSL* ssl)
- {
- byte* output;
- int ret;
- int sendSz;
- word32 length = SESSION_HINT_SZ + LENGTH_SZ;
- word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- length += DTLS_RECORD_EXTRA;
- idx += DTLS_RECORD_EXTRA;
- }
- #endif
-
- if (ssl->options.createTicket) {
- ret = CreateTicket(ssl);
- if (ret != 0) return ret;
- }
-
- length += ssl->session.ticketLen;
- sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, session_ticket, ssl);
-
- /* hint */
- c32toa(ssl->ctx->ticketHint, output + idx);
- idx += SESSION_HINT_SZ;
-
- /* length */
- c16toa(ssl->session.ticketLen, output + idx);
- idx += LENGTH_SZ;
-
- /* ticket */
- XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
- /* idx += ssl->session.ticketLen; */
-
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0) return ret;
- ssl->buffers.outputBuffer.length += sendSz;
-
- return SendBuffered(ssl);
- }
-
-#endif /* HAVE_SESSION_TICKET */
-
-
-#ifdef WOLFSSL_DTLS
- int SendHelloVerifyRequest(WOLFSSL* ssl)
- {
- byte* output;
- byte cookieSz = COOKIE_SZ;
- int length = VERSION_SZ + ENUM_LEN + cookieSz;
- int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
- int sendSz = length + idx;
- int ret;
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, hello_verify_request, ssl);
-
- output[idx++] = ssl->chVersion.major;
- output[idx++] = ssl->chVersion.minor;
-
- output[idx++] = cookieSz;
- if (ssl->ctx->CBIOCookie == NULL) {
- WOLFSSL_MSG("Your Cookie callback is null, please set");
- return COOKIE_ERROR;
- }
- if ((ret = ssl->ctx->CBIOCookie(ssl, output + idx, cookieSz,
- ssl->IOCB_CookieCtx)) < 0)
- return ret;
-
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
- return ret;
-
-#ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output,
- sendSz, ssl->heap);
-#endif
- ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
-
- ssl->buffers.outputBuffer.length += sendSz;
-
- return SendBuffered(ssl);
- }
-#endif
-
- static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
- word32 size)
- {
- int ret = 0;
- word32 length = 0;
- byte* out = NULL;
- word32 begin = *inOutIdx;
-
- (void)length; /* shut up compiler warnings */
- (void)out;
- (void)input;
- (void)size;
- (void)begin;
-
- if (ssl->options.side != WOLFSSL_SERVER_END) {
- WOLFSSL_MSG("Client received client keyexchange, attack?");
- WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
- return SSL_FATAL_ERROR;
- }
-
- if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
- WOLFSSL_MSG("Client sending keyexchange at wrong time");
- SendAlert(ssl, alert_fatal, unexpected_message);
- return OUT_OF_ORDER_E;
- }
-
- #ifndef NO_CERTS
- if (ssl->options.verifyPeer && ssl->options.failNoCert)
- if (!ssl->options.havePeerCert) {
- WOLFSSL_MSG("client didn't present peer cert");
- return NO_PEER_CERT;
- }
- #endif
-
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn)
- AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
- #endif
-
- switch (ssl->specs.kea) {
- #ifndef NO_RSA
- case rsa_kea:
- {
- word32 idx = 0;
- RsaKey key;
- byte doUserRsa = 0;
-
- #ifdef HAVE_PK_CALLBACKS
- if (ssl->ctx->RsaDecCb)
- doUserRsa = 1;
- #endif
-
- ret = wc_InitRsaKey(&key, ssl->heap);
- if (ret != 0) return ret;
-
- if (ssl->buffers.key.buffer)
- ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx,
- &key, ssl->buffers.key.length);
- else
- return NO_PRIVATE_KEY;
-
- if (ret == 0) {
- length = wc_RsaEncryptSize(&key);
- ssl->arrays->preMasterSz = SECRET_LEN;
-
- if (ssl->options.tls) {
- word16 check;
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &check);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((word32) check != length) {
- WOLFSSL_MSG("RSA explicit size doesn't match");
- wc_FreeRsaKey(&key);
- return RSA_PRIVATE_ERROR;
- }
- }
-
- if ((*inOutIdx - begin) + length > size) {
- WOLFSSL_MSG("RSA message too big");
- wc_FreeRsaKey(&key);
- return BUFFER_ERROR;
- }
-
- if (doUserRsa) {
- #ifdef HAVE_PK_CALLBACKS
- ret = ssl->ctx->RsaDecCb(ssl,
- input + *inOutIdx, length, &out,
- ssl->buffers.key.buffer,
- ssl->buffers.key.length,
- ssl->RsaDecCtx);
- #endif
- }
- else {
- ret = wc_RsaPrivateDecryptInline(input + *inOutIdx, length,
- &out, &key);
- }
-
- *inOutIdx += length;
-
- if (ret == SECRET_LEN) {
- XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
- if (ssl->arrays->preMasterSecret[0] !=
- ssl->chVersion.major
- || ssl->arrays->preMasterSecret[1] !=
- ssl->chVersion.minor)
- ret = PMS_VERSION_ERROR;
- else
- ret = MakeMasterSecret(ssl);
- }
- else {
- ret = RSA_PRIVATE_ERROR;
- }
- }
-
- wc_FreeRsaKey(&key);
- }
- break;
- #endif
- #ifndef NO_PSK
- case psk_kea:
- {
- byte* pms = ssl->arrays->preMasterSecret;
- word16 ci_sz;
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &ci_sz);
- *inOutIdx += OPAQUE16_LEN;
-
- if (ci_sz > MAX_PSK_ID_LEN)
- return CLIENT_ID_ERROR;
-
- if ((*inOutIdx - begin) + ci_sz > size)
- return BUFFER_ERROR;
-
- XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz);
- *inOutIdx += ci_sz;
-
- ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
- ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
- ssl->arrays->client_identity, ssl->arrays->psk_key,
- MAX_PSK_KEY_LEN);
-
- if (ssl->arrays->psk_keySz == 0 ||
- ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
- return PSK_KEY_ERROR;
-
- /* make psk pre master secret */
- /* length of key + length 0s + length of key + key */
- c16toa((word16) ssl->arrays->psk_keySz, pms);
- pms += OPAQUE16_LEN;
-
- XMEMSET(pms, 0, ssl->arrays->psk_keySz);
- pms += ssl->arrays->psk_keySz;
-
- c16toa((word16) ssl->arrays->psk_keySz, pms);
- pms += OPAQUE16_LEN;
-
- XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
-
- ret = MakeMasterSecret(ssl);
-
- /* No further need for PSK */
- ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->psk_keySz = 0;
- }
- break;
- #endif /* NO_PSK */
- #ifdef HAVE_NTRU
- case ntru_kea:
- {
- word16 cipherLen;
- word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
-
- if (!ssl->buffers.key.buffer)
- return NO_PRIVATE_KEY;
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &cipherLen);
- *inOutIdx += OPAQUE16_LEN;
-
- if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
- return NTRU_KEY_ERROR;
-
- if ((*inOutIdx - begin) + cipherLen > size)
- return BUFFER_ERROR;
-
- if (NTRU_OK != ntru_crypto_ntru_decrypt(
- (word16) ssl->buffers.key.length,
- ssl->buffers.key.buffer, cipherLen,
- input + *inOutIdx, &plainLen,
- ssl->arrays->preMasterSecret))
- return NTRU_DECRYPT_ERROR;
-
- if (plainLen != SECRET_LEN)
- return NTRU_DECRYPT_ERROR;
-
- *inOutIdx += cipherLen;
-
- ssl->arrays->preMasterSz = plainLen;
- ret = MakeMasterSecret(ssl);
- }
- break;
- #endif /* HAVE_NTRU */
- #ifdef HAVE_ECC
- case ecc_diffie_hellman_kea:
- {
- if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
- return BUFFER_ERROR;
-
- length = input[(*inOutIdx)++];
-
- if ((*inOutIdx - begin) + length > size)
- return BUFFER_ERROR;
-
- if (ssl->peerEccKey == NULL) {
- /* alloc/init on demand */
- ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
- ssl->ctx->heap, DYNAMIC_TYPE_ECC);
- if (ssl->peerEccKey == NULL) {
- WOLFSSL_MSG("PeerEccKey Memory error");
- return MEMORY_E;
- }
- wc_ecc_init(ssl->peerEccKey);
- } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
- wc_ecc_free(ssl->peerEccKey);
- ssl->peerEccKeyPresent = 0;
- wc_ecc_init(ssl->peerEccKey);
- }
-
- if (wc_ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey))
- return ECC_PEERKEY_ERROR;
-
- *inOutIdx += length;
- ssl->peerEccKeyPresent = 1;
-
- length = sizeof(ssl->arrays->preMasterSecret);
-
- if (ssl->specs.static_ecdh) {
- ecc_key staticKey;
- word32 i = 0;
-
- wc_ecc_init(&staticKey);
- ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
- &staticKey, ssl->buffers.key.length);
-
- if (ret == 0)
- ret = wc_ecc_shared_secret(&staticKey, ssl->peerEccKey,
- ssl->arrays->preMasterSecret, &length);
-
- wc_ecc_free(&staticKey);
- }
- else {
- if (ssl->eccTempKeyPresent == 0) {
- WOLFSSL_MSG("Ecc ephemeral key not made correctly");
- ret = ECC_MAKEKEY_ERROR;
- } else {
- ret = wc_ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey,
- ssl->arrays->preMasterSecret, &length);
- }
- }
-
- if (ret != 0)
- return ECC_SHARED_ERROR;
-
- ssl->arrays->preMasterSz = length;
- ret = MakeMasterSecret(ssl);
- }
- break;
- #endif /* HAVE_ECC */
- #ifndef NO_DH
- case diffie_hellman_kea:
- {
- word16 clientPubSz;
- DhKey dhKey;
-
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &clientPubSz);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + clientPubSz > size)
- return BUFFER_ERROR;
-
- wc_InitDhKey(&dhKey);
- ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
- ssl->buffers.serverDH_P.length,
- ssl->buffers.serverDH_G.buffer,
- ssl->buffers.serverDH_G.length);
- if (ret == 0)
- ret = wc_DhAgree(&dhKey, ssl->arrays->preMasterSecret,
- &ssl->arrays->preMasterSz,
- ssl->buffers.serverDH_Priv.buffer,
- ssl->buffers.serverDH_Priv.length,
- input + *inOutIdx, clientPubSz);
- wc_FreeDhKey(&dhKey);
-
- *inOutIdx += clientPubSz;
-
- if (ret == 0)
- ret = MakeMasterSecret(ssl);
- }
- break;
- #endif /* NO_DH */
- #if !defined(NO_DH) && !defined(NO_PSK)
- case dhe_psk_kea:
- {
- byte* pms = ssl->arrays->preMasterSecret;
- word16 clientSz;
- DhKey dhKey;
-
- /* Read in the PSK hint */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &clientSz);
- *inOutIdx += OPAQUE16_LEN;
- if (clientSz > MAX_PSK_ID_LEN)
- return CLIENT_ID_ERROR;
-
- if ((*inOutIdx - begin) + clientSz > size)
- return BUFFER_ERROR;
-
- XMEMCPY(ssl->arrays->client_identity,
- input + *inOutIdx, clientSz);
- *inOutIdx += clientSz;
- ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] =
- 0;
-
- /* Read in the DHE business */
- if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
- return BUFFER_ERROR;
-
- ato16(input + *inOutIdx, &clientSz);
- *inOutIdx += OPAQUE16_LEN;
-
- if ((*inOutIdx - begin) + clientSz > size)
- return BUFFER_ERROR;
-
- wc_InitDhKey(&dhKey);
- ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
- ssl->buffers.serverDH_P.length,
- ssl->buffers.serverDH_G.buffer,
- ssl->buffers.serverDH_G.length);
- if (ret == 0)
- ret = wc_DhAgree(&dhKey, pms + OPAQUE16_LEN,
- &ssl->arrays->preMasterSz,
- ssl->buffers.serverDH_Priv.buffer,
- ssl->buffers.serverDH_Priv.length,
- input + *inOutIdx, clientSz);
- wc_FreeDhKey(&dhKey);
-
- *inOutIdx += clientSz;
- c16toa((word16)ssl->arrays->preMasterSz, pms);
- ssl->arrays->preMasterSz += OPAQUE16_LEN;
- pms += ssl->arrays->preMasterSz;
-
- /* Use the PSK hint to look up the PSK and add it to the
- * preMasterSecret here. */
- ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
- ssl->arrays->client_identity, ssl->arrays->psk_key,
- MAX_PSK_KEY_LEN);
-
- if (ssl->arrays->psk_keySz == 0 ||
- ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
- return PSK_KEY_ERROR;
-
- c16toa((word16) ssl->arrays->psk_keySz, pms);
- pms += OPAQUE16_LEN;
-
- XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->preMasterSz +=
- ssl->arrays->psk_keySz + OPAQUE16_LEN;
- if (ret == 0)
- ret = MakeMasterSecret(ssl);
-
- /* No further need for PSK */
- ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
- ssl->arrays->psk_keySz = 0;
- }
- break;
- #endif /* !NO_DH && !NO_PSK */
- default:
- {
- WOLFSSL_MSG("Bad kea type");
- ret = BAD_KEA_TYPE_E;
- }
- break;
- }
-
- /* No further need for PMS */
- ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
- ssl->arrays->preMasterSz = 0;
-
- if (ret == 0) {
- ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
- #ifndef NO_CERTS
- if (ssl->options.verifyPeer)
- ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
- #endif
- }
-
- return ret;
- }
-
-#endif /* NO_WOLFSSL_SERVER */
-
--- a/src/io.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1142 +0,0 @@
-/* io.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef _WIN32_WCE
- /* On WinCE winsock2.h must be included before windows.h for socket stuff */
- #include <winsock2.h>
-#endif
-
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
-
-
-/* if user writes own I/O callbacks they can define WOLFSSL_USER_IO to remove
- automatic setting of default I/O functions EmbedSend() and EmbedReceive()
- but they'll still need SetCallback xxx() at end of file
-*/
-#ifndef WOLFSSL_USER_IO
-
-#ifdef HAVE_LIBZ
- #include "zlib.h"
-#endif
-
-#ifndef USE_WINDOWS_API
- #ifdef WOLFSSL_LWIP
- /* lwIP needs to be configured to use sockets API in this mode */
- /* LWIP_SOCKET 1 in lwip/opt.h or in build */
- #include "lwip/sockets.h"
- #include <errno.h>
- #ifndef LWIP_PROVIDE_ERRNO
- #define LWIP_PROVIDE_ERRNO 1
- #endif
- #elif defined(FREESCALE_MQX)
- #include <posix.h>
- #include <rtcs.h>
- #elif defined(WOLFSSL_MDK_ARM)
- #if defined(WOLFSSL_MDK5)
- #include "cmsis_os.h"
- #include "rl_fs.h"
- #include "rl_net.h"
- #else
- #include <rtl.h>
- #endif
- #undef RNG
- #include "WOLFSSL_MDK_ARM.h"
- #undef RNG
- #define RNG wolfSSL_RNG
- /* for avoiding name conflict in "stm32f2xx.h" */
- static int errno;
- #elif defined(WOLFSSL_TIRTOS)
- #include <sys/socket.h>
- #elif defined(WOLFSSL_IAR_ARM)
- /* nothing */
- #else
- #include <sys/types.h>
- #include <errno.h>
- #ifndef EBSNET
- #include <unistd.h>
- #endif
- #include <fcntl.h>
- #if !(defined(DEVKITPRO) || defined(HAVE_RTP_SYS) || defined(EBSNET)) \
- && !(defined(WOLFSSL_PICOTCP))
- #include <sys/socket.h>
- #include <arpa/inet.h>
- #include <netinet/in.h>
- #include <netdb.h>
- #ifdef __PPU
- #include <netex/errno.h>
- #else
- #include <sys/ioctl.h>
- #endif
- #endif
- #ifdef HAVE_RTP_SYS
- #include <socket.h>
- #endif
- #ifdef EBSNET
- #include "rtipapi.h" /* errno */
- #include "socket.h"
- #endif
- #endif
-#endif /* USE_WINDOWS_API */
-
-#ifdef __sun
- #include <sys/filio.h>
-#endif
-
-#ifdef USE_WINDOWS_API
- /* no epipe yet */
- #ifndef WSAEPIPE
- #define WSAEPIPE -12345
- #endif
- #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
- #define SOCKET_EAGAIN WSAETIMEDOUT
- #define SOCKET_ECONNRESET WSAECONNRESET
- #define SOCKET_EINTR WSAEINTR
- #define SOCKET_EPIPE WSAEPIPE
- #define SOCKET_ECONNREFUSED WSAENOTCONN
- #define SOCKET_ECONNABORTED WSAECONNABORTED
- #define close(s) closesocket(s)
-#elif defined(__PPU)
- #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
- #define SOCKET_EAGAIN SYS_NET_EAGAIN
- #define SOCKET_ECONNRESET SYS_NET_ECONNRESET
- #define SOCKET_EINTR SYS_NET_EINTR
- #define SOCKET_EPIPE SYS_NET_EPIPE
- #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
- #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
-#elif defined(FREESCALE_MQX)
- /* RTCS doesn't have an EWOULDBLOCK error */
- #define SOCKET_EWOULDBLOCK EAGAIN
- #define SOCKET_EAGAIN EAGAIN
- #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET
- #define SOCKET_EINTR EINTR
- #define SOCKET_EPIPE EPIPE
- #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
- #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
-#elif defined(WOLFSSL_MDK_ARM)
- #if defined(WOLFSSL_MDK5)
- #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
- #define SOCKET_EAGAIN BSD_ERROR_LOCKED
- #define SOCKET_ECONNRESET BSD_ERROR_CLOSED
- #define SOCKET_EINTR BSD_ERROR
- #define SOCKET_EPIPE BSD_ERROR
- #define SOCKET_ECONNREFUSED BSD_ERROR
- #define SOCKET_ECONNABORTED BSD_ERROR
- #else
- #define SOCKET_EWOULDBLOCK SCK_EWOULDBLOCK
- #define SOCKET_EAGAIN SCK_ELOCKED
- #define SOCKET_ECONNRESET SCK_ECLOSED
- #define SOCKET_EINTR SCK_ERROR
- #define SOCKET_EPIPE SCK_ERROR
- #define SOCKET_ECONNREFUSED SCK_ERROR
- #define SOCKET_ECONNABORTED SCK_ERROR
- #endif
-#elif defined(WOLFSSL_PICOTCP)
- #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN
- #define SOCKET_EAGAIN PICO_ERR_EAGAIN
- #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET
- #define SOCKET_EINTR PICO_ERR_EINTR
- #define SOCKET_EPIPE PICO_ERR_EIO
- #define SOCKET_ECONNREFUSED PICO_ERR_ECONNREFUSED
- #define SOCKET_ECONNABORTED PICO_ERR_ESHUTDOWN
-#else
- #define SOCKET_EWOULDBLOCK EWOULDBLOCK
- #define SOCKET_EAGAIN EAGAIN
- #define SOCKET_ECONNRESET ECONNRESET
- #define SOCKET_EINTR EINTR
- #define SOCKET_EPIPE EPIPE
- #define SOCKET_ECONNREFUSED ECONNREFUSED
- #define SOCKET_ECONNABORTED ECONNABORTED
-#endif /* USE_WINDOWS_API */
-
-
-#ifdef DEVKITPRO
- /* from network.h */
- int net_send(int, const void*, int, unsigned int);
- int net_recv(int, void*, int, unsigned int);
- #define SEND_FUNCTION net_send
- #define RECV_FUNCTION net_recv
-#elif defined(WOLFSSL_LWIP)
- #define SEND_FUNCTION lwip_send
- #define RECV_FUNCTION lwip_recv
-#elif defined(WOLFSSL_PICOTCP)
- #define SEND_FUNCTION pico_send
- #define RECV_FUNCTION pico_recv
-#else
- #define SEND_FUNCTION send
- #define RECV_FUNCTION recv
-#endif
-
-
-/* Translates return codes returned from
- * send() and recv() if need be.
- */
-static INLINE int TranslateReturnCode(int old, int sd)
-{
- (void)sd;
-
-#ifdef FREESCALE_MQX
- if (old == 0) {
- errno = SOCKET_EWOULDBLOCK;
- return -1; /* convert to BSD style wouldblock as error */
- }
-
- if (old < 0) {
- errno = RTCS_geterror(sd);
- if (errno == RTCSERR_TCP_CONN_CLOSING)
- return 0; /* convert to BSD style closing */
- }
-#endif
-
- return old;
-}
-
-static INLINE int LastError(void)
-{
-#ifdef USE_WINDOWS_API
- return WSAGetLastError();
-#elif defined(EBSNET)
- return xn_getlasterror();
-#else
- return errno;
-#endif
-}
-
-/* The receive embedded callback
- * return : nb bytes read, or error
- */
-int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
-{
- int recvd;
- int err;
- int sd = *(int*)ctx;
-
-#ifdef WOLFSSL_DTLS
- {
- int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
- if (wolfSSL_dtls(ssl)
- && !wolfSSL_get_using_nonblock(ssl)
- && dtls_timeout != 0) {
- #ifdef USE_WINDOWS_API
- DWORD timeout = dtls_timeout * 1000;
- #else
- struct timeval timeout;
- XMEMSET(&timeout, 0, sizeof(timeout));
- timeout.tv_sec = dtls_timeout;
- #endif
- if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
- sizeof(timeout)) != 0) {
- WOLFSSL_MSG("setsockopt rcvtimeo failed");
- }
- }
- }
-#endif
-
- recvd = (int)RECV_FUNCTION(sd, buf, sz, ssl->rflags);
-
- recvd = TranslateReturnCode(recvd, sd);
-
- if (recvd < 0) {
- err = LastError();
- WOLFSSL_MSG("Embed Receive error");
-
- if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
- if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
- WOLFSSL_MSG(" Would block");
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- else {
- WOLFSSL_MSG(" Socket timeout");
- return WOLFSSL_CBIO_ERR_TIMEOUT;
- }
- }
- else if (err == SOCKET_ECONNRESET) {
- WOLFSSL_MSG(" Connection reset");
- return WOLFSSL_CBIO_ERR_CONN_RST;
- }
- else if (err == SOCKET_EINTR) {
- WOLFSSL_MSG(" Socket interrupted");
- return WOLFSSL_CBIO_ERR_ISR;
- }
- else if (err == SOCKET_ECONNREFUSED) {
- WOLFSSL_MSG(" Connection refused");
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- else if (err == SOCKET_ECONNABORTED) {
- WOLFSSL_MSG(" Connection aborted");
- return WOLFSSL_CBIO_ERR_CONN_CLOSE;
- }
- else {
- WOLFSSL_MSG(" General error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
- }
- else if (recvd == 0) {
- WOLFSSL_MSG("Embed receive connection closed");
- return WOLFSSL_CBIO_ERR_CONN_CLOSE;
- }
-
- return recvd;
-}
-
-/* The send embedded callback
- * return : nb bytes sent, or error
- */
-int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
-{
- int sd = *(int*)ctx;
- int sent;
- int len = sz;
- int err;
-
- sent = (int)SEND_FUNCTION(sd, &buf[sz - len], len, ssl->wflags);
-
- if (sent < 0) {
- err = LastError();
- WOLFSSL_MSG("Embed Send error");
-
- if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
- WOLFSSL_MSG(" Would Block");
- return WOLFSSL_CBIO_ERR_WANT_WRITE;
- }
- else if (err == SOCKET_ECONNRESET) {
- WOLFSSL_MSG(" Connection reset");
- return WOLFSSL_CBIO_ERR_CONN_RST;
- }
- else if (err == SOCKET_EINTR) {
- WOLFSSL_MSG(" Socket interrupted");
- return WOLFSSL_CBIO_ERR_ISR;
- }
- else if (err == SOCKET_EPIPE) {
- WOLFSSL_MSG(" Socket EPIPE");
- return WOLFSSL_CBIO_ERR_CONN_CLOSE;
- }
- else {
- WOLFSSL_MSG(" General error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
- }
-
- return sent;
-}
-
-
-#ifdef WOLFSSL_DTLS
-
-#include <wolfssl/wolfcrypt/sha.h>
-
-#ifdef USE_WINDOWS_API
- #define XSOCKLENT int
-#else
- #define XSOCKLENT socklen_t
-#endif
-
-#define SENDTO_FUNCTION sendto
-#define RECVFROM_FUNCTION recvfrom
-
-
-/* The receive embedded callback
- * return : nb bytes read, or error
- */
-int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
-{
- WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
- int recvd;
- int err;
- int sd = dtlsCtx->fd;
- int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
- struct sockaddr_storage peer;
- XSOCKLENT peerSz = sizeof(peer);
-
- WOLFSSL_ENTER("EmbedReceiveFrom()");
-
- if (!wolfSSL_get_using_nonblock(ssl) && dtls_timeout != 0) {
- #ifdef USE_WINDOWS_API
- DWORD timeout = dtls_timeout * 1000;
- #else
- struct timeval timeout;
- XMEMSET(&timeout, 0, sizeof(timeout));
- timeout.tv_sec = dtls_timeout;
- #endif
- if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
- sizeof(timeout)) != 0) {
- WOLFSSL_MSG("setsockopt rcvtimeo failed");
- }
- }
-
- recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
- (struct sockaddr*)&peer, &peerSz);
-
- recvd = TranslateReturnCode(recvd, sd);
-
- if (recvd < 0) {
- err = LastError();
- WOLFSSL_MSG("Embed Receive From error");
-
- if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
- if (wolfSSL_get_using_nonblock(ssl)) {
- WOLFSSL_MSG(" Would block");
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- else {
- WOLFSSL_MSG(" Socket timeout");
- return WOLFSSL_CBIO_ERR_TIMEOUT;
- }
- }
- else if (err == SOCKET_ECONNRESET) {
- WOLFSSL_MSG(" Connection reset");
- return WOLFSSL_CBIO_ERR_CONN_RST;
- }
- else if (err == SOCKET_EINTR) {
- WOLFSSL_MSG(" Socket interrupted");
- return WOLFSSL_CBIO_ERR_ISR;
- }
- else if (err == SOCKET_ECONNREFUSED) {
- WOLFSSL_MSG(" Connection refused");
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- else {
- WOLFSSL_MSG(" General error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
- }
- else {
- if (dtlsCtx->peer.sz > 0
- && peerSz != (XSOCKLENT)dtlsCtx->peer.sz
- && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
- WOLFSSL_MSG(" Ignored packet from invalid peer");
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- }
-
- return recvd;
-}
-
-
-/* The send embedded callback
- * return : nb bytes sent, or error
- */
-int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
-{
- WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
- int sd = dtlsCtx->fd;
- int sent;
- int len = sz;
- int err;
-
- WOLFSSL_ENTER("EmbedSendTo()");
-
- sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
- (const struct sockaddr*)dtlsCtx->peer.sa,
- dtlsCtx->peer.sz);
- if (sent < 0) {
- err = LastError();
- WOLFSSL_MSG("Embed Send To error");
-
- if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
- WOLFSSL_MSG(" Would Block");
- return WOLFSSL_CBIO_ERR_WANT_WRITE;
- }
- else if (err == SOCKET_ECONNRESET) {
- WOLFSSL_MSG(" Connection reset");
- return WOLFSSL_CBIO_ERR_CONN_RST;
- }
- else if (err == SOCKET_EINTR) {
- WOLFSSL_MSG(" Socket interrupted");
- return WOLFSSL_CBIO_ERR_ISR;
- }
- else if (err == SOCKET_EPIPE) {
- WOLFSSL_MSG(" Socket EPIPE");
- return WOLFSSL_CBIO_ERR_CONN_CLOSE;
- }
- else {
- WOLFSSL_MSG(" General error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
- }
-
- return sent;
-}
-
-
-/* The DTLS Generate Cookie callback
- * return : number of bytes copied into buf, or error
- */
-int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
-{
- int sd = ssl->wfd;
- struct sockaddr_storage peer;
- XSOCKLENT peerSz = sizeof(peer);
- byte digest[SHA_DIGEST_SIZE];
- int ret = 0;
-
- (void)ctx;
-
- XMEMSET(&peer, 0, sizeof(peer));
- if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
- WOLFSSL_MSG("getpeername failed in EmbedGenerateCookie");
- return GEN_COOKIE_E;
- }
-
- ret = wc_ShaHash((byte*)&peer, peerSz, digest);
- if (ret != 0)
- return ret;
-
- if (sz > SHA_DIGEST_SIZE)
- sz = SHA_DIGEST_SIZE;
- XMEMCPY(buf, digest, sz);
-
- return sz;
-}
-
-#endif /* WOLFSSL_DTLS */
-
-#ifdef HAVE_OCSP
-
-
-static int Word16ToString(char* d, word16 number)
-{
- int i = 0;
-
- if (d != NULL) {
- word16 order = 10000;
- word16 digit;
-
- if (number == 0) {
- d[i++] = '0';
- }
- else {
- while (order) {
- digit = number / order;
- if (i > 0 || digit != 0) {
- d[i++] = (char)digit + '0';
- }
- if (digit != 0)
- number %= digit * order;
- if (order > 1)
- order /= 10;
- else
- order = 0;
- }
- }
- d[i] = 0;
- }
-
- return i;
-}
-
-
-static int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
-{
- struct sockaddr_storage addr;
- int sockaddr_len = sizeof(struct sockaddr_in);
- XMEMSET(&addr, 0, sizeof(addr));
-
- #ifdef HAVE_GETADDRINFO
- {
- struct addrinfo hints;
- struct addrinfo* answer = NULL;
- char strPort[6];
-
- XMEMSET(&hints, 0, sizeof(hints));
- hints.ai_family = AF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_protocol = IPPROTO_TCP;
-
- if (Word16ToString(strPort, port) == 0) {
- WOLFSSL_MSG("invalid port number for OCSP responder");
- return -1;
- }
-
- if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
- WOLFSSL_MSG("no addr info for OCSP responder");
- return -1;
- }
-
- sockaddr_len = answer->ai_addrlen;
- XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
- freeaddrinfo(answer);
-
- }
- #else /* HAVE_GETADDRINFO */
- {
- struct hostent* entry = gethostbyname(ip);
- struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
-
- if (entry) {
- sin->sin_family = AF_INET;
- sin->sin_port = htons(port);
- XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0],
- entry->h_length);
- }
- else {
- WOLFSSL_MSG("no addr info for OCSP responder");
- return -1;
- }
- }
- #endif /* HAVE_GETADDRINFO */
-
- *sockfd = socket(addr.ss_family, SOCK_STREAM, 0);
-
-#ifdef USE_WINDOWS_API
- if (*sockfd == INVALID_SOCKET) {
- WOLFSSL_MSG("bad socket fd, out of fds?");
- return -1;
- }
-#else
- if (*sockfd < 0) {
- WOLFSSL_MSG("bad socket fd, out of fds?");
- return -1;
- }
-#endif
-
- if (connect(*sockfd, (struct sockaddr *)&addr, sockaddr_len) != 0) {
- WOLFSSL_MSG("OCSP responder tcp connect failed");
- return -1;
- }
-
- return 0;
-}
-
-
-static int build_http_request(const char* domainName, const char* path,
- int ocspReqSz, byte* buf, int bufSize)
-{
- word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
- char ocspReqSzStr[6];
-
- domainNameLen = (word32)XSTRLEN(domainName);
- pathLen = (word32)XSTRLEN(path);
- ocspReqSzStrLen = Word16ToString(ocspReqSzStr, (word16)ocspReqSz);
-
- completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
- if (completeLen > (word32)bufSize)
- return 0;
-
- XSTRNCPY((char*)buf, "POST ", 5);
- buf += 5;
- XSTRNCPY((char*)buf, path, pathLen);
- buf += pathLen;
- XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
- buf += 17;
- XSTRNCPY((char*)buf, domainName, domainNameLen);
- buf += domainNameLen;
- XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
- buf += 18;
- XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
- buf += ocspReqSzStrLen;
- XSTRNCPY((char*)buf,
- "\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);
-
- return completeLen;
-}
-
-
-static int decode_url(const char* url, int urlSz,
- char* outName, char* outPath, word16* outPort)
-{
- int result = -1;
-
- if (outName != NULL && outPath != NULL && outPort != NULL)
- {
- if (url == NULL || urlSz == 0)
- {
- *outName = 0;
- *outPath = 0;
- *outPort = 0;
- }
- else
- {
- int i, cur;
-
- /* need to break the url down into scheme, address, and port */
- /* "http://example.com:8080/" */
- /* "http://[::1]:443/" */
- if (XSTRNCMP(url, "http://", 7) == 0) {
- cur = 7;
- } else cur = 0;
-
- i = 0;
- if (url[cur] == '[') {
- cur++;
- /* copy until ']' */
- while (url[cur] != 0 && url[cur] != ']' && cur < urlSz) {
- outName[i++] = url[cur++];
- }
- cur++; /* skip ']' */
- }
- else {
- while (url[cur] != 0 && url[cur] != ':' &&
- url[cur] != '/' && cur < urlSz) {
- outName[i++] = url[cur++];
- }
- }
- outName[i] = 0;
- /* Need to pick out the path after the domain name */
-
- if (cur < urlSz && url[cur] == ':') {
- char port[6];
- int j;
- word32 bigPort = 0;
- i = 0;
- cur++;
- while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
- i < 6) {
- port[i++] = url[cur++];
- }
-
- for (j = 0; j < i; j++) {
- if (port[j] < '0' || port[j] > '9') return -1;
- bigPort = (bigPort * 10) + (port[j] - '0');
- }
- *outPort = (word16)bigPort;
- }
- else
- *outPort = 80;
-
- if (cur < urlSz && url[cur] == '/') {
- i = 0;
- while (cur < urlSz && url[cur] != 0 && i < 80) {
- outPath[i++] = url[cur++];
- }
- outPath[i] = 0;
- }
- else {
- outPath[0] = '/';
- outPath[1] = 0;
- }
- result = 0;
- }
- }
-
- return result;
-}
-
-
-/* return: >0 OCSP Response Size
- * -1 error */
-static int process_http_response(int sfd, byte** respBuf,
- byte* httpBuf, int httpBufSz)
-{
- int result;
- int len = 0;
- char *start, *end;
- byte *recvBuf = NULL;
- int recvBufSz = 0;
- enum phr_state { phr_init, phr_http_start, phr_have_length,
- phr_have_type, phr_wait_end, phr_http_end
- } state = phr_init;
-
- start = end = NULL;
- do {
- if (end == NULL) {
- result = (int)recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
- if (result > 0) {
- len += result;
- start = (char*)httpBuf;
- start[len] = 0;
- }
- else {
- WOLFSSL_MSG("process_http_response recv http from peer failed");
- return -1;
- }
- }
- end = XSTRSTR(start, "\r\n");
-
- if (end == NULL) {
- if (len != 0)
- XMEMMOVE(httpBuf, start, len);
- start = end = NULL;
- }
- else if (end == start) {
- if (state == phr_wait_end) {
- state = phr_http_end;
- len -= 2;
- start += 2;
- }
- else {
- WOLFSSL_MSG("process_http_response header ended early");
- return -1;
- }
- }
- else {
- *end = 0;
- len -= (int)(end - start) + 2;
- /* adjust len to remove the first line including the /r/n */
-
- if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) {
- start += 9;
- if (XSTRNCASECMP(start, "200 OK", 6) != 0 ||
- state != phr_init) {
- WOLFSSL_MSG("process_http_response not OK");
- return -1;
- }
- state = phr_http_start;
- }
- else if (XSTRNCASECMP(start, "Content-Type:", 13) == 0) {
- start += 13;
- while (*start == ' ' && *start != '\0') start++;
- if (XSTRNCASECMP(start, "application/ocsp-response", 25) != 0) {
- WOLFSSL_MSG("process_http_response not ocsp-response");
- return -1;
- }
-
- if (state == phr_http_start) state = phr_have_type;
- else if (state == phr_have_length) state = phr_wait_end;
- else {
- WOLFSSL_MSG("process_http_response type invalid state");
- return -1;
- }
- }
- else if (XSTRNCASECMP(start, "Content-Length:", 15) == 0) {
- start += 15;
- while (*start == ' ' && *start != '\0') start++;
- recvBufSz = atoi(start);
-
- if (state == phr_http_start) state = phr_have_length;
- else if (state == phr_have_type) state = phr_wait_end;
- else {
- WOLFSSL_MSG("process_http_response length invalid state");
- return -1;
- }
- }
-
- start = end + 2;
- }
- } while (state != phr_http_end);
-
- recvBuf = (byte*)XMALLOC(recvBufSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
- if (recvBuf == NULL) {
- WOLFSSL_MSG("process_http_response couldn't create response buffer");
- return -1;
- }
-
- /* copy the remainder of the httpBuf into the respBuf */
- if (len != 0)
- XMEMCPY(recvBuf, start, len);
-
- /* receive the OCSP response data */
- do {
- result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
- if (result > 0)
- len += result;
- else {
- WOLFSSL_MSG("process_http_response recv ocsp from peer failed");
- return -1;
- }
- } while (len != recvBufSz);
-
- *respBuf = recvBuf;
- return recvBufSz;
-}
-
-
-#define SCRATCH_BUFFER_SIZE 512
-
-int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
- byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
-{
- SOCKET_T sfd = 0;
- word16 port;
- int ret = -1;
-#ifdef WOLFSSL_SMALL_STACK
- char* path;
- char* domainName;
-#else
- char path[80];
- char domainName[80];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- path = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (path == NULL)
- return -1;
-
- domainName = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (domainName == NULL) {
- XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return -1;
- }
-#endif
-
- (void)ctx;
-
- if (ocspReqBuf == NULL || ocspReqSz == 0) {
- WOLFSSL_MSG("OCSP request is required for lookup");
- }
- else if (ocspRespBuf == NULL) {
- WOLFSSL_MSG("Cannot save OCSP response");
- }
- else if (decode_url(url, urlSz, domainName, path, &port) < 0) {
- WOLFSSL_MSG("Unable to decode OCSP URL");
- }
- else {
- /* Note, the library uses the EmbedOcspRespFree() callback to
- * free this buffer. */
- int httpBufSz = SCRATCH_BUFFER_SIZE;
- byte* httpBuf = (byte*)XMALLOC(httpBufSz, NULL,
- DYNAMIC_TYPE_IN_BUFFER);
-
- if (httpBuf == NULL) {
- WOLFSSL_MSG("Unable to create OCSP response buffer");
- }
- else {
- httpBufSz = build_http_request(domainName, path, ocspReqSz,
- httpBuf, httpBufSz);
-
- if ((tcp_connect(&sfd, domainName, port) != 0) || (sfd <= 0)) {
- WOLFSSL_MSG("OCSP Responder connection failed");
- }
- else if ((int)send(sfd, (char*)httpBuf, httpBufSz, 0) !=
- httpBufSz) {
- WOLFSSL_MSG("OCSP http request failed");
- }
- else if ((int)send(sfd, (char*)ocspReqBuf, ocspReqSz, 0) !=
- ocspReqSz) {
- WOLFSSL_MSG("OCSP ocsp request failed");
- }
- else {
- ret = process_http_response(sfd, ocspRespBuf, httpBuf,
- SCRATCH_BUFFER_SIZE);
- }
-
- close(sfd);
- XFREE(httpBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(domainName, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-void EmbedOcspRespFree(void* ctx, byte *resp)
-{
- (void)ctx;
-
- if (resp)
- XFREE(resp, NULL, DYNAMIC_TYPE_IN_BUFFER);
-}
-
-
-#endif
-
-#endif /* WOLFSSL_USER_IO */
-
-WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv)
-{
- ctx->CBIORecv = CBIORecv;
-}
-
-
-WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend)
-{
- ctx->CBIOSend = CBIOSend;
-}
-
-
-WOLFSSL_API void wolfSSL_SetIOReadCtx(WOLFSSL* ssl, void *rctx)
-{
- ssl->IOCB_ReadCtx = rctx;
-}
-
-
-WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *wctx)
-{
- ssl->IOCB_WriteCtx = wctx;
-}
-
-
-WOLFSSL_API void* wolfSSL_GetIOReadCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->IOCB_ReadCtx;
-
- return NULL;
-}
-
-
-WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->IOCB_WriteCtx;
-
- return NULL;
-}
-
-
-WOLFSSL_API void wolfSSL_SetIOReadFlags(WOLFSSL* ssl, int flags)
-{
- ssl->rflags = flags;
-}
-
-
-WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags)
-{
- ssl->wflags = flags;
-}
-
-
-#ifdef WOLFSSL_DTLS
-
-WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb)
-{
- ctx->CBIOCookie = cb;
-}
-
-
-WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx)
-{
- ssl->IOCB_CookieCtx = ctx;
-}
-
-
-WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->IOCB_CookieCtx;
-
- return NULL;
-}
-
-#endif /* WOLFSSL_DTLS */
-
-
-#ifdef HAVE_NETX
-
-/* The NetX receive callback
- * return : bytes read, or error
- */
-int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
-{
- NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
- ULONG left;
- ULONG total;
- ULONG copied = 0;
- UINT status;
-
- if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
- WOLFSSL_MSG("NetX Recv NULL parameters");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
-
- if (nxCtx->nxPacket == NULL) {
- status = nx_tcp_socket_receive(nxCtx->nxSocket, &nxCtx->nxPacket,
- nxCtx->nxWait);
- if (status != NX_SUCCESS) {
- WOLFSSL_MSG("NetX Recv receive error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
- }
-
- if (nxCtx->nxPacket) {
- status = nx_packet_length_get(nxCtx->nxPacket, &total);
- if (status != NX_SUCCESS) {
- WOLFSSL_MSG("NetX Recv length get error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
-
- left = total - nxCtx->nxOffset;
- status = nx_packet_data_extract_offset(nxCtx->nxPacket, nxCtx->nxOffset,
- buf, sz, &copied);
- if (status != NX_SUCCESS) {
- WOLFSSL_MSG("NetX Recv data extract offset error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
-
- nxCtx->nxOffset += copied;
-
- if (copied == left) {
- WOLFSSL_MSG("NetX Recv Drained packet");
- nx_packet_release(nxCtx->nxPacket);
- nxCtx->nxPacket = NULL;
- nxCtx->nxOffset = 0;
- }
- }
-
- return copied;
-}
-
-
-/* The NetX send callback
- * return : bytes sent, or error
- */
-int NetX_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx)
-{
- NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
- NX_PACKET* packet;
- NX_PACKET_POOL* pool; /* shorthand */
- UINT status;
-
- if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
- WOLFSSL_MSG("NetX Send NULL parameters");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
-
- pool = nxCtx->nxSocket->nx_tcp_socket_ip_ptr->nx_ip_default_packet_pool;
- status = nx_packet_allocate(pool, &packet, NX_TCP_PACKET,
- nxCtx->nxWait);
- if (status != NX_SUCCESS) {
- WOLFSSL_MSG("NetX Send packet alloc error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
-
- status = nx_packet_data_append(packet, buf, sz, pool, nxCtx->nxWait);
- if (status != NX_SUCCESS) {
- nx_packet_release(packet);
- WOLFSSL_MSG("NetX Send data append error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
-
- status = nx_tcp_socket_send(nxCtx->nxSocket, packet, nxCtx->nxWait);
- if (status != NX_SUCCESS) {
- nx_packet_release(packet);
- WOLFSSL_MSG("NetX Send socket send error");
- return WOLFSSL_CBIO_ERR_GENERAL;
- }
-
- return sz;
-}
-
-
-/* like set_fd, but for default NetX context */
-void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxSocket, ULONG waitOption)
-{
- if (ssl) {
- ssl->nxCtx.nxSocket = nxSocket;
- ssl->nxCtx.nxWait = waitOption;
- }
-}
-
-#endif /* HAVE_NETX */
-
-
--- a/src/keys.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2736 +0,0 @@
-/* keys.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* Name change compatibility layer no longer needs to be included here */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
-#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
- #ifdef FREESCALE_MQX
- #include <fio.h>
- #else
- #include <stdio.h>
- #endif
-#endif
-
-
-int SetCipherSpecs(WOLFSSL* ssl)
-{
-#ifndef NO_WOLFSSL_CLIENT
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- /* server side verified before SetCipherSpecs call */
- if (VerifyClientSuite(ssl) != 1) {
- WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite");
- return UNSUPPORTED_SUITE;
- }
- }
-#endif /* NO_WOLFSSL_CLIENT */
-
- /* Chacha extensions, 0xcc */
- if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
-
- switch (ssl->options.cipherSuite) {
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
- ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
- ssl->specs.iv_size = CHACHA20_IV_SIZE;
- ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
- ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
- ssl->specs.iv_size = CHACHA20_IV_SIZE;
- ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
- ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
- ssl->specs.iv_size = CHACHA20_IV_SIZE;
- ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
-
- break;
-#endif
- default:
- WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
- return UNSUPPORTED_SUITE;
- }
- }
-
- /* ECC extensions, or AES-CCM */
- if (ssl->options.cipherSuite0 == ECC_BYTE) {
-
- switch (ssl->options.cipherSuite) {
-
-#ifdef HAVE_ECC
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
- case TLS_ECDH_RSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
- case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- break;
-#endif
-#endif /* HAVE_ECC */
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
- case TLS_RSA_WITH_AES_128_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
- case TLS_RSA_WITH_AES_256_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
- case TLS_PSK_WITH_AES_128_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
- case TLS_PSK_WITH_AES_256_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
- case TLS_PSK_WITH_AES_128_CCM :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
- case TLS_PSK_WITH_AES_256_CCM :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
- case TLS_DHE_PSK_WITH_AES_128_CCM :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
- case TLS_DHE_PSK_WITH_AES_256_CCM :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
- default:
- WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
- return UNSUPPORTED_SUITE;
- } /* switch */
- } /* if */
- if (ssl->options.cipherSuite0 != ECC_BYTE &&
- ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
- switch (ssl->options.cipherSuite) {
-
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
- case SSL_RSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
- case TLS_NTRU_RSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ntru_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
- case SSL_RSA_WITH_RC4_128_MD5 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = md5_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = MD5_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_MD5;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
- case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
- case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ntru_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
- case TLS_RSA_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
- case TLS_RSA_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
- case TLS_RSA_WITH_NULL_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = 0;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
- case TLS_RSA_WITH_NULL_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = 0;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = 0;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
- case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ntru_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
- case TLS_RSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
- case TLS_RSA_WITH_AES_256_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
- case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ntru_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
- case TLS_PSK_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
- case TLS_PSK_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
- case TLS_PSK_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
- case TLS_PSK_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
- case TLS_PSK_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
- case TLS_PSK_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
- case TLS_PSK_WITH_NULL_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = 0;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = 0;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
- case TLS_PSK_WITH_NULL_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = 0;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = 0;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
- case TLS_PSK_WITH_NULL_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = 0;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = 0;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
- case TLS_DHE_PSK_WITH_NULL_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = 0;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = 0;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
- case TLS_DHE_PSK_WITH_NULL_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = dhe_psk_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = 0;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = 0;
-
- ssl->options.usingPSK_cipher = 1;
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
- case TLS_RSA_WITH_HC_128_MD5 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = md5_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = MD5_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_MD5;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = HC_128_KEY_SIZE;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = HC_128_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
- case TLS_RSA_WITH_HC_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = HC_128_KEY_SIZE;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = HC_128_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
- case TLS_RSA_WITH_HC_128_B2B256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = blake2b_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = BLAKE2B_256;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = HC_128_KEY_SIZE;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = HC_128_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
- case TLS_RSA_WITH_AES_128_CBC_B2B256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = blake2b_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = BLAKE2B_256;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
- case TLS_RSA_WITH_AES_256_CBC_B2B256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = blake2b_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = BLAKE2B_256;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
- case TLS_RSA_WITH_RABBIT_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = RABBIT_KEY_SIZE;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = RABBIT_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
- case TLS_RSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
- case TLS_RSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
- ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
- ssl->specs.iv_size = CAMELLIA_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
- case TLS_DH_anon_WITH_AES_128_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = diffie_hellman_kea;
- ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
-
- ssl->options.usingAnon_cipher = 1;
- break;
-#endif
-
- default:
- WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
- return UNSUPPORTED_SUITE;
- } /* switch */
- } /* if ECC / Normal suites else */
-
- /* set TLS if it hasn't been turned off */
- if (ssl->version.major == 3 && ssl->version.minor >= 1) {
-#ifndef NO_TLS
- ssl->options.tls = 1;
- ssl->hmac = TLS_hmac;
- if (ssl->version.minor >= 2)
- ssl->options.tls1_1 = 1;
-#endif
- }
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- ssl->hmac = TLS_hmac;
-#endif
-
- return 0;
-}
-
-
-enum KeyStuff {
- MASTER_ROUNDS = 3,
- PREFIX = 3, /* up to three letters for master prefix */
- KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */
-
-
-};
-
-#ifndef NO_OLD_TLS
-/* true or false, zero for error */
-static int SetPrefix(byte* sha_input, int idx)
-{
- switch (idx) {
- case 0:
- XMEMCPY(sha_input, "A", 1);
- break;
- case 1:
- XMEMCPY(sha_input, "BB", 2);
- break;
- case 2:
- XMEMCPY(sha_input, "CCC", 3);
- break;
- case 3:
- XMEMCPY(sha_input, "DDDD", 4);
- break;
- case 4:
- XMEMCPY(sha_input, "EEEEE", 5);
- break;
- case 5:
- XMEMCPY(sha_input, "FFFFFF", 6);
- break;
- case 6:
- XMEMCPY(sha_input, "GGGGGGG", 7);
- break;
- default:
- WOLFSSL_MSG("Set Prefix error, bad input");
- return 0;
- }
- return 1;
-}
-#endif
-
-
-static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
- int side, void* heap, int devId)
-{
-#ifdef BUILD_ARC4
- word32 sz = specs->key_size;
- if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
- if (enc && enc->arc4 == NULL)
- enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->arc4 == NULL)
- return MEMORY_E;
- if (dec && dec->arc4 == NULL)
- dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->arc4 == NULL)
- return MEMORY_E;
-#ifdef HAVE_CAVIUM
- if (devId != NO_CAVIUM_DEVICE) {
- if (enc) {
- if (Arc4InitCavium(enc->arc4, devId) != 0) {
- WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
- }
- if (dec) {
- if (Arc4InitCavium(dec->arc4, devId) != 0) {
- WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
- }
- }
-#endif
- if (side == WOLFSSL_CLIENT_END) {
- if (enc)
- wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
- if (dec)
- wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
- }
- else {
- if (enc)
- wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
- if (dec)
- wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
- int chachaRet;
- if (enc && enc->chacha == NULL)
- enc->chacha =
- (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->chacha == NULL)
- return MEMORY_E;
- if (dec && dec->chacha == NULL)
- dec->chacha =
- (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->chacha == NULL)
- return MEMORY_E;
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
- specs->key_size);
- XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
- if (chachaRet != 0) return chachaRet;
- }
- if (dec) {
- chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
- specs->key_size);
- XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
- if (chachaRet != 0) return chachaRet;
- }
- }
- else {
- if (enc) {
- chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
- specs->key_size);
- XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
- if (chachaRet != 0) return chachaRet;
- }
- if (dec) {
- chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
- specs->key_size);
- XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
- if (chachaRet != 0) return chachaRet;
- }
- }
-
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef HAVE_HC128
- if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
- int hcRet;
- if (enc && enc->hc128 == NULL)
- enc->hc128 =
- (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->hc128 == NULL)
- return MEMORY_E;
- if (dec && dec->hc128 == NULL)
- dec->hc128 =
- (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->hc128 == NULL)
- return MEMORY_E;
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
- keys->client_write_IV);
- if (hcRet != 0) return hcRet;
- }
- if (dec) {
- hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
- keys->server_write_IV);
- if (hcRet != 0) return hcRet;
- }
- }
- else {
- if (enc) {
- hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
- keys->server_write_IV);
- if (hcRet != 0) return hcRet;
- }
- if (dec) {
- hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
- keys->client_write_IV);
- if (hcRet != 0) return hcRet;
- }
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef BUILD_RABBIT
- if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
- int rabRet;
- if (enc && enc->rabbit == NULL)
- enc->rabbit =
- (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->rabbit == NULL)
- return MEMORY_E;
- if (dec && dec->rabbit == NULL)
- dec->rabbit =
- (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->rabbit == NULL)
- return MEMORY_E;
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
- keys->client_write_IV);
- if (rabRet != 0) return rabRet;
- }
- if (dec) {
- rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
- keys->server_write_IV);
- if (rabRet != 0) return rabRet;
- }
- }
- else {
- if (enc) {
- rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
- keys->server_write_IV);
- if (rabRet != 0) return rabRet;
- }
- if (dec) {
- rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
- keys->client_write_IV);
- if (rabRet != 0) return rabRet;
- }
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef BUILD_DES3
- if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
- int desRet = 0;
-
- if (enc && enc->des3 == NULL)
- enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->des3 == NULL)
- return MEMORY_E;
- if (dec && dec->des3 == NULL)
- dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->des3 == NULL)
- return MEMORY_E;
-#ifdef HAVE_CAVIUM
- if (devId != NO_CAVIUM_DEVICE) {
- if (enc) {
- if (Des3_InitCavium(enc->des3, devId) != 0) {
- WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
- }
- if (dec) {
- if (Des3_InitCavium(dec->des3, devId) != 0) {
- WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
- }
- }
-#endif
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
- keys->client_write_IV, DES_ENCRYPTION);
- if (desRet != 0) return desRet;
- }
- if (dec) {
- desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
- keys->server_write_IV, DES_DECRYPTION);
- if (desRet != 0) return desRet;
- }
- }
- else {
- if (enc) {
- desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
- keys->server_write_IV, DES_ENCRYPTION);
- if (desRet != 0) return desRet;
- }
- if (dec) {
- desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
- keys->client_write_IV, DES_DECRYPTION);
- if (desRet != 0) return desRet;
- }
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef BUILD_AES
- if (specs->bulk_cipher_algorithm == wolfssl_aes) {
- int aesRet = 0;
-
- if (enc && enc->aes == NULL)
- enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->aes == NULL)
- return MEMORY_E;
- if (dec && dec->aes == NULL)
- dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->aes == NULL)
- return MEMORY_E;
-#ifdef HAVE_CAVIUM
- if (devId != NO_CAVIUM_DEVICE) {
- if (enc) {
- if (wc_AesInitCavium(enc->aes, devId) != 0) {
- WOLFSSL_MSG("AesInitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
- }
- if (dec) {
- if (wc_AesInitCavium(dec->aes, devId) != 0) {
- WOLFSSL_MSG("AesInitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
- }
- }
-#endif
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
- specs->key_size, keys->client_write_IV,
- AES_ENCRYPTION);
- if (aesRet != 0) return aesRet;
- }
- if (dec) {
- aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
- specs->key_size, keys->server_write_IV,
- AES_DECRYPTION);
- if (aesRet != 0) return aesRet;
- }
- }
- else {
- if (enc) {
- aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
- specs->key_size, keys->server_write_IV,
- AES_ENCRYPTION);
- if (aesRet != 0) return aesRet;
- }
- if (dec) {
- aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
- specs->key_size, keys->client_write_IV,
- AES_DECRYPTION);
- if (aesRet != 0) return aesRet;
- }
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef BUILD_AESGCM
- if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
- int gcmRet;
-
- if (enc && enc->aes == NULL)
- enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->aes == NULL)
- return MEMORY_E;
- if (dec && dec->aes == NULL)
- dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->aes == NULL)
- return MEMORY_E;
-
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
- specs->key_size);
- if (gcmRet != 0) return gcmRet;
- XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
- }
- if (dec) {
- gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
- specs->key_size);
- if (gcmRet != 0) return gcmRet;
- XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
- }
- }
- else {
- if (enc) {
- gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
- specs->key_size);
- if (gcmRet != 0) return gcmRet;
- XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
- }
- if (dec) {
- gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
- specs->key_size);
- if (gcmRet != 0) return gcmRet;
- XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
- }
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef HAVE_AESCCM
- if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
- if (enc && enc->aes == NULL)
- enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->aes == NULL)
- return MEMORY_E;
- if (dec && dec->aes == NULL)
- dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->aes == NULL)
- return MEMORY_E;
-
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- wc_AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
- XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
- }
- if (dec) {
- wc_AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
- XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
- }
- }
- else {
- if (enc) {
- wc_AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
- XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
- }
- if (dec) {
- wc_AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
- XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
- }
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef HAVE_CAMELLIA
- if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
- int camRet;
-
- if (enc && enc->cam == NULL)
- enc->cam =
- (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->cam == NULL)
- return MEMORY_E;
-
- if (dec && dec->cam == NULL)
- dec->cam =
- (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->cam == NULL)
- return MEMORY_E;
-
- if (side == WOLFSSL_CLIENT_END) {
- if (enc) {
- camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
- specs->key_size, keys->client_write_IV);
- if (camRet != 0) return camRet;
- }
- if (dec) {
- camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
- specs->key_size, keys->server_write_IV);
- if (camRet != 0) return camRet;
- }
- }
- else {
- if (enc) {
- camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
- specs->key_size, keys->server_write_IV);
- if (camRet != 0) return camRet;
- }
- if (dec) {
- camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
- specs->key_size, keys->client_write_IV);
- if (camRet != 0) return camRet;
- }
- }
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
-#ifdef HAVE_NULL_CIPHER
- if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
- if (enc)
- enc->setup = 1;
- if (dec)
- dec->setup = 1;
- }
-#endif
-
- if (enc)
- keys->sequence_number = 0;
- if (dec)
- keys->peer_sequence_number = 0;
- (void)side;
- (void)heap;
- (void)enc;
- (void)dec;
- (void)specs;
- (void)devId;
-
- return 0;
-}
-
-
-#ifdef HAVE_ONE_TIME_AUTH
-/* set one time authentication keys */
-static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
- CipherSpecs* specs, void* heap, int devId)
-{
-
-#ifdef HAVE_POLY1305
- /* set up memory space for poly1305 */
- if (authentication && authentication->poly1305 == NULL)
- authentication->poly1305 =
- (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
- if (authentication && authentication->poly1305 == NULL)
- return MEMORY_E;
- if (authentication)
- authentication->setup = 1;
-#endif
- (void)heap;
- (void)keys;
- (void)specs;
- (void)devId;
-
- return 0;
-}
-#endif /* HAVE_ONE_TIME_AUTH */
-
-
-/* Set wc_encrypt/wc_decrypt or both sides of key setup
- * note: use wc_encrypt to avoid shadowing global encrypt
- * declared in unistd.h
- */
-int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
-{
- int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
- Ciphers* wc_encrypt = NULL;
- Ciphers* wc_decrypt = NULL;
- Keys* keys = &ssl->keys;
-
- (void)copy;
-
-#ifdef HAVE_CAVIUM
- devId = ssl->devId;
-#endif
-
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
- keys = &ssl->secure_renegotiation->tmp_keys;
- copy = 1;
- }
-#endif /* HAVE_SECURE_RENEGOTIATION */
-
- switch (side) {
- case ENCRYPT_SIDE_ONLY:
- wc_encrypt = &ssl->encrypt;
- break;
-
- case DECRYPT_SIDE_ONLY:
- wc_decrypt = &ssl->decrypt;
- break;
-
- case ENCRYPT_AND_DECRYPT_SIDE:
- wc_encrypt = &ssl->encrypt;
- wc_decrypt = &ssl->decrypt;
- break;
-
- default:
- return BAD_FUNC_ARG;
- }
-
-#ifdef HAVE_ONE_TIME_AUTH
- if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
- ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId);
- if (ret != 0)
- return ret;
- }
-#endif
-
- ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
- ssl->heap, devId);
-
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (copy) {
- int clientCopy = 0;
-
- if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
- clientCopy = 1;
- else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
- clientCopy = 1;
-
- if (clientCopy) {
- XMEMCPY(ssl->keys.client_write_MAC_secret,
- keys->client_write_MAC_secret, MAX_DIGEST_SIZE);
- XMEMCPY(ssl->keys.client_write_key,
- keys->client_write_key, AES_256_KEY_SIZE);
- XMEMCPY(ssl->keys.client_write_IV,
- keys->client_write_IV, AES_IV_SIZE);
- } else {
- XMEMCPY(ssl->keys.server_write_MAC_secret,
- keys->server_write_MAC_secret, MAX_DIGEST_SIZE);
- XMEMCPY(ssl->keys.server_write_key,
- keys->server_write_key, AES_256_KEY_SIZE);
- XMEMCPY(ssl->keys.server_write_IV,
- keys->server_write_IV, AES_IV_SIZE);
- }
- if (wc_encrypt) {
- ssl->keys.sequence_number = keys->sequence_number;
- #ifdef HAVE_AEAD
- if (ssl->specs.cipher_type == aead) {
- /* Initialize the AES-GCM/CCM explicit IV to a zero. */
- XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
- AEAD_EXP_IV_SZ);
-
- /* Initialize encrypt implicit IV by encrypt side */
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- XMEMCPY(ssl->keys.aead_enc_imp_IV,
- keys->client_write_IV, AEAD_IMP_IV_SZ);
- } else {
- XMEMCPY(ssl->keys.aead_enc_imp_IV,
- keys->server_write_IV, AEAD_IMP_IV_SZ);
- }
- }
- #endif
- }
- if (wc_decrypt) {
- ssl->keys.peer_sequence_number = keys->peer_sequence_number;
- #ifdef HAVE_AEAD
- if (ssl->specs.cipher_type == aead) {
- /* Initialize decrypt implicit IV by decrypt side */
- if (ssl->options.side == WOLFSSL_SERVER_END) {
- XMEMCPY(ssl->keys.aead_dec_imp_IV,
- keys->client_write_IV, AEAD_IMP_IV_SZ);
- } else {
- XMEMCPY(ssl->keys.aead_dec_imp_IV,
- keys->server_write_IV, AEAD_IMP_IV_SZ);
- }
- }
- #endif
- }
- ssl->secure_renegotiation->cache_status++;
- }
-#endif /* HAVE_SECURE_RENEGOTIATION */
-
- return ret;
-}
-
-
-/* TLS can call too */
-int StoreKeys(WOLFSSL* ssl, const byte* keyData)
-{
- int sz, i = 0;
- Keys* keys = &ssl->keys;
-
-#ifdef HAVE_SECURE_RENEGOTIATION
- if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
- SCR_CACHE_NEEDED) {
- keys = &ssl->secure_renegotiation->tmp_keys;
- ssl->secure_renegotiation->cache_status++;
- }
-#endif /* HAVE_SECURE_RENEGOTIATION */
-
- if (ssl->specs.cipher_type != aead) {
- sz = ssl->specs.hash_size;
- XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
- i += sz;
- XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
- i += sz;
- }
- sz = ssl->specs.key_size;
- XMEMCPY(keys->client_write_key, &keyData[i], sz);
- i += sz;
- XMEMCPY(keys->server_write_key, &keyData[i], sz);
- i += sz;
-
- sz = ssl->specs.iv_size;
- XMEMCPY(keys->client_write_IV, &keyData[i], sz);
- i += sz;
- XMEMCPY(keys->server_write_IV, &keyData[i], sz);
-
-#ifdef HAVE_AEAD
- if (ssl->specs.cipher_type == aead) {
- /* Initialize the AES-GCM/CCM explicit IV to a zero. */
- XMEMSET(keys->aead_exp_IV, 0, AEAD_EXP_IV_SZ);
- }
-#endif
-
- return 0;
-}
-
-#ifndef NO_OLD_TLS
-int DeriveKeys(WOLFSSL* ssl)
-{
- int length = 2 * ssl->specs.hash_size +
- 2 * ssl->specs.key_size +
- 2 * ssl->specs.iv_size;
- int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
- int ret = 0;
-
-#ifdef WOLFSSL_SMALL_STACK
- byte* shaOutput;
- byte* md5Input;
- byte* shaInput;
- byte* keyData;
- Md5* md5;
- Sha* sha;
-#else
- byte shaOutput[SHA_DIGEST_SIZE];
- byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
- byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
- byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE];
- Md5 md5[1];
- Sha sha[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
- keyData == NULL || md5 == NULL || sha == NULL) {
- if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- return MEMORY_E;
- }
-#endif
-
- wc_InitMd5(md5);
-
- ret = wc_InitSha(sha);
-
- if (ret == 0) {
- XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
-
- for (i = 0; i < rounds; ++i) {
- int j = i + 1;
- int idx = j;
-
- if (!SetPrefix(shaInput, i)) {
- ret = PREFIX_ERROR;
- break;
- }
-
- XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
- idx += SECRET_LEN;
- XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
- idx += RAN_LEN;
- XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
-
- wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN)
- - KEY_PREFIX + j);
- wc_ShaFinal(sha, shaOutput);
-
- XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
- wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE);
- wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
- }
-
- if (ret == 0)
- ret = StoreKeys(ssl, keyData);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-static int CleanPreMaster(WOLFSSL* ssl)
-{
- int i, ret, sz = ssl->arrays->preMasterSz;
-
- for (i = 0; i < sz; i++)
- ssl->arrays->preMasterSecret[i] = 0;
-
- ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
- if (ret != 0)
- return ret;
-
- for (i = 0; i < sz; i++)
- ssl->arrays->preMasterSecret[i] = 0;
-
- return 0;
-}
-
-
-/* Create and store the master secret see page 32, 6.1 */
-static int MakeSslMasterSecret(WOLFSSL* ssl)
-{
- int i, ret;
- word32 idx;
- word32 pmsSz = ssl->arrays->preMasterSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- byte* shaOutput;
- byte* md5Input;
- byte* shaInput;
- Md5* md5;
- Sha* sha;
-#else
- byte shaOutput[SHA_DIGEST_SIZE];
- byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
- byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
- Md5 md5[1];
- Sha sha[1];
-#endif
-
-#ifdef SHOW_SECRETS
- {
- word32 j;
- printf("pre master secret: ");
- for (j = 0; j < pmsSz; j++)
- printf("%02x", ssl->arrays->preMasterSecret[j]);
- printf("\n");
- }
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
- md5 == NULL || sha == NULL) {
- if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- return MEMORY_E;
- }
-#endif
-
- wc_InitMd5(md5);
-
- ret = wc_InitSha(sha);
-
- if (ret == 0) {
- XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
-
- for (i = 0; i < MASTER_ROUNDS; ++i) {
- byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
- if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
- ret = PREFIX_ERROR;
- break;
- }
-
- idx = 0;
- XMEMCPY(shaInput, prefix, i + 1);
- idx += i + 1;
-
- XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
- idx += pmsSz;
- XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
- idx += RAN_LEN;
- XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
- idx += RAN_LEN;
- wc_ShaUpdate(sha, shaInput, idx);
- wc_ShaFinal(sha, shaOutput);
-
- idx = pmsSz; /* preSz */
- XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
- idx += SHA_DIGEST_SIZE;
- wc_Md5Update(md5, md5Input, idx);
- wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
- }
-
-#ifdef SHOW_SECRETS
- {
- word32 j;
- printf("master secret: ");
- for (j = 0; j < SECRET_LEN; j++)
- printf("%02x", ssl->arrays->masterSecret[j]);
- printf("\n");
- }
-#endif
-
- if (ret == 0)
- ret = DeriveKeys(ssl);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (ret == 0)
- ret = CleanPreMaster(ssl);
- else
- CleanPreMaster(ssl);
-
- return ret;
-}
-#endif
-
-
-/* Master wrapper, doesn't use SSL stack space in TLS mode */
-int MakeMasterSecret(WOLFSSL* ssl)
-{
-#ifdef NO_OLD_TLS
- return MakeTlsMasterSecret(ssl);
-#elif !defined(NO_TLS)
- if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
-#endif
-
-#ifndef NO_OLD_TLS
- return MakeSslMasterSecret(ssl);
-#endif
-}
-
-
--- a/src/ocsp.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,304 +0,0 @@
-/* ocsp.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Name change compatibility layer no longer needs to be included here */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_OCSP
-
-#include <wolfssl/error-ssl.h>
-#include <wolfssl/ocsp.h>
-#include <wolfssl/internal.h>
-
-
-int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm)
-{
- WOLFSSL_ENTER("InitOCSP");
- XMEMSET(ocsp, 0, sizeof(*ocsp));
- ocsp->cm = cm;
- if (InitMutex(&ocsp->ocspLock) != 0)
- return BAD_MUTEX_E;
-
- return 0;
-}
-
-
-static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
-{
- WOLFSSL_ENTER("InitOCSP_Entry");
-
- XMEMSET(ocspe, 0, sizeof(*ocspe));
- XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
- XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
-
- return 0;
-}
-
-
-static void FreeOCSP_Entry(OCSP_Entry* ocspe)
-{
- CertStatus* tmp = ocspe->status;
-
- WOLFSSL_ENTER("FreeOCSP_Entry");
-
- while (tmp) {
- CertStatus* next = tmp->next;
- XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_STATUS);
- tmp = next;
- }
-}
-
-
-void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
-{
- OCSP_Entry* tmp = ocsp->ocspList;
-
- WOLFSSL_ENTER("FreeOCSP");
-
- while (tmp) {
- OCSP_Entry* next = tmp->next;
- FreeOCSP_Entry(tmp);
- XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
- tmp = next;
- }
-
- FreeMutex(&ocsp->ocspLock);
- if (dynamic)
- XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP);
-}
-
-
-static int xstat2err(int stat)
-{
- switch (stat) {
- case CERT_GOOD:
- return 0;
- case CERT_REVOKED:
- return OCSP_CERT_REVOKED;
- default:
- return OCSP_CERT_UNKNOWN;
- }
-}
-
-
-int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert)
-{
- byte* ocspReqBuf = NULL;
- int ocspReqSz = 2048;
- byte* ocspRespBuf = NULL;
- int result = -1;
- OCSP_Entry* ocspe;
- CertStatus* certStatus = NULL;
- const char *url;
- int urlSz;
-#ifdef WOLFSSL_SMALL_STACK
- CertStatus* newStatus;
- OcspRequest* ocspRequest;
- OcspResponse* ocspResponse;
-#else
- CertStatus newStatus[1];
- OcspRequest ocspRequest[1];
- OcspResponse ocspResponse[1];
-#endif
-
- WOLFSSL_ENTER("CheckCertOCSP");
-
- if (LockMutex(&ocsp->ocspLock) != 0) {
- WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
- return BAD_MUTEX_E;
- }
-
- ocspe = ocsp->ocspList;
- while (ocspe) {
- if (XMEMCMP(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
- && XMEMCMP(ocspe->issuerKeyHash, cert->issuerKeyHash,
- SHA_DIGEST_SIZE) == 0)
- break;
- else
- ocspe = ocspe->next;
- }
-
- if (ocspe == NULL) {
- ocspe = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
- NULL, DYNAMIC_TYPE_OCSP_ENTRY);
- if (ocspe != NULL) {
- InitOCSP_Entry(ocspe, cert);
- ocspe->next = ocsp->ocspList;
- ocsp->ocspList = ocspe;
- }
- else {
- UnLockMutex(&ocsp->ocspLock);
- WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
- return MEMORY_ERROR;
- }
- }
- else {
- certStatus = ocspe->status;
- while (certStatus) {
- if (certStatus->serialSz == cert->serialSz &&
- XMEMCMP(certStatus->serial, cert->serial, cert->serialSz) == 0)
- break;
- else
- certStatus = certStatus->next;
- }
- }
-
- if (certStatus != NULL) {
- if (!ValidateDate(certStatus->thisDate,
- certStatus->thisDateFormat, BEFORE) ||
- (certStatus->nextDate[0] == 0) ||
- !ValidateDate(certStatus->nextDate,
- certStatus->nextDateFormat, AFTER)) {
- WOLFSSL_MSG("\tinvalid status date, looking up cert");
- }
- else {
- result = xstat2err(certStatus->status);
- UnLockMutex(&ocsp->ocspLock);
- WOLFSSL_LEAVE("CheckCertOCSP", result);
- return result;
- }
- }
-
- UnLockMutex(&ocsp->ocspLock);
-
- if (ocsp->cm->ocspUseOverrideURL) {
- url = ocsp->cm->ocspOverrideURL;
- if (url != NULL && url[0] != '\0')
- urlSz = (int)XSTRLEN(url);
- else
- return OCSP_NEED_URL;
- }
- else if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) {
- url = (const char *)cert->extAuthInfo;
- urlSz = cert->extAuthInfoSz;
- }
- else {
- /* cert doesn't have extAuthInfo, assuming CERT_GOOD */
- return 0;
- }
-
- ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
- if (ocspReqBuf == NULL) {
- WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
- return MEMORY_ERROR;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
-
- if (newStatus == NULL || ocspRequest == NULL || ocspResponse == NULL) {
- if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (ocspRequest) XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
- return MEMORY_E;
- }
-#endif
-
- InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
- ocspReqBuf, ocspReqSz);
- ocspReqSz = EncodeOcspRequest(ocspRequest);
-
- if (ocsp->cm->ocspIOCb)
- result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
- ocspReqBuf, ocspReqSz, &ocspRespBuf);
-
- if (result >= 0 && ocspRespBuf) {
- XMEMSET(newStatus, 0, sizeof(CertStatus));
-
- InitOcspResponse(ocspResponse, newStatus, ocspRespBuf, result);
- OcspResponseDecode(ocspResponse);
-
- if (ocspResponse->responseStatus != OCSP_SUCCESSFUL)
- result = OCSP_LOOKUP_FAIL;
- else {
- if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
- result = xstat2err(ocspResponse->status->status);
-
- if (LockMutex(&ocsp->ocspLock) != 0)
- result = BAD_MUTEX_E;
- else {
- if (certStatus != NULL)
- /* Replace existing certificate entry with updated */
- XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
- else {
- /* Save new certificate entry */
- certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus),
- NULL, DYNAMIC_TYPE_OCSP_STATUS);
- if (certStatus != NULL) {
- XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
- certStatus->next = ocspe->status;
- ocspe->status = certStatus;
- ocspe->totalStatus++;
- }
- }
-
- UnLockMutex(&ocsp->ocspLock);
- }
- }
- else
- result = OCSP_LOOKUP_FAIL;
- }
- }
- else
- result = OCSP_LOOKUP_FAIL;
-
- XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb)
- ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
-
- WOLFSSL_LEAVE("CheckCertOCSP", result);
- return result;
-}
-
-
-#else /* HAVE_OCSP */
-
-
-#ifdef _MSC_VER
- /* 4206 warning for blank file */
- #pragma warning(disable: 4206)
-#endif
-
-
-#endif /* HAVE_OCSP */
-
-
--- a/src/sniffer.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2949 +0,0 @@
-/* sniffer.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_SNIFFER
-
-#include <assert.h>
-#include <time.h>
-
-#ifndef _WIN32
- #include <arpa/inet.h>
-#endif
-
-#ifdef _WIN32
- #define SNPRINTF _snprintf
-#else
- #define SNPRINTF snprintf
-#endif
-
-#include <wolfssl/openssl/ssl.h>
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
-#include <wolfssl/sniffer.h>
-#include <wolfssl/sniffer_error.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-static INLINE word32 min(word32 a, word32 b)
-{
- return a > b ? b : a;
-}
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-#ifndef WOLFSSL_SNIFFER_TIMEOUT
- #define WOLFSSL_SNIFFER_TIMEOUT 900
- /* Cache unclosed Sessions for 15 minutes since last used */
-#endif
-
-/* Misc constants */
-enum {
- MAX_SERVER_ADDRESS = 128, /* maximum server address length */
- MAX_SERVER_NAME = 128, /* maximum server name length */
- MAX_ERROR_LEN = 80, /* maximum error length */
- ETHER_IF_ADDR_LEN = 6, /* ethernet interface address length */
- LOCAL_IF_ADDR_LEN = 4, /* localhost interface address length, !windows */
- TCP_PROTO = 6, /* TCP_PROTOCOL */
- IP_HDR_SZ = 20, /* IP header legnth, min */
- TCP_HDR_SZ = 20, /* TCP header legnth, min */
- IPV4 = 4, /* IP version 4 */
- TCP_PROTOCOL = 6, /* TCP Protocol id */
- TRACE_MSG_SZ = 80, /* Trace Message buffer size */
- HASH_SIZE = 499, /* Session Hash Table Rows */
- PSEUDO_HDR_SZ = 12, /* TCP Pseudo Header size in bytes */
- FATAL_ERROR_STATE = 1, /* SnifferSession fatal error state */
- TICKET_HINT_LEN = 4, /* Session Ticket Hint length */
- EXT_TYPE_SZ = 2, /* Extension length */
- MAX_INPUT_SZ = MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA +
- MTU_EXTRA, /* Max input sz of reassembly */
- TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
-};
-
-
-#ifdef _WIN32
-
-static HMODULE dllModule; /* for error string resources */
-
-BOOL APIENTRY DllMain( HMODULE hModule,
- DWORD ul_reason_for_call,
- LPVOID lpReserved
- )
-{
- static int didInit = 0;
-
- switch (ul_reason_for_call)
- {
- case DLL_PROCESS_ATTACH:
- if (didInit == 0) {
- dllModule = hModule;
- ssl_InitSniffer();
- didInit = 1;
- }
- break;
- case DLL_THREAD_ATTACH:
- break;
- case DLL_THREAD_DETACH:
- break;
- case DLL_PROCESS_DETACH:
- if (didInit) {
- ssl_FreeSniffer();
- didInit = 0;
- }
- break;
- }
- return TRUE;
-}
-
-#endif /* _WIN32 */
-
-
-static int TraceOn = 0; /* Trace is off by default */
-static FILE* TraceFile = 0;
-
-
-/* windows uses .rc table for this */
-#ifndef _WIN32
-
-static const char* const msgTable[] =
-{
- /* 1 */
- "Out of Memory",
- "New SSL Sniffer Server Registered",
- "Checking IP Header",
- "SSL Sniffer Server Not Registered",
- "Checking TCP Header",
-
- /* 6 */
- "SSL Sniffer Server Port Not Registered",
- "RSA Private Decrypt Error",
- "RSA Private Decode Error",
- "Set Cipher Spec Error",
- "Server Hello Input Malformed",
-
- /* 11 */
- "Couldn't Resume Session Error",
- "Server Did Resumption",
- "Client Hello Input Malformed",
- "Client Trying to Resume",
- "Handshake Input Malformed",
-
- /* 16 */
- "Got Hello Verify msg",
- "Got Server Hello msg",
- "Got Cert Request msg",
- "Got Server Key Exchange msg",
- "Got Cert msg",
-
- /* 21 */
- "Got Server Hello Done msg",
- "Got Finished msg",
- "Got Client Hello msg",
- "Got Client Key Exchange msg",
- "Got Cert Verify msg",
-
- /* 26 */
- "Got Unknown Handshake msg",
- "New SSL Sniffer Session created",
- "Couldn't create new SSL",
- "Got a Packet to decode",
- "No data present",
-
- /* 31 */
- "Session Not Found",
- "Got an Old Client Hello msg",
- "Old Client Hello Input Malformed",
- "Old Client Hello OK",
- "Bad Old Client Hello",
-
- /* 36 */
- "Bad Record Header",
- "Record Header Input Malformed",
- "Got a HandShake msg",
- "Bad HandShake msg",
- "Got a Change Cipher Spec msg",
-
- /* 41 */
- "Got Application Data msg",
- "Bad Application Data",
- "Got an Alert msg",
- "Another msg to Process",
- "Removing Session From Table",
-
- /* 46 */
- "Bad Key File",
- "Wrong IP Version",
- "Wrong Protocol type",
- "Packet Short for header processing",
- "Got Unknown Record Type",
-
- /* 51 */
- "Can't Open Trace File",
- "Session in Fatal Error State",
- "Partial SSL record received",
- "Buffer Error, malformed input",
- "Added to Partial Input",
-
- /* 56 */
- "Received a Duplicate Packet",
- "Received an Out of Order Packet",
- "Received an Overlap Duplicate Packet",
- "Received an Overlap Reassembly Begin Duplicate Packet",
- "Received an Overlap Reassembly End Duplicate Packet",
-
- /* 61 */
- "Missed the Client Hello Entirely",
- "Got Hello Request msg",
- "Got Session Ticket msg",
- "Bad Input",
- "Bad Decrypt Type",
-
- /* 66 */
- "Bad Finished Message Processing",
- "Bad Compression Type",
- "Bad DeriveKeys Error",
- "Saw ACK for Missing Packet Error",
- "Bad Decrypt Operation",
-
- /* 71 */
- "Decrypt Keys Not Set Up",
- "Late Key Load Error",
- "Got Certificate Status msg",
- "RSA Key Missing Error"
-};
-
-
-/* *nix version uses table above */
-static void GetError(int idx, char* str)
-{
- XSTRNCPY(str, msgTable[idx - 1], MAX_ERROR_LEN);
-}
-
-
-#else /* _WIN32 */
-
-
-/* Windows version uses .rc table */
-static void GetError(int idx, char* buffer)
-{
- if (!LoadStringA(dllModule, idx, buffer, MAX_ERROR_LEN))
- buffer[0] = 0;
-}
-
-
-#endif /* _WIN32 */
-
-
-/* Packet Buffer for reassembly list and ready list */
-typedef struct PacketBuffer {
- word32 begin; /* relative sequence begin */
- word32 end; /* relative sequence end */
- byte* data; /* actual data */
- struct PacketBuffer* next; /* next on reassembly list or ready list */
-} PacketBuffer;
-
-
-#ifdef HAVE_SNI
-
-/* NamedKey maps a SNI name to a specific private key */
-typedef struct NamedKey {
- char name[MAX_SERVER_NAME]; /* server DNS name */
- word32 nameSz; /* size of server DNS name */
- byte* key; /* DER private key */
- word32 keySz; /* size of DER private key */
- struct NamedKey* next; /* for list */
-} NamedKey;
-
-#endif
-
-
-/* Sniffer Server holds info for each server/port monitored */
-typedef struct SnifferServer {
- SSL_CTX* ctx; /* SSL context */
- char address[MAX_SERVER_ADDRESS]; /* passed in server address */
- word32 server; /* netowrk order address */
- int port; /* server port */
-#ifdef HAVE_SNI
- NamedKey* namedKeys; /* mapping of names and keys */
- wolfSSL_Mutex namedKeysMutex; /* mutex for namedKey list */
-#endif
- struct SnifferServer* next; /* for list */
-} SnifferServer;
-
-
-/* Session Flags */
-typedef struct Flags {
- byte side; /* which end is current packet headed */
- byte serverCipherOn; /* indicates whether cipher is active */
- byte clientCipherOn; /* indicates whether cipher is active */
- byte resuming; /* did this session come from resumption */
- byte cached; /* have we cached this session yet */
- byte clientHello; /* processed client hello yet, for SSLv2 */
- byte finCount; /* get both FINs before removing */
- byte fatalError; /* fatal error state */
-} Flags;
-
-
-/* Out of Order FIN caputre */
-typedef struct FinCaputre {
- word32 cliFinSeq; /* client relative sequence FIN 0 is no */
- word32 srvFinSeq; /* server relative sequence FIN, 0 is no */
- byte cliCounted; /* did we count yet, detects duplicates */
- byte srvCounted; /* did we count yet, detects duplicates */
-} FinCaputre;
-
-
-/* Sniffer Session holds info for each client/server SSL/TLS session */
-typedef struct SnifferSession {
- SnifferServer* context; /* server context */
- SSL* sslServer; /* SSL server side decode */
- SSL* sslClient; /* SSL client side decode */
- word32 server; /* server address in network byte order */
- word32 client; /* client address in network byte order */
- word16 srvPort; /* server port */
- word16 cliPort; /* client port */
- word32 cliSeqStart; /* client start sequence */
- word32 srvSeqStart; /* server start sequence */
- word32 cliExpected; /* client expected sequence (relative) */
- word32 srvExpected; /* server expected sequence (relative) */
- FinCaputre finCaputre; /* retain out of order FIN s */
- Flags flags; /* session flags */
- time_t lastUsed; /* last used ticks */
- PacketBuffer* cliReassemblyList; /* client out of order packets */
- PacketBuffer* srvReassemblyList; /* server out of order packets */
- struct SnifferSession* next; /* for hash table list */
- byte* ticketID; /* mac ID of session ticket */
-} SnifferSession;
-
-
-/* Sniffer Server List and mutex */
-static SnifferServer* ServerList = 0;
-static wolfSSL_Mutex ServerListMutex;
-
-
-/* Session Hash Table, mutex, and count */
-static SnifferSession* SessionTable[HASH_SIZE];
-static wolfSSL_Mutex SessionMutex;
-static int SessionCount = 0;
-
-
-/* Initialize overall Sniffer */
-void ssl_InitSniffer(void)
-{
- wolfSSL_Init();
- InitMutex(&ServerListMutex);
- InitMutex(&SessionMutex);
-}
-
-
-#ifdef HAVE_SNI
-
-/* Free Named Key and the zero out the private key it holds */
-static void FreeNamedKey(NamedKey* in)
-{
- if (in) {
- if (in->key) {
- ForceZero(in->key, in->keySz);
- free(in->key);
- }
- free(in);
- }
-}
-
-
-static void FreeNamedKeyList(NamedKey* in)
-{
- NamedKey* next;
-
- while (in) {
- next = in->next;
- FreeNamedKey(in);
- in = next;
- }
-}
-
-#endif
-
-
-/* Free Sniffer Server's resources/self */
-static void FreeSnifferServer(SnifferServer* srv)
-{
- if (srv) {
-#ifdef HAVE_SNI
- LockMutex(&srv->namedKeysMutex);
- FreeNamedKeyList(srv->namedKeys);
- UnLockMutex(&srv->namedKeysMutex);
- FreeMutex(&srv->namedKeysMutex);
-#endif
- SSL_CTX_free(srv->ctx);
- }
- free(srv);
-}
-
-
-/* free PacketBuffer's resources/self */
-static void FreePacketBuffer(PacketBuffer* del)
-{
- if (del) {
- free(del->data);
- free(del);
- }
-}
-
-
-/* remove PacketBuffer List */
-static void FreePacketList(PacketBuffer* in)
-{
- if (in) {
- PacketBuffer* del;
- PacketBuffer* packet = in;
-
- while (packet) {
- del = packet;
- packet = packet->next;
- FreePacketBuffer(del);
- }
- }
-}
-
-
-/* Free Sniffer Session's resources/self */
-static void FreeSnifferSession(SnifferSession* session)
-{
- if (session) {
- SSL_free(session->sslClient);
- SSL_free(session->sslServer);
-
- FreePacketList(session->cliReassemblyList);
- FreePacketList(session->srvReassemblyList);
-
- free(session->ticketID);
- }
- free(session);
-}
-
-
-/* Free overall Sniffer */
-void ssl_FreeSniffer(void)
-{
- SnifferServer* srv;
- SnifferServer* removeServer;
- SnifferSession* session;
- SnifferSession* removeSession;
- int i;
-
- LockMutex(&ServerListMutex);
- LockMutex(&SessionMutex);
-
- srv = ServerList;
- while (srv) {
- removeServer = srv;
- srv = srv->next;
- FreeSnifferServer(removeServer);
- }
-
- for (i = 0; i < HASH_SIZE; i++) {
- session = SessionTable[i];
- while (session) {
- removeSession = session;
- session = session->next;
- FreeSnifferSession(removeSession);
- }
- }
-
- UnLockMutex(&SessionMutex);
- UnLockMutex(&ServerListMutex);
-
- FreeMutex(&SessionMutex);
- FreeMutex(&ServerListMutex);
-
- if (TraceFile) {
- TraceOn = 0;
- fclose(TraceFile);
- TraceFile = NULL;
- }
-
- wolfSSL_Cleanup();
-}
-
-
-/* Initialize a SnifferServer */
-static void InitSnifferServer(SnifferServer* sniffer)
-{
- sniffer->ctx = 0;
- XMEMSET(sniffer->address, 0, MAX_SERVER_ADDRESS);
- sniffer->server = 0;
- sniffer->port = 0;
-#ifdef HAVE_SNI
- sniffer->namedKeys = 0;
- InitMutex(&sniffer->namedKeysMutex);
-#endif
- sniffer->next = 0;
-}
-
-
-/* Initialize session flags */
-static void InitFlags(Flags* flags)
-{
- flags->side = 0;
- flags->serverCipherOn = 0;
- flags->clientCipherOn = 0;
- flags->resuming = 0;
- flags->cached = 0;
- flags->clientHello = 0;
- flags->finCount = 0;
- flags->fatalError = 0;
-}
-
-
-/* Initialize FIN Capture */
-static void InitFinCapture(FinCaputre* cap)
-{
- cap->cliFinSeq = 0;
- cap->srvFinSeq = 0;
- cap->cliCounted = 0;
- cap->srvCounted = 0;
-}
-
-
-/* Initialize a Sniffer Session */
-static void InitSession(SnifferSession* session)
-{
- session->context = 0;
- session->sslServer = 0;
- session->sslClient = 0;
- session->server = 0;
- session->client = 0;
- session->srvPort = 0;
- session->cliPort = 0;
- session->cliSeqStart = 0;
- session->srvSeqStart = 0;
- session->cliExpected = 0;
- session->srvExpected = 0;
- session->lastUsed = 0;
- session->cliReassemblyList = 0;
- session->srvReassemblyList = 0;
- session->next = 0;
- session->ticketID = 0;
-
- InitFlags(&session->flags);
- InitFinCapture(&session->finCaputre);
-}
-
-
-/* IP Info from IP Header */
-typedef struct IpInfo {
- int length; /* length of this header */
- int total; /* total length of fragment */
- word32 src; /* network order source address */
- word32 dst; /* network order destination address */
-} IpInfo;
-
-
-/* TCP Info from TCP Header */
-typedef struct TcpInfo {
- int srcPort; /* source port */
- int dstPort; /* source port */
- int length; /* length of this header */
- word32 sequence; /* sequence number */
- word32 ackNumber; /* ack number */
- byte fin; /* FIN set */
- byte rst; /* RST set */
- byte syn; /* SYN set */
- byte ack; /* ACK set */
-} TcpInfo;
-
-
-/* Tcp Pseudo Header for Checksum calculation */
-typedef struct TcpPseudoHdr {
- word32 src; /* source address */
- word32 dst; /* destination address */
- byte rsv; /* reserved, always 0 */
- byte protocol; /* IP protocol */
- word16 legnth; /* tcp header length + data length (doesn't include */
- /* pseudo header length) network order */
-} TcpPseudoHdr;
-
-
-/* Password Setting Callback */
-static int SetPassword(char* passwd, int sz, int rw, void* userdata)
-{
- (void)rw;
- XSTRNCPY(passwd, (const char*)userdata, sz);
- return (int)XSTRLEN((const char*)userdata);
-}
-
-
-/* Ethernet Header */
-typedef struct EthernetHdr {
- byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */
- byte src[ETHER_IF_ADDR_LEN]; /* source host address */
- word16 type; /* IP, ARP, etc */
-} EthernetHdr;
-
-
-/* IP Header */
-typedef struct IpHdr {
- byte ver_hl; /* version/header length */
- byte tos; /* type of service */
- word16 length; /* total length */
- word16 id; /* identification */
- word16 offset; /* fragment offset field */
- byte ttl; /* time to live */
- byte protocol; /* protocol */
- word16 sum; /* checksum */
- word32 src; /* source address */
- word32 dst; /* destination address */
-} IpHdr;
-
-
-#define IP_HL(ip) ( (((ip)->ver_hl) & 0x0f) * 4)
-#define IP_V(ip) ( ((ip)->ver_hl) >> 4)
-
-/* TCP Header */
-typedef struct TcpHdr {
- word16 srcPort; /* source port */
- word16 dstPort; /* destination port */
- word32 sequence; /* sequence number */
- word32 ack; /* acknoledgment number */
- byte offset; /* data offset, reserved */
- byte flags; /* option flags */
- word16 window; /* window */
- word16 sum; /* checksum */
- word16 urgent; /* urgent pointer */
-} TcpHdr;
-
-#define TCP_LEN(tcp) ( (((tcp)->offset & 0xf0) >> 4) * 4)
-#define TCP_FIN 0x01
-#define TCP_SYN 0x02
-#define TCP_RST 0x04
-#define TCP_ACK 0x10
-
-
-
-
-
-/* Use platform specific GetError to write to tracfile if tracing */
-static void Trace(int idx)
-{
- if (TraceOn) {
- char myBuffer[MAX_ERROR_LEN];
- GetError(idx, myBuffer);
- fprintf(TraceFile, "\t%s\n", myBuffer);
-#ifdef DEBUG_SNIFFER
- fprintf(stderr, "\t%s\n", myBuffer);
-#endif
- }
-}
-
-
-/* Show TimeStamp for beginning of packet Trace */
-static void TraceHeader(void)
-{
- if (TraceOn) {
- time_t ticks = time(NULL);
- fprintf(TraceFile, "\n%s", ctime(&ticks));
- }
-}
-
-
-/* Show Set Server info for Trace */
-static void TraceSetServer(const char* srv, int port, const char* keyFile)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n");
- fprintf(TraceFile, "\tserver: %s, port: %d, keyFile: %s\n", srv, port,
- keyFile);
- }
-}
-
-
-#ifdef HAVE_SNI
-
-/* Show Set Named Server info for Trace */
-static void TraceSetNamedServer(const char* name,
- const char* srv, int port, const char* keyFile)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n");
- fprintf(TraceFile, "\tname: %s, server: %s, port: %d, keyFile: %s\n",
- name, srv, port, keyFile);
- }
-}
-
-#endif
-
-
-/* Trace got packet number */
-static void TracePacket(void)
-{
- if (TraceOn) {
- static word32 packetNumber = 0;
- fprintf(TraceFile, "\tGot a Packet to decode, packet %u\n",
- ++packetNumber);
- }
-}
-
-
-/* Convert network byte order address into human readable */
-static char* IpToS(word32 addr, char* str)
-{
- byte* p = (byte*)&addr;
-
- SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
-
- return str;
-}
-
-
-/* Show destination and source address from Ip Hdr for packet Trace */
-static void TraceIP(IpHdr* iphdr)
-{
- if (TraceOn) {
- char src[TRACE_MSG_SZ];
- char dst[TRACE_MSG_SZ];
- fprintf(TraceFile, "\tdst:%s src:%s\n", IpToS(iphdr->dst, dst),
- IpToS(iphdr->src, src));
- }
-}
-
-
-/* Show destination and source port from Tcp Hdr for packet Trace */
-static void TraceTcp(TcpHdr* tcphdr)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tdstPort:%u srcPort:%u\n", ntohs(tcphdr->dstPort),
- ntohs(tcphdr->srcPort));
- }
-}
-
-
-/* Show sequence and payload length for Trace */
-static void TraceSequence(word32 seq, int len)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tSequence:%u, payload length:%d\n", seq, len);
- }
-}
-
-
-/* Show sequence and payload length for Trace */
-static void TraceAck(word32 ack, word32 expected)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tAck:%u Expected:%u\n", ack, expected);
- }
-}
-
-
-/* Show relative expected and relative received sequences */
-static void TraceRelativeSequence(word32 expected, word32 got)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tExpected sequence:%u, received sequence:%u\n",
- expected, got);
- }
-}
-
-
-/* Show server sequence startup from SYN */
-static void TraceServerSyn(word32 seq)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tServer SYN, Sequence Start:%u\n", seq);
- }
-}
-
-
-/* Show client sequence startup from SYN */
-static void TraceClientSyn(word32 seq)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tClient SYN, Sequence Start:%u\n", seq);
- }
-}
-
-
-/* Show client FIN capture */
-static void TraceClientFin(word32 finSeq, word32 relSeq)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tClient FIN capture:%u, current SEQ:%u\n",
- finSeq, relSeq);
- }
-}
-
-
-/* Show server FIN capture */
-static void TraceServerFin(word32 finSeq, word32 relSeq)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tServer FIN capture:%u, current SEQ:%u\n",
- finSeq, relSeq);
- }
-}
-
-
-/* Show number of SSL data bytes decoded, could be 0 (ok) */
-static void TraceGotData(int bytes)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\t%d bytes of SSL App data processed\n", bytes);
- }
-}
-
-
-/* Show bytes added to old SSL App data */
-static void TraceAddedData(int newBytes, int existingBytes)
-{
- if (TraceOn) {
- fprintf(TraceFile,
- "\t%d bytes added to %d exisiting bytes in User Buffer\n",
- newBytes, existingBytes);
- }
-}
-
-
-/* Show Stale Session */
-static void TraceStaleSession(void)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tFound a stale session\n");
- }
-}
-
-
-/* Show Finding Stale Sessions */
-static void TraceFindingStale(void)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tTrying to find Stale Sessions\n");
- }
-}
-
-
-/* Show Removed Session */
-static void TraceRemovedSession(void)
-{
- if (TraceOn) {
- fprintf(TraceFile, "\tRemoved it\n");
- }
-}
-
-
-/* Set user error string */
-static void SetError(int idx, char* error, SnifferSession* session, int fatal)
-{
- GetError(idx, error);
- Trace(idx);
- if (session && fatal == FATAL_ERROR_STATE)
- session->flags.fatalError = 1;
-}
-
-
-/* See if this IPV4 network order address has been registered */
-/* return 1 is true, 0 is false */
-static int IsServerRegistered(word32 addr)
-{
- int ret = 0; /* false */
- SnifferServer* sniffer;
-
- LockMutex(&ServerListMutex);
-
- sniffer = ServerList;
- while (sniffer) {
- if (sniffer->server == addr) {
- ret = 1;
- break;
- }
- sniffer = sniffer->next;
- }
-
- UnLockMutex(&ServerListMutex);
-
- return ret;
-}
-
-
-/* See if this port has been registered to watch */
-/* return 1 is true, 0 is false */
-static int IsPortRegistered(word32 port)
-{
- int ret = 0; /* false */
- SnifferServer* sniffer;
-
- LockMutex(&ServerListMutex);
-
- sniffer = ServerList;
- while (sniffer) {
- if (sniffer->port == (int)port) {
- ret = 1;
- break;
- }
- sniffer = sniffer->next;
- }
-
- UnLockMutex(&ServerListMutex);
-
- return ret;
-}
-
-
-/* Get SnifferServer from IP and Port */
-static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
-{
- SnifferServer* sniffer;
-
- LockMutex(&ServerListMutex);
-
- sniffer = ServerList;
- while (sniffer) {
- if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src)
- break;
- if (sniffer->port == tcpInfo->dstPort && sniffer->server == ipInfo->dst)
- break;
- sniffer = sniffer->next;
- }
-
- UnLockMutex(&ServerListMutex);
-
- return sniffer;
-}
-
-
-/* Hash the Session Info, return hash row */
-static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
-{
- word32 hash = ipInfo->src * ipInfo->dst;
- hash *= tcpInfo->srcPort * tcpInfo->dstPort;
-
- return hash % HASH_SIZE;
-}
-
-
-/* Get Exisiting SnifferSession from IP and Port */
-static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
-{
- SnifferSession* session;
- time_t currTime = time(NULL);
- word32 row = SessionHash(ipInfo, tcpInfo);
-
- assert(row <= HASH_SIZE);
-
- LockMutex(&SessionMutex);
-
- session = SessionTable[row];
- while (session) {
- if (session->server == ipInfo->src && session->client == ipInfo->dst &&
- session->srvPort == tcpInfo->srcPort &&
- session->cliPort == tcpInfo->dstPort)
- break;
- if (session->client == ipInfo->src && session->server == ipInfo->dst &&
- session->cliPort == tcpInfo->srcPort &&
- session->srvPort == tcpInfo->dstPort)
- break;
-
- session = session->next;
- }
-
- if (session)
- session->lastUsed= currTime; /* keep session alive, remove stale will */
- /* leave alone */
- UnLockMutex(&SessionMutex);
-
- /* determine side */
- if (session) {
- if (ipInfo->dst == session->context->server &&
- tcpInfo->dstPort == session->context->port)
- session->flags.side = WOLFSSL_SERVER_END;
- else
- session->flags.side = WOLFSSL_CLIENT_END;
- }
-
- return session;
-}
-
-
-#ifdef HAVE_SNI
-
-static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
- const char* keyFile, int typeKey,
- const char* password)
-{
- byte* loadBuf;
- byte* saveBuf;
- long fileSz = 0;
- int saveBufSz;
- XFILE file;
- int ret;
-
- if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) {
- return -1;
- }
-
- file = XFOPEN(keyFile, "rb");
- if (file == XBADFILE) return -1;
- XFSEEK(file, 0, XSEEK_END);
- fileSz = XFTELL(file);
- XREWIND(file);
-
- loadBuf = (byte*)malloc(fileSz);
- if (loadBuf == NULL) {
- XFCLOSE(file);
- return -1;
- }
-
- ret = (int)XFREAD(loadBuf, fileSz, 1, file);
- XFCLOSE(file);
-
- if (typeKey == SSL_FILETYPE_PEM) {
- saveBuf = (byte*)malloc(fileSz);
-
- saveBufSz = wolfSSL_KeyPemToDer(loadBuf, (int)fileSz,
- saveBuf, (int)fileSz, password);
- free(loadBuf);
-
- *keyBuf = saveBuf;
- *keyBufSz = (word32)saveBufSz;
- }
- else {
- *keyBuf = loadBuf;
- *keyBufSz = (word32)fileSz;
- }
-
-
- if (ret < 0) {
- return -1;
- }
-
- return ret;
-}
-
-#endif
-
-
-static int SetNamedPrivateKey(const char* name, const char* address, int port,
- const char* keyFile, int typeKey, const char* password, char* error)
-{
- SnifferServer* sniffer;
- int ret;
- int type = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM :
- SSL_FILETYPE_ASN1;
- int isNew = 0;
- word32 serverIp;
-
-#ifdef HAVE_SNI
- NamedKey* namedKey = NULL;
-#endif
-
- (void)name;
-#ifdef HAVE_SNI
- if (name != NULL) {
- namedKey = (NamedKey*)malloc(sizeof(NamedKey));
- if (namedKey == NULL) {
- SetError(MEMORY_STR, error, NULL, 0);
- return -1;
- }
- XMEMSET(namedKey, 0, sizeof(NamedKey));
-
- namedKey->nameSz = (word32)XSTRLEN(name);
- XSTRNCPY(namedKey->name, name, sizeof(namedKey->name));
- if (namedKey->nameSz >= sizeof(namedKey->name)) {
- namedKey->nameSz = sizeof(namedKey->name) - 1;
- namedKey->name[namedKey->nameSz] = '\0';
- }
-
- ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
- keyFile, type, password);
- if (ret < 0) {
- SetError(KEY_FILE_STR, error, NULL, 0);
- FreeNamedKey(namedKey);
- return -1;
- }
- }
-#endif
-
- serverIp = inet_addr(address);
- sniffer = ServerList;
- while (sniffer != NULL &&
- (sniffer->server != serverIp || sniffer->port != port)) {
- sniffer = sniffer->next;
- }
-
- if (sniffer == NULL) {
- isNew = 1;
- sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
- if (sniffer == NULL) {
- SetError(MEMORY_STR, error, NULL, 0);
-#ifdef HAVE_SNI
- FreeNamedKey(namedKey);
-#endif
- return -1;
- }
- InitSnifferServer(sniffer);
-
- XSTRNCPY(sniffer->address, address, MAX_SERVER_ADDRESS-1);
- sniffer->address[MAX_SERVER_ADDRESS-1] = '\0';
- sniffer->server = serverIp;
- sniffer->port = port;
-
- sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
- if (!sniffer->ctx) {
- SetError(MEMORY_STR, error, NULL, 0);
-#ifdef HAVE_SNI
- FreeNamedKey(namedKey);
-#endif
- FreeSnifferServer(sniffer);
- return -1;
- }
- }
-
- if (name == NULL) {
- if (password) {
- SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
- SSL_CTX_set_default_passwd_cb_userdata(
- sniffer->ctx, (void*)password);
- }
- ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
- if (ret != SSL_SUCCESS) {
- SetError(KEY_FILE_STR, error, NULL, 0);
- if (isNew)
- FreeSnifferServer(sniffer);
- return -1;
- }
- }
-#ifdef HAVE_SNI
- else {
- LockMutex(&sniffer->namedKeysMutex);
- namedKey->next = sniffer->namedKeys;
- sniffer->namedKeys = namedKey;
- UnLockMutex(&sniffer->namedKeysMutex);
- }
-#endif
-
- if (isNew) {
- sniffer->next = ServerList;
- ServerList = sniffer;
- }
-
- return 0;
-}
-
-
-#ifdef HAVE_SNI
-
-/* Sets the private key for a specific name, server and port */
-/* returns 0 on success, -1 on error */
-int ssl_SetNamedPrivateKey(const char* name,
- const char* address, int port,
- const char* keyFile, int typeKey,
- const char* password, char* error)
-{
- int ret;
-
- TraceHeader();
- TraceSetNamedServer(name, address, port, keyFile);
-
- LockMutex(&ServerListMutex);
- ret = SetNamedPrivateKey(name, address, port, keyFile,
- typeKey, password, error);
- UnLockMutex(&ServerListMutex);
-
- if (ret == 0)
- Trace(NEW_SERVER_STR);
-
- return ret;
-}
-
-#endif
-
-
-/* Sets the private key for a specific server and port */
-/* returns 0 on success, -1 on error */
-int ssl_SetPrivateKey(const char* address, int port, const char* keyFile,
- int typeKey, const char* password, char* error)
-{
- int ret;
-
- TraceHeader();
- TraceSetServer(address, port, keyFile);
-
- LockMutex(&ServerListMutex);
- ret = SetNamedPrivateKey(NULL, address, port, keyFile,
- typeKey, password, error);
- UnLockMutex(&ServerListMutex);
-
- if (ret == 0)
- Trace(NEW_SERVER_STR);
-
- return ret;
-}
-
-
-/* Check IP Header for IPV4, TCP, and a registered server address */
-/* returns 0 on success, -1 on error */
-static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
-{
- int version = IP_V(iphdr);
-
- TraceIP(iphdr);
- Trace(IP_CHECK_STR);
-
- if (version != IPV4) {
- SetError(BAD_IPVER_STR, error, NULL, 0);
- return -1;
- }
-
- if (iphdr->protocol != TCP_PROTOCOL) {
- SetError(BAD_PROTO_STR, error, NULL, 0);
- return -1;
- }
-
- if (!IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) {
- SetError(SERVER_NOT_REG_STR, error, NULL, 0);
- return -1;
- }
-
- info->length = IP_HL(iphdr);
- info->total = ntohs(iphdr->length);
- info->src = iphdr->src;
- info->dst = iphdr->dst;
-
- if (info->total == 0)
- info->total = length; /* reassembled may be off */
-
- return 0;
-}
-
-
-/* Check TCP Header for a registered port */
-/* returns 0 on success, -1 on error */
-static int CheckTcpHdr(TcpHdr* tcphdr, TcpInfo* info, char* error)
-{
- TraceTcp(tcphdr);
- Trace(TCP_CHECK_STR);
- info->srcPort = ntohs(tcphdr->srcPort);
- info->dstPort = ntohs(tcphdr->dstPort);
- info->length = TCP_LEN(tcphdr);
- info->sequence = ntohl(tcphdr->sequence);
- info->fin = tcphdr->flags & TCP_FIN;
- info->rst = tcphdr->flags & TCP_RST;
- info->syn = tcphdr->flags & TCP_SYN;
- info->ack = tcphdr->flags & TCP_ACK;
- if (info->ack)
- info->ackNumber = ntohl(tcphdr->ack);
-
- if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) {
- SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
- return -1;
- }
-
- return 0;
-}
-
-
-/* Decode Record Layer Header */
-static int GetRecordHeader(const byte* input, RecordLayerHeader* rh, int* size)
-{
- XMEMCPY(rh, input, RECORD_HEADER_SZ);
- *size = (rh->length[0] << 8) | rh->length[1];
-
- if (*size > (MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA))
- return LENGTH_ERROR;
-
- return 0;
-}
-
-
-/* Process Client Key Exchange, RSA only */
-static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
- SnifferSession* session, char* error)
-{
- word32 idx = 0;
- RsaKey key;
- int ret;
-
- if (session->sslServer->buffers.key.buffer == NULL ||
- session->sslServer->buffers.key.length == 0) {
-
- SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- ret = wc_InitRsaKey(&key, 0);
- if (ret == 0)
- ret = wc_RsaPrivateKeyDecode(session->sslServer->buffers.key.buffer,
- &idx, &key, session->sslServer->buffers.key.length);
- if (ret == 0) {
- int length = wc_RsaEncryptSize(&key);
-
- if (IsTLS(session->sslServer))
- input += 2; /* tls pre length */
-
- if (length > *sslBytes) {
- SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE);
- wc_FreeRsaKey(&key);
- return -1;
- }
- ret = wc_RsaPrivateDecrypt(input, length,
- session->sslServer->arrays->preMasterSecret,SECRET_LEN, &key);
-
- if (ret != SECRET_LEN) {
- SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE);
- wc_FreeRsaKey(&key);
- return -1;
- }
- ret = 0; /* not in error state */
- session->sslServer->arrays->preMasterSz = SECRET_LEN;
-
- /* store for client side as well */
- XMEMCPY(session->sslClient->arrays->preMasterSecret,
- session->sslServer->arrays->preMasterSecret, SECRET_LEN);
- session->sslClient->arrays->preMasterSz = SECRET_LEN;
-
- #ifdef SHOW_SECRETS
- {
- int i;
- printf("pre master secret: ");
- for (i = 0; i < SECRET_LEN; i++)
- printf("%02x", session->sslServer->arrays->preMasterSecret[i]);
- printf("\n");
- }
- #endif
- }
- else {
- SetError(RSA_DECODE_STR, error, session, FATAL_ERROR_STATE);
- wc_FreeRsaKey(&key);
- return -1;
- }
-
- if (SetCipherSpecs(session->sslServer) != 0) {
- SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
- wc_FreeRsaKey(&key);
- return -1;
- }
-
- if (SetCipherSpecs(session->sslClient) != 0) {
- SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
- wc_FreeRsaKey(&key);
- return -1;
- }
-
- ret = MakeMasterSecret(session->sslServer);
- ret += MakeMasterSecret(session->sslClient);
- ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
- ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
-
- if (ret != 0) {
- SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
-#ifdef SHOW_SECRETS
- {
- int i;
- printf("server master secret: ");
- for (i = 0; i < SECRET_LEN; i++)
- printf("%02x", session->sslServer->arrays->masterSecret[i]);
- printf("\n");
-
- printf("client master secret: ");
- for (i = 0; i < SECRET_LEN; i++)
- printf("%02x", session->sslClient->arrays->masterSecret[i]);
- printf("\n");
-
- printf("server suite = %d\n", session->sslServer->options.cipherSuite);
- printf("client suite = %d\n", session->sslClient->options.cipherSuite);
- }
-#endif
-
- wc_FreeRsaKey(&key);
- return ret;
-}
-
-
-/* Process Session Ticket */
-static int ProcessSessionTicket(const byte* input, int* sslBytes,
- SnifferSession* session, char* error)
-{
- word16 len;
-
- /* make sure can read through hint and len */
- if (TICKET_HINT_LEN + LENGTH_SZ > *sslBytes) {
- SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- input += TICKET_HINT_LEN; /* skip over hint */
- *sslBytes -= TICKET_HINT_LEN;
-
- len = (word16)((input[0] << 8) | input[1]);
- input += LENGTH_SZ;
- *sslBytes -= LENGTH_SZ;
-
- /* make sure can read through ticket */
- if (len > *sslBytes || len < ID_LEN) {
- SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- /* store session with macID as sessionID */
- session->sslServer->options.haveSessionId = 1;
- XMEMCPY(session->sslServer->arrays->sessionID, input + len - ID_LEN,ID_LEN);
-
- return 0;
-}
-
-
-/* Process Server Hello */
-static int ProcessServerHello(const byte* input, int* sslBytes,
- SnifferSession* session, char* error)
-{
- ProtocolVersion pv;
- byte b;
- int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
- int doResume = 0;
-
- /* make sure we didn't miss ClientHello */
- if (session->flags.clientHello == 0) {
- SetError(MISSED_CLIENT_HELLO_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- /* make sure can read through session len */
- if (toRead > *sslBytes) {
- SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- XMEMCPY(&pv, input, VERSION_SZ);
- input += VERSION_SZ;
- *sslBytes -= VERSION_SZ;
-
- session->sslServer->version = pv;
- session->sslClient->version = pv;
-
- XMEMCPY(session->sslServer->arrays->serverRandom, input, RAN_LEN);
- XMEMCPY(session->sslClient->arrays->serverRandom, input, RAN_LEN);
- input += RAN_LEN;
- *sslBytes -= RAN_LEN;
-
- b = *input++;
- *sslBytes -= 1;
-
- /* make sure can read through compression */
- if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) {
- SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- if (b) {
- XMEMCPY(session->sslServer->arrays->sessionID, input, ID_LEN);
- session->sslServer->options.haveSessionId = 1;
- }
- input += b;
- *sslBytes -= b;
-
- /* cipher suite */
- b = *input++; /* first byte, ECC or not */
- session->sslServer->options.cipherSuite0 = b;
- session->sslClient->options.cipherSuite0 = b;
- b = *input++;
- session->sslServer->options.cipherSuite = b;
- session->sslClient->options.cipherSuite = b;
- *sslBytes -= SUITE_LEN;
-
- /* compression */
- b = *input++;
- *sslBytes -= ENUM_LEN;
-
- if (b) {
- SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- if (session->sslServer->options.haveSessionId &&
- XMEMCMP(session->sslServer->arrays->sessionID,
- session->sslClient->arrays->sessionID, ID_LEN) == 0)
- doResume = 1;
- else if (session->sslClient->options.haveSessionId == 0 &&
- session->sslServer->options.haveSessionId == 0 &&
- session->ticketID)
- doResume = 1;
-
- if (session->ticketID && doResume) {
- /* use ticketID to retrieve from session, prefer over sessionID */
- XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
- session->sslServer->options.haveSessionId = 1; /* may not have
- actual sessionID */
- }
-
- if (doResume ) {
- int ret = 0;
- SSL_SESSION* resume = GetSession(session->sslServer,
- session->sslServer->arrays->masterSecret);
- if (resume == NULL) {
- SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- /* make sure client has master secret too */
- XMEMCPY(session->sslClient->arrays->masterSecret,
- session->sslServer->arrays->masterSecret, SECRET_LEN);
- session->flags.resuming = 1;
-
- Trace(SERVER_DID_RESUMPTION_STR);
- if (SetCipherSpecs(session->sslServer) != 0) {
- SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- if (SetCipherSpecs(session->sslClient) != 0) {
- SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- if (session->sslServer->options.tls) {
- ret = DeriveTlsKeys(session->sslServer);
- ret += DeriveTlsKeys(session->sslClient);
- }
- else {
- ret = DeriveKeys(session->sslServer);
- ret += DeriveKeys(session->sslClient);
- }
- ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
- ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
-
- if (ret != 0) {
- SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- }
-#ifdef SHOW_SECRETS
- {
- int i;
- printf("cipher suite = 0x%02x\n",
- session->sslServer->options.cipherSuite);
- printf("server random: ");
- for (i = 0; i < RAN_LEN; i++)
- printf("%02x", session->sslServer->arrays->serverRandom[i]);
- printf("\n");
- }
-#endif
- return 0;
-}
-
-
-/* Process normal Client Hello */
-static int ProcessClientHello(const byte* input, int* sslBytes,
- SnifferSession* session, char* error)
-{
- byte bLen;
- word16 len;
- int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
-
-#ifdef HAVE_SNI
- {
- byte name[MAX_SERVER_NAME];
- word32 nameSz = sizeof(name);
- int ret;
-
- ret = wolfSSL_SNI_GetFromBuffer(
- input - HANDSHAKE_HEADER_SZ - RECORD_HEADER_SZ,
- *sslBytes + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ,
- WOLFSSL_SNI_HOST_NAME, name, &nameSz);
-
- if (ret == SSL_SUCCESS) {
- NamedKey* namedKey;
-
- if (nameSz >= sizeof(name))
- nameSz = sizeof(name) - 1;
- name[nameSz] = 0;
- LockMutex(&session->context->namedKeysMutex);
- namedKey = session->context->namedKeys;
- while (namedKey != NULL) {
- if (nameSz == namedKey->nameSz &&
- XSTRNCMP((char*)name, namedKey->name, nameSz) == 0) {
- if (wolfSSL_use_PrivateKey_buffer(session->sslServer,
- namedKey->key, namedKey->keySz,
- SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
- UnLockMutex(&session->context->namedKeysMutex);
- SetError(CLIENT_HELLO_LATE_KEY_STR, error, session,
- FATAL_ERROR_STATE);
- return -1;
- }
- break;
- }
- else
- namedKey = namedKey->next;
- }
- UnLockMutex(&session->context->namedKeysMutex);
- }
- }
-#endif
-
- session->flags.clientHello = 1; /* don't process again */
-
- /* make sure can read up to session len */
- if (toRead > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- /* skip, get negotiated one from server hello */
- input += VERSION_SZ;
- *sslBytes -= VERSION_SZ;
-
- XMEMCPY(session->sslServer->arrays->clientRandom, input, RAN_LEN);
- XMEMCPY(session->sslClient->arrays->clientRandom, input, RAN_LEN);
-
- input += RAN_LEN;
- *sslBytes -= RAN_LEN;
-
- /* store session in case trying to resume */
- bLen = *input++;
- *sslBytes -= ENUM_LEN;
- if (bLen) {
- if (ID_LEN > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- Trace(CLIENT_RESUME_TRY_STR);
- XMEMCPY(session->sslClient->arrays->sessionID, input, ID_LEN);
- session->sslClient->options.haveSessionId = 1;
- }
-#ifdef SHOW_SECRETS
- {
- int i;
- printf("client random: ");
- for (i = 0; i < RAN_LEN; i++)
- printf("%02x", session->sslServer->arrays->clientRandom[i]);
- printf("\n");
- }
-#endif
-
- input += bLen;
- *sslBytes -= bLen;
-
- /* skip cipher suites */
- /* make sure can read len */
- if (SUITE_LEN > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- len = (word16)((input[0] << 8) | input[1]);
- input += SUITE_LEN;
- *sslBytes -= SUITE_LEN;
- /* make sure can read suites + comp len */
- if (len + ENUM_LEN > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- input += len;
- *sslBytes -= len;
-
- /* skip compression */
- bLen = *input++;
- *sslBytes -= ENUM_LEN;
- /* make sure can read len */
- if (bLen > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- input += bLen;
- *sslBytes -= bLen;
-
- if (*sslBytes == 0) {
- /* no extensions */
- return 0;
- }
-
- /* skip extensions until session ticket */
- /* make sure can read len */
- if (SUITE_LEN > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- len = (word16)((input[0] << 8) | input[1]);
- input += SUITE_LEN;
- *sslBytes -= SUITE_LEN;
- /* make sure can read through all extensions */
- if (len > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- while (len > EXT_TYPE_SZ + LENGTH_SZ) {
- byte extType[EXT_TYPE_SZ];
- word16 extLen;
-
- extType[0] = input[0];
- extType[1] = input[1];
- input += EXT_TYPE_SZ;
- *sslBytes -= EXT_TYPE_SZ;
-
- extLen = (word16)((input[0] << 8) | input[1]);
- input += LENGTH_SZ;
- *sslBytes -= LENGTH_SZ;
-
- /* make sure can read through individual extension */
- if (extLen > *sslBytes) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- if (extType[0] == 0x00 && extType[1] == TICKET_EXT_ID) {
-
- /* make sure can read through ticket if there is a non blank one */
- if (extLen && extLen < ID_LEN) {
- SetError(CLIENT_HELLO_INPUT_STR, error, session,
- FATAL_ERROR_STATE);
- return -1;
- }
-
- if (extLen) {
- if (session->ticketID == 0) {
- session->ticketID = (byte*)malloc(ID_LEN);
- if (session->ticketID == 0) {
- SetError(MEMORY_STR, error, session,
- FATAL_ERROR_STATE);
- return -1;
- }
- }
- XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN);
- }
- }
-
- input += extLen;
- *sslBytes -= extLen;
- len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
- }
-
- return 0;
-}
-
-
-/* Process Finished */
-static int ProcessFinished(const byte* input, int size, int* sslBytes,
- SnifferSession* session, char* error)
-{
- SSL* ssl;
- word32 inOutIdx = 0;
- int ret;
-
- if (session->flags.side == WOLFSSL_SERVER_END)
- ssl = session->sslServer;
- else
- ssl = session->sslClient;
-
- ret = DoFinished(ssl, input, &inOutIdx, (word32) size, (word32) *sslBytes,
- SNIFF);
- *sslBytes -= (int)inOutIdx;
-
- if (ret < 0) {
- SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
- return ret;
- }
-
- if (ret == 0 && session->flags.cached == 0) {
- if (session->sslServer->options.haveSessionId) {
- WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL);
- if (sess == NULL)
- AddSession(session->sslServer); /* don't re add */
- session->flags.cached = 1;
- }
- }
-
- /* If receiving a finished message from one side, free the resources
- * from the other side's tracker. */
- if (session->flags.side == WOLFSSL_SERVER_END)
- FreeHandshakeResources(session->sslClient);
- else
- FreeHandshakeResources(session->sslServer);
-
- return ret;
-}
-
-
-/* Process HandShake input */
-static int DoHandShake(const byte* input, int* sslBytes,
- SnifferSession* session, char* error)
-{
- byte type;
- int size;
- int ret = 0;
- int startBytes;
-
- if (*sslBytes < HANDSHAKE_HEADER_SZ) {
- SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- type = input[0];
- size = (input[1] << 16) | (input[2] << 8) | input[3];
-
- input += HANDSHAKE_HEADER_SZ;
- *sslBytes -= HANDSHAKE_HEADER_SZ;
- startBytes = *sslBytes;
-
- if (*sslBytes < size) {
- SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- switch (type) {
- case hello_verify_request:
- Trace(GOT_HELLO_VERIFY_STR);
- break;
- case hello_request:
- Trace(GOT_HELLO_REQUEST_STR);
- break;
- case session_ticket:
- Trace(GOT_SESSION_TICKET_STR);
- ret = ProcessSessionTicket(input, sslBytes, session, error);
- break;
- case server_hello:
- Trace(GOT_SERVER_HELLO_STR);
- ret = ProcessServerHello(input, sslBytes, session, error);
- break;
- case certificate_request:
- Trace(GOT_CERT_REQ_STR);
- break;
- case server_key_exchange:
- Trace(GOT_SERVER_KEY_EX_STR);
- /* can't know temp key passively */
- SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
- ret = -1;
- break;
- case certificate:
- Trace(GOT_CERT_STR);
- break;
- case server_hello_done:
- Trace(GOT_SERVER_HELLO_DONE_STR);
- break;
- case finished:
- Trace(GOT_FINISHED_STR);
- ret = ProcessFinished(input, size, sslBytes, session, error);
- break;
- case client_hello:
- Trace(GOT_CLIENT_HELLO_STR);
- ret = ProcessClientHello(input, sslBytes, session, error);
- break;
- case client_key_exchange:
- Trace(GOT_CLIENT_KEY_EX_STR);
- ret = ProcessClientKeyExchange(input, sslBytes, session, error);
- break;
- case certificate_verify:
- Trace(GOT_CERT_VER_STR);
- break;
- case certificate_status:
- Trace(GOT_CERT_STATUS_STR);
- break;
- default:
- SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0);
- return -1;
- }
-
- *sslBytes = startBytes - size; /* actual bytes of full process */
-
- return ret;
-}
-
-
-/* Decrypt input into plain output, 0 on success */
-static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
-{
- int ret = 0;
-
- switch (ssl->specs.bulk_cipher_algorithm) {
- #ifdef BUILD_ARC4
- case wolfssl_rc4:
- wc_Arc4Process(ssl->decrypt.arc4, output, input, sz);
- break;
- #endif
-
- #ifdef BUILD_DES3
- case wolfssl_triple_des:
- ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
- break;
- #endif
-
- #ifdef BUILD_AES
- case wolfssl_aes:
- ret = wc_AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
- break;
- #endif
-
- #ifdef HAVE_HC128
- case wolfssl_hc128:
- wc_Hc128_Process(ssl->decrypt.hc128, output, input, sz);
- break;
- #endif
-
- #ifdef BUILD_RABBIT
- case wolfssl_rabbit:
- wc_RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
- break;
- #endif
-
- #ifdef HAVE_CAMELLIA
- case wolfssl_camellia:
- wc_CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
- break;
- #endif
-
- default:
- Trace(BAD_DECRYPT_TYPE);
- ret = -1;
- break;
- }
-
- return ret;
-}
-
-
-/* Decrypt input message into output, adjust output steam if needed */
-static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
- byte* output, int* error, int* advance)
-{
- int ivExtra = 0;
-
- int ret = Decrypt(ssl, output, input, sz);
- if (ret != 0) {
- *error = ret;
- return NULL;
- }
- ssl->keys.encryptSz = sz;
- if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
- output += ssl->specs.block_size; /* go past TLSv1.1 IV */
- ivExtra = ssl->specs.block_size;
- *advance = ssl->specs.block_size;
- }
-
- ssl->keys.padSz = ssl->specs.hash_size;
-
- if (ssl->specs.cipher_type == block)
- ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
-
- return output;
-}
-
-
-/* remove session from table, use rowHint if no info (means we have a lock) */
-static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
- TcpInfo* tcpInfo, word32 rowHint)
-{
- SnifferSession* previous = 0;
- SnifferSession* current;
- word32 row = rowHint;
- int haveLock = 0;
-
- if (ipInfo && tcpInfo)
- row = SessionHash(ipInfo, tcpInfo);
- else
- haveLock = 1;
-
- assert(row <= HASH_SIZE);
- Trace(REMOVE_SESSION_STR);
-
- if (!haveLock)
- LockMutex(&SessionMutex);
-
- current = SessionTable[row];
-
- while (current) {
- if (current == session) {
- if (previous)
- previous->next = current->next;
- else
- SessionTable[row] = current->next;
- FreeSnifferSession(session);
- TraceRemovedSession();
- break;
- }
- previous = current;
- current = current->next;
- }
-
- if (!haveLock)
- UnLockMutex(&SessionMutex);
-}
-
-
-/* Remove stale sessions from the Session Table, have a lock */
-static void RemoveStaleSessions(void)
-{
- word32 i;
- SnifferSession* session;
-
- for (i = 0; i < HASH_SIZE; i++) {
- session = SessionTable[i];
- while (session) {
- SnifferSession* next = session->next;
- if (time(NULL) >= session->lastUsed + WOLFSSL_SNIFFER_TIMEOUT) {
- TraceStaleSession();
- RemoveSession(session, NULL, NULL, i);
- }
- session = next;
- }
- }
-}
-
-
-/* Create a new Sniffer Session */
-static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
- char* error)
-{
- SnifferSession* session = 0;
- int row;
-
- Trace(NEW_SESSION_STR);
- /* create a new one */
- session = (SnifferSession*)malloc(sizeof(SnifferSession));
- if (session == NULL) {
- SetError(MEMORY_STR, error, NULL, 0);
- return 0;
- }
- InitSession(session);
- session->server = ipInfo->dst;
- session->client = ipInfo->src;
- session->srvPort = (word16)tcpInfo->dstPort;
- session->cliPort = (word16)tcpInfo->srcPort;
- session->cliSeqStart = tcpInfo->sequence;
- session->cliExpected = 1; /* relative */
- session->lastUsed= time(NULL);
-
- session->context = GetSnifferServer(ipInfo, tcpInfo);
- if (session->context == NULL) {
- SetError(SERVER_NOT_REG_STR, error, NULL, 0);
- free(session);
- return 0;
- }
-
- session->sslServer = SSL_new(session->context->ctx);
- if (session->sslServer == NULL) {
- SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
- free(session);
- return 0;
- }
- session->sslClient = SSL_new(session->context->ctx);
- if (session->sslClient == NULL) {
- SSL_free(session->sslServer);
- session->sslServer = 0;
-
- SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
- free(session);
- return 0;
- }
- /* put server back into server mode */
- session->sslServer->options.side = WOLFSSL_SERVER_END;
-
- row = SessionHash(ipInfo, tcpInfo);
-
- /* add it to the session table */
- LockMutex(&SessionMutex);
-
- session->next = SessionTable[row];
- SessionTable[row] = session;
-
- SessionCount++;
-
- if ( (SessionCount % HASH_SIZE) == 0) {
- TraceFindingStale();
- RemoveStaleSessions();
- }
-
- UnLockMutex(&SessionMutex);
-
- /* determine headed side */
- if (ipInfo->dst == session->context->server &&
- tcpInfo->dstPort == session->context->port)
- session->flags.side = WOLFSSL_SERVER_END;
- else
- session->flags.side = WOLFSSL_CLIENT_END;
-
- return session;
-}
-
-
-#ifdef OLD_HELLO_ALLOWED
-
-/* Process Old Client Hello Input */
-static int DoOldHello(SnifferSession* session, const byte* sslFrame,
- int* rhSize, int* sslBytes, char* error)
-{
- const byte* input = sslFrame;
- byte b0, b1;
- word32 idx = 0;
- int ret;
-
- Trace(GOT_OLD_CLIENT_HELLO_STR);
- session->flags.clientHello = 1; /* don't process again */
- b0 = *input++;
- b1 = *input++;
- *sslBytes -= 2;
- *rhSize = ((b0 & 0x7f) << 8) | b1;
-
- if (*rhSize > *sslBytes) {
- SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
- (word16)*rhSize);
- if (ret < 0 && ret != MATCH_SUITE_ERROR) {
- SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- Trace(OLD_CLIENT_OK_STR);
- XMEMCPY(session->sslClient->arrays->clientRandom,
- session->sslServer->arrays->clientRandom, RAN_LEN);
-
- *sslBytes -= *rhSize;
- return 0;
-}
-
-#endif /* OLD_HELLO_ALLOWED */
-
-
-#if 0
-/* Calculate the TCP checksum, see RFC 1071 */
-/* return 0 for success, -1 on error */
-/* can be called from decode() with
- TcpChecksum(&ipInfo, &tcpInfo, sslBytes, packet + ipInfo.length);
- could also add a 64bit version if type available and using this
-*/
-int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
- const byte* packet)
-{
- TcpPseudoHdr pseudo;
- int count = PSEUDO_HDR_SZ;
- const word16* data = (word16*)&pseudo;
- word32 sum = 0;
- word16 checksum;
-
- pseudo.src = ipInfo->src;
- pseudo.dst = ipInfo->dst;
- pseudo.rsv = 0;
- pseudo.protocol = TCP_PROTO;
- pseudo.legnth = htons(tcpInfo->length + dataLen);
-
- /* pseudo header sum */
- while (count >= 2) {
- sum += *data++;
- count -= 2;
- }
-
- count = tcpInfo->length + dataLen;
- data = (word16*)packet;
-
- /* main sum */
- while (count > 1) {
- sum += *data++;
- count -=2;
- }
-
- /* get left-over, if any */
- packet = (byte*)data;
- if (count > 0) {
- sum += *packet;
- }
-
- /* fold 32bit sum into 16 bits */
- while (sum >> 16)
- sum = (sum & 0xffff) + (sum >> 16);
-
- checksum = (word16)~sum;
- /* checksum should now equal 0, since included already calcd checksum */
- /* field, but tcp checksum offloading could negate calculation */
- if (checksum == 0)
- return 0;
- return -1;
-}
-#endif
-
-
-/* Check IP and TCP headers, set payload */
-/* returns 0 on success, -1 on error */
-static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
- int length, const byte** sslFrame, int* sslBytes, char* error)
-{
- TraceHeader();
- TracePacket();
-
- /* ip header */
- if (length < IP_HDR_SZ) {
- SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
- return -1;
- }
- if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
- return -1;
-
- /* tcp header */
- if (length < (ipInfo->length + TCP_HDR_SZ)) {
- SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
- return -1;
- }
- if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
- return -1;
-
- /* setup */
- *sslFrame = packet + ipInfo->length + tcpInfo->length;
- if (*sslFrame > packet + length) {
- SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
- return -1;
- }
- *sslBytes = (int)(packet + length - *sslFrame);
-
- return 0;
-}
-
-
-/* Create or Find existing session */
-/* returns 0 on success (continue), -1 on error, 1 on success (end) */
-static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
- SnifferSession** session, char* error)
-{
- /* create a new SnifferSession on client SYN */
- if (tcpInfo->syn && !tcpInfo->ack) {
- TraceClientSyn(tcpInfo->sequence);
- *session = CreateSession(ipInfo, tcpInfo, error);
- if (*session == NULL) {
- *session = GetSnifferSession(ipInfo, tcpInfo);
- /* already had exisiting, so OK */
- if (*session)
- return 1;
-
- SetError(MEMORY_STR, error, NULL, 0);
- return -1;
- }
- return 1;
- }
- /* get existing sniffer session */
- else {
- *session = GetSnifferSession(ipInfo, tcpInfo);
- if (*session == NULL) {
- /* don't worry about extraneous RST or duplicate FINs */
- if (tcpInfo->fin || tcpInfo->rst)
- return 1;
- /* don't worry about duplicate ACKs either */
- if (sslBytes == 0 && tcpInfo->ack)
- return 1;
-
- SetError(BAD_SESSION_STR, error, NULL, 0);
- return -1;
- }
- }
- return 0;
-}
-
-
-/* Create a Packet Buffer from *begin - end, adjust new *begin and bytesLeft */
-static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
- int* bytesLeft)
-{
- PacketBuffer* pb;
-
- int added = end - *begin + 1;
- assert(*begin <= end);
-
- pb = (PacketBuffer*)malloc(sizeof(PacketBuffer));
- if (pb == NULL) return NULL;
-
- pb->next = 0;
- pb->begin = *begin;
- pb->end = end;
- pb->data = (byte*)malloc(added);
-
- if (pb->data == NULL) {
- free(pb);
- return NULL;
- }
- XMEMCPY(pb->data, data, added);
-
- *bytesLeft -= added;
- *begin = pb->end + 1;
-
- return pb;
-}
-
-
-/* Add sslFrame to Reassembly List */
-/* returns 1 (end) on success, -1, on error */
-static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
- int sslBytes, SnifferSession* session, char* error)
-{
- PacketBuffer* add;
- PacketBuffer** front = (from == WOLFSSL_SERVER_END) ?
- &session->cliReassemblyList: &session->srvReassemblyList;
- PacketBuffer* curr = *front;
- PacketBuffer* prev = curr;
-
- word32 startSeq = seq;
- word32 added;
- int bytesLeft = sslBytes; /* could be overlapping fragment */
-
- /* if list is empty add full frame to front */
- if (!curr) {
- add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft);
- if (add == NULL) {
- SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- *front = add;
- return 1;
- }
-
- /* add to front if before current front, up to next->begin */
- if (seq < curr->begin) {
- word32 end = seq + sslBytes - 1;
-
- if (end >= curr->begin)
- end = curr->begin - 1;
-
- add = CreateBuffer(&seq, end, sslFrame, &bytesLeft);
- if (add == NULL) {
- SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- add->next = curr;
- *front = add;
- }
-
- /* while we have bytes left, try to find a gap to fill */
- while (bytesLeft > 0) {
- /* get previous packet in list */
- while (curr && (seq >= curr->begin)) {
- prev = curr;
- curr = curr->next;
- }
-
- /* don't add duplicate data */
- if (prev->end >= seq) {
- if ( (seq + bytesLeft - 1) <= prev->end)
- return 1;
- seq = prev->end + 1;
- bytesLeft = startSeq + sslBytes - seq;
- }
-
- if (!curr)
- /* we're at the end */
- added = bytesLeft;
- else
- /* we're in between two frames */
- added = min((word32)bytesLeft, curr->begin - seq);
-
- /* data already there */
- if (added == 0)
- continue;
-
- add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq],
- &bytesLeft);
- if (add == NULL) {
- SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- add->next = prev->next;
- prev->next = add;
- }
- return 1;
-}
-
-
-/* Add out of order FIN capture */
-/* returns 1 for success (end) */
-static int AddFinCapture(SnifferSession* session, word32 sequence)
-{
- if (session->flags.side == WOLFSSL_SERVER_END) {
- if (session->finCaputre.cliCounted == 0)
- session->finCaputre.cliFinSeq = sequence;
- }
- else {
- if (session->finCaputre.srvCounted == 0)
- session->finCaputre.srvFinSeq = sequence;
- }
- return 1;
-}
-
-
-/* Adjust incoming sequence based on side */
-/* returns 0 on success (continue), -1 on error, 1 on success (end) */
-static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
- int* sslBytes, const byte** sslFrame, char* error)
-{
- word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->cliSeqStart :session->srvSeqStart;
- word32 real = tcpInfo->sequence - seqStart;
- word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
- &session->cliExpected : &session->srvExpected;
- PacketBuffer* reassemblyList = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->cliReassemblyList : session->srvReassemblyList;
-
- /* handle rollover of sequence */
- if (tcpInfo->sequence < seqStart)
- real = 0xffffffffU - seqStart + tcpInfo->sequence;
-
- TraceRelativeSequence(*expected, real);
-
- if (real < *expected) {
- Trace(DUPLICATE_STR);
- if (real + *sslBytes > *expected) {
- int overlap = *expected - real;
- Trace(OVERLAP_DUPLICATE_STR);
-
- /* adjust to expected, remove duplicate */
- *sslFrame += overlap;
- *sslBytes -= overlap;
-
- if (reassemblyList) {
- word32 newEnd = *expected + *sslBytes;
-
- if (newEnd > reassemblyList->begin) {
- Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
-
- /* remove bytes already on reassembly list */
- *sslBytes -= newEnd - reassemblyList->begin;
- }
- if (newEnd > reassemblyList->end) {
- Trace(OVERLAP_REASSEMBLY_END_STR);
-
- /* may be past reassembly list end (could have more on list)
- so try to add what's past the front->end */
- AddToReassembly(session->flags.side, reassemblyList->end +1,
- *sslFrame + reassemblyList->end - *expected + 1,
- newEnd - reassemblyList->end, session, error);
- }
- }
- }
- else
- return 1;
- }
- else if (real > *expected) {
- Trace(OUT_OF_ORDER_STR);
- if (*sslBytes > 0)
- return AddToReassembly(session->flags.side, real, *sslFrame,
- *sslBytes, session, error);
- else if (tcpInfo->fin)
- return AddFinCapture(session, real);
- }
- /* got expected sequence */
- *expected += *sslBytes;
- if (tcpInfo->fin)
- *expected += 1;
-
- return 0;
-}
-
-
-/* Check latest ack number for missing packets
- return 0 ok, <0 on error */
-static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
-{
- if (tcpInfo->ack) {
- word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->srvSeqStart :session->cliSeqStart;
- word32 real = tcpInfo->ackNumber - seqStart;
- word32 expected = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->srvExpected : session->cliExpected;
-
- /* handle rollover of sequence */
- if (tcpInfo->ackNumber < seqStart)
- real = 0xffffffffU - seqStart + tcpInfo->ackNumber;
-
- TraceAck(real, expected);
-
- if (real > expected)
- return -1; /* we missed a packet, ACKing data we never saw */
- }
- return 0;
-}
-
-
-/* Check TCP Sequence status */
-/* returns 0 on success (continue), -1 on error, 1 on success (end) */
-static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
- SnifferSession* session, int* sslBytes,
- const byte** sslFrame, char* error)
-{
- int actualLen;
-
- /* init SEQ from server to client */
- if (tcpInfo->syn && tcpInfo->ack) {
- session->srvSeqStart = tcpInfo->sequence;
- session->srvExpected = 1;
- TraceServerSyn(tcpInfo->sequence);
- return 1;
- }
-
- /* adjust potential ethernet trailer */
- actualLen = ipInfo->total - ipInfo->length - tcpInfo->length;
- if (*sslBytes > actualLen) {
- *sslBytes = actualLen;
- }
-
- TraceSequence(tcpInfo->sequence, *sslBytes);
- if (CheckAck(tcpInfo, session) < 0) {
- SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error);
-}
-
-
-/* Check Status before record processing */
-/* returns 0 on success (continue), -1 on error, 1 on success (end) */
-static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
- const byte** sslFrame, SnifferSession** session,
- int* sslBytes, const byte** end, char* error)
-{
- word32 length;
- SSL* ssl = ((*session)->flags.side == WOLFSSL_SERVER_END) ?
- (*session)->sslServer : (*session)->sslClient;
- /* remove SnifferSession on 2nd FIN or RST */
- if (tcpInfo->fin || tcpInfo->rst) {
- /* flag FIN and RST */
- if (tcpInfo->fin)
- (*session)->flags.finCount += 1;
- else if (tcpInfo->rst)
- (*session)->flags.finCount += 2;
-
- if ((*session)->flags.finCount >= 2) {
- RemoveSession(*session, ipInfo, tcpInfo, 0);
- *session = NULL;
- return 1;
- }
- }
-
- if ((*session)->flags.fatalError == FATAL_ERROR_STATE) {
- SetError(FATAL_ERROR_STR, error, NULL, 0);
- return -1;
- }
-
- if (*sslBytes == 0) {
- Trace(NO_DATA_STR);
- return 1;
- }
-
- /* if current partial data, add to end of partial */
- if ( (length = ssl->buffers.inputBuffer.length) ) {
- Trace(PARTIAL_ADD_STR);
-
- if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
- if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
- SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE);
- return -1;
- }
- }
- XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], *sslFrame, *sslBytes);
- *sslBytes += length;
- ssl->buffers.inputBuffer.length = *sslBytes;
- *sslFrame = ssl->buffers.inputBuffer.buffer;
- *end = *sslFrame + *sslBytes;
- }
-
- if ((*session)->flags.clientHello == 0 && **sslFrame != handshake) {
- /* Sanity check the packet for an old style client hello. */
- int rhSize = (((*sslFrame)[0] & 0x7f) << 8) | ((*sslFrame)[1]);
-
- if ((rhSize <= (*sslBytes - 2)) &&
- (*sslFrame)[2] == OLD_HELLO_ID && (*sslFrame)[3] == SSLv3_MAJOR) {
-#ifdef OLD_HELLO_ALLOWED
- int ret = DoOldHello(*session, *sslFrame, &rhSize, sslBytes, error);
- if (ret < 0)
- return -1; /* error already set */
- if (*sslBytes <= 0)
- return 1;
-#endif
- }
- else {
-#ifdef STARTTLS_ALLOWED
- return 1;
-#endif
- }
- }
-
- return 0;
-}
-
-
-/* See if input on the reassembly list is ready for consuming */
-/* returns 1 for TRUE, 0 for FALSE */
-static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
- int* sslBytes, const byte** end, char* error)
-{
- /* sequence and reassembly based on from, not to */
- int moreInput = 0;
- PacketBuffer** front = (session->flags.side == WOLFSSL_SERVER_END) ?
- &session->cliReassemblyList : &session->srvReassemblyList;
- word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
- &session->cliExpected : &session->srvExpected;
- /* buffer is on receiving end */
- word32* length = (session->flags.side == WOLFSSL_SERVER_END) ?
- &session->sslServer->buffers.inputBuffer.length :
- &session->sslClient->buffers.inputBuffer.length;
- byte* myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->sslServer->buffers.inputBuffer.buffer :
- session->sslClient->buffers.inputBuffer.buffer;
- word32 bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->sslServer->buffers.inputBuffer.bufferSize :
- session->sslClient->buffers.inputBuffer.bufferSize;
- SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->sslServer : session->sslClient;
-
- while (*front && ((*front)->begin == *expected) ) {
- word32 room = bufferSize - *length;
- word32 packetLen = (*front)->end - (*front)->begin + 1;
-
- if (packetLen > room && bufferSize < MAX_INPUT_SZ) {
- if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
- SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
- return 0;
- }
- }
-
- if (packetLen <= room) {
- PacketBuffer* del = *front;
-
- XMEMCPY(&myBuffer[*length], (*front)->data, packetLen);
- *length += packetLen;
- *expected += packetLen;
-
- /* remove used packet */
- *front = (*front)->next;
- FreePacketBuffer(del);
-
- moreInput = 1;
- }
- else
- break;
- }
- if (moreInput) {
- *sslFrame = myBuffer;
- *sslBytes = *length;
- *end = myBuffer + *length;
- }
- return moreInput;
-}
-
-
-
-/* Process Message(s) from sslFrame */
-/* return Number of bytes on success, 0 for no data yet, and -1 on error */
-static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
- int sslBytes, byte* data, const byte* end,char* error)
-{
- const byte* sslBegin = sslFrame;
- const byte* recordEnd; /* end of record indicator */
- const byte* inRecordEnd; /* indictor from input stream not decrypt */
- RecordLayerHeader rh;
- int rhSize = 0;
- int ret;
- int errCode = 0;
- int decoded = 0; /* bytes stored for user in data */
- int notEnough; /* notEnough bytes yet flag */
- int decrypted = 0; /* was current msg decrypted */
- SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->sslServer : session->sslClient;
-doMessage:
- notEnough = 0;
- if (sslBytes < 0) {
- SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- if (sslBytes >= RECORD_HEADER_SZ) {
- if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
- SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- }
- else
- notEnough = 1;
-
- if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) {
- /* don't have enough input yet to process full SSL record */
- Trace(PARTIAL_INPUT_STR);
-
- /* store partial if not there already or we advanced */
- if (ssl->buffers.inputBuffer.length == 0 || sslBegin != sslFrame) {
- if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
- if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
- SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- }
- XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
- ssl->buffers.inputBuffer.length = sslBytes;
- }
- if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
- goto doMessage;
- return decoded;
- }
- sslFrame += RECORD_HEADER_SZ;
- sslBytes -= RECORD_HEADER_SZ;
- recordEnd = sslFrame + rhSize; /* may have more than one record */
- inRecordEnd = recordEnd;
-
- /* decrypt if needed */
- if ((session->flags.side == WOLFSSL_SERVER_END &&
- session->flags.serverCipherOn)
- || (session->flags.side == WOLFSSL_CLIENT_END &&
- session->flags.clientCipherOn)) {
- int ivAdvance = 0; /* TLSv1.1 advance amount */
- if (ssl->decrypt.setup != 1) {
- SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- if (CheckAvailableSize(ssl, rhSize) < 0) {
- SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
- ssl->buffers.outputBuffer.buffer, &errCode,
- &ivAdvance);
- recordEnd = sslFrame - ivAdvance + rhSize; /* sslFrame moved so
- should recordEnd */
- decrypted = 1;
- if (errCode != 0) {
- SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
- return -1;
- }
- }
-
-doPart:
-
- switch ((enum ContentType)rh.type) {
- case handshake:
- {
- int startIdx = sslBytes;
- int used;
-
- Trace(GOT_HANDSHAKE_STR);
- ret = DoHandShake(sslFrame, &sslBytes, session, error);
- if (ret != 0) {
- if (session->flags.fatalError == 0)
- SetError(BAD_HANDSHAKE_STR, error, session,
- FATAL_ERROR_STATE);
- return -1;
- }
-
- /* DoHandShake now fully decrements sslBytes to remaining */
- used = startIdx - sslBytes;
- sslFrame += used;
- if (decrypted)
- sslFrame += ssl->keys.padSz;
- }
- break;
- case change_cipher_spec:
- if (session->flags.side == WOLFSSL_SERVER_END)
- session->flags.serverCipherOn = 1;
- else
- session->flags.clientCipherOn = 1;
- Trace(GOT_CHANGE_CIPHER_STR);
- ssl->options.handShakeState = HANDSHAKE_DONE;
- ssl->options.handShakeDone = 1;
-
- sslFrame += 1;
- sslBytes -= 1;
-
- break;
- case application_data:
- Trace(GOT_APP_DATA_STR);
- {
- word32 inOutIdx = 0;
-
- ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx);
- if (ret == 0) {
- ret = ssl->buffers.clearOutputBuffer.length;
- TraceGotData(ret);
- if (ret) { /* may be blank message */
- XMEMCPY(&data[decoded],
- ssl->buffers.clearOutputBuffer.buffer, ret);
- TraceAddedData(ret, decoded);
- decoded += ret;
- ssl->buffers.clearOutputBuffer.length = 0;
- }
- }
- else {
- SetError(BAD_APP_DATA_STR, error,session,FATAL_ERROR_STATE);
- return -1;
- }
- if (ssl->buffers.outputBuffer.dynamicFlag)
- ShrinkOutputBuffer(ssl);
-
- sslFrame += inOutIdx;
- sslBytes -= inOutIdx;
- }
- break;
- case alert:
- Trace(GOT_ALERT_STR);
- sslFrame += rhSize;
- sslBytes -= rhSize;
- break;
- case no_type:
- default:
- SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
- return -1;
- }
-
- /* do we have another msg in record ? */
- if (sslFrame < recordEnd) {
- Trace(ANOTHER_MSG_STR);
- goto doPart;
- }
-
- /* back to input stream instead of potential decrypt buffer */
- recordEnd = inRecordEnd;
-
- /* do we have more records ? */
- if (recordEnd < end) {
- Trace(ANOTHER_MSG_STR);
- sslFrame = recordEnd;
- sslBytes = (int)(end - recordEnd);
- goto doMessage;
- }
-
- /* clear used input */
- ssl->buffers.inputBuffer.length = 0;
-
- /* could have more input ready now */
- if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
- goto doMessage;
-
- if (ssl->buffers.inputBuffer.dynamicFlag)
- ShrinkInputBuffer(ssl, NO_FORCED_FREE);
-
- return decoded;
-}
-
-
-/* See if we need to process any pending FIN captures */
-static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
- SnifferSession* session)
-{
- if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <=
- session->cliExpected) {
- if (session->finCaputre.cliCounted == 0) {
- session->flags.finCount += 1;
- session->finCaputre.cliCounted = 1;
- TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected);
- }
- }
-
- if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <=
- session->srvExpected) {
- if (session->finCaputre.srvCounted == 0) {
- session->flags.finCount += 1;
- session->finCaputre.srvCounted = 1;
- TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected);
- }
- }
-
- if (session->flags.finCount >= 2)
- RemoveSession(session, ipInfo, tcpInfo, 0);
-}
-
-
-/* If session is in fatal error state free resources now
- return true if removed, 0 otherwise */
-static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
- SnifferSession* session, char* error)
-{
- if (session && session->flags.fatalError == FATAL_ERROR_STATE) {
- RemoveSession(session, ipInfo, tcpInfo, 0);
- SetError(FATAL_ERROR_STR, error, NULL, 0);
- return 1;
- }
- return 0;
-}
-
-
-/* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
-/* returns Number of bytes on success, 0 for no data yet, and -1 on error */
-int ssl_DecodePacket(const byte* packet, int length, byte* data, char* error)
-{
- TcpInfo tcpInfo;
- IpInfo ipInfo;
- const byte* sslFrame;
- const byte* end = packet + length;
- int sslBytes; /* ssl bytes unconsumed */
- int ret;
- SnifferSession* session = 0;
-
- if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
- error) != 0)
- return -1;
-
- ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
- if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
- else if (ret == -1) return -1;
- else if (ret == 1) return 0; /* done for now */
-
- ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
- if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
- else if (ret == -1) return -1;
- else if (ret == 1) return 0; /* done for now */
-
- ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
- &end, error);
- if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
- else if (ret == -1) return -1;
- else if (ret == 1) return 0; /* done for now */
-
- ret = ProcessMessage(sslFrame, session, sslBytes, data, end, error);
- if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
- CheckFinCapture(&ipInfo, &tcpInfo, session);
- return ret;
-}
-
-
-/* Enables (if traceFile)/ Disables debug tracing */
-/* returns 0 on success, -1 on error */
-int ssl_Trace(const char* traceFile, char* error)
-{
- if (traceFile) {
- TraceFile = fopen(traceFile, "a");
- if (!TraceFile) {
- SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
- return -1;
- }
- TraceOn = 1;
- }
- else
- TraceOn = 0;
-
- return 0;
-}
-
-
-
-
-#endif /* WOLFSSL_SNIFFER */
-
--- a/src/ssl.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12938 +0,0 @@
-/* ssl.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_ERRNO_H
- #include <errno.h>
-#endif
-
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
-#include <wolfssl/wolfcrypt/coding.h>
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- #include <wolfssl/openssl/evp.h>
-#endif
-
-#ifdef OPENSSL_EXTRA
- /* openssl headers begin */
- #include <wolfssl/openssl/hmac.h>
- #include <wolfssl/openssl/crypto.h>
- #include <wolfssl/openssl/des.h>
- #include <wolfssl/openssl/bn.h>
- #include <wolfssl/openssl/dh.h>
- #include <wolfssl/openssl/rsa.h>
- #include <wolfssl/openssl/pem.h>
- /* openssl headers end, wolfssl internal headers next */
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/random.h>
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/md4.h>
- #include <wolfssl/wolfcrypt/md5.h>
- #include <wolfssl/wolfcrypt/arc4.h>
- #ifdef WOLFSSL_SHA512
- #include <wolfssl/wolfcrypt/sha512.h>
- #endif
-#endif
-
-#ifndef NO_FILESYSTEM
- #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) \
- && !defined(EBSNET)
- #include <dirent.h>
- #include <sys/stat.h>
- #endif
- #ifdef EBSNET
- #include "vfapi.h"
- #include "vfile.h"
- #endif
-#endif /* NO_FILESYSTEM */
-
-#ifndef TRUE
- #define TRUE 1
-#endif
-#ifndef FALSE
- #define FALSE 0
-#endif
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSSL_HAVE_MIN */
-
-#ifndef WOLFSSL_HAVE_MAX
-#define WOLFSSL_HAVE_MAX
-
-#ifdef WOLFSSL_DTLS
- static INLINE word32 max(word32 a, word32 b)
- {
- return a > b ? a : b;
- }
-#endif /* WOLFSSL_DTLS */
-
-#endif /* WOLFSSL_HAVE_MAX */
-
-
-#ifndef WOLFSSL_LEANPSK
-char* mystrnstr(const char* s1, const char* s2, unsigned int n)
-{
- unsigned int s2_len = (unsigned int)XSTRLEN(s2);
-
- if (s2_len == 0)
- return (char*)s1;
-
- while (n >= s2_len && s1[0]) {
- if (s1[0] == s2[0])
- if (XMEMCMP(s1, s2, s2_len) == 0)
- return (char*)s1;
- s1++;
- n--;
- }
-
- return NULL;
-}
-#endif
-
-
-/* prevent multiple mutex initializations */
-static volatile int initRefCount = 0;
-static wolfSSL_Mutex count_mutex; /* init ref count mutex */
-
-
-WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
-{
- WOLFSSL_CTX* ctx = NULL;
-
- WOLFSSL_ENTER("WOLFSSL_CTX_new");
-
- if (initRefCount == 0)
- wolfSSL_Init(); /* user no longer forced to call Init themselves */
-
- if (method == NULL)
- return ctx;
-
- ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), 0, DYNAMIC_TYPE_CTX);
- if (ctx) {
- if (InitSSL_Ctx(ctx, method) < 0) {
- WOLFSSL_MSG("Init CTX failed");
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- }
- }
- else {
- WOLFSSL_MSG("Alloc CTX failed, method freed");
- XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
- }
-
- WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
- return ctx;
-}
-
-
-void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
-{
- WOLFSSL_ENTER("SSL_CTX_free");
- if (ctx)
- FreeSSL_Ctx(ctx);
- WOLFSSL_LEAVE("SSL_CTX_free", 0);
-}
-
-
-WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
-{
- WOLFSSL* ssl = NULL;
- int ret = 0;
-
- (void)ret;
- WOLFSSL_ENTER("SSL_new");
-
- if (ctx == NULL)
- return ssl;
-
- ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap,DYNAMIC_TYPE_SSL);
- if (ssl)
- if ( (ret = InitSSL(ssl, ctx)) < 0) {
- FreeSSL(ssl);
- ssl = 0;
- }
-
- WOLFSSL_LEAVE("SSL_new", ret);
- return ssl;
-}
-
-
-void wolfSSL_free(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_free");
- if (ssl)
- FreeSSL(ssl);
- WOLFSSL_LEAVE("SSL_free", 0);
-}
-
-#ifdef HAVE_POLY1305
-/* set if to use old poly 1 for yes 0 to use new poly */
-int wolfSSL_use_old_poly(WOLFSSL* ssl, int value)
-{
- WOLFSSL_ENTER("SSL_use_old_poly");
- ssl->options.oldPoly = value;
- WOLFSSL_LEAVE("SSL_use_old_poly", 0);
- return 0;
-}
-#endif
-
-int wolfSSL_set_fd(WOLFSSL* ssl, int fd)
-{
- WOLFSSL_ENTER("SSL_set_fd");
- ssl->rfd = fd; /* not used directly to allow IO callbacks */
- ssl->wfd = fd;
-
- ssl->IOCB_ReadCtx = &ssl->rfd;
- ssl->IOCB_WriteCtx = &ssl->wfd;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
- ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
- ssl->buffers.dtlsCtx.fd = fd;
- }
- #endif
-
- WOLFSSL_LEAVE("SSL_set_fd", SSL_SUCCESS);
- return SSL_SUCCESS;
-}
-
-
-/**
- * Get the name of cipher at priotity level passed in.
- */
-char* wolfSSL_get_cipher_list(int priority)
-{
- const char* const* ciphers = GetCipherNames();
-
- if (priority >= GetCipherNamesSize() || priority < 0) {
- return 0;
- }
-
- return (char*)ciphers[priority];
-}
-
-
-int wolfSSL_get_ciphers(char* buf, int len)
-{
- const char* const* ciphers = GetCipherNames();
- int totalInc = 0;
- int step = 0;
- char delim = ':';
- int size = GetCipherNamesSize();
- int i;
-
- if (buf == NULL || len <= 0)
- return BAD_FUNC_ARG;
-
- /* Add each member to the buffer delimitted by a : */
- for (i = 0; i < size; i++) {
- step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */
- totalInc += step;
-
- /* Check to make sure buf is large enough and will not overflow */
- if (totalInc < len) {
- XSTRNCPY(buf, ciphers[i], XSTRLEN(ciphers[i]));
- buf += XSTRLEN(ciphers[i]);
-
- if (i < size - 1)
- *buf++ = delim;
- }
- else
- return BUFFER_E;
- }
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_get_fd(const WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_get_fd");
- WOLFSSL_LEAVE("SSL_get_fd", ssl->rfd);
- return ssl->rfd;
-}
-
-
-int wolfSSL_get_using_nonblock(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("wolfSSL_get_using_nonblock");
- WOLFSSL_LEAVE("wolfSSL_get_using_nonblock", ssl->options.usingNonblock);
- return ssl->options.usingNonblock;
-}
-
-
-int wolfSSL_dtls(WOLFSSL* ssl)
-{
- return ssl->options.dtls;
-}
-
-
-#ifndef WOLFSSL_LEANPSK
-void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock)
-{
- WOLFSSL_ENTER("wolfSSL_set_using_nonblock");
- ssl->options.usingNonblock = (nonblock != 0);
-}
-
-
-int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
-{
-#ifdef WOLFSSL_DTLS
- void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
- if (sa != NULL) {
- if (ssl->buffers.dtlsCtx.peer.sa != NULL)
- XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
- XMEMCPY(sa, peer, peerSz);
- ssl->buffers.dtlsCtx.peer.sa = sa;
- ssl->buffers.dtlsCtx.peer.sz = peerSz;
- return SSL_SUCCESS;
- }
- return SSL_FAILURE;
-#else
- (void)ssl;
- (void)peer;
- (void)peerSz;
- return SSL_NOT_IMPLEMENTED;
-#endif
-}
-
-int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
-{
-#ifdef WOLFSSL_DTLS
- if (peer != NULL && peerSz != NULL
- && *peerSz >= ssl->buffers.dtlsCtx.peer.sz) {
- *peerSz = ssl->buffers.dtlsCtx.peer.sz;
- XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
- return SSL_SUCCESS;
- }
- return SSL_FAILURE;
-#else
- (void)ssl;
- (void)peer;
- (void)peerSz;
- return SSL_NOT_IMPLEMENTED;
-#endif
-}
-#endif /* WOLFSSL_LEANPSK */
-
-
-/* return underlyig connect or accept, SSL_SUCCESS on ok */
-int wolfSSL_negotiate(WOLFSSL* ssl)
-{
- int err = SSL_FATAL_ERROR;
-
- WOLFSSL_ENTER("wolfSSL_negotiate");
-#ifndef NO_WOLFSSL_SERVER
- if (ssl->options.side == WOLFSSL_SERVER_END)
- err = wolfSSL_accept(ssl);
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
- if (ssl->options.side == WOLFSSL_CLIENT_END)
- err = wolfSSL_connect(ssl);
-#endif
-
- WOLFSSL_LEAVE("wolfSSL_negotiate", err);
-
- return err;
-}
-
-
-#ifndef WOLFSSL_LEANPSK
-/* object size based on build */
-int wolfSSL_GetObjectSize(void)
-{
-#ifdef SHOW_SIZES
- printf("sizeof suites = %lu\n", sizeof(Suites));
- printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
-#ifndef NO_RC4
- printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
-#endif
- printf(" sizeof aes = %lu\n", sizeof(Aes));
-#ifndef NO_DES3
- printf(" sizeof des3 = %lu\n", sizeof(Des3));
-#endif
-#ifndef NO_RABBIT
- printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
-#endif
-#ifdef HAVE_CHACHA
- printf(" sizeof chacha = %lu\n", sizeof(Chacha));
-#endif
- printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
- printf("sizeof keys = %lu\n", sizeof(Keys));
- printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
-#ifndef NO_MD5
- printf(" sizeof MD5 = %lu\n", sizeof(Md5));
-#endif
-#ifndef NO_SHA
- printf(" sizeof SHA = %lu\n", sizeof(Sha));
-#endif
-#ifndef NO_SHA256
- printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
-#endif
-#ifdef WOLFSSL_SHA384
- printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
-#endif
-#ifdef WOLFSSL_SHA384
- printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
-#endif
- printf("sizeof Buffers = %lu\n", sizeof(Buffers));
- printf("sizeof Options = %lu\n", sizeof(Options));
- printf("sizeof Arrays = %lu\n", sizeof(Arrays));
-#ifndef NO_RSA
- printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
-#endif
-#ifdef HAVE_ECC
- printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
-#endif
- printf("sizeof WOLFSSL_CIPHER = %lu\n", sizeof(WOLFSSL_CIPHER));
- printf("sizeof WOLFSSL_SESSION = %lu\n", sizeof(WOLFSSL_SESSION));
- printf("sizeof WOLFSSL = %lu\n", sizeof(WOLFSSL));
- printf("sizeof WOLFSSL_CTX = %lu\n", sizeof(WOLFSSL_CTX));
-#endif
-
- return sizeof(WOLFSSL);
-}
-#endif
-
-
-#ifndef NO_DH
-/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
-int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
- const unsigned char* g, int gSz)
-{
- byte havePSK = 0;
- byte haveRSA = 1;
-
- WOLFSSL_ENTER("wolfSSL_SetTmpDH");
- if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
-
- if (pSz < ssl->options.minDhKeySz)
- return DH_KEY_SIZE_E;
-
- if (ssl->options.side != WOLFSSL_SERVER_END)
- return SIDE_ERROR;
-
- if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
- XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
- if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH)
- XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
-
- ssl->buffers.weOwnDH = 1; /* SSL owns now */
- ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
- DYNAMIC_TYPE_DH);
- if (ssl->buffers.serverDH_P.buffer == NULL)
- return MEMORY_E;
-
- ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
- DYNAMIC_TYPE_DH);
- if (ssl->buffers.serverDH_G.buffer == NULL) {
- XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
- return MEMORY_E;
- }
-
- ssl->buffers.serverDH_P.length = pSz;
- ssl->buffers.serverDH_G.length = gSz;
-
- XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
- XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
-
- ssl->options.haveDH = 1;
- #ifndef NO_PSK
- havePSK = ssl->options.havePSK;
- #endif
- #ifdef NO_RSA
- haveRSA = 0;
- #endif
- InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
- ssl->options.haveNTRU, ssl->options.haveECDSAsig,
- ssl->options.haveStaticECC, ssl->options.side);
-
- WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
- return SSL_SUCCESS;
-}
-
-/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
-int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
- const unsigned char* g, int gSz)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
- if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
-
- if (pSz < ctx->minDhKeySz)
- return DH_KEY_SIZE_E;
-
- XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
- XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
-
- ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
- if (ctx->serverDH_P.buffer == NULL)
- return MEMORY_E;
-
- ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
- if (ctx->serverDH_G.buffer == NULL) {
- XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
- return MEMORY_E;
- }
-
- ctx->serverDH_P.length = pSz;
- ctx->serverDH_G.length = gSz;
-
- XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
- XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
-
- ctx->haveDH = 1;
-
- WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
- return SSL_SUCCESS;
-}
-
-#endif /* !NO_DH */
-
-
-int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
-{
- int ret;
-
- WOLFSSL_ENTER("SSL_write()");
-
- if (ssl == NULL || data == NULL || sz < 0)
- return BAD_FUNC_ARG;
-
-#ifdef HAVE_ERRNO_H
- errno = 0;
-#endif
-
- ret = SendData(ssl, data, sz);
-
- WOLFSSL_LEAVE("SSL_write()", ret);
-
- if (ret < 0)
- return SSL_FATAL_ERROR;
- else
- return ret;
-}
-
-
-static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
-{
- int ret;
-
- WOLFSSL_ENTER("wolfSSL_read_internal()");
-
- if (ssl == NULL || data == NULL || sz < 0)
- return BAD_FUNC_ARG;
-
-#ifdef HAVE_ERRNO_H
- errno = 0;
-#endif
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
-#endif
-
-#ifdef HAVE_MAX_FRAGMENT
- ret = ReceiveData(ssl, (byte*)data,
- min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
-#else
- ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
-#endif
-
- WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
-
- if (ret < 0)
- return SSL_FATAL_ERROR;
- else
- return ret;
-}
-
-
-int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz)
-{
- WOLFSSL_ENTER("wolfSSL_peek()");
-
- return wolfSSL_read_internal(ssl, data, sz, TRUE);
-}
-
-
-int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
-{
- WOLFSSL_ENTER("wolfSSL_read()");
-
- return wolfSSL_read_internal(ssl, data, sz, FALSE);
-}
-
-
-#ifdef HAVE_CAVIUM
-
-/* let's use cavium, SSL_SUCCESS on ok */
-int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- ssl->devId = devId;
-
- return SSL_SUCCESS;
-}
-
-
-/* let's use cavium, SSL_SUCCESS on ok */
-int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- ctx->devId = devId;
-
- return SSL_SUCCESS;
-}
-
-
-#endif /* HAVE_CAVIUM */
-
-#ifdef HAVE_SNI
-
-int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseSNI(&ssl->extensions, type, data, size);
-}
-
-int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data, word16 size)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseSNI(&ctx->extensions, type, data, size);
-}
-
-#ifndef NO_WOLFSSL_SERVER
-
-void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, byte type, byte options)
-{
- if (ssl && ssl->extensions)
- TLSX_SNI_SetOptions(ssl->extensions, type, options);
-}
-
-void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, byte type, byte options)
-{
- if (ctx && ctx->extensions)
- TLSX_SNI_SetOptions(ctx->extensions, type, options);
-}
-
-byte wolfSSL_SNI_Status(WOLFSSL* ssl, byte type)
-{
- return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
-}
-
-word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
-{
- if (data)
- *data = NULL;
-
- if (ssl && ssl->extensions)
- return TLSX_SNI_GetRequest(ssl->extensions, type, data);
-
- return 0;
-}
-
-int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
- byte* sni, word32* inOutSz)
-{
- if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
- return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
-
- return BAD_FUNC_ARG;
-}
-
-#endif /* NO_WOLFSSL_SERVER */
-
-#endif /* HAVE_SNI */
-
-
-#ifdef HAVE_MAX_FRAGMENT
-#ifndef NO_WOLFSSL_CLIENT
-int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseMaxFragment(&ssl->extensions, mfl);
-}
-
-int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseMaxFragment(&ctx->extensions, mfl);
-}
-#endif /* NO_WOLFSSL_CLIENT */
-#endif /* HAVE_MAX_FRAGMENT */
-
-#ifdef HAVE_TRUNCATED_HMAC
-#ifndef NO_WOLFSSL_CLIENT
-int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseTruncatedHMAC(&ssl->extensions);
-}
-
-int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseTruncatedHMAC(&ctx->extensions);
-}
-#endif /* NO_WOLFSSL_CLIENT */
-#endif /* HAVE_TRUNCATED_HMAC */
-
-/* Elliptic Curves */
-#ifdef HAVE_SUPPORTED_CURVES
-#ifndef NO_WOLFSSL_CLIENT
-
-int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- switch (name) {
- case WOLFSSL_ECC_SECP160R1:
- case WOLFSSL_ECC_SECP192R1:
- case WOLFSSL_ECC_SECP224R1:
- case WOLFSSL_ECC_SECP256R1:
- case WOLFSSL_ECC_SECP384R1:
- case WOLFSSL_ECC_SECP521R1:
- break;
-
- default:
- return BAD_FUNC_ARG;
- }
-
- return TLSX_UseSupportedCurve(&ssl->extensions, name);
-}
-
-int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- switch (name) {
- case WOLFSSL_ECC_SECP160R1:
- case WOLFSSL_ECC_SECP192R1:
- case WOLFSSL_ECC_SECP224R1:
- case WOLFSSL_ECC_SECP256R1:
- case WOLFSSL_ECC_SECP384R1:
- case WOLFSSL_ECC_SECP521R1:
- break;
-
- default:
- return BAD_FUNC_ARG;
- }
-
- return TLSX_UseSupportedCurve(&ctx->extensions, name);
-}
-
-#endif /* NO_WOLFSSL_CLIENT */
-#endif /* HAVE_SUPPORTED_CURVES */
-
-/* Secure Renegotiation */
-#ifdef HAVE_SECURE_RENEGOTIATION
-
-/* user is forcing ability to use secure renegotiation, we discourage it */
-int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
-{
- int ret = BAD_FUNC_ARG;
-
- if (ssl)
- ret = TLSX_UseSecureRenegotiation(&ssl->extensions);
-
- if (ret == SSL_SUCCESS) {
- TLSX* extension = TLSX_Find(ssl->extensions, SECURE_RENEGOTIATION);
-
- if (extension)
- ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
- }
-
- return ret;
-}
-
-
-/* do a secure renegotiation handshake, user forced, we discourage */
-int wolfSSL_Rehandshake(WOLFSSL* ssl)
-{
- int ret;
-
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- if (ssl->secure_renegotiation == NULL) {
- WOLFSSL_MSG("Secure Renegotiation not forced on by user");
- return SECURE_RENEGOTIATION_E;
- }
-
- if (ssl->secure_renegotiation->enabled == 0) {
- WOLFSSL_MSG("Secure Renegotiation not enabled at extension level");
- return SECURE_RENEGOTIATION_E;
- }
-
- if (ssl->options.handShakeState != HANDSHAKE_DONE) {
- WOLFSSL_MSG("Can't renegotiate until previous handshake complete");
- return SECURE_RENEGOTIATION_E;
- }
-
-#ifndef NO_FORCE_SCR_SAME_SUITE
- /* force same suite */
- if (ssl->suites) {
- ssl->suites->suiteSz = SUITE_LEN;
- ssl->suites->suites[0] = ssl->options.cipherSuite0;
- ssl->suites->suites[1] = ssl->options.cipherSuite;
- }
-#endif
-
- /* reset handshake states */
- ssl->options.serverState = NULL_STATE;
- ssl->options.clientState = NULL_STATE;
- ssl->options.connectState = CONNECT_BEGIN;
- ssl->options.acceptState = ACCEPT_BEGIN;
- ssl->options.handShakeState = NULL_STATE;
- ssl->options.processReply = 0; /* TODO, move states in internal.h */
-
- XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
-
- ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
-
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
- wc_InitMd5(&ssl->hsHashes->hashMd5);
-#endif
-#ifndef NO_SHA
- ret = wc_InitSha(&ssl->hsHashes->hashSha);
- if (ret !=0)
- return ret;
-#endif
-#endif /* NO_OLD_TLS */
-#ifndef NO_SHA256
- ret = wc_InitSha256(&ssl->hsHashes->hashSha256);
- if (ret !=0)
- return ret;
-#endif
-#ifdef WOLFSSL_SHA384
- ret = wc_InitSha384(&ssl->hsHashes->hashSha384);
- if (ret !=0)
- return ret;
-#endif
-#ifdef WOLFSSL_SHA512
- ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
- if (ret !=0)
- return ret;
-#endif
-
- ret = wolfSSL_negotiate(ssl);
- return ret;
-}
-
-#endif /* HAVE_SECURE_RENEGOTIATION */
-
-/* Session Ticket */
-#if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
-/* SSL_SUCCESS on ok */
-int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- ctx->ticketEncCb = cb;
-
- return SSL_SUCCESS;
-}
-
-/* set hint interval, SSL_SUCCESS on ok */
-int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- ctx->ticketHint = hint;
-
- return SSL_SUCCESS;
-}
-
-/* set user context, SSL_SUCCESS on ok */
-int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- ctx->ticketEncCtx = userCtx;
-
- return SSL_SUCCESS;
-}
-
-#endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
-
-/* Session Ticket */
-#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
-int wolfSSL_UseSessionTicket(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseSessionTicket(&ssl->extensions, NULL);
-}
-
-int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- return TLSX_UseSessionTicket(&ctx->extensions, NULL);
-}
-
-WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, byte* buf, word32* bufSz)
-{
- if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
- return BAD_FUNC_ARG;
-
- if (ssl->session.ticketLen <= *bufSz) {
- XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
- *bufSz = ssl->session.ticketLen;
- }
- else
- *bufSz = 0;
-
- return SSL_SUCCESS;
-}
-
-WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
-{
- if (ssl == NULL || (buf == NULL && bufSz > 0))
- return BAD_FUNC_ARG;
-
- if (bufSz > 0)
- XMEMCPY(ssl->session.ticket, buf, bufSz);
- ssl->session.ticketLen = (word16)bufSz;
-
- return SSL_SUCCESS;
-}
-
-
-WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
- CallbackSessionTicket cb, void* ctx)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- ssl->session_ticket_cb = cb;
- ssl->session_ticket_ctx = ctx;
-
- return SSL_SUCCESS;
-}
-#endif
-
-#ifndef WOLFSSL_LEANPSK
-
-int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
-{
- int ret;
- int oldFlags;
-
- WOLFSSL_ENTER("wolfSSL_send()");
-
- if (ssl == NULL || data == NULL || sz < 0)
- return BAD_FUNC_ARG;
-
- oldFlags = ssl->wflags;
-
- ssl->wflags = flags;
- ret = wolfSSL_write(ssl, data, sz);
- ssl->wflags = oldFlags;
-
- WOLFSSL_LEAVE("wolfSSL_send()", ret);
-
- return ret;
-}
-
-
-int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
-{
- int ret;
- int oldFlags;
-
- WOLFSSL_ENTER("wolfSSL_recv()");
-
- if (ssl == NULL || data == NULL || sz < 0)
- return BAD_FUNC_ARG;
-
- oldFlags = ssl->rflags;
-
- ssl->rflags = flags;
- ret = wolfSSL_read(ssl, data, sz);
- ssl->rflags = oldFlags;
-
- WOLFSSL_LEAVE("wolfSSL_recv()", ret);
-
- return ret;
-}
-#endif
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_shutdown(WOLFSSL* ssl)
-{
- int ret = SSL_FATAL_ERROR;
- byte tmp;
- WOLFSSL_ENTER("SSL_shutdown()");
-
- if (ssl == NULL)
- return SSL_FATAL_ERROR;
-
- if (ssl->options.quietShutdown) {
- WOLFSSL_MSG("quiet shutdown, no close notify sent");
- return SSL_SUCCESS;
- }
-
- /* try to send close notify, not an error if can't */
- if (!ssl->options.isClosed && !ssl->options.connReset &&
- !ssl->options.sentNotify) {
- ssl->error = SendAlert(ssl, alert_warning, close_notify);
- if (ssl->error < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- ssl->options.sentNotify = 1; /* don't send close_notify twice */
- if (ssl->options.closeNotify)
- ret = SSL_SUCCESS;
- else
- ret = SSL_SHUTDOWN_NOT_DONE;
-
- WOLFSSL_LEAVE("SSL_shutdown()", ret);
- return ret;
- }
-
- /* call wolfSSL_shutdown again for bidirectional shudown */
- if (ssl->options.sentNotify && !ssl->options.closeNotify) {
- ret = wolfSSL_read(ssl, &tmp, 0);
- if (ret < 0) {
- WOLFSSL_ERROR(ssl->error);
- ret = SSL_FATAL_ERROR;
- } else if (ssl->options.closeNotify) {
- ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
- ret = SSL_SUCCESS;
- }
- }
-
- WOLFSSL_LEAVE("SSL_shutdown()", ret);
-
- return ret;
-}
-
-
-int wolfSSL_get_error(WOLFSSL* ssl, int ret)
-{
- WOLFSSL_ENTER("SSL_get_error");
-
- if (ret > 0)
- return SSL_ERROR_NONE;
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- WOLFSSL_LEAVE("SSL_get_error", ssl->error);
-
- /* make sure converted types are handled in SetErrorString() too */
- if (ssl->error == WANT_READ)
- return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
- else if (ssl->error == WANT_WRITE)
- return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
- else if (ssl->error == ZERO_RETURN)
- return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
- return ssl->error;
-}
-
-
-/* retrive alert history, SSL_SUCCESS on ok */
-int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
-{
- if (ssl && h) {
- *h = ssl->alert_history;
- }
- return SSL_SUCCESS;
-}
-
-
-/* return TRUE if current error is want read */
-int wolfSSL_want_read(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_want_read");
- if (ssl->error == WANT_READ)
- return 1;
-
- return 0;
-}
-
-
-/* return TRUE if current error is want write */
-int wolfSSL_want_write(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_want_write");
- if (ssl->error == WANT_WRITE)
- return 1;
-
- return 0;
-}
-
-
-char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data)
-{
- static const char* msg = "Please supply a buffer for error string";
-
- WOLFSSL_ENTER("ERR_error_string");
- if (data) {
- SetErrorString((int)errNumber, data);
- return data;
- }
-
- return (char*)msg;
-}
-
-
-void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
-{
- WOLFSSL_ENTER("wolfSSL_ERR_error_string_n");
- if (len >= WOLFSSL_MAX_ERROR_SZ)
- wolfSSL_ERR_error_string(e, buf);
- else {
- char tmp[WOLFSSL_MAX_ERROR_SZ];
-
- WOLFSSL_MSG("Error buffer too short, truncating");
- if (len) {
- wolfSSL_ERR_error_string(e, tmp);
- XMEMCPY(buf, tmp, len-1);
- buf[len-1] = '\0';
- }
- }
-}
-
-
-/* don't free temporary arrays at end of handshake */
-void wolfSSL_KeepArrays(WOLFSSL* ssl)
-{
- if (ssl)
- ssl->options.saveArrays = 1;
-}
-
-
-/* user doesn't need temporary arrays anymore, Free */
-void wolfSSL_FreeArrays(WOLFSSL* ssl)
-{
- if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
- ssl->options.saveArrays = 0;
- FreeArrays(ssl, 1);
- }
-}
-
-
-const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
-{
- if (ssl == NULL)
- return NULL;
-
- if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) ||
- (ssl->options.side == WOLFSSL_SERVER_END && verify) )
- return ssl->keys.client_write_MAC_secret;
- else
- return ssl->keys.server_write_MAC_secret;
-}
-
-
-#ifdef ATOMIC_USER
-
-void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb)
-{
- if (ctx)
- ctx->MacEncryptCb = cb;
-}
-
-
-void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->MacEncryptCtx = ctx;
-}
-
-
-void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->MacEncryptCtx;
-
- return NULL;
-}
-
-
-void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx, CallbackDecryptVerify cb)
-{
- if (ctx)
- ctx->DecryptVerifyCb = cb;
-}
-
-
-void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->DecryptVerifyCtx = ctx;
-}
-
-
-void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->DecryptVerifyCtx;
-
- return NULL;
-}
-
-
-const byte* wolfSSL_GetClientWriteKey(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->keys.client_write_key;
-
- return NULL;
-}
-
-
-const byte* wolfSSL_GetClientWriteIV(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->keys.client_write_IV;
-
- return NULL;
-}
-
-
-const byte* wolfSSL_GetServerWriteKey(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->keys.server_write_key;
-
- return NULL;
-}
-
-
-const byte* wolfSSL_GetServerWriteIV(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->keys.server_write_IV;
-
- return NULL;
-}
-
-
-int wolfSSL_GetKeySize(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->specs.key_size;
-
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_GetIVSize(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->specs.iv_size;
-
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_GetBulkCipher(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->specs.bulk_cipher_algorithm;
-
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_GetCipherType(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- if (ssl->specs.cipher_type == block)
- return WOLFSSL_BLOCK_TYPE;
- if (ssl->specs.cipher_type == stream)
- return WOLFSSL_STREAM_TYPE;
- if (ssl->specs.cipher_type == aead)
- return WOLFSSL_AEAD_TYPE;
-
- return -1;
-}
-
-
-int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- return ssl->specs.block_size;
-}
-
-
-int wolfSSL_GetAeadMacSize(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- return ssl->specs.aead_mac_size;
-}
-
-
-int wolfSSL_IsTLSv1_1(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- if (ssl->options.tls1_1)
- return 1;
-
- return 0;
-}
-
-
-int wolfSSL_GetSide(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->options.side;
-
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_GetHmacSize(WOLFSSL* ssl)
-{
- /* AEAD ciphers don't have HMAC keys */
- if (ssl)
- return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
-
- return BAD_FUNC_ARG;
-}
-
-#endif /* ATOMIC_USER */
-
-#ifndef NO_CERTS
-
-WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
-{
- WOLFSSL_CERT_MANAGER* cm = NULL;
-
- WOLFSSL_ENTER("wolfSSL_CertManagerNew");
-
- cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), 0,
- DYNAMIC_TYPE_CERT_MANAGER);
- if (cm) {
- XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
-
- if (InitMutex(&cm->caLock) != 0) {
- WOLFSSL_MSG("Bad mutex init");
- wolfSSL_CertManagerFree(cm);
- return NULL;
- }
- }
-
- return cm;
-}
-
-
-void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerFree");
-
- if (cm) {
- #ifdef HAVE_CRL
- if (cm->crl)
- FreeCRL(cm->crl, 1);
- #endif
- #ifdef HAVE_OCSP
- if (cm->ocsp)
- FreeOCSP(cm->ocsp, 1);
- #endif
- FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
- FreeMutex(&cm->caLock);
- XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
- }
-
-}
-
-
-/* Unload the CA signer list */
-int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerUnloadCAs");
-
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- if (LockMutex(&cm->caLock) != 0)
- return BAD_MUTEX_E;
-
- FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
-
- UnLockMutex(&cm->caLock);
-
-
- return SSL_SUCCESS;
-}
-
-
-/* Return bytes written to buff or < 0 for error */
-int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
- unsigned char* buff, int buffSz,
- int type)
-{
- int eccKey = 0;
- int ret;
- buffer der;
-#ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
-#else
- EncryptedInfo info[1];
-#endif
-
- WOLFSSL_ENTER("wolfSSL_CertPemToDer");
-
- if (pem == NULL || buff == NULL || buffSz <= 0) {
- WOLFSSL_MSG("Bad pem der args");
- return BAD_FUNC_ARG;
- }
-
- if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
- WOLFSSL_MSG("Bad cert type");
- return BAD_FUNC_ARG;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (info == NULL)
- return MEMORY_E;
-#endif
-
- info->set = 0;
- info->ctx = NULL;
- info->consumed = 0;
- der.buffer = NULL;
-
- ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (ret < 0) {
- WOLFSSL_MSG("Bad Pem To Der");
- }
- else {
- if (der.length <= (word32)buffSz) {
- XMEMCPY(buff, der.buffer, der.length);
- ret = der.length;
- }
- else {
- WOLFSSL_MSG("Bad der length");
- ret = BAD_FUNC_ARG;
- }
- }
-
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
-
- return ret;
-}
-
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-
-/* our KeyPemToDer password callback, password in userData */
-static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
-{
- (void)rw;
-
- if (userdata == NULL)
- return 0;
-
- XSTRNCPY(passwd, (char*)userdata, sz);
- return min((word32)sz, (word32)XSTRLEN((char*)userdata));
-}
-
-#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
-
-
-/* Return bytes written to buff or < 0 for error */
-int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
- int buffSz, const char* pass)
-{
- int eccKey = 0;
- int ret;
- buffer der;
-#ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
-#else
- EncryptedInfo info[1];
-#endif
-
- (void)pass;
-
- WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
-
- if (pem == NULL || buff == NULL || buffSz <= 0) {
- WOLFSSL_MSG("Bad pem der args");
- return BAD_FUNC_ARG;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (info == NULL)
- return MEMORY_E;
-#endif
-
- info->set = 0;
- info->ctx = NULL;
- info->consumed = 0;
- der.buffer = NULL;
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- if (pass) {
- info->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- if (info->ctx == NULL) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return MEMORY_E;
- }
-
- wolfSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb);
- wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
- }
-#endif
-
- ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
-
- if (info->ctx)
- wolfSSL_CTX_free(info->ctx);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (ret < 0) {
- WOLFSSL_MSG("Bad Pem To Der");
- }
- else {
- if (der.length <= (word32)buffSz) {
- XMEMCPY(buff, der.buffer, der.length);
- ret = der.length;
- }
- else {
- WOLFSSL_MSG("Bad der length");
- ret = BAD_FUNC_ARG;
- }
- }
-
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
-
- return ret;
-}
-
-
-#endif /* !NO_CERTS */
-
-
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-
-void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
-{
- char data[WOLFSSL_MAX_ERROR_SZ + 1];
-
- WOLFSSL_ENTER("wolfSSL_ERR_print_errors_fp");
- SetErrorString(err, data);
- fprintf(fp, "%s", data);
-}
-
-#endif
-
-
-int wolfSSL_pending(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_pending");
- return ssl->buffers.clearOutputBuffer.length;
-}
-
-
-#ifndef WOLFSSL_LEANPSK
-/* trun on handshake group messages for context */
-int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- ctx->groupMessages = 1;
-
- return SSL_SUCCESS;
-}
-#endif
-
-
-#ifndef NO_WOLFSSL_CLIENT
-/* connect enough to get peer cert chain */
-int wolfSSL_connect_cert(WOLFSSL* ssl)
-{
- int ret;
-
- if (ssl == NULL)
- return SSL_FAILURE;
-
- ssl->options.certOnly = 1;
- ret = wolfSSL_connect(ssl);
- ssl->options.certOnly = 0;
-
- return ret;
-}
-#endif
-
-
-#ifndef WOLFSSL_LEANPSK
-/* trun on handshake group messages for ssl object */
-int wolfSSL_set_group_messages(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- ssl->options.groupMessages = 1;
-
- return SSL_SUCCESS;
-}
-
-
-/* make minVersion the internal equivilant SSL version */
-static int SetMinVersionHelper(byte* minVersion, int version)
-{
- switch (version) {
-#ifndef NO_OLD_TLS
- case WOLFSSL_SSLV3:
- *minVersion = SSLv3_MINOR;
- break;
-#endif
-
-#ifndef NO_TLS
- #ifndef NO_OLD_TLS
- case WOLFSSL_TLSV1:
- *minVersion = TLSv1_MINOR;
- break;
-
- case WOLFSSL_TLSV1_1:
- *minVersion = TLSv1_1_MINOR;
- break;
- #endif
- case WOLFSSL_TLSV1_2:
- *minVersion = TLSv1_2_MINOR;
- break;
-#endif
-
- default:
- WOLFSSL_MSG("Bad function argument");
- return BAD_FUNC_ARG;
- }
-
- return SSL_SUCCESS;
-}
-
-
-/* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
-int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion");
-
- if (ctx == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return BAD_FUNC_ARG;
- }
-
- return SetMinVersionHelper(&ctx->minDowngrade, version);
-}
-
-
-/* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
-int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
-{
- WOLFSSL_ENTER("wolfSSL_SetMinVersion");
-
- if (ssl == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return BAD_FUNC_ARG;
- }
-
- return SetMinVersionHelper(&ssl->options.minDowngrade, version);
-}
-
-
-int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
-{
- byte haveRSA = 1;
- byte havePSK = 0;
-
- WOLFSSL_ENTER("wolfSSL_SetVersion");
-
- if (ssl == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return BAD_FUNC_ARG;
- }
-
- switch (version) {
-#ifndef NO_OLD_TLS
- case WOLFSSL_SSLV3:
- ssl->version = MakeSSLv3();
- break;
-#endif
-
-#ifndef NO_TLS
- #ifndef NO_OLD_TLS
- case WOLFSSL_TLSV1:
- ssl->version = MakeTLSv1();
- break;
-
- case WOLFSSL_TLSV1_1:
- ssl->version = MakeTLSv1_1();
- break;
- #endif
- case WOLFSSL_TLSV1_2:
- ssl->version = MakeTLSv1_2();
- break;
-#endif
-
- default:
- WOLFSSL_MSG("Bad function argument");
- return BAD_FUNC_ARG;
- }
-
- #ifdef NO_RSA
- haveRSA = 0;
- #endif
- #ifndef NO_PSK
- havePSK = ssl->options.havePSK;
- #endif
-
- InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
- ssl->options.haveNTRU, ssl->options.haveECDSAsig,
- ssl->options.haveStaticECC, ssl->options.side);
-
- return SSL_SUCCESS;
-}
-#endif /* !leanpsk */
-
-
-#if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
-
-/* Make a work from the front of random hash */
-static INLINE word32 MakeWordFromHash(const byte* hashID)
-{
- return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
- hashID[3];
-}
-
-#endif /* !NO_CERTS || !NO_SESSION_CACHE */
-
-
-#ifndef NO_CERTS
-
-/* hash is the SHA digest of name, just use first 32 bits as hash */
-static INLINE word32 HashSigner(const byte* hash)
-{
- return MakeWordFromHash(hash) % CA_TABLE_SIZE;
-}
-
-
-/* does CA already exist on signer list */
-int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
-{
- Signer* signers;
- int ret = 0;
- word32 row = HashSigner(hash);
-
- if (LockMutex(&cm->caLock) != 0)
- return ret;
- signers = cm->caTable[row];
- while (signers) {
- byte* subjectHash;
- #ifndef NO_SKID
- subjectHash = signers->subjectKeyIdHash;
- #else
- subjectHash = signers->subjectNameHash;
- #endif
- if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
- ret = 1;
- break;
- }
- signers = signers->next;
- }
- UnLockMutex(&cm->caLock);
-
- return ret;
-}
-
-
-/* return CA if found, otherwise NULL */
-Signer* GetCA(void* vp, byte* hash)
-{
- WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
- Signer* ret = NULL;
- Signer* signers;
- word32 row = HashSigner(hash);
-
- if (cm == NULL)
- return NULL;
-
- if (LockMutex(&cm->caLock) != 0)
- return ret;
-
- signers = cm->caTable[row];
- while (signers) {
- byte* subjectHash;
- #ifndef NO_SKID
- subjectHash = signers->subjectKeyIdHash;
- #else
- subjectHash = signers->subjectNameHash;
- #endif
- if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
- ret = signers;
- break;
- }
- signers = signers->next;
- }
- UnLockMutex(&cm->caLock);
-
- return ret;
-}
-
-
-#ifndef NO_SKID
-/* return CA if found, otherwise NULL. Walk through hash table. */
-Signer* GetCAByName(void* vp, byte* hash)
-{
- WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
- Signer* ret = NULL;
- Signer* signers;
- word32 row;
-
- if (cm == NULL)
- return NULL;
-
- if (LockMutex(&cm->caLock) != 0)
- return ret;
-
- for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
- signers = cm->caTable[row];
- while (signers && ret == NULL) {
- if (XMEMCMP(hash,
- signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) {
- ret = signers;
- }
- signers = signers->next;
- }
- }
- UnLockMutex(&cm->caLock);
-
- return ret;
-}
-#endif
-
-
-/* owns der, internal now uses too */
-/* type flag ids from user or from chain received during verify
- don't allow chain ones to be added w/o isCA extension */
-int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
-{
- int ret;
- Signer* signer = 0;
- word32 row;
- byte* subjectHash;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
-#else
- DecodedCert cert[1];
-#endif
-
- WOLFSSL_MSG("Adding a CA");
-
-#ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL)
- return MEMORY_E;
-#endif
-
- InitDecodedCert(cert, der.buffer, der.length, cm->heap);
- ret = ParseCert(cert, CA_TYPE, verify, cm);
- WOLFSSL_MSG(" Parsed new CA");
-
-#ifndef NO_SKID
- subjectHash = cert->extSubjKeyId;
-#else
- subjectHash = cert->subjectHash;
-#endif
-
- if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
- WOLFSSL_MSG(" Can't add as CA if not actually one");
- ret = NOT_CA_ERROR;
- }
-#ifndef ALLOW_INVALID_CERTSIGN
- else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
- (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
- /* Intermediate CA certs are required to have the keyCertSign
- * extension set. User loaded root certs are not. */
- WOLFSSL_MSG(" Doesn't have key usage certificate signing");
- ret = NOT_CA_ERROR;
- }
-#endif
- else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
- WOLFSSL_MSG(" Already have this CA, not adding again");
- (void)ret;
- }
- else if (ret == 0) {
- /* take over signer parts */
- signer = MakeSigner(cm->heap);
- if (!signer)
- ret = MEMORY_ERROR;
- else {
- signer->keyOID = cert->keyOID;
- signer->publicKey = cert->publicKey;
- signer->pubKeySize = cert->pubKeySize;
- signer->nameLen = cert->subjectCNLen;
- signer->name = cert->subjectCN;
- #ifndef IGNORE_NAME_CONSTRAINTS
- signer->permittedNames = cert->permittedNames;
- signer->excludedNames = cert->excludedNames;
- #endif
- #ifndef NO_SKID
- XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
- SIGNER_DIGEST_SIZE);
- #endif
- XMEMCPY(signer->subjectNameHash, cert->subjectHash,
- SIGNER_DIGEST_SIZE);
- signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
- : 0xFFFF;
- signer->next = NULL; /* If Key Usage not set, all uses valid. */
- cert->publicKey = 0; /* in case lock fails don't free here. */
- cert->subjectCN = 0;
- #ifndef IGNORE_NAME_CONSTRAINTS
- cert->permittedNames = NULL;
- cert->excludedNames = NULL;
- #endif
-
- #ifndef NO_SKID
- row = HashSigner(signer->subjectKeyIdHash);
- #else
- row = HashSigner(signer->subjectNameHash);
- #endif
-
- if (LockMutex(&cm->caLock) == 0) {
- signer->next = cm->caTable[row];
- cm->caTable[row] = signer; /* takes ownership */
- UnLockMutex(&cm->caLock);
- if (cm->caCacheCallback)
- cm->caCacheCallback(der.buffer, (int)der.length, type);
- }
- else {
- WOLFSSL_MSG(" CA Mutex Lock failed");
- ret = BAD_MUTEX_E;
- FreeSigner(signer, cm->heap);
- }
- }
- }
-
- WOLFSSL_MSG(" Freeing Parsed CA");
- FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- WOLFSSL_MSG(" Freeing der CA");
- XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA);
- WOLFSSL_MSG(" OK Freeing der CA");
-
- WOLFSSL_LEAVE("AddCA", ret);
-
- return ret == 0 ? SSL_SUCCESS : ret;
-}
-
-#endif /* !NO_CERTS */
-
-
-#ifndef NO_SESSION_CACHE
-
- /* basic config gives a cache with 33 sessions, adequate for clients and
- embedded servers
-
- MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
- aren't under heavy load, basically allows 200 new sessions per minute
-
- BIG_SESSION_CACHE yields 20,027 sessions
-
- HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
- allows over 13,000 new sessions per minute or over 200 new sessions per
- second
-
- SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
- or systems where the default of nearly 3kB is too much RAM, this define
- uses less than 500 bytes RAM
-
- default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
- */
- #ifdef HUGE_SESSION_CACHE
- #define SESSIONS_PER_ROW 11
- #define SESSION_ROWS 5981
- #elif defined(BIG_SESSION_CACHE)
- #define SESSIONS_PER_ROW 7
- #define SESSION_ROWS 2861
- #elif defined(MEDIUM_SESSION_CACHE)
- #define SESSIONS_PER_ROW 5
- #define SESSION_ROWS 211
- #elif defined(SMALL_SESSION_CACHE)
- #define SESSIONS_PER_ROW 2
- #define SESSION_ROWS 3
- #else
- #define SESSIONS_PER_ROW 3
- #define SESSION_ROWS 11
- #endif
-
- typedef struct SessionRow {
- int nextIdx; /* where to place next one */
- int totalCount; /* sessions ever on this row */
- WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW];
- } SessionRow;
-
- static SessionRow SessionCache[SESSION_ROWS];
-
- #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
- static word32 PeakSessions;
- #endif
-
- static wolfSSL_Mutex session_mutex; /* SessionCache mutex */
-
- #ifndef NO_CLIENT_CACHE
-
- typedef struct ClientSession {
- word16 serverRow; /* SessionCache Row id */
- word16 serverIdx; /* SessionCache Idx (column) */
- } ClientSession;
-
- typedef struct ClientRow {
- int nextIdx; /* where to place next one */
- int totalCount; /* sessions ever on this row */
- ClientSession Clients[SESSIONS_PER_ROW];
- } ClientRow;
-
- static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
- /* uses session mutex */
- #endif /* NO_CLIENT_CACHE */
-
-#endif /* NO_SESSION_CACHE */
-
-
-int wolfSSL_Init(void)
-{
- int ret = SSL_SUCCESS;
-
- WOLFSSL_ENTER("wolfSSL_Init");
-
- if (initRefCount == 0) {
-#ifndef NO_SESSION_CACHE
- if (InitMutex(&session_mutex) != 0)
- ret = BAD_MUTEX_E;
-#endif
- if (InitMutex(&count_mutex) != 0)
- ret = BAD_MUTEX_E;
- }
- if (ret == SSL_SUCCESS) {
- if (LockMutex(&count_mutex) != 0) {
- WOLFSSL_MSG("Bad Lock Mutex count");
- return BAD_MUTEX_E;
- }
- initRefCount++;
- UnLockMutex(&count_mutex);
- }
-
- return ret;
-}
-
-
-#ifndef NO_CERTS
-
-static const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
-static const char* END_CERT = "-----END CERTIFICATE-----";
-static const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
-static const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
-static const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
-static const char* END_DH_PARAM = "-----END DH PARAMETERS-----";
-static const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
-static const char* END_X509_CRL = "-----END X509 CRL-----";
-static const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
-static const char* END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
-static const char* BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
-static const char* END_PRIV_KEY = "-----END PRIVATE KEY-----";
-static const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
-static const char* END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
-static const char* BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
-static const char* END_EC_PRIV = "-----END EC PRIVATE KEY-----";
-static const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
-static const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
-
-/* Remove PEM header/footer, convert to ASN1, store any encrypted data
- info->consumed tracks of PEM bytes consumed in case multiple parts */
-int PemToDer(const unsigned char* buff, long longSz, int type,
- buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
-{
- const char* header = NULL;
- const char* footer = NULL;
- char* headerEnd;
- char* footerEnd;
- char* consumedEnd;
- char* bufferEnd = (char*)(buff + longSz);
- long neededSz;
- int ret = 0;
- int dynamicType = 0;
- int sz = (int)longSz;
-
- switch (type) {
- case CA_TYPE: /* same as below */
- case CERT_TYPE: header= BEGIN_CERT; footer= END_CERT; break;
- case CRL_TYPE: header= BEGIN_X509_CRL; footer= END_X509_CRL; break;
- case DH_PARAM_TYPE: header= BEGIN_DH_PARAM; footer= END_DH_PARAM; break;
- case CERTREQ_TYPE: header= BEGIN_CERT_REQ; footer= END_CERT_REQ; break;
- default: header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
- }
-
- switch (type) {
- case CA_TYPE: dynamicType = DYNAMIC_TYPE_CA; break;
- case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break;
- case CRL_TYPE: dynamicType = DYNAMIC_TYPE_CRL; break;
- default: dynamicType = DYNAMIC_TYPE_KEY; break;
- }
-
- /* find header */
- for (;;) {
- headerEnd = XSTRNSTR((char*)buff, header, sz);
-
- if (headerEnd || type != PRIVATEKEY_TYPE) {
- break;
- } else if (header == BEGIN_RSA_PRIV) {
- header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
- } else if (header == BEGIN_PRIV_KEY) {
- header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
- } else if (header == BEGIN_ENC_PRIV_KEY) {
- header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
- } else if (header == BEGIN_EC_PRIV) {
- header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
- } else
- break;
- }
-
- if (!headerEnd) {
- WOLFSSL_MSG("Couldn't find PEM header");
- return SSL_NO_PEM_HEADER;
- }
-
- headerEnd += XSTRLEN(header);
-
- /* eat end of line */
- if (headerEnd[0] == '\n')
- headerEnd++;
- else if (headerEnd[1] == '\n')
- headerEnd += 2;
- else
- return SSL_BAD_FILE;
-
- if (type == PRIVATEKEY_TYPE) {
- if (eccKey)
- *eccKey = header == BEGIN_EC_PRIV;
- }
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- {
- /* remove encrypted header if there */
- char encHeader[] = "Proc-Type";
- char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN);
- if (line) {
- char* newline;
- char* finish;
- char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
-
- if (!start)
- start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
-
- if (!start) return SSL_BAD_FILE;
- if (!info) return SSL_BAD_FILE;
-
- finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
-
- if (start && finish && (start < finish)) {
- newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
-
- XMEMCPY(info->name, start, finish - start);
- info->name[finish - start] = 0;
- XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
-
- if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
- if (newline && (newline > finish)) {
- info->ivSz = (word32)(newline - (finish + 1));
- info->set = 1;
- }
- else
- return SSL_BAD_FILE;
- }
- else
- return SSL_BAD_FILE;
-
- /* eat blank line */
- while (*newline == '\r' || *newline == '\n')
- newline++;
- headerEnd = newline;
- }
- }
-#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
-
- /* find footer */
- footerEnd = XSTRNSTR((char*)buff, footer, sz);
- if (!footerEnd)
- return SSL_BAD_FILE;
-
- consumedEnd = footerEnd + XSTRLEN(footer);
-
- if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
- /* eat end of line */
- if (consumedEnd[0] == '\n')
- consumedEnd++;
- else if (consumedEnd[1] == '\n')
- consumedEnd += 2;
- else
- return SSL_BAD_FILE;
- }
-
- if (info)
- info->consumed = (long)(consumedEnd - (char*)buff);
-
- /* set up der buffer */
- neededSz = (long)(footerEnd - headerEnd);
- if (neededSz > sz || neededSz < 0)
- return SSL_BAD_FILE;
-
- der->buffer = (byte*)XMALLOC(neededSz, heap, dynamicType);
- if (!der->buffer)
- return MEMORY_ERROR;
-
- der->length = (word32)neededSz;
-
- if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
- &der->length) < 0)
- return SSL_BAD_FILE;
-
- if (header == BEGIN_PRIV_KEY) {
- /* pkcs8 key, convert and adjust length */
- if ((ret = ToTraditional(der->buffer, der->length)) < 0)
- return ret;
-
- der->length = ret;
- return 0;
- }
-
-#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
- if (header == BEGIN_ENC_PRIV_KEY) {
- int passwordSz;
- #ifdef WOLFSSL_SMALL_STACK
- char* password = NULL;
- #else
- char password[80];
- #endif
-
- if (!info || !info->ctx || !info->ctx->passwd_cb)
- return SSL_BAD_FILE; /* no callback error */
-
- #ifdef WOLFSSL_SMALL_STACK
- password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (password == NULL)
- return MEMORY_E;
- #endif
- passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
- info->ctx->userdata);
- /* convert and adjust length */
- ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz);
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- if (ret < 0)
- return ret;
-
- der->length = ret;
- return 0;
- }
-#endif
-
- return 0;
-}
-
-
-/* process the buffer buff, legnth sz, into ctx of format and type
- used tracks bytes consumed, userChain specifies a user cert chain
- to pass during the handshake */
-static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
- long sz, int format, int type, WOLFSSL* ssl,
- long* used, int userChain)
-{
- buffer der; /* holds DER or RAW (for NTRU) */
- int ret;
- int dynamicType = 0;
- int eccKey = 0;
- int rsaKey = 0;
- void* heap = ctx ? ctx->heap : NULL;
-#ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
-#else
- EncryptedInfo info[1];
-#endif
-
- (void)dynamicType;
- (void)rsaKey;
-
- if (used)
- *used = sz; /* used bytes default to sz, PEM chain may shorten*/
-
- if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
- && format != SSL_FILETYPE_RAW)
- return SSL_BAD_FILETYPE;
-
- if (ctx == NULL && ssl == NULL)
- return BAD_FUNC_ARG;
-
- if (type == CA_TYPE)
- dynamicType = DYNAMIC_TYPE_CA;
- else if (type == CERT_TYPE)
- dynamicType = DYNAMIC_TYPE_CERT;
- else
- dynamicType = DYNAMIC_TYPE_KEY;
-
-#ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (info == NULL)
- return MEMORY_E;
-#endif
-
- info->set = 0;
- info->ctx = ctx;
- info->consumed = 0;
- der.buffer = 0;
-
- if (format == SSL_FILETYPE_PEM) {
- ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der.buffer, heap, dynamicType);
- return ret;
- }
-
- if (used)
- *used = info->consumed;
-
- /* we may have a user cert chain, try to consume */
- if (userChain && type == CERT_TYPE && info->consumed < sz) {
- #ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; /* force heap usage */
- #else
- byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
- #endif
- byte* chainBuffer = staticBuffer;
- byte* shrinked = NULL; /* shrinked to size chainBuffer
- * or staticBuffer */
- int dynamicBuffer = 0;
- word32 bufferSz = sizeof(staticBuffer);
- long consumed = info->consumed;
- word32 idx = 0;
- int gotOne = 0;
-
- if ( (sz - consumed) > (int)bufferSz) {
- WOLFSSL_MSG("Growing Tmp Chain Buffer");
- bufferSz = (word32)(sz - consumed);
- /* will shrink to actual size */
- chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
- if (chainBuffer == NULL) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der.buffer, heap, dynamicType);
- return MEMORY_E;
- }
- dynamicBuffer = 1;
- }
-
- WOLFSSL_MSG("Processing Cert Chain");
- while (consumed < sz) {
- buffer part;
- info->consumed = 0;
- part.buffer = 0;
-
- ret = PemToDer(buff + consumed, sz - consumed, type, &part,
- heap, info, &eccKey);
- if (ret == 0) {
- gotOne = 1;
- if ( (idx + part.length) > bufferSz) {
- WOLFSSL_MSG(" Cert Chain bigger than buffer");
- ret = BUFFER_E;
- }
- else {
- c32to24(part.length, &chainBuffer[idx]);
- idx += CERT_HEADER_SZ;
- XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
- idx += part.length;
- consumed += info->consumed;
- if (used)
- *used += info->consumed;
- }
- }
-
- XFREE(part.buffer, heap, dynamicType);
-
- if (ret == SSL_NO_PEM_HEADER && gotOne) {
- WOLFSSL_MSG("We got one good PEM so stuff at end ok");
- break;
- }
-
- if (ret < 0) {
- WOLFSSL_MSG(" Error in Cert in Chain");
- if (dynamicBuffer)
- XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der.buffer, heap, dynamicType);
- return ret;
- }
- WOLFSSL_MSG(" Consumed another Cert in Chain");
- }
- WOLFSSL_MSG("Finished Processing Cert Chain");
-
- /* only retain actual size used */
- shrinked = (byte*)XMALLOC(idx, heap, dynamicType);
- if (shrinked) {
- if (ssl) {
- if (ssl->buffers.certChain.buffer &&
- ssl->buffers.weOwnCertChain) {
- XFREE(ssl->buffers.certChain.buffer, heap,
- dynamicType);
- }
- ssl->buffers.certChain.buffer = shrinked;
- ssl->buffers.certChain.length = idx;
- XMEMCPY(ssl->buffers.certChain.buffer, chainBuffer,idx);
- ssl->buffers.weOwnCertChain = 1;
- } else if (ctx) {
- if (ctx->certChain.buffer)
- XFREE(ctx->certChain.buffer, heap, dynamicType);
- ctx->certChain.buffer = shrinked;
- ctx->certChain.length = idx;
- XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
- }
- }
-
- if (dynamicBuffer)
- XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
-
- if (shrinked == NULL) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der.buffer, heap, dynamicType);
- return MEMORY_E;
- }
- }
- }
- else { /* ASN1 (DER) or RAW (NTRU) */
- der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
- if (!der.buffer) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return MEMORY_ERROR;
- }
-
- XMEMCPY(der.buffer, buff, sz);
- der.length = (word32)sz;
- }
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- if (info->set) {
- /* decrypt */
- int passwordSz;
-#ifdef WOLFSSL_SMALL_STACK
- char* password = NULL;
- byte* key = NULL;
- byte* iv = NULL;
-#else
- char password[80];
- byte key[AES_256_KEY_SIZE];
- #ifndef NO_MD5
- byte iv[AES_IV_SIZE];
- #endif
-#endif
-
- #ifdef WOLFSSL_SMALL_STACK
- password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- iv = (byte*)XMALLOC(AES_IV_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
-
- if (password == NULL || key == NULL || iv == NULL) {
- XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ret = MEMORY_E;
- }
- else
- #endif
- if (!ctx || !ctx->passwd_cb) {
- ret = NO_PASSWORD;
- }
- else {
- passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
- ctx->userdata);
-
- /* use file's salt for key derivation, hex decode first */
- if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz)
- != 0) {
- ret = ASN_INPUT_E;
- }
-#ifndef NO_MD5
- else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
- (byte*)password, passwordSz, 1, key, iv)) <= 0) {
- /* empty */
- }
-#endif
-#ifndef NO_DES3
- else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) {
- ret = wc_Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, info->iv);
- }
- else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 13) == 0) {
- ret = wc_Des3_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, info->iv);
- }
-#endif
-#ifndef NO_AES
- else if (XSTRNCMP(info->name, "AES-128-CBC", 13) == 0) {
- ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, AES_128_KEY_SIZE, info->iv);
- }
- else if (XSTRNCMP(info->name, "AES-192-CBC", 13) == 0) {
- ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, AES_192_KEY_SIZE, info->iv);
- }
- else if (XSTRNCMP(info->name, "AES-256-CBC", 13) == 0) {
- ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, AES_256_KEY_SIZE, info->iv);
- }
-#endif
- else {
- ret = SSL_BAD_FILE;
- }
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- if (ret != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der.buffer, heap, dynamicType);
- return ret;
- }
- }
-#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (type == CA_TYPE) {
- if (ctx == NULL) {
- WOLFSSL_MSG("Need context for CA load");
- XFREE(der.buffer, heap, dynamicType);
- return BAD_FUNC_ARG;
- }
- return AddCA(ctx->cm, der, WOLFSSL_USER_CA, ctx->verifyPeer);
- /* takes der over */
- }
- else if (type == CERT_TYPE) {
- if (ssl) {
- if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
- XFREE(ssl->buffers.certificate.buffer, heap, dynamicType);
- ssl->buffers.certificate = der;
- ssl->buffers.weOwnCert = 1;
- }
- else if (ctx) {
- if (ctx->certificate.buffer)
- XFREE(ctx->certificate.buffer, heap, dynamicType);
- ctx->certificate = der; /* takes der over */
- }
- }
- else if (type == PRIVATEKEY_TYPE) {
- if (ssl) {
- if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
- XFREE(ssl->buffers.key.buffer, heap, dynamicType);
- ssl->buffers.key = der;
- ssl->buffers.weOwnKey = 1;
- }
- else if (ctx) {
- if (ctx->privateKey.buffer)
- XFREE(ctx->privateKey.buffer, heap, dynamicType);
- ctx->privateKey = der; /* takes der over */
- }
- }
- else {
- XFREE(der.buffer, heap, dynamicType);
- return SSL_BAD_CERTTYPE;
- }
-
- if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
- #ifndef NO_RSA
- if (!eccKey) {
- /* make sure RSA key can be used */
- word32 idx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey* key = NULL;
- #else
- RsaKey key[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- return MEMORY_E;
- #endif
-
- ret = wc_InitRsaKey(key, 0);
- if (ret == 0) {
- if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) !=
- 0) {
- #ifdef HAVE_ECC
- /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
- eccKey = 1; /* so try it out */
- #endif
- if (!eccKey)
- ret = SSL_BAD_FILE;
- } else {
- rsaKey = 1;
- (void)rsaKey; /* for no ecc builds */
- }
- }
-
- wc_FreeRsaKey(key);
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- if (ret != 0)
- return ret;
- }
- #endif
- #ifdef HAVE_ECC
- if (!rsaKey) {
- /* make sure ECC key can be used */
- word32 idx = 0;
- ecc_key key;
-
- wc_ecc_init(&key);
- if (wc_EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
- wc_ecc_free(&key);
- return SSL_BAD_FILE;
- }
- wc_ecc_free(&key);
- eccKey = 1;
- if (ctx)
- ctx->haveStaticECC = 1;
- if (ssl)
- ssl->options.haveStaticECC = 1;
- }
- #endif /* HAVE_ECC */
- }
- else if (type == CERT_TYPE) {
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
- #else
- DecodedCert cert[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL)
- return MEMORY_E;
- #endif
-
- WOLFSSL_MSG("Checking cert signature type");
- InitDecodedCert(cert, der.buffer, der.length, heap);
-
- if (DecodeToKey(cert, 0) < 0) {
- WOLFSSL_MSG("Decode to key failed");
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return SSL_BAD_FILE;
- }
- switch (cert->signatureOID) {
- case CTC_SHAwECDSA:
- case CTC_SHA256wECDSA:
- case CTC_SHA384wECDSA:
- case CTC_SHA512wECDSA:
- WOLFSSL_MSG("ECDSA cert signature");
- if (ctx)
- ctx->haveECDSAsig = 1;
- if (ssl)
- ssl->options.haveECDSAsig = 1;
- break;
- default:
- WOLFSSL_MSG("Not ECDSA cert signature");
- break;
- }
-
- #ifdef HAVE_ECC
- if (ctx)
- ctx->pkCurveOID = cert->pkCurveOID;
- if (ssl)
- ssl->pkCurveOID = cert->pkCurveOID;
- #endif
-
- FreeDecodedCert(cert);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
-
- return SSL_SUCCESS;
-}
-
-
-/* CA PEM file for verification, may have multiple/chain certs to process */
-static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
- long sz, int format, int type, WOLFSSL* ssl)
-{
- long used = 0;
- int ret = 0;
- int gotOne = 0;
-
- WOLFSSL_MSG("Processing CA PEM file");
- while (used < sz) {
- long consumed = 0;
-
- ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
- &consumed, 0);
-
- if (ret == SSL_NO_PEM_HEADER && gotOne) {
- WOLFSSL_MSG("We got one good PEM file so stuff at end ok");
- ret = SSL_SUCCESS;
- break;
- }
-
- if (ret < 0)
- break;
-
- WOLFSSL_MSG(" Processed a CA");
- gotOne = 1;
- used += consumed;
- }
-
- return ret;
-}
-
-
-/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
-int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
- long sz, int format)
-{
- int ret = 0;
- buffer der;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
-#else
- DecodedCert cert[1];
-#endif
-
- WOLFSSL_ENTER("wolfSSL_CertManagerVerifyBuffer");
-
-#ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL)
- return MEMORY_E;
-#endif
-
- der.buffer = NULL;
- der.length = 0;
-
- if (format == SSL_FILETYPE_PEM) {
- int eccKey = 0; /* not used */
- #ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
- #else
- EncryptedInfo info[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (info == NULL) {
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #endif
-
- info->set = 0;
- info->ctx = NULL;
- info->consumed = 0;
-
- ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
-
- if (ret == 0)
- InitDecodedCert(cert, der.buffer, der.length, cm->heap);
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- else
- InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
-
- if (ret == 0)
- ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
-
-#ifdef HAVE_CRL
- if (ret == 0 && cm->crlEnabled)
- ret = CheckCertCRL(cm->crl, cert);
-#endif
-
- FreeDecodedCert(cert);
-
- XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret == 0 ? SSL_SUCCESS : ret;
-}
-
-
-/* turn on OCSP if off and compiled in, set options */
-int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
-{
- int ret = SSL_SUCCESS;
-
- (void)options;
-
- WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSP");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- #ifdef HAVE_OCSP
- if (cm->ocsp == NULL) {
- cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
- DYNAMIC_TYPE_OCSP);
- if (cm->ocsp == NULL)
- return MEMORY_E;
-
- if (InitOCSP(cm->ocsp, cm) != 0) {
- WOLFSSL_MSG("Init OCSP failed");
- FreeOCSP(cm->ocsp, 1);
- cm->ocsp = NULL;
- return SSL_FAILURE;
- }
- }
- cm->ocspEnabled = 1;
- if (options & WOLFSSL_OCSP_URL_OVERRIDE)
- cm->ocspUseOverrideURL = 1;
- if (options & WOLFSSL_OCSP_NO_NONCE)
- cm->ocspSendNonce = 0;
- else
- cm->ocspSendNonce = 1;
- if (options & WOLFSSL_OCSP_CHECKALL)
- cm->ocspCheckAll = 1;
- #ifndef WOLFSSL_USER_IO
- cm->ocspIOCb = EmbedOcspLookup;
- cm->ocspRespFreeCb = EmbedOcspRespFree;
- #endif /* WOLFSSL_USER_IO */
- #else
- ret = NOT_COMPILED_IN;
- #endif
-
- return ret;
-}
-
-
-int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSP");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- cm->ocspEnabled = 0;
-
- return SSL_SUCCESS;
-}
-
-
-#ifdef HAVE_OCSP
-
-
-/* check CRL if enabled, SSL_SUCCESS */
-int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
-{
- int ret;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
-#else
- DecodedCert cert[1];
-#endif
-
- WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP");
-
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- if (cm->ocspEnabled == 0)
- return SSL_SUCCESS;
-
-#ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL)
- return MEMORY_E;
-#endif
-
- InitDecodedCert(cert, der, sz, NULL);
-
- if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
- WOLFSSL_MSG("ParseCert failed");
- }
- else if ((ret = CheckCertOCSP(cm->ocsp, cert)) != 0) {
- WOLFSSL_MSG("CheckCertOCSP failed");
- }
-
- FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret == 0 ? SSL_SUCCESS : ret;
-}
-
-
-int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
- const char* url)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- XFREE(cm->ocspOverrideURL, cm->heap, 0);
- if (url != NULL) {
- int urlSz = (int)XSTRLEN(url) + 1;
- cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, 0);
- if (cm->ocspOverrideURL != NULL) {
- XMEMCPY(cm->ocspOverrideURL, url, urlSz);
- }
- else
- return MEMORY_E;
- }
- else
- cm->ocspOverrideURL = NULL;
-
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSP_Cb");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- cm->ocspIOCb = ioCb;
- cm->ocspRespFreeCb = respFreeCb;
- cm->ocspIOCtx = ioCbCtx;
-
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
-{
- WOLFSSL_ENTER("wolfSSL_EnableOCSP");
- if (ssl)
- return wolfSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_DisableOCSP(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("wolfSSL_DisableOCSP");
- if (ssl)
- return wolfSSL_CertManagerDisableOCSP(ssl->ctx->cm);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
-{
- WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
- if (ssl)
- return wolfSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
-{
- WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
- if (ssl)
- return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
- ioCb, respFreeCb, ioCbCtx);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
- if (ctx)
- return wolfSSL_CertManagerEnableOCSP(ctx->cm, options);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP");
- if (ctx)
- return wolfSSL_CertManagerDisableOCSP(ctx->cm);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
-{
- WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
- if (ctx)
- return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
- if (ctx)
- return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
- else
- return BAD_FUNC_ARG;
-}
-
-
-#endif /* HAVE_OCSP */
-
-
-#ifndef NO_FILESYSTEM
-
- #if defined(WOLFSSL_MDK_ARM)
- extern FILE * wolfSSL_fopen(const char *name, const char *mode) ;
- #define XFOPEN wolfSSL_fopen
- #else
- #define XFOPEN fopen
- #endif
-
-/* process a file with name fname into ctx of format and type
- userChain specifies a user certificate chain to pass during handshake */
-int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
- WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl)
-{
-#ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; /* force heap usage */
-#else
- byte staticBuffer[FILE_BUFFER_SIZE];
-#endif
- byte* myBuffer = staticBuffer;
- int dynamic = 0;
- int ret;
- long sz = 0;
- XFILE file;
- void* heapHint = ctx ? ctx->heap : NULL;
-
- (void)crl;
- (void)heapHint;
-
- if (fname == NULL) return SSL_BAD_FILE;
-
- file = XFOPEN(fname, "rb");
- if (file == XBADFILE) return SSL_BAD_FILE;
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
-
- if (sz > (long)sizeof(staticBuffer)) {
- WOLFSSL_MSG("Getting dynamic buffer");
- myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
- if (myBuffer == NULL) {
- XFCLOSE(file);
- return SSL_BAD_FILE;
- }
- dynamic = 1;
- }
- else if (sz < 0) {
- XFCLOSE(file);
- return SSL_BAD_FILE;
- }
-
- if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
- ret = SSL_BAD_FILE;
- else {
- if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
- ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
-#ifdef HAVE_CRL
- else if (type == CRL_TYPE)
- ret = BufferLoadCRL(crl, myBuffer, sz, format);
-#endif
- else
- ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
- userChain);
- }
-
- XFCLOSE(file);
- if (dynamic)
- XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
-
- return ret;
-}
-
-
-/* loads file then loads each file in path, no c_rehash */
-int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
- const char* path)
-{
- int ret = SSL_SUCCESS;
-
- WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations");
- (void)path;
-
- if (ctx == NULL || (file == NULL && path == NULL) )
- return SSL_FAILURE;
-
- if (file)
- ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
-
- if (ret == SSL_SUCCESS && path) {
- /* try to load each regular file in path */
- #ifdef USE_WINDOWS_API
- WIN32_FIND_DATAA FindFileData;
- HANDLE hFind;
- #ifdef WOLFSSL_SMALL_STACK
- char* name = NULL;
- #else
- char name[MAX_FILENAME_SZ];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (name == NULL)
- return MEMORY_E;
- #endif
-
- XMEMSET(name, 0, MAX_FILENAME_SZ);
- XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
- XSTRNCAT(name, "\\*", 3);
-
- hFind = FindFirstFileA(name, &FindFileData);
- if (hFind == INVALID_HANDLE_VALUE) {
- WOLFSSL_MSG("FindFirstFile for path verify locations failed");
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BAD_PATH_ERROR;
- }
-
- do {
- if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
- XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
- XSTRNCAT(name, "\\", 2);
- XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
-
- ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
- NULL);
- }
- } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- FindClose(hFind);
- #elif !defined(NO_WOLFSSL_DIR)
- struct dirent* entry;
- DIR* dir = opendir(path);
- #ifdef WOLFSSL_SMALL_STACK
- char* name = NULL;
- #else
- char name[MAX_FILENAME_SZ];
- #endif
-
- if (dir == NULL) {
- WOLFSSL_MSG("opendir path verify locations failed");
- return BAD_PATH_ERROR;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (name == NULL)
- return MEMORY_E;
- #endif
-
- while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
- struct stat s;
-
- XMEMSET(name, 0, MAX_FILENAME_SZ);
- XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
- XSTRNCAT(name, "/", 1);
- XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
-
- if (stat(name, &s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- ret = BAD_PATH_ERROR;
- } else if (s.st_mode & S_IFREG)
- ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
- NULL);
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- closedir(dir);
- #endif
- }
-
- return ret;
-}
-
-
-/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
-int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
- int format)
-{
- int ret = SSL_FATAL_ERROR;
-#ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; /* force heap usage */
-#else
- byte staticBuffer[FILE_BUFFER_SIZE];
-#endif
- byte* myBuffer = staticBuffer;
- int dynamic = 0;
- long sz = 0;
- XFILE file = XFOPEN(fname, "rb");
-
- WOLFSSL_ENTER("wolfSSL_CertManagerVerify");
-
- if (file == XBADFILE) return SSL_BAD_FILE;
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
-
- if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
- WOLFSSL_MSG("CertManagerVerify file bad size");
- XFCLOSE(file);
- return SSL_BAD_FILE;
- }
-
- if (sz > (long)sizeof(staticBuffer)) {
- WOLFSSL_MSG("Getting dynamic buffer");
- myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
- if (myBuffer == NULL) {
- XFCLOSE(file);
- return SSL_BAD_FILE;
- }
- dynamic = 1;
- }
-
- if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
- ret = SSL_BAD_FILE;
- else
- ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
-
- XFCLOSE(file);
- if (dynamic)
- XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
-
- return ret;
-}
-
-
-static INLINE WOLFSSL_METHOD* cm_pick_method(void)
-{
- #ifndef NO_WOLFSSL_CLIENT
- #ifdef NO_OLD_TLS
- return wolfTLSv1_2_client_method();
- #else
- return wolfSSLv3_client_method();
- #endif
- #elif !defined(NO_WOLFSSL_SERVER)
- #ifdef NO_OLD_TLS
- return wolfTLSv1_2_server_method();
- #else
- return wolfSSLv3_server_method();
- #endif
- #else
- return NULL;
- #endif
-}
-
-
-/* like load verify locations, 1 for success, < 0 for error */
-int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
- const char* path)
-{
- int ret = SSL_FATAL_ERROR;
- WOLFSSL_CTX* tmp;
-
- WOLFSSL_ENTER("wolfSSL_CertManagerLoadCA");
-
- if (cm == NULL) {
- WOLFSSL_MSG("No CertManager error");
- return ret;
- }
- tmp = wolfSSL_CTX_new(cm_pick_method());
-
- if (tmp == NULL) {
- WOLFSSL_MSG("CTX new failed");
- return ret;
- }
-
- /* for tmp use */
- wolfSSL_CertManagerFree(tmp->cm);
- tmp->cm = cm;
-
- ret = wolfSSL_CTX_load_verify_locations(tmp, file, path);
-
- /* don't loose our good one */
- tmp->cm = NULL;
- wolfSSL_CTX_free(tmp);
-
- return ret;
-}
-
-
-
-/* turn on CRL if off and compiled in, set options */
-int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
-{
- int ret = SSL_SUCCESS;
-
- (void)options;
-
- WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- #ifdef HAVE_CRL
- if (cm->crl == NULL) {
- cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
- DYNAMIC_TYPE_CRL);
- if (cm->crl == NULL)
- return MEMORY_E;
-
- if (InitCRL(cm->crl, cm) != 0) {
- WOLFSSL_MSG("Init CRL failed");
- FreeCRL(cm->crl, 1);
- cm->crl = NULL;
- return SSL_FAILURE;
- }
- }
- cm->crlEnabled = 1;
- if (options & WOLFSSL_CRL_CHECKALL)
- cm->crlCheckAll = 1;
- #else
- ret = NOT_COMPILED_IN;
- #endif
-
- return ret;
-}
-
-
-int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- cm->crlEnabled = 0;
-
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_CTX_check_private_key(WOLFSSL_CTX* ctx)
-{
- /* TODO: check private against public for RSA match */
- (void)ctx;
- WOLFSSL_ENTER("SSL_CTX_check_private_key");
- return SSL_SUCCESS;
-}
-
-
-#ifdef HAVE_CRL
-
-
-/* check CRL if enabled, SSL_SUCCESS */
-int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
-#else
- DecodedCert cert[1];
-#endif
-
- WOLFSSL_ENTER("wolfSSL_CertManagerCheckCRL");
-
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- if (cm->crlEnabled == 0)
- return SSL_SUCCESS;
-
-#ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL)
- return MEMORY_E;
-#endif
-
- InitDecodedCert(cert, der, sz, NULL);
-
- if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
- WOLFSSL_MSG("ParseCert failed");
- }
- else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
- WOLFSSL_MSG("CheckCertCRL failed");
- }
-
- FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret == 0 ? SSL_SUCCESS : ret;
-}
-
-
-int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- cm->cbMissingCRL = cb;
-
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path,
- int type, int monitor)
-{
- WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRL");
- if (cm == NULL)
- return BAD_FUNC_ARG;
-
- if (cm->crl == NULL) {
- if (wolfSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
- WOLFSSL_MSG("Enable CRL failed");
- return SSL_FATAL_ERROR;
- }
- }
-
- return LoadCRL(cm->crl, path, type, monitor);
-}
-
-
-int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
-{
- WOLFSSL_ENTER("wolfSSL_EnableCRL");
- if (ssl)
- return wolfSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_DisableCRL(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("wolfSSL_DisableCRL");
- if (ssl)
- return wolfSSL_CertManagerDisableCRL(ssl->ctx->cm);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
-{
- WOLFSSL_ENTER("wolfSSL_LoadCRL");
- if (ssl)
- return wolfSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
-{
- WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
- if (ssl)
- return wolfSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL");
- if (ctx)
- return wolfSSL_CertManagerEnableCRL(ctx->cm, options);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL");
- if (ctx)
- return wolfSSL_CertManagerDisableCRL(ctx->cm);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
- if (ctx)
- return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
- else
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb");
- if (ctx)
- return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
- else
- return BAD_FUNC_ARG;
-}
-
-
-#endif /* HAVE_CRL */
-
-
-#ifdef WOLFSSL_DER_LOAD
-
-/* Add format parameter to allow DER load of CA files */
-int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
- int format)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
- if (ctx == NULL || file == NULL)
- return SSL_FAILURE;
-
- if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
- return SSL_SUCCESS;
-
- return SSL_FAILURE;
-}
-
-#endif /* WOLFSSL_DER_LOAD */
-
-
-#ifdef WOLFSSL_CERT_GEN
-
-/* load pem cert from file into der buffer, return der size or error */
-int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
-{
-#ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
- byte staticBuffer[1]; /* force XMALLOC */
-#else
- EncryptedInfo info[1];
- byte staticBuffer[FILE_BUFFER_SIZE];
-#endif
- byte* fileBuf = staticBuffer;
- int dynamic = 0;
- int ret = 0;
- int ecc = 0;
- long sz = 0;
- XFILE file = XFOPEN(fileName, "rb");
- buffer converted;
-
- WOLFSSL_ENTER("wolfSSL_PemCertToDer");
-
- if (file == XBADFILE)
- ret = SSL_BAD_FILE;
- else {
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
-
- if (sz < 0) {
- ret = SSL_BAD_FILE;
- }
- else if (sz > (long)sizeof(staticBuffer)) {
- fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
- if (fileBuf == NULL)
- ret = MEMORY_E;
- else
- dynamic = 1;
- }
-
- converted.buffer = 0;
-
- if (ret == 0) {
- if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
- ret = SSL_BAD_FILE;
- else {
- #ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (info == NULL)
- ret = MEMORY_E;
- else
- #endif
- {
- ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info,
- &ecc);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- }
-
- if (ret == 0) {
- if (converted.length < (word32)derSz) {
- XMEMCPY(derBuf, converted.buffer, converted.length);
- ret = converted.length;
- }
- else
- ret = BUFFER_E;
- }
-
- XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
- }
-
- XFCLOSE(file);
- if (dynamic)
- XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
- }
-
- return ret;
-}
-
-#endif /* WOLFSSL_CERT_GEN */
-
-
-int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
- int format)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
- if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
- return SSL_SUCCESS;
-
- return SSL_FAILURE;
-}
-
-
-int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,int format)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
- if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
- == SSL_SUCCESS)
- return SSL_SUCCESS;
-
- return SSL_FAILURE;
-}
-
-
-/* get cert chaining depth using ssl struct */
-long wolfSSL_get_verify_depth(WOLFSSL* ssl)
-{
- if(ssl == NULL) {
- return BAD_FUNC_ARG;
- }
- return MAX_CHAIN_DEPTH;
-}
-
-
-/* get cert chaining depth using ctx struct */
-long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx)
-{
- if(ctx == NULL) {
- return BAD_FUNC_ARG;
- }
- return MAX_CHAIN_DEPTH;
-}
-
-
-int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
-{
- /* procces up to MAX_CHAIN_DEPTH plus subject cert */
- WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
- if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
- == SSL_SUCCESS)
- return SSL_SUCCESS;
-
- return SSL_FAILURE;
-}
-
-
-#ifndef NO_DH
-
-/* server wrapper for ctx or ssl Diffie-Hellman parameters */
-static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- const unsigned char* buf, long sz, int format)
-{
- buffer der;
- int ret = 0;
- int weOwnDer = 0;
- word32 pSz = MAX_DH_SIZE;
- word32 gSz = MAX_DH_SIZE;
-#ifdef WOLFSSL_SMALL_STACK
- byte* p = NULL;
- byte* g = NULL;
-#else
- byte p[MAX_DH_SIZE];
- byte g[MAX_DH_SIZE];
-#endif
-
- der.buffer = (byte*)buf;
- der.length = (word32)sz;
-
-#ifdef WOLFSSL_SMALL_STACK
- p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (p == NULL || g == NULL) {
- XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
- ret = SSL_BAD_FILETYPE;
- else {
- if (format == SSL_FILETYPE_PEM) {
- der.buffer = NULL;
- ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
- weOwnDer = 1;
- }
-
- if (ret == 0) {
- if (wc_DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
- ret = SSL_BAD_FILETYPE;
- else if (ssl)
- ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
- else
- ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
- }
- }
-
- if (weOwnDer)
- XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
-int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
- int format)
-{
- return wolfSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
-}
-
-
-/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
-int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
- long sz, int format)
-{
- return wolfSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
-}
-
-
-/* server Diffie-Hellman parameters */
-static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- const char* fname, int format)
-{
-#ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; /* force heap usage */
-#else
- byte staticBuffer[FILE_BUFFER_SIZE];
-#endif
- byte* myBuffer = staticBuffer;
- int dynamic = 0;
- int ret;
- long sz = 0;
- XFILE file = XFOPEN(fname, "rb");
-
- if (file == XBADFILE) return SSL_BAD_FILE;
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
-
- if (sz > (long)sizeof(staticBuffer)) {
- WOLFSSL_MSG("Getting dynamic buffer");
- myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
- if (myBuffer == NULL) {
- XFCLOSE(file);
- return SSL_BAD_FILE;
- }
- dynamic = 1;
- }
- else if (sz < 0) {
- XFCLOSE(file);
- return SSL_BAD_FILE;
- }
-
- if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
- ret = SSL_BAD_FILE;
- else {
- if (ssl)
- ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
- else
- ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
- }
-
- XFCLOSE(file);
- if (dynamic)
- XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
-
- return ret;
-}
-
-/* server Diffie-Hellman parameters */
-int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
-{
- return wolfSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
-}
-
-
-/* server Diffie-Hellman parameters */
-int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
-{
- return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
-}
-
-
-int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
-{
- if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
- return BAD_FUNC_ARG;
-
- ctx->minDhKeySz = keySz / 8;
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
-{
- if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
- return BAD_FUNC_ARG;
-
- ssl->options.minDhKeySz = keySz / 8;
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- return (ssl->options.dhKeySz * 8);
-}
-
-
-#endif /* NO_DH */
-
-
-#ifdef OPENSSL_EXTRA
-/* put SSL type in extra for now, not very common */
-
-int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
-{
- WOLFSSL_ENTER("wolfSSL_use_certificate_file");
- if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
- == SSL_SUCCESS)
- return SSL_SUCCESS;
-
- return SSL_FAILURE;
-}
-
-
-int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
-{
- WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
- if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
- == SSL_SUCCESS)
- return SSL_SUCCESS;
-
- return SSL_FAILURE;
-}
-
-
-int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
-{
- /* procces up to MAX_CHAIN_DEPTH plus subject cert */
- WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
- if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
- == SSL_SUCCESS)
- return SSL_SUCCESS;
-
- return SSL_FAILURE;
-}
-
-
-
-#ifdef HAVE_ECC
-
-/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
-int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
-{
- if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
- return BAD_FUNC_ARG;
-
- ctx->eccTempKeySz = sz;
-
- return SSL_SUCCESS;
-}
-
-
-/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
-int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
-{
- if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
- return BAD_FUNC_ARG;
-
- ssl->eccTempKeySz = sz;
-
- return SSL_SUCCESS;
-}
-
-#endif /* HAVE_ECC */
-
-
-
-
-int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
- int format)
-{
- WOLFSSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
-
- return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
-}
-
-
-int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
-{
- WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
-
- return wolfSSL_use_PrivateKey_file(ssl, file, format);
-}
-
-#endif /* OPENSSL_EXTRA */
-
-#ifdef HAVE_NTRU
-
-int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_use_NTRUPrivateKey_file");
- if (ctx == NULL)
- return SSL_FAILURE;
-
- if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
- == SSL_SUCCESS) {
- ctx->haveNTRU = 1;
- return SSL_SUCCESS;
- }
-
- return SSL_FAILURE;
-}
-
-#endif /* HAVE_NTRU */
-
-
-#endif /* NO_FILESYSTEM */
-
-
-void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
- if (mode & SSL_VERIFY_PEER) {
- ctx->verifyPeer = 1;
- ctx->verifyNone = 0; /* in case perviously set */
- }
-
- if (mode == SSL_VERIFY_NONE) {
- ctx->verifyNone = 1;
- ctx->verifyPeer = 0; /* in case previously set */
- }
-
- if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
- ctx->failNoCert = 1;
-
- ctx->verifyCallback = vc;
-}
-
-
-void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
-{
- WOLFSSL_ENTER("wolfSSL_set_verify");
- if (mode & SSL_VERIFY_PEER) {
- ssl->options.verifyPeer = 1;
- ssl->options.verifyNone = 0; /* in case perviously set */
- }
-
- if (mode == SSL_VERIFY_NONE) {
- ssl->options.verifyNone = 1;
- ssl->options.verifyPeer = 0; /* in case previously set */
- }
-
- if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
- ssl->options.failNoCert = 1;
-
- ssl->verifyCallback = vc;
-}
-
-
-/* store user ctx for verify callback */
-void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
-{
- WOLFSSL_ENTER("wolfSSL_SetCertCbCtx");
- if (ssl)
- ssl->verifyCbCtx = ctx;
-}
-
-
-/* store context CA Cache addition callback */
-void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb)
-{
- if (ctx && ctx->cm)
- ctx->cm->caCacheCallback = cb;
-}
-
-
-#if defined(PERSIST_CERT_CACHE)
-
-#if !defined(NO_FILESYSTEM)
-
-/* Persist cert cache to file */
-int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache");
-
- if (ctx == NULL || fname == NULL)
- return BAD_FUNC_ARG;
-
- return CM_SaveCertCache(ctx->cm, fname);
-}
-
-
-/* Persist cert cache from file */
-int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache");
-
- if (ctx == NULL || fname == NULL)
- return BAD_FUNC_ARG;
-
- return CM_RestoreCertCache(ctx->cm, fname);
-}
-
-#endif /* NO_FILESYSTEM */
-
-/* Persist cert cache to memory */
-int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache");
-
- if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
- return BAD_FUNC_ARG;
-
- return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
-}
-
-
-/* Restore cert cache from memory */
-int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache");
-
- if (ctx == NULL || mem == NULL || sz <= 0)
- return BAD_FUNC_ARG;
-
- return CM_MemRestoreCertCache(ctx->cm, mem, sz);
-}
-
-
-/* get how big the the cert cache save buffer needs to be */
-int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize");
-
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- return CM_GetCertCacheMemSize(ctx->cm);
-}
-
-#endif /* PERSISTE_CERT_CACHE */
-#endif /* !NO_CERTS */
-
-
-#ifndef NO_SESSION_CACHE
-
-WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_get_session");
- if (ssl)
- return GetSession(ssl, 0);
-
- return NULL;
-}
-
-
-int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
-{
- WOLFSSL_ENTER("SSL_set_session");
- if (session)
- return SetSession(ssl, session);
-
- return SSL_FAILURE;
-}
-
-
-#ifndef NO_CLIENT_CACHE
-
-/* Associate client session with serverID, find existing or store for saving
- if newSession flag on, don't reuse existing session
- SSL_SUCCESS on ok */
-int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
-{
- WOLFSSL_SESSION* session = NULL;
-
- WOLFSSL_ENTER("wolfSSL_SetServerID");
-
- if (ssl == NULL || id == NULL || len <= 0)
- return BAD_FUNC_ARG;
-
- if (newSession == 0) {
- session = GetSessionClient(ssl, id, len);
- if (session) {
- if (SetSession(ssl, session) != SSL_SUCCESS) {
- WOLFSSL_MSG("SetSession failed");
- session = NULL;
- }
- }
- }
-
- if (session == NULL) {
- WOLFSSL_MSG("Valid ServerID not cached already");
-
- ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
- XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
- }
-
- return SSL_SUCCESS;
-}
-
-#endif /* NO_CLIENT_CACHE */
-
-#if defined(PERSIST_SESSION_CACHE)
-
-/* for persistance, if changes to layout need to increment and modify
- save_session_cache() and restore_session_cache and memory versions too */
-#define WOLFSSL_CACHE_VERSION 2
-
-/* Session Cache Header information */
-typedef struct {
- int version; /* cache layout version id */
- int rows; /* session rows */
- int columns; /* session columns */
- int sessionSz; /* sizeof WOLFSSL_SESSION */
-} cache_header_t;
-
-/* current persistence layout is:
-
- 1) cache_header_t
- 2) SessionCache
- 3) ClientCache
-
- update WOLFSSL_CACHE_VERSION if change layout for the following
- PERSISTENT_SESSION_CACHE functions
-*/
-
-
-/* get how big the the session cache save buffer needs to be */
-int wolfSSL_get_session_cache_memsize(void)
-{
- int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
-
- #ifndef NO_CLIENT_CACHE
- sz += (int)(sizeof(ClientCache));
- #endif
-
- return sz;
-}
-
-
-/* Persist session cache to memory */
-int wolfSSL_memsave_session_cache(void* mem, int sz)
-{
- int i;
- cache_header_t cache_header;
- SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
-#ifndef NO_CLIENT_CACHE
- ClientRow* clRow;
-#endif
-
- WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
-
- if (sz < wolfSSL_get_session_cache_memsize()) {
- WOLFSSL_MSG("Memory buffer too small");
- return BUFFER_E;
- }
-
- cache_header.version = WOLFSSL_CACHE_VERSION;
- cache_header.rows = SESSION_ROWS;
- cache_header.columns = SESSIONS_PER_ROW;
- cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
- XMEMCPY(mem, &cache_header, sizeof(cache_header));
-
- if (LockMutex(&session_mutex) != 0) {
- WOLFSSL_MSG("Session cache mutex lock failed");
- return BAD_MUTEX_E;
- }
-
- for (i = 0; i < cache_header.rows; ++i)
- XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
-
-#ifndef NO_CLIENT_CACHE
- clRow = (ClientRow*)row;
- for (i = 0; i < cache_header.rows; ++i)
- XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
-#endif
-
- UnLockMutex(&session_mutex);
-
- WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", SSL_SUCCESS);
-
- return SSL_SUCCESS;
-}
-
-
-/* Restore the persistant session cache from memory */
-int wolfSSL_memrestore_session_cache(const void* mem, int sz)
-{
- int i;
- cache_header_t cache_header;
- SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
-#ifndef NO_CLIENT_CACHE
- ClientRow* clRow;
-#endif
-
- WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
-
- if (sz < wolfSSL_get_session_cache_memsize()) {
- WOLFSSL_MSG("Memory buffer too small");
- return BUFFER_E;
- }
-
- XMEMCPY(&cache_header, mem, sizeof(cache_header));
- if (cache_header.version != WOLFSSL_CACHE_VERSION ||
- cache_header.rows != SESSION_ROWS ||
- cache_header.columns != SESSIONS_PER_ROW ||
- cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
-
- WOLFSSL_MSG("Session cache header match failed");
- return CACHE_MATCH_ERROR;
- }
-
- if (LockMutex(&session_mutex) != 0) {
- WOLFSSL_MSG("Session cache mutex lock failed");
- return BAD_MUTEX_E;
- }
-
- for (i = 0; i < cache_header.rows; ++i)
- XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
-
-#ifndef NO_CLIENT_CACHE
- clRow = (ClientRow*)row;
- for (i = 0; i < cache_header.rows; ++i)
- XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
-#endif
-
- UnLockMutex(&session_mutex);
-
- WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", SSL_SUCCESS);
-
- return SSL_SUCCESS;
-}
-
-#if !defined(NO_FILESYSTEM)
-
-/* Persist session cache to file */
-/* doesn't use memsave because of additional memory use */
-int wolfSSL_save_session_cache(const char *fname)
-{
- XFILE file;
- int ret;
- int rc = SSL_SUCCESS;
- int i;
- cache_header_t cache_header;
-
- WOLFSSL_ENTER("wolfSSL_save_session_cache");
-
- file = XFOPEN(fname, "w+b");
- if (file == XBADFILE) {
- WOLFSSL_MSG("Couldn't open session cache save file");
- return SSL_BAD_FILE;
- }
- cache_header.version = WOLFSSL_CACHE_VERSION;
- cache_header.rows = SESSION_ROWS;
- cache_header.columns = SESSIONS_PER_ROW;
- cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
-
- /* cache header */
- ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Session cache header file write failed");
- XFCLOSE(file);
- return FWRITE_ERROR;
- }
-
- if (LockMutex(&session_mutex) != 0) {
- WOLFSSL_MSG("Session cache mutex lock failed");
- XFCLOSE(file);
- return BAD_MUTEX_E;
- }
-
- /* session cache */
- for (i = 0; i < cache_header.rows; ++i) {
- ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Session cache member file write failed");
- rc = FWRITE_ERROR;
- break;
- }
- }
-
-#ifndef NO_CLIENT_CACHE
- /* client cache */
- for (i = 0; i < cache_header.rows; ++i) {
- ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Client cache member file write failed");
- rc = FWRITE_ERROR;
- break;
- }
- }
-#endif /* NO_CLIENT_CACHE */
-
- UnLockMutex(&session_mutex);
-
- XFCLOSE(file);
- WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc);
-
- return rc;
-}
-
-
-/* Restore the persistant session cache from file */
-/* doesn't use memstore because of additional memory use */
-int wolfSSL_restore_session_cache(const char *fname)
-{
- XFILE file;
- int rc = SSL_SUCCESS;
- int ret;
- int i;
- cache_header_t cache_header;
-
- WOLFSSL_ENTER("wolfSSL_restore_session_cache");
-
- file = XFOPEN(fname, "rb");
- if (file == XBADFILE) {
- WOLFSSL_MSG("Couldn't open session cache save file");
- return SSL_BAD_FILE;
- }
- /* cache header */
- ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Session cache header file read failed");
- XFCLOSE(file);
- return FREAD_ERROR;
- }
- if (cache_header.version != WOLFSSL_CACHE_VERSION ||
- cache_header.rows != SESSION_ROWS ||
- cache_header.columns != SESSIONS_PER_ROW ||
- cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
-
- WOLFSSL_MSG("Session cache header match failed");
- XFCLOSE(file);
- return CACHE_MATCH_ERROR;
- }
-
- if (LockMutex(&session_mutex) != 0) {
- WOLFSSL_MSG("Session cache mutex lock failed");
- XFCLOSE(file);
- return BAD_MUTEX_E;
- }
-
- /* session cache */
- for (i = 0; i < cache_header.rows; ++i) {
- ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Session cache member file read failed");
- XMEMSET(SessionCache, 0, sizeof SessionCache);
- rc = FREAD_ERROR;
- break;
- }
- }
-
-#ifndef NO_CLIENT_CACHE
- /* client cache */
- for (i = 0; i < cache_header.rows; ++i) {
- ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Client cache member file read failed");
- XMEMSET(ClientCache, 0, sizeof ClientCache);
- rc = FREAD_ERROR;
- break;
- }
- }
-
-#endif /* NO_CLIENT_CACHE */
-
- UnLockMutex(&session_mutex);
-
- XFCLOSE(file);
- WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc);
-
- return rc;
-}
-
-#endif /* !NO_FILESYSTEM */
-#endif /* PERSIST_SESSION_CACHE */
-#endif /* NO_SESSION_CACHE */
-
-
-void wolfSSL_load_error_strings(void) /* compatibility only */
-{}
-
-
-int wolfSSL_library_init(void)
-{
- WOLFSSL_ENTER("SSL_library_init");
- if (wolfSSL_Init() == SSL_SUCCESS)
- return SSL_SUCCESS;
- else
- return SSL_FATAL_ERROR;
-}
-
-
-#ifdef HAVE_SECRET_CALLBACK
-
-int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
-{
- WOLFSSL_ENTER("wolfSSL_set_session_secret_cb");
- if (ssl == NULL)
- return SSL_FATAL_ERROR;
-
- ssl->sessionSecretCb = cb;
- ssl->sessionSecretCtx = ctx;
- /* If using a pre-set key, assume session resumption. */
- ssl->session.sessionIDSz = 0;
- ssl->options.resuming = 1;
-
- return SSL_SUCCESS;
-}
-
-#endif
-
-
-#ifndef NO_SESSION_CACHE
-
-/* on by default if built in but allow user to turn off */
-long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
-{
- WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
- if (mode == SSL_SESS_CACHE_OFF)
- ctx->sessionCacheOff = 1;
-
- if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
- ctx->sessionCacheFlushOff = 1;
-
- return SSL_SUCCESS;
-}
-
-#endif /* NO_SESSION_CACHE */
-
-
-#if !defined(NO_CERTS)
-#if defined(PERSIST_CERT_CACHE)
-
-
-#define WOLFSSL_CACHE_CERT_VERSION 1
-
-typedef struct {
- int version; /* cache cert layout version id */
- int rows; /* hash table rows, CA_TABLE_SIZE */
- int columns[CA_TABLE_SIZE]; /* columns per row on list */
- int signerSz; /* sizeof Signer object */
-} CertCacheHeader;
-
-/* current cert persistance layout is:
-
- 1) CertCacheHeader
- 2) caTable
-
- update WOLFSSL_CERT_CACHE_VERSION if change layout for the following
- PERSIST_CERT_CACHE functions
-*/
-
-
-/* Return memory needed to persist this signer, have lock */
-static INLINE int GetSignerMemory(Signer* signer)
-{
- int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
- + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
-
-#if !defined(NO_SKID)
- sz += (int)sizeof(signer->subjectKeyIdHash);
-#endif
-
- /* add dynamic bytes needed */
- sz += signer->pubKeySize;
- sz += signer->nameLen;
-
- return sz;
-}
-
-
-/* Return memory needed to persist this row, have lock */
-static INLINE int GetCertCacheRowMemory(Signer* row)
-{
- int sz = 0;
-
- while (row) {
- sz += GetSignerMemory(row);
- row = row->next;
- }
-
- return sz;
-}
-
-
-/* get the size of persist cert cache, have lock */
-static INLINE int GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
-{
- int sz;
- int i;
-
- sz = sizeof(CertCacheHeader);
-
- for (i = 0; i < CA_TABLE_SIZE; i++)
- sz += GetCertCacheRowMemory(cm->caTable[i]);
-
- return sz;
-}
-
-
-/* Store cert cache header columns with number of items per list, have lock */
-static INLINE void SetCertHeaderColumns(WOLFSSL_CERT_MANAGER* cm, int* columns)
-{
- int i;
- Signer* row;
-
- for (i = 0; i < CA_TABLE_SIZE; i++) {
- int count = 0;
- row = cm->caTable[i];
-
- while (row) {
- ++count;
- row = row->next;
- }
- columns[i] = count;
- }
-}
-
-
-/* Restore whole cert row from memory, have lock, return bytes consumed,
- < 0 on error, have lock */
-static INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,
- int row, int listSz, const byte* end)
-{
- int idx = 0;
-
- if (listSz < 0) {
- WOLFSSL_MSG("Row header corrupted, negative value");
- return PARSE_ERROR;
- }
-
- while (listSz) {
- Signer* signer;
- byte* start = current + idx; /* for end checks on this signer */
- int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
- sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
- #ifndef NO_SKID
- minSz += (int)sizeof(signer->subjectKeyIdHash);
- #endif
-
- if (start + minSz > end) {
- WOLFSSL_MSG("Would overread restore buffer");
- return BUFFER_E;
- }
- signer = MakeSigner(cm->heap);
- if (signer == NULL)
- return MEMORY_E;
-
- /* pubKeySize */
- XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
- idx += (int)sizeof(signer->pubKeySize);
-
- /* keyOID */
- XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
- idx += (int)sizeof(signer->keyOID);
-
- /* pulicKey */
- if (start + minSz + signer->pubKeySize > end) {
- WOLFSSL_MSG("Would overread restore buffer");
- FreeSigner(signer, cm->heap);
- return BUFFER_E;
- }
- signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
- DYNAMIC_TYPE_KEY);
- if (signer->publicKey == NULL) {
- FreeSigner(signer, cm->heap);
- return MEMORY_E;
- }
-
- XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
- idx += signer->pubKeySize;
-
- /* nameLen */
- XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
- idx += (int)sizeof(signer->nameLen);
-
- /* name */
- if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
- WOLFSSL_MSG("Would overread restore buffer");
- FreeSigner(signer, cm->heap);
- return BUFFER_E;
- }
- signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
- DYNAMIC_TYPE_SUBJECT_CN);
- if (signer->name == NULL) {
- FreeSigner(signer, cm->heap);
- return MEMORY_E;
- }
-
- XMEMCPY(signer->name, current + idx, signer->nameLen);
- idx += signer->nameLen;
-
- /* subjectNameHash */
- XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
- idx += SIGNER_DIGEST_SIZE;
-
- #ifndef NO_SKID
- /* subjectKeyIdHash */
- XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
- idx += SIGNER_DIGEST_SIZE;
- #endif
-
- signer->next = cm->caTable[row];
- cm->caTable[row] = signer;
-
- --listSz;
- }
-
- return idx;
-}
-
-
-/* Store whole cert row into memory, have lock, return bytes added */
-static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)
-{
- int added = 0;
- Signer* list = cm->caTable[row];
-
- while (list) {
- XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
- added += (int)sizeof(list->pubKeySize);
-
- XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
- added += (int)sizeof(list->keyOID);
-
- XMEMCPY(current + added, list->publicKey, list->pubKeySize);
- added += list->pubKeySize;
-
- XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
- added += (int)sizeof(list->nameLen);
-
- XMEMCPY(current + added, list->name, list->nameLen);
- added += list->nameLen;
-
- XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
- added += SIGNER_DIGEST_SIZE;
-
- #ifndef NO_SKID
- XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
- added += SIGNER_DIGEST_SIZE;
- #endif
-
- list = list->next;
- }
-
- return added;
-}
-
-
-/* Persist cert cache to memory, have lock */
-static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz)
-{
- int realSz;
- int ret = SSL_SUCCESS;
- int i;
-
- WOLFSSL_ENTER("DoMemSaveCertCache");
-
- realSz = GetCertCacheMemSize(cm);
- if (realSz > sz) {
- WOLFSSL_MSG("Mem output buffer too small");
- ret = BUFFER_E;
- }
- else {
- byte* current;
- CertCacheHeader hdr;
-
- hdr.version = WOLFSSL_CACHE_CERT_VERSION;
- hdr.rows = CA_TABLE_SIZE;
- SetCertHeaderColumns(cm, hdr.columns);
- hdr.signerSz = (int)sizeof(Signer);
-
- XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
- current = (byte*)mem + sizeof(CertCacheHeader);
-
- for (i = 0; i < CA_TABLE_SIZE; ++i)
- current += StoreCertRow(cm, current, i);
- }
-
- return ret;
-}
-
-
-#if !defined(NO_FILESYSTEM)
-
-/* Persist cert cache to file */
-int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
-{
- XFILE file;
- int rc = SSL_SUCCESS;
- int memSz;
- byte* mem;
-
- WOLFSSL_ENTER("CM_SaveCertCache");
-
- file = XFOPEN(fname, "w+b");
- if (file == XBADFILE) {
- WOLFSSL_MSG("Couldn't open cert cache save file");
- return SSL_BAD_FILE;
- }
-
- if (LockMutex(&cm->caLock) != 0) {
- WOLFSSL_MSG("LockMutex on caLock failed");
- XFCLOSE(file);
- return BAD_MUTEX_E;
- }
-
- memSz = GetCertCacheMemSize(cm);
- mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (mem == NULL) {
- WOLFSSL_MSG("Alloc for tmp buffer failed");
- rc = MEMORY_E;
- } else {
- rc = DoMemSaveCertCache(cm, mem, memSz);
- if (rc == SSL_SUCCESS) {
- int ret = (int)XFWRITE(mem, memSz, 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Cert cache file write failed");
- rc = FWRITE_ERROR;
- }
- }
- XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
-
- UnLockMutex(&cm->caLock);
- XFCLOSE(file);
-
- return rc;
-}
-
-
-/* Restore cert cache from file */
-int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
-{
- XFILE file;
- int rc = SSL_SUCCESS;
- int ret;
- int memSz;
- byte* mem;
-
- WOLFSSL_ENTER("CM_RestoreCertCache");
-
- file = XFOPEN(fname, "rb");
- if (file == XBADFILE) {
- WOLFSSL_MSG("Couldn't open cert cache save file");
- return SSL_BAD_FILE;
- }
-
- XFSEEK(file, 0, XSEEK_END);
- memSz = (int)XFTELL(file);
- XREWIND(file);
-
- if (memSz <= 0) {
- WOLFSSL_MSG("Bad file size");
- XFCLOSE(file);
- return SSL_BAD_FILE;
- }
-
- mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (mem == NULL) {
- WOLFSSL_MSG("Alloc for tmp buffer failed");
- XFCLOSE(file);
- return MEMORY_E;
- }
-
- ret = (int)XFREAD(mem, memSz, 1, file);
- if (ret != 1) {
- WOLFSSL_MSG("Cert file read error");
- rc = FREAD_ERROR;
- } else {
- rc = CM_MemRestoreCertCache(cm, mem, memSz);
- if (rc != SSL_SUCCESS) {
- WOLFSSL_MSG("Mem restore cert cache failed");
- }
- }
-
- XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFCLOSE(file);
-
- return rc;
-}
-
-#endif /* NO_FILESYSTEM */
-
-
-/* Persist cert cache to memory */
-int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
-{
- int ret = SSL_SUCCESS;
-
- WOLFSSL_ENTER("CM_MemSaveCertCache");
-
- if (LockMutex(&cm->caLock) != 0) {
- WOLFSSL_MSG("LockMutex on caLock failed");
- return BAD_MUTEX_E;
- }
-
- ret = DoMemSaveCertCache(cm, mem, sz);
- if (ret == SSL_SUCCESS)
- *used = GetCertCacheMemSize(cm);
-
- UnLockMutex(&cm->caLock);
-
- return ret;
-}
-
-
-/* Restore cert cache from memory */
-int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz)
-{
- int ret = SSL_SUCCESS;
- int i;
- CertCacheHeader* hdr = (CertCacheHeader*)mem;
- byte* current = (byte*)mem + sizeof(CertCacheHeader);
- byte* end = (byte*)mem + sz; /* don't go over */
-
- WOLFSSL_ENTER("CM_MemRestoreCertCache");
-
- if (current > end) {
- WOLFSSL_MSG("Cert Cache Memory buffer too small");
- return BUFFER_E;
- }
-
- if (hdr->version != WOLFSSL_CACHE_CERT_VERSION ||
- hdr->rows != CA_TABLE_SIZE ||
- hdr->signerSz != (int)sizeof(Signer)) {
-
- WOLFSSL_MSG("Cert Cache Memory header mismatch");
- return CACHE_MATCH_ERROR;
- }
-
- if (LockMutex(&cm->caLock) != 0) {
- WOLFSSL_MSG("LockMutex on caLock failed");
- return BAD_MUTEX_E;
- }
-
- FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
-
- for (i = 0; i < CA_TABLE_SIZE; ++i) {
- int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
- if (added < 0) {
- WOLFSSL_MSG("RestoreCertRow error");
- ret = added;
- break;
- }
- current += added;
- }
-
- UnLockMutex(&cm->caLock);
-
- return ret;
-}
-
-
-/* get how big the the cert cache save buffer needs to be */
-int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
-{
- int sz;
-
- WOLFSSL_ENTER("CM_GetCertCacheMemSize");
-
- if (LockMutex(&cm->caLock) != 0) {
- WOLFSSL_MSG("LockMutex on caLock failed");
- return BAD_MUTEX_E;
- }
-
- sz = GetCertCacheMemSize(cm);
-
- UnLockMutex(&cm->caLock);
-
- return sz;
-}
-
-#endif /* PERSIST_CERT_CACHE */
-#endif /* NO_CERTS */
-
-
-int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
-{
- WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list");
-
- /* alloc/init on demand only */
- if (ctx->suites == NULL) {
- ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
- DYNAMIC_TYPE_SUITES);
- if (ctx->suites == NULL) {
- WOLFSSL_MSG("Memory alloc for Suites failed");
- return SSL_FAILURE;
- }
- XMEMSET(ctx->suites, 0, sizeof(Suites));
- }
-
- return (SetCipherList(ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
-}
-
-
-int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
-{
- WOLFSSL_ENTER("wolfSSL_set_cipher_list");
- return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
-}
-
-
-#ifndef WOLFSSL_LEANPSK
-#ifdef WOLFSSL_DTLS
-
-int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl)
-{
- (void)ssl;
-
- return ssl->dtls_timeout;
-}
-
-
-/* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
-int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout)
-{
- if (ssl == NULL || timeout < 0)
- return BAD_FUNC_ARG;
-
- if (timeout > ssl->dtls_timeout_max) {
- WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
- return BAD_FUNC_ARG;
- }
-
- ssl->dtls_timeout_init = timeout;
- ssl->dtls_timeout = timeout;
-
- return SSL_SUCCESS;
-}
-
-
-/* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
-int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout)
-{
- if (ssl == NULL || timeout < 0)
- return BAD_FUNC_ARG;
-
- if (timeout < ssl->dtls_timeout_init) {
- WOLFSSL_MSG("Can't set dtls timeout max less than dtls timeout init");
- return BAD_FUNC_ARG;
- }
-
- ssl->dtls_timeout_max = timeout;
-
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
-{
- int result = SSL_SUCCESS;
-
- DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
- ssl->dtls_msg_list = NULL;
- if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) {
- result = SSL_FATAL_ERROR;
- }
- return result;
-}
-
-#endif /* DTLS */
-#endif /* LEANPSK */
-
-
-/* client only parts */
-#ifndef NO_WOLFSSL_CLIENT
-
- #ifndef NO_OLD_TLS
- WOLFSSL_METHOD* wolfSSLv3_client_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- WOLFSSL_ENTER("SSLv3_client_method");
- if (method)
- InitSSL_Method(method, MakeSSLv3());
- return method;
- }
- #endif
-
- #ifdef WOLFSSL_DTLS
-
- #ifndef NO_OLD_TLS
- WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- WOLFSSL_ENTER("DTLSv1_client_method");
- if (method)
- InitSSL_Method(method, MakeDTLSv1());
- return method;
- }
- #endif /* NO_OLD_TLS */
-
- WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- WOLFSSL_ENTER("DTLSv1_2_client_method");
- if (method)
- InitSSL_Method(method, MakeDTLSv1_2());
- return method;
- }
- #endif
-
-
- /* please see note at top of README if you get an error from connect */
- int wolfSSL_connect(WOLFSSL* ssl)
- {
- int neededState;
-
- WOLFSSL_ENTER("SSL_connect()");
-
- #ifdef HAVE_ERRNO_H
- errno = 0;
- #endif
-
- if (ssl->options.side != WOLFSSL_CLIENT_END) {
- WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
- return SSL_FATAL_ERROR;
- }
-
- #ifdef WOLFSSL_DTLS
- if (ssl->version.major == DTLS_MAJOR) {
- ssl->options.dtls = 1;
- ssl->options.tls = 1;
- ssl->options.tls1_1 = 1;
-
- if (DtlsPoolInit(ssl) != 0) {
- ssl->error = MEMORY_ERROR;
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
- #endif
-
- if (ssl->buffers.outputBuffer.length > 0) {
- if ( (ssl->error = SendBuffered(ssl)) == 0) {
- ssl->options.connectState++;
- WOLFSSL_MSG("connect state: Advanced from buffered send");
- }
- else {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
-
- switch (ssl->options.connectState) {
-
- case CONNECT_BEGIN :
- /* always send client hello first */
- if ( (ssl->error = SendClientHello(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- ssl->options.connectState = CLIENT_HELLO_SENT;
- WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT");
-
- case CLIENT_HELLO_SENT :
- neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
- SERVER_HELLODONE_COMPLETE;
- #ifdef WOLFSSL_DTLS
- /* In DTLS, when resuming, we can go straight to FINISHED,
- * or do a cookie exchange and then skip to FINISHED, assume
- * we need the cookie exchange first. */
- if (ssl->options.dtls)
- neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
- #endif
- /* get response */
- while (ssl->options.serverState < neededState) {
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- /* if resumption failed, reset needed state */
- else if (neededState == SERVER_FINISHED_COMPLETE)
- if (!ssl->options.resuming) {
- if (!ssl->options.dtls)
- neededState = SERVER_HELLODONE_COMPLETE;
- else
- neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
- }
- }
-
- ssl->options.connectState = HELLO_AGAIN;
- WOLFSSL_MSG("connect state: HELLO_AGAIN");
-
- case HELLO_AGAIN :
- if (ssl->options.certOnly)
- return SSL_SUCCESS;
-
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- /* re-init hashes, exclude first hello and verify request */
-#ifndef NO_OLD_TLS
- wc_InitMd5(&ssl->hsHashes->hashMd5);
- if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha))
- != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
-#endif
- if (IsAtLeastTLSv1_2(ssl)) {
- #ifndef NO_SHA256
- if ( (ssl->error = wc_InitSha256(
- &ssl->hsHashes->hashSha256)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ssl->error = wc_InitSha384(
- &ssl->hsHashes->hashSha384)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ssl->error = wc_InitSha512(
- &ssl->hsHashes->hashSha512)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- }
- if ( (ssl->error = SendClientHello(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
- #endif
-
- ssl->options.connectState = HELLO_AGAIN_REPLY;
- WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY");
-
- case HELLO_AGAIN_REPLY :
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- neededState = ssl->options.resuming ?
- SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
-
- /* get response */
- while (ssl->options.serverState < neededState) {
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- /* if resumption failed, reset needed state */
- else if (neededState == SERVER_FINISHED_COMPLETE)
- if (!ssl->options.resuming)
- neededState = SERVER_HELLODONE_COMPLETE;
- }
- }
- #endif
-
- ssl->options.connectState = FIRST_REPLY_DONE;
- WOLFSSL_MSG("connect state: FIRST_REPLY_DONE");
-
- case FIRST_REPLY_DONE :
- #ifndef NO_CERTS
- if (ssl->options.sendVerify) {
- if ( (ssl->error = SendCertificate(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- WOLFSSL_MSG("sent: certificate");
- }
-
- #endif
- ssl->options.connectState = FIRST_REPLY_FIRST;
- WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST");
-
- case FIRST_REPLY_FIRST :
- if (!ssl->options.resuming) {
- if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- WOLFSSL_MSG("sent: client key exchange");
- }
-
- ssl->options.connectState = FIRST_REPLY_SECOND;
- WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
-
- case FIRST_REPLY_SECOND :
- #ifndef NO_CERTS
- if (ssl->options.sendVerify) {
- if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- WOLFSSL_MSG("sent: certificate verify");
- }
- #endif
- ssl->options.connectState = FIRST_REPLY_THIRD;
- WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD");
-
- case FIRST_REPLY_THIRD :
- if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- WOLFSSL_MSG("sent: change cipher spec");
- ssl->options.connectState = FIRST_REPLY_FOURTH;
- WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH");
-
- case FIRST_REPLY_FOURTH :
- if ( (ssl->error = SendFinished(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- WOLFSSL_MSG("sent: finished");
- ssl->options.connectState = FINISHED_DONE;
- WOLFSSL_MSG("connect state: FINISHED_DONE");
-
- case FINISHED_DONE :
- /* get response */
- while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
-
- ssl->options.connectState = SECOND_REPLY_DONE;
- WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
-
- case SECOND_REPLY_DONE:
-#ifndef NO_HANDSHAKE_DONE_CB
- if (ssl->hsDoneCb) {
- int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
- if (cbret < 0) {
- ssl->error = cbret;
- WOLFSSL_MSG("HandShake Done Cb don't continue error");
- return SSL_FATAL_ERROR;
- }
- }
-#endif /* NO_HANDSHAKE_DONE_CB */
- FreeHandshakeResources(ssl);
- WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
- return SSL_SUCCESS;
-
- default:
- WOLFSSL_MSG("Unknown connect state ERROR");
- return SSL_FATAL_ERROR; /* unknown connect state */
- }
- }
-
-#endif /* NO_WOLFSSL_CLIENT */
-
-
-/* server only parts */
-#ifndef NO_WOLFSSL_SERVER
-
- #ifndef NO_OLD_TLS
- WOLFSSL_METHOD* wolfSSLv3_server_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- WOLFSSL_ENTER("SSLv3_server_method");
- if (method) {
- InitSSL_Method(method, MakeSSLv3());
- method->side = WOLFSSL_SERVER_END;
- }
- return method;
- }
- #endif
-
-
- #ifdef WOLFSSL_DTLS
-
- #ifndef NO_OLD_TLS
- WOLFSSL_METHOD* wolfDTLSv1_server_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
- 0, DYNAMIC_TYPE_METHOD);
- WOLFSSL_ENTER("DTLSv1_server_method");
- if (method) {
- InitSSL_Method(method, MakeDTLSv1());
- method->side = WOLFSSL_SERVER_END;
- }
- return method;
- }
- #endif /* NO_OLD_TLS */
-
- WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
- 0, DYNAMIC_TYPE_METHOD);
- WOLFSSL_ENTER("DTLSv1_2_server_method");
- if (method) {
- InitSSL_Method(method, MakeDTLSv1_2());
- method->side = WOLFSSL_SERVER_END;
- }
- return method;
- }
- #endif
-
-
- int wolfSSL_accept(WOLFSSL* ssl)
- {
- byte havePSK = 0;
- byte haveAnon = 0;
- WOLFSSL_ENTER("SSL_accept()");
-
- #ifdef HAVE_ERRNO_H
- errno = 0;
- #endif
-
- #ifndef NO_PSK
- havePSK = ssl->options.havePSK;
- #endif
- (void)havePSK;
-
- #ifdef HAVE_ANON
- haveAnon = ssl->options.haveAnon;
- #endif
- (void)haveAnon;
-
- if (ssl->options.side != WOLFSSL_SERVER_END) {
- WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
- return SSL_FATAL_ERROR;
- }
-
- #ifndef NO_CERTS
- /* in case used set_accept_state after init */
- if (!havePSK && !haveAnon &&
- (ssl->buffers.certificate.buffer == NULL ||
- ssl->buffers.key.buffer == NULL)) {
- WOLFSSL_MSG("accept error: don't have server cert and key");
- ssl->error = NO_PRIVATE_KEY;
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
-
- #ifdef WOLFSSL_DTLS
- if (ssl->version.major == DTLS_MAJOR) {
- ssl->options.dtls = 1;
- ssl->options.tls = 1;
- ssl->options.tls1_1 = 1;
-
- if (DtlsPoolInit(ssl) != 0) {
- ssl->error = MEMORY_ERROR;
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
- #endif
-
- if (ssl->buffers.outputBuffer.length > 0) {
- if ( (ssl->error = SendBuffered(ssl)) == 0) {
- ssl->options.acceptState++;
- WOLFSSL_MSG("accept state: Advanced from buffered send");
- }
- else {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
-
- switch (ssl->options.acceptState) {
-
- case ACCEPT_BEGIN :
- /* get response */
- while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
- WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
-
- case ACCEPT_CLIENT_HELLO_DONE :
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- ssl->options.acceptState = HELLO_VERIFY_SENT;
- WOLFSSL_MSG("accept state HELLO_VERIFY_SENT");
-
- case HELLO_VERIFY_SENT:
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- ssl->options.clientState = NULL_STATE; /* get again */
- /* reset messages received */
- XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
- /* re-init hashes, exclude first hello and verify request */
-#ifndef NO_OLD_TLS
- wc_InitMd5(&ssl->hsHashes->hashMd5);
- if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha))
- != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
-#endif
- if (IsAtLeastTLSv1_2(ssl)) {
- #ifndef NO_SHA256
- if ( (ssl->error = wc_InitSha256(
- &ssl->hsHashes->hashSha256)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ssl->error = wc_InitSha384(
- &ssl->hsHashes->hashSha384)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ssl->error = wc_InitSha512(
- &ssl->hsHashes->hashSha512)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- }
-
- while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
- #endif
- ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
- WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
-
- case ACCEPT_FIRST_REPLY_DONE :
- if ( (ssl->error = SendServerHello(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- ssl->options.acceptState = SERVER_HELLO_SENT;
- WOLFSSL_MSG("accept state SERVER_HELLO_SENT");
-
- case SERVER_HELLO_SENT :
- #ifndef NO_CERTS
- if (!ssl->options.resuming)
- if ( (ssl->error = SendCertificate(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- ssl->options.acceptState = CERT_SENT;
- WOLFSSL_MSG("accept state CERT_SENT");
-
- case CERT_SENT :
- if (!ssl->options.resuming)
- if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- ssl->options.acceptState = KEY_EXCHANGE_SENT;
- WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT");
-
- case KEY_EXCHANGE_SENT :
- #ifndef NO_CERTS
- if (!ssl->options.resuming)
- if (ssl->options.verifyPeer)
- if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- #endif
- ssl->options.acceptState = CERT_REQ_SENT;
- WOLFSSL_MSG("accept state CERT_REQ_SENT");
-
- case CERT_REQ_SENT :
- if (!ssl->options.resuming)
- if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- ssl->options.acceptState = SERVER_HELLO_DONE;
- WOLFSSL_MSG("accept state SERVER_HELLO_DONE");
-
- case SERVER_HELLO_DONE :
- if (!ssl->options.resuming) {
- while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
- ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
- WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
-
- case ACCEPT_SECOND_REPLY_DONE :
-#ifdef HAVE_SESSION_TICKET
- if (ssl->options.createTicket) {
- if ( (ssl->error = SendTicket(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- }
-#endif /* HAVE_SESSION_TICKET */
- ssl->options.acceptState = TICKET_SENT;
- WOLFSSL_MSG("accept state TICKET_SENT");
-
- case TICKET_SENT:
- if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
- ssl->options.acceptState = CHANGE_CIPHER_SENT;
- WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT");
-
- case CHANGE_CIPHER_SENT :
- if ( (ssl->error = SendFinished(ssl)) != 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
-
- ssl->options.acceptState = ACCEPT_FINISHED_DONE;
- WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE");
-
- case ACCEPT_FINISHED_DONE :
- if (ssl->options.resuming)
- while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
- if ( (ssl->error = ProcessReply(ssl)) < 0) {
- WOLFSSL_ERROR(ssl->error);
- return SSL_FATAL_ERROR;
- }
-
- ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
- WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
-
- case ACCEPT_THIRD_REPLY_DONE :
-#ifndef NO_HANDSHAKE_DONE_CB
- if (ssl->hsDoneCb) {
- int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
- if (cbret < 0) {
- ssl->error = cbret;
- WOLFSSL_MSG("HandShake Done Cb don't continue error");
- return SSL_FATAL_ERROR;
- }
- }
-#endif /* NO_HANDSHAKE_DONE_CB */
- FreeHandshakeResources(ssl);
- WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
- return SSL_SUCCESS;
-
- default :
- WOLFSSL_MSG("Unknown accept state ERROR");
- return SSL_FATAL_ERROR;
- }
- }
-
-#endif /* NO_WOLFSSL_SERVER */
-
-
-#ifndef NO_HANDSHAKE_DONE_CB
-
-int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx)
-{
- WOLFSSL_ENTER("wolfSSL_SetHsDoneCb");
-
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- ssl->hsDoneCb = cb;
- ssl->hsDoneCtx = user_ctx;
-
-
- return SSL_SUCCESS;
-}
-
-#endif /* NO_HANDSHAKE_DONE_CB */
-
-
-int wolfSSL_Cleanup(void)
-{
- int ret = SSL_SUCCESS;
- int release = 0;
-
- WOLFSSL_ENTER("wolfSSL_Cleanup");
-
- if (initRefCount == 0)
- return ret; /* possibly no init yet, but not failure either way */
-
- if (LockMutex(&count_mutex) != 0) {
- WOLFSSL_MSG("Bad Lock Mutex count");
- return BAD_MUTEX_E;
- }
-
- release = initRefCount-- == 1;
- if (initRefCount < 0)
- initRefCount = 0;
-
- UnLockMutex(&count_mutex);
-
- if (!release)
- return ret;
-
-#ifndef NO_SESSION_CACHE
- if (FreeMutex(&session_mutex) != 0)
- ret = BAD_MUTEX_E;
-#endif
- if (FreeMutex(&count_mutex) != 0)
- ret = BAD_MUTEX_E;
-
-#if defined(HAVE_ECC) && defined(FP_ECC)
- wc_ecc_fp_free();
-#endif
-
- return ret;
-}
-
-
-#ifndef NO_SESSION_CACHE
-
-
-/* some session IDs aren't random afterall, let's make them random */
-static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
-{
- byte digest[MAX_DIGEST_SIZE];
-
-#ifndef NO_MD5
- *error = wc_Md5Hash(sessionID, len, digest);
-#elif !defined(NO_SHA)
- *error = wc_ShaHash(sessionID, len, digest);
-#elif !defined(NO_SHA256)
- *error = wc_Sha256Hash(sessionID, len, digest);
-#else
- #error "We need a digest to hash the session IDs"
-#endif
-
- return *error == 0 ? MakeWordFromHash(digest) : 0; /* 0 on failure */
-}
-
-
-void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
-{
- /* static table now, no flusing needed */
- (void)ctx;
- (void)tm;
-}
-
-
-/* set ssl session timeout in seconds */
-int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- ssl->timeout = to;
-
- return SSL_SUCCESS;
-}
-
-
-/* set ctx session timeout in seconds */
-int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- ctx->timeout = to;
-
- return SSL_SUCCESS;
-}
-
-
-#ifndef NO_CLIENT_CACHE
-
-/* Get Session from Client cache based on id/len, return NULL on failure */
-WOLFSSL_SESSION* GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
-{
- WOLFSSL_SESSION* ret = NULL;
- word32 row;
- int idx;
- int count;
- int error = 0;
-
- WOLFSSL_ENTER("GetSessionClient");
-
- if (ssl->options.side == WOLFSSL_SERVER_END)
- return NULL;
-
- len = min(SERVER_ID_LEN, (word32)len);
- row = HashSession(id, len, &error) % SESSION_ROWS;
- if (error != 0) {
- WOLFSSL_MSG("Hash session failed");
- return NULL;
- }
-
- if (LockMutex(&session_mutex) != 0) {
- WOLFSSL_MSG("Lock session mutex failed");
- return NULL;
- }
-
- /* start from most recently used */
- count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
- idx = ClientCache[row].nextIdx - 1;
- if (idx < 0)
- idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
-
- for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
- WOLFSSL_SESSION* current;
- ClientSession clSess;
-
- if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
- WOLFSSL_MSG("Bad idx");
- break;
- }
-
- clSess = ClientCache[row].Clients[idx];
-
- current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
- if (XMEMCMP(current->serverID, id, len) == 0) {
- WOLFSSL_MSG("Found a serverid match for client");
- if (LowResTimer() < (current->bornOn + current->timeout)) {
- WOLFSSL_MSG("Session valid");
- ret = current;
- break;
- } else {
- WOLFSSL_MSG("Session timed out"); /* could have more for id */
- }
- } else {
- WOLFSSL_MSG("ServerID not a match from client table");
- }
- }
-
- UnLockMutex(&session_mutex);
-
- return ret;
-}
-
-#endif /* NO_CLIENT_CACHE */
-
-
-WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
-{
- WOLFSSL_SESSION* ret = 0;
- const byte* id = NULL;
- word32 row;
- int idx;
- int count;
- int error = 0;
-
- if (ssl->options.sessionCacheOff)
- return NULL;
-
- if (ssl->options.haveSessionId == 0)
- return NULL;
-
-#ifdef HAVE_SESSION_TICKET
- if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
- return NULL;
-#endif
-
- if (ssl->arrays)
- id = ssl->arrays->sessionID;
- else
- id = ssl->session.sessionID;
-
- row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
- if (error != 0) {
- WOLFSSL_MSG("Hash session failed");
- return NULL;
- }
-
- if (LockMutex(&session_mutex) != 0)
- return 0;
-
- /* start from most recently used */
- count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
- idx = SessionCache[row].nextIdx - 1;
- if (idx < 0)
- idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
-
- for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
- WOLFSSL_SESSION* current;
-
- if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
- WOLFSSL_MSG("Bad idx");
- break;
- }
-
- current = &SessionCache[row].Sessions[idx];
- if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
- WOLFSSL_MSG("Found a session match");
- if (LowResTimer() < (current->bornOn + current->timeout)) {
- WOLFSSL_MSG("Session valid");
- ret = current;
- if (masterSecret)
- XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
- } else {
- WOLFSSL_MSG("Session timed out");
- }
- break; /* no more sessionIDs whether valid or not that match */
- } else {
- WOLFSSL_MSG("SessionID not a match at this idx");
- }
- }
-
- UnLockMutex(&session_mutex);
-
- return ret;
-}
-
-
-int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
-{
- if (ssl->options.sessionCacheOff)
- return SSL_FAILURE;
-
- if (LowResTimer() < (session->bornOn + session->timeout)) {
- ssl->session = *session;
- ssl->options.resuming = 1;
-
-#ifdef SESSION_CERTS
- ssl->version = session->version;
- ssl->options.cipherSuite0 = session->cipherSuite0;
- ssl->options.cipherSuite = session->cipherSuite;
-#endif
-
- return SSL_SUCCESS;
- }
- return SSL_FAILURE; /* session timed out */
-}
-
-
-#ifdef WOLFSSL_SESSION_STATS
-static int get_locked_session_stats(word32* active, word32* total,
- word32* peak);
-#endif
-
-int AddSession(WOLFSSL* ssl)
-{
- word32 row, idx;
- int error = 0;
-
- if (ssl->options.sessionCacheOff)
- return 0;
-
- if (ssl->options.haveSessionId == 0)
- return 0;
-
-#ifdef HAVE_SESSION_TICKET
- if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
- return 0;
-#endif
-
- row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
- if (error != 0) {
- WOLFSSL_MSG("Hash session failed");
- return error;
- }
-
- if (LockMutex(&session_mutex) != 0)
- return BAD_MUTEX_E;
-
- idx = SessionCache[row].nextIdx++;
-#ifdef SESSION_INDEX
- ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
-#endif
-
- XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
- ssl->arrays->masterSecret, SECRET_LEN);
- XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
- ID_LEN);
- SessionCache[row].Sessions[idx].sessionIDSz = ssl->arrays->sessionIDSz;
-
- SessionCache[row].Sessions[idx].timeout = ssl->timeout;
- SessionCache[row].Sessions[idx].bornOn = LowResTimer();
-
-#ifdef HAVE_SESSION_TICKET
- SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
- XMEMCPY(SessionCache[row].Sessions[idx].ticket,
- ssl->session.ticket, ssl->session.ticketLen);
-#endif
-
-#ifdef SESSION_CERTS
- SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
- XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
- ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
-
- SessionCache[row].Sessions[idx].version = ssl->version;
- SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
- SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
-#endif /* SESSION_CERTS */
-
- SessionCache[row].totalCount++;
- if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
- SessionCache[row].nextIdx = 0;
-
-#ifndef NO_CLIENT_CACHE
- if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
- word32 clientRow, clientIdx;
-
- WOLFSSL_MSG("Adding client cache entry");
-
- SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
- XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
- ssl->session.idLen);
-
- clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
- &error) % SESSION_ROWS;
- if (error != 0) {
- WOLFSSL_MSG("Hash session failed");
- } else {
- clientIdx = ClientCache[clientRow].nextIdx++;
-
- ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
- ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
-
- ClientCache[clientRow].totalCount++;
- if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
- ClientCache[clientRow].nextIdx = 0;
- }
- }
- else
- SessionCache[row].Sessions[idx].idLen = 0;
-#endif /* NO_CLIENT_CACHE */
-
-#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
- if (error == 0) {
- word32 active = 0;
-
- error = get_locked_session_stats(&active, NULL, NULL);
- if (error == SSL_SUCCESS) {
- error = 0; /* back to this function ok */
-
- if (active > PeakSessions)
- PeakSessions = active;
- }
- }
-#endif /* defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) */
-
- if (UnLockMutex(&session_mutex) != 0)
- return BAD_MUTEX_E;
-
- return error;
-}
-
-
-#ifdef SESSION_INDEX
-
-int wolfSSL_GetSessionIndex(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("wolfSSL_GetSessionIndex");
- WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex);
- return ssl->sessionIndex;
-}
-
-
-int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)
-{
- int row, col, result = SSL_FAILURE;
-
- WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex");
-
- row = idx >> SESSIDX_ROW_SHIFT;
- col = idx & SESSIDX_IDX_MASK;
-
- if (LockMutex(&session_mutex) != 0) {
- return BAD_MUTEX_E;
- }
-
- if (row < SESSION_ROWS &&
- col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
- XMEMCPY(session,
- &SessionCache[row].Sessions[col], sizeof(WOLFSSL_SESSION));
- result = SSL_SUCCESS;
- }
-
- if (UnLockMutex(&session_mutex) != 0)
- result = BAD_MUTEX_E;
-
- WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result);
- return result;
-}
-
-#endif /* SESSION_INDEX */
-
-#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
-
-WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
-{
- WOLFSSL_X509_CHAIN* chain = NULL;
-
- WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
- if (session)
- chain = &session->chain;
-
- WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0);
- return chain;
-}
-
-#endif /* SESSION_INDEX && SESSION_CERTS */
-
-
-#ifdef WOLFSSL_SESSION_STATS
-
-/* requires session_mutex lock held, SSL_SUCCESS on ok */
-static int get_locked_session_stats(word32* active, word32* total, word32* peak)
-{
- int result = SSL_SUCCESS;
- int i;
- int count;
- int idx;
- word32 now = 0;
- word32 seen = 0;
- word32 ticks = LowResTimer();
-
- (void)peak;
-
- WOLFSSL_ENTER("get_locked_session_stats");
-
- for (i = 0; i < SESSION_ROWS; i++) {
- seen += SessionCache[i].totalCount;
-
- if (active == NULL)
- continue; /* no need to calculate what we can't set */
-
- count = min((word32)SessionCache[i].totalCount, SESSIONS_PER_ROW);
- idx = SessionCache[i].nextIdx - 1;
- if (idx < 0)
- idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
-
- for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
- if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
- WOLFSSL_MSG("Bad idx");
- break;
- }
-
- /* if not expried then good */
- if (ticks < (SessionCache[i].Sessions[idx].bornOn +
- SessionCache[i].Sessions[idx].timeout) ) {
- now++;
- }
- }
- }
-
- if (active)
- *active = now;
-
- if (total)
- *total = seen;
-
-#ifdef WOLFSSL_PEAK_SESSIONS
- if (peak)
- *peak = PeakSessions;
-#endif
-
- WOLFSSL_LEAVE("get_locked_session_stats", result);
-
- return result;
-}
-
-
-/* return SSL_SUCCESS on ok */
-int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
- word32* maxSessions)
-{
- int result = SSL_SUCCESS;
-
- WOLFSSL_ENTER("wolfSSL_get_session_stats");
-
- if (maxSessions) {
- *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
-
- if (active == NULL && total == NULL && peak == NULL)
- return result; /* we're done */
- }
-
- /* user must provide at least one query value */
- if (active == NULL && total == NULL && peak == NULL)
- return BAD_FUNC_ARG;
-
- if (LockMutex(&session_mutex) != 0) {
- return BAD_MUTEX_E;
- }
-
- result = get_locked_session_stats(active, total, peak);
-
- if (UnLockMutex(&session_mutex) != 0)
- result = BAD_MUTEX_E;
-
- WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
-
- return result;
-}
-
-#endif /* WOLFSSL_SESSION_STATS */
-
-
- #ifdef PRINT_SESSION_STATS
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_PrintSessionStats(void)
- {
- word32 totalSessionsSeen = 0;
- word32 totalSessionsNow = 0;
- word32 peak = 0;
- word32 maxSessions = 0;
- int i;
- int ret;
- double E; /* expected freq */
- double chiSquare = 0;
-
- ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
- &peak, &maxSessions);
- if (ret != SSL_SUCCESS)
- return ret;
- printf("Total Sessions Seen = %d\n", totalSessionsSeen);
- printf("Total Sessions Now = %d\n", totalSessionsNow);
-#ifdef WOLFSSL_PEAK_SESSIONS
- printf("Peak Sessions = %d\n", peak);
-#endif
- printf("Max Sessions = %d\n", maxSessions);
-
- E = (double)totalSessionsSeen / SESSION_ROWS;
-
- for (i = 0; i < SESSION_ROWS; i++) {
- double diff = SessionCache[i].totalCount - E;
- diff *= diff; /* square */
- diff /= E; /* normalize */
-
- chiSquare += diff;
- }
- printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
- SESSION_ROWS - 1);
- #if (SESSION_ROWS == 11)
- printf(" .05 p value = 18.3, chi-square should be less\n");
- #elif (SESSION_ROWS == 211)
- printf(".05 p value = 244.8, chi-square should be less\n");
- #elif (SESSION_ROWS == 5981)
- printf(".05 p value = 6161.0, chi-square should be less\n");
- #elif (SESSION_ROWS == 3)
- printf(".05 p value = 6.0, chi-square should be less\n");
- #elif (SESSION_ROWS == 2861)
- printf(".05 p value = 2985.5, chi-square should be less\n");
- #endif
- printf("\n");
-
- return ret;
- }
-
- #endif /* SESSION_STATS */
-
-#else /* NO_SESSION_CACHE */
-
-/* No session cache version */
-WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
-{
- (void)ssl;
- (void)masterSecret;
-
- return NULL;
-}
-
-#endif /* NO_SESSION_CACHE */
-
-
-/* call before SSL_connect, if verifying will add name check to
- date check and signature check */
-int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
-{
- WOLFSSL_ENTER("wolfSSL_check_domain_name");
- if (ssl->buffers.domainName.buffer)
- XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
-
- ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
- ssl->buffers.domainName.buffer = (byte*) XMALLOC(
- ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
-
- if (ssl->buffers.domainName.buffer) {
- XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
- ssl->buffers.domainName.length);
- return SSL_SUCCESS;
- }
- else {
- ssl->error = MEMORY_ERROR;
- return SSL_FAILURE;
- }
-}
-
-
-/* turn on wolfSSL zlib compression
- returns SSL_SUCCESS for success, else error (not built in)
-*/
-int wolfSSL_set_compression(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("wolfSSL_set_compression");
- (void)ssl;
-#ifdef HAVE_LIBZ
- ssl->options.usingCompression = 1;
- return SSL_SUCCESS;
-#else
- return NOT_COMPILED_IN;
-#endif
-}
-
-
-#ifndef USE_WINDOWS_API
- #ifndef NO_WRITEV
-
- /* simulate writev semantics, doesn't actually do block at a time though
- because of SSL_write behavior and because front adds may be small */
- int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, int iovcnt)
- {
- #ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; /* force heap usage */
- #else
- byte staticBuffer[FILE_BUFFER_SIZE];
- #endif
- byte* myBuffer = staticBuffer;
- int dynamic = 0;
- int sending = 0;
- int idx = 0;
- int i;
- int ret;
-
- WOLFSSL_ENTER("wolfSSL_writev");
-
- for (i = 0; i < iovcnt; i++)
- sending += (int)iov[i].iov_len;
-
- if (sending > (int)sizeof(staticBuffer)) {
- myBuffer = (byte*)XMALLOC(sending, ssl->heap,
- DYNAMIC_TYPE_WRITEV);
- if (!myBuffer)
- return MEMORY_ERROR;
-
- dynamic = 1;
- }
-
- for (i = 0; i < iovcnt; i++) {
- XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
- idx += (int)iov[i].iov_len;
- }
-
- ret = wolfSSL_write(ssl, myBuffer, sending);
-
- if (dynamic)
- XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
-
- return ret;
- }
- #endif
-#endif
-
-
-#ifdef WOLFSSL_CALLBACKS
-
- typedef struct itimerval Itimerval;
-
- /* don't keep calling simple functions while setting up timer and singals
- if no inlining these are the next best */
-
- #define AddTimes(a, b, c) \
- do { \
- c.tv_sec = a.tv_sec + b.tv_sec; \
- c.tv_usec = a.tv_usec + b.tv_usec; \
- if (c.tv_usec >= 1000000) { \
- c.tv_sec++; \
- c.tv_usec -= 1000000; \
- } \
- } while (0)
-
-
- #define SubtractTimes(a, b, c) \
- do { \
- c.tv_sec = a.tv_sec - b.tv_sec; \
- c.tv_usec = a.tv_usec - b.tv_usec; \
- if (c.tv_usec < 0) { \
- c.tv_sec--; \
- c.tv_usec += 1000000; \
- } \
- } while (0)
-
- #define CmpTimes(a, b, cmp) \
- ((a.tv_sec == b.tv_sec) ? \
- (a.tv_usec cmp b.tv_usec) : \
- (a.tv_sec cmp b.tv_sec)) \
-
-
- /* do nothing handler */
- static void myHandler(int signo)
- {
- (void)signo;
- return;
- }
-
-
- static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
- TimeoutCallBack toCb, Timeval timeout)
- {
- int ret = SSL_FATAL_ERROR;
- int oldTimerOn = 0; /* was timer already on */
- Timeval startTime;
- Timeval endTime;
- Timeval totalTime;
- Itimerval myTimeout;
- Itimerval oldTimeout; /* if old timer adjust from total time to reset */
- struct sigaction act, oact;
-
- #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
-
- if (hsCb) {
- ssl->hsInfoOn = 1;
- InitHandShakeInfo(&ssl->handShakeInfo);
- }
- if (toCb) {
- ssl->toInfoOn = 1;
- InitTimeoutInfo(&ssl->timeoutInfo);
-
- if (gettimeofday(&startTime, 0) < 0)
- ERR_OUT(GETTIME_ERROR);
-
- /* use setitimer to simulate getitimer, init 0 myTimeout */
- myTimeout.it_interval.tv_sec = 0;
- myTimeout.it_interval.tv_usec = 0;
- myTimeout.it_value.tv_sec = 0;
- myTimeout.it_value.tv_usec = 0;
- if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
- ERR_OUT(SETITIMER_ERROR);
-
- if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
- oldTimerOn = 1;
-
- /* is old timer going to expire before ours */
- if (CmpTimes(oldTimeout.it_value, timeout, <)) {
- timeout.tv_sec = oldTimeout.it_value.tv_sec;
- timeout.tv_usec = oldTimeout.it_value.tv_usec;
- }
- }
- myTimeout.it_value.tv_sec = timeout.tv_sec;
- myTimeout.it_value.tv_usec = timeout.tv_usec;
-
- /* set up signal handler, don't restart socket send/recv */
- act.sa_handler = myHandler;
- sigemptyset(&act.sa_mask);
- act.sa_flags = 0;
-#ifdef SA_INTERRUPT
- act.sa_flags |= SA_INTERRUPT;
-#endif
- if (sigaction(SIGALRM, &act, &oact) < 0)
- ERR_OUT(SIGACT_ERROR);
-
- if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
- ERR_OUT(SETITIMER_ERROR);
- }
-
- /* do main work */
-#ifndef NO_WOLFSSL_CLIENT
- if (ssl->options.side == WOLFSSL_CLIENT_END)
- ret = wolfSSL_connect(ssl);
-#endif
-#ifndef NO_WOLFSSL_SERVER
- if (ssl->options.side == WOLFSSL_SERVER_END)
- ret = wolfSSL_accept(ssl);
-#endif
-
- /* do callbacks */
- if (toCb) {
- if (oldTimerOn) {
- gettimeofday(&endTime, 0);
- SubtractTimes(endTime, startTime, totalTime);
- /* adjust old timer for elapsed time */
- if (CmpTimes(totalTime, oldTimeout.it_value, <))
- SubtractTimes(oldTimeout.it_value, totalTime,
- oldTimeout.it_value);
- else {
- /* reset value to interval, may be off */
- oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
- oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
- }
- /* keep iter the same whether there or not */
- }
- /* restore old handler */
- if (sigaction(SIGALRM, &oact, 0) < 0)
- ret = SIGACT_ERROR; /* more pressing error, stomp */
- else
- /* use old settings which may turn off (expired or not there) */
- if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
- ret = SETITIMER_ERROR;
-
- /* if we had a timeout call callback */
- if (ssl->timeoutInfo.timeoutName[0]) {
- ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
- ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
- (toCb)(&ssl->timeoutInfo);
- }
- /* clean up */
- FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
- ssl->toInfoOn = 0;
- }
- if (hsCb) {
- FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
- (hsCb)(&ssl->handShakeInfo);
- ssl->hsInfoOn = 0;
- }
- return ret;
- }
-
-
-#ifndef NO_WOLFSSL_CLIENT
-
- int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
- TimeoutCallBack toCb, Timeval timeout)
- {
- WOLFSSL_ENTER("wolfSSL_connect_ex");
- return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
- }
-
-#endif
-
-
-#ifndef NO_WOLFSSL_SERVER
-
- int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
- TimeoutCallBack toCb,Timeval timeout)
- {
- WOLFSSL_ENTER("wolfSSL_accept_ex");
- return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
- }
-
-#endif
-
-#endif /* WOLFSSL_CALLBACKS */
-
-
-#ifndef NO_PSK
-
- void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
- psk_client_callback cb)
- {
- WOLFSSL_ENTER("SSL_CTX_set_psk_client_callback");
- ctx->havePSK = 1;
- ctx->client_psk_cb = cb;
- }
-
-
- void wolfSSL_set_psk_client_callback(WOLFSSL* ssl, psk_client_callback cb)
- {
- byte haveRSA = 1;
-
- WOLFSSL_ENTER("SSL_set_psk_client_callback");
- ssl->options.havePSK = 1;
- ssl->options.client_psk_cb = cb;
-
- #ifdef NO_RSA
- haveRSA = 0;
- #endif
- InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
- ssl->options.haveDH, ssl->options.haveNTRU,
- ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
- ssl->options.side);
- }
-
-
- void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
- psk_server_callback cb)
- {
- WOLFSSL_ENTER("SSL_CTX_set_psk_server_callback");
- ctx->havePSK = 1;
- ctx->server_psk_cb = cb;
- }
-
-
- void wolfSSL_set_psk_server_callback(WOLFSSL* ssl, psk_server_callback cb)
- {
- byte haveRSA = 1;
-
- WOLFSSL_ENTER("SSL_set_psk_server_callback");
- ssl->options.havePSK = 1;
- ssl->options.server_psk_cb = cb;
-
- #ifdef NO_RSA
- haveRSA = 0;
- #endif
- InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
- ssl->options.haveDH, ssl->options.haveNTRU,
- ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
- ssl->options.side);
- }
-
-
- const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
- {
- WOLFSSL_ENTER("SSL_get_psk_identity_hint");
-
- if (ssl == NULL || ssl->arrays == NULL)
- return NULL;
-
- return ssl->arrays->server_hint;
- }
-
-
- const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl)
- {
- WOLFSSL_ENTER("SSL_get_psk_identity");
-
- if (ssl == NULL || ssl->arrays == NULL)
- return NULL;
-
- return ssl->arrays->client_identity;
- }
-
-
- int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint)
- {
- WOLFSSL_ENTER("SSL_CTX_use_psk_identity_hint");
- if (hint == 0)
- ctx->server_hint[0] = 0;
- else {
- XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
- ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
- }
- return SSL_SUCCESS;
- }
-
-
- int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint)
- {
- WOLFSSL_ENTER("SSL_use_psk_identity_hint");
-
- if (ssl == NULL || ssl->arrays == NULL)
- return SSL_FAILURE;
-
- if (hint == 0)
- ssl->arrays->server_hint[0] = 0;
- else {
- XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
- ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
- }
- return SSL_SUCCESS;
- }
-
-#endif /* NO_PSK */
-
-
-#ifdef HAVE_ANON
-
- int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_allow_anon_cipher");
-
- if (ctx == NULL)
- return SSL_FAILURE;
-
- ctx->haveAnon = 1;
-
- return SSL_SUCCESS;
- }
-
-#endif /* HAVE_ANON */
-
-
-#ifndef NO_CERTS
-/* used to be defined on NO_FILESYSTEM only, but are generally useful */
-
- /* wolfSSL extension allows DER files to be loaded from buffers as well */
- int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
- long sz, int format)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer");
- if (format == SSL_FILETYPE_PEM)
- return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
- else
- return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
- }
-
-
- int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz, int format)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
- return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
- }
-
-
- int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz, int format)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
- return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
- }
-
-
- int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer");
- return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
- NULL, 1);
- }
-
- int wolfSSL_use_certificate_buffer(WOLFSSL* ssl,
- const unsigned char* in, long sz, int format)
- {
- WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
- return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
- }
-
-
- int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl,
- const unsigned char* in, long sz, int format)
- {
- WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
- return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
- ssl, NULL, 0);
- }
-
-
- int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
- const unsigned char* in, long sz)
- {
- WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer");
- return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
- ssl, NULL, 1);
- }
-
-
- /* unload any certs or keys that SSL owns, leave CTX as is
- SSL_SUCCESS on ok */
- int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl)
- {
- if (ssl == NULL) {
- WOLFSSL_MSG("Null function arg");
- return BAD_FUNC_ARG;
- }
-
- if (ssl->buffers.weOwnCert) {
- WOLFSSL_MSG("Unloading cert");
- XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
- ssl->buffers.weOwnCert = 0;
- ssl->buffers.certificate.length = 0;
- ssl->buffers.certificate.buffer = NULL;
- }
-
- if (ssl->buffers.weOwnCertChain) {
- WOLFSSL_MSG("Unloading cert chain");
- XFREE(ssl->buffers.certChain.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
- ssl->buffers.weOwnCertChain = 0;
- ssl->buffers.certChain.length = 0;
- ssl->buffers.certChain.buffer = NULL;
- }
-
- if (ssl->buffers.weOwnKey) {
- WOLFSSL_MSG("Unloading key");
- XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
- ssl->buffers.weOwnKey = 0;
- ssl->buffers.key.length = 0;
- ssl->buffers.key.buffer = NULL;
- }
-
- return SSL_SUCCESS;
- }
-
-
- int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs");
-
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- return wolfSSL_CertManagerUnloadCAs(ctx->cm);
- }
-
-/* old NO_FILESYSTEM end */
-#endif /* !NO_CERTS */
-
-
-#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
-
-
- int wolfSSL_add_all_algorithms(void)
- {
- WOLFSSL_ENTER("wolfSSL_add_all_algorithms");
- wolfSSL_Init();
- return SSL_SUCCESS;
- }
-
-
- long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz)
- {
- /* cache size fixed at compile time in wolfSSL */
- (void)ctx;
- (void)sz;
- return 0;
- }
-
-
- void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
- if (mode)
- ctx->quietShutdown = 1;
- }
-
-
- void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
- if (mode)
- ssl->options.quietShutdown = 1;
- }
-
-
- void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
- {
- WOLFSSL_ENTER("SSL_set_bio");
- wolfSSL_set_rfd(ssl, rd->fd);
- wolfSSL_set_wfd(ssl, wr->fd);
-
- ssl->biord = rd;
- ssl->biowr = wr;
- }
-
-
- void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
- STACK_OF(WOLFSSL_X509_NAME)* names)
- {
- (void)ctx;
- (void)names;
- }
-
-
- STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
- {
- (void)fname;
- return 0;
- }
-
-
- int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
- {
- /* TODO:, not needed in goahead */
- (void)ctx;
- return SSL_NOT_IMPLEMENTED;
- }
-
-
- /* keyblock size in bytes or -1 */
- int wolfSSL_get_keyblock_size(WOLFSSL* ssl)
- {
- if (ssl == NULL)
- return SSL_FATAL_ERROR;
-
- return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
- ssl->specs.hash_size);
- }
-
-
- /* store keys returns SSL_SUCCESS or -1 on error */
- int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen,
- unsigned char** sr, unsigned int* srLen,
- unsigned char** cr, unsigned int* crLen)
- {
- if (ssl == NULL || ssl->arrays == NULL)
- return SSL_FATAL_ERROR;
-
- *ms = ssl->arrays->masterSecret;
- *sr = ssl->arrays->serverRandom;
- *cr = ssl->arrays->clientRandom;
-
- *msLen = SECRET_LEN;
- *srLen = RAN_LEN;
- *crLen = RAN_LEN;
-
- return SSL_SUCCESS;
- }
-
-
- void wolfSSL_set_accept_state(WOLFSSL* ssl)
- {
- byte haveRSA = 1;
- byte havePSK = 0;
-
- WOLFSSL_ENTER("SSL_set_accept_state");
- ssl->options.side = WOLFSSL_SERVER_END;
- /* reset suites in case user switched */
-
- #ifdef NO_RSA
- haveRSA = 0;
- #endif
- #ifndef NO_PSK
- havePSK = ssl->options.havePSK;
- #endif
- InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
- ssl->options.haveDH, ssl->options.haveNTRU,
- ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
- ssl->options.side);
- }
-#endif
-
- /* return true if connection established */
- int wolfSSL_is_init_finished(WOLFSSL* ssl)
- {
- if (ssl == NULL)
- return 0;
-
- if (ssl->options.handShakeState == HANDSHAKE_DONE)
- return 1;
-
- return 0;
- }
-
-#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
- void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx,
- WOLFSSL_RSA*(*f)(WOLFSSL*, int, int))
- {
- /* wolfSSL verifies all these internally */
- (void)ctx;
- (void)f;
- }
-
-
- void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
- {
- (void)ssl;
- (void)opt;
- }
-
-
- long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
- {
- /* goahead calls with 0, do nothing */
- WOLFSSL_ENTER("SSL_CTX_set_options");
- (void)ctx;
- return opt;
- }
-
-
- int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd)
- {
- WOLFSSL_ENTER("SSL_set_rfd");
- ssl->rfd = rfd; /* not used directly to allow IO callbacks */
-
- ssl->IOCB_ReadCtx = &ssl->rfd;
-
- return SSL_SUCCESS;
- }
-
-
- int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd)
- {
- WOLFSSL_ENTER("SSL_set_wfd");
- ssl->wfd = wfd; /* not used directly to allow IO callbacks */
-
- ssl->IOCB_WriteCtx = &ssl->wfd;
-
- return SSL_SUCCESS;
- }
-
-
- WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long bits,
- void(*f)(int, int, void*), void* data)
- {
- /* no tmp key needed, actual generation not supported */
- WOLFSSL_ENTER("RSA_generate_key");
- (void)len;
- (void)bits;
- (void)f;
- (void)data;
- return NULL;
- }
-
-
-
- WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
- WOLFSSL_X509_STORE_CTX* ctx)
- {
- (void)ctx;
- return 0;
- }
-
-
- int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
- {
- if (ctx != NULL)
- return ctx->error;
- return 0;
- }
-
-
- int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
- {
- (void)ctx;
- return 0;
- }
-
-
- WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
- {
- static WOLFSSL_BIO_METHOD meth;
-
- WOLFSSL_ENTER("BIO_f_buffer");
- meth.type = BIO_BUFFER;
-
- return &meth;
- }
-
-
- long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size)
- {
- /* wolfSSL has internal buffer, compatibility only */
- WOLFSSL_ENTER("BIO_set_write_buffer_size");
- (void)bio;
- return size;
- }
-
-
- WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void)
- {
- static WOLFSSL_BIO_METHOD meth;
-
- WOLFSSL_ENTER("BIO_f_ssl");
- meth.type = BIO_SSL;
-
- return &meth;
- }
-
-
- WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF)
- {
- WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
- DYNAMIC_TYPE_OPENSSL);
-
- WOLFSSL_ENTER("BIO_new_socket");
- if (bio) {
- bio->type = BIO_SOCKET;
- bio->close = (byte)closeF;
- bio->eof = 0;
- bio->ssl = 0;
- bio->fd = sfd;
- bio->prev = 0;
- bio->next = 0;
- bio->mem = NULL;
- bio->memLen = 0;
- }
- return bio;
- }
-
-
- int wolfSSL_BIO_eof(WOLFSSL_BIO* b)
- {
- WOLFSSL_ENTER("BIO_eof");
- if (b->eof)
- return 1;
-
- return 0;
- }
-
-
- long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
- {
- WOLFSSL_ENTER("BIO_set_ssl");
- b->ssl = ssl;
- b->close = (byte)closeF;
- /* add to ssl for bio free if SSL_free called before/instead of free_all? */
-
- return 0;
- }
-
-
- WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD* method)
- {
- WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
- DYNAMIC_TYPE_OPENSSL);
- WOLFSSL_ENTER("BIO_new");
- if (bio) {
- bio->type = method->type;
- bio->close = 0;
- bio->eof = 0;
- bio->ssl = NULL;
- bio->mem = NULL;
- bio->memLen = 0;
- bio->fd = 0;
- bio->prev = NULL;
- bio->next = NULL;
- }
- return bio;
- }
-
-
- int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, const byte** p)
- {
- if (bio == NULL || p == NULL)
- return SSL_FATAL_ERROR;
-
- *p = bio->mem;
-
- return bio->memLen;
- }
-
-
- WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len)
- {
- WOLFSSL_BIO* bio = NULL;
- if (buf == NULL)
- return bio;
-
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- if (bio == NULL)
- return bio;
-
- bio->memLen = len;
- bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
- if (bio->mem == NULL) {
- XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
- return NULL;
- }
-
- XMEMCPY(bio->mem, buf, len);
-
- return bio;
- }
-
-
-#ifdef USE_WINDOWS_API
- #define CloseSocket(s) closesocket(s)
-#elif defined(WOLFSSL_MDK_ARM)
- #define CloseSocket(s) closesocket(s)
- extern int closesocket(int) ;
-#else
- #define CloseSocket(s) close(s)
-#endif
-
- int wolfSSL_BIO_free(WOLFSSL_BIO* bio)
- {
- /* unchain?, doesn't matter in goahead since from free all */
- WOLFSSL_ENTER("BIO_free");
- if (bio) {
- if (bio->close) {
- if (bio->ssl)
- wolfSSL_free(bio->ssl);
- if (bio->fd)
- CloseSocket(bio->fd);
- }
- if (bio->mem)
- XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);
- XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
- }
- return 0;
- }
-
-
- int wolfSSL_BIO_free_all(WOLFSSL_BIO* bio)
- {
- WOLFSSL_ENTER("BIO_free_all");
- while (bio) {
- WOLFSSL_BIO* next = bio->next;
- wolfSSL_BIO_free(bio);
- bio = next;
- }
- return 0;
- }
-
-
- int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
- {
- int ret;
- WOLFSSL* ssl = 0;
- WOLFSSL_BIO* front = bio;
-
- WOLFSSL_ENTER("BIO_read");
- /* already got eof, again is error */
- if (front->eof)
- return SSL_FATAL_ERROR;
-
- while(bio && ((ssl = bio->ssl) == 0) )
- bio = bio->next;
-
- if (ssl == 0) return BAD_FUNC_ARG;
-
- ret = wolfSSL_read(ssl, buf, len);
- if (ret == 0)
- front->eof = 1;
- else if (ret < 0) {
- int err = wolfSSL_get_error(ssl, 0);
- if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
- front->eof = 1;
- }
- return ret;
- }
-
-
- int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
- {
- int ret;
- WOLFSSL* ssl = 0;
- WOLFSSL_BIO* front = bio;
-
- WOLFSSL_ENTER("BIO_write");
- /* already got eof, again is error */
- if (front->eof)
- return SSL_FATAL_ERROR;
-
- while(bio && ((ssl = bio->ssl) == 0) )
- bio = bio->next;
-
- if (ssl == 0) return BAD_FUNC_ARG;
-
- ret = wolfSSL_write(ssl, data, len);
- if (ret == 0)
- front->eof = 1;
- else if (ret < 0) {
- int err = wolfSSL_get_error(ssl, 0);
- if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
- front->eof = 1;
- }
-
- return ret;
- }
-
-
- WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO* top, WOLFSSL_BIO* append)
- {
- WOLFSSL_ENTER("BIO_push");
- top->next = append;
- append->prev = top;
-
- return top;
- }
-
-
- int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
- {
- /* for wolfSSL no flushing needed */
- WOLFSSL_ENTER("BIO_flush");
- (void)bio;
- return 1;
- }
-
-
-#endif /* OPENSSL_EXTRA || GOAHEAD_WS */
-
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-
- void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
- void* userdata)
- {
- WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
- ctx->userdata = userdata;
- }
-
-
- void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, pem_password_cb cb)
- {
- WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb");
- ctx->passwd_cb = cb;
- }
-
- int wolfSSL_num_locks(void)
- {
- return 0;
- }
-
- void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, int))
- {
- (void)f;
- }
-
- void wolfSSL_set_id_callback(unsigned long (*f)(void))
- {
- (void)f;
- }
-
- unsigned long wolfSSL_ERR_get_error(void)
- {
- /* TODO: */
- return 0;
- }
-
-#ifndef NO_MD5
-
- int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
- const WOLFSSL_EVP_MD* md, const byte* salt,
- const byte* data, int sz, int count, byte* key, byte* iv)
- {
- int keyLen = 0;
- int ivLen = 0;
- int j;
- int keyLeft;
- int ivLeft;
- int keyOutput = 0;
- byte digest[MD5_DIGEST_SIZE];
- #ifdef WOLFSSL_SMALL_STACK
- Md5* md5 = NULL;
- #else
- Md5 md5[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- return 0;
- #endif
-
- WOLFSSL_ENTER("EVP_BytesToKey");
- wc_InitMd5(md5);
-
- /* only support MD5 for now */
- if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
-
- /* only support CBC DES and AES for now */
- if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
- keyLen = DES_KEY_SIZE;
- ivLen = DES_IV_SIZE;
- }
- else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
- keyLen = DES3_KEY_SIZE;
- ivLen = DES_IV_SIZE;
- }
- else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
- keyLen = AES_128_KEY_SIZE;
- ivLen = AES_IV_SIZE;
- }
- else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
- keyLen = AES_192_KEY_SIZE;
- ivLen = AES_IV_SIZE;
- }
- else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
- keyLen = AES_256_KEY_SIZE;
- ivLen = AES_IV_SIZE;
- }
- else {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return 0;
- }
-
- keyLeft = keyLen;
- ivLeft = ivLen;
-
- while (keyOutput < (keyLen + ivLen)) {
- int digestLeft = MD5_DIGEST_SIZE;
- /* D_(i - 1) */
- if (keyOutput) /* first time D_0 is empty */
- wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
- /* data */
- wc_Md5Update(md5, data, sz);
- /* salt */
- if (salt)
- wc_Md5Update(md5, salt, EVP_SALT_SIZE);
- wc_Md5Final(md5, digest);
- /* count */
- for (j = 1; j < count; j++) {
- wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
- wc_Md5Final(md5, digest);
- }
-
- if (keyLeft) {
- int store = min(keyLeft, MD5_DIGEST_SIZE);
- XMEMCPY(&key[keyLen - keyLeft], digest, store);
-
- keyOutput += store;
- keyLeft -= store;
- digestLeft -= store;
- }
-
- if (ivLeft && digestLeft) {
- int store = min(ivLeft, digestLeft);
- XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
- digestLeft], store);
- keyOutput += store;
- ivLeft -= store;
- }
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- return keyOutput == (keyLen + ivLen) ? keyOutput : 0;
- }
-
-#endif /* NO_MD5 */
-
-#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
-
-
-#ifdef OPENSSL_EXTRA
-
- unsigned long wolfSSLeay(void)
- {
- return SSLEAY_VERSION_NUMBER;
- }
-
-
- const char* wolfSSLeay_version(int type)
- {
- static const char* version = "SSLeay wolfSSL compatibility";
- (void)type;
- return version;
- }
-
-
-#ifndef NO_MD5
- void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
- {
- typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
- (void)sizeof(md5_test);
-
- WOLFSSL_ENTER("MD5_Init");
- wc_InitMd5((Md5*)md5);
- }
-
-
- void wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input,
- unsigned long sz)
- {
- WOLFSSL_ENTER("wolfSSL_MD5_Update");
- wc_Md5Update((Md5*)md5, (const byte*)input, (word32)sz);
- }
-
-
- void wolfSSL_MD5_Final(byte* input, WOLFSSL_MD5_CTX* md5)
- {
- WOLFSSL_ENTER("MD5_Final");
- wc_Md5Final((Md5*)md5, input);
- }
-#endif /* NO_MD5 */
-
-
-#ifndef NO_SHA
- void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
- {
- typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
- (void)sizeof(sha_test);
-
- WOLFSSL_ENTER("SHA_Init");
- wc_InitSha((Sha*)sha); /* OpenSSL compat, no ret */
- }
-
-
- void wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input,
- unsigned long sz)
- {
- WOLFSSL_ENTER("SHA_Update");
- wc_ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz);
- }
-
-
- void wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha)
- {
- WOLFSSL_ENTER("SHA_Final");
- wc_ShaFinal((Sha*)sha, input);
- }
-
-
- void wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
- {
- WOLFSSL_ENTER("SHA1_Init");
- SHA_Init(sha);
- }
-
-
- void wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
- unsigned long sz)
- {
- WOLFSSL_ENTER("SHA1_Update");
- SHA_Update(sha, input, sz);
- }
-
-
- void wolfSSL_SHA1_Final(byte* input, WOLFSSL_SHA_CTX* sha)
- {
- WOLFSSL_ENTER("SHA1_Final");
- SHA_Final(input, sha);
- }
-#endif /* NO_SHA */
-
-
- void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
- {
- typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
- (void)sizeof(sha_test);
-
- WOLFSSL_ENTER("SHA256_Init");
- wc_InitSha256((Sha256*)sha256); /* OpenSSL compat, no error */
- }
-
-
- void wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input,
- unsigned long sz)
- {
- WOLFSSL_ENTER("SHA256_Update");
- wc_Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz);
- /* OpenSSL compat, no error */
- }
-
-
- void wolfSSL_SHA256_Final(byte* input, WOLFSSL_SHA256_CTX* sha)
- {
- WOLFSSL_ENTER("SHA256_Final");
- wc_Sha256Final((Sha256*)sha, input);
- /* OpenSSL compat, no error */
- }
-
-
- #ifdef WOLFSSL_SHA384
-
- void wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha)
- {
- typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
- (void)sizeof(sha_test);
-
- WOLFSSL_ENTER("SHA384_Init");
- wc_InitSha384((Sha384*)sha); /* OpenSSL compat, no error */
- }
-
-
- void wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
- unsigned long sz)
- {
- WOLFSSL_ENTER("SHA384_Update");
- wc_Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz);
- /* OpenSSL compat, no error */
- }
-
-
- void wolfSSL_SHA384_Final(byte* input, WOLFSSL_SHA384_CTX* sha)
- {
- WOLFSSL_ENTER("SHA384_Final");
- wc_Sha384Final((Sha384*)sha, input);
- /* OpenSSL compat, no error */
- }
-
- #endif /* WOLFSSL_SHA384 */
-
-
- #ifdef WOLFSSL_SHA512
-
- void wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha)
- {
- typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
- (void)sizeof(sha_test);
-
- WOLFSSL_ENTER("SHA512_Init");
- wc_InitSha512((Sha512*)sha); /* OpenSSL compat, no error */
- }
-
-
- void wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, const void* input,
- unsigned long sz)
- {
- WOLFSSL_ENTER("SHA512_Update");
- wc_Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz);
- /* OpenSSL compat, no error */
- }
-
-
- void wolfSSL_SHA512_Final(byte* input, WOLFSSL_SHA512_CTX* sha)
- {
- WOLFSSL_ENTER("SHA512_Final");
- wc_Sha512Final((Sha512*)sha, input);
- /* OpenSSL compat, no error */
- }
-
- #endif /* WOLFSSL_SHA512 */
-
-
- #ifndef NO_MD5
-
- const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
- {
- static const char* type = "MD5";
- WOLFSSL_ENTER("EVP_md5");
- return type;
- }
-
- #endif /* NO_MD5 */
-
-
-#ifndef NO_SHA
- const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
- {
- static const char* type = "SHA";
- WOLFSSL_ENTER("EVP_sha1");
- return type;
- }
-#endif /* NO_SHA */
-
-
- const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
- {
- static const char* type = "SHA256";
- WOLFSSL_ENTER("EVP_sha256");
- return type;
- }
-
- #ifdef WOLFSSL_SHA384
-
- const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
- {
- static const char* type = "SHA384";
- WOLFSSL_ENTER("EVP_sha384");
- return type;
- }
-
- #endif /* WOLFSSL_SHA384 */
-
- #ifdef WOLFSSL_SHA512
-
- const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
- {
- static const char* type = "SHA512";
- WOLFSSL_ENTER("EVP_sha512");
- return type;
- }
-
- #endif /* WOLFSSL_SHA512 */
-
-
- void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
- {
- WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init");
- (void)ctx;
- /* do nothing */
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
- {
- static const char* type = "AES128-CBC";
- WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
- {
- static const char* type = "AES192-CBC";
- WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
- {
- static const char* type = "AES256-CBC";
- WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
- {
- static const char* type = "AES128-CTR";
- WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
- {
- static const char* type = "AES192-CTR";
- WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
- {
- static const char* type = "AES256-CTR";
- WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
- {
- static const char* type = "DES-CBC";
- WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
- {
- static const char* type = "DES-EDE3-CBC";
- WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void)
- {
- static const char* type = "ARC4";
- WOLFSSL_ENTER("wolfSSL_EVP_rc4");
- return type;
- }
-
-
- const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void)
- {
- static const char* type = "NULL";
- WOLFSSL_ENTER("wolfSSL_EVP_enc_null");
- return type;
- }
-
-
- int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx)
- {
- WOLFSSL_ENTER("EVP_MD_CTX_cleanup");
- (void)ctx;
- return 0;
- }
-
-
-
- void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx)
- {
- WOLFSSL_ENTER("EVP_CIPHER_CTX_init");
- if (ctx) {
- ctx->cipherType = 0xff; /* no init */
- ctx->keyLen = 0;
- ctx->enc = 1; /* start in encrypt mode */
- }
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx)
- {
- WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup");
- if (ctx) {
- ctx->cipherType = 0xff; /* no more init */
- ctx->keyLen = 0;
- }
-
- return SSL_SUCCESS;
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
- const WOLFSSL_EVP_CIPHER* type, byte* key,
- byte* iv, int enc)
- {
-#if defined(NO_AES) && defined(NO_DES3)
- (void)iv;
- (void)enc;
-#else
- int ret = 0;
-#endif
-
- WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
- if (ctx == NULL) {
- WOLFSSL_MSG("no ctx");
- return 0; /* failure */
- }
-
- if (type == NULL && ctx->cipherType == 0xff) {
- WOLFSSL_MSG("no type set");
- return 0; /* failure */
- }
-
-#ifndef NO_AES
- if (ctx->cipherType == AES_128_CBC_TYPE || (type &&
- XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
- WOLFSSL_MSG("AES-128-CBC");
- ctx->cipherType = AES_128_CBC_TYPE;
- ctx->keyLen = 16;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
- ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
- if (ret != 0)
- return ret;
- }
- if (iv && key == NULL) {
- ret = wc_AesSetIV(&ctx->cipher.aes, iv);
- if (ret != 0)
- return ret;
- }
- }
- else if (ctx->cipherType == AES_192_CBC_TYPE || (type &&
- XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
- WOLFSSL_MSG("AES-192-CBC");
- ctx->cipherType = AES_192_CBC_TYPE;
- ctx->keyLen = 24;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
- ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
- if (ret != 0)
- return ret;
- }
- if (iv && key == NULL) {
- ret = wc_AesSetIV(&ctx->cipher.aes, iv);
- if (ret != 0)
- return ret;
- }
- }
- else if (ctx->cipherType == AES_256_CBC_TYPE || (type &&
- XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
- WOLFSSL_MSG("AES-256-CBC");
- ctx->cipherType = AES_256_CBC_TYPE;
- ctx->keyLen = 32;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
- ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
- if (ret != 0)
- return ret;
- }
- if (iv && key == NULL) {
- ret = wc_AesSetIV(&ctx->cipher.aes, iv);
- if (ret != 0)
- return ret;
- }
- }
-#ifdef WOLFSSL_AES_COUNTER
- else if (ctx->cipherType == AES_128_CTR_TYPE || (type &&
- XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
- WOLFSSL_MSG("AES-128-CTR");
- ctx->cipherType = AES_128_CTR_TYPE;
- ctx->keyLen = 16;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
- AES_ENCRYPTION);
- if (ret != 0)
- return ret;
- }
- if (iv && key == NULL) {
- ret = wc_AesSetIV(&ctx->cipher.aes, iv);
- if (ret != 0)
- return ret;
- }
- }
- else if (ctx->cipherType == AES_192_CTR_TYPE || (type &&
- XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
- WOLFSSL_MSG("AES-192-CTR");
- ctx->cipherType = AES_192_CTR_TYPE;
- ctx->keyLen = 24;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
- AES_ENCRYPTION);
- if (ret != 0)
- return ret;
- }
- if (iv && key == NULL) {
- ret = wc_AesSetIV(&ctx->cipher.aes, iv);
- if (ret != 0)
- return ret;
- }
- }
- else if (ctx->cipherType == AES_256_CTR_TYPE || (type &&
- XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
- WOLFSSL_MSG("AES-256-CTR");
- ctx->cipherType = AES_256_CTR_TYPE;
- ctx->keyLen = 32;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
- AES_ENCRYPTION);
- if (ret != 0)
- return ret;
- }
- if (iv && key == NULL) {
- ret = wc_AesSetIV(&ctx->cipher.aes, iv);
- if (ret != 0)
- return ret;
- }
- }
-#endif /* WOLFSSL_AES_CTR */
-#endif /* NO_AES */
-
-#ifndef NO_DES3
- else if (ctx->cipherType == DES_CBC_TYPE || (type &&
- XSTRNCMP(type, "DES-CBC", 7) == 0)) {
- WOLFSSL_MSG("DES-CBC");
- ctx->cipherType = DES_CBC_TYPE;
- ctx->keyLen = 8;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_Des_SetKey(&ctx->cipher.des, key, iv,
- ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
- if (ret != 0)
- return ret;
- }
-
- if (iv && key == NULL)
- wc_Des_SetIV(&ctx->cipher.des, iv);
- }
- else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type &&
- XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
- WOLFSSL_MSG("DES-EDE3-CBC");
- ctx->cipherType = DES_EDE3_CBC_TYPE;
- ctx->keyLen = 24;
- if (enc == 0 || enc == 1)
- ctx->enc = enc ? 1 : 0;
- if (key) {
- ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv,
- ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
- if (ret != 0)
- return ret;
- }
-
- if (iv && key == NULL) {
- ret = wc_Des3_SetIV(&ctx->cipher.des3, iv);
- if (ret != 0)
- return ret;
- }
- }
-#endif /* NO_DES3 */
-#ifndef NO_RC4
- else if (ctx->cipherType == ARC4_TYPE || (type &&
- XSTRNCMP(type, "ARC4", 4) == 0)) {
- WOLFSSL_MSG("ARC4");
- ctx->cipherType = ARC4_TYPE;
- if (ctx->keyLen == 0) /* user may have already set */
- ctx->keyLen = 16; /* default to 128 */
- if (key)
- wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
- }
-#endif /* NO_RC4 */
- else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
- XSTRNCMP(type, "NULL", 4) == 0)) {
- WOLFSSL_MSG("NULL cipher");
- ctx->cipherType = NULL_CIPHER_TYPE;
- ctx->keyLen = 0;
- }
- else
- return 0; /* failure */
-
-
- return SSL_SUCCESS;
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx)
- {
- WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length");
- if (ctx)
- return ctx->keyLen;
-
- return 0; /* failure */
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
- int keylen)
- {
- WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length");
- if (ctx)
- ctx->keyLen = keylen;
- else
- return 0; /* failure */
-
- return SSL_SUCCESS;
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
- word32 len)
- {
- int ret = 0;
- WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
-
- if (ctx == NULL || dst == NULL || src == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return 0; /* failure */
- }
-
- if (ctx->cipherType == 0xff) {
- WOLFSSL_MSG("no init");
- return 0; /* failure */
- }
-
- switch (ctx->cipherType) {
-
-#ifndef NO_AES
- case AES_128_CBC_TYPE :
- case AES_192_CBC_TYPE :
- case AES_256_CBC_TYPE :
- WOLFSSL_MSG("AES CBC");
- if (ctx->enc)
- ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
- else
- ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
- break;
-
-#ifdef WOLFSSL_AES_COUNTER
- case AES_128_CTR_TYPE :
- case AES_192_CTR_TYPE :
- case AES_256_CTR_TYPE :
- WOLFSSL_MSG("AES CTR");
- wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
- break;
-#endif
-#endif /* NO_AES */
-
-#ifndef NO_DES3
- case DES_CBC_TYPE :
- if (ctx->enc)
- wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
- else
- wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
- break;
-
- case DES_EDE3_CBC_TYPE :
- if (ctx->enc)
- ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
- else
- ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
- break;
-#endif
-
-#ifndef NO_RC4
- case ARC4_TYPE :
- wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
- break;
-#endif
-
- case NULL_CIPHER_TYPE :
- XMEMCPY(dst, src, len);
- break;
-
- default: {
- WOLFSSL_MSG("bad type");
- return 0; /* failure */
- }
- }
-
- if (ret != 0) {
- WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
- return 0; /* failuer */
- }
-
- WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
- return SSL_SUCCESS; /* success */
- }
-
-
- /* store for external read of iv, SSL_SUCCESS on success */
- int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
- {
- WOLFSSL_ENTER("wolfSSL_StoreExternalIV");
-
- if (ctx == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return SSL_FATAL_ERROR;
- }
-
- switch (ctx->cipherType) {
-
-#ifndef NO_AES
- case AES_128_CBC_TYPE :
- case AES_192_CBC_TYPE :
- case AES_256_CBC_TYPE :
- WOLFSSL_MSG("AES CBC");
- memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
- break;
-
-#ifdef WOLFSSL_AES_COUNTER
- case AES_128_CTR_TYPE :
- case AES_192_CTR_TYPE :
- case AES_256_CTR_TYPE :
- WOLFSSL_MSG("AES CTR");
- memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
- break;
-#endif /* WOLFSSL_AES_COUNTER */
-
-#endif /* NO_AES */
-
-#ifndef NO_DES3
- case DES_CBC_TYPE :
- WOLFSSL_MSG("DES CBC");
- memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
- break;
-
- case DES_EDE3_CBC_TYPE :
- WOLFSSL_MSG("DES EDE3 CBC");
- memcpy(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
- break;
-#endif
-
- case ARC4_TYPE :
- WOLFSSL_MSG("ARC4");
- break;
-
- case NULL_CIPHER_TYPE :
- WOLFSSL_MSG("NULL");
- break;
-
- default: {
- WOLFSSL_MSG("bad type");
- return SSL_FATAL_ERROR;
- }
- }
- return SSL_SUCCESS;
- }
-
-
- /* set internal IV from external, SSL_SUCCESS on success */
- int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
- {
-
- WOLFSSL_ENTER("wolfSSL_SetInternalIV");
-
- if (ctx == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return SSL_FATAL_ERROR;
- }
-
- switch (ctx->cipherType) {
-
-#ifndef NO_AES
- case AES_128_CBC_TYPE :
- case AES_192_CBC_TYPE :
- case AES_256_CBC_TYPE :
- WOLFSSL_MSG("AES CBC");
- memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
- break;
-
-#ifdef WOLFSSL_AES_COUNTER
- case AES_128_CTR_TYPE :
- case AES_192_CTR_TYPE :
- case AES_256_CTR_TYPE :
- WOLFSSL_MSG("AES CTR");
- memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
- break;
-#endif
-
-#endif /* NO_AES */
-
-#ifndef NO_DES3
- case DES_CBC_TYPE :
- WOLFSSL_MSG("DES CBC");
- memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
- break;
-
- case DES_EDE3_CBC_TYPE :
- WOLFSSL_MSG("DES EDE3 CBC");
- memcpy(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
- break;
-#endif
-
- case ARC4_TYPE :
- WOLFSSL_MSG("ARC4");
- break;
-
- case NULL_CIPHER_TYPE :
- WOLFSSL_MSG("NULL");
- break;
-
- default: {
- WOLFSSL_MSG("bad type");
- return SSL_FATAL_ERROR;
- }
- }
- return SSL_SUCCESS;
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type)
- {
- WOLFSSL_ENTER("EVP_DigestInit");
- if (XSTRNCMP(type, "SHA256", 6) == 0) {
- ctx->macType = SHA256;
- wolfSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
- }
- #ifdef WOLFSSL_SHA384
- else if (XSTRNCMP(type, "SHA384", 6) == 0) {
- ctx->macType = SHA384;
- wolfSSL_SHA384_Init((SHA384_CTX*)&ctx->hash);
- }
- #endif
- #ifdef WOLFSSL_SHA512
- else if (XSTRNCMP(type, "SHA512", 6) == 0) {
- ctx->macType = SHA512;
- wolfSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
- }
- #endif
- #ifndef NO_MD5
- else if (XSTRNCMP(type, "MD5", 3) == 0) {
- ctx->macType = MD5;
- wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
- }
- #endif
- #ifndef NO_SHA
- /* has to be last since would pick or 256, 384, or 512 too */
- else if (XSTRNCMP(type, "SHA", 3) == 0) {
- ctx->macType = SHA;
- wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash);
- }
- #endif /* NO_SHA */
- else
- return BAD_FUNC_ARG;
-
- return SSL_SUCCESS;
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
- unsigned long sz)
- {
- WOLFSSL_ENTER("EVP_DigestUpdate");
-
- switch (ctx->macType) {
-#ifndef NO_MD5
- case MD5:
- wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
- (unsigned long)sz);
- break;
-#endif
-#ifndef NO_SHA
- case SHA:
- wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
- (unsigned long)sz);
- break;
-#endif
-#ifndef NO_SHA256
- case SHA256:
- wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
- (unsigned long)sz);
- break;
-#endif
-#ifdef WOLFSSL_SHA384
- case SHA384:
- wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
- (unsigned long)sz);
- break;
-#endif
-#ifdef WOLFSSL_SHA512
- case SHA512:
- wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
- (unsigned long)sz);
- break;
-#endif
- default:
- return BAD_FUNC_ARG;
- }
-
- return SSL_SUCCESS;
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
- unsigned int* s)
- {
- WOLFSSL_ENTER("EVP_DigestFinal");
- switch (ctx->macType) {
-#ifndef NO_MD5
- case MD5:
- wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
- if (s) *s = MD5_DIGEST_SIZE;
- break;
-#endif
-#ifndef NO_SHA
- case SHA:
- wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
- if (s) *s = SHA_DIGEST_SIZE;
- break;
-#endif
-#ifndef NO_SHA256
- case SHA256:
- wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
- if (s) *s = SHA256_DIGEST_SIZE;
- break;
-#endif
-#ifdef WOLFSSL_SHA384
- case SHA384:
- wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
- if (s) *s = SHA384_DIGEST_SIZE;
- break;
-#endif
-#ifdef WOLFSSL_SHA512
- case SHA512:
- wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
- if (s) *s = SHA512_DIGEST_SIZE;
- break;
-#endif
- default:
- return BAD_FUNC_ARG;
- }
-
- return SSL_SUCCESS;
- }
-
-
- /* SSL_SUCCESS on ok */
- int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
- unsigned int* s)
- {
- WOLFSSL_ENTER("EVP_DigestFinal_ex");
- return EVP_DigestFinal(ctx, md, s);
- }
-
-
- unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
- int key_len, const unsigned char* d, int n,
- unsigned char* md, unsigned int* md_len)
- {
- int type;
- unsigned char* ret = NULL;
-#ifdef WOLFSSL_SMALL_STACK
- Hmac* hmac = NULL;
-#else
- Hmac hmac[1];
-#endif
-
- WOLFSSL_ENTER("HMAC");
- if (!md)
- return NULL; /* no static buffer support */
-
- if (XSTRNCMP(evp_md, "MD5", 3) == 0)
- type = MD5;
- else if (XSTRNCMP(evp_md, "SHA", 3) == 0)
- type = SHA;
- else
- return NULL;
-
- #ifdef WOLFSSL_SMALL_STACK
- hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (hmac == NULL)
- return NULL;
- #endif
-
- if (wc_HmacSetKey(hmac, type, (const byte*)key, key_len) == 0)
- if (wc_HmacUpdate(hmac, d, n) == 0)
- if (wc_HmacFinal(hmac, md) == 0) {
- if (md_len)
- *md_len = (type == MD5) ? (int)MD5_DIGEST_SIZE
- : (int)SHA_DIGEST_SIZE;
- ret = md;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- return ret;
- }
-
- void wolfSSL_ERR_clear_error(void)
- {
- /* TODO: */
- }
-
-
- int wolfSSL_RAND_status(void)
- {
- return SSL_SUCCESS; /* wolfCrypt provides enough seed internally */
- }
-
-
-
- void wolfSSL_RAND_add(const void* add, int len, double entropy)
- {
- (void)add;
- (void)len;
- (void)entropy;
-
- /* wolfSSL seeds/adds internally, use explicit RNG if you want
- to take control */
- }
-
-
-#ifndef NO_DES3
- /* SSL_SUCCESS on ok */
- int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
- WOLFSSL_DES_key_schedule* schedule)
- {
- WOLFSSL_ENTER("DES_key_sched");
- XMEMCPY(schedule, key, sizeof(const_DES_cblock));
- return SSL_SUCCESS;
- }
-
-
- void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
- unsigned char* output, long length,
- WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
- int enc)
- {
- Des myDes;
-
- WOLFSSL_ENTER("DES_cbc_encrypt");
-
- /* OpenSSL compat, no ret */
- wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
-
- if (enc)
- wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
- else
- wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
- }
-
-
- /* correctly sets ivec for next call */
- void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
- unsigned char* output, long length,
- WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
- int enc)
- {
- Des myDes;
-
- WOLFSSL_ENTER("DES_ncbc_encrypt");
-
- /* OpenSSL compat, no ret */
- wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
-
- if (enc)
- wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
- else
- wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
-
- XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
- }
-
-#endif /* NO_DES3 */
-
-
- void wolfSSL_ERR_free_strings(void)
- {
- /* handled internally */
- }
-
-
- void wolfSSL_ERR_remove_state(unsigned long state)
- {
- /* TODO: GetErrors().Remove(); */
- (void)state;
- }
-
-
- void wolfSSL_EVP_cleanup(void)
- {
- /* nothing to do here */
- }
-
-
- void wolfSSL_cleanup_all_ex_data(void)
- {
- /* nothing to do here */
- }
-
-
- int wolfSSL_clear(WOLFSSL* ssl)
- {
- (void)ssl;
- /* TODO: GetErrors().Remove(); */
- return SSL_SUCCESS;
- }
-
-
- long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
- {
- word32 tmptime;
- if (!ses || t < 0)
- return BAD_FUNC_ARG;
-
- tmptime = t & 0xFFFFFFFF;
-
- ses->timeout = tmptime;
-
- return SSL_SUCCESS;
- }
-
-
- long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode)
- {
- /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */
-
- WOLFSSL_ENTER("SSL_CTX_set_mode");
- if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
- ctx->partialWrite = 1;
-
- return mode;
- }
-
-
- long wolfSSL_SSL_get_mode(WOLFSSL* ssl)
- {
- /* TODO: */
- (void)ssl;
- return 0;
- }
-
-
- long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx)
- {
- /* TODO: */
- (void)ctx;
- return 0;
- }
-
-
- void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m)
- {
- /* TODO: maybe? */
- (void)ctx;
- (void)m;
- }
-
-
- int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
- const unsigned char* sid_ctx,
- unsigned int sid_ctx_len)
- {
- /* No application specific context needed for wolfSSL */
- (void)ctx;
- (void)sid_ctx;
- (void)sid_ctx_len;
- return SSL_SUCCESS;
- }
-
-
- long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
- {
- /* TODO: maybe? */
- (void)ctx;
- return (~0);
- }
-
- unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
- const char** data, int *flags)
- {
- /* Not implemented */
- (void)file;
- (void)line;
- (void)data;
- (void)flags;
- return 0;
- }
-
-#endif /* OPENSSL_EXTRA */
-
-
-#if defined(KEEP_PEER_CERT)
-
- WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl)
- {
- WOLFSSL_ENTER("SSL_get_peer_certificate");
- if (ssl->peerCert.issuer.sz)
- return &ssl->peerCert;
- else
- return 0;
- }
-
-#endif /* KEEP_PEER_CERT */
-
-
-#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
-
- void wolfSSL_FreeX509(WOLFSSL_X509* x509)
- {
- WOLFSSL_ENTER("wolfSSL_FreeX509");
- FreeX509(x509);
- }
-
-
- /* return the next, if any, altname from the peer cert */
- char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
- {
- char* ret = NULL;
- WOLFSSL_ENTER("wolfSSL_X509_get_next_altname");
-
- /* don't have any to work with */
- if (cert == NULL || cert->altNames == NULL)
- return NULL;
-
- /* already went through them */
- if (cert->altNamesNext == NULL)
- return NULL;
-
- ret = cert->altNamesNext->name;
- cert->altNamesNext = cert->altNamesNext->next;
-
- return ret;
- }
-
-
- WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
- {
- WOLFSSL_ENTER("X509_get_issuer_name");
- return &cert->issuer;
- }
-
-
- WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
- {
- WOLFSSL_ENTER("X509_get_subject_name");
- return &cert->subject;
- }
-
-
- int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
- {
- int isCA = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_isCA");
-
- if (x509 != NULL)
- isCA = x509->isCa;
-
- WOLFSSL_LEAVE("wolfSSL_X509_get_isCA", isCA);
-
- return isCA;
- }
-
-
-#ifdef OPENSSL_EXTRA
- int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
- {
- int isSet = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_ext_isSet_by_NID");
-
- if (x509 != NULL) {
- switch (nid) {
- case BASIC_CA_OID: isSet = x509->basicConstSet; break;
- case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
- case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
- case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
- case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
- #ifdef WOLFSSL_SEP
- case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
- #endif /* WOLFSSL_SEP */
- }
- }
-
- WOLFSSL_LEAVE("wolfSSL_X509_ext_isSet_by_NID", isSet);
-
- return isSet;
- }
-
-
- int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid)
- {
- int crit = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_ext_get_critical_by_NID");
-
- if (x509 != NULL) {
- switch (nid) {
- case BASIC_CA_OID: crit = x509->basicConstCrit; break;
- case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
- case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
- case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
- case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
- #ifdef WOLFSSL_SEP
- case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
- #endif /* WOLFSSL_SEP */
- }
- }
-
- WOLFSSL_LEAVE("wolfSSL_X509_ext_get_critical_by_NID", crit);
-
- return crit;
- }
-
-
- int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509)
- {
- int isSet = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_isSet_pathLength");
-
- if (x509 != NULL)
- isSet = x509->basicConstPlSet;
-
- WOLFSSL_LEAVE("wolfSSL_X509_get_isSet_pathLength", isSet);
-
- return isSet;
- }
-
-
- word32 wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509)
- {
- word32 pathLength = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_pathLength");
-
- if (x509 != NULL)
- pathLength = x509->pathLength;
-
- WOLFSSL_LEAVE("wolfSSL_X509_get_pathLength", pathLength);
-
- return pathLength;
- }
-
-
- unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509)
- {
- word16 usage = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_keyUsage");
-
- if (x509 != NULL)
- usage = x509->keyUsage;
-
- WOLFSSL_LEAVE("wolfSSL_X509_get_keyUsage", usage);
-
- return usage;
- }
-
-
- byte* wolfSSL_X509_get_authorityKeyID(
- WOLFSSL_X509* x509, byte* dst, int* dstLen)
- {
- byte *id = NULL;
- int copySz = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_authorityKeyID");
-
- if (x509 != NULL) {
- if (x509->authKeyIdSet) {
- copySz = min(dstLen != NULL ? *dstLen : 0,
- (int)x509->authKeyIdSz);
- id = x509->authKeyId;
- }
-
- if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
- XMEMCPY(dst, id, copySz);
- id = dst;
- *dstLen = copySz;
- }
- }
-
- WOLFSSL_LEAVE("wolfSSL_X509_get_authorityKeyID", copySz);
-
- return id;
- }
-
-
- byte* wolfSSL_X509_get_subjectKeyID(
- WOLFSSL_X509* x509, byte* dst, int* dstLen)
- {
- byte *id = NULL;
- int copySz = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_subjectKeyID");
-
- if (x509 != NULL) {
- if (x509->subjKeyIdSet) {
- copySz = min(dstLen != NULL ? *dstLen : 0,
- (int)x509->subjKeyIdSz);
- id = x509->subjKeyId;
- }
-
- if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
- XMEMCPY(dst, id, copySz);
- id = dst;
- *dstLen = copySz;
- }
- }
-
- WOLFSSL_LEAVE("wolfSSL_X509_get_subjectKeyID", copySz);
-
- return id;
- }
-
-
- int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
- {
- int count = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count");
-
- if (name != NULL)
- count = name->fullName.entryCount;
-
- WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count);
- return count;
- }
-
-
- int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
- int nid, char* buf, int len)
- {
- char *text = NULL;
- int textSz = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID");
-
- switch (nid) {
- case ASN_COMMON_NAME:
- text = name->fullName.fullName + name->fullName.cnIdx;
- textSz = name->fullName.cnLen;
- break;
- case ASN_SUR_NAME:
- text = name->fullName.fullName + name->fullName.snIdx;
- textSz = name->fullName.snLen;
- break;
- case ASN_SERIAL_NUMBER:
- text = name->fullName.fullName + name->fullName.serialIdx;
- textSz = name->fullName.serialLen;
- break;
- case ASN_COUNTRY_NAME:
- text = name->fullName.fullName + name->fullName.cIdx;
- textSz = name->fullName.cLen;
- break;
- case ASN_LOCALITY_NAME:
- text = name->fullName.fullName + name->fullName.lIdx;
- textSz = name->fullName.lLen;
- break;
- case ASN_STATE_NAME:
- text = name->fullName.fullName + name->fullName.stIdx;
- textSz = name->fullName.stLen;
- break;
- case ASN_ORG_NAME:
- text = name->fullName.fullName + name->fullName.oIdx;
- textSz = name->fullName.oLen;
- break;
- case ASN_ORGUNIT_NAME:
- text = name->fullName.fullName + name->fullName.ouIdx;
- textSz = name->fullName.ouLen;
- break;
- default:
- break;
- }
-
- if (buf != NULL && text != NULL) {
- textSz = min(textSz, len);
- XMEMCPY(buf, text, textSz);
- buf[textSz] = '\0';
- }
-
- WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
- return textSz;
- }
-#endif
-
-
- /* copy name into in buffer, at most sz bytes, if buffer is null will
- malloc buffer, call responsible for freeing */
- char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
- {
- int copySz = min(sz, name->sz);
-
- WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
- if (!name->sz) return in;
-
- if (!in) {
- in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
- if (!in ) return in;
- copySz = name->sz;
- }
-
- if (copySz == 0)
- return in;
-
- XMEMCPY(in, name->name, copySz - 1);
- in[copySz - 1] = 0;
-
- return in;
- }
-
-
- int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509)
- {
- int type = 0;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_signature_type");
-
- if (x509 != NULL)
- type = x509->sigOID;
-
- return type;
- }
-
-
- int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
- unsigned char* buf, int* bufSz)
- {
- WOLFSSL_ENTER("wolfSSL_X509_get_signature");
- if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length)
- return SSL_FATAL_ERROR;
-
- if (buf != NULL)
- XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
- *bufSz = x509->sig.length;
-
- return SSL_SUCCESS;
- }
-
-
- /* write X509 serial number in unsigned binary to buffer
- buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
- return SSL_SUCCESS on success */
- int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, byte* in, int* inOutSz)
- {
- WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
- if (x509 == NULL || in == NULL ||
- inOutSz == NULL || *inOutSz < x509->serialSz)
- return BAD_FUNC_ARG;
-
- XMEMCPY(in, x509->serial, x509->serialSz);
- *inOutSz = x509->serialSz;
-
- return SSL_SUCCESS;
- }
-
-
- const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
- {
- WOLFSSL_ENTER("wolfSSL_X509_get_der");
-
- if (x509 == NULL || outSz == NULL)
- return NULL;
-
- *outSz = (int)x509->derCert.length;
- return x509->derCert.buffer;
- }
-
-
- int wolfSSL_X509_version(WOLFSSL_X509* x509)
- {
- WOLFSSL_ENTER("wolfSSL_X509_version");
-
- if (x509 == NULL)
- return 0;
-
- return x509->version;
- }
-
-
- const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
- {
- WOLFSSL_ENTER("wolfSSL_X509_notBefore");
-
- if (x509 == NULL)
- return NULL;
-
- return x509->notBefore;
- }
-
-
- const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
- {
- WOLFSSL_ENTER("wolfSSL_X509_notAfter");
-
- if (x509 == NULL)
- return NULL;
-
- return x509->notAfter;
- }
-
-
-#ifdef WOLFSSL_SEP
-
-/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
- malloc buffer, call responsible for freeing. Actual size returned in
- *inOutSz. Requires inOutSz be non-null */
-byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
-{
- int copySz;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
- if (inOutSz == NULL) return NULL;
- if (!x509->deviceTypeSz) return in;
-
- copySz = min(*inOutSz, x509->deviceTypeSz);
-
- if (!in) {
- in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
- if (!in) return in;
- copySz = x509->deviceTypeSz;
- }
-
- XMEMCPY(in, x509->deviceType, copySz);
- *inOutSz = copySz;
-
- return in;
-}
-
-
-byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
-{
- int copySz;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
- if (inOutSz == NULL) return NULL;
- if (!x509->hwTypeSz) return in;
-
- copySz = min(*inOutSz, x509->hwTypeSz);
-
- if (!in) {
- in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
- if (!in) return in;
- copySz = x509->hwTypeSz;
- }
-
- XMEMCPY(in, x509->hwType, copySz);
- *inOutSz = copySz;
-
- return in;
-}
-
-
-byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,int* inOutSz)
-{
- int copySz;
-
- WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
- if (inOutSz == NULL) return NULL;
- if (!x509->hwTypeSz) return in;
-
- copySz = min(*inOutSz, x509->hwSerialNumSz);
-
- if (!in) {
- in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
- if (!in) return in;
- copySz = x509->hwSerialNumSz;
- }
-
- XMEMCPY(in, x509->hwSerialNum, copySz);
- *inOutSz = copySz;
-
- return in;
-}
-
-#endif /* WOLFSSL_SEP */
-
-
-WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
-{
- WOLFSSL_X509 *newX509 = NULL;
-
- WOLFSSL_ENTER("wolfSSL_X509_d2i");
-
- if (in != NULL && len != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
- #else
- DecodedCert cert[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL)
- return NULL;
- #endif
-
- InitDecodedCert(cert, (byte*)in, len, NULL);
- if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
- newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509),
- NULL, DYNAMIC_TYPE_X509);
- if (newX509 != NULL) {
- InitX509(newX509, 1);
- if (CopyDecodedToX509(newX509, cert) != 0) {
- XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
- newX509 = NULL;
- }
- }
- }
- FreeDecodedCert(cert);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
-
- if (x509 != NULL)
- *x509 = newX509;
-
- return newX509;
-}
-
-
-#ifndef NO_FILESYSTEM
-
-#ifndef NO_STDIO_FILESYSTEM
-
-WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
-{
- WOLFSSL_X509* newX509 = NULL;
-
- WOLFSSL_ENTER("wolfSSL_X509_d2i_fp");
-
- if (file != XBADFILE) {
- byte* fileBuffer = NULL;
- long sz = 0;
-
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
-
- if (sz < 0) {
- WOLFSSL_MSG("Bad tell on FILE");
- return NULL;
- }
-
- fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
- if (fileBuffer != NULL) {
- int ret = (int)XFREAD(fileBuffer, sz, 1, file);
- if (ret > 0) {
- newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
- }
- XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
- }
- }
-
- if (x509 != NULL)
- *x509 = newX509;
-
- return newX509;
-}
-
-#endif /* NO_STDIO_FILESYSTEM */
-
-WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
-{
-#ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; /* force heap usage */
-#else
- byte staticBuffer[FILE_BUFFER_SIZE];
-#endif
- byte* fileBuffer = staticBuffer;
- int dynamic = 0;
- int ret;
- long sz = 0;
- XFILE file;
-
- WOLFSSL_X509* x509 = NULL;
- buffer der;
-
- WOLFSSL_ENTER("wolfSSL_X509_load_certificate");
-
- /* Check the inputs */
- if ((fname == NULL) ||
- (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
- return NULL;
-
- file = XFOPEN(fname, "rb");
- if (file == XBADFILE)
- return NULL;
-
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
-
- if (sz > (long)sizeof(staticBuffer)) {
- fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
- if (fileBuffer == NULL) {
- XFCLOSE(file);
- return NULL;
- }
- dynamic = 1;
- }
- else if (sz < 0) {
- XFCLOSE(file);
- return NULL;
- }
-
- ret = (int)XFREAD(fileBuffer, sz, 1, file);
- if (ret < 0) {
- XFCLOSE(file);
- if (dynamic)
- XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
- return NULL;
- }
-
- XFCLOSE(file);
-
- der.buffer = NULL;
- der.length = 0;
-
- if (format == SSL_FILETYPE_PEM) {
- int ecc = 0;
- #ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
- #else
- EncryptedInfo info[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (info == NULL) {
- if (dynamic)
- XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
-
- return NULL;
- }
- #endif
-
- info->set = 0;
- info->ctx = NULL;
- info->consumed = 0;
-
- if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0)
- {
- /* Only time this should fail, and leave `der` with a buffer
- is when the Base64 Decode fails. Release `der.buffer` in
- that case. */
- if (der.buffer != NULL) {
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
- der.buffer = NULL;
- }
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- else {
- der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
- if (der.buffer != NULL) {
- XMEMCPY(der.buffer, fileBuffer, sz);
- der.length = (word32)sz;
- }
- }
-
- if (dynamic)
- XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
-
- /* At this point we want `der` to have the certificate in DER format */
- /* ready to be decoded. */
- if (der.buffer != NULL) {
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
- #else
- DecodedCert cert[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert != NULL)
- #endif
- {
- InitDecodedCert(cert, der.buffer, der.length, NULL);
- if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
- x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- if (x509 != NULL) {
- InitX509(x509, 1);
- if (CopyDecodedToX509(x509, cert) != 0) {
- XFREE(x509, NULL, DYNAMIC_TYPE_X509);
- x509 = NULL;
- }
- }
- }
-
- FreeDecodedCert(cert);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
-
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
- }
-
- return x509;
-}
-
-#endif /* NO_FILESYSTEM */
-
-#endif /* KEEP_PEER_CERT || SESSION_CERTS */
-
-
-#ifdef OPENSSL_EXTRA
-int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
-{
-#ifdef FORTRESS
- if (ssl != NULL && idx < MAX_EX_DATA)
- {
- ssl->ex_data[idx] = data;
- return SSL_SUCCESS;
- }
-#else
- (void)ssl;
- (void)idx;
- (void)data;
-#endif
- return SSL_FAILURE;
-}
-
-
-int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
- unsigned int len)
-{
- (void)ssl;
- (void)id;
- (void)len;
- return 0;
-}
-
-
-void wolfSSL_set_connect_state(WOLFSSL* ssl)
-{
- (void)ssl;
- /* client by default */
-}
-#endif
-
-int wolfSSL_get_shutdown(const WOLFSSL* ssl)
-{
- return (ssl->options.isClosed ||
- ssl->options.connReset ||
- ssl->options.sentNotify);
-}
-
-
-int wolfSSL_session_reused(WOLFSSL* ssl)
-{
- return ssl->options.resuming;
-}
-
-#ifdef OPENSSL_EXTRA
-void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
-{
- (void)session;
-}
-#endif
-
-const char* wolfSSL_get_version(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_get_version");
- if (ssl->version.major == SSLv3_MAJOR) {
- switch (ssl->version.minor) {
- case SSLv3_MINOR :
- return "SSLv3";
- case TLSv1_MINOR :
- return "TLSv1";
- case TLSv1_1_MINOR :
- return "TLSv1.1";
- case TLSv1_2_MINOR :
- return "TLSv1.2";
- default:
- return "unknown";
- }
- }
- else if (ssl->version.major == DTLS_MAJOR) {
- switch (ssl->version.minor) {
- case DTLS_MINOR :
- return "DTLS";
- case DTLSv1_2_MINOR :
- return "DTLSv1.2";
- default:
- return "unknown";
- }
- }
- return "unknown";
-}
-
-
-/* current library version */
-const char* wolfSSL_lib_version(void)
-{
- return LIBWOLFSSL_VERSION_STRING;
-}
-
-
-/* current library version in hex */
-word32 wolfSSL_lib_version_hex(void)
-{
- return LIBWOLFSSL_VERSION_HEX;
-}
-
-
-int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_get_current_cipher_suite");
- if (ssl)
- return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
- return 0;
-}
-
-WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("SSL_get_current_cipher");
- if (ssl)
- return &ssl->cipher;
- else
- return NULL;
-}
-
-
-const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
-{
- (void)cipher;
-
- WOLFSSL_ENTER("SSL_CIPHER_get_name");
-#ifndef NO_ERROR_STRINGS
- if (cipher) {
-#if defined(HAVE_CHACHA)
- if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) {
- /* ChaCha suites */
- switch (cipher->ssl->options.cipherSuite) {
-#ifdef HAVE_CHACHA
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
- return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
-
- case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
- return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
-#endif
- case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
- return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
-#endif
- }
- }
-#endif
-
-#if defined(HAVE_ECC) || defined(HAVE_AESCCM)
- /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
- * but the AES-CCM cipher suites also use it, even the ones that
- * aren't ECC. */
- if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
- /* ECC suites */
- switch (cipher->ssl->options.cipherSuite) {
-#ifdef HAVE_ECC
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
- return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
-#endif
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
- return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
-#ifndef NO_RSA
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
- return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
-#endif
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
- return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
- return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
-#endif
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
- return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
-#ifndef NO_RSA
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
- return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
-#endif
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
- return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
-#ifndef NO_SHA
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
- return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
- return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
-#endif
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
- return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
- return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
-#ifndef NO_RC4
- #ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
- return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
- #endif
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
- return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
-#endif
-#ifndef NO_DES3
- #ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
- return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
- #endif
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
- return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
-#endif
-
-#ifndef NO_RSA
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
- return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
- return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
-#endif
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
- return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
- return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
-#ifndef NO_RC4
- #ifndef NO_RSA
- case TLS_ECDH_RSA_WITH_RC4_128_SHA :
- return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
- #endif
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
- return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
-#endif
-#ifndef NO_DES3
- #ifndef NO_RSA
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
- return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
- #endif
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
- return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
-#endif
-#endif /* NO_SHA */
-
-#ifdef HAVE_AESGCM
-#ifndef NO_RSA
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
- return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
- return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
-#endif
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
- return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
- return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
-#ifndef NO_RSA
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
- return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
- return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
-#endif
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
- return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
- return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
-#endif
-#endif /* HAVE_ECC */
-
-#ifdef HAVE_AESCCM
-#ifndef NO_RSA
- case TLS_RSA_WITH_AES_128_CCM_8 :
- return "TLS_RSA_WITH_AES_128_CCM_8";
- case TLS_RSA_WITH_AES_256_CCM_8 :
- return "TLS_RSA_WITH_AES_256_CCM_8";
-#endif
-#ifndef NO_PSK
- case TLS_PSK_WITH_AES_128_CCM_8 :
- return "TLS_PSK_WITH_AES_128_CCM_8";
- case TLS_PSK_WITH_AES_256_CCM_8 :
- return "TLS_PSK_WITH_AES_256_CCM_8";
- case TLS_PSK_WITH_AES_128_CCM :
- return "TLS_PSK_WITH_AES_128_CCM";
- case TLS_PSK_WITH_AES_256_CCM :
- return "TLS_PSK_WITH_AES_256_CCM";
- case TLS_DHE_PSK_WITH_AES_128_CCM :
- return "TLS_DHE_PSK_WITH_AES_128_CCM";
- case TLS_DHE_PSK_WITH_AES_256_CCM :
- return "TLS_DHE_PSK_WITH_AES_256_CCM";
-#endif
-#ifdef HAVE_ECC
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
- return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
- case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
- return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
-#endif
-#endif
-
- default:
- return "NONE";
- }
- }
-#endif /* ECC */
- if (cipher->ssl->options.cipherSuite0 != ECC_BYTE &&
- cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) {
-
- /* normal suites */
- switch (cipher->ssl->options.cipherSuite) {
-#ifndef NO_RSA
-#ifndef NO_RC4
- #ifndef NO_SHA
- case SSL_RSA_WITH_RC4_128_SHA :
- return "SSL_RSA_WITH_RC4_128_SHA";
- #endif
- #ifndef NO_MD5
- case SSL_RSA_WITH_RC4_128_MD5 :
- return "SSL_RSA_WITH_RC4_128_MD5";
- #endif
-#endif
-#ifndef NO_SHA
- #ifndef NO_DES3
- case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
- return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
- #endif
- case TLS_RSA_WITH_AES_128_CBC_SHA :
- return "TLS_RSA_WITH_AES_128_CBC_SHA";
- case TLS_RSA_WITH_AES_256_CBC_SHA :
- return "TLS_RSA_WITH_AES_256_CBC_SHA";
-#endif
- case TLS_RSA_WITH_AES_128_CBC_SHA256 :
- return "TLS_RSA_WITH_AES_128_CBC_SHA256";
- case TLS_RSA_WITH_AES_256_CBC_SHA256 :
- return "TLS_RSA_WITH_AES_256_CBC_SHA256";
- #ifdef HAVE_BLAKE2
- case TLS_RSA_WITH_AES_128_CBC_B2B256:
- return "TLS_RSA_WITH_AES_128_CBC_B2B256";
- case TLS_RSA_WITH_AES_256_CBC_B2B256:
- return "TLS_RSA_WITH_AES_256_CBC_B2B256";
- #endif
-#ifndef NO_SHA
- case TLS_RSA_WITH_NULL_SHA :
- return "TLS_RSA_WITH_NULL_SHA";
-#endif
- case TLS_RSA_WITH_NULL_SHA256 :
- return "TLS_RSA_WITH_NULL_SHA256";
-#endif /* NO_RSA */
-#ifndef NO_PSK
-#ifndef NO_SHA
- case TLS_PSK_WITH_AES_128_CBC_SHA :
- return "TLS_PSK_WITH_AES_128_CBC_SHA";
- case TLS_PSK_WITH_AES_256_CBC_SHA :
- return "TLS_PSK_WITH_AES_256_CBC_SHA";
-#endif
-#ifndef NO_SHA256
- case TLS_PSK_WITH_AES_128_CBC_SHA256 :
- return "TLS_PSK_WITH_AES_128_CBC_SHA256";
- case TLS_PSK_WITH_NULL_SHA256 :
- return "TLS_PSK_WITH_NULL_SHA256";
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
- return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
- case TLS_DHE_PSK_WITH_NULL_SHA256 :
- return "TLS_DHE_PSK_WITH_NULL_SHA256";
- #ifdef HAVE_AESGCM
- case TLS_PSK_WITH_AES_128_GCM_SHA256 :
- return "TLS_PSK_WITH_AES_128_GCM_SHA256";
- case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
- return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
- #endif
-#endif
-#ifdef WOLFSSL_SHA384
- case TLS_PSK_WITH_AES_256_CBC_SHA384 :
- return "TLS_PSK_WITH_AES_256_CBC_SHA384";
- case TLS_PSK_WITH_NULL_SHA384 :
- return "TLS_PSK_WITH_NULL_SHA384";
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
- return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
- case TLS_DHE_PSK_WITH_NULL_SHA384 :
- return "TLS_DHE_PSK_WITH_NULL_SHA384";
- #ifdef HAVE_AESGCM
- case TLS_PSK_WITH_AES_256_GCM_SHA384 :
- return "TLS_PSK_WITH_AES_256_GCM_SHA384";
- case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
- return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
- #endif
-#endif
-#ifndef NO_SHA
- case TLS_PSK_WITH_NULL_SHA :
- return "TLS_PSK_WITH_NULL_SHA";
-#endif
-#endif /* NO_PSK */
-#ifndef NO_RSA
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
- return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
- return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
-#ifndef NO_SHA
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
- return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
- return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
-#endif
-#ifndef NO_HC128
- #ifndef NO_MD5
- case TLS_RSA_WITH_HC_128_MD5 :
- return "TLS_RSA_WITH_HC_128_MD5";
- #endif
- #ifndef NO_SHA
- case TLS_RSA_WITH_HC_128_SHA :
- return "TLS_RSA_WITH_HC_128_SHA";
- #endif
- #ifdef HAVE_BLAKE2
- case TLS_RSA_WITH_HC_128_B2B256:
- return "TLS_RSA_WITH_HC_128_B2B256";
- #endif
-#endif /* NO_HC128 */
-#ifndef NO_SHA
- #ifndef NO_RABBIT
- case TLS_RSA_WITH_RABBIT_SHA :
- return "TLS_RSA_WITH_RABBIT_SHA";
- #endif
- #ifdef HAVE_NTRU
- #ifndef NO_RC4
- case TLS_NTRU_RSA_WITH_RC4_128_SHA :
- return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
- #endif
- #ifndef NO_DES3
- case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
- return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
- #endif
- case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
- return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
- case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
- return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
- #endif /* HAVE_NTRU */
-#endif /* NO_SHA */
- case TLS_RSA_WITH_AES_128_GCM_SHA256 :
- return "TLS_RSA_WITH_AES_128_GCM_SHA256";
- case TLS_RSA_WITH_AES_256_GCM_SHA384 :
- return "TLS_RSA_WITH_AES_256_GCM_SHA384";
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
- return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
- return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
-#ifndef NO_SHA
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
- return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
- return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
-#endif
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
- return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
- return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
-#ifndef NO_SHA
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
- return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
- return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
-#endif
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
- return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
- return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
-#endif /* NO_RSA */
-#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
- case TLS_DH_anon_WITH_AES_128_CBC_SHA :
- return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
-#endif
- default:
- return "NONE";
- } /* switch */
- } /* normal / ECC */
- }
-#endif /* NO_ERROR_STRINGS */
- return "NONE";
-}
-
-
-const char* wolfSSL_get_cipher(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("wolfSSL_get_cipher");
- return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl));
-}
-
-#ifdef OPENSSL_EXTRA
-
-
-
-char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len)
-{
- (void)cipher;
- (void)in;
- (void)len;
- return 0;
-}
-
-
-WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) /* what's ref count */
-{
- (void)ssl;
- return 0;
-}
-
-
-void wolfSSL_X509_free(WOLFSSL_X509* buf)
-{
- FreeX509(buf);
-}
-
-
-/* was do nothing */
-/*
-void OPENSSL_free(void* buf)
-{
- (void)buf;
-}
-*/
-
-
-int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
- int* ssl)
-{
- (void)url;
- (void)host;
- (void)port;
- (void)path;
- (void)ssl;
- return 0;
-}
-
-
-WOLFSSL_METHOD* wolfSSLv2_client_method(void)
-{
- return 0;
-}
-
-
-WOLFSSL_METHOD* wolfSSLv2_server_method(void)
-{
- return 0;
-}
-
-
-#ifndef NO_MD4
-
-void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
-{
- /* make sure we have a big enough buffer */
- typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
- (void) sizeof(ok);
-
- WOLFSSL_ENTER("MD4_Init");
- wc_InitMd4((Md4*)md4);
-}
-
-
-void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
- unsigned long len)
-{
- WOLFSSL_ENTER("MD4_Update");
- wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len);
-}
-
-
-void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
-{
- WOLFSSL_ENTER("MD4_Final");
- wc_Md4Final((Md4*)md4, digest);
-}
-
-#endif /* NO_MD4 */
-
-
-WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* top)
-{
- (void)top;
- return 0;
-}
-
-
-int wolfSSL_BIO_pending(WOLFSSL_BIO* bio)
-{
- (void)bio;
- return 0;
-}
-
-
-
-WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void)
-{
- static WOLFSSL_BIO_METHOD meth;
-
- WOLFSSL_ENTER("BIO_s_mem");
- meth.type = BIO_MEMORY;
-
- return &meth;
-}
-
-
-WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void)
-{
- return 0;
-}
-
-
-void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags)
-{
- (void)bio;
- (void)flags;
-}
-
-
-
-void wolfSSL_RAND_screen(void)
-{
-
-}
-
-
-const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
-{
- (void)fname;
- (void)len;
- return 0;
-}
-
-
-int wolfSSL_RAND_write_file(const char* fname)
-{
- (void)fname;
- return 0;
-}
-
-
-int wolfSSL_RAND_load_file(const char* fname, long len)
-{
- (void)fname;
- /* wolfCrypt provides enough entropy internally or will report error */
- if (len == -1)
- return 1024;
- else
- return (int)len;
-}
-
-
-int wolfSSL_RAND_egd(const char* path)
-{
- (void)path;
- return 0;
-}
-
-
-
-WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
-{
- return 0;
-}
-
-
-WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
-{
- return 0;
-}
-
-
-int wolfSSL_COMP_add_compression_method(int method, void* data)
-{
- (void)method;
- (void)data;
- return 0;
-}
-
-
-
-int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
- void* cb3)
-{
- (void)idx;
- (void)data;
- (void)cb1;
- (void)cb2;
- (void)cb3;
- return 0;
-}
-
-
-void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
- const char*, int))
-{
- (void)f;
-}
-
-
-void wolfSSL_set_dynlock_lock_callback(
- void (*f)(int, WOLFSSL_dynlock_value*, const char*, int))
-{
- (void)f;
-}
-
-
-void wolfSSL_set_dynlock_destroy_callback(
- void (*f)(WOLFSSL_dynlock_value*, const char*, int))
-{
- (void)f;
-}
-
-
-
-const char* wolfSSL_X509_verify_cert_error_string(long err)
-{
- (void)err;
- return 0;
-}
-
-
-
-int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
- long len)
-{
- (void)lookup;
- (void)dir;
- (void)len;
- return 0;
-}
-
-
-int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
- const char* file, long len)
-{
- (void)lookup;
- (void)file;
- (void)len;
- return 0;
-}
-
-
-WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void)
-{
- return 0;
-}
-
-
-WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
-{
- return 0;
-}
-
-
-
-WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
- WOLFSSL_X509_LOOKUP_METHOD* m)
-{
- (void)store;
- (void)m;
- return 0;
-}
-
-
-int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
-{
- int result = SSL_FATAL_ERROR;
-
- WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
- if (store != NULL && store->cm != NULL && x509 != NULL) {
- buffer derCert;
- derCert.buffer = (byte*)XMALLOC(x509->derCert.length,
- NULL, DYNAMIC_TYPE_CERT);
- if (derCert.buffer != NULL) {
- derCert.length = x509->derCert.length;
- /* AddCA() frees the buffer. */
- XMEMCPY(derCert.buffer,
- x509->derCert.buffer, x509->derCert.length);
- result = AddCA(store->cm, derCert, WOLFSSL_USER_CA, 1);
- if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR;
- }
- }
-
- WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_cert", result);
- return result;
-}
-
-
-WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
-{
- WOLFSSL_X509_STORE* store = NULL;
-
- store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, 0);
- if (store != NULL) {
- store->cm = wolfSSL_CertManagerNew();
- if (store->cm == NULL) {
- XFREE(store, NULL, 0);
- store = NULL;
- }
- }
-
- return store;
-}
-
-
-void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
-{
- if (store != NULL) {
- if (store->cm != NULL)
- wolfSSL_CertManagerFree(store->cm);
- XFREE(store, NULL, 0);
- }
-}
-
-
-int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
-{
- (void)store;
- return SSL_SUCCESS;
-}
-
-
-int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
- WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj)
-{
- (void)ctx;
- (void)idx;
- (void)name;
- (void)obj;
- return 0;
-}
-
-
-WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
-{
- WOLFSSL_X509_STORE_CTX* ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
- sizeof(WOLFSSL_X509_STORE_CTX), NULL, 0);
-
- if (ctx != NULL)
- wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
-
- return ctx;
-}
-
-
-int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
- WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
-{
- (void)sk;
- if (ctx != NULL) {
- ctx->store = store;
- ctx->current_cert = x509;
- ctx->domain = NULL;
- ctx->ex_data = NULL;
- ctx->userCtx = NULL;
- ctx->error = 0;
- ctx->error_depth = 0;
- ctx->discardSessionCerts = 0;
- return SSL_SUCCESS;
- }
- return SSL_FATAL_ERROR;
-}
-
-
-void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
-{
- if (ctx != NULL) {
- if (ctx->store != NULL)
- wolfSSL_X509_STORE_free(ctx->store);
- if (ctx->current_cert != NULL)
- wolfSSL_FreeX509(ctx->current_cert);
- XFREE(ctx, NULL, 0);
- }
-}
-
-
-void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
-{
- (void)ctx;
-}
-
-
-int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
-{
- if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
- && ctx->current_cert != NULL) {
- return wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
- ctx->current_cert->derCert.buffer,
- ctx->current_cert->derCert.length,
- SSL_FILETYPE_ASN1);
- }
- return SSL_FATAL_ERROR;
-}
-
-
-WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
-{
- (void)crl;
- return 0;
-}
-
-
-WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
-{
- (void)crl;
- return 0;
-}
-
-
-
-WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
-{
- WOLFSSL_EVP_PKEY* key = NULL;
- if (x509 != NULL) {
- key = (WOLFSSL_EVP_PKEY*)XMALLOC(
- sizeof(WOLFSSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- if (key != NULL) {
- key->type = x509->pubKeyOID;
- key->save_type = 0;
- key->pkey.ptr = (char*)XMALLOC(
- x509->pubKey.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- if (key->pkey.ptr == NULL) {
- XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- return NULL;
- }
- XMEMCPY(key->pkey.ptr,
- x509->pubKey.buffer, x509->pubKey.length);
- key->pkey_sz = x509->pubKey.length;
- #ifdef HAVE_ECC
- key->pkey_curve = (int)x509->pkCurveOID;
- #endif /* HAVE_ECC */
- }
- }
- return key;
-}
-
-
-int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)
-{
- (void)crl;
- (void)key;
- return 0;
-}
-
-
-void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int err)
-{
- (void)ctx;
- (void)err;
-}
-
-
-void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
-{
- (void)obj;
-}
-
-
-void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
-{
- if (key != NULL) {
- if (key->pkey.ptr != NULL)
- XFREE(key->pkey.ptr, NULL, 0);
- XFREE(key, NULL, 0);
- }
-}
-
-
-int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
-{
- (void)asnTime;
- return 0;
-}
-
-
-int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked)
-{
- (void)revoked;
- return 0;
-}
-
-
-
-WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
-{
- (void)crl;
- return 0;
-}
-
-
-WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
- WOLFSSL_X509_REVOKED* revoked, int value)
-{
- (void)revoked;
- (void)value;
- return 0;
-}
-
-
-
-WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
-{
- (void)x509;
- return 0;
-}
-
-
-int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
-{
- (void)bio;
- (void)asnTime;
- return 0;
-}
-
-
-
-int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
- const WOLFSSL_ASN1_INTEGER* b)
-{
- (void)a;
- (void)b;
- return 0;
-}
-
-
-long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
-{
- (void)i;
- return 0;
-}
-
-
-
-void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
-{
-#ifdef FORTRESS
- if (ctx != NULL && idx == 0)
- return ctx->ex_data;
-#else
- (void)ctx;
- (void)idx;
-#endif
- return 0;
-}
-
-
-int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
-{
- return 0;
-}
-
-
-void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
-{
-#ifdef FORTRESS
- if (ssl != NULL && idx < MAX_EX_DATA)
- return ssl->ex_data[idx];
-#else
- (void)ssl;
- (void)idx;
-#endif
- return 0;
-}
-
-
-void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(void))
-{
- (void)ctx;
- (void)f;
-}
-
-
-unsigned long wolfSSL_ERR_peek_error(void)
-{
- return 0;
-}
-
-
-int wolfSSL_ERR_GET_REASON(int err)
-{
- (void)err;
- return 0;
-}
-
-
-char* wolfSSL_alert_type_string_long(int alertID)
-{
- (void)alertID;
- return 0;
-}
-
-
-char* wolfSSL_alert_desc_string_long(int alertID)
-{
- (void)alertID;
- return 0;
-}
-
-
-char* wolfSSL_state_string_long(WOLFSSL* ssl)
-{
- (void)ssl;
- return 0;
-}
-
-
-int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
-{
- (void)name;
- (void)num;
- (void)w;
- (void)key;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-
-long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
-{
- (void)ctx;
- return 0;
-}
-
-#ifndef NO_DES3
-
-void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
- WOLFSSL_DES_key_schedule* key)
-{
- (void)myDes;
- (void)key;
-}
-
-
-void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
-{
- (void)myDes;
-}
-
-
-void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
- WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int len)
-{
- (void)desa;
- (void)desb;
- (void)key;
- (void)len;
-}
-
-#endif /* NO_DES3 */
-
-int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
-{
- (void)bio;
- (void)format;
- return 0;
-}
-
-
-int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
-{
- (void)bio;
- (void)a;
- return 0;
-}
-
-
-int wolfSSL_sk_num(WOLFSSL_X509_REVOKED* rev)
-{
- (void)rev;
- return 0;
-}
-
-
-void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i)
-{
- (void)rev;
- (void)i;
- return 0;
-}
-
-
-/* stunnel 4.28 needs */
-void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int d)
-{
- (void)ctx;
- (void)d;
- return 0;
-}
-
-
-int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int d, void* p)
-{
- (void)ctx;
- (void)d;
- (void)p;
- return SSL_SUCCESS;
-}
-
-
-void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
- WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
-{
- (void)ctx;
- (void)f;
-}
-
-
-void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
- int (*f)(WOLFSSL*, WOLFSSL_SESSION*))
-{
- (void)ctx;
- (void)f;
-}
-
-
-void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
- WOLFSSL_SESSION*))
-{
- (void)ctx;
- (void)f;
-}
-
-
-int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
-{
- (void)sess;
- (void)p;
- return sizeof(WOLFSSL_SESSION);
-}
-
-
-WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
- const unsigned char** p, long i)
-{
- (void)p;
- (void)i;
- if (sess)
- return *sess;
- return NULL;
-}
-
-
-long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
-{
- WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout");
- return sess->timeout;
-}
-
-
-long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
-{
- WOLFSSL_ENTER("wolfSSL_SESSION_get_time");
- return sess->bornOn;
-}
-
-
-int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
- void* c)
-{
- (void)idx;
- (void)arg;
- (void)a;
- (void)b;
- (void)c;
- return 0;
-}
-
-#endif /* OPENSSL_EXTRA */
-
-
-#ifdef KEEP_PEER_CERT
-char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509* x509)
-{
- if (x509 == NULL)
- return NULL;
-
- return x509->subjectCN;
-}
-#endif /* KEEP_PEER_CERT */
-
-#ifdef OPENSSL_EXTRA
-
-#ifdef FORTRESS
-int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
-{
- int ret = SSL_FATAL_ERROR;
-
- WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
- if (ssl != NULL && fname != NULL)
- {
- #ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
- byte staticBuffer[1]; /* force heap usage */
- #else
- EncryptedInfo info[1];
- byte staticBuffer[FILE_BUFFER_SIZE];
- #endif
- byte* myBuffer = staticBuffer;
- int dynamic = 0;
- XFILE file = XBADFILE;
- long sz = 0;
- int eccKey = 0;
- WOLFSSL_CTX* ctx = ssl->ctx;
- WOLFSSL_X509* peer_cert = &ssl->peerCert;
- buffer fileDer;
-
- file = XFOPEN(fname, "rb");
- if (file == XBADFILE)
- return SSL_BAD_FILE;
-
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
-
- if (sz > (long)sizeof(staticBuffer)) {
- WOLFSSL_MSG("Getting dynamic buffer");
- myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
- dynamic = 1;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (info == NULL)
- ret = MEMORY_E;
- else
- #endif
- {
- info->set = 0;
- info->ctx = ctx;
- info->consumed = 0;
- fileDer.buffer = 0;
-
- if ((myBuffer != NULL) &&
- (sz > 0) &&
- (XFREAD(myBuffer, sz, 1, file) > 0) &&
- (PemToDer(myBuffer, sz, CERT_TYPE,
- &fileDer, ctx->heap, info, &eccKey) == 0) &&
- (fileDer.length != 0) &&
- (fileDer.length == peer_cert->derCert.length) &&
- (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
- fileDer.length) == 0))
- {
- ret = 0;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
-
- XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
- if (dynamic)
- XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
-
- XFCLOSE(file);
- }
-
- return ret;
-}
-#endif
-
-
-static RNG globalRNG;
-static int initGlobalRNG = 0;
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_RAND_seed(const void* seed, int len)
-{
-
- WOLFSSL_MSG("wolfSSL_RAND_seed");
-
- (void)seed;
- (void)len;
-
- if (initGlobalRNG == 0) {
- if (wc_InitRng(&globalRNG) < 0) {
- WOLFSSL_MSG("wolfSSL Init Global RNG failed");
- return 0;
- }
- initGlobalRNG = 1;
- }
-
- return SSL_SUCCESS;
-}
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_RAND_bytes(unsigned char* buf, int num)
-{
- int ret = 0;
- int initTmpRng = 0;
- RNG* rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
-#else
- RNG tmpRNG[1];
-#endif
-
- WOLFSSL_ENTER("RAND_bytes");
-
-#ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmpRNG == NULL)
- return ret;
-#endif
-
- if (wc_InitRng(tmpRNG) == 0) {
- rng = tmpRNG;
- initTmpRng = 1;
- }
- else if (initGlobalRNG)
- rng = &globalRNG;
-
- if (rng) {
- if (wc_RNG_GenerateBlock(rng, buf, num) != 0)
- WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
- else
- ret = SSL_SUCCESS;
- }
-
- if (initTmpRng)
- wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
-{
- static int ctx; /* wolfcrypt doesn't now need ctx */
-
- WOLFSSL_MSG("wolfSSL_BN_CTX_new");
-
- return (WOLFSSL_BN_CTX*)&ctx;
-}
-
-void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
-{
- (void)ctx;
- WOLFSSL_MSG("wolfSSL_BN_CTX_init");
-}
-
-
-void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
-{
- (void)ctx;
- WOLFSSL_MSG("wolfSSL_BN_CTX_free");
-
- /* do free since static ctx that does nothing */
-}
-
-
-static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("InitwolfSSL_BigNum");
- if (bn) {
- bn->neg = 0;
- bn->internal = NULL;
- }
-}
-
-
-WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
-{
- WOLFSSL_BIGNUM* external;
- mp_int* mpi;
-
- WOLFSSL_MSG("wolfSSL_BN_new");
-
- mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (mpi == NULL) {
- WOLFSSL_MSG("wolfSSL_BN_new malloc mpi failure");
- return NULL;
- }
-
- external = (WOLFSSL_BIGNUM*) XMALLOC(sizeof(WOLFSSL_BIGNUM), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (external == NULL) {
- WOLFSSL_MSG("wolfSSL_BN_new malloc WOLFSSL_BIGNUM failure");
- XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
- return NULL;
- }
-
- InitwolfSSL_BigNum(external);
- external->internal = mpi;
- if (mp_init(mpi) != MP_OKAY) {
- wolfSSL_BN_free(external);
- return NULL;
- }
-
- return external;
-}
-
-
-void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("wolfSSL_BN_free");
- if (bn) {
- if (bn->internal) {
- mp_clear((mp_int*)bn->internal);
- XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
- bn->internal = NULL;
- }
- XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
- }
-}
-
-
-void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("wolfSSL_BN_clear_free");
-
- wolfSSL_BN_free(bn);
-}
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
- const WOLFSSL_BIGNUM* b)
-{
- WOLFSSL_MSG("wolfSSL_BN_sub");
-
- if (r == NULL || a == NULL || b == NULL)
- return 0;
-
- if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
- (mp_int*)r->internal) == MP_OKAY)
- return SSL_SUCCESS;
-
- WOLFSSL_MSG("wolfSSL_BN_sub mp_sub failed");
- return 0;
-}
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
- const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c)
-{
- (void)c;
- WOLFSSL_MSG("wolfSSL_BN_mod");
-
- if (r == NULL || a == NULL || b == NULL)
- return 0;
-
- if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
- (mp_int*)r->internal) == MP_OKAY)
- return SSL_SUCCESS;
-
- WOLFSSL_MSG("wolfSSL_BN_mod mp_mod failed");
- return 0;
-}
-
-
-const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
-{
- static WOLFSSL_BIGNUM* bn_one = NULL;
-
- WOLFSSL_MSG("wolfSSL_BN_value_one");
-
- if (bn_one == NULL) {
- bn_one = wolfSSL_BN_new();
- if (bn_one)
- mp_set_int((mp_int*)bn_one->internal, 1);
- }
-
- return bn_one;
-}
-
-
-int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("wolfSSL_BN_num_bytes");
-
- if (bn == NULL || bn->internal == NULL)
- return 0;
-
- return mp_unsigned_bin_size((mp_int*)bn->internal);
-}
-
-
-int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("wolfSSL_BN_num_bits");
-
- if (bn == NULL || bn->internal == NULL)
- return 0;
-
- return mp_count_bits((mp_int*)bn->internal);
-}
-
-
-int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("wolfSSL_BN_is_zero");
-
- if (bn == NULL || bn->internal == NULL)
- return 0;
-
- return mp_iszero((mp_int*)bn->internal);
-}
-
-
-int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("wolfSSL_BN_is_one");
-
- if (bn == NULL || bn->internal == NULL)
- return 0;
-
- if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
- return 1;
-
- return 0;
-}
-
-
-int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_MSG("wolfSSL_BN_is_odd");
-
- if (bn == NULL || bn->internal == NULL)
- return 0;
-
- return mp_isodd((mp_int*)bn->internal);
-}
-
-
-int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
-{
- WOLFSSL_MSG("wolfSSL_BN_cmp");
-
- if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
- return 0;
-
- return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
-}
-
-
-int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
-{
- WOLFSSL_MSG("wolfSSL_BN_bn2bin");
-
- if (bn == NULL || bn->internal == NULL) {
- WOLFSSL_MSG("NULL bn error");
- return SSL_FATAL_ERROR;
- }
-
- if (r == NULL)
- return mp_unsigned_bin_size((mp_int*)bn->internal);
-
- if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
- WOLFSSL_MSG("mp_to_unsigned_bin error");
- return SSL_FATAL_ERROR;
- }
-
- return mp_unsigned_bin_size((mp_int*)bn->internal);
-}
-
-
-WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
- WOLFSSL_BIGNUM* ret)
-{
- WOLFSSL_MSG("wolfSSL_BN_bin2bn");
-
- if (ret && ret->internal) {
- if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
- WOLFSSL_MSG("mp_read_unsigned_bin failure");
- return NULL;
- }
- }
- else {
- WOLFSSL_MSG("wolfSSL_BN_bin2bn wants return bignum");
- }
-
- return ret;
-}
-
-
-int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
-{
- (void)bn;
- (void)n;
- WOLFSSL_MSG("wolfSSL_BN_mask_bits");
-
- return SSL_FATAL_ERROR;
-}
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
-{
- int ret = 0;
- int len = bits / 8;
- int initTmpRng = 0;
- RNG* rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
- byte* buff = NULL;
-#else
- RNG tmpRNG[1];
- byte buff[1024];
-#endif
-
- (void)top;
- (void)bottom;
- WOLFSSL_MSG("wolfSSL_BN_rand");
-
- if (bits % 8)
- len++;
-
-#ifdef WOLFSSL_SMALL_STACK
- buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buff == NULL || tmpRNG == NULL) {
- XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
-#endif
-
- if (bn == NULL || bn->internal == NULL)
- WOLFSSL_MSG("Bad function arguments");
- else if (wc_InitRng(tmpRNG) == 0) {
- rng = tmpRNG;
- initTmpRng = 1;
- }
- else if (initGlobalRNG)
- rng = &globalRNG;
-
- if (rng) {
- if (wc_RNG_GenerateBlock(rng, buff, len) != 0)
- WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
- else {
- buff[0] |= 0x80 | 0x40;
- buff[len-1] |= 0x01;
-
- if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
- WOLFSSL_MSG("mp read bin failed");
- else
- ret = SSL_SUCCESS;
- }
- }
-
- if (initTmpRng)
- wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
-{
- (void)bn;
- (void)n;
-
- WOLFSSL_MSG("wolfSSL_BN_is_bit_set");
-
- return 0;
-}
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str)
-{
- int ret = 0;
- word32 decSz = 1024;
-#ifdef WOLFSSL_SMALL_STACK
- byte* decoded = NULL;
-#else
- byte decoded[1024];
-#endif
-
- WOLFSSL_MSG("wolfSSL_BN_hex2bn");
-
-#ifdef WOLFSSL_SMALL_STACK
- decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL)
- return ret;
-#endif
-
- if (str == NULL)
- WOLFSSL_MSG("Bad function argument");
- else if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0)
- WOLFSSL_MSG("Bad Base16_Decode error");
- else if (bn == NULL)
- ret = decSz;
- else {
- if (*bn == NULL)
- *bn = wolfSSL_BN_new();
-
- if (*bn == NULL)
- WOLFSSL_MSG("BN new failed");
- else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL)
- WOLFSSL_MSG("Bad bin2bn error");
- else
- ret = SSL_SUCCESS;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
-{
- WOLFSSL_BIGNUM* ret;
-
- WOLFSSL_MSG("wolfSSL_BN_dup");
-
- if (bn == NULL || bn->internal == NULL) {
- WOLFSSL_MSG("bn NULL error");
- return NULL;
- }
-
- ret = wolfSSL_BN_new();
- if (ret == NULL) {
- WOLFSSL_MSG("bn new error");
- return NULL;
- }
-
- if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
- WOLFSSL_MSG("mp_copy error");
- wolfSSL_BN_free(ret);
- return NULL;
- }
-
- return ret;
-}
-
-
-WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
-{
- (void)r;
- (void)bn;
-
- WOLFSSL_MSG("wolfSSL_BN_copy");
-
- return NULL;
-}
-
-
-int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, unsigned long w)
-{
- (void)bn;
- (void)w;
-
- WOLFSSL_MSG("wolfSSL_BN_set_word");
-
- return SSL_FATAL_ERROR;
-}
-
-
-int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
-{
- (void)bn;
- (void)str;
-
- WOLFSSL_MSG("wolfSSL_BN_dec2bn");
-
- return SSL_FATAL_ERROR;
-}
-
-
-char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
-{
- (void)bn;
-
- WOLFSSL_MSG("wolfSSL_BN_bn2dec");
-
- return NULL;
-}
-
-
-#ifndef NO_DH
-
-static void InitwolfSSL_DH(WOLFSSL_DH* dh)
-{
- if (dh) {
- dh->p = NULL;
- dh->g = NULL;
- dh->pub_key = NULL;
- dh->priv_key = NULL;
- dh->internal = NULL;
- dh->inSet = 0;
- dh->exSet = 0;
- }
-}
-
-
-WOLFSSL_DH* wolfSSL_DH_new(void)
-{
- WOLFSSL_DH* external;
- DhKey* key;
-
- WOLFSSL_MSG("wolfSSL_DH_new");
-
- key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_DH_new malloc DhKey failure");
- return NULL;
- }
-
- external = (WOLFSSL_DH*) XMALLOC(sizeof(WOLFSSL_DH), NULL,
- DYNAMIC_TYPE_DH);
- if (external == NULL) {
- WOLFSSL_MSG("wolfSSL_DH_new malloc WOLFSSL_DH failure");
- XFREE(key, NULL, DYNAMIC_TYPE_DH);
- return NULL;
- }
-
- InitwolfSSL_DH(external);
- wc_InitDhKey(key);
- external->internal = key;
-
- return external;
-}
-
-
-void wolfSSL_DH_free(WOLFSSL_DH* dh)
-{
- WOLFSSL_MSG("wolfSSL_DH_free");
-
- if (dh) {
- if (dh->internal) {
- wc_FreeDhKey((DhKey*)dh->internal);
- XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
- dh->internal = NULL;
- }
- wolfSSL_BN_free(dh->priv_key);
- wolfSSL_BN_free(dh->pub_key);
- wolfSSL_BN_free(dh->g);
- wolfSSL_BN_free(dh->p);
- InitwolfSSL_DH(dh); /* set back to NULLs for safety */
-
- XFREE(dh, NULL, DYNAMIC_TYPE_DH);
- }
-}
-
-
-static int SetDhInternal(WOLFSSL_DH* dh)
-{
- int ret = SSL_FATAL_ERROR;
- int pSz = 1024;
- int gSz = 1024;
-#ifdef WOLFSSL_SMALL_STACK
- unsigned char* p = NULL;
- unsigned char* g = NULL;
-#else
- unsigned char p[1024];
- unsigned char g[1024];
-#endif
-
- WOLFSSL_ENTER("SetDhInternal");
-
- if (dh == NULL || dh->p == NULL || dh->g == NULL)
- WOLFSSL_MSG("Bad function arguments");
- else if (wolfSSL_BN_bn2bin(dh->p, NULL) > pSz)
- WOLFSSL_MSG("Bad p internal size");
- else if (wolfSSL_BN_bn2bin(dh->g, NULL) > gSz)
- WOLFSSL_MSG("Bad g internal size");
- else {
- #ifdef WOLFSSL_SMALL_STACK
- p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (p == NULL || g == NULL) {
- XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
-
- pSz = wolfSSL_BN_bn2bin(dh->p, p);
- gSz = wolfSSL_BN_bn2bin(dh->g, g);
-
- if (pSz <= 0 || gSz <= 0)
- WOLFSSL_MSG("Bad BN2bin set");
- else if (wc_DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0)
- WOLFSSL_MSG("Bad DH SetKey");
- else {
- dh->inSet = 1;
- ret = 0;
- }
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
-
-
- return ret;
-}
-
-
-int wolfSSL_DH_size(WOLFSSL_DH* dh)
-{
- WOLFSSL_MSG("wolfSSL_DH_size");
-
- if (dh == NULL)
- return 0;
-
- return wolfSSL_BN_num_bytes(dh->p);
-}
-
-
-/* return SSL_SUCCESS on ok, else 0 */
-int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
-{
- int ret = 0;
- word32 pubSz = 768;
- word32 privSz = 768;
- int initTmpRng = 0;
- RNG* rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
- unsigned char* pub = NULL;
- unsigned char* priv = NULL;
- RNG* tmpRNG = NULL;
-#else
- unsigned char pub [768];
- unsigned char priv[768];
- RNG tmpRNG[1];
-#endif
-
- WOLFSSL_MSG("wolfSSL_DH_generate_key");
-
-#ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (tmpRNG == NULL || pub == NULL || priv == NULL) {
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
-#endif
-
- if (dh == NULL || dh->p == NULL || dh->g == NULL)
- WOLFSSL_MSG("Bad function arguments");
- else if (dh->inSet == 0 && SetDhInternal(dh) < 0)
- WOLFSSL_MSG("Bad DH set internal");
- else if (wc_InitRng(tmpRNG) == 0) {
- rng = tmpRNG;
- initTmpRng = 1;
- }
- else {
- WOLFSSL_MSG("Bad RNG Init, trying global");
- if (initGlobalRNG == 0)
- WOLFSSL_MSG("Global RNG no Init");
- else
- rng = &globalRNG;
- }
-
- if (rng) {
- if (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
- pub, &pubSz) < 0)
- WOLFSSL_MSG("Bad wc_DhGenerateKeyPair");
- else {
- if (dh->pub_key)
- wolfSSL_BN_free(dh->pub_key);
-
- dh->pub_key = wolfSSL_BN_new();
- if (dh->pub_key == NULL) {
- WOLFSSL_MSG("Bad DH new pub");
- }
- if (dh->priv_key)
- wolfSSL_BN_free(dh->priv_key);
-
- dh->priv_key = wolfSSL_BN_new();
-
- if (dh->priv_key == NULL) {
- WOLFSSL_MSG("Bad DH new priv");
- }
-
- if (dh->pub_key && dh->priv_key) {
- if (wolfSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL)
- WOLFSSL_MSG("Bad DH bn2bin error pub");
- else if (wolfSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL)
- WOLFSSL_MSG("Bad DH bn2bin error priv");
- else
- ret = SSL_SUCCESS;
- }
- }
- }
-
- if (initTmpRng)
- wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* return key size on ok, 0 otherwise */
-int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
- WOLFSSL_DH* dh)
-{
- int ret = 0;
- word32 keySz = 0;
- word32 pubSz = 1024;
- word32 privSz = 1024;
-#ifdef WOLFSSL_SMALL_STACK
- unsigned char* pub = NULL;
- unsigned char* priv = NULL;
-#else
- unsigned char pub [1024];
- unsigned char priv[1024];
-#endif
-
- WOLFSSL_MSG("wolfSSL_DH_compute_key");
-
-#ifdef WOLFSSL_SMALL_STACK
- pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- return ret;
-
- priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL) {
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
-#endif
-
- if (dh == NULL || dh->priv_key == NULL || otherPub == NULL)
- WOLFSSL_MSG("Bad function arguments");
- else if ((keySz = (word32)DH_size(dh)) == 0)
- WOLFSSL_MSG("Bad DH_size");
- else if (wolfSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz)
- WOLFSSL_MSG("Bad priv internal size");
- else if (wolfSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz)
- WOLFSSL_MSG("Bad otherPub size");
- else {
- privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
- pubSz = wolfSSL_BN_bn2bin(otherPub, pub);
-
- if (privSz <= 0 || pubSz <= 0)
- WOLFSSL_MSG("Bad BN2bin set");
- else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
- pubSz) < 0)
- WOLFSSL_MSG("wc_DhAgree failed");
- else
- ret = (int)keySz;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-#endif /* NO_DH */
-
-
-#ifndef NO_DSA
-static void InitwolfSSL_DSA(WOLFSSL_DSA* dsa)
-{
- if (dsa) {
- dsa->p = NULL;
- dsa->q = NULL;
- dsa->g = NULL;
- dsa->pub_key = NULL;
- dsa->priv_key = NULL;
- dsa->internal = NULL;
- dsa->inSet = 0;
- dsa->exSet = 0;
- }
-}
-
-
-WOLFSSL_DSA* wolfSSL_DSA_new(void)
-{
- WOLFSSL_DSA* external;
- DsaKey* key;
-
- WOLFSSL_MSG("wolfSSL_DSA_new");
-
- key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_DSA_new malloc DsaKey failure");
- return NULL;
- }
-
- external = (WOLFSSL_DSA*) XMALLOC(sizeof(WOLFSSL_DSA), NULL,
- DYNAMIC_TYPE_DSA);
- if (external == NULL) {
- WOLFSSL_MSG("wolfSSL_DSA_new malloc WOLFSSL_DSA failure");
- XFREE(key, NULL, DYNAMIC_TYPE_DSA);
- return NULL;
- }
-
- InitwolfSSL_DSA(external);
- InitDsaKey(key);
- external->internal = key;
-
- return external;
-}
-
-
-void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
-{
- WOLFSSL_MSG("wolfSSL_DSA_free");
-
- if (dsa) {
- if (dsa->internal) {
- FreeDsaKey((DsaKey*)dsa->internal);
- XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
- dsa->internal = NULL;
- }
- wolfSSL_BN_free(dsa->priv_key);
- wolfSSL_BN_free(dsa->pub_key);
- wolfSSL_BN_free(dsa->g);
- wolfSSL_BN_free(dsa->q);
- wolfSSL_BN_free(dsa->p);
- InitwolfSSL_DSA(dsa); /* set back to NULLs for safety */
-
- XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
- }
-}
-
-
-int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
-{
- (void)dsa;
-
- WOLFSSL_MSG("wolfSSL_DSA_generate_key");
-
- return 0; /* key gen not needed by server */
-}
-
-
-int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
- unsigned char* seed, int seedLen, int* counterRet,
- unsigned long* hRet, void* cb)
-{
- (void)dsa;
- (void)bits;
- (void)seed;
- (void)seedLen;
- (void)counterRet;
- (void)hRet;
- (void)cb;
-
- WOLFSSL_MSG("wolfSSL_DSA_generate_parameters_ex");
-
- return 0; /* key gen not needed by server */
-}
-#endif /* NO_DSA */
-
-#ifndef NO_RSA
-static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa)
-{
- if (rsa) {
- rsa->n = NULL;
- rsa->e = NULL;
- rsa->d = NULL;
- rsa->p = NULL;
- rsa->q = NULL;
- rsa->dmp1 = NULL;
- rsa->dmq1 = NULL;
- rsa->iqmp = NULL;
- rsa->internal = NULL;
- rsa->inSet = 0;
- rsa->exSet = 0;
- }
-}
-
-
-WOLFSSL_RSA* wolfSSL_RSA_new(void)
-{
- WOLFSSL_RSA* external;
- RsaKey* key;
-
- WOLFSSL_MSG("wolfSSL_RSA_new");
-
- key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_RSA_new malloc RsaKey failure");
- return NULL;
- }
-
- external = (WOLFSSL_RSA*) XMALLOC(sizeof(WOLFSSL_RSA), NULL,
- DYNAMIC_TYPE_RSA);
- if (external == NULL) {
- WOLFSSL_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure");
- XFREE(key, NULL, DYNAMIC_TYPE_RSA);
- return NULL;
- }
-
- InitwolfSSL_Rsa(external);
- if (wc_InitRsaKey(key, NULL) != 0) {
- WOLFSSL_MSG("InitRsaKey WOLFSSL_RSA failure");
- XFREE(external, NULL, DYNAMIC_TYPE_RSA);
- XFREE(key, NULL, DYNAMIC_TYPE_RSA);
- return NULL;
- }
- external->internal = key;
-
- return external;
-}
-
-
-void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
-{
- WOLFSSL_MSG("wolfSSL_RSA_free");
-
- if (rsa) {
- if (rsa->internal) {
- wc_FreeRsaKey((RsaKey*)rsa->internal);
- XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
- rsa->internal = NULL;
- }
- wolfSSL_BN_free(rsa->iqmp);
- wolfSSL_BN_free(rsa->dmq1);
- wolfSSL_BN_free(rsa->dmp1);
- wolfSSL_BN_free(rsa->q);
- wolfSSL_BN_free(rsa->p);
- wolfSSL_BN_free(rsa->d);
- wolfSSL_BN_free(rsa->e);
- wolfSSL_BN_free(rsa->n);
- InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */
-
- XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
- }
-}
-#endif /* NO_RSA */
-
-
-#if !defined(NO_RSA) || !defined(NO_DSA)
-static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
-{
- WOLFSSL_MSG("Entering SetIndividualExternal");
-
- if (mpi == NULL) {
- WOLFSSL_MSG("mpi NULL error");
- return SSL_FATAL_ERROR;
- }
-
- if (*bn == NULL) {
- *bn = wolfSSL_BN_new();
- if (*bn == NULL) {
- WOLFSSL_MSG("SetIndividualExternal alloc failed");
- return SSL_FATAL_ERROR;
- }
- }
-
- if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
- WOLFSSL_MSG("mp_copy error");
- return SSL_FATAL_ERROR;
- }
-
- return 0;
-}
-#endif /* !NO_RSA && !NO_DSA */
-
-
-#ifndef NO_DSA
-static int SetDsaExternal(WOLFSSL_DSA* dsa)
-{
- DsaKey* key;
- WOLFSSL_MSG("Entering SetDsaExternal");
-
- if (dsa == NULL || dsa->internal == NULL) {
- WOLFSSL_MSG("dsa key NULL error");
- return SSL_FATAL_ERROR;
- }
-
- key = (DsaKey*)dsa->internal;
-
- if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
- WOLFSSL_MSG("dsa p key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
- WOLFSSL_MSG("dsa q key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
- WOLFSSL_MSG("dsa g key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
- WOLFSSL_MSG("dsa y key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
- WOLFSSL_MSG("dsa x key error");
- return SSL_FATAL_ERROR;
- }
-
- dsa->exSet = 1;
-
- return 0;
-}
-#endif /* NO_DSA */
-
-
-#ifndef NO_RSA
-static int SetRsaExternal(WOLFSSL_RSA* rsa)
-{
- RsaKey* key;
- WOLFSSL_MSG("Entering SetRsaExternal");
-
- if (rsa == NULL || rsa->internal == NULL) {
- WOLFSSL_MSG("rsa key NULL error");
- return SSL_FATAL_ERROR;
- }
-
- key = (RsaKey*)rsa->internal;
-
- if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
- WOLFSSL_MSG("rsa n key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
- WOLFSSL_MSG("rsa e key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
- WOLFSSL_MSG("rsa d key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
- WOLFSSL_MSG("rsa p key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
- WOLFSSL_MSG("rsa q key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
- WOLFSSL_MSG("rsa dP key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
- WOLFSSL_MSG("rsa dQ key error");
- return SSL_FATAL_ERROR;
- }
-
- if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
- WOLFSSL_MSG("rsa u key error");
- return SSL_FATAL_ERROR;
- }
-
- rsa->exSet = 1;
-
- return 0;
-}
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
- void* cb)
-{
- int ret = SSL_FATAL_ERROR;
-
- WOLFSSL_MSG("wolfSSL_RSA_generate_key_ex");
-
- (void)rsa;
- (void)bits;
- (void)cb;
- (void)bn;
-
-#ifdef WOLFSSL_KEY_GEN
- {
- #ifdef WOLFSSL_SMALL_STACK
- RNG* rng = NULL;
- #else
- RNG rng[1];
- #endif
-
- #ifdef WOLFSSL_SMALL_STACK
- rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (rng == NULL)
- return SSL_FATAL_ERROR;
- #endif
-
- if (wc_InitRng(rng) < 0)
- WOLFSSL_MSG("RNG init failed");
- else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, rng) < 0)
- WOLFSSL_MSG("wc_MakeRsaKey failed");
- else if (SetRsaExternal(rsa) < 0)
- WOLFSSL_MSG("SetRsaExternal failed");
- else {
- rsa->inSet = 1;
- ret = SSL_SUCCESS;
- }
-
- wc_FreeRng(rng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
-#else
- WOLFSSL_MSG("No Key Gen built in");
-#endif
- return ret;
-}
-
-
-/* SSL_SUCCESS on ok */
-int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn)
-{
- (void)rsa;
- (void)bn;
-
- WOLFSSL_MSG("wolfSSL_RSA_blinding_on");
-
- return SSL_SUCCESS; /* on by default */
-}
-
-
-int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
- unsigned char* to, WOLFSSL_RSA* rsa, int padding)
-{
- (void)len;
- (void)fr;
- (void)to;
- (void)rsa;
- (void)padding;
-
- WOLFSSL_MSG("wolfSSL_RSA_public_encrypt");
-
- return SSL_FATAL_ERROR;
-}
-
-
-int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
- unsigned char* to, WOLFSSL_RSA* rsa, int padding)
-{
- (void)len;
- (void)fr;
- (void)to;
- (void)rsa;
- (void)padding;
-
- WOLFSSL_MSG("wolfSSL_RSA_private_decrypt");
-
- return SSL_FATAL_ERROR;
-}
-
-
-int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
-{
- WOLFSSL_MSG("wolfSSL_RSA_size");
-
- if (rsa == NULL)
- return 0;
-
- return wolfSSL_BN_num_bytes(rsa->n);
-}
-#endif /* NO_RSA */
-
-
-#ifndef NO_DSA
-/* return SSL_SUCCESS on success, < 0 otherwise */
-int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
- WOLFSSL_DSA* dsa)
-{
- int ret = SSL_FATAL_ERROR;
- int initTmpRng = 0;
- RNG* rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
-#else
- RNG tmpRNG[1];
-#endif
-
- WOLFSSL_MSG("wolfSSL_DSA_do_sign");
-
- if (d == NULL || sigRet == NULL || dsa == NULL)
- WOLFSSL_MSG("Bad function arguments");
- else if (dsa->inSet == 0)
- WOLFSSL_MSG("No DSA internal set");
- else {
- #ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmpRNG == NULL)
- return SSL_FATAL_ERROR;
- #endif
-
- if (wc_InitRng(tmpRNG) == 0) {
- rng = tmpRNG;
- initTmpRng = 1;
- }
- else {
- WOLFSSL_MSG("Bad RNG Init, trying global");
- if (initGlobalRNG == 0)
- WOLFSSL_MSG("Global RNG no Init");
- else
- rng = &globalRNG;
- }
-
- if (rng) {
- if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
- WOLFSSL_MSG("DsaSign failed");
- else
- ret = SSL_SUCCESS;
- }
-
- if (initTmpRng)
- wc_FreeRng(tmpRNG);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
-
- return ret;
-}
-#endif /* NO_DSA */
-
-
-#ifndef NO_RSA
-/* return SSL_SUCCES on ok, 0 otherwise */
-int wolfSSL_RSA_sign(int type, const unsigned char* m,
- unsigned int mLen, unsigned char* sigRet,
- unsigned int* sigLen, WOLFSSL_RSA* rsa)
-{
- word32 outLen;
- word32 signSz;
- int initTmpRng = 0;
- RNG* rng = NULL;
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
- byte* encodedSig = NULL;
-#else
- RNG tmpRNG[1];
- byte encodedSig[MAX_ENCODED_SIG_SZ];
-#endif
-
- WOLFSSL_MSG("wolfSSL_RSA_sign");
-
- if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL)
- WOLFSSL_MSG("Bad function arguments");
- else if (rsa->inSet == 0)
- WOLFSSL_MSG("No RSA internal set");
- else if (type != NID_md5 && type != NID_sha1)
- WOLFSSL_MSG("Bad md type");
- else {
- outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
-
- #ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmpRNG == NULL)
- return 0;
-
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL) {
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif
-
- if (outLen == 0)
- WOLFSSL_MSG("Bad RSA size");
- else if (wc_InitRng(tmpRNG) == 0) {
- rng = tmpRNG;
- initTmpRng = 1;
- }
- else {
- WOLFSSL_MSG("Bad RNG Init, trying global");
-
- if (initGlobalRNG == 0)
- WOLFSSL_MSG("Global RNG no Init");
- else
- rng = &globalRNG;
- }
- }
-
- if (rng) {
- type = (type == NID_md5) ? MD5h : SHAh;
-
- signSz = wc_EncodeSignature(encodedSig, m, mLen, type);
- if (signSz == 0) {
- WOLFSSL_MSG("Bad Encode Signature");
- }
- else {
- *sigLen = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
- (RsaKey*)rsa->internal, rng);
- if (*sigLen <= 0)
- WOLFSSL_MSG("Bad Rsa Sign");
- else
- ret = SSL_SUCCESS;
- }
-
- }
-
- if (initTmpRng)
- wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- WOLFSSL_MSG("wolfSSL_RSA_sign success");
- return ret;
-}
-
-
-int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
- unsigned char* to, WOLFSSL_RSA* rsa, int padding)
-{
- (void)flen;
- (void)from;
- (void)to;
- (void)rsa;
- (void)padding;
-
- WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
-
- return SSL_FATAL_ERROR;
-}
-
-
-/* generate p-1 and q-1, SSL_SUCCESS on ok */
-int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
-{
- int err;
- mp_int tmp;
-
- WOLFSSL_MSG("wolfSSL_RsaGenAdd");
-
- if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
- rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
- WOLFSSL_MSG("rsa no init error");
- return SSL_FATAL_ERROR;
- }
-
- if (mp_init(&tmp) != MP_OKAY) {
- WOLFSSL_MSG("mp_init error");
- return SSL_FATAL_ERROR;
- }
-
- err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
- if (err != MP_OKAY) {
- WOLFSSL_MSG("mp_sub_d error");
- }
- else
- err = mp_mod((mp_int*)rsa->d->internal, &tmp,
- (mp_int*)rsa->dmp1->internal);
-
- if (err != MP_OKAY) {
- WOLFSSL_MSG("mp_mod error");
- }
- else
- err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
- if (err != MP_OKAY) {
- WOLFSSL_MSG("mp_sub_d error");
- }
- else
- err = mp_mod((mp_int*)rsa->d->internal, &tmp,
- (mp_int*)rsa->dmq1->internal);
-
- mp_clear(&tmp);
-
- if (err == MP_OKAY)
- return SSL_SUCCESS;
- else
- return SSL_FATAL_ERROR;
-}
-#endif /* NO_RSA */
-
-
-void wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
- const EVP_MD* type)
-{
- WOLFSSL_MSG("wolfSSL_HMAC_Init");
-
- if (ctx == NULL) {
- WOLFSSL_MSG("no ctx on init");
- return;
- }
-
- if (type) {
- WOLFSSL_MSG("init has type");
-
- if (XSTRNCMP(type, "MD5", 3) == 0) {
- WOLFSSL_MSG("md5 hmac");
- ctx->type = MD5;
- }
- else if (XSTRNCMP(type, "SHA256", 6) == 0) {
- WOLFSSL_MSG("sha256 hmac");
- ctx->type = SHA256;
- }
-
- /* has to be last since would pick or 256, 384, or 512 too */
- else if (XSTRNCMP(type, "SHA", 3) == 0) {
- WOLFSSL_MSG("sha hmac");
- ctx->type = SHA;
- }
- else {
- WOLFSSL_MSG("bad init type");
- }
- }
-
- if (key && keylen) {
- WOLFSSL_MSG("keying hmac");
- wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
- /* OpenSSL compat, no error */
- }
-}
-
-
-void wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data,
- int len)
-{
- WOLFSSL_MSG("wolfSSL_HMAC_Update");
-
- if (ctx && data) {
- WOLFSSL_MSG("updating hmac");
- wc_HmacUpdate(&ctx->hmac, data, (word32)len);
- /* OpenSSL compat, no error */
- }
-}
-
-
-void wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
- unsigned int* len)
-{
- WOLFSSL_MSG("wolfSSL_HMAC_Final");
-
- if (ctx && hash) {
- WOLFSSL_MSG("final hmac");
- wc_HmacFinal(&ctx->hmac, hash);
- /* OpenSSL compat, no error */
-
- if (len) {
- WOLFSSL_MSG("setting output len");
- switch (ctx->type) {
- case MD5:
- *len = MD5_DIGEST_SIZE;
- break;
-
- case SHA:
- *len = SHA_DIGEST_SIZE;
- break;
-
- case SHA256:
- *len = SHA256_DIGEST_SIZE;
- break;
-
- default:
- WOLFSSL_MSG("bad hmac type");
- }
- }
- }
-}
-
-
-void wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx)
-{
- (void)ctx;
-
- WOLFSSL_MSG("wolfSSL_HMAC_cleanup");
-}
-
-
-const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
-{
- WOLFSSL_MSG("wolfSSL_get_digestbynid");
-
- switch(id) {
-#ifndef NO_MD5
- case NID_md5:
- return wolfSSL_EVP_md5();
-#endif
-#ifndef NO_SHA
- case NID_sha1:
- return wolfSSL_EVP_sha1();
-#endif
- default:
- WOLFSSL_MSG("Bad digest id value");
- }
-
- return NULL;
-}
-
-
-WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
-{
- (void)key;
- WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
-
- return NULL;
-}
-
-
-WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
-{
- (void)key;
- WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA");
-
- return NULL;
-}
-
-
-void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
-{
- WOLFSSL_MSG("wolfSSL_EVP_X_STATE");
-
- if (ctx) {
- switch (ctx->cipherType) {
- case ARC4_TYPE:
- WOLFSSL_MSG("returning arc4 state");
- return (void*)&ctx->cipher.arc4.x;
-
- default:
- WOLFSSL_MSG("bad x state type");
- return 0;
- }
- }
-
- return NULL;
-}
-
-
-int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
-{
- WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN");
-
- if (ctx) {
- switch (ctx->cipherType) {
- case ARC4_TYPE:
- WOLFSSL_MSG("returning arc4 state size");
- return sizeof(Arc4);
-
- default:
- WOLFSSL_MSG("bad x state type");
- return 0;
- }
- }
-
- return 0;
-}
-
-
-#ifndef NO_DES3
-
-void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
- unsigned char* iv, int len)
-{
- (void)len;
-
- WOLFSSL_MSG("wolfSSL_3des_iv");
-
- if (ctx == NULL || iv == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return;
- }
-
- if (doset)
- wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
- else
- memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
-}
-
-#endif /* NO_DES3 */
-
-
-#ifndef NO_AES
-
-void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
- unsigned char* iv, int len)
-{
- (void)len;
-
- WOLFSSL_MSG("wolfSSL_aes_ctr_iv");
-
- if (ctx == NULL || iv == NULL) {
- WOLFSSL_MSG("Bad function argument");
- return;
- }
-
- if (doset)
- wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
- else
- memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
-}
-
-#endif /* NO_AES */
-
-
-const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
-{
- WOLFSSL_MSG("wolfSSL_ripemd160");
-
- return NULL;
-}
-
-
-int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
-{
- WOLFSSL_MSG("wolfSSL_EVP_MD_size");
-
- if (type == NULL) {
- WOLFSSL_MSG("No md type arg");
- return BAD_FUNC_ARG;
- }
-
- if (XSTRNCMP(type, "SHA256", 6) == 0) {
- return SHA256_DIGEST_SIZE;
- }
-#ifndef NO_MD5
- else if (XSTRNCMP(type, "MD5", 3) == 0) {
- return MD5_DIGEST_SIZE;
- }
-#endif
-#ifdef WOLFSSL_SHA384
- else if (XSTRNCMP(type, "SHA384", 6) == 0) {
- return SHA384_DIGEST_SIZE;
- }
-#endif
-#ifdef WOLFSSL_SHA512
- else if (XSTRNCMP(type, "SHA512", 6) == 0) {
- return SHA512_DIGEST_SIZE;
- }
-#endif
-#ifndef NO_SHA
- /* has to be last since would pick or 256, 384, or 512 too */
- else if (XSTRNCMP(type, "SHA", 3) == 0) {
- return SHA_DIGEST_SIZE;
- }
-#endif
-
- return BAD_FUNC_ARG;
-}
-
-
-int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
-{
- WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length");
-
- switch (ctx->cipherType) {
-
- case AES_128_CBC_TYPE :
- case AES_192_CBC_TYPE :
- case AES_256_CBC_TYPE :
- WOLFSSL_MSG("AES CBC");
- return AES_BLOCK_SIZE;
-
-#ifdef WOLFSSL_AES_COUNTER
- case AES_128_CTR_TYPE :
- case AES_192_CTR_TYPE :
- case AES_256_CTR_TYPE :
- WOLFSSL_MSG("AES CTR");
- return AES_BLOCK_SIZE;
-#endif
-
- case DES_CBC_TYPE :
- WOLFSSL_MSG("DES CBC");
- return DES_BLOCK_SIZE;
-
- case DES_EDE3_CBC_TYPE :
- WOLFSSL_MSG("DES EDE3 CBC");
- return DES_BLOCK_SIZE;
-
- case ARC4_TYPE :
- WOLFSSL_MSG("ARC4");
- return 0;
-
- case NULL_CIPHER_TYPE :
- WOLFSSL_MSG("NULL");
- return 0;
-
- default: {
- WOLFSSL_MSG("bad type");
- }
- }
- return 0;
-}
-
-
-void wolfSSL_OPENSSL_free(void* p)
-{
- WOLFSSL_MSG("wolfSSL_OPENSSL_free");
-
- XFREE(p, NULL, 0);
-}
-
-
-int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
- const EVP_CIPHER* cipher,
- unsigned char* passwd, int len,
- pem_password_cb cb, void* arg)
-{
- (void)bio;
- (void)rsa;
- (void)cipher;
- (void)passwd;
- (void)len;
- (void)cb;
- (void)arg;
-
- WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey");
-
- return SSL_FATAL_ERROR;
-}
-
-
-
-int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* rsa,
- const EVP_CIPHER* cipher,
- unsigned char* passwd, int len,
- pem_password_cb cb, void* arg)
-{
- (void)bio;
- (void)rsa;
- (void)cipher;
- (void)passwd;
- (void)len;
- (void)cb;
- (void)arg;
-
- WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey");
-
- return SSL_FATAL_ERROR;
-}
-
-
-
-WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
- WOLFSSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
-{
- (void)bio;
- (void)key;
- (void)cb;
- (void)arg;
-
- WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey");
-
- return NULL;
-}
-
-
-
-#ifndef NO_RSA
-/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
-int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz)
-{
- word32 idx = 0;
- int ret;
-
- WOLFSSL_ENTER("wolfSSL_RSA_LoadDer");
-
- if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) {
- WOLFSSL_MSG("Bad function arguments");
- return BAD_FUNC_ARG;
- }
-
- ret = wc_RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
- if (ret < 0) {
- WOLFSSL_MSG("RsaPrivateKeyDecode failed");
- return ret;
- }
-
- if (SetRsaExternal(rsa) < 0) {
- WOLFSSL_MSG("SetRsaExternal failed");
- return SSL_FATAL_ERROR;
- }
-
- rsa->inSet = 1;
-
- return SSL_SUCCESS;
-}
-#endif /* NO_RSA */
-
-
-#ifndef NO_DSA
-/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
-int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz)
-{
- word32 idx = 0;
- int ret;
-
- WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
-
- if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) {
- WOLFSSL_MSG("Bad function arguments");
- return BAD_FUNC_ARG;
- }
-
- ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
- if (ret < 0) {
- WOLFSSL_MSG("DsaPrivateKeyDecode failed");
- return ret;
- }
-
- if (SetDsaExternal(dsa) < 0) {
- WOLFSSL_MSG("SetDsaExternal failed");
- return SSL_FATAL_ERROR;
- }
-
- dsa->inSet = 1;
-
- return SSL_SUCCESS;
-}
-#endif /* NO_DSA */
-
-
-
-
-#endif /* OPENSSL_EXTRA */
-
-
-#ifdef SESSION_CERTS
-
-
-/* Get peer's certificate chain */
-WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl)
-{
- WOLFSSL_ENTER("wolfSSL_get_peer_chain");
- if (ssl)
- return &ssl->session.chain;
-
- return 0;
-}
-
-
-/* Get peer's certificate chain total count */
-int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain)
-{
- WOLFSSL_ENTER("wolfSSL_get_chain_count");
- if (chain)
- return chain->count;
-
- return 0;
-}
-
-
-/* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */
-int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx)
-{
- WOLFSSL_ENTER("wolfSSL_get_chain_length");
- if (chain)
- return chain->certs[idx].length;
-
- return 0;
-}
-
-
-/* Get peer's ASN.1 DER ceritifcate at index (idx) */
-byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx)
-{
- WOLFSSL_ENTER("wolfSSL_get_chain_cert");
- if (chain)
- return chain->certs[idx].buffer;
-
- return 0;
-}
-
-
-/* Get peer's wolfSSL X509 ceritifcate at index (idx) */
-WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
-{
- int ret;
- WOLFSSL_X509* x509 = NULL;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
-#else
- DecodedCert cert[1];
-#endif
-
- WOLFSSL_ENTER("wolfSSL_get_chain_X509");
- if (chain != NULL) {
- #ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert != NULL)
- #endif
- {
- InitDecodedCert(cert, chain->certs[idx].buffer,
- chain->certs[idx].length, NULL);
-
- if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0)
- WOLFSSL_MSG("Failed to parse cert");
- else {
- x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- if (x509 == NULL) {
- WOLFSSL_MSG("Failed alloc X509");
- }
- else {
- InitX509(x509, 1);
-
- if ((ret = CopyDecodedToX509(x509, cert)) != 0) {
- WOLFSSL_MSG("Failed to copy decoded");
- XFREE(x509, NULL, DYNAMIC_TYPE_X509);
- x509 = NULL;
- }
- }
- }
-
- FreeDecodedCert(cert);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- }
-
- return x509;
-}
-
-
-/* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
- enough else return error (-1), output length is in *outLen
- SSL_SUCCESS on ok */
-int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
- unsigned char* buf, int inLen, int* outLen)
-{
- const char header[] = "-----BEGIN CERTIFICATE-----\n";
- const char footer[] = "-----END CERTIFICATE-----\n";
-
- int headerLen = sizeof(header) - 1;
- int footerLen = sizeof(footer) - 1;
- int i;
- int err;
-
- WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
- if (!chain || !outLen || !buf)
- return BAD_FUNC_ARG;
-
- /* don't even try if inLen too short */
- if (inLen < headerLen + footerLen + chain->certs[idx].length)
- return BAD_FUNC_ARG;
-
- /* header */
- XMEMCPY(buf, header, headerLen);
- i = headerLen;
-
- /* body */
- *outLen = inLen; /* input to Base64_Encode */
- if ( (err = Base64_Encode(chain->certs[idx].buffer,
- chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
- return err;
- i += *outLen;
-
- /* footer */
- if ( (i + footerLen) > inLen)
- return BAD_FUNC_ARG;
- XMEMCPY(buf + i, footer, footerLen);
- *outLen += headerLen + footerLen;
-
- return SSL_SUCCESS;
-}
-
-
-/* get session ID */
-const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
-{
- WOLFSSL_ENTER("wolfSSL_get_sessionID");
- if (session)
- return session->sessionID;
-
- return NULL;
-}
-
-
-#endif /* SESSION_CERTS */
-
-#ifdef HAVE_FUZZER
-void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx)
-{
- if (ssl) {
- ssl->fuzzerCb = cbf;
- ssl->fuzzerCtx = fCtx;
- }
-}
-#endif
-
-#ifndef NO_CERTS
-#ifdef HAVE_PK_CALLBACKS
-
-#ifdef HAVE_ECC
-
-void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb)
-{
- if (ctx)
- ctx->EccSignCb = cb;
-}
-
-
-void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->EccSignCtx = ctx;
-}
-
-
-void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->EccSignCtx;
-
- return NULL;
-}
-
-
-void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb)
-{
- if (ctx)
- ctx->EccVerifyCb = cb;
-}
-
-
-void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->EccVerifyCtx = ctx;
-}
-
-
-void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->EccVerifyCtx;
-
- return NULL;
-}
-
-#endif /* HAVE_ECC */
-
-#ifndef NO_RSA
-
-void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb)
-{
- if (ctx)
- ctx->RsaSignCb = cb;
-}
-
-
-void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->RsaSignCtx = ctx;
-}
-
-
-void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->RsaSignCtx;
-
- return NULL;
-}
-
-
-void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
-{
- if (ctx)
- ctx->RsaVerifyCb = cb;
-}
-
-
-void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->RsaVerifyCtx = ctx;
-}
-
-
-void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->RsaVerifyCtx;
-
- return NULL;
-}
-
-void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb)
-{
- if (ctx)
- ctx->RsaEncCb = cb;
-}
-
-
-void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->RsaEncCtx = ctx;
-}
-
-
-void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->RsaEncCtx;
-
- return NULL;
-}
-
-void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb)
-{
- if (ctx)
- ctx->RsaDecCb = cb;
-}
-
-
-void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx)
-{
- if (ssl)
- ssl->RsaDecCtx = ctx;
-}
-
-
-void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
-{
- if (ssl)
- return ssl->RsaDecCtx;
-
- return NULL;
-}
-
-
-#endif /* NO_RSA */
-
-#endif /* HAVE_PK_CALLBACKS */
-#endif /* NO_CERTS */
-
-
-#ifdef WOLFSSL_HAVE_WOLFSCEP
- /* Used by autoconf to see if wolfSCEP is available */
- void wolfSSL_wolfSCEP(void) {}
-#endif
-
-
-#ifdef WOLFSSL_HAVE_CERT_SERVICE
- /* Used by autoconf to see if cert service is available */
- void wolfSSL_cert_service(void) {}
-#endif
-
-
--- a/src/tls.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2447 +0,0 @@
-/* tls.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#include <wolfssl/ssl.h>
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
-#include <wolfssl/wolfcrypt/hmac.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-
-#ifndef NO_TLS
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-#ifdef WOLFSSL_SHA384
- #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE
-#else
- #define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE
-#endif
-
-/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
-static int p_hash(byte* result, word32 resLen, const byte* secret,
- word32 secLen, const byte* seed, word32 seedLen, int hash)
-{
- word32 len = P_HASH_MAX_SIZE;
- word32 times;
- word32 lastLen;
- word32 lastTime;
- word32 i;
- word32 idx = 0;
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- byte* previous;
- byte* current;
- Hmac* hmac;
-#else
- byte previous[P_HASH_MAX_SIZE]; /* max size */
- byte current[P_HASH_MAX_SIZE]; /* max size */
- Hmac hmac[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (previous == NULL || current == NULL || hmac == NULL) {
- if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- return MEMORY_E;
- }
-#endif
-
- switch (hash) {
- #ifndef NO_MD5
- case md5_mac:
- hash = MD5;
- len = MD5_DIGEST_SIZE;
- break;
- #endif
-
- #ifndef NO_SHA256
- case sha256_mac:
- hash = SHA256;
- len = SHA256_DIGEST_SIZE;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case sha384_mac:
- hash = SHA384;
- len = SHA384_DIGEST_SIZE;
- break;
- #endif
-
- #ifndef NO_SHA
- case sha_mac:
- default:
- hash = SHA;
- len = SHA_DIGEST_SIZE;
- break;
- #endif
- }
-
- times = resLen / len;
- lastLen = resLen % len;
-
- if (lastLen)
- times += 1;
-
- lastTime = times - 1;
-
- if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) {
- if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */
- if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */
- for (i = 0; i < times; i++) {
- ret = wc_HmacUpdate(hmac, previous, len);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(hmac, seed, seedLen);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(hmac, current);
- if (ret != 0)
- break;
-
- if ((i == lastTime) && lastLen)
- XMEMCPY(&result[idx], current,
- min(lastLen, P_HASH_MAX_SIZE));
- else {
- XMEMCPY(&result[idx], current, len);
- idx += len;
- ret = wc_HmacUpdate(hmac, previous, len);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(hmac, previous);
- if (ret != 0)
- break;
- }
- }
- }
- }
- }
-
- ForceZero(previous, P_HASH_MAX_SIZE);
- ForceZero(current, P_HASH_MAX_SIZE);
- ForceZero(hmac, sizeof(Hmac));
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#undef P_HASH_MAX_SIZE
-
-
-#ifndef NO_OLD_TLS
-
-/* calculate XOR for TLSv1 PRF */
-static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
-{
- word32 i;
-
- for (i = 0; i < digLen; i++)
- digest[i] = md5[i] ^ sha[i];
-}
-
-
-/* compute TLSv1 PRF (pseudo random function using HMAC) */
-static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
- const byte* label, word32 labLen, const byte* seed,
- word32 seedLen)
-{
- int ret = 0;
- word32 half = (secLen + 1) / 2;
-
-#ifdef WOLFSSL_SMALL_STACK
- byte* md5_half;
- byte* sha_half;
- byte* labelSeed;
- byte* md5_result;
- byte* sha_result;
-#else
- byte md5_half[MAX_PRF_HALF]; /* half is real size */
- byte sha_half[MAX_PRF_HALF]; /* half is real size */
- byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
- byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
- byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
-#endif
-
- if (half > MAX_PRF_HALF)
- return BUFFER_E;
- if (labLen + seedLen > MAX_PRF_LABSEED)
- return BUFFER_E;
- if (digLen > MAX_PRF_DIG)
- return BUFFER_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (md5_half == NULL || sha_half == NULL || labelSeed == NULL ||
- md5_result == NULL || sha_result == NULL) {
- if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- return MEMORY_E;
- }
-#endif
-
- XMEMSET(md5_result, 0, digLen);
- XMEMSET(sha_result, 0, digLen);
-
- XMEMCPY(md5_half, secret, half);
- XMEMCPY(sha_half, secret + half - secLen % 2, half);
-
- XMEMCPY(labelSeed, label, labLen);
- XMEMCPY(labelSeed + labLen, seed, seedLen);
-
- if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
- labLen + seedLen, md5_mac)) == 0) {
- if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
- labLen + seedLen, sha_mac)) == 0) {
- get_xor(digest, digLen, md5_result, sha_result);
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#endif
-
-
-/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
- use */
-static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
- const byte* label, word32 labLen, const byte* seed, word32 seedLen,
- int useAtLeastSha256, int hash_type)
-{
- int ret = 0;
-
- if (useAtLeastSha256) {
-#ifdef WOLFSSL_SMALL_STACK
- byte* labelSeed;
-#else
- byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
-#endif
-
- if (labLen + seedLen > MAX_PRF_LABSEED)
- return BUFFER_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (labelSeed == NULL)
- return MEMORY_E;
-#endif
-
- XMEMCPY(labelSeed, label, labLen);
- XMEMCPY(labelSeed + labLen, seed, seedLen);
-
- /* If a cipher suite wants an algorithm better than sha256, it
- * should use better. */
- if (hash_type < sha256_mac)
- hash_type = sha256_mac;
- ret = p_hash(digest, digLen, secret, secLen, labelSeed,
- labLen + seedLen, hash_type);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- }
-#ifndef NO_OLD_TLS
- else {
- ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
- seedLen);
- }
-#endif
-
- return ret;
-}
-
-
-#ifdef WOLFSSL_SHA384
- #define HSHASH_SZ SHA384_DIGEST_SIZE
-#else
- #define HSHASH_SZ FINISHED_SZ
-#endif
-
-
-int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
-{
- const byte* side;
- byte handshake_hash[HSHASH_SZ];
- word32 hashSz = FINISHED_SZ;
-
-#ifndef NO_OLD_TLS
- wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
- wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
-#endif
-
- if (IsAtLeastTLSv1_2(ssl)) {
-#ifndef NO_SHA256
- if (ssl->specs.mac_algorithm <= sha256_mac) {
- int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
-
- if (ret != 0)
- return ret;
-
- hashSz = SHA256_DIGEST_SIZE;
- }
-#endif
-#ifdef WOLFSSL_SHA384
- if (ssl->specs.mac_algorithm == sha384_mac) {
- int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash);
-
- if (ret != 0)
- return ret;
-
- hashSz = SHA384_DIGEST_SIZE;
- }
-#endif
- }
-
- if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
- side = tls_client;
- else
- side = tls_server;
-
- return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
- SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
-}
-
-
-#ifndef NO_OLD_TLS
-
-ProtocolVersion MakeTLSv1(void)
-{
- ProtocolVersion pv;
- pv.major = SSLv3_MAJOR;
- pv.minor = TLSv1_MINOR;
-
- return pv;
-}
-
-
-ProtocolVersion MakeTLSv1_1(void)
-{
- ProtocolVersion pv;
- pv.major = SSLv3_MAJOR;
- pv.minor = TLSv1_1_MINOR;
-
- return pv;
-}
-
-#endif
-
-
-ProtocolVersion MakeTLSv1_2(void)
-{
- ProtocolVersion pv;
- pv.major = SSLv3_MAJOR;
- pv.minor = TLSv1_2_MINOR;
-
- return pv;
-}
-
-
-static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
-static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
-
-
-/* External facing wrapper so user can call as well, 0 on success */
-int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
- const byte* ms, word32 msLen,
- const byte* sr, const byte* cr,
- int tls1_2, int hash_type)
-{
- byte seed[SEED_LEN];
-
- XMEMCPY(seed, sr, RAN_LEN);
- XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
-
- return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ,
- seed, SEED_LEN, tls1_2, hash_type);
-}
-
-
-int DeriveTlsKeys(WOLFSSL* ssl)
-{
- int ret;
- int length = 2 * ssl->specs.hash_size +
- 2 * ssl->specs.key_size +
- 2 * ssl->specs.iv_size;
-#ifdef WOLFSSL_SMALL_STACK
- byte* key_data;
-#else
- byte key_data[MAX_PRF_DIG];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (key_data == NULL) {
- return MEMORY_E;
- }
-#endif
-
- ret = wolfSSL_DeriveTlsKeys(key_data, length,
- ssl->arrays->masterSecret, SECRET_LEN,
- ssl->arrays->serverRandom, ssl->arrays->clientRandom,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
- if (ret == 0)
- ret = StoreKeys(ssl, key_data);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* External facing wrapper so user can call as well, 0 on success */
-int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
- const byte* pms, word32 pmsLen,
- const byte* cr, const byte* sr,
- int tls1_2, int hash_type)
-{
- byte seed[SEED_LEN];
-
- XMEMCPY(seed, cr, RAN_LEN);
- XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
-
- return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
- seed, SEED_LEN, tls1_2, hash_type);
-}
-
-
-int MakeTlsMasterSecret(WOLFSSL* ssl)
-{
- int ret;
-
- ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
- ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
- ssl->arrays->clientRandom, ssl->arrays->serverRandom,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
-
- if (ret == 0) {
- #ifdef SHOW_SECRETS
- int i;
-
- printf("master secret: ");
- for (i = 0; i < SECRET_LEN; i++)
- printf("%02x", ssl->arrays->masterSecret[i]);
- printf("\n");
- #endif
-
- ret = DeriveTlsKeys(ssl);
- }
-
- return ret;
-}
-
-
-/* Used by EAP-TLS and EAP-TTLS to derive keying material from
- * the master_secret. */
-int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
- const char* label)
-{
- int ret;
-#ifdef WOLFSSL_SMALL_STACK
- byte* seed;
-#else
- byte seed[SEED_LEN];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (seed == NULL)
- return MEMORY_E;
-#endif
-
- /*
- * As per RFC-5281, the order of the client and server randoms is reversed
- * from that used by the TLS protocol to derive keys.
- */
- XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
- XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
-
- ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
- (const byte *)label, (word32)strlen(label), seed, SEED_LEN,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/*** next for static INLINE s copied internal.c ***/
-
-/* convert 16 bit integer to opaque */
-static INLINE void c16toa(word16 u16, byte* c)
-{
- c[0] = (u16 >> 8) & 0xff;
- c[1] = u16 & 0xff;
-}
-
-#ifdef HAVE_TLS_EXTENSIONS
-/* convert opaque to 16 bit integer */
-static INLINE void ato16(const byte* c, word16* u16)
-{
- *u16 = (c[0] << 8) | (c[1]);
-}
-
-#ifdef HAVE_SNI
-/* convert a 24 bit integer into a 32 bit one */
-static INLINE void c24to32(const word24 u24, word32* u32)
-{
- *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
-}
-#endif
-#endif
-
-/* convert 32 bit integer to opaque */
-static INLINE void c32toa(word32 u32, byte* c)
-{
- c[0] = (u32 >> 24) & 0xff;
- c[1] = (u32 >> 16) & 0xff;
- c[2] = (u32 >> 8) & 0xff;
- c[3] = u32 & 0xff;
-}
-
-
-static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify)
-{
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if (verify)
- return ssl->keys.dtls_state.curSeq; /* explicit from peer */
- else
- return ssl->keys.dtls_sequence_number - 1; /* already incremented */
- }
-#endif
- if (verify)
- return ssl->keys.peer_sequence_number++;
- else
- return ssl->keys.sequence_number++;
-}
-
-
-#ifdef WOLFSSL_DTLS
-
-static INLINE word32 GetEpoch(WOLFSSL* ssl, int verify)
-{
- if (verify)
- return ssl->keys.dtls_state.curEpoch;
- else
- return ssl->keys.dtls_epoch;
-}
-
-#endif /* WOLFSSL_DTLS */
-
-
-/*** end copy ***/
-
-
-/* return HMAC digest type in wolfSSL format */
-int wolfSSL_GetHmacType(WOLFSSL* ssl)
-{
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
- switch (ssl->specs.mac_algorithm) {
- #ifndef NO_MD5
- case md5_mac:
- {
- return MD5;
- }
- #endif
- #ifndef NO_SHA256
- case sha256_mac:
- {
- return SHA256;
- }
- #endif
- #ifdef WOLFSSL_SHA384
- case sha384_mac:
- {
- return SHA384;
- }
-
- #endif
- #ifndef NO_SHA
- case sha_mac:
- {
- return SHA;
- }
- #endif
- #ifdef HAVE_BLAKE2
- case blake2b_mac:
- {
- return BLAKE2B_ID;
- }
- #endif
- default:
- {
- return SSL_FATAL_ERROR;
- }
- }
-}
-
-
-int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
- int verify)
-{
- if (ssl == NULL || inner == NULL)
- return BAD_FUNC_ARG;
-
- XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
-
-#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- c16toa((word16)GetEpoch(ssl, verify), inner);
-#endif
- c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
- inner[SEQ_SZ] = (byte)content;
- inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
- inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
- c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
-
- return 0;
-}
-
-
-/* TLS type HMAC */
-int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
- int content, int verify)
-{
- Hmac hmac;
- int ret;
- byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
-
- if (ssl == NULL)
- return BAD_FUNC_ARG;
-
-#ifdef HAVE_FUZZER
- if (ssl->fuzzerCb)
- ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
-#endif
-
- wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
-
- ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
- wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
- if (ret != 0)
- return ret;
- ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
- if (ret != 0)
- return ret;
- ret = wc_HmacUpdate(&hmac, in, sz); /* content */
- if (ret != 0)
- return ret;
- ret = wc_HmacFinal(&hmac, digest);
- if (ret != 0)
- return ret;
-
- return 0;
-}
-
-#ifdef HAVE_TLS_EXTENSIONS
-
-
-/** Supports up to 64 flags. Update as needed. */
-#define SEMAPHORE_SIZE 8
-
-
-static INLINE word16 TLSX_ToSemaphore(word16 type)
-{
- switch (type) {
- case SECURE_RENEGOTIATION:
- return 63;
-
- default:
- if (type > 62) {
- /* This message SHOULD only happens during the adding of
- new TLS extensions in which its IANA number overflows
- the current semaphore's range, or if its number already
- is assigned to be used by another extension.
- Use this check value for the new extension and decrement
- the check value by one. */
- WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
- }
- }
-
- return type;
-}
-
-
-#define IS_OFF(semaphore, light) \
- ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
-
-
-#define TURN_ON(semaphore, light) \
- ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
-
-
-static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
-{
- TLSX* extension;
-
- extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX);
- if (extension == NULL)
- return MEMORY_E;
-
- extension->type = type;
- extension->data = data;
- extension->resp = 0;
- extension->next = *list;
- *list = extension;
-
- /* remove duplicated extensions, there should be only one of each type. */
- do {
- if (extension->next && extension->next->type == type) {
- TLSX *next = extension->next;
-
- extension->next = next->next;
- next->next = NULL;
-
- TLSX_FreeAll(next);
-
- /* there is no way to occur more than */
- /* two extensions of the same type. */
- break;
- }
- } while ((extension = extension->next));
-
- return 0;
-}
-
-
-#ifndef NO_WOLFSSL_SERVER
-
-void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
-
-void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
-{
- TLSX *ext = TLSX_Find(ssl->extensions, type);
-
- if (ext)
- ext->resp = 1;
-}
-
-#endif
-
-/* SNI - Server Name Indication */
-
-#ifdef HAVE_SNI
-
-static void TLSX_SNI_Free(SNI* sni)
-{
- if (sni) {
- switch (sni->type) {
- case WOLFSSL_SNI_HOST_NAME:
- XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
- break;
- }
-
- XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
- }
-}
-
-static void TLSX_SNI_FreeAll(SNI* list)
-{
- SNI* sni;
-
- while ((sni = list)) {
- list = sni->next;
- TLSX_SNI_Free(sni);
- }
-}
-
-static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
-{
- SNI* sni;
-
- if (list == NULL)
- return BAD_FUNC_ARG;
-
- if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL)
- return MEMORY_E;
-
- switch (type) {
- case WOLFSSL_SNI_HOST_NAME: {
- sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
-
- if (sni->data.host_name) {
- XSTRNCPY(sni->data.host_name, (const char*)data, size);
- sni->data.host_name[size] = 0;
- } else {
- XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
- return MEMORY_E;
- }
- }
- break;
-
- default: /* invalid type */
- XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
- return BAD_FUNC_ARG;
- }
-
- sni->type = type;
- sni->next = *list;
-
-#ifndef NO_WOLFSSL_SERVER
- sni->options = 0;
- sni->status = WOLFSSL_SNI_NO_MATCH;
-#endif
-
- *list = sni;
-
- return 0;
-}
-
-static word16 TLSX_SNI_GetSize(SNI* list)
-{
- SNI* sni;
- word16 length = OPAQUE16_LEN; /* list length */
-
- while ((sni = list)) {
- list = sni->next;
-
- length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
-
- switch (sni->type) {
- case WOLFSSL_SNI_HOST_NAME:
- length += XSTRLEN((char*)sni->data.host_name);
- break;
- }
- }
-
- return length;
-}
-
-static word16 TLSX_SNI_Write(SNI* list, byte* output)
-{
- SNI* sni;
- word16 length = 0;
- word16 offset = OPAQUE16_LEN; /* list length offset */
-
- while ((sni = list)) {
- list = sni->next;
-
- output[offset++] = sni->type; /* sni type */
-
- switch (sni->type) {
- case WOLFSSL_SNI_HOST_NAME:
- length = XSTRLEN((char*)sni->data.host_name);
-
- c16toa(length, output + offset); /* sni length */
- offset += OPAQUE16_LEN;
-
- XMEMCPY(output + offset, sni->data.host_name, length);
-
- offset += length;
- break;
- }
- }
-
- c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
-
- return offset;
-}
-
-static SNI* TLSX_SNI_Find(SNI *list, byte type)
-{
- SNI *sni = list;
-
- while (sni && sni->type != type)
- sni = sni->next;
-
- return sni;
-}
-
-#ifndef NO_WOLFSSL_SERVER
-static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
-{
- TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
- SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
-
- if (sni) {
- sni->status = status;
- WOLFSSL_MSG("SNI did match!");
- }
-}
-
-byte TLSX_SNI_Status(TLSX* extensions, byte type)
-{
- TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
- SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
-
- if (sni)
- return sni->status;
-
- return 0;
-}
-#endif
-
-static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
- byte isRequest)
-{
-#ifndef NO_WOLFSSL_SERVER
- word16 size = 0;
- word16 offset = 0;
-#endif
-
- TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
-
- if (!extension)
- extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
-
- if (!extension || !extension->data)
- return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
- SNI response from server. */
-
- if (!isRequest)
- return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
- Nothing else to do. */
-
-#ifndef NO_WOLFSSL_SERVER
-
- if (OPAQUE16_LEN > length)
- return BUFFER_ERROR;
-
- ato16(input, &size);
- offset += OPAQUE16_LEN;
-
- /* validating sni list length */
- if (length != OPAQUE16_LEN + size)
- return BUFFER_ERROR;
-
- for (size = 0; offset < length; offset += size) {
- SNI *sni;
- byte type = input[offset++];
-
- if (offset + OPAQUE16_LEN > length)
- return BUFFER_ERROR;
-
- ato16(input + offset, &size);
- offset += OPAQUE16_LEN;
-
- if (offset + size > length)
- return BUFFER_ERROR;
-
- if (!(sni = TLSX_SNI_Find((SNI*)extension->data, type))) {
- continue; /* not using this SNI type */
- }
-
- switch(type) {
- case WOLFSSL_SNI_HOST_NAME: {
- byte matched = (XSTRLEN(sni->data.host_name) == size)
- && (XSTRNCMP(sni->data.host_name,
- (const char*)input + offset, size) == 0);
-
- if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
- int r = TLSX_UseSNI(&ssl->extensions,
- type, input + offset, size);
-
- if (r != SSL_SUCCESS) return r; /* throw error */
-
- TLSX_SNI_SetStatus(ssl->extensions, type,
- matched ? WOLFSSL_SNI_REAL_MATCH : WOLFSSL_SNI_FAKE_MATCH);
-
- } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
- SendAlert(ssl, alert_fatal, unrecognized_name);
-
- return UNKNOWN_SNI_HOST_NAME_E;
- }
- break;
- }
- }
-
- TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
- }
-
-#endif
-
- return 0;
-}
-
-int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
-{
- TLSX* extension = TLSX_Find(*extensions, SERVER_NAME_INDICATION);
- SNI* sni = NULL;
- int ret = 0;
-
- if (extensions == NULL || data == NULL)
- return BAD_FUNC_ARG;
-
- if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0)
- return ret;
-
- if (!extension) {
- if ((ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni))
- != 0) {
- TLSX_SNI_Free(sni);
- return ret;
- }
- }
- else {
- /* push new SNI object to extension data. */
- sni->next = (SNI*)extension->data;
- extension->data = (void*)sni;
-
- /* look for another server name of the same type to remove */
- do {
- if (sni->next && sni->next->type == type) {
- SNI *next = sni->next;
-
- sni->next = next->next;
- TLSX_SNI_Free(next);
-
- break;
- }
- } while ((sni = sni->next));
- }
-
- return SSL_SUCCESS;
-}
-
-#ifndef NO_WOLFSSL_SERVER
-word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
-{
- TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
- SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
-
- if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
- switch (sni->type) {
- case WOLFSSL_SNI_HOST_NAME:
- *data = sni->data.host_name;
- return XSTRLEN(*data);
- }
- }
-
- return 0;
-}
-
-void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
-{
- TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
- SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
-
- if (sni)
- sni->options = options;
-}
-
-int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
- byte type, byte* sni, word32* inOutSz)
-{
- word32 offset = 0;
- word32 len32 = 0;
- word16 len16 = 0;
-
- if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
- return INCOMPLETE_DATA;
-
- /* TLS record header */
- if ((enum ContentType) clientHello[offset++] != handshake)
- return BUFFER_ERROR;
-
- if (clientHello[offset++] != SSLv3_MAJOR)
- return BUFFER_ERROR;
-
- if (clientHello[offset++] < TLSv1_MINOR)
- return SNI_UNSUPPORTED;
-
- ato16(clientHello + offset, &len16);
- offset += OPAQUE16_LEN;
-
- if (offset + len16 > helloSz)
- return INCOMPLETE_DATA;
-
- /* Handshake header */
- if ((enum HandShakeType) clientHello[offset] != client_hello)
- return BUFFER_ERROR;
-
- c24to32(clientHello + offset + 1, &len32);
- offset += HANDSHAKE_HEADER_SZ;
-
- if (offset + len32 > helloSz)
- return BUFFER_ERROR;
-
- /* client hello */
- offset += VERSION_SZ + RAN_LEN; /* version, random */
-
- if (helloSz < offset + clientHello[offset])
- return BUFFER_ERROR;
-
- offset += ENUM_LEN + clientHello[offset]; /* skip session id */
-
- /* cypher suites */
- if (helloSz < offset + OPAQUE16_LEN)
- return BUFFER_ERROR;
-
- ato16(clientHello + offset, &len16);
- offset += OPAQUE16_LEN;
-
- if (helloSz < offset + len16)
- return BUFFER_ERROR;
-
- offset += len16; /* skip cypher suites */
-
- /* compression methods */
- if (helloSz < offset + 1)
- return BUFFER_ERROR;
-
- if (helloSz < offset + clientHello[offset])
- return BUFFER_ERROR;
-
- offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
-
- /* extensions */
- if (helloSz < offset + OPAQUE16_LEN)
- return 0; /* no extensions in client hello. */
-
- ato16(clientHello + offset, &len16);
- offset += OPAQUE16_LEN;
-
- if (helloSz < offset + len16)
- return BUFFER_ERROR;
-
- while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
- word16 extType;
- word16 extLen;
-
- ato16(clientHello + offset, &extType);
- offset += OPAQUE16_LEN;
-
- ato16(clientHello + offset, &extLen);
- offset += OPAQUE16_LEN;
-
- if (helloSz < offset + extLen)
- return BUFFER_ERROR;
-
- if (extType != SERVER_NAME_INDICATION) {
- offset += extLen; /* skip extension */
- } else {
- word16 listLen;
-
- ato16(clientHello + offset, &listLen);
- offset += OPAQUE16_LEN;
-
- if (helloSz < offset + listLen)
- return BUFFER_ERROR;
-
- while (listLen > ENUM_LEN + OPAQUE16_LEN) {
- byte sniType = clientHello[offset++];
- word16 sniLen;
-
- ato16(clientHello + offset, &sniLen);
- offset += OPAQUE16_LEN;
-
- if (helloSz < offset + sniLen)
- return BUFFER_ERROR;
-
- if (sniType != type) {
- offset += sniLen;
- listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
- continue;
- }
-
- *inOutSz = min(sniLen, *inOutSz);
- XMEMCPY(sni, clientHello + offset, *inOutSz);
-
- return SSL_SUCCESS;
- }
- }
-
- len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
- }
-
- return len16 ? BUFFER_ERROR : 0;
-}
-
-#endif
-
-#define SNI_FREE_ALL TLSX_SNI_FreeAll
-#define SNI_GET_SIZE TLSX_SNI_GetSize
-#define SNI_WRITE TLSX_SNI_Write
-#define SNI_PARSE TLSX_SNI_Parse
-
-#else
-
-#define SNI_FREE_ALL(list)
-#define SNI_GET_SIZE(list) 0
-#define SNI_WRITE(a, b) 0
-#define SNI_PARSE(a, b, c, d) 0
-
-#endif /* HAVE_SNI */
-
-#ifdef HAVE_MAX_FRAGMENT
-
-static word16 TLSX_MFL_Write(byte* data, byte* output)
-{
- output[0] = data[0];
-
- return ENUM_LEN;
-}
-
-static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
- byte isRequest)
-{
- if (length != ENUM_LEN)
- return BUFFER_ERROR;
-
- switch (*input) {
- case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
- case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
- case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
- case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
- case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
-
- default:
- SendAlert(ssl, alert_fatal, illegal_parameter);
-
- return UNKNOWN_MAX_FRAG_LEN_E;
- }
-
-#ifndef NO_WOLFSSL_SERVER
- if (isRequest) {
- int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
-
- if (r != SSL_SUCCESS) return r; /* throw error */
-
- TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH);
- }
-#endif
-
- return 0;
-}
-
-int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
-{
- byte* data = NULL;
- int ret = 0;
-
- if (extensions == NULL)
- return BAD_FUNC_ARG;
-
- if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
- return BAD_FUNC_ARG;
-
- if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL)
- return MEMORY_E;
-
- data[0] = mfl;
-
- /* push new MFL extension. */
- if ((ret = TLSX_Push(extensions, MAX_FRAGMENT_LENGTH, data)) != 0) {
- XFREE(data, 0, DYNAMIC_TYPE_TLSX);
- return ret;
- }
-
- return SSL_SUCCESS;
-}
-
-
-#define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX)
-#define MFL_GET_SIZE(data) ENUM_LEN
-#define MFL_WRITE TLSX_MFL_Write
-#define MFL_PARSE TLSX_MFL_Parse
-
-#else
-
-#define MFL_FREE_ALL(a)
-#define MFL_GET_SIZE(a) 0
-#define MFL_WRITE(a, b) 0
-#define MFL_PARSE(a, b, c, d) 0
-
-#endif /* HAVE_MAX_FRAGMENT */
-
-#ifdef HAVE_TRUNCATED_HMAC
-
-static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
- byte isRequest)
-{
- if (length != 0 || input == NULL)
- return BUFFER_ERROR;
-
-#ifndef NO_WOLFSSL_SERVER
- if (isRequest) {
- int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
-
- if (r != SSL_SUCCESS) return r; /* throw error */
-
- TLSX_SetResponse(ssl, TRUNCATED_HMAC);
- }
-#endif
-
- ssl->truncated_hmac = 1;
-
- return 0;
-}
-
-int TLSX_UseTruncatedHMAC(TLSX** extensions)
-{
- int ret = 0;
-
- if (extensions == NULL)
- return BAD_FUNC_ARG;
-
- if ((ret = TLSX_Push(extensions, TRUNCATED_HMAC, NULL)) != 0)
- return ret;
-
- return SSL_SUCCESS;
-}
-
-#define THM_PARSE TLSX_THM_Parse
-
-#else
-
-#define THM_PARSE(a, b, c, d) 0
-
-#endif /* HAVE_TRUNCATED_HMAC */
-
-#ifdef HAVE_SUPPORTED_CURVES
-
-#ifndef HAVE_ECC
-#error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
- Use --enable-ecc in the configure script or define HAVE_ECC.
-#endif
-
-static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
-{
- EllipticCurve* curve;
-
- while ((curve = list)) {
- list = curve->next;
- XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
- }
-}
-
-static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
-{
- EllipticCurve* curve;
-
- if (list == NULL)
- return BAD_FUNC_ARG;
-
- if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL)
- return MEMORY_E;
-
- curve->name = name;
- curve->next = *list;
-
- *list = curve;
-
- return 0;
-}
-
-#ifndef NO_WOLFSSL_CLIENT
-
-static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
-{
- int i;
-
- for (i = 0; i < ssl->suites->suiteSz; i+= 2)
- if (ssl->suites->suites[i] == ECC_BYTE)
- return;
-
- /* No elliptic curve suite found */
- TURN_ON(semaphore, TLSX_ToSemaphore(ELLIPTIC_CURVES));
-}
-
-static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
-{
- EllipticCurve* curve;
- word16 length = OPAQUE16_LEN; /* list length */
-
- while ((curve = list)) {
- list = curve->next;
- length += OPAQUE16_LEN; /* curve length */
- }
-
- return length;
-}
-
-static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
-static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
-{
- word16 offset = 0;
-
- if (!curve)
- return offset;
-
- offset = TLSX_EllipticCurve_WriteR(curve->next, output);
- c16toa(curve->name, output + offset);
-
- return OPAQUE16_LEN + offset;
-}
-
-static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
-{
- word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
-
- c16toa(length, output); /* writing list length */
-
- return OPAQUE16_LEN + length;
-}
-
-#endif /* NO_WOLFSSL_CLIENT */
-#ifndef NO_WOLFSSL_SERVER
-
-static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
- byte isRequest)
-{
- word16 offset;
- word16 name;
- int r;
-
- (void) isRequest; /* shut up compiler! */
-
- if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
- return BUFFER_ERROR;
-
- ato16(input, &offset);
-
- /* validating curve list length */
- if (length != OPAQUE16_LEN + offset)
- return BUFFER_ERROR;
-
- while (offset) {
- ato16(input + offset, &name);
- offset -= OPAQUE16_LEN;
-
- r = TLSX_UseSupportedCurve(&ssl->extensions, name);
-
- if (r != SSL_SUCCESS) return r; /* throw error */
- }
-
- return 0;
-}
-
-int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
- TLSX* extension = (first == ECC_BYTE)
- ? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES)
- : NULL;
- EllipticCurve* curve = NULL;
- word32 oid = 0;
- word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */
- int sig = 0; /* valitade signature */
- int key = 0; /* validate key */
-
- (void)oid;
- (void)octets;
-
- if (!extension)
- return 1; /* no suite restriction */
-
- for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
-
- switch (curve->name) {
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
- case WOLFSSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
- case WOLFSSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
- case WOLFSSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
-#endif
-#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
- case WOLFSSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
- case WOLFSSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
- case WOLFSSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
-#endif
- default: continue; /* unsupported curve */
- }
-
- switch (second) {
-#ifndef NO_DSA
- /* ECDHE_ECDSA */
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
- sig |= ssl->pkCurveOID == oid;
- key |= ssl->eccTempKeySz == octets;
- break;
-
- /* ECDH_ECDSA */
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
- sig |= ssl->pkCurveOID == oid;
- key |= ssl->pkCurveOID == oid;
- break;
-#endif
-#ifndef NO_RSA
- /* ECDHE_RSA */
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
- sig = 1;
- key |= ssl->eccTempKeySz == octets;
- break;
-
- /* ECDH_RSA */
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_RSA_WITH_RC4_128_SHA:
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
- sig = 1;
- key |= ssl->pkCurveOID == oid;
- break;
-#endif
- default:
- sig = 1;
- key = 1;
- break;
- }
- }
-
- return sig && key;
-}
-
-#endif /* NO_WOLFSSL_SERVER */
-
-int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
-{
- TLSX* extension = TLSX_Find(*extensions, ELLIPTIC_CURVES);
- EllipticCurve* curve = NULL;
- int ret = 0;
-
- if (extensions == NULL)
- return BAD_FUNC_ARG;
-
- if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
- return ret;
-
- if (!extension) {
- if ((ret = TLSX_Push(extensions, ELLIPTIC_CURVES, curve)) != 0) {
- XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
- return ret;
- }
- }
- else {
- /* push new EllipticCurve object to extension data. */
- curve->next = (EllipticCurve*)extension->data;
- extension->data = (void*)curve;
-
- /* look for another curve of the same name to remove (replacement) */
- do {
- if (curve->next && curve->next->name == name) {
- EllipticCurve *next = curve->next;
-
- curve->next = next->next;
- XFREE(next, 0, DYNAMIC_TYPE_TLSX);
-
- break;
- }
- } while ((curve = curve->next));
- }
-
- return SSL_SUCCESS;
-}
-
-#define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
-#define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
-
-#ifndef NO_WOLFSSL_CLIENT
-#define EC_GET_SIZE TLSX_EllipticCurve_GetSize
-#define EC_WRITE TLSX_EllipticCurve_Write
-#else
-#define EC_GET_SIZE(list) 0
-#define EC_WRITE(a, b) 0
-#endif
-
-#ifndef NO_WOLFSSL_SERVER
-#define EC_PARSE TLSX_EllipticCurve_Parse
-#else
-#define EC_PARSE(a, b, c, d) 0
-#endif
-
-#else
-
-#define EC_FREE_ALL(list)
-#define EC_GET_SIZE(list) 0
-#define EC_WRITE(a, b) 0
-#define EC_PARSE(a, b, c, d) 0
-#define EC_VALIDATE_REQUEST(a, b)
-
-#endif /* HAVE_SUPPORTED_CURVES */
-
-#ifdef HAVE_SECURE_RENEGOTIATION
-
-static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
- int isRequest)
-{
- byte length = OPAQUE8_LEN; /* empty info length */
-
- if (data->enabled) {
- /* client sends client_verify_data only */
- length += TLS_FINISHED_SZ;
-
- /* server also sends server_verify_data */
- if (!isRequest)
- length += TLS_FINISHED_SZ;
- }
-
- return length;
-}
-
-static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
- byte* output, int isRequest)
-{
- word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
-
- if (data->enabled) {
- /* client sends client_verify_data only */
- XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
- offset += TLS_FINISHED_SZ;
-
- /* server also sends server_verify_data */
- if (!isRequest) {
- XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
- offset += TLS_FINISHED_SZ;
- }
- }
-
- output[0] = offset - 1; /* info length - self */
-
- return offset;
-}
-
-static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
- word16 length, byte isRequest)
-{
- int ret = SECURE_RENEGOTIATION_E;
-
- if (length >= OPAQUE8_LEN) {
- if (ssl->secure_renegotiation == NULL) {
- #ifndef NO_WOLFSSL_SERVER
- if (isRequest && *input == 0) {
- ret = 0; /* don't reply, user didn't enable */
- }
- #endif
- }
- else if (isRequest) {
- #ifndef NO_WOLFSSL_SERVER
- if (*input == TLS_FINISHED_SZ) {
- /* TODO compare client_verify_data */
- ret = 0;
- }
- #endif
- }
- else {
- #ifndef NO_WOLFSSL_CLIENT
- if (!ssl->secure_renegotiation->enabled) {
- if (*input == 0) {
- ssl->secure_renegotiation->enabled = 1;
- ret = 0;
- }
- }
- else if (*input == 2 * TLS_FINISHED_SZ) {
- /* TODO compare client_verify_data and server_verify_data */
- ret = 0;
- }
- #endif
- }
- }
-
- if (ret != 0) {
- /* TODO: turn on fatal error at ssl level too */
- SendAlert(ssl, alert_fatal, handshake_failure);
- }
-
- return ret;
-}
-
-int TLSX_UseSecureRenegotiation(TLSX** extensions)
-{
- int ret = 0;
- SecureRenegotiation* data = NULL;
-
- data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL,
- DYNAMIC_TYPE_TLSX);
- if (data == NULL)
- return MEMORY_E;
-
- XMEMSET(data, 0, sizeof(SecureRenegotiation));
-
- ret = TLSX_Push(extensions, SECURE_RENEGOTIATION, data);
- if (ret != 0) {
- XFREE(data, 0, DYNAMIC_TYPE_TLSX);
- return ret;
- }
-
- return SSL_SUCCESS;
-}
-
-
-#define SCR_FREE_ALL(data) XFREE(data, NULL, DYNAMIC_TYPE_TLSX)
-#define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize
-#define SCR_WRITE TLSX_SecureRenegotiation_Write
-#define SCR_PARSE TLSX_SecureRenegotiation_Parse
-
-#else
-
-#define SCR_FREE_ALL(a)
-#define SCR_GET_SIZE(a, b) 0
-#define SCR_WRITE(a, b, c) 0
-#define SCR_PARSE(a, b, c, d) 0
-
-#endif /* HAVE_SECURE_RENEGOTIATION */
-
-#ifdef HAVE_SESSION_TICKET
-
-static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
-{
- TLSX* extension = TLSX_Find(ssl->extensions, SESSION_TICKET);
- SessionTicket* ticket = extension ? extension->data : NULL;
-
- if (ticket) {
- /* TODO validate ticket timeout here! */
- if (ticket->lifetime == 0xfffffff) {
- /* send empty ticket on timeout */
- TLSX_UseSessionTicket(&ssl->extensions, NULL);
- }
- }
-}
-
-
-static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
-{
- (void)isRequest;
- return ticket ? ticket->size : 0;
-}
-
-static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
- int isRequest)
-{
- word16 offset = 0; /* empty ticket */
-
- if (isRequest && ticket) {
- XMEMCPY(output + offset, ticket->data, ticket->size);
- offset += ticket->size;
- }
-
- return offset;
-}
-
-
-static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
- byte isRequest)
-{
- int ret = 0;
-
- if (!isRequest) {
- /* client side */
- if (length != 0)
- return BUFFER_ERROR;
-
- ssl->expect_session_ticket = 1;
- }
-#ifndef NO_WOLFSSL_SERVER
- else {
- /* server side */
- if (ssl->ctx->ticketEncCb == NULL) {
- WOLFSSL_MSG("Client sent session ticket, server has no callback");
- return 0;
- }
-
- if (length == 0) {
- /* blank ticket */
- ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
- if (ret == SSL_SUCCESS) {
- ret = 0;
- TLSX_SetResponse(ssl, SESSION_TICKET); /* send blank ticket */
- ssl->options.createTicket = 1; /* will send ticket msg */
- ssl->options.useTicket = 1;
- }
- } else {
- /* got actual ticket from client */
- ret = DoClientTicket(ssl, input, length);
- if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
- WOLFSSL_MSG("Using exisitng client ticket");
- ssl->options.useTicket = 1;
- ssl->options.resuming = 1;
- } else if (ret == WOLFSSL_TICKET_RET_CREATE) {
- WOLFSSL_MSG("Using existing client ticket, creating new one");
- ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
- if (ret == SSL_SUCCESS) {
- ret = 0;
- TLSX_SetResponse(ssl, SESSION_TICKET);
- /* send blank ticket */
- ssl->options.createTicket = 1; /* will send ticket msg */
- ssl->options.useTicket = 1;
- ssl->options.resuming = 1;
- }
- } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
- WOLFSSL_MSG("Process client ticket rejected, not using");
- ret = 0; /* not fatal */
- } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
- WOLFSSL_MSG("Process client ticket fatal error, not using");
- }
- }
- }
-#endif /* NO_WOLFSSL_SERVER */
-
- return ret;
-}
-
-WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
- byte* data, word16 size)
-{
- SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket),
- NULL, DYNAMIC_TYPE_TLSX);
- if (ticket) {
- ticket->data = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TLSX);
- if (ticket->data == NULL) {
- XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX);
- return NULL;
- }
-
- XMEMCPY(ticket->data, data, size);
- ticket->size = size;
- ticket->lifetime = lifetime;
- }
-
- return ticket;
-}
-WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket)
-{
- if (ticket) {
- XFREE(ticket->data, NULL, DYNAMIC_TYPE_TLSX);
- XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX);
- }
-}
-
-int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
-{
- int ret = 0;
-
- if (extensions == NULL)
- return BAD_FUNC_ARG;
-
- /* If the ticket is NULL, the client will request a new ticket from the
- server. Otherwise, the client will use it in the next client hello. */
- if ((ret = TLSX_Push(extensions, SESSION_TICKET, (void*)ticket)) != 0)
- return ret;
-
- return SSL_SUCCESS;
-}
-
-#define STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest
-#define STK_GET_SIZE TLSX_SessionTicket_GetSize
-#define STK_WRITE TLSX_SessionTicket_Write
-#define STK_PARSE TLSX_SessionTicket_Parse
-
-#else
-
-#define STK_VALIDATE_REQUEST(a)
-#define STK_GET_SIZE(a, b) 0
-#define STK_WRITE(a, b, c) 0
-#define STK_PARSE(a, b, c, d) 0
-
-#endif /* HAVE_SESSION_TICKET */
-
-
-TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
-{
- TLSX* extension = list;
-
- while (extension && extension->type != type)
- extension = extension->next;
-
- return extension;
-}
-
-void TLSX_FreeAll(TLSX* list)
-{
- TLSX* extension;
-
- while ((extension = list)) {
- list = extension->next;
-
- switch (extension->type) {
- case SERVER_NAME_INDICATION:
- SNI_FREE_ALL((SNI*)extension->data);
- break;
-
- case MAX_FRAGMENT_LENGTH:
- MFL_FREE_ALL(extension->data);
- break;
-
- case TRUNCATED_HMAC:
- /* Nothing to do. */
- break;
-
- case ELLIPTIC_CURVES:
- EC_FREE_ALL(extension->data);
- break;
-
- case SECURE_RENEGOTIATION:
- SCR_FREE_ALL(extension->data);
- break;
-
- case SESSION_TICKET:
- /* Nothing to do. */
- break;
- }
-
- XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
- }
-}
-
-int TLSX_SupportExtensions(WOLFSSL* ssl) {
- return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
-}
-
-static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
-{
- TLSX* extension;
- word16 length = 0;
-
- while ((extension = list)) {
- list = extension->next;
-
- if (!isRequest && !extension->resp)
- continue; /* skip! */
-
- if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
- continue; /* skip! */
-
- /* type + data length */
- length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
-
- switch (extension->type) {
- case SERVER_NAME_INDICATION:
- if (isRequest)
- length += SNI_GET_SIZE(extension->data);
- break;
- case MAX_FRAGMENT_LENGTH:
- length += MFL_GET_SIZE(extension->data);
- break;
-
- case TRUNCATED_HMAC:
- /* empty extension. */
- break;
-
- case ELLIPTIC_CURVES:
- length += EC_GET_SIZE(extension->data);
- break;
-
- case SECURE_RENEGOTIATION:
- length += SCR_GET_SIZE(extension->data, isRequest);
- break;
-
- case SESSION_TICKET:
- length += STK_GET_SIZE(extension->data, isRequest);
- break;
- }
-
- TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
- }
-
- return length;
-}
-
-static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
- byte isRequest)
-{
- TLSX* extension;
- word16 offset = 0;
- word16 length_offset = 0;
-
- while ((extension = list)) {
- list = extension->next;
-
- if (!isRequest && !extension->resp)
- continue; /* skip! */
-
- if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
- continue; /* skip! */
-
- /* extension type */
- c16toa(extension->type, output + offset);
- offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
- length_offset = offset;
-
- /* extension data should be written internally */
- switch (extension->type) {
- case SERVER_NAME_INDICATION:
- if (isRequest)
- offset += SNI_WRITE(extension->data, output + offset);
- break;
-
- case MAX_FRAGMENT_LENGTH:
- offset += MFL_WRITE(extension->data, output + offset);
- break;
-
- case TRUNCATED_HMAC:
- /* empty extension. */
- break;
-
- case ELLIPTIC_CURVES:
- offset += EC_WRITE(extension->data, output + offset);
- break;
-
- case SECURE_RENEGOTIATION:
- offset += SCR_WRITE(extension->data, output + offset,
- isRequest);
- break;
-
- case SESSION_TICKET:
- offset += STK_WRITE(extension->data, output + offset,
- isRequest);
- break;
- }
-
- /* writing extension data length */
- c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
-
- TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
- }
-
- return offset;
-}
-
-#ifndef NO_WOLFSSL_CLIENT
-
-word16 TLSX_GetRequestSize(WOLFSSL* ssl)
-{
- word16 length = 0;
-
- if (TLSX_SupportExtensions(ssl)) {
- byte semaphore[SEMAPHORE_SIZE] = {0};
-
- EC_VALIDATE_REQUEST(ssl, semaphore);
- STK_VALIDATE_REQUEST(ssl);
-
- if (ssl->extensions)
- length += TLSX_GetSize(ssl->extensions, semaphore, 1);
-
- if (ssl->ctx && ssl->ctx->extensions)
- length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
-
- if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
- length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
- }
-
- if (length)
- length += OPAQUE16_LEN; /* for total length storage */
-
- return length;
-}
-
-word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
-{
- word16 offset = 0;
-
- if (TLSX_SupportExtensions(ssl) && output) {
- byte semaphore[SEMAPHORE_SIZE] = {0};
-
- offset += OPAQUE16_LEN; /* extensions length */
-
- EC_VALIDATE_REQUEST(ssl, semaphore);
-
- if (ssl->extensions)
- offset += TLSX_Write(ssl->extensions, output + offset,
- semaphore, 1);
-
- if (ssl->ctx && ssl->ctx->extensions)
- offset += TLSX_Write(ssl->ctx->extensions, output + offset,
- semaphore, 1);
-
- if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
- {
- int i;
- /* extension type */
- c16toa(HELLO_EXT_SIG_ALGO, output + offset);
- offset += HELLO_EXT_TYPE_SZ;
-
- /* extension data length */
- c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
- offset += OPAQUE16_LEN;
-
- /* sig algos length */
- c16toa(ssl->suites->hashSigAlgoSz, output + offset);
- offset += OPAQUE16_LEN;
-
- /* sig algos */
- for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
- output[offset] = ssl->suites->hashSigAlgo[i];
- }
-
- if (offset > OPAQUE16_LEN)
- c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
- }
-
- return offset;
-}
-
-#endif /* NO_WOLFSSL_CLIENT */
-
-#ifndef NO_WOLFSSL_SERVER
-
-word16 TLSX_GetResponseSize(WOLFSSL* ssl)
-{
- word16 length = 0;
- byte semaphore[SEMAPHORE_SIZE] = {0};
-
- if (TLSX_SupportExtensions(ssl))
- length += TLSX_GetSize(ssl->extensions, semaphore, 0);
-
- /* All the response data is set at the ssl object only, so no ctx here. */
-
- if (length)
- length += OPAQUE16_LEN; /* for total length storage */
-
- return length;
-}
-
-word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
-{
- word16 offset = 0;
-
- if (TLSX_SupportExtensions(ssl) && output) {
- byte semaphore[SEMAPHORE_SIZE] = {0};
-
- offset += OPAQUE16_LEN; /* extensions length */
-
- offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
-
- if (offset > OPAQUE16_LEN)
- c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
- }
-
- return offset;
-}
-
-#endif /* NO_WOLFSSL_SERVER */
-
-int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
- Suites *suites)
-{
- int ret = 0;
- word16 offset = 0;
-
- if (!ssl || !input || (isRequest && !suites))
- return BAD_FUNC_ARG;
-
- while (ret == 0 && offset < length) {
- word16 type;
- word16 size;
-
- if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
- return BUFFER_ERROR;
-
- ato16(input + offset, &type);
- offset += HELLO_EXT_TYPE_SZ;
-
- ato16(input + offset, &size);
- offset += OPAQUE16_LEN;
-
- if (offset + size > length)
- return BUFFER_ERROR;
-
- switch (type) {
- case SERVER_NAME_INDICATION:
- WOLFSSL_MSG("SNI extension received");
-
- ret = SNI_PARSE(ssl, input + offset, size, isRequest);
- break;
-
- case MAX_FRAGMENT_LENGTH:
- WOLFSSL_MSG("Max Fragment Length extension received");
-
- ret = MFL_PARSE(ssl, input + offset, size, isRequest);
- break;
-
- case TRUNCATED_HMAC:
- WOLFSSL_MSG("Truncated HMAC extension received");
-
- ret = THM_PARSE(ssl, input + offset, size, isRequest);
- break;
-
- case ELLIPTIC_CURVES:
- WOLFSSL_MSG("Elliptic Curves extension received");
-
- ret = EC_PARSE(ssl, input + offset, size, isRequest);
- break;
-
- case SECURE_RENEGOTIATION:
- WOLFSSL_MSG("Secure Renegotiation extension received");
-
- ret = SCR_PARSE(ssl, input + offset, size, isRequest);
- break;
-
- case SESSION_TICKET:
- WOLFSSL_MSG("Session Ticket extension received");
-
- ret = STK_PARSE(ssl, input + offset, size, isRequest);
- break;
-
- case HELLO_EXT_SIG_ALGO:
- if (isRequest) {
- /* do not mess with offset inside the switch! */
- if (IsAtLeastTLSv1_2(ssl)) {
- ato16(input + offset, &suites->hashSigAlgoSz);
-
- if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
- return BUFFER_ERROR;
-
- XMEMCPY(suites->hashSigAlgo,
- input + offset + OPAQUE16_LEN,
- min(suites->hashSigAlgoSz,
- HELLO_EXT_SIGALGO_MAX));
- }
- } else {
- WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension.");
- }
-
- break;
- }
-
- /* offset should be updated here! */
- offset += size;
- }
-
- return ret;
-}
-
-/* undefining semaphore macros */
-#undef IS_OFF
-#undef TURN_ON
-#undef SEMAPHORE_SIZE
-
-#endif
-
-
-#ifndef NO_WOLFSSL_CLIENT
-
-#ifndef NO_OLD_TLS
-
- WOLFSSL_METHOD* wolfTLSv1_client_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method)
- InitSSL_Method(method, MakeTLSv1());
- return method;
- }
-
-
- WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method)
- InitSSL_Method(method, MakeTLSv1_1());
- return method;
- }
-
-#endif /* !NO_OLD_TLS */
-
-#ifndef NO_SHA256 /* can't use without SHA256 */
-
- WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method)
- InitSSL_Method(method, MakeTLSv1_2());
- return method;
- }
-
-#endif
-
-
- WOLFSSL_METHOD* wolfSSLv23_client_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method) {
-#ifndef NO_SHA256 /* 1.2 requires SHA256 */
- InitSSL_Method(method, MakeTLSv1_2());
-#else
- InitSSL_Method(method, MakeTLSv1_1());
-#endif
-#ifndef NO_OLD_TLS
- method->downgrade = 1;
-#endif
- }
- return method;
- }
-
-
-#endif /* NO_WOLFSSL_CLIENT */
-
-
-
-#ifndef NO_WOLFSSL_SERVER
-
-#ifndef NO_OLD_TLS
-
- WOLFSSL_METHOD* wolfTLSv1_server_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method) {
- InitSSL_Method(method, MakeTLSv1());
- method->side = WOLFSSL_SERVER_END;
- }
- return method;
- }
-
-
- WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method) {
- InitSSL_Method(method, MakeTLSv1_1());
- method->side = WOLFSSL_SERVER_END;
- }
- return method;
- }
-
-#endif /* !NO_OLD_TLS */
-
-#ifndef NO_SHA256 /* can't use without SHA256 */
-
- WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method) {
- InitSSL_Method(method, MakeTLSv1_2());
- method->side = WOLFSSL_SERVER_END;
- }
- return method;
- }
-
-#endif
-
-
- WOLFSSL_METHOD* wolfSSLv23_server_method(void)
- {
- WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
- if (method) {
-#ifndef NO_SHA256 /* 1.2 requires SHA256 */
- InitSSL_Method(method, MakeTLSv1_2());
-#else
- InitSSL_Method(method, MakeTLSv1_1());
-#endif
- method->side = WOLFSSL_SERVER_END;
-#ifndef NO_OLD_TLS
- method->downgrade = 1;
-#endif /* !NO_OLD_TLS */
- }
- return method;
- }
-
-
-
-#endif /* NO_WOLFSSL_SERVER */
-#endif /* NO_TLS */
-
-
--- a/user_settings.h Tue Jul 21 11:37:09 2015 +0000
+++ b/user_settings.h Thu Apr 28 00:56:55 2016 +0000
@@ -1,5 +1,5 @@
#define MBED
-
+ #define WOLFSSL_CMSIS_RTOS
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define NO_DEV_RANDOM
--- a/wolfcrypt/src/aes.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,3898 +0,0 @@
-/* aes.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_AES
-
-#include <wolfssl/wolfcrypt/aes.h>
-
-#ifdef HAVE_FIPS
-int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
- int dir)
-{
- return AesSetKey_fips(aes, key, len, iv, dir);
-}
-
-
-int wc_AesSetIV(Aes* aes, const byte* iv)
-{
- return AesSetIV_fips(aes, iv);
-}
-
-
-int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-{
- return AesCbcEncrypt_fips(aes, out, in, sz);
-}
-
-
-int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-{
- return AesCbcDecrypt_fips(aes, out, in, sz);
-}
-
-
-int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
- const byte* key, word32 keySz, const byte* iv)
-{
- return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv);
-}
-
-
-/* AES-CTR */
-#ifdef WOLFSSL_AES_COUNTER
-void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-{
- AesCtrEncrypt(aes, out, in, sz);
-}
-#endif
-
-/* AES-DIRECT */
-#if defined(WOLFSSL_AES_DIRECT)
-void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
-{
- AesEncryptDirect(aes, out, in);
-}
-
-
-void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
-{
- AesDecryptDirect(aes, out, in);
-}
-
-
-int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
- const byte* iv, int dir)
-{
- return AesSetKeyDirect(aes, key, len, iv, dir);
-}
-#endif
-
-
-#ifdef HAVE_AESGCM
-int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
-{
- return AesGcmSetKey_fips(aes, key, len);
-}
-
-
-int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
- const byte* iv, word32 ivSz,
- byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- return AesGcmEncrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
- authIn, authInSz);
-}
-
-
-int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
- const byte* iv, word32 ivSz,
- const byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
- authIn, authInSz);
-}
-
-
-int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
-{
- return GmacSetKey(gmac, key, len);
-}
-
-
-int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
- const byte* authIn, word32 authInSz,
- byte* authTag, word32 authTagSz)
-{
- return GmacUpdate(gmac, iv, ivSz, authIn, authInSz,
- authTag, authTagSz);
-}
-
-#endif /* HAVE_AESGCM */
-#ifdef HAVE_AESCCM
-void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
-{
- AesCcmSetKey(aes, key, keySz);
-}
-
-
-void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
- const byte* nonce, word32 nonceSz,
- byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
- authIn, authInSz);
-}
-
-
-int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
- const byte* nonce, word32 nonceSz,
- const byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- return AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
- authIn, authInSz);
-}
-#endif /* HAVE_AESCCM */
-
-#ifdef HAVE_CAVIUM
-int wc_AesInitCavium(Aes* aes, int i)
-{
- return AesInitCavium(aes, i);
-}
-
-
-void wc_AesFreeCavium(Aes* aes)
-{
- AesFreeCavium(aes);
-}
-#endif
-#else /* HAVE_FIPS */
-
-#ifdef WOLFSSL_TI_CRYPT
-#include <wolfcrypt/src/port/ti/ti-aes.c>
-#else
-
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-#ifdef DEBUG_AESNI
- #include <stdio.h>
-#endif
-
-
-#ifdef _MSC_VER
- /* 4127 warning constant while(1) */
- #pragma warning(disable: 4127)
-#endif
-
-
-#if defined(STM32F2_CRYPTO)
- /* STM32F2 hardware AES support for CBC, CTR modes through the STM32F2
- * Standard Peripheral Library. Documentation located in STM32F2xx
- * Standard Peripheral Library document (See note in README).
- * NOTE: no support for AES-GCM/CCM/Direct */
- #include "stm32f2xx.h"
- #include "stm32f2xx_cryp.h"
-#elif defined(HAVE_COLDFIRE_SEC)
- /* Freescale Coldfire SEC support for CBC mode.
- * NOTE: no support for AES-CTR/GCM/CCM/Direct */
- #include <wolfssl/wolfcrypt/types.h>
- #include "sec.h"
- #include "mcf5475_sec.h"
- #include "mcf5475_siu.h"
-#elif defined(FREESCALE_MMCAU)
- /* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes
- * through the CAU/mmCAU library. Documentation located in
- * ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User
- * Guide (See note in README).
- * NOTE: no support for AES-CTR */
- #include "cau_api.h"
-#elif defined(WOLFSSL_PIC32MZ_CRYPT)
- /* NOTE: no support for AES-CCM/Direct */
- #define DEBUG_WOLFSSL
- #include "wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h"
-#elif defined(HAVE_CAVIUM)
- #include <wolfssl/wolfcrypt/logging.h>
- #include "cavium_common.h"
-
- /* still leave SW crypto available */
- #define NEED_AES_TABLES
-
- static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
- const byte* iv);
- static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
- word32 length);
- static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
- word32 length);
-#else
- /* using CTaoCrypt software AES implementation */
- #define NEED_AES_TABLES
-#endif /* STM32F2_CRYPTO */
-
-
-#ifdef NEED_AES_TABLES
-
-static const word32 rcon[] = {
- 0x01000000, 0x02000000, 0x04000000, 0x08000000,
- 0x10000000, 0x20000000, 0x40000000, 0x80000000,
- 0x1B000000, 0x36000000,
- /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-static const word32 Te[5][256] = {
-{
- 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
- 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
- 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
- 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
- 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
- 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
- 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
- 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
- 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
- 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
- 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
- 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
- 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
- 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
- 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
- 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
- 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
- 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
- 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
- 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
- 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
- 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
- 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
- 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
- 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
- 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
- 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
- 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
- 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
- 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
- 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
- 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
- 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
- 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
- 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
- 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
- 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
- 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
- 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
- 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
- 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
- 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
- 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
- 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
- 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
- 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
- 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
- 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
- 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
- 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
- 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
- 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
- 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
- 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
- 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
- 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
- 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
- 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
- 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
- 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
- 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
- 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
- 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
- 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
-},
-{
- 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
- 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
- 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
- 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
- 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
- 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
- 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
- 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
- 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
- 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
- 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
- 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
- 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
- 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
- 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
- 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
- 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
- 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
- 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
- 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
- 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
- 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
- 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
- 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
- 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
- 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
- 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
- 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
- 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
- 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
- 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
- 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
- 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
- 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
- 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
- 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
- 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
- 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
- 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
- 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
- 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
- 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
- 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
- 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
- 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
- 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
- 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
- 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
- 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
- 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
- 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
- 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
- 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
- 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
- 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
- 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
- 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
- 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
- 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
- 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
- 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
- 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
- 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
- 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
-},
-{
- 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
- 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
- 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
- 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
- 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
- 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
- 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
- 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
- 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
- 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
- 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
- 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
- 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
- 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
- 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
- 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
- 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
- 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
- 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
- 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
- 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
- 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
- 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
- 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
- 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
- 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
- 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
- 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
- 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
- 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
- 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
- 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
- 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
- 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
- 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
- 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
- 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
- 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
- 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
- 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
- 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
- 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
- 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
- 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
- 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
- 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
- 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
- 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
- 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
- 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
- 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
- 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
- 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
- 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
- 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
- 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
- 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
- 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
- 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
- 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
- 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
- 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
- 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
- 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
-},
-{
- 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
- 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
- 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
- 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
- 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
- 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
- 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
- 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
- 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
- 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
- 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
- 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
- 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
- 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
- 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
- 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
- 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
- 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
- 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
- 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
- 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
- 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
- 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
- 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
- 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
- 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
- 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
- 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
- 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
- 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
- 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
- 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
- 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
- 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
- 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
- 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
- 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
- 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
- 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
- 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
- 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
- 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
- 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
- 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
- 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
- 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
- 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
- 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
- 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
- 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
- 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
- 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
- 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
- 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
- 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
- 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
- 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
- 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
- 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
- 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
- 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
- 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
- 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
- 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
-},
-{
- 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
- 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
- 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
- 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
- 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
- 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
- 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
- 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
- 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
- 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
- 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
- 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
- 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
- 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
- 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
- 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
- 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
- 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
- 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
- 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
- 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
- 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
- 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
- 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
- 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
- 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
- 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
- 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
- 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
- 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
- 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
- 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
- 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
- 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
- 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
- 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
- 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
- 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
- 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
- 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
- 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
- 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
- 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
- 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
- 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
- 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
- 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
- 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
- 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
- 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
- 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
- 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
- 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
- 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
- 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
- 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
- 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
- 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
- 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
- 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
- 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
- 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
- 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
- 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
-}
-};
-
-static const word32 Td[5][256] = {
-{
- 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
- 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
- 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
- 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
- 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
- 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
- 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
- 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
- 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
- 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
- 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
- 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
- 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
- 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
- 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
- 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
- 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
- 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
- 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
- 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
- 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
- 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
- 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
- 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
- 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
- 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
- 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
- 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
- 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
- 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
- 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
- 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
- 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
- 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
- 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
- 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
- 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
- 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
- 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
- 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
- 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
- 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
- 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
- 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
- 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
- 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
- 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
- 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
- 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
- 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
- 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
- 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
- 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
- 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
- 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
- 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
- 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
- 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
- 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
- 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
- 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
- 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
- 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
- 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
-},
-{
- 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
- 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
- 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
- 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
- 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
- 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
- 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
- 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
- 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
- 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
- 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
- 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
- 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
- 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
- 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
- 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
- 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
- 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
- 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
- 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
- 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
- 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
- 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
- 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
- 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
- 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
- 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
- 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
- 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
- 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
- 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
- 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
- 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
- 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
- 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
- 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
- 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
- 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
- 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
- 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
- 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
- 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
- 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
- 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
- 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
- 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
- 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
- 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
- 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
- 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
- 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
- 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
- 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
- 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
- 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
- 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
- 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
- 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
- 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
- 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
- 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
- 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
- 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
- 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
-},
-{
- 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
- 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
- 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
- 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
- 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
- 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
- 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
- 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
- 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
- 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
- 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
- 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
- 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
- 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
- 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
- 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
- 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
- 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
- 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
- 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
-
- 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
- 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
- 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
- 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
- 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
- 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
- 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
- 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
- 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
- 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
- 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
- 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
- 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
- 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
- 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
- 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
- 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
- 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
- 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
- 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
- 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
- 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
- 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
- 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
- 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
- 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
- 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
- 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
- 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
- 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
- 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
- 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
- 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
- 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
- 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
- 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
- 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
- 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
- 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
- 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
- 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
- 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
- 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
- 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
-},
-{
- 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
- 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
- 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
- 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
- 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
- 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
- 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
- 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
- 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
- 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
- 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
- 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
- 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
- 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
- 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
- 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
- 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
- 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
- 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
- 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
- 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
- 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
- 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
- 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
- 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
- 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
- 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
- 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
- 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
- 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
- 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
- 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
- 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
- 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
- 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
- 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
- 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
- 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
- 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
- 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
- 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
- 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
- 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
- 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
- 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
- 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
- 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
- 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
- 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
- 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
- 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
- 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
- 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
- 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
- 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
- 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
- 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
- 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
- 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
- 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
- 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
- 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
- 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
- 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
-},
-{
- 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
- 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
- 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
- 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
- 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
- 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
- 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
- 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
- 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
- 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
- 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
- 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
- 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
- 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
- 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
- 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
- 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
- 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
- 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
- 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
- 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
- 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
- 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
- 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
- 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
- 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
- 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
- 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
- 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
- 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
- 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
- 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
- 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
- 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
- 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
- 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
- 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
- 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
- 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
- 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
- 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
- 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
- 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
- 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
- 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
- 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
- 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
- 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
- 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
- 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
- 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
- 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
- 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
- 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
- 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
- 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
- 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
- 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
- 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
- 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
- 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
- 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
- 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
- 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
-}
-};
-
-#define GETBYTE(x, y) (word32)((byte)((x) >> (8 * (y))))
-
-#ifdef WOLFSSL_AESNI
-
-/* Each platform needs to query info type 1 from cpuid to see if aesni is
- * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
- */
-
-#ifndef _MSC_VER
-
- #define cpuid(reg, func)\
- __asm__ __volatile__ ("cpuid":\
- "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
- "a" (func));
-
- #define XASM_LINK(f) asm(f)
-#else
-
- #include <intrin.h>
- #define cpuid(a,b) __cpuid((int*)a,b)
-
- #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-
-static int Check_CPU_support_AES(void)
-{
- unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */
- cpuid(reg, 1); /* query info 1 */
-
- if (reg[2] & 0x2000000)
- return 1;
-
- return 0;
-}
-
-static int checkAESNI = 0;
-static int haveAESNI = 0;
-
-
-/* tell C compiler these are asm functions in case any mix up of ABI underscore
- prefix between clang/gcc/llvm etc */
-void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
- unsigned char* ivec, unsigned long length,
- const unsigned char* KS, int nr)
- XASM_LINK("AES_CBC_encrypt");
-
-
-void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
- unsigned char* ivec, unsigned long length,
- const unsigned char* KS, int nr)
- XASM_LINK("AES_CBC_decrypt");
-
-void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
- unsigned long length, const unsigned char* KS, int nr)
- XASM_LINK("AES_ECB_encrypt");
-
-
-void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
- unsigned long length, const unsigned char* KS, int nr)
- XASM_LINK("AES_ECB_decrypt");
-
-void AES_128_Key_Expansion(const unsigned char* userkey,
- unsigned char* key_schedule)
- XASM_LINK("AES_128_Key_Expansion");
-
-void AES_192_Key_Expansion(const unsigned char* userkey,
- unsigned char* key_schedule)
- XASM_LINK("AES_192_Key_Expansion");
-
-void AES_256_Key_Expansion(const unsigned char* userkey,
- unsigned char* key_schedule)
- XASM_LINK("AES_256_Key_Expansion");
-
-
-static int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
- Aes* aes)
-{
- if (!userKey || !aes)
- return BAD_FUNC_ARG;
-
- if (bits == 128) {
- AES_128_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 10;
- return 0;
- }
- else if (bits == 192) {
- AES_192_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 12;
- return 0;
- }
- else if (bits == 256) {
- AES_256_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 14;
- return 0;
- }
- return BAD_FUNC_ARG;
-}
-
-
-static int AES_set_decrypt_key(const unsigned char* userKey, const int bits,
- Aes* aes)
-{
- int nr;
- Aes temp_key;
- __m128i *Key_Schedule = (__m128i*)aes->key;
- __m128i *Temp_Key_Schedule = (__m128i*)temp_key.key;
-
- if (!userKey || !aes)
- return BAD_FUNC_ARG;
-
- if (AES_set_encrypt_key(userKey,bits,&temp_key) == BAD_FUNC_ARG)
- return BAD_FUNC_ARG;
-
- nr = temp_key.rounds;
- aes->rounds = nr;
-
- Key_Schedule[nr] = Temp_Key_Schedule[0];
- Key_Schedule[nr-1] = _mm_aesimc_si128(Temp_Key_Schedule[1]);
- Key_Schedule[nr-2] = _mm_aesimc_si128(Temp_Key_Schedule[2]);
- Key_Schedule[nr-3] = _mm_aesimc_si128(Temp_Key_Schedule[3]);
- Key_Schedule[nr-4] = _mm_aesimc_si128(Temp_Key_Schedule[4]);
- Key_Schedule[nr-5] = _mm_aesimc_si128(Temp_Key_Schedule[5]);
- Key_Schedule[nr-6] = _mm_aesimc_si128(Temp_Key_Schedule[6]);
- Key_Schedule[nr-7] = _mm_aesimc_si128(Temp_Key_Schedule[7]);
- Key_Schedule[nr-8] = _mm_aesimc_si128(Temp_Key_Schedule[8]);
- Key_Schedule[nr-9] = _mm_aesimc_si128(Temp_Key_Schedule[9]);
-
- if(nr>10) {
- Key_Schedule[nr-10] = _mm_aesimc_si128(Temp_Key_Schedule[10]);
- Key_Schedule[nr-11] = _mm_aesimc_si128(Temp_Key_Schedule[11]);
- }
-
- if(nr>12) {
- Key_Schedule[nr-12] = _mm_aesimc_si128(Temp_Key_Schedule[12]);
- Key_Schedule[nr-13] = _mm_aesimc_si128(Temp_Key_Schedule[13]);
- }
-
- Key_Schedule[0] = Temp_Key_Schedule[nr];
-
- return 0;
-}
-
-
-
-#endif /* WOLFSSL_AESNI */
-
-
-static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
-{
- word32 s0, s1, s2, s3;
- word32 t0, t1, t2, t3;
- word32 r = aes->rounds >> 1;
-
- const word32* rk = aes->key;
- if (r > 7 || r == 0) {
- WOLFSSL_MSG("AesEncrypt encountered improper key, set it up");
- return; /* stop instead of segfaulting, set up your keys! */
- }
-#ifdef WOLFSSL_AESNI
- if (haveAESNI && aes->use_aesni) {
- #ifdef DEBUG_AESNI
- printf("about to aes encrypt\n");
- printf("in = %p\n", inBlock);
- printf("out = %p\n", outBlock);
- printf("aes->key = %p\n", aes->key);
- printf("aes->rounds = %d\n", aes->rounds);
- printf("sz = %d\n", AES_BLOCK_SIZE);
- #endif
-
- /* check alignment, decrypt doesn't need alignment */
- if ((wolfssl_word)inBlock % 16) {
- #ifndef NO_WOLFSSL_ALLOC_ALIGN
- byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) return;
-
- XMEMCPY(tmp, inBlock, AES_BLOCK_SIZE);
- AES_ECB_encrypt(tmp, tmp, AES_BLOCK_SIZE, (byte*)aes->key,
- aes->rounds);
- XMEMCPY(outBlock, tmp, AES_BLOCK_SIZE);
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return;
- #else
- WOLFSSL_MSG("AES-ECB encrypt with bad alignment");
- return;
- #endif
- }
-
- AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
- aes->rounds);
-
- return;
- }
- else {
- #ifdef DEBUG_AESNI
- printf("Skipping AES-NI\n");
- #endif
- }
-#endif
-
- /*
- * map byte array block to cipher state
- * and add initial round key:
- */
- XMEMCPY(&s0, inBlock, sizeof(s0));
- XMEMCPY(&s1, inBlock + sizeof(s0), sizeof(s1));
- XMEMCPY(&s2, inBlock + 2 * sizeof(s0), sizeof(s2));
- XMEMCPY(&s3, inBlock + 3 * sizeof(s0), sizeof(s3));
-
- #ifdef LITTLE_ENDIAN_ORDER
- s0 = ByteReverseWord32(s0);
- s1 = ByteReverseWord32(s1);
- s2 = ByteReverseWord32(s2);
- s3 = ByteReverseWord32(s3);
- #endif
-
- s0 ^= rk[0];
- s1 ^= rk[1];
- s2 ^= rk[2];
- s3 ^= rk[3];
-
- /*
- * Nr - 1 full rounds:
- */
-
- for (;;) {
- t0 =
- Te[0][GETBYTE(s0, 3)] ^
- Te[1][GETBYTE(s1, 2)] ^
- Te[2][GETBYTE(s2, 1)] ^
- Te[3][GETBYTE(s3, 0)] ^
- rk[4];
- t1 =
- Te[0][GETBYTE(s1, 3)] ^
- Te[1][GETBYTE(s2, 2)] ^
- Te[2][GETBYTE(s3, 1)] ^
- Te[3][GETBYTE(s0, 0)] ^
- rk[5];
- t2 =
- Te[0][GETBYTE(s2, 3)] ^
- Te[1][GETBYTE(s3, 2)] ^
- Te[2][GETBYTE(s0, 1)] ^
- Te[3][GETBYTE(s1, 0)] ^
- rk[6];
- t3 =
- Te[0][GETBYTE(s3, 3)] ^
- Te[1][GETBYTE(s0, 2)] ^
- Te[2][GETBYTE(s1, 1)] ^
- Te[3][GETBYTE(s2, 0)] ^
- rk[7];
-
- rk += 8;
- if (--r == 0) {
- break;
- }
-
- s0 =
- Te[0][GETBYTE(t0, 3)] ^
- Te[1][GETBYTE(t1, 2)] ^
- Te[2][GETBYTE(t2, 1)] ^
- Te[3][GETBYTE(t3, 0)] ^
- rk[0];
- s1 =
- Te[0][GETBYTE(t1, 3)] ^
- Te[1][GETBYTE(t2, 2)] ^
- Te[2][GETBYTE(t3, 1)] ^
- Te[3][GETBYTE(t0, 0)] ^
- rk[1];
- s2 =
- Te[0][GETBYTE(t2, 3)] ^
- Te[1][GETBYTE(t3, 2)] ^
- Te[2][GETBYTE(t0, 1)] ^
- Te[3][GETBYTE(t1, 0)] ^
- rk[2];
- s3 =
- Te[0][GETBYTE(t3, 3)] ^
- Te[1][GETBYTE(t0, 2)] ^
- Te[2][GETBYTE(t1, 1)] ^
- Te[3][GETBYTE(t2, 0)] ^
- rk[3];
- }
-
- /*
- * apply last round and
- * map cipher state to byte array block:
- */
-
- s0 =
- (Te[4][GETBYTE(t0, 3)] & 0xff000000) ^
- (Te[4][GETBYTE(t1, 2)] & 0x00ff0000) ^
- (Te[4][GETBYTE(t2, 1)] & 0x0000ff00) ^
- (Te[4][GETBYTE(t3, 0)] & 0x000000ff) ^
- rk[0];
- s1 =
- (Te[4][GETBYTE(t1, 3)] & 0xff000000) ^
- (Te[4][GETBYTE(t2, 2)] & 0x00ff0000) ^
- (Te[4][GETBYTE(t3, 1)] & 0x0000ff00) ^
- (Te[4][GETBYTE(t0, 0)] & 0x000000ff) ^
- rk[1];
- s2 =
- (Te[4][GETBYTE(t2, 3)] & 0xff000000) ^
- (Te[4][GETBYTE(t3, 2)] & 0x00ff0000) ^
- (Te[4][GETBYTE(t0, 1)] & 0x0000ff00) ^
- (Te[4][GETBYTE(t1, 0)] & 0x000000ff) ^
- rk[2];
- s3 =
- (Te[4][GETBYTE(t3, 3)] & 0xff000000) ^
- (Te[4][GETBYTE(t0, 2)] & 0x00ff0000) ^
- (Te[4][GETBYTE(t1, 1)] & 0x0000ff00) ^
- (Te[4][GETBYTE(t2, 0)] & 0x000000ff) ^
- rk[3];
-
- /* write out */
- #ifdef LITTLE_ENDIAN_ORDER
- s0 = ByteReverseWord32(s0);
- s1 = ByteReverseWord32(s1);
- s2 = ByteReverseWord32(s2);
- s3 = ByteReverseWord32(s3);
- #endif
-
- XMEMCPY(outBlock, &s0, sizeof(s0));
- XMEMCPY(outBlock + sizeof(s0), &s1, sizeof(s1));
- XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
- XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
-}
-
-static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
-{
- word32 s0, s1, s2, s3;
- word32 t0, t1, t2, t3;
- word32 r = aes->rounds >> 1;
-
- const word32* rk = aes->key;
- if (r > 7 || r == 0) {
- WOLFSSL_MSG("AesDecrypt encountered improper key, set it up");
- return; /* stop instead of segfaulting, set up your keys! */
- }
-#ifdef WOLFSSL_AESNI
- if (haveAESNI && aes->use_aesni) {
- #ifdef DEBUG_AESNI
- printf("about to aes decrypt\n");
- printf("in = %p\n", inBlock);
- printf("out = %p\n", outBlock);
- printf("aes->key = %p\n", aes->key);
- printf("aes->rounds = %d\n", aes->rounds);
- printf("sz = %d\n", AES_BLOCK_SIZE);
- #endif
-
- /* if input and output same will overwrite input iv */
- XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE);
- AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
- aes->rounds);
- return;
- }
- else {
- #ifdef DEBUG_AESNI
- printf("Skipping AES-NI\n");
- #endif
- }
-#endif
-
- /*
- * map byte array block to cipher state
- * and add initial round key:
- */
- XMEMCPY(&s0, inBlock, sizeof(s0));
- XMEMCPY(&s1, inBlock + sizeof(s0), sizeof(s1));
- XMEMCPY(&s2, inBlock + 2 * sizeof(s0), sizeof(s2));
- XMEMCPY(&s3, inBlock + 3 * sizeof(s0), sizeof(s3));
-
- #ifdef LITTLE_ENDIAN_ORDER
- s0 = ByteReverseWord32(s0);
- s1 = ByteReverseWord32(s1);
- s2 = ByteReverseWord32(s2);
- s3 = ByteReverseWord32(s3);
- #endif
-
- s0 ^= rk[0];
- s1 ^= rk[1];
- s2 ^= rk[2];
- s3 ^= rk[3];
-
- /*
- * Nr - 1 full rounds:
- */
-
- for (;;) {
- t0 =
- Td[0][GETBYTE(s0, 3)] ^
- Td[1][GETBYTE(s3, 2)] ^
- Td[2][GETBYTE(s2, 1)] ^
- Td[3][GETBYTE(s1, 0)] ^
- rk[4];
- t1 =
- Td[0][GETBYTE(s1, 3)] ^
- Td[1][GETBYTE(s0, 2)] ^
- Td[2][GETBYTE(s3, 1)] ^
- Td[3][GETBYTE(s2, 0)] ^
- rk[5];
- t2 =
- Td[0][GETBYTE(s2, 3)] ^
- Td[1][GETBYTE(s1, 2)] ^
- Td[2][GETBYTE(s0, 1)] ^
- Td[3][GETBYTE(s3, 0)] ^
- rk[6];
- t3 =
- Td[0][GETBYTE(s3, 3)] ^
- Td[1][GETBYTE(s2, 2)] ^
- Td[2][GETBYTE(s1, 1)] ^
- Td[3][GETBYTE(s0, 0)] ^
- rk[7];
-
- rk += 8;
- if (--r == 0) {
- break;
- }
-
- s0 =
- Td[0][GETBYTE(t0, 3)] ^
- Td[1][GETBYTE(t3, 2)] ^
- Td[2][GETBYTE(t2, 1)] ^
- Td[3][GETBYTE(t1, 0)] ^
- rk[0];
- s1 =
- Td[0][GETBYTE(t1, 3)] ^
- Td[1][GETBYTE(t0, 2)] ^
- Td[2][GETBYTE(t3, 1)] ^
- Td[3][GETBYTE(t2, 0)] ^
- rk[1];
- s2 =
- Td[0][GETBYTE(t2, 3)] ^
- Td[1][GETBYTE(t1, 2)] ^
- Td[2][GETBYTE(t0, 1)] ^
- Td[3][GETBYTE(t3, 0)] ^
- rk[2];
- s3 =
- Td[0][GETBYTE(t3, 3)] ^
- Td[1][GETBYTE(t2, 2)] ^
- Td[2][GETBYTE(t1, 1)] ^
- Td[3][GETBYTE(t0, 0)] ^
- rk[3];
- }
- /*
- * apply last round and
- * map cipher state to byte array block:
- */
- s0 =
- (Td[4][GETBYTE(t0, 3)] & 0xff000000) ^
- (Td[4][GETBYTE(t3, 2)] & 0x00ff0000) ^
- (Td[4][GETBYTE(t2, 1)] & 0x0000ff00) ^
- (Td[4][GETBYTE(t1, 0)] & 0x000000ff) ^
- rk[0];
- s1 =
- (Td[4][GETBYTE(t1, 3)] & 0xff000000) ^
- (Td[4][GETBYTE(t0, 2)] & 0x00ff0000) ^
- (Td[4][GETBYTE(t3, 1)] & 0x0000ff00) ^
- (Td[4][GETBYTE(t2, 0)] & 0x000000ff) ^
- rk[1];
- s2 =
- (Td[4][GETBYTE(t2, 3)] & 0xff000000) ^
- (Td[4][GETBYTE(t1, 2)] & 0x00ff0000) ^
- (Td[4][GETBYTE(t0, 1)] & 0x0000ff00) ^
- (Td[4][GETBYTE(t3, 0)] & 0x000000ff) ^
- rk[2];
- s3 =
- (Td[4][GETBYTE(t3, 3)] & 0xff000000) ^
- (Td[4][GETBYTE(t2, 2)] & 0x00ff0000) ^
- (Td[4][GETBYTE(t1, 1)] & 0x0000ff00) ^
- (Td[4][GETBYTE(t0, 0)] & 0x000000ff) ^
- rk[3];
-
- /* write out */
- #ifdef LITTLE_ENDIAN_ORDER
- s0 = ByteReverseWord32(s0);
- s1 = ByteReverseWord32(s1);
- s2 = ByteReverseWord32(s2);
- s3 = ByteReverseWord32(s3);
- #endif
-
- XMEMCPY(outBlock, &s0, sizeof(s0));
- XMEMCPY(outBlock + sizeof(s0), &s1, sizeof(s1));
- XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
- XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
-}
-
-#endif /* NEED_AES_TABLES */
-
-
-/* wc_AesSetKey */
-#ifdef STM32F2_CRYPTO
- int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
- int dir)
- {
- word32 *rk = aes->key;
-
- if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
- return BAD_FUNC_ARG;
-
- aes->rounds = keylen/4 + 6;
- XMEMCPY(rk, userKey, keylen);
- ByteReverseWords(rk, rk, keylen);
-
- return wc_AesSetIV(aes, iv);
- }
-
- int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
- const byte* iv, int dir)
- {
- return wc_AesSetKey(aes, userKey, keylen, iv, dir);
- }
-
-#elif defined(HAVE_COLDFIRE_SEC)
- #if defined (HAVE_THREADX)
- #include "memory_pools.h"
- extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */
- #endif
-
- #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64)
- static unsigned char *AESBuffIn = NULL;
- static unsigned char *AESBuffOut = NULL;
- static byte *secReg;
- static byte *secKey;
- static volatile SECdescriptorType *secDesc;
-
- static wolfSSL_Mutex Mutex_AesSEC;
-
- #define SEC_DESC_AES_CBC_ENCRYPT 0x60300010
- #define SEC_DESC_AES_CBC_DECRYPT 0x60200010
-
- extern volatile unsigned char __MBAR[];
-
- int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
- int dir)
- {
- if (AESBuffIn == NULL) {
- #if defined (HAVE_THREADX)
- int s1, s2, s3, s4, s5 ;
- s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc,
- sizeof(SECdescriptorType), TX_NO_WAIT);
- s1 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffIn,
- AES_BUFFER_SIZE, TX_NO_WAIT);
- s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut,
- AES_BUFFER_SIZE, TX_NO_WAIT);
- s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey,
- AES_BLOCK_SIZE*2, TX_NO_WAIT);
- s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg,
- AES_BLOCK_SIZE, TX_NO_WAIT);
-
- if(s1 || s2 || s3 || s4 || s5)
- return BAD_FUNC_ARG;
- #else
- #warning "Allocate non-Cache buffers"
- #endif
-
- InitMutex(&Mutex_AesSEC);
- }
-
- if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
- return BAD_FUNC_ARG;
-
- if (aes == NULL)
- return BAD_FUNC_ARG;
-
- aes->rounds = keylen/4 + 6;
- XMEMCPY(aes->key, userKey, keylen);
-
- if (iv)
- XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
-
- return 0;
- }
-#elif defined(FREESCALE_MMCAU)
- int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
- int dir)
- {
- byte *rk = (byte*)aes->key;
-
- if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
- return BAD_FUNC_ARG;
-
- if (rk == NULL)
- return BAD_FUNC_ARG;
-
- aes->rounds = keylen/4 + 6;
- cau_aes_set_key(userKey, keylen*8, rk);
-
- return wc_AesSetIV(aes, iv);
- }
-
- int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
- const byte* iv, int dir)
- {
- return wc_AesSetKey(aes, userKey, keylen, iv, dir);
- }
-#else
- static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
- const byte* iv, int dir)
- {
- word32 temp, *rk = aes->key;
- unsigned int i = 0;
-
- #ifdef WOLFSSL_AESNI
- aes->use_aesni = 0;
- #endif /* WOLFSSL_AESNI */
- #ifdef WOLFSSL_AES_COUNTER
- aes->left = 0;
- #endif /* WOLFSSL_AES_COUNTER */
-
- aes->rounds = keylen/4 + 6;
-
- XMEMCPY(rk, userKey, keylen);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(rk, rk, keylen);
- #endif
-
- #ifdef WOLFSSL_PIC32MZ_CRYPT
- {
- word32 *akey1 = aes->key_ce;
- word32 *areg = aes->iv_ce ;
- aes->keylen = keylen ;
- XMEMCPY(akey1, userKey, keylen);
- if (iv)
- XMEMCPY(areg, iv, AES_BLOCK_SIZE);
- else
- XMEMSET(areg, 0, AES_BLOCK_SIZE);
- }
- #endif
-
- switch(keylen)
- {
- case 16:
- while (1)
- {
- temp = rk[3];
- rk[4] = rk[0] ^
- (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^
- (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^
- (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^
- (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^
- rcon[i];
- rk[5] = rk[1] ^ rk[4];
- rk[6] = rk[2] ^ rk[5];
- rk[7] = rk[3] ^ rk[6];
- if (++i == 10)
- break;
- rk += 4;
- }
- break;
-
- case 24:
- /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */
- while (1)
- {
- temp = rk[ 5];
- rk[ 6] = rk[ 0] ^
- (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^
- (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^
- (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^
- (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^
- rcon[i];
- rk[ 7] = rk[ 1] ^ rk[ 6];
- rk[ 8] = rk[ 2] ^ rk[ 7];
- rk[ 9] = rk[ 3] ^ rk[ 8];
- if (++i == 8)
- break;
- rk[10] = rk[ 4] ^ rk[ 9];
- rk[11] = rk[ 5] ^ rk[10];
- rk += 6;
- }
- break;
-
- case 32:
- while (1)
- {
- temp = rk[ 7];
- rk[ 8] = rk[ 0] ^
- (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^
- (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^
- (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^
- (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^
- rcon[i];
- rk[ 9] = rk[ 1] ^ rk[ 8];
- rk[10] = rk[ 2] ^ rk[ 9];
- rk[11] = rk[ 3] ^ rk[10];
- if (++i == 7)
- break;
- temp = rk[11];
- rk[12] = rk[ 4] ^
- (Te[4][GETBYTE(temp, 3)] & 0xff000000) ^
- (Te[4][GETBYTE(temp, 2)] & 0x00ff0000) ^
- (Te[4][GETBYTE(temp, 1)] & 0x0000ff00) ^
- (Te[4][GETBYTE(temp, 0)] & 0x000000ff);
- rk[13] = rk[ 5] ^ rk[12];
- rk[14] = rk[ 6] ^ rk[13];
- rk[15] = rk[ 7] ^ rk[14];
-
- rk += 8;
- }
- break;
-
- default:
- return BAD_FUNC_ARG;
- }
-
- if (dir == AES_DECRYPTION)
- {
- unsigned int j;
- rk = aes->key;
-
- /* invert the order of the round keys: */
- for (i = 0, j = 4* aes->rounds; i < j; i += 4, j -= 4) {
- temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
- temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
- temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
- temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
- }
- /* apply the inverse MixColumn transform to all round keys but the
- first and the last: */
- for (i = 1; i < aes->rounds; i++) {
- rk += 4;
- rk[0] =
- Td[0][Te[4][GETBYTE(rk[0], 3)] & 0xff] ^
- Td[1][Te[4][GETBYTE(rk[0], 2)] & 0xff] ^
- Td[2][Te[4][GETBYTE(rk[0], 1)] & 0xff] ^
- Td[3][Te[4][GETBYTE(rk[0], 0)] & 0xff];
- rk[1] =
- Td[0][Te[4][GETBYTE(rk[1], 3)] & 0xff] ^
- Td[1][Te[4][GETBYTE(rk[1], 2)] & 0xff] ^
- Td[2][Te[4][GETBYTE(rk[1], 1)] & 0xff] ^
- Td[3][Te[4][GETBYTE(rk[1], 0)] & 0xff];
- rk[2] =
- Td[0][Te[4][GETBYTE(rk[2], 3)] & 0xff] ^
- Td[1][Te[4][GETBYTE(rk[2], 2)] & 0xff] ^
- Td[2][Te[4][GETBYTE(rk[2], 1)] & 0xff] ^
- Td[3][Te[4][GETBYTE(rk[2], 0)] & 0xff];
- rk[3] =
- Td[0][Te[4][GETBYTE(rk[3], 3)] & 0xff] ^
- Td[1][Te[4][GETBYTE(rk[3], 2)] & 0xff] ^
- Td[2][Te[4][GETBYTE(rk[3], 1)] & 0xff] ^
- Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff];
- }
- }
-
- return wc_AesSetIV(aes, iv);
- }
-
- int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
- int dir)
- {
-
- if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
- return BAD_FUNC_ARG;
-
- #ifdef HAVE_CAVIUM
- if (aes->magic == WOLFSSL_AES_CAVIUM_MAGIC)
- return wc_AesCaviumSetKey(aes, userKey, keylen, iv);
- #endif
-
- #ifdef WOLFSSL_AESNI
- if (checkAESNI == 0) {
- haveAESNI = Check_CPU_support_AES();
- checkAESNI = 1;
- }
- if (haveAESNI) {
- aes->use_aesni = 1;
- if (iv)
- XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
- if (dir == AES_ENCRYPTION)
- return AES_set_encrypt_key(userKey, keylen * 8, aes);
- else
- return AES_set_decrypt_key(userKey, keylen * 8, aes);
- }
- #endif /* WOLFSSL_AESNI */
-
- return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir);
- }
-
- #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-
- /* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */
- int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
- const byte* iv, int dir)
- {
- return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir);
- }
-
- #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
-#endif /* STM32F2_CRYPTO, wc_AesSetKey block */
-
-
-/* wc_AesSetIV is shared between software and hardware */
-int wc_AesSetIV(Aes* aes, const byte* iv)
-{
- if (aes == NULL)
- return BAD_FUNC_ARG;
-
- if (iv)
- XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
- else
- XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
-
- return 0;
-}
-
-
-int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
- const byte* key, word32 keySz, const byte* iv)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Aes* aes = NULL;
-#else
- Aes aes[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (aes == NULL)
- return MEMORY_E;
-#endif
-
- ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(aes, out, in, inSz);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* AES-DIRECT */
-#if defined(WOLFSSL_AES_DIRECT)
- #if defined(FREESCALE_MMCAU)
-
- /* Allow direct access to one block encrypt */
- void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
- {
- byte* key;
- key = (byte*)aes->key;
-
- return cau_aes_encrypt(in, key, aes->rounds, out);
- }
-
- /* Allow direct access to one block decrypt */
- void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
- {
- byte* key;
- key = (byte*)aes->key;
-
- return cau_aes_decrypt(in, key, aes->rounds, out);
- }
-
- #elif defined(STM32F2_CRYPTO)
- #error "STM32F2 crypto doesn't yet support AES direct"
-
- #elif defined(HAVE_COLDFIRE_SEC)
- #error "Coldfire SEC doesn't yet support AES direct"
-
- #elif defined(WOLFSSL_PIC32MZ_CRYPT)
- #error "PIC32MZ doesn't yet support AES direct"
-
- #else
- /* Allow direct access to one block encrypt */
- void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
- {
- wc_AesEncrypt(aes, in, out);
- }
-
- /* Allow direct access to one block decrypt */
- void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
- {
- wc_AesDecrypt(aes, in, out);
- }
-
- #endif /* FREESCALE_MMCAU, AES direct block */
-#endif /* WOLFSSL_AES_DIRECT */
-
-
-/* AES-CBC */
-#ifdef STM32F2_CRYPTO
- int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- word32 *enc_key, *iv;
- CRYP_InitTypeDef AES_CRYP_InitStructure;
- CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure;
- CRYP_IVInitTypeDef AES_CRYP_IVInitStructure;
-
- enc_key = aes->key;
- iv = aes->reg;
-
- /* crypto structure initialization */
- CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure);
- CRYP_StructInit(&AES_CRYP_InitStructure);
- CRYP_IVStructInit(&AES_CRYP_IVInitStructure);
-
- /* reset registers to their default values */
- CRYP_DeInit();
-
- /* load key into correct registers */
- switch(aes->rounds)
- {
- case 10: /* 128-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b;
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3];
- break;
-
- case 12: /* 192-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b;
- AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5];
- break;
-
- case 14: /* 256-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b;
- AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3];
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7];
- break;
-
- default:
- break;
- }
- CRYP_KeyInit(&AES_CRYP_KeyInitStructure);
-
- /* set iv */
- ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
- AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
- AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
- AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2];
- AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3];
- CRYP_IVInit(&AES_CRYP_IVInitStructure);
-
- /* set direction, mode, and datatype */
- AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt;
- AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC;
- AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
- CRYP_Init(&AES_CRYP_InitStructure);
-
- /* enable crypto processor */
- CRYP_Cmd(ENABLE);
-
- while (sz > 0)
- {
- /* flush IN/OUT FIFOs */
- CRYP_FIFOFlush();
-
- CRYP_DataIn(*(uint32_t*)&in[0]);
- CRYP_DataIn(*(uint32_t*)&in[4]);
- CRYP_DataIn(*(uint32_t*)&in[8]);
- CRYP_DataIn(*(uint32_t*)&in[12]);
-
- /* wait until the complete message has been processed */
- while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
-
- *(uint32_t*)&out[0] = CRYP_DataOut();
- *(uint32_t*)&out[4] = CRYP_DataOut();
- *(uint32_t*)&out[8] = CRYP_DataOut();
- *(uint32_t*)&out[12] = CRYP_DataOut();
-
- /* store iv for next call */
- XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
- sz -= 16;
- in += 16;
- out += 16;
- }
-
- /* disable crypto processor */
- CRYP_Cmd(DISABLE);
-
- return 0;
- }
-
- int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- word32 *dec_key, *iv;
- CRYP_InitTypeDef AES_CRYP_InitStructure;
- CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure;
- CRYP_IVInitTypeDef AES_CRYP_IVInitStructure;
-
- dec_key = aes->key;
- iv = aes->reg;
-
- /* crypto structure initialization */
- CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure);
- CRYP_StructInit(&AES_CRYP_InitStructure);
- CRYP_IVStructInit(&AES_CRYP_IVInitStructure);
-
- /* if input and output same will overwrite input iv */
- XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
- /* reset registers to their default values */
- CRYP_DeInit();
-
- /* load key into correct registers */
- switch(aes->rounds)
- {
- case 10: /* 128-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b;
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[3];
- break;
-
- case 12: /* 192-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b;
- AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[3];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[4];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[5];
- break;
-
- case 14: /* 256-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b;
- AES_CRYP_KeyInitStructure.CRYP_Key0Left = dec_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key0Right = dec_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[3];
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[4];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[5];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[6];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[7];
- break;
-
- default:
- break;
- }
-
- /* set direction, mode, and datatype for key preparation */
- AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt;
- AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key;
- AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_32b;
- CRYP_Init(&AES_CRYP_InitStructure);
- CRYP_KeyInit(&AES_CRYP_KeyInitStructure);
-
- /* enable crypto processor */
- CRYP_Cmd(ENABLE);
-
- /* wait until key has been prepared */
- while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
-
- /* set direction, mode, and datatype for decryption */
- AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt;
- AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC;
- AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
- CRYP_Init(&AES_CRYP_InitStructure);
-
- /* set iv */
- ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
-
- AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
- AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
- AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2];
- AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3];
- CRYP_IVInit(&AES_CRYP_IVInitStructure);
-
- /* enable crypto processor */
- CRYP_Cmd(ENABLE);
-
- while (sz > 0)
- {
- /* flush IN/OUT FIFOs */
- CRYP_FIFOFlush();
-
- CRYP_DataIn(*(uint32_t*)&in[0]);
- CRYP_DataIn(*(uint32_t*)&in[4]);
- CRYP_DataIn(*(uint32_t*)&in[8]);
- CRYP_DataIn(*(uint32_t*)&in[12]);
-
- /* wait until the complete message has been processed */
- while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
-
- *(uint32_t*)&out[0] = CRYP_DataOut();
- *(uint32_t*)&out[4] = CRYP_DataOut();
- *(uint32_t*)&out[8] = CRYP_DataOut();
- *(uint32_t*)&out[12] = CRYP_DataOut();
-
- /* store iv for next call */
- XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
-
- sz -= 16;
- in += 16;
- out += 16;
- }
-
- /* disable crypto processor */
- CRYP_Cmd(DISABLE);
-
- return 0;
- }
-
-#elif defined(HAVE_COLDFIRE_SEC)
- static int wc_AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz,
- word32 descHeader)
- {
- #ifdef DEBUG_WOLFSSL
- int i; int stat1, stat2; int ret;
- #endif
-
- int size;
- volatile int v;
-
- if ((pi == NULL) || (po == NULL))
- return BAD_FUNC_ARG; /*wrong pointer*/
-
- LockMutex(&Mutex_AesSEC);
-
- /* Set descriptor for SEC */
- secDesc->length1 = 0x0;
- secDesc->pointer1 = NULL;
-
- secDesc->length2 = AES_BLOCK_SIZE;
- secDesc->pointer2 = (byte *)secReg; /* Initial Vector */
-
- switch(aes->rounds) {
- case 10: secDesc->length3 = 16 ; break ;
- case 12: secDesc->length3 = 24 ; break ;
- case 14: secDesc->length3 = 32 ; break ;
- }
- XMEMCPY(secKey, aes->key, secDesc->length3);
-
- secDesc->pointer3 = (byte *)secKey;
- secDesc->pointer4 = AESBuffIn;
- secDesc->pointer5 = AESBuffOut;
- secDesc->length6 = 0x0;
- secDesc->pointer6 = NULL;
- secDesc->length7 = 0x0;
- secDesc->pointer7 = NULL;
- secDesc->nextDescriptorPtr = NULL;
-
- while (sz) {
- secDesc->header = descHeader;
- XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE);
- if ((sz % AES_BUFFER_SIZE) == sz) {
- size = sz;
- sz = 0;
- } else {
- size = AES_BUFFER_SIZE;
- sz -= AES_BUFFER_SIZE;
- }
- secDesc->length4 = size;
- secDesc->length5 = size;
-
- XMEMCPY(AESBuffIn, pi, size);
- if(descHeader == SEC_DESC_AES_CBC_DECRYPT) {
- XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]),
- AES_BLOCK_SIZE);
- }
-
- /* Point SEC to the location of the descriptor */
- MCF_SEC_FR0 = (uint32)secDesc;
- /* Initialize SEC and wait for encryption to complete */
- MCF_SEC_CCCR0 = 0x0000001a;
- /* poll SISR to determine when channel is complete */
- v=0;
-
- while ((secDesc->header>> 24) != 0xff) v++;
-
- #ifdef DEBUG_WOLFSSL
- ret = MCF_SEC_SISRH;
- stat1 = MCF_SEC_AESSR;
- stat2 = MCF_SEC_AESISR;
- if (ret & 0xe0000000) {
- db_printf("Aes_Cbc(i=%d):ISRH=%08x, AESSR=%08x, "
- "AESISR=%08x\n", i, ret, stat1, stat2);
- }
- #endif
-
- XMEMCPY(po, AESBuffOut, size);
-
- if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) {
- XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]),
- AES_BLOCK_SIZE);
- } else {
- XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE);
- }
-
- pi += size;
- po += size;
- }
-
- UnLockMutex(&Mutex_AesSEC);
- return 0;
- }
-
- int wc_AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
- {
- return (wc_AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT));
- }
-
- int wc_AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
- {
- return (wc_AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT));
- }
-
-#elif defined(FREESCALE_MMCAU)
- int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- int i;
- int offset = 0;
- int len = sz;
-
- byte *iv, *enc_key;
- byte temp_block[AES_BLOCK_SIZE];
-
- iv = (byte*)aes->reg;
- enc_key = (byte*)aes->key;
-
- if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
- WOLFSSL_MSG("Bad cau_aes_encrypt alignment");
- return BAD_ALIGN_E;
- }
-
- while (len > 0)
- {
- XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
-
- /* XOR block with IV for CBC */
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- temp_block[i] ^= iv[i];
-
- cau_aes_encrypt(temp_block, enc_key, aes->rounds, out + offset);
-
- len -= AES_BLOCK_SIZE;
- offset += AES_BLOCK_SIZE;
-
- /* store IV for next block */
- XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- }
-
- return 0;
- }
-
- int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- int i;
- int offset = 0;
- int len = sz;
-
- byte* iv, *dec_key;
- byte temp_block[AES_BLOCK_SIZE];
-
- iv = (byte*)aes->reg;
- dec_key = (byte*)aes->key;
-
- if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
- WOLFSSL_MSG("Bad cau_aes_decrypt alignment");
- return BAD_ALIGN_E;
- }
-
- while (len > 0)
- {
- XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
-
- cau_aes_decrypt(in + offset, dec_key, aes->rounds, out + offset);
-
- /* XOR block with IV for CBC */
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- (out + offset)[i] ^= iv[i];
-
- /* store IV for next block */
- XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
-
- len -= AES_BLOCK_SIZE;
- offset += AES_BLOCK_SIZE;
- }
-
- return 0;
- }
-
-#elif defined(WOLFSSL_PIC32MZ_CRYPT)
- /* core hardware crypt engine driver */
- static void wc_AesCrypt(Aes *aes, byte* out, const byte* in, word32 sz,
- int dir, int algo, int cryptoalgo)
- {
- securityAssociation *sa_p ;
- bufferDescriptor *bd_p ;
-
- volatile securityAssociation sa __attribute__((aligned (8)));
- volatile bufferDescriptor bd __attribute__((aligned (8)));
- volatile int k ;
-
- /* get uncached address */
- sa_p = KVA0_TO_KVA1(&sa) ;
- bd_p = KVA0_TO_KVA1(&bd) ;
-
- /* Sync cache and physical memory */
- if(PIC32MZ_IF_RAM(in)) {
- XMEMCPY((void *)KVA0_TO_KVA1(in), (void *)in, sz);
- }
- XMEMSET((void *)KVA0_TO_KVA1(out), 0, sz);
- /* Set up the Security Association */
- XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa));
- sa_p->SA_CTRL.ALGO = algo ; /* AES */
- sa_p->SA_CTRL.LNC = 1;
- sa_p->SA_CTRL.LOADIV = 1;
- sa_p->SA_CTRL.FB = 1;
- sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */
- sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
-
- if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM){
- switch(aes->keylen) {
- case 32:
- sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_256 ;
- break ;
- case 24:
- sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_192 ;
- break ;
- case 16:
- sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ;
- break ;
- }
- } else
- sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ;
-
- ByteReverseWords(
- (word32 *)KVA0_TO_KVA1(sa.SA_ENCKEY + 8 - aes->keylen/sizeof(word32)),
- (word32 *)aes->key_ce, aes->keylen);
- ByteReverseWords(
- (word32*)KVA0_TO_KVA1(sa.SA_ENCIV), (word32 *)aes->iv_ce, 16);
-
- XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd));
- /* Set up the Buffer Descriptor */
- bd_p->BD_CTRL.BUFLEN = sz;
- if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM) {
- if(sz % 0x10)
- bd_p->BD_CTRL.BUFLEN = (sz/0x10 + 1) * 0x10 ;
- }
- bd_p->BD_CTRL.LIFM = 1;
- bd_p->BD_CTRL.SA_FETCH_EN = 1;
- bd_p->BD_CTRL.LAST_BD = 1;
- bd_p->BD_CTRL.DESC_EN = 1;
-
- bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ;
- bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ;
- bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out);
- bd_p->MSGLEN = sz ;
-
- CECON = 1 << 6;
- while (CECON);
-
- /* Run the engine */
- CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ;
- CEINTEN = 0x07;
- CECON = 0x27;
-
- WAIT_ENGINE ;
-
- if((cryptoalgo == PIC32_CRYPTOALGO_CBC) ||
- (cryptoalgo == PIC32_CRYPTOALGO_TCBC)||
- (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) {
- /* set iv for the next call */
- if(dir == PIC32_ENCRYPTION) {
- XMEMCPY((void *)aes->iv_ce,
- (void*)KVA0_TO_KVA1(out + sz - AES_BLOCK_SIZE),
- AES_BLOCK_SIZE) ;
- } else {
- ByteReverseWords((word32*)aes->iv_ce,
- (word32 *)KVA0_TO_KVA1(in + sz - AES_BLOCK_SIZE),
- AES_BLOCK_SIZE);
- }
- }
- XMEMCPY((byte *)out, (byte *)KVA0_TO_KVA1(out), sz) ;
- ByteReverseWords((word32*)out, (word32 *)out, sz);
- }
-
- int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- wc_AesCrypt(aes, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_AES,
- PIC32_CRYPTOALGO_RCBC );
- return 0 ;
- }
-
- int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- wc_AesCrypt(aes, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES,
- PIC32_CRYPTOALGO_RCBC);
- return 0 ;
- }
-
-#else
- int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- word32 blocks = sz / AES_BLOCK_SIZE;
-
- #ifdef HAVE_CAVIUM
- if (aes->magic == WOLFSSL_AES_CAVIUM_MAGIC)
- return wc_AesCaviumCbcEncrypt(aes, out, in, sz);
- #endif
-
- #ifdef WOLFSSL_AESNI
- if (haveAESNI) {
- #ifdef DEBUG_AESNI
- printf("about to aes cbc encrypt\n");
- printf("in = %p\n", in);
- printf("out = %p\n", out);
- printf("aes->key = %p\n", aes->key);
- printf("aes->reg = %p\n", aes->reg);
- printf("aes->rounds = %d\n", aes->rounds);
- printf("sz = %d\n", sz);
- #endif
-
- /* check alignment, decrypt doesn't need alignment */
- if ((wolfssl_word)in % 16) {
- #ifndef NO_WOLFSSL_ALLOC_ALIGN
- byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_MSG("AES-CBC encrypt with bad alignment");
- if (tmp == NULL) return MEMORY_E;
-
- XMEMCPY(tmp, in, sz);
- AES_CBC_encrypt(tmp, tmp, (byte*)aes->reg, sz, (byte*)aes->key,
- aes->rounds);
- /* store iv for next call */
- XMEMCPY(aes->reg, tmp + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
- XMEMCPY(out, tmp, sz);
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- #else
- return BAD_ALIGN_E;
- #endif
- }
-
- AES_CBC_encrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
- aes->rounds);
- /* store iv for next call */
- XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
- return 0;
- }
- #endif
-
- while (blocks--) {
- xorbuf((byte*)aes->reg, in, AES_BLOCK_SIZE);
- wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg);
- XMEMCPY(out, aes->reg, AES_BLOCK_SIZE);
-
- out += AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- }
-
- return 0;
- }
-
- int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- word32 blocks = sz / AES_BLOCK_SIZE;
-
- #ifdef HAVE_CAVIUM
- if (aes->magic == WOLFSSL_AES_CAVIUM_MAGIC)
- return wc_AesCaviumCbcDecrypt(aes, out, in, sz);
- #endif
-
- #ifdef WOLFSSL_AESNI
- if (haveAESNI) {
- #ifdef DEBUG_AESNI
- printf("about to aes cbc decrypt\n");
- printf("in = %p\n", in);
- printf("out = %p\n", out);
- printf("aes->key = %p\n", aes->key);
- printf("aes->reg = %p\n", aes->reg);
- printf("aes->rounds = %d\n", aes->rounds);
- printf("sz = %d\n", sz);
- #endif
-
- /* if input and output same will overwrite input iv */
- XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- AES_CBC_decrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
- aes->rounds);
- /* store iv for next call */
- XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
- return 0;
- }
- #endif
-
- while (blocks--) {
- XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE);
- wc_AesDecrypt(aes, (byte*)aes->tmp, out);
- xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE);
- XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
-
- out += AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- }
-
- return 0;
- }
-
-#endif /* STM32F2_CRYPTO, AES-CBC block */
-
-/* AES-CTR */
-#ifdef WOLFSSL_AES_COUNTER
-
- #ifdef STM32F2_CRYPTO
- void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- word32 *enc_key, *iv;
- CRYP_InitTypeDef AES_CRYP_InitStructure;
- CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure;
- CRYP_IVInitTypeDef AES_CRYP_IVInitStructure;
-
- enc_key = aes->key;
- iv = aes->reg;
-
- /* crypto structure initialization */
- CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure);
- CRYP_StructInit(&AES_CRYP_InitStructure);
- CRYP_IVStructInit(&AES_CRYP_IVInitStructure);
-
- /* reset registers to their default values */
- CRYP_DeInit();
-
- /* load key into correct registers */
- switch(aes->rounds)
- {
- case 10: /* 128-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b;
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3];
- break;
-
- case 12: /* 192-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b;
- AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5];
- break;
-
- case 14: /* 256-bit key */
- AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b;
- AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0];
- AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1];
- AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2];
- AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3];
- AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4];
- AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5];
- AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6];
- AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7];
- break;
-
- default:
- break;
- }
- CRYP_KeyInit(&AES_CRYP_KeyInitStructure);
-
- /* set iv */
- ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
- AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
- AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
- AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2];
- AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3];
- CRYP_IVInit(&AES_CRYP_IVInitStructure);
-
- /* set direction, mode, and datatype */
- AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt;
- AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CTR;
- AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
- CRYP_Init(&AES_CRYP_InitStructure);
-
- /* enable crypto processor */
- CRYP_Cmd(ENABLE);
-
- while (sz > 0)
- {
- /* flush IN/OUT FIFOs */
- CRYP_FIFOFlush();
-
- CRYP_DataIn(*(uint32_t*)&in[0]);
- CRYP_DataIn(*(uint32_t*)&in[4]);
- CRYP_DataIn(*(uint32_t*)&in[8]);
- CRYP_DataIn(*(uint32_t*)&in[12]);
-
- /* wait until the complete message has been processed */
- while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
-
- *(uint32_t*)&out[0] = CRYP_DataOut();
- *(uint32_t*)&out[4] = CRYP_DataOut();
- *(uint32_t*)&out[8] = CRYP_DataOut();
- *(uint32_t*)&out[12] = CRYP_DataOut();
-
- /* store iv for next call */
- XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
- sz -= 16;
- in += 16;
- out += 16;
- }
-
- /* disable crypto processor */
- CRYP_Cmd(DISABLE);
- }
-
- #elif defined(WOLFSSL_PIC32MZ_CRYPT)
- void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- int i ;
- char out_block[AES_BLOCK_SIZE] ;
- int odd ;
- int even ;
- char *tmp ; /* (char *)aes->tmp, for short */
-
- tmp = (char *)aes->tmp ;
- if(aes->left) {
- if((aes->left + sz) >= AES_BLOCK_SIZE){
- odd = AES_BLOCK_SIZE - aes->left ;
- } else {
- odd = sz ;
- }
- XMEMCPY(tmp+aes->left, in, odd) ;
- if((odd+aes->left) == AES_BLOCK_SIZE){
- wc_AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
- PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
- XMEMCPY(out, out_block+aes->left, odd) ;
- aes->left = 0 ;
- XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
- /* Increment IV */
- for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
- if (++((byte *)aes->iv_ce)[i])
- break ;
- }
- }
- in += odd ;
- out+= odd ;
- sz -= odd ;
- }
- odd = sz % AES_BLOCK_SIZE ; /* if there is tail flagment */
- if(sz / AES_BLOCK_SIZE) {
- even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
- wc_AesCrypt(aes, out, in, even, PIC32_ENCRYPTION, PIC32_ALGO_AES,
- PIC32_CRYPTOALGO_RCTR);
- out += even ;
- in += even ;
- do { /* Increment IV */
- for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
- if (++((byte *)aes->iv_ce)[i])
- break ;
- }
- even -= AES_BLOCK_SIZE ;
- } while((int)even > 0) ;
- }
- if(odd) {
- XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
- XMEMCPY(tmp+aes->left, in, odd) ;
- wc_AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
- PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
- XMEMCPY(out, out_block+aes->left,odd) ;
- aes->left += odd ;
- }
- }
-
- #elif defined(HAVE_COLDFIRE_SEC)
- #error "Coldfire SEC doesn't currently support AES-CTR mode"
-
- #elif defined(FREESCALE_MMCAU)
- #error "Freescale mmCAU doesn't currently support AES-CTR mode"
-
- #else
- /* Increment AES counter */
- static INLINE void IncrementAesCounter(byte* inOutCtr)
- {
- int i;
-
- /* in network byte order so start at end and work back */
- for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
- if (++inOutCtr[i]) /* we're done unless we overflow */
- return;
- }
- }
-
- void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
- {
- byte* tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
-
- /* consume any unused bytes left in aes->tmp */
- while (aes->left && sz) {
- *(out++) = *(in++) ^ *(tmp++);
- aes->left--;
- sz--;
- }
-
- /* do as many block size ops as possible */
- while (sz >= AES_BLOCK_SIZE) {
- wc_AesEncrypt(aes, (byte*)aes->reg, out);
- IncrementAesCounter((byte*)aes->reg);
- xorbuf(out, in, AES_BLOCK_SIZE);
-
- out += AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- sz -= AES_BLOCK_SIZE;
- aes->left = 0;
- }
-
- /* handle non block size remaining and sotre unused byte count in left */
- if (sz) {
- wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
- IncrementAesCounter((byte*)aes->reg);
-
- aes->left = AES_BLOCK_SIZE;
- tmp = (byte*)aes->tmp;
-
- while (sz--) {
- *(out++) = *(in++) ^ *(tmp++);
- aes->left--;
- }
- }
- }
-
- #endif /* STM32F2_CRYPTO, AES-CTR block */
-
-#endif /* WOLFSSL_AES_COUNTER */
-
-#ifdef HAVE_AESGCM
-
-/*
- * The IV for AES GCM, stored in struct Aes's member reg, is comprised of
- * three parts in order:
- * 1. The implicit IV. This is generated from the PRF using the shared
- * secrets between endpoints. It is 4 bytes long.
- * 2. The explicit IV. This is set by the user of the AES. It needs to be
- * unique for each call to encrypt. The explicit IV is shared with the
- * other end of the transaction in the clear.
- * 3. The counter. Each block of data is encrypted with its own sequence
- * number counter.
- */
-
-#ifdef STM32F2_CRYPTO
- #error "STM32F2 crypto doesn't currently support AES-GCM mode"
-
-#elif defined(HAVE_COLDFIRE_SEC)
- #error "Coldfire SEC doesn't currently support AES-GCM mode"
-
-#endif
-
-enum {
- CTR_SZ = 4
-};
-
-
-static INLINE void InitGcmCounter(byte* inOutCtr)
-{
- inOutCtr[AES_BLOCK_SIZE - 4] = 0;
- inOutCtr[AES_BLOCK_SIZE - 3] = 0;
- inOutCtr[AES_BLOCK_SIZE - 2] = 0;
- inOutCtr[AES_BLOCK_SIZE - 1] = 1;
-}
-
-
-static INLINE void IncrementGcmCounter(byte* inOutCtr)
-{
- int i;
-
- /* in network byte order so start at end and work back */
- for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
- if (++inOutCtr[i]) /* we're done unless we overflow */
- return;
- }
-}
-
-
-#if defined(GCM_SMALL) || defined(GCM_TABLE)
-
-static INLINE void FlattenSzInBits(byte* buf, word32 sz)
-{
- /* Multiply the sz by 8 */
- word32 szHi = (sz >> (8*sizeof(sz) - 3));
- sz <<= 3;
-
- /* copy over the words of the sz into the destination buffer */
- buf[0] = (szHi >> 24) & 0xff;
- buf[1] = (szHi >> 16) & 0xff;
- buf[2] = (szHi >> 8) & 0xff;
- buf[3] = szHi & 0xff;
- buf[4] = (sz >> 24) & 0xff;
- buf[5] = (sz >> 16) & 0xff;
- buf[6] = (sz >> 8) & 0xff;
- buf[7] = sz & 0xff;
-}
-
-
-static INLINE void RIGHTSHIFTX(byte* x)
-{
- int i;
- int carryOut = 0;
- int carryIn = 0;
- int borrow = x[15] & 0x01;
-
- for (i = 0; i < AES_BLOCK_SIZE; i++) {
- carryOut = x[i] & 0x01;
- x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
- carryIn = carryOut;
- }
- if (borrow) x[0] ^= 0xE1;
-}
-
-#endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */
-
-
-#ifdef GCM_TABLE
-
-static void GenerateM0(Aes* aes)
-{
- int i, j;
- byte (*m)[AES_BLOCK_SIZE] = aes->M0;
-
- XMEMCPY(m[128], aes->H, AES_BLOCK_SIZE);
-
- for (i = 64; i > 0; i /= 2) {
- XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
- RIGHTSHIFTX(m[i]);
- }
-
- for (i = 2; i < 256; i *= 2) {
- for (j = 1; j < i; j++) {
- XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
- xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
- }
- }
-
- XMEMSET(m[0], 0, AES_BLOCK_SIZE);
-}
-
-#endif /* GCM_TABLE */
-
-
-int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
-{
- int ret;
- byte iv[AES_BLOCK_SIZE];
-
- #ifdef FREESCALE_MMCAU
- byte* rk = (byte*)aes->key;
- #endif
-
- if (!((len == 16) || (len == 24) || (len == 32)))
- return BAD_FUNC_ARG;
-
- XMEMSET(iv, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
-
- if (ret == 0) {
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(iv, rk, aes->rounds, aes->H);
- #else
- wc_AesEncrypt(aes, iv, aes->H);
- #endif
- #ifdef GCM_TABLE
- GenerateM0(aes);
- #endif /* GCM_TABLE */
- }
-
- return ret;
-}
-
-
-#if defined(GCM_SMALL)
-
-static void GMULT(byte* X, byte* Y)
-{
- byte Z[AES_BLOCK_SIZE];
- byte V[AES_BLOCK_SIZE];
- int i, j;
-
- XMEMSET(Z, 0, AES_BLOCK_SIZE);
- XMEMCPY(V, X, AES_BLOCK_SIZE);
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- {
- byte y = Y[i];
- for (j = 0; j < 8; j++)
- {
- if (y & 0x80) {
- xorbuf(Z, V, AES_BLOCK_SIZE);
- }
-
- RIGHTSHIFTX(V);
- y = y << 1;
- }
- }
- XMEMCPY(X, Z, AES_BLOCK_SIZE);
-}
-
-
-static void GHASH(Aes* aes, const byte* a, word32 aSz,
- const byte* c, word32 cSz, byte* s, word32 sSz)
-{
- byte x[AES_BLOCK_SIZE];
- byte scratch[AES_BLOCK_SIZE];
- word32 blocks, partial;
- byte* h = aes->H;
-
- XMEMSET(x, 0, AES_BLOCK_SIZE);
-
- /* Hash in A, the Additional Authentication Data */
- if (aSz != 0 && a != NULL) {
- blocks = aSz / AES_BLOCK_SIZE;
- partial = aSz % AES_BLOCK_SIZE;
- while (blocks--) {
- xorbuf(x, a, AES_BLOCK_SIZE);
- GMULT(x, h);
- a += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(scratch, 0, AES_BLOCK_SIZE);
- XMEMCPY(scratch, a, partial);
- xorbuf(x, scratch, AES_BLOCK_SIZE);
- GMULT(x, h);
- }
- }
-
- /* Hash in C, the Ciphertext */
- if (cSz != 0 && c != NULL) {
- blocks = cSz / AES_BLOCK_SIZE;
- partial = cSz % AES_BLOCK_SIZE;
- while (blocks--) {
- xorbuf(x, c, AES_BLOCK_SIZE);
- GMULT(x, h);
- c += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(scratch, 0, AES_BLOCK_SIZE);
- XMEMCPY(scratch, c, partial);
- xorbuf(x, scratch, AES_BLOCK_SIZE);
- GMULT(x, h);
- }
- }
-
- /* Hash in the lengths of A and C in bits */
- FlattenSzInBits(&scratch[0], aSz);
- FlattenSzInBits(&scratch[8], cSz);
- xorbuf(x, scratch, AES_BLOCK_SIZE);
- GMULT(x, h);
-
- /* Copy the result into s. */
- XMEMCPY(s, x, sSz);
-}
-
-/* end GCM_SMALL */
-#elif defined(GCM_TABLE)
-
-static const byte R[256][2] = {
- {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
- {0x07, 0x08}, {0x06, 0xca}, {0x04, 0x8c}, {0x05, 0x4e},
- {0x0e, 0x10}, {0x0f, 0xd2}, {0x0d, 0x94}, {0x0c, 0x56},
- {0x09, 0x18}, {0x08, 0xda}, {0x0a, 0x9c}, {0x0b, 0x5e},
- {0x1c, 0x20}, {0x1d, 0xe2}, {0x1f, 0xa4}, {0x1e, 0x66},
- {0x1b, 0x28}, {0x1a, 0xea}, {0x18, 0xac}, {0x19, 0x6e},
- {0x12, 0x30}, {0x13, 0xf2}, {0x11, 0xb4}, {0x10, 0x76},
- {0x15, 0x38}, {0x14, 0xfa}, {0x16, 0xbc}, {0x17, 0x7e},
- {0x38, 0x40}, {0x39, 0x82}, {0x3b, 0xc4}, {0x3a, 0x06},
- {0x3f, 0x48}, {0x3e, 0x8a}, {0x3c, 0xcc}, {0x3d, 0x0e},
- {0x36, 0x50}, {0x37, 0x92}, {0x35, 0xd4}, {0x34, 0x16},
- {0x31, 0x58}, {0x30, 0x9a}, {0x32, 0xdc}, {0x33, 0x1e},
- {0x24, 0x60}, {0x25, 0xa2}, {0x27, 0xe4}, {0x26, 0x26},
- {0x23, 0x68}, {0x22, 0xaa}, {0x20, 0xec}, {0x21, 0x2e},
- {0x2a, 0x70}, {0x2b, 0xb2}, {0x29, 0xf4}, {0x28, 0x36},
- {0x2d, 0x78}, {0x2c, 0xba}, {0x2e, 0xfc}, {0x2f, 0x3e},
- {0x70, 0x80}, {0x71, 0x42}, {0x73, 0x04}, {0x72, 0xc6},
- {0x77, 0x88}, {0x76, 0x4a}, {0x74, 0x0c}, {0x75, 0xce},
- {0x7e, 0x90}, {0x7f, 0x52}, {0x7d, 0x14}, {0x7c, 0xd6},
- {0x79, 0x98}, {0x78, 0x5a}, {0x7a, 0x1c}, {0x7b, 0xde},
- {0x6c, 0xa0}, {0x6d, 0x62}, {0x6f, 0x24}, {0x6e, 0xe6},
- {0x6b, 0xa8}, {0x6a, 0x6a}, {0x68, 0x2c}, {0x69, 0xee},
- {0x62, 0xb0}, {0x63, 0x72}, {0x61, 0x34}, {0x60, 0xf6},
- {0x65, 0xb8}, {0x64, 0x7a}, {0x66, 0x3c}, {0x67, 0xfe},
- {0x48, 0xc0}, {0x49, 0x02}, {0x4b, 0x44}, {0x4a, 0x86},
- {0x4f, 0xc8}, {0x4e, 0x0a}, {0x4c, 0x4c}, {0x4d, 0x8e},
- {0x46, 0xd0}, {0x47, 0x12}, {0x45, 0x54}, {0x44, 0x96},
- {0x41, 0xd8}, {0x40, 0x1a}, {0x42, 0x5c}, {0x43, 0x9e},
- {0x54, 0xe0}, {0x55, 0x22}, {0x57, 0x64}, {0x56, 0xa6},
- {0x53, 0xe8}, {0x52, 0x2a}, {0x50, 0x6c}, {0x51, 0xae},
- {0x5a, 0xf0}, {0x5b, 0x32}, {0x59, 0x74}, {0x58, 0xb6},
- {0x5d, 0xf8}, {0x5c, 0x3a}, {0x5e, 0x7c}, {0x5f, 0xbe},
- {0xe1, 0x00}, {0xe0, 0xc2}, {0xe2, 0x84}, {0xe3, 0x46},
- {0xe6, 0x08}, {0xe7, 0xca}, {0xe5, 0x8c}, {0xe4, 0x4e},
- {0xef, 0x10}, {0xee, 0xd2}, {0xec, 0x94}, {0xed, 0x56},
- {0xe8, 0x18}, {0xe9, 0xda}, {0xeb, 0x9c}, {0xea, 0x5e},
- {0xfd, 0x20}, {0xfc, 0xe2}, {0xfe, 0xa4}, {0xff, 0x66},
- {0xfa, 0x28}, {0xfb, 0xea}, {0xf9, 0xac}, {0xf8, 0x6e},
- {0xf3, 0x30}, {0xf2, 0xf2}, {0xf0, 0xb4}, {0xf1, 0x76},
- {0xf4, 0x38}, {0xf5, 0xfa}, {0xf7, 0xbc}, {0xf6, 0x7e},
- {0xd9, 0x40}, {0xd8, 0x82}, {0xda, 0xc4}, {0xdb, 0x06},
- {0xde, 0x48}, {0xdf, 0x8a}, {0xdd, 0xcc}, {0xdc, 0x0e},
- {0xd7, 0x50}, {0xd6, 0x92}, {0xd4, 0xd4}, {0xd5, 0x16},
- {0xd0, 0x58}, {0xd1, 0x9a}, {0xd3, 0xdc}, {0xd2, 0x1e},
- {0xc5, 0x60}, {0xc4, 0xa2}, {0xc6, 0xe4}, {0xc7, 0x26},
- {0xc2, 0x68}, {0xc3, 0xaa}, {0xc1, 0xec}, {0xc0, 0x2e},
- {0xcb, 0x70}, {0xca, 0xb2}, {0xc8, 0xf4}, {0xc9, 0x36},
- {0xcc, 0x78}, {0xcd, 0xba}, {0xcf, 0xfc}, {0xce, 0x3e},
- {0x91, 0x80}, {0x90, 0x42}, {0x92, 0x04}, {0x93, 0xc6},
- {0x96, 0x88}, {0x97, 0x4a}, {0x95, 0x0c}, {0x94, 0xce},
- {0x9f, 0x90}, {0x9e, 0x52}, {0x9c, 0x14}, {0x9d, 0xd6},
- {0x98, 0x98}, {0x99, 0x5a}, {0x9b, 0x1c}, {0x9a, 0xde},
- {0x8d, 0xa0}, {0x8c, 0x62}, {0x8e, 0x24}, {0x8f, 0xe6},
- {0x8a, 0xa8}, {0x8b, 0x6a}, {0x89, 0x2c}, {0x88, 0xee},
- {0x83, 0xb0}, {0x82, 0x72}, {0x80, 0x34}, {0x81, 0xf6},
- {0x84, 0xb8}, {0x85, 0x7a}, {0x87, 0x3c}, {0x86, 0xfe},
- {0xa9, 0xc0}, {0xa8, 0x02}, {0xaa, 0x44}, {0xab, 0x86},
- {0xae, 0xc8}, {0xaf, 0x0a}, {0xad, 0x4c}, {0xac, 0x8e},
- {0xa7, 0xd0}, {0xa6, 0x12}, {0xa4, 0x54}, {0xa5, 0x96},
- {0xa0, 0xd8}, {0xa1, 0x1a}, {0xa3, 0x5c}, {0xa2, 0x9e},
- {0xb5, 0xe0}, {0xb4, 0x22}, {0xb6, 0x64}, {0xb7, 0xa6},
- {0xb2, 0xe8}, {0xb3, 0x2a}, {0xb1, 0x6c}, {0xb0, 0xae},
- {0xbb, 0xf0}, {0xba, 0x32}, {0xb8, 0x74}, {0xb9, 0xb6},
- {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
-
-
-static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
-{
- int i, j;
- byte Z[AES_BLOCK_SIZE];
- byte a;
-
- XMEMSET(Z, 0, sizeof(Z));
-
- for (i = 15; i > 0; i--) {
- xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
- a = Z[15];
-
- for (j = 15; j > 0; j--) {
- Z[j] = Z[j-1];
- }
-
- Z[0] = R[a][0];
- Z[1] ^= R[a][1];
- }
- xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
-
- XMEMCPY(x, Z, AES_BLOCK_SIZE);
-}
-
-
-static void GHASH(Aes* aes, const byte* a, word32 aSz,
- const byte* c, word32 cSz, byte* s, word32 sSz)
-{
- byte x[AES_BLOCK_SIZE];
- byte scratch[AES_BLOCK_SIZE];
- word32 blocks, partial;
-
- XMEMSET(x, 0, AES_BLOCK_SIZE);
-
- /* Hash in A, the Additional Authentication Data */
- if (aSz != 0 && a != NULL) {
- blocks = aSz / AES_BLOCK_SIZE;
- partial = aSz % AES_BLOCK_SIZE;
- while (blocks--) {
- xorbuf(x, a, AES_BLOCK_SIZE);
- GMULT(x, aes->M0);
- a += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(scratch, 0, AES_BLOCK_SIZE);
- XMEMCPY(scratch, a, partial);
- xorbuf(x, scratch, AES_BLOCK_SIZE);
- GMULT(x, aes->M0);
- }
- }
-
- /* Hash in C, the Ciphertext */
- if (cSz != 0 && c != NULL) {
- blocks = cSz / AES_BLOCK_SIZE;
- partial = cSz % AES_BLOCK_SIZE;
- while (blocks--) {
- xorbuf(x, c, AES_BLOCK_SIZE);
- GMULT(x, aes->M0);
- c += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(scratch, 0, AES_BLOCK_SIZE);
- XMEMCPY(scratch, c, partial);
- xorbuf(x, scratch, AES_BLOCK_SIZE);
- GMULT(x, aes->M0);
- }
- }
-
- /* Hash in the lengths of A and C in bits */
- FlattenSzInBits(&scratch[0], aSz);
- FlattenSzInBits(&scratch[8], cSz);
- xorbuf(x, scratch, AES_BLOCK_SIZE);
- GMULT(x, aes->M0);
-
- /* Copy the result into s. */
- XMEMCPY(s, x, sSz);
-}
-
-/* end GCM_TABLE */
-#elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
-
-static void GMULT(word64* X, word64* Y)
-{
- word64 Z[2] = {0,0};
- word64 V[2] ;
- int i, j;
- V[0] = X[0] ; V[1] = X[1] ;
-
- for (i = 0; i < 2; i++)
- {
- word64 y = Y[i];
- for (j = 0; j < 64; j++)
- {
- if (y & 0x8000000000000000ULL) {
- Z[0] ^= V[0];
- Z[1] ^= V[1];
- }
-
- if (V[1] & 0x0000000000000001) {
- V[1] >>= 1;
- V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000ULL : 0);
- V[0] >>= 1;
- V[0] ^= 0xE100000000000000ULL;
- }
- else {
- V[1] >>= 1;
- V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000ULL : 0);
- V[0] >>= 1;
- }
- y <<= 1;
- }
- }
- X[0] = Z[0];
- X[1] = Z[1];
-}
-
-
-static void GHASH(Aes* aes, const byte* a, word32 aSz,
- const byte* c, word32 cSz, byte* s, word32 sSz)
-{
- word64 x[2] = {0,0};
- word32 blocks, partial;
- word64 bigH[2];
-
- XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE);
- #endif
-
- /* Hash in A, the Additional Authentication Data */
- if (aSz != 0 && a != NULL) {
- word64 bigA[2];
- blocks = aSz / AES_BLOCK_SIZE;
- partial = aSz % AES_BLOCK_SIZE;
- while (blocks--) {
- XMEMCPY(bigA, a, AES_BLOCK_SIZE);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigA[0];
- x[1] ^= bigA[1];
- GMULT(x, bigH);
- a += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(bigA, 0, AES_BLOCK_SIZE);
- XMEMCPY(bigA, a, partial);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigA[0];
- x[1] ^= bigA[1];
- GMULT(x, bigH);
- }
- }
-
- /* Hash in C, the Ciphertext */
- if (cSz != 0 && c != NULL) {
- word64 bigC[2];
- blocks = cSz / AES_BLOCK_SIZE;
- partial = cSz % AES_BLOCK_SIZE;
- while (blocks--) {
- XMEMCPY(bigC, c, AES_BLOCK_SIZE);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigC[0];
- x[1] ^= bigC[1];
- GMULT(x, bigH);
- c += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(bigC, 0, AES_BLOCK_SIZE);
- XMEMCPY(bigC, c, partial);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigC[0];
- x[1] ^= bigC[1];
- GMULT(x, bigH);
- }
- }
-
- /* Hash in the lengths in bits of A and C */
- {
- word64 len[2] ;
- len[0] = aSz ; len[1] = cSz;
-
- /* Lengths are in bytes. Convert to bits. */
- len[0] *= 8;
- len[1] *= 8;
-
- x[0] ^= len[0];
- x[1] ^= len[1];
- GMULT(x, bigH);
- }
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(x, x, AES_BLOCK_SIZE);
- #endif
- XMEMCPY(s, x, sSz);
-}
-
-/* end defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) */
-#else /* GCM_WORD32 */
-
-static void GMULT(word32* X, word32* Y)
-{
- word32 Z[4] = {0,0,0,0};
- word32 V[4] ;
- int i, j;
-
- V[0] = X[0]; V[1] = X[1]; V[2] = X[2]; V[3] = X[3];
-
- for (i = 0; i < 4; i++)
- {
- word32 y = Y[i];
- for (j = 0; j < 32; j++)
- {
- if (y & 0x80000000) {
- Z[0] ^= V[0];
- Z[1] ^= V[1];
- Z[2] ^= V[2];
- Z[3] ^= V[3];
- }
-
- if (V[3] & 0x00000001) {
- V[3] >>= 1;
- V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
- V[2] >>= 1;
- V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
- V[1] >>= 1;
- V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
- V[0] >>= 1;
- V[0] ^= 0xE1000000;
- } else {
- V[3] >>= 1;
- V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
- V[2] >>= 1;
- V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
- V[1] >>= 1;
- V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
- V[0] >>= 1;
- }
- y <<= 1;
- }
- }
- X[0] = Z[0];
- X[1] = Z[1];
- X[2] = Z[2];
- X[3] = Z[3];
-}
-
-
-static void GHASH(Aes* aes, const byte* a, word32 aSz,
- const byte* c, word32 cSz, byte* s, word32 sSz)
-{
- word32 x[4] = {0,0,0,0};
- word32 blocks, partial;
- word32 bigH[4];
-
- XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE);
- #endif
-
- /* Hash in A, the Additional Authentication Data */
- if (aSz != 0 && a != NULL) {
- word32 bigA[4];
- blocks = aSz / AES_BLOCK_SIZE;
- partial = aSz % AES_BLOCK_SIZE;
- while (blocks--) {
- XMEMCPY(bigA, a, AES_BLOCK_SIZE);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigA[0];
- x[1] ^= bigA[1];
- x[2] ^= bigA[2];
- x[3] ^= bigA[3];
- GMULT(x, bigH);
- a += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(bigA, 0, AES_BLOCK_SIZE);
- XMEMCPY(bigA, a, partial);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigA[0];
- x[1] ^= bigA[1];
- x[2] ^= bigA[2];
- x[3] ^= bigA[3];
- GMULT(x, bigH);
- }
- }
-
- /* Hash in C, the Ciphertext */
- if (cSz != 0 && c != NULL) {
- word32 bigC[4];
- blocks = cSz / AES_BLOCK_SIZE;
- partial = cSz % AES_BLOCK_SIZE;
- while (blocks--) {
- XMEMCPY(bigC, c, AES_BLOCK_SIZE);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigC[0];
- x[1] ^= bigC[1];
- x[2] ^= bigC[2];
- x[3] ^= bigC[3];
- GMULT(x, bigH);
- c += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- XMEMSET(bigC, 0, AES_BLOCK_SIZE);
- XMEMCPY(bigC, c, partial);
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
- #endif
- x[0] ^= bigC[0];
- x[1] ^= bigC[1];
- x[2] ^= bigC[2];
- x[3] ^= bigC[3];
- GMULT(x, bigH);
- }
- }
-
- /* Hash in the lengths in bits of A and C */
- {
- word32 len[4];
-
- /* Lengths are in bytes. Convert to bits. */
- len[0] = (aSz >> (8*sizeof(aSz) - 3));
- len[1] = aSz << 3;
- len[2] = (cSz >> (8*sizeof(cSz) - 3));
- len[3] = cSz << 3;
-
- x[0] ^= len[0];
- x[1] ^= len[1];
- x[2] ^= len[2];
- x[3] ^= len[3];
- GMULT(x, bigH);
- }
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(x, x, AES_BLOCK_SIZE);
- #endif
- XMEMCPY(s, x, sSz);
-}
-
-#endif /* end GCM_WORD32 */
-
-
-int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
- const byte* iv, word32 ivSz,
- byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- word32 blocks = sz / AES_BLOCK_SIZE;
- word32 partial = sz % AES_BLOCK_SIZE;
- const byte* p = in;
- byte* c = out;
- byte counter[AES_BLOCK_SIZE];
- byte *ctr ;
- byte scratch[AES_BLOCK_SIZE];
-
-#ifdef FREESCALE_MMCAU
- byte* key = (byte*)aes->key;
-#endif
-
- WOLFSSL_ENTER("AesGcmEncrypt");
-
-#ifdef WOLFSSL_PIC32MZ_CRYPT
- ctr = (char *)aes->iv_ce ;
-#else
- ctr = counter ;
-#endif
-
- XMEMSET(ctr, 0, AES_BLOCK_SIZE);
- XMEMCPY(ctr, iv, ivSz);
- InitGcmCounter(ctr);
-
-#ifdef WOLFSSL_PIC32MZ_CRYPT
- if(blocks)
- wc_AesCrypt(aes, out, in, blocks*AES_BLOCK_SIZE,
- PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM );
-#endif
- while (blocks--) {
- IncrementGcmCounter(ctr);
- #ifndef WOLFSSL_PIC32MZ_CRYPT
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(ctr, key, aes->rounds, scratch);
- #else
- wc_AesEncrypt(aes, ctr, scratch);
- #endif
- xorbuf(scratch, p, AES_BLOCK_SIZE);
- XMEMCPY(c, scratch, AES_BLOCK_SIZE);
- #endif
- p += AES_BLOCK_SIZE;
- c += AES_BLOCK_SIZE;
- }
-
- if (partial != 0) {
- IncrementGcmCounter(ctr);
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(ctr, key, aes->rounds, scratch);
- #else
- wc_AesEncrypt(aes, ctr, scratch);
- #endif
- xorbuf(scratch, p, partial);
- XMEMCPY(c, scratch, partial);
-
- }
-
- GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
- InitGcmCounter(ctr);
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(ctr, key, aes->rounds, scratch);
- #else
- wc_AesEncrypt(aes, ctr, scratch);
- #endif
- xorbuf(authTag, scratch, authTagSz);
-
- return 0;
-}
-
-
-int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
- const byte* iv, word32 ivSz,
- const byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- word32 blocks = sz / AES_BLOCK_SIZE;
- word32 partial = sz % AES_BLOCK_SIZE;
- const byte* c = in;
- byte* p = out;
- byte counter[AES_BLOCK_SIZE];
- byte *ctr ;
- byte scratch[AES_BLOCK_SIZE];
-
-#ifdef FREESCALE_MMCAU
- byte* key = (byte*)aes->key;
-#endif
-
- WOLFSSL_ENTER("AesGcmDecrypt");
-
-#ifdef WOLFSSL_PIC32MZ_CRYPT
- ctr = (char *)aes->iv_ce ;
-#else
- ctr = counter ;
-#endif
-
- XMEMSET(ctr, 0, AES_BLOCK_SIZE);
- XMEMCPY(ctr, iv, ivSz);
- InitGcmCounter(ctr);
-
- /* Calculate the authTag again using the received auth data and the
- * cipher text. */
- {
- byte Tprime[AES_BLOCK_SIZE];
- byte EKY0[AES_BLOCK_SIZE];
-
- GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(ctr, key, aes->rounds, EKY0);
- #else
- wc_AesEncrypt(aes, ctr, EKY0);
- #endif
- xorbuf(Tprime, EKY0, sizeof(Tprime));
-
- if (ConstantCompare(authTag, Tprime, authTagSz) != 0) {
- return AES_GCM_AUTH_E;
- }
- }
-
-#ifdef WOLFSSL_PIC32MZ_CRYPT
- if(blocks)
- wc_AesCrypt(aes, out, in, blocks*AES_BLOCK_SIZE,
- PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM );
-#endif
-
- while (blocks--) {
- IncrementGcmCounter(ctr);
- #ifndef WOLFSSL_PIC32MZ_CRYPT
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(ctr, key, aes->rounds, scratch);
- #else
- wc_AesEncrypt(aes, ctr, scratch);
- #endif
- xorbuf(scratch, c, AES_BLOCK_SIZE);
- XMEMCPY(p, scratch, AES_BLOCK_SIZE);
- #endif
- p += AES_BLOCK_SIZE;
- c += AES_BLOCK_SIZE;
- }
- if (partial != 0) {
- IncrementGcmCounter(ctr);
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(ctr, key, aes->rounds, scratch);
- #else
- wc_AesEncrypt(aes, ctr, scratch);
- #endif
- xorbuf(scratch, c, partial);
- XMEMCPY(p, scratch, partial);
- }
- return 0;
-}
-
-
-
-WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
-{
- return wc_AesGcmSetKey(&gmac->aes, key, len);
-}
-
-
-WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
- const byte* authIn, word32 authInSz,
- byte* authTag, word32 authTagSz)
-{
- return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
- authTag, authTagSz, authIn, authInSz);
-}
-
-#endif /* HAVE_AESGCM */
-
-
-#ifdef HAVE_AESCCM
-
-#ifdef STM32F2_CRYPTO
- #error "STM32F2 crypto doesn't currently support AES-CCM mode"
-
-#elif defined(HAVE_COLDFIRE_SEC)
- #error "Coldfire SEC doesn't currently support AES-CCM mode"
-
-#elif defined(WOLFSSL_PIC32MZ_CRYPT)
- #error "PIC32MZ doesn't currently support AES-CCM mode"
-
-#endif
-
-void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
-{
- byte nonce[AES_BLOCK_SIZE];
-
- if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
- return;
-
- XMEMSET(nonce, 0, sizeof(nonce));
- wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
-}
-
-
-static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
-{
- #ifdef FREESCALE_MMCAU
- byte* key = (byte*)aes->key;
- #endif
-
- /* process the bulk of the data */
- while (inSz >= AES_BLOCK_SIZE) {
- xorbuf(out, in, AES_BLOCK_SIZE);
- in += AES_BLOCK_SIZE;
- inSz -= AES_BLOCK_SIZE;
-
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(out, key, aes->rounds, out);
- #else
- wc_AesEncrypt(aes, out, out);
- #endif
- }
-
- /* process remainder of the data */
- if (inSz > 0) {
- xorbuf(out, in, inSz);
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(out, key, aes->rounds, out);
- #else
- wc_AesEncrypt(aes, out, out);
- #endif
- }
-}
-
-
-static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
-{
- word32 authLenSz;
- word32 remainder;
-
- #ifdef FREESCALE_MMCAU
- byte* key = (byte*)aes->key;
- #endif
-
- /* encode the length in */
- if (inSz <= 0xFEFF) {
- authLenSz = 2;
- out[0] ^= ((inSz & 0xFF00) >> 8);
- out[1] ^= (inSz & 0x00FF);
- }
- else if (inSz <= 0xFFFFFFFF) {
- authLenSz = 6;
- out[0] ^= 0xFF; out[1] ^= 0xFE;
- out[2] ^= ((inSz & 0xFF000000) >> 24);
- out[3] ^= ((inSz & 0x00FF0000) >> 16);
- out[4] ^= ((inSz & 0x0000FF00) >> 8);
- out[5] ^= (inSz & 0x000000FF);
- }
- /* Note, the protocol handles auth data up to 2^64, but we are
- * using 32-bit sizes right now, so the bigger data isn't handled
- * else if (inSz <= 0xFFFFFFFFFFFFFFFF) {} */
- else
- return;
-
- /* start fill out the rest of the first block */
- remainder = AES_BLOCK_SIZE - authLenSz;
- if (inSz >= remainder) {
- /* plenty of bulk data to fill the remainder of this block */
- xorbuf(out + authLenSz, in, remainder);
- inSz -= remainder;
- in += remainder;
- }
- else {
- /* not enough bulk data, copy what is available, and pad zero */
- xorbuf(out + authLenSz, in, inSz);
- inSz = 0;
- }
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(out, key, aes->rounds, out);
- #else
- wc_AesEncrypt(aes, out, out);
- #endif
-
- if (inSz > 0)
- roll_x(aes, in, inSz, out);
-}
-
-
-static INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
-{
- word32 i;
-
- for (i = 0; i < lenSz; i++) {
- if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
- }
-}
-
-
-void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
- const byte* nonce, word32 nonceSz,
- byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- byte A[AES_BLOCK_SIZE];
- byte B[AES_BLOCK_SIZE];
- byte lenSz;
- word32 i;
-
- #ifdef FREESCALE_MMCAU
- byte* key = (byte*)aes->key;
- #endif
-
- XMEMCPY(B+1, nonce, nonceSz);
- lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
- B[0] = (authInSz > 0 ? 64 : 0)
- + (8 * (((byte)authTagSz - 2) / 2))
- + (lenSz - 1);
- for (i = 0; i < lenSz; i++)
- B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF;
-
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
- if (authInSz > 0)
- roll_auth(aes, authIn, authInSz, A);
- if (inSz > 0)
- roll_x(aes, in, inSz, A);
- XMEMCPY(authTag, A, authTagSz);
-
- B[0] = lenSz - 1;
- for (i = 0; i < lenSz; i++)
- B[AES_BLOCK_SIZE - 1 - i] = 0;
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
- xorbuf(authTag, A, authTagSz);
-
- B[15] = 1;
- while (inSz >= AES_BLOCK_SIZE) {
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
- xorbuf(A, in, AES_BLOCK_SIZE);
- XMEMCPY(out, A, AES_BLOCK_SIZE);
-
- AesCcmCtrInc(B, lenSz);
- inSz -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- if (inSz > 0) {
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
- xorbuf(A, in, inSz);
- XMEMCPY(out, A, inSz);
- }
-
- ForceZero(A, AES_BLOCK_SIZE);
- ForceZero(B, AES_BLOCK_SIZE);
-}
-
-
-int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
- const byte* nonce, word32 nonceSz,
- const byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz)
-{
- byte A[AES_BLOCK_SIZE];
- byte B[AES_BLOCK_SIZE];
- byte* o;
- byte lenSz;
- word32 i, oSz;
- int result = 0;
-
- #ifdef FREESCALE_MMCAU
- byte* key = (byte*)aes->key;
- #endif
-
- o = out;
- oSz = inSz;
- XMEMCPY(B+1, nonce, nonceSz);
- lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
-
- B[0] = lenSz - 1;
- for (i = 0; i < lenSz; i++)
- B[AES_BLOCK_SIZE - 1 - i] = 0;
- B[15] = 1;
-
- while (oSz >= AES_BLOCK_SIZE) {
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
- xorbuf(A, in, AES_BLOCK_SIZE);
- XMEMCPY(o, A, AES_BLOCK_SIZE);
-
- AesCcmCtrInc(B, lenSz);
- oSz -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- o += AES_BLOCK_SIZE;
- }
- if (inSz > 0) {
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
- xorbuf(A, in, oSz);
- XMEMCPY(o, A, oSz);
- }
-
- for (i = 0; i < lenSz; i++)
- B[AES_BLOCK_SIZE - 1 - i] = 0;
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
-
- o = out;
- oSz = inSz;
-
- B[0] = (authInSz > 0 ? 64 : 0)
- + (8 * (((byte)authTagSz - 2) / 2))
- + (lenSz - 1);
- for (i = 0; i < lenSz; i++)
- B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF;
-
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, A);
- #else
- wc_AesEncrypt(aes, B, A);
- #endif
- if (authInSz > 0)
- roll_auth(aes, authIn, authInSz, A);
- if (inSz > 0)
- roll_x(aes, o, oSz, A);
-
- B[0] = lenSz - 1;
- for (i = 0; i < lenSz; i++)
- B[AES_BLOCK_SIZE - 1 - i] = 0;
- #ifdef FREESCALE_MMCAU
- cau_aes_encrypt(B, key, aes->rounds, B);
- #else
- wc_AesEncrypt(aes, B, B);
- #endif
- xorbuf(A, B, authTagSz);
-
- if (ConstantCompare(A, authTag, authTagSz) != 0) {
- /* If the authTag check fails, don't keep the decrypted data.
- * Unfortunately, you need the decrypted data to calculate the
- * check value. */
- XMEMSET(out, 0, inSz);
- result = AES_CCM_AUTH_E;
- }
-
- ForceZero(A, AES_BLOCK_SIZE);
- ForceZero(B, AES_BLOCK_SIZE);
- o = NULL;
-
- return result;
-}
-
-#endif /* HAVE_AESCCM */
-
-
-#ifdef HAVE_CAVIUM
-
-#include <wolfssl/ctaocrypt/logging.h>
-#include "cavium_common.h"
-
-/* Initiliaze Aes for use with Nitrox device */
-int wc_AesInitCavium(Aes* aes, int devId)
-{
- if (aes == NULL)
- return -1;
-
- if (CspAllocContext(CONTEXT_SSL, &aes->contextHandle, devId) != 0)
- return -1;
-
- aes->devId = devId;
- aes->magic = WOLFSSL_AES_CAVIUM_MAGIC;
-
- return 0;
-}
-
-
-/* Free Aes from use with Nitrox device */
-void wc_AesFreeCavium(Aes* aes)
-{
- if (aes == NULL)
- return;
-
- if (aes->magic != WOLFSSL_AES_CAVIUM_MAGIC)
- return;
-
- CspFreeContext(CONTEXT_SSL, aes->contextHandle, aes->devId);
- aes->magic = 0;
-}
-
-
-static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
- const byte* iv)
-{
- if (aes == NULL)
- return -1;
-
- XMEMCPY(aes->key, key, length); /* key still holds key, iv still in reg */
- if (length == 16)
- aes->type = AES_128;
- else if (length == 24)
- aes->type = AES_192;
- else if (length == 32)
- aes->type = AES_256;
-
- return wc_AesSetIV(aes, iv);
-}
-
-
-static int AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
- word32 length)
-{
- wolfssl_word offset = 0;
- word32 requestId;
-
- while (length > WOLFSSL_MAX_16BIT) {
- word16 slen = (word16)WOLFSSL_MAX_16BIT;
- if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
- aes->type, slen, (byte*)in + offset, out + offset,
- (byte*)aes->reg, (byte*)aes->key, &requestId,
- aes->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium Aes Encrypt");
- return -1;
- }
- length -= WOLFSSL_MAX_16BIT;
- offset += WOLFSSL_MAX_16BIT;
- XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- }
- if (length) {
- word16 slen = (word16)length;
- if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
- aes->type, slen, (byte*)in + offset, out + offset,
- (byte*)aes->reg, (byte*)aes->key, &requestId,
- aes->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium Aes Encrypt");
- return -1;
- }
- XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- }
- return 0;
-}
-
-static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
- word32 length)
-{
- word32 requestId;
- wolfssl_word offset = 0;
-
- while (length > WOLFSSL_MAX_16BIT) {
- word16 slen = (word16)WOLFSSL_MAX_16BIT;
- XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
- aes->type, slen, (byte*)in + offset, out + offset,
- (byte*)aes->reg, (byte*)aes->key, &requestId,
- aes->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium Aes Decrypt");
- return -1;
- }
- length -= WOLFSSL_MAX_16BIT;
- offset += WOLFSSL_MAX_16BIT;
- XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
- }
- if (length) {
- word16 slen = (word16)length;
- XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
- aes->type, slen, (byte*)in + offset, out + offset,
- (byte*)aes->reg, (byte*)aes->key, &requestId,
- aes->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium Aes Decrypt");
- return -1;
- }
- XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
- }
- return 0;
-}
-
-#endif /* HAVE_CAVIUM */
-
-#endif /* WOLFSSL_TI_CRYPT */
-
-#endif /* HAVE_FIPS */
-
-#endif /* NO_AES */
-
--- a/wolfcrypt/src/arc4.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,179 +0,0 @@
-/* arc4.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_RC4
-
-#include <wolfssl/wolfcrypt/arc4.h>
-
-#ifdef HAVE_CAVIUM
- static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length);
- static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
- word32 length);
-#endif
-
-
-void wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
-{
- word32 i;
- word32 keyIndex = 0, stateIndex = 0;
-
-#ifdef HAVE_CAVIUM
- if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC)
- return wc_Arc4CaviumSetKey(arc4, key, length);
-#endif
-
- arc4->x = 1;
- arc4->y = 0;
-
- for (i = 0; i < ARC4_STATE_SIZE; i++)
- arc4->state[i] = (byte)i;
-
- for (i = 0; i < ARC4_STATE_SIZE; i++) {
- word32 a = arc4->state[i];
- stateIndex += key[keyIndex] + a;
- stateIndex &= 0xFF;
- arc4->state[i] = arc4->state[stateIndex];
- arc4->state[stateIndex] = (byte)a;
-
- if (++keyIndex >= length)
- keyIndex = 0;
- }
-}
-
-
-static INLINE byte MakeByte(word32* x, word32* y, byte* s)
-{
- word32 a = s[*x], b;
- *y = (*y+a) & 0xff;
-
- b = s[*y];
- s[*x] = (byte)b;
- s[*y] = (byte)a;
- *x = (*x+1) & 0xff;
-
- return s[(a+b) & 0xff];
-}
-
-
-void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
-{
- word32 x;
- word32 y;
-
-#ifdef HAVE_CAVIUM
- if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC)
- return wc_Arc4CaviumProcess(arc4, out, in, length);
-#endif
-
- x = arc4->x;
- y = arc4->y;
-
- while(length--)
- *out++ = *in++ ^ MakeByte(&x, &y, arc4->state);
-
- arc4->x = (byte)x;
- arc4->y = (byte)y;
-}
-
-
-#ifdef HAVE_CAVIUM
-
-#include <wolfssl/wolfcrypt/logging.h>
-#include "cavium_common.h"
-
-/* Initiliaze Arc4 for use with Nitrox device */
-int wc_Arc4InitCavium(Arc4* arc4, int devId)
-{
- if (arc4 == NULL)
- return -1;
-
- if (CspAllocContext(CONTEXT_SSL, &arc4->contextHandle, devId) != 0)
- return -1;
-
- arc4->devId = devId;
- arc4->magic = WOLFSSL_ARC4_CAVIUM_MAGIC;
-
- return 0;
-}
-
-
-/* Free Arc4 from use with Nitrox device */
-void wc_Arc4FreeCavium(Arc4* arc4)
-{
- if (arc4 == NULL)
- return;
-
- if (arc4->magic != WOLFSSL_ARC4_CAVIUM_MAGIC)
- return;
-
- CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId);
- arc4->magic = 0;
-}
-
-
-static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length)
-{
- word32 requestId;
-
- if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->contextHandle, length,
- (byte*)key, &requestId, arc4->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium Arc4 Init");
- }
-}
-
-
-static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
- word32 length)
-{
- wolfssl_word offset = 0;
- word32 requestId;
-
- while (length > WOLFSSL_MAX_16BIT) {
- word16 slen = (word16)WOLFSSL_MAX_16BIT;
- if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
- slen, (byte*)in + offset, out + offset, &requestId,
- arc4->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium Arc4 Encrypt");
- }
- length -= WOLFSSL_MAX_16BIT;
- offset += WOLFSSL_MAX_16BIT;
- }
- if (length) {
- word16 slen = (word16)length;
- if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
- slen, (byte*)in + offset, out + offset, &requestId,
- arc4->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium Arc4 Encrypt");
- }
- }
-}
-
-#endif /* HAVE_CAVIUM */
-
-#endif /* NO_RC4 */
-
-
--- a/wolfcrypt/src/asm.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1619 +0,0 @@
-/* asm.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-/*
- * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
- * http://math.libtomcrypt.com
- */
-
-
-/******************************************************************/
-/* fp_montgomery_reduce.c asm or generic */
-
-
-/* Each platform needs to query info type 1 from cpuid to see if aesni is
- * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
- */
-
-#if defined(HAVE_INTEL_MULX)
-#ifndef _MSC_VER
- #define cpuid(reg, leaf, sub)\
- __asm__ __volatile__ ("cpuid":\
- "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
- "a" (leaf), "c"(sub));
-
- #define XASM_LINK(f) asm(f)
-#else
-
- #include <intrin.h>
- #define cpuid(a,b) __cpuid((int*)a,b)
-
- #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-#define EAX 0
-#define EBX 1
-#define ECX 2
-#define EDX 3
-
-#define CPUID_AVX1 0x1
-#define CPUID_AVX2 0x2
-#define CPUID_RDRAND 0x4
-#define CPUID_RDSEED 0x8
-#define CPUID_BMI2 0x10 /* MULX, RORX */
-#define CPUID_ADX 0x20 /* ADCX, ADOX */
-
-#define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1)
-#define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2)
-#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2)
-#define IS_INTEL_ADX (cpuid_flags&CPUID_ADX)
-#define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND)
-#define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED)
-#define SET_FLAGS
-
-static word32 cpuid_check = 0 ;
-static word32 cpuid_flags = 0 ;
-
-static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
- int got_intel_cpu=0;
- unsigned int reg[5];
-
- reg[4] = '\0' ;
- cpuid(reg, 0, 0);
- if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
- memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
- memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
- got_intel_cpu = 1;
- }
- if (got_intel_cpu) {
- cpuid(reg, leaf, sub);
- return((reg[num]>>bit)&0x1) ;
- }
- return 0 ;
-}
-
-INLINE static int set_cpuid_flags(void) {
- if(cpuid_check == 0) {
- if(cpuid_flag(7, 0, EBX, 8)){ cpuid_flags |= CPUID_BMI2 ; }
- if(cpuid_flag(7, 0, EBX,19)){ cpuid_flags |= CPUID_ADX ; }
- cpuid_check = 1 ;
- return 0 ;
- }
- return 1 ;
-}
-
-#define RETURN return
-#define IF_HAVE_INTEL_MULX(func, ret) \
- if(cpuid_check==0)set_cpuid_flags() ; \
- if(IS_INTEL_BMI2 && IS_INTEL_ADX){ func; ret ; }
-
-#else
- #define IF_HAVE_INTEL_MULX(func, ret)
-#endif
-
-#if defined(TFM_X86) && !defined(TFM_SSE2)
-/* x86-32 code */
-
-#define MONT_START
-#define MONT_FINI
-#define LOOP_END
-#define LOOP_START \
- mu = c[x] * mp
-
-#define INNERMUL \
-__asm__( \
- "movl %5,%%eax \n\t" \
- "mull %4 \n\t" \
- "addl %1,%%eax \n\t" \
- "adcl $0,%%edx \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl $0,%%edx \n\t" \
- "movl %%edx,%1 \n\t" \
-:"=g"(_c[LO]), "=r"(cy) \
-:"0"(_c[LO]), "1"(cy), "g"(mu), "g"(*tmpm++) \
-: "%eax", "%edx", "cc")
-
-#define PROPCARRY \
-__asm__( \
- "addl %1,%0 \n\t" \
- "setb %%al \n\t" \
- "movzbl %%al,%1 \n\t" \
-:"=g"(_c[LO]), "=r"(cy) \
-:"0"(_c[LO]), "1"(cy) \
-: "%eax", "cc")
-
-/******************************************************************/
-#elif defined(TFM_X86_64)
-/* x86-64 code */
-
-#define MONT_START
-#define MONT_FINI
-#define LOOP_END
-#define LOOP_START \
- mu = c[x] * mp;
-
-#define INNERMUL \
-__asm__( \
- "movq %5,%%rax \n\t" \
- "mulq %4 \n\t" \
- "addq %1,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rdx,%1 \n\t" \
-:"=g"(_c[LO]), "=r"(cy) \
-:"0"(_c[LO]), "1"(cy), "r"(mu), "r"(*tmpm++) \
-: "%rax", "%rdx", "cc")
-
-#if defined(HAVE_INTEL_MULX)
-#define MULX_INIT(a0, c0, cy)\
- __asm__ volatile( \
- "xorq %%r10, %%r10\n\t" \
- "movq %1,%%rdx\n\t" \
- "addq %2, %0\n\t" /* c0+=cy; Set CF, OF */ \
- "adoxq %%r10, %%r10\n\t" /* Reset OF */ \
- :"+m"(c0):"r"(a0),"r"(cy):"%r8","%r9", "%r10","%r11","%r12","%rdx") ; \
-
-#define MULX_INNERMUL_R1(c0, c1, pre, rdx)\
- { \
- __asm__ volatile ( \
- "movq %3, %%rdx\n\t" \
- "mulx %%r11,%%r9, %%r8 \n\t" \
- "movq %2, %%r12\n\t" \
- "adoxq %%r9,%0 \n\t" \
- "adcxq %%r8,%1 \n\t" \
- :"+r"(c0),"+r"(c1):"m"(pre),"r"(rdx):"%r8","%r9", "%r10", "%r11","%r12","%rdx" \
- ); }
-
-
-#define MULX_INNERMUL_R2(c0, c1, pre, rdx)\
- { \
- __asm__ volatile ( \
- "movq %3, %%rdx\n\t" \
- "mulx %%r12,%%r9, %%r8 \n\t" \
- "movq %2, %%r11\n\t" \
- "adoxq %%r9,%0 \n\t" \
- "adcxq %%r8,%1 \n\t" \
- :"+r"(c0),"+r"(c1):"m"(pre),"r"(rdx):"%r8","%r9", "%r10", "%r11","%r12","%rdx" \
- ); }
-
-#define MULX_LOAD_R1(val)\
- __asm__ volatile ( \
- "movq %0, %%r11\n\t"\
- ::"m"(val):"%r8","%r9", "%r10", "%r11","%r12","%rdx"\
-) ;
-
-#define MULX_INNERMUL_LAST(c0, c1, rdx)\
- { \
- __asm__ volatile ( \
- "movq %2, %%rdx\n\t" \
- "mulx %%r12,%%r9, %%r8 \n\t" \
- "movq $0, %%r10 \n\t" \
- "adoxq %%r10, %%r9 \n\t" \
- "adcq $0,%%r8 \n\t" \
- "addq %%r9,%0 \n\t" \
- "adcq $0,%%r8 \n\t" \
- "movq %%r8,%1 \n\t" \
- :"+m"(c0),"=m"(c1):"r"(rdx):"%r8","%r9","%r10", "%r11", "%r12","%rdx"\
- ); }
-
-#define MULX_INNERMUL8(x,y,z,cy)\
-{ word64 rdx = y ;\
- MULX_LOAD_R1(x[0]) ;\
- MULX_INIT(y, _c0, cy) ; /* rdx=y; z0+=cy; */ \
- MULX_INNERMUL_R1(_c0, _c1, x[1], rdx) ;\
- MULX_INNERMUL_R2(_c1, _c2, x[2], rdx) ;\
- MULX_INNERMUL_R1(_c2, _c3, x[3], rdx) ;\
- MULX_INNERMUL_R2(_c3, _c4, x[4], rdx) ;\
- MULX_INNERMUL_R1(_c4, _c5, x[5], rdx) ;\
- MULX_INNERMUL_R2(_c5, _c6, x[6], rdx) ;\
- MULX_INNERMUL_R1(_c6, _c7, x[7], rdx) ;\
- MULX_INNERMUL_LAST(_c7, cy, rdx) ;\
-}
-#define INNERMUL8_MULX \
-{\
- MULX_INNERMUL8(tmpm, mu, _c, cy);\
-}
-#endif
-
-#define INNERMUL8 \
- __asm__( \
- "movq 0(%5),%%rax \n\t" \
- "movq 0(%2),%%r10 \n\t" \
- "movq 0x8(%5),%%r11 \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq 0x8(%2),%%r10 \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
- "movq %%r11,%%rax \n\t" \
- "movq 0x10(%5),%%r11 \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq 0x10(%2),%%r10 \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0x8(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
- "movq %%r11,%%rax \n\t" \
- "movq 0x18(%5),%%r11 \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq 0x18(%2),%%r10 \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0x10(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
- "movq %%r11,%%rax \n\t" \
- "movq 0x20(%5),%%r11 \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq 0x20(%2),%%r10 \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0x18(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
- "movq %%r11,%%rax \n\t" \
- "movq 0x28(%5),%%r11 \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq 0x28(%2),%%r10 \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0x20(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
- "movq %%r11,%%rax \n\t" \
- "movq 0x30(%5),%%r11 \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq 0x30(%2),%%r10 \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0x28(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
- "movq %%r11,%%rax \n\t" \
- "movq 0x38(%5),%%r11 \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq 0x38(%2),%%r10 \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0x30(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
- "movq %%r11,%%rax \n\t" \
- "mulq %4 \n\t" \
- "addq %%r10,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "addq %3,%%rax \n\t" \
- "adcq $0,%%rdx \n\t" \
- "movq %%rax,0x38(%0) \n\t" \
- "movq %%rdx,%1 \n\t" \
- \
-:"=r"(_c), "=r"(cy) \
-: "0"(_c), "1"(cy), "g"(mu), "r"(tmpm)\
-: "%rax", "%rdx", "%r10", "%r11", "cc")\
-
-#define PROPCARRY \
-__asm__( \
- "addq %1,%0 \n\t" \
- "setb %%al \n\t" \
- "movzbq %%al,%1 \n\t" \
-:"=g"(_c[LO]), "=r"(cy) \
-:"0"(_c[LO]), "1"(cy) \
-: "%rax", "cc")
-
-/******************************************************************/
-#elif defined(TFM_SSE2)
-/* SSE2 code (assumes 32-bit fp_digits) */
-/* XMM register assignments:
- * xmm0 *tmpm++, then Mu * (*tmpm++)
- * xmm1 c[x], then Mu
- * xmm2 mp
- * xmm3 cy
- * xmm4 _c[LO]
- */
-
-#define MONT_START \
- __asm__("movd %0,%%mm2"::"g"(mp))
-
-#define MONT_FINI \
- __asm__("emms")
-
-#define LOOP_START \
-__asm__( \
-"movd %0,%%mm1 \n\t" \
-"pxor %%mm3,%%mm3 \n\t" \
-"pmuludq %%mm2,%%mm1 \n\t" \
-:: "g"(c[x]))
-
-/* pmuludq on mmx registers does a 32x32->64 multiply. */
-#define INNERMUL \
-__asm__( \
- "movd %1,%%mm4 \n\t" \
- "movd %2,%%mm0 \n\t" \
- "paddq %%mm4,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm0 \n\t" \
- "paddq %%mm0,%%mm3 \n\t" \
- "movd %%mm3,%0 \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-:"=g"(_c[LO]) : "0"(_c[LO]), "g"(*tmpm++) );
-
-#define INNERMUL8 \
-__asm__( \
- "movd 0(%1),%%mm4 \n\t" \
- "movd 0(%2),%%mm0 \n\t" \
- "paddq %%mm4,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm0 \n\t" \
- "movd 4(%2),%%mm5 \n\t" \
- "paddq %%mm0,%%mm3 \n\t" \
- "movd 4(%1),%%mm6 \n\t" \
- "movd %%mm3,0(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-\
- "paddq %%mm6,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm5 \n\t" \
- "movd 8(%2),%%mm6 \n\t" \
- "paddq %%mm5,%%mm3 \n\t" \
- "movd 8(%1),%%mm7 \n\t" \
- "movd %%mm3,4(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-\
- "paddq %%mm7,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm6 \n\t" \
- "movd 12(%2),%%mm7 \n\t" \
- "paddq %%mm6,%%mm3 \n\t" \
- "movd 12(%1),%%mm5 \n\t" \
- "movd %%mm3,8(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-\
- "paddq %%mm5,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm7 \n\t" \
- "movd 16(%2),%%mm5 \n\t" \
- "paddq %%mm7,%%mm3 \n\t" \
- "movd 16(%1),%%mm6 \n\t" \
- "movd %%mm3,12(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-\
- "paddq %%mm6,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm5 \n\t" \
- "movd 20(%2),%%mm6 \n\t" \
- "paddq %%mm5,%%mm3 \n\t" \
- "movd 20(%1),%%mm7 \n\t" \
- "movd %%mm3,16(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-\
- "paddq %%mm7,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm6 \n\t" \
- "movd 24(%2),%%mm7 \n\t" \
- "paddq %%mm6,%%mm3 \n\t" \
- "movd 24(%1),%%mm5 \n\t" \
- "movd %%mm3,20(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-\
- "paddq %%mm5,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm7 \n\t" \
- "movd 28(%2),%%mm5 \n\t" \
- "paddq %%mm7,%%mm3 \n\t" \
- "movd 28(%1),%%mm6 \n\t" \
- "movd %%mm3,24(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-\
- "paddq %%mm6,%%mm3 \n\t" \
- "pmuludq %%mm1,%%mm5 \n\t" \
- "paddq %%mm5,%%mm3 \n\t" \
- "movd %%mm3,28(%0) \n\t" \
- "psrlq $32, %%mm3 \n\t" \
-:"=r"(_c) : "0"(_c), "r"(tmpm) );
-
-/* TAO switched tmpm from "g" to "r" after gcc tried to index the indexed stack
- pointer */
-
-#define LOOP_END \
-__asm__( "movd %%mm3,%0 \n" :"=r"(cy))
-
-#define PROPCARRY \
-__asm__( \
- "addl %1,%0 \n\t" \
- "setb %%al \n\t" \
- "movzbl %%al,%1 \n\t" \
-:"=g"(_c[LO]), "=r"(cy) \
-:"0"(_c[LO]), "1"(cy) \
-: "%eax", "cc")
-
-/******************************************************************/
-#elif defined(TFM_ARM)
- /* ARMv4 code */
-
-#define MONT_START
-#define MONT_FINI
-#define LOOP_END
-#define LOOP_START \
- mu = c[x] * mp
-
-
-#ifdef __thumb__
-
-#define INNERMUL \
-__asm__( \
- " LDR r0,%1 \n\t" \
- " ADDS r0,r0,%0 \n\t" \
- " ITE CS \n\t" \
- " MOVCS %0,#1 \n\t" \
- " MOVCC %0,#0 \n\t" \
- " UMLAL r0,%0,%3,%4 \n\t" \
- " STR r0,%1 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"m"(_c[0]):"r0","cc");
-
-#define PROPCARRY \
-__asm__( \
- " LDR r0,%1 \n\t" \
- " ADDS r0,r0,%0 \n\t" \
- " STR r0,%1 \n\t" \
- " ITE CS \n\t" \
- " MOVCS %0,#1 \n\t" \
- " MOVCC %0,#0 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"m"(_c[0]):"r0","cc");
-
-
-/* TAO thumb mode uses ite (if then else) to detect carry directly
- * fixed unmatched constraint warning by changing 1 to m */
-
-#else /* __thumb__ */
-
-#define INNERMUL \
-__asm__( \
- " LDR r0,%1 \n\t" \
- " ADDS r0,r0,%0 \n\t" \
- " MOVCS %0,#1 \n\t" \
- " MOVCC %0,#0 \n\t" \
- " UMLAL r0,%0,%3,%4 \n\t" \
- " STR r0,%1 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c[0]):"r0","cc");
-
-#define PROPCARRY \
-__asm__( \
- " LDR r0,%1 \n\t" \
- " ADDS r0,r0,%0 \n\t" \
- " STR r0,%1 \n\t" \
- " MOVCS %0,#1 \n\t" \
- " MOVCC %0,#0 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","cc");
-
-#endif /* __thumb__ */
-
-#elif defined(TFM_PPC32)
-
-/* PPC32 */
-#define MONT_START
-#define MONT_FINI
-#define LOOP_END
-#define LOOP_START \
- mu = c[x] * mp
-
-#define INNERMUL \
-__asm__( \
- " mullw 16,%3,%4 \n\t" \
- " mulhwu 17,%3,%4 \n\t" \
- " addc 16,16,%0 \n\t" \
- " addze 17,17 \n\t" \
- " lwz 18,%1 \n\t" \
- " addc 16,16,18 \n\t" \
- " addze %0,17 \n\t" \
- " stw 16,%1 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm;
-
-#define PROPCARRY \
-__asm__( \
- " lwz 16,%1 \n\t" \
- " addc 16,16,%0 \n\t" \
- " stw 16,%1 \n\t" \
- " xor %0,%0,%0 \n\t" \
- " addze %0,%0 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc");
-
-#elif defined(TFM_PPC64)
-
-/* PPC64 */
-#define MONT_START
-#define MONT_FINI
-#define LOOP_END
-#define LOOP_START \
- mu = c[x] * mp
-
-#define INNERMUL \
-__asm__( \
- " mulld 16,%3,%4 \n\t" \
- " mulhdu 17,%3,%4 \n\t" \
- " addc 16,16,%0 \n\t" \
- " addze 17,17 \n\t" \
- " ldx 18,0,%1 \n\t" \
- " addc 16,16,18 \n\t" \
- " addze %0,17 \n\t" \
- " sdx 16,0,%1 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm;
-
-#define PROPCARRY \
-__asm__( \
- " ldx 16,0,%1 \n\t" \
- " addc 16,16,%0 \n\t" \
- " sdx 16,0,%1 \n\t" \
- " xor %0,%0,%0 \n\t" \
- " addze %0,%0 \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc");
-
-/******************************************************************/
-
-#elif defined(TFM_AVR32)
-
-/* AVR32 */
-#define MONT_START
-#define MONT_FINI
-#define LOOP_END
-#define LOOP_START \
- mu = c[x] * mp
-
-#define INNERMUL \
-__asm__( \
- " ld.w r2,%1 \n\t" \
- " add r2,%0 \n\t" \
- " eor r3,r3 \n\t" \
- " acr r3 \n\t" \
- " macu.d r2,%3,%4 \n\t" \
- " st.w %1,r2 \n\t" \
- " mov %0,r3 \n\t" \
-:"=r"(cy),"=r"(_c):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c):"r2","r3");
-
-#define PROPCARRY \
-__asm__( \
- " ld.w r2,%1 \n\t" \
- " add r2,%0 \n\t" \
- " st.w %1,r2 \n\t" \
- " eor %0,%0 \n\t" \
- " acr %0 \n\t" \
-:"=r"(cy),"=r"(&_c[0]):"0"(cy),"1"(&_c[0]):"r2","cc");
-
-#else
-
-/* ISO C code */
-#define MONT_START
-#define MONT_FINI
-#define LOOP_END
-#define LOOP_START \
- mu = c[x] * mp
-
-#define INNERMUL \
- do { fp_word t; \
- t = ((fp_word)_c[0] + (fp_word)cy) + \
- (((fp_word)mu) * ((fp_word)*tmpm++)); \
- _c[0] = (fp_digit)t; \
- cy = (fp_digit)(t >> DIGIT_BIT); \
- } while (0)
-
-#define PROPCARRY \
- do { fp_digit t = _c[0] += cy; cy = (t < cy); } while (0)
-
-#endif
-/******************************************************************/
-
-
-#define LO 0
-/* end fp_montogomery_reduce.c asm */
-
-
-/* start fp_sqr_comba.c asm */
-#if defined(TFM_X86)
-
-/* x86-32 optimized */
-
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI
-
-#define SQRADD(i, j) \
-__asm__( \
- "movl %6,%%eax \n\t" \
- "mull %%eax \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","cc");
-
-#define SQRADD2(i, j) \
-__asm__( \
- "movl %6,%%eax \n\t" \
- "mull %7 \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j) :"%eax","%edx", "cc");
-
-#define SQRADDSC(i, j) \
-__asm__( \
- "movl %3,%%eax \n\t" \
- "mull %4 \n\t" \
- "movl %%eax,%0 \n\t" \
- "movl %%edx,%1 \n\t" \
- "xorl %2,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%eax","%edx","cc");
-
-/* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */
-
-#define SQRADDAC(i, j) \
-__asm__( \
- "movl %6,%%eax \n\t" \
- "mull %7 \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","cc");
-
-#define SQRADDDB \
-__asm__( \
- "addl %6,%0 \n\t" \
- "adcl %7,%1 \n\t" \
- "adcl %8,%2 \n\t" \
- "addl %6,%0 \n\t" \
- "adcl %7,%1 \n\t" \
- "adcl %8,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");
-
-#elif defined(TFM_X86_64)
-/* x86-64 optimized */
-
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI
-
-#define SQRADD(i, j) \
-__asm__( \
- "movq %6,%%rax \n\t" \
- "mulq %%rax \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","cc");
-
-#define SQRADD2(i, j) \
-__asm__( \
- "movq %6,%%rax \n\t" \
- "mulq %7 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-#define SQRADDSC(i, j) \
-__asm__( \
- "movq %3,%%rax \n\t" \
- "mulq %4 \n\t" \
- "movq %%rax,%0 \n\t" \
- "movq %%rdx,%1 \n\t" \
- "xorq %2,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-/* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */
-
-#define SQRADDAC(i, j) \
-__asm__( \
- "movq %6,%%rax \n\t" \
- "mulq %7 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-#define SQRADDDB \
-__asm__( \
- "addq %6,%0 \n\t" \
- "adcq %7,%1 \n\t" \
- "adcq %8,%2 \n\t" \
- "addq %6,%0 \n\t" \
- "adcq %7,%1 \n\t" \
- "adcq %8,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");
-
-#elif defined(TFM_SSE2)
-
-/* SSE2 Optimized */
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI \
- __asm__("emms");
-
-#define SQRADD(i, j) \
-__asm__( \
- "movd %6,%%mm0 \n\t" \
- "pmuludq %%mm0,%%mm0\n\t" \
- "movd %%mm0,%%eax \n\t" \
- "psrlq $32,%%mm0 \n\t" \
- "addl %%eax,%0 \n\t" \
- "movd %%mm0,%%eax \n\t" \
- "adcl %%eax,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","cc");
-
-#define SQRADD2(i, j) \
-__asm__( \
- "movd %6,%%mm0 \n\t" \
- "movd %7,%%mm1 \n\t" \
- "pmuludq %%mm1,%%mm0\n\t" \
- "movd %%mm0,%%eax \n\t" \
- "psrlq $32,%%mm0 \n\t" \
- "movd %%mm0,%%edx \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j) :"%eax","%edx","cc");
-
-#define SQRADDSC(i, j) \
-__asm__( \
- "movd %3,%%mm0 \n\t" \
- "movd %4,%%mm1 \n\t" \
- "pmuludq %%mm1,%%mm0\n\t" \
- "movd %%mm0,%0 \n\t" \
- "psrlq $32,%%mm0 \n\t" \
- "movd %%mm0,%1 \n\t" \
- "xorl %2,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "m"(i), "m"(j));
-
-/* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */
-
-#define SQRADDAC(i, j) \
-__asm__( \
- "movd %6,%%mm0 \n\t" \
- "movd %7,%%mm1 \n\t" \
- "pmuludq %%mm1,%%mm0\n\t" \
- "movd %%mm0,%%eax \n\t" \
- "psrlq $32,%%mm0 \n\t" \
- "movd %%mm0,%%edx \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "m"(i), "m"(j) :"%eax","%edx","cc");
-
-#define SQRADDDB \
-__asm__( \
- "addl %6,%0 \n\t" \
- "adcl %7,%1 \n\t" \
- "adcl %8,%2 \n\t" \
- "addl %6,%0 \n\t" \
- "adcl %7,%1 \n\t" \
- "adcl %8,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");
-
-#elif defined(TFM_ARM)
-
-/* ARM code */
-
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI
-
-/* multiplies point i and j, updates carry "c1" and digit c2 */
-#define SQRADD(i, j) \
-__asm__( \
-" UMULL r0,r1,%6,%6 \n\t" \
-" ADDS %0,%0,r0 \n\t" \
-" ADCS %1,%1,r1 \n\t" \
-" ADC %2,%2,#0 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i) : "r0", "r1", "cc");
-
-/* for squaring some of the terms are doubled... */
-#define SQRADD2(i, j) \
-__asm__( \
-" UMULL r0,r1,%6,%7 \n\t" \
-" ADDS %0,%0,r0 \n\t" \
-" ADCS %1,%1,r1 \n\t" \
-" ADC %2,%2,#0 \n\t" \
-" ADDS %0,%0,r0 \n\t" \
-" ADCS %1,%1,r1 \n\t" \
-" ADC %2,%2,#0 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "cc");
-
-#define SQRADDSC(i, j) \
-__asm__( \
-" UMULL %0,%1,%3,%4 \n\t" \
-" SUB %2,%2,%2 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "r"(i), "r"(j) : "cc");
-
-/* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */
-
-#define SQRADDAC(i, j) \
-__asm__( \
-" UMULL r0,r1,%6,%7 \n\t" \
-" ADDS %0,%0,r0 \n\t" \
-" ADCS %1,%1,r1 \n\t" \
-" ADC %2,%2,#0 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "r0", "r1", "cc");
-
-#define SQRADDDB \
-__asm__( \
-" ADDS %0,%0,%3 \n\t" \
-" ADCS %1,%1,%4 \n\t" \
-" ADC %2,%2,%5 \n\t" \
-" ADDS %0,%0,%3 \n\t" \
-" ADCS %1,%1,%4 \n\t" \
-" ADC %2,%2,%5 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");
-
-#elif defined(TFM_PPC32)
-
-/* PPC32 */
-
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI
-
-/* multiplies point i and j, updates carry "c1" and digit c2 */
-#define SQRADD(i, j) \
-__asm__( \
- " mullw 16,%6,%6 \n\t" \
- " addc %0,%0,16 \n\t" \
- " mulhwu 16,%6,%6 \n\t" \
- " adde %1,%1,16 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"16","cc");
-
-/* for squaring some of the terms are doubled... */
-#define SQRADD2(i, j) \
-__asm__( \
- " mullw 16,%6,%7 \n\t" \
- " mulhwu 17,%6,%7 \n\t" \
- " addc %0,%0,16 \n\t" \
- " adde %1,%1,17 \n\t" \
- " addze %2,%2 \n\t" \
- " addc %0,%0,16 \n\t" \
- " adde %1,%1,17 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","cc");
-
-#define SQRADDSC(i, j) \
-__asm__( \
- " mullw %0,%6,%7 \n\t" \
- " mulhwu %1,%6,%7 \n\t" \
- " xor %2,%2,%2 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "cc");
-
-#define SQRADDAC(i, j) \
-__asm__( \
- " mullw 16,%6,%7 \n\t" \
- " addc %0,%0,16 \n\t" \
- " mulhwu 16,%6,%7 \n\t" \
- " adde %1,%1,16 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "cc");
-
-#define SQRADDDB \
-__asm__( \
- " addc %0,%0,%3 \n\t" \
- " adde %1,%1,%4 \n\t" \
- " adde %2,%2,%5 \n\t" \
- " addc %0,%0,%3 \n\t" \
- " adde %1,%1,%4 \n\t" \
- " adde %2,%2,%5 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");
-
-#elif defined(TFM_PPC64)
-/* PPC64 */
-
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI
-
-/* multiplies point i and j, updates carry "c1" and digit c2 */
-#define SQRADD(i, j) \
-__asm__( \
- " mulld 16,%6,%6 \n\t" \
- " addc %0,%0,16 \n\t" \
- " mulhdu 16,%6,%6 \n\t" \
- " adde %1,%1,16 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"16","cc");
-
-/* for squaring some of the terms are doubled... */
-#define SQRADD2(i, j) \
-__asm__( \
- " mulld 16,%6,%7 \n\t" \
- " mulhdu 17,%6,%7 \n\t" \
- " addc %0,%0,16 \n\t" \
- " adde %1,%1,17 \n\t" \
- " addze %2,%2 \n\t" \
- " addc %0,%0,16 \n\t" \
- " adde %1,%1,17 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","cc");
-
-#define SQRADDSC(i, j) \
-__asm__( \
- " mulld %0,%6,%7 \n\t" \
- " mulhdu %1,%6,%7 \n\t" \
- " xor %2,%2,%2 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "cc");
-
-#define SQRADDAC(i, j) \
-__asm__( \
- " mulld 16,%6,%7 \n\t" \
- " addc %0,%0,16 \n\t" \
- " mulhdu 16,%6,%7 \n\t" \
- " adde %1,%1,16 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "cc");
-
-#define SQRADDDB \
-__asm__( \
- " addc %0,%0,%3 \n\t" \
- " adde %1,%1,%4 \n\t" \
- " adde %2,%2,%5 \n\t" \
- " addc %0,%0,%3 \n\t" \
- " adde %1,%1,%4 \n\t" \
- " adde %2,%2,%5 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");
-
-
-#elif defined(TFM_AVR32)
-
-/* AVR32 */
-
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI
-
-/* multiplies point i and j, updates carry "c1" and digit c2 */
-#define SQRADD(i, j) \
-__asm__( \
- " mulu.d r2,%6,%6 \n\t" \
- " add %0,%0,r2 \n\t" \
- " adc %1,%1,r3 \n\t" \
- " acr %2 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"r2","r3");
-
-/* for squaring some of the terms are doubled... */
-#define SQRADD2(i, j) \
-__asm__( \
- " mulu.d r2,%6,%7 \n\t" \
- " add %0,%0,r2 \n\t" \
- " adc %1,%1,r3 \n\t" \
- " acr %2, \n\t" \
- " add %0,%0,r2 \n\t" \
- " adc %1,%1,r3 \n\t" \
- " acr %2, \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"r2", "r3");
-
-#define SQRADDSC(i, j) \
-__asm__( \
- " mulu.d r2,%6,%7 \n\t" \
- " mov %0,r2 \n\t" \
- " mov %1,r3 \n\t" \
- " eor %2,%2 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "r2", "r3");
-
-#define SQRADDAC(i, j) \
-__asm__( \
- " mulu.d r2,%6,%7 \n\t" \
- " add %0,%0,r2 \n\t" \
- " adc %1,%1,r3 \n\t" \
- " acr %2 \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"r2", "r3");
-
-#define SQRADDDB \
-__asm__( \
- " add %0,%0,%3 \n\t" \
- " adc %1,%1,%4 \n\t" \
- " adc %2,%2,%5 \n\t" \
- " add %0,%0,%3 \n\t" \
- " adc %1,%1,%4 \n\t" \
- " adc %2,%2,%5 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");
-
-
-#else
-
-#define TFM_ISO
-
-/* ISO C portable code */
-
-#define COMBA_START
-
-#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_FINI
-
-/* multiplies point i and j, updates carry "c1" and digit c2 */
-#define SQRADD(i, j) \
- do { fp_word t; \
- t = c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \
- t = c1 + (t >> DIGIT_BIT); c1 = (fp_digit)t; \
- c2 +=(fp_digit) (t >> DIGIT_BIT); \
- } while (0);
-
-
-/* for squaring some of the terms are doubled... */
-#define SQRADD2(i, j) \
- do { fp_word t; \
- t = ((fp_word)i) * ((fp_word)j); \
- tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \
- tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \
- c2 +=(fp_digit)( tt >> DIGIT_BIT); \
- tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \
- tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \
- c2 +=(fp_digit) (tt >> DIGIT_BIT); \
- } while (0);
-
-#define SQRADDSC(i, j) \
- do { fp_word t; \
- t = ((fp_word)i) * ((fp_word)j); \
- sc0 = (fp_digit)t; sc1 = (t >> DIGIT_BIT); sc2 = 0; \
- } while (0);
-
-#define SQRADDAC(i, j) \
- do { fp_word t; \
- t = sc0 + ((fp_word)i) * ((fp_word)j); sc0 = (fp_digit)t; \
- t = sc1 + (t >> DIGIT_BIT); sc1 = (fp_digit)t; \
- sc2 += (fp_digit)(t >> DIGIT_BIT); \
- } while (0);
-
-#define SQRADDDB \
- do { fp_word t; \
- t = ((fp_word)sc0) + ((fp_word)sc0) + c0; c0 = (fp_digit)t; \
- t = ((fp_word)sc1) + ((fp_word)sc1) + c1 + (t >> DIGIT_BIT); \
- c1 = (fp_digit)t; \
- c2 = c2 + (fp_digit)(((fp_word)sc2) + ((fp_word)sc2) + (t >> DIGIT_BIT)); \
- } while (0);
-
-#endif
-
-#ifdef TFM_SMALL_SET
- #include "fp_sqr_comba_small_set.i"
-#endif
-
-#if defined(TFM_SQR3)
- #include "fp_sqr_comba_3.i"
-#endif
-#if defined(TFM_SQR4)
- #include "fp_sqr_comba_4.i"
-#endif
-#if defined(TFM_SQR6)
- #include "fp_sqr_comba_6.i"
-#endif
-#if defined(TFM_SQR7)
- #include "fp_sqr_comba_7.i"
-#endif
-#if defined(TFM_SQR8)
- #include "fp_sqr_comba_8.i"
-#endif
-#if defined(TFM_SQR9)
- #include "fp_sqr_comba_9.i"
-#endif
-#if defined(TFM_SQR12)
- #include "fp_sqr_comba_12.i"
-#endif
-#if defined(TFM_SQR17)
- #include "fp_sqr_comba_17.i"
-#endif
-#if defined(TFM_SQR20)
- #include "fp_sqr_comba_20.i"
-#endif
-#if defined(TFM_SQR24)
- #include "fp_sqr_comba_24.i"
-#endif
-#if defined(TFM_SQR28)
- #include "fp_sqr_comba_28.i"
-#endif
-#if defined(TFM_SQR32)
- #include "fp_sqr_comba_32.i"
-#endif
-#if defined(TFM_SQR48)
- #include "fp_sqr_comba_48.i"
-#endif
-#if defined(TFM_SQR64)
- #include "fp_sqr_comba_64.i"
-#endif
-/* end fp_sqr_comba.c asm */
-
-/* start fp_mul_comba.c asm */
-/* these are the combas. Worship them. */
-#if defined(TFM_X86)
-/* Generic x86 optimized code */
-
-/* anything you need at the start */
-#define COMBA_START
-
-/* clear the chaining variables */
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-/* forward the carry to the next digit */
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-/* store the first sum */
-#define COMBA_STORE(x) \
- x = c0;
-
-/* store the second sum [carry] */
-#define COMBA_STORE2(x) \
- x = c1;
-
-/* anything you need at the end */
-#define COMBA_FINI
-
-/* this should multiply i and j */
-#define MULADD(i, j) \
-__asm__( \
- "movl %6,%%eax \n\t" \
- "mull %7 \n\t" \
- "addl %%eax,%0 \n\t" \
- "adcl %%edx,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j) :"%eax","%edx","cc");
-
-#elif defined(TFM_X86_64)
-/* x86-64 optimized */
-
-/* anything you need at the start */
-#define COMBA_START
-
-/* clear the chaining variables */
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-/* forward the carry to the next digit */
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-/* store the first sum */
-#define COMBA_STORE(x) \
- x = c0;
-
-/* store the second sum [carry] */
-#define COMBA_STORE2(x) \
- x = c1;
-
-/* anything you need at the end */
-#define COMBA_FINI
-
-/* this should multiply i and j */
-#define MULADD(i, j) \
-__asm__ ( \
- "movq %6,%%rax \n\t" \
- "mulq %7 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-
-#if defined(HAVE_INTEL_MULX)
-#define MULADD_MULX(b0, c0, c1, rdx)\
- __asm__ volatile ( \
- "movq %3, %%rdx\n\t" \
- "mulx %2,%%r9, %%r8 \n\t" \
- "adoxq %%r9,%0 \n\t" \
- "adcxq %%r8,%1 \n\t" \
- :"+r"(c0),"+r"(c1):"r"(b0), "r"(rdx):"%r8","%r9","%r10","%rdx"\
- )
-
-
-#define MULADD_MULX_ADD_CARRY(c0, c1)\
- __asm__ volatile(\
- "mov $0, %%r10\n\t"\
- "movq %1, %%r8\n\t"\
- "adox %%r10, %0\n\t"\
- "adcx %%r10, %1\n\t"\
- :"+r"(c0),"+r"(c1)::"%r8","%r9","%r10","%rdx") ;
-
-#define MULADD_SET_A(a0)\
- __asm__ volatile("add $0, %%r8\n\t" \
- "movq %0,%%rdx\n\t" \
- ::"r"(a0):"%r8","%r9","%r10","%rdx") ;
-
-#define MULADD_BODY(a,b,c)\
- { word64 rdx = a->dp[ix] ; \
- cp = &(c->dp[iz]) ; \
- c0 = cp[0] ; c1 = cp[1]; \
- MULADD_SET_A(rdx) ; \
- MULADD_MULX(b0, c0, c1, rdx) ;\
- cp[0]=c0; c0=cp[2]; \
- MULADD_MULX(b1, c1, c0, rdx) ;\
- cp[1]=c1; c1=cp[3]; \
- MULADD_MULX(b2, c0, c1, rdx) ;\
- cp[2]=c0; c0=cp[4]; \
- MULADD_MULX(b3, c1, c0, rdx) ;\
- cp[3]=c1; c1=cp[5]; \
- MULADD_MULX_ADD_CARRY(c0, c1);\
- cp[4]=c0; cp[5]=c1; \
- }
-
-#define TFM_INTEL_MUL_COMBA(a, b, c)\
- for(ix=0; ix<pa; ix++)c->dp[ix]=0 ; \
- for(iy=0; (iy<b->used); iy+=4) { \
- fp_digit *bp ; \
- bp = &(b->dp[iy+0]) ; \
- fp_digit b0 = bp[0] , b1= bp[1], \
- b2= bp[2], b3= bp[3]; \
- ix=0, iz=iy; \
- while(ix<a->used) { \
- fp_digit c0, c1; \
- fp_digit *cp ; \
- MULADD_BODY(a,b,c); \
- ix++ ; iz++ ; \
- } \
-};
-#endif
-
-#elif defined(TFM_SSE2)
-/* use SSE2 optimizations */
-
-/* anything you need at the start */
-#define COMBA_START
-
-/* clear the chaining variables */
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-/* forward the carry to the next digit */
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-/* store the first sum */
-#define COMBA_STORE(x) \
- x = c0;
-
-/* store the second sum [carry] */
-#define COMBA_STORE2(x) \
- x = c1;
-
-/* anything you need at the end */
-#define COMBA_FINI \
- __asm__("emms");
-
-/* this should multiply i and j */
-#define MULADD(i, j) \
-__asm__( \
- "movd %6,%%mm0 \n\t" \
- "movd %7,%%mm1 \n\t" \
- "pmuludq %%mm1,%%mm0\n\t" \
- "movd %%mm0,%%eax \n\t" \
- "psrlq $32,%%mm0 \n\t" \
- "addl %%eax,%0 \n\t" \
- "movd %%mm0,%%eax \n\t" \
- "adcl %%eax,%1 \n\t" \
- "adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j) :"%eax","cc");
-
-#elif defined(TFM_ARM)
-/* ARM code */
-
-#define COMBA_START
-
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define COMBA_FINI
-
-#define MULADD(i, j) \
-__asm__( \
-" UMULL r0,r1,%6,%7 \n\t" \
-" ADDS %0,%0,r0 \n\t" \
-" ADCS %1,%1,r1 \n\t" \
-" ADC %2,%2,#0 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "cc");
-
-#elif defined(TFM_PPC32)
-/* For 32-bit PPC */
-
-#define COMBA_START
-
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define COMBA_FINI
-
-/* untested: will mulhwu change the flags? Docs say no */
-#define MULADD(i, j) \
-__asm__( \
- " mullw 16,%6,%7 \n\t" \
- " addc %0,%0,16 \n\t" \
- " mulhwu 16,%6,%7 \n\t" \
- " adde %1,%1,16 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16");
-
-#elif defined(TFM_PPC64)
-/* For 64-bit PPC */
-
-#define COMBA_START
-
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define COMBA_FINI
-
-/* untested: will mulhwu change the flags? Docs say no */
-#define MULADD(i, j) \
-____asm__( \
- " mulld 16,%6,%7 \n\t" \
- " addc %0,%0,16 \n\t" \
- " mulhdu 16,%6,%7 \n\t" \
- " adde %1,%1,16 \n\t" \
- " addze %2,%2 \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16");
-
-#elif defined(TFM_AVR32)
-
-/* ISO C code */
-
-#define COMBA_START
-
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define COMBA_FINI
-
-#define MULADD(i, j) \
-____asm__( \
- " mulu.d r2,%6,%7 \n\t"\
- " add %0,r2 \n\t"\
- " adc %1,%1,r3 \n\t"\
- " acr %2 \n\t"\
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"r2","r3");
-
-#else
-/* ISO C code */
-
-#define COMBA_START
-
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-#define COMBA_STORE(x) \
- x = c0;
-
-#define COMBA_STORE2(x) \
- x = c1;
-
-#define COMBA_FINI
-
-#define MULADD(i, j) \
- do { fp_word t; \
- t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \
- t = (fp_word)c1 + (t >> DIGIT_BIT); \
- c1 = (fp_digit)t; c2 += (fp_digit)(t >> DIGIT_BIT); \
- } while (0);
-
-#endif
-
-
-#ifdef TFM_SMALL_SET
- #include "fp_mul_comba_small_set.i"
-#endif
-
-#if defined(TFM_MUL3)
- #include "fp_mul_comba_3.i"
-#endif
-#if defined(TFM_MUL4)
- #include "fp_mul_comba_4.i"
-#endif
-#if defined(TFM_MUL6)
- #include "fp_mul_comba_6.i"
-#endif
-#if defined(TFM_MUL7)
- #include "fp_mul_comba_7.i"
-#endif
-#if defined(TFM_MUL8)
- #include "fp_mul_comba_8.i"
-#endif
-#if defined(TFM_MUL9)
- #include "fp_mul_comba_9.i"
-#endif
-#if defined(TFM_MUL12)
- #include "fp_mul_comba_12.i"
-#endif
-#if defined(TFM_MUL17)
- #include "fp_mul_comba_17.i"
-#endif
-#if defined(TFM_MUL20)
- #include "fp_mul_comba_20.i"
-#endif
-#if defined(TFM_MUL24)
- #include "fp_mul_comba_24.i"
-#endif
-#if defined(TFM_MUL28)
- #include "fp_mul_comba_28.i"
-#endif
-#if defined(TFM_MUL32)
- #include "fp_mul_comba_32.i"
-#endif
-#if defined(TFM_MUL48)
- #include "fp_mul_comba_48.i"
-#endif
-#if defined(TFM_MUL64)
- #include "fp_mul_comba_64.i"
-#endif
-
-/* end fp_mul_comba.c asm */
-
-
--- a/wolfcrypt/src/asn.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,7795 +0,0 @@
-/* asn.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_ASN
-
-#ifdef HAVE_RTP_SYS
- #include "os.h" /* dc_rtc_api needs */
- #include "dc_rtc_api.h" /* to get current time */
-#endif
-
-#include <wolfssl/wolfcrypt/asn.h>
-#include <wolfssl/wolfcrypt/coding.h>
-#include <wolfssl/wolfcrypt/md2.h>
-#include <wolfssl/wolfcrypt/hmac.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/pwdbased.h>
-#include <wolfssl/wolfcrypt/des3.h>
-#include <wolfssl/wolfcrypt/logging.h>
-
-#include <wolfssl/wolfcrypt/random.h>
-
-
-#ifndef NO_RC4
- #include <wolfssl/wolfcrypt/arc4.h>
-#endif
-
-#ifdef HAVE_NTRU
- #include "ntru_crypto.h"
-#endif
-
-#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
- #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-
-#ifndef NO_SHA256
- #include <wolfssl/wolfcrypt/sha256.h>
-#endif
-
-#ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
-#endif
-
-#ifdef WOLFSSL_DEBUG_ENCODING
- #ifdef FREESCALE_MQX
- #include <fio.h>
- #else
- #include <stdio.h>
- #endif
-#endif
-
-#ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
- #pragma warning(disable: 4996)
-#endif
-
-
-#ifndef TRUE
- #define TRUE 1
-#endif
-#ifndef FALSE
- #define FALSE 0
-#endif
-
-
-#ifdef HAVE_RTP_SYS
- /* uses parital <time.h> structures */
- #define XTIME(tl) (0)
- #define XGMTIME(c, t) my_gmtime((c))
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(MICRIUM)
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- #define XVALIDATE_DATE(d,f,t) NetSecure_ValidateDateHandler((d),(f),(t))
- #else
- #define XVALIDATE_DATE(d, f, t) (0)
- #endif
- #define NO_TIME_H
- /* since Micrium not defining XTIME or XGMTIME, CERT_GEN not available */
-#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
- #include <time.h>
- #define XTIME(t1) pic32_time((t1))
- #define XGMTIME(c, t) gmtime((c))
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(FREESCALE_MQX)
- #define XTIME(t1) mqx_time((t1))
- #define XGMTIME(c, t) mqx_gmtime((c), (t))
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(WOLFSSL_MDK_ARM)
- #if defined(WOLFSSL_MDK5)
- #include "cmsis_os.h"
- #else
- #include <rtl.h>
- #endif
- #undef RNG
- #include "wolfssl_MDK_ARM.h"
- #undef RNG
- #define RNG wolfSSL_RNG /*for avoiding name conflict in "stm32f2xx.h" */
- #define XTIME(tl) (0)
- #define XGMTIME(c, t) wolfssl_MDK_gmtime((c))
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(USER_TIME)
- /* user time, and gmtime compatible functions, there is a gmtime
- implementation here that WINCE uses, so really just need some ticks
- since the EPOCH
- */
-
- struct tm {
- int tm_sec; /* seconds after the minute [0-60] */
- int tm_min; /* minutes after the hour [0-59] */
- int tm_hour; /* hours since midnight [0-23] */
- int tm_mday; /* day of the month [1-31] */
- int tm_mon; /* months since January [0-11] */
- int tm_year; /* years since 1900 */
- int tm_wday; /* days since Sunday [0-6] */
- int tm_yday; /* days since January 1 [0-365] */
- int tm_isdst; /* Daylight Savings Time flag */
- long tm_gmtoff; /* offset from CUT in seconds */
- char *tm_zone; /* timezone abbreviation */
- };
- typedef long time_t;
-
- /* forward declaration */
- struct tm* gmtime(const time_t* timer);
- extern time_t XTIME(time_t * timer);
-
- #define XGMTIME(c, t) gmtime((c))
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-
- #ifdef STACK_TRAP
- /* for stack trap tracking, don't call os gmtime on OS X/linux,
- uses a lot of stack spce */
- extern time_t time(time_t * timer);
- #define XTIME(tl) time((tl))
- #endif /* STACK_TRAP */
-
-#elif defined(TIME_OVERRIDES)
- /* user would like to override time() and gmtime() functionality */
-
- #ifndef HAVE_TIME_T_TYPE
- typedef long time_t;
- #endif
- extern time_t XTIME(time_t * timer);
-
- #ifndef HAVE_TM_TYPE
- struct tm {
- int tm_sec; /* seconds after the minute [0-60] */
- int tm_min; /* minutes after the hour [0-59] */
- int tm_hour; /* hours since midnight [0-23] */
- int tm_mday; /* day of the month [1-31] */
- int tm_mon; /* months since January [0-11] */
- int tm_year; /* years since 1900 */
- int tm_wday; /* days since Sunday [0-6] */
- int tm_yday; /* days since January 1 [0-365] */
- int tm_isdst; /* Daylight Savings Time flag */
- long tm_gmtoff; /* offset from CUT in seconds */
- char *tm_zone; /* timezone abbreviation */
- };
- #endif
- extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp);
-
- #ifndef HAVE_VALIDATE_DATE
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
- #endif
-#else
- /* default */
- /* uses complete <time.h> facility */
- #include <time.h>
- #define XTIME(tl) time((tl))
- #define XGMTIME(c, t) gmtime((c))
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#endif
-
-
-#ifdef _WIN32_WCE
-/* no time() or gmtime() even though in time.h header?? */
-
-#include <windows.h>
-
-
-time_t time(time_t* timer)
-{
- SYSTEMTIME sysTime;
- FILETIME fTime;
- ULARGE_INTEGER intTime;
- time_t localTime;
-
- if (timer == NULL)
- timer = &localTime;
-
- GetSystemTime(&sysTime);
- SystemTimeToFileTime(&sysTime, &fTime);
-
- XMEMCPY(&intTime, &fTime, sizeof(FILETIME));
- /* subtract EPOCH */
- intTime.QuadPart -= 0x19db1ded53e8000;
- /* to secs */
- intTime.QuadPart /= 10000000;
- *timer = (time_t)intTime.QuadPart;
-
- return *timer;
-}
-
-#endif /* _WIN32_WCE */
-#if defined( _WIN32_WCE ) || defined( USER_TIME )
-
-struct tm* gmtime(const time_t* timer)
-{
- #define YEAR0 1900
- #define EPOCH_YEAR 1970
- #define SECS_DAY (24L * 60L * 60L)
- #define LEAPYEAR(year) (!((year) % 4) && (((year) % 100) || !((year) %400)))
- #define YEARSIZE(year) (LEAPYEAR(year) ? 366 : 365)
-
- static const int _ytab[2][12] =
- {
- {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
- {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}
- };
-
- static struct tm st_time;
- struct tm* ret = &st_time;
- time_t secs = *timer;
- unsigned long dayclock, dayno;
- int year = EPOCH_YEAR;
-
- dayclock = (unsigned long)secs % SECS_DAY;
- dayno = (unsigned long)secs / SECS_DAY;
-
- ret->tm_sec = (int) dayclock % 60;
- ret->tm_min = (int)(dayclock % 3600) / 60;
- ret->tm_hour = (int) dayclock / 3600;
- ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */
-
- while(dayno >= (unsigned long)YEARSIZE(year)) {
- dayno -= YEARSIZE(year);
- year++;
- }
-
- ret->tm_year = year - YEAR0;
- ret->tm_yday = (int)dayno;
- ret->tm_mon = 0;
-
- while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) {
- dayno -= _ytab[LEAPYEAR(year)][ret->tm_mon];
- ret->tm_mon++;
- }
-
- ret->tm_mday = (int)++dayno;
- ret->tm_isdst = 0;
-
- return ret;
-}
-
-#endif /* _WIN32_WCE || USER_TIME */
-
-
-#ifdef HAVE_RTP_SYS
-
-#define YEAR0 1900
-
-struct tm* my_gmtime(const time_t* timer) /* has a gmtime() but hangs */
-{
- static struct tm st_time;
- struct tm* ret = &st_time;
-
- DC_RTC_CALENDAR cal;
- dc_rtc_time_get(&cal, TRUE);
-
- ret->tm_year = cal.year - YEAR0; /* gm starts at 1900 */
- ret->tm_mon = cal.month - 1; /* gm starts at 0 */
- ret->tm_mday = cal.day;
- ret->tm_hour = cal.hour;
- ret->tm_min = cal.minute;
- ret->tm_sec = cal.second;
-
- return ret;
-}
-
-#endif /* HAVE_RTP_SYS */
-
-
-#if defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
-
-/*
- * time() is just a stub in Microchip libraries. We need our own
- * implementation. Use SNTP client to get seconds since epoch.
- */
-time_t pic32_time(time_t* timer)
-{
-#ifdef MICROCHIP_TCPIP_V5
- DWORD sec = 0;
-#else
- uint32_t sec = 0;
-#endif
- time_t localTime;
-
- if (timer == NULL)
- timer = &localTime;
-
-#ifdef MICROCHIP_MPLAB_HARMONY
- sec = TCPIP_SNTP_UTCSecondsGet();
-#else
- sec = SNTPGetUTCSeconds();
-#endif
- *timer = (time_t) sec;
-
- return *timer;
-}
-
-#endif /* MICROCHIP_TCPIP */
-
-
-#ifdef FREESCALE_MQX
-
-time_t mqx_time(time_t* timer)
-{
- time_t localTime;
- TIME_STRUCT time_s;
-
- if (timer == NULL)
- timer = &localTime;
-
- _time_get(&time_s);
- *timer = (time_t) time_s.SECONDS;
-
- return *timer;
-}
-
-/* CodeWarrior GCC toolchain only has gmtime_r(), no gmtime() */
-struct tm* mqx_gmtime(const time_t* clock, struct tm* tmpTime)
-{
- return gmtime_r(clock, tmpTime);
-}
-
-#endif /* FREESCALE_MQX */
-
-#ifdef WOLFSSL_TIRTOS
-
-time_t XTIME(time_t * timer)
-{
- time_t sec = 0;
-
- sec = (time_t) Seconds_get();
-
- if (timer != NULL)
- *timer = sec;
-
- return sec;
-}
-
-#endif /* WOLFSSL_TIRTOS */
-
-static INLINE word32 btoi(byte b)
-{
- return b - 0x30;
-}
-
-
-/* two byte date/time, add to value */
-static INLINE void GetTime(int* value, const byte* date, int* idx)
-{
- int i = *idx;
-
- *value += btoi(date[i++]) * 10;
- *value += btoi(date[i++]);
-
- *idx = i;
-}
-
-
-#if defined(MICRIUM)
-
-CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format,
- CPU_INT08U dateType)
-{
- CPU_BOOLEAN rtn_code;
- CPU_INT32S i;
- CPU_INT32S val;
- CPU_INT16U year;
- CPU_INT08U month;
- CPU_INT16U day;
- CPU_INT08U hour;
- CPU_INT08U min;
- CPU_INT08U sec;
-
- i = 0;
- year = 0u;
-
- if (format == ASN_UTC_TIME) {
- if (btoi(date[0]) >= 5)
- year = 1900;
- else
- year = 2000;
- }
- else { /* format == GENERALIZED_TIME */
- year += btoi(date[i++]) * 1000;
- year += btoi(date[i++]) * 100;
- }
-
- val = year;
- GetTime(&val, date, &i);
- year = (CPU_INT16U)val;
-
- val = 0;
- GetTime(&val, date, &i);
- month = (CPU_INT08U)val;
-
- val = 0;
- GetTime(&val, date, &i);
- day = (CPU_INT16U)val;
-
- val = 0;
- GetTime(&val, date, &i);
- hour = (CPU_INT08U)val;
-
- val = 0;
- GetTime(&val, date, &i);
- min = (CPU_INT08U)val;
-
- val = 0;
- GetTime(&val, date, &i);
- sec = (CPU_INT08U)val;
-
- return NetSecure_ValidateDate(year, month, day, hour, min, sec, dateType);
-}
-
-#endif /* MICRIUM */
-
-
-WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx)
-{
- int length = 0;
- word32 i = *inOutIdx;
- byte b;
-
- *len = 0; /* default length */
-
- if ( (i+1) > maxIdx) { /* for first read */
- WOLFSSL_MSG("GetLength bad index on input");
- return BUFFER_E;
- }
-
- b = input[i++];
- if (b >= ASN_LONG_LENGTH) {
- word32 bytes = b & 0x7F;
-
- if ( (i+bytes) > maxIdx) { /* for reading bytes */
- WOLFSSL_MSG("GetLength bad long length");
- return BUFFER_E;
- }
-
- while (bytes--) {
- b = input[i++];
- length = (length << 8) | b;
- }
- }
- else
- length = b;
-
- if ( (i+length) > maxIdx) { /* for user of length */
- WOLFSSL_MSG("GetLength value exceeds buffer length");
- return BUFFER_E;
- }
-
- *inOutIdx = i;
- if (length > 0)
- *len = length;
-
- return length;
-}
-
-
-WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx)
-{
- int length = -1;
- word32 idx = *inOutIdx;
-
- if (input[idx++] != (ASN_SEQUENCE | ASN_CONSTRUCTED) ||
- GetLength(input, &idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- *len = length;
- *inOutIdx = idx;
-
- return length;
-}
-
-
-WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx)
-{
- int length = -1;
- word32 idx = *inOutIdx;
-
- if (input[idx++] != (ASN_SET | ASN_CONSTRUCTED) ||
- GetLength(input, &idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- *len = length;
- *inOutIdx = idx;
-
- return length;
-}
-
-
-/* winodws header clash for WinCE using GetVersion */
-WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int* version)
-{
- word32 idx = *inOutIdx;
-
- WOLFSSL_ENTER("GetMyVersion");
-
- if (input[idx++] != ASN_INTEGER)
- return ASN_PARSE_E;
-
- if (input[idx++] != 0x01)
- return ASN_VERSION_E;
-
- *version = input[idx++];
- *inOutIdx = idx;
-
- return *version;
-}
-
-
-#ifndef NO_PWDBASED
-/* Get small count integer, 32 bits or less */
-static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
-{
- word32 idx = *inOutIdx;
- word32 len;
-
- *number = 0;
-
- if (input[idx++] != ASN_INTEGER)
- return ASN_PARSE_E;
-
- len = input[idx++];
- if (len > 4)
- return ASN_PARSE_E;
-
- while (len--) {
- *number = *number << 8 | input[idx++];
- }
-
- *inOutIdx = idx;
-
- return *number;
-}
-#endif /* !NO_PWDBASED */
-
-
-/* May not have one, not an error */
-static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
-{
- word32 idx = *inOutIdx;
-
- WOLFSSL_ENTER("GetExplicitVersion");
- if (input[idx++] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
- *inOutIdx = ++idx; /* eat header */
- return GetMyVersion(input, inOutIdx, version);
- }
-
- /* go back as is */
- *version = 0;
-
- return 0;
-}
-
-
-WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
- word32 maxIdx)
-{
- word32 i = *inOutIdx;
- byte b = input[i++];
- int length;
-
- if (b != ASN_INTEGER)
- return ASN_PARSE_E;
-
- if (GetLength(input, &i, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- if ( (b = input[i++]) == 0x00)
- length--;
- else
- i--;
-
- if (mp_init(mpi) != MP_OKAY)
- return MP_INIT_E;
-
- if (mp_read_unsigned_bin(mpi, (byte*)input + i, length) != 0) {
- mp_clear(mpi);
- return ASN_GETINT_E;
- }
-
- *inOutIdx = i + length;
- return 0;
-}
-
-
-static int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
- word32 maxIdx)
-{
- int length;
- word32 i = *inOutIdx;
- byte b;
- *oid = 0;
-
- b = input[i++];
- if (b != ASN_OBJECT_ID)
- return ASN_OBJECT_ID_E;
-
- if (GetLength(input, &i, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- while(length--)
- *oid += input[i++];
- /* just sum it up for now */
-
- *inOutIdx = i;
-
- return 0;
-}
-
-
-WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
- word32 maxIdx)
-{
- int length;
- word32 i = *inOutIdx;
- byte b;
- *oid = 0;
-
- WOLFSSL_ENTER("GetAlgoId");
-
- if (GetSequence(input, &i, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- b = input[i++];
- if (b != ASN_OBJECT_ID)
- return ASN_OBJECT_ID_E;
-
- if (GetLength(input, &i, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- while(length--) {
- /* odd HC08 compiler behavior here when input[i++] */
- *oid += input[i];
- i++;
- }
- /* just sum it up for now */
-
- /* could have NULL tag and 0 terminator, but may not */
- b = input[i++];
-
- if (b == ASN_TAG_NULL) {
- b = input[i++];
- if (b != 0)
- return ASN_EXPECT_0_E;
- }
- else
- /* go back, didn't have it */
- i--;
-
- *inOutIdx = i;
-
- return 0;
-}
-
-#ifndef NO_RSA
-
-
-#ifdef HAVE_CAVIUM
-
-static int GetCaviumInt(byte** buff, word16* buffSz, const byte* input,
- word32* inOutIdx, word32 maxIdx, void* heap)
-{
- word32 i = *inOutIdx;
- byte b = input[i++];
- int length;
-
- if (b != ASN_INTEGER)
- return ASN_PARSE_E;
-
- if (GetLength(input, &i, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- if ( (b = input[i++]) == 0x00)
- length--;
- else
- i--;
-
- *buffSz = (word16)length;
- *buff = XMALLOC(*buffSz, heap, DYNAMIC_TYPE_CAVIUM_RSA);
- if (*buff == NULL)
- return MEMORY_E;
-
- XMEMCPY(*buff, input + i, *buffSz);
-
- *inOutIdx = i + length;
- return 0;
-}
-
-static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
- RsaKey* key, word32 inSz)
-{
- int version, length;
- void* h = key->heap;
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (GetMyVersion(input, inOutIdx, &version) < 0)
- return ASN_PARSE_E;
-
- key->type = RSA_PRIVATE;
-
- if (GetCaviumInt(&key->c_n, &key->c_nSz, input, inOutIdx, inSz, h) < 0 ||
- GetCaviumInt(&key->c_e, &key->c_eSz, input, inOutIdx, inSz, h) < 0 ||
- GetCaviumInt(&key->c_d, &key->c_dSz, input, inOutIdx, inSz, h) < 0 ||
- GetCaviumInt(&key->c_p, &key->c_pSz, input, inOutIdx, inSz, h) < 0 ||
- GetCaviumInt(&key->c_q, &key->c_qSz, input, inOutIdx, inSz, h) < 0 ||
- GetCaviumInt(&key->c_dP, &key->c_dP_Sz, input, inOutIdx, inSz, h) < 0 ||
- GetCaviumInt(&key->c_dQ, &key->c_dQ_Sz, input, inOutIdx, inSz, h) < 0 ||
- GetCaviumInt(&key->c_u, &key->c_uSz, input, inOutIdx, inSz, h) < 0 )
- return ASN_RSA_KEY_E;
-
- return 0;
-}
-
-
-#endif /* HAVE_CAVIUM */
-
-int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
- word32 inSz)
-{
- int version, length;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return CaviumRsaPrivateKeyDecode(input, inOutIdx, key, inSz);
-#endif
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (GetMyVersion(input, inOutIdx, &version) < 0)
- return ASN_PARSE_E;
-
- key->type = RSA_PRIVATE;
-
- if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->e, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->d, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->dP, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->dQ, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
-
- return 0;
-}
-
-#endif /* NO_RSA */
-
-/* Remove PKCS8 header, move beginning of traditional to beginning of input */
-int ToTraditional(byte* input, word32 sz)
-{
- word32 inOutIdx = 0, oid;
- int version, length;
-
- if (GetSequence(input, &inOutIdx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetMyVersion(input, &inOutIdx, &version) < 0)
- return ASN_PARSE_E;
-
- if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0)
- return ASN_PARSE_E;
-
- if (input[inOutIdx] == ASN_OBJECT_ID) {
- /* pkcs8 ecc uses slightly different format */
- inOutIdx++; /* past id */
- if (GetLength(input, &inOutIdx, &length, sz) < 0)
- return ASN_PARSE_E;
- inOutIdx += length; /* over sub id, key input will verify */
- }
-
- if (input[inOutIdx++] != ASN_OCTET_STRING)
- return ASN_PARSE_E;
-
- if (GetLength(input, &inOutIdx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- XMEMMOVE(input, input + inOutIdx, length);
-
- return length;
-}
-
-
-#ifndef NO_PWDBASED
-
-/* Check To see if PKCS version algo is supported, set id if it is return 0
- < 0 on error */
-static int CheckAlgo(int first, int second, int* id, int* version)
-{
- *id = ALGO_ID_E;
- *version = PKCS5; /* default */
-
- if (first == 1) {
- switch (second) {
- case 1:
- *id = PBE_SHA1_RC4_128;
- *version = PKCS12;
- return 0;
- case 3:
- *id = PBE_SHA1_DES3;
- *version = PKCS12;
- return 0;
- default:
- return ALGO_ID_E;
- }
- }
-
- if (first != PKCS5)
- return ASN_INPUT_E; /* VERSION ERROR */
-
- if (second == PBES2) {
- *version = PKCS5v2;
- return 0;
- }
-
- switch (second) {
- case 3: /* see RFC 2898 for ids */
- *id = PBE_MD5_DES;
- return 0;
- case 10:
- *id = PBE_SHA1_DES;
- return 0;
- default:
- return ALGO_ID_E;
-
- }
-}
-
-
-/* Check To see if PKCS v2 algo is supported, set id if it is return 0
- < 0 on error */
-static int CheckAlgoV2(int oid, int* id)
-{
- switch (oid) {
- case 69:
- *id = PBE_SHA1_DES;
- return 0;
- case 652:
- *id = PBE_SHA1_DES3;
- return 0;
- default:
- return ALGO_ID_E;
-
- }
-}
-
-
-/* Decrypt intput in place from parameters based on id */
-static int DecryptKey(const char* password, int passwordSz, byte* salt,
- int saltSz, int iterations, int id, byte* input,
- int length, int version, byte* cbcIv)
-{
- int typeH;
- int derivedLen;
- int decryptionType;
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- byte* key;
-#else
- byte key[MAX_KEY_SIZE];
-#endif
-
- switch (id) {
- case PBE_MD5_DES:
- typeH = MD5;
- derivedLen = 16; /* may need iv for v1.5 */
- decryptionType = DES_TYPE;
- break;
-
- case PBE_SHA1_DES:
- typeH = SHA;
- derivedLen = 16; /* may need iv for v1.5 */
- decryptionType = DES_TYPE;
- break;
-
- case PBE_SHA1_DES3:
- typeH = SHA;
- derivedLen = 32; /* may need iv for v1.5 */
- decryptionType = DES3_TYPE;
- break;
-
- case PBE_SHA1_RC4_128:
- typeH = SHA;
- derivedLen = 16;
- decryptionType = RC4_TYPE;
- break;
-
- default:
- return ALGO_ID_E;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- return MEMORY_E;
-#endif
-
- if (version == PKCS5v2)
- ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
- derivedLen, typeH);
-#ifndef NO_SHA
- else if (version == PKCS5)
- ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
- derivedLen, typeH);
-#endif
- else if (version == PKCS12) {
- int i, idx = 0;
- byte unicodePasswd[MAX_UNICODE_SZ];
-
- if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return UNICODE_SIZE_E;
- }
-
- for (i = 0; i < passwordSz; i++) {
- unicodePasswd[idx++] = 0x00;
- unicodePasswd[idx++] = (byte)password[i];
- }
- /* add trailing NULL */
- unicodePasswd[idx++] = 0x00;
- unicodePasswd[idx++] = 0x00;
-
- ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
- iterations, derivedLen, typeH, 1);
- if (decryptionType != RC4_TYPE)
- ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz,
- iterations, 8, typeH, 2);
- }
- else {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ALGO_ID_E;
- }
-
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- switch (decryptionType) {
-#ifndef NO_DES3
- case DES_TYPE:
- {
- Des dec;
- byte* desIv = key + 8;
-
- if (version == PKCS5v2 || version == PKCS12)
- desIv = cbcIv;
-
- ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION);
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- wc_Des_CbcDecrypt(&dec, input, input, length);
- break;
- }
-
- case DES3_TYPE:
- {
- Des3 dec;
- byte* desIv = key + 24;
-
- if (version == PKCS5v2 || version == PKCS12)
- desIv = cbcIv;
- ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION);
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- ret = wc_Des3_CbcDecrypt(&dec, input, input, length);
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- break;
- }
-#endif
-#ifndef NO_RC4
- case RC4_TYPE:
- {
- Arc4 dec;
-
- wc_Arc4SetKey(&dec, key, derivedLen);
- wc_Arc4Process(&dec, input, input, length);
- break;
- }
-#endif
-
- default:
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ALGO_ID_E;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-
-/* Remove Encrypted PKCS8 header, move beginning of traditional to beginning
- of input */
-int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
-{
- word32 inOutIdx = 0, oid;
- int first, second, length, version, saltSz, id;
- int iterations = 0;
-#ifdef WOLFSSL_SMALL_STACK
- byte* salt = NULL;
- byte* cbcIv = NULL;
-#else
- byte salt[MAX_SALT_SIZE];
- byte cbcIv[MAX_IV_SIZE];
-#endif
-
- if (GetSequence(input, &inOutIdx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0)
- return ASN_PARSE_E;
-
- first = input[inOutIdx - 2]; /* PKCS version alwyas 2nd to last byte */
- second = input[inOutIdx - 1]; /* version.algo, algo id last byte */
-
- if (CheckAlgo(first, second, &id, &version) < 0)
- return ASN_INPUT_E; /* Algo ID error */
-
- if (version == PKCS5v2) {
-
- if (GetSequence(input, &inOutIdx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0)
- return ASN_PARSE_E;
-
- if (oid != PBKDF2_OID)
- return ASN_PARSE_E;
- }
-
- if (GetSequence(input, &inOutIdx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (input[inOutIdx++] != ASN_OCTET_STRING)
- return ASN_PARSE_E;
-
- if (GetLength(input, &inOutIdx, &saltSz, sz) < 0)
- return ASN_PARSE_E;
-
- if (saltSz > MAX_SALT_SIZE)
- return ASN_PARSE_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (salt == NULL)
- return MEMORY_E;
-#endif
-
- XMEMCPY(salt, &input[inOutIdx], saltSz);
- inOutIdx += saltSz;
-
- if (GetShortInt(input, &inOutIdx, &iterations) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (cbcIv == NULL) {
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- if (version == PKCS5v2) {
- /* get encryption algo */
- if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (CheckAlgoV2(oid, &id) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E; /* PKCS v2 algo id error */
- }
-
- if (input[inOutIdx++] != ASN_OCTET_STRING) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &inOutIdx, &length, sz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- XMEMCPY(cbcIv, &input[inOutIdx], length);
- inOutIdx += length;
- }
-
- if (input[inOutIdx++] != ASN_OCTET_STRING) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &inOutIdx, &length, sz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (DecryptKey(password, passwordSz, salt, saltSz, iterations, id,
- input + inOutIdx, length, version, cbcIv) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_INPUT_E; /* decrypt failure */
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- XMEMMOVE(input, input + inOutIdx, length);
- return ToTraditional(input, length);
-}
-
-#endif /* NO_PWDBASED */
-
-#ifndef NO_RSA
-
-int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
- word32 inSz)
-{
- int length;
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- key->type = RSA_PUBLIC;
-
-#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
- {
- byte b = input[*inOutIdx];
- if (b != ASN_INTEGER) {
- /* not from decoded cert, will have algo id, skip past */
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- b = input[(*inOutIdx)++];
- if (b != ASN_OBJECT_ID)
- return ASN_OBJECT_ID_E;
-
- if (GetLength(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- *inOutIdx += length; /* skip past */
-
- /* could have NULL tag and 0 terminator, but may not */
- b = input[(*inOutIdx)++];
-
- if (b == ASN_TAG_NULL) {
- b = input[(*inOutIdx)++];
- if (b != 0)
- return ASN_EXPECT_0_E;
- }
- else
- /* go back, didn't have it */
- (*inOutIdx)--;
-
- /* should have bit tag length and seq next */
- b = input[(*inOutIdx)++];
- if (b != ASN_BIT_STRING)
- return ASN_BITSTR_E;
-
- if (GetLength(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- /* could have 0 */
- b = input[(*inOutIdx)++];
- if (b != 0)
- (*inOutIdx)--;
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- } /* end if */
- } /* openssl var block */
-#endif /* OPENSSL_EXTRA */
-
- if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->e, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
-
- return 0;
-}
-
-/* import RSA public key elements (n, e) into RsaKey structure (key) */
-int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
- word32 eSz, RsaKey* key)
-{
- if (n == NULL || e == NULL || key == NULL)
- return BAD_FUNC_ARG;
-
- key->type = RSA_PUBLIC;
-
- if (mp_init(&key->n) != MP_OKAY)
- return MP_INIT_E;
-
- if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) {
- mp_clear(&key->n);
- return ASN_GETINT_E;
- }
-
- if (mp_init(&key->e) != MP_OKAY) {
- mp_clear(&key->n);
- return MP_INIT_E;
- }
-
- if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) {
- mp_clear(&key->n);
- mp_clear(&key->e);
- return ASN_GETINT_E;
- }
-
- return 0;
-}
-
-#endif
-
-#ifndef NO_DH
-
-int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz)
-{
- int length;
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->g, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
-
- return 0;
-}
-
-
-int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz,
- byte* g, word32* gInOutSz)
-{
- word32 i = 0;
- byte b;
- int length;
-
- if (GetSequence(input, &i, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- b = input[i++];
- if (b != ASN_INTEGER)
- return ASN_PARSE_E;
-
- if (GetLength(input, &i, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if ( (b = input[i++]) == 0x00)
- length--;
- else
- i--;
-
- if (length <= (int)*pInOutSz) {
- XMEMCPY(p, &input[i], length);
- *pInOutSz = length;
- }
- else
- return BUFFER_E;
-
- i += length;
-
- b = input[i++];
- if (b != ASN_INTEGER)
- return ASN_PARSE_E;
-
- if (GetLength(input, &i, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (length <= (int)*gInOutSz) {
- XMEMCPY(g, &input[i], length);
- *gInOutSz = length;
- }
- else
- return BUFFER_E;
-
- return 0;
-}
-
-#endif /* NO_DH */
-
-
-#ifndef NO_DSA
-
-int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
- word32 inSz)
-{
- int length;
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->g, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->y, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
-
- key->type = DSA_PUBLIC;
- return 0;
-}
-
-
-int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
- word32 inSz)
-{
- int length, version;
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (GetMyVersion(input, inOutIdx, &version) < 0)
- return ASN_PARSE_E;
-
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->g, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->y, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->x, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
-
- key->type = DSA_PRIVATE;
- return 0;
-}
-
-#endif /* NO_DSA */
-
-
-void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
-{
- cert->publicKey = 0;
- cert->pubKeySize = 0;
- cert->pubKeyStored = 0;
- cert->version = 0;
- cert->signature = 0;
- cert->subjectCN = 0;
- cert->subjectCNLen = 0;
- cert->subjectCNEnc = CTC_UTF8;
- cert->subjectCNStored = 0;
- cert->weOwnAltNames = 0;
- cert->altNames = NULL;
-#ifndef IGNORE_NAME_CONSTRAINTS
- cert->altEmailNames = NULL;
- cert->permittedNames = NULL;
- cert->excludedNames = NULL;
-#endif /* IGNORE_NAME_CONSTRAINTS */
- cert->issuer[0] = '\0';
- cert->subject[0] = '\0';
- cert->source = source; /* don't own */
- cert->srcIdx = 0;
- cert->maxIdx = inSz; /* can't go over this index */
- cert->heap = heap;
- XMEMSET(cert->serial, 0, EXTERNAL_SERIAL_SIZE);
- cert->serialSz = 0;
- cert->extensions = 0;
- cert->extensionsSz = 0;
- cert->extensionsIdx = 0;
- cert->extAuthInfo = NULL;
- cert->extAuthInfoSz = 0;
- cert->extCrlInfo = NULL;
- cert->extCrlInfoSz = 0;
- XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE);
- cert->extSubjKeyIdSet = 0;
- XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE);
- cert->extAuthKeyIdSet = 0;
- cert->extKeyUsageSet = 0;
- cert->extKeyUsage = 0;
- cert->extExtKeyUsageSet = 0;
- cert->extExtKeyUsage = 0;
- cert->isCA = 0;
-#ifdef HAVE_PKCS7
- cert->issuerRaw = NULL;
- cert->issuerRawLen = 0;
-#endif
-#ifdef WOLFSSL_CERT_GEN
- cert->subjectSN = 0;
- cert->subjectSNLen = 0;
- cert->subjectSNEnc = CTC_UTF8;
- cert->subjectC = 0;
- cert->subjectCLen = 0;
- cert->subjectCEnc = CTC_PRINTABLE;
- cert->subjectL = 0;
- cert->subjectLLen = 0;
- cert->subjectLEnc = CTC_UTF8;
- cert->subjectST = 0;
- cert->subjectSTLen = 0;
- cert->subjectSTEnc = CTC_UTF8;
- cert->subjectO = 0;
- cert->subjectOLen = 0;
- cert->subjectOEnc = CTC_UTF8;
- cert->subjectOU = 0;
- cert->subjectOULen = 0;
- cert->subjectOUEnc = CTC_UTF8;
- cert->subjectEmail = 0;
- cert->subjectEmailLen = 0;
-#endif /* WOLFSSL_CERT_GEN */
- cert->beforeDate = NULL;
- cert->beforeDateLen = 0;
- cert->afterDate = NULL;
- cert->afterDateLen = 0;
-#ifdef OPENSSL_EXTRA
- XMEMSET(&cert->issuerName, 0, sizeof(DecodedName));
- XMEMSET(&cert->subjectName, 0, sizeof(DecodedName));
- cert->extBasicConstSet = 0;
- cert->extBasicConstCrit = 0;
- cert->extBasicConstPlSet = 0;
- cert->pathLength = 0;
- cert->extSubjAltNameSet = 0;
- cert->extSubjAltNameCrit = 0;
- cert->extAuthKeyIdCrit = 0;
- cert->extSubjKeyIdCrit = 0;
- cert->extKeyUsageCrit = 0;
- cert->extExtKeyUsageCrit = 0;
- cert->extExtKeyUsageSrc = NULL;
- cert->extExtKeyUsageSz = 0;
- cert->extExtKeyUsageCount = 0;
- cert->extAuthKeyIdSrc = NULL;
- cert->extAuthKeyIdSz = 0;
- cert->extSubjKeyIdSrc = NULL;
- cert->extSubjKeyIdSz = 0;
-#endif /* OPENSSL_EXTRA */
-#if defined(OPENSSL_EXTRA) || !defined(IGNORE_NAME_CONSTRAINTS)
- cert->extNameConstraintSet = 0;
-#endif /* OPENSSL_EXTRA || !IGNORE_NAME_CONSTRAINTS */
-#ifdef HAVE_ECC
- cert->pkCurveOID = 0;
-#endif /* HAVE_ECC */
-#ifdef WOLFSSL_SEP
- cert->deviceTypeSz = 0;
- cert->deviceType = NULL;
- cert->hwTypeSz = 0;
- cert->hwType = NULL;
- cert->hwSerialNumSz = 0;
- cert->hwSerialNum = NULL;
- #ifdef OPENSSL_EXTRA
- cert->extCertPolicySet = 0;
- cert->extCertPolicyCrit = 0;
- #endif /* OPENSSL_EXTRA */
-#endif /* WOLFSSL_SEP */
-}
-
-
-void FreeAltNames(DNS_entry* altNames, void* heap)
-{
- (void)heap;
-
- while (altNames) {
- DNS_entry* tmp = altNames->next;
-
- XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
- XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME);
- altNames = tmp;
- }
-}
-
-#ifndef IGNORE_NAME_CONSTRAINTS
-
-void FreeNameSubtrees(Base_entry* names, void* heap)
-{
- (void)heap;
-
- while (names) {
- Base_entry* tmp = names->next;
-
- XFREE(names->name, heap, DYNAMIC_TYPE_ALTNAME);
- XFREE(names, heap, DYNAMIC_TYPE_ALTNAME);
- names = tmp;
- }
-}
-
-#endif /* IGNORE_NAME_CONSTRAINTS */
-
-void FreeDecodedCert(DecodedCert* cert)
-{
- if (cert->subjectCNStored == 1)
- XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
- if (cert->pubKeyStored == 1)
- XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
- if (cert->weOwnAltNames && cert->altNames)
- FreeAltNames(cert->altNames, cert->heap);
-#ifndef IGNORE_NAME_CONSTRAINTS
- if (cert->altEmailNames)
- FreeAltNames(cert->altEmailNames, cert->heap);
- if (cert->permittedNames)
- FreeNameSubtrees(cert->permittedNames, cert->heap);
- if (cert->excludedNames)
- FreeNameSubtrees(cert->excludedNames, cert->heap);
-#endif /* IGNORE_NAME_CONSTRAINTS */
-#ifdef WOLFSSL_SEP
- XFREE(cert->deviceType, cert->heap, 0);
- XFREE(cert->hwType, cert->heap, 0);
- XFREE(cert->hwSerialNum, cert->heap, 0);
-#endif /* WOLFSSL_SEP */
-#ifdef OPENSSL_EXTRA
- if (cert->issuerName.fullName != NULL)
- XFREE(cert->issuerName.fullName, NULL, DYNAMIC_TYPE_X509);
- if (cert->subjectName.fullName != NULL)
- XFREE(cert->subjectName.fullName, NULL, DYNAMIC_TYPE_X509);
-#endif /* OPENSSL_EXTRA */
-}
-
-
-static int GetCertHeader(DecodedCert* cert)
-{
- int ret = 0, len;
- byte serialTmp[EXTERNAL_SERIAL_SIZE];
-#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
- mp_int* mpi = NULL;
-#else
- mp_int stack_mpi;
- mp_int* mpi = &stack_mpi;
-#endif
-
- if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- cert->certBegin = cert->srcIdx;
-
- if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0)
- return ASN_PARSE_E;
- cert->sigIndex = len + cert->srcIdx;
-
- if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0)
- return ASN_PARSE_E;
-
-#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
- mpi = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (mpi == NULL)
- return MEMORY_E;
-#endif
-
- if (GetInt(mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) {
-#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
- XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- len = mp_unsigned_bin_size(mpi);
- if (len < (int)sizeof(serialTmp)) {
- if ( (ret = mp_to_unsigned_bin(mpi, serialTmp)) == MP_OKAY) {
- XMEMCPY(cert->serial, serialTmp, len);
- cert->serialSz = len;
- }
- }
- mp_clear(mpi);
-
-#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
- XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#if !defined(NO_RSA)
-/* Store Rsa Key, may save later, Dsa could use in future */
-static int StoreRsaKey(DecodedCert* cert)
-{
- int length;
- word32 recvd = cert->srcIdx;
-
- if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- recvd = cert->srcIdx - recvd;
- length += recvd;
-
- while (recvd--)
- cert->srcIdx--;
-
- cert->pubKeySize = length;
- cert->publicKey = cert->source + cert->srcIdx;
- cert->srcIdx += length;
-
- return 0;
-}
-#endif
-
-
-#ifdef HAVE_ECC
-
- /* return 0 on sucess if the ECC curve oid sum is supported */
- static int CheckCurve(word32 oid)
- {
- int ret = 0;
-
- switch (oid) {
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
- case ECC_160R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
- case ECC_192R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
- case ECC_224R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
- case ECC_256R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
- case ECC_384R1:
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
- case ECC_521R1:
-#endif
- break;
-
- default:
- ret = ALGO_ID_E;
- }
-
- return ret;
- }
-
-#endif /* HAVE_ECC */
-
-
-static int GetKey(DecodedCert* cert)
-{
- int length;
-#ifdef HAVE_NTRU
- int tmpIdx = cert->srcIdx;
-#endif
-
- if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- switch (cert->keyOID) {
- #ifndef NO_RSA
- case RSAk:
- {
- byte b = cert->source[cert->srcIdx++];
- if (b != ASN_BIT_STRING)
- return ASN_BITSTR_E;
-
- if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0)
- return ASN_PARSE_E;
- b = cert->source[cert->srcIdx++];
- if (b != 0x00)
- return ASN_EXPECT_0_E;
-
- return StoreRsaKey(cert);
- }
-
- #endif /* NO_RSA */
- #ifdef HAVE_NTRU
- case NTRUk:
- {
- const byte* key = &cert->source[tmpIdx];
- byte* next = (byte*)key;
- word16 keyLen;
- word32 rc;
- word32 remaining = cert->maxIdx - cert->srcIdx;
-#ifdef WOLFSSL_SMALL_STACK
- byte* keyBlob = NULL;
-#else
- byte keyBlob[MAX_NTRU_KEY_SZ];
-#endif
- rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,
- &keyLen, NULL, &next, &remaining);
- if (rc != NTRU_OK)
- return ASN_NTRU_KEY_E;
- if (keyLen > MAX_NTRU_KEY_SZ)
- return ASN_NTRU_KEY_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (keyBlob == NULL)
- return MEMORY_E;
-#endif
-
- rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,
- &keyLen, keyBlob, &next, &remaining);
- if (rc != NTRU_OK) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_NTRU_KEY_E;
- }
-
- if ( (next - key) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_NTRU_KEY_E;
- }
-
- cert->srcIdx = tmpIdx + (int)(next - key);
-
- cert->publicKey = (byte*) XMALLOC(keyLen, cert->heap,
- DYNAMIC_TYPE_PUBLIC_KEY);
- if (cert->publicKey == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return MEMORY_E;
- }
- XMEMCPY(cert->publicKey, keyBlob, keyLen);
- cert->pubKeyStored = 1;
- cert->pubKeySize = keyLen;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
- }
- #endif /* HAVE_NTRU */
- #ifdef HAVE_ECC
- case ECDSAk:
- {
- int oidSz = 0;
- byte b = cert->source[cert->srcIdx++];
-
- if (b != ASN_OBJECT_ID)
- return ASN_OBJECT_ID_E;
-
- if (GetLength(cert->source,&cert->srcIdx,&oidSz,cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- while(oidSz--)
- cert->pkCurveOID += cert->source[cert->srcIdx++];
-
- if (CheckCurve(cert->pkCurveOID) < 0)
- return ECC_CURVE_OID_E;
-
- /* key header */
- b = cert->source[cert->srcIdx++];
- if (b != ASN_BIT_STRING)
- return ASN_BITSTR_E;
-
- if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0)
- return ASN_PARSE_E;
- b = cert->source[cert->srcIdx++];
- if (b != 0x00)
- return ASN_EXPECT_0_E;
-
- /* actual key, use length - 1 since ate preceding 0 */
- length -= 1;
-
- cert->publicKey = (byte*) XMALLOC(length, cert->heap,
- DYNAMIC_TYPE_PUBLIC_KEY);
- if (cert->publicKey == NULL)
- return MEMORY_E;
- XMEMCPY(cert->publicKey, &cert->source[cert->srcIdx], length);
- cert->pubKeyStored = 1;
- cert->pubKeySize = length;
-
- cert->srcIdx += length;
-
- return 0;
- }
- #endif /* HAVE_ECC */
- default:
- return ASN_UNKNOWN_OID_E;
- }
-}
-
-
-/* process NAME, either issuer or subject */
-static int GetName(DecodedCert* cert, int nameType)
-{
- int length; /* length of all distinguished names */
- int dummy;
- int ret;
- char* full;
- byte* hash;
- word32 idx;
- #ifdef OPENSSL_EXTRA
- DecodedName* dName =
- (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
- #endif /* OPENSSL_EXTRA */
-
- WOLFSSL_MSG("Getting Cert Name");
-
- if (nameType == ISSUER) {
- full = cert->issuer;
- hash = cert->issuerHash;
- }
- else {
- full = cert->subject;
- hash = cert->subjectHash;
- }
-
- if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
- WOLFSSL_MSG("Trying optional prefix...");
-
- if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- cert->srcIdx += length;
- WOLFSSL_MSG("Got optional prefix");
- }
-
- /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be
- * calculated over the entire DER encoding of the Name field, including
- * the tag and length. */
- idx = cert->srcIdx;
- if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
-#ifdef NO_SHA
- ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash);
-#else
- ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash);
-#endif
- if (ret != 0)
- return ret;
-
- length += cert->srcIdx;
- idx = 0;
-
-#ifdef HAVE_PKCS7
- /* store pointer to raw issuer */
- if (nameType == ISSUER) {
- cert->issuerRaw = &cert->source[cert->srcIdx];
- cert->issuerRawLen = length - cert->srcIdx;
- }
-#endif
-#ifndef IGNORE_NAME_CONSTRAINTS
- if (nameType == SUBJECT) {
- cert->subjectRaw = &cert->source[cert->srcIdx];
- cert->subjectRawLen = length - cert->srcIdx;
- }
-#endif
-
- while (cert->srcIdx < (word32)length) {
- byte b;
- byte joint[2];
- byte tooBig = FALSE;
- int oidSz;
-
- if (GetSet(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0) {
- WOLFSSL_MSG("Cert name lacks set header, trying sequence");
- }
-
- if (GetSequence(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- b = cert->source[cert->srcIdx++];
- if (b != ASN_OBJECT_ID)
- return ASN_OBJECT_ID_E;
-
- if (GetLength(cert->source, &cert->srcIdx, &oidSz, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint));
-
- /* v1 name types */
- if (joint[0] == 0x55 && joint[1] == 0x04) {
- byte id;
- byte copy = FALSE;
- int strLen;
-
- cert->srcIdx += 2;
- id = cert->source[cert->srcIdx++];
- b = cert->source[cert->srcIdx++]; /* encoding */
-
- if (GetLength(cert->source, &cert->srcIdx, &strLen,
- cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- if ( (strLen + 14) > (int)(ASN_NAME_MAX - idx)) {
- /* include biggest pre fix header too 4 = "/serialNumber=" */
- WOLFSSL_MSG("ASN Name too big, skipping");
- tooBig = TRUE;
- }
-
- if (id == ASN_COMMON_NAME) {
- if (nameType == SUBJECT) {
- cert->subjectCN = (char *)&cert->source[cert->srcIdx];
- cert->subjectCNLen = strLen;
- cert->subjectCNEnc = b;
- }
-
- if (!tooBig) {
- XMEMCPY(&full[idx], "/CN=", 4);
- idx += 4;
- copy = TRUE;
- }
- #ifdef OPENSSL_EXTRA
- dName->cnIdx = cert->srcIdx;
- dName->cnLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_SUR_NAME) {
- if (!tooBig) {
- XMEMCPY(&full[idx], "/SN=", 4);
- idx += 4;
- copy = TRUE;
- }
- #ifdef WOLFSSL_CERT_GEN
- if (nameType == SUBJECT) {
- cert->subjectSN = (char*)&cert->source[cert->srcIdx];
- cert->subjectSNLen = strLen;
- cert->subjectSNEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef OPENSSL_EXTRA
- dName->snIdx = cert->srcIdx;
- dName->snLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_COUNTRY_NAME) {
- if (!tooBig) {
- XMEMCPY(&full[idx], "/C=", 3);
- idx += 3;
- copy = TRUE;
- }
- #ifdef WOLFSSL_CERT_GEN
- if (nameType == SUBJECT) {
- cert->subjectC = (char*)&cert->source[cert->srcIdx];
- cert->subjectCLen = strLen;
- cert->subjectCEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef OPENSSL_EXTRA
- dName->cIdx = cert->srcIdx;
- dName->cLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_LOCALITY_NAME) {
- if (!tooBig) {
- XMEMCPY(&full[idx], "/L=", 3);
- idx += 3;
- copy = TRUE;
- }
- #ifdef WOLFSSL_CERT_GEN
- if (nameType == SUBJECT) {
- cert->subjectL = (char*)&cert->source[cert->srcIdx];
- cert->subjectLLen = strLen;
- cert->subjectLEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef OPENSSL_EXTRA
- dName->lIdx = cert->srcIdx;
- dName->lLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_STATE_NAME) {
- if (!tooBig) {
- XMEMCPY(&full[idx], "/ST=", 4);
- idx += 4;
- copy = TRUE;
- }
- #ifdef WOLFSSL_CERT_GEN
- if (nameType == SUBJECT) {
- cert->subjectST = (char*)&cert->source[cert->srcIdx];
- cert->subjectSTLen = strLen;
- cert->subjectSTEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef OPENSSL_EXTRA
- dName->stIdx = cert->srcIdx;
- dName->stLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_ORG_NAME) {
- if (!tooBig) {
- XMEMCPY(&full[idx], "/O=", 3);
- idx += 3;
- copy = TRUE;
- }
- #ifdef WOLFSSL_CERT_GEN
- if (nameType == SUBJECT) {
- cert->subjectO = (char*)&cert->source[cert->srcIdx];
- cert->subjectOLen = strLen;
- cert->subjectOEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef OPENSSL_EXTRA
- dName->oIdx = cert->srcIdx;
- dName->oLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_ORGUNIT_NAME) {
- if (!tooBig) {
- XMEMCPY(&full[idx], "/OU=", 4);
- idx += 4;
- copy = TRUE;
- }
- #ifdef WOLFSSL_CERT_GEN
- if (nameType == SUBJECT) {
- cert->subjectOU = (char*)&cert->source[cert->srcIdx];
- cert->subjectOULen = strLen;
- cert->subjectOUEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef OPENSSL_EXTRA
- dName->ouIdx = cert->srcIdx;
- dName->ouLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_SERIAL_NUMBER) {
- if (!tooBig) {
- XMEMCPY(&full[idx], "/serialNumber=", 14);
- idx += 14;
- copy = TRUE;
- }
- #ifdef OPENSSL_EXTRA
- dName->snIdx = cert->srcIdx;
- dName->snLen = strLen;
- #endif /* OPENSSL_EXTRA */
- }
-
- if (copy && !tooBig) {
- XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
- idx += strLen;
- }
-
- cert->srcIdx += strLen;
- }
- else {
- /* skip */
- byte email = FALSE;
- byte uid = FALSE;
- int adv;
-
- if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */
- email = TRUE;
-
- if (joint[0] == 0x9 && joint[1] == 0x92) /* uid id hdr */
- uid = TRUE;
-
- cert->srcIdx += oidSz + 1;
-
- if (GetLength(cert->source, &cert->srcIdx, &adv, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- if (adv > (int)(ASN_NAME_MAX - idx)) {
- WOLFSSL_MSG("ASN name too big, skipping");
- tooBig = TRUE;
- }
-
- if (email) {
- if ( (14 + adv) > (int)(ASN_NAME_MAX - idx)) {
- WOLFSSL_MSG("ASN name too big, skipping");
- tooBig = TRUE;
- }
- if (!tooBig) {
- XMEMCPY(&full[idx], "/emailAddress=", 14);
- idx += 14;
- }
-
- #ifdef WOLFSSL_CERT_GEN
- if (nameType == SUBJECT) {
- cert->subjectEmail = (char*)&cert->source[cert->srcIdx];
- cert->subjectEmailLen = adv;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef OPENSSL_EXTRA
- dName->emailIdx = cert->srcIdx;
- dName->emailLen = adv;
- #endif /* OPENSSL_EXTRA */
- #ifndef IGNORE_NAME_CONSTRAINTS
- {
- DNS_entry* emailName = NULL;
-
- emailName = (DNS_entry*)XMALLOC(sizeof(DNS_entry),
- cert->heap, DYNAMIC_TYPE_ALTNAME);
- if (emailName == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- emailName->name = (char*)XMALLOC(adv + 1,
- cert->heap, DYNAMIC_TYPE_ALTNAME);
- if (emailName->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- XMEMCPY(emailName->name,
- &cert->source[cert->srcIdx], adv);
- emailName->name[adv] = 0;
-
- emailName->next = cert->altEmailNames;
- cert->altEmailNames = emailName;
- }
- #endif /* IGNORE_NAME_CONSTRAINTS */
- if (!tooBig) {
- XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
- idx += adv;
- }
- }
-
- if (uid) {
- if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) {
- WOLFSSL_MSG("ASN name too big, skipping");
- tooBig = TRUE;
- }
- if (!tooBig) {
- XMEMCPY(&full[idx], "/UID=", 5);
- idx += 5;
-
- XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
- idx += adv;
- }
- #ifdef OPENSSL_EXTRA
- dName->uidIdx = cert->srcIdx;
- dName->uidLen = adv;
- #endif /* OPENSSL_EXTRA */
- }
-
- cert->srcIdx += adv;
- }
- }
- full[idx++] = 0;
-
- #ifdef OPENSSL_EXTRA
- {
- int totalLen = 0;
-
- if (dName->cnLen != 0)
- totalLen += dName->cnLen + 4;
- if (dName->snLen != 0)
- totalLen += dName->snLen + 4;
- if (dName->cLen != 0)
- totalLen += dName->cLen + 3;
- if (dName->lLen != 0)
- totalLen += dName->lLen + 3;
- if (dName->stLen != 0)
- totalLen += dName->stLen + 4;
- if (dName->oLen != 0)
- totalLen += dName->oLen + 3;
- if (dName->ouLen != 0)
- totalLen += dName->ouLen + 4;
- if (dName->emailLen != 0)
- totalLen += dName->emailLen + 14;
- if (dName->uidLen != 0)
- totalLen += dName->uidLen + 5;
- if (dName->serialLen != 0)
- totalLen += dName->serialLen + 14;
-
- dName->fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509);
- if (dName->fullName != NULL) {
- idx = 0;
-
- if (dName->cnLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/CN=", 4);
- idx += 4;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->cnIdx], dName->cnLen);
- dName->cnIdx = idx;
- idx += dName->cnLen;
- }
- if (dName->snLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/SN=", 4);
- idx += 4;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->snIdx], dName->snLen);
- dName->snIdx = idx;
- idx += dName->snLen;
- }
- if (dName->cLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/C=", 3);
- idx += 3;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->cIdx], dName->cLen);
- dName->cIdx = idx;
- idx += dName->cLen;
- }
- if (dName->lLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/L=", 3);
- idx += 3;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->lIdx], dName->lLen);
- dName->lIdx = idx;
- idx += dName->lLen;
- }
- if (dName->stLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/ST=", 4);
- idx += 4;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->stIdx], dName->stLen);
- dName->stIdx = idx;
- idx += dName->stLen;
- }
- if (dName->oLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/O=", 3);
- idx += 3;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->oIdx], dName->oLen);
- dName->oIdx = idx;
- idx += dName->oLen;
- }
- if (dName->ouLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/OU=", 4);
- idx += 4;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->ouIdx], dName->ouLen);
- dName->ouIdx = idx;
- idx += dName->ouLen;
- }
- if (dName->emailLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
- idx += 14;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->emailIdx], dName->emailLen);
- dName->emailIdx = idx;
- idx += dName->emailLen;
- }
- if (dName->uidLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/UID=", 5);
- idx += 5;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->uidIdx], dName->uidLen);
- dName->uidIdx = idx;
- idx += dName->uidLen;
- }
- if (dName->serialLen != 0) {
- dName->entryCount++;
- XMEMCPY(&dName->fullName[idx], "/serialNumber=", 14);
- idx += 14;
- XMEMCPY(&dName->fullName[idx],
- &cert->source[dName->serialIdx], dName->serialLen);
- dName->serialIdx = idx;
- idx += dName->serialLen;
- }
- dName->fullName[idx] = '\0';
- dName->fullNameLen = totalLen;
- }
- }
- #endif /* OPENSSL_EXTRA */
-
- return 0;
-}
-
-
-#ifndef NO_TIME_H
-
-/* to the second */
-static int DateGreaterThan(const struct tm* a, const struct tm* b)
-{
- if (a->tm_year > b->tm_year)
- return 1;
-
- if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon)
- return 1;
-
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday > b->tm_mday)
- return 1;
-
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday == b->tm_mday && a->tm_hour > b->tm_hour)
- return 1;
-
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour &&
- a->tm_min > b->tm_min)
- return 1;
-
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour &&
- a->tm_min == b->tm_min && a->tm_sec > b->tm_sec)
- return 1;
-
- return 0; /* false */
-}
-
-
-static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
-{
- return DateGreaterThan(b,a);
-}
-
-
-/* like atoi but only use first byte */
-/* Make sure before and after dates are valid */
-int ValidateDate(const byte* date, byte format, int dateType)
-{
- time_t ltime;
- struct tm certTime;
- struct tm* localTime;
- struct tm* tmpTime = NULL;
- int i = 0;
-
-#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES)
- struct tm tmpTimeStorage;
- tmpTime = &tmpTimeStorage;
-#else
- (void)tmpTime;
-#endif
-
- ltime = XTIME(0);
- XMEMSET(&certTime, 0, sizeof(certTime));
-
- if (format == ASN_UTC_TIME) {
- if (btoi(date[0]) >= 5)
- certTime.tm_year = 1900;
- else
- certTime.tm_year = 2000;
- }
- else { /* format == GENERALIZED_TIME */
- certTime.tm_year += btoi(date[i++]) * 1000;
- certTime.tm_year += btoi(date[i++]) * 100;
- }
-
- /* adjust tm_year, tm_mon */
- GetTime((int*)&certTime.tm_year, date, &i); certTime.tm_year -= 1900;
- GetTime((int*)&certTime.tm_mon, date, &i); certTime.tm_mon -= 1;
- GetTime((int*)&certTime.tm_mday, date, &i);
- GetTime((int*)&certTime.tm_hour, date, &i);
- GetTime((int*)&certTime.tm_min, date, &i);
- GetTime((int*)&certTime.tm_sec, date, &i);
-
- if (date[i] != 'Z') { /* only Zulu supported for this profile */
- WOLFSSL_MSG("Only Zulu time supported for this profile");
- return 0;
- }
-
- localTime = XGMTIME(<ime, tmpTime);
-
- if (dateType == BEFORE) {
- if (DateLessThan(localTime, &certTime))
- return 0;
- }
- else
- if (DateGreaterThan(localTime, &certTime))
- return 0;
-
- return 1;
-}
-
-#endif /* NO_TIME_H */
-
-
-static int GetDate(DecodedCert* cert, int dateType)
-{
- int length;
- byte date[MAX_DATE_SIZE];
- byte b;
- word32 startIdx = 0;
-
- if (dateType == BEFORE)
- cert->beforeDate = &cert->source[cert->srcIdx];
- else
- cert->afterDate = &cert->source[cert->srcIdx];
- startIdx = cert->srcIdx;
-
- b = cert->source[cert->srcIdx++];
- if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME)
- return ASN_TIME_E;
-
- if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE)
- return ASN_DATE_SZ_E;
-
- XMEMCPY(date, &cert->source[cert->srcIdx], length);
- cert->srcIdx += length;
-
- if (dateType == BEFORE)
- cert->beforeDateLen = cert->srcIdx - startIdx;
- else
- cert->afterDateLen = cert->srcIdx - startIdx;
-
- if (!XVALIDATE_DATE(date, b, dateType)) {
- if (dateType == BEFORE)
- return ASN_BEFORE_DATE_E;
- else
- return ASN_AFTER_DATE_E;
- }
-
- return 0;
-}
-
-
-static int GetValidity(DecodedCert* cert, int verify)
-{
- int length;
- int badDate = 0;
-
- if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- if (GetDate(cert, BEFORE) < 0 && verify)
- badDate = ASN_BEFORE_DATE_E; /* continue parsing */
-
- if (GetDate(cert, AFTER) < 0 && verify)
- return ASN_AFTER_DATE_E;
-
- if (badDate != 0)
- return badDate;
-
- return 0;
-}
-
-
-int DecodeToKey(DecodedCert* cert, int verify)
-{
- int badDate = 0;
- int ret;
-
- if ( (ret = GetCertHeader(cert)) < 0)
- return ret;
-
- WOLFSSL_MSG("Got Cert Header");
-
- if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID,
- cert->maxIdx)) < 0)
- return ret;
-
- WOLFSSL_MSG("Got Algo ID");
-
- if ( (ret = GetName(cert, ISSUER)) < 0)
- return ret;
-
- if ( (ret = GetValidity(cert, verify)) < 0)
- badDate = ret;
-
- if ( (ret = GetName(cert, SUBJECT)) < 0)
- return ret;
-
- WOLFSSL_MSG("Got Subject Name");
-
- if ( (ret = GetKey(cert)) < 0)
- return ret;
-
- WOLFSSL_MSG("Got Key");
-
- if (badDate != 0)
- return badDate;
-
- return ret;
-}
-
-
-static int GetSignature(DecodedCert* cert)
-{
- int length;
- byte b = cert->source[cert->srcIdx++];
-
- if (b != ASN_BIT_STRING)
- return ASN_BITSTR_E;
-
- if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
- return ASN_PARSE_E;
-
- cert->sigLength = length;
-
- b = cert->source[cert->srcIdx++];
- if (b != 0x00)
- return ASN_EXPECT_0_E;
-
- cert->sigLength--;
- cert->signature = &cert->source[cert->srcIdx];
- cert->srcIdx += cert->sigLength;
-
- return 0;
-}
-
-
-static word32 SetDigest(const byte* digest, word32 digSz, byte* output)
-{
- output[0] = ASN_OCTET_STRING;
- output[1] = (byte)digSz;
- XMEMCPY(&output[2], digest, digSz);
-
- return digSz + 2;
-}
-
-
-static word32 BytePrecision(word32 value)
-{
- word32 i;
- for (i = sizeof(value); i; --i)
- if (value >> ((i - 1) * WOLFSSL_BIT_SIZE))
- break;
-
- return i;
-}
-
-
-WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output)
-{
- word32 i = 0, j;
-
- if (length < ASN_LONG_LENGTH)
- output[i++] = (byte)length;
- else {
- output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
-
- for (j = BytePrecision(length); j; --j) {
- output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
- i++;
- }
- }
-
- return i;
-}
-
-
-WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output)
-{
- output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED;
- return SetLength(len, output + 1) + 1;
-}
-
-WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output)
-{
- output[0] = ASN_OCTET_STRING;
- return SetLength(len, output + 1) + 1;
-}
-
-/* Write a set header to output */
-WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output)
-{
- output[0] = ASN_SET | ASN_CONSTRUCTED;
- return SetLength(len, output + 1) + 1;
-}
-
-WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
-{
-
- output[0] = ((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0)
- | ASN_CONTEXT_SPECIFIC | number;
- return SetLength(len, output + 1) + 1;
-}
-
-WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output)
-{
- output[0] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
- return SetLength(len, output + 1) + 1;
-}
-
-
-#if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-
-static word32 SetCurve(ecc_key* key, byte* output)
-{
-
- /* curve types */
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
- static const byte ECC_192v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
- 0x03, 0x01, 0x01};
-#endif
-#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
- static const byte ECC_256v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
- 0x03, 0x01, 0x07};
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
- static const byte ECC_160r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
- 0x02};
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
- static const byte ECC_224r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
- 0x21};
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
- static const byte ECC_384r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
- 0x22};
-#endif
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
- static const byte ECC_521r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
- 0x23};
-#endif
-
- int oidSz = 0;
- int idx = 0;
- int lenSz = 0;
- const byte* oid = 0;
-
- output[0] = ASN_OBJECT_ID;
- idx++;
-
- switch (key->dp->size) {
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
- case 20:
- oidSz = sizeof(ECC_160r1_AlgoID);
- oid = ECC_160r1_AlgoID;
- break;
-#endif
-
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
- case 24:
- oidSz = sizeof(ECC_192v1_AlgoID);
- oid = ECC_192v1_AlgoID;
- break;
-#endif
-
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
- case 28:
- oidSz = sizeof(ECC_224r1_AlgoID);
- oid = ECC_224r1_AlgoID;
- break;
-#endif
-
-#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
- case 32:
- oidSz = sizeof(ECC_256v1_AlgoID);
- oid = ECC_256v1_AlgoID;
- break;
-#endif
-
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
- case 48:
- oidSz = sizeof(ECC_384r1_AlgoID);
- oid = ECC_384r1_AlgoID;
- break;
-#endif
-
-#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
- case 66:
- oidSz = sizeof(ECC_521r1_AlgoID);
- oid = ECC_521r1_AlgoID;
- break;
-#endif
-
- default:
- return ASN_UNKNOWN_OID_E;
- }
- lenSz = SetLength(oidSz, output+idx);
- idx += lenSz;
-
- XMEMCPY(output+idx, oid, oidSz);
- idx += oidSz;
-
- return idx;
-}
-
-#endif /* HAVE_ECC && WOLFSSL_CERT_GEN */
-
-
-WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
-{
- /* adding TAG_NULL and 0 to end */
-
- /* hashTypes */
- static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a,
- 0x05, 0x00 };
- static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x01, 0x05, 0x00 };
- static const byte sha384AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x02, 0x05, 0x00 };
- static const byte sha512AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x03, 0x05, 0x00 };
- static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x02, 0x05, 0x05, 0x00 };
- static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x02, 0x02, 0x05, 0x00};
-
- /* blkTypes, no NULL tags because IV is there instead */
- static const byte desCbcAlgoID[] = { 0x2B, 0x0E, 0x03, 0x02, 0x07 };
- static const byte des3CbcAlgoID[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x03, 0x07 };
-
- /* RSA sigTypes */
- #ifndef NO_RSA
- static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00};
- static const byte shawRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00};
- static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00};
- static const byte sha384wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00};
- static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00};
- #endif /* NO_RSA */
-
- /* ECDSA sigTypes */
- #ifdef HAVE_ECC
- static const byte shawECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
- 0x04, 0x01, 0x05, 0x00};
- static const byte sha256wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
- 0x04, 0x03, 0x02, 0x05, 0x00};
- static const byte sha384wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
- 0x04, 0x03, 0x03, 0x05, 0x00};
- static const byte sha512wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
- 0x04, 0x03, 0x04, 0x05, 0x00};
- #endif /* HAVE_ECC */
-
- /* RSA keyType */
- #ifndef NO_RSA
- static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x01, 0x01, 0x05, 0x00};
- #endif /* NO_RSA */
-
- #ifdef HAVE_ECC
- /* ECC keyType */
- /* no tags, so set tagSz smaller later */
- static const byte ECC_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
- 0x02, 0x01};
- #endif /* HAVE_ECC */
-
- int algoSz = 0;
- int tagSz = 2; /* tag null and terminator */
- word32 idSz, seqSz;
- const byte* algoName = 0;
- byte ID_Length[MAX_LENGTH_SZ];
- byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */
-
- if (type == hashType) {
- switch (algoOID) {
- case SHAh:
- algoSz = sizeof(shaAlgoID);
- algoName = shaAlgoID;
- break;
-
- case SHA256h:
- algoSz = sizeof(sha256AlgoID);
- algoName = sha256AlgoID;
- break;
-
- case SHA384h:
- algoSz = sizeof(sha384AlgoID);
- algoName = sha384AlgoID;
- break;
-
- case SHA512h:
- algoSz = sizeof(sha512AlgoID);
- algoName = sha512AlgoID;
- break;
-
- case MD2h:
- algoSz = sizeof(md2AlgoID);
- algoName = md2AlgoID;
- break;
-
- case MD5h:
- algoSz = sizeof(md5AlgoID);
- algoName = md5AlgoID;
- break;
-
- default:
- WOLFSSL_MSG("Unknown Hash Algo");
- return 0; /* UNKOWN_HASH_E; */
- }
- }
- else if (type == blkType) {
- switch (algoOID) {
- case DESb:
- algoSz = sizeof(desCbcAlgoID);
- algoName = desCbcAlgoID;
- tagSz = 0;
- break;
- case DES3b:
- algoSz = sizeof(des3CbcAlgoID);
- algoName = des3CbcAlgoID;
- tagSz = 0;
- break;
- default:
- WOLFSSL_MSG("Unknown Block Algo");
- return 0;
- }
- }
- else if (type == sigType) { /* sigType */
- switch (algoOID) {
- #ifndef NO_RSA
- case CTC_MD5wRSA:
- algoSz = sizeof(md5wRSA_AlgoID);
- algoName = md5wRSA_AlgoID;
- break;
-
- case CTC_SHAwRSA:
- algoSz = sizeof(shawRSA_AlgoID);
- algoName = shawRSA_AlgoID;
- break;
-
- case CTC_SHA256wRSA:
- algoSz = sizeof(sha256wRSA_AlgoID);
- algoName = sha256wRSA_AlgoID;
- break;
-
- case CTC_SHA384wRSA:
- algoSz = sizeof(sha384wRSA_AlgoID);
- algoName = sha384wRSA_AlgoID;
- break;
-
- case CTC_SHA512wRSA:
- algoSz = sizeof(sha512wRSA_AlgoID);
- algoName = sha512wRSA_AlgoID;
- break;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- case CTC_SHAwECDSA:
- algoSz = sizeof(shawECDSA_AlgoID);
- algoName = shawECDSA_AlgoID;
- break;
-
- case CTC_SHA256wECDSA:
- algoSz = sizeof(sha256wECDSA_AlgoID);
- algoName = sha256wECDSA_AlgoID;
- break;
-
- case CTC_SHA384wECDSA:
- algoSz = sizeof(sha384wECDSA_AlgoID);
- algoName = sha384wECDSA_AlgoID;
- break;
-
- case CTC_SHA512wECDSA:
- algoSz = sizeof(sha512wECDSA_AlgoID);
- algoName = sha512wECDSA_AlgoID;
- break;
- #endif /* HAVE_ECC */
- default:
- WOLFSSL_MSG("Unknown Signature Algo");
- return 0;
- }
- }
- else if (type == keyType) { /* keyType */
- switch (algoOID) {
- #ifndef NO_RSA
- case RSAk:
- algoSz = sizeof(RSA_AlgoID);
- algoName = RSA_AlgoID;
- break;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- case ECDSAk:
- algoSz = sizeof(ECC_AlgoID);
- algoName = ECC_AlgoID;
- tagSz = 0;
- break;
- #endif /* HAVE_ECC */
- default:
- WOLFSSL_MSG("Unknown Key Algo");
- return 0;
- }
- }
- else {
- WOLFSSL_MSG("Unknown Algo type");
- return 0;
- }
-
- idSz = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */
- seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray);
- /* +1 for object id, curveID of curveSz follows for ecc */
- seqArray[seqSz++] = ASN_OBJECT_ID;
-
- XMEMCPY(output, seqArray, seqSz);
- XMEMCPY(output + seqSz, ID_Length, idSz);
- XMEMCPY(output + seqSz + idSz, algoName, algoSz);
-
- return seqSz + idSz + algoSz;
-
-}
-
-
-word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
- int hashOID)
-{
- byte digArray[MAX_ENCODED_DIG_SZ];
- byte algoArray[MAX_ALGO_SZ];
- byte seqArray[MAX_SEQ_SZ];
- word32 encDigSz, algoSz, seqSz;
-
- encDigSz = SetDigest(digest, digSz, digArray);
- algoSz = SetAlgoID(hashOID, algoArray, hashType, 0);
- seqSz = SetSequence(encDigSz + algoSz, seqArray);
-
- XMEMCPY(out, seqArray, seqSz);
- XMEMCPY(out + seqSz, algoArray, algoSz);
- XMEMCPY(out + seqSz + algoSz, digArray, encDigSz);
-
- return encDigSz + algoSz + seqSz;
-}
-
-
-int wc_GetCTC_HashOID(int type)
-{
- switch (type) {
-#ifdef WOLFSSL_MD2
- case MD2:
- return MD2h;
-#endif
-#ifndef NO_MD5
- case MD5:
- return MD5h;
-#endif
-#ifndef NO_SHA
- case SHA:
- return SHAh;
-#endif
-#ifndef NO_SHA256
- case SHA256:
- return SHA256h;
-#endif
-#ifdef WOLFSSL_SHA384
- case SHA384:
- return SHA384h;
-#endif
-#ifdef WOLFSSL_SHA512
- case SHA512:
- return SHA512h;
-#endif
- default:
- return 0;
- };
-}
-
-
-/* return true (1) or false (0) for Confirmation */
-static int ConfirmSignature(const byte* buf, word32 bufSz,
- const byte* key, word32 keySz, word32 keyOID,
- const byte* sig, word32 sigSz, word32 sigOID,
- void* heap)
-{
- int typeH = 0, digestSz = 0, ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- byte* digest;
-#else
- byte digest[MAX_DIGEST_SIZE];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- digest = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (digest == NULL)
- return 0; /* not confirmed */
-#endif
-
- (void)key;
- (void)keySz;
- (void)sig;
- (void)sigSz;
- (void)heap;
-
- switch (sigOID) {
- #ifndef NO_MD5
- case CTC_MD5wRSA:
- if (wc_Md5Hash(buf, bufSz, digest) == 0) {
- typeH = MD5h;
- digestSz = MD5_DIGEST_SIZE;
- }
- break;
- #endif
- #if defined(WOLFSSL_MD2)
- case CTC_MD2wRSA:
- if (wc_Md2Hash(buf, bufSz, digest) == 0) {
- typeH = MD2h;
- digestSz = MD2_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef NO_SHA
- case CTC_SHAwRSA:
- case CTC_SHAwDSA:
- case CTC_SHAwECDSA:
- if (wc_ShaHash(buf, bufSz, digest) == 0) {
- typeH = SHAh;
- digestSz = SHA_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef NO_SHA256
- case CTC_SHA256wRSA:
- case CTC_SHA256wECDSA:
- if (wc_Sha256Hash(buf, bufSz, digest) == 0) {
- typeH = SHA256h;
- digestSz = SHA256_DIGEST_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case CTC_SHA512wRSA:
- case CTC_SHA512wECDSA:
- if (wc_Sha512Hash(buf, bufSz, digest) == 0) {
- typeH = SHA512h;
- digestSz = SHA512_DIGEST_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case CTC_SHA384wRSA:
- case CTC_SHA384wECDSA:
- if (wc_Sha384Hash(buf, bufSz, digest) == 0) {
- typeH = SHA384h;
- digestSz = SHA384_DIGEST_SIZE;
- }
- break;
- #endif
- default:
- WOLFSSL_MSG("Verify Signautre has unsupported type");
- }
-
- if (typeH == 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return 0; /* not confirmed */
- }
-
- switch (keyOID) {
- #ifndef NO_RSA
- case RSAk:
- {
- word32 idx = 0;
- int encodedSigSz, verifySz;
- byte* out;
-#ifdef WOLFSSL_SMALL_STACK
- RsaKey* pubKey;
- byte* plain;
- byte* encodedSig;
-#else
- RsaKey pubKey[1];
- byte plain[MAX_ENCODED_SIG_SZ];
- byte encodedSig[MAX_ENCODED_SIG_SZ];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- plain = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
-
- if (pubKey == NULL || plain == NULL || encodedSig == NULL) {
- WOLFSSL_MSG("Failed to allocate memory at ConfirmSignature");
-
- if (pubKey)
- XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (plain)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig)
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- break; /* not confirmed */
- }
-#endif
-
- if (sigSz > MAX_ENCODED_SIG_SZ) {
- WOLFSSL_MSG("Verify Signautre is too big");
- }
- else if (wc_InitRsaKey(pubKey, heap) != 0) {
- WOLFSSL_MSG("InitRsaKey failed");
- }
- else if (wc_RsaPublicKeyDecode(key, &idx, pubKey, keySz) < 0) {
- WOLFSSL_MSG("ASN Key decode error RSA");
- }
- else {
- XMEMCPY(plain, sig, sigSz);
-
- if ((verifySz = wc_RsaSSL_VerifyInline(plain, sigSz, &out,
- pubKey)) < 0) {
- WOLFSSL_MSG("Rsa SSL verify error");
- }
- else {
- /* make sure we're right justified */
- encodedSigSz =
- wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
- if (encodedSigSz != verifySz ||
- XMEMCMP(out, encodedSig, encodedSigSz) != 0) {
- WOLFSSL_MSG("Rsa SSL verify match encode error");
- }
- else
- ret = 1; /* match */
-
- #ifdef WOLFSSL_DEBUG_ENCODING
- {
- int x;
-
- printf("wolfssl encodedSig:\n");
-
- for (x = 0; x < encodedSigSz; x++) {
- printf("%02x ", encodedSig[x]);
- if ( (x % 16) == 15)
- printf("\n");
- }
-
- printf("\n");
- printf("actual digest:\n");
-
- for (x = 0; x < verifySz; x++) {
- printf("%02x ", out[x]);
- if ( (x % 16) == 15)
- printf("\n");
- }
-
- printf("\n");
- }
- #endif /* WOLFSSL_DEBUG_ENCODING */
-
- }
-
- }
-
- wc_FreeRsaKey(pubKey);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- break;
- }
-
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- case ECDSAk:
- {
- int verify = 0;
-#ifdef WOLFSSL_SMALL_STACK
- ecc_key* pubKey;
-#else
- ecc_key pubKey[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- pubKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pubKey == NULL) {
- WOLFSSL_MSG("Failed to allocate pubKey");
- break; /* not confirmed */
- }
-#endif
-
- if (wc_ecc_init(pubKey) < 0) {
- WOLFSSL_MSG("Failed to initialize key");
- break; /* not confirmed */
- }
- if (wc_ecc_import_x963(key, keySz, pubKey) < 0) {
- WOLFSSL_MSG("ASN Key import error ECC");
- }
- else {
- if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &verify,
- pubKey) != 0) {
- WOLFSSL_MSG("ECC verify hash error");
- }
- else if (1 != verify) {
- WOLFSSL_MSG("ECC Verify didn't match");
- } else
- ret = 1; /* match */
-
- }
- wc_ecc_free(pubKey);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- break;
- }
- #endif /* HAVE_ECC */
- default:
- WOLFSSL_MSG("Verify Key type unknown");
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-#ifndef IGNORE_NAME_CONSTRAINTS
-
-static int MatchBaseName(int type, const char* name, int nameSz,
- const char* base, int baseSz)
-{
- if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 ||
- name[0] == '.' || nameSz < baseSz ||
- (type != ASN_RFC822_TYPE && type != ASN_DNS_TYPE))
- return 0;
-
- /* If an email type, handle special cases where the base is only
- * a domain, or is an email address itself. */
- if (type == ASN_RFC822_TYPE) {
- const char* p = NULL;
- int count = 0;
-
- if (base[0] != '.') {
- p = base;
- count = 0;
-
- /* find the '@' in the base */
- while (*p != '@' && count < baseSz) {
- count++;
- p++;
- }
-
- /* No '@' in base, reset p to NULL */
- if (count >= baseSz)
- p = NULL;
- }
-
- if (p == NULL) {
- /* Base isn't an email address, it is a domain name,
- * wind the name forward one character past its '@'. */
- p = name;
- count = 0;
- while (*p != '@' && count < baseSz) {
- count++;
- p++;
- }
-
- if (count < baseSz && *p == '@') {
- name = p + 1;
- nameSz -= count + 1;
- }
- }
- }
-
- if ((type == ASN_DNS_TYPE || type == ASN_RFC822_TYPE) && base[0] == '.') {
- int szAdjust = nameSz - baseSz;
- name += szAdjust;
- nameSz -= szAdjust;
- }
-
- while (nameSz > 0) {
- if (XTOLOWER((unsigned char)*name++) !=
- XTOLOWER((unsigned char)*base++))
- return 0;
- nameSz--;
- }
-
- return 1;
-}
-
-
-static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
-{
- if (signer == NULL || cert == NULL)
- return 0;
-
- /* Check against the excluded list */
- if (signer->excludedNames) {
- Base_entry* base = signer->excludedNames;
-
- while (base != NULL) {
- if (base->type == ASN_DNS_TYPE) {
- DNS_entry* name = cert->altNames;
- while (name != NULL) {
- if (MatchBaseName(ASN_DNS_TYPE,
- name->name, (int)XSTRLEN(name->name),
- base->name, base->nameSz))
- return 0;
- name = name->next;
- }
- }
- else if (base->type == ASN_RFC822_TYPE) {
- DNS_entry* name = cert->altEmailNames;
- while (name != NULL) {
- if (MatchBaseName(ASN_RFC822_TYPE,
- name->name, (int)XSTRLEN(name->name),
- base->name, base->nameSz))
- return 0;
-
- name = name->next;
- }
- }
- else if (base->type == ASN_DIR_TYPE) {
- if (cert->subjectRawLen == base->nameSz &&
- XMEMCMP(cert->subjectRaw, base->name, base->nameSz) == 0) {
-
- return 0;
- }
- }
- base = base->next;
- }
- }
-
- /* Check against the permitted list */
- if (signer->permittedNames != NULL) {
- int needDns = 0;
- int matchDns = 0;
- int needEmail = 0;
- int matchEmail = 0;
- int needDir = 0;
- int matchDir = 0;
- Base_entry* base = signer->permittedNames;
-
- while (base != NULL) {
- if (base->type == ASN_DNS_TYPE) {
- DNS_entry* name = cert->altNames;
-
- if (name != NULL)
- needDns = 1;
-
- while (name != NULL) {
- matchDns = MatchBaseName(ASN_DNS_TYPE,
- name->name, (int)XSTRLEN(name->name),
- base->name, base->nameSz);
- name = name->next;
- }
- }
- else if (base->type == ASN_RFC822_TYPE) {
- DNS_entry* name = cert->altEmailNames;
-
- if (name != NULL)
- needEmail = 1;
-
- while (name != NULL) {
- matchEmail = MatchBaseName(ASN_DNS_TYPE,
- name->name, (int)XSTRLEN(name->name),
- base->name, base->nameSz);
- name = name->next;
- }
- }
- else if (base->type == ASN_DIR_TYPE) {
- needDir = 1;
- if (cert->subjectRaw != NULL &&
- cert->subjectRawLen == base->nameSz &&
- XMEMCMP(cert->subjectRaw, base->name, base->nameSz) == 0) {
-
- matchDir = 1;
- }
- }
- base = base->next;
- }
-
- if ((needDns && !matchDns) || (needEmail && !matchEmail) ||
- (needDir && !matchDir)) {
-
- return 0;
- }
- }
-
- return 1;
-}
-
-#endif /* IGNORE_NAME_CONSTRAINTS */
-
-
-static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0;
- int length = 0;
-
- WOLFSSL_ENTER("DecodeAltNames");
-
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tBad Sequence");
- return ASN_PARSE_E;
- }
-
- cert->weOwnAltNames = 1;
-
- while (length > 0) {
- byte b = input[idx++];
-
- length--;
-
- /* Save DNS Type names in the altNames list. */
- /* Save Other Type names in the cert's OidMap */
- if (b == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
- DNS_entry* dnsEntry;
- int strLen;
- word32 lenStartIdx = idx;
-
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- length -= (idx - lenStartIdx);
-
- dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (dnsEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return ASN_PARSE_E;
- }
-
- dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (dnsEntry->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return ASN_PARSE_E;
- }
-
- XMEMCPY(dnsEntry->name, &input[idx], strLen);
- dnsEntry->name[strLen] = '\0';
-
- dnsEntry->next = cert->altNames;
- cert->altNames = dnsEntry;
-
- length -= strLen;
- idx += strLen;
- }
-#ifndef IGNORE_NAME_CONSTRAINTS
- else if (b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
- DNS_entry* emailEntry;
- int strLen;
- word32 lenStartIdx = idx;
-
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- length -= (idx - lenStartIdx);
-
- emailEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (emailEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return ASN_PARSE_E;
- }
-
- emailEntry->name = (char*)XMALLOC(strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (emailEntry->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return ASN_PARSE_E;
- }
-
- XMEMCPY(emailEntry->name, &input[idx], strLen);
- emailEntry->name[strLen] = '\0';
-
- emailEntry->next = cert->altEmailNames;
- cert->altEmailNames = emailEntry;
-
- length -= strLen;
- idx += strLen;
- }
-#endif /* IGNORE_NAME_CONSTRAINTS */
-#ifdef WOLFSSL_SEP
- else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE))
- {
- int strLen;
- word32 lenStartIdx = idx;
- word32 oid = 0;
-
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: other name length");
- return ASN_PARSE_E;
- }
- /* Consume the rest of this sequence. */
- length -= (strLen + idx - lenStartIdx);
-
- if (GetObjectId(input, &idx, &oid, sz) < 0) {
- WOLFSSL_MSG("\tbad OID");
- return ASN_PARSE_E;
- }
-
- if (oid != HW_NAME_OID) {
- WOLFSSL_MSG("\tincorrect OID");
- return ASN_PARSE_E;
- }
-
- if (input[idx++] != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
- WOLFSSL_MSG("\twrong type");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str len");
- return ASN_PARSE_E;
- }
-
- if (GetSequence(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tBad Sequence");
- return ASN_PARSE_E;
- }
-
- if (input[idx++] != ASN_OBJECT_ID) {
- WOLFSSL_MSG("\texpected OID");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfailed: str len");
- return ASN_PARSE_E;
- }
-
- cert->hwType = (byte*)XMALLOC(strLen, cert->heap, 0);
- if (cert->hwType == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
-
- XMEMCPY(cert->hwType, &input[idx], strLen);
- cert->hwTypeSz = strLen;
- idx += strLen;
-
- if (input[idx++] != ASN_OCTET_STRING) {
- WOLFSSL_MSG("\texpected Octet String");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfailed: str len");
- return ASN_PARSE_E;
- }
-
- cert->hwSerialNum = (byte*)XMALLOC(strLen + 1, cert->heap, 0);
- if (cert->hwSerialNum == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
-
- XMEMCPY(cert->hwSerialNum, &input[idx], strLen);
- cert->hwSerialNum[strLen] = '\0';
- cert->hwSerialNumSz = strLen;
- idx += strLen;
- }
-#endif /* WOLFSSL_SEP */
- else {
- int strLen;
- word32 lenStartIdx = idx;
-
- WOLFSSL_MSG("\tUnsupported name type, skipping");
-
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: unsupported name length");
- return ASN_PARSE_E;
- }
- length -= (strLen + idx - lenStartIdx);
- idx += strLen;
- }
- }
- return 0;
-}
-
-
-static int DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0;
- int length = 0;
-
- WOLFSSL_ENTER("DecodeBasicCaConstraint");
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: bad SEQUENCE");
- return ASN_PARSE_E;
- }
-
- if (length == 0)
- return 0;
-
- /* If the basic ca constraint is false, this extension may be named, but
- * left empty. So, if the length is 0, just return. */
-
- if (input[idx++] != ASN_BOOLEAN)
- {
- WOLFSSL_MSG("\tfail: constraint not BOOLEAN");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &length, sz) < 0)
- {
- WOLFSSL_MSG("\tfail: length");
- return ASN_PARSE_E;
- }
-
- if (input[idx++])
- cert->isCA = 1;
-
- #ifdef OPENSSL_EXTRA
- /* If there isn't any more data, return. */
- if (idx >= (word32)sz)
- return 0;
-
- /* Anything left should be the optional pathlength */
- if (input[idx++] != ASN_INTEGER) {
- WOLFSSL_MSG("\tfail: pathlen not INTEGER");
- return ASN_PARSE_E;
- }
-
- if (input[idx++] != 1) {
- WOLFSSL_MSG("\tfail: pathlen too long");
- return ASN_PARSE_E;
- }
-
- cert->pathLength = input[idx];
- cert->extBasicConstPlSet = 1;
- #endif /* OPENSSL_EXTRA */
-
- return 0;
-}
-
-
-#define CRLDP_FULL_NAME 0
- /* From RFC3280 SS4.2.1.14, Distribution Point Name*/
-#define GENERALNAME_URI 6
- /* From RFC3280 SS4.2.1.7, GeneralName */
-
-static int DecodeCrlDist(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0;
- int length = 0;
-
- WOLFSSL_ENTER("DecodeCrlDist");
-
- /* Unwrap the list of Distribution Points*/
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- /* Unwrap a single Distribution Point */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- /* The Distribution Point has three explicit optional members
- * First check for a DistributionPointName
- */
- if (input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (input[idx] ==
- (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CRLDP_FULL_NAME))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- cert->extCrlInfoSz = length;
- cert->extCrlInfo = input + idx;
- idx += length;
- }
- else
- /* This isn't a URI, skip it. */
- idx += length;
- }
- else
- /* This isn't a FULLNAME, skip it. */
- idx += length;
- }
-
- /* Check for reasonFlags */
- if (idx < (word32)sz &&
- input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- idx += length;
- }
-
- /* Check for cRLIssuer */
- if (idx < (word32)sz &&
- input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- idx += length;
- }
-
- if (idx < (word32)sz)
- {
- WOLFSSL_MSG("\tThere are more CRL Distribution Point records, "
- "but we only use the first one.");
- }
-
- return 0;
-}
-
-
-static int DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
-/*
- * Read the first of the Authority Information Access records. If there are
- * any issues, return without saving the record.
- */
-{
- word32 idx = 0;
- int length = 0;
- byte b;
- word32 oid;
-
- WOLFSSL_ENTER("DecodeAuthInfo");
-
- /* Unwrap the list of AIAs */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- while (idx < (word32)sz) {
- /* Unwrap a single AIA */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- oid = 0;
- if (GetObjectId(input, &idx, &oid, sz) < 0)
- return ASN_PARSE_E;
-
- /* Only supporting URIs right now. */
- b = input[idx++];
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) &&
- oid == AIA_OCSP_OID)
- {
- cert->extAuthInfoSz = length;
- cert->extAuthInfo = input + idx;
- break;
- }
- idx += length;
- }
-
- return 0;
-}
-
-
-static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0;
- int length = 0, ret = 0;
-
- WOLFSSL_ENTER("DecodeAuthKeyId");
-
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE\n");
- return ASN_PARSE_E;
- }
-
- if (input[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) {
- WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available\n");
- return 0;
- }
-
- if (GetLength(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: extension data length");
- return ASN_PARSE_E;
- }
-
- #ifdef OPENSSL_EXTRA
- cert->extAuthKeyIdSrc = &input[idx];
- cert->extAuthKeyIdSz = length;
- #endif /* OPENSSL_EXTRA */
-
- if (length == KEYID_SIZE) {
- XMEMCPY(cert->extAuthKeyId, input + idx, length);
- }
- else {
- #ifdef NO_SHA
- ret = wc_Sha256Hash(input + idx, length, cert->extAuthKeyId);
- #else
- ret = wc_ShaHash(input + idx, length, cert->extAuthKeyId);
- #endif
- }
-
- return ret;
-}
-
-
-static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0;
- int length = 0, ret = 0;
-
- WOLFSSL_ENTER("DecodeSubjKeyId");
-
- if (input[idx++] != ASN_OCTET_STRING) {
- WOLFSSL_MSG("\tfail: should be an OCTET STRING");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: extension data length");
- return ASN_PARSE_E;
- }
-
- #ifdef OPENSSL_EXTRA
- cert->extSubjKeyIdSrc = &input[idx];
- cert->extSubjKeyIdSz = length;
- #endif /* OPENSSL_EXTRA */
-
- if (length == SIGNER_DIGEST_SIZE) {
- XMEMCPY(cert->extSubjKeyId, input + idx, length);
- }
- else {
- #ifdef NO_SHA
- ret = wc_Sha256Hash(input + idx, length, cert->extSubjKeyId);
- #else
- ret = wc_ShaHash(input + idx, length, cert->extSubjKeyId);
- #endif
- }
-
- return ret;
-}
-
-
-static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0;
- int length;
- byte unusedBits;
- WOLFSSL_ENTER("DecodeKeyUsage");
-
- if (input[idx++] != ASN_BIT_STRING) {
- WOLFSSL_MSG("\tfail: key usage expected bit string");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: key usage bad length");
- return ASN_PARSE_E;
- }
-
- unusedBits = input[idx++];
- length--;
-
- if (length == 2) {
- cert->extKeyUsage = (word16)((input[idx] << 8) | input[idx+1]);
- cert->extKeyUsage >>= unusedBits;
- }
- else if (length == 1)
- cert->extKeyUsage = (word16)(input[idx] << 1);
-
- return 0;
-}
-
-
-static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0, oid;
- int length;
-
- WOLFSSL_ENTER("DecodeExtKeyUsage");
-
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
-
- #ifdef OPENSSL_EXTRA
- cert->extExtKeyUsageSrc = input + idx;
- cert->extExtKeyUsageSz = length;
- #endif
-
- while (idx < (word32)sz) {
- if (GetObjectId(input, &idx, &oid, sz) < 0)
- return ASN_PARSE_E;
-
- switch (oid) {
- case EKU_ANY_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_ANY;
- break;
- case EKU_SERVER_AUTH_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
- break;
- case EKU_CLIENT_AUTH_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
- break;
- case EKU_OCSP_SIGN_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
- break;
- }
-
- #ifdef OPENSSL_EXTRA
- cert->extExtKeyUsageCount++;
- #endif
- }
-
- return 0;
-}
-
-
-#ifndef IGNORE_NAME_CONSTRAINTS
-static int DecodeSubtree(byte* input, int sz, Base_entry** head, void* heap)
-{
- word32 idx = 0;
-
- (void)heap;
-
- while (idx < (word32)sz) {
- int seqLength, strLength;
- word32 nameIdx;
- byte b;
-
- if (GetSequence(input, &idx, &seqLength, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
-
- nameIdx = idx;
- b = input[nameIdx++];
- if (GetLength(input, &nameIdx, &strLength, sz) <= 0) {
- WOLFSSL_MSG("\tinvalid length");
- return ASN_PARSE_E;
- }
-
- if (b == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE) ||
- b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE) ||
- b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
-
- Base_entry* entry = (Base_entry*)XMALLOC(sizeof(Base_entry),
- heap, DYNAMIC_TYPE_ALTNAME);
-
- if (entry == NULL) {
- WOLFSSL_MSG("allocate error");
- return MEMORY_E;
- }
-
- entry->name = (char*)XMALLOC(strLength, heap, DYNAMIC_TYPE_ALTNAME);
- if (entry->name == NULL) {
- WOLFSSL_MSG("allocate error");
- return MEMORY_E;
- }
-
- XMEMCPY(entry->name, &input[nameIdx], strLength);
- entry->nameSz = strLength;
- entry->type = b & 0x0F;
-
- entry->next = *head;
- *head = entry;
- }
-
- idx += seqLength;
- }
-
- return 0;
-}
-
-
-static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert)
-{
- word32 idx = 0;
- int length = 0;
-
- WOLFSSL_ENTER("DecodeNameConstraints");
-
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
-
- while (idx < (word32)sz) {
- byte b = input[idx++];
- Base_entry** subtree = NULL;
-
- if (GetLength(input, &idx, &length, sz) <= 0) {
- WOLFSSL_MSG("\tinvalid length");
- return ASN_PARSE_E;
- }
-
- if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))
- subtree = &cert->permittedNames;
- else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
- subtree = &cert->excludedNames;
- else {
- WOLFSSL_MSG("\tinvalid subtree");
- return ASN_PARSE_E;
- }
-
- DecodeSubtree(input + idx, length, subtree, cert->heap);
-
- idx += length;
- }
-
- return 0;
-}
-#endif /* IGNORE_NAME_CONSTRAINTS */
-
-
-#ifdef WOLFSSL_SEP
- static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert)
- {
- word32 idx = 0;
- int length = 0;
-
- WOLFSSL_ENTER("DecodeCertPolicy");
-
- /* Unwrap certificatePolicies */
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tdeviceType isn't OID");
- return ASN_PARSE_E;
- }
-
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tdeviceType isn't OID");
- return ASN_PARSE_E;
- }
-
- if (input[idx++] != ASN_OBJECT_ID) {
- WOLFSSL_MSG("\tdeviceType isn't OID");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tCouldn't read length of deviceType");
- return ASN_PARSE_E;
- }
-
- if (length > 0) {
- cert->deviceType = (byte*)XMALLOC(length, cert->heap, 0);
- if (cert->deviceType == NULL) {
- WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
- return MEMORY_E;
- }
- cert->deviceTypeSz = length;
- XMEMCPY(cert->deviceType, input + idx, length);
- }
-
- WOLFSSL_LEAVE("DecodeCertPolicy", 0);
- return 0;
- }
-#endif /* WOLFSSL_SEP */
-
-
-static int DecodeCertExtensions(DecodedCert* cert)
-/*
- * Processing the Certificate Extensions. This does not modify the current
- * index. It is works starting with the recorded extensions pointer.
- */
-{
- word32 idx = 0;
- int sz = cert->extensionsSz;
- byte* input = cert->extensions;
- int length;
- word32 oid;
- byte critical = 0;
- byte criticalFail = 0;
-
- WOLFSSL_ENTER("DecodeCertExtensions");
-
- if (input == NULL || sz == 0)
- return BAD_FUNC_ARG;
-
- if (input[idx++] != ASN_EXTENSIONS)
- return ASN_PARSE_E;
-
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
-
- while (idx < (word32)sz) {
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
-
- oid = 0;
- if (GetObjectId(input, &idx, &oid, sz) < 0) {
- WOLFSSL_MSG("\tfail: OBJECT ID");
- return ASN_PARSE_E;
- }
-
- /* check for critical flag */
- critical = 0;
- if (input[idx] == ASN_BOOLEAN) {
- int boolLength = 0;
- idx++;
- if (GetLength(input, &idx, &boolLength, sz) < 0) {
- WOLFSSL_MSG("\tfail: critical boolean length");
- return ASN_PARSE_E;
- }
- if (input[idx++])
- critical = 1;
- }
-
- /* process the extension based on the OID */
- if (input[idx++] != ASN_OCTET_STRING) {
- WOLFSSL_MSG("\tfail: should be an OCTET STRING");
- return ASN_PARSE_E;
- }
-
- if (GetLength(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: extension data length");
- return ASN_PARSE_E;
- }
-
- switch (oid) {
- case BASIC_CA_OID:
- #ifdef OPENSSL_EXTRA
- cert->extBasicConstSet = 1;
- cert->extBasicConstCrit = critical;
- #endif
- if (DecodeBasicCaConstraint(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- case CRL_DIST_OID:
- if (DecodeCrlDist(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- case AUTH_INFO_OID:
- if (DecodeAuthInfo(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- case ALT_NAMES_OID:
- #ifdef OPENSSL_EXTRA
- cert->extSubjAltNameSet = 1;
- cert->extSubjAltNameCrit = critical;
- #endif
- if (DecodeAltNames(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- case AUTH_KEY_OID:
- cert->extAuthKeyIdSet = 1;
- #ifdef OPENSSL_EXTRA
- cert->extAuthKeyIdCrit = critical;
- #endif
- if (DecodeAuthKeyId(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- case SUBJ_KEY_OID:
- cert->extSubjKeyIdSet = 1;
- #ifdef OPENSSL_EXTRA
- cert->extSubjKeyIdCrit = critical;
- #endif
- if (DecodeSubjKeyId(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- case CERT_POLICY_OID:
- WOLFSSL_MSG("Certificate Policy extension not supported yet.");
- #ifdef WOLFSSL_SEP
- #ifdef OPENSSL_EXTRA
- cert->extCertPolicySet = 1;
- cert->extCertPolicyCrit = critical;
- #endif
- if (DecodeCertPolicy(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- #endif
- break;
-
- case KEY_USAGE_OID:
- cert->extKeyUsageSet = 1;
- #ifdef OPENSSL_EXTRA
- cert->extKeyUsageCrit = critical;
- #endif
- if (DecodeKeyUsage(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- case EXT_KEY_USAGE_OID:
- cert->extExtKeyUsageSet = 1;
- #ifdef OPENSSL_EXTRA
- cert->extExtKeyUsageCrit = critical;
- #endif
- if (DecodeExtKeyUsage(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
-
- #ifndef IGNORE_NAME_CONSTRAINTS
- case NAME_CONS_OID:
- cert->extNameConstraintSet = 1;
- #ifdef OPENSSL_EXTRA
- cert->extNameConstraintCrit = critical;
- #endif
- if (DecodeNameConstraints(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
- #endif /* IGNORE_NAME_CONSTRAINTS */
-
- case INHIBIT_ANY_OID:
- WOLFSSL_MSG("Inhibit anyPolicy extension not supported yet.");
- break;
-
- default:
- /* While it is a failure to not support critical extensions,
- * still parse the certificate ignoring the unsupported
- * extention to allow caller to accept it with the verify
- * callback. */
- if (critical)
- criticalFail = 1;
- break;
- }
- idx += length;
- }
-
- return criticalFail ? ASN_CRIT_EXT_E : 0;
-}
-
-
-int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
-{
- int ret;
- char* ptr;
-
- ret = ParseCertRelative(cert, type, verify, cm);
- if (ret < 0)
- return ret;
-
- if (cert->subjectCNLen > 0) {
- ptr = (char*) XMALLOC(cert->subjectCNLen + 1, cert->heap,
- DYNAMIC_TYPE_SUBJECT_CN);
- if (ptr == NULL)
- return MEMORY_E;
- XMEMCPY(ptr, cert->subjectCN, cert->subjectCNLen);
- ptr[cert->subjectCNLen] = '\0';
- cert->subjectCN = ptr;
- cert->subjectCNStored = 1;
- }
-
- if (cert->keyOID == RSAk &&
- cert->publicKey != NULL && cert->pubKeySize > 0) {
- ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap,
- DYNAMIC_TYPE_PUBLIC_KEY);
- if (ptr == NULL)
- return MEMORY_E;
- XMEMCPY(ptr, cert->publicKey, cert->pubKeySize);
- cert->publicKey = (byte *)ptr;
- cert->pubKeyStored = 1;
- }
-
- return ret;
-}
-
-
-/* from SSL proper, for locking can't do find here anymore */
-#ifdef __cplusplus
- extern "C" {
-#endif
- WOLFSSL_LOCAL Signer* GetCA(void* signers, byte* hash);
- #ifndef NO_SKID
- WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash);
- #endif
-#ifdef __cplusplus
- }
-#endif
-
-
-int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
-{
- word32 confirmOID;
- int ret;
- int badDate = 0;
- int criticalExt = 0;
-
- if ((ret = DecodeToKey(cert, verify)) < 0) {
- if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E)
- badDate = ret;
- else
- return ret;
- }
-
- WOLFSSL_MSG("Parsed Past Key");
-
- if (cert->srcIdx < cert->sigIndex) {
- #ifndef ALLOW_V1_EXTENSIONS
- if (cert->version < 2) {
- WOLFSSL_MSG(" v1 and v2 certs not allowed extensions");
- return ASN_VERSION_E;
- }
- #endif
- /* save extensions */
- cert->extensions = &cert->source[cert->srcIdx];
- cert->extensionsSz = cert->sigIndex - cert->srcIdx;
- cert->extensionsIdx = cert->srcIdx; /* for potential later use */
-
- if ((ret = DecodeCertExtensions(cert)) < 0) {
- if (ret == ASN_CRIT_EXT_E)
- criticalExt = ret;
- else
- return ret;
- }
-
- /* advance past extensions */
- cert->srcIdx = cert->sigIndex;
- }
-
- if ((ret = GetAlgoId(cert->source, &cert->srcIdx, &confirmOID,
- cert->maxIdx)) < 0)
- return ret;
-
- if ((ret = GetSignature(cert)) < 0)
- return ret;
-
- if (confirmOID != cert->signatureOID)
- return ASN_SIG_OID_E;
-
- #ifndef NO_SKID
- if (cert->extSubjKeyIdSet == 0
- && cert->publicKey != NULL && cert->pubKeySize > 0) {
- #ifdef NO_SHA
- ret = wc_Sha256Hash(cert->publicKey, cert->pubKeySize,
- cert->extSubjKeyId);
- #else
- ret = wc_ShaHash(cert->publicKey, cert->pubKeySize,
- cert->extSubjKeyId);
- #endif
- if (ret != 0)
- return ret;
- }
- #endif
-
- if (verify && type != CA_TYPE) {
- Signer* ca = NULL;
- #ifndef NO_SKID
- if (cert->extAuthKeyIdSet)
- ca = GetCA(cm, cert->extAuthKeyId);
- if (ca == NULL)
- ca = GetCAByName(cm, cert->issuerHash);
- #else /* NO_SKID */
- ca = GetCA(cm, cert->issuerHash);
- #endif /* NO SKID */
- WOLFSSL_MSG("About to verify certificate signature");
-
- if (ca) {
-#ifdef HAVE_OCSP
- /* Need the ca's public key hash for OCSP */
- #ifdef NO_SHA
- ret = wc_Sha256Hash(ca->publicKey, ca->pubKeySize,
- cert->issuerKeyHash);
- #else /* NO_SHA */
- ret = wc_ShaHash(ca->publicKey, ca->pubKeySize,
- cert->issuerKeyHash);
- #endif /* NO_SHA */
- if (ret != 0)
- return ret;
-#endif /* HAVE_OCSP */
- /* try to confirm/verify signature */
- if (!ConfirmSignature(cert->source + cert->certBegin,
- cert->sigIndex - cert->certBegin,
- ca->publicKey, ca->pubKeySize, ca->keyOID,
- cert->signature, cert->sigLength, cert->signatureOID,
- cert->heap)) {
- WOLFSSL_MSG("Confirm signature failed");
- return ASN_SIG_CONFIRM_E;
- }
-#ifndef IGNORE_NAME_CONSTRAINTS
- /* check that this cert's name is permitted by the signer's
- * name constraints */
- if (!ConfirmNameConstraints(ca, cert)) {
- WOLFSSL_MSG("Confirm name constraint failed");
- return ASN_NAME_INVALID_E;
- }
-#endif /* IGNORE_NAME_CONSTRAINTS */
- }
- else {
- /* no signer */
- WOLFSSL_MSG("No CA signer to verify with");
- return ASN_NO_SIGNER_E;
- }
- }
- if (badDate != 0)
- return badDate;
-
- if (criticalExt != 0)
- return criticalExt;
-
- return 0;
-}
-
-
-/* Create and init an new signer */
-Signer* MakeSigner(void* heap)
-{
- Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap,
- DYNAMIC_TYPE_SIGNER);
- if (signer) {
- signer->pubKeySize = 0;
- signer->keyOID = 0;
- signer->publicKey = NULL;
- signer->nameLen = 0;
- signer->name = NULL;
- #ifndef IGNORE_NAME_CONSTRAINTS
- signer->permittedNames = NULL;
- signer->excludedNames = NULL;
- #endif /* IGNORE_NAME_CONSTRAINTS */
- signer->next = NULL;
- }
- (void)heap;
-
- return signer;
-}
-
-
-/* Free an individual signer */
-void FreeSigner(Signer* signer, void* heap)
-{
- XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
- XFREE(signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
- #ifndef IGNORE_NAME_CONSTRAINTS
- if (signer->permittedNames)
- FreeNameSubtrees(signer->permittedNames, heap);
- if (signer->excludedNames)
- FreeNameSubtrees(signer->excludedNames, heap);
- #endif
- XFREE(signer, heap, DYNAMIC_TYPE_SIGNER);
-
- (void)heap;
-}
-
-
-/* Free the whole singer table with number of rows */
-void FreeSignerTable(Signer** table, int rows, void* heap)
-{
- int i;
-
- for (i = 0; i < rows; i++) {
- Signer* signer = table[i];
- while (signer) {
- Signer* next = signer->next;
- FreeSigner(signer, heap);
- signer = next;
- }
- table[i] = NULL;
- }
-}
-
-
-WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header)
-{
- int i = 0;
-
- if (header) {
- output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
- output[i++] = ASN_BIT_STRING;
- }
- output[i++] = ASN_INTEGER;
- output[i++] = 0x01;
- output[i++] = (byte)version;
-
- return i;
-}
-
-
-WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
-{
- int result = 0;
-
- WOLFSSL_ENTER("SetSerialNumber");
-
- if (snSz <= EXTERNAL_SERIAL_SIZE) {
- output[0] = ASN_INTEGER;
- /* The serial number is always positive. When encoding the
- * INTEGER, if the MSB is 1, add a padding zero to keep the
- * number positive. */
- if (sn[0] & 0x80) {
- output[1] = (byte)snSz + 1;
- output[2] = 0;
- XMEMCPY(&output[3], sn, snSz);
- result = snSz + 3;
- }
- else {
- output[1] = (byte)snSz;
- XMEMCPY(&output[2], sn, snSz);
- result = snSz + 2;
- }
- }
- return result;
-}
-
-
-
-
-#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
-
-/* convert der buffer to pem into output, can't do inplace, der and output
- need to be different */
-int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
- int type)
-{
-#ifdef WOLFSSL_SMALL_STACK
- char* header = NULL;
- char* footer = NULL;
-#else
- char header[80];
- char footer[80];
-#endif
-
- int headerLen = 80;
- int footerLen = 80;
- int i;
- int err;
- int outLen; /* return length or error */
-
- if (der == output) /* no in place conversion */
- return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
- header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (header == NULL)
- return MEMORY_E;
-
- footer = (char*)XMALLOC(footerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (footer == NULL) {
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- if (type == CERT_TYPE) {
- XSTRNCPY(header, "-----BEGIN CERTIFICATE-----\n", headerLen);
- XSTRNCPY(footer, "-----END CERTIFICATE-----\n", footerLen);
- }
- else if (type == PRIVATEKEY_TYPE) {
- XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----\n", headerLen);
- XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----\n", footerLen);
- }
- #ifdef HAVE_ECC
- else if (type == ECC_PRIVATEKEY_TYPE) {
- XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----\n", headerLen);
- XSTRNCPY(footer, "-----END EC PRIVATE KEY-----\n", footerLen);
- }
- #endif
- #ifdef WOLFSSL_CERT_REQ
- else if (type == CERTREQ_TYPE)
- {
- XSTRNCPY(header,
- "-----BEGIN CERTIFICATE REQUEST-----\n", headerLen);
- XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----\n", footerLen);
- }
- #endif
- else {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BAD_FUNC_ARG;
- }
-
- headerLen = (int)XSTRLEN(header);
- footerLen = (int)XSTRLEN(footer);
-
- if (!der || !output) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BAD_FUNC_ARG;
- }
-
- /* don't even try if outSz too short */
- if (outSz < headerLen + footerLen + derSz) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BAD_FUNC_ARG;
- }
-
- /* header */
- XMEMCPY(output, header, headerLen);
- i = headerLen;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- /* body */
- outLen = outSz - (headerLen + footerLen); /* input to Base64_Encode */
- if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return err;
- }
- i += outLen;
-
- /* footer */
- if ( (i + footerLen) > (int)outSz) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BAD_FUNC_ARG;
- }
- XMEMCPY(output + i, footer, footerLen);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return outLen + headerLen + footerLen;
-}
-
-
-#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
-
-
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-
-
-static mp_int* GetRsaInt(RsaKey* key, int idx)
-{
- if (idx == 0)
- return &key->n;
- if (idx == 1)
- return &key->e;
- if (idx == 2)
- return &key->d;
- if (idx == 3)
- return &key->p;
- if (idx == 4)
- return &key->q;
- if (idx == 5)
- return &key->dP;
- if (idx == 6)
- return &key->dQ;
- if (idx == 7)
- return &key->u;
-
- return NULL;
-}
-
-
-/* Release Tmp RSA resources */
-static INLINE void FreeTmpRsas(byte** tmps, void* heap)
-{
- int i;
-
- (void)heap;
-
- for (i = 0; i < RSA_INTS; i++)
- XFREE(tmps[i], heap, DYNAMIC_TYPE_RSA);
-}
-
-
-/* Convert RsaKey key to DER format, write to output (inLen), return bytes
- written */
-int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
-{
- word32 seqSz, verSz, rawLen, intTotalLen = 0;
- word32 sizes[RSA_INTS];
- int i, j, outLen, ret = 0;
-
- byte seq[MAX_SEQ_SZ];
- byte ver[MAX_VERSION_SZ];
- byte* tmps[RSA_INTS];
-
- if (!key || !output)
- return BAD_FUNC_ARG;
-
- if (key->type != RSA_PRIVATE)
- return BAD_FUNC_ARG;
-
- for (i = 0; i < RSA_INTS; i++)
- tmps[i] = NULL;
-
- /* write all big ints from key to DER tmps */
- for (i = 0; i < RSA_INTS; i++) {
- mp_int* keyInt = GetRsaInt(key, i);
- rawLen = mp_unsigned_bin_size(keyInt);
- tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
- DYNAMIC_TYPE_RSA);
- if (tmps[i] == NULL) {
- ret = MEMORY_E;
- break;
- }
-
- tmps[i][0] = ASN_INTEGER;
- sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1; /* int tag */
-
- if (sizes[i] <= MAX_SEQ_SZ) {
- int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
- if (err == MP_OKAY) {
- sizes[i] += rawLen;
- intTotalLen += sizes[i];
- }
- else {
- ret = err;
- break;
- }
- }
- else {
- ret = ASN_INPUT_E;
- break;
- }
- }
-
- if (ret != 0) {
- FreeTmpRsas(tmps, key->heap);
- return ret;
- }
-
- /* make headers */
- verSz = SetMyVersion(0, ver, FALSE);
- seqSz = SetSequence(verSz + intTotalLen, seq);
-
- outLen = seqSz + verSz + intTotalLen;
- if (outLen > (int)inLen)
- return BAD_FUNC_ARG;
-
- /* write to output */
- XMEMCPY(output, seq, seqSz);
- j = seqSz;
- XMEMCPY(output + j, ver, verSz);
- j += verSz;
-
- for (i = 0; i < RSA_INTS; i++) {
- XMEMCPY(output + j, tmps[i], sizes[i]);
- j += sizes[i];
- }
- FreeTmpRsas(tmps, key->heap);
-
- return outLen;
-}
-
-#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
-
-
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-/* Initialize and Set Certficate defaults:
- version = 3 (0x2)
- serial = 0
- sigType = SHA_WITH_RSA
- issuer = blank
- daysValid = 500
- selfSigned = 1 (true) use subject as issuer
- subject = blank
-*/
-void wc_InitCert(Cert* cert)
-{
- cert->version = 2; /* version 3 is hex 2 */
- cert->sigType = CTC_SHAwRSA;
- cert->daysValid = 500;
- cert->selfSigned = 1;
- cert->isCA = 0;
- cert->bodySz = 0;
-#ifdef WOLFSSL_ALT_NAMES
- cert->altNamesSz = 0;
- cert->beforeDateSz = 0;
- cert->afterDateSz = 0;
-#endif
- cert->keyType = RSA_KEY;
- XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
-
- cert->issuer.country[0] = '\0';
- cert->issuer.countryEnc = CTC_PRINTABLE;
- cert->issuer.state[0] = '\0';
- cert->issuer.stateEnc = CTC_UTF8;
- cert->issuer.locality[0] = '\0';
- cert->issuer.localityEnc = CTC_UTF8;
- cert->issuer.sur[0] = '\0';
- cert->issuer.surEnc = CTC_UTF8;
- cert->issuer.org[0] = '\0';
- cert->issuer.orgEnc = CTC_UTF8;
- cert->issuer.unit[0] = '\0';
- cert->issuer.unitEnc = CTC_UTF8;
- cert->issuer.commonName[0] = '\0';
- cert->issuer.commonNameEnc = CTC_UTF8;
- cert->issuer.email[0] = '\0';
-
- cert->subject.country[0] = '\0';
- cert->subject.countryEnc = CTC_PRINTABLE;
- cert->subject.state[0] = '\0';
- cert->subject.stateEnc = CTC_UTF8;
- cert->subject.locality[0] = '\0';
- cert->subject.localityEnc = CTC_UTF8;
- cert->subject.sur[0] = '\0';
- cert->subject.surEnc = CTC_UTF8;
- cert->subject.org[0] = '\0';
- cert->subject.orgEnc = CTC_UTF8;
- cert->subject.unit[0] = '\0';
- cert->subject.unitEnc = CTC_UTF8;
- cert->subject.commonName[0] = '\0';
- cert->subject.commonNameEnc = CTC_UTF8;
- cert->subject.email[0] = '\0';
-
-#ifdef WOLFSSL_CERT_REQ
- cert->challengePw[0] ='\0';
-#endif
-}
-
-
-/* DER encoded x509 Certificate */
-typedef struct DerCert {
- byte size[MAX_LENGTH_SZ]; /* length encoded */
- byte version[MAX_VERSION_SZ]; /* version encoded */
- byte serial[CTC_SERIAL_SIZE + MAX_LENGTH_SZ]; /* serial number encoded */
- byte sigAlgo[MAX_ALGO_SZ]; /* signature algo encoded */
- byte issuer[ASN_NAME_MAX]; /* issuer encoded */
- byte subject[ASN_NAME_MAX]; /* subject encoded */
- byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */
- byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa / ntru public key encoded */
- byte ca[MAX_CA_SZ]; /* basic constraint CA true size */
- byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
-#ifdef WOLFSSL_CERT_REQ
- byte attrib[MAX_ATTRIB_SZ]; /* Cert req attributes encoded */
-#endif
- int sizeSz; /* encoded size length */
- int versionSz; /* encoded version length */
- int serialSz; /* encoded serial length */
- int sigAlgoSz; /* enocded sig alog length */
- int issuerSz; /* encoded issuer length */
- int subjectSz; /* encoded subject length */
- int validitySz; /* encoded validity length */
- int publicKeySz; /* encoded public key length */
- int caSz; /* encoded CA extension length */
- int extensionsSz; /* encoded extensions total length */
- int total; /* total encoded lengths */
-#ifdef WOLFSSL_CERT_REQ
- int attribSz;
-#endif
-} DerCert;
-
-
-#ifdef WOLFSSL_CERT_REQ
-
-/* Write a set header to output */
-static word32 SetUTF8String(word32 len, byte* output)
-{
- output[0] = ASN_UTF8STRING;
- return SetLength(len, output + 1) + 1;
-}
-
-#endif /* WOLFSSL_CERT_REQ */
-
-
-/* Write a serial number to output */
-static int SetSerial(const byte* serial, byte* output)
-{
- int length = 0;
-
- output[length++] = ASN_INTEGER;
- length += SetLength(CTC_SERIAL_SIZE, &output[length]);
- XMEMCPY(&output[length], serial, CTC_SERIAL_SIZE);
-
- return length + CTC_SERIAL_SIZE;
-}
-
-
-#ifdef HAVE_ECC
-
-
-/* Write a public ECC key to output */
-static int SetEccPublicKey(byte* output, ecc_key* key)
-{
- byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */
- int algoSz;
- int curveSz;
- int lenSz;
- int idx;
- word32 pubSz = ECC_BUFSIZE;
-#ifdef WOLFSSL_SMALL_STACK
- byte* algo = NULL;
- byte* curve = NULL;
- byte* pub = NULL;
-#else
- byte algo[MAX_ALGO_SZ];
- byte curve[MAX_ALGO_SZ];
- byte pub[ECC_BUFSIZE];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- return MEMORY_E;
-#endif
-
- int ret = wc_ecc_export_x963(key, pub, &pubSz);
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- curve = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (curve == NULL) {
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- /* headers */
- curveSz = SetCurve(key, curve);
- if (curveSz <= 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return curveSz;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (algo == NULL) {
- XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- algoSz = SetAlgoID(ECDSAk, algo, keyType, curveSz);
- lenSz = SetLength(pubSz + 1, len);
- len[lenSz++] = 0; /* trailing 0 */
-
- /* write */
- idx = SetSequence(pubSz + curveSz + lenSz + 1 + algoSz, output);
- /* 1 is for ASN_BIT_STRING */
- /* algo */
- XMEMCPY(output + idx, algo, algoSz);
- idx += algoSz;
- /* curve */
- XMEMCPY(output + idx, curve, curveSz);
- idx += curveSz;
- /* bit string */
- output[idx++] = ASN_BIT_STRING;
- /* length */
- XMEMCPY(output + idx, len, lenSz);
- idx += lenSz;
- /* pub */
- XMEMCPY(output + idx, pub, pubSz);
- idx += pubSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return idx;
-}
-
-
-#endif /* HAVE_ECC */
-
-
-/* Write a public RSA key to output */
-static int SetRsaPublicKey(byte* output, RsaKey* key)
-{
-#ifdef WOLFSSL_SMALL_STACK
- byte* n = NULL;
- byte* e = NULL;
- byte* algo = NULL;
-#else
- byte n[MAX_RSA_INT_SZ];
- byte e[MAX_RSA_E_SZ];
- byte algo[MAX_ALGO_SZ];
-#endif
- byte seq[MAX_SEQ_SZ];
- byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */
- int nSz;
- int eSz;
- int algoSz;
- int seqSz;
- int lenSz;
- int idx;
- int rawLen;
- int leadingBit;
- int err;
-
- /* n */
-#ifdef WOLFSSL_SMALL_STACK
- n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (n == NULL)
- return MEMORY_E;
-#endif
-
- leadingBit = mp_leading_bit(&key->n);
- rawLen = mp_unsigned_bin_size(&key->n) + leadingBit;
- n[0] = ASN_INTEGER;
- nSz = SetLength(rawLen, n + 1) + 1; /* int tag */
-
- if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
- if (leadingBit)
- n[nSz] = 0;
- err = mp_to_unsigned_bin(&key->n, n + nSz + leadingBit);
- if (err == MP_OKAY)
- nSz += rawLen;
- else {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return MP_TO_E;
- }
- }
- else {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BUFFER_E;
- }
-
- /* e */
-#ifdef WOLFSSL_SMALL_STACK
- e = (byte*)XMALLOC(MAX_RSA_E_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (e == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return MEMORY_E;
- }
-#endif
-
- leadingBit = mp_leading_bit(&key->e);
- rawLen = mp_unsigned_bin_size(&key->e) + leadingBit;
- e[0] = ASN_INTEGER;
- eSz = SetLength(rawLen, e + 1) + 1; /* int tag */
-
- if ( (eSz + rawLen) < MAX_RSA_E_SZ) {
- if (leadingBit)
- e[eSz] = 0;
- err = mp_to_unsigned_bin(&key->e, e + eSz + leadingBit);
- if (err == MP_OKAY)
- eSz += rawLen;
- else {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return MP_TO_E;
- }
- }
- else {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BUFFER_E;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (algo == NULL) {
- XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- /* headers */
- algoSz = SetAlgoID(RSAk, algo, keyType, 0);
- seqSz = SetSequence(nSz + eSz, seq);
- lenSz = SetLength(seqSz + nSz + eSz + 1, len);
- len[lenSz++] = 0; /* trailing 0 */
-
- /* write */
- idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output);
- /* 1 is for ASN_BIT_STRING */
- /* algo */
- XMEMCPY(output + idx, algo, algoSz);
- idx += algoSz;
- /* bit string */
- output[idx++] = ASN_BIT_STRING;
- /* length */
- XMEMCPY(output + idx, len, lenSz);
- idx += lenSz;
- /* seq */
- XMEMCPY(output + idx, seq, seqSz);
- idx += seqSz;
- /* n */
- XMEMCPY(output + idx, n, nSz);
- idx += nSz;
- /* e */
- XMEMCPY(output + idx, e, eSz);
- idx += eSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return idx;
-}
-
-
-static INLINE byte itob(int number)
-{
- return (byte)number + 0x30;
-}
-
-
-/* write time to output, format */
-static void SetTime(struct tm* date, byte* output)
-{
- int i = 0;
-
- output[i++] = itob((date->tm_year % 10000) / 1000);
- output[i++] = itob((date->tm_year % 1000) / 100);
- output[i++] = itob((date->tm_year % 100) / 10);
- output[i++] = itob( date->tm_year % 10);
-
- output[i++] = itob(date->tm_mon / 10);
- output[i++] = itob(date->tm_mon % 10);
-
- output[i++] = itob(date->tm_mday / 10);
- output[i++] = itob(date->tm_mday % 10);
-
- output[i++] = itob(date->tm_hour / 10);
- output[i++] = itob(date->tm_hour % 10);
-
- output[i++] = itob(date->tm_min / 10);
- output[i++] = itob(date->tm_min % 10);
-
- output[i++] = itob(date->tm_sec / 10);
- output[i++] = itob(date->tm_sec % 10);
-
- output[i] = 'Z'; /* Zulu profile */
-}
-
-
-#ifdef WOLFSSL_ALT_NAMES
-
-/* Copy Dates from cert, return bytes written */
-static int CopyValidity(byte* output, Cert* cert)
-{
- int seqSz;
-
- WOLFSSL_ENTER("CopyValidity");
-
- /* headers and output */
- seqSz = SetSequence(cert->beforeDateSz + cert->afterDateSz, output);
- XMEMCPY(output + seqSz, cert->beforeDate, cert->beforeDateSz);
- XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate,
- cert->afterDateSz);
- return seqSz + cert->beforeDateSz + cert->afterDateSz;
-}
-
-#endif
-
-
-/* for systems where mktime() doesn't normalize fully */
-static void RebuildTime(time_t* in, struct tm* out)
-{
- #ifdef FREESCALE_MQX
- out = localtime_r(in, out);
- #else
- (void)in;
- (void)out;
- #endif
-}
-
-
-/* Set Date validity from now until now + daysValid */
-static int SetValidity(byte* output, int daysValid)
-{
- byte before[MAX_DATE_SIZE];
- byte after[MAX_DATE_SIZE];
-
- int beforeSz;
- int afterSz;
- int seqSz;
-
- time_t ticks;
- time_t normalTime;
- struct tm* now;
- struct tm* tmpTime = NULL;
- struct tm local;
-
-#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES)
- /* for use with gmtime_r */
- struct tm tmpTimeStorage;
- tmpTime = &tmpTimeStorage;
-#else
- (void)tmpTime;
-#endif
-
- ticks = XTIME(0);
- now = XGMTIME(&ticks, tmpTime);
-
- /* before now */
- local = *now;
- before[0] = ASN_GENERALIZED_TIME;
- beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */
-
- /* subtract 1 day for more compliance */
- local.tm_mday -= 1;
- normalTime = mktime(&local);
- RebuildTime(&normalTime, &local);
-
- /* adjust */
- local.tm_year += 1900;
- local.tm_mon += 1;
-
- SetTime(&local, before + beforeSz);
- beforeSz += ASN_GEN_TIME_SZ;
-
- /* after now + daysValid */
- local = *now;
- after[0] = ASN_GENERALIZED_TIME;
- afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */
-
- /* add daysValid */
- local.tm_mday += daysValid;
- normalTime = mktime(&local);
- RebuildTime(&normalTime, &local);
-
- /* adjust */
- local.tm_year += 1900;
- local.tm_mon += 1;
-
- SetTime(&local, after + afterSz);
- afterSz += ASN_GEN_TIME_SZ;
-
- /* headers and output */
- seqSz = SetSequence(beforeSz + afterSz, output);
- XMEMCPY(output + seqSz, before, beforeSz);
- XMEMCPY(output + seqSz + beforeSz, after, afterSz);
-
- return seqSz + beforeSz + afterSz;
-}
-
-
-/* ASN Encoded Name field */
-typedef struct EncodedName {
- int nameLen; /* actual string value length */
- int totalLen; /* total encoded length */
- int type; /* type of name */
- int used; /* are we actually using this one */
- byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
-} EncodedName;
-
-
-/* Get Which Name from index */
-static const char* GetOneName(CertName* name, int idx)
-{
- switch (idx) {
- case 0:
- return name->country;
-
- case 1:
- return name->state;
-
- case 2:
- return name->locality;
-
- case 3:
- return name->sur;
-
- case 4:
- return name->org;
-
- case 5:
- return name->unit;
-
- case 6:
- return name->commonName;
-
- case 7:
- return name->email;
-
- default:
- return 0;
- }
-}
-
-
-/* Get Which Name Encoding from index */
-static char GetNameType(CertName* name, int idx)
-{
- switch (idx) {
- case 0:
- return name->countryEnc;
-
- case 1:
- return name->stateEnc;
-
- case 2:
- return name->localityEnc;
-
- case 3:
- return name->surEnc;
-
- case 4:
- return name->orgEnc;
-
- case 5:
- return name->unitEnc;
-
- case 6:
- return name->commonNameEnc;
-
- default:
- return 0;
- }
-}
-
-
-/* Get ASN Name from index */
-static byte GetNameId(int idx)
-{
- switch (idx) {
- case 0:
- return ASN_COUNTRY_NAME;
-
- case 1:
- return ASN_STATE_NAME;
-
- case 2:
- return ASN_LOCALITY_NAME;
-
- case 3:
- return ASN_SUR_NAME;
-
- case 4:
- return ASN_ORG_NAME;
-
- case 5:
- return ASN_ORGUNIT_NAME;
-
- case 6:
- return ASN_COMMON_NAME;
-
- case 7:
- /* email uses different id type */
- return 0;
-
- default:
- return 0;
- }
-}
-
-
-/* encode all extensions, return total bytes written */
-static int SetExtensions(byte* output, const byte* ext, int extSz, int header)
-{
- byte sequence[MAX_SEQ_SZ];
- byte len[MAX_LENGTH_SZ];
-
- int sz = 0;
- int seqSz = SetSequence(extSz, sequence);
-
- if (header) {
- int lenSz = SetLength(seqSz + extSz, len);
- output[0] = ASN_EXTENSIONS; /* extensions id */
- sz++;
- XMEMCPY(&output[sz], len, lenSz); /* length */
- sz += lenSz;
- }
- XMEMCPY(&output[sz], sequence, seqSz); /* sequence */
- sz += seqSz;
- XMEMCPY(&output[sz], ext, extSz); /* extensions */
- sz += extSz;
-
- return sz;
-}
-
-
-/* encode CA basic constraint true, return total bytes written */
-static int SetCa(byte* output)
-{
- static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
- 0x05, 0x30, 0x03, 0x01, 0x01, 0xff };
-
- XMEMCPY(output, ca, sizeof(ca));
-
- return (int)sizeof(ca);
-}
-
-
-/* encode CertName into output, return total bytes written */
-static int SetName(byte* output, CertName* name)
-{
- int totalBytes = 0, i, idx;
-#ifdef WOLFSSL_SMALL_STACK
- EncodedName* names = NULL;
-#else
- EncodedName names[NAME_ENTRIES];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- names = (EncodedName*)XMALLOC(sizeof(EncodedName) * NAME_ENTRIES, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (names == NULL)
- return MEMORY_E;
-#endif
-
- for (i = 0; i < NAME_ENTRIES; i++) {
- const char* nameStr = GetOneName(name, i);
- if (nameStr) {
- /* bottom up */
- byte firstLen[MAX_LENGTH_SZ];
- byte secondLen[MAX_LENGTH_SZ];
- byte sequence[MAX_SEQ_SZ];
- byte set[MAX_SET_SZ];
-
- int email = i == (NAME_ENTRIES - 1) ? 1 : 0;
- int strLen = (int)XSTRLEN(nameStr);
- int thisLen = strLen;
- int firstSz, secondSz, seqSz, setSz;
-
- if (strLen == 0) { /* no user data for this item */
- names[i].used = 0;
- continue;
- }
-
- secondSz = SetLength(strLen, secondLen);
- thisLen += secondSz;
- if (email) {
- thisLen += EMAIL_JOINT_LEN;
- thisLen ++; /* id type */
- firstSz = SetLength(EMAIL_JOINT_LEN, firstLen);
- }
- else {
- thisLen++; /* str type */
- thisLen++; /* id type */
- thisLen += JOINT_LEN;
- firstSz = SetLength(JOINT_LEN + 1, firstLen);
- }
- thisLen += firstSz;
- thisLen++; /* object id */
-
- seqSz = SetSequence(thisLen, sequence);
- thisLen += seqSz;
- setSz = SetSet(thisLen, set);
- thisLen += setSz;
-
- if (thisLen > (int)sizeof(names[i].encoded)) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BUFFER_E;
- }
-
- /* store it */
- idx = 0;
- /* set */
- XMEMCPY(names[i].encoded, set, setSz);
- idx += setSz;
- /* seq */
- XMEMCPY(names[i].encoded + idx, sequence, seqSz);
- idx += seqSz;
- /* asn object id */
- names[i].encoded[idx++] = ASN_OBJECT_ID;
- /* first length */
- XMEMCPY(names[i].encoded + idx, firstLen, firstSz);
- idx += firstSz;
- if (email) {
- const byte EMAIL_OID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x09, 0x01, 0x16 };
- /* email joint id */
- XMEMCPY(names[i].encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
- idx += (int)sizeof(EMAIL_OID);
- }
- else {
- /* joint id */
- byte bType = GetNameId(i);
- names[i].encoded[idx++] = 0x55;
- names[i].encoded[idx++] = 0x04;
- /* id type */
- names[i].encoded[idx++] = bType;
- /* str type */
- names[i].encoded[idx++] = GetNameType(name, i);
- }
- /* second length */
- XMEMCPY(names[i].encoded + idx, secondLen, secondSz);
- idx += secondSz;
- /* str value */
- XMEMCPY(names[i].encoded + idx, nameStr, strLen);
- idx += strLen;
-
- totalBytes += idx;
- names[i].totalLen = idx;
- names[i].used = 1;
- }
- else
- names[i].used = 0;
- }
-
- /* header */
- idx = SetSequence(totalBytes, output);
- totalBytes += idx;
- if (totalBytes > ASN_NAME_MAX) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BUFFER_E;
- }
-
- for (i = 0; i < NAME_ENTRIES; i++) {
- if (names[i].used) {
- XMEMCPY(output + idx, names[i].encoded, names[i].totalLen);
- idx += names[i].totalLen;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return totalBytes;
-}
-
-/* encode info from cert into DER encoded format */
-static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
- RNG* rng, const byte* ntruKey, word16 ntruSz)
-{
- int ret;
-
- (void)eccKey;
- (void)ntruKey;
- (void)ntruSz;
-
- /* init */
- XMEMSET(der, 0, sizeof(DerCert));
-
- /* version */
- der->versionSz = SetMyVersion(cert->version, der->version, TRUE);
-
- /* serial number */
- ret = wc_RNG_GenerateBlock(rng, cert->serial, CTC_SERIAL_SIZE);
- if (ret != 0)
- return ret;
-
- cert->serial[0] = 0x01; /* ensure positive */
- der->serialSz = SetSerial(cert->serial, der->serial);
-
- /* signature algo */
- der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, sigType, 0);
- if (der->sigAlgoSz == 0)
- return ALGO_ID_E;
-
- /* public key */
- if (cert->keyType == RSA_KEY) {
- if (rsaKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey);
- if (der->publicKeySz <= 0)
- return PUBLIC_KEY_E;
- }
-
-#ifdef HAVE_ECC
- if (cert->keyType == ECC_KEY) {
- if (eccKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey);
- if (der->publicKeySz <= 0)
- return PUBLIC_KEY_E;
- }
-#endif /* HAVE_ECC */
-
-#ifdef HAVE_NTRU
- if (cert->keyType == NTRU_KEY) {
- word32 rc;
- word16 encodedSz;
-
- rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
- ntruKey, &encodedSz, NULL);
- if (rc != NTRU_OK)
- return PUBLIC_KEY_E;
- if (encodedSz > MAX_PUBLIC_KEY_SZ)
- return PUBLIC_KEY_E;
-
- rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
- ntruKey, &encodedSz, der->publicKey);
- if (rc != NTRU_OK)
- return PUBLIC_KEY_E;
-
- der->publicKeySz = encodedSz;
- }
-#endif /* HAVE_NTRU */
-
- der->validitySz = 0;
-#ifdef WOLFSSL_ALT_NAMES
- /* date validity copy ? */
- if (cert->beforeDateSz && cert->afterDateSz) {
- der->validitySz = CopyValidity(der->validity, cert);
- if (der->validitySz == 0)
- return DATE_E;
- }
-#endif
-
- /* date validity */
- if (der->validitySz == 0) {
- der->validitySz = SetValidity(der->validity, cert->daysValid);
- if (der->validitySz == 0)
- return DATE_E;
- }
-
- /* subject name */
- der->subjectSz = SetName(der->subject, &cert->subject);
- if (der->subjectSz == 0)
- return SUBJECT_E;
-
- /* issuer name */
- der->issuerSz = SetName(der->issuer, cert->selfSigned ?
- &cert->subject : &cert->issuer);
- if (der->issuerSz == 0)
- return ISSUER_E;
-
- /* CA */
- if (cert->isCA) {
- der->caSz = SetCa(der->ca);
- if (der->caSz == 0)
- return CA_TRUE_E;
- }
- else
- der->caSz = 0;
-
- /* extensions, just CA now */
- if (cert->isCA) {
- der->extensionsSz = SetExtensions(der->extensions,
- der->ca, der->caSz, TRUE);
- if (der->extensionsSz == 0)
- return EXTENSIONS_E;
- }
- else
- der->extensionsSz = 0;
-
-#ifdef WOLFSSL_ALT_NAMES
- if (der->extensionsSz == 0 && cert->altNamesSz) {
- der->extensionsSz = SetExtensions(der->extensions, cert->altNames,
- cert->altNamesSz, TRUE);
- if (der->extensionsSz == 0)
- return EXTENSIONS_E;
- }
-#endif
-
- der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
- der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
- der->extensionsSz;
-
- return 0;
-}
-
-
-/* write DER encoded cert to buffer, size already checked */
-static int WriteCertBody(DerCert* der, byte* buffer)
-{
- int idx;
-
- /* signed part header */
- idx = SetSequence(der->total, buffer);
- /* version */
- XMEMCPY(buffer + idx, der->version, der->versionSz);
- idx += der->versionSz;
- /* serial */
- XMEMCPY(buffer + idx, der->serial, der->serialSz);
- idx += der->serialSz;
- /* sig algo */
- XMEMCPY(buffer + idx, der->sigAlgo, der->sigAlgoSz);
- idx += der->sigAlgoSz;
- /* issuer */
- XMEMCPY(buffer + idx, der->issuer, der->issuerSz);
- idx += der->issuerSz;
- /* validity */
- XMEMCPY(buffer + idx, der->validity, der->validitySz);
- idx += der->validitySz;
- /* subject */
- XMEMCPY(buffer + idx, der->subject, der->subjectSz);
- idx += der->subjectSz;
- /* public key */
- XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz);
- idx += der->publicKeySz;
- if (der->extensionsSz) {
- /* extensions */
- XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz,
- sizeof(der->extensions)));
- idx += der->extensionsSz;
- }
-
- return idx;
-}
-
-
-/* Make RSA signature from buffer (sz), write to sig (sigSz) */
-static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
- RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
- int sigAlgoType)
-{
- int encSigSz, digestSz, typeH = 0, ret = 0;
- byte digest[SHA256_DIGEST_SIZE]; /* max size */
-#ifdef WOLFSSL_SMALL_STACK
- byte* encSig;
-#else
- byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ];
-#endif
-
- (void)digest;
- (void)digestSz;
- (void)encSig;
- (void)encSigSz;
- (void)typeH;
-
- (void)buffer;
- (void)sz;
- (void)sig;
- (void)sigSz;
- (void)rsaKey;
- (void)eccKey;
- (void)rng;
-
- switch (sigAlgoType) {
- #ifndef NO_MD5
- case CTC_MD5wRSA:
- if ((ret = wc_Md5Hash(buffer, sz, digest)) == 0) {
- typeH = MD5h;
- digestSz = MD5_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef NO_SHA
- case CTC_SHAwRSA:
- case CTC_SHAwECDSA:
- if ((ret = wc_ShaHash(buffer, sz, digest)) == 0) {
- typeH = SHAh;
- digestSz = SHA_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef NO_SHA256
- case CTC_SHA256wRSA:
- case CTC_SHA256wECDSA:
- if ((ret = wc_Sha256Hash(buffer, sz, digest)) == 0) {
- typeH = SHA256h;
- digestSz = SHA256_DIGEST_SIZE;
- }
- break;
- #endif
- default:
- WOLFSSL_MSG("MakeSignautre called with unsupported type");
- ret = ALGO_ID_E;
- }
-
- if (ret != 0)
- return ret;
-
-#ifdef WOLFSSL_SMALL_STACK
- encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (encSig == NULL)
- return MEMORY_E;
-#endif
-
- ret = ALGO_ID_E;
-
-#ifndef NO_RSA
- if (rsaKey) {
- /* signature */
- encSigSz = wc_EncodeSignature(encSig, digest, digestSz, typeH);
- ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng);
- }
-#endif
-
-#ifdef HAVE_ECC
- if (!rsaKey && eccKey) {
- word32 outSz = sigSz;
- ret = wc_ecc_sign_hash(digest, digestSz, sig, &outSz, rng, eccKey);
-
- if (ret == 0)
- ret = outSz;
- }
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* add signature to end of buffer, size of buffer assumed checked, return
- new length */
-static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz,
- int sigAlgoType)
-{
- byte seq[MAX_SEQ_SZ];
- int idx = bodySz, seqSz;
-
- /* algo */
- idx += SetAlgoID(sigAlgoType, buffer + idx, sigType, 0);
- /* bit string */
- buffer[idx++] = ASN_BIT_STRING;
- /* length */
- idx += SetLength(sigSz + 1, buffer + idx);
- buffer[idx++] = 0; /* trailing 0 */
- /* signature */
- XMEMCPY(buffer + idx, sig, sigSz);
- idx += sigSz;
-
- /* make room for overall header */
- seqSz = SetSequence(idx, seq);
- XMEMMOVE(buffer + seqSz, buffer, idx);
- XMEMCPY(buffer, seq, seqSz);
-
- return idx + seqSz;
-}
-
-
-/* Make an x509 Certificate v3 any key type from cert input, write to buffer */
-static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
- RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
- const byte* ntruKey, word16 ntruSz)
-{
- int ret;
-#ifdef WOLFSSL_SMALL_STACK
- DerCert* der;
-#else
- DerCert der[1];
-#endif
-
- cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : NTRU_KEY);
-
-#ifdef WOLFSSL_SMALL_STACK
- der = (DerCert*)XMALLOC(sizeof(DerCert), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- return MEMORY_E;
-#endif
-
- ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz);
-
- if (ret == 0) {
- if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
- ret = BUFFER_E;
- else
- ret = cert->bodySz = WriteCertBody(der, derBuffer);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
-int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
- ecc_key* eccKey, RNG* rng)
-{
- return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0);
-}
-
-
-#ifdef HAVE_NTRU
-
-int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
- const byte* ntruKey, word16 keySz, RNG* rng)
-{
- return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz);
-}
-
-#endif /* HAVE_NTRU */
-
-
-#ifdef WOLFSSL_CERT_REQ
-
-static int SetReqAttrib(byte* output, char* pw, int extSz)
-{
- static const byte cpOid[] =
- { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
- 0x09, 0x07 };
- static const byte erOid[] =
- { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
- 0x09, 0x0e };
-
- int sz = 0; /* overall size */
- int cpSz = 0; /* Challenge Password section size */
- int cpSeqSz = 0;
- int cpSetSz = 0;
- int cpStrSz = 0;
- int pwSz = 0;
- int erSz = 0; /* Extension Request section size */
- int erSeqSz = 0;
- int erSetSz = 0;
- byte cpSeq[MAX_SEQ_SZ];
- byte cpSet[MAX_SET_SZ];
- byte cpStr[MAX_PRSTR_SZ];
- byte erSeq[MAX_SEQ_SZ];
- byte erSet[MAX_SET_SZ];
-
- output[0] = 0xa0;
- sz++;
-
- if (pw && pw[0]) {
- pwSz = (int)XSTRLEN(pw);
- cpStrSz = SetUTF8String(pwSz, cpStr);
- cpSetSz = SetSet(cpStrSz + pwSz, cpSet);
- cpSeqSz = SetSequence(sizeof(cpOid) + cpSetSz + cpStrSz + pwSz, cpSeq);
- cpSz = cpSeqSz + sizeof(cpOid) + cpSetSz + cpStrSz + pwSz;
- }
-
- if (extSz) {
- erSetSz = SetSet(extSz, erSet);
- erSeqSz = SetSequence(erSetSz + sizeof(erOid) + extSz, erSeq);
- erSz = extSz + erSetSz + erSeqSz + sizeof(erOid);
- }
-
- /* Put the pieces together. */
- sz += SetLength(cpSz + erSz, &output[sz]);
-
- if (cpSz) {
- XMEMCPY(&output[sz], cpSeq, cpSeqSz);
- sz += cpSeqSz;
- XMEMCPY(&output[sz], cpOid, sizeof(cpOid));
- sz += sizeof(cpOid);
- XMEMCPY(&output[sz], cpSet, cpSetSz);
- sz += cpSetSz;
- XMEMCPY(&output[sz], cpStr, cpStrSz);
- sz += cpStrSz;
- XMEMCPY(&output[sz], pw, pwSz);
- sz += pwSz;
- }
-
- if (erSz) {
- XMEMCPY(&output[sz], erSeq, erSeqSz);
- sz += erSeqSz;
- XMEMCPY(&output[sz], erOid, sizeof(erOid));
- sz += sizeof(erOid);
- XMEMCPY(&output[sz], erSet, erSetSz);
- sz += erSetSz;
- /* The actual extension data will be tacked onto the output later. */
- }
-
- return sz;
-}
-
-
-/* encode info from cert into DER encoded format */
-static int EncodeCertReq(Cert* cert, DerCert* der,
- RsaKey* rsaKey, ecc_key* eccKey)
-{
- (void)eccKey;
-
- /* init */
- XMEMSET(der, 0, sizeof(DerCert));
-
- /* version */
- der->versionSz = SetMyVersion(cert->version, der->version, FALSE);
-
- /* subject name */
- der->subjectSz = SetName(der->subject, &cert->subject);
- if (der->subjectSz == 0)
- return SUBJECT_E;
-
- /* public key */
- if (cert->keyType == RSA_KEY) {
- if (rsaKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey);
- if (der->publicKeySz <= 0)
- return PUBLIC_KEY_E;
- }
-
-#ifdef HAVE_ECC
- if (cert->keyType == ECC_KEY) {
- if (eccKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey);
- if (der->publicKeySz <= 0)
- return PUBLIC_KEY_E;
- }
-#endif /* HAVE_ECC */
-
- /* CA */
- if (cert->isCA) {
- der->caSz = SetCa(der->ca);
- if (der->caSz == 0)
- return CA_TRUE_E;
- }
- else
- der->caSz = 0;
-
- /* extensions, just CA now */
- if (cert->isCA) {
- der->extensionsSz = SetExtensions(der->extensions,
- der->ca, der->caSz, FALSE);
- if (der->extensionsSz == 0)
- return EXTENSIONS_E;
- }
- else
- der->extensionsSz = 0;
-
- der->attribSz = SetReqAttrib(der->attrib,
- cert->challengePw, der->extensionsSz);
- if (der->attribSz == 0)
- return REQ_ATTRIBUTE_E;
-
- der->total = der->versionSz + der->subjectSz + der->publicKeySz +
- der->extensionsSz + der->attribSz;
-
- return 0;
-}
-
-
-/* write DER encoded cert req to buffer, size already checked */
-static int WriteCertReqBody(DerCert* der, byte* buffer)
-{
- int idx;
-
- /* signed part header */
- idx = SetSequence(der->total, buffer);
- /* version */
- XMEMCPY(buffer + idx, der->version, der->versionSz);
- idx += der->versionSz;
- /* subject */
- XMEMCPY(buffer + idx, der->subject, der->subjectSz);
- idx += der->subjectSz;
- /* public key */
- XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz);
- idx += der->publicKeySz;
- /* attributes */
- XMEMCPY(buffer + idx, der->attrib, der->attribSz);
- idx += der->attribSz;
- /* extensions */
- if (der->extensionsSz) {
- XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz,
- sizeof(der->extensions)));
- idx += der->extensionsSz;
- }
-
- return idx;
-}
-
-
-int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
- RsaKey* rsaKey, ecc_key* eccKey)
-{
- int ret;
-#ifdef WOLFSSL_SMALL_STACK
- DerCert* der;
-#else
- DerCert der[1];
-#endif
-
- cert->keyType = eccKey ? ECC_KEY : RSA_KEY;
-
-#ifdef WOLFSSL_SMALL_STACK
- der = (DerCert*)XMALLOC(sizeof(DerCert), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- return MEMORY_E;
-#endif
-
- ret = EncodeCertReq(cert, der, rsaKey, eccKey);
-
- if (ret == 0) {
- if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
- ret = BUFFER_E;
- else
- ret = cert->bodySz = WriteCertReqBody(der, derBuffer);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#endif /* WOLFSSL_CERT_REQ */
-
-
-int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
- RsaKey* rsaKey, ecc_key* eccKey, RNG* rng)
-{
- int sigSz;
-#ifdef WOLFSSL_SMALL_STACK
- byte* sig;
-#else
- byte sig[MAX_ENCODED_SIG_SZ];
-#endif
-
- if (requestSz < 0)
- return requestSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sig == NULL)
- return MEMORY_E;
-#endif
-
- sigSz = MakeSignature(buffer, requestSz, sig, MAX_ENCODED_SIG_SZ, rsaKey,
- eccKey, rng, sType);
-
- if (sigSz >= 0) {
- if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
- sigSz = BUFFER_E;
- else
- sigSz = AddSignature(buffer, requestSz, sig, sigSz, sType);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return sigSz;
-}
-
-
-int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
-{
- int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng);
-
- if (ret < 0)
- return ret;
-
- return wc_SignCert(cert->bodySz, cert->sigType, buffer, buffSz, key, NULL,rng);
-}
-
-
-#ifdef WOLFSSL_ALT_NAMES
-
-/* Set Alt Names from der cert, return 0 on success */
-static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
-{
- int ret;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* decoded;
-#else
- DecodedCert decoded[1];
-#endif
-
- if (derSz < 0)
- return derSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL)
- return MEMORY_E;
-#endif
-
- InitDecodedCert(decoded, (byte*)der, derSz, 0);
- ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
-
- if (ret < 0) {
- WOLFSSL_MSG("ParseCertRelative error");
- }
- else if (decoded->extensions) {
- byte b;
- int length;
- word32 maxExtensionsIdx;
-
- decoded->srcIdx = decoded->extensionsIdx;
- b = decoded->source[decoded->srcIdx++];
-
- if (b != ASN_EXTENSIONS) {
- ret = ASN_PARSE_E;
- }
- else if (GetLength(decoded->source, &decoded->srcIdx, &length,
- decoded->maxIdx) < 0) {
- ret = ASN_PARSE_E;
- }
- else if (GetSequence(decoded->source, &decoded->srcIdx, &length,
- decoded->maxIdx) < 0) {
- ret = ASN_PARSE_E;
- }
- else {
- maxExtensionsIdx = decoded->srcIdx + length;
-
- while (decoded->srcIdx < maxExtensionsIdx) {
- word32 oid;
- word32 startIdx = decoded->srcIdx;
- word32 tmpIdx;
-
- if (GetSequence(decoded->source, &decoded->srcIdx, &length,
- decoded->maxIdx) < 0) {
- ret = ASN_PARSE_E;
- break;
- }
-
- tmpIdx = decoded->srcIdx;
- decoded->srcIdx = startIdx;
-
- if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid,
- decoded->maxIdx) < 0) {
- ret = ASN_PARSE_E;
- break;
- }
-
- if (oid == ALT_NAMES_OID) {
- cert->altNamesSz = length + (tmpIdx - startIdx);
-
- if (cert->altNamesSz < (int)sizeof(cert->altNames))
- XMEMCPY(cert->altNames, &decoded->source[startIdx],
- cert->altNamesSz);
- else {
- cert->altNamesSz = 0;
- WOLFSSL_MSG("AltNames extensions too big");
- ret = ALT_NAME_E;
- break;
- }
- }
- decoded->srcIdx = tmpIdx + length;
- }
- }
- }
-
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret < 0 ? ret : 0;
-}
-
-
-/* Set Dates from der cert, return 0 on success */
-static int SetDatesFromCert(Cert* cert, const byte* der, int derSz)
-{
- int ret;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* decoded;
-#else
- DecodedCert decoded[1];
-#endif
-
- WOLFSSL_ENTER("SetDatesFromCert");
- if (derSz < 0)
- return derSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL)
- return MEMORY_E;
-#endif
-
- InitDecodedCert(decoded, (byte*)der, derSz, 0);
- ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
-
- if (ret < 0) {
- WOLFSSL_MSG("ParseCertRelative error");
- }
- else if (decoded->beforeDate == NULL || decoded->afterDate == NULL) {
- WOLFSSL_MSG("Couldn't extract dates");
- ret = -1;
- }
- else if (decoded->beforeDateLen > MAX_DATE_SIZE ||
- decoded->afterDateLen > MAX_DATE_SIZE) {
- WOLFSSL_MSG("Bad date size");
- ret = -1;
- }
- else {
- XMEMCPY(cert->beforeDate, decoded->beforeDate, decoded->beforeDateLen);
- XMEMCPY(cert->afterDate, decoded->afterDate, decoded->afterDateLen);
-
- cert->beforeDateSz = decoded->beforeDateLen;
- cert->afterDateSz = decoded->afterDateLen;
- }
-
- FreeDecodedCert(decoded);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret < 0 ? ret : 0;
-}
-
-
-#endif /* WOLFSSL_ALT_NAMES && !NO_RSA */
-
-
-/* Set cn name from der buffer, return 0 on success */
-static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
-{
- int ret, sz;
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* decoded;
-#else
- DecodedCert decoded[1];
-#endif
-
- if (derSz < 0)
- return derSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL)
- return MEMORY_E;
-#endif
-
- InitDecodedCert(decoded, (byte*)der, derSz, 0);
- ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
-
- if (ret < 0) {
- WOLFSSL_MSG("ParseCertRelative error");
- }
- else {
- if (decoded->subjectCN) {
- sz = (decoded->subjectCNLen < CTC_NAME_SIZE) ? decoded->subjectCNLen
- : CTC_NAME_SIZE - 1;
- strncpy(cn->commonName, decoded->subjectCN, CTC_NAME_SIZE);
- cn->commonName[sz] = 0;
- cn->commonNameEnc = decoded->subjectCNEnc;
- }
- if (decoded->subjectC) {
- sz = (decoded->subjectCLen < CTC_NAME_SIZE) ? decoded->subjectCLen
- : CTC_NAME_SIZE - 1;
- strncpy(cn->country, decoded->subjectC, CTC_NAME_SIZE);
- cn->country[sz] = 0;
- cn->countryEnc = decoded->subjectCEnc;
- }
- if (decoded->subjectST) {
- sz = (decoded->subjectSTLen < CTC_NAME_SIZE) ? decoded->subjectSTLen
- : CTC_NAME_SIZE - 1;
- strncpy(cn->state, decoded->subjectST, CTC_NAME_SIZE);
- cn->state[sz] = 0;
- cn->stateEnc = decoded->subjectSTEnc;
- }
- if (decoded->subjectL) {
- sz = (decoded->subjectLLen < CTC_NAME_SIZE) ? decoded->subjectLLen
- : CTC_NAME_SIZE - 1;
- strncpy(cn->locality, decoded->subjectL, CTC_NAME_SIZE);
- cn->locality[sz] = 0;
- cn->localityEnc = decoded->subjectLEnc;
- }
- if (decoded->subjectO) {
- sz = (decoded->subjectOLen < CTC_NAME_SIZE) ? decoded->subjectOLen
- : CTC_NAME_SIZE - 1;
- strncpy(cn->org, decoded->subjectO, CTC_NAME_SIZE);
- cn->org[sz] = 0;
- cn->orgEnc = decoded->subjectOEnc;
- }
- if (decoded->subjectOU) {
- sz = (decoded->subjectOULen < CTC_NAME_SIZE) ? decoded->subjectOULen
- : CTC_NAME_SIZE - 1;
- strncpy(cn->unit, decoded->subjectOU, CTC_NAME_SIZE);
- cn->unit[sz] = 0;
- cn->unitEnc = decoded->subjectOUEnc;
- }
- if (decoded->subjectSN) {
- sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen
- : CTC_NAME_SIZE - 1;
- strncpy(cn->sur, decoded->subjectSN, CTC_NAME_SIZE);
- cn->sur[sz] = 0;
- cn->surEnc = decoded->subjectSNEnc;
- }
- if (decoded->subjectEmail) {
- sz = (decoded->subjectEmailLen < CTC_NAME_SIZE)
- ? decoded->subjectEmailLen : CTC_NAME_SIZE - 1;
- strncpy(cn->email, decoded->subjectEmail, CTC_NAME_SIZE);
- cn->email[sz] = 0;
- }
- }
-
- FreeDecodedCert(decoded);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret < 0 ? ret : 0;
-}
-
-
-#ifndef NO_FILESYSTEM
-
-/* Set cert issuer from issuerFile in PEM */
-int wc_SetIssuer(Cert* cert, const char* issuerFile)
-{
- int ret;
- int derSz;
- byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
-
- if (der == NULL) {
- WOLFSSL_MSG("wc_SetIssuer OOF Problem");
- return MEMORY_E;
- }
- derSz = wolfSSL_PemCertToDer(issuerFile, der, EIGHTK_BUF);
- cert->selfSigned = 0;
- ret = SetNameFromCert(&cert->issuer, der, derSz);
- XFREE(der, NULL, DYNAMIC_TYPE_CERT);
-
- return ret;
-}
-
-
-/* Set cert subject from subjectFile in PEM */
-int wc_SetSubject(Cert* cert, const char* subjectFile)
-{
- int ret;
- int derSz;
- byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
-
- if (der == NULL) {
- WOLFSSL_MSG("wc_SetSubject OOF Problem");
- return MEMORY_E;
- }
- derSz = wolfSSL_PemCertToDer(subjectFile, der, EIGHTK_BUF);
- ret = SetNameFromCert(&cert->subject, der, derSz);
- XFREE(der, NULL, DYNAMIC_TYPE_CERT);
-
- return ret;
-}
-
-
-#ifdef WOLFSSL_ALT_NAMES
-
-/* Set atl names from file in PEM */
-int wc_SetAltNames(Cert* cert, const char* file)
-{
- int ret;
- int derSz;
- byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
-
- if (der == NULL) {
- WOLFSSL_MSG("wc_SetAltNames OOF Problem");
- return MEMORY_E;
- }
- derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF);
- ret = SetAltNamesFromCert(cert, der, derSz);
- XFREE(der, NULL, DYNAMIC_TYPE_CERT);
-
- return ret;
-}
-
-#endif /* WOLFSSL_ALT_NAMES */
-
-#endif /* NO_FILESYSTEM */
-
-/* Set cert issuer from DER buffer */
-int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz)
-{
- cert->selfSigned = 0;
- return SetNameFromCert(&cert->issuer, der, derSz);
-}
-
-
-/* Set cert subject from DER buffer */
-int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
-{
- return SetNameFromCert(&cert->subject, der, derSz);
-}
-
-
-#ifdef WOLFSSL_ALT_NAMES
-
-/* Set cert alt names from DER buffer */
-int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
-{
- return SetAltNamesFromCert(cert, der, derSz);
-}
-
-/* Set cert dates from DER buffer */
-int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz)
-{
- return SetDatesFromCert(cert, der, derSz);
-}
-
-#endif /* WOLFSSL_ALT_NAMES */
-
-#endif /* WOLFSSL_CERT_GEN */
-
-
-#ifdef HAVE_ECC
-
-/* Der Encode r & s ints into out, outLen is (in/out) size */
-int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s)
-{
- word32 idx = 0;
- word32 rSz; /* encoding size */
- word32 sSz;
- word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */
-
- /* If the leading bit on the INTEGER is a 1, add a leading zero */
- int rLeadingZero = mp_leading_bit(r);
- int sLeadingZero = mp_leading_bit(s);
- int rLen = mp_unsigned_bin_size(r); /* big int size */
- int sLen = mp_unsigned_bin_size(s);
- int err;
-
- if (*outLen < (rLen + rLeadingZero + sLen + sLeadingZero +
- headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */
- return BAD_FUNC_ARG;
-
- idx = SetSequence(rLen+rLeadingZero+sLen+sLeadingZero+headerSz, out);
-
- /* store r */
- out[idx++] = ASN_INTEGER;
- rSz = SetLength(rLen + rLeadingZero, &out[idx]);
- idx += rSz;
- if (rLeadingZero)
- out[idx++] = 0;
- err = mp_to_unsigned_bin(r, &out[idx]);
- if (err != MP_OKAY) return err;
- idx += rLen;
-
- /* store s */
- out[idx++] = ASN_INTEGER;
- sSz = SetLength(sLen + sLeadingZero, &out[idx]);
- idx += sSz;
- if (sLeadingZero)
- out[idx++] = 0;
- err = mp_to_unsigned_bin(s, &out[idx]);
- if (err != MP_OKAY) return err;
- idx += sLen;
-
- *outLen = idx;
-
- return 0;
-}
-
-
-/* Der Decode ECC-DSA Signautre, r & s stored as big ints */
-int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s)
-{
- word32 idx = 0;
- int len = 0;
-
- if (GetSequence(sig, &idx, &len, sigLen) < 0)
- return ASN_ECC_KEY_E;
-
- if ((word32)len > (sigLen - idx))
- return ASN_ECC_KEY_E;
-
- if (GetInt(r, sig, &idx, sigLen) < 0)
- return ASN_ECC_KEY_E;
-
- if (GetInt(s, sig, &idx, sigLen) < 0)
- return ASN_ECC_KEY_E;
-
- return 0;
-}
-
-
-int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
- word32 inSz)
-{
- word32 oid = 0;
- int version, length;
- int privSz, pubSz;
- byte b;
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- byte* priv;
- byte* pub;
-#else
- byte priv[ECC_MAXSIZE];
- byte pub[ECC_MAXSIZE * 2 + 1]; /* public key has two parts plus header */
-#endif
-
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
- return BAD_FUNC_ARG;
-
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (GetMyVersion(input, inOutIdx, &version) < 0)
- return ASN_PARSE_E;
-
- b = input[*inOutIdx];
- *inOutIdx += 1;
-
- /* priv type */
- if (b != 4 && b != 6 && b != 7)
- return ASN_PARSE_E;
-
- if (GetLength(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
-
- if (length > ECC_MAXSIZE)
- return BUFFER_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- priv = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- return MEMORY_E;
-
- pub = (byte*)XMALLOC(ECC_MAXSIZE * 2 + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL) {
- XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- /* priv key */
- privSz = length;
- XMEMCPY(priv, &input[*inOutIdx], privSz);
- *inOutIdx += length;
-
- /* prefix 0, may have */
- b = input[*inOutIdx];
- if (b == ECC_PREFIX_0) {
- *inOutIdx += 1;
-
- if (GetLength(input, inOutIdx, &length, inSz) < 0)
- ret = ASN_PARSE_E;
- else {
- /* object id */
- b = input[*inOutIdx];
- *inOutIdx += 1;
-
- if (b != ASN_OBJECT_ID) {
- ret = ASN_OBJECT_ID_E;
- }
- else if (GetLength(input, inOutIdx, &length, inSz) < 0) {
- ret = ASN_PARSE_E;
- }
- else {
- while(length--) {
- oid += input[*inOutIdx];
- *inOutIdx += 1;
- }
- if (CheckCurve(oid) < 0)
- ret = ECC_CURVE_OID_E;
- }
- }
- }
-
- if (ret == 0) {
- /* prefix 1 */
- b = input[*inOutIdx];
- *inOutIdx += 1;
-
- if (b != ECC_PREFIX_1) {
- ret = ASN_ECC_KEY_E;
- }
- else if (GetLength(input, inOutIdx, &length, inSz) < 0) {
- ret = ASN_PARSE_E;
- }
- else {
- /* key header */
- b = input[*inOutIdx];
- *inOutIdx += 1;
-
- if (b != ASN_BIT_STRING) {
- ret = ASN_BITSTR_E;
- }
- else if (GetLength(input, inOutIdx, &length, inSz) < 0) {
- ret = ASN_PARSE_E;
- }
- else {
- b = input[*inOutIdx];
- *inOutIdx += 1;
-
- if (b != 0x00) {
- ret = ASN_EXPECT_0_E;
- }
- else {
- /* pub key */
- pubSz = length - 1; /* null prefix */
- if (pubSz < (ECC_MAXSIZE*2 + 1)) {
- XMEMCPY(pub, &input[*inOutIdx], pubSz);
- *inOutIdx += length;
- ret = wc_ecc_import_private_key(priv, privSz, pub, pubSz,
- key);
- } else
- ret = BUFFER_E;
- }
- }
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-#ifdef WOLFSSL_KEY_GEN
-
-/* Write a Private ecc key to DER format, length on success else < 0 */
-int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
-{
- byte curve[MAX_ALGO_SZ];
- byte ver[MAX_VERSION_SZ];
- byte seq[MAX_SEQ_SZ];
- int ret;
- int curveSz;
- int verSz;
- int privHdrSz = ASN_ECC_HEADER_SZ;
- int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ;
- int curveHdrSz = ASN_ECC_CONTEXT_SZ;
- word32 seqSz;
- word32 idx = 0;
- word32 pubSz = ECC_BUFSIZE;
- word32 privSz;
- word32 totalSz;
-
- if (key == NULL || output == NULL || inLen == 0)
- return BAD_FUNC_ARG;
-
- ret = wc_ecc_export_x963(key, NULL, &pubSz);
- if (ret != LENGTH_ONLY_E) {
- return ret;
- }
- curveSz = SetCurve(key, curve);
- if (curveSz < 0) {
- return curveSz;
- }
-
- privSz = key->dp->size;
-
- verSz = SetMyVersion(1, ver, FALSE);
- if (verSz < 0) {
- return verSz;
- }
-
- totalSz = verSz + privSz + privHdrSz + curveSz + curveHdrSz +
- pubSz + pubHdrSz + 1; /* plus null byte b4 public */
- seqSz = SetSequence(totalSz, seq);
- totalSz += seqSz;
-
- if (totalSz > inLen) {
- return BUFFER_E;
- }
-
- /* write it out */
- /* seq */
- XMEMCPY(output + idx, seq, seqSz);
- idx += seqSz;
-
- /* ver */
- XMEMCPY(output + idx, ver, verSz);
- idx += verSz;
-
- /* private */
- output[idx++] = ASN_OCTET_STRING;
- output[idx++] = (byte)privSz;
- ret = wc_ecc_export_private_only(key, output + idx, &privSz);
- if (ret < 0) {
- return ret;
- }
- idx += privSz;
-
- /* curve */
- output[idx++] = ECC_PREFIX_0;
- output[idx++] = (byte)curveSz;
- XMEMCPY(output + idx, curve, curveSz);
- idx += curveSz;
-
- /* public */
- output[idx++] = ECC_PREFIX_1;
- output[idx++] = (byte)pubSz + ASN_ECC_CONTEXT_SZ + 1; /* plus null byte */
- output[idx++] = ASN_BIT_STRING;
- output[idx++] = (byte)pubSz + 1; /* plus null byte */
- output[idx++] = (byte)0; /* null byte */
- ret = wc_ecc_export_x963(key, output + idx, &pubSz);
- if (ret != 0) {
- return ret;
- }
- /* idx += pubSz if do more later */
-
- return totalSz;
-}
-
-#endif /* WOLFSSL_KEY_GEN */
-
-#endif /* HAVE_ECC */
-
-
-#if defined(HAVE_OCSP) || defined(HAVE_CRL)
-
-/* Get raw Date only, no processing, 0 on success */
-static int GetBasicDate(const byte* source, word32* idx, byte* date,
- byte* format, int maxIdx)
-{
- int length;
-
- WOLFSSL_ENTER("GetBasicDate");
-
- *format = source[*idx];
- *idx += 1;
- if (*format != ASN_UTC_TIME && *format != ASN_GENERALIZED_TIME)
- return ASN_TIME_E;
-
- if (GetLength(source, idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE)
- return ASN_DATE_SZ_E;
-
- XMEMCPY(date, &source[*idx], length);
- *idx += length;
-
- return 0;
-}
-
-#endif
-
-
-#ifdef HAVE_OCSP
-
-static int GetEnumerated(const byte* input, word32* inOutIdx, int *value)
-{
- word32 idx = *inOutIdx;
- word32 len;
-
- WOLFSSL_ENTER("GetEnumerated");
-
- *value = 0;
-
- if (input[idx++] != ASN_ENUMERATED)
- return ASN_PARSE_E;
-
- len = input[idx++];
- if (len > 4)
- return ASN_PARSE_E;
-
- while (len--) {
- *value = *value << 8 | input[idx++];
- }
-
- *inOutIdx = idx;
-
- return *value;
-}
-
-
-static int DecodeSingleResponse(byte* source,
- word32* ioIndex, OcspResponse* resp, word32 size)
-{
- word32 idx = *ioIndex, prevIndex, oid;
- int length, wrapperSz;
- CertStatus* cs = resp->status;
-
- WOLFSSL_ENTER("DecodeSingleResponse");
-
- /* Outer wrapper of the SEQUENCE OF Single Responses. */
- if (GetSequence(source, &idx, &wrapperSz, size) < 0)
- return ASN_PARSE_E;
-
- prevIndex = idx;
-
- /* When making a request, we only request one status on one certificate
- * at a time. There should only be one SingleResponse */
-
- /* Wrapper around the Single Response */
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- /* Wrapper around the CertID */
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- /* Skip the hash algorithm */
- if (GetAlgoId(source, &idx, &oid, size) < 0)
- return ASN_PARSE_E;
- /* Save reference to the hash of CN */
- if (source[idx++] != ASN_OCTET_STRING)
- return ASN_PARSE_E;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- resp->issuerHash = source + idx;
- idx += length;
- /* Save reference to the hash of the issuer public key */
- if (source[idx++] != ASN_OCTET_STRING)
- return ASN_PARSE_E;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- resp->issuerKeyHash = source + idx;
- idx += length;
-
- /* Read the serial number, it is handled as a string, not as a
- * proper number. Just XMEMCPY the data over, rather than load it
- * as an mp_int. */
- if (source[idx++] != ASN_INTEGER)
- return ASN_PARSE_E;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- if (length <= EXTERNAL_SERIAL_SIZE)
- {
- if (source[idx] == 0)
- {
- idx++;
- length--;
- }
- XMEMCPY(cs->serial, source + idx, length);
- cs->serialSz = length;
- }
- else
- {
- return ASN_GETINT_E;
- }
- idx += length;
-
- /* CertStatus */
- switch (source[idx++])
- {
- case (ASN_CONTEXT_SPECIFIC | CERT_GOOD):
- cs->status = CERT_GOOD;
- idx++;
- break;
- case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED):
- cs->status = CERT_REVOKED;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- idx += length;
- break;
- case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN):
- cs->status = CERT_UNKNOWN;
- idx++;
- break;
- default:
- return ASN_PARSE_E;
- }
-
- if (GetBasicDate(source, &idx, cs->thisDate,
- &cs->thisDateFormat, size) < 0)
- return ASN_PARSE_E;
- if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE))
- return ASN_BEFORE_DATE_E;
-
- /* The following items are optional. Only check for them if there is more
- * unprocessed data in the singleResponse wrapper. */
-
- if (((int)(idx - prevIndex) < wrapperSz) &&
- (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)))
- {
- idx++;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- if (GetBasicDate(source, &idx, cs->nextDate,
- &cs->nextDateFormat, size) < 0)
- return ASN_PARSE_E;
- }
- if (((int)(idx - prevIndex) < wrapperSz) &&
- (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)))
- {
- idx++;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- idx += length;
- }
-
- *ioIndex = idx;
-
- return 0;
-}
-
-static int DecodeOcspRespExtensions(byte* source,
- word32* ioIndex, OcspResponse* resp, word32 sz)
-{
- word32 idx = *ioIndex;
- int length;
- int ext_bound; /* boundary index for the sequence of extensions */
- word32 oid;
-
- WOLFSSL_ENTER("DecodeOcspRespExtensions");
-
- if (source[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))
- return ASN_PARSE_E;
-
- if (GetLength(source, &idx, &length, sz) < 0) return ASN_PARSE_E;
-
- if (GetSequence(source, &idx, &length, sz) < 0) return ASN_PARSE_E;
-
- ext_bound = idx + length;
-
- while (idx < (word32)ext_bound) {
- if (GetSequence(source, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
-
- oid = 0;
- if (GetObjectId(source, &idx, &oid, sz) < 0) {
- WOLFSSL_MSG("\tfail: OBJECT ID");
- return ASN_PARSE_E;
- }
-
- /* check for critical flag */
- if (source[idx] == ASN_BOOLEAN) {
- WOLFSSL_MSG("\tfound optional critical flag, moving past");
- idx += (ASN_BOOL_SIZE + 1);
- }
-
- /* process the extension based on the OID */
- if (source[idx++] != ASN_OCTET_STRING) {
- WOLFSSL_MSG("\tfail: should be an OCTET STRING");
- return ASN_PARSE_E;
- }
-
- if (GetLength(source, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: extension data length");
- return ASN_PARSE_E;
- }
-
- if (oid == OCSP_NONCE_OID) {
- resp->nonce = source + idx;
- resp->nonceSz = length;
- }
-
- idx += length;
- }
-
- *ioIndex = idx;
- return 0;
-}
-
-
-static int DecodeResponseData(byte* source,
- word32* ioIndex, OcspResponse* resp, word32 size)
-{
- word32 idx = *ioIndex, prev_idx;
- int length;
- int version;
- word32 responderId = 0;
-
- WOLFSSL_ENTER("DecodeResponseData");
-
- resp->response = source + idx;
- prev_idx = idx;
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- resp->responseSz = length + idx - prev_idx;
-
- /* Get version. It is an EXPLICIT[0] DEFAULT(0) value. If this
- * item isn't an EXPLICIT[0], then set version to zero and move
- * onto the next item.
- */
- if (source[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED))
- {
- idx += 2; /* Eat the value and length */
- if (GetMyVersion(source, &idx, &version) < 0)
- return ASN_PARSE_E;
- } else
- version = 0;
-
- responderId = source[idx++];
- if ((responderId == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) ||
- (responderId == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)))
- {
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- idx += length;
- }
- else
- return ASN_PARSE_E;
-
- /* save pointer to the producedAt time */
- if (GetBasicDate(source, &idx, resp->producedDate,
- &resp->producedDateFormat, size) < 0)
- return ASN_PARSE_E;
-
- if (DecodeSingleResponse(source, &idx, resp, size) < 0)
- return ASN_PARSE_E;
-
- if (DecodeOcspRespExtensions(source, &idx, resp, size) < 0)
- return ASN_PARSE_E;
-
- *ioIndex = idx;
- return 0;
-}
-
-
-static int DecodeCerts(byte* source,
- word32* ioIndex, OcspResponse* resp, word32 size)
-{
- word32 idx = *ioIndex;
-
- WOLFSSL_ENTER("DecodeCerts");
-
- if (source[idx++] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC))
- {
- int length;
-
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- resp->cert = source + idx;
- resp->certSz = length;
-
- idx += length;
- }
- *ioIndex = idx;
- return 0;
-}
-
-static int DecodeBasicOcspResponse(byte* source,
- word32* ioIndex, OcspResponse* resp, word32 size)
-{
- int length;
- word32 idx = *ioIndex;
- word32 end_index;
-
- WOLFSSL_ENTER("DecodeBasicOcspResponse");
-
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- if (idx + length > size)
- return ASN_INPUT_E;
- end_index = idx + length;
-
- if (DecodeResponseData(source, &idx, resp, size) < 0)
- return ASN_PARSE_E;
-
- /* Get the signature algorithm */
- if (GetAlgoId(source, &idx, &resp->sigOID, size) < 0)
- return ASN_PARSE_E;
-
- /* Obtain pointer to the start of the signature, and save the size */
- if (source[idx++] == ASN_BIT_STRING)
- {
- int sigLength = 0;
- if (GetLength(source, &idx, &sigLength, size) < 0)
- return ASN_PARSE_E;
- resp->sigSz = sigLength;
- resp->sig = source + idx;
- idx += sigLength;
- }
-
- /*
- * Check the length of the BasicOcspResponse against the current index to
- * see if there are certificates, they are optional.
- */
- if (idx < end_index)
- {
- DecodedCert cert;
- int ret;
-
- if (DecodeCerts(source, &idx, resp, size) < 0)
- return ASN_PARSE_E;
-
- InitDecodedCert(&cert, resp->cert, resp->certSz, 0);
- ret = ParseCertRelative(&cert, CA_TYPE, NO_VERIFY, 0);
- if (ret < 0)
- return ret;
-
- ret = ConfirmSignature(resp->response, resp->responseSz,
- cert.publicKey, cert.pubKeySize, cert.keyOID,
- resp->sig, resp->sigSz, resp->sigOID, NULL);
- FreeDecodedCert(&cert);
-
- if (ret == 0)
- {
- WOLFSSL_MSG("\tOCSP Confirm signature failed");
- return ASN_OCSP_CONFIRM_E;
- }
- }
-
- *ioIndex = idx;
- return 0;
-}
-
-
-void InitOcspResponse(OcspResponse* resp, CertStatus* status,
- byte* source, word32 inSz)
-{
- WOLFSSL_ENTER("InitOcspResponse");
-
- resp->responseStatus = -1;
- resp->response = NULL;
- resp->responseSz = 0;
- resp->producedDateFormat = 0;
- resp->issuerHash = NULL;
- resp->issuerKeyHash = NULL;
- resp->sig = NULL;
- resp->sigSz = 0;
- resp->sigOID = 0;
- resp->status = status;
- resp->nonce = NULL;
- resp->nonceSz = 0;
- resp->source = source;
- resp->maxIdx = inSz;
-}
-
-
-int OcspResponseDecode(OcspResponse* resp)
-{
- int length = 0;
- word32 idx = 0;
- byte* source = resp->source;
- word32 size = resp->maxIdx;
- word32 oid;
-
- WOLFSSL_ENTER("OcspResponseDecode");
-
- /* peel the outer SEQUENCE wrapper */
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- /* First get the responseStatus, an ENUMERATED */
- if (GetEnumerated(source, &idx, &resp->responseStatus) < 0)
- return ASN_PARSE_E;
-
- if (resp->responseStatus != OCSP_SUCCESSFUL)
- return 0;
-
- /* Next is an EXPLICIT record called ResponseBytes, OPTIONAL */
- if (idx >= size)
- return ASN_INPUT_E;
- if (source[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC))
- return ASN_PARSE_E;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- /* Get the responseBytes SEQUENCE */
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- /* Check ObjectID for the resposeBytes */
- if (GetObjectId(source, &idx, &oid, size) < 0)
- return ASN_PARSE_E;
- if (oid != OCSP_BASIC_OID)
- return ASN_PARSE_E;
- if (source[idx++] != ASN_OCTET_STRING)
- return ASN_PARSE_E;
-
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
-
- if (DecodeBasicOcspResponse(source, &idx, resp, size) < 0)
- return ASN_PARSE_E;
-
- return 0;
-}
-
-
-static word32 SetOcspReqExtensions(word32 extSz, byte* output,
- const byte* nonce, word32 nonceSz)
-{
- static const byte NonceObjId[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x30, 0x01, 0x02 };
- byte seqArray[5][MAX_SEQ_SZ];
- word32 seqSz[5], totalSz;
-
- WOLFSSL_ENTER("SetOcspReqExtensions");
-
- if (nonce == NULL || nonceSz == 0) return 0;
-
- seqArray[0][0] = ASN_OCTET_STRING;
- seqSz[0] = 1 + SetLength(nonceSz, &seqArray[0][1]);
-
- seqArray[1][0] = ASN_OBJECT_ID;
- seqSz[1] = 1 + SetLength(sizeof(NonceObjId), &seqArray[1][1]);
-
- totalSz = seqSz[0] + seqSz[1] + nonceSz + (word32)sizeof(NonceObjId);
-
- seqSz[2] = SetSequence(totalSz, seqArray[2]);
- totalSz += seqSz[2];
-
- seqSz[3] = SetSequence(totalSz, seqArray[3]);
- totalSz += seqSz[3];
-
- seqArray[4][0] = (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2);
- seqSz[4] = 1 + SetLength(totalSz, &seqArray[4][1]);
- totalSz += seqSz[4];
-
- if (totalSz < extSz)
- {
- totalSz = 0;
- XMEMCPY(output + totalSz, seqArray[4], seqSz[4]);
- totalSz += seqSz[4];
- XMEMCPY(output + totalSz, seqArray[3], seqSz[3]);
- totalSz += seqSz[3];
- XMEMCPY(output + totalSz, seqArray[2], seqSz[2]);
- totalSz += seqSz[2];
- XMEMCPY(output + totalSz, seqArray[1], seqSz[1]);
- totalSz += seqSz[1];
- XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId));
- totalSz += (word32)sizeof(NonceObjId);
- XMEMCPY(output + totalSz, seqArray[0], seqSz[0]);
- totalSz += seqSz[0];
- XMEMCPY(output + totalSz, nonce, nonceSz);
- totalSz += nonceSz;
- }
-
- return totalSz;
-}
-
-
-int EncodeOcspRequest(OcspRequest* req)
-{
- byte seqArray[5][MAX_SEQ_SZ];
- /* The ASN.1 of the OCSP Request is an onion of sequences */
- byte algoArray[MAX_ALGO_SZ];
- byte issuerArray[MAX_ENCODED_DIG_SZ];
- byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
- byte snArray[MAX_SN_SZ];
- byte extArray[MAX_OCSP_EXT_SZ];
- byte* output = req->dest;
- word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, extSz, totalSz;
- int i;
-
- WOLFSSL_ENTER("EncodeOcspRequest");
-
-#ifdef NO_SHA
- algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0);
-#else
- algoSz = SetAlgoID(SHAh, algoArray, hashType, 0);
-#endif
-
- req->issuerHash = req->cert->issuerHash;
- issuerSz = SetDigest(req->cert->issuerHash, KEYID_SIZE, issuerArray);
-
- req->issuerKeyHash = req->cert->issuerKeyHash;
- issuerKeySz = SetDigest(req->cert->issuerKeyHash,
- KEYID_SIZE, issuerKeyArray);
-
- req->serial = req->cert->serial;
- req->serialSz = req->cert->serialSz;
- snSz = SetSerialNumber(req->cert->serial, req->cert->serialSz, snArray);
-
- extSz = 0;
- if (req->useNonce) {
- RNG rng;
- if (wc_InitRng(&rng) != 0) {
- WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce.");
- } else {
- if (wc_RNG_GenerateBlock(&rng, req->nonce, MAX_OCSP_NONCE_SZ) != 0)
- WOLFSSL_MSG("\tCannot run RNG. Skipping the OSCP Nonce.");
- else {
- req->nonceSz = MAX_OCSP_NONCE_SZ;
- extSz = SetOcspReqExtensions(MAX_OCSP_EXT_SZ, extArray,
- req->nonce, req->nonceSz);
- }
- wc_FreeRng(&rng);
- }
- }
-
- totalSz = algoSz + issuerSz + issuerKeySz + snSz;
-
- for (i = 4; i >= 0; i--) {
- seqSz[i] = SetSequence(totalSz, seqArray[i]);
- totalSz += seqSz[i];
- if (i == 2) totalSz += extSz;
- }
- totalSz = 0;
- for (i = 0; i < 5; i++) {
- XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
- totalSz += seqSz[i];
- }
- XMEMCPY(output + totalSz, algoArray, algoSz);
- totalSz += algoSz;
- XMEMCPY(output + totalSz, issuerArray, issuerSz);
- totalSz += issuerSz;
- XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
- totalSz += issuerKeySz;
- XMEMCPY(output + totalSz, snArray, snSz);
- totalSz += snSz;
- if (extSz != 0) {
- XMEMCPY(output + totalSz, extArray, extSz);
- totalSz += extSz;
- }
-
- return totalSz;
-}
-
-
-void InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce,
- byte* dest, word32 destSz)
-{
- WOLFSSL_ENTER("InitOcspRequest");
-
- req->cert = cert;
- req->useNonce = useNonce;
- req->nonceSz = 0;
- req->issuerHash = NULL;
- req->issuerKeyHash = NULL;
- req->serial = NULL;
- req->dest = dest;
- req->destSz = destSz;
-}
-
-
-int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
-{
- int cmp;
-
- WOLFSSL_ENTER("CompareOcspReqResp");
-
- if (req == NULL)
- {
- WOLFSSL_MSG("\tReq missing");
- return -1;
- }
-
- if (resp == NULL)
- {
- WOLFSSL_MSG("\tResp missing");
- return 1;
- }
-
- /* Nonces are not critical. The responder may not necessarily add
- * the nonce to the response. */
- if (req->useNonce && resp->nonceSz != 0) {
- cmp = req->nonceSz - resp->nonceSz;
- if (cmp != 0)
- {
- WOLFSSL_MSG("\tnonceSz mismatch");
- return cmp;
- }
-
- cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz);
- if (cmp != 0)
- {
- WOLFSSL_MSG("\tnonce mismatch");
- return cmp;
- }
- }
-
- cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
- if (cmp != 0)
- {
- WOLFSSL_MSG("\tissuerHash mismatch");
- return cmp;
- }
-
- cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
- if (cmp != 0)
- {
- WOLFSSL_MSG("\tissuerKeyHash mismatch");
- return cmp;
- }
-
- cmp = req->serialSz - resp->status->serialSz;
- if (cmp != 0)
- {
- WOLFSSL_MSG("\tserialSz mismatch");
- return cmp;
- }
-
- cmp = XMEMCMP(req->serial, resp->status->serial, req->serialSz);
- if (cmp != 0)
- {
- WOLFSSL_MSG("\tserial mismatch");
- return cmp;
- }
-
- return 0;
-}
-
-#endif
-
-
-/* store SHA hash of NAME */
-WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
- int maxIdx)
-{
- int length; /* length of all distinguished names */
- int ret;
- word32 dummy;
-
- WOLFSSL_ENTER("GetNameHash");
-
- if (source[*idx] == ASN_OBJECT_ID) {
- WOLFSSL_MSG("Trying optional prefix...");
-
- if (GetLength(source, idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- *idx += length;
- WOLFSSL_MSG("Got optional prefix");
- }
-
- /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be
- * calculated over the entire DER encoding of the Name field, including
- * the tag and length. */
- dummy = *idx;
- if (GetSequence(source, idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
-#ifdef NO_SHA
- ret = wc_Sha256Hash(source + dummy, length + *idx - dummy, hash);
-#else
- ret = wc_ShaHash(source + dummy, length + *idx - dummy, hash);
-#endif
-
- *idx += length;
-
- return ret;
-}
-
-
-#ifdef HAVE_CRL
-
-/* initialize decoded CRL */
-void InitDecodedCRL(DecodedCRL* dcrl)
-{
- WOLFSSL_MSG("InitDecodedCRL");
-
- dcrl->certBegin = 0;
- dcrl->sigIndex = 0;
- dcrl->sigLength = 0;
- dcrl->signatureOID = 0;
- dcrl->certs = NULL;
- dcrl->totalCerts = 0;
-}
-
-
-/* free decoded CRL resources */
-void FreeDecodedCRL(DecodedCRL* dcrl)
-{
- RevokedCert* tmp = dcrl->certs;
-
- WOLFSSL_MSG("FreeDecodedCRL");
-
- while(tmp) {
- RevokedCert* next = tmp->next;
- XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
- tmp = next;
- }
-}
-
-
-/* Get Revoked Cert list, 0 on success */
-static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
- int maxIdx)
-{
- int len;
- word32 end;
- byte b;
- RevokedCert* rc;
-
- WOLFSSL_ENTER("GetRevoked");
-
- if (GetSequence(buff, idx, &len, maxIdx) < 0)
- return ASN_PARSE_E;
-
- end = *idx + len;
-
- /* get serial number */
- b = buff[*idx];
- *idx += 1;
-
- if (b != ASN_INTEGER) {
- WOLFSSL_MSG("Expecting Integer");
- return ASN_PARSE_E;
- }
-
- if (GetLength(buff, idx, &len, maxIdx) < 0)
- return ASN_PARSE_E;
-
- if (len > EXTERNAL_SERIAL_SIZE) {
- WOLFSSL_MSG("Serial Size too big");
- return ASN_PARSE_E;
- }
-
- rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), NULL, DYNAMIC_TYPE_CRL);
- if (rc == NULL) {
- WOLFSSL_MSG("Alloc Revoked Cert failed");
- return MEMORY_E;
- }
-
- XMEMCPY(rc->serialNumber, &buff[*idx], len);
- rc->serialSz = len;
-
- /* add to list */
- rc->next = dcrl->certs;
- dcrl->certs = rc;
- dcrl->totalCerts++;
-
- *idx += len;
-
- /* get date */
- b = buff[*idx];
- *idx += 1;
-
- if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME) {
- WOLFSSL_MSG("Expecting Date");
- return ASN_PARSE_E;
- }
-
- if (GetLength(buff, idx, &len, maxIdx) < 0)
- return ASN_PARSE_E;
-
- /* skip for now */
- *idx += len;
-
- if (*idx != end) /* skip extensions */
- *idx = end;
-
- return 0;
-}
-
-
-/* Get CRL Signature, 0 on success */
-static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
- int maxIdx)
-{
- int length;
- byte b;
-
- WOLFSSL_ENTER("GetCRL_Signature");
-
- b = source[*idx];
- *idx += 1;
- if (b != ASN_BIT_STRING)
- return ASN_BITSTR_E;
-
- if (GetLength(source, idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- dcrl->sigLength = length;
-
- b = source[*idx];
- *idx += 1;
- if (b != 0x00)
- return ASN_EXPECT_0_E;
-
- dcrl->sigLength--;
- dcrl->signature = (byte*)&source[*idx];
-
- *idx += dcrl->sigLength;
-
- return 0;
-}
-
-
-/* prase crl buffer into decoded state, 0 on success */
-int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
-{
- int version, len;
- word32 oid, idx = 0;
- Signer* ca = NULL;
-
- WOLFSSL_MSG("ParseCRL");
-
- /* raw crl hash */
- /* hash here if needed for optimized comparisons
- * Sha sha;
- * wc_InitSha(&sha);
- * wc_ShaUpdate(&sha, buff, sz);
- * wc_ShaFinal(&sha, dcrl->crlHash); */
-
- if (GetSequence(buff, &idx, &len, sz) < 0)
- return ASN_PARSE_E;
-
- dcrl->certBegin = idx;
-
- if (GetSequence(buff, &idx, &len, sz) < 0)
- return ASN_PARSE_E;
- dcrl->sigIndex = len + idx;
-
- /* may have version */
- if (buff[idx] == ASN_INTEGER) {
- if (GetMyVersion(buff, &idx, &version) < 0)
- return ASN_PARSE_E;
- }
-
- if (GetAlgoId(buff, &idx, &oid, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetNameHash(buff, &idx, dcrl->issuerHash, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetBasicDate(buff, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
- return ASN_PARSE_E;
-
- if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
- WOLFSSL_MSG("CRL after date is no longer valid");
- return ASN_AFTER_DATE_E;
- }
-
- if (idx != dcrl->sigIndex && buff[idx] != CRL_EXTENSIONS) {
- if (GetSequence(buff, &idx, &len, sz) < 0)
- return ASN_PARSE_E;
-
- len += idx;
-
- while (idx < (word32)len) {
- if (GetRevoked(buff, &idx, dcrl, sz) < 0)
- return ASN_PARSE_E;
- }
- }
-
- if (idx != dcrl->sigIndex)
- idx = dcrl->sigIndex; /* skip extensions */
-
- if (GetAlgoId(buff, &idx, &dcrl->signatureOID, sz) < 0)
- return ASN_PARSE_E;
-
- if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0)
- return ASN_PARSE_E;
-
- /* openssl doesn't add skid by default for CRLs cause firefox chokes
- we're not assuming it's available yet */
- #if !defined(NO_SKID) && defined(CRL_SKID_READY)
- if (dcrl->extAuthKeyIdSet)
- ca = GetCA(cm, dcrl->extAuthKeyId);
- if (ca == NULL)
- ca = GetCAByName(cm, dcrl->issuerHash);
- #else /* NO_SKID */
- ca = GetCA(cm, dcrl->issuerHash);
- #endif /* NO_SKID */
- WOLFSSL_MSG("About to verify CRL signature");
-
- if (ca) {
- WOLFSSL_MSG("Found CRL issuer CA");
- /* try to confirm/verify signature */
- #ifndef IGNORE_KEY_EXTENSIONS
- if ((ca->keyUsage & KEYUSE_CRL_SIGN) == 0) {
- WOLFSSL_MSG("CA cannot sign CRLs");
- return ASN_CRL_NO_SIGNER_E;
- }
- #endif /* IGNORE_KEY_EXTENSIONS */
- if (!ConfirmSignature(buff + dcrl->certBegin,
- dcrl->sigIndex - dcrl->certBegin,
- ca->publicKey, ca->pubKeySize, ca->keyOID,
- dcrl->signature, dcrl->sigLength, dcrl->signatureOID, NULL)) {
- WOLFSSL_MSG("CRL Confirm signature failed");
- return ASN_CRL_CONFIRM_E;
- }
- }
- else {
- WOLFSSL_MSG("Did NOT find CRL issuer CA");
- return ASN_CRL_NO_SIGNER_E;
- }
-
- return 0;
-}
-
-#endif /* HAVE_CRL */
-#endif
-
-#ifdef WOLFSSL_SEP
-
-
-
-#endif /* WOLFSSL_SEP */
-
-
--- a/wolfcrypt/src/blake2b.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,434 +0,0 @@
-/*
- BLAKE2 reference source code package - reference C implementations
-
- Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
-
- To the extent possible under law, the author(s) have dedicated all copyright
- and related and neighboring rights to this software to the public domain
- worldwide. This software is distributed without any warranty.
-
- You should have received a copy of the CC0 Public Domain Dedication along with
- this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
-*/
-/* blake2b.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_BLAKE2
-
-#include <wolfssl/wolfcrypt/blake2.h>
-#include <wolfssl/wolfcrypt/blake2-impl.h>
-
-
-static const word64 blake2b_IV[8] =
-{
- 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
- 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
- 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
- 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
-};
-
-static const byte blake2b_sigma[12][16] =
-{
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
- { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
- { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
- { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
- { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
- { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
- { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
- { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
- { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
-};
-
-
-static INLINE int blake2b_set_lastnode( blake2b_state *S )
-{
- S->f[1] = ~0ULL;
- return 0;
-}
-
-/* Some helper functions, not necessarily useful */
-static INLINE int blake2b_set_lastblock( blake2b_state *S )
-{
- if( S->last_node ) blake2b_set_lastnode( S );
-
- S->f[0] = ~0ULL;
- return 0;
-}
-
-static INLINE int blake2b_increment_counter( blake2b_state *S, const word64
- inc )
-{
- S->t[0] += inc;
- S->t[1] += ( S->t[0] < inc );
- return 0;
-}
-
-static INLINE int blake2b_init0( blake2b_state *S )
-{
- int i;
- XMEMSET( S, 0, sizeof( blake2b_state ) );
-
- for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i];
-
- return 0;
-}
-
-/* init xors IV with input parameter block */
-int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
-{
- word32 i;
- blake2b_init0( S );
- byte *p = ( byte * )( P );
-
- /* IV XOR ParamBlock */
- for( i = 0; i < 8; ++i )
- S->h[i] ^= load64( p + sizeof( S->h[i] ) * i );
-
- return 0;
-}
-
-
-
-int blake2b_init( blake2b_state *S, const byte outlen )
-{
- blake2b_param P[1];
-
- if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
-
- P->digest_length = outlen;
- P->key_length = 0;
- P->fanout = 1;
- P->depth = 1;
- store32( &P->leaf_length, 0 );
- store64( &P->node_offset, 0 );
- P->node_depth = 0;
- P->inner_length = 0;
- XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
- XMEMSET( P->salt, 0, sizeof( P->salt ) );
- XMEMSET( P->personal, 0, sizeof( P->personal ) );
- return blake2b_init_param( S, P );
-}
-
-
-int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
- const byte keylen )
-{
- blake2b_param P[1];
-
- if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
-
- if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return -1;
-
- P->digest_length = outlen;
- P->key_length = keylen;
- P->fanout = 1;
- P->depth = 1;
- store32( &P->leaf_length, 0 );
- store64( &P->node_offset, 0 );
- P->node_depth = 0;
- P->inner_length = 0;
- XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
- XMEMSET( P->salt, 0, sizeof( P->salt ) );
- XMEMSET( P->personal, 0, sizeof( P->personal ) );
-
- if( blake2b_init_param( S, P ) < 0 ) return -1;
-
- {
-#ifdef WOLFSSL_SMALL_STACK
- byte* block;
-
- block = (byte*)XMALLOC(BLAKE2B_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if ( block == NULL ) return -1;
-#else
- byte block[BLAKE2B_BLOCKBYTES];
-#endif
-
- XMEMSET( block, 0, BLAKE2B_BLOCKBYTES );
- XMEMCPY( block, key, keylen );
- blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
- secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */
- /* memory */
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- }
- return 0;
-}
-
-static int blake2b_compress( blake2b_state *S,
- const byte block[BLAKE2B_BLOCKBYTES] )
-{
- int i;
-
-#ifdef WOLFSSL_SMALL_STACK
- word64* m;
- word64* v;
-
- m = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if ( m == NULL ) return -1;
-
- v = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if ( v == NULL )
- {
- XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return -1;
- }
-#else
- word64 m[16];
- word64 v[16];
-#endif
-
- for( i = 0; i < 16; ++i )
- m[i] = load64( block + i * sizeof( m[i] ) );
-
- for( i = 0; i < 8; ++i )
- v[i] = S->h[i];
-
- v[ 8] = blake2b_IV[0];
- v[ 9] = blake2b_IV[1];
- v[10] = blake2b_IV[2];
- v[11] = blake2b_IV[3];
- v[12] = S->t[0] ^ blake2b_IV[4];
- v[13] = S->t[1] ^ blake2b_IV[5];
- v[14] = S->f[0] ^ blake2b_IV[6];
- v[15] = S->f[1] ^ blake2b_IV[7];
-#define G(r,i,a,b,c,d) \
- do { \
- a = a + b + m[blake2b_sigma[r][2*i+0]]; \
- d = rotr64(d ^ a, 32); \
- c = c + d; \
- b = rotr64(b ^ c, 24); \
- a = a + b + m[blake2b_sigma[r][2*i+1]]; \
- d = rotr64(d ^ a, 16); \
- c = c + d; \
- b = rotr64(b ^ c, 63); \
- } while(0)
-#define ROUND(r) \
- do { \
- G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
- G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
- G(r,2,v[ 2],v[ 6],v[10],v[14]); \
- G(r,3,v[ 3],v[ 7],v[11],v[15]); \
- G(r,4,v[ 0],v[ 5],v[10],v[15]); \
- G(r,5,v[ 1],v[ 6],v[11],v[12]); \
- G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
- G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
- } while(0)
- ROUND( 0 );
- ROUND( 1 );
- ROUND( 2 );
- ROUND( 3 );
- ROUND( 4 );
- ROUND( 5 );
- ROUND( 6 );
- ROUND( 7 );
- ROUND( 8 );
- ROUND( 9 );
- ROUND( 10 );
- ROUND( 11 );
-
- for( i = 0; i < 8; ++i )
- S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
-
-#undef G
-#undef ROUND
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-/* inlen now in bytes */
-int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
-{
- while( inlen > 0 )
- {
- word64 left = S->buflen;
- word64 fill = 2 * BLAKE2B_BLOCKBYTES - left;
-
- if( inlen > fill )
- {
- XMEMCPY( S->buf + left, in, (wolfssl_word)fill ); /* Fill buffer */
- S->buflen += fill;
- blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
-
- if ( blake2b_compress( S, S->buf ) < 0 ) return -1; /* Compress */
-
- XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
- /* Shift buffer left */
- S->buflen -= BLAKE2B_BLOCKBYTES;
- in += fill;
- inlen -= fill;
- }
- else /* inlen <= fill */
- {
- XMEMCPY( S->buf + left, in, (wolfssl_word)inlen );
- S->buflen += inlen; /* Be lazy, do not compress */
- in += inlen;
- inlen -= inlen;
- }
- }
-
- return 0;
-}
-
-/* Is this correct? */
-int blake2b_final( blake2b_state *S, byte *out, byte outlen )
-{
- byte buffer[BLAKE2B_OUTBYTES];
- int i;
-
- if( S->buflen > BLAKE2B_BLOCKBYTES )
- {
- blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
-
- if ( blake2b_compress( S, S->buf ) < 0 ) return -1;
-
- S->buflen -= BLAKE2B_BLOCKBYTES;
- XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (wolfssl_word)S->buflen );
- }
-
- blake2b_increment_counter( S, S->buflen );
- blake2b_set_lastblock( S );
- XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) );
- /* Padding */
- if ( blake2b_compress( S, S->buf ) < 0 ) return -1;
-
- for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
- store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
-
- XMEMCPY( out, buffer, outlen );
- return 0;
-}
-
-/* inlen, at least, should be word64. Others can be size_t. */
-int blake2b( byte *out, const void *in, const void *key, const byte outlen,
- const word64 inlen, byte keylen )
-{
- blake2b_state S[1];
-
- /* Verify parameters */
- if ( NULL == in ) return -1;
-
- if ( NULL == out ) return -1;
-
- if( NULL == key ) keylen = 0;
-
- if( keylen > 0 )
- {
- if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;
- }
- else
- {
- if( blake2b_init( S, outlen ) < 0 ) return -1;
- }
-
- if ( blake2b_update( S, ( byte * )in, inlen ) < 0) return -1;
-
- return blake2b_final( S, out, outlen );
-}
-
-#if defined(BLAKE2B_SELFTEST)
-#include <string.h>
-#include "blake2-kat.h"
-int main( int argc, char **argv )
-{
- byte key[BLAKE2B_KEYBYTES];
- byte buf[KAT_LENGTH];
-
- for( word32 i = 0; i < BLAKE2B_KEYBYTES; ++i )
- key[i] = ( byte )i;
-
- for( word32 i = 0; i < KAT_LENGTH; ++i )
- buf[i] = ( byte )i;
-
- for( word32 i = 0; i < KAT_LENGTH; ++i )
- {
- byte hash[BLAKE2B_OUTBYTES];
- if ( blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ) < 0 )
- {
- puts( "error" );
- return -1;
- }
-
- if( 0 != memcmp( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )
- {
- puts( "error" );
- return -1;
- }
- }
-
- puts( "ok" );
- return 0;
-}
-#endif
-
-
-/* wolfCrypt API */
-
-/* Init Blake2b digest, track size incase final doesn't want to "remember" */
-int wc_InitBlake2b(Blake2b* b2b, word32 digestSz)
-{
- b2b->digestSz = digestSz;
-
- return blake2b_init(b2b->S, (byte)digestSz);
-}
-
-
-/* Blake2b Update */
-int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
-{
- return blake2b_update(b2b->S, data, sz);
-}
-
-
-/* Blake2b Final, if pass in zero size we use init digestSz */
-int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz)
-{
- word32 sz = requestSz ? requestSz : b2b->digestSz;
-
- return blake2b_final(b2b->S, final, (byte)sz);
-}
-
-
-/* end CTaoCrypt API */
-
-#endif /* HAVE_BLAKE2 */
-
-
--- a/wolfcrypt/src/camellia.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1621 +0,0 @@
-/* camellia.c ver 1.2.0
- *
- * Copyright (c) 2006,2007
- * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer as
- * the first lines of this file unmodified.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* camellia.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/*
- * Algorithm Specification
- * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_CAMELLIA
-
-#include <wolfssl/wolfcrypt/camellia.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-/* u32 must be 32bit word */
-typedef unsigned int u32;
-typedef unsigned char u8;
-
-/* key constants */
-
-#define CAMELLIA_SIGMA1L ((u32)0xA09E667FL)
-#define CAMELLIA_SIGMA1R ((u32)0x3BCC908BL)
-#define CAMELLIA_SIGMA2L ((u32)0xB67AE858L)
-#define CAMELLIA_SIGMA2R ((u32)0x4CAA73B2L)
-#define CAMELLIA_SIGMA3L ((u32)0xC6EF372FL)
-#define CAMELLIA_SIGMA3R ((u32)0xE94F82BEL)
-#define CAMELLIA_SIGMA4L ((u32)0x54FF53A5L)
-#define CAMELLIA_SIGMA4R ((u32)0xF1D36F1CL)
-#define CAMELLIA_SIGMA5L ((u32)0x10E527FAL)
-#define CAMELLIA_SIGMA5R ((u32)0xDE682D1DL)
-#define CAMELLIA_SIGMA6L ((u32)0xB05688C2L)
-#define CAMELLIA_SIGMA6R ((u32)0xB3E6C1FDL)
-
-/*
- * macros
- */
-
-
-#if defined(_MSC_VER)
-
-# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
-
-#else /* not MS-VC */
-
-# define GETU32(pt) \
- (((u32)(pt)[0] << 24) \
- ^ ((u32)(pt)[1] << 16) \
- ^ ((u32)(pt)[2] << 8) \
- ^ ((u32)(pt)[3]))
-
-# define PUTU32(ct, st) { \
- (ct)[0] = (u8)((st) >> 24); \
- (ct)[1] = (u8)((st) >> 16); \
- (ct)[2] = (u8)((st) >> 8); \
- (ct)[3] = (u8)(st); }
-
-#endif
-
-#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
-#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
-
-/* rotation right shift 1byte */
-#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
-/* rotation left shift 1bit */
-#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
-/* rotation left shift 1byte */
-#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
-
-#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
- do { \
- w0 = ll; \
- ll = (ll << bits) + (lr >> (32 - bits)); \
- lr = (lr << bits) + (rl >> (32 - bits)); \
- rl = (rl << bits) + (rr >> (32 - bits)); \
- rr = (rr << bits) + (w0 >> (32 - bits)); \
- } while(0)
-
-#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
- do { \
- w0 = ll; \
- w1 = lr; \
- ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
- lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
- rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
- rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
- } while(0)
-
-#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
-#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
-#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
-#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
-
-#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
- do { \
- il = xl ^ kl; \
- ir = xr ^ kr; \
- t0 = il >> 16; \
- t1 = ir >> 16; \
- yl = CAMELLIA_SP1110(ir & 0xff) \
- ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
- ^ CAMELLIA_SP3033(t1 & 0xff) \
- ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
- yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
- ^ CAMELLIA_SP0222(t0 & 0xff) \
- ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
- ^ CAMELLIA_SP4404(il & 0xff); \
- yl ^= yr; \
- yr = CAMELLIA_RR8(yr); \
- yr ^= yl; \
- } while(0)
-
-
-/*
- * for speed up
- *
- */
-#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
- do { \
- t0 = kll; \
- t0 &= ll; \
- lr ^= CAMELLIA_RL1(t0); \
- t1 = klr; \
- t1 |= lr; \
- ll ^= t1; \
- \
- t2 = krr; \
- t2 |= rr; \
- rl ^= t2; \
- t3 = krl; \
- t3 &= rl; \
- rr ^= CAMELLIA_RL1(t3); \
- } while(0)
-
-#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
- do { \
- ir = CAMELLIA_SP1110(xr & 0xff) \
- ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
- ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
- ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
- il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
- ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
- ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
- ^ CAMELLIA_SP4404(xl & 0xff); \
- il ^= kl; \
- ir ^= kr; \
- ir ^= il; \
- il = CAMELLIA_RR8(il); \
- il ^= ir; \
- yl ^= ir; \
- yr ^= il; \
- } while(0)
-
-
-static const u32 camellia_sp1110[256] = {
- 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
- 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
- 0xe4e4e400,0x85858500,0x57575700,0x35353500,
- 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
- 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
- 0x45454500,0x19191900,0xa5a5a500,0x21212100,
- 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
- 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
- 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
- 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
- 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
- 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
- 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
- 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
- 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
- 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
- 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
- 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
- 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
- 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
- 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
- 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
- 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
- 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
- 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
- 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
- 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
- 0x53535300,0x18181800,0xf2f2f200,0x22222200,
- 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
- 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
- 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
- 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
- 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
- 0xa1a1a100,0x89898900,0x62626200,0x97979700,
- 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
- 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
- 0x10101000,0xc4c4c400,0x00000000,0x48484800,
- 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
- 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
- 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
- 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
- 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
- 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
- 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
- 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
- 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
- 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
- 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
- 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
- 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
- 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
- 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
- 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
- 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
- 0xd4d4d400,0x25252500,0xababab00,0x42424200,
- 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
- 0x72727200,0x07070700,0xb9b9b900,0x55555500,
- 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
- 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
- 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
- 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
- 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
- 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
- 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
-};
-
-static const u32 camellia_sp0222[256] = {
- 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
- 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
- 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
- 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
- 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
- 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
- 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
- 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
- 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
- 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
- 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
- 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
- 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
- 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
- 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
- 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
- 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
- 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
- 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
- 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
- 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
- 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
- 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
- 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
- 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
- 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
- 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
- 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
- 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
- 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
- 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
- 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
- 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
- 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
- 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
- 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
- 0x00202020,0x00898989,0x00000000,0x00909090,
- 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
- 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
- 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
- 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
- 0x009b9b9b,0x00949494,0x00212121,0x00666666,
- 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
- 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
- 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
- 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
- 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
- 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
- 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
- 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
- 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
- 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
- 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
- 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
- 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
- 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
- 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
- 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
- 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
- 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
- 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
- 0x00777777,0x00939393,0x00868686,0x00838383,
- 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
- 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
-};
-
-static const u32 camellia_sp3033[256] = {
- 0x38003838,0x41004141,0x16001616,0x76007676,
- 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
- 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
- 0x75007575,0x06000606,0x57005757,0xa000a0a0,
- 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
- 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
- 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
- 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
- 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
- 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
- 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
- 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
- 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
- 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
- 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
- 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
- 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
- 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
- 0x3a003a3a,0x09000909,0x95009595,0x10001010,
- 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
- 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
- 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
- 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
- 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
- 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
- 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
- 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
- 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
- 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
- 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
- 0x12001212,0x04000404,0x74007474,0x54005454,
- 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
- 0x55005555,0x68006868,0x50005050,0xbe00bebe,
- 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
- 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
- 0x70007070,0xff00ffff,0x32003232,0x69006969,
- 0x08000808,0x62006262,0x00000000,0x24002424,
- 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
- 0x45004545,0x81008181,0x73007373,0x6d006d6d,
- 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
- 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
- 0xe600e6e6,0x25002525,0x48004848,0x99009999,
- 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
- 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
- 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
- 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
- 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
- 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
- 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
- 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
- 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
- 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
- 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
- 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
- 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
- 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
- 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
- 0x7c007c7c,0x77007777,0x56005656,0x05000505,
- 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
- 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
- 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
- 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
- 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
- 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
-};
-
-static const u32 camellia_sp4404[256] = {
- 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
- 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
- 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
- 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
- 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
- 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
- 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
- 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
- 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
- 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
- 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
- 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
- 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
- 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
- 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
- 0x24240024,0xe8e800e8,0x60600060,0x69690069,
- 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
- 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
- 0x10100010,0x00000000,0xa3a300a3,0x75750075,
- 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
- 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
- 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
- 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
- 0x81810081,0x6f6f006f,0x13130013,0x63630063,
- 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
- 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
- 0x78780078,0x06060006,0xe7e700e7,0x71710071,
- 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
- 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
- 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
- 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
- 0x15150015,0xadad00ad,0x77770077,0x80800080,
- 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
- 0x85850085,0x35350035,0x0c0c000c,0x41410041,
- 0xefef00ef,0x93930093,0x19190019,0x21210021,
- 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
- 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
- 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
- 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
- 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
- 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
- 0x12120012,0x20200020,0xb1b100b1,0x99990099,
- 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
- 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
- 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
- 0x0f0f000f,0x16160016,0x18180018,0x22220022,
- 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
- 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
- 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
- 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
- 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
- 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
- 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
- 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
- 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
- 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
- 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
- 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
- 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
- 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
- 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
- 0x49490049,0x68680068,0x38380038,0xa4a400a4,
- 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
- 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
-};
-
-
-/**
- * Stuff related to the Camellia key schedule
- */
-#define subl(x) subL[(x)]
-#define subr(x) subR[(x)]
-
-static int camellia_setup128(const unsigned char *key, u32 *subkey)
-{
- u32 kll, klr, krl, krr;
- u32 il, ir, t0, t1, w0, w1;
- u32 kw4l, kw4r, dw, tl, tr;
-
-#ifdef WOLFSSL_SMALL_STACK
- u32* subL;
- u32* subR;
-
- subL = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (subL == NULL)
- return MEMORY_E;
-
- subR = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (subR == NULL) {
- XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#else
- u32 subL[26];
- u32 subR[26];
-#endif
-
- /**
- * k == kll || klr || krl || krr (|| is concatination)
- */
- kll = GETU32(key );
- klr = GETU32(key + 4);
- krl = GETU32(key + 8);
- krr = GETU32(key + 12);
- /**
- * generate KL dependent subkeys
- */
- subl(0) = kll; subr(0) = klr;
- subl(1) = krl; subr(1) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(4) = kll; subr(4) = klr;
- subl(5) = krl; subr(5) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
- subl(10) = kll; subr(10) = klr;
- subl(11) = krl; subr(11) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(13) = krl; subr(13) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(16) = kll; subr(16) = klr;
- subl(17) = krl; subr(17) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(18) = kll; subr(18) = klr;
- subl(19) = krl; subr(19) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(22) = kll; subr(22) = klr;
- subl(23) = krl; subr(23) = krr;
-
- /* generate KA */
- kll = subl(0); klr = subr(0);
- krl = subl(1); krr = subr(1);
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
- w0, w1, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
- kll, klr, il, ir, t0, t1);
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
- krl, krr, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
- w0, w1, il, ir, t0, t1);
- kll ^= w0; klr ^= w1;
-
- /* generate KA dependent subkeys */
- subl(2) = kll; subr(2) = klr;
- subl(3) = krl; subr(3) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(6) = kll; subr(6) = klr;
- subl(7) = krl; subr(7) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(8) = kll; subr(8) = klr;
- subl(9) = krl; subr(9) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(12) = kll; subr(12) = klr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(14) = kll; subr(14) = klr;
- subl(15) = krl; subr(15) = krr;
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
- subl(20) = kll; subr(20) = klr;
- subl(21) = krl; subr(21) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(24) = kll; subr(24) = klr;
- subl(25) = krl; subr(25) = krr;
-
-
- /* absorb kw2 to other subkeys */
- subl(3) ^= subl(1); subr(3) ^= subr(1);
- subl(5) ^= subl(1); subr(5) ^= subr(1);
- subl(7) ^= subl(1); subr(7) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(9);
- dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
- subl(11) ^= subl(1); subr(11) ^= subr(1);
- subl(13) ^= subl(1); subr(13) ^= subr(1);
- subl(15) ^= subl(1); subr(15) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(17);
- dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
- subl(19) ^= subl(1); subr(19) ^= subr(1);
- subl(21) ^= subl(1); subr(21) ^= subr(1);
- subl(23) ^= subl(1); subr(23) ^= subr(1);
- subl(24) ^= subl(1); subr(24) ^= subr(1);
-
- /* absorb kw4 to other subkeys */
- kw4l = subl(25); kw4r = subr(25);
- subl(22) ^= kw4l; subr(22) ^= kw4r;
- subl(20) ^= kw4l; subr(20) ^= kw4r;
- subl(18) ^= kw4l; subr(18) ^= kw4r;
- kw4l ^= kw4r & ~subr(16);
- dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
- subl(14) ^= kw4l; subr(14) ^= kw4r;
- subl(12) ^= kw4l; subr(12) ^= kw4r;
- subl(10) ^= kw4l; subr(10) ^= kw4r;
- kw4l ^= kw4r & ~subr(8);
- dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
- subl(6) ^= kw4l; subr(6) ^= kw4r;
- subl(4) ^= kw4l; subr(4) ^= kw4r;
- subl(2) ^= kw4l; subr(2) ^= kw4r;
- subl(0) ^= kw4l; subr(0) ^= kw4r;
-
- /* key XOR is end of F-function */
- CamelliaSubkeyL(0) = subl(0) ^ subl(2);
- CamelliaSubkeyR(0) = subr(0) ^ subr(2);
- CamelliaSubkeyL(2) = subl(3);
- CamelliaSubkeyR(2) = subr(3);
- CamelliaSubkeyL(3) = subl(2) ^ subl(4);
- CamelliaSubkeyR(3) = subr(2) ^ subr(4);
- CamelliaSubkeyL(4) = subl(3) ^ subl(5);
- CamelliaSubkeyR(4) = subr(3) ^ subr(5);
- CamelliaSubkeyL(5) = subl(4) ^ subl(6);
- CamelliaSubkeyR(5) = subr(4) ^ subr(6);
- CamelliaSubkeyL(6) = subl(5) ^ subl(7);
- CamelliaSubkeyR(6) = subr(5) ^ subr(7);
- tl = subl(10) ^ (subr(10) & ~subr(8));
- dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(7) = subl(6) ^ tl;
- CamelliaSubkeyR(7) = subr(6) ^ tr;
- CamelliaSubkeyL(8) = subl(8);
- CamelliaSubkeyR(8) = subr(8);
- CamelliaSubkeyL(9) = subl(9);
- CamelliaSubkeyR(9) = subr(9);
- tl = subl(7) ^ (subr(7) & ~subr(9));
- dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(10) = tl ^ subl(11);
- CamelliaSubkeyR(10) = tr ^ subr(11);
- CamelliaSubkeyL(11) = subl(10) ^ subl(12);
- CamelliaSubkeyR(11) = subr(10) ^ subr(12);
- CamelliaSubkeyL(12) = subl(11) ^ subl(13);
- CamelliaSubkeyR(12) = subr(11) ^ subr(13);
- CamelliaSubkeyL(13) = subl(12) ^ subl(14);
- CamelliaSubkeyR(13) = subr(12) ^ subr(14);
- CamelliaSubkeyL(14) = subl(13) ^ subl(15);
- CamelliaSubkeyR(14) = subr(13) ^ subr(15);
- tl = subl(18) ^ (subr(18) & ~subr(16));
- dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(15) = subl(14) ^ tl;
- CamelliaSubkeyR(15) = subr(14) ^ tr;
- CamelliaSubkeyL(16) = subl(16);
- CamelliaSubkeyR(16) = subr(16);
- CamelliaSubkeyL(17) = subl(17);
- CamelliaSubkeyR(17) = subr(17);
- tl = subl(15) ^ (subr(15) & ~subr(17));
- dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(18) = tl ^ subl(19);
- CamelliaSubkeyR(18) = tr ^ subr(19);
- CamelliaSubkeyL(19) = subl(18) ^ subl(20);
- CamelliaSubkeyR(19) = subr(18) ^ subr(20);
- CamelliaSubkeyL(20) = subl(19) ^ subl(21);
- CamelliaSubkeyR(20) = subr(19) ^ subr(21);
- CamelliaSubkeyL(21) = subl(20) ^ subl(22);
- CamelliaSubkeyR(21) = subr(20) ^ subr(22);
- CamelliaSubkeyL(22) = subl(21) ^ subl(23);
- CamelliaSubkeyR(22) = subr(21) ^ subr(23);
- CamelliaSubkeyL(23) = subl(22);
- CamelliaSubkeyR(23) = subr(22);
- CamelliaSubkeyL(24) = subl(24) ^ subl(23);
- CamelliaSubkeyR(24) = subr(24) ^ subr(23);
-
- /* apply the inverse of the last half of P-function */
- dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
- dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
- dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
- dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
- dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
- dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
- dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
- dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
- dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
- dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
- dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
- dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
- dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
- dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
- dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
- dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
- dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
- dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-static int camellia_setup256(const unsigned char *key, u32 *subkey)
-{
- u32 kll,klr,krl,krr; /* left half of key */
- u32 krll,krlr,krrl,krrr; /* right half of key */
- u32 il, ir, t0, t1, w0, w1; /* temporary variables */
- u32 kw4l, kw4r, dw, tl, tr;
-
-#ifdef WOLFSSL_SMALL_STACK
- u32* subL;
- u32* subR;
-
- subL = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (subL == NULL)
- return MEMORY_E;
-
- subR = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (subR == NULL) {
- XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#else
- u32 subL[34];
- u32 subR[34];
-#endif
-
- /**
- * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
- * (|| is concatination)
- */
-
- kll = GETU32(key );
- klr = GETU32(key + 4);
- krl = GETU32(key + 8);
- krr = GETU32(key + 12);
- krll = GETU32(key + 16);
- krlr = GETU32(key + 20);
- krrl = GETU32(key + 24);
- krrr = GETU32(key + 28);
-
- /* generate KL dependent subkeys */
- subl(0) = kll; subr(0) = klr;
- subl(1) = krl; subr(1) = krr;
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
- subl(12) = kll; subr(12) = klr;
- subl(13) = krl; subr(13) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(16) = kll; subr(16) = klr;
- subl(17) = krl; subr(17) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(22) = kll; subr(22) = klr;
- subl(23) = krl; subr(23) = krr;
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
- subl(30) = kll; subr(30) = klr;
- subl(31) = krl; subr(31) = krr;
-
- /* generate KR dependent subkeys */
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
- subl(4) = krll; subr(4) = krlr;
- subl(5) = krrl; subr(5) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
- subl(8) = krll; subr(8) = krlr;
- subl(9) = krrl; subr(9) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- subl(18) = krll; subr(18) = krlr;
- subl(19) = krrl; subr(19) = krrr;
- CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
- subl(26) = krll; subr(26) = krlr;
- subl(27) = krrl; subr(27) = krrr;
- CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
-
- /* generate KA */
- kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
- krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
- w0, w1, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
- kll, klr, il, ir, t0, t1);
- kll ^= krll; klr ^= krlr;
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
- krl, krr, il, ir, t0, t1);
- krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
- w0, w1, il, ir, t0, t1);
- kll ^= w0; klr ^= w1;
-
- /* generate KB */
- krll ^= kll; krlr ^= klr;
- krrl ^= krl; krrr ^= krr;
- CAMELLIA_F(krll, krlr,
- CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
- w0, w1, il, ir, t0, t1);
- krrl ^= w0; krrr ^= w1;
- CAMELLIA_F(krrl, krrr,
- CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
- w0, w1, il, ir, t0, t1);
- krll ^= w0; krlr ^= w1;
-
- /* generate KA dependent subkeys */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(6) = kll; subr(6) = klr;
- subl(7) = krl; subr(7) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
- subl(14) = kll; subr(14) = klr;
- subl(15) = krl; subr(15) = krr;
- subl(24) = klr; subr(24) = krl;
- subl(25) = krr; subr(25) = kll;
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
- subl(28) = kll; subr(28) = klr;
- subl(29) = krl; subr(29) = krr;
-
- /* generate KB dependent subkeys */
- subl(2) = krll; subr(2) = krlr;
- subl(3) = krrl; subr(3) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- subl(10) = krll; subr(10) = krlr;
- subl(11) = krrl; subr(11) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- subl(20) = krll; subr(20) = krlr;
- subl(21) = krrl; subr(21) = krrr;
- CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
- subl(32) = krll; subr(32) = krlr;
- subl(33) = krrl; subr(33) = krrr;
-
- /* absorb kw2 to other subkeys */
- subl(3) ^= subl(1); subr(3) ^= subr(1);
- subl(5) ^= subl(1); subr(5) ^= subr(1);
- subl(7) ^= subl(1); subr(7) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(9);
- dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
- subl(11) ^= subl(1); subr(11) ^= subr(1);
- subl(13) ^= subl(1); subr(13) ^= subr(1);
- subl(15) ^= subl(1); subr(15) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(17);
- dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
- subl(19) ^= subl(1); subr(19) ^= subr(1);
- subl(21) ^= subl(1); subr(21) ^= subr(1);
- subl(23) ^= subl(1); subr(23) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(25);
- dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
- subl(27) ^= subl(1); subr(27) ^= subr(1);
- subl(29) ^= subl(1); subr(29) ^= subr(1);
- subl(31) ^= subl(1); subr(31) ^= subr(1);
- subl(32) ^= subl(1); subr(32) ^= subr(1);
-
- /* absorb kw4 to other subkeys */
- kw4l = subl(33); kw4r = subr(33);
- subl(30) ^= kw4l; subr(30) ^= kw4r;
- subl(28) ^= kw4l; subr(28) ^= kw4r;
- subl(26) ^= kw4l; subr(26) ^= kw4r;
- kw4l ^= kw4r & ~subr(24);
- dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
- subl(22) ^= kw4l; subr(22) ^= kw4r;
- subl(20) ^= kw4l; subr(20) ^= kw4r;
- subl(18) ^= kw4l; subr(18) ^= kw4r;
- kw4l ^= kw4r & ~subr(16);
- dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
- subl(14) ^= kw4l; subr(14) ^= kw4r;
- subl(12) ^= kw4l; subr(12) ^= kw4r;
- subl(10) ^= kw4l; subr(10) ^= kw4r;
- kw4l ^= kw4r & ~subr(8);
- dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
- subl(6) ^= kw4l; subr(6) ^= kw4r;
- subl(4) ^= kw4l; subr(4) ^= kw4r;
- subl(2) ^= kw4l; subr(2) ^= kw4r;
- subl(0) ^= kw4l; subr(0) ^= kw4r;
-
- /* key XOR is end of F-function */
- CamelliaSubkeyL(0) = subl(0) ^ subl(2);
- CamelliaSubkeyR(0) = subr(0) ^ subr(2);
- CamelliaSubkeyL(2) = subl(3);
- CamelliaSubkeyR(2) = subr(3);
- CamelliaSubkeyL(3) = subl(2) ^ subl(4);
- CamelliaSubkeyR(3) = subr(2) ^ subr(4);
- CamelliaSubkeyL(4) = subl(3) ^ subl(5);
- CamelliaSubkeyR(4) = subr(3) ^ subr(5);
- CamelliaSubkeyL(5) = subl(4) ^ subl(6);
- CamelliaSubkeyR(5) = subr(4) ^ subr(6);
- CamelliaSubkeyL(6) = subl(5) ^ subl(7);
- CamelliaSubkeyR(6) = subr(5) ^ subr(7);
- tl = subl(10) ^ (subr(10) & ~subr(8));
- dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(7) = subl(6) ^ tl;
- CamelliaSubkeyR(7) = subr(6) ^ tr;
- CamelliaSubkeyL(8) = subl(8);
- CamelliaSubkeyR(8) = subr(8);
- CamelliaSubkeyL(9) = subl(9);
- CamelliaSubkeyR(9) = subr(9);
- tl = subl(7) ^ (subr(7) & ~subr(9));
- dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(10) = tl ^ subl(11);
- CamelliaSubkeyR(10) = tr ^ subr(11);
- CamelliaSubkeyL(11) = subl(10) ^ subl(12);
- CamelliaSubkeyR(11) = subr(10) ^ subr(12);
- CamelliaSubkeyL(12) = subl(11) ^ subl(13);
- CamelliaSubkeyR(12) = subr(11) ^ subr(13);
- CamelliaSubkeyL(13) = subl(12) ^ subl(14);
- CamelliaSubkeyR(13) = subr(12) ^ subr(14);
- CamelliaSubkeyL(14) = subl(13) ^ subl(15);
- CamelliaSubkeyR(14) = subr(13) ^ subr(15);
- tl = subl(18) ^ (subr(18) & ~subr(16));
- dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(15) = subl(14) ^ tl;
- CamelliaSubkeyR(15) = subr(14) ^ tr;
- CamelliaSubkeyL(16) = subl(16);
- CamelliaSubkeyR(16) = subr(16);
- CamelliaSubkeyL(17) = subl(17);
- CamelliaSubkeyR(17) = subr(17);
- tl = subl(15) ^ (subr(15) & ~subr(17));
- dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(18) = tl ^ subl(19);
- CamelliaSubkeyR(18) = tr ^ subr(19);
- CamelliaSubkeyL(19) = subl(18) ^ subl(20);
- CamelliaSubkeyR(19) = subr(18) ^ subr(20);
- CamelliaSubkeyL(20) = subl(19) ^ subl(21);
- CamelliaSubkeyR(20) = subr(19) ^ subr(21);
- CamelliaSubkeyL(21) = subl(20) ^ subl(22);
- CamelliaSubkeyR(21) = subr(20) ^ subr(22);
- CamelliaSubkeyL(22) = subl(21) ^ subl(23);
- CamelliaSubkeyR(22) = subr(21) ^ subr(23);
- tl = subl(26) ^ (subr(26) & ~subr(24));
- dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(23) = subl(22) ^ tl;
- CamelliaSubkeyR(23) = subr(22) ^ tr;
- CamelliaSubkeyL(24) = subl(24);
- CamelliaSubkeyR(24) = subr(24);
- CamelliaSubkeyL(25) = subl(25);
- CamelliaSubkeyR(25) = subr(25);
- tl = subl(23) ^ (subr(23) & ~subr(25));
- dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(26) = tl ^ subl(27);
- CamelliaSubkeyR(26) = tr ^ subr(27);
- CamelliaSubkeyL(27) = subl(26) ^ subl(28);
- CamelliaSubkeyR(27) = subr(26) ^ subr(28);
- CamelliaSubkeyL(28) = subl(27) ^ subl(29);
- CamelliaSubkeyR(28) = subr(27) ^ subr(29);
- CamelliaSubkeyL(29) = subl(28) ^ subl(30);
- CamelliaSubkeyR(29) = subr(28) ^ subr(30);
- CamelliaSubkeyL(30) = subl(29) ^ subl(31);
- CamelliaSubkeyR(30) = subr(29) ^ subr(31);
- CamelliaSubkeyL(31) = subl(30);
- CamelliaSubkeyR(31) = subr(30);
- CamelliaSubkeyL(32) = subl(32) ^ subl(31);
- CamelliaSubkeyR(32) = subr(32) ^ subr(31);
-
- /* apply the inverse of the last half of P-function */
- dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
- dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
- dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
- dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
- dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
- dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
- dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
- dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
- dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
- dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
- dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
- dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
- dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
- dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
- dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
- dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
- dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
- dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
- dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
- dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
- dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
- dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
- dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
- dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-static int camellia_setup192(const unsigned char *key, u32 *subkey)
-{
- unsigned char kk[32];
- u32 krll, krlr, krrl,krrr;
-
- memcpy(kk, key, 24);
- memcpy((unsigned char *)&krll, key+16,4);
- memcpy((unsigned char *)&krlr, key+20,4);
- krrl = ~krll;
- krrr = ~krlr;
- memcpy(kk+24, (unsigned char *)&krrl, 4);
- memcpy(kk+28, (unsigned char *)&krrr, 4);
-
- return camellia_setup256(kk, subkey);
-}
-
-
-/**
- * Stuff related to camellia encryption/decryption
- *
- * "io" must be 4byte aligned and big-endian data.
- */
-static void camellia_encrypt128(const u32 *subkey, u32 *io)
-{
- u32 il, ir, t0, t1;
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(0);
- io[1] ^= CamelliaSubkeyR(0);
- /* main iteration */
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(24);
- io[3] ^= CamelliaSubkeyR(24);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
-}
-
-static void camellia_decrypt128(const u32 *subkey, u32 *io)
-{
- u32 il,ir,t0,t1; /* temporary valiables */
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(24);
- io[1] ^= CamelliaSubkeyR(24);
-
- /* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(0);
- io[3] ^= CamelliaSubkeyR(0);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
-}
-
-/**
- * stuff for 192 and 256bit encryption/decryption
- */
-static void camellia_encrypt256(const u32 *subkey, u32 *io)
-{
- u32 il,ir,t0,t1; /* temporary valiables */
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(0);
- io[1] ^= CamelliaSubkeyR(0);
-
- /* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(24),CamelliaSubkeyR(24),
- CamelliaSubkeyL(25),CamelliaSubkeyR(25),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(26),CamelliaSubkeyR(26),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(27),CamelliaSubkeyR(27),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(28),CamelliaSubkeyR(28),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(29),CamelliaSubkeyR(29),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(30),CamelliaSubkeyR(30),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(31),CamelliaSubkeyR(31),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(32);
- io[3] ^= CamelliaSubkeyR(32);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
-}
-
-static void camellia_decrypt256(const u32 *subkey, u32 *io)
-{
- u32 il,ir,t0,t1; /* temporary valiables */
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(32);
- io[1] ^= CamelliaSubkeyR(32);
-
- /* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(31),CamelliaSubkeyR(31),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(30),CamelliaSubkeyR(30),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(29),CamelliaSubkeyR(29),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(28),CamelliaSubkeyR(28),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(27),CamelliaSubkeyR(27),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(26),CamelliaSubkeyR(26),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(25),CamelliaSubkeyR(25),
- CamelliaSubkeyL(24),CamelliaSubkeyR(24),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(0);
- io[3] ^= CamelliaSubkeyR(0);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
-}
-
-/***
- *
- * API for compatibility
- */
-
-static void Camellia_EncryptBlock(const int keyBitLength,
- const unsigned char *plaintext,
- const KEY_TABLE_TYPE keyTable,
- unsigned char *ciphertext)
-{
- u32 tmp[4];
-
- tmp[0] = GETU32(plaintext);
- tmp[1] = GETU32(plaintext + 4);
- tmp[2] = GETU32(plaintext + 8);
- tmp[3] = GETU32(plaintext + 12);
-
- switch (keyBitLength) {
- case 128:
- camellia_encrypt128(keyTable, tmp);
- break;
- case 192:
- /* fall through */
- case 256:
- camellia_encrypt256(keyTable, tmp);
- break;
- default:
- break;
- }
-
- PUTU32(ciphertext, tmp[0]);
- PUTU32(ciphertext + 4, tmp[1]);
- PUTU32(ciphertext + 8, tmp[2]);
- PUTU32(ciphertext + 12, tmp[3]);
-}
-
-static void Camellia_DecryptBlock(const int keyBitLength,
- const unsigned char *ciphertext,
- const KEY_TABLE_TYPE keyTable,
- unsigned char *plaintext)
-{
- u32 tmp[4];
-
- tmp[0] = GETU32(ciphertext);
- tmp[1] = GETU32(ciphertext + 4);
- tmp[2] = GETU32(ciphertext + 8);
- tmp[3] = GETU32(ciphertext + 12);
-
- switch (keyBitLength) {
- case 128:
- camellia_decrypt128(keyTable, tmp);
- break;
- case 192:
- /* fall through */
- case 256:
- camellia_decrypt256(keyTable, tmp);
- break;
- default:
- break;
- }
- PUTU32(plaintext, tmp[0]);
- PUTU32(plaintext + 4, tmp[1]);
- PUTU32(plaintext + 8, tmp[2]);
- PUTU32(plaintext + 12, tmp[3]);
-}
-
-
-
-/* wolfCrypt wrappers to the Camellia code */
-
-int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv)
-{
- int ret = 0;
-
- if (cam == NULL) return BAD_FUNC_ARG;
-
- XMEMSET(cam->key, 0, sizeof(KEY_TABLE_TYPE));
-
- switch (len) {
- case 16:
- ret = camellia_setup128(key, cam->key);
- break;
- case 24:
- ret = camellia_setup192(key, cam->key);
- break;
- case 32:
- ret = camellia_setup256(key, cam->key);
- break;
- default:
- return BAD_FUNC_ARG;
- }
-
- if (ret != 0)
- return ret;
-
- cam->keySz = len * 8;
-
- return wc_CamelliaSetIV(cam, iv);
-}
-
-
-int wc_CamelliaSetIV(Camellia* cam, const byte* iv)
-{
- if (cam == NULL)
- return BAD_FUNC_ARG;
-
- if (iv)
- XMEMCPY(cam->reg, iv, CAMELLIA_BLOCK_SIZE);
- else
- XMEMSET(cam->reg, 0, CAMELLIA_BLOCK_SIZE);
-
- return 0;
-}
-
-
-void wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
-{
- Camellia_EncryptBlock(cam->keySz, in, cam->key, out);
-}
-
-
-void wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
-{
- Camellia_DecryptBlock(cam->keySz, in, cam->key, out);
-}
-
-
-void wc_CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
-{
- word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
-
- while (blocks--) {
- xorbuf((byte*)cam->reg, in, CAMELLIA_BLOCK_SIZE);
- Camellia_EncryptBlock(cam->keySz, (byte*)cam->reg,
- cam->key, (byte*)cam->reg);
- XMEMCPY(out, cam->reg, CAMELLIA_BLOCK_SIZE);
-
- out += CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- }
-}
-
-
-void wc_CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
-{
- word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
-
- while (blocks--) {
- XMEMCPY(cam->tmp, in, CAMELLIA_BLOCK_SIZE);
- Camellia_DecryptBlock(cam->keySz, (byte*)cam->tmp, cam->key, out);
- xorbuf(out, (byte*)cam->reg, CAMELLIA_BLOCK_SIZE);
- XMEMCPY(cam->reg, cam->tmp, CAMELLIA_BLOCK_SIZE);
-
- out += CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- }
-}
-
-
-#endif /* HAVE_CAMELLIA */
-
-
--- a/wolfcrypt/src/chacha.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,252 +0,0 @@
-/* chacha.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * based from
- * chacha-ref.c version 20080118
- * D. J. Bernstein
- * Public domain.
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_CHACHA
-
-#include <wolfssl/wolfcrypt/chacha.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef CHACHA_AEAD_TEST
- #include <stdio.h>
-#endif
-
-#ifdef BIG_ENDIAN_ORDER
- #define LITTLE32(x) ByteReverseWord32(x)
-#else
- #define LITTLE32(x) (x)
-#endif
-
-/* Number of rounds */
-#define ROUNDS 20
-
-#define U32C(v) (v##U)
-#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
-#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
-
-#define ROTATE(v,c) rotlFixed(v, c)
-#define XOR(v,w) ((v) ^ (w))
-#define PLUS(v,w) (U32V((v) + (w)))
-#define PLUSONE(v) (PLUS((v),1))
-
-#define QUARTERROUND(a,b,c,d) \
- x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
- x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
- x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
- x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
-
-
-/**
- * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
- * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
- */
-int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
-{
- word32 temp[3]; /* used for alignment of memory */
-
-#ifdef CHACHA_AEAD_TEST
- word32 i;
- printf("NONCE : ");
- for (i = 0; i < 12; i++) {
- printf("%02x", inIv[i]);
- }
- printf("\n\n");
-#endif
-
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- XMEMCPY(temp, inIv, 12);
-
- ctx->X[12] = LITTLE32(counter); /* block counter */
- ctx->X[13] = LITTLE32(temp[0]); /* fixed variable from nonce */
- ctx->X[14] = LITTLE32(temp[1]); /* counter from nonce */
- ctx->X[15] = LITTLE32(temp[2]); /* counter from nonce */
-
- return 0;
-}
-
-/* "expand 32-byte k" as unsigned 32 byte */
-static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
-/* "expand 16-byte k" as unsigned 16 byte */
-static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
-
-/**
- * Key setup. 8 word iv (nonce)
- */
-int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
-{
- const word32* constants;
- const byte* k;
-
-#ifdef XSTREAM_ALIGN
- word32 alignKey[8];
-#endif
-
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- if (keySz != 16 && keySz != 32)
- return BAD_FUNC_ARG;
-
-#ifdef XSTREAM_ALIGN
- if ((wolfssl_word)key % 4) {
- WOLFSSL_MSG("wc_ChachaSetKey unaligned key");
- XMEMCPY(alignKey, key, keySz);
- k = (byte*)alignKey;
- }
- else {
- k = key;
- }
-#else
- k = key;
-#endif /* XSTREAM_ALIGN */
-
-#ifdef CHACHA_AEAD_TEST
- word32 i;
- printf("ChaCha key used :\n");
- for (i = 0; i < keySz; i++) {
- printf("%02x", key[i]);
- if ((i + 1) % 8 == 0)
- printf("\n");
- }
- printf("\n\n");
-#endif
-
- ctx->X[4] = U8TO32_LITTLE(k + 0);
- ctx->X[5] = U8TO32_LITTLE(k + 4);
- ctx->X[6] = U8TO32_LITTLE(k + 8);
- ctx->X[7] = U8TO32_LITTLE(k + 12);
- if (keySz == 32) {
- k += 16;
- constants = sigma;
- }
- else {
- constants = tau;
- }
- ctx->X[ 8] = U8TO32_LITTLE(k + 0);
- ctx->X[ 9] = U8TO32_LITTLE(k + 4);
- ctx->X[10] = U8TO32_LITTLE(k + 8);
- ctx->X[11] = U8TO32_LITTLE(k + 12);
- ctx->X[ 0] = constants[0];
- ctx->X[ 1] = constants[1];
- ctx->X[ 2] = constants[2];
- ctx->X[ 3] = constants[3];
-
- return 0;
-}
-
-/**
- * Converts word into bytes with rotations having been done.
- */
-static INLINE void wc_Chacha_wordtobyte(word32 output[16], const word32 input[16])
-{
- word32 x[16];
- word32 i;
-
- for (i = 0; i < 16; i++) {
- x[i] = input[i];
- }
-
- for (i = (ROUNDS); i > 0; i -= 2) {
- QUARTERROUND(0, 4, 8, 12)
- QUARTERROUND(1, 5, 9, 13)
- QUARTERROUND(2, 6, 10, 14)
- QUARTERROUND(3, 7, 11, 15)
- QUARTERROUND(0, 5, 10, 15)
- QUARTERROUND(1, 6, 11, 12)
- QUARTERROUND(2, 7, 8, 13)
- QUARTERROUND(3, 4, 9, 14)
- }
-
- for (i = 0; i < 16; i++) {
- x[i] = PLUS(x[i], input[i]);
- }
-
- for (i = 0; i < 16; i++) {
- output[i] = LITTLE32(x[i]);
- }
-}
-
-/**
- * Encrypt a stream of bytes
- */
-static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
- word32 bytes)
-{
- byte* output;
- word32 temp[16]; /* used to make sure aligned */
- word32 i;
-
- output = (byte*)temp;
-
- if (!bytes) return;
- for (;;) {
- wc_Chacha_wordtobyte(temp, ctx->X);
- ctx->X[12] = PLUSONE(ctx->X[12]);
- if (bytes <= 64) {
- for (i = 0; i < bytes; ++i) {
- c[i] = m[i] ^ output[i];
- }
- return;
- }
- for (i = 0; i < 64; ++i) {
- c[i] = m[i] ^ output[i];
- }
- bytes -= 64;
- c += 64;
- m += 64;
- }
-}
-
-/**
- * API to encrypt/decrypt a message of any size.
- */
-int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, word32 msglen)
-{
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- wc_Chacha_encrypt_bytes(ctx, input, output, msglen);
-
- return 0;
-}
-
-#endif /* HAVE_CHACHA*/
-
-
--- a/wolfcrypt/src/chacha20_poly1305.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,275 +0,0 @@
-/* chacha.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-
-#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/chacha.h>
-#include <wolfssl/wolfcrypt/poly1305.h>
-
-#ifdef NO_INLINE
-#include <wolfssl/wolfcrypt/misc.h>
-#else
-#include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef CHACHA_AEAD_TEST
-#include <stdio.h>
-#endif
-
-#define CHACHA20_POLY1305_AEAD_INITIAL_COUNTER 0
-#define CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT 16
-
-static void word32ToLittle64(const word32 inLittle32, byte outLittle64[8]);
-static int calculateAuthTag(
- const byte inAuthKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
- const byte* inAAD, const word32 inAADLen,
- const byte *inCiphertext, const word32 inCiphertextLen,
- byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
-
-int wc_ChaCha20Poly1305_Encrypt(
- const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
- const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
- const byte* inAAD, const word32 inAADLen,
- const byte* inPlaintext, const word32 inPlaintextLen,
- byte* outCiphertext,
- byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE])
-{
- int err;
- byte poly1305Key[CHACHA20_POLY1305_AEAD_KEYSIZE];
- ChaCha chaChaCtx;
-
- /* Validate function arguments */
-
- if (!inKey || !inIV ||
- !inPlaintext || !inPlaintextLen ||
- !outCiphertext ||
- !outAuthTag)
- {
- return BAD_FUNC_ARG;
- }
-
- XMEMSET(poly1305Key, 0, sizeof(poly1305Key));
-
- /* Create the Poly1305 key */
- err = wc_Chacha_SetKey(&chaChaCtx, inKey, CHACHA20_POLY1305_AEAD_KEYSIZE);
- if (err != 0) return err;
-
- err = wc_Chacha_SetIV(&chaChaCtx, inIV,
- CHACHA20_POLY1305_AEAD_INITIAL_COUNTER);
- if (err != 0) return err;
-
- err = wc_Chacha_Process(&chaChaCtx, poly1305Key, poly1305Key,
- CHACHA20_POLY1305_AEAD_KEYSIZE);
- if (err != 0) return err;
-
- /* Encrypt the plaintext using ChaCha20 */
- err = wc_Chacha_Process(&chaChaCtx, outCiphertext, inPlaintext,
- inPlaintextLen);
- /* Calculate the Poly1305 auth tag */
- if (err == 0)
- err = calculateAuthTag(poly1305Key,
- inAAD, inAADLen,
- outCiphertext, inPlaintextLen,
- outAuthTag);
- ForceZero(poly1305Key, sizeof(poly1305Key));
-
- return err;
-}
-
-
-int wc_ChaCha20Poly1305_Decrypt(
- const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
- const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
- const byte* inAAD, const word32 inAADLen,
- const byte* inCiphertext, const word32 inCiphertextLen,
- const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
- byte* outPlaintext)
-{
- int err;
- byte poly1305Key[CHACHA20_POLY1305_AEAD_KEYSIZE];
- ChaCha chaChaCtx;
- byte calculatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
-
- /* Validate function arguments */
-
- if (!inKey || !inIV ||
- !inCiphertext || !inCiphertextLen ||
- !inAuthTag ||
- !outPlaintext)
- {
- return BAD_FUNC_ARG;
- }
-
- XMEMSET(calculatedAuthTag, 0, sizeof(calculatedAuthTag));
- XMEMSET(poly1305Key, 0, sizeof(poly1305Key));
-
- /* Create the Poly1305 key */
- err = wc_Chacha_SetKey(&chaChaCtx, inKey, CHACHA20_POLY1305_AEAD_KEYSIZE);
- if (err != 0) return err;
-
- err = wc_Chacha_SetIV(&chaChaCtx, inIV,
- CHACHA20_POLY1305_AEAD_INITIAL_COUNTER);
- if (err != 0) return err;
-
- err = wc_Chacha_Process(&chaChaCtx, poly1305Key, poly1305Key,
- CHACHA20_POLY1305_AEAD_KEYSIZE);
- if (err != 0) return err;
-
- /* Calculate the Poly1305 auth tag */
- err = calculateAuthTag(poly1305Key,
- inAAD, inAADLen,
- inCiphertext, inCiphertextLen,
- calculatedAuthTag);
-
- /* Compare the calculated auth tag with the received one */
- if (err == 0 && ConstantCompare(inAuthTag, calculatedAuthTag,
- CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) != 0)
- {
- err = MAC_CMP_FAILED_E;
- }
-
- /* Decrypt the received ciphertext */
- if (err == 0)
- err = wc_Chacha_Process(&chaChaCtx, outPlaintext, inCiphertext,
- inCiphertextLen);
- ForceZero(poly1305Key, sizeof(poly1305Key));
-
- return err;
-}
-
-
-static int calculateAuthTag(
- const byte inAuthKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
- const byte *inAAD, const word32 inAADLen,
- const byte *inCiphertext, const word32 inCiphertextLen,
- byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE])
-{
- int err;
- Poly1305 poly1305Ctx;
- byte padding[CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1];
- word32 paddingLen;
- byte little64[8];
-
- XMEMSET(padding, 0, sizeof(padding));
-
- /* Initialize Poly1305 */
-
- err = wc_Poly1305SetKey(&poly1305Ctx, inAuthKey,
- CHACHA20_POLY1305_AEAD_KEYSIZE);
- if (err)
- {
- return err;
- }
-
- /* Create the authTag by MAC'ing the following items: */
-
- /* -- AAD */
-
- if (inAAD && inAADLen)
- {
- err = wc_Poly1305Update(&poly1305Ctx, inAAD, inAADLen);
-
- /* -- padding1: pad the AAD to 16 bytes */
-
- paddingLen = -inAADLen & (CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1);
- if (paddingLen)
- {
- err += wc_Poly1305Update(&poly1305Ctx, padding, paddingLen);
- }
-
- if (err)
- {
- return err;
- }
- }
-
- /* -- Ciphertext */
-
- err = wc_Poly1305Update(&poly1305Ctx, inCiphertext, inCiphertextLen);
- if (err)
- {
- return err;
- }
-
- /* -- padding2: pad the ciphertext to 16 bytes */
-
- paddingLen = -inCiphertextLen &
- (CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1);
- if (paddingLen)
- {
- err = wc_Poly1305Update(&poly1305Ctx, padding, paddingLen);
- if (err)
- {
- return err;
- }
- }
-
- /* -- AAD length as a 64-bit little endian integer */
-
- word32ToLittle64(inAADLen, little64);
-
- err = wc_Poly1305Update(&poly1305Ctx, little64, sizeof(little64));
- if (err)
- {
- return err;
- }
-
- /* -- Ciphertext length as a 64-bit little endian integer */
-
- word32ToLittle64(inCiphertextLen, little64);
-
- err = wc_Poly1305Update(&poly1305Ctx, little64, sizeof(little64));
- if (err)
- {
- return err;
- }
-
- /* Finalize the auth tag */
-
- err = wc_Poly1305Final(&poly1305Ctx, outAuthTag);
-
- return err;
-}
-
-
-static void word32ToLittle64(const word32 inLittle32, byte outLittle64[8])
-{
- XMEMSET(outLittle64, 0, 8);
-
- outLittle64[0] = (inLittle32 & 0x000000FF);
- outLittle64[1] = (inLittle32 & 0x0000FF00) >> 8;
- outLittle64[2] = (inLittle32 & 0x00FF0000) >> 16;
- outLittle64[3] = (inLittle32 & 0xFF000000) >> 24;
-}
-
-
-#endif /* HAVE_CHACHA && HAVE_POLY1305 */
-
--- a/wolfcrypt/src/coding.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,400 +0,0 @@
-/* coding.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_CODING
-
-#include <wolfssl/wolfcrypt/coding.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-
-
-enum {
- BAD = 0xFF, /* invalid encoding */
- PAD = '=',
- PEM_LINE_SZ = 64
-};
-
-
-static
-const byte base64Decode[] = { 62, BAD, BAD, BAD, 63, /* + starts at 0x2B */
- 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
- BAD, BAD, BAD, BAD, BAD, BAD, BAD,
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
- 10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
- 20, 21, 22, 23, 24, 25,
- BAD, BAD, BAD, BAD, BAD, BAD,
- 26, 27, 28, 29, 30, 31, 32, 33, 34, 35,
- 36, 37, 38, 39, 40, 41, 42, 43, 44, 45,
- 46, 47, 48, 49, 50, 51
- };
-
-
-int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
-{
- word32 i = 0;
- word32 j = 0;
- word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
- const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
-
- plainSz = (plainSz * 3 + 3) / 4;
- if (plainSz > *outLen) return BAD_FUNC_ARG;
-
- while (inLen > 3) {
- byte b1, b2, b3;
- byte e1 = in[j++];
- byte e2 = in[j++];
- byte e3 = in[j++];
- byte e4 = in[j++];
-
- int pad3 = 0;
- int pad4 = 0;
-
- if (e1 == 0) /* end file 0's */
- break;
- if (e3 == PAD)
- pad3 = 1;
- if (e4 == PAD)
- pad4 = 1;
-
- if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
- WOLFSSL_MSG("Bad Base64 Decode data, too small");
- return ASN_INPUT_E;
- }
-
- if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
- WOLFSSL_MSG("Bad Base64 Decode data, too big");
- return ASN_INPUT_E;
- }
-
- e1 = base64Decode[e1 - 0x2B];
- e2 = base64Decode[e2 - 0x2B];
- e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
- e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B];
-
- b1 = (byte)((e1 << 2) | (e2 >> 4));
- b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2));
- b3 = (byte)(((e3 & 0x3) << 6) | e4);
-
- out[i++] = b1;
- if (!pad3)
- out[i++] = b2;
- if (!pad4)
- out[i++] = b3;
- else
- break;
-
- inLen -= 4;
- if (inLen && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) {
- byte endLine = in[j++];
- inLen--;
- while (inLen && endLine == ' ') { /* allow trailing whitespace */
- endLine = in[j++];
- inLen--;
- }
- if (endLine == '\r') {
- if (inLen) {
- endLine = in[j++];
- inLen--;
- }
- }
- if (endLine != '\n') {
- WOLFSSL_MSG("Bad end of line in Base64 Decode");
- return ASN_INPUT_E;
- }
- }
- }
- *outLen = i;
-
- return 0;
-}
-
-
-#if defined(WOLFSSL_BASE64_ENCODE)
-
-static
-const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
- 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
- 'U', 'V', 'W', 'X', 'Y', 'Z',
- 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
- 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
- 'u', 'v', 'w', 'x', 'y', 'z',
- '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
- '+', '/'
- };
-
-
-/* make sure *i (idx) won't exceed max, store and possibly escape to out,
- * raw means use e w/o decode, 0 on success */
-static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
- int raw)
-{
- int doEscape = 0;
- word32 needed = 1;
- word32 idx = *i;
-
- byte basic;
- byte plus = 0;
- byte equals = 0;
- byte newline = 0;
-
- if (raw)
- basic = e;
- else
- basic = base64Encode[e];
-
- /* check whether to escape */
- if (escaped) {
- switch ((char)basic) {
- case '+' :
- plus = 1;
- doEscape = 1;
- needed += 2;
- break;
- case '=' :
- equals = 1;
- doEscape = 1;
- needed += 2;
- break;
- case '\n' :
- newline = 1;
- doEscape = 1;
- needed += 2;
- break;
- default:
- /* do nothing */
- break;
- }
- }
-
- /* check size */
- if ( (idx+needed) > max) {
- WOLFSSL_MSG("Escape buffer max too small");
- return BUFFER_E;
- }
-
- /* store it */
- if (doEscape == 0) {
- out[idx++] = basic;
- }
- else {
- out[idx++] = '%'; /* start escape */
-
- if (plus) {
- out[idx++] = '2';
- out[idx++] = 'B';
- }
- else if (equals) {
- out[idx++] = '3';
- out[idx++] = 'D';
- }
- else if (newline) {
- out[idx++] = '0';
- out[idx++] = 'A';
- }
-
- }
- *i = idx;
-
- return 0;
-}
-
-
-/* internal worker, handles both escaped and normal line endings */
-static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
- word32* outLen, int escaped)
-{
- int ret = 0;
- word32 i = 0,
- j = 0,
- n = 0; /* new line counter */
-
- word32 outSz = (inLen + 3 - 1) / 3 * 4;
- word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */
-
- if (escaped)
- addSz *= 3; /* instead of just \n, we're doing %0A triplet */
-
- outSz += addSz;
-
- /* if escaped we can't predetermine size for one pass encoding, but
- * make sure we have enough if no escapes are in input */
- if (outSz > *outLen) return BAD_FUNC_ARG;
-
- while (inLen > 2) {
- byte b1 = in[j++];
- byte b2 = in[j++];
- byte b3 = in[j++];
-
- /* encoded idx */
- byte e1 = b1 >> 2;
- byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
- byte e3 = (byte)(((b2 & 0xF) << 2) | (b3 >> 6));
- byte e4 = b3 & 0x3F;
-
- /* store */
- ret = CEscape(escaped, e1, out, &i, *outLen, 0);
- if (ret != 0) break;
- ret = CEscape(escaped, e2, out, &i, *outLen, 0);
- if (ret != 0) break;
- ret = CEscape(escaped, e3, out, &i, *outLen, 0);
- if (ret != 0) break;
- ret = CEscape(escaped, e4, out, &i, *outLen, 0);
- if (ret != 0) break;
-
- inLen -= 3;
-
- if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) {
- ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
- if (ret != 0) break;
- }
- }
-
- /* last integral */
- if (inLen && ret == 0) {
- int twoBytes = (inLen == 2);
-
- byte b1 = in[j++];
- byte b2 = (twoBytes) ? in[j++] : 0;
-
- byte e1 = b1 >> 2;
- byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
- byte e3 = (byte)((b2 & 0xF) << 2);
-
- ret = CEscape(escaped, e1, out, &i, *outLen, 0);
- if (ret == 0)
- ret = CEscape(escaped, e2, out, &i, *outLen, 0);
- if (ret == 0) {
- /* third */
- if (twoBytes)
- ret = CEscape(escaped, e3, out, &i, *outLen, 0);
- else
- ret = CEscape(escaped, '=', out, &i, *outLen, 1);
- }
- /* fourth always pad */
- if (ret == 0)
- ret = CEscape(escaped, '=', out, &i, *outLen, 1);
- }
-
- if (ret == 0)
- ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
-
- if (i != outSz && escaped == 0 && ret == 0)
- return ASN_INPUT_E;
-
- *outLen = i;
- return ret;
-}
-
-
-/* Base64 Encode, PEM style, with \n line endings */
-int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
-{
- return DoBase64_Encode(in, inLen, out, outLen, 0);
-}
-
-
-/* Base64 Encode, with %0A esacped line endings instead of \n */
-int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen)
-{
- return DoBase64_Encode(in, inLen, out, outLen, 1);
-}
-
-
-#endif /* defined(WOLFSSL_BASE64_ENCODE) */
-
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)
-
-static
-const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
- BAD, BAD, BAD, BAD, BAD, BAD, BAD,
- 10, 11, 12, 13, 14, 15, /* upper case A-F */
- BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD,
- BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD,
- BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD,
- BAD, BAD, /* G - ` */
- 10, 11, 12, 13, 14, 15 /* lower case a-f */
- }; /* A starts at 0x41 not 0x3A */
-
-int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
-{
- word32 inIdx = 0;
- word32 outIdx = 0;
-
- if (inLen == 1 && *outLen && in) {
- byte b = in[inIdx++] - 0x30; /* 0 starts at 0x30 */
-
- /* sanity check */
- if (b >= sizeof(hexDecode)/sizeof(hexDecode[0]))
- return ASN_INPUT_E;
-
- b = hexDecode[b];
-
- if (b == BAD)
- return ASN_INPUT_E;
-
- out[outIdx++] = b;
-
- *outLen = outIdx;
- return 0;
- }
-
- if (inLen % 2)
- return BAD_FUNC_ARG;
-
- if (*outLen < (inLen / 2))
- return BAD_FUNC_ARG;
-
- while (inLen) {
- byte b = in[inIdx++] - 0x30; /* 0 starts at 0x30 */
- byte b2 = in[inIdx++] - 0x30;
-
- /* sanity checks */
- if (b >= sizeof(hexDecode)/sizeof(hexDecode[0]))
- return ASN_INPUT_E;
- if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0]))
- return ASN_INPUT_E;
-
- b = hexDecode[b];
- b2 = hexDecode[b2];
-
- if (b == BAD || b2 == BAD)
- return ASN_INPUT_E;
-
- out[outIdx++] = (byte)((b << 4) | b2);
- inLen -= 2;
- }
-
- *outLen = outIdx;
- return 0;
-}
-
-
-#endif /* (OPENSSL_EXTRA) || (HAVE_WEBSERVER) || (HAVE_FIPS) */
-
-#endif /* NO_CODING */
-
--- a/wolfcrypt/src/compress.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,170 +0,0 @@
-/* compress.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- wc_*
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_LIBZ
-
-
-#include <wolfssl/wolfcrypt/compress.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#include <zlib.h>
-
-
-/* alloc user allocs to work with zlib */
-static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
-{
- (void)opaque;
- return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
-}
-
-
-static void myFree(void* opaque, void* memory)
-{
- (void)opaque;
- XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
-}
-
-
-#ifdef HAVE_MCAPI
- #define DEFLATE_DEFAULT_WINDOWBITS 11
- #define DEFLATE_DEFAULT_MEMLEVEL 1
-#else
- #define DEFLATE_DEFAULT_WINDOWBITS 15
- #define DEFLATE_DEFAULT_MEMLEVEL 8
-#endif
-
-
-int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags)
-/*
- * out - pointer to destination buffer
- * outSz - size of destination buffer
- * in - pointer to source buffer to compress
- * inSz - size of source to compress
- * flags - flags to control how compress operates
- *
- * return:
- * negative - error code
- * positive - bytes stored in out buffer
- *
- * Note, the output buffer still needs to be larger than the input buffer.
- * The right chunk of data won't compress at all, and the lookup table will
- * add to the size of the output. The libz code says the compressed
- * buffer should be srcSz + 0.1% + 12.
- */
-{
- z_stream stream;
- int result = 0;
-
- stream.next_in = (Bytef*)in;
- stream.avail_in = (uInt)inSz;
-#ifdef MAXSEG_64K
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong)stream.avail_in != inSz) return COMPRESS_INIT_E;
-#endif
- stream.next_out = out;
- stream.avail_out = (uInt)outSz;
- if ((uLong)stream.avail_out != outSz) return COMPRESS_INIT_E;
-
- stream.zalloc = (alloc_func)myAlloc;
- stream.zfree = (free_func)myFree;
- stream.opaque = (voidpf)0;
-
- if (deflateInit2(&stream, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
- DEFLATE_DEFAULT_WINDOWBITS, DEFLATE_DEFAULT_MEMLEVEL,
- flags ? Z_FIXED : Z_DEFAULT_STRATEGY) != Z_OK)
- return COMPRESS_INIT_E;
-
- if (deflate(&stream, Z_FINISH) != Z_STREAM_END) {
- deflateEnd(&stream);
- return COMPRESS_E;
- }
-
- result = (int)stream.total_out;
-
- if (deflateEnd(&stream) != Z_OK)
- result = COMPRESS_E;
-
- return result;
-}
-
-
-int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz)
-/*
- * out - pointer to destination buffer
- * outSz - size of destination buffer
- * in - pointer to source buffer to compress
- * inSz - size of source to compress
- * flags - flags to control how compress operates
- *
- * return:
- * negative - error code
- * positive - bytes stored in out buffer
- */
-{
- z_stream stream;
- int result = 0;
-
- stream.next_in = (Bytef*)in;
- stream.avail_in = (uInt)inSz;
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong)stream.avail_in != inSz) return DECOMPRESS_INIT_E;
-
- stream.next_out = out;
- stream.avail_out = (uInt)outSz;
- if ((uLong)stream.avail_out != outSz) return DECOMPRESS_INIT_E;
-
- stream.zalloc = (alloc_func)myAlloc;
- stream.zfree = (free_func)myFree;
- stream.opaque = (voidpf)0;
-
- if (inflateInit2(&stream, DEFLATE_DEFAULT_WINDOWBITS) != Z_OK)
- return DECOMPRESS_INIT_E;
-
- if (inflate(&stream, Z_FINISH) != Z_STREAM_END) {
- inflateEnd(&stream);
- return DECOMPRESS_E;
- }
-
- result = (int)stream.total_out;
-
- if (inflateEnd(&stream) != Z_OK)
- result = DECOMPRESS_E;
-
- return result;
-}
-
-
-#endif /* HAVE_LIBZ */
-
-
--- a/wolfcrypt/src/curve25519.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,261 +0,0 @@
-/* curve25519.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_CURVE25519
-
-#include <wolfssl/wolfcrypt/curve25519.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-const curve25519_set_type curve25519_sets[] = {
-{
- 32,
- "CURVE25519",
-}
-};
-
-
-
-int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key)
-{
- unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
- unsigned char n[CURVE25519_KEYSIZE];
- unsigned char p[CURVE25519_KEYSIZE];
- int i;
- int ret;
-
- if (key == NULL || rng == NULL)
- return ECC_BAD_ARG_E;
-
- /* currently only a key size of 32 bytes is used */
- if (keysize != CURVE25519_KEYSIZE)
- return ECC_BAD_ARG_E;
-
- /* get random number from RNG */
- ret = wc_RNG_GenerateBlock(rng, n, keysize);
- if (ret != 0)
- return ret;
-
- for (i = 0; i < keysize; ++i) key->k.point[i] = n[i];
- key->k.point[ 0] &= 248;
- key->k.point[31] &= 127;
- key->k.point[31] |= 64;
-
- /* compute public key */
- ret = curve25519(p, key->k.point, basepoint);
-
- /* store keys in big endian format */
- for (i = 0; i < keysize; ++i) n[i] = key->k.point[i];
- for (i = 0; i < keysize; ++i) {
- key->p.point[keysize - i - 1] = p[i];
- key->k.point[keysize - i - 1] = n[i];
- }
-
- ForceZero(n, keysize);
- ForceZero(p, keysize);
-
- return ret;
-}
-
-
-int wc_curve25519_shared_secret(curve25519_key* private_key,
- curve25519_key* public_key,
- byte* out, word32* outlen)
-{
- unsigned char k[CURVE25519_KEYSIZE];
- unsigned char p[CURVE25519_KEYSIZE];
- unsigned char o[CURVE25519_KEYSIZE];
- int ret = 0;
- int i;
-
- /* sanity check */
- if (private_key == NULL || public_key == NULL || out == NULL ||
- outlen == NULL)
- return BAD_FUNC_ARG;
-
- /* avoid implementation fingerprinting */
- if (public_key->p.point[0] > 0x7F)
- return ECC_BAD_ARG_E;
-
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(k, 0, sizeof(k));
- XMEMSET(out, 0, CURVE25519_KEYSIZE);
-
- for (i = 0; i < CURVE25519_KEYSIZE; ++i) {
- p[i] = public_key->p.point [CURVE25519_KEYSIZE - i - 1];
- k[i] = private_key->k.point[CURVE25519_KEYSIZE - i - 1];
- }
-
- ret = curve25519(o , k, p);
- *outlen = CURVE25519_KEYSIZE;
-
- for (i = 0; i < CURVE25519_KEYSIZE; ++i) {
- out[i] = o[CURVE25519_KEYSIZE - i -1];
- }
-
- ForceZero(p, sizeof(p));
- ForceZero(k, sizeof(k));
- ForceZero(o, sizeof(o));
-
- return ret;
-}
-
-
-/* curve25519 uses a serialized string for key representation */
-int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen)
-{
- word32 keySz;
-
- if (key == NULL || out == NULL || outLen == NULL)
- return BAD_FUNC_ARG;
-
- /* check size of outgoing key */
- keySz = wc_curve25519_size(key);
-
- /* copy in public key */
- XMEMCPY(out, key->p.point, keySz);
- *outLen = keySz;
-
- return 0;
-}
-
-/* import curve25519 public key
- return 0 on success */
-int wc_curve25519_import_public(const byte* in, word32 inLen,
- curve25519_key* key)
-{
- word32 keySz;
-
- /* sanity check */
- if (key == NULL || in == NULL)
- return ECC_BAD_ARG_E;
-
- /* check size of incoming keys */
- keySz = wc_curve25519_size(key);
- if (inLen != keySz)
- return ECC_BAD_ARG_E;
-
- XMEMCPY(key->p.point, in, inLen);
-
- key->dp = &curve25519_sets[0];
-
- return 0;
-}
-
-
-/* export curve25519 private key only raw, outLen is in/out size
- return 0 on success */
-int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
- word32* outLen)
-{
- word32 keySz;
-
- /* sanity check */
- if (key == NULL || out == NULL || outLen == NULL)
- return ECC_BAD_ARG_E;
-
- keySz = wc_curve25519_size(key);
- *outLen = keySz;
- XMEMSET(out, 0, keySz);
- XMEMCPY(out, key->k.point, keySz);
-
- return 0;
-}
-
-
-/* curve25519 private key import.
- Public key to match private key needs to be imported too */
-int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
- const byte* pub, word32 pubSz, curve25519_key* key)
-{
- int ret = 0;
- word32 keySz;
-
- /* sanity check */
- if (key == NULL || priv == NULL || pub == NULL)
- return ECC_BAD_ARG_E;
-
- /* check size of incoming keys */
- keySz = wc_curve25519_size(key);
- if (privSz != keySz || pubSz != keySz)
- return ECC_BAD_ARG_E;
-
- XMEMCPY(key->k.point, priv, privSz);
- XMEMCPY(key->p.point, pub, pubSz);
-
- return ret;
-}
-
-
-int wc_curve25519_init(curve25519_key* key)
-{
- word32 keySz;
-
- if (key == NULL)
- return ECC_BAD_ARG_E;
-
- /* currently the format for curve25519 */
- key->dp = &curve25519_sets[0];
- keySz = key->dp->size;
-
- XMEMSET(key->k.point, 0, keySz);
- XMEMSET(key->p.point, 0, keySz);
-
- return 0;
-}
-
-
-/* Clean the memory of a key */
-void wc_curve25519_free(curve25519_key* key)
-{
- if (key == NULL)
- return;
-
- key->dp = NULL;
- ForceZero(key->p.point, sizeof(key->p.point));
- ForceZero(key->k.point, sizeof(key->k.point));
-}
-
-
-/* get key size */
-int wc_curve25519_size(curve25519_key* key)
-{
- if (key == NULL) return 0;
-
- return key->dp->size;
-}
-
-#endif /*HAVE_CURVE25519*/
-
-
--- a/wolfcrypt/src/des3.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1679 +0,0 @@
-/* des3.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_DES3
-
-#include <wolfssl/wolfcrypt/des3.h>
-
-#ifdef HAVE_FIPS
-#ifdef HAVE_CAVIUM
- static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
- static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
- word32 length);
- static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
- word32 length);
-#endif
-
-int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
-{
- return Des_SetKey(des, key, iv, dir);
-}
-
-
-int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
-{
- return Des3_SetKey_fips(des, key, iv, dir);
-}
-
-
-int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- return Des_CbcEncrypt(des, out, in, sz);
-}
-
-
-int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- return Des_CbcDecrypt(des, out, in, sz);
-}
-
-
-int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
-{
- return Des3_CbcEncrypt_fips(des, out, in, sz);
-}
-
-
-int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
-{
- return Des3_CbcDecrypt_fips(des, out, in, sz);
-}
-
-
-#ifdef WOLFSSL_DES_ECB
-
-/* One block, compatibility only */
-int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- return Des_EcbEncrypt(des, out, in, sz);
-}
-
-#endif /* WOLFSSL_DES_ECB */
-
-
-void wc_Des_SetIV(Des* des, const byte* iv)
-{
- Des_SetIV(des, iv);
-}
-
-
-int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- return Des_CbcDecryptWithKey(out, in, sz, key, iv);
-}
-
-
-int wc_Des3_SetIV(Des3* des, const byte* iv)
-{
- return Des3_SetIV_fips(des, iv);
-}
-
-
-int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- return Des3_CbcDecryptWithKey(out, in, sz, key, iv);
-}
-
-
-#ifdef HAVE_CAVIUM
-
-/* Initiliaze Des3 for use with Nitrox device */
-int wc_Des3_InitCavium(Des3* des3, int devId)
-{
- return Des3_InitCavium(des3, devId);
-}
-
-
-/* Free Des3 from use with Nitrox device */
-void wc_Des3_FreeCavium(Des3* des3)
-{
- Des3_FreeCavium(des3);
-}
-
-
-#endif /* HAVE_CAVIUM */
-#else /* build without fips */
-
-#if defined(WOLFSSL_TI_CRYPT)
- #include <wolfcrypt/src/port/ti/ti-des3.c>
-#else
-
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-#ifdef HAVE_CAVIUM
- static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
- static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
- word32 length);
- static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
- word32 length);
-#endif
-
-
-
-
-#ifdef STM32F2_CRYPTO
- /*
- * STM32F2 hardware DES/3DES support through the STM32F2 standard
- * peripheral library. Documentation located in STM32F2xx Standard
- * Peripheral Library document (See note in README).
- */
- #include "stm32f2xx.h"
- #include "stm32f2xx_cryp.h"
-
- int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
- {
- word32 *dkey = des->key;
-
- XMEMCPY(dkey, key, 8);
- ByteReverseWords(dkey, dkey, 8);
-
- wc_Des_SetIV(des, iv);
-
- return 0;
- }
-
- int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
- {
- word32 *dkey1 = des->key[0];
- word32 *dkey2 = des->key[1];
- word32 *dkey3 = des->key[2];
-
- XMEMCPY(dkey1, key, 8); /* set key 1 */
- XMEMCPY(dkey2, key + 8, 8); /* set key 2 */
- XMEMCPY(dkey3, key + 16, 8); /* set key 3 */
-
- ByteReverseWords(dkey1, dkey1, 8);
- ByteReverseWords(dkey2, dkey2, 8);
- ByteReverseWords(dkey3, dkey3, 8);
-
- return wc_Des3_SetIV(des, iv);
- }
-
- void DesCrypt(Des* des, byte* out, const byte* in, word32 sz,
- int dir, int mode)
- {
- word32 *dkey, *iv;
- CRYP_InitTypeDef DES_CRYP_InitStructure;
- CRYP_KeyInitTypeDef DES_CRYP_KeyInitStructure;
- CRYP_IVInitTypeDef DES_CRYP_IVInitStructure;
-
- dkey = des->key;
- iv = des->reg;
-
- /* crypto structure initialization */
- CRYP_KeyStructInit(&DES_CRYP_KeyInitStructure);
- CRYP_StructInit(&DES_CRYP_InitStructure);
- CRYP_IVStructInit(&DES_CRYP_IVInitStructure);
-
- /* reset registers to their default values */
- CRYP_DeInit();
-
- /* set direction, mode, and datatype */
- if (dir == DES_ENCRYPTION) {
- DES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt;
- } else { /* DES_DECRYPTION */
- DES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt;
- }
-
- if (mode == DES_CBC) {
- DES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_DES_CBC;
- } else { /* DES_ECB */
- DES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_DES_ECB;
- }
-
- DES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
- CRYP_Init(&DES_CRYP_InitStructure);
-
- /* load key into correct registers */
- DES_CRYP_KeyInitStructure.CRYP_Key1Left = dkey[0];
- DES_CRYP_KeyInitStructure.CRYP_Key1Right = dkey[1];
- CRYP_KeyInit(&DES_CRYP_KeyInitStructure);
-
- /* set iv */
- ByteReverseWords(iv, iv, DES_BLOCK_SIZE);
- DES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
- DES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
- CRYP_IVInit(&DES_CRYP_IVInitStructure);
-
- /* enable crypto processor */
- CRYP_Cmd(ENABLE);
-
- while (sz > 0)
- {
- /* flush IN/OUT FIFOs */
- CRYP_FIFOFlush();
-
- /* if input and output same will overwrite input iv */
- XMEMCPY(des->tmp, in + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
-
- CRYP_DataIn(*(uint32_t*)&in[0]);
- CRYP_DataIn(*(uint32_t*)&in[4]);
-
- /* wait until the complete message has been processed */
- while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
-
- *(uint32_t*)&out[0] = CRYP_DataOut();
- *(uint32_t*)&out[4] = CRYP_DataOut();
-
- /* store iv for next call */
- XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE);
-
- sz -= DES_BLOCK_SIZE;
- in += DES_BLOCK_SIZE;
- out += DES_BLOCK_SIZE;
- }
-
- /* disable crypto processor */
- CRYP_Cmd(DISABLE);
- }
-
- int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
- {
- DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC);
- return 0;
- }
-
- int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
- {
- DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC);
- return 0;
- }
-
- int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
- {
- DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB);
- return 0;
- }
-
- void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz,
- int dir)
- {
- word32 *dkey1, *dkey2, *dkey3, *iv;
- CRYP_InitTypeDef DES3_CRYP_InitStructure;
- CRYP_KeyInitTypeDef DES3_CRYP_KeyInitStructure;
- CRYP_IVInitTypeDef DES3_CRYP_IVInitStructure;
-
- dkey1 = des->key[0];
- dkey2 = des->key[1];
- dkey3 = des->key[2];
- iv = des->reg;
-
- /* crypto structure initialization */
- CRYP_KeyStructInit(&DES3_CRYP_KeyInitStructure);
- CRYP_StructInit(&DES3_CRYP_InitStructure);
- CRYP_IVStructInit(&DES3_CRYP_IVInitStructure);
-
- /* reset registers to their default values */
- CRYP_DeInit();
-
- /* set direction, mode, and datatype */
- if (dir == DES_ENCRYPTION) {
- DES3_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt;
- } else {
- DES3_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt;
- }
-
- DES3_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_TDES_CBC;
- DES3_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
- CRYP_Init(&DES3_CRYP_InitStructure);
-
- /* load key into correct registers */
- DES3_CRYP_KeyInitStructure.CRYP_Key1Left = dkey1[0];
- DES3_CRYP_KeyInitStructure.CRYP_Key1Right = dkey1[1];
- DES3_CRYP_KeyInitStructure.CRYP_Key2Left = dkey2[0];
- DES3_CRYP_KeyInitStructure.CRYP_Key2Right = dkey2[1];
- DES3_CRYP_KeyInitStructure.CRYP_Key3Left = dkey3[0];
- DES3_CRYP_KeyInitStructure.CRYP_Key3Right = dkey3[1];
- CRYP_KeyInit(&DES3_CRYP_KeyInitStructure);
-
- /* set iv */
- ByteReverseWords(iv, iv, DES_BLOCK_SIZE);
- DES3_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
- DES3_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
- CRYP_IVInit(&DES3_CRYP_IVInitStructure);
-
- /* enable crypto processor */
- CRYP_Cmd(ENABLE);
-
- while (sz > 0)
- {
- /* flush IN/OUT FIFOs */
- CRYP_FIFOFlush();
-
- CRYP_DataIn(*(uint32_t*)&in[0]);
- CRYP_DataIn(*(uint32_t*)&in[4]);
-
- /* wait until the complete message has been processed */
- while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
-
- *(uint32_t*)&out[0] = CRYP_DataOut();
- *(uint32_t*)&out[4] = CRYP_DataOut();
-
- /* store iv for next call */
- XMEMCPY(des->reg, out + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
-
- sz -= DES_BLOCK_SIZE;
- in += DES_BLOCK_SIZE;
- out += DES_BLOCK_SIZE;
- }
-
- /* disable crypto processor */
- CRYP_Cmd(DISABLE);
-
- }
-
- int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
- {
- Des3Crypt(des, out, in, sz, DES_ENCRYPTION);
- return 0;
- }
-
- int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
- {
- Des3Crypt(des, out, in, sz, DES_DECRYPTION);
- return 0;
- }
-
-#elif defined(HAVE_COLDFIRE_SEC)
-
-#include <wolfssl/ctaocrypt/types.h>
-
-#include "sec.h"
-#include "mcf5475_sec.h"
-#include "mcf5475_siu.h"
-
-#if defined (HAVE_THREADX)
-#include "memory_pools.h"
-extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */
-#endif
-
-#define DES_BUFFER_SIZE (DES_BLOCK_SIZE * 64)
-static unsigned char *desBuffIn = NULL ;
-static unsigned char *desBuffOut = NULL ;
-static byte *secIV ;
-static byte *secKey ;
-static volatile SECdescriptorType *secDesc ;
-
-static wolfSSL_Mutex Mutex_DesSEC ;
-
-#define SEC_DESC_DES_CBC_ENCRYPT 0x20500010
-#define SEC_DESC_DES_CBC_DECRYPT 0x20400010
-#define SEC_DESC_DES3_CBC_ENCRYPT 0x20700010
-#define SEC_DESC_DES3_CBC_DECRYPT 0x20600010
-
-#define DES_IVLEN 8
-#define DES_KEYLEN 8
-#define DES3_IVLEN 8
-#define DES3_KEYLEN 24
-
-extern volatile unsigned char __MBAR[];
-
-static void wc_Des_Cbc(byte* out, const byte* in, word32 sz,
- byte *key, byte *iv, word32 desc)
-{
- #ifdef DEBUG_WOLFSSL
- int ret ; int stat1,stat2 ;
- #endif
- int size ;
- volatile int v ;
-
- LockMutex(&Mutex_DesSEC) ;
-
- secDesc->length1 = 0x0;
- secDesc->pointer1 = NULL;
- if((desc==SEC_DESC_DES_CBC_ENCRYPT)||(desc==SEC_DESC_DES_CBC_DECRYPT)){
- secDesc->length2 = DES_IVLEN ;
- secDesc->length3 = DES_KEYLEN ;
- } else {
- secDesc->length2 = DES3_IVLEN ;
- secDesc->length3 = DES3_KEYLEN ;
- }
- secDesc->pointer2 = secIV ;
- secDesc->pointer3 = secKey;
- secDesc->pointer4 = desBuffIn ;
- secDesc->pointer5 = desBuffOut ;
- secDesc->length6 = 0;
- secDesc->pointer6 = NULL;
- secDesc->length7 = 0x0;
- secDesc->pointer7 = NULL;
- secDesc->nextDescriptorPtr = NULL ;
-
- while(sz) {
- XMEMCPY(secIV, iv, secDesc->length2) ;
- if((sz%DES_BUFFER_SIZE) == sz) {
- size = sz ;
- sz = 0 ;
- } else {
- size = DES_BUFFER_SIZE ;
- sz -= DES_BUFFER_SIZE ;
- }
-
- XMEMCPY(desBuffIn, in, size) ;
- XMEMCPY(secKey, key, secDesc->length3) ;
-
- secDesc->header = desc ;
- secDesc->length4 = size;
- secDesc->length5 = size;
- /* Point SEC to the location of the descriptor */
- MCF_SEC_FR0 = (uint32)secDesc;
- /* Initialize SEC and wait for encryption to complete */
- MCF_SEC_CCCR0 = 0x0000001a;
- /* poll SISR to determine when channel is complete */
- v=0 ;
- while((secDesc->header>> 24) != 0xff) {
- if(v++ > 1000)break ;
- }
-
-#ifdef DEBUG_WOLFSSL
- ret = MCF_SEC_SISRH;
- stat1 = MCF_SEC_DSR ;
- stat2 = MCF_SEC_DISR ;
- if(ret & 0xe0000000) {
- /* db_printf("Des_Cbc(%x):ISRH=%08x, DSR=%08x, DISR=%08x\n", desc, ret, stat1, stat2) ; */
- }
-#endif
-
- XMEMCPY(out, desBuffOut, size) ;
-
- if((desc==SEC_DESC_DES3_CBC_ENCRYPT)||(desc==SEC_DESC_DES_CBC_ENCRYPT)) {
- XMEMCPY((void*)iv, (void*)&(out[size-secDesc->length2]), secDesc->length2) ;
- } else {
- XMEMCPY((void*)iv, (void*)&(in[size-secDesc->length2]), secDesc->length2) ;
- }
-
- in += size ;
- out += size ;
-
- }
- UnLockMutex(&Mutex_DesSEC) ;
-
-}
-
-
-int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- wc_Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_ENCRYPT) ;
- return 0;
-}
-
-int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- wc_Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_DECRYPT) ;
- return 0;
-}
-
-int wc_Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz)
-{
- wc_Des_Cbc(out, in, sz, (byte *)des3->key, (byte *)des3->reg, SEC_DESC_DES3_CBC_ENCRYPT) ;
- return 0;
-}
-
-
-int wc_Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz)
-{
- wc_Des_Cbc(out, in, sz, (byte *)des3->key, (byte *)des3->reg, SEC_DESC_DES3_CBC_DECRYPT) ;
- return 0;
-}
-
-static void setParity(byte *buf, int len)
-{
- int i, j ;
- byte v ;
- int bits ;
-
- for(i=0; i<len; i++)
- {
- v = buf[i] >> 1 ;
- buf[i] = v << 1 ;
- bits = 0 ;
- for(j=0; j<7; j++)
- {
- bits += (v&0x1) ;
- v = v >> 1 ;
- }
- buf[i] |= (1 - (bits&0x1)) ;
- }
-
-}
-
-
-int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
-{
- if(desBuffIn == NULL) {
- #if defined (HAVE_THREADX)
- int s1, s2, s3, s4, s5 ;
- s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc,
- sizeof(SECdescriptorType), TX_NO_WAIT);
- s1 = tx_byte_allocate(&mp_ncached,(void *)&desBuffIn, DES_BUFFER_SIZE, TX_NO_WAIT);
- s2 = tx_byte_allocate(&mp_ncached,(void *)&desBuffOut, DES_BUFFER_SIZE, TX_NO_WAIT);
- /* Don't know des or des3 to be used. Allocate larger buffers */
- s3 = tx_byte_allocate(&mp_ncached,(void *)&secKey, DES3_KEYLEN,TX_NO_WAIT);
- s4 = tx_byte_allocate(&mp_ncached,(void *)&secIV, DES3_IVLEN, TX_NO_WAIT);
- #else
- #warning "Allocate non-Cache buffers"
- #endif
-
- InitMutex(&Mutex_DesSEC) ;
- }
-
- XMEMCPY(des->key, key, DES_KEYLEN);
- setParity((byte *)des->key, DES_KEYLEN) ;
-
- if (iv) {
- XMEMCPY(des->reg, iv, DES_IVLEN);
- } else {
- XMEMSET(des->reg, 0x0, DES_IVLEN) ;
- }
- return 0;
-}
-
-int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
-{
-
- if(desBuffIn == NULL) {
- #if defined (HAVE_THREADX)
- int s1, s2, s3, s4, s5 ;
- s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc,
- sizeof(SECdescriptorType), TX_NO_WAIT);
- s1 = tx_byte_allocate(&mp_ncached,(void *)&desBuffIn, DES_BUFFER_SIZE, TX_NO_WAIT);
- s2 = tx_byte_allocate(&mp_ncached,(void *)&desBuffOut, DES_BUFFER_SIZE, TX_NO_WAIT);
- s3 = tx_byte_allocate(&mp_ncached,(void *)&secKey, DES3_KEYLEN,TX_NO_WAIT);
- s4 = tx_byte_allocate(&mp_ncached,(void *)&secIV, DES3_IVLEN, TX_NO_WAIT);
- #else
- #warning "Allocate non-Cache buffers"
- #endif
-
- InitMutex(&Mutex_DesSEC) ;
- }
-
- XMEMCPY(des3->key[0], key, DES3_KEYLEN);
- setParity((byte *)des3->key[0], DES3_KEYLEN) ;
-
- if (iv) {
- XMEMCPY(des3->reg, iv, DES3_IVLEN);
- } else {
- XMEMSET(des3->reg, 0x0, DES3_IVLEN) ;
- }
- return 0;
-
-}
-
-#elif defined FREESCALE_MMCAU
- /*
- * Freescale mmCAU hardware DES/3DES support through the CAU/mmCAU library.
- * Documentation located in ColdFire/ColdFire+ CAU and Kinetis mmCAU
- * Software Library User Guide (See note in README).
- */
- #include "cau_api.h"
-
- const unsigned char parityLookup[128] =
- {
- 1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,
- 0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,
- 0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,
- 1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0
- };
-
- int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
- {
- int i = 0;
- byte* dkey = (byte*)des->key;
-
- XMEMCPY(dkey, key, 8);
-
- wc_Des_SetIV(des, iv);
-
- /* fix key parity, if needed */
- for (i = 0; i < 8; i++) {
- dkey[i] = ((dkey[i] & 0xFE) | parityLookup[dkey[i] >> 1]);
- }
-
- return 0;
- }
-
- int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
- {
- int i = 0, ret = 0;
- byte* dkey1 = (byte*)des->key[0];
- byte* dkey2 = (byte*)des->key[1];
- byte* dkey3 = (byte*)des->key[2];
-
- XMEMCPY(dkey1, key, 8); /* set key 1 */
- XMEMCPY(dkey2, key + 8, 8); /* set key 2 */
- XMEMCPY(dkey3, key + 16, 8); /* set key 3 */
-
- ret = wc_Des3_SetIV(des, iv);
- if (ret != 0)
- return ret;
-
- /* fix key parity if needed */
- for (i = 0; i < 8; i++)
- dkey1[i] = ((dkey1[i] & 0xFE) | parityLookup[dkey1[i] >> 1]);
-
- for (i = 0; i < 8; i++)
- dkey2[i] = ((dkey2[i] & 0xFE) | parityLookup[dkey2[i] >> 1]);
-
- for (i = 0; i < 8; i++)
- dkey3[i] = ((dkey3[i] & 0xFE) | parityLookup[dkey3[i] >> 1]);
-
- return ret;
- }
-
- int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
- {
- int i;
- int offset = 0;
- int len = sz;
- byte *iv;
- byte temp_block[DES_BLOCK_SIZE];
-
- iv = (byte*)des->reg;
-
- if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
- WOLFSSL_MSG("Bad cau_des_encrypt alignment");
- return BAD_ALIGN_E;
- }
-
- while (len > 0)
- {
- XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
-
- /* XOR block with IV for CBC */
- for (i = 0; i < DES_BLOCK_SIZE; i++)
- temp_block[i] ^= iv[i];
-
- cau_des_encrypt(temp_block, (byte*)des->key, out + offset);
-
- len -= DES_BLOCK_SIZE;
- offset += DES_BLOCK_SIZE;
-
- /* store IV for next block */
- XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
- }
-
- return 0;
- }
-
- int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
- {
- int i;
- int offset = 0;
- int len = sz;
- byte* iv;
- byte temp_block[DES_BLOCK_SIZE];
-
- iv = (byte*)des->reg;
-
- if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
- WOLFSSL_MSG("Bad cau_des_decrypt alignment");
- return BAD_ALIGN_E;
- }
-
- while (len > 0)
- {
- XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
-
- cau_des_decrypt(in + offset, (byte*)des->key, out + offset);
-
- /* XOR block with IV for CBC */
- for (i = 0; i < DES_BLOCK_SIZE; i++)
- (out + offset)[i] ^= iv[i];
-
- /* store IV for next block */
- XMEMCPY(iv, temp_block, DES_BLOCK_SIZE);
-
- len -= DES_BLOCK_SIZE;
- offset += DES_BLOCK_SIZE;
- }
-
- return 0;
- }
-
- int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
- {
- int i;
- int offset = 0;
- int len = sz;
-
- byte *iv;
- byte temp_block[DES_BLOCK_SIZE];
-
- iv = (byte*)des->reg;
-
- if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
- WOLFSSL_MSG("Bad 3ede cau_des_encrypt alignment");
- return BAD_ALIGN_E;
- }
-
- while (len > 0)
- {
- XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
-
- /* XOR block with IV for CBC */
- for (i = 0; i < DES_BLOCK_SIZE; i++)
- temp_block[i] ^= iv[i];
-
- cau_des_encrypt(temp_block , (byte*)des->key[0], out + offset);
- cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset);
- cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset);
-
- len -= DES_BLOCK_SIZE;
- offset += DES_BLOCK_SIZE;
-
- /* store IV for next block */
- XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
- }
-
- return 0;
- }
-
- int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
- {
- int i;
- int offset = 0;
- int len = sz;
-
- byte* iv;
- byte temp_block[DES_BLOCK_SIZE];
-
- iv = (byte*)des->reg;
-
- if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
- WOLFSSL_MSG("Bad 3ede cau_des_decrypt alignment");
- return BAD_ALIGN_E;
- }
-
- while (len > 0)
- {
- XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
-
- cau_des_decrypt(in + offset , (byte*)des->key[2], out + offset);
- cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset);
- cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset);
-
- /* XOR block with IV for CBC */
- for (i = 0; i < DES_BLOCK_SIZE; i++)
- (out + offset)[i] ^= iv[i];
-
- /* store IV for next block */
- XMEMCPY(iv, temp_block, DES_BLOCK_SIZE);
-
- len -= DES_BLOCK_SIZE;
- offset += DES_BLOCK_SIZE;
- }
-
- return 0;
- }
-
-
-#elif defined(WOLFSSL_PIC32MZ_CRYPT)
-
- #include "wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h"
-
-void wc_Des_SetIV(Des* des, const byte* iv);
-int wc_Des3_SetIV(Des3* des, const byte* iv);
-
- int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
- {
- word32 *dkey = des->key ;
- word32 *dreg = des->reg ;
-
- XMEMCPY((byte *)dkey, (byte *)key, 8);
- ByteReverseWords(dkey, dkey, 8);
- XMEMCPY((byte *)dreg, (byte *)iv, 8);
- ByteReverseWords(dreg, dreg, 8);
-
- return 0;
- }
-
- int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
- {
- word32 *dkey1 = des->key[0];
- word32 *dreg = des->reg ;
-
- XMEMCPY(dkey1, key, 24);
- ByteReverseWords(dkey1, dkey1, 24);
- XMEMCPY(dreg, iv, 8);
- ByteReverseWords(dreg, dreg, 8) ;
-
- return 0;
- }
-
- void DesCrypt(word32 *key, word32 *iv, byte* out, const byte* in, word32 sz,
- int dir, int algo, int cryptoalgo)
- {
- securityAssociation *sa_p ;
- bufferDescriptor *bd_p ;
- const byte *in_p, *in_l ;
- byte *out_p, *out_l ;
- volatile securityAssociation sa __attribute__((aligned (8)));
- volatile bufferDescriptor bd __attribute__((aligned (8)));
- volatile int k ;
-
- /* get uncached address */
-
- in_l = in;
- out_l = out ;
- sa_p = KVA0_TO_KVA1(&sa) ;
- bd_p = KVA0_TO_KVA1(&bd) ;
- in_p = KVA0_TO_KVA1(in_l) ;
- out_p= KVA0_TO_KVA1(out_l);
-
- if(PIC32MZ_IF_RAM(in_p))
- XMEMCPY((void *)in_p, (void *)in, sz);
- XMEMSET((void *)out_p, 0, sz);
-
- /* Set up the Security Association */
- XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa));
- sa_p->SA_CTRL.ALGO = algo ;
- sa_p->SA_CTRL.LNC = 1;
- sa_p->SA_CTRL.LOADIV = 1;
- sa_p->SA_CTRL.FB = 1;
- sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */
- sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
- sa_p->SA_CTRL.KEYSIZE = 1 ; /* KEY is 192 bits */
- XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCKEY[algo==PIC32_ALGO_TDES ? 2 : 6]),
- (byte *)key, algo==PIC32_ALGO_TDES ? 24 : 8);
- XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCIV[2]), (byte *)iv, 8);
-
- XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd));
- /* Set up the Buffer Descriptor */
- bd_p->BD_CTRL.BUFLEN = sz;
- bd_p->BD_CTRL.LIFM = 1;
- bd_p->BD_CTRL.SA_FETCH_EN = 1;
- bd_p->BD_CTRL.LAST_BD = 1;
- bd_p->BD_CTRL.DESC_EN = 1;
-
- bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; /* (unsigned int)sa_p; */
- bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; /* (unsigned int)in_p; */
- bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); /* (unsigned int)out_p; */
- bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd);
- bd_p->MSGLEN = sz ;
-
- /* Fire in the hole! */
- CECON = 1 << 6;
- while (CECON);
-
- /* Run the engine */
- CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; /* (unsigned int)bd_p ; */
- CEINTEN = 0x07;
- CECON = 0x27;
-
- WAIT_ENGINE ;
-
- if((cryptoalgo == PIC32_CRYPTOALGO_CBC) ||
- (cryptoalgo == PIC32_CRYPTOALGO_TCBC)||
- (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) {
- /* set iv for the next call */
- if(dir == PIC32_ENCRYPTION) {
- XMEMCPY((void *)iv, (void*)&(out_p[sz-DES_IVLEN]), DES_IVLEN) ;
- } else {
- ByteReverseWords((word32*)iv, (word32 *)&(in_p[sz-DES_IVLEN]),
- DES_IVLEN);
- }
-
- }
-
- ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz);
- }
-
- int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
- {
- DesCrypt(des->key, des->reg, out, in, sz,
- PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC );
- return 0;
- }
-
- int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
- {
- DesCrypt(des->key, des->reg, out, in, sz,
- PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
- return 0;
- }
-
- int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
- {
- DesCrypt(des->key[0], des->reg, out, in, sz,
- PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
- return 0;
- }
-
- int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
- {
- DesCrypt(des->key[0], des->reg, out, in, sz,
- PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
- return 0;
- }
-
-#else /* CTaoCrypt software implementation */
-
-/* permuted choice table (key) */
-static const byte pc1[] = {
- 57, 49, 41, 33, 25, 17, 9,
- 1, 58, 50, 42, 34, 26, 18,
- 10, 2, 59, 51, 43, 35, 27,
- 19, 11, 3, 60, 52, 44, 36,
-
- 63, 55, 47, 39, 31, 23, 15,
- 7, 62, 54, 46, 38, 30, 22,
- 14, 6, 61, 53, 45, 37, 29,
- 21, 13, 5, 28, 20, 12, 4
-};
-
-/* number left rotations of pc1 */
-static const byte totrot[] = {
- 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28
-};
-
-/* permuted choice key (table) */
-static const byte pc2[] = {
- 14, 17, 11, 24, 1, 5,
- 3, 28, 15, 6, 21, 10,
- 23, 19, 12, 4, 26, 8,
- 16, 7, 27, 20, 13, 2,
- 41, 52, 31, 37, 47, 55,
- 30, 40, 51, 45, 33, 48,
- 44, 49, 39, 56, 34, 53,
- 46, 42, 50, 36, 29, 32
-};
-
-/* End of DES-defined tables */
-
-/* bit 0 is left-most in byte */
-static const int bytebit[] = {
- 0200,0100,040,020,010,04,02,01
-};
-
-static const word32 Spbox[8][64] = {
-{
-0x01010400,0x00000000,0x00010000,0x01010404,
-0x01010004,0x00010404,0x00000004,0x00010000,
-0x00000400,0x01010400,0x01010404,0x00000400,
-0x01000404,0x01010004,0x01000000,0x00000004,
-0x00000404,0x01000400,0x01000400,0x00010400,
-0x00010400,0x01010000,0x01010000,0x01000404,
-0x00010004,0x01000004,0x01000004,0x00010004,
-0x00000000,0x00000404,0x00010404,0x01000000,
-0x00010000,0x01010404,0x00000004,0x01010000,
-0x01010400,0x01000000,0x01000000,0x00000400,
-0x01010004,0x00010000,0x00010400,0x01000004,
-0x00000400,0x00000004,0x01000404,0x00010404,
-0x01010404,0x00010004,0x01010000,0x01000404,
-0x01000004,0x00000404,0x00010404,0x01010400,
-0x00000404,0x01000400,0x01000400,0x00000000,
-0x00010004,0x00010400,0x00000000,0x01010004},
-{
-0x80108020,0x80008000,0x00008000,0x00108020,
-0x00100000,0x00000020,0x80100020,0x80008020,
-0x80000020,0x80108020,0x80108000,0x80000000,
-0x80008000,0x00100000,0x00000020,0x80100020,
-0x00108000,0x00100020,0x80008020,0x00000000,
-0x80000000,0x00008000,0x00108020,0x80100000,
-0x00100020,0x80000020,0x00000000,0x00108000,
-0x00008020,0x80108000,0x80100000,0x00008020,
-0x00000000,0x00108020,0x80100020,0x00100000,
-0x80008020,0x80100000,0x80108000,0x00008000,
-0x80100000,0x80008000,0x00000020,0x80108020,
-0x00108020,0x00000020,0x00008000,0x80000000,
-0x00008020,0x80108000,0x00100000,0x80000020,
-0x00100020,0x80008020,0x80000020,0x00100020,
-0x00108000,0x00000000,0x80008000,0x00008020,
-0x80000000,0x80100020,0x80108020,0x00108000},
-{
-0x00000208,0x08020200,0x00000000,0x08020008,
-0x08000200,0x00000000,0x00020208,0x08000200,
-0x00020008,0x08000008,0x08000008,0x00020000,
-0x08020208,0x00020008,0x08020000,0x00000208,
-0x08000000,0x00000008,0x08020200,0x00000200,
-0x00020200,0x08020000,0x08020008,0x00020208,
-0x08000208,0x00020200,0x00020000,0x08000208,
-0x00000008,0x08020208,0x00000200,0x08000000,
-0x08020200,0x08000000,0x00020008,0x00000208,
-0x00020000,0x08020200,0x08000200,0x00000000,
-0x00000200,0x00020008,0x08020208,0x08000200,
-0x08000008,0x00000200,0x00000000,0x08020008,
-0x08000208,0x00020000,0x08000000,0x08020208,
-0x00000008,0x00020208,0x00020200,0x08000008,
-0x08020000,0x08000208,0x00000208,0x08020000,
-0x00020208,0x00000008,0x08020008,0x00020200},
-{
-0x00802001,0x00002081,0x00002081,0x00000080,
-0x00802080,0x00800081,0x00800001,0x00002001,
-0x00000000,0x00802000,0x00802000,0x00802081,
-0x00000081,0x00000000,0x00800080,0x00800001,
-0x00000001,0x00002000,0x00800000,0x00802001,
-0x00000080,0x00800000,0x00002001,0x00002080,
-0x00800081,0x00000001,0x00002080,0x00800080,
-0x00002000,0x00802080,0x00802081,0x00000081,
-0x00800080,0x00800001,0x00802000,0x00802081,
-0x00000081,0x00000000,0x00000000,0x00802000,
-0x00002080,0x00800080,0x00800081,0x00000001,
-0x00802001,0x00002081,0x00002081,0x00000080,
-0x00802081,0x00000081,0x00000001,0x00002000,
-0x00800001,0x00002001,0x00802080,0x00800081,
-0x00002001,0x00002080,0x00800000,0x00802001,
-0x00000080,0x00800000,0x00002000,0x00802080},
-{
-0x00000100,0x02080100,0x02080000,0x42000100,
-0x00080000,0x00000100,0x40000000,0x02080000,
-0x40080100,0x00080000,0x02000100,0x40080100,
-0x42000100,0x42080000,0x00080100,0x40000000,
-0x02000000,0x40080000,0x40080000,0x00000000,
-0x40000100,0x42080100,0x42080100,0x02000100,
-0x42080000,0x40000100,0x00000000,0x42000000,
-0x02080100,0x02000000,0x42000000,0x00080100,
-0x00080000,0x42000100,0x00000100,0x02000000,
-0x40000000,0x02080000,0x42000100,0x40080100,
-0x02000100,0x40000000,0x42080000,0x02080100,
-0x40080100,0x00000100,0x02000000,0x42080000,
-0x42080100,0x00080100,0x42000000,0x42080100,
-0x02080000,0x00000000,0x40080000,0x42000000,
-0x00080100,0x02000100,0x40000100,0x00080000,
-0x00000000,0x40080000,0x02080100,0x40000100},
-{
-0x20000010,0x20400000,0x00004000,0x20404010,
-0x20400000,0x00000010,0x20404010,0x00400000,
-0x20004000,0x00404010,0x00400000,0x20000010,
-0x00400010,0x20004000,0x20000000,0x00004010,
-0x00000000,0x00400010,0x20004010,0x00004000,
-0x00404000,0x20004010,0x00000010,0x20400010,
-0x20400010,0x00000000,0x00404010,0x20404000,
-0x00004010,0x00404000,0x20404000,0x20000000,
-0x20004000,0x00000010,0x20400010,0x00404000,
-0x20404010,0x00400000,0x00004010,0x20000010,
-0x00400000,0x20004000,0x20000000,0x00004010,
-0x20000010,0x20404010,0x00404000,0x20400000,
-0x00404010,0x20404000,0x00000000,0x20400010,
-0x00000010,0x00004000,0x20400000,0x00404010,
-0x00004000,0x00400010,0x20004010,0x00000000,
-0x20404000,0x20000000,0x00400010,0x20004010},
-{
-0x00200000,0x04200002,0x04000802,0x00000000,
-0x00000800,0x04000802,0x00200802,0x04200800,
-0x04200802,0x00200000,0x00000000,0x04000002,
-0x00000002,0x04000000,0x04200002,0x00000802,
-0x04000800,0x00200802,0x00200002,0x04000800,
-0x04000002,0x04200000,0x04200800,0x00200002,
-0x04200000,0x00000800,0x00000802,0x04200802,
-0x00200800,0x00000002,0x04000000,0x00200800,
-0x04000000,0x00200800,0x00200000,0x04000802,
-0x04000802,0x04200002,0x04200002,0x00000002,
-0x00200002,0x04000000,0x04000800,0x00200000,
-0x04200800,0x00000802,0x00200802,0x04200800,
-0x00000802,0x04000002,0x04200802,0x04200000,
-0x00200800,0x00000000,0x00000002,0x04200802,
-0x00000000,0x00200802,0x04200000,0x00000800,
-0x04000002,0x04000800,0x00000800,0x00200002},
-{
-0x10001040,0x00001000,0x00040000,0x10041040,
-0x10000000,0x10001040,0x00000040,0x10000000,
-0x00040040,0x10040000,0x10041040,0x00041000,
-0x10041000,0x00041040,0x00001000,0x00000040,
-0x10040000,0x10000040,0x10001000,0x00001040,
-0x00041000,0x00040040,0x10040040,0x10041000,
-0x00001040,0x00000000,0x00000000,0x10040040,
-0x10000040,0x10001000,0x00041040,0x00040000,
-0x00041040,0x00040000,0x10041000,0x00001000,
-0x00000040,0x10040040,0x00001000,0x00041040,
-0x10001000,0x00000040,0x10000040,0x10040000,
-0x10040040,0x10000000,0x00040000,0x10001040,
-0x00000000,0x10041040,0x00040040,0x10000040,
-0x10040000,0x10001000,0x10001040,0x00000000,
-0x10041040,0x00041000,0x00041000,0x00001040,
-0x00001040,0x00040040,0x10000000,0x10041000}
-};
-
-
-static INLINE void IPERM(word32* left, word32* right)
-{
- word32 work;
-
- *right = rotlFixed(*right, 4U);
- work = (*left ^ *right) & 0xf0f0f0f0;
- *left ^= work;
-
- *right = rotrFixed(*right^work, 20U);
- work = (*left ^ *right) & 0xffff0000;
- *left ^= work;
-
- *right = rotrFixed(*right^work, 18U);
- work = (*left ^ *right) & 0x33333333;
- *left ^= work;
-
- *right = rotrFixed(*right^work, 6U);
- work = (*left ^ *right) & 0x00ff00ff;
- *left ^= work;
-
- *right = rotlFixed(*right^work, 9U);
- work = (*left ^ *right) & 0xaaaaaaaa;
- *left = rotlFixed(*left^work, 1U);
- *right ^= work;
-}
-
-
-static INLINE void FPERM(word32* left, word32* right)
-{
- word32 work;
-
- *right = rotrFixed(*right, 1U);
- work = (*left ^ *right) & 0xaaaaaaaa;
- *right ^= work;
-
- *left = rotrFixed(*left^work, 9U);
- work = (*left ^ *right) & 0x00ff00ff;
- *right ^= work;
-
- *left = rotlFixed(*left^work, 6U);
- work = (*left ^ *right) & 0x33333333;
- *right ^= work;
-
- *left = rotlFixed(*left^work, 18U);
- work = (*left ^ *right) & 0xffff0000;
- *right ^= work;
-
- *left = rotlFixed(*left^work, 20U);
- work = (*left ^ *right) & 0xf0f0f0f0;
- *right ^= work;
-
- *left = rotrFixed(*left^work, 4U);
-}
-
-
-static int DesSetKey(const byte* key, int dir, word32* out)
-{
-#ifdef WOLFSSL_SMALL_STACK
- byte* buffer = (byte*)XMALLOC(56+56+8, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (buffer == NULL)
- return MEMORY_E;
-#else
- byte buffer[56+56+8];
-#endif
-
- {
- byte* const pc1m = buffer; /* place to modify pc1 into */
- byte* const pcr = pc1m + 56; /* place to rotate pc1 into */
- byte* const ks = pcr + 56;
- register int i, j, l;
- int m;
-
- for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */
- l = pc1[j] - 1; /* integer bit location */
- m = l & 07; /* find bit */
- pc1m[j] = (key[l >> 3] & /* find which key byte l is in */
- bytebit[m]) /* and which bit of that byte */
- ? 1 : 0; /* and store 1-bit result */
- }
-
- for (i = 0; i < 16; i++) { /* key chunk for each iteration */
- XMEMSET(ks, 0, 8); /* Clear key schedule */
-
- for (j = 0; j < 56; j++) /* rotate pc1 the right amount */
- pcr[j] =
- pc1m[(l = j + totrot[i]) < (j < 28 ? 28 : 56) ? l : l-28];
-
- /* rotate left and right halves independently */
- for (j = 0; j < 48; j++) { /* select bits individually */
- if (pcr[pc2[j] - 1]) { /* check bit that goes to ks[j] */
- l= j % 6; /* mask it in if it's there */
- ks[j/6] |= bytebit[l] >> 2;
- }
- }
-
- /* Now convert to odd/even interleaved form for use in F */
- out[2*i] = ((word32) ks[0] << 24)
- | ((word32) ks[2] << 16)
- | ((word32) ks[4] << 8)
- | ((word32) ks[6]);
-
- out[2*i + 1] = ((word32) ks[1] << 24)
- | ((word32) ks[3] << 16)
- | ((word32) ks[5] << 8)
- | ((word32) ks[7]);
- }
-
- /* reverse key schedule order */
- if (dir == DES_DECRYPTION) {
- for (i = 0; i < 16; i += 2) {
- word32 swap = out[i];
- out[i] = out[DES_KS_SIZE - 2 - i];
- out[DES_KS_SIZE - 2 - i] = swap;
-
- swap = out[i + 1];
- out[i + 1] = out[DES_KS_SIZE - 1 - i];
- out[DES_KS_SIZE - 1 - i] = swap;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- }
-
- return 0;
-}
-
-
-static INLINE int Reverse(int dir)
-{
- return !dir;
-}
-
-
-int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
-{
- wc_Des_SetIV(des, iv);
-
- return DesSetKey(key, dir, des->key);
-}
-
-
-int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
-{
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
- return wc_Des3_CaviumSetKey(des, key, iv);
-#endif
-
- ret = DesSetKey(key + (dir == DES_ENCRYPTION ? 0:16), dir, des->key[0]);
- if (ret != 0)
- return ret;
-
- ret = DesSetKey(key + 8, Reverse(dir), des->key[1]);
- if (ret != 0)
- return ret;
-
- ret = DesSetKey(key + (dir == DES_DECRYPTION ? 0:16), dir, des->key[2]);
- if (ret != 0)
- return ret;
-
- return wc_Des3_SetIV(des, iv);
-}
-
-
-static void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr)
-{
- word32 l = *lIn, r = *rIn, i;
-
- for (i=0; i<8; i++)
- {
- word32 work = rotrFixed(r, 4U) ^ kptr[4*i+0];
- l ^= Spbox[6][(work) & 0x3f]
- ^ Spbox[4][(work >> 8) & 0x3f]
- ^ Spbox[2][(work >> 16) & 0x3f]
- ^ Spbox[0][(work >> 24) & 0x3f];
- work = r ^ kptr[4*i+1];
- l ^= Spbox[7][(work) & 0x3f]
- ^ Spbox[5][(work >> 8) & 0x3f]
- ^ Spbox[3][(work >> 16) & 0x3f]
- ^ Spbox[1][(work >> 24) & 0x3f];
-
- work = rotrFixed(l, 4U) ^ kptr[4*i+2];
- r ^= Spbox[6][(work) & 0x3f]
- ^ Spbox[4][(work >> 8) & 0x3f]
- ^ Spbox[2][(work >> 16) & 0x3f]
- ^ Spbox[0][(work >> 24) & 0x3f];
- work = l ^ kptr[4*i+3];
- r ^= Spbox[7][(work) & 0x3f]
- ^ Spbox[5][(work >> 8) & 0x3f]
- ^ Spbox[3][(work >> 16) & 0x3f]
- ^ Spbox[1][(work >> 24) & 0x3f];
- }
-
- *lIn = l; *rIn = r;
-}
-
-
-static void DesProcessBlock(Des* des, const byte* in, byte* out)
-{
- word32 l, r;
-
- XMEMCPY(&l, in, sizeof(l));
- XMEMCPY(&r, in + sizeof(l), sizeof(r));
- #ifdef LITTLE_ENDIAN_ORDER
- l = ByteReverseWord32(l);
- r = ByteReverseWord32(r);
- #endif
- IPERM(&l,&r);
-
- DesRawProcessBlock(&l, &r, des->key);
-
- FPERM(&l,&r);
- #ifdef LITTLE_ENDIAN_ORDER
- l = ByteReverseWord32(l);
- r = ByteReverseWord32(r);
- #endif
- XMEMCPY(out, &r, sizeof(r));
- XMEMCPY(out + sizeof(r), &l, sizeof(l));
-}
-
-
-static void Des3ProcessBlock(Des3* des, const byte* in, byte* out)
-{
- word32 l, r;
-
- XMEMCPY(&l, in, sizeof(l));
- XMEMCPY(&r, in + sizeof(l), sizeof(r));
- #ifdef LITTLE_ENDIAN_ORDER
- l = ByteReverseWord32(l);
- r = ByteReverseWord32(r);
- #endif
- IPERM(&l,&r);
-
- DesRawProcessBlock(&l, &r, des->key[0]);
- DesRawProcessBlock(&r, &l, des->key[1]);
- DesRawProcessBlock(&l, &r, des->key[2]);
-
- FPERM(&l,&r);
- #ifdef LITTLE_ENDIAN_ORDER
- l = ByteReverseWord32(l);
- r = ByteReverseWord32(r);
- #endif
- XMEMCPY(out, &r, sizeof(r));
- XMEMCPY(out + sizeof(r), &l, sizeof(l));
-}
-
-
-int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- word32 blocks = sz / DES_BLOCK_SIZE;
-
- while (blocks--) {
- xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
- DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg);
- XMEMCPY(out, des->reg, DES_BLOCK_SIZE);
-
- out += DES_BLOCK_SIZE;
- in += DES_BLOCK_SIZE;
- }
- return 0;
-}
-
-
-int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- word32 blocks = sz / DES_BLOCK_SIZE;
- byte hold[DES_BLOCK_SIZE];
-
- while (blocks--) {
- XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
- DesProcessBlock(des, (byte*)des->tmp, out);
- xorbuf(out, (byte*)des->reg, DES_BLOCK_SIZE);
-
- XMEMCPY(hold, des->reg, DES_BLOCK_SIZE);
- XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE);
- XMEMCPY(des->tmp, hold, DES_BLOCK_SIZE);
-
- out += DES_BLOCK_SIZE;
- in += DES_BLOCK_SIZE;
- }
- return 0;
-}
-
-
-int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
-{
- word32 blocks;
-
-#ifdef HAVE_CAVIUM
- if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
- return wc_Des3_CaviumCbcEncrypt(des, out, in, sz);
-#endif
-
- blocks = sz / DES_BLOCK_SIZE;
- while (blocks--) {
- xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
- Des3ProcessBlock(des, (byte*)des->reg, (byte*)des->reg);
- XMEMCPY(out, des->reg, DES_BLOCK_SIZE);
-
- out += DES_BLOCK_SIZE;
- in += DES_BLOCK_SIZE;
- }
- return 0;
-}
-
-
-int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
-{
- word32 blocks;
-
-#ifdef HAVE_CAVIUM
- if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
- return wc_Des3_CaviumCbcDecrypt(des, out, in, sz);
-#endif
-
- blocks = sz / DES_BLOCK_SIZE;
- while (blocks--) {
- XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
- Des3ProcessBlock(des, (byte*)des->tmp, out);
- xorbuf(out, (byte*)des->reg, DES_BLOCK_SIZE);
- XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE);
-
- out += DES_BLOCK_SIZE;
- in += DES_BLOCK_SIZE;
- }
- return 0;
-}
-
-#ifdef WOLFSSL_DES_ECB
-
-/* One block, compatibility only */
-int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
-{
- word32 blocks = sz / DES_BLOCK_SIZE;
-
- while (blocks--) {
- DesProcessBlock(des, in, out);
-
- out += DES_BLOCK_SIZE;
- in += DES_BLOCK_SIZE;
- }
- return 0;
-}
-
-#endif /* WOLFSSL_DES_ECB */
-
-#endif /* STM32F2_CRYPTO */
-
-void wc_Des_SetIV(Des* des, const byte* iv)
-{
- if (des && iv)
- XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
- else if (des)
- XMEMSET(des->reg, 0, DES_BLOCK_SIZE);
-}
-
-
-int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Des* des = NULL;
-#else
- Des des[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (des == NULL)
- return MEMORY_E;
-#endif
-
- ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
- if (ret == 0)
- ret = wc_Des_CbcDecrypt(des, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-int wc_Des3_SetIV(Des3* des, const byte* iv)
-{
- if (des && iv)
- XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
- else if (des)
- XMEMSET(des->reg, 0, DES_BLOCK_SIZE);
-
- return 0;
-}
-
-
-int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Des3* des3 = NULL;
-#else
- Des3 des3[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (des3 == NULL)
- return MEMORY_E;
-#endif
-
- ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
- if (ret == 0)
- ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-#ifdef HAVE_CAVIUM
-
-#include "cavium_common.h"
-
-/* Initiliaze Des3 for use with Nitrox device */
-int wc_Des3_InitCavium(Des3* des3, int devId)
-{
- if (des3 == NULL)
- return -1;
-
- if (CspAllocContext(CONTEXT_SSL, &des3->contextHandle, devId) != 0)
- return -1;
-
- des3->devId = devId;
- des3->magic = WOLFSSL_3DES_CAVIUM_MAGIC;
-
- return 0;
-}
-
-
-/* Free Des3 from use with Nitrox device */
-void wc_Des3_FreeCavium(Des3* des3)
-{
- if (des3 == NULL)
- return;
-
- if (des3->magic != WOLFSSL_3DES_CAVIUM_MAGIC)
- return;
-
- CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId);
- des3->magic = 0;
-}
-
-
-static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv)
-{
- if (des3 == NULL)
- return -1;
-
- /* key[0] holds key, iv in reg */
- XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
-
- return wc_Des3_SetIV(des3, iv);
-}
-
-
-static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
- word32 length)
-{
- wolfssl_word offset = 0;
- word32 requestId;
-
- while (length > WOLFSSL_MAX_16BIT) {
- word16 slen = (word16)WOLFSSL_MAX_16BIT;
- if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
- CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
- out + offset, (byte*)des3->reg, (byte*)des3->key[0],
- &requestId, des3->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt");
- return -1;
- }
- length -= WOLFSSL_MAX_16BIT;
- offset += WOLFSSL_MAX_16BIT;
- XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
- }
- if (length) {
- word16 slen = (word16)length;
-
- if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
- CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
- out + offset, (byte*)des3->reg, (byte*)des3->key[0],
- &requestId, des3->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt");
- return -1;
- }
- XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
- }
- return 0;
-}
-
-static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
- word32 length)
-{
- word32 requestId;
- wolfssl_word offset = 0;
-
- while (length > WOLFSSL_MAX_16BIT) {
- word16 slen = (word16)WOLFSSL_MAX_16BIT;
- XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
- if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
- CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
- (byte*)des3->reg, (byte*)des3->key[0], &requestId,
- des3->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium 3Des Decrypt");
- return -1;
- }
- length -= WOLFSSL_MAX_16BIT;
- offset += WOLFSSL_MAX_16BIT;
- XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
- }
- if (length) {
- word16 slen = (word16)length;
- XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE);
- if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
- CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
- (byte*)des3->reg, (byte*)des3->key[0], &requestId,
- des3->devId) != 0) {
- WOLFSSL_MSG("Bad Cavium 3Des Decrypt");
- return -1;
- }
- XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
- }
- return 0;
-}
-
-#endif /* HAVE_CAVIUM */
-#endif /* WOLFSSL_TI_CRYPT */
-#endif /* HAVE_FIPS */
-#endif /* NO_DES3 */
-
--- a/wolfcrypt/src/dh.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,217 +0,0 @@
-/* dh.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_DH
-
-#include <wolfssl/wolfcrypt/dh.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifndef USER_MATH_LIB
- #include <math.h>
- #define XPOW(x,y) pow((x),(y))
- #define XLOG(x) log((x))
-#else
- /* user's own math lib */
-#endif
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-void wc_InitDhKey(DhKey* key)
-{
- (void)key;
-/* TomsFastMath doesn't use memory allocation */
-#ifndef USE_FAST_MATH
- key->p.dp = 0;
- key->g.dp = 0;
-#endif
-}
-
-
-void wc_FreeDhKey(DhKey* key)
-{
- (void)key;
-/* TomsFastMath doesn't use memory allocation */
-#ifndef USE_FAST_MATH
- mp_clear(&key->p);
- mp_clear(&key->g);
-#endif
-}
-
-
-static word32 DiscreteLogWorkFactor(word32 n)
-{
- /* assuming discrete log takes about the same time as factoring */
- if (n<5)
- return 0;
- else
- return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
- XPOW(XLOG((double)n), 2.0/3.0) - 5);
-}
-
-
-static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
-{
- int ret;
- word32 sz = mp_unsigned_bin_size(&key->p);
- sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
- WOLFSSL_BIT_SIZE + 1);
-
- ret = wc_RNG_GenerateBlock(rng, priv, sz);
- if (ret != 0)
- return ret;
-
- priv[0] |= 0x0C;
-
- *privSz = sz;
-
- return 0;
-}
-
-
-static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
- byte* pub, word32* pubSz)
-{
- int ret = 0;
-
- mp_int x;
- mp_int y;
-
- if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
- return MP_INIT_E;
-
- if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
- ret = MP_READ_E;
-
- if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
- ret = MP_EXPTMOD_E;
-
- if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
- ret = MP_TO_E;
-
- if (ret == 0)
- *pubSz = mp_unsigned_bin_size(&y);
-
- mp_clear(&y);
- mp_clear(&x);
-
- return ret;
-}
-
-
-int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
- byte* pub, word32* pubSz)
-{
- int ret = GeneratePrivate(key, rng, priv, privSz);
-
- return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
-}
-
-int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
- word32 privSz, const byte* otherPub, word32 pubSz)
-{
- int ret = 0;
-
- mp_int x;
- mp_int y;
- mp_int z;
-
- if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
- return MP_INIT_E;
-
- if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
- ret = MP_READ_E;
-
- if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
- ret = MP_READ_E;
-
- if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
- ret = MP_EXPTMOD_E;
-
- if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
- ret = MP_TO_E;
-
- if (ret == 0)
- *agreeSz = mp_unsigned_bin_size(&z);
-
- mp_clear(&z);
- mp_clear(&y);
- mp_clear(&x);
-
- return ret;
-}
-
-
-/* not in asn anymore since no actual asn types used */
-int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
- word32 gSz)
-{
- if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0)
- return BAD_FUNC_ARG;
-
- /* may have leading 0 */
- if (p[0] == 0) {
- pSz--; p++;
- }
-
- if (g[0] == 0) {
- gSz--; g++;
- }
-
- if (mp_init(&key->p) != MP_OKAY)
- return MP_INIT_E;
- if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) {
- mp_clear(&key->p);
- return ASN_DH_KEY_E;
- }
-
- if (mp_init(&key->g) != MP_OKAY) {
- mp_clear(&key->p);
- return MP_INIT_E;
- }
- if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) {
- mp_clear(&key->g);
- mp_clear(&key->p);
- return ASN_DH_KEY_E;
- }
-
- return 0;
-}
-
-
-#endif /* NO_DH */
-
-
--- a/wolfcrypt/src/dsa.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,233 +0,0 @@
-/* dsa.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_DSA
-
-#include <wolfssl/wolfcrypt/dsa.h>
-#include <wolfssl/wolfcrypt/sha.h>
-#include <wolfssl/wolfcrypt/random.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-
-enum {
- DSA_HALF_SIZE = 20, /* r and s size */
- DSA_SIG_SIZE = 40 /* signature size */
-};
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-void wc_InitDsaKey(DsaKey* key)
-{
- key->type = -1; /* haven't decided yet */
-
-/* TomsFastMath doesn't use memory allocation */
-#ifndef USE_FAST_MATH
- key->p.dp = 0; /* public alloc parts */
- key->q.dp = 0;
- key->g.dp = 0;
- key->y.dp = 0;
-
- key->x.dp = 0; /* private alloc parts */
-#endif
-}
-
-
-void wc_FreeDsaKey(DsaKey* key)
-{
- (void)key;
-/* TomsFastMath doesn't use memory allocation */
-#ifndef USE_FAST_MATH
- if (key->type == DSA_PRIVATE)
- mp_clear(&key->x);
- mp_clear(&key->y);
- mp_clear(&key->g);
- mp_clear(&key->q);
- mp_clear(&key->p);
-#endif
-}
-
-
-int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng)
-{
- mp_int k, kInv, r, s, H;
- int ret, sz;
- byte buffer[DSA_HALF_SIZE];
-
- sz = min(sizeof(buffer), mp_unsigned_bin_size(&key->q));
-
- /* generate k */
- ret = wc_RNG_GenerateBlock(rng, buffer, sz);
- if (ret != 0)
- return ret;
-
- buffer[0] |= 0x0C;
-
- if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY)
- return MP_INIT_E;
-
- if (mp_read_unsigned_bin(&k, buffer, sz) != MP_OKAY)
- ret = MP_READ_E;
-
- if (ret == 0 && mp_cmp_d(&k, 1) != MP_GT)
- ret = MP_CMP_E;
-
- /* inverse k mod q */
- if (ret == 0 && mp_invmod(&k, &key->q, &kInv) != MP_OKAY)
- ret = MP_INVMOD_E;
-
- /* generate r, r = (g exp k mod p) mod q */
- if (ret == 0 && mp_exptmod(&key->g, &k, &key->p, &r) != MP_OKAY)
- ret = MP_EXPTMOD_E;
-
- if (ret == 0 && mp_mod(&r, &key->q, &r) != MP_OKAY)
- ret = MP_MOD_E;
-
- /* generate H from sha digest */
- if (ret == 0 && mp_read_unsigned_bin(&H, digest,SHA_DIGEST_SIZE) != MP_OKAY)
- ret = MP_READ_E;
-
- /* generate s, s = (kInv * (H + x*r)) % q */
- if (ret == 0 && mp_mul(&key->x, &r, &s) != MP_OKAY)
- ret = MP_MUL_E;
-
- if (ret == 0 && mp_add(&s, &H, &s) != MP_OKAY)
- ret = MP_ADD_E;
-
- if (ret == 0 && mp_mulmod(&s, &kInv, &key->q, &s) != MP_OKAY)
- ret = MP_MULMOD_E;
-
- /* write out */
- if (ret == 0) {
- int rSz = mp_unsigned_bin_size(&r);
- int sSz = mp_unsigned_bin_size(&s);
-
- if (rSz == DSA_HALF_SIZE - 1) {
- out[0] = 0;
- out++;
- }
-
- if (mp_to_unsigned_bin(&r, out) != MP_OKAY)
- ret = MP_TO_E;
- else {
- if (sSz == DSA_HALF_SIZE - 1) {
- out[rSz] = 0;
- out++;
- }
- ret = mp_to_unsigned_bin(&s, out + rSz);
- }
- }
-
- mp_clear(&H);
- mp_clear(&s);
- mp_clear(&r);
- mp_clear(&kInv);
- mp_clear(&k);
-
- return ret;
-}
-
-
-int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer)
-{
- mp_int w, u1, u2, v, r, s;
- int ret = 0;
-
- if (mp_init_multi(&w, &u1, &u2, &v, &r, &s) != MP_OKAY)
- return MP_INIT_E;
-
- /* set r and s from signature */
- if (mp_read_unsigned_bin(&r, sig, DSA_HALF_SIZE) != MP_OKAY ||
- mp_read_unsigned_bin(&s, sig + DSA_HALF_SIZE, DSA_HALF_SIZE) != MP_OKAY)
- ret = MP_READ_E;
-
- /* sanity checks */
- if (ret == 0) {
- if (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES ||
- mp_cmp(&r, &key->q) != MP_LT || mp_cmp(&s, &key->q) != MP_LT) {
- ret = MP_ZERO_E;
- }
- }
-
- /* put H into u1 from sha digest */
- if (ret == 0 && mp_read_unsigned_bin(&u1,digest,SHA_DIGEST_SIZE) != MP_OKAY)
- ret = MP_READ_E;
-
- /* w = s invmod q */
- if (ret == 0 && mp_invmod(&s, &key->q, &w) != MP_OKAY)
- ret = MP_INVMOD_E;
-
- /* u1 = (H * w) % q */
- if (ret == 0 && mp_mulmod(&u1, &w, &key->q, &u1) != MP_OKAY)
- ret = MP_MULMOD_E;
-
- /* u2 = (r * w) % q */
- if (ret == 0 && mp_mulmod(&r, &w, &key->q, &u2) != MP_OKAY)
- ret = MP_MULMOD_E;
-
- /* verify v = ((g^u1 * y^u2) mod p) mod q */
- if (ret == 0 && mp_exptmod(&key->g, &u1, &key->p, &u1) != MP_OKAY)
- ret = MP_EXPTMOD_E;
-
- if (ret == 0 && mp_exptmod(&key->y, &u2, &key->p, &u2) != MP_OKAY)
- ret = MP_EXPTMOD_E;
-
- if (ret == 0 && mp_mulmod(&u1, &u2, &key->p, &v) != MP_OKAY)
- ret = MP_MULMOD_E;
-
- if (ret == 0 && mp_mod(&v, &key->q, &v) != MP_OKAY)
- ret = MP_MULMOD_E;
-
- /* do they match */
- if (ret == 0 && mp_cmp(&r, &v) == MP_EQ)
- *answer = 1;
- else
- *answer = 0;
-
- mp_clear(&s);
- mp_clear(&r);
- mp_clear(&u1);
- mp_clear(&u2);
- mp_clear(&w);
- mp_clear(&v);
-
- return ret;
-}
-
-
-#endif /* NO_DSA */
-
-
--- a/wolfcrypt/src/ecc.c Tue Jul 21 11:37:09 2015 +0000
+++ b/wolfcrypt/src/ecc.c Thu Apr 28 00:56:55 2016 +0000
@@ -1,5187 +1,5627 @@
-/* ecc.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-/* in case user set HAVE_ECC there */
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_ECC
-
-#include <wolfssl/wolfcrypt/ecc.h>
-#include <wolfssl/wolfcrypt/asn.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef HAVE_ECC_ENCRYPT
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/aes.h>
-#endif
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-/* map
-
- ptmul -> mulmod
-
-*/
-
-
-/* p256 curve on by default whether user curves or not */
-#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
- #define ECC112
-#endif
-#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
- #define ECC128
-#endif
-#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
- #define ECC160
-#endif
-#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
- #define ECC192
-#endif
-#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- #define ECC224
-#endif
-#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
- #define ECC256
-#endif
-#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- #define ECC384
-#endif
-#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
- #define ECC521
-#endif
-
-
-
-/* This holds the key settings. ***MUST*** be organized by size from
- smallest to largest. */
-
-const ecc_set_type ecc_sets[] = {
-#ifdef ECC112
-{
- 14,
- "SECP112R1",
- "DB7C2ABF62E35E668076BEAD208B",
- "DB7C2ABF62E35E668076BEAD2088",
- "659EF8BA043916EEDE8911702B22",
- "DB7C2ABF62E35E7628DFAC6561C5",
- "09487239995A5EE76B55F9C2F098",
- "A89CE5AF8724C0A23E0E0FF77500"
-},
-#endif
-#ifdef ECC128
-{
- 16,
- "SECP128R1",
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
- "E87579C11079F43DD824993C2CEE5ED3",
- "FFFFFFFE0000000075A30D1B9038A115",
- "161FF7528B899B2D0C28607CA52C5B86",
- "CF5AC8395BAFEB13C02DA292DDED7A83",
-},
-#endif
-#ifdef ECC160
-{
- 20,
- "SECP160R1",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
- "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
- "0100000000000000000001F4C8F927AED3CA752257",
- "4A96B5688EF573284664698968C38BB913CBFC82",
- "23A628553168947D59DCC912042351377AC5FB32",
-},
-#endif
-#ifdef ECC192
-{
- 24,
- "ECC-192",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
- "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
- "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
-},
-#endif
-#ifdef ECC224
-{
- 28,
- "ECC-224",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
- "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
-},
-#endif
-#ifdef ECC256
-{
- 32,
- "ECC-256",
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
- "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
- "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
- "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
- "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
-},
-#endif
-#ifdef ECC384
-{
- 48,
- "ECC-384",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
- "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
- "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
- "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
-},
-#endif
-#ifdef ECC521
-{
- 66,
- "ECC-521",
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
- "51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
- "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
- "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
-},
-#endif
-{
- 0,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
-}
-};
-
-
-ecc_point* ecc_new_point(void);
-void ecc_del_point(ecc_point* p);
-int ecc_map(ecc_point*, mp_int*, mp_digit*);
-int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
- mp_int* modulus, mp_digit* mp);
-int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
- mp_digit* mp);
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
- int map);
-static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order);
-#ifdef ECC_SHAMIR
-static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
- ecc_point* C, mp_int* modulus);
-#endif
-
-int mp_jacobi(mp_int* a, mp_int* p, int* c);
-int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret);
-int mp_submod(mp_int* a, mp_int* b, mp_int* c, mp_int* d);
-
-#ifdef HAVE_COMP_KEY
-static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
-#endif
-
-/* helper for either lib */
-static int get_digit_count(mp_int* a)
-{
- if (a == NULL)
- return 0;
-
- return a->used;
-}
-
-/* helper for either lib */
-static mp_digit get_digit(mp_int* a, int n)
-{
- if (a == NULL)
- return 0;
-
- return (n >= a->used || n < 0) ? 0 : a->dp[n];
-}
-
-
-#if defined(USE_FAST_MATH)
-
-/* fast math accelerated version, but not for fp ecc yet */
-
-/**
- Add two ECC points
- P The point to add
- Q The point to add
- R [out] The destination of the double
- modulus The modulus of the field the ECC curve is in
- mp The "b" value from montgomery_setup()
- return MP_OKAY on success
-*/
-int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
- mp_int* modulus, mp_digit* mp)
-{
- fp_int t1, t2, x, y, z;
- int err;
-
- if (P == NULL || Q == NULL || R == NULL || modulus == NULL || mp == NULL)
- return ECC_BAD_ARG_E;
-
- if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
- return err;
- }
-
- /* should we dbl instead? */
- fp_sub(modulus, Q->y, &t1);
- if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
- (get_digit_count(Q->z) && fp_cmp(P->z, Q->z) == FP_EQ) &&
- (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {
- return ecc_projective_dbl_point(P, R, modulus, mp);
- }
-
- fp_copy(P->x, &x);
- fp_copy(P->y, &y);
- fp_copy(P->z, &z);
-
- /* if Z is one then these are no-operations */
- if (get_digit_count(Q->z)) {
- /* T1 = Z' * Z' */
- fp_sqr(Q->z, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
- /* X = X * T1 */
- fp_mul(&t1, &x, &x);
- fp_montgomery_reduce(&x, modulus, *mp);
- /* T1 = Z' * T1 */
- fp_mul(Q->z, &t1, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
- /* Y = Y * T1 */
- fp_mul(&t1, &y, &y);
- fp_montgomery_reduce(&y, modulus, *mp);
- }
-
- /* T1 = Z*Z */
- fp_sqr(&z, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
- /* T2 = X' * T1 */
- fp_mul(Q->x, &t1, &t2);
- fp_montgomery_reduce(&t2, modulus, *mp);
- /* T1 = Z * T1 */
- fp_mul(&z, &t1, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
- /* T1 = Y' * T1 */
- fp_mul(Q->y, &t1, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
-
- /* Y = Y - T1 */
- fp_sub(&y, &t1, &y);
- if (fp_cmp_d(&y, 0) == FP_LT) {
- fp_add(&y, modulus, &y);
- }
- /* T1 = 2T1 */
- fp_add(&t1, &t1, &t1);
- if (fp_cmp(&t1, modulus) != FP_LT) {
- fp_sub(&t1, modulus, &t1);
- }
- /* T1 = Y + T1 */
- fp_add(&t1, &y, &t1);
- if (fp_cmp(&t1, modulus) != FP_LT) {
- fp_sub(&t1, modulus, &t1);
- }
- /* X = X - T2 */
- fp_sub(&x, &t2, &x);
- if (fp_cmp_d(&x, 0) == FP_LT) {
- fp_add(&x, modulus, &x);
- }
- /* T2 = 2T2 */
- fp_add(&t2, &t2, &t2);
- if (fp_cmp(&t2, modulus) != FP_LT) {
- fp_sub(&t2, modulus, &t2);
- }
- /* T2 = X + T2 */
- fp_add(&t2, &x, &t2);
- if (fp_cmp(&t2, modulus) != FP_LT) {
- fp_sub(&t2, modulus, &t2);
- }
-
- /* if Z' != 1 */
- if (get_digit_count(Q->z)) {
- /* Z = Z * Z' */
- fp_mul(&z, Q->z, &z);
- fp_montgomery_reduce(&z, modulus, *mp);
- }
-
- /* Z = Z * X */
- fp_mul(&z, &x, &z);
- fp_montgomery_reduce(&z, modulus, *mp);
-
- /* T1 = T1 * X */
- fp_mul(&t1, &x, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
- /* X = X * X */
- fp_sqr(&x, &x);
- fp_montgomery_reduce(&x, modulus, *mp);
- /* T2 = T2 * x */
- fp_mul(&t2, &x, &t2);
- fp_montgomery_reduce(&t2, modulus, *mp);
- /* T1 = T1 * X */
- fp_mul(&t1, &x, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
-
- /* X = Y*Y */
- fp_sqr(&y, &x);
- fp_montgomery_reduce(&x, modulus, *mp);
- /* X = X - T2 */
- fp_sub(&x, &t2, &x);
- if (fp_cmp_d(&x, 0) == FP_LT) {
- fp_add(&x, modulus, &x);
- }
-
- /* T2 = T2 - X */
- fp_sub(&t2, &x, &t2);
- if (fp_cmp_d(&t2, 0) == FP_LT) {
- fp_add(&t2, modulus, &t2);
- }
- /* T2 = T2 - X */
- fp_sub(&t2, &x, &t2);
- if (fp_cmp_d(&t2, 0) == FP_LT) {
- fp_add(&t2, modulus, &t2);
- }
- /* T2 = T2 * Y */
- fp_mul(&t2, &y, &t2);
- fp_montgomery_reduce(&t2, modulus, *mp);
- /* Y = T2 - T1 */
- fp_sub(&t2, &t1, &y);
- if (fp_cmp_d(&y, 0) == FP_LT) {
- fp_add(&y, modulus, &y);
- }
- /* Y = Y/2 */
- if (fp_isodd(&y)) {
- fp_add(&y, modulus, &y);
- }
- fp_div_2(&y, &y);
-
- fp_copy(&x, R->x);
- fp_copy(&y, R->y);
- fp_copy(&z, R->z);
-
- return MP_OKAY;
-}
-
-
-/**
- Double an ECC point
- P The point to double
- R [out] The destination of the double
- modulus The modulus of the field the ECC curve is in
- mp The "b" value from montgomery_setup()
- return MP_OKAY on success
-*/
-int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
- mp_digit* mp)
-{
- fp_int t1, t2;
- int err;
-
- if (P == NULL || R == NULL || modulus == NULL || mp == NULL)
- return ECC_BAD_ARG_E;
-
- if (P != R) {
- fp_copy(P->x, R->x);
- fp_copy(P->y, R->y);
- fp_copy(P->z, R->z);
- }
-
- if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
- return err;
- }
-
- /* t1 = Z * Z */
- fp_sqr(R->z, &t1);
- fp_montgomery_reduce(&t1, modulus, *mp);
- /* Z = Y * Z */
- fp_mul(R->z, R->y, R->z);
- fp_montgomery_reduce(R->z, modulus, *mp);
- /* Z = 2Z */
- fp_add(R->z, R->z, R->z);
- if (fp_cmp(R->z, modulus) != FP_LT) {
- fp_sub(R->z, modulus, R->z);
- }
-
- /* &t2 = X - T1 */
- fp_sub(R->x, &t1, &t2);
- if (fp_cmp_d(&t2, 0) == FP_LT) {
- fp_add(&t2, modulus, &t2);
- }
- /* T1 = X + T1 */
- fp_add(&t1, R->x, &t1);
- if (fp_cmp(&t1, modulus) != FP_LT) {
- fp_sub(&t1, modulus, &t1);
- }
- /* T2 = T1 * T2 */
- fp_mul(&t1, &t2, &t2);
- fp_montgomery_reduce(&t2, modulus, *mp);
- /* T1 = 2T2 */
- fp_add(&t2, &t2, &t1);
- if (fp_cmp(&t1, modulus) != FP_LT) {
- fp_sub(&t1, modulus, &t1);
- }
- /* T1 = T1 + T2 */
- fp_add(&t1, &t2, &t1);
- if (fp_cmp(&t1, modulus) != FP_LT) {
- fp_sub(&t1, modulus, &t1);
- }
-
- /* Y = 2Y */
- fp_add(R->y, R->y, R->y);
- if (fp_cmp(R->y, modulus) != FP_LT) {
- fp_sub(R->y, modulus, R->y);
- }
- /* Y = Y * Y */
- fp_sqr(R->y, R->y);
- fp_montgomery_reduce(R->y, modulus, *mp);
- /* T2 = Y * Y */
- fp_sqr(R->y, &t2);
- fp_montgomery_reduce(&t2, modulus, *mp);
- /* T2 = T2/2 */
- if (fp_isodd(&t2)) {
- fp_add(&t2, modulus, &t2);
- }
- fp_div_2(&t2, &t2);
- /* Y = Y * X */
- fp_mul(R->y, R->x, R->y);
- fp_montgomery_reduce(R->y, modulus, *mp);
-
- /* X = T1 * T1 */
- fp_sqr(&t1, R->x);
- fp_montgomery_reduce(R->x, modulus, *mp);
- /* X = X - Y */
- fp_sub(R->x, R->y, R->x);
- if (fp_cmp_d(R->x, 0) == FP_LT) {
- fp_add(R->x, modulus, R->x);
- }
- /* X = X - Y */
- fp_sub(R->x, R->y, R->x);
- if (fp_cmp_d(R->x, 0) == FP_LT) {
- fp_add(R->x, modulus, R->x);
- }
-
- /* Y = Y - X */
- fp_sub(R->y, R->x, R->y);
- if (fp_cmp_d(R->y, 0) == FP_LT) {
- fp_add(R->y, modulus, R->y);
- }
- /* Y = Y * T1 */
- fp_mul(R->y, &t1, R->y);
- fp_montgomery_reduce(R->y, modulus, *mp);
- /* Y = Y - T2 */
- fp_sub(R->y, &t2, R->y);
- if (fp_cmp_d(R->y, 0) == FP_LT) {
- fp_add(R->y, modulus, R->y);
- }
-
- return MP_OKAY;
-}
-
-#else /* USE_FAST_MATH */
-
-/**
- Add two ECC points
- P The point to add
- Q The point to add
- R [out] The destination of the double
- modulus The modulus of the field the ECC curve is in
- mp The "b" value from montgomery_setup()
- return MP_OKAY on success
-*/
-int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
- mp_int* modulus, mp_digit* mp)
-{
- mp_int t1;
- mp_int t2;
- mp_int x;
- mp_int y;
- mp_int z;
- int err;
-
- if (P == NULL || Q == NULL || R == NULL || modulus == NULL || mp == NULL)
- return ECC_BAD_ARG_E;
-
- if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
- return err;
- }
-
- /* should we dbl instead? */
- err = mp_sub(modulus, Q->y, &t1);
-
- if (err == MP_OKAY) {
- if ( (mp_cmp(P->x, Q->x) == MP_EQ) &&
- (get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) &&
- (mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, &t1) == MP_EQ)) {
- mp_clear(&t1);
- mp_clear(&t2);
- mp_clear(&x);
- mp_clear(&y);
- mp_clear(&z);
-
- return ecc_projective_dbl_point(P, R, modulus, mp);
- }
- }
-
- if (err == MP_OKAY)
- err = mp_copy(P->x, &x);
- if (err == MP_OKAY)
- err = mp_copy(P->y, &y);
- if (err == MP_OKAY)
- err = mp_copy(P->z, &z);
-
- /* if Z is one then these are no-operations */
- if (err == MP_OKAY) {
- if (get_digit_count(Q->z)) {
- /* T1 = Z' * Z' */
- err = mp_sqr(Q->z, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* X = X * T1 */
- if (err == MP_OKAY)
- err = mp_mul(&t1, &x, &x);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&x, modulus, *mp);
-
- /* T1 = Z' * T1 */
- if (err == MP_OKAY)
- err = mp_mul(Q->z, &t1, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* Y = Y * T1 */
- if (err == MP_OKAY)
- err = mp_mul(&t1, &y, &y);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&y, modulus, *mp);
- }
- }
-
- /* T1 = Z*Z */
- if (err == MP_OKAY)
- err = mp_sqr(&z, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* T2 = X' * T1 */
- if (err == MP_OKAY)
- err = mp_mul(Q->x, &t1, &t2);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t2, modulus, *mp);
-
- /* T1 = Z * T1 */
- if (err == MP_OKAY)
- err = mp_mul(&z, &t1, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* T1 = Y' * T1 */
- if (err == MP_OKAY)
- err = mp_mul(Q->y, &t1, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* Y = Y - T1 */
- if (err == MP_OKAY)
- err = mp_sub(&y, &t1, &y);
- if (err == MP_OKAY) {
- if (mp_cmp_d(&y, 0) == MP_LT)
- err = mp_add(&y, modulus, &y);
- }
- /* T1 = 2T1 */
- if (err == MP_OKAY)
- err = mp_add(&t1, &t1, &t1);
- if (err == MP_OKAY) {
- if (mp_cmp(&t1, modulus) != MP_LT)
- err = mp_sub(&t1, modulus, &t1);
- }
- /* T1 = Y + T1 */
- if (err == MP_OKAY)
- err = mp_add(&t1, &y, &t1);
- if (err == MP_OKAY) {
- if (mp_cmp(&t1, modulus) != MP_LT)
- err = mp_sub(&t1, modulus, &t1);
- }
- /* X = X - T2 */
- if (err == MP_OKAY)
- err = mp_sub(&x, &t2, &x);
- if (err == MP_OKAY) {
- if (mp_cmp_d(&x, 0) == MP_LT)
- err = mp_add(&x, modulus, &x);
- }
- /* T2 = 2T2 */
- if (err == MP_OKAY)
- err = mp_add(&t2, &t2, &t2);
- if (err == MP_OKAY) {
- if (mp_cmp(&t2, modulus) != MP_LT)
- err = mp_sub(&t2, modulus, &t2);
- }
- /* T2 = X + T2 */
- if (err == MP_OKAY)
- err = mp_add(&t2, &x, &t2);
- if (err == MP_OKAY) {
- if (mp_cmp(&t2, modulus) != MP_LT)
- err = mp_sub(&t2, modulus, &t2);
- }
-
- if (err == MP_OKAY) {
- if (get_digit_count(Q->z)) {
- /* Z = Z * Z' */
- err = mp_mul(&z, Q->z, &z);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&z, modulus, *mp);
- }
- }
-
- /* Z = Z * X */
- if (err == MP_OKAY)
- err = mp_mul(&z, &x, &z);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&z, modulus, *mp);
-
- /* T1 = T1 * X */
- if (err == MP_OKAY)
- err = mp_mul(&t1, &x, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* X = X * X */
- if (err == MP_OKAY)
- err = mp_sqr(&x, &x);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&x, modulus, *mp);
-
- /* T2 = T2 * x */
- if (err == MP_OKAY)
- err = mp_mul(&t2, &x, &t2);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t2, modulus, *mp);
-
- /* T1 = T1 * X */
- if (err == MP_OKAY)
- err = mp_mul(&t1, &x, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* X = Y*Y */
- if (err == MP_OKAY)
- err = mp_sqr(&y, &x);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&x, modulus, *mp);
-
- /* X = X - T2 */
- if (err == MP_OKAY)
- err = mp_sub(&x, &t2, &x);
- if (err == MP_OKAY) {
- if (mp_cmp_d(&x, 0) == MP_LT)
- err = mp_add(&x, modulus, &x);
- }
- /* T2 = T2 - X */
- if (err == MP_OKAY)
- err = mp_sub(&t2, &x, &t2);
- if (err == MP_OKAY) {
- if (mp_cmp_d(&t2, 0) == MP_LT)
- err = mp_add(&t2, modulus, &t2);
- }
- /* T2 = T2 - X */
- if (err == MP_OKAY)
- err = mp_sub(&t2, &x, &t2);
- if (err == MP_OKAY) {
- if (mp_cmp_d(&t2, 0) == MP_LT)
- err = mp_add(&t2, modulus, &t2);
- }
- /* T2 = T2 * Y */
- if (err == MP_OKAY)
- err = mp_mul(&t2, &y, &t2);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t2, modulus, *mp);
-
- /* Y = T2 - T1 */
- if (err == MP_OKAY)
- err = mp_sub(&t2, &t1, &y);
- if (err == MP_OKAY) {
- if (mp_cmp_d(&y, 0) == MP_LT)
- err = mp_add(&y, modulus, &y);
- }
- /* Y = Y/2 */
- if (err == MP_OKAY) {
- if (mp_isodd(&y))
- err = mp_add(&y, modulus, &y);
- }
- if (err == MP_OKAY)
- err = mp_div_2(&y, &y);
-
- if (err == MP_OKAY)
- err = mp_copy(&x, R->x);
- if (err == MP_OKAY)
- err = mp_copy(&y, R->y);
- if (err == MP_OKAY)
- err = mp_copy(&z, R->z);
-
- /* clean up */
- mp_clear(&t1);
- mp_clear(&t2);
- mp_clear(&x);
- mp_clear(&y);
- mp_clear(&z);
-
- return err;
-}
-
-
-/**
- Double an ECC point
- P The point to double
- R [out] The destination of the double
- modulus The modulus of the field the ECC curve is in
- mp The "b" value from montgomery_setup()
- return MP_OKAY on success
-*/
-int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
- mp_digit* mp)
-{
- mp_int t1;
- mp_int t2;
- int err;
-
- if (P == NULL || R == NULL || modulus == NULL || mp == NULL)
- return ECC_BAD_ARG_E;
-
- if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
- return err;
- }
-
- if (P != R) {
- err = mp_copy(P->x, R->x);
- if (err == MP_OKAY)
- err = mp_copy(P->y, R->y);
- if (err == MP_OKAY)
- err = mp_copy(P->z, R->z);
- }
-
- /* t1 = Z * Z */
- if (err == MP_OKAY)
- err = mp_sqr(R->z, &t1);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t1, modulus, *mp);
-
- /* Z = Y * Z */
- if (err == MP_OKAY)
- err = mp_mul(R->z, R->y, R->z);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(R->z, modulus, *mp);
-
- /* Z = 2Z */
- if (err == MP_OKAY)
- err = mp_add(R->z, R->z, R->z);
- if (err == MP_OKAY) {
- if (mp_cmp(R->z, modulus) != MP_LT)
- err = mp_sub(R->z, modulus, R->z);
- }
-
- /* T2 = X - T1 */
- if (err == MP_OKAY)
- err = mp_sub(R->x, &t1, &t2);
- if (err == MP_OKAY) {
- if (mp_cmp_d(&t2, 0) == MP_LT)
- err = mp_add(&t2, modulus, &t2);
- }
- /* T1 = X + T1 */
- if (err == MP_OKAY)
- err = mp_add(&t1, R->x, &t1);
- if (err == MP_OKAY) {
- if (mp_cmp(&t1, modulus) != MP_LT)
- err = mp_sub(&t1, modulus, &t1);
- }
- /* T2 = T1 * T2 */
- if (err == MP_OKAY)
- err = mp_mul(&t1, &t2, &t2);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t2, modulus, *mp);
-
- /* T1 = 2T2 */
- if (err == MP_OKAY)
- err = mp_add(&t2, &t2, &t1);
- if (err == MP_OKAY) {
- if (mp_cmp(&t1, modulus) != MP_LT)
- err = mp_sub(&t1, modulus, &t1);
- }
- /* T1 = T1 + T2 */
- if (err == MP_OKAY)
- err = mp_add(&t1, &t2, &t1);
- if (err == MP_OKAY) {
- if (mp_cmp(&t1, modulus) != MP_LT)
- err = mp_sub(&t1, modulus, &t1);
- }
- /* Y = 2Y */
- if (err == MP_OKAY)
- err = mp_add(R->y, R->y, R->y);
- if (err == MP_OKAY) {
- if (mp_cmp(R->y, modulus) != MP_LT)
- err = mp_sub(R->y, modulus, R->y);
- }
- /* Y = Y * Y */
- if (err == MP_OKAY)
- err = mp_sqr(R->y, R->y);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(R->y, modulus, *mp);
-
- /* T2 = Y * Y */
- if (err == MP_OKAY)
- err = mp_sqr(R->y, &t2);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(&t2, modulus, *mp);
-
- /* T2 = T2/2 */
- if (err == MP_OKAY) {
- if (mp_isodd(&t2))
- err = mp_add(&t2, modulus, &t2);
- }
- if (err == MP_OKAY)
- err = mp_div_2(&t2, &t2);
-
- /* Y = Y * X */
- if (err == MP_OKAY)
- err = mp_mul(R->y, R->x, R->y);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(R->y, modulus, *mp);
-
- /* X = T1 * T1 */
- if (err == MP_OKAY)
- err = mp_sqr(&t1, R->x);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(R->x, modulus, *mp);
-
- /* X = X - Y */
- if (err == MP_OKAY)
- err = mp_sub(R->x, R->y, R->x);
- if (err == MP_OKAY) {
- if (mp_cmp_d(R->x, 0) == MP_LT)
- err = mp_add(R->x, modulus, R->x);
- }
- /* X = X - Y */
- if (err == MP_OKAY)
- err = mp_sub(R->x, R->y, R->x);
- if (err == MP_OKAY) {
- if (mp_cmp_d(R->x, 0) == MP_LT)
- err = mp_add(R->x, modulus, R->x);
- }
- /* Y = Y - X */
- if (err == MP_OKAY)
- err = mp_sub(R->y, R->x, R->y);
- if (err == MP_OKAY) {
- if (mp_cmp_d(R->y, 0) == MP_LT)
- err = mp_add(R->y, modulus, R->y);
- }
- /* Y = Y * T1 */
- if (err == MP_OKAY)
- err = mp_mul(R->y, &t1, R->y);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(R->y, modulus, *mp);
-
- /* Y = Y - T2 */
- if (err == MP_OKAY)
- err = mp_sub(R->y, &t2, R->y);
- if (err == MP_OKAY) {
- if (mp_cmp_d(R->y, 0) == MP_LT)
- err = mp_add(R->y, modulus, R->y);
- }
-
- /* clean up */
- mp_clear(&t1);
- mp_clear(&t2);
-
- return err;
-}
-
-#endif /* USE_FAST_MATH */
-
-/**
- Map a projective jacbobian point back to affine space
- P [in/out] The point to map
- modulus The modulus of the field the ECC curve is in
- mp The "b" value from montgomery_setup()
- return MP_OKAY on success
-*/
-int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
-{
- mp_int t1;
- mp_int t2;
- int err;
-
- if (P == NULL || mp == NULL || modulus == NULL)
- return ECC_BAD_ARG_E;
-
- /* special case for point at infinity */
- if (mp_cmp_d(P->z, 0) == MP_EQ) {
- mp_set(P->x, 0);
- mp_set(P->y, 0);
- mp_set(P->z, 1);
- return MP_OKAY;
- }
-
- if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
- return MEMORY_E;
- }
-
- /* first map z back to normal */
- err = mp_montgomery_reduce(P->z, modulus, *mp);
-
- /* get 1/z */
- if (err == MP_OKAY)
- err = mp_invmod(P->z, modulus, &t1);
-
- /* get 1/z^2 and 1/z^3 */
- if (err == MP_OKAY)
- err = mp_sqr(&t1, &t2);
- if (err == MP_OKAY)
- err = mp_mod(&t2, modulus, &t2);
- if (err == MP_OKAY)
- err = mp_mul(&t1, &t2, &t1);
- if (err == MP_OKAY)
- err = mp_mod(&t1, modulus, &t1);
-
- /* multiply against x/y */
- if (err == MP_OKAY)
- err = mp_mul(P->x, &t2, P->x);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(P->x, modulus, *mp);
- if (err == MP_OKAY)
- err = mp_mul(P->y, &t1, P->y);
- if (err == MP_OKAY)
- err = mp_montgomery_reduce(P->y, modulus, *mp);
-
- if (err == MP_OKAY)
- mp_set(P->z, 1);
-
- /* clean up */
- mp_clear(&t1);
- mp_clear(&t2);
-
- return err;
-}
-
-
-#ifndef ECC_TIMING_RESISTANT
-
-/* size of sliding window, don't change this! */
-#define WINSIZE 4
-
-/**
- Perform a point multiplication
- k The scalar to multiply by
- G The base point
- R [out] Destination for kG
- modulus The modulus of the field the ECC curve is in
- map Boolean whether to map back to affine or not
- (1==map, 0 == leave in projective)
- return MP_OKAY on success
-*/
-#ifdef FP_ECC
-static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
- mp_int* modulus, int map)
-#else
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
- int map)
-#endif
-{
- ecc_point *tG, *M[8];
- int i, j, err;
- mp_int mu;
- mp_digit mp;
- mp_digit buf;
- int first = 1, bitbuf = 0, bitcpy = 0, bitcnt = 0, mode = 0,
- digidx = 0;
-
- if (k == NULL || G == NULL || R == NULL || modulus == NULL)
- return ECC_BAD_ARG_E;
-
- /* init montgomery reduction */
- if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) {
- return err;
- }
- if ((err = mp_init(&mu)) != MP_OKAY) {
- return err;
- }
- if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) {
- mp_clear(&mu);
- return err;
- }
-
- /* alloc ram for window temps */
- for (i = 0; i < 8; i++) {
- M[i] = ecc_new_point();
- if (M[i] == NULL) {
- for (j = 0; j < i; j++) {
- ecc_del_point(M[j]);
- }
- mp_clear(&mu);
- return MEMORY_E;
- }
- }
-
- /* make a copy of G incase R==G */
- tG = ecc_new_point();
- if (tG == NULL)
- err = MEMORY_E;
-
- /* tG = G and convert to montgomery */
- if (err == MP_OKAY) {
- if (mp_cmp_d(&mu, 1) == MP_EQ) {
- err = mp_copy(G->x, tG->x);
- if (err == MP_OKAY)
- err = mp_copy(G->y, tG->y);
- if (err == MP_OKAY)
- err = mp_copy(G->z, tG->z);
- } else {
- err = mp_mulmod(G->x, &mu, modulus, tG->x);
- if (err == MP_OKAY)
- err = mp_mulmod(G->y, &mu, modulus, tG->y);
- if (err == MP_OKAY)
- err = mp_mulmod(G->z, &mu, modulus, tG->z);
- }
- }
- mp_clear(&mu);
-
- /* calc the M tab, which holds kG for k==8..15 */
- /* M[0] == 8G */
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(tG, M[0], modulus, &mp);
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(M[0], M[0], modulus, &mp);
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(M[0], M[0], modulus, &mp);
-
- /* now find (8+k)G for k=1..7 */
- if (err == MP_OKAY)
- for (j = 9; j < 16; j++) {
- err = ecc_projective_add_point(M[j-9], tG, M[j-8], modulus, &mp);
- if (err != MP_OKAY) break;
- }
-
- /* setup sliding window */
- if (err == MP_OKAY) {
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = get_digit_count(k) - 1;
- bitcpy = bitbuf = 0;
- first = 1;
-
- /* perform ops */
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- if (digidx == -1) {
- break;
- }
- buf = get_digit(k, digidx);
- bitcnt = (int) DIGIT_BIT;
- --digidx;
- }
-
- /* grab the next msb from the ltiplicand */
- i = (int)(buf >> (DIGIT_BIT - 1)) & 1;
- buf <<= 1;
-
- /* skip leading zero bits */
- if (mode == 0 && i == 0)
- continue;
-
- /* if the bit is zero and mode == 1 then we double */
- if (mode == 1 && i == 0) {
- err = ecc_projective_dbl_point(R, R, modulus, &mp);
- if (err != MP_OKAY) break;
- continue;
- }
-
- /* else we add it to the window */
- bitbuf |= (i << (WINSIZE - ++bitcpy));
- mode = 2;
-
- if (bitcpy == WINSIZE) {
- /* if this is the first window we do a simple copy */
- if (first == 1) {
- /* R = kG [k = first window] */
- err = mp_copy(M[bitbuf-8]->x, R->x);
- if (err != MP_OKAY) break;
-
- err = mp_copy(M[bitbuf-8]->y, R->y);
- if (err != MP_OKAY) break;
-
- err = mp_copy(M[bitbuf-8]->z, R->z);
- first = 0;
- } else {
- /* normal window */
- /* ok window is filled so double as required and add */
- /* double first */
- for (j = 0; j < WINSIZE; j++) {
- err = ecc_projective_dbl_point(R, R, modulus, &mp);
- if (err != MP_OKAY) break;
- }
- if (err != MP_OKAY) break; /* out of first for(;;) */
-
- /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranted */
- err = ecc_projective_add_point(R,M[bitbuf-8],R,modulus,&mp);
- }
- if (err != MP_OKAY) break;
- /* empty window and reset */
- bitcpy = bitbuf = 0;
- mode = 1;
- }
- }
- }
-
- /* if bits remain then double/add */
- if (err == MP_OKAY) {
- if (mode == 2 && bitcpy > 0) {
- /* double then add */
- for (j = 0; j < bitcpy; j++) {
- /* only double if we have had at least one add first */
- if (first == 0) {
- err = ecc_projective_dbl_point(R, R, modulus, &mp);
- if (err != MP_OKAY) break;
- }
-
- bitbuf <<= 1;
- if ((bitbuf & (1 << WINSIZE)) != 0) {
- if (first == 1) {
- /* first add, so copy */
- err = mp_copy(tG->x, R->x);
- if (err != MP_OKAY) break;
-
- err = mp_copy(tG->y, R->y);
- if (err != MP_OKAY) break;
-
- err = mp_copy(tG->z, R->z);
- if (err != MP_OKAY) break;
- first = 0;
- } else {
- /* then add */
- err = ecc_projective_add_point(R, tG, R, modulus, &mp);
- if (err != MP_OKAY) break;
- }
- }
- }
- }
- }
-
- /* map R back from projective space */
- if (err == MP_OKAY && map)
- err = ecc_map(R, modulus, &mp);
-
- mp_clear(&mu);
- ecc_del_point(tG);
- for (i = 0; i < 8; i++) {
- ecc_del_point(M[i]);
- }
- return err;
-}
-
-#undef WINSIZE
-
-#else /* ECC_TIMING_RESISTANT */
-
-/**
- Perform a point multiplication (timing resistant)
- k The scalar to multiply by
- G The base point
- R [out] Destination for kG
- modulus The modulus of the field the ECC curve is in
- map Boolean whether to map back to affine or not
- (1==map, 0 == leave in projective)
- return MP_OKAY on success
-*/
-#ifdef FP_ECC
-static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
- mp_int* modulus, int map)
-#else
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
- int map)
-#endif
-{
- ecc_point *tG, *M[3];
- int i, j, err;
- mp_int mu;
- mp_digit mp;
- mp_digit buf;
- int bitcnt = 0, mode = 0, digidx = 0;
-
- if (k == NULL || G == NULL || R == NULL || modulus == NULL)
- return ECC_BAD_ARG_E;
-
- /* init montgomery reduction */
- if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) {
- return err;
- }
- if ((err = mp_init(&mu)) != MP_OKAY) {
- return err;
- }
- if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) {
- mp_clear(&mu);
- return err;
- }
-
- /* alloc ram for window temps */
- for (i = 0; i < 3; i++) {
- M[i] = ecc_new_point();
- if (M[i] == NULL) {
- for (j = 0; j < i; j++) {
- ecc_del_point(M[j]);
- }
- mp_clear(&mu);
- return MEMORY_E;
- }
- }
-
- /* make a copy of G incase R==G */
- tG = ecc_new_point();
- if (tG == NULL)
- err = MEMORY_E;
-
- /* tG = G and convert to montgomery */
- if (err == MP_OKAY) {
- err = mp_mulmod(G->x, &mu, modulus, tG->x);
- if (err == MP_OKAY)
- err = mp_mulmod(G->y, &mu, modulus, tG->y);
- if (err == MP_OKAY)
- err = mp_mulmod(G->z, &mu, modulus, tG->z);
- }
- mp_clear(&mu);
-
- /* calc the M tab */
- /* M[0] == G */
- if (err == MP_OKAY)
- err = mp_copy(tG->x, M[0]->x);
- if (err == MP_OKAY)
- err = mp_copy(tG->y, M[0]->y);
- if (err == MP_OKAY)
- err = mp_copy(tG->z, M[0]->z);
-
- /* M[1] == 2G */
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(tG, M[1], modulus, &mp);
-
- /* setup sliding window */
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = get_digit_count(k) - 1;
-
- /* perform ops */
- if (err == MP_OKAY) {
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- if (digidx == -1) {
- break;
- }
- buf = get_digit(k, digidx);
- bitcnt = (int) DIGIT_BIT;
- --digidx;
- }
-
- /* grab the next msb from the ltiplicand */
- i = (buf >> (DIGIT_BIT - 1)) & 1;
- buf <<= 1;
-
- if (mode == 0 && i == 0) {
- /* dummy operations */
- if (err == MP_OKAY)
- err = ecc_projective_add_point(M[0], M[1], M[2], modulus,
- &mp);
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(M[1], M[2], modulus, &mp);
- if (err == MP_OKAY)
- continue;
- }
-
- if (mode == 0 && i == 1) {
- mode = 1;
- /* dummy operations */
- if (err == MP_OKAY)
- err = ecc_projective_add_point(M[0], M[1], M[2], modulus,
- &mp);
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(M[1], M[2], modulus, &mp);
- if (err == MP_OKAY)
- continue;
- }
-
- if (err == MP_OKAY)
- err = ecc_projective_add_point(M[0], M[1], M[i^1], modulus, &mp);
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(M[i], M[i], modulus, &mp);
- if (err != MP_OKAY)
- break;
- } /* end for */
- }
-
- /* copy result out */
- if (err == MP_OKAY)
- err = mp_copy(M[0]->x, R->x);
- if (err == MP_OKAY)
- err = mp_copy(M[0]->y, R->y);
- if (err == MP_OKAY)
- err = mp_copy(M[0]->z, R->z);
-
- /* map R back from projective space */
- if (err == MP_OKAY && map)
- err = ecc_map(R, modulus, &mp);
-
- /* done */
- mp_clear(&mu);
- ecc_del_point(tG);
- for (i = 0; i < 3; i++) {
- ecc_del_point(M[i]);
- }
- return err;
-}
-
-#endif /* ECC_TIMING_RESISTANT */
-
-
-#ifdef ALT_ECC_SIZE
-
-static void alt_fp_init(fp_int* a)
-{
- a->size = FP_SIZE_ECC;
- fp_zero(a);
-}
-
-#endif /* ALT_ECC_SIZE */
-
-
-/**
- Allocate a new ECC point
- return A newly allocated point or NULL on error
-*/
-ecc_point* ecc_new_point(void)
-{
- ecc_point* p;
-
- p = (ecc_point*)XMALLOC(sizeof(ecc_point), 0, DYNAMIC_TYPE_ECC);
- if (p == NULL) {
- return NULL;
- }
- XMEMSET(p, 0, sizeof(ecc_point));
-
-#ifndef USE_FAST_MATH
- p->x->dp = NULL;
- p->y->dp = NULL;
- p->z->dp = NULL;
-#endif
-
-#ifndef ALT_ECC_SIZE
- if (mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL) != MP_OKAY) {
- XFREE(p, 0, DYNAMIC_TYPE_ECC);
- return NULL;
- }
-#else
- p->x = (mp_int*)&p->xyz[0];
- p->y = (mp_int*)&p->xyz[1];
- p->z = (mp_int*)&p->xyz[2];
- alt_fp_init(p->x);
- alt_fp_init(p->y);
- alt_fp_init(p->z);
-#endif
-
- return p;
-}
-
-/** Free an ECC point from memory
- p The point to free
-*/
-void ecc_del_point(ecc_point* p)
-{
- /* prevents free'ing null arguments */
- if (p != NULL) {
- mp_clear(p->x);
- mp_clear(p->y);
- mp_clear(p->z);
- XFREE(p, 0, DYNAMIC_TYPE_ECC);
- }
-}
-
-
-/** Returns whether an ECC idx is valid or not
- n The idx number to check
- return 1 if valid, 0 if not
-*/
-static int ecc_is_valid_idx(int n)
-{
- int x;
-
- for (x = 0; ecc_sets[x].size != 0; x++)
- ;
- /* -1 is a valid index --- indicating that the domain params
- were supplied by the user */
- if ((n >= -1) && (n < x)) {
- return 1;
- }
- return 0;
-}
-
-
-/**
- Create an ECC shared secret between two keys
- private_key The private ECC key
- public_key The public key
- out [out] Destination of the shared secret
- Conforms to EC-DH from ANSI X9.63
- outlen [in/out] The max size and resulting size of the shared secret
- return MP_OKAY if successful
-*/
-int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
- word32* outlen)
-{
- word32 x = 0;
- ecc_point* result;
- mp_int prime;
- int err;
-
- if (private_key == NULL || public_key == NULL || out == NULL ||
- outlen == NULL)
- return BAD_FUNC_ARG;
-
- /* type valid? */
- if (private_key->type != ECC_PRIVATEKEY) {
- return ECC_BAD_ARG_E;
- }
-
- if (ecc_is_valid_idx(private_key->idx) == 0 ||
- ecc_is_valid_idx(public_key->idx) == 0)
- return ECC_BAD_ARG_E;
-
- if (XSTRNCMP(private_key->dp->name, public_key->dp->name, ECC_MAXNAME) != 0)
- return ECC_BAD_ARG_E;
-
- /* make new point */
- result = ecc_new_point();
- if (result == NULL) {
- return MEMORY_E;
- }
-
- if ((err = mp_init(&prime)) != MP_OKAY) {
- ecc_del_point(result);
- return err;
- }
-
- err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
-
- if (err == MP_OKAY)
- err = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1);
-
- if (err == MP_OKAY) {
- x = mp_unsigned_bin_size(&prime);
- if (*outlen < x)
- err = BUFFER_E;
- }
-
- if (err == MP_OKAY) {
- XMEMSET(out, 0, x);
- err = mp_to_unsigned_bin(result->x,out + (x -
- mp_unsigned_bin_size(result->x)));
- *outlen = x;
- }
-
- mp_clear(&prime);
- ecc_del_point(result);
-
- return err;
-}
-
-
-/* return 1 if point is at infinity, 0 if not, < 0 on error */
-static int ecc_point_is_at_infinity(ecc_point* p)
-{
- if (p == NULL)
- return BAD_FUNC_ARG;
-
- if (get_digit_count(p->x) == 0 && get_digit_count(p->y) == 0)
- return 1;
-
- return 0;
-}
-
-
-int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp);
-
-/**
- Make a new ECC key
- rng An active RNG state
- keysize The keysize for the new key (in octets from 20 to 65 bytes)
- key [out] Destination of the newly created key
- return MP_OKAY if successful,
- upon error all allocated memory will be freed
-*/
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key)
-{
- int x, err;
-
- if (key == NULL || rng == NULL)
- return ECC_BAD_ARG_E;
-
- /* find key size */
- for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
- ;
- keysize = ecc_sets[x].size;
-
- if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
- return BAD_FUNC_ARG;
- }
- err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
- key->idx = x;
-
- return err;
-}
-
-int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
-{
- int err;
- ecc_point* base;
- mp_int prime;
- mp_int order;
-#ifdef WOLFSSL_SMALL_STACK
- byte* buf;
-#else
- byte buf[ECC_MAXSIZE];
-#endif
- int keysize;
- int po_init = 0; /* prime order Init flag for clear */
-
- if (key == NULL || rng == NULL || dp == NULL)
- return ECC_BAD_ARG_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- buf = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf == NULL)
- return MEMORY_E;
-#endif
-
- key->idx = -1;
- key->dp = dp;
- keysize = dp->size;
-
- /* allocate ram */
- base = NULL;
-
- /* make up random string */
- err = wc_RNG_GenerateBlock(rng, buf, keysize);
- if (err == 0)
- buf[0] |= 0x0c;
-
- /* setup the key variables */
- if (err == 0) {
-#ifndef ALT_ECC_SIZE
- err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z,
- &key->k, &prime, &order);
-#else
- key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
- key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
- key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
- alt_fp_init(key->pubkey.x);
- alt_fp_init(key->pubkey.y);
- alt_fp_init(key->pubkey.z);
- err = mp_init_multi(&key->k, &prime, &order, NULL, NULL, NULL);
-#endif
- if (err != MP_OKAY)
- err = MEMORY_E;
- else
- po_init = 1;
- }
-
- if (err == MP_OKAY) {
- base = ecc_new_point();
- if (base == NULL)
- err = MEMORY_E;
- }
-
- /* read in the specs for this key */
- if (err == MP_OKAY)
- err = mp_read_radix(&prime, (char *)key->dp->prime, 16);
- if (err == MP_OKAY)
- err = mp_read_radix(&order, (char *)key->dp->order, 16);
- if (err == MP_OKAY)
- err = mp_read_radix(base->x, (char *)key->dp->Gx, 16);
- if (err == MP_OKAY)
- err = mp_read_radix(base->y, (char *)key->dp->Gy, 16);
-
- if (err == MP_OKAY)
- mp_set(base->z, 1);
- if (err == MP_OKAY)
- err = mp_read_unsigned_bin(&key->k, (byte*)buf, keysize);
-
- /* the key should be smaller than the order of base point */
- if (err == MP_OKAY) {
- if (mp_cmp(&key->k, &order) != MP_LT)
- err = mp_mod(&key->k, &order, &key->k);
- }
- /* make the public key */
- if (err == MP_OKAY)
- err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
-
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- /* validate the public key, order * pubkey = point at infinity */
- if (err == MP_OKAY)
- err = ecc_check_pubkey_order(key, &prime, &order);
-#endif /* WOLFSSL_VALIDATE_KEYGEN */
-
- if (err == MP_OKAY)
- key->type = ECC_PRIVATEKEY;
-
- if (err != MP_OKAY) {
- /* clean up */
- mp_clear(key->pubkey.x);
- mp_clear(key->pubkey.y);
- mp_clear(key->pubkey.z);
- mp_clear(&key->k);
- }
- ecc_del_point(base);
- if (po_init) {
- mp_clear(&prime);
- mp_clear(&order);
- }
-
- ForceZero(buf, ECC_MAXSIZE);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return err;
-}
-
-
-/* Setup dynamic pointers is using normal math for proper freeing */
-int wc_ecc_init(ecc_key* key)
-{
- (void)key;
-
-#ifndef USE_FAST_MATH
- key->pubkey.x->dp = NULL;
- key->pubkey.y->dp = NULL;
- key->pubkey.z->dp = NULL;
-
- key->k.dp = NULL;
-#endif
-
-#ifdef ALT_ECC_SIZE
- if (mp_init(&key->k) != MP_OKAY)
- return MEMORY_E;
-
- key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
- key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
- key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
- alt_fp_init(key->pubkey.x);
- alt_fp_init(key->pubkey.y);
- alt_fp_init(key->pubkey.z);
-#endif
-
- return 0;
-}
-
-
-/**
- Sign a message digest
- in The message digest to sign
- inlen The length of the digest
- out [out] The destination for the signature
- outlen [in/out] The max size and resulting size of the signature
- key A private ECC key
- return MP_OKAY if successful
-*/
-int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
- RNG* rng, ecc_key* key)
-{
- mp_int r;
- mp_int s;
- mp_int e;
- mp_int p;
- int err;
-
- if (in == NULL || out == NULL || outlen == NULL || key == NULL || rng ==NULL)
- return ECC_BAD_ARG_E;
-
- /* is this a private key? */
- if (key->type != ECC_PRIVATEKEY) {
- return ECC_BAD_ARG_E;
- }
-
- /* is the IDX valid ? */
- if (ecc_is_valid_idx(key->idx) != 1) {
- return ECC_BAD_ARG_E;
- }
-
- /* get the hash and load it as a bignum into 'e' */
- /* init the bignums */
- if ((err = mp_init_multi(&r, &s, &p, &e, NULL, NULL)) != MP_OKAY) {
- return err;
- }
- err = mp_read_radix(&p, (char *)key->dp->order, 16);
-
- if (err == MP_OKAY) {
- /* we may need to truncate if hash is longer than key size */
- word32 orderBits = mp_count_bits(&p);
-
- /* truncate down to byte size, may be all that's needed */
- if ( (WOLFSSL_BIT_SIZE * inlen) > orderBits)
- inlen = (orderBits + WOLFSSL_BIT_SIZE - 1)/WOLFSSL_BIT_SIZE;
- err = mp_read_unsigned_bin(&e, (byte*)in, inlen);
-
- /* may still need bit truncation too */
- if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * inlen) > orderBits)
- mp_rshb(&e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
- }
-
- /* make up a key and export the public copy */
- if (err == MP_OKAY) {
- int loop_check = 0;
- ecc_key pubkey;
- wc_ecc_init(&pubkey);
- for (;;) {
- if (++loop_check > 64) {
- err = RNG_FAILURE_E;
- break;
- }
- err = wc_ecc_make_key_ex(rng, &pubkey, key->dp);
- if (err != MP_OKAY) break;
-
- /* find r = x1 mod n */
- err = mp_mod(pubkey.pubkey.x, &p, &r);
- if (err != MP_OKAY) break;
-
- if (mp_iszero(&r) == MP_YES) {
- mp_clear(pubkey.pubkey.x);
- mp_clear(pubkey.pubkey.y);
- mp_clear(pubkey.pubkey.z);
- mp_clear(&pubkey.k);
- }
- else {
- /* find s = (e + xr)/k */
- err = mp_invmod(&pubkey.k, &p, &pubkey.k);
- if (err != MP_OKAY) break;
-
- err = mp_mulmod(&key->k, &r, &p, &s); /* s = xr */
- if (err != MP_OKAY) break;
-
- err = mp_add(&e, &s, &s); /* s = e + xr */
- if (err != MP_OKAY) break;
-
- err = mp_mod(&s, &p, &s); /* s = e + xr */
- if (err != MP_OKAY) break;
-
- err = mp_mulmod(&s, &pubkey.k, &p, &s); /* s = (e + xr)/k */
- if (err != MP_OKAY) break;
-
- if (mp_iszero(&s) == MP_NO)
- break;
- }
- }
- wc_ecc_free(&pubkey);
- }
-
- /* store as SEQUENCE { r, s -- integer } */
- if (err == MP_OKAY)
- err = StoreECC_DSA_Sig(out, outlen, &r, &s);
-
- mp_clear(&r);
- mp_clear(&s);
- mp_clear(&p);
- mp_clear(&e);
-
- return err;
-}
-
-
-/**
- Free an ECC key from memory
- key The key you wish to free
-*/
-void wc_ecc_free(ecc_key* key)
-{
- if (key == NULL)
- return;
-
- mp_clear(key->pubkey.x);
- mp_clear(key->pubkey.y);
- mp_clear(key->pubkey.z);
- mp_clear(&key->k);
-}
-
-
-#ifdef USE_FAST_MATH
- #define GEN_MEM_ERR FP_MEM
-#else
- #define GEN_MEM_ERR MP_MEM
-#endif
-
-#ifdef ECC_SHAMIR
-
-/** Computes kA*A + kB*B = C using Shamir's Trick
- A First point to multiply
- kA What to multiple A by
- B Second point to multiply
- kB What to multiple B by
- C [out] Destination point (can overlap with A or B)
- modulus Modulus for curve
- return MP_OKAY on success
-*/
-#ifdef FP_ECC
-static int normal_ecc_mul2add(ecc_point* A, mp_int* kA,
- ecc_point* B, mp_int* kB,
- ecc_point* C, mp_int* modulus)
-#else
-static int ecc_mul2add(ecc_point* A, mp_int* kA,
- ecc_point* B, mp_int* kB,
- ecc_point* C, mp_int* modulus)
-#endif
-{
- ecc_point* precomp[16];
- unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble;
- unsigned char* tA;
- unsigned char* tB;
- int err = MP_OKAY, first;
- int muInit = 0;
- int tableInit = 0;
- mp_digit mp;
- mp_int mu;
-
- /* argchks */
- if (A == NULL || kA == NULL || B == NULL || kB == NULL || C == NULL ||
- modulus == NULL)
- return ECC_BAD_ARG_E;
-
-
- /* allocate memory */
- tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tA == NULL) {
- return GEN_MEM_ERR;
- }
- tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tB == NULL) {
- XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return GEN_MEM_ERR;
- }
- XMEMSET(tA, 0, ECC_BUFSIZE);
- XMEMSET(tB, 0, ECC_BUFSIZE);
-
- /* get sizes */
- lenA = mp_unsigned_bin_size(kA);
- lenB = mp_unsigned_bin_size(kB);
- len = MAX(lenA, lenB);
-
- /* sanity check */
- if ((lenA > ECC_BUFSIZE) || (lenB > ECC_BUFSIZE)) {
- err = BAD_FUNC_ARG;
- }
-
- if (err == MP_OKAY) {
- /* extract and justify kA */
- err = mp_to_unsigned_bin(kA, (len - lenA) + tA);
-
- /* extract and justify kB */
- if (err == MP_OKAY)
- err = mp_to_unsigned_bin(kB, (len - lenB) + tB);
-
- /* allocate the table */
- if (err == MP_OKAY) {
- for (x = 0; x < 16; x++) {
- precomp[x] = ecc_new_point();
- if (precomp[x] == NULL) {
- for (y = 0; y < x; ++y) {
- ecc_del_point(precomp[y]);
- }
- err = GEN_MEM_ERR;
- break;
- }
- }
- }
- }
-
- if (err == MP_OKAY)
- tableInit = 1;
-
- if (err == MP_OKAY)
- /* init montgomery reduction */
- err = mp_montgomery_setup(modulus, &mp);
-
- if (err == MP_OKAY)
- err = mp_init(&mu);
- if (err == MP_OKAY)
- muInit = 1;
-
- if (err == MP_OKAY)
- err = mp_montgomery_calc_normalization(&mu, modulus);
-
- if (err == MP_OKAY)
- /* copy ones ... */
- err = mp_mulmod(A->x, &mu, modulus, precomp[1]->x);
-
- if (err == MP_OKAY)
- err = mp_mulmod(A->y, &mu, modulus, precomp[1]->y);
- if (err == MP_OKAY)
- err = mp_mulmod(A->z, &mu, modulus, precomp[1]->z);
-
- if (err == MP_OKAY)
- err = mp_mulmod(B->x, &mu, modulus, precomp[1<<2]->x);
- if (err == MP_OKAY)
- err = mp_mulmod(B->y, &mu, modulus, precomp[1<<2]->y);
- if (err == MP_OKAY)
- err = mp_mulmod(B->z, &mu, modulus, precomp[1<<2]->z);
-
- if (err == MP_OKAY)
- /* precomp [i,0](A + B) table */
- err = ecc_projective_dbl_point(precomp[1], precomp[2], modulus, &mp);
-
- if (err == MP_OKAY)
- err = ecc_projective_add_point(precomp[1], precomp[2], precomp[3],
- modulus, &mp);
- if (err == MP_OKAY)
- /* precomp [0,i](A + B) table */
- err = ecc_projective_dbl_point(precomp[1<<2], precomp[2<<2], modulus, &mp);
-
- if (err == MP_OKAY)
- err = ecc_projective_add_point(precomp[1<<2], precomp[2<<2], precomp[3<<2],
- modulus, &mp);
-
- if (err == MP_OKAY) {
- /* precomp [i,j](A + B) table (i != 0, j != 0) */
- for (x = 1; x < 4; x++) {
- for (y = 1; y < 4; y++) {
- if (err == MP_OKAY)
- err = ecc_projective_add_point(precomp[x], precomp[(y<<2)],
- precomp[x+(y<<2)], modulus, &mp);
- }
- }
- }
-
- if (err == MP_OKAY) {
- nibble = 3;
- first = 1;
- bitbufA = tA[0];
- bitbufB = tB[0];
-
- /* for every byte of the multiplicands */
- for (x = -1;; ) {
- /* grab a nibble */
- if (++nibble == 4) {
- ++x; if (x == len) break;
- bitbufA = tA[x];
- bitbufB = tB[x];
- nibble = 0;
- }
-
- /* extract two bits from both, shift/update */
- nA = (bitbufA >> 6) & 0x03;
- nB = (bitbufB >> 6) & 0x03;
- bitbufA = (bitbufA << 2) & 0xFF;
- bitbufB = (bitbufB << 2) & 0xFF;
-
- /* if both zero, if first, continue */
- if ((nA == 0) && (nB == 0) && (first == 1)) {
- continue;
- }
-
- /* double twice, only if this isn't the first */
- if (first == 0) {
- /* double twice */
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(C, C, modulus, &mp);
- if (err == MP_OKAY)
- err = ecc_projective_dbl_point(C, C, modulus, &mp);
- else
- break;
- }
-
- /* if not both zero */
- if ((nA != 0) || (nB != 0)) {
- if (first == 1) {
- /* if first, copy from table */
- first = 0;
- if (err == MP_OKAY)
- err = mp_copy(precomp[nA + (nB<<2)]->x, C->x);
-
- if (err == MP_OKAY)
- err = mp_copy(precomp[nA + (nB<<2)]->y, C->y);
-
- if (err == MP_OKAY)
- err = mp_copy(precomp[nA + (nB<<2)]->z, C->z);
- else
- break;
- } else {
- /* if not first, add from table */
- if (err == MP_OKAY)
- err = ecc_projective_add_point(C, precomp[nA + (nB<<2)], C,
- modulus, &mp);
- else
- break;
- }
- }
- }
- }
-
- if (err == MP_OKAY)
- /* reduce to affine */
- err = ecc_map(C, modulus, &mp);
-
- /* clean up */
- if (muInit)
- mp_clear(&mu);
-
- if (tableInit) {
- for (x = 0; x < 16; x++) {
- ecc_del_point(precomp[x]);
- }
- }
- ForceZero(tA, ECC_BUFSIZE);
- ForceZero(tB, ECC_BUFSIZE);
- XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- return err;
-}
-
-
-#endif /* ECC_SHAMIR */
-
-
-
-/* verify
- *
- * w = s^-1 mod n
- * u1 = xw
- * u2 = rw
- * X = u1*G + u2*Q
- * v = X_x1 mod n
- * accept if v == r
- */
-
-/**
- Verify an ECC signature
- sig The signature to verify
- siglen The length of the signature (octets)
- hash The hash (message digest) that was signed
- hashlen The length of the hash (octets)
- stat Result of signature, 1==valid, 0==invalid
- key The corresponding public ECC key
- return MP_OKAY if successful (even if the signature is not valid)
-*/
-int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
- word32 hashlen, int* stat, ecc_key* key)
-{
- ecc_point *mG, *mQ;
- mp_int r;
- mp_int s;
- mp_int v;
- mp_int w;
- mp_int u1;
- mp_int u2;
- mp_int e;
- mp_int p;
- mp_int m;
- int err;
-
- if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
- return ECC_BAD_ARG_E;
-
- /* default to invalid signature */
- *stat = 0;
-
- /* is the IDX valid ? */
- if (ecc_is_valid_idx(key->idx) != 1) {
- return ECC_BAD_ARG_E;
- }
-
- /* allocate ints */
- if ((err = mp_init_multi(&v, &w, &u1, &u2, &p, &e)) != MP_OKAY) {
- return MEMORY_E;
- }
-
- if ((err = mp_init(&m)) != MP_OKAY) {
- mp_clear(&v);
- mp_clear(&w);
- mp_clear(&u1);
- mp_clear(&u2);
- mp_clear(&p);
- mp_clear(&e);
- return MEMORY_E;
- }
-
- /* allocate points */
- mG = ecc_new_point();
- mQ = ecc_new_point();
- if (mQ == NULL || mG == NULL)
- err = MEMORY_E;
-
- /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
- * If either of those don't allocate correctly, none of
- * the rest of this function will execute, and everything
- * gets cleaned up at the end. */
- XMEMSET(&r, 0, sizeof(r));
- XMEMSET(&s, 0, sizeof(s));
- if (err == MP_OKAY)
- err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
-
- /* get the order */
- if (err == MP_OKAY)
- err = mp_read_radix(&p, (char *)key->dp->order, 16);
-
- /* get the modulus */
- if (err == MP_OKAY)
- err = mp_read_radix(&m, (char *)key->dp->prime, 16);
-
- /* check for zero */
- if (err == MP_OKAY) {
- if (mp_iszero(&r) || mp_iszero(&s) || mp_cmp(&r, &p) != MP_LT ||
- mp_cmp(&s, &p) != MP_LT)
- err = MP_ZERO_E;
- }
- /* read hash */
- if (err == MP_OKAY) {
- /* we may need to truncate if hash is longer than key size */
- unsigned int orderBits = mp_count_bits(&p);
-
- /* truncate down to byte size, may be all that's needed */
- if ( (WOLFSSL_BIT_SIZE * hashlen) > orderBits)
- hashlen = (orderBits + WOLFSSL_BIT_SIZE - 1)/WOLFSSL_BIT_SIZE;
- err = mp_read_unsigned_bin(&e, hash, hashlen);
-
- /* may still need bit truncation too */
- if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * hashlen) > orderBits)
- mp_rshb(&e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
- }
-
- /* w = s^-1 mod n */
- if (err == MP_OKAY)
- err = mp_invmod(&s, &p, &w);
-
- /* u1 = ew */
- if (err == MP_OKAY)
- err = mp_mulmod(&e, &w, &p, &u1);
-
- /* u2 = rw */
- if (err == MP_OKAY)
- err = mp_mulmod(&r, &w, &p, &u2);
-
- /* find mG and mQ */
- if (err == MP_OKAY)
- err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16);
-
- if (err == MP_OKAY)
- err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16);
- if (err == MP_OKAY)
- mp_set(mG->z, 1);
-
- if (err == MP_OKAY)
- err = mp_copy(key->pubkey.x, mQ->x);
- if (err == MP_OKAY)
- err = mp_copy(key->pubkey.y, mQ->y);
- if (err == MP_OKAY)
- err = mp_copy(key->pubkey.z, mQ->z);
-
-#ifndef ECC_SHAMIR
- {
- mp_digit mp;
-
- /* compute u1*mG + u2*mQ = mG */
- if (err == MP_OKAY)
- err = ecc_mulmod(&u1, mG, mG, &m, 0);
- if (err == MP_OKAY)
- err = ecc_mulmod(&u2, mQ, mQ, &m, 0);
-
- /* find the montgomery mp */
- if (err == MP_OKAY)
- err = mp_montgomery_setup(&m, &mp);
-
- /* add them */
- if (err == MP_OKAY)
- err = ecc_projective_add_point(mQ, mG, mG, &m, &mp);
-
- /* reduce */
- if (err == MP_OKAY)
- err = ecc_map(mG, &m, &mp);
- }
-#else
- /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */
- if (err == MP_OKAY)
- err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m);
-#endif /* ECC_SHAMIR */
-
- /* v = X_x1 mod n */
- if (err == MP_OKAY)
- err = mp_mod(mG->x, &p, &v);
-
- /* does v == r */
- if (err == MP_OKAY) {
- if (mp_cmp(&v, &r) == MP_EQ)
- *stat = 1;
- }
-
- ecc_del_point(mG);
- ecc_del_point(mQ);
-
- mp_clear(&r);
- mp_clear(&s);
- mp_clear(&v);
- mp_clear(&w);
- mp_clear(&u1);
- mp_clear(&u2);
- mp_clear(&p);
- mp_clear(&e);
- mp_clear(&m);
-
- return err;
-}
-
-
-/* export public ECC key in ANSI X9.63 format */
-int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
-{
-#ifdef WOLFSSL_SMALL_STACK
- byte* buf;
-#else
- byte buf[ECC_BUFSIZE];
-#endif
- word32 numlen;
- int ret = MP_OKAY;
-
- /* return length needed only */
- if (key != NULL && out == NULL && outLen != NULL) {
- numlen = key->dp->size;
- *outLen = 1 + 2*numlen;
- return LENGTH_ONLY_E;
- }
-
- if (key == NULL || out == NULL || outLen == NULL)
- return ECC_BAD_ARG_E;
-
- if (ecc_is_valid_idx(key->idx) == 0) {
- return ECC_BAD_ARG_E;
- }
- numlen = key->dp->size;
-
- if (*outLen < (1 + 2*numlen)) {
- *outLen = 1 + 2*numlen;
- return BUFFER_E;
- }
-
- /* store byte 0x04 */
- out[0] = 0x04;
-
-#ifdef WOLFSSL_SMALL_STACK
- buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf == NULL)
- return MEMORY_E;
-#endif
-
- do {
- /* pad and store x */
- XMEMSET(buf, 0, ECC_BUFSIZE);
- ret = mp_to_unsigned_bin(key->pubkey.x,
- buf + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
- if (ret != MP_OKAY)
- break;
- XMEMCPY(out+1, buf, numlen);
-
- /* pad and store y */
- XMEMSET(buf, 0, ECC_BUFSIZE);
- ret = mp_to_unsigned_bin(key->pubkey.y,
- buf + (numlen - mp_unsigned_bin_size(key->pubkey.y)));
- if (ret != MP_OKAY)
- break;
- XMEMCPY(out+1+numlen, buf, numlen);
-
- *outLen = 1 + 2*numlen;
- } while (0);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* export public ECC key in ANSI X9.63 format, extended with
- * compression option */
-int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed)
-{
- if (compressed == 0)
- return wc_ecc_export_x963(key, out, outLen);
-#ifdef HAVE_COMP_KEY
- else
- return wc_ecc_export_x963_compressed(key, out, outLen);
-#endif
-
- return NOT_COMPILED_IN;
-}
-
-
-/* is ec point on curve descriped by dp ? */
-static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime)
-{
- mp_int b, t1, t2;
- int err;
-
- if ((err = mp_init_multi(&b, &t1, &t2, NULL, NULL, NULL)) != MP_OKAY) {
- return err;
- }
-
- /* load b */
- err = mp_read_radix(&b, dp->Bf, 16);
-
- /* compute y^2 */
- if (err == MP_OKAY)
- err = mp_sqr(ecp->y, &t1);
-
- /* compute x^3 */
- if (err == MP_OKAY)
- err = mp_sqr(ecp->x, &t2);
- if (err == MP_OKAY)
- err = mp_mod(&t2, prime, &t2);
- if (err == MP_OKAY)
- err = mp_mul(ecp->x, &t2, &t2);
-
- /* compute y^2 - x^3 */
- if (err == MP_OKAY)
- err = mp_sub(&t1, &t2, &t1);
-
- /* compute y^2 - x^3 + 3x */
- if (err == MP_OKAY)
- err = mp_add(&t1, ecp->x, &t1);
- if (err == MP_OKAY)
- err = mp_add(&t1, ecp->x, &t1);
- if (err == MP_OKAY)
- err = mp_add(&t1, ecp->x, &t1);
- if (err == MP_OKAY)
- err = mp_mod(&t1, prime, &t1);
-
- while (err == MP_OKAY && mp_cmp_d(&t1, 0) == MP_LT) {
- err = mp_add(&t1, prime, &t1);
- }
- while (err == MP_OKAY && mp_cmp(&t1, prime) != MP_LT) {
- err = mp_sub(&t1, prime, &t1);
- }
-
- /* compare to b */
- if (err == MP_OKAY) {
- if (mp_cmp(&t1, &b) != MP_EQ) {
- err = MP_VAL;
- } else {
- err = MP_OKAY;
- }
- }
-
- mp_clear(&b);
- mp_clear(&t1);
- mp_clear(&t2);
-
- return err;
-}
-
-
-/* validate privkey * generator == pubkey, 0 on success */
-static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
-{
- ecc_point* base = NULL;
- ecc_point* res = NULL;
- int err;
-
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- base = ecc_new_point();
- if (base == NULL)
- return MEMORY_E;
-
- /* set up base generator */
- err = mp_read_radix(base->x, (char*)key->dp->Gx, 16);
- if (err == MP_OKAY)
- err = mp_read_radix(base->y, (char*)key->dp->Gy, 16);
- if (err == MP_OKAY)
- mp_set(base->z, 1);
-
- if (err == MP_OKAY) {
- res = ecc_new_point();
- if (res == NULL)
- err = MEMORY_E;
- else {
- err = ecc_mulmod(&key->k, base, res, prime, 1);
- if (err == MP_OKAY) {
- /* compare result to public key */
- if (mp_cmp(res->x, key->pubkey.x) != MP_EQ ||
- mp_cmp(res->y, key->pubkey.y) != MP_EQ ||
- mp_cmp(res->z, key->pubkey.z) != MP_EQ) {
- /* didn't match */
- err = ECC_PRIV_KEY_E;
- }
- }
- }
- }
-
- ecc_del_point(res);
- ecc_del_point(base);
-
- return err;
-}
-
-
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
-
-/* check privkey generator helper, creates prime needed */
-static int ecc_check_privkey_gen_helper(ecc_key* key)
-{
- mp_int prime;
- int err;
-
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- err = mp_init(&prime);
- if (err != MP_OKAY)
- return err;
-
- err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
-
- if (err == MP_OKAY);
- err = ecc_check_privkey_gen(key, &prime);
-
- mp_clear(&prime);
-
- return err;
-}
-
-#endif /* WOLFSSL_VALIDATE_ECC_IMPORT */
-
-
-/* validate order * pubkey = point at infinity, 0 on success */
-static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order)
-{
- ecc_point* inf = NULL;
- int err;
-
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- inf = ecc_new_point();
- if (inf == NULL)
- err = MEMORY_E;
- else {
- err = ecc_mulmod(order, &key->pubkey, inf, prime, 1);
- if (err == MP_OKAY && !ecc_point_is_at_infinity(inf))
- err = ECC_INF_E;
- }
-
- ecc_del_point(inf);
-
- return err;
-}
-
-
-/* perform sanity checks on ec key validity, 0 on success */
-int wc_ecc_check_key(ecc_key* key)
-{
- mp_int prime; /* used by multiple calls so let's cache */
- mp_int order; /* other callers have, so let's gen here */
- int err;
-
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- /* pubkey point cannot be at inifinity */
- if (ecc_point_is_at_infinity(&key->pubkey))
- return ECC_INF_E;
-
- err = mp_init_multi(&prime, &order, NULL, NULL, NULL, NULL);
- if (err != MP_OKAY)
- return err;
-
- err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
-
- /* make sure point is actually on curve */
- if (err == MP_OKAY)
- err = ecc_is_point(key->dp, &key->pubkey, &prime);
-
- if (err == MP_OKAY)
- err = mp_read_radix(&order, (char*)key->dp->order, 16);
-
- /* pubkey * order must be at infinity */
- if (err == MP_OKAY)
- err = ecc_check_pubkey_order(key, &prime, &order);
-
- /* private * base generator must equal pubkey */
- if (err == MP_OKAY && key->type == ECC_PRIVATEKEY)
- err = ecc_check_privkey_gen(key, &prime);
-
- mp_clear(&order);
- mp_clear(&prime);
-
- return err;
-}
-
-
-/* import public ECC key in ANSI X9.63 format */
-int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
-{
- int x, err;
- int compressed = 0;
-
- if (in == NULL || key == NULL)
- return ECC_BAD_ARG_E;
-
- /* must be odd */
- if ((inLen & 1) == 0) {
- return ECC_BAD_ARG_E;
- }
-
- /* init key */
-#ifdef ALT_ECC_SIZE
- key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
- key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
- key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
- alt_fp_init(key->pubkey.x);
- alt_fp_init(key->pubkey.y);
- alt_fp_init(key->pubkey.z);
- err = mp_init(&key->k);
-#else
- err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, &key->k,
- NULL, NULL);
-#endif
- if (err != MP_OKAY)
- return MEMORY_E;
-
- /* check for 4, 2, or 3 */
- if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) {
- err = ASN_PARSE_E;
- }
-
- if (in[0] == 0x02 || in[0] == 0x03) {
-#ifdef HAVE_COMP_KEY
- compressed = 1;
-#else
- err = NOT_COMPILED_IN;
-#endif
- }
-
- if (err == MP_OKAY) {
- /* determine the idx */
-
- if (compressed)
- inLen = (inLen-1)*2 + 1; /* used uncompressed len */
-
- for (x = 0; ecc_sets[x].size != 0; x++) {
- if ((unsigned)ecc_sets[x].size >= ((inLen-1)>>1)) {
- break;
- }
- }
- if (ecc_sets[x].size == 0) {
- err = ASN_PARSE_E;
- } else {
- /* set the idx */
- key->idx = x;
- key->dp = &ecc_sets[x];
- key->type = ECC_PUBLICKEY;
- }
- }
-
- /* read data */
- if (err == MP_OKAY)
- err = mp_read_unsigned_bin(key->pubkey.x, (byte*)in+1, (inLen-1)>>1);
-
-#ifdef HAVE_COMP_KEY
- if (err == MP_OKAY && compressed == 1) { /* build y */
- mp_int t1, t2, prime, a, b;
-
- if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
- err = MEMORY_E;
-
- /* load prime */
- if (err == MP_OKAY)
- err = mp_read_radix(&prime, (char *)key->dp->prime, 16);
-
- /* load a */
- if (err == MP_OKAY)
- err = mp_read_radix(&a, (char *)key->dp->Af, 16);
-
- /* load b */
- if (err == MP_OKAY)
- err = mp_read_radix(&b, (char *)key->dp->Bf, 16);
-
- /* compute x^3 */
- if (err == MP_OKAY)
- err = mp_sqr(key->pubkey.x, &t1);
-
- if (err == MP_OKAY)
- err = mp_mulmod(&t1, key->pubkey.x, &prime, &t1);
-
- /* compute x^3 + a*x */
- if (err == MP_OKAY)
- err = mp_mulmod(&a, key->pubkey.x, &prime, &t2);
-
- if (err == MP_OKAY)
- err = mp_add(&t1, &t2, &t1);
-
- /* compute x^3 + a*x + b */
- if (err == MP_OKAY)
- err = mp_add(&t1, &b, &t1);
-
- /* compute sqrt(x^3 + a*x + b) */
- if (err == MP_OKAY)
- err = mp_sqrtmod_prime(&t1, &prime, &t2);
-
- /* adjust y */
- if (err == MP_OKAY) {
- if ((mp_isodd(&t2) && in[0] == 0x03) ||
- (!mp_isodd(&t2) && in[0] == 0x02)) {
- err = mp_mod(&t2, &prime, key->pubkey.y);
- }
- else {
- err = mp_submod(&prime, &t2, &prime, key->pubkey.y);
- }
- }
-
- mp_clear(&a);
- mp_clear(&b);
- mp_clear(&prime);
- mp_clear(&t2);
- mp_clear(&t1);
- }
-#endif
-
- if (err == MP_OKAY && compressed == 0)
- err = mp_read_unsigned_bin(key->pubkey.y, (byte*)in+1+((inLen-1)>>1),
- (inLen-1)>>1);
- if (err == MP_OKAY)
- mp_set(key->pubkey.z, 1);
-
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- if (err == MP_OKAY)
- err = wc_ecc_check_key(key);
-#endif
-
- if (err != MP_OKAY) {
- mp_clear(key->pubkey.x);
- mp_clear(key->pubkey.y);
- mp_clear(key->pubkey.z);
- mp_clear(&key->k);
- }
-
- return err;
-}
-
-
-/* export ecc private key only raw, outLen is in/out size
- return MP_OKAY on success */
-int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
-{
- word32 numlen;
-
- if (key == NULL || out == NULL || outLen == NULL)
- return ECC_BAD_ARG_E;
-
- if (ecc_is_valid_idx(key->idx) == 0) {
- return ECC_BAD_ARG_E;
- }
- numlen = key->dp->size;
-
- if (*outLen < numlen) {
- *outLen = numlen;
- return BUFFER_E;
- }
- *outLen = numlen;
- XMEMSET(out, 0, *outLen);
- return mp_to_unsigned_bin(&key->k, out + (numlen -
- mp_unsigned_bin_size(&key->k)));
-}
-
-
-/* ecc private key import, public key in ANSI X9.63 format, private raw */
-int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
- word32 pubSz, ecc_key* key)
-{
- int ret = wc_ecc_import_x963(pub, pubSz, key);
- if (ret != 0)
- return ret;
-
- key->type = ECC_PRIVATEKEY;
-
- ret = mp_read_unsigned_bin(&key->k, priv, privSz);
-
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- if (ret == MP_OKAY)
- ret = ecc_check_privkey_gen_helper(key);
-#endif
-
- return ret;
-}
-
-/**
- Convert ECC R,S to signature
- r R component of signature
- s S component of signature
- out DER-encoded ECDSA signature
- outlen [in/out] output buffer size, output signature size
- return MP_OKAY on success
-*/
-int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen)
-{
- int err;
- mp_int rtmp;
- mp_int stmp;
-
- if (r == NULL || s == NULL || out == NULL || outlen == NULL)
- return ECC_BAD_ARG_E;
-
- err = mp_init_multi(&rtmp, &stmp, NULL, NULL, NULL, NULL);
- if (err != MP_OKAY)
- return err;
-
- err = mp_read_radix(&rtmp, r, 16);
- if (err == MP_OKAY)
- err = mp_read_radix(&stmp, s, 16);
-
- /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */
- if (err == MP_OKAY)
- err = StoreECC_DSA_Sig(out, outlen, &rtmp, &stmp);
-
- if (err == MP_OKAY) {
- if (mp_iszero(&rtmp) || mp_iszero(&stmp))
- err = MP_ZERO_E;
- }
-
- mp_clear(&rtmp);
- mp_clear(&stmp);
-
- return err;
-}
-
-/**
- Import raw ECC key
- key The destination ecc_key structure
- qx x component of base point, as ASCII hex string
- qy y component of base point, as ASCII hex string
- d private key, as ASCII hex string
- curveName ECC curve name, from ecc_sets[]
- return MP_OKAY on success
-*/
-int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
- const char* d, const char* curveName)
-{
- int err, x;
-
- if (key == NULL || qx == NULL || qy == NULL || d == NULL ||
- curveName == NULL)
- return ECC_BAD_ARG_E;
-
- /* init key */
-#ifdef ALT_ECC_SIZE
- key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
- key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
- key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
- alt_fp_init(key->pubkey.x);
- alt_fp_init(key->pubkey.y);
- alt_fp_init(key->pubkey.z);
- err = mp_init(&key->k);
-#else
- err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, &key->k,
- NULL, NULL);
-#endif
- if (err != MP_OKAY)
- return MEMORY_E;
-
- /* read Qx */
- if (err == MP_OKAY)
- err = mp_read_radix(key->pubkey.x, qx, 16);
-
- /* read Qy */
- if (err == MP_OKAY)
- err = mp_read_radix(key->pubkey.y, qy, 16);
-
- if (err == MP_OKAY)
- mp_set(key->pubkey.z, 1);
-
- /* read and set the curve */
- if (err == MP_OKAY) {
- for (x = 0; ecc_sets[x].size != 0; x++) {
- if (XSTRNCMP(ecc_sets[x].name, curveName,
- XSTRLEN(curveName)) == 0) {
- break;
- }
- }
- if (ecc_sets[x].size == 0) {
- err = ASN_PARSE_E;
- } else {
- /* set the curve */
- key->idx = x;
- key->dp = &ecc_sets[x];
- key->type = ECC_PUBLICKEY;
- }
- }
-
- /* import private key */
- if (err == MP_OKAY) {
- key->type = ECC_PRIVATEKEY;
- err = mp_read_radix(&key->k, d, 16);
- }
-
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- if (err == MP_OKAY)
- err = wc_ecc_check_key(key);
-#endif
-
- if (err != MP_OKAY) {
- mp_clear(key->pubkey.x);
- mp_clear(key->pubkey.y);
- mp_clear(key->pubkey.z);
- mp_clear(&key->k);
- }
-
- return err;
-}
-
-
-/* key size in octets */
-int wc_ecc_size(ecc_key* key)
-{
- if (key == NULL) return 0;
-
- return key->dp->size;
-}
-
-
-/* worst case estimate, check actual return from wc_ecc_sign_hash for actual value
- of signature size in octets */
-int wc_ecc_sig_size(ecc_key* key)
-{
- int sz = wc_ecc_size(key);
- if (sz <= 0)
- return sz;
-
- return sz * 2 + SIG_HEADER_SZ + 4; /* (4) worst case estimate */
-}
-
-
-#ifdef FP_ECC
-
-/* fixed point ECC cache */
-/* number of entries in the cache */
-#ifndef FP_ENTRIES
- #define FP_ENTRIES 16
-#endif
-
-/* number of bits in LUT */
-#ifndef FP_LUT
- #define FP_LUT 8U
-#endif
-
-#ifdef ECC_SHAMIR
- /* Sharmir requires a bigger LUT, TAO */
- #if (FP_LUT > 12) || (FP_LUT < 4)
- #error FP_LUT must be between 4 and 12 inclusively
- #endif
-#else
- #if (FP_LUT > 12) || (FP_LUT < 2)
- #error FP_LUT must be between 2 and 12 inclusively
- #endif
-#endif
-
-
-/** Our FP cache */
-typedef struct {
- ecc_point* g; /* cached COPY of base point */
- ecc_point* LUT[1U<<FP_LUT]; /* fixed point lookup */
- mp_int mu; /* copy of the montgomery constant */
- int lru_count; /* amount of times this entry has been used */
- int lock; /* flag to indicate cache eviction */
- /* permitted (0) or not (1) */
-} fp_cache_t;
-
-/* if HAVE_THREAD_LS this cache is per thread, no locking needed */
-static THREAD_LS_T fp_cache_t fp_cache[FP_ENTRIES];
-
-#ifndef HAVE_THREAD_LS
- static volatile int initMutex = 0; /* prevent multiple mutex inits */
- static wolfSSL_Mutex ecc_fp_lock;
-#endif /* HAVE_THREAD_LS */
-
-/* simple table to help direct the generation of the LUT */
-static const struct {
- int ham, terma, termb;
-} lut_orders[] = {
- { 0, 0, 0 }, { 1, 0, 0 }, { 1, 0, 0 }, { 2, 1, 2 }, { 1, 0, 0 }, { 2, 1, 4 }, { 2, 2, 4 }, { 3, 3, 4 },
- { 1, 0, 0 }, { 2, 1, 8 }, { 2, 2, 8 }, { 3, 3, 8 }, { 2, 4, 8 }, { 3, 5, 8 }, { 3, 6, 8 }, { 4, 7, 8 },
- { 1, 0, 0 }, { 2, 1, 16 }, { 2, 2, 16 }, { 3, 3, 16 }, { 2, 4, 16 }, { 3, 5, 16 }, { 3, 6, 16 }, { 4, 7, 16 },
- { 2, 8, 16 }, { 3, 9, 16 }, { 3, 10, 16 }, { 4, 11, 16 }, { 3, 12, 16 }, { 4, 13, 16 }, { 4, 14, 16 }, { 5, 15, 16 },
- { 1, 0, 0 }, { 2, 1, 32 }, { 2, 2, 32 }, { 3, 3, 32 }, { 2, 4, 32 }, { 3, 5, 32 }, { 3, 6, 32 }, { 4, 7, 32 },
- { 2, 8, 32 }, { 3, 9, 32 }, { 3, 10, 32 }, { 4, 11, 32 }, { 3, 12, 32 }, { 4, 13, 32 }, { 4, 14, 32 }, { 5, 15, 32 },
- { 2, 16, 32 }, { 3, 17, 32 }, { 3, 18, 32 }, { 4, 19, 32 }, { 3, 20, 32 }, { 4, 21, 32 }, { 4, 22, 32 }, { 5, 23, 32 },
- { 3, 24, 32 }, { 4, 25, 32 }, { 4, 26, 32 }, { 5, 27, 32 }, { 4, 28, 32 }, { 5, 29, 32 }, { 5, 30, 32 }, { 6, 31, 32 },
-#if FP_LUT > 6
- { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 },
- { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 },
- { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 },
- { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 },
- { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 },
- { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 },
- { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 },
- { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 },
-#if FP_LUT > 7
- { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 },
- { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 },
- { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 },
- { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 },
- { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 },
- { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 },
- { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 },
- { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 },
- { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 },
- { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 },
- { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 },
- { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 },
- { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 },
- { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 },
- { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 },
- { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 },
-#if FP_LUT > 8
- { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 },
- { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 },
- { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 },
- { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 },
- { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 },
- { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 },
- { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 },
- { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 },
- { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 },
- { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 },
- { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 },
- { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 },
- { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 },
- { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 },
- { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 },
- { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 },
- { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 },
- { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 },
- { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 },
- { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 },
- { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 },
- { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 },
- { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 },
- { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 },
- { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 },
- { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 },
- { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 },
- { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 },
- { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 },
- { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 },
- { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 },
- { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 },
-#if FP_LUT > 9
- { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 },
- { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 },
- { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 },
- { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 },
- { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 },
- { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 },
- { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 },
- { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 },
- { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 },
- { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 },
- { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 },
- { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 },
- { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 },
- { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 },
- { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 },
- { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 },
- { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 },
- { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 },
- { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 },
- { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 },
- { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 },
- { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 },
- { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 },
- { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 },
- { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 },
- { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 },
- { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 },
- { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 },
- { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 },
- { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 },
- { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 },
- { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 },
- { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 },
- { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 },
- { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 },
- { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 },
- { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 },
- { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 },
- { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 },
- { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 },
- { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 },
- { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 },
- { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 },
- { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 },
- { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 },
- { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 },
- { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 },
- { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 },
- { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 },
- { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 },
- { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 },
- { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 },
- { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 },
- { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 },
- { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 },
- { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 },
- { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 },
- { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 },
- { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 },
- { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 },
- { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 },
- { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 },
- { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 },
- { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 },
-#if FP_LUT > 10
- { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 },
- { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 },
- { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 },
- { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 },
- { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 },
- { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 },
- { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 },
- { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 },
- { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 },
- { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 },
- { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 },
- { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 },
- { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 },
- { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 },
- { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 },
- { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 },
- { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 },
- { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 },
- { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 },
- { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 },
- { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 },
- { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 },
- { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 },
- { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 },
- { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 },
- { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 },
- { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 },
- { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 },
- { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 },
- { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 },
- { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 },
- { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 },
- { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 },
- { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 },
- { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 },
- { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 },
- { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 },
- { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 },
- { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 },
- { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 },
- { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 },
- { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 },
- { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 },
- { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 },
- { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 },
- { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 },
- { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 },
- { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 },
- { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 },
- { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 },
- { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 },
- { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 },
- { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 },
- { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 },
- { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 },
- { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 },
- { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 },
- { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 },
- { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 },
- { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 },
- { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 },
- { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 },
- { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 },
- { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 },
- { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 },
- { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 },
- { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 },
- { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 },
- { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 },
- { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 },
- { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 },
- { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 },
- { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 },
- { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 },
- { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 },
- { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 },
- { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 },
- { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 },
- { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 },
- { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 },
- { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 },
- { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 },
- { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 },
- { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 },
- { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 },
- { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 },
- { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 },
- { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 },
- { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 },
- { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 },
- { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 },
- { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 },
- { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 },
- { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 },
- { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 },
- { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 },
- { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 },
- { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 },
- { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 },
- { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 },
- { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 },
- { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 },
- { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 },
- { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 },
- { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 },
- { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 },
- { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 },
- { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 },
- { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 },
- { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 },
- { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 },
- { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 },
- { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 },
- { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 },
- { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 },
- { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 },
- { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 },
- { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 },
- { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 },
- { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 },
- { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 },
- { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 },
- { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 },
- { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 },
- { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 },
- { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 },
- { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 },
- { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 },
-#if FP_LUT > 11
- { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 },
- { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 },
- { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 },
- { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 },
- { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 },
- { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 },
- { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 },
- { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 },
- { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 },
- { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 },
- { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 },
- { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 },
- { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 },
- { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 },
- { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 },
- { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 },
- { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 },
- { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 },
- { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 },
- { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 },
- { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 },
- { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 },
- { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 },
- { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 },
- { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 },
- { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 },
- { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 },
- { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 },
- { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 },
- { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 },
- { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 },
- { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 },
- { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 },
- { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 },
- { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 },
- { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 },
- { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 },
- { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 },
- { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 },
- { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 },
- { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 },
- { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 },
- { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 },
- { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 },
- { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 },
- { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 },
- { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 },
- { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 },
- { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 },
- { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 },
- { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 },
- { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 },
- { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 },
- { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 },
- { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 },
- { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 },
- { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 },
- { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 },
- { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 },
- { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 },
- { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 },
- { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 },
- { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 },
- { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 },
- { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 },
- { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 },
- { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 },
- { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 },
- { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 },
- { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 },
- { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 },
- { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 },
- { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 },
- { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 },
- { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 },
- { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 },
- { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 },
- { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 },
- { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 },
- { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 },
- { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 },
- { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 },
- { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 },
- { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 },
- { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 },
- { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 },
- { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 },
- { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 },
- { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 },
- { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 },
- { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 },
- { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 },
- { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 },
- { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 },
- { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 },
- { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 },
- { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 },
- { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 },
- { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 },
- { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 },
- { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 },
- { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 },
- { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 },
- { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 },
- { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 },
- { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 },
- { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 },
- { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 },
- { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 },
- { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 },
- { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 },
- { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 },
- { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 },
- { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 },
- { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 },
- { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 },
- { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 },
- { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 },
- { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 },
- { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 },
- { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 },
- { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 },
- { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 },
- { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 },
- { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 },
- { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 },
- { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 },
- { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 },
- { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 },
- { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 },
- { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 },
- { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 },
- { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 },
- { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 },
- { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 },
- { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 },
- { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 },
- { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 },
- { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 },
- { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 },
- { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 },
- { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 },
- { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 },
- { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 },
- { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 },
- { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 },
- { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 },
- { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 },
- { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 },
- { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 },
- { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 },
- { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 },
- { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 },
- { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 },
- { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 },
- { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 },
- { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 },
- { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 },
- { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 },
- { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 },
- { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 },
- { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 },
- { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 },
- { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 },
- { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 },
- { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 },
- { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 },
- { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 },
- { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 },
- { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 },
- { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 },
- { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 },
- { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 },
- { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 },
- { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 },
- { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 },
- { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 },
- { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 },
- { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 },
- { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 },
- { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 },
- { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 },
- { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 },
- { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 },
- { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 },
- { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 },
- { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 },
- { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 },
- { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 },
- { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 },
- { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 },
- { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 },
- { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 },
- { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 },
- { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 },
- { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 },
- { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 },
- { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 },
- { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 },
- { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 },
- { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 },
- { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 },
- { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 },
- { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 },
- { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 },
- { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 },
- { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 },
- { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 },
- { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 },
- { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 },
- { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 },
- { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 },
- { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 },
- { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 },
- { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 },
- { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 },
- { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 },
- { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 },
- { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 },
- { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 },
- { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 },
- { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 },
- { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 },
- { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 },
- { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 },
- { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 },
- { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 },
- { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 },
- { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 },
- { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 },
- { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 },
- { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 },
- { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 },
- { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 },
- { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 },
- { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 },
- { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 },
- { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 },
- { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 },
- { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 },
- { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 },
- { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 },
- { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 },
- { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 },
- { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 },
- { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 },
- { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 },
- { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 },
- { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 },
- { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 },
- { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 },
- { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 },
- { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 },
- { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 },
- { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 },
- { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 },
-#endif
-#endif
-#endif
-#endif
-#endif
-#endif
-};
-
-/* find a hole and free as required, return -1 if no hole found */
-static int find_hole(void)
-{
- unsigned x;
- int y, z;
- for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) {
- if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) {
- z = x;
- y = fp_cache[x].lru_count;
- }
- }
-
- /* decrease all */
- for (x = 0; x < FP_ENTRIES; x++) {
- if (fp_cache[x].lru_count > 3) {
- --(fp_cache[x].lru_count);
- }
- }
-
- /* free entry z */
- if (z >= 0 && fp_cache[z].g) {
- mp_clear(&fp_cache[z].mu);
- ecc_del_point(fp_cache[z].g);
- fp_cache[z].g = NULL;
- for (x = 0; x < (1U<<FP_LUT); x++) {
- ecc_del_point(fp_cache[z].LUT[x]);
- fp_cache[z].LUT[x] = NULL;
- }
- fp_cache[z].lru_count = 0;
- }
- return z;
-}
-
-/* determine if a base is already in the cache and if so, where */
-static int find_base(ecc_point* g)
-{
- int x;
- for (x = 0; x < FP_ENTRIES; x++) {
- if (fp_cache[x].g != NULL &&
- mp_cmp(fp_cache[x].g->x, g->x) == MP_EQ &&
- mp_cmp(fp_cache[x].g->y, g->y) == MP_EQ &&
- mp_cmp(fp_cache[x].g->z, g->z) == MP_EQ) {
- break;
- }
- }
- if (x == FP_ENTRIES) {
- x = -1;
- }
- return x;
-}
-
-/* add a new base to the cache */
-static int add_entry(int idx, ecc_point *g)
-{
- unsigned x, y;
-
- /* allocate base and LUT */
- fp_cache[idx].g = ecc_new_point();
- if (fp_cache[idx].g == NULL) {
- return GEN_MEM_ERR;
- }
-
- /* copy x and y */
- if ((mp_copy(g->x, fp_cache[idx].g->x) != MP_OKAY) ||
- (mp_copy(g->y, fp_cache[idx].g->y) != MP_OKAY) ||
- (mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) {
- ecc_del_point(fp_cache[idx].g);
- fp_cache[idx].g = NULL;
- return GEN_MEM_ERR;
- }
-
- for (x = 0; x < (1U<<FP_LUT); x++) {
- fp_cache[idx].LUT[x] = ecc_new_point();
- if (fp_cache[idx].LUT[x] == NULL) {
- for (y = 0; y < x; y++) {
- ecc_del_point(fp_cache[idx].LUT[y]);
- fp_cache[idx].LUT[y] = NULL;
- }
- ecc_del_point(fp_cache[idx].g);
- fp_cache[idx].g = NULL;
- fp_cache[idx].lru_count = 0;
- return GEN_MEM_ERR;
- }
- }
-
- fp_cache[idx].lru_count = 0;
-
- return MP_OKAY;
-}
-
-/* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart
- *
- * The algorithm builds patterns in increasing bit order by first making all
- * single bit input patterns, then all two bit input patterns and so on
- */
-static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
-{
- unsigned x, y, err, bitlen, lut_gap;
- mp_int tmp;
-
- if (mp_init(&tmp) != MP_OKAY)
- return GEN_MEM_ERR;
-
- /* sanity check to make sure lut_order table is of correct size,
- should compile out to a NOP if true */
- if ((sizeof(lut_orders) / sizeof(lut_orders[0])) < (1U<<FP_LUT)) {
- err = BAD_FUNC_ARG;
- }
- else {
- /* get bitlen and round up to next multiple of FP_LUT */
- bitlen = mp_unsigned_bin_size(modulus) << 3;
- x = bitlen % FP_LUT;
- if (x) {
- bitlen += FP_LUT - x;
- }
- lut_gap = bitlen / FP_LUT;
-
- /* init the mu */
- err = mp_init_copy(&fp_cache[idx].mu, mu);
- }
-
- /* copy base */
- if (err == MP_OKAY) {
- if ((mp_mulmod(fp_cache[idx].g->x, mu, modulus,
- fp_cache[idx].LUT[1]->x) != MP_OKAY) ||
- (mp_mulmod(fp_cache[idx].g->y, mu, modulus,
- fp_cache[idx].LUT[1]->y) != MP_OKAY) ||
- (mp_mulmod(fp_cache[idx].g->z, mu, modulus,
- fp_cache[idx].LUT[1]->z) != MP_OKAY)) {
- err = MP_MULMOD_E;
- }
- }
-
- /* make all single bit entries */
- for (x = 1; x < FP_LUT; x++) {
- if (err != MP_OKAY)
- break;
- if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x,
- fp_cache[idx].LUT[1<<x]->x) != MP_OKAY) ||
- (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y,
- fp_cache[idx].LUT[1<<x]->y) != MP_OKAY) ||
- (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z,
- fp_cache[idx].LUT[1<<x]->z) != MP_OKAY)){
- err = MP_INIT_E;
- break;
- } else {
-
- /* now double it bitlen/FP_LUT times */
- for (y = 0; y < lut_gap; y++) {
- if ((err = ecc_projective_dbl_point(fp_cache[idx].LUT[1<<x],
- fp_cache[idx].LUT[1<<x], modulus, mp)) != MP_OKAY) {
- break;
- }
- }
- }
- }
-
- /* now make all entries in increase order of hamming weight */
- for (x = 2; x <= FP_LUT; x++) {
- if (err != MP_OKAY)
- break;
- for (y = 0; y < (1UL<<FP_LUT); y++) {
- if (err != MP_OKAY)
- break;
- if (lut_orders[y].ham != (int)x) continue;
-
- /* perform the add */
- if ((err = ecc_projective_add_point(
- fp_cache[idx].LUT[lut_orders[y].terma],
- fp_cache[idx].LUT[lut_orders[y].termb],
- fp_cache[idx].LUT[y], modulus, mp)) != MP_OKAY) {
- break;
- }
- }
- }
-
- /* now map all entries back to affine space to make point addition faster */
- for (x = 1; x < (1UL<<FP_LUT); x++) {
- if (err != MP_OKAY)
- break;
-
- /* convert z to normal from montgomery */
- err = mp_montgomery_reduce(fp_cache[idx].LUT[x]->z, modulus, *mp);
-
- /* invert it */
- if (err == MP_OKAY)
- err = mp_invmod(fp_cache[idx].LUT[x]->z, modulus,
- fp_cache[idx].LUT[x]->z);
-
- if (err == MP_OKAY)
- /* now square it */
- err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, &tmp);
-
- if (err == MP_OKAY)
- /* fix x */
- err = mp_mulmod(fp_cache[idx].LUT[x]->x, &tmp, modulus,
- fp_cache[idx].LUT[x]->x);
-
- if (err == MP_OKAY)
- /* get 1/z^3 */
- err = mp_mulmod(&tmp, fp_cache[idx].LUT[x]->z, modulus, &tmp);
-
- if (err == MP_OKAY)
- /* fix y */
- err = mp_mulmod(fp_cache[idx].LUT[x]->y, &tmp, modulus,
- fp_cache[idx].LUT[x]->y);
-
- if (err == MP_OKAY)
- /* free z */
- mp_clear(fp_cache[idx].LUT[x]->z);
- }
- mp_clear(&tmp);
-
- if (err == MP_OKAY)
- return MP_OKAY;
-
- /* err cleanup */
- for (y = 0; y < (1U<<FP_LUT); y++) {
- ecc_del_point(fp_cache[idx].LUT[y]);
- fp_cache[idx].LUT[y] = NULL;
- }
- ecc_del_point(fp_cache[idx].g);
- fp_cache[idx].g = NULL;
- fp_cache[idx].lru_count = 0;
- mp_clear(&fp_cache[idx].mu);
- mp_clear(&tmp);
-
- return err;
-}
-
-/* perform a fixed point ECC mulmod */
-static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus,
- mp_digit* mp, int map)
-{
-#define KB_SIZE 128
-
-#ifdef WOLFSSL_SMALL_STACK
- unsigned char* kb;
-#else
- unsigned char kb[128];
-#endif
- int x;
- unsigned y, z, err, bitlen, bitpos, lut_gap, first;
- mp_int tk;
-
- if (mp_init(&tk) != MP_OKAY)
- return MP_INIT_E;
-
- /* if it's smaller than modulus we fine */
- if (mp_unsigned_bin_size(k) > mp_unsigned_bin_size(modulus)) {
- mp_int order;
- if (mp_init(&order) != MP_OKAY) {
- mp_clear(&tk);
- return MP_INIT_E;
- }
-
- /* find order */
- y = mp_unsigned_bin_size(modulus);
- for (x = 0; ecc_sets[x].size; x++) {
- if (y <= (unsigned)ecc_sets[x].size) break;
- }
-
- /* back off if we are on the 521 bit curve */
- if (y == 66) --x;
-
- if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
- mp_clear(&order);
- mp_clear(&tk);
- return err;
- }
-
- /* k must be less than modulus */
- if (mp_cmp(k, &order) != MP_LT) {
- if ((err = mp_mod(k, &order, &tk)) != MP_OKAY) {
- mp_clear(&tk);
- mp_clear(&order);
- return err;
- }
- } else {
- mp_copy(k, &tk);
- }
- mp_clear(&order);
- } else {
- mp_copy(k, &tk);
- }
-
- /* get bitlen and round up to next multiple of FP_LUT */
- bitlen = mp_unsigned_bin_size(modulus) << 3;
- x = bitlen % FP_LUT;
- if (x) {
- bitlen += FP_LUT - x;
- }
- lut_gap = bitlen / FP_LUT;
-
- /* get the k value */
- if (mp_unsigned_bin_size(&tk) > (int)(KB_SIZE - 2)) {
- mp_clear(&tk);
- return BUFFER_E;
- }
-
- /* store k */
-#ifdef WOLFSSL_SMALL_STACK
- kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (kb == NULL)
- return MEMORY_E;
-#endif
-
- XMEMSET(kb, 0, KB_SIZE);
- if ((err = mp_to_unsigned_bin(&tk, kb)) != MP_OKAY) {
- mp_clear(&tk);
- }
- else {
- /* let's reverse kb so it's little endian */
- x = 0;
- y = mp_unsigned_bin_size(&tk) - 1;
- mp_clear(&tk);
-
- while ((unsigned)x < y) {
- z = kb[x]; kb[x] = kb[y]; kb[y] = z;
- ++x; --y;
- }
-
- /* at this point we can start, yipee */
- first = 1;
- for (x = lut_gap-1; x >= 0; x--) {
- /* extract FP_LUT bits from kb spread out by lut_gap bits and offset
- by x bits from the start */
- bitpos = x;
- for (y = z = 0; y < FP_LUT; y++) {
- z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y;
- bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid
- the mult in each loop */
- }
-
- /* double if not first */
- if (!first) {
- if ((err = ecc_projective_dbl_point(R, R, modulus,
- mp)) != MP_OKAY) {
- break;
- }
- }
-
- /* add if not first, otherwise copy */
- if (!first && z) {
- if ((err = ecc_projective_add_point(R, fp_cache[idx].LUT[z], R,
- modulus, mp)) != MP_OKAY) {
- break;
- }
- } else if (z) {
- if ((mp_copy(fp_cache[idx].LUT[z]->x, R->x) != MP_OKAY) ||
- (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != MP_OKAY) ||
- (mp_copy(&fp_cache[idx].mu, R->z) != MP_OKAY)) {
- err = GEN_MEM_ERR;
- break;
- }
- first = 0;
- }
- }
- }
-
- if (err == MP_OKAY) {
- z = 0;
- ForceZero(kb, KB_SIZE);
- /* map R back from projective space */
- if (map) {
- err = ecc_map(R, modulus, mp);
- } else {
- err = MP_OKAY;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(kb, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-#undef KB_SIZE
-
- return err;
-}
-
-#ifdef ECC_SHAMIR
-/* perform a fixed point ECC mulmod */
-static int accel_fp_mul2add(int idx1, int idx2,
- mp_int* kA, mp_int* kB,
- ecc_point *R, mp_int* modulus, mp_digit* mp)
-{
-#define KB_SIZE 128
-
-#ifdef WOLFSSL_SMALL_STACK
- unsigned char* kb[2];
-#else
- unsigned char kb[2][128];
-#endif
- int x;
- unsigned y, z, err, bitlen, bitpos, lut_gap, first, zA, zB;
- mp_int tka;
- mp_int tkb;
- mp_int order;
-
- if (mp_init_multi(&tka, &tkb, 0, 0, 0, 0) != MP_OKAY)
- return MP_INIT_E;
-
- /* if it's smaller than modulus we fine */
- if (mp_unsigned_bin_size(kA) > mp_unsigned_bin_size(modulus)) {
- /* find order */
- y = mp_unsigned_bin_size(modulus);
- for (x = 0; ecc_sets[x].size; x++) {
- if (y <= (unsigned)ecc_sets[x].size) break;
- }
-
- /* back off if we are on the 521 bit curve */
- if (y == 66) --x;
-
- if ((err = mp_init(&order)) != MP_OKAY) {
- mp_clear(&tkb);
- mp_clear(&tka);
- return err;
- }
- if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
- mp_clear(&tkb);
- mp_clear(&tka);
- mp_clear(&order);
- return err;
- }
-
- /* kA must be less than modulus */
- if (mp_cmp(kA, &order) != MP_LT) {
- if ((err = mp_mod(kA, &order, &tka)) != MP_OKAY) {
- mp_clear(&tkb);
- mp_clear(&tka);
- mp_clear(&order);
- return err;
- }
- } else {
- mp_copy(kA, &tka);
- }
- mp_clear(&order);
- } else {
- mp_copy(kA, &tka);
- }
-
- /* if it's smaller than modulus we fine */
- if (mp_unsigned_bin_size(kB) > mp_unsigned_bin_size(modulus)) {
- /* find order */
- y = mp_unsigned_bin_size(modulus);
- for (x = 0; ecc_sets[x].size; x++) {
- if (y <= (unsigned)ecc_sets[x].size) break;
- }
-
- /* back off if we are on the 521 bit curve */
- if (y == 66) --x;
-
- if ((err = mp_init(&order)) != MP_OKAY) {
- mp_clear(&tkb);
- mp_clear(&tka);
- return err;
- }
- if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
- mp_clear(&tkb);
- mp_clear(&tka);
- mp_clear(&order);
- return err;
- }
-
- /* kB must be less than modulus */
- if (mp_cmp(kB, &order) != MP_LT) {
- if ((err = mp_mod(kB, &order, &tkb)) != MP_OKAY) {
- mp_clear(&tkb);
- mp_clear(&tka);
- mp_clear(&order);
- return err;
- }
- } else {
- mp_copy(kB, &tkb);
- }
- mp_clear(&order);
- } else {
- mp_copy(kB, &tkb);
- }
-
- /* get bitlen and round up to next multiple of FP_LUT */
- bitlen = mp_unsigned_bin_size(modulus) << 3;
- x = bitlen % FP_LUT;
- if (x) {
- bitlen += FP_LUT - x;
- }
- lut_gap = bitlen / FP_LUT;
-
- /* get the k value */
- if ((mp_unsigned_bin_size(&tka) > (int)(KB_SIZE - 2)) ||
- (mp_unsigned_bin_size(&tkb) > (int)(KB_SIZE - 2)) ) {
- mp_clear(&tka);
- mp_clear(&tkb);
- return BUFFER_E;
- }
-
- /* store k */
-#ifdef WOLFSSL_SMALL_STACK
- kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (kb[0] == NULL)
- return MEMORY_E;
-#endif
-
- XMEMSET(kb[0], 0, KB_SIZE);
- if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) {
- mp_clear(&tka);
- mp_clear(&tkb);
- XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return err;
- }
-
- /* let's reverse kb so it's little endian */
- x = 0;
- y = mp_unsigned_bin_size(&tka) - 1;
- mp_clear(&tka);
- while ((unsigned)x < y) {
- z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z;
- ++x; --y;
- }
-
- /* store b */
-#ifdef WOLFSSL_SMALL_STACK
- kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (kb[1] == NULL) {
- XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- XMEMSET(kb[1], 0, KB_SIZE);
- if ((err = mp_to_unsigned_bin(&tkb, kb[1])) != MP_OKAY) {
- mp_clear(&tkb);
- }
- else {
- x = 0;
- y = mp_unsigned_bin_size(&tkb) - 1;
- mp_clear(&tkb);
- while ((unsigned)x < y) {
- z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z;
- ++x; --y;
- }
-
- /* at this point we can start, yipee */
- first = 1;
- for (x = lut_gap-1; x >= 0; x--) {
- /* extract FP_LUT bits from kb spread out by lut_gap bits and
- offset by x bits from the start */
- bitpos = x;
- for (y = zA = zB = 0; y < FP_LUT; y++) {
- zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y;
- zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y;
- bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid
- the mult in each loop */
- }
-
- /* double if not first */
- if (!first) {
- if ((err = ecc_projective_dbl_point(R, R, modulus,
- mp)) != MP_OKAY) {
- break;
- }
- }
-
- /* add if not first, otherwise copy */
- if (!first) {
- if (zA) {
- if ((err = ecc_projective_add_point(R, fp_cache[idx1].LUT[zA],
- R, modulus, mp)) != MP_OKAY) {
- break;
- }
- }
- if (zB) {
- if ((err = ecc_projective_add_point(R, fp_cache[idx2].LUT[zB],
- R, modulus, mp)) != MP_OKAY) {
- break;
- }
- }
- } else {
- if (zA) {
- if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != MP_OKAY) ||
- (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != MP_OKAY) ||
- (mp_copy(&fp_cache[idx1].mu, R->z) != MP_OKAY)) {
- err = GEN_MEM_ERR;
- break;
- }
- first = 0;
- }
- if (zB && first == 0) {
- if (zB) {
- if ((err = ecc_projective_add_point(R,
- fp_cache[idx2].LUT[zB], R, modulus, mp)) != MP_OKAY){
- break;
- }
- }
- } else if (zB && first == 1) {
- if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != MP_OKAY) ||
- (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != MP_OKAY) ||
- (mp_copy(&fp_cache[idx2].mu, R->z) != MP_OKAY)) {
- err = GEN_MEM_ERR;
- break;
- }
- first = 0;
- }
- }
- }
- }
-
- ForceZero(kb[0], KB_SIZE);
- ForceZero(kb[1], KB_SIZE);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(kb[1], NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-#undef KB_SIZE
-
- return ecc_map(R, modulus, mp);
-}
-
-/** ECC Fixed Point mulmod global
- Computes kA*A + kB*B = C using Shamir's Trick
- A First point to multiply
- kA What to multiple A by
- B Second point to multiply
- kB What to multiple B by
- C [out] Destination point (can overlap with A or B)
- modulus Modulus for curve
- return MP_OKAY on success
-*/
-int ecc_mul2add(ecc_point* A, mp_int* kA,
- ecc_point* B, mp_int* kB,
- ecc_point* C, mp_int* modulus)
-{
- int idx1 = -1, idx2 = -1, err = MP_OKAY, mpInit = 0;
- mp_digit mp;
- mp_int mu;
-
- err = mp_init(&mu);
- if (err != MP_OKAY)
- return err;
-
-#ifndef HAVE_THREAD_LS
- if (initMutex == 0) {
- InitMutex(&ecc_fp_lock);
- initMutex = 1;
- }
- if (LockMutex(&ecc_fp_lock) != 0)
- return BAD_MUTEX_E;
-#endif /* HAVE_THREAD_LS */
-
- /* find point */
- idx1 = find_base(A);
-
- /* no entry? */
- if (idx1 == -1) {
- /* find hole and add it */
- if ((idx1 = find_hole()) >= 0) {
- err = add_entry(idx1, A);
- }
- }
- if (err == MP_OKAY && idx1 != -1) {
- /* increment LRU */
- ++(fp_cache[idx1].lru_count);
- }
-
- if (err == MP_OKAY)
- /* find point */
- idx2 = find_base(B);
-
- if (err == MP_OKAY) {
- /* no entry? */
- if (idx2 == -1) {
- /* find hole and add it */
- if ((idx2 = find_hole()) >= 0)
- err = add_entry(idx2, B);
- }
- }
-
- if (err == MP_OKAY && idx2 != -1) {
- /* increment LRU */
- ++(fp_cache[idx2].lru_count);
- }
-
- if (err == MP_OKAY) {
- /* if it's 2 build the LUT, if it's higher just use the LUT */
- if (idx1 >= 0 && fp_cache[idx1].lru_count == 2) {
- /* compute mp */
- err = mp_montgomery_setup(modulus, &mp);
-
- if (err == MP_OKAY) {
- mpInit = 1;
- err = mp_montgomery_calc_normalization(&mu, modulus);
- }
-
- if (err == MP_OKAY)
- /* build the LUT */
- err = build_lut(idx1, modulus, &mp, &mu);
- }
- }
-
- if (err == MP_OKAY) {
- /* if it's 2 build the LUT, if it's higher just use the LUT */
- if (idx2 >= 0 && fp_cache[idx2].lru_count == 2) {
- if (mpInit == 0) {
- /* compute mp */
- err = mp_montgomery_setup(modulus, &mp);
- if (err == MP_OKAY) {
- mpInit = 1;
- err = mp_montgomery_calc_normalization(&mu, modulus);
- }
- }
-
- if (err == MP_OKAY)
- /* build the LUT */
- err = build_lut(idx2, modulus, &mp, &mu);
- }
- }
-
-
- if (err == MP_OKAY) {
- if (idx1 >=0 && idx2 >= 0 && fp_cache[idx1].lru_count >= 2 &&
- fp_cache[idx2].lru_count >= 2) {
- if (mpInit == 0) {
- /* compute mp */
- err = mp_montgomery_setup(modulus, &mp);
- }
- if (err == MP_OKAY)
- err = accel_fp_mul2add(idx1, idx2, kA, kB, C, modulus, &mp);
- } else {
- err = normal_ecc_mul2add(A, kA, B, kB, C, modulus);
- }
- }
-
-#ifndef HAVE_THREAD_LS
- UnLockMutex(&ecc_fp_lock);
-#endif /* HAVE_THREAD_LS */
- mp_clear(&mu);
-
- return err;
-}
-#endif
-
-/** ECC Fixed Point mulmod global
- k The multiplicand
- G Base point to multiply
- R [out] Destination of product
- modulus The modulus for the curve
- map [boolean] If non-zero maps the point back to affine co-ordinates,
- otherwise it's left in jacobian-montgomery form
- return MP_OKAY if successful
-*/
-int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
- int map)
-{
- int idx, err = MP_OKAY;
- mp_digit mp;
- mp_int mu;
- int mpSetup = 0;
-
- if (mp_init(&mu) != MP_OKAY)
- return MP_INIT_E;
-
-#ifndef HAVE_THREAD_LS
- if (initMutex == 0) {
- InitMutex(&ecc_fp_lock);
- initMutex = 1;
- }
-
- if (LockMutex(&ecc_fp_lock) != 0)
- return BAD_MUTEX_E;
-#endif /* HAVE_THREAD_LS */
-
- /* find point */
- idx = find_base(G);
-
- /* no entry? */
- if (idx == -1) {
- /* find hole and add it */
- idx = find_hole();
-
- if (idx >= 0)
- err = add_entry(idx, G);
- }
- if (err == MP_OKAY && idx >= 0) {
- /* increment LRU */
- ++(fp_cache[idx].lru_count);
- }
-
-
- if (err == MP_OKAY) {
- /* if it's 2 build the LUT, if it's higher just use the LUT */
- if (idx >= 0 && fp_cache[idx].lru_count == 2) {
- /* compute mp */
- err = mp_montgomery_setup(modulus, &mp);
-
- if (err == MP_OKAY) {
- /* compute mu */
- mpSetup = 1;
- err = mp_montgomery_calc_normalization(&mu, modulus);
- }
-
- if (err == MP_OKAY)
- /* build the LUT */
- err = build_lut(idx, modulus, &mp, &mu);
- }
- }
-
- if (err == MP_OKAY) {
- if (idx >= 0 && fp_cache[idx].lru_count >= 2) {
- if (mpSetup == 0) {
- /* compute mp */
- err = mp_montgomery_setup(modulus, &mp);
- }
- if (err == MP_OKAY)
- err = accel_fp_mul(idx, k, R, modulus, &mp, map);
- } else {
- err = normal_ecc_mulmod(k, G, R, modulus, map);
- }
- }
-
-#ifndef HAVE_THREAD_LS
- UnLockMutex(&ecc_fp_lock);
-#endif /* HAVE_THREAD_LS */
- mp_clear(&mu);
-
- return err;
-}
-
-/* helper function for freeing the cache ...
- must be called with the cache mutex locked */
-static void wc_ecc_fp_free_cache(void)
-{
- unsigned x, y;
- for (x = 0; x < FP_ENTRIES; x++) {
- if (fp_cache[x].g != NULL) {
- for (y = 0; y < (1U<<FP_LUT); y++) {
- ecc_del_point(fp_cache[x].LUT[y]);
- fp_cache[x].LUT[y] = NULL;
- }
- ecc_del_point(fp_cache[x].g);
- fp_cache[x].g = NULL;
- mp_clear(&fp_cache[x].mu);
- fp_cache[x].lru_count = 0;
- fp_cache[x].lock = 0;
- }
- }
-}
-
-/** Free the Fixed Point cache */
-void wc_ecc_fp_free(void)
-{
-#ifndef HAVE_THREAD_LS
- if (initMutex == 0) {
- InitMutex(&ecc_fp_lock);
- initMutex = 1;
- }
-
- if (LockMutex(&ecc_fp_lock) == 0) {
-#endif /* HAVE_THREAD_LS */
-
- wc_ecc_fp_free_cache();
-
-#ifndef HAVE_THREAD_LS
- UnLockMutex(&ecc_fp_lock);
- FreeMutex(&ecc_fp_lock);
- initMutex = 0;
- }
-#endif /* HAVE_THREAD_LS */
-}
-
-
-#endif /* FP_ECC */
-
-#ifdef HAVE_ECC_ENCRYPT
-
-
-enum ecCliState {
- ecCLI_INIT = 1,
- ecCLI_SALT_GET = 2,
- ecCLI_SALT_SET = 3,
- ecCLI_SENT_REQ = 4,
- ecCLI_RECV_RESP = 5,
- ecCLI_BAD_STATE = 99
-};
-
-enum ecSrvState {
- ecSRV_INIT = 1,
- ecSRV_SALT_GET = 2,
- ecSRV_SALT_SET = 3,
- ecSRV_RECV_REQ = 4,
- ecSRV_SENT_RESP = 5,
- ecSRV_BAD_STATE = 99
-};
-
-
-struct ecEncCtx {
- const byte* kdfSalt; /* optional salt for kdf */
- const byte* kdfInfo; /* optional info for kdf */
- const byte* macSalt; /* optional salt for mac */
- word32 kdfSaltSz; /* size of kdfSalt */
- word32 kdfInfoSz; /* size of kdfInfo */
- word32 macSaltSz; /* size of macSalt */
- byte clientSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */
- byte serverSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */
- byte encAlgo; /* which encryption type */
- byte kdfAlgo; /* which key derivation function type */
- byte macAlgo; /* which mac function type */
- byte protocol; /* are we REQ_RESP client or server ? */
- byte cliSt; /* protocol state, for sanity checks */
- byte srvSt; /* protocol state, for sanity checks */
-};
-
-
-const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx)
-{
- if (ctx == NULL || ctx->protocol == 0)
- return NULL;
-
- if (ctx->protocol == REQ_RESP_CLIENT) {
- if (ctx->cliSt == ecCLI_INIT) {
- ctx->cliSt = ecCLI_SALT_GET;
- return ctx->clientSalt;
- }
- else {
- ctx->cliSt = ecCLI_BAD_STATE;
- return NULL;
- }
- }
- else if (ctx->protocol == REQ_RESP_SERVER) {
- if (ctx->srvSt == ecSRV_INIT) {
- ctx->srvSt = ecSRV_SALT_GET;
- return ctx->serverSalt;
- }
- else {
- ctx->srvSt = ecSRV_BAD_STATE;
- return NULL;
- }
- }
-
- return NULL;
-}
-
-
-/* optional set info, can be called before or after set_peer_salt */
-int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz)
-{
- if (ctx == NULL || info == 0 || sz < 0)
- return BAD_FUNC_ARG;
-
- ctx->kdfInfo = info;
- ctx->kdfInfoSz = sz;
-
- return 0;
-}
-
-
-static const char* exchange_info = "Secure Message Exchange";
-
-int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
-{
- byte tmp[EXCHANGE_SALT_SZ/2];
- int halfSz = EXCHANGE_SALT_SZ/2;
-
- if (ctx == NULL || ctx->protocol == 0 || salt == NULL)
- return BAD_FUNC_ARG;
-
- if (ctx->protocol == REQ_RESP_CLIENT) {
- XMEMCPY(ctx->serverSalt, salt, EXCHANGE_SALT_SZ);
- if (ctx->cliSt == ecCLI_SALT_GET)
- ctx->cliSt = ecCLI_SALT_SET;
- else {
- ctx->cliSt = ecCLI_BAD_STATE;
- return BAD_ENC_STATE_E;
- }
- }
- else {
- XMEMCPY(ctx->clientSalt, salt, EXCHANGE_SALT_SZ);
- if (ctx->srvSt == ecSRV_SALT_GET)
- ctx->srvSt = ecSRV_SALT_SET;
- else {
- ctx->srvSt = ecSRV_BAD_STATE;
- return BAD_ENC_STATE_E;
- }
- }
-
- /* mix half and half */
- /* tmp stores 2nd half of client before overwrite */
- XMEMCPY(tmp, ctx->clientSalt + halfSz, halfSz);
- XMEMCPY(ctx->clientSalt + halfSz, ctx->serverSalt, halfSz);
- XMEMCPY(ctx->serverSalt, tmp, halfSz);
-
- ctx->kdfSalt = ctx->clientSalt;
- ctx->kdfSaltSz = EXCHANGE_SALT_SZ;
-
- ctx->macSalt = ctx->serverSalt;
- ctx->macSaltSz = EXCHANGE_SALT_SZ;
-
- if (ctx->kdfInfo == NULL) {
- /* default info */
- ctx->kdfInfo = (const byte*)exchange_info;
- ctx->kdfInfoSz = EXCHANGE_INFO_SZ;
- }
-
- return 0;
-}
-
-
-static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng)
-{
- byte* saltBuffer = NULL;
-
- if (ctx == NULL || rng == NULL || flags == 0)
- return BAD_FUNC_ARG;
-
- saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt;
-
- return wc_RNG_GenerateBlock(rng, saltBuffer, EXCHANGE_SALT_SZ);
-}
-
-
-static void ecc_ctx_init(ecEncCtx* ctx, int flags)
-{
- if (ctx) {
- XMEMSET(ctx, 0, sizeof(ecEncCtx));
-
- ctx->encAlgo = ecAES_128_CBC;
- ctx->kdfAlgo = ecHKDF_SHA256;
- ctx->macAlgo = ecHMAC_SHA256;
- ctx->protocol = (byte)flags;
-
- if (flags == REQ_RESP_CLIENT)
- ctx->cliSt = ecCLI_INIT;
- if (flags == REQ_RESP_SERVER)
- ctx->srvSt = ecSRV_INIT;
- }
-}
-
-
-/* allow ecc context reset so user doesn't have to init/free for resue */
-int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng)
-{
- if (ctx == NULL || rng == NULL)
- return BAD_FUNC_ARG;
-
- ecc_ctx_init(ctx, ctx->protocol);
- return ecc_ctx_set_salt(ctx, ctx->protocol, rng);
-}
-
-
-/* alloc/init and set defaults, return new Context */
-ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng)
-{
- int ret = 0;
- ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC);
-
- if (ctx)
- ctx->protocol = (byte)flags;
-
- ret = wc_ecc_ctx_reset(ctx, rng);
- if (ret != 0) {
- wc_ecc_ctx_free(ctx);
- ctx = NULL;
- }
-
- return ctx;
-}
-
-
-/* free any resources, clear any keys */
-void wc_ecc_ctx_free(ecEncCtx* ctx)
-{
- if (ctx) {
- ForceZero(ctx, sizeof(ecEncCtx));
- XFREE(ctx, 0, DYNAMIC_TYPE_ECC);
- }
-}
-
-
-static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
- int* keysLen, word32* digestSz, word32* blockSz)
-{
- if (ctx) {
- switch (ctx->encAlgo) {
- case ecAES_128_CBC:
- *encKeySz = KEY_SIZE_128;
- *ivSz = IV_SIZE_64;
- *blockSz = AES_BLOCK_SIZE;
- break;
- default:
- return BAD_FUNC_ARG;
- }
-
- switch (ctx->macAlgo) {
- case ecHMAC_SHA256:
- *digestSz = SHA256_DIGEST_SIZE;
- break;
- default:
- return BAD_FUNC_ARG;
- }
- } else
- return BAD_FUNC_ARG;
-
- *keysLen = *encKeySz + *ivSz + *digestSz;
-
- return 0;
-}
-
-
-/* ecc encrypt with shared secret run through kdf
- ctx holds non default algos and inputs
- msgSz should be the right size for encAlgo, i.e., already padded
- return 0 on success */
-int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
- word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx)
-{
- int ret;
- word32 blockSz;
- word32 digestSz;
- ecEncCtx localCtx;
-#ifdef WOLFSSL_SMALL_STACK
- byte* sharedSecret;
- byte* keys;
-#else
- byte sharedSecret[ECC_MAXSIZE]; /* 521 max size */
- byte keys[ECC_BUFSIZE]; /* max size */
-#endif
- word32 sharedSz = ECC_MAXSIZE;
- int keysLen;
- int encKeySz;
- int ivSz;
- int offset = 0; /* keys offset if doing msg exchange */
- byte* encKey;
- byte* encIv;
- byte* macKey;
-
- if (privKey == NULL || pubKey == NULL || msg == NULL || out == NULL ||
- outSz == NULL)
- return BAD_FUNC_ARG;
-
- if (ctx == NULL) { /* use defaults */
- ecc_ctx_init(&localCtx, 0);
- ctx = &localCtx;
- }
-
- ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
- &blockSz);
- if (ret != 0)
- return ret;
-
- if (ctx->protocol == REQ_RESP_SERVER) {
- offset = keysLen;
- keysLen *= 2;
-
- if (ctx->srvSt != ecSRV_RECV_REQ)
- return BAD_ENC_STATE_E;
-
- ctx->srvSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
- }
- else if (ctx->protocol == REQ_RESP_CLIENT) {
- if (ctx->cliSt != ecCLI_SALT_SET)
- return BAD_ENC_STATE_E;
-
- ctx->cliSt = ecCLI_SENT_REQ; /* only do this once */
- }
-
- if (keysLen > ECC_BUFSIZE) /* keys size */
- return BUFFER_E;
-
- if ( (msgSz%blockSz) != 0)
- return BAD_PADDING_E;
-
- if (*outSz < (msgSz + digestSz))
- return BUFFER_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sharedSecret == NULL)
- return MEMORY_E;
-
- keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (keys == NULL) {
- XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz);
-
- if (ret == 0) {
- switch (ctx->kdfAlgo) {
- case ecHKDF_SHA256 :
- ret = wc_HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt,
- ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
- keys, keysLen);
- break;
-
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
- }
-
- if (ret == 0) {
- encKey = keys + offset;
- encIv = encKey + encKeySz;
- macKey = encKey + encKeySz + ivSz;
-
- switch (ctx->encAlgo) {
- case ecAES_128_CBC:
- {
- Aes aes;
- ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
- AES_ENCRYPTION);
- if (ret != 0)
- break;
- ret = wc_AesCbcEncrypt(&aes, out, msg, msgSz);
- }
- break;
-
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
- }
-
- if (ret == 0) {
- switch (ctx->macAlgo) {
- case ecHMAC_SHA256:
- {
- Hmac hmac;
- ret = wc_HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&hmac, out, msgSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(&hmac, out+msgSz);
- }
- break;
-
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
- }
-
- if (ret == 0)
- *outSz = msgSz + digestSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-/* ecc decrypt with shared secret run through kdf
- ctx holds non default algos and inputs
- return 0 on success */
-int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
- word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx)
-{
- int ret;
- word32 blockSz;
- word32 digestSz;
- ecEncCtx localCtx;
-#ifdef WOLFSSL_SMALL_STACK
- byte* sharedSecret;
- byte* keys;
-#else
- byte sharedSecret[ECC_MAXSIZE]; /* 521 max size */
- byte keys[ECC_BUFSIZE]; /* max size */
-#endif
- word32 sharedSz = ECC_MAXSIZE;
- int keysLen;
- int encKeySz;
- int ivSz;
- int offset = 0; /* in case using msg exchange */
- byte* encKey;
- byte* encIv;
- byte* macKey;
-
- if (privKey == NULL || pubKey == NULL || msg == NULL || out == NULL ||
- outSz == NULL)
- return BAD_FUNC_ARG;
-
- if (ctx == NULL) { /* use defaults */
- ecc_ctx_init(&localCtx, 0);
- ctx = &localCtx;
- }
-
- ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
- &blockSz);
- if (ret != 0)
- return ret;
-
- if (ctx->protocol == REQ_RESP_CLIENT) {
- offset = keysLen;
- keysLen *= 2;
-
- if (ctx->cliSt != ecCLI_SENT_REQ)
- return BAD_ENC_STATE_E;
-
- ctx->cliSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
- }
- else if (ctx->protocol == REQ_RESP_SERVER) {
- if (ctx->srvSt != ecSRV_SALT_SET)
- return BAD_ENC_STATE_E;
-
- ctx->srvSt = ecSRV_RECV_REQ; /* only do this once */
- }
-
- if (keysLen > ECC_BUFSIZE) /* keys size */
- return BUFFER_E;
-
- if ( ((msgSz-digestSz) % blockSz) != 0)
- return BAD_PADDING_E;
-
- if (*outSz < (msgSz - digestSz))
- return BUFFER_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sharedSecret == NULL)
- return MEMORY_E;
-
- keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (keys == NULL) {
- XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz);
-
- if (ret == 0) {
- switch (ctx->kdfAlgo) {
- case ecHKDF_SHA256 :
- ret = wc_HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt,
- ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
- keys, keysLen);
- break;
-
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
- }
-
- if (ret == 0) {
- encKey = keys + offset;
- encIv = encKey + encKeySz;
- macKey = encKey + encKeySz + ivSz;
-
- switch (ctx->macAlgo) {
- case ecHMAC_SHA256:
- {
- byte verify[SHA256_DIGEST_SIZE];
- Hmac hmac;
- ret = wc_HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&hmac, msg, msgSz-digestSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(&hmac, verify);
- if (ret != 0)
- break;
- if (memcmp(verify, msg + msgSz - digestSz, digestSz) != 0)
- ret = -1;
- }
- break;
-
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
- }
-
- if (ret == 0) {
- switch (ctx->encAlgo) {
- case ecAES_128_CBC:
- {
- Aes aes;
- ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
- AES_DECRYPTION);
- if (ret != 0)
- break;
- ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz);
- }
- break;
-
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
- }
-
- if (ret == 0)
- *outSz = msgSz - digestSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
-#endif /* HAVE_ECC_ENCRYPT */
-
-
-#ifdef HAVE_COMP_KEY
-
-/* computes the jacobi c = (a | n) (or Legendre if n is prime)
- * HAC pp. 73 Algorithm 2.149
- */
-int mp_jacobi(mp_int* a, mp_int* p, int* c)
-{
- mp_int a1, p1;
- int k, s, r, res;
- mp_digit residue;
-
- /* if p <= 0 return MP_VAL */
- if (mp_cmp_d(p, 0) != MP_GT) {
- return MP_VAL;
- }
-
- /* step 1. if a == 0, return 0 */
- if (mp_iszero (a) == 1) {
- *c = 0;
- return MP_OKAY;
- }
-
- /* step 2. if a == 1, return 1 */
- if (mp_cmp_d (a, 1) == MP_EQ) {
- *c = 1;
- return MP_OKAY;
- }
-
- /* default */
- s = 0;
-
- /* step 3. write a = a1 * 2**k */
- if ((res = mp_init_copy (&a1, a)) != MP_OKAY) {
- return res;
- }
-
- if ((res = mp_init (&p1)) != MP_OKAY) {
- mp_clear(&a1);
- return res;
- }
-
- /* divide out larger power of two */
- k = mp_cnt_lsb(&a1);
- res = mp_div_2d(&a1, k, &a1, NULL);
-
- if (res == MP_OKAY) {
- /* step 4. if e is even set s=1 */
- if ((k & 1) == 0) {
- s = 1;
- } else {
- /* else set s=1 if p = 1/7 (mod 8) or s=-1 if p = 3/5 (mod 8) */
- residue = p->dp[0] & 7;
-
- if (residue == 1 || residue == 7) {
- s = 1;
- } else if (residue == 3 || residue == 5) {
- s = -1;
- }
- }
-
- /* step 5. if p == 3 (mod 4) *and* a1 == 3 (mod 4) then s = -s */
- if ( ((p->dp[0] & 3) == 3) && ((a1.dp[0] & 3) == 3)) {
- s = -s;
- }
- }
-
- if (res == MP_OKAY) {
- /* if a1 == 1 we're done */
- if (mp_cmp_d (&a1, 1) == MP_EQ) {
- *c = s;
- } else {
- /* n1 = n mod a1 */
- res = mp_mod (p, &a1, &p1);
- if (res == MP_OKAY)
- res = mp_jacobi (&p1, &a1, &r);
-
- if (res == MP_OKAY)
- *c = s * r;
- }
- }
-
- /* done */
- mp_clear (&p1);
- mp_clear (&a1);
-
- return res;
-}
-
-
-int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
-{
- int res, legendre, done = 0;
- mp_int t1, C, Q, S, Z, M, T, R, two;
- mp_digit i;
-
- /* first handle the simple cases */
- if (mp_cmp_d(n, 0) == MP_EQ) {
- mp_zero(ret);
- return MP_OKAY;
- }
- if (mp_cmp_d(prime, 2) == MP_EQ) return MP_VAL; /* prime must be odd */
- /* TAO removed
- if ((res = mp_jacobi(n, prime, &legendre)) != MP_OKAY) return res;
- if (legendre == -1) return MP_VAL; */ /* quadratic non-residue mod prime */
-
- if ((res = mp_init_multi(&t1, &C, &Q, &S, &Z, &M)) != MP_OKAY)
- return res;
-
- if ((res = mp_init_multi(&T, &R, &two, NULL, NULL, NULL))
- != MP_OKAY) {
- mp_clear(&t1); mp_clear(&C); mp_clear(&Q); mp_clear(&S); mp_clear(&Z);
- mp_clear(&M);
- return res;
- }
-
- /* SPECIAL CASE: if prime mod 4 == 3
- * compute directly: res = n^(prime+1)/4 mod prime
- * Handbook of Applied Cryptography algorithm 3.36
- */
- res = mp_mod_d(prime, 4, &i);
- if (res == MP_OKAY && i == 3) {
- res = mp_add_d(prime, 1, &t1);
-
- if (res == MP_OKAY)
- res = mp_div_2(&t1, &t1);
- if (res == MP_OKAY)
- res = mp_div_2(&t1, &t1);
- if (res == MP_OKAY)
- res = mp_exptmod(n, &t1, prime, ret);
-
- done = 1;
- }
-
- /* NOW: TonelliShanks algorithm */
-
- if (res == MP_OKAY && done == 0) {
-
- /* factor out powers of 2 from prime-1, defining Q and S
- * as: prime-1 = Q*2^S */
- res = mp_copy(prime, &Q);
- if (res == MP_OKAY)
- res = mp_sub_d(&Q, 1, &Q);
- /* Q = prime - 1 */
- if (res == MP_OKAY)
- mp_zero(&S);
- /* S = 0 */
- while (res == MP_OKAY && mp_iseven(&Q)) {
- res = mp_div_2(&Q, &Q);
- /* Q = Q / 2 */
- if (res == MP_OKAY)
- res = mp_add_d(&S, 1, &S);
- /* S = S + 1 */
- }
-
- /* find a Z such that the Legendre symbol (Z|prime) == -1 */
- if (res == MP_OKAY)
- res = mp_set_int(&Z, 2);
- /* Z = 2 */
- while (res == MP_OKAY) {
- res = mp_jacobi(&Z, prime, &legendre);
- if (res == MP_OKAY && legendre == -1)
- break;
- if (res == MP_OKAY)
- res = mp_add_d(&Z, 1, &Z);
- /* Z = Z + 1 */
- }
-
- if (res == MP_OKAY)
- res = mp_exptmod(&Z, &Q, prime, &C);
- /* C = Z ^ Q mod prime */
- if (res == MP_OKAY)
- res = mp_add_d(&Q, 1, &t1);
- if (res == MP_OKAY)
- res = mp_div_2(&t1, &t1);
- /* t1 = (Q + 1) / 2 */
- if (res == MP_OKAY)
- res = mp_exptmod(n, &t1, prime, &R);
- /* R = n ^ ((Q + 1) / 2) mod prime */
- if (res == MP_OKAY)
- res = mp_exptmod(n, &Q, prime, &T);
- /* T = n ^ Q mod prime */
- if (res == MP_OKAY)
- res = mp_copy(&S, &M);
- /* M = S */
- if (res == MP_OKAY)
- res = mp_set_int(&two, 2);
-
- while (res == MP_OKAY && done == 0) {
- res = mp_copy(&T, &t1);
- i = 0;
- while (res == MP_OKAY) {
- if (mp_cmp_d(&t1, 1) == MP_EQ)
- break;
- res = mp_exptmod(&t1, &two, prime, &t1);
- if (res == MP_OKAY)
- i++;
- }
- if (res == MP_OKAY && i == 0) {
- mp_copy(&R, ret);
- res = MP_OKAY;
- done = 1;
- }
-
- if (done == 0) {
- if (res == MP_OKAY)
- res = mp_sub_d(&M, i, &t1);
- if (res == MP_OKAY)
- res = mp_sub_d(&t1, 1, &t1);
- if (res == MP_OKAY)
- res = mp_exptmod(&two, &t1, prime, &t1);
- /* t1 = 2 ^ (M - i - 1) */
- if (res == MP_OKAY)
- res = mp_exptmod(&C, &t1, prime, &t1);
- /* t1 = C ^ (2 ^ (M - i - 1)) mod prime */
- if (res == MP_OKAY)
- res = mp_sqrmod(&t1, prime, &C);
- /* C = (t1 * t1) mod prime */
- if (res == MP_OKAY)
- res = mp_mulmod(&R, &t1, prime, &R);
- /* R = (R * t1) mod prime */
- if (res == MP_OKAY)
- res = mp_mulmod(&T, &C, prime, &T);
- /* T = (T * C) mod prime */
- if (res == MP_OKAY)
- mp_set(&M, i);
- /* M = i */
- }
- }
- }
-
- /* done */
- mp_clear(&t1);
- mp_clear(&C);
- mp_clear(&Q);
- mp_clear(&S);
- mp_clear(&Z);
- mp_clear(&M);
- mp_clear(&T);
- mp_clear(&R);
- mp_clear(&two);
-
- return res;
-}
-
-
-/* export public ECC key in ANSI X9.63 format compressed */
-int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen)
-{
- word32 numlen;
- int ret = MP_OKAY;
-
- if (key == NULL || out == NULL || outLen == NULL)
- return ECC_BAD_ARG_E;
-
- if (ecc_is_valid_idx(key->idx) == 0) {
- return ECC_BAD_ARG_E;
- }
- numlen = key->dp->size;
-
- if (*outLen < (1 + numlen)) {
- *outLen = 1 + numlen;
- return BUFFER_E;
- }
-
- /* store first byte */
- out[0] = mp_isodd(key->pubkey.y) ? 0x03 : 0x02;
-
- /* pad and store x */
- XMEMSET(out+1, 0, numlen);
- ret = mp_to_unsigned_bin(key->pubkey.x,
- out+1 + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
- *outLen = 1 + numlen;
- return ret;
-}
-
-
-/* d = a - b (mod c) */
-int mp_submod(mp_int* a, mp_int* b, mp_int* c, mp_int* d)
-{
- int res;
- mp_int t;
-
- if ((res = mp_init (&t)) != MP_OKAY) {
- return res;
- }
-
- if ((res = mp_sub (a, b, &t)) != MP_OKAY) {
- mp_clear (&t);
- return res;
- }
- res = mp_mod (&t, c, d);
- mp_clear (&t);
-
- return res;
-}
-
-
-#endif /* HAVE_COMP_KEY */
-
-#endif /* HAVE_ECC */
-
+/* ecc.c
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+/* in case user set HAVE_ECC there */
+#include <wolfssl/wolfcrypt/settings.h>
+
+/*
+Possible ECC enable options:
+ * HAVE_ECC: Overall control of ECC default: on
+ * HAVE_ECC_ENCRYPT: ECC encrypt/decrypt w/AES and HKDF default: off
+ * HAVE_ECC_SIGN: ECC sign default: on
+ * HAVE_ECC_VERIFY: ECC verify default: on
+ * HAVE_ECC_DHE: ECC build shared secret default: on
+ * HAVE_ECC_KEY_IMPORT: ECC Key import default: on
+ * HAVE_ECC_KEY_EXPORT: ECC Key export default: on
+ * ECC_SHAMIR: Enables Shamir calc method default: on
+ * HAVE_COMP_KEY: Enables compressed key default: off
+ * WOLFSSL_VALIDATE_ECC_IMPORT: Validate ECC key on import default: off
+*/
+
+/*
+ECC Curves:
+ * ECC_USER_CURVES: Allows custom combination of key sizes below
+ * HAVE_ALL_CURVES: Enable all key sizes (on unless ECC_USER_CURVES is defined)
+ * HAVE_ECC112: 112 bit key
+ * HAVE_ECC128: 128 bit key
+ * HAVE_ECC160: 160 bit key
+ * HAVE_ECC192: 192 bit key
+ * HAVE_ECC224: 224 bit key
+ * NO_ECC256: Disables 256 bit key (on by default)
+ * HAVE_ECC384: 384 bit key
+ * HAVE_ECC521: 521 bit key
+*/
+
+#ifdef HAVE_ECC
+
+#if (defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)) && defined(NO_ASN)
+ #error ASN must be enabled for ECC sign/verify
+#endif
+
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/openssl/ec.h>
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#ifdef HAVE_ECC_ENCRYPT
+ #include <wolfssl/wolfcrypt/hmac.h>
+ #include <wolfssl/wolfcrypt/aes.h>
+#endif
+
+#ifdef NO_INLINE
+ #include <wolfssl/wolfcrypt/misc.h>
+#else
+ #include <wolfcrypt/src/misc.c>
+#endif
+
+/* map
+
+ ptmul -> mulmod
+
+*/
+
+
+/* p256 curve on by default whether user curves or not */
+#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
+ #define ECC112
+#endif
+#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
+ #define ECC128
+#endif
+#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
+ #define ECC160
+#endif
+#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
+ #define ECC192
+#endif
+#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+ #define ECC224
+#endif
+#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+ #define ECC256
+#endif
+#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+ #define ECC384
+#endif
+#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+ #define ECC521
+#endif
+
+
+
+/* This holds the key settings. ***MUST*** be organized by size from
+ smallest to largest. */
+
+const ecc_set_type ecc_sets[] = {
+#ifdef ECC112
+{
+ 14,
+ NID_secp111r1,
+ "SECP112R1",
+ "DB7C2ABF62E35E668076BEAD208B",
+ "DB7C2ABF62E35E668076BEAD2088",
+ "659EF8BA043916EEDE8911702B22",
+ "DB7C2ABF62E35E7628DFAC6561C5",
+ "09487239995A5EE76B55F9C2F098",
+ "A89CE5AF8724C0A23E0E0FF77500"
+},
+#endif
+#ifdef ECC128
+{
+ 16,
+ NID_secp128r1,
+ "SECP128R1",
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+ "E87579C11079F43DD824993C2CEE5ED3",
+ "FFFFFFFE0000000075A30D1B9038A115",
+ "161FF7528B899B2D0C28607CA52C5B86",
+ "CF5AC8395BAFEB13C02DA292DDED7A83",
+},
+#endif
+#ifdef ECC160
+{
+ 20,
+ NID_secp160r1,
+ "SECP160R1",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+ "0100000000000000000001F4C8F927AED3CA752257",
+ "4A96B5688EF573284664698968C38BB913CBFC82",
+ "23A628553168947D59DCC912042351377AC5FB32",
+},
+#endif
+#ifdef ECC192
+{
+ 24,
+ NID_cert192,
+ "ECC-192",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+ "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
+},
+#endif
+#ifdef ECC224
+{
+ 28,
+ NID_cert224,
+ "ECC-224",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+},
+#endif
+#ifdef ECC256
+{
+ 32,
+ NID_X9_62_prime256v1,
+ "nistp256",
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+},
+#endif
+#ifdef ECC384
+{
+ 48,
+ NID_secp384r1,
+ "nistp384",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+},
+#endif
+#ifdef ECC521
+{
+ 66,
+ NID_secp521r1,
+ "nistp521",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+ "51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+ "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+ "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+},
+#endif
+{
+ 0, -1,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL
+}
+};
+
+
+int ecc_map(ecc_point*, mp_int*, mp_digit*);
+int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
+ mp_int* modulus, mp_digit* mp);
+int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
+ mp_digit* mp);
+static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order);
+#ifdef ECC_SHAMIR
+static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
+ ecc_point* C, mp_int* modulus);
+#endif
+
+int mp_jacobi(mp_int* a, mp_int* p, int* c);
+int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret);
+int mp_submod(mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+
+#ifdef HAVE_COMP_KEY
+static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
+#endif
+
+/* helper for either lib */
+static int get_digit_count(mp_int* a)
+{
+ if (a == NULL)
+ return 0;
+
+ return a->used;
+}
+
+/* helper for either lib */
+static mp_digit get_digit(mp_int* a, int n)
+{
+ if (a == NULL)
+ return 0;
+
+ return (n >= a->used || n < 0) ? 0 : a->dp[n];
+}
+
+
+#if defined(USE_FAST_MATH)
+
+/* fast math accelerated version, but not for fp ecc yet */
+
+/**
+ Add two ECC points
+ P The point to add
+ Q The point to add
+ R [out] The destination of the double
+ modulus The modulus of the field the ECC curve is in
+ mp The "b" value from montgomery_setup()
+ return MP_OKAY on success
+*/
+int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
+ mp_int* modulus, mp_digit* mp)
+{
+ fp_int t1, t2, x, y, z;
+ int err;
+
+ if (P == NULL || Q == NULL || R == NULL || modulus == NULL || mp == NULL)
+ return ECC_BAD_ARG_E;
+
+ if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ /* should we dbl instead? */
+ fp_sub(modulus, Q->y, &t1);
+ if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
+ (get_digit_count(Q->z) && fp_cmp(P->z, Q->z) == FP_EQ) &&
+ (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {
+ return ecc_projective_dbl_point(P, R, modulus, mp);
+ }
+
+ fp_copy(P->x, &x);
+ fp_copy(P->y, &y);
+ fp_copy(P->z, &z);
+
+ /* if Z is one then these are no-operations */
+ if (get_digit_count(Q->z)) {
+ /* T1 = Z' * Z' */
+ fp_sqr(Q->z, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+ /* X = X * T1 */
+ fp_mul(&t1, &x, &x);
+ fp_montgomery_reduce(&x, modulus, *mp);
+ /* T1 = Z' * T1 */
+ fp_mul(Q->z, &t1, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+ /* Y = Y * T1 */
+ fp_mul(&t1, &y, &y);
+ fp_montgomery_reduce(&y, modulus, *mp);
+ }
+
+ /* T1 = Z*Z */
+ fp_sqr(&z, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+ /* T2 = X' * T1 */
+ fp_mul(Q->x, &t1, &t2);
+ fp_montgomery_reduce(&t2, modulus, *mp);
+ /* T1 = Z * T1 */
+ fp_mul(&z, &t1, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+ /* T1 = Y' * T1 */
+ fp_mul(Q->y, &t1, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* Y = Y - T1 */
+ fp_sub(&y, &t1, &y);
+ if (fp_cmp_d(&y, 0) == FP_LT) {
+ fp_add(&y, modulus, &y);
+ }
+ /* T1 = 2T1 */
+ fp_add(&t1, &t1, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* T1 = Y + T1 */
+ fp_add(&t1, &y, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* X = X - T2 */
+ fp_sub(&x, &t2, &x);
+ if (fp_cmp_d(&x, 0) == FP_LT) {
+ fp_add(&x, modulus, &x);
+ }
+ /* T2 = 2T2 */
+ fp_add(&t2, &t2, &t2);
+ if (fp_cmp(&t2, modulus) != FP_LT) {
+ fp_sub(&t2, modulus, &t2);
+ }
+ /* T2 = X + T2 */
+ fp_add(&t2, &x, &t2);
+ if (fp_cmp(&t2, modulus) != FP_LT) {
+ fp_sub(&t2, modulus, &t2);
+ }
+
+ /* if Z' != 1 */
+ if (get_digit_count(Q->z)) {
+ /* Z = Z * Z' */
+ fp_mul(&z, Q->z, &z);
+ fp_montgomery_reduce(&z, modulus, *mp);
+ }
+
+ /* Z = Z * X */
+ fp_mul(&z, &x, &z);
+ fp_montgomery_reduce(&z, modulus, *mp);
+
+ /* T1 = T1 * X */
+ fp_mul(&t1, &x, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+ /* X = X * X */
+ fp_sqr(&x, &x);
+ fp_montgomery_reduce(&x, modulus, *mp);
+ /* T2 = T2 * x */
+ fp_mul(&t2, &x, &t2);
+ fp_montgomery_reduce(&t2, modulus, *mp);
+ /* T1 = T1 * X */
+ fp_mul(&t1, &x, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* X = Y*Y */
+ fp_sqr(&y, &x);
+ fp_montgomery_reduce(&x, modulus, *mp);
+ /* X = X - T2 */
+ fp_sub(&x, &t2, &x);
+ if (fp_cmp_d(&x, 0) == FP_LT) {
+ fp_add(&x, modulus, &x);
+ }
+
+ /* T2 = T2 - X */
+ fp_sub(&t2, &x, &t2);
+ if (fp_cmp_d(&t2, 0) == FP_LT) {
+ fp_add(&t2, modulus, &t2);
+ }
+ /* T2 = T2 - X */
+ fp_sub(&t2, &x, &t2);
+ if (fp_cmp_d(&t2, 0) == FP_LT) {
+ fp_add(&t2, modulus, &t2);
+ }
+ /* T2 = T2 * Y */
+ fp_mul(&t2, &y, &t2);
+ fp_montgomery_reduce(&t2, modulus, *mp);
+ /* Y = T2 - T1 */
+ fp_sub(&t2, &t1, &y);
+ if (fp_cmp_d(&y, 0) == FP_LT) {
+ fp_add(&y, modulus, &y);
+ }
+ /* Y = Y/2 */
+ if (fp_isodd(&y)) {
+ fp_add(&y, modulus, &y);
+ }
+ fp_div_2(&y, &y);
+
+ fp_copy(&x, R->x);
+ fp_copy(&y, R->y);
+ fp_copy(&z, R->z);
+
+ return MP_OKAY;
+}
+
+
+/**
+ Double an ECC point
+ P The point to double
+ R [out] The destination of the double
+ modulus The modulus of the field the ECC curve is in
+ mp The "b" value from montgomery_setup()
+ return MP_OKAY on success
+*/
+int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
+ mp_digit* mp)
+{
+ fp_int t1, t2;
+ int err;
+
+ if (P == NULL || R == NULL || modulus == NULL || mp == NULL)
+ return ECC_BAD_ARG_E;
+
+ if (P != R) {
+ fp_copy(P->x, R->x);
+ fp_copy(P->y, R->y);
+ fp_copy(P->z, R->z);
+ }
+
+ if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ /* t1 = Z * Z */
+ fp_sqr(R->z, &t1);
+ fp_montgomery_reduce(&t1, modulus, *mp);
+ /* Z = Y * Z */
+ fp_mul(R->z, R->y, R->z);
+ fp_montgomery_reduce(R->z, modulus, *mp);
+ /* Z = 2Z */
+ fp_add(R->z, R->z, R->z);
+ if (fp_cmp(R->z, modulus) != FP_LT) {
+ fp_sub(R->z, modulus, R->z);
+ }
+
+ /* &t2 = X - T1 */
+ fp_sub(R->x, &t1, &t2);
+ if (fp_cmp_d(&t2, 0) == FP_LT) {
+ fp_add(&t2, modulus, &t2);
+ }
+ /* T1 = X + T1 */
+ fp_add(&t1, R->x, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* T2 = T1 * T2 */
+ fp_mul(&t1, &t2, &t2);
+ fp_montgomery_reduce(&t2, modulus, *mp);
+ /* T1 = 2T2 */
+ fp_add(&t2, &t2, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* T1 = T1 + T2 */
+ fp_add(&t1, &t2, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+
+ /* Y = 2Y */
+ fp_add(R->y, R->y, R->y);
+ if (fp_cmp(R->y, modulus) != FP_LT) {
+ fp_sub(R->y, modulus, R->y);
+ }
+ /* Y = Y * Y */
+ fp_sqr(R->y, R->y);
+ fp_montgomery_reduce(R->y, modulus, *mp);
+ /* T2 = Y * Y */
+ fp_sqr(R->y, &t2);
+ fp_montgomery_reduce(&t2, modulus, *mp);
+ /* T2 = T2/2 */
+ if (fp_isodd(&t2)) {
+ fp_add(&t2, modulus, &t2);
+ }
+ fp_div_2(&t2, &t2);
+ /* Y = Y * X */
+ fp_mul(R->y, R->x, R->y);
+ fp_montgomery_reduce(R->y, modulus, *mp);
+
+ /* X = T1 * T1 */
+ fp_sqr(&t1, R->x);
+ fp_montgomery_reduce(R->x, modulus, *mp);
+ /* X = X - Y */
+ fp_sub(R->x, R->y, R->x);
+ if (fp_cmp_d(R->x, 0) == FP_LT) {
+ fp_add(R->x, modulus, R->x);
+ }
+ /* X = X - Y */
+ fp_sub(R->x, R->y, R->x);
+ if (fp_cmp_d(R->x, 0) == FP_LT) {
+ fp_add(R->x, modulus, R->x);
+ }
+
+ /* Y = Y - X */
+ fp_sub(R->y, R->x, R->y);
+ if (fp_cmp_d(R->y, 0) == FP_LT) {
+ fp_add(R->y, modulus, R->y);
+ }
+ /* Y = Y * T1 */
+ fp_mul(R->y, &t1, R->y);
+ fp_montgomery_reduce(R->y, modulus, *mp);
+ /* Y = Y - T2 */
+ fp_sub(R->y, &t2, R->y);
+ if (fp_cmp_d(R->y, 0) == FP_LT) {
+ fp_add(R->y, modulus, R->y);
+ }
+
+ return MP_OKAY;
+}
+
+#else /* USE_FAST_MATH */
+
+/**
+ Add two ECC points
+ P The point to add
+ Q The point to add
+ R [out] The destination of the double
+ modulus The modulus of the field the ECC curve is in
+ mp The "b" value from montgomery_setup()
+ return MP_OKAY on success
+*/
+int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
+ mp_int* modulus, mp_digit* mp)
+{
+ mp_int t1;
+ mp_int t2;
+ mp_int x;
+ mp_int y;
+ mp_int z;
+ int err;
+
+ if (P == NULL || Q == NULL || R == NULL || modulus == NULL || mp == NULL)
+ return ECC_BAD_ARG_E;
+
+ if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ /* should we dbl instead? */
+ err = mp_sub(modulus, Q->y, &t1);
+
+ if (err == MP_OKAY) {
+ if ( (mp_cmp(P->x, Q->x) == MP_EQ) &&
+ (get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) &&
+ (mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, &t1) == MP_EQ)) {
+ mp_clear(&t1);
+ mp_clear(&t2);
+ mp_clear(&x);
+ mp_clear(&y);
+ mp_clear(&z);
+
+ return ecc_projective_dbl_point(P, R, modulus, mp);
+ }
+ }
+
+ if (err == MP_OKAY)
+ err = mp_copy(P->x, &x);
+ if (err == MP_OKAY)
+ err = mp_copy(P->y, &y);
+ if (err == MP_OKAY)
+ err = mp_copy(P->z, &z);
+
+ /* if Z is one then these are no-operations */
+ if (err == MP_OKAY) {
+ if (get_digit_count(Q->z)) {
+ /* T1 = Z' * Z' */
+ err = mp_sqr(Q->z, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* X = X * T1 */
+ if (err == MP_OKAY)
+ err = mp_mul(&t1, &x, &x);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&x, modulus, *mp);
+
+ /* T1 = Z' * T1 */
+ if (err == MP_OKAY)
+ err = mp_mul(Q->z, &t1, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* Y = Y * T1 */
+ if (err == MP_OKAY)
+ err = mp_mul(&t1, &y, &y);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&y, modulus, *mp);
+ }
+ }
+
+ /* T1 = Z*Z */
+ if (err == MP_OKAY)
+ err = mp_sqr(&z, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* T2 = X' * T1 */
+ if (err == MP_OKAY)
+ err = mp_mul(Q->x, &t1, &t2);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t2, modulus, *mp);
+
+ /* T1 = Z * T1 */
+ if (err == MP_OKAY)
+ err = mp_mul(&z, &t1, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* T1 = Y' * T1 */
+ if (err == MP_OKAY)
+ err = mp_mul(Q->y, &t1, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* Y = Y - T1 */
+ if (err == MP_OKAY)
+ err = mp_sub(&y, &t1, &y);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&y, 0) == MP_LT)
+ err = mp_add(&y, modulus, &y);
+ }
+ /* T1 = 2T1 */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &t1, &t1);
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t1, modulus) != MP_LT)
+ err = mp_sub(&t1, modulus, &t1);
+ }
+ /* T1 = Y + T1 */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &y, &t1);
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t1, modulus) != MP_LT)
+ err = mp_sub(&t1, modulus, &t1);
+ }
+ /* X = X - T2 */
+ if (err == MP_OKAY)
+ err = mp_sub(&x, &t2, &x);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&x, 0) == MP_LT)
+ err = mp_add(&x, modulus, &x);
+ }
+ /* T2 = 2T2 */
+ if (err == MP_OKAY)
+ err = mp_add(&t2, &t2, &t2);
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t2, modulus) != MP_LT)
+ err = mp_sub(&t2, modulus, &t2);
+ }
+ /* T2 = X + T2 */
+ if (err == MP_OKAY)
+ err = mp_add(&t2, &x, &t2);
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t2, modulus) != MP_LT)
+ err = mp_sub(&t2, modulus, &t2);
+ }
+
+ if (err == MP_OKAY) {
+ if (get_digit_count(Q->z)) {
+ /* Z = Z * Z' */
+ err = mp_mul(&z, Q->z, &z);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&z, modulus, *mp);
+ }
+ }
+
+ /* Z = Z * X */
+ if (err == MP_OKAY)
+ err = mp_mul(&z, &x, &z);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&z, modulus, *mp);
+
+ /* T1 = T1 * X */
+ if (err == MP_OKAY)
+ err = mp_mul(&t1, &x, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* X = X * X */
+ if (err == MP_OKAY)
+ err = mp_sqr(&x, &x);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&x, modulus, *mp);
+
+ /* T2 = T2 * x */
+ if (err == MP_OKAY)
+ err = mp_mul(&t2, &x, &t2);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t2, modulus, *mp);
+
+ /* T1 = T1 * X */
+ if (err == MP_OKAY)
+ err = mp_mul(&t1, &x, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* X = Y*Y */
+ if (err == MP_OKAY)
+ err = mp_sqr(&y, &x);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&x, modulus, *mp);
+
+ /* X = X - T2 */
+ if (err == MP_OKAY)
+ err = mp_sub(&x, &t2, &x);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&x, 0) == MP_LT)
+ err = mp_add(&x, modulus, &x);
+ }
+ /* T2 = T2 - X */
+ if (err == MP_OKAY)
+ err = mp_sub(&t2, &x, &t2);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&t2, 0) == MP_LT)
+ err = mp_add(&t2, modulus, &t2);
+ }
+ /* T2 = T2 - X */
+ if (err == MP_OKAY)
+ err = mp_sub(&t2, &x, &t2);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&t2, 0) == MP_LT)
+ err = mp_add(&t2, modulus, &t2);
+ }
+ /* T2 = T2 * Y */
+ if (err == MP_OKAY)
+ err = mp_mul(&t2, &y, &t2);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t2, modulus, *mp);
+
+ /* Y = T2 - T1 */
+ if (err == MP_OKAY)
+ err = mp_sub(&t2, &t1, &y);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&y, 0) == MP_LT)
+ err = mp_add(&y, modulus, &y);
+ }
+ /* Y = Y/2 */
+ if (err == MP_OKAY) {
+ if (mp_isodd(&y))
+ err = mp_add(&y, modulus, &y);
+ }
+ if (err == MP_OKAY)
+ err = mp_div_2(&y, &y);
+
+ if (err == MP_OKAY)
+ err = mp_copy(&x, R->x);
+ if (err == MP_OKAY)
+ err = mp_copy(&y, R->y);
+ if (err == MP_OKAY)
+ err = mp_copy(&z, R->z);
+
+ /* clean up */
+ mp_clear(&t1);
+ mp_clear(&t2);
+ mp_clear(&x);
+ mp_clear(&y);
+ mp_clear(&z);
+
+ return err;
+}
+
+
+/**
+ Double an ECC point
+ P The point to double
+ R [out] The destination of the double
+ modulus The modulus of the field the ECC curve is in
+ mp The "b" value from montgomery_setup()
+ return MP_OKAY on success
+*/
+int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
+ mp_digit* mp)
+{
+ mp_int t1;
+ mp_int t2;
+ int err;
+
+ if (P == NULL || R == NULL || modulus == NULL || mp == NULL)
+ return ECC_BAD_ARG_E;
+
+ if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ if (P != R) {
+ err = mp_copy(P->x, R->x);
+ if (err == MP_OKAY)
+ err = mp_copy(P->y, R->y);
+ if (err == MP_OKAY)
+ err = mp_copy(P->z, R->z);
+ }
+
+ /* t1 = Z * Z */
+ if (err == MP_OKAY)
+ err = mp_sqr(R->z, &t1);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t1, modulus, *mp);
+
+ /* Z = Y * Z */
+ if (err == MP_OKAY)
+ err = mp_mul(R->z, R->y, R->z);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(R->z, modulus, *mp);
+
+ /* Z = 2Z */
+ if (err == MP_OKAY)
+ err = mp_add(R->z, R->z, R->z);
+ if (err == MP_OKAY) {
+ if (mp_cmp(R->z, modulus) != MP_LT)
+ err = mp_sub(R->z, modulus, R->z);
+ }
+
+ /* T2 = X - T1 */
+ if (err == MP_OKAY)
+ err = mp_sub(R->x, &t1, &t2);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&t2, 0) == MP_LT)
+ err = mp_add(&t2, modulus, &t2);
+ }
+ /* T1 = X + T1 */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, R->x, &t1);
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t1, modulus) != MP_LT)
+ err = mp_sub(&t1, modulus, &t1);
+ }
+ /* T2 = T1 * T2 */
+ if (err == MP_OKAY)
+ err = mp_mul(&t1, &t2, &t2);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t2, modulus, *mp);
+
+ /* T1 = 2T2 */
+ if (err == MP_OKAY)
+ err = mp_add(&t2, &t2, &t1);
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t1, modulus) != MP_LT)
+ err = mp_sub(&t1, modulus, &t1);
+ }
+ /* T1 = T1 + T2 */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &t2, &t1);
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t1, modulus) != MP_LT)
+ err = mp_sub(&t1, modulus, &t1);
+ }
+ /* Y = 2Y */
+ if (err == MP_OKAY)
+ err = mp_add(R->y, R->y, R->y);
+ if (err == MP_OKAY) {
+ if (mp_cmp(R->y, modulus) != MP_LT)
+ err = mp_sub(R->y, modulus, R->y);
+ }
+ /* Y = Y * Y */
+ if (err == MP_OKAY)
+ err = mp_sqr(R->y, R->y);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(R->y, modulus, *mp);
+
+ /* T2 = Y * Y */
+ if (err == MP_OKAY)
+ err = mp_sqr(R->y, &t2);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(&t2, modulus, *mp);
+
+ /* T2 = T2/2 */
+ if (err == MP_OKAY) {
+ if (mp_isodd(&t2))
+ err = mp_add(&t2, modulus, &t2);
+ }
+ if (err == MP_OKAY)
+ err = mp_div_2(&t2, &t2);
+
+ /* Y = Y * X */
+ if (err == MP_OKAY)
+ err = mp_mul(R->y, R->x, R->y);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(R->y, modulus, *mp);
+
+ /* X = T1 * T1 */
+ if (err == MP_OKAY)
+ err = mp_sqr(&t1, R->x);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(R->x, modulus, *mp);
+
+ /* X = X - Y */
+ if (err == MP_OKAY)
+ err = mp_sub(R->x, R->y, R->x);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(R->x, 0) == MP_LT)
+ err = mp_add(R->x, modulus, R->x);
+ }
+ /* X = X - Y */
+ if (err == MP_OKAY)
+ err = mp_sub(R->x, R->y, R->x);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(R->x, 0) == MP_LT)
+ err = mp_add(R->x, modulus, R->x);
+ }
+ /* Y = Y - X */
+ if (err == MP_OKAY)
+ err = mp_sub(R->y, R->x, R->y);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(R->y, 0) == MP_LT)
+ err = mp_add(R->y, modulus, R->y);
+ }
+ /* Y = Y * T1 */
+ if (err == MP_OKAY)
+ err = mp_mul(R->y, &t1, R->y);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(R->y, modulus, *mp);
+
+ /* Y = Y - T2 */
+ if (err == MP_OKAY)
+ err = mp_sub(R->y, &t2, R->y);
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(R->y, 0) == MP_LT)
+ err = mp_add(R->y, modulus, R->y);
+ }
+
+ /* clean up */
+ mp_clear(&t1);
+ mp_clear(&t2);
+
+ return err;
+}
+
+#endif /* USE_FAST_MATH */
+
+/**
+ Map a projective jacbobian point back to affine space
+ P [in/out] The point to map
+ modulus The modulus of the field the ECC curve is in
+ mp The "b" value from montgomery_setup()
+ return MP_OKAY on success
+*/
+int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
+{
+ mp_int t1;
+ mp_int t2;
+ int err;
+
+ if (P == NULL || mp == NULL || modulus == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* special case for point at infinity */
+ if (mp_cmp_d(P->z, 0) == MP_EQ) {
+ mp_set(P->x, 0);
+ mp_set(P->y, 0);
+ mp_set(P->z, 1);
+ return MP_OKAY;
+ }
+
+ if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+ return MEMORY_E;
+ }
+
+ /* first map z back to normal */
+ err = mp_montgomery_reduce(P->z, modulus, *mp);
+
+ /* get 1/z */
+ if (err == MP_OKAY)
+ err = mp_invmod(P->z, modulus, &t1);
+
+ /* get 1/z^2 and 1/z^3 */
+ if (err == MP_OKAY)
+ err = mp_sqr(&t1, &t2);
+ if (err == MP_OKAY)
+ err = mp_mod(&t2, modulus, &t2);
+ if (err == MP_OKAY)
+ err = mp_mul(&t1, &t2, &t1);
+ if (err == MP_OKAY)
+ err = mp_mod(&t1, modulus, &t1);
+
+ /* multiply against x/y */
+ if (err == MP_OKAY)
+ err = mp_mul(P->x, &t2, P->x);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(P->x, modulus, *mp);
+ if (err == MP_OKAY)
+ err = mp_mul(P->y, &t1, P->y);
+ if (err == MP_OKAY)
+ err = mp_montgomery_reduce(P->y, modulus, *mp);
+
+ if (err == MP_OKAY)
+ mp_set(P->z, 1);
+
+ /* clean up */
+ mp_clear(&t1);
+ mp_clear(&t2);
+
+ return err;
+}
+
+
+#ifndef ECC_TIMING_RESISTANT
+
+/* size of sliding window, don't change this! */
+#define WINSIZE 4
+
+/**
+ Perform a point multiplication
+ k The scalar to multiply by
+ G The base point
+ R [out] Destination for kG
+ modulus The modulus of the field the ECC curve is in
+ map Boolean whether to map back to affine or not
+ (1==map, 0 == leave in projective)
+ return MP_OKAY on success
+*/
+#ifdef FP_ECC
+static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
+ mp_int* modulus, int map)
+#else
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+ int map)
+#endif
+{
+ ecc_point *tG, *M[8];
+ int i, j, err;
+ mp_int mu;
+ mp_digit mp;
+ mp_digit buf;
+ int first = 1, bitbuf = 0, bitcpy = 0, bitcnt = 0, mode = 0,
+ digidx = 0;
+
+ if (k == NULL || G == NULL || R == NULL || modulus == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) {
+ return err;
+ }
+ if ((err = mp_init(&mu)) != MP_OKAY) {
+ return err;
+ }
+ if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) {
+ mp_clear(&mu);
+ return err;
+ }
+
+ /* alloc ram for window temps */
+ for (i = 0; i < 8; i++) {
+ M[i] = wc_ecc_new_point();
+ if (M[i] == NULL) {
+ for (j = 0; j < i; j++) {
+ wc_ecc_del_point(M[j]);
+ }
+ mp_clear(&mu);
+ return MEMORY_E;
+ }
+ }
+
+ /* make a copy of G in case R==G */
+ tG = wc_ecc_new_point();
+ if (tG == NULL)
+ err = MEMORY_E;
+
+ /* tG = G and convert to montgomery */
+ if (err == MP_OKAY) {
+ if (mp_cmp_d(&mu, 1) == MP_EQ) {
+ err = mp_copy(G->x, tG->x);
+ if (err == MP_OKAY)
+ err = mp_copy(G->y, tG->y);
+ if (err == MP_OKAY)
+ err = mp_copy(G->z, tG->z);
+ } else {
+ err = mp_mulmod(G->x, &mu, modulus, tG->x);
+ if (err == MP_OKAY)
+ err = mp_mulmod(G->y, &mu, modulus, tG->y);
+ if (err == MP_OKAY)
+ err = mp_mulmod(G->z, &mu, modulus, tG->z);
+ }
+ }
+ mp_clear(&mu);
+
+ /* calc the M tab, which holds kG for k==8..15 */
+ /* M[0] == 8G */
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(tG, M[0], modulus, &mp);
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(M[0], M[0], modulus, &mp);
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(M[0], M[0], modulus, &mp);
+
+ /* now find (8+k)G for k=1..7 */
+ if (err == MP_OKAY)
+ for (j = 9; j < 16; j++) {
+ err = ecc_projective_add_point(M[j-9], tG, M[j-8], modulus, &mp);
+ if (err != MP_OKAY) break;
+ }
+
+ /* setup sliding window */
+ if (err == MP_OKAY) {
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = get_digit_count(k) - 1;
+ bitcpy = bitbuf = 0;
+ first = 1;
+
+ /* perform ops */
+ for (;;) {
+ /* grab next digit as required */
+ if (--bitcnt == 0) {
+ if (digidx == -1) {
+ break;
+ }
+ buf = get_digit(k, digidx);
+ bitcnt = (int) DIGIT_BIT;
+ --digidx;
+ }
+
+ /* grab the next msb from the ltiplicand */
+ i = (int)(buf >> (DIGIT_BIT - 1)) & 1;
+ buf <<= 1;
+
+ /* skip leading zero bits */
+ if (mode == 0 && i == 0)
+ continue;
+
+ /* if the bit is zero and mode == 1 then we double */
+ if (mode == 1 && i == 0) {
+ err = ecc_projective_dbl_point(R, R, modulus, &mp);
+ if (err != MP_OKAY) break;
+ continue;
+ }
+
+ /* else we add it to the window */
+ bitbuf |= (i << (WINSIZE - ++bitcpy));
+ mode = 2;
+
+ if (bitcpy == WINSIZE) {
+ /* if this is the first window we do a simple copy */
+ if (first == 1) {
+ /* R = kG [k = first window] */
+ err = mp_copy(M[bitbuf-8]->x, R->x);
+ if (err != MP_OKAY) break;
+
+ err = mp_copy(M[bitbuf-8]->y, R->y);
+ if (err != MP_OKAY) break;
+
+ err = mp_copy(M[bitbuf-8]->z, R->z);
+ first = 0;
+ } else {
+ /* normal window */
+ /* ok window is filled so double as required and add */
+ /* double first */
+ for (j = 0; j < WINSIZE; j++) {
+ err = ecc_projective_dbl_point(R, R, modulus, &mp);
+ if (err != MP_OKAY) break;
+ }
+ if (err != MP_OKAY) break; /* out of first for(;;) */
+
+ /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */
+ err = ecc_projective_add_point(R,M[bitbuf-8],R,modulus,&mp);
+ }
+ if (err != MP_OKAY) break;
+ /* empty window and reset */
+ bitcpy = bitbuf = 0;
+ mode = 1;
+ }
+ }
+ }
+
+ /* if bits remain then double/add */
+ if (err == MP_OKAY) {
+ if (mode == 2 && bitcpy > 0) {
+ /* double then add */
+ for (j = 0; j < bitcpy; j++) {
+ /* only double if we have had at least one add first */
+ if (first == 0) {
+ err = ecc_projective_dbl_point(R, R, modulus, &mp);
+ if (err != MP_OKAY) break;
+ }
+
+ bitbuf <<= 1;
+ if ((bitbuf & (1 << WINSIZE)) != 0) {
+ if (first == 1) {
+ /* first add, so copy */
+ err = mp_copy(tG->x, R->x);
+ if (err != MP_OKAY) break;
+
+ err = mp_copy(tG->y, R->y);
+ if (err != MP_OKAY) break;
+
+ err = mp_copy(tG->z, R->z);
+ if (err != MP_OKAY) break;
+ first = 0;
+ } else {
+ /* then add */
+ err = ecc_projective_add_point(R, tG, R, modulus, &mp);
+ if (err != MP_OKAY) break;
+ }
+ }
+ }
+ }
+ }
+
+ /* map R back from projective space */
+ if (err == MP_OKAY && map)
+ err = ecc_map(R, modulus, &mp);
+
+ mp_clear(&mu);
+ wc_ecc_del_point(tG);
+ for (i = 0; i < 8; i++) {
+ wc_ecc_del_point(M[i]);
+ }
+ return err;
+}
+
+#undef WINSIZE
+
+#else /* ECC_TIMING_RESISTANT */
+
+/**
+ Perform a point multiplication (timing resistant)
+ k The scalar to multiply by
+ G The base point
+ R [out] Destination for kG
+ modulus The modulus of the field the ECC curve is in
+ map Boolean whether to map back to affine or not
+ (1==map, 0 == leave in projective)
+ return MP_OKAY on success
+*/
+#ifdef FP_ECC
+static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
+ mp_int* modulus, int map)
+#else
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+ int map)
+#endif
+{
+ ecc_point *tG, *M[3];
+ int i, j, err;
+ mp_int mu;
+ mp_digit mp;
+ mp_digit buf;
+ int bitcnt = 0, mode = 0, digidx = 0;
+
+ if (k == NULL || G == NULL || R == NULL || modulus == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) {
+ return err;
+ }
+ if ((err = mp_init(&mu)) != MP_OKAY) {
+ return err;
+ }
+ if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) {
+ mp_clear(&mu);
+ return err;
+ }
+
+ /* alloc ram for window temps */
+ for (i = 0; i < 3; i++) {
+ M[i] = wc_ecc_new_point();
+ if (M[i] == NULL) {
+ for (j = 0; j < i; j++) {
+ wc_ecc_del_point(M[j]);
+ }
+ mp_clear(&mu);
+ return MEMORY_E;
+ }
+ }
+
+ /* make a copy of G in case R==G */
+ tG = wc_ecc_new_point();
+ if (tG == NULL)
+ err = MEMORY_E;
+
+ /* tG = G and convert to montgomery */
+ if (err == MP_OKAY) {
+ err = mp_mulmod(G->x, &mu, modulus, tG->x);
+ if (err == MP_OKAY)
+ err = mp_mulmod(G->y, &mu, modulus, tG->y);
+ if (err == MP_OKAY)
+ err = mp_mulmod(G->z, &mu, modulus, tG->z);
+ }
+ mp_clear(&mu);
+
+ /* calc the M tab */
+ /* M[0] == G */
+ if (err == MP_OKAY)
+ err = mp_copy(tG->x, M[0]->x);
+ if (err == MP_OKAY)
+ err = mp_copy(tG->y, M[0]->y);
+ if (err == MP_OKAY)
+ err = mp_copy(tG->z, M[0]->z);
+
+ /* M[1] == 2G */
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(tG, M[1], modulus, &mp);
+
+ /* setup sliding window */
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = get_digit_count(k) - 1;
+
+ /* perform ops */
+ if (err == MP_OKAY) {
+ for (;;) {
+ /* grab next digit as required */
+ if (--bitcnt == 0) {
+ if (digidx == -1) {
+ break;
+ }
+ buf = get_digit(k, digidx);
+ bitcnt = (int) DIGIT_BIT;
+ --digidx;
+ }
+
+ /* grab the next msb from the ltiplicand */
+ i = (buf >> (DIGIT_BIT - 1)) & 1;
+ buf <<= 1;
+
+ if (mode == 0 && i == 0) {
+ /* dummy operations */
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(M[0], M[1], M[2], modulus,
+ &mp);
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(M[1], M[2], modulus, &mp);
+ if (err == MP_OKAY)
+ continue;
+ }
+
+ if (mode == 0 && i == 1) {
+ mode = 1;
+ /* dummy operations */
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(M[0], M[1], M[2], modulus,
+ &mp);
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(M[1], M[2], modulus, &mp);
+ if (err == MP_OKAY)
+ continue;
+ }
+
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(M[0], M[1], M[i^1], modulus, &mp);
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(M[i], M[i], modulus, &mp);
+ if (err != MP_OKAY)
+ break;
+ } /* end for */
+ }
+
+ /* copy result out */
+ if (err == MP_OKAY)
+ err = mp_copy(M[0]->x, R->x);
+ if (err == MP_OKAY)
+ err = mp_copy(M[0]->y, R->y);
+ if (err == MP_OKAY)
+ err = mp_copy(M[0]->z, R->z);
+
+ /* map R back from projective space */
+ if (err == MP_OKAY && map)
+ err = ecc_map(R, modulus, &mp);
+
+ /* done */
+ mp_clear(&mu);
+ wc_ecc_del_point(tG);
+ for (i = 0; i < 3; i++) {
+ wc_ecc_del_point(M[i]);
+ }
+ return err;
+}
+
+#endif /* ECC_TIMING_RESISTANT */
+
+
+#ifdef ALT_ECC_SIZE
+
+static void alt_fp_init(fp_int* a)
+{
+ a->size = FP_SIZE_ECC;
+ fp_zero(a);
+}
+
+#endif /* ALT_ECC_SIZE */
+
+
+/**
+ Allocate a new ECC point
+ return A newly allocated point or NULL on error
+*/
+ecc_point* wc_ecc_new_point(void)
+{
+ ecc_point* p;
+
+ p = (ecc_point*)XMALLOC(sizeof(ecc_point), 0, DYNAMIC_TYPE_ECC);
+ if (p == NULL) {
+ return NULL;
+ }
+ XMEMSET(p, 0, sizeof(ecc_point));
+
+#ifndef USE_FAST_MATH
+ p->x->dp = NULL;
+ p->y->dp = NULL;
+ p->z->dp = NULL;
+#endif
+
+#ifndef ALT_ECC_SIZE
+ if (mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL) != MP_OKAY) {
+ XFREE(p, 0, DYNAMIC_TYPE_ECC);
+ return NULL;
+ }
+#else
+ p->x = (mp_int*)&p->xyz[0];
+ p->y = (mp_int*)&p->xyz[1];
+ p->z = (mp_int*)&p->xyz[2];
+ alt_fp_init(p->x);
+ alt_fp_init(p->y);
+ alt_fp_init(p->z);
+#endif
+
+ return p;
+}
+
+/** Free an ECC point from memory
+ p The point to free
+*/
+void wc_ecc_del_point(ecc_point* p)
+{
+ /* prevents free'ing null arguments */
+ if (p != NULL) {
+ mp_clear(p->x);
+ mp_clear(p->y);
+ mp_clear(p->z);
+ XFREE(p, 0, DYNAMIC_TYPE_ECC);
+ }
+}
+
+/** Copy the value of a point to an other one
+ p The point to copy
+ r The created point
+*/
+int wc_ecc_copy_point(ecc_point* p, ecc_point *r)
+{
+ int ret;
+
+ /* prevents null arguments */
+ if (p == NULL || r == NULL)
+ return ECC_BAD_ARG_E;
+
+ ret = mp_copy(p->x, r->x);
+ if (ret != MP_OKAY)
+ return ret;
+ ret = mp_copy(p->y, r->y);
+ if (ret != MP_OKAY)
+ return ret;
+ ret = mp_copy(p->z, r->z);
+ if (ret != MP_OKAY)
+ return ret;
+
+ return MP_OKAY;
+}
+
+/** Compare the value of a point with an other one
+ a The point to compare
+ b The other point to compare
+
+ return MP_EQ if equal, MP_LT/MP_GT if not, < 0 in case of error
+ */
+int wc_ecc_cmp_point(ecc_point* a, ecc_point *b)
+{
+ int ret;
+
+ /* prevents null arguments */
+ if (a == NULL || b == NULL)
+ return BAD_FUNC_ARG;
+
+ ret = mp_cmp(a->x, b->x);
+ if (ret != MP_EQ)
+ return ret;
+ ret = mp_cmp(a->y, b->y);
+ if (ret != MP_EQ)
+ return ret;
+ ret = mp_cmp(a->z, b->z);
+ if (ret != MP_EQ)
+ return ret;
+
+ return MP_EQ;
+}
+
+/** Returns whether an ECC idx is valid or not
+ n The idx number to check
+ return 1 if valid, 0 if not
+*/
+int wc_ecc_is_valid_idx(int n)
+{
+ int x;
+
+ for (x = 0; ecc_sets[x].size != 0; x++)
+ ;
+ /* -1 is a valid index --- indicating that the domain params
+ were supplied by the user */
+ if ((n >= -1) && (n < x)) {
+ return 1;
+ }
+ return 0;
+}
+
+#ifdef HAVE_ECC_DHE
+/**
+ Create an ECC shared secret between two keys
+ private_key The private ECC key
+ public_key The public key
+ out [out] Destination of the shared secret
+ Conforms to EC-DH from ANSI X9.63
+ outlen [in/out] The max size and resulting size of the shared secret
+ return MP_OKAY if successful
+*/
+int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
+ word32* outlen)
+{
+ word32 x = 0;
+ ecc_point* result;
+ mp_int prime;
+ int err;
+
+ if (private_key == NULL || public_key == NULL || out == NULL ||
+ outlen == NULL)
+ return BAD_FUNC_ARG;
+
+ /* type valid? */
+ if (private_key->type != ECC_PRIVATEKEY) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* Verify domain params supplied */
+ if (wc_ecc_is_valid_idx(private_key->idx) == 0 ||
+ wc_ecc_is_valid_idx(public_key->idx) == 0)
+ return ECC_BAD_ARG_E;
+
+ /* Verify curve name matches */
+ if (XSTRNCMP(private_key->dp->name, public_key->dp->name, ECC_MAXNAME) != 0)
+ return ECC_BAD_ARG_E;
+
+ /* make new point */
+ result = wc_ecc_new_point();
+ if (result == NULL) {
+ return MEMORY_E;
+ }
+
+ if ((err = mp_init(&prime)) != MP_OKAY) {
+ wc_ecc_del_point(result);
+ return err;
+ }
+
+ err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
+
+ if (err == MP_OKAY)
+ err = wc_ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1);
+
+ if (err == MP_OKAY) {
+ x = mp_unsigned_bin_size(&prime);
+ if (*outlen < x)
+ err = BUFFER_E;
+ }
+
+ if (err == MP_OKAY) {
+ XMEMSET(out, 0, x);
+ err = mp_to_unsigned_bin(result->x,out + (x -
+ mp_unsigned_bin_size(result->x)));
+ *outlen = x;
+ }
+
+ mp_clear(&prime);
+ wc_ecc_del_point(result);
+
+ return err;
+}
+
+/**
+ Create an ECC shared secret between private key and public point
+ private_key The private ECC key
+ point The point to use (public key)
+ out [out] Destination of the shared secret
+ Conforms to EC-DH from ANSI X9.63
+ outlen [in/out] The max size and resulting size of the shared secret
+ return MP_OKAY if successful
+*/
+int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
+ byte* out, word32 *outlen)
+{
+ word32 x = 0;
+ ecc_point* result;
+ mp_int prime;
+ int err;
+
+ if (private_key == NULL || point == NULL || out == NULL || outlen == NULL)
+ return BAD_FUNC_ARG;
+
+ /* type valid? */
+ if (private_key->type != ECC_PRIVATEKEY) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* Verify domain params supplied */
+ if (wc_ecc_is_valid_idx(private_key->idx) == 0)
+ return ECC_BAD_ARG_E;
+
+ /* make new point */
+ result = wc_ecc_new_point();
+ if (result == NULL) {
+ return MEMORY_E;
+ }
+
+ if ((err = mp_init(&prime)) != MP_OKAY) {
+ wc_ecc_del_point(result);
+ return err;
+ }
+
+ err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
+
+ if (err == MP_OKAY)
+ err = wc_ecc_mulmod(&private_key->k, point, result, &prime, 1);
+
+ if (err == MP_OKAY) {
+ x = mp_unsigned_bin_size(&prime);
+ if (*outlen < x)
+ err = BUFFER_E;
+ }
+
+ if (err == MP_OKAY) {
+ XMEMSET(out, 0, x);
+ err = mp_to_unsigned_bin(result->x,out +
+ (x - mp_unsigned_bin_size(result->x)));
+ *outlen = x;
+ }
+
+ mp_clear(&prime);
+ wc_ecc_del_point(result);
+
+ return err;
+}
+#endif /* HAVE_ECC_DHE */
+
+/* return 1 if point is at infinity, 0 if not, < 0 on error */
+int wc_ecc_point_is_at_infinity(ecc_point* p)
+{
+ if (p == NULL)
+ return BAD_FUNC_ARG;
+
+ if (get_digit_count(p->x) == 0 && get_digit_count(p->y) == 0)
+ return 1;
+
+ return 0;
+}
+
+
+static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp)
+{
+ int err;
+ ecc_point* base;
+ mp_int prime;
+ mp_int order;
+#ifdef WOLFSSL_SMALL_STACK
+ byte* buf;
+#else
+ byte buf[ECC_MAXSIZE_GEN];
+#endif
+ int keysize;
+ int po_init = 0; /* prime order Init flag for clear */
+
+ if (key == NULL || rng == NULL || dp == NULL)
+ return ECC_BAD_ARG_E;
+
+#ifdef WOLFSSL_SMALL_STACK
+ buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf == NULL)
+ return MEMORY_E;
+#endif
+
+ key->idx = -1;
+ key->dp = dp;
+
+ /*generate 8 extra bytes to mitigate bias from the modulo operation below*/
+ /*see section A.1.2 in 'Suite B Implementor's Guide to FIPS 186-3 (ECDSA)'*/
+ keysize = dp->size + 8;
+
+ /* allocate ram */
+ base = NULL;
+
+ /* make up random string */
+ err = wc_RNG_GenerateBlock(rng, buf, keysize);
+
+ /* setup the key variables */
+ if (err == 0) {
+#ifndef ALT_ECC_SIZE
+ err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z,
+ &key->k, &prime, &order);
+#else
+ key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
+ key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
+ key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
+ alt_fp_init(key->pubkey.x);
+ alt_fp_init(key->pubkey.y);
+ alt_fp_init(key->pubkey.z);
+ err = mp_init_multi(&key->k, &prime, &order, NULL, NULL, NULL);
+#endif
+ if (err != MP_OKAY)
+ err = MEMORY_E;
+ else
+ po_init = 1;
+ }
+
+ if (err == MP_OKAY) {
+ base = wc_ecc_new_point();
+ if (base == NULL)
+ err = MEMORY_E;
+ }
+
+ /* read in the specs for this key */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&prime, (char *)key->dp->prime, 16);
+ if (err == MP_OKAY)
+ err = mp_read_radix(&order, (char *)key->dp->order, 16);
+ if (err == MP_OKAY)
+ err = mp_read_radix(base->x, (char *)key->dp->Gx, 16);
+ if (err == MP_OKAY)
+ err = mp_read_radix(base->y, (char *)key->dp->Gy, 16);
+
+ if (err == MP_OKAY)
+ mp_set(base->z, 1);
+ if (err == MP_OKAY)
+ err = mp_read_unsigned_bin(&key->k, (byte*)buf, keysize);
+
+ /* quick sanity check to make sure we're not dealing with a 0 key */
+ if (err == MP_OKAY) {
+ if (MP_YES == mp_iszero(&key->k))
+ err = MP_ZERO_E;
+ }
+
+ /* the key should be smaller than the order of base point */
+ if (err == MP_OKAY) {
+ if (mp_cmp(&key->k, &order) != MP_LT)
+ err = mp_mod(&key->k, &order, &key->k);
+ }
+ /* make the public key */
+ if (err == MP_OKAY)
+ err = wc_ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
+
+#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ /* validate the public key, order * pubkey = point at infinity */
+ if (err == MP_OKAY)
+ err = ecc_check_pubkey_order(key, &prime, &order);
+#endif /* WOLFSSL_VALIDATE_KEYGEN */
+
+ if (err == MP_OKAY)
+ key->type = ECC_PRIVATEKEY;
+
+ if (err != MP_OKAY) {
+ /* clean up */
+ mp_clear(key->pubkey.x);
+ mp_clear(key->pubkey.y);
+ mp_clear(key->pubkey.z);
+ mp_clear(&key->k);
+ }
+ wc_ecc_del_point(base);
+ if (po_init) {
+ mp_clear(&prime);
+ mp_clear(&order);
+ }
+
+ ForceZero(buf, ECC_MAXSIZE);
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return err;
+}
+
+/**
+ Make a new ECC key
+ rng An active RNG state
+ keysize The keysize for the new key (in octets from 20 to 65 bytes)
+ key [out] Destination of the newly created key
+ return MP_OKAY if successful,
+ upon error all allocated memory will be freed
+ */
+int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
+{
+ int x, err;
+
+ if (key == NULL || rng == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* find key size */
+ for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
+ ;
+ keysize = ecc_sets[x].size;
+
+ if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
+ return BAD_FUNC_ARG;
+ }
+ err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
+ key->idx = x;
+
+ return err;
+}
+
+/* Setup dynamic pointers is using normal math for proper freeing */
+int wc_ecc_init(ecc_key* key)
+{
+ (void)key;
+
+#ifndef USE_FAST_MATH
+ key->pubkey.x->dp = NULL;
+ key->pubkey.y->dp = NULL;
+ key->pubkey.z->dp = NULL;
+
+ key->k.dp = NULL;
+#endif
+
+#ifdef ALT_ECC_SIZE
+ if (mp_init(&key->k) != MP_OKAY)
+ return MEMORY_E;
+
+ key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
+ key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
+ key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
+ alt_fp_init(key->pubkey.x);
+ alt_fp_init(key->pubkey.y);
+ alt_fp_init(key->pubkey.z);
+#endif
+
+ return MP_OKAY;
+}
+
+
+#ifdef HAVE_ECC_SIGN
+
+#ifndef NO_ASN
+/**
+ Sign a message digest
+ in The message digest to sign
+ inlen The length of the digest
+ out [out] The destination for the signature
+ outlen [in/out] The max size and resulting size of the signature
+ key A private ECC key
+ return MP_OKAY if successful
+ */
+int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
+ WC_RNG* rng, ecc_key* key)
+{
+ mp_int r;
+ mp_int s;
+ int err;
+
+ if (in == NULL || out == NULL || outlen == NULL ||
+ key == NULL || rng == NULL)
+ return ECC_BAD_ARG_E;
+
+ if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s);
+ if (err == MP_OKAY)
+ err = StoreECC_DSA_Sig(out, outlen, &r, &s);
+
+ mp_clear(&r);
+ mp_clear(&s);
+
+ return err;
+}
+#endif /* !NO_ASN */
+
+/**
+ Sign a message digest
+ in The message digest to sign
+ inlen The length of the digest
+ out [out] The destination for the signature
+ outlen [in/out] The max size and resulting size of the signature
+ key A private ECC key
+ r [out] The destination for r component of the signature
+ s [out] The destination for s component of the signature
+ return MP_OKAY if successful
+*/
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
+ ecc_key* key, mp_int *r, mp_int *s)
+{
+ mp_int e;
+ mp_int p;
+ int err;
+
+ if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* is this a private key? */
+ if (key->type != ECC_PRIVATEKEY) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* is the IDX valid ? */
+ if (wc_ecc_is_valid_idx(key->idx) != 1) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* get the hash and load it as a bignum into 'e' */
+ /* init the bignums */
+ if ((err = mp_init_multi(&p, &e, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+ return err;
+ }
+ err = mp_read_radix(&p, (char *)key->dp->order, 16);
+
+ if (err == MP_OKAY) {
+ /* we may need to truncate if hash is longer than key size */
+ word32 orderBits = mp_count_bits(&p);
+
+ /* truncate down to byte size, may be all that's needed */
+ if ( (WOLFSSL_BIT_SIZE * inlen) > orderBits)
+ inlen = (orderBits + WOLFSSL_BIT_SIZE - 1)/WOLFSSL_BIT_SIZE;
+ err = mp_read_unsigned_bin(&e, (byte*)in, inlen);
+
+ /* may still need bit truncation too */
+ if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * inlen) > orderBits)
+ mp_rshb(&e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
+ }
+
+ /* make up a key and export the public copy */
+ if (err == MP_OKAY) {
+ int loop_check = 0;
+ ecc_key pubkey;
+ if (wc_ecc_init(&pubkey) == MP_OKAY) {
+ for (;;) {
+ if (++loop_check > 64) {
+ err = RNG_FAILURE_E;
+ break;
+ }
+ err = wc_ecc_make_key_ex(rng, &pubkey, key->dp);
+ if (err != MP_OKAY) break;
+
+ /* find r = x1 mod n */
+ err = mp_mod(pubkey.pubkey.x, &p, r);
+ if (err != MP_OKAY) break;
+
+ if (mp_iszero(r) == MP_YES) {
+ mp_clear(pubkey.pubkey.x);
+ mp_clear(pubkey.pubkey.y);
+ mp_clear(pubkey.pubkey.z);
+ mp_clear(&pubkey.k);
+ }
+ else {
+ /* find s = (e + xr)/k */
+ err = mp_invmod(&pubkey.k, &p, &pubkey.k);
+ if (err != MP_OKAY) break;
+
+ err = mp_mulmod(&key->k, r, &p, s); /* s = xr */
+ if (err != MP_OKAY) break;
+
+ err = mp_add(&e, s, s); /* s = e + xr */
+ if (err != MP_OKAY) break;
+
+ err = mp_mod(s, &p, s); /* s = e + xr */
+ if (err != MP_OKAY) break;
+
+ err = mp_mulmod(s, &pubkey.k, &p, s); /* s = (e + xr)/k */
+ if (err != MP_OKAY) break;
+
+ if (mp_iszero(s) == MP_NO)
+ break;
+ }
+ }
+ wc_ecc_free(&pubkey);
+ }
+ }
+
+ mp_clear(&p);
+ mp_clear(&e);
+
+ return err;
+}
+#endif /* HAVE_ECC_SIGN */
+
+/**
+ Free an ECC key from memory
+ key The key you wish to free
+*/
+void wc_ecc_free(ecc_key* key)
+{
+ if (key == NULL)
+ return;
+
+ mp_clear(key->pubkey.x);
+ mp_clear(key->pubkey.y);
+ mp_clear(key->pubkey.z);
+ mp_clear(&key->k);
+}
+
+
+#ifdef USE_FAST_MATH
+ #define GEN_MEM_ERR FP_MEM
+#else
+ #define GEN_MEM_ERR MP_MEM
+#endif
+
+#ifdef ECC_SHAMIR
+
+/** Computes kA*A + kB*B = C using Shamir's Trick
+ A First point to multiply
+ kA What to multiple A by
+ B Second point to multiply
+ kB What to multiple B by
+ C [out] Destination point (can overlap with A or B)
+ modulus Modulus for curve
+ return MP_OKAY on success
+*/
+#ifdef FP_ECC
+static int normal_ecc_mul2add(ecc_point* A, mp_int* kA,
+ ecc_point* B, mp_int* kB,
+ ecc_point* C, mp_int* modulus)
+#else
+static int ecc_mul2add(ecc_point* A, mp_int* kA,
+ ecc_point* B, mp_int* kB,
+ ecc_point* C, mp_int* modulus)
+#endif
+{
+ ecc_point* precomp[16];
+ unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble;
+ unsigned char* tA;
+ unsigned char* tB;
+ int err = MP_OKAY, first;
+ int muInit = 0;
+ int tableInit = 0;
+ mp_digit mp;
+ mp_int mu;
+
+ /* argchks */
+ if (A == NULL || kA == NULL || B == NULL || kB == NULL || C == NULL ||
+ modulus == NULL)
+ return ECC_BAD_ARG_E;
+
+
+ /* allocate memory */
+ tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tA == NULL) {
+ return GEN_MEM_ERR;
+ }
+ tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tB == NULL) {
+ XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return GEN_MEM_ERR;
+ }
+ XMEMSET(tA, 0, ECC_BUFSIZE);
+ XMEMSET(tB, 0, ECC_BUFSIZE);
+
+ /* get sizes */
+ lenA = mp_unsigned_bin_size(kA);
+ lenB = mp_unsigned_bin_size(kB);
+ len = MAX(lenA, lenB);
+
+ /* sanity check */
+ if ((lenA > ECC_BUFSIZE) || (lenB > ECC_BUFSIZE)) {
+ err = BAD_FUNC_ARG;
+ }
+
+ if (err == MP_OKAY) {
+ /* extract and justify kA */
+ err = mp_to_unsigned_bin(kA, (len - lenA) + tA);
+
+ /* extract and justify kB */
+ if (err == MP_OKAY)
+ err = mp_to_unsigned_bin(kB, (len - lenB) + tB);
+
+ /* allocate the table */
+ if (err == MP_OKAY) {
+ for (x = 0; x < 16; x++) {
+ precomp[x] = wc_ecc_new_point();
+ if (precomp[x] == NULL) {
+ for (y = 0; y < x; ++y) {
+ wc_ecc_del_point(precomp[y]);
+ }
+ err = GEN_MEM_ERR;
+ break;
+ }
+ }
+ }
+ }
+
+ if (err == MP_OKAY)
+ tableInit = 1;
+
+ if (err == MP_OKAY)
+ /* init montgomery reduction */
+ err = mp_montgomery_setup(modulus, &mp);
+
+ if (err == MP_OKAY)
+ err = mp_init(&mu);
+ if (err == MP_OKAY)
+ muInit = 1;
+
+ if (err == MP_OKAY)
+ err = mp_montgomery_calc_normalization(&mu, modulus);
+
+ if (err == MP_OKAY)
+ /* copy ones ... */
+ err = mp_mulmod(A->x, &mu, modulus, precomp[1]->x);
+
+ if (err == MP_OKAY)
+ err = mp_mulmod(A->y, &mu, modulus, precomp[1]->y);
+ if (err == MP_OKAY)
+ err = mp_mulmod(A->z, &mu, modulus, precomp[1]->z);
+
+ if (err == MP_OKAY)
+ err = mp_mulmod(B->x, &mu, modulus, precomp[1<<2]->x);
+ if (err == MP_OKAY)
+ err = mp_mulmod(B->y, &mu, modulus, precomp[1<<2]->y);
+ if (err == MP_OKAY)
+ err = mp_mulmod(B->z, &mu, modulus, precomp[1<<2]->z);
+
+ if (err == MP_OKAY)
+ /* precomp [i,0](A + B) table */
+ err = ecc_projective_dbl_point(precomp[1], precomp[2], modulus, &mp);
+
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(precomp[1], precomp[2], precomp[3],
+ modulus, &mp);
+ if (err == MP_OKAY)
+ /* precomp [0,i](A + B) table */
+ err = ecc_projective_dbl_point(precomp[1<<2], precomp[2<<2], modulus, &mp);
+
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(precomp[1<<2], precomp[2<<2], precomp[3<<2],
+ modulus, &mp);
+
+ if (err == MP_OKAY) {
+ /* precomp [i,j](A + B) table (i != 0, j != 0) */
+ for (x = 1; x < 4; x++) {
+ for (y = 1; y < 4; y++) {
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(precomp[x], precomp[(y<<2)],
+ precomp[x+(y<<2)], modulus, &mp);
+ }
+ }
+ }
+
+ if (err == MP_OKAY) {
+ nibble = 3;
+ first = 1;
+ bitbufA = tA[0];
+ bitbufB = tB[0];
+
+ /* for every byte of the multiplicands */
+ for (x = (unsigned)-1;; ) {
+ /* grab a nibble */
+ if (++nibble == 4) {
+ ++x; if (x == len) break;
+ bitbufA = tA[x];
+ bitbufB = tB[x];
+ nibble = 0;
+ }
+
+ /* extract two bits from both, shift/update */
+ nA = (bitbufA >> 6) & 0x03;
+ nB = (bitbufB >> 6) & 0x03;
+ bitbufA = (bitbufA << 2) & 0xFF;
+ bitbufB = (bitbufB << 2) & 0xFF;
+
+ /* if both zero, if first, continue */
+ if ((nA == 0) && (nB == 0) && (first == 1)) {
+ continue;
+ }
+
+ /* double twice, only if this isn't the first */
+ if (first == 0) {
+ /* double twice */
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(C, C, modulus, &mp);
+ if (err == MP_OKAY)
+ err = ecc_projective_dbl_point(C, C, modulus, &mp);
+ else
+ break;
+ }
+
+ /* if not both zero */
+ if ((nA != 0) || (nB != 0)) {
+ if (first == 1) {
+ /* if first, copy from table */
+ first = 0;
+ if (err == MP_OKAY)
+ err = mp_copy(precomp[nA + (nB<<2)]->x, C->x);
+
+ if (err == MP_OKAY)
+ err = mp_copy(precomp[nA + (nB<<2)]->y, C->y);
+
+ if (err == MP_OKAY)
+ err = mp_copy(precomp[nA + (nB<<2)]->z, C->z);
+ else
+ break;
+ } else {
+ /* if not first, add from table */
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(C, precomp[nA + (nB<<2)], C,
+ modulus, &mp);
+ else
+ break;
+ }
+ }
+ }
+ }
+
+ if (err == MP_OKAY)
+ /* reduce to affine */
+ err = ecc_map(C, modulus, &mp);
+
+ /* clean up */
+ if (muInit)
+ mp_clear(&mu);
+
+ if (tableInit) {
+ for (x = 0; x < 16; x++) {
+ wc_ecc_del_point(precomp[x]);
+ }
+ }
+ ForceZero(tA, ECC_BUFSIZE);
+ ForceZero(tB, ECC_BUFSIZE);
+ XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ return err;
+}
+
+
+#endif /* ECC_SHAMIR */
+
+
+#ifdef HAVE_ECC_VERIFY
+#ifndef NO_ASN
+/* verify
+ *
+ * w = s^-1 mod n
+ * u1 = xw
+ * u2 = rw
+ * X = u1*G + u2*Q
+ * v = X_x1 mod n
+ * accept if v == r
+ */
+
+/**
+ Verify an ECC signature
+ sig The signature to verify
+ siglen The length of the signature (octets)
+ hash The hash (message digest) that was signed
+ hashlen The length of the hash (octets)
+ stat Result of signature, 1==valid, 0==invalid
+ key The corresponding public ECC key
+ return MP_OKAY if successful (even if the signature is not valid)
+ */
+int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
+ word32 hashlen, int* stat, ecc_key* key)
+{
+ mp_int r;
+ mp_int s;
+ int err;
+
+ if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* default to invalid signature */
+ *stat = 0;
+
+ /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
+ * If either of those don't allocate correctly, none of
+ * the rest of this function will execute, and everything
+ * gets cleaned up at the end. */
+ XMEMSET(&r, 0, sizeof(r));
+ XMEMSET(&s, 0, sizeof(s));
+
+ err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
+
+ if (err == MP_OKAY)
+ err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
+
+ mp_clear(&r);
+ mp_clear(&s);
+
+ return err;
+}
+#endif /* !NO_ASN */
+
+/**
+ Verify an ECC signature
+ r The signature R component to verify
+ s The signature S component to verify
+ hash The hash (message digest) that was signed
+ hashlen The length of the hash (octets)
+ stat Result of signature, 1==valid, 0==invalid
+ key The corresponding public ECC key
+ return MP_OKAY if successful (even if the signature is not valid)
+*/
+int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
+ word32 hashlen, int* stat, ecc_key* key)
+{
+ ecc_point *mG, *mQ;
+ mp_int v;
+ mp_int w;
+ mp_int u1;
+ mp_int u2;
+ mp_int e;
+ mp_int p;
+ mp_int m;
+ int err;
+
+ if (r == NULL || s == NULL || hash == NULL || stat == NULL || key == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* default to invalid signature */
+ *stat = 0;
+
+ /* is the IDX valid ? */
+ if (wc_ecc_is_valid_idx(key->idx) != 1) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* allocate ints */
+ if ((err = mp_init_multi(&v, &w, &u1, &u2, &p, &e)) != MP_OKAY) {
+ return MEMORY_E;
+ }
+
+ if ((err = mp_init(&m)) != MP_OKAY) {
+ mp_clear(&v);
+ mp_clear(&w);
+ mp_clear(&u1);
+ mp_clear(&u2);
+ mp_clear(&p);
+ mp_clear(&e);
+ return MEMORY_E;
+ }
+
+ /* allocate points */
+ mG = wc_ecc_new_point();
+ mQ = wc_ecc_new_point();
+ if (mQ == NULL || mG == NULL)
+ err = MEMORY_E;
+
+ /* get the order */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&p, (char *)key->dp->order, 16);
+
+ /* get the modulus */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&m, (char *)key->dp->prime, 16);
+
+ /* check for zero */
+ if (err == MP_OKAY) {
+ if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, &p) != MP_LT ||
+ mp_cmp(s, &p) != MP_LT)
+ err = MP_ZERO_E;
+ }
+ /* read hash */
+ if (err == MP_OKAY) {
+ /* we may need to truncate if hash is longer than key size */
+ unsigned int orderBits = mp_count_bits(&p);
+
+ /* truncate down to byte size, may be all that's needed */
+ if ( (WOLFSSL_BIT_SIZE * hashlen) > orderBits)
+ hashlen = (orderBits + WOLFSSL_BIT_SIZE - 1)/WOLFSSL_BIT_SIZE;
+ err = mp_read_unsigned_bin(&e, hash, hashlen);
+
+ /* may still need bit truncation too */
+ if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * hashlen) > orderBits)
+ mp_rshb(&e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
+ }
+
+ /* w = s^-1 mod n */
+ if (err == MP_OKAY)
+ err = mp_invmod(s, &p, &w);
+
+ /* u1 = ew */
+ if (err == MP_OKAY)
+ err = mp_mulmod(&e, &w, &p, &u1);
+
+ /* u2 = rw */
+ if (err == MP_OKAY)
+ err = mp_mulmod(r, &w, &p, &u2);
+
+ /* find mG and mQ */
+ if (err == MP_OKAY)
+ err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16);
+
+ if (err == MP_OKAY)
+ err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16);
+ if (err == MP_OKAY)
+ mp_set(mG->z, 1);
+
+ if (err == MP_OKAY)
+ err = mp_copy(key->pubkey.x, mQ->x);
+ if (err == MP_OKAY)
+ err = mp_copy(key->pubkey.y, mQ->y);
+ if (err == MP_OKAY)
+ err = mp_copy(key->pubkey.z, mQ->z);
+
+#ifndef ECC_SHAMIR
+ {
+ mp_digit mp;
+
+ /* compute u1*mG + u2*mQ = mG */
+ if (err == MP_OKAY)
+ err = wc_ecc_mulmod(&u1, mG, mG, &m, 0);
+ if (err == MP_OKAY)
+ err = wc_ecc_mulmod(&u2, mQ, mQ, &m, 0);
+
+ /* find the montgomery mp */
+ if (err == MP_OKAY)
+ err = mp_montgomery_setup(&m, &mp);
+
+ /* add them */
+ if (err == MP_OKAY)
+ err = ecc_projective_add_point(mQ, mG, mG, &m, &mp);
+
+ /* reduce */
+ if (err == MP_OKAY)
+ err = ecc_map(mG, &m, &mp);
+ }
+#else
+ /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */
+ if (err == MP_OKAY)
+ err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m);
+#endif /* ECC_SHAMIR */
+
+ /* v = X_x1 mod n */
+ if (err == MP_OKAY)
+ err = mp_mod(mG->x, &p, &v);
+
+ /* does v == r */
+ if (err == MP_OKAY) {
+ if (mp_cmp(&v, r) == MP_EQ)
+ *stat = 1;
+ }
+
+ wc_ecc_del_point(mG);
+ wc_ecc_del_point(mQ);
+
+ mp_clear(&v);
+ mp_clear(&w);
+ mp_clear(&u1);
+ mp_clear(&u2);
+ mp_clear(&p);
+ mp_clear(&e);
+ mp_clear(&m);
+
+ return err;
+}
+#endif /* HAVE_ECC_VERIFY */
+
+#ifdef HAVE_ECC_KEY_IMPORT
+/* import point from der */
+int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
+ ecc_point* point)
+{
+ int err = 0;
+ int compressed = 0;
+
+ if (in == NULL || point == NULL || (curve_idx < 0) ||
+ (wc_ecc_is_valid_idx(curve_idx) == 0))
+ return ECC_BAD_ARG_E;
+
+ /* must be odd */
+ if ((inLen & 1) == 0) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* init point */
+#ifdef ALT_ECC_SIZE
+ point->x = (mp_int*)&point->xyz[0];
+ point->y = (mp_int*)&point->xyz[1];
+ point->z = (mp_int*)&point->xyz[2];
+ alt_fp_init(point->x);
+ alt_fp_init(point->y);
+ alt_fp_init(point->z);
+#else
+ err = mp_init_multi(point->x, point->y, point->z, NULL, NULL, NULL);
+#endif
+ if (err != MP_OKAY)
+ return MEMORY_E;
+
+ /* check for 4, 2, or 3 */
+ if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) {
+ err = ASN_PARSE_E;
+ }
+
+ if (in[0] == 0x02 || in[0] == 0x03) {
+#ifdef HAVE_COMP_KEY
+ compressed = 1;
+#else
+ err = NOT_COMPILED_IN;
+#endif
+ }
+
+ /* read data */
+ if (err == MP_OKAY)
+ err = mp_read_unsigned_bin(point->x, (byte*)in+1, (inLen-1)>>1);
+
+#ifdef HAVE_COMP_KEY
+ if (err == MP_OKAY && compressed == 1) { /* build y */
+ mp_int t1, t2, prime, a, b;
+
+ if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
+ err = MEMORY_E;
+
+ /* load prime */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&prime, (char *)ecc_sets[curve_idx].prime, 16);
+
+ /* load a */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&a, (char *)ecc_sets[curve_idx].Af, 16);
+
+ /* load b */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&b, (char *)ecc_sets[curve_idx].Bf, 16);
+
+ /* compute x^3 */
+ if (err == MP_OKAY)
+ err = mp_sqr(point->x, &t1);
+
+ if (err == MP_OKAY)
+ err = mp_mulmod(&t1, point->x, &prime, &t1);
+
+ /* compute x^3 + a*x */
+ if (err == MP_OKAY)
+ err = mp_mulmod(&a, point->x, &prime, &t2);
+
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &t2, &t1);
+
+ /* compute x^3 + a*x + b */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &b, &t1);
+
+ /* compute sqrt(x^3 + a*x + b) */
+ if (err == MP_OKAY)
+ err = mp_sqrtmod_prime(&t1, &prime, &t2);
+
+ /* adjust y */
+ if (err == MP_OKAY) {
+ if ((mp_isodd(&t2) && in[0] == 0x03) ||
+ (!mp_isodd(&t2) && in[0] == 0x02)) {
+ err = mp_mod(&t2, &prime, point->y);
+ }
+ else {
+ err = mp_submod(&prime, &t2, &prime, point->y);
+ }
+ }
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&prime);
+ mp_clear(&t2);
+ mp_clear(&t1);
+ }
+#endif
+
+ if (err == MP_OKAY && compressed == 0)
+ err = mp_read_unsigned_bin(point->y,
+ (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1);
+ if (err == MP_OKAY)
+ mp_set(point->z, 1);
+
+ if (err != MP_OKAY) {
+ mp_clear(point->x);
+ mp_clear(point->y);
+ mp_clear(point->z);
+ }
+
+ return err;
+}
+#endif /* HAVE_ECC_KEY_IMPORT */
+
+#ifdef HAVE_ECC_KEY_EXPORT
+/* export point to der */
+int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
+ word32* outLen)
+{
+#ifdef WOLFSSL_SMALL_STACK
+ byte* buf;
+#else
+ byte buf[ECC_BUFSIZE];
+#endif
+ word32 numlen;
+ int ret = MP_OKAY;
+
+ if ((curve_idx < 0) || (wc_ecc_is_valid_idx(curve_idx) == 0))
+ return ECC_BAD_ARG_E;
+
+ /* return length needed only */
+ if (point != NULL && out == NULL && outLen != NULL) {
+ numlen = ecc_sets[curve_idx].size;
+ *outLen = 1 + 2*numlen;
+ return LENGTH_ONLY_E;
+ }
+
+ if (point == NULL || out == NULL || outLen == NULL)
+ return ECC_BAD_ARG_E;
+
+ numlen = ecc_sets[curve_idx].size;
+
+ if (*outLen < (1 + 2*numlen)) {
+ *outLen = 1 + 2*numlen;
+ return BUFFER_E;
+ }
+
+ /* store byte 0x04 */
+ out[0] = 0x04;
+
+#ifdef WOLFSSL_SMALL_STACK
+ buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf == NULL)
+ return MEMORY_E;
+#endif
+
+ /* pad and store x */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(point->x, buf +
+ (numlen - mp_unsigned_bin_size(point->x)));
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1, buf, numlen);
+
+ /* pad and store y */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(point->y, buf +
+ (numlen - mp_unsigned_bin_size(point->y)));
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1+numlen, buf, numlen);
+
+ *outLen = 1 + 2*numlen;
+
+done:
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+/* export public ECC key in ANSI X9.63 format */
+int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
+{
+#ifdef WOLFSSL_SMALL_STACK
+ byte* buf;
+#else
+ byte buf[ECC_BUFSIZE];
+#endif
+ word32 numlen;
+ int ret = MP_OKAY;
+
+ /* return length needed only */
+ if (key != NULL && out == NULL && outLen != NULL) {
+ numlen = key->dp->size;
+ *outLen = 1 + 2*numlen;
+ return LENGTH_ONLY_E;
+ }
+
+ if (key == NULL || out == NULL || outLen == NULL)
+ return ECC_BAD_ARG_E;
+
+ if (wc_ecc_is_valid_idx(key->idx) == 0) {
+ return ECC_BAD_ARG_E;
+ }
+ numlen = key->dp->size;
+
+ if (*outLen < (1 + 2*numlen)) {
+ *outLen = 1 + 2*numlen;
+ return BUFFER_E;
+ }
+
+ /* store byte 0x04 */
+ out[0] = 0x04;
+
+#ifdef WOLFSSL_SMALL_STACK
+ buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf == NULL)
+ return MEMORY_E;
+#endif
+
+ /* pad and store x */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(key->pubkey.x,
+ buf + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1, buf, numlen);
+
+ /* pad and store y */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(key->pubkey.y,
+ buf + (numlen - mp_unsigned_bin_size(key->pubkey.y)));
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1+numlen, buf, numlen);
+
+ *outLen = 1 + 2*numlen;
+
+done:
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+/* export public ECC key in ANSI X9.63 format, extended with
+ * compression option */
+int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
+ int compressed)
+{
+ if (compressed == 0)
+ return wc_ecc_export_x963(key, out, outLen);
+#ifdef HAVE_COMP_KEY
+ else
+ return wc_ecc_export_x963_compressed(key, out, outLen);
+#endif
+
+ return NOT_COMPILED_IN;
+}
+#endif /* HAVE_ECC_KEY_EXPORT */
+
+/* is ec point on curve described by dp ? */
+static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime)
+{
+ mp_int b, t1, t2;
+ int err;
+
+ if ((err = mp_init_multi(&b, &t1, &t2, NULL, NULL, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ /* load b */
+ err = mp_read_radix(&b, dp->Bf, 16);
+
+ /* compute y^2 */
+ if (err == MP_OKAY)
+ err = mp_sqr(ecp->y, &t1);
+
+ /* compute x^3 */
+ if (err == MP_OKAY)
+ err = mp_sqr(ecp->x, &t2);
+ if (err == MP_OKAY)
+ err = mp_mod(&t2, prime, &t2);
+ if (err == MP_OKAY)
+ err = mp_mul(ecp->x, &t2, &t2);
+
+ /* compute y^2 - x^3 */
+ if (err == MP_OKAY)
+ err = mp_sub(&t1, &t2, &t1);
+
+ /* compute y^2 - x^3 + 3x */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, ecp->x, &t1);
+ if (err == MP_OKAY)
+ err = mp_add(&t1, ecp->x, &t1);
+ if (err == MP_OKAY)
+ err = mp_add(&t1, ecp->x, &t1);
+ if (err == MP_OKAY)
+ err = mp_mod(&t1, prime, &t1);
+
+ while (err == MP_OKAY && mp_cmp_d(&t1, 0) == MP_LT) {
+ err = mp_add(&t1, prime, &t1);
+ }
+ while (err == MP_OKAY && mp_cmp(&t1, prime) != MP_LT) {
+ err = mp_sub(&t1, prime, &t1);
+ }
+
+ /* compare to b */
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t1, &b) != MP_EQ) {
+ err = MP_VAL;
+ } else {
+ err = MP_OKAY;
+ }
+ }
+
+ mp_clear(&b);
+ mp_clear(&t1);
+ mp_clear(&t2);
+
+ return err;
+}
+
+
+/* validate privkey * generator == pubkey, 0 on success */
+static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
+{
+ ecc_point* base = NULL;
+ ecc_point* res = NULL;
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ base = wc_ecc_new_point();
+ if (base == NULL)
+ return MEMORY_E;
+
+ /* set up base generator */
+ err = mp_read_radix(base->x, (char*)key->dp->Gx, 16);
+ if (err == MP_OKAY)
+ err = mp_read_radix(base->y, (char*)key->dp->Gy, 16);
+ if (err == MP_OKAY)
+ mp_set(base->z, 1);
+
+ if (err == MP_OKAY) {
+ res = wc_ecc_new_point();
+ if (res == NULL)
+ err = MEMORY_E;
+ else {
+ err = wc_ecc_mulmod(&key->k, base, res, prime, 1);
+ if (err == MP_OKAY) {
+ /* compare result to public key */
+ if (mp_cmp(res->x, key->pubkey.x) != MP_EQ ||
+ mp_cmp(res->y, key->pubkey.y) != MP_EQ ||
+ mp_cmp(res->z, key->pubkey.z) != MP_EQ) {
+ /* didn't match */
+ err = ECC_PRIV_KEY_E;
+ }
+ }
+ }
+ }
+
+ wc_ecc_del_point(res);
+ wc_ecc_del_point(base);
+
+ return err;
+}
+
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+
+/* check privkey generator helper, creates prime needed */
+static int ecc_check_privkey_gen_helper(ecc_key* key)
+{
+ mp_int prime;
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ err = mp_init(&prime);
+ if (err != MP_OKAY)
+ return err;
+
+ err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
+
+ if (err == MP_OKAY);
+ err = ecc_check_privkey_gen(key, &prime);
+
+ mp_clear(&prime);
+
+ return err;
+}
+
+#endif /* WOLFSSL_VALIDATE_ECC_IMPORT */
+
+
+/* validate order * pubkey = point at infinity, 0 on success */
+static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order)
+{
+ ecc_point* inf = NULL;
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ inf = wc_ecc_new_point();
+ if (inf == NULL)
+ err = MEMORY_E;
+ else {
+ err = wc_ecc_mulmod(order, &key->pubkey, inf, prime, 1);
+ if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf))
+ err = ECC_INF_E;
+ }
+
+ wc_ecc_del_point(inf);
+
+ return err;
+}
+
+
+/* perform sanity checks on ec key validity, 0 on success */
+int wc_ecc_check_key(ecc_key* key)
+{
+ mp_int prime; /* used by multiple calls so let's cache */
+ mp_int order; /* other callers have, so let's gen here */
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ /* pubkey point cannot be at infinity */
+ if (wc_ecc_point_is_at_infinity(&key->pubkey))
+ return ECC_INF_E;
+
+ err = mp_init_multi(&prime, &order, NULL, NULL, NULL, NULL);
+ if (err != MP_OKAY)
+ return err;
+
+ err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
+
+ /* make sure point is actually on curve */
+ if (err == MP_OKAY)
+ err = ecc_is_point(key->dp, &key->pubkey, &prime);
+
+ if (err == MP_OKAY)
+ err = mp_read_radix(&order, (char*)key->dp->order, 16);
+
+ /* pubkey * order must be at infinity */
+ if (err == MP_OKAY)
+ err = ecc_check_pubkey_order(key, &prime, &order);
+
+ /* private * base generator must equal pubkey */
+ if (err == MP_OKAY && key->type == ECC_PRIVATEKEY)
+ err = ecc_check_privkey_gen(key, &prime);
+
+ mp_clear(&order);
+ mp_clear(&prime);
+
+ return err;
+}
+
+#ifdef HAVE_ECC_KEY_IMPORT
+/* import public ECC key in ANSI X9.63 format */
+int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
+{
+ int x, err;
+ int compressed = 0;
+
+ if (in == NULL || key == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* must be odd */
+ if ((inLen & 1) == 0) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* init key */
+#ifdef ALT_ECC_SIZE
+ key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
+ key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
+ key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
+ alt_fp_init(key->pubkey.x);
+ alt_fp_init(key->pubkey.y);
+ alt_fp_init(key->pubkey.z);
+ err = mp_init(&key->k);
+#else
+ err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, &key->k,
+ NULL, NULL);
+#endif
+ if (err != MP_OKAY)
+ return MEMORY_E;
+
+ /* check for 4, 2, or 3 */
+ if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) {
+ err = ASN_PARSE_E;
+ }
+
+ if (in[0] == 0x02 || in[0] == 0x03) {
+#ifdef HAVE_COMP_KEY
+ compressed = 1;
+#else
+ err = NOT_COMPILED_IN;
+#endif
+ }
+
+ if (err == MP_OKAY) {
+ /* determine the idx */
+
+ if (compressed)
+ inLen = (inLen-1)*2 + 1; /* used uncompressed len */
+
+ for (x = 0; ecc_sets[x].size != 0; x++) {
+ if ((unsigned)ecc_sets[x].size >= ((inLen-1)>>1)) {
+ break;
+ }
+ }
+ if (ecc_sets[x].size == 0) {
+ WOLFSSL_MSG("ecc_set size not found");
+ err = ASN_PARSE_E;
+ } else {
+ /* set the idx */
+ key->idx = x;
+ key->dp = &ecc_sets[x];
+ key->type = ECC_PUBLICKEY;
+ }
+ }
+
+ /* read data */
+ if (err == MP_OKAY)
+ err = mp_read_unsigned_bin(key->pubkey.x, (byte*)in+1, (inLen-1)>>1);
+
+#ifdef HAVE_COMP_KEY
+ if (err == MP_OKAY && compressed == 1) { /* build y */
+ mp_int t1, t2, prime, a, b;
+
+ if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
+ err = MEMORY_E;
+
+ /* load prime */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&prime, (char *)key->dp->prime, 16);
+
+ /* load a */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&a, (char *)key->dp->Af, 16);
+
+ /* load b */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&b, (char *)key->dp->Bf, 16);
+
+ /* compute x^3 */
+ if (err == MP_OKAY)
+ err = mp_sqr(key->pubkey.x, &t1);
+
+ if (err == MP_OKAY)
+ err = mp_mulmod(&t1, key->pubkey.x, &prime, &t1);
+
+ /* compute x^3 + a*x */
+ if (err == MP_OKAY)
+ err = mp_mulmod(&a, key->pubkey.x, &prime, &t2);
+
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &t2, &t1);
+
+ /* compute x^3 + a*x + b */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &b, &t1);
+
+ /* compute sqrt(x^3 + a*x + b) */
+ if (err == MP_OKAY)
+ err = mp_sqrtmod_prime(&t1, &prime, &t2);
+
+ /* adjust y */
+ if (err == MP_OKAY) {
+ if ((mp_isodd(&t2) && in[0] == 0x03) ||
+ (!mp_isodd(&t2) && in[0] == 0x02)) {
+ err = mp_mod(&t2, &prime, key->pubkey.y);
+ }
+ else {
+ err = mp_submod(&prime, &t2, &prime, key->pubkey.y);
+ }
+ }
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&prime);
+ mp_clear(&t2);
+ mp_clear(&t1);
+ }
+#endif
+
+ if (err == MP_OKAY && compressed == 0)
+ err = mp_read_unsigned_bin(key->pubkey.y, (byte*)in+1+((inLen-1)>>1),
+ (inLen-1)>>1);
+ if (err == MP_OKAY)
+ mp_set(key->pubkey.z, 1);
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+ if (err == MP_OKAY)
+ err = wc_ecc_check_key(key);
+#endif
+
+ if (err != MP_OKAY) {
+ mp_clear(key->pubkey.x);
+ mp_clear(key->pubkey.y);
+ mp_clear(key->pubkey.z);
+ mp_clear(&key->k);
+ }
+
+ return err;
+}
+#endif /* HAVE_ECC_KEY_IMPORT */
+
+#ifdef HAVE_ECC_KEY_EXPORT
+/* export ecc private key only raw, outLen is in/out size
+ return MP_OKAY on success */
+int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
+{
+ word32 numlen;
+
+ if (key == NULL || out == NULL || outLen == NULL)
+ return ECC_BAD_ARG_E;
+
+ if (wc_ecc_is_valid_idx(key->idx) == 0) {
+ return ECC_BAD_ARG_E;
+ }
+ numlen = key->dp->size;
+
+ if (*outLen < numlen) {
+ *outLen = numlen;
+ return BUFFER_E;
+ }
+ *outLen = numlen;
+ XMEMSET(out, 0, *outLen);
+ return mp_to_unsigned_bin(&key->k, out + (numlen -
+ mp_unsigned_bin_size(&key->k)));
+}
+#endif /* HAVE_ECC_KEY_EXPORT */
+
+#ifdef HAVE_ECC_KEY_IMPORT
+/* ecc private key import, public key in ANSI X9.63 format, private raw */
+int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
+ word32 pubSz, ecc_key* key)
+{
+ int ret = wc_ecc_import_x963(pub, pubSz, key);
+ if (ret != 0)
+ return ret;
+
+ key->type = ECC_PRIVATEKEY;
+
+ ret = mp_read_unsigned_bin(&key->k, priv, privSz);
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+ if (ret == MP_OKAY)
+ ret = ecc_check_privkey_gen_helper(key);
+#endif
+
+ return ret;
+}
+#endif /* HAVE_ECC_KEY_IMPORT */
+
+#ifndef NO_ASN
+/**
+ Convert ECC R,S to signature
+ r R component of signature
+ s S component of signature
+ out DER-encoded ECDSA signature
+ outlen [in/out] output buffer size, output signature size
+ return MP_OKAY on success
+*/
+int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen)
+{
+ int err;
+ mp_int rtmp;
+ mp_int stmp;
+
+ if (r == NULL || s == NULL || out == NULL || outlen == NULL)
+ return ECC_BAD_ARG_E;
+
+ err = mp_init_multi(&rtmp, &stmp, NULL, NULL, NULL, NULL);
+ if (err != MP_OKAY)
+ return err;
+
+ err = mp_read_radix(&rtmp, r, 16);
+ if (err == MP_OKAY)
+ err = mp_read_radix(&stmp, s, 16);
+
+ /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */
+ if (err == MP_OKAY)
+ err = StoreECC_DSA_Sig(out, outlen, &rtmp, &stmp);
+
+ if (err == MP_OKAY) {
+ if (mp_iszero(&rtmp) || mp_iszero(&stmp))
+ err = MP_ZERO_E;
+ }
+
+ mp_clear(&rtmp);
+ mp_clear(&stmp);
+
+ return err;
+}
+#endif /* !NO_ASN */
+
+#ifdef HAVE_ECC_KEY_IMPORT
+/**
+ Import raw ECC key
+ key The destination ecc_key structure
+ qx x component of base point, as ASCII hex string
+ qy y component of base point, as ASCII hex string
+ d private key, as ASCII hex string
+ curveName ECC curve name, from ecc_sets[]
+ return MP_OKAY on success
+*/
+int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
+ const char* d, const char* curveName)
+{
+ int err, x;
+
+ if (key == NULL || qx == NULL || qy == NULL || d == NULL ||
+ curveName == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* init key */
+#ifdef ALT_ECC_SIZE
+ key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
+ key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
+ key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
+ alt_fp_init(key->pubkey.x);
+ alt_fp_init(key->pubkey.y);
+ alt_fp_init(key->pubkey.z);
+ err = mp_init(&key->k);
+#else
+ err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, &key->k,
+ NULL, NULL);
+#endif
+ if (err != MP_OKAY)
+ return MEMORY_E;
+
+ /* read Qx */
+ if (err == MP_OKAY)
+ err = mp_read_radix(key->pubkey.x, qx, 16);
+
+ /* read Qy */
+ if (err == MP_OKAY)
+ err = mp_read_radix(key->pubkey.y, qy, 16);
+
+ if (err == MP_OKAY)
+ mp_set(key->pubkey.z, 1);
+
+ /* read and set the curve */
+ if (err == MP_OKAY) {
+ for (x = 0; ecc_sets[x].size != 0; x++) {
+ if (XSTRNCMP(ecc_sets[x].name, curveName,
+ XSTRLEN(curveName)) == 0) {
+ break;
+ }
+ }
+ if (ecc_sets[x].size == 0) {
+ WOLFSSL_MSG("ecc_set curve name not found");
+ err = ASN_PARSE_E;
+ } else {
+ /* set the curve */
+ key->idx = x;
+ key->dp = &ecc_sets[x];
+ key->type = ECC_PUBLICKEY;
+ }
+ }
+
+ /* import private key */
+ if (err == MP_OKAY) {
+ key->type = ECC_PRIVATEKEY;
+ err = mp_read_radix(&key->k, d, 16);
+ }
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+ if (err == MP_OKAY)
+ err = wc_ecc_check_key(key);
+#endif
+
+ if (err != MP_OKAY) {
+ mp_clear(key->pubkey.x);
+ mp_clear(key->pubkey.y);
+ mp_clear(key->pubkey.z);
+ mp_clear(&key->k);
+ }
+
+ return err;
+}
+#endif /* HAVE_ECC_KEY_IMPORT */
+
+/* key size in octets */
+int wc_ecc_size(ecc_key* key)
+{
+ if (key == NULL) return 0;
+
+ return key->dp->size;
+}
+
+
+/* worst case estimate, check actual return from wc_ecc_sign_hash for actual
+ value of signature size in octets */
+int wc_ecc_sig_size(ecc_key* key)
+{
+ int sz = wc_ecc_size(key);
+ if (sz <= 0)
+ return sz;
+
+ return (sz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ;
+}
+
+
+#ifdef FP_ECC
+
+/* fixed point ECC cache */
+/* number of entries in the cache */
+#ifndef FP_ENTRIES
+ #define FP_ENTRIES 16
+#endif
+
+/* number of bits in LUT */
+#ifndef FP_LUT
+ #define FP_LUT 8U
+#endif
+
+#ifdef ECC_SHAMIR
+ /* Sharmir requires a bigger LUT, TAO */
+ #if (FP_LUT > 12) || (FP_LUT < 4)
+ #error FP_LUT must be between 4 and 12 inclusively
+ #endif
+#else
+ #if (FP_LUT > 12) || (FP_LUT < 2)
+ #error FP_LUT must be between 2 and 12 inclusively
+ #endif
+#endif
+
+
+/** Our FP cache */
+typedef struct {
+ ecc_point* g; /* cached COPY of base point */
+ ecc_point* LUT[1U<<FP_LUT]; /* fixed point lookup */
+ mp_int mu; /* copy of the montgomery constant */
+ int lru_count; /* amount of times this entry has been used */
+ int lock; /* flag to indicate cache eviction */
+ /* permitted (0) or not (1) */
+} fp_cache_t;
+
+/* if HAVE_THREAD_LS this cache is per thread, no locking needed */
+static THREAD_LS_T fp_cache_t fp_cache[FP_ENTRIES];
+
+#ifndef HAVE_THREAD_LS
+ static volatile int initMutex = 0; /* prevent multiple mutex inits */
+ static wolfSSL_Mutex ecc_fp_lock;
+#endif /* HAVE_THREAD_LS */
+
+/* simple table to help direct the generation of the LUT */
+static const struct {
+ int ham, terma, termb;
+} lut_orders[] = {
+ { 0, 0, 0 }, { 1, 0, 0 }, { 1, 0, 0 }, { 2, 1, 2 }, { 1, 0, 0 }, { 2, 1, 4 }, { 2, 2, 4 }, { 3, 3, 4 },
+ { 1, 0, 0 }, { 2, 1, 8 }, { 2, 2, 8 }, { 3, 3, 8 }, { 2, 4, 8 }, { 3, 5, 8 }, { 3, 6, 8 }, { 4, 7, 8 },
+ { 1, 0, 0 }, { 2, 1, 16 }, { 2, 2, 16 }, { 3, 3, 16 }, { 2, 4, 16 }, { 3, 5, 16 }, { 3, 6, 16 }, { 4, 7, 16 },
+ { 2, 8, 16 }, { 3, 9, 16 }, { 3, 10, 16 }, { 4, 11, 16 }, { 3, 12, 16 }, { 4, 13, 16 }, { 4, 14, 16 }, { 5, 15, 16 },
+ { 1, 0, 0 }, { 2, 1, 32 }, { 2, 2, 32 }, { 3, 3, 32 }, { 2, 4, 32 }, { 3, 5, 32 }, { 3, 6, 32 }, { 4, 7, 32 },
+ { 2, 8, 32 }, { 3, 9, 32 }, { 3, 10, 32 }, { 4, 11, 32 }, { 3, 12, 32 }, { 4, 13, 32 }, { 4, 14, 32 }, { 5, 15, 32 },
+ { 2, 16, 32 }, { 3, 17, 32 }, { 3, 18, 32 }, { 4, 19, 32 }, { 3, 20, 32 }, { 4, 21, 32 }, { 4, 22, 32 }, { 5, 23, 32 },
+ { 3, 24, 32 }, { 4, 25, 32 }, { 4, 26, 32 }, { 5, 27, 32 }, { 4, 28, 32 }, { 5, 29, 32 }, { 5, 30, 32 }, { 6, 31, 32 },
+#if FP_LUT > 6
+ { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 },
+ { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 },
+ { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 },
+ { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 },
+ { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 },
+ { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 },
+ { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 },
+ { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 },
+#if FP_LUT > 7
+ { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 },
+ { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 },
+ { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 },
+ { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 },
+ { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 },
+ { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 },
+ { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 },
+ { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 },
+ { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 },
+ { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 },
+ { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 },
+ { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 },
+ { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 },
+ { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 },
+ { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 },
+ { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 },
+#if FP_LUT > 8
+ { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 },
+ { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 },
+ { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 },
+ { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 },
+ { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 },
+ { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 },
+ { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 },
+ { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 },
+ { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 },
+ { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 },
+ { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 },
+ { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 },
+ { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 },
+ { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 },
+ { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 },
+ { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 },
+ { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 },
+ { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 },
+ { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 },
+ { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 },
+ { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 },
+ { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 },
+ { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 },
+ { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 },
+ { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 },
+ { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 },
+ { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 },
+ { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 },
+ { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 },
+ { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 },
+ { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 },
+ { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 },
+#if FP_LUT > 9
+ { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 },
+ { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 },
+ { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 },
+ { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 },
+ { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 },
+ { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 },
+ { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 },
+ { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 },
+ { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 },
+ { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 },
+ { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 },
+ { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 },
+ { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 },
+ { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 },
+ { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 },
+ { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 },
+ { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 },
+ { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 },
+ { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 },
+ { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 },
+ { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 },
+ { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 },
+ { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 },
+ { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 },
+ { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 },
+ { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 },
+ { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 },
+ { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 },
+ { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 },
+ { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 },
+ { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 },
+ { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 },
+ { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 },
+ { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 },
+ { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 },
+ { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 },
+ { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 },
+ { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 },
+ { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 },
+ { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 },
+ { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 },
+ { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 },
+ { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 },
+ { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 },
+ { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 },
+ { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 },
+ { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 },
+ { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 },
+ { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 },
+ { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 },
+ { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 },
+ { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 },
+ { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 },
+ { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 },
+ { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 },
+ { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 },
+ { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 },
+ { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 },
+ { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 },
+ { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 },
+ { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 },
+ { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 },
+ { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 },
+ { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 },
+#if FP_LUT > 10
+ { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 },
+ { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 },
+ { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 },
+ { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 },
+ { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 },
+ { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 },
+ { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 },
+ { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 },
+ { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 },
+ { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 },
+ { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 },
+ { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 },
+ { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 },
+ { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 },
+ { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 },
+ { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 },
+ { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 },
+ { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 },
+ { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 },
+ { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 },
+ { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 },
+ { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 },
+ { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 },
+ { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 },
+ { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 },
+ { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 },
+ { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 },
+ { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 },
+ { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 },
+ { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 },
+ { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 },
+ { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 },
+ { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 },
+ { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 },
+ { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 },
+ { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 },
+ { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 },
+ { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 },
+ { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 },
+ { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 },
+ { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 },
+ { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 },
+ { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 },
+ { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 },
+ { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 },
+ { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 },
+ { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 },
+ { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 },
+ { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 },
+ { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 },
+ { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 },
+ { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 },
+ { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 },
+ { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 },
+ { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 },
+ { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 },
+ { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 },
+ { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 },
+ { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 },
+ { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 },
+ { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 },
+ { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 },
+ { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 },
+ { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 },
+ { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 },
+ { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 },
+ { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 },
+ { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 },
+ { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 },
+ { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 },
+ { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 },
+ { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 },
+ { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 },
+ { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 },
+ { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 },
+ { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 },
+ { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 },
+ { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 },
+ { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 },
+ { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 },
+ { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 },
+ { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 },
+ { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 },
+ { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 },
+ { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 },
+ { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 },
+ { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 },
+ { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 },
+ { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 },
+ { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 },
+ { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 },
+ { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 },
+ { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 },
+ { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 },
+ { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 },
+ { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 },
+ { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 },
+ { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 },
+ { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 },
+ { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 },
+ { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 },
+ { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 },
+ { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 },
+ { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 },
+ { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 },
+ { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 },
+ { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 },
+ { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 },
+ { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 },
+ { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 },
+ { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 },
+ { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 },
+ { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 },
+ { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 },
+ { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 },
+ { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 },
+ { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 },
+ { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 },
+ { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 },
+ { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 },
+ { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 },
+ { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 },
+ { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 },
+ { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 },
+ { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 },
+ { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 },
+ { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 },
+ { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 },
+#if FP_LUT > 11
+ { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 },
+ { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 },
+ { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 },
+ { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 },
+ { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 },
+ { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 },
+ { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 },
+ { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 },
+ { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 },
+ { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 },
+ { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 },
+ { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 },
+ { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 },
+ { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 },
+ { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 },
+ { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 },
+ { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 },
+ { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 },
+ { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 },
+ { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 },
+ { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 },
+ { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 },
+ { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 },
+ { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 },
+ { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 },
+ { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 },
+ { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 },
+ { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 },
+ { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 },
+ { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 },
+ { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 },
+ { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 },
+ { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 },
+ { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 },
+ { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 },
+ { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 },
+ { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 },
+ { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 },
+ { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 },
+ { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 },
+ { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 },
+ { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 },
+ { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 },
+ { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 },
+ { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 },
+ { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 },
+ { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 },
+ { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 },
+ { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 },
+ { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 },
+ { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 },
+ { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 },
+ { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 },
+ { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 },
+ { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 },
+ { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 },
+ { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 },
+ { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 },
+ { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 },
+ { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 },
+ { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 },
+ { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 },
+ { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 },
+ { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 },
+ { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 },
+ { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 },
+ { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 },
+ { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 },
+ { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 },
+ { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 },
+ { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 },
+ { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 },
+ { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 },
+ { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 },
+ { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 },
+ { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 },
+ { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 },
+ { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 },
+ { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 },
+ { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 },
+ { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 },
+ { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 },
+ { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 },
+ { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 },
+ { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 },
+ { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 },
+ { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 },
+ { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 },
+ { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 },
+ { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 },
+ { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 },
+ { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 },
+ { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 },
+ { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 },
+ { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 },
+ { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 },
+ { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 },
+ { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 },
+ { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 },
+ { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 },
+ { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 },
+ { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 },
+ { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 },
+ { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 },
+ { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 },
+ { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 },
+ { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 },
+ { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 },
+ { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 },
+ { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 },
+ { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 },
+ { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 },
+ { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 },
+ { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 },
+ { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 },
+ { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 },
+ { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 },
+ { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 },
+ { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 },
+ { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 },
+ { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 },
+ { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 },
+ { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 },
+ { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 },
+ { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 },
+ { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 },
+ { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 },
+ { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 },
+ { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 },
+ { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 },
+ { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 },
+ { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 },
+ { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 },
+ { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 },
+ { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 },
+ { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 },
+ { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 },
+ { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 },
+ { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 },
+ { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 },
+ { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 },
+ { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 },
+ { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 },
+ { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 },
+ { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 },
+ { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 },
+ { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 },
+ { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 },
+ { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 },
+ { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 },
+ { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 },
+ { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 },
+ { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 },
+ { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 },
+ { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 },
+ { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 },
+ { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 },
+ { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 },
+ { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 },
+ { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 },
+ { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 },
+ { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 },
+ { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 },
+ { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 },
+ { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 },
+ { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 },
+ { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 },
+ { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 },
+ { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 },
+ { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 },
+ { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 },
+ { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 },
+ { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 },
+ { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 },
+ { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 },
+ { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 },
+ { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 },
+ { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 },
+ { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 },
+ { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 },
+ { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 },
+ { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 },
+ { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 },
+ { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 },
+ { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 },
+ { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 },
+ { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 },
+ { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 },
+ { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 },
+ { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 },
+ { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 },
+ { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 },
+ { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 },
+ { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 },
+ { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 },
+ { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 },
+ { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 },
+ { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 },
+ { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 },
+ { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 },
+ { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 },
+ { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 },
+ { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 },
+ { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 },
+ { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 },
+ { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 },
+ { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 },
+ { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 },
+ { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 },
+ { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 },
+ { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 },
+ { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 },
+ { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 },
+ { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 },
+ { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 },
+ { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 },
+ { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 },
+ { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 },
+ { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 },
+ { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 },
+ { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 },
+ { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 },
+ { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 },
+ { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 },
+ { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 },
+ { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 },
+ { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 },
+ { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 },
+ { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 },
+ { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 },
+ { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 },
+ { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 },
+ { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 },
+ { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 },
+ { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 },
+ { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 },
+ { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 },
+ { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 },
+ { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 },
+ { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 },
+ { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 },
+ { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 },
+ { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 },
+ { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 },
+ { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 },
+ { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 },
+ { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 },
+ { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 },
+ { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 },
+ { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 },
+ { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 },
+ { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 },
+ { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 },
+ { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 },
+ { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 },
+ { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 },
+#endif
+#endif
+#endif
+#endif
+#endif
+#endif
+};
+
+/* find a hole and free as required, return -1 if no hole found */
+static int find_hole(void)
+{
+ unsigned x;
+ int y, z;
+ for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) {
+ z = x;
+ y = fp_cache[x].lru_count;
+ }
+ }
+
+ /* decrease all */
+ for (x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].lru_count > 3) {
+ --(fp_cache[x].lru_count);
+ }
+ }
+
+ /* free entry z */
+ if (z >= 0 && fp_cache[z].g) {
+ mp_clear(&fp_cache[z].mu);
+ wc_ecc_del_point(fp_cache[z].g);
+ fp_cache[z].g = NULL;
+ for (x = 0; x < (1U<<FP_LUT); x++) {
+ wc_ecc_del_point(fp_cache[z].LUT[x]);
+ fp_cache[z].LUT[x] = NULL;
+ }
+ fp_cache[z].lru_count = 0;
+ }
+ return z;
+}
+
+/* determine if a base is already in the cache and if so, where */
+static int find_base(ecc_point* g)
+{
+ int x;
+ for (x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].g != NULL &&
+ mp_cmp(fp_cache[x].g->x, g->x) == MP_EQ &&
+ mp_cmp(fp_cache[x].g->y, g->y) == MP_EQ &&
+ mp_cmp(fp_cache[x].g->z, g->z) == MP_EQ) {
+ break;
+ }
+ }
+ if (x == FP_ENTRIES) {
+ x = -1;
+ }
+ return x;
+}
+
+/* add a new base to the cache */
+static int add_entry(int idx, ecc_point *g)
+{
+ unsigned x, y;
+
+ /* allocate base and LUT */
+ fp_cache[idx].g = wc_ecc_new_point();
+ if (fp_cache[idx].g == NULL) {
+ return GEN_MEM_ERR;
+ }
+
+ /* copy x and y */
+ if ((mp_copy(g->x, fp_cache[idx].g->x) != MP_OKAY) ||
+ (mp_copy(g->y, fp_cache[idx].g->y) != MP_OKAY) ||
+ (mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) {
+ wc_ecc_del_point(fp_cache[idx].g);
+ fp_cache[idx].g = NULL;
+ return GEN_MEM_ERR;
+ }
+
+ for (x = 0; x < (1U<<FP_LUT); x++) {
+ fp_cache[idx].LUT[x] = wc_ecc_new_point();
+ if (fp_cache[idx].LUT[x] == NULL) {
+ for (y = 0; y < x; y++) {
+ wc_ecc_del_point(fp_cache[idx].LUT[y]);
+ fp_cache[idx].LUT[y] = NULL;
+ }
+ wc_ecc_del_point(fp_cache[idx].g);
+ fp_cache[idx].g = NULL;
+ fp_cache[idx].lru_count = 0;
+ return GEN_MEM_ERR;
+ }
+ }
+
+ fp_cache[idx].lru_count = 0;
+
+ return MP_OKAY;
+}
+
+/* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart
+ *
+ * The algorithm builds patterns in increasing bit order by first making all
+ * single bit input patterns, then all two bit input patterns and so on
+ */
+static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
+{
+ unsigned x, y, err, bitlen, lut_gap;
+ mp_int tmp;
+
+ if (mp_init(&tmp) != MP_OKAY)
+ return GEN_MEM_ERR;
+
+ /* sanity check to make sure lut_order table is of correct size,
+ should compile out to a NOP if true */
+ if ((sizeof(lut_orders) / sizeof(lut_orders[0])) < (1U<<FP_LUT)) {
+ err = BAD_FUNC_ARG;
+ }
+ else {
+ /* get bitlen and round up to next multiple of FP_LUT */
+ bitlen = mp_unsigned_bin_size(modulus) << 3;
+ x = bitlen % FP_LUT;
+ if (x) {
+ bitlen += FP_LUT - x;
+ }
+ lut_gap = bitlen / FP_LUT;
+
+ /* init the mu */
+ err = mp_init_copy(&fp_cache[idx].mu, mu);
+ }
+
+ /* copy base */
+ if (err == MP_OKAY) {
+ if ((mp_mulmod(fp_cache[idx].g->x, mu, modulus,
+ fp_cache[idx].LUT[1]->x) != MP_OKAY) ||
+ (mp_mulmod(fp_cache[idx].g->y, mu, modulus,
+ fp_cache[idx].LUT[1]->y) != MP_OKAY) ||
+ (mp_mulmod(fp_cache[idx].g->z, mu, modulus,
+ fp_cache[idx].LUT[1]->z) != MP_OKAY)) {
+ err = MP_MULMOD_E;
+ }
+ }
+
+ /* make all single bit entries */
+ for (x = 1; x < FP_LUT; x++) {
+ if (err != MP_OKAY)
+ break;
+ if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x,
+ fp_cache[idx].LUT[1<<x]->x) != MP_OKAY) ||
+ (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y,
+ fp_cache[idx].LUT[1<<x]->y) != MP_OKAY) ||
+ (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z,
+ fp_cache[idx].LUT[1<<x]->z) != MP_OKAY)){
+ err = MP_INIT_E;
+ break;
+ } else {
+
+ /* now double it bitlen/FP_LUT times */
+ for (y = 0; y < lut_gap; y++) {
+ if ((err = ecc_projective_dbl_point(fp_cache[idx].LUT[1<<x],
+ fp_cache[idx].LUT[1<<x], modulus, mp)) != MP_OKAY) {
+ break;
+ }
+ }
+ }
+ }
+
+ /* now make all entries in increase order of hamming weight */
+ for (x = 2; x <= FP_LUT; x++) {
+ if (err != MP_OKAY)
+ break;
+ for (y = 0; y < (1UL<<FP_LUT); y++) {
+ if (err != MP_OKAY)
+ break;
+ if (lut_orders[y].ham != (int)x) continue;
+
+ /* perform the add */
+ if ((err = ecc_projective_add_point(
+ fp_cache[idx].LUT[lut_orders[y].terma],
+ fp_cache[idx].LUT[lut_orders[y].termb],
+ fp_cache[idx].LUT[y], modulus, mp)) != MP_OKAY) {
+ break;
+ }
+ }
+ }
+
+ /* now map all entries back to affine space to make point addition faster */
+ for (x = 1; x < (1UL<<FP_LUT); x++) {
+ if (err != MP_OKAY)
+ break;
+
+ /* convert z to normal from montgomery */
+ err = mp_montgomery_reduce(fp_cache[idx].LUT[x]->z, modulus, *mp);
+
+ /* invert it */
+ if (err == MP_OKAY)
+ err = mp_invmod(fp_cache[idx].LUT[x]->z, modulus,
+ fp_cache[idx].LUT[x]->z);
+
+ if (err == MP_OKAY)
+ /* now square it */
+ err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, &tmp);
+
+ if (err == MP_OKAY)
+ /* fix x */
+ err = mp_mulmod(fp_cache[idx].LUT[x]->x, &tmp, modulus,
+ fp_cache[idx].LUT[x]->x);
+
+ if (err == MP_OKAY)
+ /* get 1/z^3 */
+ err = mp_mulmod(&tmp, fp_cache[idx].LUT[x]->z, modulus, &tmp);
+
+ if (err == MP_OKAY)
+ /* fix y */
+ err = mp_mulmod(fp_cache[idx].LUT[x]->y, &tmp, modulus,
+ fp_cache[idx].LUT[x]->y);
+
+ if (err == MP_OKAY)
+ /* free z */
+ mp_clear(fp_cache[idx].LUT[x]->z);
+ }
+ mp_clear(&tmp);
+
+ if (err == MP_OKAY)
+ return MP_OKAY;
+
+ /* err cleanup */
+ for (y = 0; y < (1U<<FP_LUT); y++) {
+ wc_ecc_del_point(fp_cache[idx].LUT[y]);
+ fp_cache[idx].LUT[y] = NULL;
+ }
+ wc_ecc_del_point(fp_cache[idx].g);
+ fp_cache[idx].g = NULL;
+ fp_cache[idx].lru_count = 0;
+ mp_clear(&fp_cache[idx].mu);
+ mp_clear(&tmp);
+
+ return err;
+}
+
+/* perform a fixed point ECC mulmod */
+static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus,
+ mp_digit* mp, int map)
+{
+#define KB_SIZE 128
+
+#ifdef WOLFSSL_SMALL_STACK
+ unsigned char* kb;
+#else
+ unsigned char kb[128];
+#endif
+ int x;
+ unsigned y, z, err, bitlen, bitpos, lut_gap, first;
+ mp_int tk;
+
+ if (mp_init(&tk) != MP_OKAY)
+ return MP_INIT_E;
+
+ /* if it's smaller than modulus we fine */
+ if (mp_unsigned_bin_size(k) > mp_unsigned_bin_size(modulus)) {
+ mp_int order;
+ if (mp_init(&order) != MP_OKAY) {
+ mp_clear(&tk);
+ return MP_INIT_E;
+ }
+
+ /* find order */
+ y = mp_unsigned_bin_size(modulus);
+ for (x = 0; ecc_sets[x].size; x++) {
+ if (y <= (unsigned)ecc_sets[x].size) break;
+ }
+
+ /* back off if we are on the 521 bit curve */
+ if (y == 66) --x;
+
+ if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
+ mp_clear(&order);
+ mp_clear(&tk);
+ return err;
+ }
+
+ /* k must be less than modulus */
+ if (mp_cmp(k, &order) != MP_LT) {
+ if ((err = mp_mod(k, &order, &tk)) != MP_OKAY) {
+ mp_clear(&tk);
+ mp_clear(&order);
+ return err;
+ }
+ } else {
+ mp_copy(k, &tk);
+ }
+ mp_clear(&order);
+ } else {
+ mp_copy(k, &tk);
+ }
+
+ /* get bitlen and round up to next multiple of FP_LUT */
+ bitlen = mp_unsigned_bin_size(modulus) << 3;
+ x = bitlen % FP_LUT;
+ if (x) {
+ bitlen += FP_LUT - x;
+ }
+ lut_gap = bitlen / FP_LUT;
+
+ /* get the k value */
+ if (mp_unsigned_bin_size(&tk) > (int)(KB_SIZE - 2)) {
+ mp_clear(&tk);
+ return BUFFER_E;
+ }
+
+ /* store k */
+#ifdef WOLFSSL_SMALL_STACK
+ kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (kb == NULL)
+ return MEMORY_E;
+#endif
+
+ XMEMSET(kb, 0, KB_SIZE);
+ if ((err = mp_to_unsigned_bin(&tk, kb)) != MP_OKAY) {
+ mp_clear(&tk);
+ }
+ else {
+ /* let's reverse kb so it's little endian */
+ x = 0;
+ y = mp_unsigned_bin_size(&tk);
+ if (y > 0) {
+ y -= 1;
+ }
+ mp_clear(&tk);
+
+ while ((unsigned)x < y) {
+ z = kb[x]; kb[x] = kb[y]; kb[y] = z;
+ ++x; --y;
+ }
+
+ /* at this point we can start, yipee */
+ first = 1;
+ for (x = lut_gap-1; x >= 0; x--) {
+ /* extract FP_LUT bits from kb spread out by lut_gap bits and offset
+ by x bits from the start */
+ bitpos = x;
+ for (y = z = 0; y < FP_LUT; y++) {
+ z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y;
+ bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid
+ the mult in each loop */
+ }
+
+ /* double if not first */
+ if (!first) {
+ if ((err = ecc_projective_dbl_point(R, R, modulus,
+ mp)) != MP_OKAY) {
+ break;
+ }
+ }
+
+ /* add if not first, otherwise copy */
+ if (!first && z) {
+ if ((err = ecc_projective_add_point(R, fp_cache[idx].LUT[z], R,
+ modulus, mp)) != MP_OKAY) {
+ break;
+ }
+ } else if (z) {
+ if ((mp_copy(fp_cache[idx].LUT[z]->x, R->x) != MP_OKAY) ||
+ (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != MP_OKAY) ||
+ (mp_copy(&fp_cache[idx].mu, R->z) != MP_OKAY)) {
+ err = GEN_MEM_ERR;
+ break;
+ }
+ first = 0;
+ }
+ }
+ }
+
+ if (err == MP_OKAY) {
+ z = 0; /* mp_to_unsigned_bin != MP_OKAY z will be declared/not set */
+ (void) z; /* Acknowledge the unused assignment */
+ ForceZero(kb, KB_SIZE);
+ /* map R back from projective space */
+ if (map) {
+ err = ecc_map(R, modulus, mp);
+ } else {
+ err = MP_OKAY;
+ }
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(kb, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+#undef KB_SIZE
+
+ return err;
+}
+
+#ifdef ECC_SHAMIR
+/* perform a fixed point ECC mulmod */
+static int accel_fp_mul2add(int idx1, int idx2,
+ mp_int* kA, mp_int* kB,
+ ecc_point *R, mp_int* modulus, mp_digit* mp)
+{
+#define KB_SIZE 128
+
+#ifdef WOLFSSL_SMALL_STACK
+ unsigned char* kb[2];
+#else
+ unsigned char kb[2][128];
+#endif
+ int x;
+ unsigned y, z, err, bitlen, bitpos, lut_gap, first, zA, zB;
+ mp_int tka;
+ mp_int tkb;
+ mp_int order;
+
+ if (mp_init_multi(&tka, &tkb, 0, 0, 0, 0) != MP_OKAY)
+ return MP_INIT_E;
+
+ /* if it's smaller than modulus we fine */
+ if (mp_unsigned_bin_size(kA) > mp_unsigned_bin_size(modulus)) {
+ /* find order */
+ y = mp_unsigned_bin_size(modulus);
+ for (x = 0; ecc_sets[x].size; x++) {
+ if (y <= (unsigned)ecc_sets[x].size) break;
+ }
+
+ /* back off if we are on the 521 bit curve */
+ if (y == 66) --x;
+
+ if ((err = mp_init(&order)) != MP_OKAY) {
+ mp_clear(&tkb);
+ mp_clear(&tka);
+ return err;
+ }
+ if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
+ mp_clear(&tkb);
+ mp_clear(&tka);
+ mp_clear(&order);
+ return err;
+ }
+
+ /* kA must be less than modulus */
+ if (mp_cmp(kA, &order) != MP_LT) {
+ if ((err = mp_mod(kA, &order, &tka)) != MP_OKAY) {
+ mp_clear(&tkb);
+ mp_clear(&tka);
+ mp_clear(&order);
+ return err;
+ }
+ } else {
+ mp_copy(kA, &tka);
+ }
+ mp_clear(&order);
+ } else {
+ mp_copy(kA, &tka);
+ }
+
+ /* if it's smaller than modulus we fine */
+ if (mp_unsigned_bin_size(kB) > mp_unsigned_bin_size(modulus)) {
+ /* find order */
+ y = mp_unsigned_bin_size(modulus);
+ for (x = 0; ecc_sets[x].size; x++) {
+ if (y <= (unsigned)ecc_sets[x].size) break;
+ }
+
+ /* back off if we are on the 521 bit curve */
+ if (y == 66) --x;
+
+ if ((err = mp_init(&order)) != MP_OKAY) {
+ mp_clear(&tkb);
+ mp_clear(&tka);
+ return err;
+ }
+ if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
+ mp_clear(&tkb);
+ mp_clear(&tka);
+ mp_clear(&order);
+ return err;
+ }
+
+ /* kB must be less than modulus */
+ if (mp_cmp(kB, &order) != MP_LT) {
+ if ((err = mp_mod(kB, &order, &tkb)) != MP_OKAY) {
+ mp_clear(&tkb);
+ mp_clear(&tka);
+ mp_clear(&order);
+ return err;
+ }
+ } else {
+ mp_copy(kB, &tkb);
+ }
+ mp_clear(&order);
+ } else {
+ mp_copy(kB, &tkb);
+ }
+
+ /* get bitlen and round up to next multiple of FP_LUT */
+ bitlen = mp_unsigned_bin_size(modulus) << 3;
+ x = bitlen % FP_LUT;
+ if (x) {
+ bitlen += FP_LUT - x;
+ }
+ lut_gap = bitlen / FP_LUT;
+
+ /* get the k value */
+ if ((mp_unsigned_bin_size(&tka) > (int)(KB_SIZE - 2)) ||
+ (mp_unsigned_bin_size(&tkb) > (int)(KB_SIZE - 2)) ) {
+ mp_clear(&tka);
+ mp_clear(&tkb);
+ return BUFFER_E;
+ }
+
+ /* store k */
+#ifdef WOLFSSL_SMALL_STACK
+ kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (kb[0] == NULL)
+ return MEMORY_E;
+#endif
+
+ XMEMSET(kb[0], 0, KB_SIZE);
+ if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) {
+ mp_clear(&tka);
+ mp_clear(&tkb);
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return err;
+ }
+
+ /* let's reverse kb so it's little endian */
+ x = 0;
+ y = mp_unsigned_bin_size(&tka);
+ if (y > 0) {
+ y -= 1;
+ }
+ mp_clear(&tka);
+ while ((unsigned)x < y) {
+ z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z;
+ ++x; --y;
+ }
+
+ /* store b */
+#ifdef WOLFSSL_SMALL_STACK
+ kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (kb[1] == NULL) {
+ XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return MEMORY_E;
+ }
+#endif
+
+ XMEMSET(kb[1], 0, KB_SIZE);
+ if ((err = mp_to_unsigned_bin(&tkb, kb[1])) != MP_OKAY) {
+ mp_clear(&tkb);
+ }
+ else {
+ x = 0;
+ y = mp_unsigned_bin_size(&tkb);
+ if (y > 0) {
+ y -= 1;
+ }
+ mp_clear(&tkb);
+ while ((unsigned)x < y) {
+ z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z;
+ ++x; --y;
+ }
+
+ /* at this point we can start, yipee */
+ first = 1;
+ for (x = lut_gap-1; x >= 0; x--) {
+ /* extract FP_LUT bits from kb spread out by lut_gap bits and
+ offset by x bits from the start */
+ bitpos = x;
+ for (y = zA = zB = 0; y < FP_LUT; y++) {
+ zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y;
+ zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y;
+ bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid
+ the mult in each loop */
+ }
+
+ /* double if not first */
+ if (!first) {
+ if ((err = ecc_projective_dbl_point(R, R, modulus,
+ mp)) != MP_OKAY) {
+ break;
+ }
+ }
+
+ /* add if not first, otherwise copy */
+ if (!first) {
+ if (zA) {
+ if ((err = ecc_projective_add_point(R, fp_cache[idx1].LUT[zA],
+ R, modulus, mp)) != MP_OKAY) {
+ break;
+ }
+ }
+ if (zB) {
+ if ((err = ecc_projective_add_point(R, fp_cache[idx2].LUT[zB],
+ R, modulus, mp)) != MP_OKAY) {
+ break;
+ }
+ }
+ } else {
+ if (zA) {
+ if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != MP_OKAY) ||
+ (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != MP_OKAY) ||
+ (mp_copy(&fp_cache[idx1].mu, R->z) != MP_OKAY)) {
+ err = GEN_MEM_ERR;
+ break;
+ }
+ first = 0;
+ }
+ if (zB && first == 0) {
+ if (zB) {
+ if ((err = ecc_projective_add_point(R,
+ fp_cache[idx2].LUT[zB], R, modulus, mp)) != MP_OKAY){
+ break;
+ }
+ }
+ } else if (zB && first == 1) {
+ if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != MP_OKAY) ||
+ (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != MP_OKAY) ||
+ (mp_copy(&fp_cache[idx2].mu, R->z) != MP_OKAY)) {
+ err = GEN_MEM_ERR;
+ break;
+ }
+ first = 0;
+ }
+ }
+ }
+ }
+
+ ForceZero(kb[0], KB_SIZE);
+ ForceZero(kb[1], KB_SIZE);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(kb[1], NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+#undef KB_SIZE
+
+ if (err != MP_OKAY)
+ return err;
+
+ return ecc_map(R, modulus, mp);
+}
+
+/** ECC Fixed Point mulmod global
+ Computes kA*A + kB*B = C using Shamir's Trick
+ A First point to multiply
+ kA What to multiple A by
+ B Second point to multiply
+ kB What to multiple B by
+ C [out] Destination point (can overlap with A or B)
+ modulus Modulus for curve
+ return MP_OKAY on success
+*/
+int ecc_mul2add(ecc_point* A, mp_int* kA,
+ ecc_point* B, mp_int* kB,
+ ecc_point* C, mp_int* modulus)
+{
+ int idx1 = -1, idx2 = -1, err = MP_OKAY, mpInit = 0;
+ mp_digit mp;
+ mp_int mu;
+
+ err = mp_init(&mu);
+ if (err != MP_OKAY)
+ return err;
+
+#ifndef HAVE_THREAD_LS
+ if (initMutex == 0) {
+ InitMutex(&ecc_fp_lock);
+ initMutex = 1;
+ }
+ if (LockMutex(&ecc_fp_lock) != 0)
+ return BAD_MUTEX_E;
+#endif /* HAVE_THREAD_LS */
+
+ /* find point */
+ idx1 = find_base(A);
+
+ /* no entry? */
+ if (idx1 == -1) {
+ /* find hole and add it */
+ if ((idx1 = find_hole()) >= 0) {
+ err = add_entry(idx1, A);
+ }
+ }
+ if (err == MP_OKAY && idx1 != -1) {
+ /* increment LRU */
+ ++(fp_cache[idx1].lru_count);
+ }
+
+ if (err == MP_OKAY)
+ /* find point */
+ idx2 = find_base(B);
+
+ if (err == MP_OKAY) {
+ /* no entry? */
+ if (idx2 == -1) {
+ /* find hole and add it */
+ if ((idx2 = find_hole()) >= 0)
+ err = add_entry(idx2, B);
+ }
+ }
+
+ if (err == MP_OKAY && idx2 != -1) {
+ /* increment LRU */
+ ++(fp_cache[idx2].lru_count);
+ }
+
+ if (err == MP_OKAY) {
+ /* if it's 2 build the LUT, if it's higher just use the LUT */
+ if (idx1 >= 0 && fp_cache[idx1].lru_count == 2) {
+ /* compute mp */
+ err = mp_montgomery_setup(modulus, &mp);
+
+ if (err == MP_OKAY) {
+ mpInit = 1;
+ err = mp_montgomery_calc_normalization(&mu, modulus);
+ }
+
+ if (err == MP_OKAY)
+ /* build the LUT */
+ err = build_lut(idx1, modulus, &mp, &mu);
+ }
+ }
+
+ if (err == MP_OKAY) {
+ /* if it's 2 build the LUT, if it's higher just use the LUT */
+ if (idx2 >= 0 && fp_cache[idx2].lru_count == 2) {
+ if (mpInit == 0) {
+ /* compute mp */
+ err = mp_montgomery_setup(modulus, &mp);
+ if (err == MP_OKAY) {
+ mpInit = 1;
+ err = mp_montgomery_calc_normalization(&mu, modulus);
+ }
+ }
+
+ if (err == MP_OKAY)
+ /* build the LUT */
+ err = build_lut(idx2, modulus, &mp, &mu);
+ }
+ }
+
+
+ if (err == MP_OKAY) {
+ if (idx1 >=0 && idx2 >= 0 && fp_cache[idx1].lru_count >= 2 &&
+ fp_cache[idx2].lru_count >= 2) {
+ if (mpInit == 0) {
+ /* compute mp */
+ err = mp_montgomery_setup(modulus, &mp);
+ }
+ if (err == MP_OKAY)
+ err = accel_fp_mul2add(idx1, idx2, kA, kB, C, modulus, &mp);
+ } else {
+ err = normal_ecc_mul2add(A, kA, B, kB, C, modulus);
+ }
+ }
+
+#ifndef HAVE_THREAD_LS
+ UnLockMutex(&ecc_fp_lock);
+#endif /* HAVE_THREAD_LS */
+ mp_clear(&mu);
+
+ return err;
+}
+#endif /* ECC_SHAMIR */
+
+/** ECC Fixed Point mulmod global
+ k The multiplicand
+ G Base point to multiply
+ R [out] Destination of product
+ modulus The modulus for the curve
+ map [boolean] If non-zero maps the point back to affine co-ordinates,
+ otherwise it's left in jacobian-montgomery form
+ return MP_OKAY if successful
+*/
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+ int map)
+{
+ int idx, err = MP_OKAY;
+ mp_digit mp;
+ mp_int mu;
+ int mpSetup = 0;
+
+ if (mp_init(&mu) != MP_OKAY)
+ return MP_INIT_E;
+
+#ifndef HAVE_THREAD_LS
+ if (initMutex == 0) {
+ InitMutex(&ecc_fp_lock);
+ initMutex = 1;
+ }
+
+ if (LockMutex(&ecc_fp_lock) != 0)
+ return BAD_MUTEX_E;
+#endif /* HAVE_THREAD_LS */
+
+ /* find point */
+ idx = find_base(G);
+
+ /* no entry? */
+ if (idx == -1) {
+ /* find hole and add it */
+ idx = find_hole();
+
+ if (idx >= 0)
+ err = add_entry(idx, G);
+ }
+ if (err == MP_OKAY && idx >= 0) {
+ /* increment LRU */
+ ++(fp_cache[idx].lru_count);
+ }
+
+
+ if (err == MP_OKAY) {
+ /* if it's 2 build the LUT, if it's higher just use the LUT */
+ if (idx >= 0 && fp_cache[idx].lru_count == 2) {
+ /* compute mp */
+ err = mp_montgomery_setup(modulus, &mp);
+
+ if (err == MP_OKAY) {
+ /* compute mu */
+ mpSetup = 1;
+ err = mp_montgomery_calc_normalization(&mu, modulus);
+ }
+
+ if (err == MP_OKAY)
+ /* build the LUT */
+ err = build_lut(idx, modulus, &mp, &mu);
+ }
+ }
+
+ if (err == MP_OKAY) {
+ if (idx >= 0 && fp_cache[idx].lru_count >= 2) {
+ if (mpSetup == 0) {
+ /* compute mp */
+ err = mp_montgomery_setup(modulus, &mp);
+ }
+ if (err == MP_OKAY)
+ err = accel_fp_mul(idx, k, R, modulus, &mp, map);
+ } else {
+ err = normal_ecc_mulmod(k, G, R, modulus, map);
+ }
+ }
+
+#ifndef HAVE_THREAD_LS
+ UnLockMutex(&ecc_fp_lock);
+#endif /* HAVE_THREAD_LS */
+ mp_clear(&mu);
+
+ return err;
+}
+
+/* helper function for freeing the cache ...
+ must be called with the cache mutex locked */
+static void wc_ecc_fp_free_cache(void)
+{
+ unsigned x, y;
+ for (x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].g != NULL) {
+ for (y = 0; y < (1U<<FP_LUT); y++) {
+ wc_ecc_del_point(fp_cache[x].LUT[y]);
+ fp_cache[x].LUT[y] = NULL;
+ }
+ wc_ecc_del_point(fp_cache[x].g);
+ fp_cache[x].g = NULL;
+ mp_clear(&fp_cache[x].mu);
+ fp_cache[x].lru_count = 0;
+ fp_cache[x].lock = 0;
+ }
+ }
+}
+
+/** Free the Fixed Point cache */
+void wc_ecc_fp_free(void)
+{
+#ifndef HAVE_THREAD_LS
+ if (initMutex == 0) {
+ InitMutex(&ecc_fp_lock);
+ initMutex = 1;
+ }
+
+ if (LockMutex(&ecc_fp_lock) == 0) {
+#endif /* HAVE_THREAD_LS */
+
+ wc_ecc_fp_free_cache();
+
+#ifndef HAVE_THREAD_LS
+ UnLockMutex(&ecc_fp_lock);
+ FreeMutex(&ecc_fp_lock);
+ initMutex = 0;
+ }
+#endif /* HAVE_THREAD_LS */
+}
+
+
+#endif /* FP_ECC */
+
+#ifdef HAVE_ECC_ENCRYPT
+
+
+enum ecCliState {
+ ecCLI_INIT = 1,
+ ecCLI_SALT_GET = 2,
+ ecCLI_SALT_SET = 3,
+ ecCLI_SENT_REQ = 4,
+ ecCLI_RECV_RESP = 5,
+ ecCLI_BAD_STATE = 99
+};
+
+enum ecSrvState {
+ ecSRV_INIT = 1,
+ ecSRV_SALT_GET = 2,
+ ecSRV_SALT_SET = 3,
+ ecSRV_RECV_REQ = 4,
+ ecSRV_SENT_RESP = 5,
+ ecSRV_BAD_STATE = 99
+};
+
+
+struct ecEncCtx {
+ const byte* kdfSalt; /* optional salt for kdf */
+ const byte* kdfInfo; /* optional info for kdf */
+ const byte* macSalt; /* optional salt for mac */
+ word32 kdfSaltSz; /* size of kdfSalt */
+ word32 kdfInfoSz; /* size of kdfInfo */
+ word32 macSaltSz; /* size of macSalt */
+ byte clientSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */
+ byte serverSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */
+ byte encAlgo; /* which encryption type */
+ byte kdfAlgo; /* which key derivation function type */
+ byte macAlgo; /* which mac function type */
+ byte protocol; /* are we REQ_RESP client or server ? */
+ byte cliSt; /* protocol state, for sanity checks */
+ byte srvSt; /* protocol state, for sanity checks */
+};
+
+
+const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx)
+{
+ if (ctx == NULL || ctx->protocol == 0)
+ return NULL;
+
+ if (ctx->protocol == REQ_RESP_CLIENT) {
+ if (ctx->cliSt == ecCLI_INIT) {
+ ctx->cliSt = ecCLI_SALT_GET;
+ return ctx->clientSalt;
+ }
+ else {
+ ctx->cliSt = ecCLI_BAD_STATE;
+ return NULL;
+ }
+ }
+ else if (ctx->protocol == REQ_RESP_SERVER) {
+ if (ctx->srvSt == ecSRV_INIT) {
+ ctx->srvSt = ecSRV_SALT_GET;
+ return ctx->serverSalt;
+ }
+ else {
+ ctx->srvSt = ecSRV_BAD_STATE;
+ return NULL;
+ }
+ }
+
+ return NULL;
+}
+
+
+/* optional set info, can be called before or after set_peer_salt */
+int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz)
+{
+ if (ctx == NULL || info == 0 || sz < 0)
+ return BAD_FUNC_ARG;
+
+ ctx->kdfInfo = info;
+ ctx->kdfInfoSz = sz;
+
+ return 0;
+}
+
+
+static const char* exchange_info = "Secure Message Exchange";
+
+int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
+{
+ byte tmp[EXCHANGE_SALT_SZ/2];
+ int halfSz = EXCHANGE_SALT_SZ/2;
+
+ if (ctx == NULL || ctx->protocol == 0 || salt == NULL)
+ return BAD_FUNC_ARG;
+
+ if (ctx->protocol == REQ_RESP_CLIENT) {
+ XMEMCPY(ctx->serverSalt, salt, EXCHANGE_SALT_SZ);
+ if (ctx->cliSt == ecCLI_SALT_GET)
+ ctx->cliSt = ecCLI_SALT_SET;
+ else {
+ ctx->cliSt = ecCLI_BAD_STATE;
+ return BAD_ENC_STATE_E;
+ }
+ }
+ else {
+ XMEMCPY(ctx->clientSalt, salt, EXCHANGE_SALT_SZ);
+ if (ctx->srvSt == ecSRV_SALT_GET)
+ ctx->srvSt = ecSRV_SALT_SET;
+ else {
+ ctx->srvSt = ecSRV_BAD_STATE;
+ return BAD_ENC_STATE_E;
+ }
+ }
+
+ /* mix half and half */
+ /* tmp stores 2nd half of client before overwrite */
+ XMEMCPY(tmp, ctx->clientSalt + halfSz, halfSz);
+ XMEMCPY(ctx->clientSalt + halfSz, ctx->serverSalt, halfSz);
+ XMEMCPY(ctx->serverSalt, tmp, halfSz);
+
+ ctx->kdfSalt = ctx->clientSalt;
+ ctx->kdfSaltSz = EXCHANGE_SALT_SZ;
+
+ ctx->macSalt = ctx->serverSalt;
+ ctx->macSaltSz = EXCHANGE_SALT_SZ;
+
+ if (ctx->kdfInfo == NULL) {
+ /* default info */
+ ctx->kdfInfo = (const byte*)exchange_info;
+ ctx->kdfInfoSz = EXCHANGE_INFO_SZ;
+ }
+
+ return 0;
+}
+
+
+static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, WC_RNG* rng)
+{
+ byte* saltBuffer = NULL;
+
+ if (ctx == NULL || rng == NULL || flags == 0)
+ return BAD_FUNC_ARG;
+
+ saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt;
+
+ return wc_RNG_GenerateBlock(rng, saltBuffer, EXCHANGE_SALT_SZ);
+}
+
+
+static void ecc_ctx_init(ecEncCtx* ctx, int flags)
+{
+ if (ctx) {
+ XMEMSET(ctx, 0, sizeof(ecEncCtx));
+
+ ctx->encAlgo = ecAES_128_CBC;
+ ctx->kdfAlgo = ecHKDF_SHA256;
+ ctx->macAlgo = ecHMAC_SHA256;
+ ctx->protocol = (byte)flags;
+
+ if (flags == REQ_RESP_CLIENT)
+ ctx->cliSt = ecCLI_INIT;
+ if (flags == REQ_RESP_SERVER)
+ ctx->srvSt = ecSRV_INIT;
+ }
+}
+
+
+/* allow ecc context reset so user doesn't have to init/free for reuse */
+int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng)
+{
+ if (ctx == NULL || rng == NULL)
+ return BAD_FUNC_ARG;
+
+ ecc_ctx_init(ctx, ctx->protocol);
+ return ecc_ctx_set_salt(ctx, ctx->protocol, rng);
+}
+
+
+/* alloc/init and set defaults, return new Context */
+ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng)
+{
+ int ret = 0;
+ ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC);
+
+ if (ctx)
+ ctx->protocol = (byte)flags;
+
+ ret = wc_ecc_ctx_reset(ctx, rng);
+ if (ret != 0) {
+ wc_ecc_ctx_free(ctx);
+ ctx = NULL;
+ }
+
+ return ctx;
+}
+
+
+/* free any resources, clear any keys */
+void wc_ecc_ctx_free(ecEncCtx* ctx)
+{
+ if (ctx) {
+ ForceZero(ctx, sizeof(ecEncCtx));
+ XFREE(ctx, 0, DYNAMIC_TYPE_ECC);
+ }
+}
+
+
+static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
+ int* keysLen, word32* digestSz, word32* blockSz)
+{
+ if (ctx) {
+ switch (ctx->encAlgo) {
+ case ecAES_128_CBC:
+ *encKeySz = KEY_SIZE_128;
+ *ivSz = IV_SIZE_128;
+ *blockSz = AES_BLOCK_SIZE;
+ break;
+ default:
+ return BAD_FUNC_ARG;
+ }
+
+ switch (ctx->macAlgo) {
+ case ecHMAC_SHA256:
+ *digestSz = SHA256_DIGEST_SIZE;
+ break;
+ default:
+ return BAD_FUNC_ARG;
+ }
+ } else
+ return BAD_FUNC_ARG;
+
+ *keysLen = *encKeySz + *ivSz + *digestSz;
+
+ return 0;
+}
+
+
+/* ecc encrypt with shared secret run through kdf
+ ctx holds non default algos and inputs
+ msgSz should be the right size for encAlgo, i.e., already padded
+ return 0 on success */
+int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
+ word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx)
+{
+ int ret;
+ word32 blockSz;
+ word32 digestSz;
+ ecEncCtx localCtx;
+#ifdef WOLFSSL_SMALL_STACK
+ byte* sharedSecret;
+ byte* keys;
+#else
+ byte sharedSecret[ECC_MAXSIZE]; /* 521 max size */
+ byte keys[ECC_BUFSIZE]; /* max size */
+#endif
+ word32 sharedSz = ECC_MAXSIZE;
+ int keysLen;
+ int encKeySz;
+ int ivSz;
+ int offset = 0; /* keys offset if doing msg exchange */
+ byte* encKey;
+ byte* encIv;
+ byte* macKey;
+
+ if (privKey == NULL || pubKey == NULL || msg == NULL || out == NULL ||
+ outSz == NULL)
+ return BAD_FUNC_ARG;
+
+ if (ctx == NULL) { /* use defaults */
+ ecc_ctx_init(&localCtx, 0);
+ ctx = &localCtx;
+ }
+
+ ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
+ &blockSz);
+ if (ret != 0)
+ return ret;
+
+ if (ctx->protocol == REQ_RESP_SERVER) {
+ offset = keysLen;
+ keysLen *= 2;
+
+ if (ctx->srvSt != ecSRV_RECV_REQ)
+ return BAD_ENC_STATE_E;
+
+ ctx->srvSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
+ }
+ else if (ctx->protocol == REQ_RESP_CLIENT) {
+ if (ctx->cliSt != ecCLI_SALT_SET)
+ return BAD_ENC_STATE_E;
+
+ ctx->cliSt = ecCLI_SENT_REQ; /* only do this once */
+ }
+
+ if (keysLen > ECC_BUFSIZE) /* keys size */
+ return BUFFER_E;
+
+ if ( (msgSz%blockSz) != 0)
+ return BAD_PADDING_E;
+
+ if (*outSz < (msgSz + digestSz))
+ return BUFFER_E;
+
+#ifdef WOLFSSL_SMALL_STACK
+ sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (sharedSecret == NULL)
+ return MEMORY_E;
+
+ keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (keys == NULL) {
+ XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return MEMORY_E;
+ }
+#endif
+
+ ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz);
+
+ if (ret == 0) {
+ switch (ctx->kdfAlgo) {
+ case ecHKDF_SHA256 :
+ ret = wc_HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt,
+ ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
+ keys, keysLen);
+ break;
+
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (ret == 0) {
+ encKey = keys + offset;
+ encIv = encKey + encKeySz;
+ macKey = encKey + encKeySz + ivSz;
+
+ switch (ctx->encAlgo) {
+ case ecAES_128_CBC:
+ {
+ Aes aes;
+ ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
+ AES_ENCRYPTION);
+ if (ret != 0)
+ break;
+ ret = wc_AesCbcEncrypt(&aes, out, msg, msgSz);
+ }
+ break;
+
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (ret == 0) {
+ switch (ctx->macAlgo) {
+ case ecHMAC_SHA256:
+ {
+ Hmac hmac;
+ ret = wc_HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
+ if (ret != 0)
+ break;
+ ret = wc_HmacUpdate(&hmac, out, msgSz);
+ if (ret != 0)
+ break;
+ ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
+ if (ret != 0)
+ break;
+ ret = wc_HmacFinal(&hmac, out+msgSz);
+ }
+ break;
+
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (ret == 0)
+ *outSz = msgSz + digestSz;
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+/* ecc decrypt with shared secret run through kdf
+ ctx holds non default algos and inputs
+ return 0 on success */
+int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
+ word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx)
+{
+ int ret;
+ word32 blockSz;
+ word32 digestSz;
+ ecEncCtx localCtx;
+#ifdef WOLFSSL_SMALL_STACK
+ byte* sharedSecret;
+ byte* keys;
+#else
+ byte sharedSecret[ECC_MAXSIZE]; /* 521 max size */
+ byte keys[ECC_BUFSIZE]; /* max size */
+#endif
+ word32 sharedSz = ECC_MAXSIZE;
+ int keysLen;
+ int encKeySz;
+ int ivSz;
+ int offset = 0; /* in case using msg exchange */
+ byte* encKey;
+ byte* encIv;
+ byte* macKey;
+
+ if (privKey == NULL || pubKey == NULL || msg == NULL || out == NULL ||
+ outSz == NULL)
+ return BAD_FUNC_ARG;
+
+ if (ctx == NULL) { /* use defaults */
+ ecc_ctx_init(&localCtx, 0);
+ ctx = &localCtx;
+ }
+
+ ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
+ &blockSz);
+ if (ret != 0)
+ return ret;
+
+ if (ctx->protocol == REQ_RESP_CLIENT) {
+ offset = keysLen;
+ keysLen *= 2;
+
+ if (ctx->cliSt != ecCLI_SENT_REQ)
+ return BAD_ENC_STATE_E;
+
+ ctx->cliSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
+ }
+ else if (ctx->protocol == REQ_RESP_SERVER) {
+ if (ctx->srvSt != ecSRV_SALT_SET)
+ return BAD_ENC_STATE_E;
+
+ ctx->srvSt = ecSRV_RECV_REQ; /* only do this once */
+ }
+
+ if (keysLen > ECC_BUFSIZE) /* keys size */
+ return BUFFER_E;
+
+ if ( ((msgSz-digestSz) % blockSz) != 0)
+ return BAD_PADDING_E;
+
+ if (*outSz < (msgSz - digestSz))
+ return BUFFER_E;
+
+#ifdef WOLFSSL_SMALL_STACK
+ sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (sharedSecret == NULL)
+ return MEMORY_E;
+
+ keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (keys == NULL) {
+ XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return MEMORY_E;
+ }
+#endif
+
+ ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz);
+
+ if (ret == 0) {
+ switch (ctx->kdfAlgo) {
+ case ecHKDF_SHA256 :
+ ret = wc_HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt,
+ ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
+ keys, keysLen);
+ break;
+
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (ret == 0) {
+ encKey = keys + offset;
+ encIv = encKey + encKeySz;
+ macKey = encKey + encKeySz + ivSz;
+
+ switch (ctx->macAlgo) {
+ case ecHMAC_SHA256:
+ {
+ byte verify[SHA256_DIGEST_SIZE];
+ Hmac hmac;
+ ret = wc_HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
+ if (ret != 0)
+ break;
+ ret = wc_HmacUpdate(&hmac, msg, msgSz-digestSz);
+ if (ret != 0)
+ break;
+ ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
+ if (ret != 0)
+ break;
+ ret = wc_HmacFinal(&hmac, verify);
+ if (ret != 0)
+ break;
+ if (memcmp(verify, msg + msgSz - digestSz, digestSz) != 0)
+ ret = -1;
+ }
+ break;
+
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (ret == 0) {
+ switch (ctx->encAlgo) {
+ #ifdef HAVE_AES_CBC
+ case ecAES_128_CBC:
+ {
+ Aes aes;
+ ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
+ AES_DECRYPTION);
+ if (ret != 0)
+ break;
+ ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz);
+ }
+ break;
+ #endif
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (ret == 0)
+ *outSz = msgSz - digestSz;
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+#endif /* HAVE_ECC_ENCRYPT */
+
+
+#ifdef HAVE_COMP_KEY
+
+/* computes the jacobi c = (a | n) (or Legendre if n is prime)
+ * HAC pp. 73 Algorithm 2.149
+ */
+int mp_jacobi(mp_int* a, mp_int* p, int* c)
+{
+ mp_int a1, p1;
+ int k, s, r, res;
+ mp_digit residue;
+
+ /* if p <= 0 return MP_VAL */
+ if (mp_cmp_d(p, 0) != MP_GT) {
+ return MP_VAL;
+ }
+
+ /* step 1. if a == 0, return 0 */
+ if (mp_iszero (a) == 1) {
+ *c = 0;
+ return MP_OKAY;
+ }
+
+ /* step 2. if a == 1, return 1 */
+ if (mp_cmp_d (a, 1) == MP_EQ) {
+ *c = 1;
+ return MP_OKAY;
+ }
+
+ /* default */
+ s = 0;
+
+ /* step 3. write a = a1 * 2**k */
+ if ((res = mp_init_copy (&a1, a)) != MP_OKAY) {
+ return res;
+ }
+
+ if ((res = mp_init (&p1)) != MP_OKAY) {
+ mp_clear(&a1);
+ return res;
+ }
+
+ /* divide out larger power of two */
+ k = mp_cnt_lsb(&a1);
+ res = mp_div_2d(&a1, k, &a1, NULL);
+
+ if (res == MP_OKAY) {
+ /* step 4. if e is even set s=1 */
+ if ((k & 1) == 0) {
+ s = 1;
+ } else {
+ /* else set s=1 if p = 1/7 (mod 8) or s=-1 if p = 3/5 (mod 8) */
+ residue = p->dp[0] & 7;
+
+ if (residue == 1 || residue == 7) {
+ s = 1;
+ } else if (residue == 3 || residue == 5) {
+ s = -1;
+ }
+ }
+
+ /* step 5. if p == 3 (mod 4) *and* a1 == 3 (mod 4) then s = -s */
+ if ( ((p->dp[0] & 3) == 3) && ((a1.dp[0] & 3) == 3)) {
+ s = -s;
+ }
+ }
+
+ if (res == MP_OKAY) {
+ /* if a1 == 1 we're done */
+ if (mp_cmp_d (&a1, 1) == MP_EQ) {
+ *c = s;
+ } else {
+ /* n1 = n mod a1 */
+ res = mp_mod (p, &a1, &p1);
+ if (res == MP_OKAY)
+ res = mp_jacobi (&p1, &a1, &r);
+
+ if (res == MP_OKAY)
+ *c = s * r;
+ }
+ }
+
+ /* done */
+ mp_clear (&p1);
+ mp_clear (&a1);
+
+ return res;
+}
+
+
+int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
+{
+ int res, legendre, done = 0;
+ mp_int t1, C, Q, S, Z, M, T, R, two;
+ mp_digit i;
+
+ /* first handle the simple cases */
+ if (mp_cmp_d(n, 0) == MP_EQ) {
+ mp_zero(ret);
+ return MP_OKAY;
+ }
+ if (mp_cmp_d(prime, 2) == MP_EQ) return MP_VAL; /* prime must be odd */
+ /* TAO removed
+ if ((res = mp_jacobi(n, prime, &legendre)) != MP_OKAY) return res;
+ if (legendre == -1) return MP_VAL; */ /* quadratic non-residue mod prime */
+
+ if ((res = mp_init_multi(&t1, &C, &Q, &S, &Z, &M)) != MP_OKAY)
+ return res;
+
+ if ((res = mp_init_multi(&T, &R, &two, NULL, NULL, NULL))
+ != MP_OKAY) {
+ mp_clear(&t1); mp_clear(&C); mp_clear(&Q); mp_clear(&S); mp_clear(&Z);
+ mp_clear(&M);
+ return res;
+ }
+
+ /* SPECIAL CASE: if prime mod 4 == 3
+ * compute directly: res = n^(prime+1)/4 mod prime
+ * Handbook of Applied Cryptography algorithm 3.36
+ */
+ res = mp_mod_d(prime, 4, &i);
+ if (res == MP_OKAY && i == 3) {
+ res = mp_add_d(prime, 1, &t1);
+
+ if (res == MP_OKAY)
+ res = mp_div_2(&t1, &t1);
+ if (res == MP_OKAY)
+ res = mp_div_2(&t1, &t1);
+ if (res == MP_OKAY)
+ res = mp_exptmod(n, &t1, prime, ret);
+
+ done = 1;
+ }
+
+ /* NOW: TonelliShanks algorithm */
+
+ if (res == MP_OKAY && done == 0) {
+
+ /* factor out powers of 2 from prime-1, defining Q and S
+ * as: prime-1 = Q*2^S */
+ res = mp_copy(prime, &Q);
+ if (res == MP_OKAY)
+ res = mp_sub_d(&Q, 1, &Q);
+ /* Q = prime - 1 */
+ if (res == MP_OKAY)
+ mp_zero(&S);
+ /* S = 0 */
+ while (res == MP_OKAY && mp_iseven(&Q)) {
+ res = mp_div_2(&Q, &Q);
+ /* Q = Q / 2 */
+ if (res == MP_OKAY)
+ res = mp_add_d(&S, 1, &S);
+ /* S = S + 1 */
+ }
+
+ /* find a Z such that the Legendre symbol (Z|prime) == -1 */
+ if (res == MP_OKAY)
+ res = mp_set_int(&Z, 2);
+ /* Z = 2 */
+ while (res == MP_OKAY) {
+ res = mp_jacobi(&Z, prime, &legendre);
+ if (res == MP_OKAY && legendre == -1)
+ break;
+ if (res == MP_OKAY)
+ res = mp_add_d(&Z, 1, &Z);
+ /* Z = Z + 1 */
+ }
+
+ if (res == MP_OKAY)
+ res = mp_exptmod(&Z, &Q, prime, &C);
+ /* C = Z ^ Q mod prime */
+ if (res == MP_OKAY)
+ res = mp_add_d(&Q, 1, &t1);
+ if (res == MP_OKAY)
+ res = mp_div_2(&t1, &t1);
+ /* t1 = (Q + 1) / 2 */
+ if (res == MP_OKAY)
+ res = mp_exptmod(n, &t1, prime, &R);
+ /* R = n ^ ((Q + 1) / 2) mod prime */
+ if (res == MP_OKAY)
+ res = mp_exptmod(n, &Q, prime, &T);
+ /* T = n ^ Q mod prime */
+ if (res == MP_OKAY)
+ res = mp_copy(&S, &M);
+ /* M = S */
+ if (res == MP_OKAY)
+ res = mp_set_int(&two, 2);
+
+ while (res == MP_OKAY && done == 0) {
+ res = mp_copy(&T, &t1);
+ i = 0;
+ while (res == MP_OKAY) {
+ if (mp_cmp_d(&t1, 1) == MP_EQ)
+ break;
+ res = mp_exptmod(&t1, &two, prime, &t1);
+ if (res == MP_OKAY)
+ i++;
+ }
+ if (res == MP_OKAY && i == 0) {
+ mp_copy(&R, ret);
+ res = MP_OKAY;
+ done = 1;
+ }
+
+ if (done == 0) {
+ if (res == MP_OKAY)
+ res = mp_sub_d(&M, i, &t1);
+ if (res == MP_OKAY)
+ res = mp_sub_d(&t1, 1, &t1);
+ if (res == MP_OKAY)
+ res = mp_exptmod(&two, &t1, prime, &t1);
+ /* t1 = 2 ^ (M - i - 1) */
+ if (res == MP_OKAY)
+ res = mp_exptmod(&C, &t1, prime, &t1);
+ /* t1 = C ^ (2 ^ (M - i - 1)) mod prime */
+ if (res == MP_OKAY)
+ res = mp_sqrmod(&t1, prime, &C);
+ /* C = (t1 * t1) mod prime */
+ if (res == MP_OKAY)
+ res = mp_mulmod(&R, &t1, prime, &R);
+ /* R = (R * t1) mod prime */
+ if (res == MP_OKAY)
+ res = mp_mulmod(&T, &C, prime, &T);
+ /* T = (T * C) mod prime */
+ if (res == MP_OKAY)
+ mp_set(&M, i);
+ /* M = i */
+ }
+ }
+ }
+
+ /* done */
+ mp_clear(&t1);
+ mp_clear(&C);
+ mp_clear(&Q);
+ mp_clear(&S);
+ mp_clear(&Z);
+ mp_clear(&M);
+ mp_clear(&T);
+ mp_clear(&R);
+ mp_clear(&two);
+
+ return res;
+}
+
+
+/* export public ECC key in ANSI X9.63 format compressed */
+int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen)
+{
+ word32 numlen;
+ int ret = MP_OKAY;
+
+ if (key == NULL || out == NULL || outLen == NULL)
+ return ECC_BAD_ARG_E;
+
+ if (wc_ecc_is_valid_idx(key->idx) == 0) {
+ return ECC_BAD_ARG_E;
+ }
+ numlen = key->dp->size;
+
+ if (*outLen < (1 + numlen)) {
+ *outLen = 1 + numlen;
+ return BUFFER_E;
+ }
+
+ /* store first byte */
+ out[0] = mp_isodd(key->pubkey.y) ? 0x03 : 0x02;
+
+ /* pad and store x */
+ XMEMSET(out+1, 0, numlen);
+ ret = mp_to_unsigned_bin(key->pubkey.x,
+ out+1 + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
+ *outLen = 1 + numlen;
+ return ret;
+}
+
+
+/* d = a - b (mod c) */
+int mp_submod(mp_int* a, mp_int* b, mp_int* c, mp_int* d)
+{
+ int res;
+ mp_int t;
+
+ if ((res = mp_init (&t)) != MP_OKAY) {
+ return res;
+ }
+
+ if ((res = mp_sub (a, b, &t)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+ res = mp_mod (&t, c, d);
+ mp_clear (&t);
+
+ return res;
+}
+
+
+#endif /* HAVE_COMP_KEY */
+
+#endif /* HAVE_ECC */
+
--- a/wolfcrypt/src/ecc_fp.c Tue Jul 21 11:37:09 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2 +0,0 @@ -/* dummy ecc_fp.c for dist */ -
--- a/wolfcrypt/src/ed25519.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,371 +0,0 @@
-/* ed25519.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-/* in case user set HAVE_ED25519 there */
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_ED25519
-
-#include <wolfssl/wolfcrypt/ed25519.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-/*
- generate an ed25519 key pair.
- returns 0 on success
- */
-int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
-{
- byte az[64];
- int ret;
- ge_p3 A;
-
- if (rng == NULL || key == NULL)
- return BAD_FUNC_ARG;
-
- /* ed25519 has 32 byte key sizes */
- if (keySz != ED25519_KEY_SIZE)
- return BAD_FUNC_ARG;
-
- ret = 0;
- ret |= wc_RNG_GenerateBlock(rng, key->k, 32);
- ret |= wc_Sha512Hash(key->k, 32, az);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- ge_scalarmult_base(&A, az);
- ge_p3_tobytes(key->p, &A);
- XMEMMOVE(key->k + 32, key->p, 32);
-
- return ret;
-}
-
-
-/*
- in contains the message to sign
- inlen is the length of the message to sign
- out is the buffer to write the signature
- outlen [in/out] input size of out buf
- output gets set as the final length of out
- key is the ed25519 key to use when signing
- return 0 on success
- */
-int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
- word32 *outlen, ed25519_key* key)
-{
- ge_p3 R;
- byte nonce[SHA512_DIGEST_SIZE];
- byte hram[SHA512_DIGEST_SIZE];
- byte az[64];
- word32 sigSz;
- Sha512 sha;
- int ret = 0;
-
- /* sanity check on arguments */
- if (in == NULL || out == NULL || outlen == NULL || key == NULL)
- return BAD_FUNC_ARG;
-
- /* check and set up out length */
- ret = 0;
- sigSz = wc_ed25519_sig_size(key);
- if (*outlen < sigSz)
- return BAD_FUNC_ARG;
- *outlen = sigSz;
-
- /* step 1: create nonce to use where nonce is r in
- r = H(h_b, ... ,h_2b-1,M) */
- ret |= wc_Sha512Hash(key->k,32,az);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
- ret |= wc_InitSha512(&sha);
- ret |= wc_Sha512Update(&sha, az + 32, 32);
- ret |= wc_Sha512Update(&sha, in, inlen);
- ret |= wc_Sha512Final(&sha, nonce);
- sc_reduce(nonce);
-
- /* step 2: computing R = rB where rB is the scalar multiplication of
- r and B */
- ge_scalarmult_base(&R,nonce);
- ge_p3_tobytes(out,&R);
-
- /* step 3: hash R + public key + message getting H(R,A,M) then
- creating S = (r + H(R,A,M)a) mod l */
- ret |= wc_InitSha512(&sha);
- ret |= wc_Sha512Update(&sha, out, 32);
- ret |= wc_Sha512Update(&sha, key->p, 32);
- ret |= wc_Sha512Update(&sha, in, inlen);
- ret |= wc_Sha512Final(&sha, hram);
- sc_reduce(hram);
- sc_muladd(out + 32, hram, az, nonce);
-
- return ret;
-}
-
-
-/*
- sig is array of bytes containing the signature
- siglen is the length of sig byte array
- msg the array of bytes containing the message
- msglen length of msg array
- stat will be 1 on successful verify and 0 on unsuccessful
-*/
-int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
- word32 msglen, int* stat, ed25519_key* key)
-{
- byte rcheck[32];
- byte h[SHA512_DIGEST_SIZE];
- ge_p3 A;
- ge_p2 R;
- word32 sigSz;
- int ret;
- Sha512 sha;
-
- /* sanity check on arguments */
- if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
- return BAD_FUNC_ARG;
-
- ret = 0;
- *stat = 0;
- sigSz = wc_ed25519_size(key);
-
- /* check on basics needed to verify signature */
- if (siglen < sigSz)
- return BAD_FUNC_ARG;
- if (sig[63] & 224)
- return BAD_FUNC_ARG;
-
- /* uncompress A (public key), test if valid, and negate it */
- if (ge_frombytes_negate_vartime(&A, key->p) != 0)
- return BAD_FUNC_ARG;
-
- /* find H(R,A,M) and store it as h */
- ret |= wc_InitSha512(&sha);
- ret |= wc_Sha512Update(&sha, sig, 32);
- ret |= wc_Sha512Update(&sha, key->p, 32);
- ret |= wc_Sha512Update(&sha, msg, msglen);
- ret |= wc_Sha512Final(&sha, h);
- sc_reduce(h);
-
- /*
- Uses a fast single-signature verification SB = R + H(R,A,M)A becomes
- SB - H(R,A,M)A saving decompression of R
- */
- ret |= ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
- ge_tobytes(rcheck, &R);
-
- /* comparison of R created to R in sig */
- ret |= ConstantCompare(rcheck, sig, 32);
-
- *stat = (ret == 0)? 1: 0;
-
- return ret;
-}
-
-
-/* initialize information and memory for key */
-int wc_ed25519_init(ed25519_key* key)
-{
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- XMEMSET(key, 0, sizeof(ed25519_key));
-
- return 0;
-}
-
-
-/* clear memory of key */
-void wc_ed25519_free(ed25519_key* key)
-{
- if (key == NULL)
- return;
-
- ForceZero(key, sizeof(ed25519_key));
-}
-
-
-/*
- outLen should contain the size of out buffer when input. outLen is than set
- to the final output length.
- returns 0 on success
- */
-int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen)
-{
- word32 keySz;
-
- /* sanity check on arguments */
- if (key == NULL || out == NULL || outLen == NULL)
- return BAD_FUNC_ARG;
-
- keySz = wc_ed25519_size(key);
- if (*outLen < keySz) {
- *outLen = keySz;
- return BUFFER_E;
- }
- *outLen = keySz;
- XMEMCPY(out, key->p, keySz);
-
- return 0;
-}
-
-
-/*
- Imports a compressed/uncompressed public key.
- in the byte array containing the public key
- inLen the length of the byte array being passed in
- key ed25519 key struct to put the public key in
- */
-int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
-{
- word32 keySz;
- int ret;
-
- /* sanity check on arguments */
- if (in == NULL || key == NULL)
- return BAD_FUNC_ARG;
-
- keySz = wc_ed25519_size(key);
-
- if (inLen < keySz)
- return BAD_FUNC_ARG;
-
- /* compressed prefix according to draft
- http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-02.txt */
- if (in[0] == 0x40) {
- /* key is stored in compressed format so just copy in */
- XMEMCPY(key->p, (in + 1), keySz);
- return 0;
- }
-
- /* importing uncompressed public key */
- if (in[0] == 0x04) {
- /* pass in (x,y) and store compressed key */
- ret = ge_compress_key(key->p, (in+1), (in+1+keySz), keySz);
- return ret;
- }
-
- /* if not specified compressed or uncompressed check key size
- if key size is equal to compressed key size copy in key */
- if (inLen == keySz) {
- XMEMCPY(key->p, in, keySz);
- return 0;
- }
-
- /* bad public key format */
- return BAD_FUNC_ARG;
-}
-
-
-/*
- For importing a private key and its associated public key.
- */
-int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
- const byte* pub, word32 pubSz, ed25519_key* key)
-{
- word32 keySz;
- int ret;
-
- /* sanity check on arguments */
- if (priv == NULL || pub == NULL || key == NULL)
- return BAD_FUNC_ARG;
-
- keySz = wc_ed25519_size(key);
-
- /* key size check */
- if (privSz < keySz || pubSz < keySz)
- return BAD_FUNC_ARG;
-
- XMEMCPY(key->k, priv, keySz);
- ret = wc_ed25519_import_public(pub, pubSz, key);
- XMEMCPY((key->k + keySz), key->p, keySz);
-
- return ret;
-}
-
-
-/*
- outLen should contain the size of out buffer when input. outLen is than set
- to the final output length.
- returns 0 on success
- */
-int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen)
-{
- word32 keySz;
-
- /* sanity checks on arguments */
- if (key == NULL || out == NULL || outLen == NULL)
- return BAD_FUNC_ARG;
-
- keySz = wc_ed25519_size(key);
- if (*outLen < keySz) {
- *outLen = keySz;
- return BUFFER_E;
- }
- *outLen = keySz;
- XMEMCPY(out, key->k, keySz);
-
- return 0;
-}
-
-
-/* is the compressed key size in bytes */
-int wc_ed25519_size(ed25519_key* key)
-{
- word32 keySz;
-
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- keySz = ED25519_KEY_SIZE;
-
- return keySz;
-}
-
-
-/* returns the size of signature in bytes */
-int wc_ed25519_sig_size(ed25519_key* key)
-{
- word32 sigSz;
-
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- sigSz = ED25519_SIG_SIZE;
-
- return sigSz;
-}
-
-#endif /* HAVE_ED25519 */
-
-
--- a/wolfcrypt/src/error.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,344 +0,0 @@
-/* error.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
- #pragma warning(disable: 4996)
-#endif
-
-const char* wc_GetErrorString(int error)
-{
-#ifdef NO_ERROR_STRINGS
-
- (void)error;
- return "no support for error strings built in";
-
-#else
-
- switch (error) {
-
- case OPEN_RAN_E :
- return "opening random device error";
-
- case READ_RAN_E :
- return "reading random device error";
-
- case WINCRYPT_E :
- return "windows crypt init error";
-
- case CRYPTGEN_E :
- return "windows crypt generation error";
-
- case RAN_BLOCK_E :
- return "random device read would block error";
-
- case BAD_MUTEX_E :
- return "Bad mutex, operation failed";
-
- case MP_INIT_E :
- return "mp_init error state";
-
- case MP_READ_E :
- return "mp_read error state";
-
- case MP_EXPTMOD_E :
- return "mp_exptmod error state";
-
- case MP_TO_E :
- return "mp_to_xxx error state, can't convert";
-
- case MP_SUB_E :
- return "mp_sub error state, can't subtract";
-
- case MP_ADD_E :
- return "mp_add error state, can't add";
-
- case MP_MUL_E :
- return "mp_mul error state, can't multiply";
-
- case MP_MULMOD_E :
- return "mp_mulmod error state, can't multiply mod";
-
- case MP_MOD_E :
- return "mp_mod error state, can't mod";
-
- case MP_INVMOD_E :
- return "mp_invmod error state, can't inv mod";
-
- case MP_CMP_E :
- return "mp_cmp error state";
-
- case MP_ZERO_E :
- return "mp zero result, not expected";
-
- case MEMORY_E :
- return "out of memory error";
-
- case RSA_WRONG_TYPE_E :
- return "RSA wrong block type for RSA function";
-
- case RSA_BUFFER_E :
- return "RSA buffer error, output too small or input too big";
-
- case BUFFER_E :
- return "Buffer error, output too small or input too big";
-
- case ALGO_ID_E :
- return "Setting Cert AlogID error";
-
- case PUBLIC_KEY_E :
- return "Setting Cert Public Key error";
-
- case DATE_E :
- return "Setting Cert Date validity error";
-
- case SUBJECT_E :
- return "Setting Cert Subject name error";
-
- case ISSUER_E :
- return "Setting Cert Issuer name error";
-
- case CA_TRUE_E :
- return "Setting basic constraint CA true error";
-
- case EXTENSIONS_E :
- return "Setting extensions error";
-
- case ASN_PARSE_E :
- return "ASN parsing error, invalid input";
-
- case ASN_VERSION_E :
- return "ASN version error, invalid number";
-
- case ASN_GETINT_E :
- return "ASN get big int error, invalid data";
-
- case ASN_RSA_KEY_E :
- return "ASN key init error, invalid input";
-
- case ASN_OBJECT_ID_E :
- return "ASN object id error, invalid id";
-
- case ASN_TAG_NULL_E :
- return "ASN tag error, not null";
-
- case ASN_EXPECT_0_E :
- return "ASN expect error, not zero";
-
- case ASN_BITSTR_E :
- return "ASN bit string error, wrong id";
-
- case ASN_UNKNOWN_OID_E :
- return "ASN oid error, unknown sum id";
-
- case ASN_DATE_SZ_E :
- return "ASN date error, bad size";
-
- case ASN_BEFORE_DATE_E :
- return "ASN date error, current date before";
-
- case ASN_AFTER_DATE_E :
- return "ASN date error, current date after";
-
- case ASN_SIG_OID_E :
- return "ASN signature error, mismatched oid";
-
- case ASN_TIME_E :
- return "ASN time error, unkown time type";
-
- case ASN_INPUT_E :
- return "ASN input error, not enough data";
-
- case ASN_SIG_CONFIRM_E :
- return "ASN sig error, confirm failure";
-
- case ASN_SIG_HASH_E :
- return "ASN sig error, unsupported hash type";
-
- case ASN_SIG_KEY_E :
- return "ASN sig error, unsupported key type";
-
- case ASN_DH_KEY_E :
- return "ASN key init error, invalid input";
-
- case ASN_NTRU_KEY_E :
- return "ASN NTRU key decode error, invalid input";
-
- case ASN_CRIT_EXT_E:
- return "X.509 Critical extension ignored";
-
- case ECC_BAD_ARG_E :
- return "ECC input argument wrong type, invalid input";
-
- case ASN_ECC_KEY_E :
- return "ECC ASN1 bad key data, invalid input";
-
- case ECC_CURVE_OID_E :
- return "ECC curve sum OID unsupported, invalid input";
-
- case BAD_FUNC_ARG :
- return "Bad function argument";
-
- case NOT_COMPILED_IN :
- return "Feature not compiled in";
-
- case UNICODE_SIZE_E :
- return "Unicode password too big";
-
- case NO_PASSWORD :
- return "No password provided by user";
-
- case ALT_NAME_E :
- return "Alt Name problem, too big";
-
- case AES_GCM_AUTH_E:
- return "AES-GCM Authentication check fail";
-
- case AES_CCM_AUTH_E:
- return "AES-CCM Authentication check fail";
-
- case CAVIUM_INIT_E:
- return "Cavium Init type error";
-
- case COMPRESS_INIT_E:
- return "Compress Init error";
-
- case COMPRESS_E:
- return "Compress error";
-
- case DECOMPRESS_INIT_E:
- return "DeCompress Init error";
-
- case DECOMPRESS_E:
- return "DeCompress error";
-
- case BAD_ALIGN_E:
- return "Bad alignment error, no alloc help";
-
- case ASN_NO_SIGNER_E :
- return "ASN no signer error to confirm failure";
-
- case ASN_CRL_CONFIRM_E :
- return "ASN CRL sig error, confirm failure";
-
- case ASN_CRL_NO_SIGNER_E :
- return "ASN CRL no signer error to confirm failure";
-
- case ASN_OCSP_CONFIRM_E :
- return "ASN OCSP sig error, confirm failure";
-
- case BAD_ENC_STATE_E:
- return "Bad ecc encrypt state operation";
-
- case BAD_PADDING_E:
- return "Bad padding, message wrong length";
-
- case REQ_ATTRIBUTE_E:
- return "Setting cert request attributes error";
-
- case PKCS7_OID_E:
- return "PKCS#7 error: mismatched OID value";
-
- case PKCS7_RECIP_E:
- return "PKCS#7 error: no matching recipient found";
-
- case FIPS_NOT_ALLOWED_E:
- return "FIPS mode not allowed error";
-
- case ASN_NAME_INVALID_E:
- return "Name Constraint error";
-
- case RNG_FAILURE_E:
- return "Random Number Generator failed";
-
- case HMAC_MIN_KEYLEN_E:
- return "FIPS Mode HMAC Minimum Key Length error";
-
- case RSA_PAD_E:
- return "Rsa Padding error";
-
- case LENGTH_ONLY_E:
- return "Output length only set, not for other use error";
-
- case IN_CORE_FIPS_E:
- return "In Core Integrity check FIPS error";
-
- case AES_KAT_FIPS_E:
- return "AES Known Answer Test check FIPS error";
-
- case DES3_KAT_FIPS_E:
- return "DES3 Known Answer Test check FIPS error";
-
- case HMAC_KAT_FIPS_E:
- return "HMAC Known Answer Test check FIPS error";
-
- case RSA_KAT_FIPS_E:
- return "RSA Known Answer Test check FIPS error";
-
- case DRBG_KAT_FIPS_E:
- return "DRBG Known Answer Test check FIPS error";
-
- case DRBG_CONT_FIPS_E:
- return "DRBG Continuous Test FIPS error";
-
- case AESGCM_KAT_FIPS_E:
- return "AESGCM Known Answer Test check FIPS error";
-
- case THREAD_STORE_KEY_E:
- return "Thread Storage Key Create error";
-
- case THREAD_STORE_SET_E:
- return "Thread Storage Set error";
-
- case MAC_CMP_FAILED_E:
- return "MAC comparison failed";
-
- case IS_POINT_E:
- return "ECC is point on curve failed";
-
- case ECC_INF_E:
- return " ECC point at infinity error";
-
- case ECC_PRIV_KEY_E:
- return " ECC private key is not valid error";
-
- default:
- return "unknown error number";
-
- }
-
-#endif /* NO_ERROR_STRINGS */
-
-}
-
-void wc_ErrorString(int error, char* buffer)
-{
- XSTRNCPY(buffer, wc_GetErrorString(error), WOLFSSL_MAX_ERROR_SZ);
-}
-
--- a/wolfcrypt/src/fe_low_mem.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,597 +0,0 @@
-/* fe_low_mem.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* Based from Daniel Beer's public domain word. */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
-
-#include <wolfssl/wolfcrypt/fe_operations.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-void fprime_copy(byte *x, const byte *a)
-{
- int i;
- for (i = 0; i < F25519_SIZE; i++)
- x[i] = a[i];
-}
-
-
-void fe_copy(fe x, const fe a)
-{
- int i;
- for (i = 0; i < F25519_SIZE; i++)
- x[i] = a[i];
-}
-
-
-/* Double an X-coordinate */
-static void xc_double(byte *x3, byte *z3,
- const byte *x1, const byte *z1)
-{
- /* Explicit formulas database: dbl-1987-m
- *
- * source 1987 Montgomery "Speeding the Pollard and elliptic
- * curve methods of factorization", page 261, fourth display
- * compute X3 = (X1^2-Z1^2)^2
- * compute Z3 = 4 X1 Z1 (X1^2 + a X1 Z1 + Z1^2)
- */
- byte x1sq[F25519_SIZE];
- byte z1sq[F25519_SIZE];
- byte x1z1[F25519_SIZE];
- byte a[F25519_SIZE];
-
- fe_mul__distinct(x1sq, x1, x1);
- fe_mul__distinct(z1sq, z1, z1);
- fe_mul__distinct(x1z1, x1, z1);
-
- fe_sub(a, x1sq, z1sq);
- fe_mul__distinct(x3, a, a);
-
- fe_mul_c(a, x1z1, 486662);
- fe_add(a, x1sq, a);
- fe_add(a, z1sq, a);
- fe_mul__distinct(x1sq, x1z1, a);
- fe_mul_c(z3, x1sq, 4);
-}
-
-
-/* Differential addition */
-static void xc_diffadd(byte *x5, byte *z5,
- const byte *x1, const byte *z1,
- const byte *x2, const byte *z2,
- const byte *x3, const byte *z3)
-{
- /* Explicit formulas database: dbl-1987-m3
- *
- * source 1987 Montgomery "Speeding the Pollard and elliptic curve
- * methods of factorization", page 261, fifth display, plus
- * common-subexpression elimination
- * compute A = X2+Z2
- * compute B = X2-Z2
- * compute C = X3+Z3
- * compute D = X3-Z3
- * compute DA = D A
- * compute CB = C B
- * compute X5 = Z1(DA+CB)^2
- * compute Z5 = X1(DA-CB)^2
- */
- byte da[F25519_SIZE];
- byte cb[F25519_SIZE];
- byte a[F25519_SIZE];
- byte b[F25519_SIZE];
-
- fe_add(a, x2, z2);
- fe_sub(b, x3, z3); /* D */
- fe_mul__distinct(da, a, b);
-
- fe_sub(b, x2, z2);
- fe_add(a, x3, z3); /* C */
- fe_mul__distinct(cb, a, b);
-
- fe_add(a, da, cb);
- fe_mul__distinct(b, a, a);
- fe_mul__distinct(x5, z1, b);
-
- fe_sub(a, da, cb);
- fe_mul__distinct(b, a, a);
- fe_mul__distinct(z5, x1, b);
-}
-
-
-int curve25519(byte *result, byte *e, byte *q)
-{
- /* Current point: P_m */
- byte xm[F25519_SIZE];
- byte zm[F25519_SIZE] = {1};
-
- /* Predecessor: P_(m-1) */
- byte xm1[F25519_SIZE] = {1};
- byte zm1[F25519_SIZE] = {0};
-
- int i;
-
- /* Note: bit 254 is assumed to be 1 */
- fe_copy(xm, q);
-
- for (i = 253; i >= 0; i--) {
- const int bit = (e[i >> 3] >> (i & 7)) & 1;
- byte xms[F25519_SIZE];
- byte zms[F25519_SIZE];
-
- /* From P_m and P_(m-1), compute P_(2m) and P_(2m-1) */
- xc_diffadd(xm1, zm1, q, f25519_one, xm, zm, xm1, zm1);
- xc_double(xm, zm, xm, zm);
-
- /* Compute P_(2m+1) */
- xc_diffadd(xms, zms, xm1, zm1, xm, zm, q, f25519_one);
-
- /* Select:
- * bit = 1 --> (P_(2m+1), P_(2m))
- * bit = 0 --> (P_(2m), P_(2m-1))
- */
- fe_select(xm1, xm1, xm, bit);
- fe_select(zm1, zm1, zm, bit);
- fe_select(xm, xm, xms, bit);
- fe_select(zm, zm, zms, bit);
- }
-
- /* Freeze out of projective coordinates */
- fe_inv__distinct(zm1, zm);
- fe_mul__distinct(result, zm1, xm);
- fe_normalize(result);
- return 0;
-}
-
-
-static void raw_add(byte *x, const byte *p)
-{
- word16 c = 0;
- int i;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += ((word16)x[i]) + ((word16)p[i]);
- x[i] = c;
- c >>= 8;
- }
-}
-
-
-static void raw_try_sub(byte *x, const byte *p)
-{
- byte minusp[F25519_SIZE];
- word16 c = 0;
- int i;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c = ((word16)x[i]) - ((word16)p[i]) - c;
- minusp[i] = c;
- c = (c >> 8) & 1;
- }
-
- fprime_select(x, minusp, x, c);
-}
-
-
-static int prime_msb(const byte *p)
-{
- int i;
- byte x;
- int shift = 1;
- int z = F25519_SIZE - 1;
-
- /*
- Test for any hot bits.
- As soon as one instance is incountered set shift to 0.
- */
- for (i = F25519_SIZE - 1; i >= 0; i--) {
- shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
- z -= shift;
- }
- x = p[z];
- z <<= 3;
- shift = 1;
- for (i = 0; i < 8; i++) {
- shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
- z += shift;
- }
-
- return z - 1;
-}
-
-
-void fprime_select(byte *dst, const byte *zero, const byte *one, byte condition)
-{
- const byte mask = -condition;
- int i;
-
- for (i = 0; i < F25519_SIZE; i++)
- dst[i] = zero[i] ^ (mask & (one[i] ^ zero[i]));
-}
-
-
-void fprime_add(byte *r, const byte *a, const byte *modulus)
-{
- raw_add(r, a);
- raw_try_sub(r, modulus);
-}
-
-
-void fprime_sub(byte *r, const byte *a, const byte *modulus)
-{
- raw_add(r, modulus);
- raw_try_sub(r, a);
- raw_try_sub(r, modulus);
-}
-
-
-void fprime_mul(byte *r, const byte *a, const byte *b,
- const byte *modulus)
-{
- word16 c = 0;
- int i,j;
-
- XMEMSET(r, 0, F25519_SIZE);
-
- for (i = prime_msb(modulus); i >= 0; i--) {
- const byte bit = (b[i >> 3] >> (i & 7)) & 1;
- byte plusa[F25519_SIZE];
-
- for (j = 0; j < F25519_SIZE; j++) {
- c |= ((word16)r[j]) << 1;
- r[j] = c;
- c >>= 8;
- }
- raw_try_sub(r, modulus);
-
- fprime_copy(plusa, r);
- fprime_add(plusa, a, modulus);
-
- fprime_select(r, r, plusa, bit);
- }
-}
-
-
-void fe_load(byte *x, word32 c)
-{
- word32 i;
-
- for (i = 0; i < sizeof(c); i++) {
- x[i] = c;
- c >>= 8;
- }
-
- for (; i < F25519_SIZE; i++)
- x[i] = 0;
-}
-
-
-void fe_normalize(byte *x)
-{
- byte minusp[F25519_SIZE];
- word16 c;
- int i;
-
- /* Reduce using 2^255 = 19 mod p */
- c = (x[31] >> 7) * 19;
- x[31] &= 127;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += x[i];
- x[i] = c;
- c >>= 8;
- }
-
- /* The number is now less than 2^255 + 18, and therefore less than
- * 2p. Try subtracting p, and conditionally load the subtracted
- * value if underflow did not occur.
- */
- c = 19;
-
- for (i = 0; i + 1 < F25519_SIZE; i++) {
- c += x[i];
- minusp[i] = c;
- c >>= 8;
- }
-
- c += ((word16)x[i]) - 128;
- minusp[31] = c;
-
- /* Load x-p if no underflow */
- fe_select(x, minusp, x, (c >> 15) & 1);
-}
-
-
-void fe_select(byte *dst,
- const byte *zero, const byte *one,
- byte condition)
-{
- const byte mask = -condition;
- int i;
-
- for (i = 0; i < F25519_SIZE; i++)
- dst[i] = zero[i] ^ (mask & (one[i] ^ zero[i]));
-}
-
-
-void fe_add(fe r, const fe a, const fe b)
-{
- word16 c = 0;
- int i;
-
- /* Add */
- for (i = 0; i < F25519_SIZE; i++) {
- c >>= 8;
- c += ((word16)a[i]) + ((word16)b[i]);
- r[i] = c;
- }
-
- /* Reduce with 2^255 = 19 mod p */
- r[31] &= 127;
- c = (c >> 7) * 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
-}
-
-
-void fe_sub(fe r, const fe a, const fe b)
-{
- word32 c = 0;
- int i;
-
- /* Calculate a + 2p - b, to avoid underflow */
- c = 218;
- for (i = 0; i + 1 < F25519_SIZE; i++) {
- c += 65280 + ((word32)a[i]) - ((word32)b[i]);
- r[i] = c;
- c >>= 8;
- }
-
- c += ((word32)a[31]) - ((word32)b[31]);
- r[31] = c & 127;
- c = (c >> 7) * 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
-}
-
-
-void fe_neg(fe r, const fe a)
-{
- word32 c = 0;
- int i;
-
- /* Calculate 2p - a, to avoid underflow */
- c = 218;
- for (i = 0; i + 1 < F25519_SIZE; i++) {
- c += 65280 - ((word32)a[i]);
- r[i] = c;
- c >>= 8;
- }
-
- c -= ((word32)a[31]);
- r[31] = c & 127;
- c = (c >> 7) * 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
-}
-
-
-void fe_mul__distinct(byte *r, const byte *a, const byte *b)
-{
- word32 c = 0;
- int i;
-
- for (i = 0; i < F25519_SIZE; i++) {
- int j;
-
- c >>= 8;
- for (j = 0; j <= i; j++)
- c += ((word32)a[j]) * ((word32)b[i - j]);
-
- for (; j < F25519_SIZE; j++)
- c += ((word32)a[j]) *
- ((word32)b[i + F25519_SIZE - j]) * 38;
-
- r[i] = c;
- }
-
- r[31] &= 127;
- c = (c >> 7) * 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
-}
-
-
-void fe_mul(fe r, const fe a, const fe b)
-{
- byte tmp[F25519_SIZE];
-
- fe_mul__distinct(tmp, a, b);
- fe_copy(r, tmp);
-}
-
-
-void fe_mul_c(byte *r, const byte *a, word32 b)
-{
- word32 c = 0;
- int i;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c >>= 8;
- c += b * ((word32)a[i]);
- r[i] = c;
- }
-
- r[31] &= 127;
- c >>= 7;
- c *= 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
-}
-
-
-void fe_inv__distinct(byte *r, const byte *x)
-{
- byte s[F25519_SIZE];
- int i;
-
- /* This is a prime field, so by Fermat's little theorem:
- *
- * x^(p-1) = 1 mod p
- *
- * Therefore, raise to (p-2) = 2^255-21 to get a multiplicative
- * inverse.
- *
- * This is a 255-bit binary number with the digits:
- *
- * 11111111... 01011
- *
- * We compute the result by the usual binary chain, but
- * alternate between keeping the accumulator in r and s, so as
- * to avoid copying temporaries.
- */
-
- /* 1 1 */
- fe_mul__distinct(s, x, x);
- fe_mul__distinct(r, s, x);
-
- /* 1 x 248 */
- for (i = 0; i < 248; i++) {
- fe_mul__distinct(s, r, r);
- fe_mul__distinct(r, s, x);
- }
-
- /* 0 */
- fe_mul__distinct(s, r, r);
-
- /* 1 */
- fe_mul__distinct(r, s, s);
- fe_mul__distinct(s, r, x);
-
- /* 0 */
- fe_mul__distinct(r, s, s);
-
- /* 1 */
- fe_mul__distinct(s, r, r);
- fe_mul__distinct(r, s, x);
-
- /* 1 */
- fe_mul__distinct(s, r, r);
- fe_mul__distinct(r, s, x);
-}
-
-
-void fe_invert(fe r, const fe x)
-{
- byte tmp[F25519_SIZE];
-
- fe_inv__distinct(tmp, x);
- fe_copy(r, tmp);
-}
-
-
-/* Raise x to the power of (p-5)/8 = 2^252-3, using s for temporary
- * storage.
- */
-static void exp2523(byte *r, const byte *x, byte *s)
-{
- int i;
-
- /* This number is a 252-bit number with the binary expansion:
- *
- * 111111... 01
- */
-
- /* 1 1 */
- fe_mul__distinct(r, x, x);
- fe_mul__distinct(s, r, x);
-
- /* 1 x 248 */
- for (i = 0; i < 248; i++) {
- fe_mul__distinct(r, s, s);
- fe_mul__distinct(s, r, x);
- }
-
- /* 0 */
- fe_mul__distinct(r, s, s);
-
- /* 1 */
- fe_mul__distinct(s, r, r);
- fe_mul__distinct(r, s, x);
-}
-
-
-void fe_sqrt(byte *r, const byte *a)
-{
- byte v[F25519_SIZE];
- byte i[F25519_SIZE];
- byte x[F25519_SIZE];
- byte y[F25519_SIZE];
-
- /* v = (2a)^((p-5)/8) [x = 2a] */
- fe_mul_c(x, a, 2);
- exp2523(v, x, y);
-
- /* i = 2av^2 - 1 */
- fe_mul__distinct(y, v, v);
- fe_mul__distinct(i, x, y);
- fe_load(y, 1);
- fe_sub(i, i, y);
-
- /* r = avi */
- fe_mul__distinct(x, v, a);
- fe_mul__distinct(r, x, i);
-}
-
-#endif /* HAVE_CURVE25519 or HAVE_ED25519 */
-
-
--- a/wolfcrypt/src/fe_operations.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1398 +0,0 @@
-/* fe_operations.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
-
-#include <wolfssl/wolfcrypt/fe_operations.h>
-#include <stdint.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-/*
-fe means field element.
-Here the field is \Z/(2^255-19).
-An element t, entries t[0]...t[9], represents the integer
-t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
-Bounds on each t[i] vary depending on context.
-*/
-
-uint64_t load_3(const unsigned char *in)
-{
- uint64_t result;
- result = (uint64_t) in[0];
- result |= ((uint64_t) in[1]) << 8;
- result |= ((uint64_t) in[2]) << 16;
- return result;
-}
-
-
-uint64_t load_4(const unsigned char *in)
-{
- uint64_t result;
- result = (uint64_t) in[0];
- result |= ((uint64_t) in[1]) << 8;
- result |= ((uint64_t) in[2]) << 16;
- result |= ((uint64_t) in[3]) << 24;
- return result;
-}
-
-
-/*
-h = 1
-*/
-
-void fe_1(fe h)
-{
- h[0] = 1;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
-
-
-/*
-h = 0
-*/
-
-void fe_0(fe h)
-{
- h[0] = 0;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
-
-
-int curve25519(byte* q, byte* n, byte* p)
-{
- unsigned char e[32];
- unsigned int i;
- fe x1;
- fe x2;
- fe z2;
- fe x3;
- fe z3;
- fe tmp0;
- fe tmp1;
- int pos;
- unsigned int swap;
- unsigned int b;
-
- for (i = 0;i < 32;++i) e[i] = n[i];
- e[0] &= 248;
- e[31] &= 127;
- e[31] |= 64;
-
- fe_frombytes(x1,p);
- fe_1(x2);
- fe_0(z2);
- fe_copy(x3,x1);
- fe_1(z3);
-
- swap = 0;
- for (pos = 254;pos >= 0;--pos) {
- b = e[pos / 8] >> (pos & 7);
- b &= 1;
- swap ^= b;
- fe_cswap(x2,x3,swap);
- fe_cswap(z2,z3,swap);
- swap = b;
-
- /* montgomery */
- fe_sub(tmp0,x3,z3);
- fe_sub(tmp1,x2,z2);
- fe_add(x2,x2,z2);
- fe_add(z2,x3,z3);
- fe_mul(z3,tmp0,x2);
- fe_mul(z2,z2,tmp1);
- fe_sq(tmp0,tmp1);
- fe_sq(tmp1,x2);
- fe_add(x3,z3,z2);
- fe_sub(z2,z3,z2);
- fe_mul(x2,tmp1,tmp0);
- fe_sub(tmp1,tmp1,tmp0);
- fe_sq(z2,z2);
- fe_mul121666(z3,tmp1);
- fe_sq(x3,x3);
- fe_add(tmp0,tmp0,z3);
- fe_mul(z3,x1,z2);
- fe_mul(z2,tmp1,tmp0);
- }
- fe_cswap(x2,x3,swap);
- fe_cswap(z2,z3,swap);
-
- fe_invert(z2,z2);
- fe_mul(x2,x2,z2);
- fe_tobytes(q,x2);
-
- return 0;
-}
-
-
-/*
-h = f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
- int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = (int32_t)h0;
- h[1] = (int32_t)h1;
- h[2] = (int32_t)h2;
- h[3] = (int32_t)h3;
- h[4] = (int32_t)h4;
- h[5] = (int32_t)h5;
- h[6] = (int32_t)h6;
- h[7] = (int32_t)h7;
- h[8] = (int32_t)h8;
- h[9] = (int32_t)h9;
-}
-
-
-/*
-h = f + g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_add(fe h,const fe f,const fe g)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t h0 = f0 + g0;
- int32_t h1 = f1 + g1;
- int32_t h2 = f2 + g2;
- int32_t h3 = f3 + g3;
- int32_t h4 = f4 + g4;
- int32_t h5 = f5 + g5;
- int32_t h6 = f6 + g6;
- int32_t h7 = f7 + g7;
- int32_t h8 = f8 + g8;
- int32_t h9 = f9 + g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-
-/*
-Preconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-
-Write p=2^255-19; q=floor(h/p).
-Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-
-Proof:
- Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
- Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
-
- Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
- Then 0<y<1.
-
- Write r=h-pq.
- Have 0<=r<=p-1=2^255-20.
- Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-
- Write x=r+19(2^-255)r+y.
- Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-
- Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
- so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-*/
-
-void fe_tobytes(unsigned char *s,const fe h)
-{
- int32_t h0 = h[0];
- int32_t h1 = h[1];
- int32_t h2 = h[2];
- int32_t h3 = h[3];
- int32_t h4 = h[4];
- int32_t h5 = h[5];
- int32_t h6 = h[6];
- int32_t h7 = h[7];
- int32_t h8 = h[8];
- int32_t h9 = h[9];
- int32_t q;
- int32_t carry0;
- int32_t carry1;
- int32_t carry2;
- int32_t carry3;
- int32_t carry4;
- int32_t carry5;
- int32_t carry6;
- int32_t carry7;
- int32_t carry8;
- int32_t carry9;
-
- q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
- q = (h0 + q) >> 26;
- q = (h1 + q) >> 25;
- q = (h2 + q) >> 26;
- q = (h3 + q) >> 25;
- q = (h4 + q) >> 26;
- q = (h5 + q) >> 25;
- q = (h6 + q) >> 26;
- q = (h7 + q) >> 25;
- q = (h8 + q) >> 26;
- q = (h9 + q) >> 25;
-
- /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
- h0 += 19 * q;
- /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-
- carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
- carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
- carry9 = h9 >> 25; h9 -= carry9 << 25;
- /* h10 = carry9 */
-
- /*
- Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
- Have h0+...+2^230 h9 between 0 and 2^255-1;
- evidently 2^255 h10-2^255 q = 0.
- Goal: Output h0+...+2^230 h9.
- */
-
- s[0] = h0 >> 0;
- s[1] = h0 >> 8;
- s[2] = h0 >> 16;
- s[3] = (h0 >> 24) | (h1 << 2);
- s[4] = h1 >> 6;
- s[5] = h1 >> 14;
- s[6] = (h1 >> 22) | (h2 << 3);
- s[7] = h2 >> 5;
- s[8] = h2 >> 13;
- s[9] = (h2 >> 21) | (h3 << 5);
- s[10] = h3 >> 3;
- s[11] = h3 >> 11;
- s[12] = (h3 >> 19) | (h4 << 6);
- s[13] = h4 >> 2;
- s[14] = h4 >> 10;
- s[15] = h4 >> 18;
- s[16] = h5 >> 0;
- s[17] = h5 >> 8;
- s[18] = h5 >> 16;
- s[19] = (h5 >> 24) | (h6 << 1);
- s[20] = h6 >> 7;
- s[21] = h6 >> 15;
- s[22] = (h6 >> 23) | (h7 << 3);
- s[23] = h7 >> 5;
- s[24] = h7 >> 13;
- s[25] = (h7 >> 21) | (h8 << 4);
- s[26] = h8 >> 4;
- s[27] = h8 >> 12;
- s[28] = (h8 >> 20) | (h9 << 6);
- s[29] = h9 >> 2;
- s[30] = h9 >> 10;
- s[31] = h9 >> 18;
-}
-
-
-/*
-h = f - g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_sub(fe h,const fe f,const fe g)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t h0 = f0 - g0;
- int32_t h1 = f1 - g1;
- int32_t h2 = f2 - g2;
- int32_t h3 = f3 - g3;
- int32_t h4 = f4 - g4;
- int32_t h5 = f5 - g5;
- int32_t h6 = f6 - g6;
- int32_t h7 = f7 - g7;
- int32_t h8 = f8 - g8;
- int32_t h9 = f9 - g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-
-/*
-Ignores top bit of h.
-*/
-
-void fe_frombytes(fe h,const unsigned char *s)
-{
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = (load_3(s + 29) & 8388607) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h[0] = (int32_t)h0;
- h[1] = (int32_t)h1;
- h[2] = (int32_t)h2;
- h[3] = (int32_t)h3;
- h[4] = (int32_t)h4;
- h[5] = (int32_t)h5;
- h[6] = (int32_t)h6;
- h[7] = (int32_t)h7;
- h[8] = (int32_t)h8;
- h[9] = (int32_t)h9;
-}
-
-
-void fe_invert(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- fe t3;
- int i;
-
- /* pow225521 */
- fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
- fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
- fe_mul(t1,z,t1);
- fe_mul(t0,t0,t1);
- fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
- fe_mul(t1,t1,t2);
- fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
- fe_mul(t1,t2,t1);
- fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
- fe_mul(t2,t2,t1);
- fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
- fe_mul(t2,t3,t2);
- fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
- fe_mul(t1,t2,t1);
- fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
- fe_mul(t2,t2,t1);
- fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
- fe_mul(t2,t3,t2);
- fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
- fe_mul(t1,t2,t1);
- fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
- fe_mul(out,t1,t0);
-
- return;
-}
-
-
-/*
-h = f
-*/
-
-void fe_copy(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- h[0] = f0;
- h[1] = f1;
- h[2] = f2;
- h[3] = f3;
- h[4] = f4;
- h[5] = f5;
- h[6] = f6;
- h[7] = f7;
- h[8] = f8;
- h[9] = f9;
-}
-
-
-/*
-h = f * g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-Notes on implementation strategy:
-
-Using schoolbook multiplication.
-Karatsuba would save a little in some cost models.
-
-Most multiplications by 2 and 19 are 32-bit precomputations;
-cheaper than 64-bit postcomputations.
-
-There is one remaining multiplication by 19 in the carry chain;
-one *19 precomputation can be merged into this,
-but the resulting data flow is considerably less clean.
-
-There are 12 carries below.
-10 of them are 2-way parallelizable and vectorizable.
-Can get away with 11 carries, but then data flow is much deeper.
-
-With tighter constraints on inputs can squeeze carries into int32.
-*/
-
-void fe_mul(fe h,const fe f,const fe g)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
- int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
- int32_t g3_19 = 19 * g3;
- int32_t g4_19 = 19 * g4;
- int32_t g5_19 = 19 * g5;
- int32_t g6_19 = 19 * g6;
- int32_t g7_19 = 19 * g7;
- int32_t g8_19 = 19 * g8;
- int32_t g9_19 = 19 * g9;
- int32_t f1_2 = 2 * f1;
- int32_t f3_2 = 2 * f3;
- int32_t f5_2 = 2 * f5;
- int32_t f7_2 = 2 * f7;
- int32_t f9_2 = 2 * f9;
- int64_t f0g0 = f0 * (int64_t) g0;
- int64_t f0g1 = f0 * (int64_t) g1;
- int64_t f0g2 = f0 * (int64_t) g2;
- int64_t f0g3 = f0 * (int64_t) g3;
- int64_t f0g4 = f0 * (int64_t) g4;
- int64_t f0g5 = f0 * (int64_t) g5;
- int64_t f0g6 = f0 * (int64_t) g6;
- int64_t f0g7 = f0 * (int64_t) g7;
- int64_t f0g8 = f0 * (int64_t) g8;
- int64_t f0g9 = f0 * (int64_t) g9;
- int64_t f1g0 = f1 * (int64_t) g0;
- int64_t f1g1_2 = f1_2 * (int64_t) g1;
- int64_t f1g2 = f1 * (int64_t) g2;
- int64_t f1g3_2 = f1_2 * (int64_t) g3;
- int64_t f1g4 = f1 * (int64_t) g4;
- int64_t f1g5_2 = f1_2 * (int64_t) g5;
- int64_t f1g6 = f1 * (int64_t) g6;
- int64_t f1g7_2 = f1_2 * (int64_t) g7;
- int64_t f1g8 = f1 * (int64_t) g8;
- int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
- int64_t f2g0 = f2 * (int64_t) g0;
- int64_t f2g1 = f2 * (int64_t) g1;
- int64_t f2g2 = f2 * (int64_t) g2;
- int64_t f2g3 = f2 * (int64_t) g3;
- int64_t f2g4 = f2 * (int64_t) g4;
- int64_t f2g5 = f2 * (int64_t) g5;
- int64_t f2g6 = f2 * (int64_t) g6;
- int64_t f2g7 = f2 * (int64_t) g7;
- int64_t f2g8_19 = f2 * (int64_t) g8_19;
- int64_t f2g9_19 = f2 * (int64_t) g9_19;
- int64_t f3g0 = f3 * (int64_t) g0;
- int64_t f3g1_2 = f3_2 * (int64_t) g1;
- int64_t f3g2 = f3 * (int64_t) g2;
- int64_t f3g3_2 = f3_2 * (int64_t) g3;
- int64_t f3g4 = f3 * (int64_t) g4;
- int64_t f3g5_2 = f3_2 * (int64_t) g5;
- int64_t f3g6 = f3 * (int64_t) g6;
- int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
- int64_t f3g8_19 = f3 * (int64_t) g8_19;
- int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
- int64_t f4g0 = f4 * (int64_t) g0;
- int64_t f4g1 = f4 * (int64_t) g1;
- int64_t f4g2 = f4 * (int64_t) g2;
- int64_t f4g3 = f4 * (int64_t) g3;
- int64_t f4g4 = f4 * (int64_t) g4;
- int64_t f4g5 = f4 * (int64_t) g5;
- int64_t f4g6_19 = f4 * (int64_t) g6_19;
- int64_t f4g7_19 = f4 * (int64_t) g7_19;
- int64_t f4g8_19 = f4 * (int64_t) g8_19;
- int64_t f4g9_19 = f4 * (int64_t) g9_19;
- int64_t f5g0 = f5 * (int64_t) g0;
- int64_t f5g1_2 = f5_2 * (int64_t) g1;
- int64_t f5g2 = f5 * (int64_t) g2;
- int64_t f5g3_2 = f5_2 * (int64_t) g3;
- int64_t f5g4 = f5 * (int64_t) g4;
- int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
- int64_t f5g6_19 = f5 * (int64_t) g6_19;
- int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
- int64_t f5g8_19 = f5 * (int64_t) g8_19;
- int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
- int64_t f6g0 = f6 * (int64_t) g0;
- int64_t f6g1 = f6 * (int64_t) g1;
- int64_t f6g2 = f6 * (int64_t) g2;
- int64_t f6g3 = f6 * (int64_t) g3;
- int64_t f6g4_19 = f6 * (int64_t) g4_19;
- int64_t f6g5_19 = f6 * (int64_t) g5_19;
- int64_t f6g6_19 = f6 * (int64_t) g6_19;
- int64_t f6g7_19 = f6 * (int64_t) g7_19;
- int64_t f6g8_19 = f6 * (int64_t) g8_19;
- int64_t f6g9_19 = f6 * (int64_t) g9_19;
- int64_t f7g0 = f7 * (int64_t) g0;
- int64_t f7g1_2 = f7_2 * (int64_t) g1;
- int64_t f7g2 = f7 * (int64_t) g2;
- int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
- int64_t f7g4_19 = f7 * (int64_t) g4_19;
- int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
- int64_t f7g6_19 = f7 * (int64_t) g6_19;
- int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
- int64_t f7g8_19 = f7 * (int64_t) g8_19;
- int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
- int64_t f8g0 = f8 * (int64_t) g0;
- int64_t f8g1 = f8 * (int64_t) g1;
- int64_t f8g2_19 = f8 * (int64_t) g2_19;
- int64_t f8g3_19 = f8 * (int64_t) g3_19;
- int64_t f8g4_19 = f8 * (int64_t) g4_19;
- int64_t f8g5_19 = f8 * (int64_t) g5_19;
- int64_t f8g6_19 = f8 * (int64_t) g6_19;
- int64_t f8g7_19 = f8 * (int64_t) g7_19;
- int64_t f8g8_19 = f8 * (int64_t) g8_19;
- int64_t f8g9_19 = f8 * (int64_t) g9_19;
- int64_t f9g0 = f9 * (int64_t) g0;
- int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
- int64_t f9g2_19 = f9 * (int64_t) g2_19;
- int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
- int64_t f9g4_19 = f9 * (int64_t) g4_19;
- int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
- int64_t f9g6_19 = f9 * (int64_t) g6_19;
- int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
- int64_t f9g8_19 = f9 * (int64_t) g8_19;
- int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
- int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
- int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
- int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
- int64_t h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
- int64_t h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
- int64_t h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
- int64_t h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38;
- int64_t h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19;
- int64_t h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38;
- int64_t h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- /*
- |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
- i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
- |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
- i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
- */
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- /* |h0| <= 2^25 */
- /* |h4| <= 2^25 */
- /* |h1| <= 1.71*2^59 */
- /* |h5| <= 1.71*2^59 */
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- /* |h1| <= 2^24; from now on fits into int32 */
- /* |h5| <= 2^24; from now on fits into int32 */
- /* |h2| <= 1.41*2^60 */
- /* |h6| <= 1.41*2^60 */
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- /* |h2| <= 2^25; from now on fits into int32 unchanged */
- /* |h6| <= 2^25; from now on fits into int32 unchanged */
- /* |h3| <= 1.71*2^59 */
- /* |h7| <= 1.71*2^59 */
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
- /* |h3| <= 2^24; from now on fits into int32 unchanged */
- /* |h7| <= 2^24; from now on fits into int32 unchanged */
- /* |h4| <= 1.72*2^34 */
- /* |h8| <= 1.41*2^60 */
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
- /* |h4| <= 2^25; from now on fits into int32 unchanged */
- /* |h8| <= 2^25; from now on fits into int32 unchanged */
- /* |h5| <= 1.01*2^24 */
- /* |h9| <= 1.71*2^59 */
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- /* |h9| <= 2^24; from now on fits into int32 unchanged */
- /* |h0| <= 1.1*2^39 */
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- /* |h0| <= 2^25; from now on fits into int32 unchanged */
- /* |h1| <= 1.01*2^24 */
-
- h[0] = (int32_t)h0;
- h[1] = (int32_t)h1;
- h[2] = (int32_t)h2;
- h[3] = (int32_t)h3;
- h[4] = (int32_t)h4;
- h[5] = (int32_t)h5;
- h[6] = (int32_t)h6;
- h[7] = (int32_t)h7;
- h[8] = (int32_t)h8;
- h[9] = (int32_t)h9;
-}
-
-
-/*
-Replace (f,g) with (g,f) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-void fe_cswap(fe f,fe g,unsigned int b)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t x0 = f0 ^ g0;
- int32_t x1 = f1 ^ g1;
- int32_t x2 = f2 ^ g2;
- int32_t x3 = f3 ^ g3;
- int32_t x4 = f4 ^ g4;
- int32_t x5 = f5 ^ g5;
- int32_t x6 = f6 ^ g6;
- int32_t x7 = f7 ^ g7;
- int32_t x8 = f8 ^ g8;
- int32_t x9 = f9 ^ g9;
- b = -b;
- x0 &= b;
- x1 &= b;
- x2 &= b;
- x3 &= b;
- x4 &= b;
- x5 &= b;
- x6 &= b;
- x7 &= b;
- x8 &= b;
- x9 &= b;
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
- g[0] = g0 ^ x0;
- g[1] = g1 ^ x1;
- g[2] = g2 ^ x2;
- g[3] = g3 ^ x3;
- g[4] = g4 ^ x4;
- g[5] = g5 ^ x5;
- g[6] = g6 ^ x6;
- g[7] = g7 ^ x7;
- g[8] = g8 ^ x8;
- g[9] = g9 ^ x9;
-}
-
-
-/*
-h = f * 121666
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-*/
-
-void fe_mul121666(fe h,fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int64_t h0 = f0 * (int64_t) 121666;
- int64_t h1 = f1 * (int64_t) 121666;
- int64_t h2 = f2 * (int64_t) 121666;
- int64_t h3 = f3 * (int64_t) 121666;
- int64_t h4 = f4 * (int64_t) 121666;
- int64_t h5 = f5 * (int64_t) 121666;
- int64_t h6 = f6 * (int64_t) 121666;
- int64_t h7 = f7 * (int64_t) 121666;
- int64_t h8 = f8 * (int64_t) 121666;
- int64_t h9 = f9 * (int64_t) 121666;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h[0] = (int32_t)h0;
- h[1] = (int32_t)h1;
- h[2] = (int32_t)h2;
- h[3] = (int32_t)h3;
- h[4] = (int32_t)h4;
- h[5] = (int32_t)h5;
- h[6] = (int32_t)h6;
- h[7] = (int32_t)h7;
- h[8] = (int32_t)h8;
- h[9] = (int32_t)h9;
-}
-
-
-/*
-h = 2 * f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq2(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
- int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- h0 += h0;
- h1 += h1;
- h2 += h2;
- h3 += h3;
- h4 += h4;
- h5 += h5;
- h6 += h6;
- h7 += h7;
- h8 += h8;
- h9 += h9;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = (int32_t)h0;
- h[1] = (int32_t)h1;
- h[2] = (int32_t)h2;
- h[3] = (int32_t)h3;
- h[4] = (int32_t)h4;
- h[5] = (int32_t)h5;
- h[6] = (int32_t)h6;
- h[7] = (int32_t)h7;
- h[8] = (int32_t)h8;
- h[9] = (int32_t)h9;
-}
-
-
-void fe_pow22523(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- int i;
-
- fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
- fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
- fe_mul(t1,z,t1);
- fe_mul(t0,t0,t1);
- fe_sq(t0,t0); for (i = 1;i < 1;++i) fe_sq(t0,t0);
- fe_mul(t0,t1,t0);
- fe_sq(t1,t0); for (i = 1;i < 5;++i) fe_sq(t1,t1);
- fe_mul(t0,t1,t0);
- fe_sq(t1,t0); for (i = 1;i < 10;++i) fe_sq(t1,t1);
- fe_mul(t1,t1,t0);
- fe_sq(t2,t1); for (i = 1;i < 20;++i) fe_sq(t2,t2);
- fe_mul(t1,t2,t1);
- fe_sq(t1,t1); for (i = 1;i < 10;++i) fe_sq(t1,t1);
- fe_mul(t0,t1,t0);
- fe_sq(t1,t0); for (i = 1;i < 50;++i) fe_sq(t1,t1);
- fe_mul(t1,t1,t0);
- fe_sq(t2,t1); for (i = 1;i < 100;++i) fe_sq(t2,t2);
- fe_mul(t1,t2,t1);
- fe_sq(t1,t1); for (i = 1;i < 50;++i) fe_sq(t1,t1);
- fe_mul(t0,t1,t0);
- fe_sq(t0,t0); for (i = 1;i < 2;++i) fe_sq(t0,t0);
- fe_mul(out,t0,z);
-
- return;
-}
-
-
-/*
-h = -f
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-*/
-
-void fe_neg(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t h0 = -f0;
- int32_t h1 = -f1;
- int32_t h2 = -f2;
- int32_t h3 = -f3;
- int32_t h4 = -f4;
- int32_t h5 = -f5;
- int32_t h6 = -f6;
- int32_t h7 = -f7;
- int32_t h8 = -f8;
- int32_t h9 = -f9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-
-/*
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-static const unsigned char zero[32];
-
-int fe_isnonzero(const fe f)
-{
- unsigned char s[32];
- fe_tobytes(s,f);
- return ConstantCompare(s,zero,32);
-}
-
-
-/*
-return 1 if f is in {1,3,5,...,q-2}
-return 0 if f is in {0,2,4,...,q-1}
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-int fe_isnegative(const fe f)
-{
- unsigned char s[32];
- fe_tobytes(s,f);
- return s[0] & 1;
-}
-
-
-/*
-Replace (f,g) with (g,g) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-void fe_cmov(fe f,const fe g,unsigned int b)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t x0 = f0 ^ g0;
- int32_t x1 = f1 ^ g1;
- int32_t x2 = f2 ^ g2;
- int32_t x3 = f3 ^ g3;
- int32_t x4 = f4 ^ g4;
- int32_t x5 = f5 ^ g5;
- int32_t x6 = f6 ^ g6;
- int32_t x7 = f7 ^ g7;
- int32_t x8 = f8 ^ g8;
- int32_t x9 = f9 ^ g9;
- b = -b;
- x0 &= b;
- x1 &= b;
- x2 &= b;
- x3 &= b;
- x4 &= b;
- x5 &= b;
- x6 &= b;
- x7 &= b;
- x8 &= b;
- x9 &= b;
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
-}
-#endif /* HAVE ED25519 or CURVE25519 */
-
-
--- a/wolfcrypt/src/ge_low_mem.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,559 +0,0 @@
-/* ge_low_mem.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Based from Daniel Beer's public domain work. */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_ED25519
-
-#include <wolfssl/wolfcrypt/ge_operations.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-void ed25519_smult(ge_p3 *r, const ge_p3 *a, const byte *e);
-void ed25519_add(ge_p3 *r, const ge_p3 *a, const ge_p3 *b);
-void ed25519_double(ge_p3 *r, const ge_p3 *a);
-
-
-static const byte ed25519_order[F25519_SIZE] = {
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
-};
-
-/*Arithmetic modulo the group order m = 2^252 +
- 27742317777372353535851937790883648493 =
- 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
-
-static const word32 m[32] = {
- 0xED,0xD3,0xF5,0x5C,0x1A,0x63,0x12,0x58,0xD6,0x9C,0xF7,0xA2,0xDE,0xF9,
- 0xDE,0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x10
-};
-
-static const word32 mu[33] = {
- 0x1B,0x13,0x2C,0x0A,0xA3,0xE5,0x9C,0xED,0xA7,0x29,0x63,0x08,0x5D,0x21,
- 0x06,0x21,0xEB,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0x0F
-};
-
-
-int ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
- word32 keySz)
-{
- byte tmp[F25519_SIZE];
- byte parity;
- int i;
-
- fe_copy(tmp, xIn);
- parity = (tmp[0] & 1) << 7;
-
- byte pt[32];
- fe_copy(pt, yIn);
- pt[31] |= parity;
-
- for(i = 0; i < 32; i++) {
- out[32-i-1] = pt[i];
- }
- (void)keySz;
- return 0;
-}
-
-
-static word32 lt(word32 a,word32 b) /* 16-bit inputs */
-{
- unsigned int x = a;
- x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */
- x >>= 31; /* 0: no; 1: yes */
- return x;
-}
-
-
-/* Reduce coefficients of r before calling reduce_add_sub */
-static void reduce_add_sub(word32 *r)
-{
- word32 pb = 0;
- word32 b;
- word32 mask;
- int i;
- unsigned char t[32];
-
- for(i=0;i<32;i++)
- {
- pb += m[i];
- b = lt(r[i],pb);
- t[i] = r[i]-pb+(b<<8);
- pb = b;
- }
- mask = b - 1;
- for(i=0;i<32;i++)
- r[i] ^= mask & (r[i] ^ t[i]);
-}
-
-
-/* Reduce coefficients of x before calling barrett_reduce */
-static void barrett_reduce(word32* r, word32 x[64])
-{
- /* See HAC, Alg. 14.42 */
- int i,j;
- word32 q2[66];
- word32 *q3 = q2 + 33;
- word32 r1[33];
- word32 r2[33];
- word32 carry;
- word32 pb = 0;
- word32 b;
-
- for (i = 0;i < 66;++i) q2[i] = 0;
- for (i = 0;i < 33;++i) r2[i] = 0;
-
- for(i=0;i<33;i++)
- for(j=0;j<33;j++)
- if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
- carry = q2[31] >> 8;
- q2[32] += carry;
- carry = q2[32] >> 8;
- q2[33] += carry;
-
- for(i=0;i<33;i++)r1[i] = x[i];
- for(i=0;i<32;i++)
- for(j=0;j<33;j++)
- if(i+j < 33) r2[i+j] += m[i]*q3[j];
-
- for(i=0;i<32;i++)
- {
- carry = r2[i] >> 8;
- r2[i+1] += carry;
- r2[i] &= 0xff;
- }
-
- for(i=0;i<32;i++)
- {
- pb += r2[i];
- b = lt(r1[i],pb);
- r[i] = r1[i]-pb+(b<<8);
- pb = b;
- }
-
- /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3
- * r is an unsigned type.
- * If so: Handle it here!
- */
-
- reduce_add_sub(r);
- reduce_add_sub(r);
-}
-
-
-void sc_reduce(unsigned char x[64])
-{
- int i;
- word32 t[64];
- word32 r[32];
- for(i=0;i<64;i++) t[i] = x[i];
- barrett_reduce(r, t);
- for(i=0;i<32;i++) x[i] = (r[i] & 0xFF);
-}
-
-
-void sc_muladd(byte* out, const byte* a, const byte* b, const byte* c)
-{
-
- byte s[32];
- byte e[64];
-
- XMEMSET(e, 0, sizeof(e));
- XMEMCPY(e, b, 32);
-
- /* Obtain e */
- sc_reduce(e);
-
- /* Compute s = ze + k */
- fprime_mul(s, a, e, ed25519_order);
- fprime_add(s, c, ed25519_order);
-
- XMEMCPY(out, s, 32);
-}
-
-
-/* Base point is (numbers wrapped):
- *
- * x = 151122213495354007725011514095885315114
- * 54012693041857206046113283949847762202
- * y = 463168356949264781694283940034751631413
- * 07993866256225615783033603165251855960
- *
- * y is derived by transforming the original Montgomery base (u=9). x
- * is the corresponding positive coordinate for the new curve equation.
- * t is x*y.
- */
-const ge_p3 ed25519_base = {
- .X = {
- 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9,
- 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69,
- 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
- 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
- },
- .Y = {
- 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
- 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
- 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
- 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
- },
- .T = {
- 0xa3, 0xdd, 0xb7, 0xa5, 0xb3, 0x8a, 0xde, 0x6d,
- 0xf5, 0x52, 0x51, 0x77, 0x80, 0x9f, 0xf0, 0x20,
- 0x7d, 0xe3, 0xab, 0x64, 0x8e, 0x4e, 0xea, 0x66,
- 0x65, 0x76, 0x8b, 0xd7, 0x0f, 0x5f, 0x87, 0x67
- },
- .Z = {1, 0}
-};
-
-
-const ge_p3 ed25519_neutral = {
- .X = {0},
- .Y = {1, 0},
- .T = {0},
- .Z = {1, 0}
-};
-
-
-static const byte ed25519_d[F25519_SIZE] = {
- 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
- 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
- 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
- 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
-};
-
-
-/* k = 2d */
-static const byte ed25519_k[F25519_SIZE] = {
- 0x59, 0xf1, 0xb2, 0x26, 0x94, 0x9b, 0xd6, 0xeb,
- 0x56, 0xb1, 0x83, 0x82, 0x9a, 0x14, 0xe0, 0x00,
- 0x30, 0xd1, 0xf3, 0xee, 0xf2, 0x80, 0x8e, 0x19,
- 0xe7, 0xfc, 0xdf, 0x56, 0xdc, 0xd9, 0x06, 0x24
-};
-
-
-void ed25519_add(ge_p3 *r,
- const ge_p3 *p1, const ge_p3 *p2)
-{
- /* Explicit formulas database: add-2008-hwcd-3
- *
- * source 2008 Hisil--Wong--Carter--Dawson,
- * http://eprint.iacr.org/2008/522, Section 3.1
- * appliesto extended-1
- * parameter k
- * assume k = 2 d
- * compute A = (Y1-X1)(Y2-X2)
- * compute B = (Y1+X1)(Y2+X2)
- * compute C = T1 k T2
- * compute D = Z1 2 Z2
- * compute E = B - A
- * compute F = D - C
- * compute G = D + C
- * compute H = B + A
- * compute X3 = E F
- * compute Y3 = G H
- * compute T3 = E H
- * compute Z3 = F G
- */
- byte a[F25519_SIZE];
- byte b[F25519_SIZE];
- byte c[F25519_SIZE];
- byte d[F25519_SIZE];
- byte e[F25519_SIZE];
- byte f[F25519_SIZE];
- byte g[F25519_SIZE];
- byte h[F25519_SIZE];
-
- /* A = (Y1-X1)(Y2-X2) */
- fe_sub(c, p1->Y, p1->X);
- fe_sub(d, p2->Y, p2->X);
- fe_mul__distinct(a, c, d);
-
- /* B = (Y1+X1)(Y2+X2) */
- fe_add(c, p1->Y, p1->X);
- fe_add(d, p2->Y, p2->X);
- fe_mul__distinct(b, c, d);
-
- /* C = T1 k T2 */
- fe_mul__distinct(d, p1->T, p2->T);
- fe_mul__distinct(c, d, ed25519_k);
-
- /* D = Z1 2 Z2 */
- fe_mul__distinct(d, p1->Z, p2->Z);
- fe_add(d, d, d);
-
- /* E = B - A */
- fe_sub(e, b, a);
-
- /* F = D - C */
- fe_sub(f, d, c);
-
- /* G = D + C */
- fe_add(g, d, c);
-
- /* H = B + A */
- fe_add(h, b, a);
-
- /* X3 = E F */
- fe_mul__distinct(r->X, e, f);
-
- /* Y3 = G H */
- fe_mul__distinct(r->Y, g, h);
-
- /* T3 = E H */
- fe_mul__distinct(r->T, e, h);
-
- /* Z3 = F G */
- fe_mul__distinct(r->Z, f, g);
-}
-
-
-void ed25519_double(ge_p3 *r, const ge_p3 *p)
-{
- /* Explicit formulas database: dbl-2008-hwcd
- *
- * source 2008 Hisil--Wong--Carter--Dawson,
- * http://eprint.iacr.org/2008/522, Section 3.3
- * compute A = X1^2
- * compute B = Y1^2
- * compute C = 2 Z1^2
- * compute D = a A
- * compute E = (X1+Y1)^2-A-B
- * compute G = D + B
- * compute F = G - C
- * compute H = D - B
- * compute X3 = E F
- * compute Y3 = G H
- * compute T3 = E H
- * compute Z3 = F G
- */
- byte a[F25519_SIZE];
- byte b[F25519_SIZE];
- byte c[F25519_SIZE];
- byte e[F25519_SIZE];
- byte f[F25519_SIZE];
- byte g[F25519_SIZE];
- byte h[F25519_SIZE];
-
- /* A = X1^2 */
- fe_mul__distinct(a, p->X, p->X);
-
- /* B = Y1^2 */
- fe_mul__distinct(b, p->Y, p->Y);
-
- /* C = 2 Z1^2 */
- fe_mul__distinct(c, p->Z, p->Z);
- fe_add(c, c, c);
-
- /* D = a A (alter sign) */
- /* E = (X1+Y1)^2-A-B */
- fe_add(f, p->X, p->Y);
- fe_mul__distinct(e, f, f);
- fe_sub(e, e, a);
- fe_sub(e, e, b);
-
- /* G = D + B */
- fe_sub(g, b, a);
-
- /* F = G - C */
- fe_sub(f, g, c);
-
- /* H = D - B */
- fe_neg(h, b);
- fe_sub(h, h, a);
-
- /* X3 = E F */
- fe_mul__distinct(r->X, e, f);
-
- /* Y3 = G H */
- fe_mul__distinct(r->Y, g, h);
-
- /* T3 = E H */
- fe_mul__distinct(r->T, e, h);
-
- /* Z3 = F G */
- fe_mul__distinct(r->Z, f, g);
-}
-
-
-void ed25519_smult(ge_p3 *r_out, const ge_p3 *p, const byte *e)
-{
- ge_p3 r;
- int i;
-
- XMEMCPY(&r, &ed25519_neutral, sizeof(r));
-
- for (i = 255; i >= 0; i--) {
- const byte bit = (e[i >> 3] >> (i & 7)) & 1;
- ge_p3 s;
-
- ed25519_double(&r, &r);
- ed25519_add(&s, &r, p);
-
- fe_select(r.X, r.X, s.X, bit);
- fe_select(r.Y, r.Y, s.Y, bit);
- fe_select(r.Z, r.Z, s.Z, bit);
- fe_select(r.T, r.T, s.T, bit);
- }
- XMEMCPY(r_out, &r, sizeof(r));
-}
-
-
-void ge_scalarmult_base(ge_p3 *R,const unsigned char *nonce)
-{
- ed25519_smult(R, &ed25519_base, nonce);
-}
-
-
-/* pack the point h into array s */
-void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
-{
- byte x[F25519_SIZE];
- byte y[F25519_SIZE];
- byte z1[F25519_SIZE];
- byte parity;
-
- fe_inv__distinct(z1, h->Z);
- fe_mul__distinct(x, h->X, z1);
- fe_mul__distinct(y, h->Y, z1);
-
- fe_normalize(x);
- fe_normalize(y);
-
- parity = (x[0] & 1) << 7;
- fe_copy(s, y);
- fe_normalize(s);
- s[31] |= parity;
-}
-
-
-/* pack the point h into array s */
-void ge_tobytes(unsigned char *s,const ge_p2 *h)
-{
- byte x[F25519_SIZE];
- byte y[F25519_SIZE];
- byte z1[F25519_SIZE];
- byte parity;
-
- fe_inv__distinct(z1, h->Z);
- fe_mul__distinct(x, h->X, z1);
- fe_mul__distinct(y, h->Y, z1);
-
- fe_normalize(x);
- fe_normalize(y);
-
- parity = (x[0] & 1) << 7;
- fe_copy(s, y);
- fe_normalize(s);
- s[31] |= parity;
-}
-
-
-/*
- Test if the public key can be uncommpressed and negate it (-X,Y,Z,-T)
- return 0 on success
- */
-int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s)
-{
-
- byte parity;
- byte x[F25519_SIZE];
- byte y[F25519_SIZE];
- byte a[F25519_SIZE];
- byte b[F25519_SIZE];
- byte c[F25519_SIZE];
- int ret = 0;
-
- /* unpack the key s */
- parity = s[31] >> 7;
- fe_copy(y, s);
- y[31] &= 127;
-
- fe_mul__distinct(c, y, y);
- fe_mul__distinct(b, c, ed25519_d);
- fe_add(a, b, f25519_one);
- fe_inv__distinct(b, a);
- fe_sub(a, c, f25519_one);
- fe_mul__distinct(c, a, b);
- fe_sqrt(a, c);
- fe_neg(b, a);
- fe_select(x, a, b, (a[0] ^ parity) & 1);
-
- /* test that x^2 is equal to c */
- fe_mul__distinct(a, x, x);
- fe_normalize(a);
- fe_normalize(c);
- ret |= ConstantCompare(a, c, F25519_SIZE);
-
- /* project the key s onto p */
- fe_copy(p->X, x);
- fe_copy(p->Y, y);
- fe_load(p->Z, 1);
- fe_mul__distinct(p->T, x, y);
-
- /* negate, the point becomes (-X,Y,Z,-T) */
- fe_neg(p->X,p->X);
- fe_neg(p->T,p->T);
-
- return ret;
-}
-
-
-int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
- const ge_p3 *inA,const unsigned char *sig)
-{
- ge_p3 p, A;
- int ret = 0;
-
- XMEMCPY(&A, inA, sizeof(ge_p3));
-
- /* find SB */
- ed25519_smult(&p, &ed25519_base, sig);
-
- /* find H(R,A,M) * -A */
- ed25519_smult(&A, &A, h);
-
- /* SB + -H(R,A,M)A */
- ed25519_add(&A, &p, &A);
-
- fe_copy(R->X, A.X);
- fe_copy(R->Y, A.Y);
- fe_copy(R->Z, A.Z);
-
- return ret;
-}
-
-#endif /* HAVE_ED25519 */
-
-
--- a/wolfcrypt/src/ge_operations.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2604 +0,0 @@
-/* ge_operations.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_ED25519
-
-#include <wolfssl/wolfcrypt/ge_operations.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-/*
-ge means group element.
-
-Here the group is the set of pairs (x,y) of field elements (see fe.h)
-satisfying -x^2 + y^2 = 1 + d x^2y^2
-where d = -121665/121666.
-
-Representations:
- ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
- ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
- ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- ge_precomp (Duif): (y+x,y-x,2dxy)
-*/
-
-
-/*
-Input:
- s[0]+256*s[1]+...+256^63*s[63] = s
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = s mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
- Overwrites s in place.
-*/
-void sc_reduce(byte* s)
-{
- int64_t s0 = 2097151 & load_3(s);
- int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
- int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
- int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
- int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
- int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
- int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
- int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
- int64_t s8 = 2097151 & load_3(s + 21);
- int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
- int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
- int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
- int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
- int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
- int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
- int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
- int64_t s16 = 2097151 & load_3(s + 42);
- int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
- int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
- int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
- int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
- int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
- int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
- int64_t s23 = (load_4(s + 60) >> 3);
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-
- /* hush warnings after setting values to 0 */
- (void)s12;
- (void)s13;
- (void)s14;
- (void)s15;
- (void)s16;
- (void)s17;
- (void)s18;
- (void)s19;
- (void)s20;
- (void)s21;
- (void)s22;
- (void)s23;
-}
-
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
-{
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t c0 = 2097151 & load_3(c);
- int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
- int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
- int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
- int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
- int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
- int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
- int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
- int64_t c8 = 2097151 & load_3(c + 21);
- int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
- int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
- int64_t c11 = (load_4(c + 28) >> 7);
- int64_t s0;
- int64_t s1;
- int64_t s2;
- int64_t s3;
- int64_t s4;
- int64_t s5;
- int64_t s6;
- int64_t s7;
- int64_t s8;
- int64_t s9;
- int64_t s10;
- int64_t s11;
- int64_t s12;
- int64_t s13;
- int64_t s14;
- int64_t s15;
- int64_t s16;
- int64_t s17;
- int64_t s18;
- int64_t s19;
- int64_t s20;
- int64_t s21;
- int64_t s22;
- int64_t s23;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
- int64_t carry17;
- int64_t carry18;
- int64_t carry19;
- int64_t carry20;
- int64_t carry21;
- int64_t carry22;
-
- s0 = c0 + a0*b0;
- s1 = c1 + a0*b1 + a1*b0;
- s2 = c2 + a0*b2 + a1*b1 + a2*b0;
- s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
- s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
- s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
- s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
- s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
- s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1
- + a8*b0;
- s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2
- + a8*b1 + a9*b0;
- s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3
- + a8*b2 + a9*b1 + a10*b0;
- s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4
- + a8*b3 + a9*b2 + a10*b1 + a11*b0;
- s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3
- + a10*b2 + a11*b1;
- s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3
- + a11*b2;
- s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4
- + a11*b3;
- s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
- s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
- s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
- s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
- s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
- s20 = a9*b11 + a10*b10 + a11*b9;
- s21 = a10*b11 + a11*b10;
- s22 = a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-
- /* hush warnings after setting values to 0 */
- (void)s12;
- (void)s13;
- (void)s14;
- (void)s15;
- (void)s16;
- (void)s17;
- (void)s18;
- (void)s19;
- (void)s20;
- (void)s21;
- (void)s22;
- (void)s23;
-}
-
-
-int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz)
-{
- fe x,y,z;
- ge_p3 g;
- byte bArray[keySz];
- word32 i;
-
- fe_0(x);
- fe_0(y);
- fe_1(z);
- fe_frombytes(x, xIn);
- fe_frombytes(y, yIn);
-
- fe_copy(g.X, x);
- fe_copy(g.Y, y);
- fe_copy(g.Z, z);
-
- ge_p3_tobytes(bArray, &g);
-
- for (i = 0; i < keySz; i++) {
- out[keySz - 1 - i] = bArray[i];
- }
-
- return 0;
-}
-
-
-/*
-r = p + q
-*/
-void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
- fe_add(r->X,p->Y,p->X);
- fe_sub(r->Y,p->Y,p->X);
- fe_mul(r->Z,r->X,q->YplusX);
- fe_mul(r->Y,r->Y,q->YminusX);
- fe_mul(r->T,q->T2d,p->T);
- fe_mul(r->X,p->Z,q->Z);
- fe_add(t0,r->X,r->X);
- fe_sub(r->X,r->Z,r->Y);
- fe_add(r->Y,r->Z,r->Y);
- fe_add(r->Z,t0,r->T);
- fe_sub(r->T,t0,r->T);
-}
-
-
-/* ge_scalar mult base */
-static unsigned char equal(signed char b,signed char c)
-{
- unsigned char ub = b;
- unsigned char uc = c;
- unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
- uint32_t y = x; /* 0: yes; 1..255: no */
- y -= 1; /* 4294967295: yes; 0..254: no */
- y >>= 31; /* 1: yes; 0: no */
- return y;
-}
-
-
-static unsigned char negative(signed char b)
-{
- unsigned long long x = b; /* 18446744073709551361..18446744073709551615:
- yes; 0..255: no */
- x >>= 63; /* 1: yes; 0: no */
- return x;
-}
-
-
-static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b)
-{
- fe_cmov(t->yplusx,u->yplusx,b);
- fe_cmov(t->yminusx,u->yminusx,b);
- fe_cmov(t->xy2d,u->xy2d,b);
-}
-
-
-/* base[i][j] = (j+1)*256^i*B */
-static ge_precomp base[32][8] = {
-{
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { -12815894,-12976347,-21581243,11784320,-25355658,-2750717,-11717903,-3814571,-358445,-10211303 },
- { -21703237,6903825,27185491,6451973,-29577724,-9554005,-15616551,11189268,-26829678,-5319081 },
- { 26966642,11152617,32442495,15396054,14353839,-12752335,-3128826,-9541118,-15472047,-4166697 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { -17036878,13921892,10945806,-6033431,27105052,-16084379,-28926210,15006023,3284568,-6276540 },
- { 23599295,-8306047,-11193664,-7687416,13236774,10506355,7464579,9656445,13059162,10374397 },
- { 7798556,16710257,3033922,2874086,28997861,2835604,32406664,-3839045,-641708,-101325 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { -15371964,-12862754,32573250,4720197,-26436522,5875511,-19188627,-15224819,-9818940,-12085777 },
- { -8549212,109983,15149363,2178705,22900618,4543417,3044240,-15689887,1762328,14866737 },
- { -18199695,-15951423,-10473290,1707278,-17185920,3916101,-28236412,3959421,27914454,4383652 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { 14499471,-2729599,-33191113,-4254652,28494862,14271267,30290735,10876454,-33154098,2381726 },
- { -7195431,-2655363,-14730155,462251,-27724326,3941372,-6236617,3696005,-32300832,15351955 },
- { 27431194,8222322,16448760,-3907995,-18707002,11938355,-32961401,-2970515,29551813,10109425 },
- },
-},
-{
- {
- { -13657040,-13155431,-31283750,11777098,21447386,6519384,-2378284,-1627556,10092783,-4764171 },
- { 27939166,14210322,4677035,16277044,-22964462,-12398139,-32508754,12005538,-17810127,12803510 },
- { 17228999,-15661624,-1233527,300140,-1224870,-11714777,30364213,-9038194,18016357,4397660 },
- },
- {
- { -10958843,-7690207,4776341,-14954238,27850028,-15602212,-26619106,14544525,-17477504,982639 },
- { 29253598,15796703,-2863982,-9908884,10057023,3163536,7332899,-4120128,-21047696,9934963 },
- { 5793303,16271923,-24131614,-10116404,29188560,1206517,-14747930,4559895,-30123922,-10897950 },
- },
- {
- { -27643952,-11493006,16282657,-11036493,28414021,-15012264,24191034,4541697,-13338309,5500568 },
- { 12650548,-1497113,9052871,11355358,-17680037,-8400164,-17430592,12264343,10874051,13524335 },
- { 25556948,-3045990,714651,2510400,23394682,-10415330,33119038,5080568,-22528059,5376628 },
- },
- {
- { -26088264,-4011052,-17013699,-3537628,-6726793,1920897,-22321305,-9447443,4535768,1569007 },
- { -2255422,14606630,-21692440,-8039818,28430649,8775819,-30494562,3044290,31848280,12543772 },
- { -22028579,2943893,-31857513,6777306,13784462,-4292203,-27377195,-2062731,7718482,14474653 },
- },
- {
- { 2385315,2454213,-22631320,46603,-4437935,-15680415,656965,-7236665,24316168,-5253567 },
- { 13741529,10911568,-33233417,-8603737,-20177830,-1033297,33040651,-13424532,-20729456,8321686 },
- { 21060490,-2212744,15712757,-4336099,1639040,10656336,23845965,-11874838,-9984458,608372 },
- },
- {
- { -13672732,-15087586,-10889693,-7557059,-6036909,11305547,1123968,-6780577,27229399,23887 },
- { -23244140,-294205,-11744728,14712571,-29465699,-2029617,12797024,-6440308,-1633405,16678954 },
- { -29500620,4770662,-16054387,14001338,7830047,9564805,-1508144,-4795045,-17169265,4904953 },
- },
- {
- { 24059557,14617003,19037157,-15039908,19766093,-14906429,5169211,16191880,2128236,-4326833 },
- { -16981152,4124966,-8540610,-10653797,30336522,-14105247,-29806336,916033,-6882542,-2986532 },
- { -22630907,12419372,-7134229,-7473371,-16478904,16739175,285431,2763829,15736322,4143876 },
- },
- {
- { 2379352,11839345,-4110402,-5988665,11274298,794957,212801,-14594663,23527084,-16458268 },
- { 33431127,-11130478,-17838966,-15626900,8909499,8376530,-32625340,4087881,-15188911,-14416214 },
- { 1767683,7197987,-13205226,-2022635,-13091350,448826,5799055,4357868,-4774191,-16323038 },
- },
-},
-{
- {
- { 6721966,13833823,-23523388,-1551314,26354293,-11863321,23365147,-3949732,7390890,2759800 },
- { 4409041,2052381,23373853,10530217,7676779,-12885954,21302353,-4264057,1244380,-12919645 },
- { -4421239,7169619,4982368,-2957590,30256825,-2777540,14086413,9208236,15886429,16489664 },
- },
- {
- { 1996075,10375649,14346367,13311202,-6874135,-16438411,-13693198,398369,-30606455,-712933 },
- { -25307465,9795880,-2777414,14878809,-33531835,14780363,13348553,12076947,-30836462,5113182 },
- { -17770784,11797796,31950843,13929123,-25888302,12288344,-30341101,-7336386,13847711,5387222 },
- },
- {
- { -18582163,-3416217,17824843,-2340966,22744343,-10442611,8763061,3617786,-19600662,10370991 },
- { 20246567,-14369378,22358229,-543712,18507283,-10413996,14554437,-8746092,32232924,16763880 },
- { 9648505,10094563,26416693,14745928,-30374318,-6472621,11094161,15689506,3140038,-16510092 },
- },
- {
- { -16160072,5472695,31895588,4744994,8823515,10365685,-27224800,9448613,-28774454,366295 },
- { 19153450,11523972,-11096490,-6503142,-24647631,5420647,28344573,8041113,719605,11671788 },
- { 8678025,2694440,-6808014,2517372,4964326,11152271,-15432916,-15266516,27000813,-10195553 },
- },
- {
- { -15157904,7134312,8639287,-2814877,-7235688,10421742,564065,5336097,6750977,-14521026 },
- { 11836410,-3979488,26297894,16080799,23455045,15735944,1695823,-8819122,8169720,16220347 },
- { -18115838,8653647,17578566,-6092619,-8025777,-16012763,-11144307,-2627664,-5990708,-14166033 },
- },
- {
- { -23308498,-10968312,15213228,-10081214,-30853605,-11050004,27884329,2847284,2655861,1738395 },
- { -27537433,-14253021,-25336301,-8002780,-9370762,8129821,21651608,-3239336,-19087449,-11005278 },
- { 1533110,3437855,23735889,459276,29970501,11335377,26030092,5821408,10478196,8544890 },
- },
- {
- { 32173121,-16129311,24896207,3921497,22579056,-3410854,19270449,12217473,17789017,-3395995 },
- { -30552961,-2228401,-15578829,-10147201,13243889,517024,15479401,-3853233,30460520,1052596 },
- { -11614875,13323618,32618793,8175907,-15230173,12596687,27491595,-4612359,3179268,-9478891 },
- },
- {
- { 31947069,-14366651,-4640583,-15339921,-15125977,-6039709,-14756777,-16411740,19072640,-9511060 },
- { 11685058,11822410,3158003,-13952594,33402194,-4165066,5977896,-5215017,473099,5040608 },
- { -20290863,8198642,-27410132,11602123,1290375,-2799760,28326862,1721092,-19558642,-3131606 },
- },
-},
-{
- {
- { 7881532,10687937,7578723,7738378,-18951012,-2553952,21820786,8076149,-27868496,11538389 },
- { -19935666,3899861,18283497,-6801568,-15728660,-11249211,8754525,7446702,-5676054,5797016 },
- { -11295600,-3793569,-15782110,-7964573,12708869,-8456199,2014099,-9050574,-2369172,-5877341 },
- },
- {
- { -22472376,-11568741,-27682020,1146375,18956691,16640559,1192730,-3714199,15123619,10811505 },
- { 14352098,-3419715,-18942044,10822655,32750596,4699007,-70363,15776356,-28886779,-11974553 },
- { -28241164,-8072475,-4978962,-5315317,29416931,1847569,-20654173,-16484855,4714547,-9600655 },
- },
- {
- { 15200332,8368572,19679101,15970074,-31872674,1959451,24611599,-4543832,-11745876,12340220 },
- { 12876937,-10480056,33134381,6590940,-6307776,14872440,9613953,8241152,15370987,9608631 },
- { -4143277,-12014408,8446281,-391603,4407738,13629032,-7724868,15866074,-28210621,-8814099 },
- },
- {
- { 26660628,-15677655,8393734,358047,-7401291,992988,-23904233,858697,20571223,8420556 },
- { 14620715,13067227,-15447274,8264467,14106269,15080814,33531827,12516406,-21574435,-12476749 },
- { 236881,10476226,57258,-14677024,6472998,2466984,17258519,7256740,8791136,15069930 },
- },
- {
- { 1276410,-9371918,22949635,-16322807,-23493039,-5702186,14711875,4874229,-30663140,-2331391 },
- { 5855666,4990204,-13711848,7294284,-7804282,1924647,-1423175,-7912378,-33069337,9234253 },
- { 20590503,-9018988,31529744,-7352666,-2706834,10650548,31559055,-11609587,18979186,13396066 },
- },
- {
- { 24474287,4968103,22267082,4407354,24063882,-8325180,-18816887,13594782,33514650,7021958 },
- { -11566906,-6565505,-21365085,15928892,-26158305,4315421,-25948728,-3916677,-21480480,12868082 },
- { -28635013,13504661,19988037,-2132761,21078225,6443208,-21446107,2244500,-12455797,-8089383 },
- },
- {
- { -30595528,13793479,-5852820,319136,-25723172,-6263899,33086546,8957937,-15233648,5540521 },
- { -11630176,-11503902,-8119500,-7643073,2620056,1022908,-23710744,-1568984,-16128528,-14962807 },
- { 23152971,775386,27395463,14006635,-9701118,4649512,1689819,892185,-11513277,-15205948 },
- },
- {
- { 9770129,9586738,26496094,4324120,1556511,-3550024,27453819,4763127,-19179614,5867134 },
- { -32765025,1927590,31726409,-4753295,23962434,-16019500,27846559,5931263,-29749703,-16108455 },
- { 27461885,-2977536,22380810,1815854,-23033753,-3031938,7283490,-15148073,-19526700,7734629 },
- },
-},
-{
- {
- { -8010264,-9590817,-11120403,6196038,29344158,-13430885,7585295,-3176626,18549497,15302069 },
- { -32658337,-6171222,-7672793,-11051681,6258878,13504381,10458790,-6418461,-8872242,8424746 },
- { 24687205,8613276,-30667046,-3233545,1863892,-1830544,19206234,7134917,-11284482,-828919 },
- },
- {
- { 11334899,-9218022,8025293,12707519,17523892,-10476071,10243738,-14685461,-5066034,16498837 },
- { 8911542,6887158,-9584260,-6958590,11145641,-9543680,17303925,-14124238,6536641,10543906 },
- { -28946384,15479763,-17466835,568876,-1497683,11223454,-2669190,-16625574,-27235709,8876771 },
- },
- {
- { -25742899,-12566864,-15649966,-846607,-33026686,-796288,-33481822,15824474,-604426,-9039817 },
- { 10330056,70051,7957388,-9002667,9764902,15609756,27698697,-4890037,1657394,3084098 },
- { 10477963,-7470260,12119566,-13250805,29016247,-5365589,31280319,14396151,-30233575,15272409 },
- },
- {
- { -12288309,3169463,28813183,16658753,25116432,-5630466,-25173957,-12636138,-25014757,1950504 },
- { -26180358,9489187,11053416,-14746161,-31053720,5825630,-8384306,-8767532,15341279,8373727 },
- { 28685821,7759505,-14378516,-12002860,-31971820,4079242,298136,-10232602,-2878207,15190420 },
- },
- {
- { -32932876,13806336,-14337485,-15794431,-24004620,10940928,8669718,2742393,-26033313,-6875003 },
- { -1580388,-11729417,-25979658,-11445023,-17411874,-10912854,9291594,-16247779,-12154742,6048605 },
- { -30305315,14843444,1539301,11864366,20201677,1900163,13934231,5128323,11213262,9168384 },
- },
- {
- { -26280513,11007847,19408960,-940758,-18592965,-4328580,-5088060,-11105150,20470157,-16398701 },
- { -23136053,9282192,14855179,-15390078,-7362815,-14408560,-22783952,14461608,14042978,5230683 },
- { 29969567,-2741594,-16711867,-8552442,9175486,-2468974,21556951,3506042,-5933891,-12449708 },
- },
- {
- { -3144746,8744661,19704003,4581278,-20430686,6830683,-21284170,8971513,-28539189,15326563 },
- { -19464629,10110288,-17262528,-3503892,-23500387,1355669,-15523050,15300988,-20514118,9168260 },
- { -5353335,4488613,-23803248,16314347,7780487,-15638939,-28948358,9601605,33087103,-9011387 },
- },
- {
- { -19443170,-15512900,-20797467,-12445323,-29824447,10229461,-27444329,-15000531,-5996870,15664672 },
- { 23294591,-16632613,-22650781,-8470978,27844204,11461195,13099750,-2460356,18151676,13417686 },
- { -24722913,-4176517,-31150679,5988919,-26858785,6685065,1661597,-12551441,15271676,-15452665 },
- },
-},
-{
- {
- { 11433042,-13228665,8239631,-5279517,-1985436,-725718,-18698764,2167544,-6921301,-13440182 },
- { -31436171,15575146,30436815,12192228,-22463353,9395379,-9917708,-8638997,12215110,12028277 },
- { 14098400,6555944,23007258,5757252,-15427832,-12950502,30123440,4617780,-16900089,-655628 },
- },
- {
- { -4026201,-15240835,11893168,13718664,-14809462,1847385,-15819999,10154009,23973261,-12684474 },
- { -26531820,-3695990,-1908898,2534301,-31870557,-16550355,18341390,-11419951,32013174,-10103539 },
- { -25479301,10876443,-11771086,-14625140,-12369567,1838104,21911214,6354752,4425632,-837822 },
- },
- {
- { -10433389,-14612966,22229858,-3091047,-13191166,776729,-17415375,-12020462,4725005,14044970 },
- { 19268650,-7304421,1555349,8692754,-21474059,-9910664,6347390,-1411784,-19522291,-16109756 },
- { -24864089,12986008,-10898878,-5558584,-11312371,-148526,19541418,8180106,9282262,10282508 },
- },
- {
- { -26205082,4428547,-8661196,-13194263,4098402,-14165257,15522535,8372215,5542595,-10702683 },
- { -10562541,14895633,26814552,-16673850,-17480754,-2489360,-2781891,6993761,-18093885,10114655 },
- { -20107055,-929418,31422704,10427861,-7110749,6150669,-29091755,-11529146,25953725,-106158 },
- },
- {
- { -4234397,-8039292,-9119125,3046000,2101609,-12607294,19390020,6094296,-3315279,12831125 },
- { -15998678,7578152,5310217,14408357,-33548620,-224739,31575954,6326196,7381791,-2421839 },
- { -20902779,3296811,24736065,-16328389,18374254,7318640,6295303,8082724,-15362489,12339664 },
- },
- {
- { 27724736,2291157,6088201,-14184798,1792727,5857634,13848414,15768922,25091167,14856294 },
- { -18866652,8331043,24373479,8541013,-701998,-9269457,12927300,-12695493,-22182473,-9012899 },
- { -11423429,-5421590,11632845,3405020,30536730,-11674039,-27260765,13866390,30146206,9142070 },
- },
- {
- { 3924129,-15307516,-13817122,-10054960,12291820,-668366,-27702774,9326384,-8237858,4171294 },
- { -15921940,16037937,6713787,16606682,-21612135,2790944,26396185,3731949,345228,-5462949 },
- { -21327538,13448259,25284571,1143661,20614966,-8849387,2031539,-12391231,-16253183,-13582083 },
- },
- {
- { 31016211,-16722429,26371392,-14451233,-5027349,14854137,17477601,3842657,28012650,-16405420 },
- { -5075835,9368966,-8562079,-4600902,-15249953,6970560,-9189873,16292057,-8867157,3507940 },
- { 29439664,3537914,23333589,6997794,-17555561,-11018068,-15209202,-15051267,-9164929,6580396 },
- },
-},
-{
- {
- { -12185861,-7679788,16438269,10826160,-8696817,-6235611,17860444,-9273846,-2095802,9304567 },
- { 20714564,-4336911,29088195,7406487,11426967,-5095705,14792667,-14608617,5289421,-477127 },
- { -16665533,-10650790,-6160345,-13305760,9192020,-1802462,17271490,12349094,26939669,-3752294 },
- },
- {
- { -12889898,9373458,31595848,16374215,21471720,13221525,-27283495,-12348559,-3698806,117887 },
- { 22263325,-6560050,3984570,-11174646,-15114008,-566785,28311253,5358056,-23319780,541964 },
- { 16259219,3261970,2309254,-15534474,-16885711,-4581916,24134070,-16705829,-13337066,-13552195 },
- },
- {
- { 9378160,-13140186,-22845982,-12745264,28198281,-7244098,-2399684,-717351,690426,14876244 },
- { 24977353,-314384,-8223969,-13465086,28432343,-1176353,-13068804,-12297348,-22380984,6618999 },
- { -1538174,11685646,12944378,13682314,-24389511,-14413193,8044829,-13817328,32239829,-5652762 },
- },
- {
- { -18603066,4762990,-926250,8885304,-28412480,-3187315,9781647,-10350059,32779359,5095274 },
- { -33008130,-5214506,-32264887,-3685216,9460461,-9327423,-24601656,14506724,21639561,-2630236 },
- { -16400943,-13112215,25239338,15531969,3987758,-4499318,-1289502,-6863535,17874574,558605 },
- },
- {
- { -13600129,10240081,9171883,16131053,-20869254,9599700,33499487,5080151,2085892,5119761 },
- { -22205145,-2519528,-16381601,414691,-25019550,2170430,30634760,-8363614,-31999993,-5759884 },
- { -6845704,15791202,8550074,-1312654,29928809,-12092256,27534430,-7192145,-22351378,12961482 },
- },
- {
- { -24492060,-9570771,10368194,11582341,-23397293,-2245287,16533930,8206996,-30194652,-5159638 },
- { -11121496,-3382234,2307366,6362031,-135455,8868177,-16835630,7031275,7589640,8945490 },
- { -32152748,8917967,6661220,-11677616,-1192060,-15793393,7251489,-11182180,24099109,-14456170 },
- },
- {
- { 5019558,-7907470,4244127,-14714356,-26933272,6453165,-19118182,-13289025,-6231896,-10280736 },
- { 10853594,10721687,26480089,5861829,-22995819,1972175,-1866647,-10557898,-3363451,-6441124 },
- { -17002408,5906790,221599,-6563147,7828208,-13248918,24362661,-2008168,-13866408,7421392 },
- },
- {
- { 8139927,-6546497,32257646,-5890546,30375719,1886181,-21175108,15441252,28826358,-4123029 },
- { 6267086,9695052,7709135,-16603597,-32869068,-1886135,14795160,-7840124,13746021,-1742048 },
- { 28584902,7787108,-6732942,-15050729,22846041,-7571236,-3181936,-363524,4771362,-8419958 },
- },
-},
-{
- {
- { 24949256,6376279,-27466481,-8174608,-18646154,-9930606,33543569,-12141695,3569627,11342593 },
- { 26514989,4740088,27912651,3697550,19331575,-11472339,6809886,4608608,7325975,-14801071 },
- { -11618399,-14554430,-24321212,7655128,-1369274,5214312,-27400540,10258390,-17646694,-8186692 },
- },
- {
- { 11431204,15823007,26570245,14329124,18029990,4796082,-31446179,15580664,9280358,-3973687 },
- { -160783,-10326257,-22855316,-4304997,-20861367,-13621002,-32810901,-11181622,-15545091,4387441 },
- { -20799378,12194512,3937617,-5805892,-27154820,9340370,-24513992,8548137,20617071,-7482001 },
- },
- {
- { -938825,-3930586,-8714311,16124718,24603125,-6225393,-13775352,-11875822,24345683,10325460 },
- { -19855277,-1568885,-22202708,8714034,14007766,6928528,16318175,-1010689,4766743,3552007 },
- { -21751364,-16730916,1351763,-803421,-4009670,3950935,3217514,14481909,10988822,-3994762 },
- },
- {
- { 15564307,-14311570,3101243,5684148,30446780,-8051356,12677127,-6505343,-8295852,13296005 },
- { -9442290,6624296,-30298964,-11913677,-4670981,-2057379,31521204,9614054,-30000824,12074674 },
- { 4771191,-135239,14290749,-13089852,27992298,14998318,-1413936,-1556716,29832613,-16391035 },
- },
- {
- { 7064884,-7541174,-19161962,-5067537,-18891269,-2912736,25825242,5293297,-27122660,13101590 },
- { -2298563,2439670,-7466610,1719965,-27267541,-16328445,32512469,-5317593,-30356070,-4190957 },
- { -30006540,10162316,-33180176,3981723,-16482138,-13070044,14413974,9515896,19568978,9628812 },
- },
- {
- { 33053803,199357,15894591,1583059,27380243,-4580435,-17838894,-6106839,-6291786,3437740 },
- { -18978877,3884493,19469877,12726490,15913552,13614290,-22961733,70104,7463304,4176122 },
- { -27124001,10659917,11482427,-16070381,12771467,-6635117,-32719404,-5322751,24216882,5944158 },
- },
- {
- { 8894125,7450974,-2664149,-9765752,-28080517,-12389115,19345746,14680796,11632993,5847885 },
- { 26942781,-2315317,9129564,-4906607,26024105,11769399,-11518837,6367194,-9727230,4782140 },
- { 19916461,-4828410,-22910704,-11414391,25606324,-5972441,33253853,8220911,6358847,-1873857 },
- },
- {
- { 801428,-2081702,16569428,11065167,29875704,96627,7908388,-4480480,-13538503,1387155 },
- { 19646058,5720633,-11416706,12814209,11607948,12749789,14147075,15156355,-21866831,11835260 },
- { 19299512,1155910,28703737,14890794,2925026,7269399,26121523,15467869,-26560550,5052483 },
- },
-},
-{
- {
- { -3017432,10058206,1980837,3964243,22160966,12322533,-6431123,-12618185,12228557,-7003677 },
- { 32944382,14922211,-22844894,5188528,21913450,-8719943,4001465,13238564,-6114803,8653815 },
- { 22865569,-4652735,27603668,-12545395,14348958,8234005,24808405,5719875,28483275,2841751 },
- },
- {
- { -16420968,-1113305,-327719,-12107856,21886282,-15552774,-1887966,-315658,19932058,-12739203 },
- { -11656086,10087521,-8864888,-5536143,-19278573,-3055912,3999228,13239134,-4777469,-13910208 },
- { 1382174,-11694719,17266790,9194690,-13324356,9720081,20403944,11284705,-14013818,3093230 },
- },
- {
- { 16650921,-11037932,-1064178,1570629,-8329746,7352753,-302424,16271225,-24049421,-6691850 },
- { -21911077,-5927941,-4611316,-5560156,-31744103,-10785293,24123614,15193618,-21652117,-16739389 },
- { -9935934,-4289447,-25279823,4372842,2087473,10399484,31870908,14690798,17361620,11864968 },
- },
- {
- { -11307610,6210372,13206574,5806320,-29017692,-13967200,-12331205,-7486601,-25578460,-16240689 },
- { 14668462,-12270235,26039039,15305210,25515617,4542480,10453892,6577524,9145645,-6443880 },
- { 5974874,3053895,-9433049,-10385191,-31865124,3225009,-7972642,3936128,-5652273,-3050304 },
- },
- {
- { 30625386,-4729400,-25555961,-12792866,-20484575,7695099,17097188,-16303496,-27999779,1803632 },
- { -3553091,9865099,-5228566,4272701,-5673832,-16689700,14911344,12196514,-21405489,7047412 },
- { 20093277,9920966,-11138194,-5343857,13161587,12044805,-32856851,4124601,-32343828,-10257566 },
- },
- {
- { -20788824,14084654,-13531713,7842147,19119038,-13822605,4752377,-8714640,-21679658,2288038 },
- { -26819236,-3283715,29965059,3039786,-14473765,2540457,29457502,14625692,-24819617,12570232 },
- { -1063558,-11551823,16920318,12494842,1278292,-5869109,-21159943,-3498680,-11974704,4724943 },
- },
- {
- { 17960970,-11775534,-4140968,-9702530,-8876562,-1410617,-12907383,-8659932,-29576300,1903856 },
- { 23134274,-14279132,-10681997,-1611936,20684485,15770816,-12989750,3190296,26955097,14109738 },
- { 15308788,5320727,-30113809,-14318877,22902008,7767164,29425325,-11277562,31960942,11934971 },
- },
- {
- { -27395711,8435796,4109644,12222639,-24627868,14818669,20638173,4875028,10491392,1379718 },
- { -13159415,9197841,3875503,-8936108,-1383712,-5879801,33518459,16176658,21432314,12180697 },
- { -11787308,11500838,13787581,-13832590,-22430679,10140205,1465425,12689540,-10301319,-13872883 },
- },
-},
-{
- {
- { 5414091,-15386041,-21007664,9643570,12834970,1186149,-2622916,-1342231,26128231,6032912 },
- { -26337395,-13766162,32496025,-13653919,17847801,-12669156,3604025,8316894,-25875034,-10437358 },
- { 3296484,6223048,24680646,-12246460,-23052020,5903205,-8862297,-4639164,12376617,3188849 },
- },
- {
- { 29190488,-14659046,27549113,-1183516,3520066,-10697301,32049515,-7309113,-16109234,-9852307 },
- { -14744486,-9309156,735818,-598978,-20407687,-5057904,25246078,-15795669,18640741,-960977 },
- { -6928835,-16430795,10361374,5642961,4910474,12345252,-31638386,-494430,10530747,1053335 },
- },
- {
- { -29265967,-14186805,-13538216,-12117373,-19457059,-10655384,-31462369,-2948985,24018831,15026644 },
- { -22592535,-3145277,-2289276,5953843,-13440189,9425631,25310643,13003497,-2314791,-15145616 },
- { -27419985,-603321,-8043984,-1669117,-26092265,13987819,-27297622,187899,-23166419,-2531735 },
- },
- {
- { -21744398,-13810475,1844840,5021428,-10434399,-15911473,9716667,16266922,-5070217,726099 },
- { 29370922,-6053998,7334071,-15342259,9385287,2247707,-13661962,-4839461,30007388,-15823341 },
- { -936379,16086691,23751945,-543318,-1167538,-5189036,9137109,730663,9835848,4555336 },
- },
- {
- { -23376435,1410446,-22253753,-12899614,30867635,15826977,17693930,544696,-11985298,12422646 },
- { 31117226,-12215734,-13502838,6561947,-9876867,-12757670,-5118685,-4096706,29120153,13924425 },
- { -17400879,-14233209,19675799,-2734756,-11006962,-5858820,-9383939,-11317700,7240931,-237388 },
- },
- {
- { -31361739,-11346780,-15007447,-5856218,-22453340,-12152771,1222336,4389483,3293637,-15551743 },
- { -16684801,-14444245,11038544,11054958,-13801175,-3338533,-24319580,7733547,12796905,-6335822 },
- { -8759414,-10817836,-25418864,10783769,-30615557,-9746811,-28253339,3647836,3222231,-11160462 },
- },
- {
- { 18606113,1693100,-25448386,-15170272,4112353,10045021,23603893,-2048234,-7550776,2484985 },
- { 9255317,-3131197,-12156162,-1004256,13098013,-9214866,16377220,-2102812,-19802075,-3034702 },
- { -22729289,7496160,-5742199,11329249,19991973,-3347502,-31718148,9936966,-30097688,-10618797 },
- },
- {
- { 21878590,-5001297,4338336,13643897,-3036865,13160960,19708896,5415497,-7360503,-4109293 },
- { 27736861,10103576,12500508,8502413,-3413016,-9633558,10436918,-1550276,-23659143,-8132100 },
- { 19492550,-12104365,-29681976,-852630,-3208171,12403437,30066266,8367329,13243957,8709688 },
- },
-},
-{
- {
- { 12015105,2801261,28198131,10151021,24818120,-4743133,-11194191,-5645734,5150968,7274186 },
- { 2831366,-12492146,1478975,6122054,23825128,-12733586,31097299,6083058,31021603,-9793610 },
- { -2529932,-2229646,445613,10720828,-13849527,-11505937,-23507731,16354465,15067285,-14147707 },
- },
- {
- { 7840942,14037873,-33364863,15934016,-728213,-3642706,21403988,1057586,-19379462,-12403220 },
- { 915865,-16469274,15608285,-8789130,-24357026,6060030,-17371319,8410997,-7220461,16527025 },
- { 32922597,-556987,20336074,-16184568,10903705,-5384487,16957574,52992,23834301,6588044 },
- },
- {
- { 32752030,11232950,3381995,-8714866,22652988,-10744103,17159699,16689107,-20314580,-1305992 },
- { -4689649,9166776,-25710296,-10847306,11576752,12733943,7924251,-2752281,1976123,-7249027 },
- { 21251222,16309901,-2983015,-6783122,30810597,12967303,156041,-3371252,12331345,-8237197 },
- },
- {
- { 8651614,-4477032,-16085636,-4996994,13002507,2950805,29054427,-5106970,10008136,-4667901 },
- { 31486080,15114593,-14261250,12951354,14369431,-7387845,16347321,-13662089,8684155,-10532952 },
- { 19443825,11385320,24468943,-9659068,-23919258,2187569,-26263207,-6086921,31316348,14219878 },
- },
- {
- { -28594490,1193785,32245219,11392485,31092169,15722801,27146014,6992409,29126555,9207390 },
- { 32382935,1110093,18477781,11028262,-27411763,-7548111,-4980517,10843782,-7957600,-14435730 },
- { 2814918,7836403,27519878,-7868156,-20894015,-11553689,-21494559,8550130,28346258,1994730 },
- },
- {
- { -19578299,8085545,-14000519,-3948622,2785838,-16231307,-19516951,7174894,22628102,8115180 },
- { -30405132,955511,-11133838,-15078069,-32447087,-13278079,-25651578,3317160,-9943017,930272 },
- { -15303681,-6833769,28856490,1357446,23421993,1057177,24091212,-1388970,-22765376,-10650715 },
- },
- {
- { -22751231,-5303997,-12907607,-12768866,-15811511,-7797053,-14839018,-16554220,-1867018,8398970 },
- { -31969310,2106403,-4736360,1362501,12813763,16200670,22981545,-6291273,18009408,-15772772 },
- { -17220923,-9545221,-27784654,14166835,29815394,7444469,29551787,-3727419,19288549,1325865 },
- },
- {
- { 15100157,-15835752,-23923978,-1005098,-26450192,15509408,12376730,-3479146,33166107,-8042750 },
- { 20909231,13023121,-9209752,16251778,-5778415,-8094914,12412151,10018715,2213263,-13878373 },
- { 32529814,-11074689,30361439,-16689753,-9135940,1513226,22922121,6382134,-5766928,8371348 },
- },
-},
-{
- {
- { 9923462,11271500,12616794,3544722,-29998368,-1721626,12891687,-8193132,-26442943,10486144 },
- { -22597207,-7012665,8587003,-8257861,4084309,-12970062,361726,2610596,-23921530,-11455195 },
- { 5408411,-1136691,-4969122,10561668,24145918,14240566,31319731,-4235541,19985175,-3436086 },
- },
- {
- { -13994457,16616821,14549246,3341099,32155958,13648976,-17577068,8849297,65030,8370684 },
- { -8320926,-12049626,31204563,5839400,-20627288,-1057277,-19442942,6922164,12743482,-9800518 },
- { -2361371,12678785,28815050,4759974,-23893047,4884717,23783145,11038569,18800704,255233 },
- },
- {
- { -5269658,-1773886,13957886,7990715,23132995,728773,13393847,9066957,19258688,-14753793 },
- { -2936654,-10827535,-10432089,14516793,-3640786,4372541,-31934921,2209390,-1524053,2055794 },
- { 580882,16705327,5468415,-2683018,-30926419,-14696000,-7203346,-8994389,-30021019,7394435 },
- },
- {
- { 23838809,1822728,-15738443,15242727,8318092,-3733104,-21672180,-3492205,-4821741,14799921 },
- { 13345610,9759151,3371034,-16137791,16353039,8577942,31129804,13496856,-9056018,7402518 },
- { 2286874,-4435931,-20042458,-2008336,-13696227,5038122,11006906,-15760352,8205061,1607563 },
- },
- {
- { 14414086,-8002132,3331830,-3208217,22249151,-5594188,18364661,-2906958,30019587,-9029278 },
- { -27688051,1585953,-10775053,931069,-29120221,-11002319,-14410829,12029093,9944378,8024 },
- { 4368715,-3709630,29874200,-15022983,-20230386,-11410704,-16114594,-999085,-8142388,5640030 },
- },
- {
- { 10299610,13746483,11661824,16234854,7630238,5998374,9809887,-16694564,15219798,-14327783 },
- { 27425505,-5719081,3055006,10660664,23458024,595578,-15398605,-1173195,-18342183,9742717 },
- { 6744077,2427284,26042789,2720740,-847906,1118974,32324614,7406442,12420155,1994844 },
- },
- {
- { 14012521,-5024720,-18384453,-9578469,-26485342,-3936439,-13033478,-10909803,24319929,-6446333 },
- { 16412690,-4507367,10772641,15929391,-17068788,-4658621,10555945,-10484049,-30102368,-4739048 },
- { 22397382,-7767684,-9293161,-12792868,17166287,-9755136,-27333065,6199366,21880021,-12250760 },
- },
- {
- { -4283307,5368523,-31117018,8163389,-30323063,3209128,16557151,8890729,8840445,4957760 },
- { -15447727,709327,-6919446,-10870178,-29777922,6522332,-21720181,12130072,-14796503,5005757 },
- { -2114751,-14308128,23019042,15765735,-25269683,6002752,10183197,-13239326,-16395286,-2176112 },
- },
-},
-{
- {
- { -19025756,1632005,13466291,-7995100,-23640451,16573537,-32013908,-3057104,22208662,2000468 },
- { 3065073,-1412761,-25598674,-361432,-17683065,-5703415,-8164212,11248527,-3691214,-7414184 },
- { 10379208,-6045554,8877319,1473647,-29291284,-12507580,16690915,2553332,-3132688,16400289 },
- },
- {
- { 15716668,1254266,-18472690,7446274,-8448918,6344164,-22097271,-7285580,26894937,9132066 },
- { 24158887,12938817,11085297,-8177598,-28063478,-4457083,-30576463,64452,-6817084,-2692882 },
- { 13488534,7794716,22236231,5989356,25426474,-12578208,2350710,-3418511,-4688006,2364226 },
- },
- {
- { 16335052,9132434,25640582,6678888,1725628,8517937,-11807024,-11697457,15445875,-7798101 },
- { 29004207,-7867081,28661402,-640412,-12794003,-7943086,31863255,-4135540,-278050,-15759279 },
- { -6122061,-14866665,-28614905,14569919,-10857999,-3591829,10343412,-6976290,-29828287,-10815811 },
- },
- {
- { 27081650,3463984,14099042,-4517604,1616303,-6205604,29542636,15372179,17293797,960709 },
- { 20263915,11434237,-5765435,11236810,13505955,-10857102,-16111345,6493122,-19384511,7639714 },
- { -2830798,-14839232,25403038,-8215196,-8317012,-16173699,18006287,-16043750,29994677,-15808121 },
- },
- {
- { 9769828,5202651,-24157398,-13631392,-28051003,-11561624,-24613141,-13860782,-31184575,709464 },
- { 12286395,13076066,-21775189,-1176622,-25003198,4057652,-32018128,-8890874,16102007,13205847 },
- { 13733362,5599946,10557076,3195751,-5557991,8536970,-25540170,8525972,10151379,10394400 },
- },
- {
- { 4024660,-16137551,22436262,12276534,-9099015,-2686099,19698229,11743039,-33302334,8934414 },
- { -15879800,-4525240,-8580747,-2934061,14634845,-698278,-9449077,3137094,-11536886,11721158 },
- { 17555939,-5013938,8268606,2331751,-22738815,9761013,9319229,8835153,-9205489,-1280045 },
- },
- {
- { -461409,-7830014,20614118,16688288,-7514766,-4807119,22300304,505429,6108462,-6183415 },
- { -5070281,12367917,-30663534,3234473,32617080,-8422642,29880583,-13483331,-26898490,-7867459 },
- { -31975283,5726539,26934134,10237677,-3173717,-605053,24199304,3795095,7592688,-14992079 },
- },
- {
- { 21594432,-14964228,17466408,-4077222,32537084,2739898,6407723,12018833,-28256052,4298412 },
- { -20650503,-11961496,-27236275,570498,3767144,-1717540,13891942,-1569194,13717174,10805743 },
- { -14676630,-15644296,15287174,11927123,24177847,-8175568,-796431,14860609,-26938930,-5863836 },
- },
-},
-{
- {
- { 12962541,5311799,-10060768,11658280,18855286,-7954201,13286263,-12808704,-4381056,9882022 },
- { 18512079,11319350,-20123124,15090309,18818594,5271736,-22727904,3666879,-23967430,-3299429 },
- { -6789020,-3146043,16192429,13241070,15898607,-14206114,-10084880,-6661110,-2403099,5276065 },
- },
- {
- { 30169808,-5317648,26306206,-11750859,27814964,7069267,7152851,3684982,1449224,13082861 },
- { 10342826,3098505,2119311,193222,25702612,12233820,23697382,15056736,-21016438,-8202000 },
- { -33150110,3261608,22745853,7948688,19370557,-15177665,-26171976,6482814,-10300080,-11060101 },
- },
- {
- { 32869458,-5408545,25609743,15678670,-10687769,-15471071,26112421,2521008,-22664288,6904815 },
- { 29506923,4457497,3377935,-9796444,-30510046,12935080,1561737,3841096,-29003639,-6657642 },
- { 10340844,-6630377,-18656632,-2278430,12621151,-13339055,30878497,-11824370,-25584551,5181966 },
- },
- {
- { 25940115,-12658025,17324188,-10307374,-8671468,15029094,24396252,-16450922,-2322852,-12388574 },
- { -21765684,9916823,-1300409,4079498,-1028346,11909559,1782390,12641087,20603771,-6561742 },
- { -18882287,-11673380,24849422,11501709,13161720,-4768874,1925523,11914390,4662781,7820689 },
- },
- {
- { 12241050,-425982,8132691,9393934,32846760,-1599620,29749456,12172924,16136752,15264020 },
- { -10349955,-14680563,-8211979,2330220,-17662549,-14545780,10658213,6671822,19012087,3772772 },
- { 3753511,-3421066,10617074,2028709,14841030,-6721664,28718732,-15762884,20527771,12988982 },
- },
- {
- { -14822485,-5797269,-3707987,12689773,-898983,-10914866,-24183046,-10564943,3299665,-12424953 },
- { -16777703,-15253301,-9642417,4978983,3308785,8755439,6943197,6461331,-25583147,8991218 },
- { -17226263,1816362,-1673288,-6086439,31783888,-8175991,-32948145,7417950,-30242287,1507265 },
- },
- {
- { 29692663,6829891,-10498800,4334896,20945975,-11906496,-28887608,8209391,14606362,-10647073 },
- { -3481570,8707081,32188102,5672294,22096700,1711240,-33020695,9761487,4170404,-2085325 },
- { -11587470,14855945,-4127778,-1531857,-26649089,15084046,22186522,16002000,-14276837,-8400798 },
- },
- {
- { -4811456,13761029,-31703877,-2483919,-3312471,7869047,-7113572,-9620092,13240845,10965870 },
- { -7742563,-8256762,-14768334,-13656260,-23232383,12387166,4498947,14147411,29514390,4302863 },
- { -13413405,-12407859,20757302,-13801832,14785143,8976368,-5061276,-2144373,17846988,-13971927 },
- },
-},
-{
- {
- { -2244452,-754728,-4597030,-1066309,-6247172,1455299,-21647728,-9214789,-5222701,12650267 },
- { -9906797,-16070310,21134160,12198166,-27064575,708126,387813,13770293,-19134326,10958663 },
- { 22470984,12369526,23446014,-5441109,-21520802,-9698723,-11772496,-11574455,-25083830,4271862 },
- },
- {
- { -25169565,-10053642,-19909332,15361595,-5984358,2159192,75375,-4278529,-32526221,8469673 },
- { 15854970,4148314,-8893890,7259002,11666551,13824734,-30531198,2697372,24154791,-9460943 },
- { 15446137,-15806644,29759747,14019369,30811221,-9610191,-31582008,12840104,24913809,9815020 },
- },
- {
- { -4709286,-5614269,-31841498,-12288893,-14443537,10799414,-9103676,13438769,18735128,9466238 },
- { 11933045,9281483,5081055,-5183824,-2628162,-4905629,-7727821,-10896103,-22728655,16199064 },
- { 14576810,379472,-26786533,-8317236,-29426508,-10812974,-102766,1876699,30801119,2164795 },
- },
- {
- { 15995086,3199873,13672555,13712240,-19378835,-4647646,-13081610,-15496269,-13492807,1268052 },
- { -10290614,-3659039,-3286592,10948818,23037027,3794475,-3470338,-12600221,-17055369,3565904 },
- { 29210088,-9419337,-5919792,-4952785,10834811,-13327726,-16512102,-10820713,-27162222,-14030531 },
- },
- {
- { -13161890,15508588,16663704,-8156150,-28349942,9019123,-29183421,-3769423,2244111,-14001979 },
- { -5152875,-3800936,-9306475,-6071583,16243069,14684434,-25673088,-16180800,13491506,4641841 },
- { 10813417,643330,-19188515,-728916,30292062,-16600078,27548447,-7721242,14476989,-12767431 },
- },
- {
- { 10292079,9984945,6481436,8279905,-7251514,7032743,27282937,-1644259,-27912810,12651324 },
- { -31185513,-813383,22271204,11835308,10201545,15351028,17099662,3988035,21721536,-3148940 },
- { 10202177,-6545839,-31373232,-9574638,-32150642,-8119683,-12906320,3852694,13216206,14842320 },
- },
- {
- { -15815640,-10601066,-6538952,-7258995,-6984659,-6581778,-31500847,13765824,-27434397,9900184 },
- { 14465505,-13833331,-32133984,-14738873,-27443187,12990492,33046193,15796406,-7051866,-8040114 },
- { 30924417,-8279620,6359016,-12816335,16508377,9071735,-25488601,15413635,9524356,-7018878 },
- },
- {
- { 12274201,-13175547,32627641,-1785326,6736625,13267305,5237659,-5109483,15663516,4035784 },
- { -2951309,8903985,17349946,601635,-16432815,-4612556,-13732739,-15889334,-22258478,4659091 },
- { -16916263,-4952973,-30393711,-15158821,20774812,15897498,5736189,15026997,-2178256,-13455585 },
- },
-},
-{
- {
- { -8858980,-2219056,28571666,-10155518,-474467,-10105698,-3801496,278095,23440562,-290208 },
- { 10226241,-5928702,15139956,120818,-14867693,5218603,32937275,11551483,-16571960,-7442864 },
- { 17932739,-12437276,-24039557,10749060,11316803,7535897,22503767,5561594,-3646624,3898661 },
- },
- {
- { 7749907,-969567,-16339731,-16464,-25018111,15122143,-1573531,7152530,21831162,1245233 },
- { 26958459,-14658026,4314586,8346991,-5677764,11960072,-32589295,-620035,-30402091,-16716212 },
- { -12165896,9166947,33491384,13673479,29787085,13096535,6280834,14587357,-22338025,13987525 },
- },
- {
- { -24349909,7778775,21116000,15572597,-4833266,-5357778,-4300898,-5124639,-7469781,-2858068 },
- { 9681908,-6737123,-31951644,13591838,-6883821,386950,31622781,6439245,-14581012,4091397 },
- { -8426427,1470727,-28109679,-1596990,3978627,-5123623,-19622683,12092163,29077877,-14741988 },
- },
- {
- { 5269168,-6859726,-13230211,-8020715,25932563,1763552,-5606110,-5505881,-20017847,2357889 },
- { 32264008,-15407652,-5387735,-1160093,-2091322,-3946900,23104804,-12869908,5727338,189038 },
- { 14609123,-8954470,-6000566,-16622781,-14577387,-7743898,-26745169,10942115,-25888931,-14884697 },
- },
- {
- { 20513500,5557931,-15604613,7829531,26413943,-2019404,-21378968,7471781,13913677,-5137875 },
- { -25574376,11967826,29233242,12948236,-6754465,4713227,-8940970,14059180,12878652,8511905 },
- { -25656801,3393631,-2955415,-7075526,-2250709,9366908,-30223418,6812974,5568676,-3127656 },
- },
- {
- { 11630004,12144454,2116339,13606037,27378885,15676917,-17408753,-13504373,-14395196,8070818 },
- { 27117696,-10007378,-31282771,-5570088,1127282,12772488,-29845906,10483306,-11552749,-1028714 },
- { 10637467,-5688064,5674781,1072708,-26343588,-6982302,-1683975,9177853,-27493162,15431203 },
- },
- {
- { 20525145,10892566,-12742472,12779443,-29493034,16150075,-28240519,14943142,-15056790,-7935931 },
- { -30024462,5626926,-551567,-9981087,753598,11981191,25244767,-3239766,-3356550,9594024 },
- { -23752644,2636870,-5163910,-10103818,585134,7877383,11345683,-6492290,13352335,-10977084 },
- },
- {
- { -1931799,-5407458,3304649,-12884869,17015806,-4877091,-29783850,-7752482,-13215537,-319204 },
- { 20239939,6607058,6203985,3483793,-18386976,-779229,-20723742,15077870,-22750759,14523817 },
- { 27406042,-6041657,27423596,-4497394,4996214,10002360,-28842031,-4545494,-30172742,-4805667 },
- },
-},
-{
- {
- { 11374242,12660715,17861383,-12540833,10935568,1099227,-13886076,-9091740,-27727044,11358504 },
- { -12730809,10311867,1510375,10778093,-2119455,-9145702,32676003,11149336,-26123651,4985768 },
- { -19096303,341147,-6197485,-239033,15756973,-8796662,-983043,13794114,-19414307,-15621255 },
- },
- {
- { 6490081,11940286,25495923,-7726360,8668373,-8751316,3367603,6970005,-1691065,-9004790 },
- { 1656497,13457317,15370807,6364910,13605745,8362338,-19174622,-5475723,-16796596,-5031438 },
- { -22273315,-13524424,-64685,-4334223,-18605636,-10921968,-20571065,-7007978,-99853,-10237333 },
- },
- {
- { 17747465,10039260,19368299,-4050591,-20630635,-16041286,31992683,-15857976,-29260363,-5511971 },
- { 31932027,-4986141,-19612382,16366580,22023614,88450,11371999,-3744247,4882242,-10626905 },
- { 29796507,37186,19818052,10115756,-11829032,3352736,18551198,3272828,-5190932,-4162409 },
- },
- {
- { 12501286,4044383,-8612957,-13392385,-32430052,5136599,-19230378,-3529697,330070,-3659409 },
- { 6384877,2899513,17807477,7663917,-2358888,12363165,25366522,-8573892,-271295,12071499 },
- { -8365515,-4042521,25133448,-4517355,-6211027,2265927,-32769618,1936675,-5159697,3829363 },
- },
- {
- { 28425966,-5835433,-577090,-4697198,-14217555,6870930,7921550,-6567787,26333140,14267664 },
- { -11067219,11871231,27385719,-10559544,-4585914,-11189312,10004786,-8709488,-21761224,8930324 },
- { -21197785,-16396035,25654216,-1725397,12282012,11008919,1541940,4757911,-26491501,-16408940 },
- },
- {
- { 13537262,-7759490,-20604840,10961927,-5922820,-13218065,-13156584,6217254,-15943699,13814990 },
- { -17422573,15157790,18705543,29619,24409717,-260476,27361681,9257833,-1956526,-1776914 },
- { -25045300,-10191966,15366585,15166509,-13105086,8423556,-29171540,12361135,-18685978,4578290 },
- },
- {
- { 24579768,3711570,1342322,-11180126,-27005135,14124956,-22544529,14074919,21964432,8235257 },
- { -6528613,-2411497,9442966,-5925588,12025640,-1487420,-2981514,-1669206,13006806,2355433 },
- { -16304899,-13605259,-6632427,-5142349,16974359,-10911083,27202044,1719366,1141648,-12796236 },
- },
- {
- { -12863944,-13219986,-8318266,-11018091,-6810145,-4843894,13475066,-3133972,32674895,13715045 },
- { 11423335,-5468059,32344216,8962751,24989809,9241752,-13265253,16086212,-28740881,-15642093 },
- { -1409668,12530728,-6368726,10847387,19531186,-14132160,-11709148,7791794,-27245943,4383347 },
- },
-},
-{
- {
- { -28970898,5271447,-1266009,-9736989,-12455236,16732599,-4862407,-4906449,27193557,6245191 },
- { -15193956,5362278,-1783893,2695834,4960227,12840725,23061898,3260492,22510453,8577507 },
- { -12632451,11257346,-32692994,13548177,-721004,10879011,31168030,13952092,-29571492,-3635906 },
- },
- {
- { 3877321,-9572739,32416692,5405324,-11004407,-13656635,3759769,11935320,5611860,8164018 },
- { -16275802,14667797,15906460,12155291,-22111149,-9039718,32003002,-8832289,5773085,-8422109 },
- { -23788118,-8254300,1950875,8937633,18686727,16459170,-905725,12376320,31632953,190926 },
- },
- {
- { -24593607,-16138885,-8423991,13378746,14162407,6901328,-8288749,4508564,-25341555,-3627528 },
- { 8884438,-5884009,6023974,10104341,-6881569,-4941533,18722941,-14786005,-1672488,827625 },
- { -32720583,-16289296,-32503547,7101210,13354605,2659080,-1800575,-14108036,-24878478,1541286 },
- },
- {
- { 2901347,-1117687,3880376,-10059388,-17620940,-3612781,-21802117,-3567481,20456845,-1885033 },
- { 27019610,12299467,-13658288,-1603234,-12861660,-4861471,-19540150,-5016058,29439641,15138866 },
- { 21536104,-6626420,-32447818,-10690208,-22408077,5175814,-5420040,-16361163,7779328,109896 },
- },
- {
- { 30279744,14648750,-8044871,6425558,13639621,-743509,28698390,12180118,23177719,-554075 },
- { 26572847,3405927,-31701700,12890905,-19265668,5335866,-6493768,2378492,4439158,-13279347 },
- { -22716706,3489070,-9225266,-332753,18875722,-1140095,14819434,-12731527,-17717757,-5461437 },
- },
- {
- { -5056483,16566551,15953661,3767752,-10436499,15627060,-820954,2177225,8550082,-15114165 },
- { -18473302,16596775,-381660,15663611,22860960,15585581,-27844109,-3582739,-23260460,-8428588 },
- { -32480551,15707275,-8205912,-5652081,29464558,2713815,-22725137,15860482,-21902570,1494193 },
- },
- {
- { -19562091,-14087393,-25583872,-9299552,13127842,759709,21923482,16529112,8742704,12967017 },
- { -28464899,1553205,32536856,-10473729,-24691605,-406174,-8914625,-2933896,-29903758,15553883 },
- { 21877909,3230008,9881174,10539357,-4797115,2841332,11543572,14513274,19375923,-12647961 },
- },
- {
- { 8832269,-14495485,13253511,5137575,5037871,4078777,24880818,-6222716,2862653,9455043 },
- { 29306751,5123106,20245049,-14149889,9592566,8447059,-2077124,-2990080,15511449,4789663 },
- { -20679756,7004547,8824831,-9434977,-4045704,-3750736,-5754762,108893,23513200,16652362 },
- },
-},
-{
- {
- { -33256173,4144782,-4476029,-6579123,10770039,-7155542,-6650416,-12936300,-18319198,10212860 },
- { 2756081,8598110,7383731,-6859892,22312759,-1105012,21179801,2600940,-9988298,-12506466 },
- { -24645692,13317462,-30449259,-15653928,21365574,-10869657,11344424,864440,-2499677,-16710063 },
- },
- {
- { -26432803,6148329,-17184412,-14474154,18782929,-275997,-22561534,211300,2719757,4940997 },
- { -1323882,3911313,-6948744,14759765,-30027150,7851207,21690126,8518463,26699843,5276295 },
- { -13149873,-6429067,9396249,365013,24703301,-10488939,1321586,149635,-15452774,7159369 },
- },
- {
- { 9987780,-3404759,17507962,9505530,9731535,-2165514,22356009,8312176,22477218,-8403385 },
- { 18155857,-16504990,19744716,9006923,15154154,-10538976,24256460,-4864995,-22548173,9334109 },
- { 2986088,-4911893,10776628,-3473844,10620590,-7083203,-21413845,14253545,-22587149,536906 },
- },
- {
- { 4377756,8115836,24567078,15495314,11625074,13064599,7390551,10589625,10838060,-15420424 },
- { -19342404,867880,9277171,-3218459,-14431572,-1986443,19295826,-15796950,6378260,699185 },
- { 7895026,4057113,-7081772,-13077756,-17886831,-323126,-716039,15693155,-5045064,-13373962 },
- },
- {
- { -7737563,-5869402,-14566319,-7406919,11385654,13201616,31730678,-10962840,-3918636,-9669325 },
- { 10188286,-15770834,-7336361,13427543,22223443,14896287,30743455,7116568,-21786507,5427593 },
- { 696102,13206899,27047647,-10632082,15285305,-9853179,10798490,-4578720,19236243,12477404 },
- },
- {
- { -11229439,11243796,-17054270,-8040865,-788228,-8167967,-3897669,11180504,-23169516,7733644 },
- { 17800790,-14036179,-27000429,-11766671,23887827,3149671,23466177,-10538171,10322027,15313801 },
- { 26246234,11968874,32263343,-5468728,6830755,-13323031,-15794704,-101982,-24449242,10890804 },
- },
- {
- { -31365647,10271363,-12660625,-6267268,16690207,-13062544,-14982212,16484931,25180797,-5334884 },
- { -586574,10376444,-32586414,-11286356,19801893,10997610,2276632,9482883,316878,13820577 },
- { -9882808,-4510367,-2115506,16457136,-11100081,11674996,30756178,-7515054,30696930,-3712849 },
- },
- {
- { 32988917,-9603412,12499366,7910787,-10617257,-11931514,-7342816,-9985397,-32349517,7392473 },
- { -8855661,15927861,9866406,-3649411,-2396914,-16655781,-30409476,-9134995,25112947,-2926644 },
- { -2504044,-436966,25621774,-5678772,15085042,-5479877,-24884878,-13526194,5537438,-13914319 },
- },
-},
-{
- {
- { -11225584,2320285,-9584280,10149187,-33444663,5808648,-14876251,-1729667,31234590,6090599 },
- { -9633316,116426,26083934,2897444,-6364437,-2688086,609721,15878753,-6970405,-9034768 },
- { -27757857,247744,-15194774,-9002551,23288161,-10011936,-23869595,6503646,20650474,1804084 },
- },
- {
- { -27589786,15456424,8972517,8469608,15640622,4439847,3121995,-10329713,27842616,-202328 },
- { -15306973,2839644,22530074,10026331,4602058,5048462,28248656,5031932,-11375082,12714369 },
- { 20807691,-7270825,29286141,11421711,-27876523,-13868230,-21227475,1035546,-19733229,12796920 },
- },
- {
- { 12076899,-14301286,-8785001,-11848922,-25012791,16400684,-17591495,-12899438,3480665,-15182815 },
- { -32361549,5457597,28548107,7833186,7303070,-11953545,-24363064,-15921875,-33374054,2771025 },
- { -21389266,421932,26597266,6860826,22486084,-6737172,-17137485,-4210226,-24552282,15673397 },
- },
- {
- { -20184622,2338216,19788685,-9620956,-4001265,-8740893,-20271184,4733254,3727144,-12934448 },
- { 6120119,814863,-11794402,-622716,6812205,-15747771,2019594,7975683,31123697,-10958981 },
- { 30069250,-11435332,30434654,2958439,18399564,-976289,12296869,9204260,-16432438,9648165 },
- },
- {
- { 32705432,-1550977,30705658,7451065,-11805606,9631813,3305266,5248604,-26008332,-11377501 },
- { 17219865,2375039,-31570947,-5575615,-19459679,9219903,294711,15298639,2662509,-16297073 },
- { -1172927,-7558695,-4366770,-4287744,-21346413,-8434326,32087529,-1222777,32247248,-14389861 },
- },
- {
- { 14312628,1221556,17395390,-8700143,-4945741,-8684635,-28197744,-9637817,-16027623,-13378845 },
- { -1428825,-9678990,-9235681,6549687,-7383069,-468664,23046502,9803137,17597934,2346211 },
- { 18510800,15337574,26171504,981392,-22241552,7827556,-23491134,-11323352,3059833,-11782870 },
- },
- {
- { 10141598,6082907,17829293,-1947643,9830092,13613136,-25556636,-5544586,-33502212,3592096 },
- { 33114168,-15889352,-26525686,-13343397,33076705,8716171,1151462,1521897,-982665,-6837803 },
- { -32939165,-4255815,23947181,-324178,-33072974,-12305637,-16637686,3891704,26353178,693168 },
- },
- {
- { 30374239,1595580,-16884039,13186931,4600344,406904,9585294,-400668,31375464,14369965 },
- { -14370654,-7772529,1510301,6434173,-18784789,-6262728,32732230,-13108839,17901441,16011505 },
- { 18171223,-11934626,-12500402,15197122,-11038147,-15230035,-19172240,-16046376,8764035,12309598 },
- },
-},
-{
- {
- { 5975908,-5243188,-19459362,-9681747,-11541277,14015782,-23665757,1228319,17544096,-10593782 },
- { 5811932,-1715293,3442887,-2269310,-18367348,-8359541,-18044043,-15410127,-5565381,12348900 },
- { -31399660,11407555,25755363,6891399,-3256938,14872274,-24849353,8141295,-10632534,-585479 },
- },
- {
- { -12675304,694026,-5076145,13300344,14015258,-14451394,-9698672,-11329050,30944593,1130208 },
- { 8247766,-6710942,-26562381,-7709309,-14401939,-14648910,4652152,2488540,23550156,-271232 },
- { 17294316,-3788438,7026748,15626851,22990044,113481,2267737,-5908146,-408818,-137719 },
- },
- {
- { 16091085,-16253926,18599252,7340678,2137637,-1221657,-3364161,14550936,3260525,-7166271 },
- { -4910104,-13332887,18550887,10864893,-16459325,-7291596,-23028869,-13204905,-12748722,2701326 },
- { -8574695,16099415,4629974,-16340524,-20786213,-6005432,-10018363,9276971,11329923,1862132 },
- },
- {
- { 14763076,-15903608,-30918270,3689867,3511892,10313526,-21951088,12219231,-9037963,-940300 },
- { 8894987,-3446094,6150753,3013931,301220,15693451,-31981216,-2909717,-15438168,11595570 },
- { 15214962,3537601,-26238722,-14058872,4418657,-15230761,13947276,10730794,-13489462,-4363670 },
- },
- {
- { -2538306,7682793,32759013,263109,-29984731,-7955452,-22332124,-10188635,977108,699994 },
- { -12466472,4195084,-9211532,550904,-15565337,12917920,19118110,-439841,-30534533,-14337913 },
- { 31788461,-14507657,4799989,7372237,8808585,-14747943,9408237,-10051775,12493932,-5409317 },
- },
- {
- { -25680606,5260744,-19235809,-6284470,-3695942,16566087,27218280,2607121,29375955,6024730 },
- { 842132,-2794693,-4763381,-8722815,26332018,-12405641,11831880,6985184,-9940361,2854096 },
- { -4847262,-7969331,2516242,-5847713,9695691,-7221186,16512645,960770,12121869,16648078 },
- },
- {
- { -15218652,14667096,-13336229,2013717,30598287,-464137,-31504922,-7882064,20237806,2838411 },
- { -19288047,4453152,15298546,-16178388,22115043,-15972604,12544294,-13470457,1068881,-12499905 },
- { -9558883,-16518835,33238498,13506958,30505848,-1114596,-8486907,-2630053,12521378,4845654 },
- },
- {
- { -28198521,10744108,-2958380,10199664,7759311,-13088600,3409348,-873400,-6482306,-12885870 },
- { -23561822,6230156,-20382013,10655314,-24040585,-11621172,10477734,-1240216,-3113227,13974498 },
- { 12966261,15550616,-32038948,-1615346,21025980,-629444,5642325,7188737,18895762,12629579 },
- },
-},
-{
- {
- { 14741879,-14946887,22177208,-11721237,1279741,8058600,11758140,789443,32195181,3895677 },
- { 10758205,15755439,-4509950,9243698,-4879422,6879879,-2204575,-3566119,-8982069,4429647 },
- { -2453894,15725973,-20436342,-10410672,-5803908,-11040220,-7135870,-11642895,18047436,-15281743 },
- },
- {
- { -25173001,-11307165,29759956,11776784,-22262383,-15820455,10993114,-12850837,-17620701,-9408468 },
- { 21987233,700364,-24505048,14972008,-7774265,-5718395,32155026,2581431,-29958985,8773375 },
- { -25568350,454463,-13211935,16126715,25240068,8594567,20656846,12017935,-7874389,-13920155 },
- },
- {
- { 6028182,6263078,-31011806,-11301710,-818919,2461772,-31841174,-5468042,-1721788,-2776725 },
- { -12278994,16624277,987579,-5922598,32908203,1248608,7719845,-4166698,28408820,6816612 },
- { -10358094,-8237829,19549651,-12169222,22082623,16147817,20613181,13982702,-10339570,5067943 },
- },
- {
- { -30505967,-3821767,12074681,13582412,-19877972,2443951,-19719286,12746132,5331210,-10105944 },
- { 30528811,3601899,-1957090,4619785,-27361822,-15436388,24180793,-12570394,27679908,-1648928 },
- { 9402404,-13957065,32834043,10838634,-26580150,-13237195,26653274,-8685565,22611444,-12715406 },
- },
- {
- { 22190590,1118029,22736441,15130463,-30460692,-5991321,19189625,-4648942,4854859,6622139 },
- { -8310738,-2953450,-8262579,-3388049,-10401731,-271929,13424426,-3567227,26404409,13001963 },
- { -31241838,-15415700,-2994250,8939346,11562230,-12840670,-26064365,-11621720,-15405155,11020693 },
- },
- {
- { 1866042,-7949489,-7898649,-10301010,12483315,13477547,3175636,-12424163,28761762,1406734 },
- { -448555,-1777666,13018551,3194501,-9580420,-11161737,24760585,-4347088,25577411,-13378680 },
- { -24290378,4759345,-690653,-1852816,2066747,10693769,-29595790,9884936,-9368926,4745410 },
- },
- {
- { -9141284,6049714,-19531061,-4341411,-31260798,9944276,-15462008,-11311852,10931924,-11931931 },
- { -16561513,14112680,-8012645,4817318,-8040464,-11414606,-22853429,10856641,-20470770,13434654 },
- { 22759489,-10073434,-16766264,-1871422,13637442,-10168091,1765144,-12654326,28445307,-5364710 },
- },
- {
- { 29875063,12493613,2795536,-3786330,1710620,15181182,-10195717,-8788675,9074234,1167180 },
- { -26205683,11014233,-9842651,-2635485,-26908120,7532294,-18716888,-9535498,3843903,9367684 },
- { -10969595,-6403711,9591134,9582310,11349256,108879,16235123,8601684,-139197,4242895 },
- },
-},
-{
- {
- { 22092954,-13191123,-2042793,-11968512,32186753,-11517388,-6574341,2470660,-27417366,16625501 },
- { -11057722,3042016,13770083,-9257922,584236,-544855,-7770857,2602725,-27351616,14247413 },
- { 6314175,-10264892,-32772502,15957557,-10157730,168750,-8618807,14290061,27108877,-1180880 },
- },
- {
- { -8586597,-7170966,13241782,10960156,-32991015,-13794596,33547976,-11058889,-27148451,981874 },
- { 22833440,9293594,-32649448,-13618667,-9136966,14756819,-22928859,-13970780,-10479804,-16197962 },
- { -7768587,3326786,-28111797,10783824,19178761,14905060,22680049,13906969,-15933690,3797899 },
- },
- {
- { 21721356,-4212746,-12206123,9310182,-3882239,-13653110,23740224,-2709232,20491983,-8042152 },
- { 9209270,-15135055,-13256557,-6167798,-731016,15289673,25947805,15286587,30997318,-6703063 },
- { 7392032,16618386,23946583,-8039892,-13265164,-1533858,-14197445,-2321576,17649998,-250080 },
- },
- {
- { -9301088,-14193827,30609526,-3049543,-25175069,-1283752,-15241566,-9525724,-2233253,7662146 },
- { -17558673,1763594,-33114336,15908610,-30040870,-12174295,7335080,-8472199,-3174674,3440183 },
- { -19889700,-5977008,-24111293,-9688870,10799743,-16571957,40450,-4431835,4862400,1133 },
- },
- {
- { -32856209,-7873957,-5422389,14860950,-16319031,7956142,7258061,311861,-30594991,-7379421 },
- { -3773428,-1565936,28985340,7499440,24445838,9325937,29727763,16527196,18278453,15405622 },
- { -4381906,8508652,-19898366,-3674424,-5984453,15149970,-13313598,843523,-21875062,13626197 },
- },
- {
- { 2281448,-13487055,-10915418,-2609910,1879358,16164207,-10783882,3953792,13340839,15928663 },
- { 31727126,-7179855,-18437503,-8283652,2875793,-16390330,-25269894,-7014826,-23452306,5964753 },
- { 4100420,-5959452,-17179337,6017714,-18705837,12227141,-26684835,11344144,2538215,-7570755 },
- },
- {
- { -9433605,6123113,11159803,-2156608,30016280,14966241,-20474983,1485421,-629256,-15958862 },
- { -26804558,4260919,11851389,9658551,-32017107,16367492,-20205425,-13191288,11659922,-11115118 },
- { 26180396,10015009,-30844224,-8581293,5418197,9480663,2231568,-10170080,33100372,-1306171 },
- },
- {
- { 15121113,-5201871,-10389905,15427821,-27509937,-15992507,21670947,4486675,-5931810,-14466380 },
- { 16166486,-9483733,-11104130,6023908,-31926798,-1364923,2340060,-16254968,-10735770,-10039824 },
- { 28042865,-3557089,-12126526,12259706,-3717498,-6945899,6766453,-8689599,18036436,5803270 },
- },
-},
-{
- {
- { -817581,6763912,11803561,1585585,10958447,-2671165,23855391,4598332,-6159431,-14117438 },
- { -31031306,-14256194,17332029,-2383520,31312682,-5967183,696309,50292,-20095739,11763584 },
- { -594563,-2514283,-32234153,12643980,12650761,14811489,665117,-12613632,-19773211,-10713562 },
- },
- {
- { 30464590,-11262872,-4127476,-12734478,19835327,-7105613,-24396175,2075773,-17020157,992471 },
- { 18357185,-6994433,7766382,16342475,-29324918,411174,14578841,8080033,-11574335,-10601610 },
- { 19598397,10334610,12555054,2555664,18821899,-10339780,21873263,16014234,26224780,16452269 },
- },
- {
- { -30223925,5145196,5944548,16385966,3976735,2009897,-11377804,-7618186,-20533829,3698650 },
- { 14187449,3448569,-10636236,-10810935,-22663880,-3433596,7268410,-10890444,27394301,12015369 },
- { 19695761,16087646,28032085,12999827,6817792,11427614,20244189,-1312777,-13259127,-3402461 },
- },
- {
- { 30860103,12735208,-1888245,-4699734,-16974906,2256940,-8166013,12298312,-8550524,-10393462 },
- { -5719826,-11245325,-1910649,15569035,26642876,-7587760,-5789354,-15118654,-4976164,12651793 },
- { -2848395,9953421,11531313,-5282879,26895123,-12697089,-13118820,-16517902,9768698,-2533218 },
- },
- {
- { -24719459,1894651,-287698,-4704085,15348719,-8156530,32767513,12765450,4940095,10678226 },
- { 18860224,15980149,-18987240,-1562570,-26233012,-11071856,-7843882,13944024,-24372348,16582019 },
- { -15504260,4970268,-29893044,4175593,-20993212,-2199756,-11704054,15444560,-11003761,7989037 },
- },
- {
- { 31490452,5568061,-2412803,2182383,-32336847,4531686,-32078269,6200206,-19686113,-14800171 },
- { -17308668,-15879940,-31522777,-2831,-32887382,16375549,8680158,-16371713,28550068,-6857132 },
- { -28126887,-5688091,16837845,-1820458,-6850681,12700016,-30039981,4364038,1155602,5988841 },
- },
- {
- { 21890435,-13272907,-12624011,12154349,-7831873,15300496,23148983,-4470481,24618407,8283181 },
- { -33136107,-10512751,9975416,6841041,-31559793,16356536,3070187,-7025928,1466169,10740210 },
- { -1509399,-15488185,-13503385,-10655916,32799044,909394,-13938903,-5779719,-32164649,-15327040 },
- },
- {
- { 3960823,-14267803,-28026090,-15918051,-19404858,13146868,15567327,951507,-3260321,-573935 },
- { 24740841,5052253,-30094131,8961361,25877428,6165135,-24368180,14397372,-7380369,-6144105 },
- { -28888365,3510803,-28103278,-1158478,-11238128,-10631454,-15441463,-14453128,-1625486,-6494814 },
- },
-},
-{
- {
- { 793299,-9230478,8836302,-6235707,-27360908,-2369593,33152843,-4885251,-9906200,-621852 },
- { 5666233,525582,20782575,-8038419,-24538499,14657740,16099374,1468826,-6171428,-15186581 },
- { -4859255,-3779343,-2917758,-6748019,7778750,11688288,-30404353,-9871238,-1558923,-9863646 },
- },
- {
- { 10896332,-7719704,824275,472601,-19460308,3009587,25248958,14783338,-30581476,-15757844 },
- { 10566929,12612572,-31944212,11118703,-12633376,12362879,21752402,8822496,24003793,14264025 },
- { 27713862,-7355973,-11008240,9227530,27050101,2504721,23886875,-13117525,13958495,-5732453 },
- },
- {
- { -23481610,4867226,-27247128,3900521,29838369,-8212291,-31889399,-10041781,7340521,-15410068 },
- { 4646514,-8011124,-22766023,-11532654,23184553,8566613,31366726,-1381061,-15066784,-10375192 },
- { -17270517,12723032,-16993061,14878794,21619651,-6197576,27584817,3093888,-8843694,3849921 },
- },
- {
- { -9064912,2103172,25561640,-15125738,-5239824,9582958,32477045,-9017955,5002294,-15550259 },
- { -12057553,-11177906,21115585,-13365155,8808712,-12030708,16489530,13378448,-25845716,12741426 },
- { -5946367,10645103,-30911586,15390284,-3286982,-7118677,24306472,15852464,28834118,-7646072 },
- },
- {
- { -17335748,-9107057,-24531279,9434953,-8472084,-583362,-13090771,455841,20461858,5491305 },
- { 13669248,-16095482,-12481974,-10203039,-14569770,-11893198,-24995986,11293807,-28588204,-9421832 },
- { 28497928,6272777,-33022994,14470570,8906179,-1225630,18504674,-14165166,29867745,-8795943 },
- },
- {
- { -16207023,13517196,-27799630,-13697798,24009064,-6373891,-6367600,-13175392,22853429,-4012011 },
- { 24191378,16712145,-13931797,15217831,14542237,1646131,18603514,-11037887,12876623,-2112447 },
- { 17902668,4518229,-411702,-2829247,26878217,5258055,-12860753,608397,16031844,3723494 },
- },
- {
- { -28632773,12763728,-20446446,7577504,33001348,-13017745,17558842,-7872890,23896954,-4314245 },
- { -20005381,-12011952,31520464,605201,2543521,5991821,-2945064,7229064,-9919646,-8826859 },
- { 28816045,298879,-28165016,-15920938,19000928,-1665890,-12680833,-2949325,-18051778,-2082915 },
- },
- {
- { 16000882,-344896,3493092,-11447198,-29504595,-13159789,12577740,16041268,-19715240,7847707 },
- { 10151868,10572098,27312476,7922682,14825339,4723128,-32855931,-6519018,-10020567,3852848 },
- { -11430470,15697596,-21121557,-4420647,5386314,15063598,16514493,-15932110,29330899,-15076224 },
- },
-},
-{
- {
- { -25499735,-4378794,-15222908,-6901211,16615731,2051784,3303702,15490,-27548796,12314391 },
- { 15683520,-6003043,18109120,-9980648,15337968,-5997823,-16717435,15921866,16103996,-3731215 },
- { -23169824,-10781249,13588192,-1628807,-3798557,-1074929,-19273607,5402699,-29815713,-9841101 },
- },
- {
- { 23190676,2384583,-32714340,3462154,-29903655,-1529132,-11266856,8911517,-25205859,2739713 },
- { 21374101,-3554250,-33524649,9874411,15377179,11831242,-33529904,6134907,4931255,11987849 },
- { -7732,-2978858,-16223486,7277597,105524,-322051,-31480539,13861388,-30076310,10117930 },
- },
- {
- { -29501170,-10744872,-26163768,13051539,-25625564,5089643,-6325503,6704079,12890019,15728940 },
- { -21972360,-11771379,-951059,-4418840,14704840,2695116,903376,-10428139,12885167,8311031 },
- { -17516482,5352194,10384213,-13811658,7506451,13453191,26423267,4384730,1888765,-5435404 },
- },
- {
- { -25817338,-3107312,-13494599,-3182506,30896459,-13921729,-32251644,-12707869,-19464434,-3340243 },
- { -23607977,-2665774,-526091,4651136,5765089,4618330,6092245,14845197,17151279,-9854116 },
- { -24830458,-12733720,-15165978,10367250,-29530908,-265356,22825805,-7087279,-16866484,16176525 },
- },
- {
- { -23583256,6564961,20063689,3798228,-4740178,7359225,2006182,-10363426,-28746253,-10197509 },
- { -10626600,-4486402,-13320562,-5125317,3432136,-6393229,23632037,-1940610,32808310,1099883 },
- { 15030977,5768825,-27451236,-2887299,-6427378,-15361371,-15277896,-6809350,2051441,-15225865 },
- },
- {
- { -3362323,-7239372,7517890,9824992,23555850,295369,5148398,-14154188,-22686354,16633660 },
- { 4577086,-16752288,13249841,-15304328,19958763,-14537274,18559670,-10759549,8402478,-9864273 },
- { -28406330,-1051581,-26790155,-907698,-17212414,-11030789,9453451,-14980072,17983010,9967138 },
- },
- {
- { -25762494,6524722,26585488,9969270,24709298,1220360,-1677990,7806337,17507396,3651560 },
- { -10420457,-4118111,14584639,15971087,-15768321,8861010,26556809,-5574557,-18553322,-11357135 },
- { 2839101,14284142,4029895,3472686,14402957,12689363,-26642121,8459447,-5605463,-7621941 },
- },
- {
- { -4839289,-3535444,9744961,2871048,25113978,3187018,-25110813,-849066,17258084,-7977739 },
- { 18164541,-10595176,-17154882,-1542417,19237078,-9745295,23357533,-15217008,26908270,12150756 },
- { -30264870,-7647865,5112249,-7036672,-1499807,-6974257,43168,-5537701,-32302074,16215819 },
- },
-},
-{
- {
- { -6898905,9824394,-12304779,-4401089,-31397141,-6276835,32574489,12532905,-7503072,-8675347 },
- { -27343522,-16515468,-27151524,-10722951,946346,16291093,254968,7168080,21676107,-1943028 },
- { 21260961,-8424752,-16831886,-11920822,-23677961,3968121,-3651949,-6215466,-3556191,-7913075 },
- },
- {
- { 16544754,13250366,-16804428,15546242,-4583003,12757258,-2462308,-8680336,-18907032,-9662799 },
- { -2415239,-15577728,18312303,4964443,-15272530,-12653564,26820651,16690659,25459437,-4564609 },
- { -25144690,11425020,28423002,-11020557,-6144921,-15826224,9142795,-2391602,-6432418,-1644817 },
- },
- {
- { -23104652,6253476,16964147,-3768872,-25113972,-12296437,-27457225,-16344658,6335692,7249989 },
- { -30333227,13979675,7503222,-12368314,-11956721,-4621693,-30272269,2682242,25993170,-12478523 },
- { 4364628,5930691,32304656,-10044554,-8054781,15091131,22857016,-10598955,31820368,15075278 },
- },
- {
- { 31879134,-8918693,17258761,90626,-8041836,-4917709,24162788,-9650886,-17970238,12833045 },
- { 19073683,14851414,-24403169,-11860168,7625278,11091125,-19619190,2074449,-9413939,14905377 },
- { 24483667,-11935567,-2518866,-11547418,-1553130,15355506,-25282080,9253129,27628530,-7555480 },
- },
- {
- { 17597607,8340603,19355617,552187,26198470,-3176583,4593324,-9157582,-14110875,15297016 },
- { 510886,14337390,-31785257,16638632,6328095,2713355,-20217417,-11864220,8683221,2921426 },
- { 18606791,11874196,27155355,-5281482,-24031742,6265446,-25178240,-1278924,4674690,13890525 },
- },
- {
- { 13609624,13069022,-27372361,-13055908,24360586,9592974,14977157,9835105,4389687,288396 },
- { 9922506,-519394,13613107,5883594,-18758345,-434263,-12304062,8317628,23388070,16052080 },
- { 12720016,11937594,-31970060,-5028689,26900120,8561328,-20155687,-11632979,-14754271,-10812892 },
- },
- {
- { 15961858,14150409,26716931,-665832,-22794328,13603569,11829573,7467844,-28822128,929275 },
- { 11038231,-11582396,-27310482,-7316562,-10498527,-16307831,-23479533,-9371869,-21393143,2465074 },
- { 20017163,-4323226,27915242,1529148,12396362,15675764,13817261,-9658066,2463391,-4622140 },
- },
- {
- { -16358878,-12663911,-12065183,4996454,-1256422,1073572,9583558,12851107,4003896,12673717 },
- { -1731589,-15155870,-3262930,16143082,19294135,13385325,14741514,-9103726,7903886,2348101 },
- { 24536016,-16515207,12715592,-3862155,1511293,10047386,-3842346,-7129159,-28377538,10048127 },
- },
-},
-{
- {
- { -12622226,-6204820,30718825,2591312,-10617028,12192840,18873298,-7297090,-32297756,15221632 },
- { -26478122,-11103864,11546244,-1852483,9180880,7656409,-21343950,2095755,29769758,6593415 },
- { -31994208,-2907461,4176912,3264766,12538965,-868111,26312345,-6118678,30958054,8292160 },
- },
- {
- { 31429822,-13959116,29173532,15632448,12174511,-2760094,32808831,3977186,26143136,-3148876 },
- { 22648901,1402143,-22799984,13746059,7936347,365344,-8668633,-1674433,-3758243,-2304625 },
- { -15491917,8012313,-2514730,-12702462,-23965846,-10254029,-1612713,-1535569,-16664475,8194478 },
- },
- {
- { 27338066,-7507420,-7414224,10140405,-19026427,-6589889,27277191,8855376,28572286,3005164 },
- { 26287124,4821776,25476601,-4145903,-3764513,-15788984,-18008582,1182479,-26094821,-13079595 },
- { -7171154,3178080,23970071,6201893,-17195577,-4489192,-21876275,-13982627,32208683,-1198248 },
- },
- {
- { -16657702,2817643,-10286362,14811298,6024667,13349505,-27315504,-10497842,-27672585,-11539858 },
- { 15941029,-9405932,-21367050,8062055,31876073,-238629,-15278393,-1444429,15397331,-4130193 },
- { 8934485,-13485467,-23286397,-13423241,-32446090,14047986,31170398,-1441021,-27505566,15087184 },
- },
- {
- { -18357243,-2156491,24524913,-16677868,15520427,-6360776,-15502406,11461896,16788528,-5868942 },
- { -1947386,16013773,21750665,3714552,-17401782,-16055433,-3770287,-10323320,31322514,-11615635 },
- { 21426655,-5650218,-13648287,-5347537,-28812189,-4920970,-18275391,-14621414,13040862,-12112948 },
- },
- {
- { 11293895,12478086,-27136401,15083750,-29307421,14748872,14555558,-13417103,1613711,4896935 },
- { -25894883,15323294,-8489791,-8057900,25967126,-13425460,2825960,-4897045,-23971776,-11267415 },
- { -15924766,-5229880,-17443532,6410664,3622847,10243618,20615400,12405433,-23753030,-8436416 },
- },
- {
- { -7091295,12556208,-20191352,9025187,-17072479,4333801,4378436,2432030,23097949,-566018 },
- { 4565804,-16025654,20084412,-7842817,1724999,189254,24767264,10103221,-18512313,2424778 },
- { 366633,-11976806,8173090,-6890119,30788634,5745705,-7168678,1344109,-3642553,12412659 },
- },
- {
- { -24001791,7690286,14929416,-168257,-32210835,-13412986,24162697,-15326504,-3141501,11179385 },
- { 18289522,-14724954,8056945,16430056,-21729724,7842514,-6001441,-1486897,-18684645,-11443503 },
- { 476239,6601091,-6152790,-9723375,17503545,-4863900,27672959,13403813,11052904,5219329 },
- },
-},
-{
- {
- { 20678546,-8375738,-32671898,8849123,-5009758,14574752,31186971,-3973730,9014762,-8579056 },
- { -13644050,-10350239,-15962508,5075808,-1514661,-11534600,-33102500,9160280,8473550,-3256838 },
- { 24900749,14435722,17209120,-15292541,-22592275,9878983,-7689309,-16335821,-24568481,11788948 },
- },
- {
- { -3118155,-11395194,-13802089,14797441,9652448,-6845904,-20037437,10410733,-24568470,-1458691 },
- { -15659161,16736706,-22467150,10215878,-9097177,7563911,11871841,-12505194,-18513325,8464118 },
- { -23400612,8348507,-14585951,-861714,-3950205,-6373419,14325289,8628612,33313881,-8370517 },
- },
- {
- { -20186973,-4967935,22367356,5271547,-1097117,-4788838,-24805667,-10236854,-8940735,-5818269 },
- { -6948785,-1795212,-32625683,-16021179,32635414,-7374245,15989197,-12838188,28358192,-4253904 },
- { -23561781,-2799059,-32351682,-1661963,-9147719,10429267,-16637684,4072016,-5351664,5596589 },
- },
- {
- { -28236598,-3390048,12312896,6213178,3117142,16078565,29266239,2557221,1768301,15373193 },
- { -7243358,-3246960,-4593467,-7553353,-127927,-912245,-1090902,-4504991,-24660491,3442910 },
- { -30210571,5124043,14181784,8197961,18964734,-11939093,22597931,7176455,-18585478,13365930 },
- },
- {
- { -7877390,-1499958,8324673,4690079,6261860,890446,24538107,-8570186,-9689599,-3031667 },
- { 25008904,-10771599,-4305031,-9638010,16265036,15721635,683793,-11823784,15723479,-15163481 },
- { -9660625,12374379,-27006999,-7026148,-7724114,-12314514,11879682,5400171,519526,-1235876 },
- },
- {
- { 22258397,-16332233,-7869817,14613016,-22520255,-2950923,-20353881,7315967,16648397,7605640 },
- { -8081308,-8464597,-8223311,9719710,19259459,-15348212,23994942,-5281555,-9468848,4763278 },
- { -21699244,9220969,-15730624,1084137,-25476107,-2852390,31088447,-7764523,-11356529,728112 },
- },
- {
- { 26047220,-11751471,-6900323,-16521798,24092068,9158119,-4273545,-12555558,-29365436,-5498272 },
- { 17510331,-322857,5854289,8403524,17133918,-3112612,-28111007,12327945,10750447,10014012 },
- { -10312768,3936952,9156313,-8897683,16498692,-994647,-27481051,-666732,3424691,7540221 },
- },
- {
- { 30322361,-6964110,11361005,-4143317,7433304,4989748,-7071422,-16317219,-9244265,15258046 },
- { 13054562,-2779497,19155474,469045,-12482797,4566042,5631406,2711395,1062915,-5136345 },
- { -19240248,-11254599,-29509029,-7499965,-5835763,13005411,-6066489,12194497,32960380,1459310 },
- },
-},
-{
- {
- { 19852034,7027924,23669353,10020366,8586503,-6657907,394197,-6101885,18638003,-11174937 },
- { 31395534,15098109,26581030,8030562,-16527914,-5007134,9012486,-7584354,-6643087,-5442636 },
- { -9192165,-2347377,-1997099,4529534,25766844,607986,-13222,9677543,-32294889,-6456008 },
- },
- {
- { -2444496,-149937,29348902,8186665,1873760,12489863,-30934579,-7839692,-7852844,-8138429 },
- { -15236356,-15433509,7766470,746860,26346930,-10221762,-27333451,10754588,-9431476,5203576 },
- { 31834314,14135496,-770007,5159118,20917671,-16768096,-7467973,-7337524,31809243,7347066 },
- },
- {
- { -9606723,-11874240,20414459,13033986,13716524,-11691881,19797970,-12211255,15192876,-2087490 },
- { -12663563,-2181719,1168162,-3804809,26747877,-14138091,10609330,12694420,33473243,-13382104 },
- { 33184999,11180355,15832085,-11385430,-1633671,225884,15089336,-11023903,-6135662,14480053 },
- },
- {
- { 31308717,-5619998,31030840,-1897099,15674547,-6582883,5496208,13685227,27595050,8737275 },
- { -20318852,-15150239,10933843,-16178022,8335352,-7546022,-31008351,-12610604,26498114,66511 },
- { 22644454,-8761729,-16671776,4884562,-3105614,-13559366,30540766,-4286747,-13327787,-7515095 },
- },
- {
- { -28017847,9834845,18617207,-2681312,-3401956,-13307506,8205540,13585437,-17127465,15115439 },
- { 23711543,-672915,31206561,-8362711,6164647,-9709987,-33535882,-1426096,8236921,16492939 },
- { -23910559,-13515526,-26299483,-4503841,25005590,-7687270,19574902,10071562,6708380,-6222424 },
- },
- {
- { 2101391,-4930054,19702731,2367575,-15427167,1047675,5301017,9328700,29955601,-11678310 },
- { 3096359,9271816,-21620864,-15521844,-14847996,-7592937,-25892142,-12635595,-9917575,6216608 },
- { -32615849,338663,-25195611,2510422,-29213566,-13820213,24822830,-6146567,-26767480,7525079 },
- },
- {
- { -23066649,-13985623,16133487,-7896178,-3389565,778788,-910336,-2782495,-19386633,11994101 },
- { 21691500,-13624626,-641331,-14367021,3285881,-3483596,-25064666,9718258,-7477437,13381418 },
- { 18445390,-4202236,14979846,11622458,-1727110,-3582980,23111648,-6375247,28535282,15779576 },
- },
- {
- { 30098053,3089662,-9234387,16662135,-21306940,11308411,-14068454,12021730,9955285,-16303356 },
- { 9734894,-14576830,-7473633,-9138735,2060392,11313496,-18426029,9924399,20194861,13380996 },
- { -26378102,-7965207,-22167821,15789297,-18055342,-6168792,-1984914,15707771,26342023,10146099 },
- },
-},
-{
- {
- { -26016874,-219943,21339191,-41388,19745256,-2878700,-29637280,2227040,21612326,-545728 },
- { -13077387,1184228,23562814,-5970442,-20351244,-6348714,25764461,12243797,-20856566,11649658 },
- { -10031494,11262626,27384172,2271902,26947504,-15997771,39944,6114064,33514190,2333242 },
- },
- {
- { -21433588,-12421821,8119782,7219913,-21830522,-9016134,-6679750,-12670638,24350578,-13450001 },
- { -4116307,-11271533,-23886186,4843615,-30088339,690623,-31536088,-10406836,8317860,12352766 },
- { 18200138,-14475911,-33087759,-2696619,-23702521,-9102511,-23552096,-2287550,20712163,6719373 },
- },
- {
- { 26656208,6075253,-7858556,1886072,-28344043,4262326,11117530,-3763210,26224235,-3297458 },
- { -17168938,-14854097,-3395676,-16369877,-19954045,14050420,21728352,9493610,18620611,-16428628 },
- { -13323321,13325349,11432106,5964811,18609221,6062965,-5269471,-9725556,-30701573,-16479657 },
- },
- {
- { -23860538,-11233159,26961357,1640861,-32413112,-16737940,12248509,-5240639,13735342,1934062 },
- { 25089769,6742589,17081145,-13406266,21909293,-16067981,-15136294,-3765346,-21277997,5473616 },
- { 31883677,-7961101,1083432,-11572403,22828471,13290673,-7125085,12469656,29111212,-5451014 },
- },
- {
- { 24244947,-15050407,-26262976,2791540,-14997599,16666678,24367466,6388839,-10295587,452383 },
- { -25640782,-3417841,5217916,16224624,19987036,-4082269,-24236251,-5915248,15766062,8407814 },
- { -20406999,13990231,15495425,16395525,5377168,15166495,-8917023,-4388953,-8067909,2276718 },
- },
- {
- { 30157918,12924066,-17712050,9245753,19895028,3368142,-23827587,5096219,22740376,-7303417 },
- { 2041139,-14256350,7783687,13876377,-25946985,-13352459,24051124,13742383,-15637599,13295222 },
- { 33338237,-8505733,12532113,7977527,9106186,-1715251,-17720195,-4612972,-4451357,-14669444 },
- },
- {
- { -20045281,5454097,-14346548,6447146,28862071,1883651,-2469266,-4141880,7770569,9620597 },
- { 23208068,7979712,33071466,8149229,1758231,-10834995,30945528,-1694323,-33502340,-14767970 },
- { 1439958,-16270480,-1079989,-793782,4625402,10647766,-5043801,1220118,30494170,-11440799 },
- },
- {
- { -5037580,-13028295,-2970559,-3061767,15640974,-6701666,-26739026,926050,-1684339,-13333647 },
- { 13908495,-3549272,30919928,-6273825,-21521863,7989039,9021034,9078865,3353509,4033511 },
- { -29663431,-15113610,32259991,-344482,24295849,-12912123,23161163,8839127,27485041,7356032 },
- },
-},
-{
- {
- { 9661027,705443,11980065,-5370154,-1628543,14661173,-6346142,2625015,28431036,-16771834 },
- { -23839233,-8311415,-25945511,7480958,-17681669,-8354183,-22545972,14150565,15970762,4099461 },
- { 29262576,16756590,26350592,-8793563,8529671,-11208050,13617293,-9937143,11465739,8317062 },
- },
- {
- { -25493081,-6962928,32500200,-9419051,-23038724,-2302222,14898637,3848455,20969334,-5157516 },
- { -20384450,-14347713,-18336405,13884722,-33039454,2842114,-21610826,-3649888,11177095,14989547 },
- { -24496721,-11716016,16959896,2278463,12066309,10137771,13515641,2581286,-28487508,9930240 },
- },
- {
- { -17751622,-2097826,16544300,-13009300,-15914807,-14949081,18345767,-13403753,16291481,-5314038 },
- { -33229194,2553288,32678213,9875984,8534129,6889387,-9676774,6957617,4368891,9788741 },
- { 16660756,7281060,-10830758,12911820,20108584,-8101676,-21722536,-8613148,16250552,-11111103 },
- },
- {
- { -19765507,2390526,-16551031,14161980,1905286,6414907,4689584,10604807,-30190403,4782747 },
- { -1354539,14736941,-7367442,-13292886,7710542,-14155590,-9981571,4383045,22546403,437323 },
- { 31665577,-12180464,-16186830,1491339,-18368625,3294682,27343084,2786261,-30633590,-14097016 },
- },
- {
- { -14467279,-683715,-33374107,7448552,19294360,14334329,-19690631,2355319,-19284671,-6114373 },
- { 15121312,-15796162,6377020,-6031361,-10798111,-12957845,18952177,15496498,-29380133,11754228 },
- { -2637277,-13483075,8488727,-14303896,12728761,-1622493,7141596,11724556,22761615,-10134141 },
- },
- {
- { 16918416,11729663,-18083579,3022987,-31015732,-13339659,-28741185,-12227393,32851222,11717399 },
- { 11166634,7338049,-6722523,4531520,-29468672,-7302055,31474879,3483633,-1193175,-4030831 },
- { -185635,9921305,31456609,-13536438,-12013818,13348923,33142652,6546660,-19985279,-3948376 },
- },
- {
- { -32460596,11266712,-11197107,-7899103,31703694,3855903,-8537131,-12833048,-30772034,-15486313 },
- { -18006477,12709068,3991746,-6479188,-21491523,-10550425,-31135347,-16049879,10928917,3011958 },
- { -6957757,-15594337,31696059,334240,29576716,14796075,-30831056,-12805180,18008031,10258577 },
- },
- {
- { -22448644,15655569,7018479,-4410003,-30314266,-1201591,-1853465,1367120,25127874,6671743 },
- { 29701166,-14373934,-10878120,9279288,-17568,13127210,21382910,11042292,25838796,4642684 },
- { -20430234,14955537,-24126347,8124619,-5369288,-5990470,30468147,-13900640,18423289,4177476 },
- },
-},
-} ;
-
-
-static void ge_select(ge_precomp *t,int pos,signed char b)
-{
- ge_precomp minust;
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
-
- ge_precomp_0(t);
- cmov(t,&base[pos][0],equal(babs,1));
- cmov(t,&base[pos][1],equal(babs,2));
- cmov(t,&base[pos][2],equal(babs,3));
- cmov(t,&base[pos][3],equal(babs,4));
- cmov(t,&base[pos][4],equal(babs,5));
- cmov(t,&base[pos][5],equal(babs,6));
- cmov(t,&base[pos][6],equal(babs,7));
- cmov(t,&base[pos][7],equal(babs,8));
- fe_copy(minust.yplusx,t->yminusx);
- fe_copy(minust.yminusx,t->yplusx);
- fe_neg(minust.xy2d,t->xy2d);
- cmov(t,&minust,bnegative);
-}
-
-
-/*
-h = a * B
-where a = a[0]+256*a[1]+...+256^31 a[31]
-B is the Ed25519 base point (x,4/5) with x positive.
-
-Preconditions:
- a[31] <= 127
-*/
-void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
-{
- signed char e[64];
- signed char carry;
- ge_p1p1 r;
- ge_p2 s;
- ge_precomp t;
- int i;
-
- for (i = 0;i < 32;++i) {
- e[2 * i + 0] = (a[i] >> 0) & 15;
- e[2 * i + 1] = (a[i] >> 4) & 15;
- }
- /* each e[i] is between 0 and 15 */
- /* e[63] is between 0 and 7 */
-
- carry = 0;
- for (i = 0;i < 63;++i) {
- e[i] += carry;
- carry = e[i] + 8;
- carry >>= 4;
- e[i] -= carry << 4;
- }
- e[63] += carry;
- /* each e[i] is between -8 and 8 */
-
- ge_p3_0(h);
- for (i = 1;i < 64;i += 2) {
- ge_select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
-
- ge_p3_dbl(&r,h); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
-
- for (i = 0;i < 64;i += 2) {
- ge_select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
-}
-
-
-/* ge double scalar mult */
-static void slide(signed char *r,const unsigned char *a)
-{
- int i;
- int b;
- int k;
-
- for (i = 0;i < 256;++i)
- r[i] = 1 & (a[i >> 3] >> (i & 7));
-
- for (i = 0;i < 256;++i)
- if (r[i]) {
- for (b = 1;b <= 6 && i + b < 256;++b) {
- if (r[i + b]) {
- if (r[i] + (r[i + b] << b) <= 15) {
- r[i] += r[i + b] << b; r[i + b] = 0;
- } else if (r[i] - (r[i + b] << b) >= -15) {
- r[i] -= r[i + b] << b;
- for (k = i + b;k < 256;++k) {
- if (!r[k]) {
- r[k] = 1;
- break;
- }
- r[k] = 0;
- }
- } else
- break;
- }
- }
- }
-}
-
-
-static ge_precomp Bi[8] = {
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
- { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
- { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
- },
- {
- { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
- { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
- { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
- },
- {
- { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
- { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
- { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
- },
- {
- { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
- { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
- { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
- },
-} ;
-
-
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
- const ge_p3 *A, const unsigned char *b)
-{
- signed char aslide[256];
- signed char bslide[256];
- ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
- ge_p1p1 t;
- ge_p3 u;
- ge_p3 A2;
- int i;
-
- slide(aslide,a);
- slide(bslide,b);
-
- ge_p3_to_cached(&Ai[0],A);
- ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
- ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
- ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
- ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
- ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
- ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
- ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
- ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
-
- ge_p2_0(r);
-
- for (i = 255;i >= 0;--i) {
- if (aslide[i] || bslide[i]) break;
- }
-
- for (;i >= 0;--i) {
- ge_p2_dbl(&t,r);
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_add(&t,&u,&Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_madd(&t,&u,&Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r,&t);
- }
-
- return 0;
-}
-
-
-static const fe d = {
--10913610,13857413,-15372611,6949391,114729,
--8787816,-6275908,-3247719,-18696448,-12055116
-} ;
-
-
-static const fe sqrtm1 = {
--32595792,-7943725,9377950,3500415,12389472,
--272473,-25146209,-2005654,326686,11406482
-} ;
-
-
-int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
-{
- fe u;
- fe v;
- fe v3;
- fe vxx;
- fe check;
-
- fe_frombytes(h->Y,s);
- fe_1(h->Z);
- fe_sq(u,h->Y);
- fe_mul(v,u,d);
- fe_sub(u,u,h->Z); /* u = y^2-1 */
- fe_add(v,v,h->Z); /* v = dy^2+1 */
-
-
- fe_sq(v3,v);
- fe_mul(v3,v3,v); /* v3 = v^3 */
- fe_sq(h->X,v3);
- fe_mul(h->X,h->X,v);
- fe_mul(h->X,h->X,u); /* x = uv^7 */
-
- fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
- fe_mul(h->X,h->X,v3);
- fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */
-
- fe_sq(vxx,h->X);
- fe_mul(vxx,vxx,v);
- fe_sub(check,vxx,u); /* vx^2-u */
- if (fe_isnonzero(check)) {
- fe_add(check,vxx,u); /* vx^2+u */
- if (fe_isnonzero(check)) return -1;
- fe_mul(h->X,h->X,sqrtm1);
- }
-
- if (fe_isnegative(h->X) == (s[31] >> 7))
- fe_neg(h->X,h->X);
-
- fe_mul(h->T,h->X,h->Y);
- return 0;
-}
-
-
-/* ge madd */
-/*
-r = p + q
-*/
-
-void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
- fe_add(r->X,p->Y,p->X);
- fe_sub(r->Y,p->Y,p->X);
- fe_mul(r->Z,r->X,q->yplusx);
- fe_mul(r->Y,r->Y,q->yminusx);
- fe_mul(r->T,q->xy2d,p->T);
- fe_add(t0,p->Z,p->Z);
- fe_sub(r->X,r->Z,r->Y);
- fe_add(r->Y,r->Z,r->Y);
- fe_add(r->Z,t0,r->T);
- fe_sub(r->T,t0,r->T);
-}
-
-
-/* ge msub */
-
-/*
-r = p - q
-*/
-
-void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
- fe_add(r->X,p->Y,p->X);
- fe_sub(r->Y,p->Y,p->X);
- fe_mul(r->Z,r->X,q->yminusx);
- fe_mul(r->Y,r->Y,q->yplusx);
- fe_mul(r->T,q->xy2d,p->T);
- fe_add(t0,p->Z,p->Z);
- fe_sub(r->X,r->Z,r->Y);
- fe_add(r->Y,r->Z,r->Y);
- fe_sub(r->Z,t0,r->T);
- fe_add(r->T,t0,r->T);
-}
-
-
-/* ge p1p1 to p2 */
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
-}
-
-
-/* ge p1p1 to p3 */
-
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
- fe_mul(r->T,p->X,p->Y);
-}
-
-
-/* ge p2 0 */
-
-void ge_p2_0(ge_p2 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
-}
-
-
-/* ge p2 dbl */
-
-/*
-r = 2 * p
-*/
-
-void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
-{
- fe t0;
- fe_sq(r->X,p->X);
- fe_sq(r->Z,p->Y);
- fe_sq2(r->T,p->Z);
- fe_add(r->Y,p->X,p->Y);
- fe_sq(t0,r->Y);
- fe_add(r->Y,r->Z,r->X);
- fe_sub(r->Z,r->Z,r->X);
- fe_sub(r->X,t0,r->Y);
- fe_sub(r->T,r->T,r->Z);
-}
-
-
-/* ge p3 0 */
-
-void ge_p3_0(ge_p3 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
- fe_0(h->T);
-}
-
-
-/* ge p3 dble */
-
-/*
-r = 2 * p
-*/
-
-void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
-{
- ge_p2 q;
- ge_p3_to_p2(&q,p);
- ge_p2_dbl(r,&q);
-}
-
-
-/* ge p3 to cached */
-
-/*
-r = p
-*/
-
-static const fe d2 = {
--21827239,-5839606,-30745221,13898782,229458,
-15978800,-12551817,-6495438,29715968,9444199
-} ;
-
-
-extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
-{
- fe_add(r->YplusX,p->Y,p->X);
- fe_sub(r->YminusX,p->Y,p->X);
- fe_copy(r->Z,p->Z);
- fe_mul(r->T2d,p->T,d2);
-}
-
-
-/* ge p3 to p2 */
-/*
-r = p
-*/
-
-extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
-{
- fe_copy(r->X,p->X);
- fe_copy(r->Y,p->Y);
- fe_copy(r->Z,p->Z);
-}
-
-
-/* ge p3 tobytes */
-void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
-
-
-/* ge_precomp_0 */
-void ge_precomp_0(ge_precomp *h)
-{
- fe_1(h->yplusx);
- fe_1(h->yminusx);
- fe_0(h->xy2d);
-}
-
-
-/* ge_sub */
-/*
-r = p - q
-*/
-
-void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
- fe_add(r->X,p->Y,p->X);
- fe_sub(r->Y,p->Y,p->X);
- fe_mul(r->Z,r->X,q->YminusX);
- fe_mul(r->Y,r->Y,q->YplusX);
- fe_mul(r->T,q->T2d,p->T);
- fe_mul(r->X,p->Z,q->Z);
- fe_add(t0,r->X,r->X);
- fe_sub(r->X,r->Z,r->Y);
- fe_add(r->Y,r->Z,r->Y);
- fe_sub(r->Z,t0,r->T);
- fe_add(r->T,t0,r->T);
-}
-
-
-/* ge tobytes */
-void ge_tobytes(unsigned char *s,const ge_p2 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
-#endif /* HAVE_ED25519 */
-
-
--- a/wolfcrypt/src/hash.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,77 +0,0 @@
-/* hash.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if !defined(WOLFSSL_TI_HASH)
-
-#include <wolfssl/wolfcrypt/hash.h>
-
-#if !defined(NO_MD5)
-void wc_Md5GetHash(Md5* md5, byte* hash)
-{
- Md5 save = *md5 ;
- wc_Md5Final(md5, hash) ;
- *md5 = save ;
-}
-
-WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
- *m1 = *m2 ;
-}
-#endif
-
-#if !defined(NO_SHA)
-int wc_ShaGetHash(Sha* sha, byte* hash)
-{
- int ret ;
- Sha save = *sha ;
- ret = wc_ShaFinal(sha, hash) ;
- *sha = save ;
- return ret ;
-}
-
-WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
- *s1 = *s2 ;
-}
-#endif
-
-#if !defined(NO_SHA256)
-int wc_Sha256GetHash(Sha256* sha256, byte* hash)
-{
- int ret ;
- Sha256 save = *sha256 ;
- ret = wc_Sha256Final(sha256, hash) ;
- *sha256 = save ;
- return ret ;
-}
-
-WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
- *s1 = *s2 ;
-}
-#endif
-
-#endif
-
-
--- a/wolfcrypt/src/hc128.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,400 +0,0 @@
-/* hc128.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_HC128
-
-#include <wolfssl/wolfcrypt/hc128.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/hc128.h>
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-#ifdef BIG_ENDIAN_ORDER
- #define LITTLE32(x) ByteReverseWord32(x)
-#else
- #define LITTLE32(x) (x)
-#endif
-
-
-/*h1 function*/
-#define h1(ctx, x, y) { \
- byte a,c; \
- a = (byte) (x); \
- c = (byte) ((x) >> 16); \
- y = (ctx->T[512+a])+(ctx->T[512+256+c]); \
-}
-
-/*h2 function*/
-#define h2(ctx, x, y) { \
- byte a,c; \
- a = (byte) (x); \
- c = (byte) ((x) >> 16); \
- y = (ctx->T[a])+(ctx->T[256+c]); \
-}
-
-/*one step of HC-128, update P and generate 32 bits keystream*/
-#define step_P(ctx,u,v,a,b,c,d,n){ \
- word32 tem0,tem1,tem2,tem3; \
- h1((ctx),(ctx->X[(d)]),tem3); \
- tem0 = rotrFixed((ctx->T[(v)]),23); \
- tem1 = rotrFixed((ctx->X[(c)]),10); \
- tem2 = rotrFixed((ctx->X[(b)]),8); \
- (ctx->T[(u)]) += tem2+(tem0 ^ tem1); \
- (ctx->X[(a)]) = (ctx->T[(u)]); \
- (n) = tem3 ^ (ctx->T[(u)]) ; \
-}
-
-/*one step of HC-128, update Q and generate 32 bits keystream*/
-#define step_Q(ctx,u,v,a,b,c,d,n){ \
- word32 tem0,tem1,tem2,tem3; \
- h2((ctx),(ctx->Y[(d)]),tem3); \
- tem0 = rotrFixed((ctx->T[(v)]),(32-23)); \
- tem1 = rotrFixed((ctx->Y[(c)]),(32-10)); \
- tem2 = rotrFixed((ctx->Y[(b)]),(32-8)); \
- (ctx->T[(u)]) += tem2 + (tem0 ^ tem1); \
- (ctx->Y[(a)]) = (ctx->T[(u)]); \
- (n) = tem3 ^ (ctx->T[(u)]) ; \
-}
-
-/*16 steps of HC-128, generate 512 bits keystream*/
-static void generate_keystream(HC128* ctx, word32* keystream)
-{
- word32 cc,dd;
- cc = ctx->counter1024 & 0x1ff;
- dd = (cc+16)&0x1ff;
-
- if (ctx->counter1024 < 512)
- {
- ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
- step_P(ctx, cc+0, cc+1, 0, 6, 13,4, keystream[0]);
- step_P(ctx, cc+1, cc+2, 1, 7, 14,5, keystream[1]);
- step_P(ctx, cc+2, cc+3, 2, 8, 15,6, keystream[2]);
- step_P(ctx, cc+3, cc+4, 3, 9, 0, 7, keystream[3]);
- step_P(ctx, cc+4, cc+5, 4, 10,1, 8, keystream[4]);
- step_P(ctx, cc+5, cc+6, 5, 11,2, 9, keystream[5]);
- step_P(ctx, cc+6, cc+7, 6, 12,3, 10,keystream[6]);
- step_P(ctx, cc+7, cc+8, 7, 13,4, 11,keystream[7]);
- step_P(ctx, cc+8, cc+9, 8, 14,5, 12,keystream[8]);
- step_P(ctx, cc+9, cc+10,9, 15,6, 13,keystream[9]);
- step_P(ctx, cc+10,cc+11,10,0, 7, 14,keystream[10]);
- step_P(ctx, cc+11,cc+12,11,1, 8, 15,keystream[11]);
- step_P(ctx, cc+12,cc+13,12,2, 9, 0, keystream[12]);
- step_P(ctx, cc+13,cc+14,13,3, 10,1, keystream[13]);
- step_P(ctx, cc+14,cc+15,14,4, 11,2, keystream[14]);
- step_P(ctx, cc+15,dd+0, 15,5, 12,3, keystream[15]);
- }
- else
- {
- ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
- step_Q(ctx, 512+cc+0, 512+cc+1, 0, 6, 13,4, keystream[0]);
- step_Q(ctx, 512+cc+1, 512+cc+2, 1, 7, 14,5, keystream[1]);
- step_Q(ctx, 512+cc+2, 512+cc+3, 2, 8, 15,6, keystream[2]);
- step_Q(ctx, 512+cc+3, 512+cc+4, 3, 9, 0, 7, keystream[3]);
- step_Q(ctx, 512+cc+4, 512+cc+5, 4, 10,1, 8, keystream[4]);
- step_Q(ctx, 512+cc+5, 512+cc+6, 5, 11,2, 9, keystream[5]);
- step_Q(ctx, 512+cc+6, 512+cc+7, 6, 12,3, 10,keystream[6]);
- step_Q(ctx, 512+cc+7, 512+cc+8, 7, 13,4, 11,keystream[7]);
- step_Q(ctx, 512+cc+8, 512+cc+9, 8, 14,5, 12,keystream[8]);
- step_Q(ctx, 512+cc+9, 512+cc+10,9, 15,6, 13,keystream[9]);
- step_Q(ctx, 512+cc+10,512+cc+11,10,0, 7, 14,keystream[10]);
- step_Q(ctx, 512+cc+11,512+cc+12,11,1, 8, 15,keystream[11]);
- step_Q(ctx, 512+cc+12,512+cc+13,12,2, 9, 0, keystream[12]);
- step_Q(ctx, 512+cc+13,512+cc+14,13,3, 10,1, keystream[13]);
- step_Q(ctx, 512+cc+14,512+cc+15,14,4, 11,2, keystream[14]);
- step_Q(ctx, 512+cc+15,512+dd+0, 15,5, 12,3, keystream[15]);
- }
-}
-
-
-/* The following defines the initialization functions */
-#define f1(x) (rotrFixed((x),7) ^ rotrFixed((x),18) ^ ((x) >> 3))
-#define f2(x) (rotrFixed((x),17) ^ rotrFixed((x),19) ^ ((x) >> 10))
-
-/*update table P*/
-#define update_P(ctx,u,v,a,b,c,d){ \
- word32 tem0,tem1,tem2,tem3; \
- tem0 = rotrFixed((ctx->T[(v)]),23); \
- tem1 = rotrFixed((ctx->X[(c)]),10); \
- tem2 = rotrFixed((ctx->X[(b)]),8); \
- h1((ctx),(ctx->X[(d)]),tem3); \
- (ctx->T[(u)]) = ((ctx->T[(u)]) + tem2+(tem0^tem1)) ^ tem3; \
- (ctx->X[(a)]) = (ctx->T[(u)]); \
-}
-
-/*update table Q*/
-#define update_Q(ctx,u,v,a,b,c,d){ \
- word32 tem0,tem1,tem2,tem3; \
- tem0 = rotrFixed((ctx->T[(v)]),(32-23)); \
- tem1 = rotrFixed((ctx->Y[(c)]),(32-10)); \
- tem2 = rotrFixed((ctx->Y[(b)]),(32-8)); \
- h2((ctx),(ctx->Y[(d)]),tem3); \
- (ctx->T[(u)]) = ((ctx->T[(u)]) + tem2+(tem0^tem1)) ^ tem3; \
- (ctx->Y[(a)]) = (ctx->T[(u)]); \
-}
-
-/*16 steps of HC-128, without generating keystream, */
-/*but use the outputs to update P and Q*/
-static void setup_update(HC128* ctx) /*each time 16 steps*/
-{
- word32 cc,dd;
- cc = ctx->counter1024 & 0x1ff;
- dd = (cc+16)&0x1ff;
-
- if (ctx->counter1024 < 512)
- {
- ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
- update_P(ctx, cc+0, cc+1, 0, 6, 13, 4);
- update_P(ctx, cc+1, cc+2, 1, 7, 14, 5);
- update_P(ctx, cc+2, cc+3, 2, 8, 15, 6);
- update_P(ctx, cc+3, cc+4, 3, 9, 0, 7);
- update_P(ctx, cc+4, cc+5, 4, 10,1, 8);
- update_P(ctx, cc+5, cc+6, 5, 11,2, 9);
- update_P(ctx, cc+6, cc+7, 6, 12,3, 10);
- update_P(ctx, cc+7, cc+8, 7, 13,4, 11);
- update_P(ctx, cc+8, cc+9, 8, 14,5, 12);
- update_P(ctx, cc+9, cc+10,9, 15,6, 13);
- update_P(ctx, cc+10,cc+11,10,0, 7, 14);
- update_P(ctx, cc+11,cc+12,11,1, 8, 15);
- update_P(ctx, cc+12,cc+13,12,2, 9, 0);
- update_P(ctx, cc+13,cc+14,13,3, 10, 1);
- update_P(ctx, cc+14,cc+15,14,4, 11, 2);
- update_P(ctx, cc+15,dd+0, 15,5, 12, 3);
- }
- else
- {
- ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
- update_Q(ctx, 512+cc+0, 512+cc+1, 0, 6, 13, 4);
- update_Q(ctx, 512+cc+1, 512+cc+2, 1, 7, 14, 5);
- update_Q(ctx, 512+cc+2, 512+cc+3, 2, 8, 15, 6);
- update_Q(ctx, 512+cc+3, 512+cc+4, 3, 9, 0, 7);
- update_Q(ctx, 512+cc+4, 512+cc+5, 4, 10,1, 8);
- update_Q(ctx, 512+cc+5, 512+cc+6, 5, 11,2, 9);
- update_Q(ctx, 512+cc+6, 512+cc+7, 6, 12,3, 10);
- update_Q(ctx, 512+cc+7, 512+cc+8, 7, 13,4, 11);
- update_Q(ctx, 512+cc+8, 512+cc+9, 8, 14,5, 12);
- update_Q(ctx, 512+cc+9, 512+cc+10,9, 15,6, 13);
- update_Q(ctx, 512+cc+10,512+cc+11,10,0, 7, 14);
- update_Q(ctx, 512+cc+11,512+cc+12,11,1, 8, 15);
- update_Q(ctx, 512+cc+12,512+cc+13,12,2, 9, 0);
- update_Q(ctx, 512+cc+13,512+cc+14,13,3, 10, 1);
- update_Q(ctx, 512+cc+14,512+cc+15,14,4, 11, 2);
- update_Q(ctx, 512+cc+15,512+dd+0, 15,5, 12, 3);
- }
-}
-
-
-/* for the 128-bit key: key[0]...key[15]
-* key[0] is the least significant byte of ctx->key[0] (K_0);
-* key[3] is the most significant byte of ctx->key[0] (K_0);
-* ...
-* key[12] is the least significant byte of ctx->key[3] (K_3)
-* key[15] is the most significant byte of ctx->key[3] (K_3)
-*
-* for the 128-bit iv: iv[0]...iv[15]
-* iv[0] is the least significant byte of ctx->iv[0] (IV_0);
-* iv[3] is the most significant byte of ctx->iv[0] (IV_0);
-* ...
-* iv[12] is the least significant byte of ctx->iv[3] (IV_3)
-* iv[15] is the most significant byte of ctx->iv[3] (IV_3)
-*/
-
-
-
-static void Hc128_SetIV(HC128* ctx, const byte* inIv)
-{
- word32 i;
- word32 iv[4];
-
- if (inIv)
- XMEMCPY(iv, inIv, sizeof(iv));
- else
- XMEMSET(iv, 0, sizeof(iv));
-
- for (i = 0; i < (128 >> 5); i++)
- ctx->iv[i] = LITTLE32(iv[i]);
-
- for (; i < 8; i++) ctx->iv[i] = ctx->iv[i-4];
-
- /* expand the key and IV into the table T */
- /* (expand the key and IV into the table P and Q) */
-
- for (i = 0; i < 8; i++) ctx->T[i] = ctx->key[i];
- for (i = 8; i < 16; i++) ctx->T[i] = ctx->iv[i-8];
-
- for (i = 16; i < (256+16); i++)
- ctx->T[i] = f2(ctx->T[i-2]) + ctx->T[i-7] + f1(ctx->T[i-15]) +
- ctx->T[i-16]+i;
-
- for (i = 0; i < 16; i++) ctx->T[i] = ctx->T[256+i];
-
- for (i = 16; i < 1024; i++)
- ctx->T[i] = f2(ctx->T[i-2]) + ctx->T[i-7] + f1(ctx->T[i-15]) +
- ctx->T[i-16]+256+i;
-
- /* initialize counter1024, X and Y */
- ctx->counter1024 = 0;
- for (i = 0; i < 16; i++) ctx->X[i] = ctx->T[512-16+i];
- for (i = 0; i < 16; i++) ctx->Y[i] = ctx->T[512+512-16+i];
-
- /* run the cipher 1024 steps before generating the output */
- for (i = 0; i < 64; i++) setup_update(ctx);
-}
-
-
-static INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv)
-{
- word32 i;
-
- /* Key size in bits 128 */
- for (i = 0; i < (128 >> 5); i++)
- ctx->key[i] = LITTLE32(((word32*)key)[i]);
-
- for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4];
-
- Hc128_SetIV(ctx, iv);
-
- return 0;
-}
-
-
-/* Key setup */
-int wc_Hc128_SetKey(HC128* ctx, const byte* key, const byte* iv)
-{
-#ifdef XSTREAM_ALIGN
- if ((wolfssl_word)key % 4) {
- int alignKey[4];
-
- /* iv gets aligned in SetIV */
- WOLFSSL_MSG("Hc128SetKey unaligned key");
-
- XMEMCPY(alignKey, key, sizeof(alignKey));
-
- return DoKey(ctx, (const byte*)alignKey, iv);
- }
-#endif /* XSTREAM_ALIGN */
-
- return DoKey(ctx, key, iv);
-}
-
-
-
-/* The following defines the encryption of data stream */
-static INLINE int DoProcess(HC128* ctx, byte* output, const byte* input,
- word32 msglen)
-{
- word32 i, keystream[16];
-
- for ( ; msglen >= 64; msglen -= 64, input += 64, output += 64)
- {
- generate_keystream(ctx, keystream);
-
- /* unroll loop */
- ((word32*)output)[0] = ((word32*)input)[0] ^ LITTLE32(keystream[0]);
- ((word32*)output)[1] = ((word32*)input)[1] ^ LITTLE32(keystream[1]);
- ((word32*)output)[2] = ((word32*)input)[2] ^ LITTLE32(keystream[2]);
- ((word32*)output)[3] = ((word32*)input)[3] ^ LITTLE32(keystream[3]);
- ((word32*)output)[4] = ((word32*)input)[4] ^ LITTLE32(keystream[4]);
- ((word32*)output)[5] = ((word32*)input)[5] ^ LITTLE32(keystream[5]);
- ((word32*)output)[6] = ((word32*)input)[6] ^ LITTLE32(keystream[6]);
- ((word32*)output)[7] = ((word32*)input)[7] ^ LITTLE32(keystream[7]);
- ((word32*)output)[8] = ((word32*)input)[8] ^ LITTLE32(keystream[8]);
- ((word32*)output)[9] = ((word32*)input)[9] ^ LITTLE32(keystream[9]);
- ((word32*)output)[10] = ((word32*)input)[10] ^ LITTLE32(keystream[10]);
- ((word32*)output)[11] = ((word32*)input)[11] ^ LITTLE32(keystream[11]);
- ((word32*)output)[12] = ((word32*)input)[12] ^ LITTLE32(keystream[12]);
- ((word32*)output)[13] = ((word32*)input)[13] ^ LITTLE32(keystream[13]);
- ((word32*)output)[14] = ((word32*)input)[14] ^ LITTLE32(keystream[14]);
- ((word32*)output)[15] = ((word32*)input)[15] ^ LITTLE32(keystream[15]);
- }
-
- if (msglen > 0)
- {
- XMEMSET(keystream, 0, sizeof(keystream)); /* hush the static analysis */
- generate_keystream(ctx, keystream);
-
-#ifdef BIG_ENDIAN_ORDER
- {
- word32 wordsLeft = msglen / sizeof(word32);
- if (msglen % sizeof(word32)) wordsLeft++;
-
- ByteReverseWords(keystream, keystream, wordsLeft * sizeof(word32));
- }
-#endif
-
- for (i = 0; i < msglen; i++)
- output[i] = input[i] ^ ((byte*)keystream)[i];
- }
-
- return 0;
-}
-
-
-/* Encrypt/decrypt a message of any size */
-int wc_Hc128_Process(HC128* ctx, byte* output, const byte* input, word32 msglen)
-{
-#ifdef XSTREAM_ALIGN
- if ((wolfssl_word)input % 4 || (wolfssl_word)output % 4) {
- #ifndef NO_WOLFSSL_ALLOC_ALIGN
- byte* tmp;
- WOLFSSL_MSG("Hc128Process unaligned");
-
- tmp = (byte*)XMALLOC(msglen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) return MEMORY_E;
-
- XMEMCPY(tmp, input, msglen);
- DoProcess(ctx, tmp, tmp, msglen);
- XMEMCPY(output, tmp, msglen);
-
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- return 0;
- #else
- return BAD_ALIGN_E;
- #endif
- }
-#endif /* XSTREAM_ALIGN */
-
- return DoProcess(ctx, output, input, msglen);
-}
-
-
-#else /* HAVE_HC128 */
-
-
-#ifdef _MSC_VER
- /* 4206 warning for blank file */
- #pragma warning(disable: 4206)
-#endif
-
-
-#endif /* HAVE_HC128 */
-
--- a/wolfcrypt/src/hmac.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,880 +0,0 @@
-/* hmac.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_HMAC
-
-#include <wolfssl/wolfcrypt/hmac.h>
-
-#ifdef HAVE_FIPS
-/* does init */
-int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz)
-{
- return HmacSetKey_fips(hmac, type, key, keySz);
-}
-
-
-int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz)
-{
- return HmacUpdate_fips(hmac, in, sz);
-}
-
-
-int wc_HmacFinal(Hmac* hmac, byte* out)
-{
- return HmacFinal_fips(hmac, out);
-}
-
-
-#ifdef HAVE_CAVIUM
- int wc_HmacInitCavium(Hmac* hmac, int i)
- {
- return HmacInitCavium(hmac, i);
- }
-
-
- void wc_HmacFreeCavium(Hmac* hmac)
- {
- HmacFreeCavium(hmac);
- }
-#endif
-
-int wolfSSL_GetHmacMaxSize(void)
-{
- return CyaSSL_GetHmacMaxSize();
-}
-
-#ifdef HAVE_HKDF
-
-int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
- const byte* salt, word32 saltSz,
- const byte* info, word32 infoSz,
- byte* out, word32 outSz)
-{
- return HKDF(type, inKey, inKeySz, salt, saltSz, info, infoSz, out, outSz);
-}
-
-
-#endif /* HAVE_HKDF */
-#else /* else build without fips */
-#ifdef WOLFSSL_PIC32MZ_HASH
-
-#define wc_InitMd5 wc_InitMd5_sw
-#define wc_Md5Update wc_Md5Update_sw
-#define wc_Md5Final wc_Md5Final_sw
-
-#define wc_InitSha wc_InitSha_sw
-#define wc_ShaUpdate wc_ShaUpdate_sw
-#define wc_ShaFinal wc_ShaFinal_sw
-
-#define wc_InitSha256 wc_InitSha256_sw
-#define wc_Sha256Update wc_Sha256Update_sw
-#define wc_Sha256Final wc_Sha256Final_sw
-
-#endif
-
-#ifdef HAVE_FIPS
- /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
- #define FIPS_NO_WRAPPERS
-#endif
-
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-
-#ifdef HAVE_CAVIUM
- static void HmacCaviumFinal(Hmac* hmac, byte* hash);
- static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length);
- static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
- word32 length);
-#endif
-
-static int InitHmac(Hmac* hmac, int type)
-{
- int ret = 0;
-
- hmac->innerHashKeyed = 0;
- hmac->macType = (byte)type;
-
- if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
- || type == SHA512 || type == BLAKE2B_ID))
- return BAD_FUNC_ARG;
-
- switch (type) {
- #ifndef NO_MD5
- case MD5:
- wc_InitMd5(&hmac->hash.md5);
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- ret = wc_InitSha(&hmac->hash.sha);
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- ret = wc_InitSha256(&hmac->hash.sha256);
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- ret = wc_InitSha384(&hmac->hash.sha384);
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- ret = wc_InitSha512(&hmac->hash.sha512);
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
- break;
- #endif
-
- default:
- return BAD_FUNC_ARG;
- }
-
- return ret;
-}
-
-
-int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
-{
- byte* ip = (byte*) hmac->ipad;
- byte* op = (byte*) hmac->opad;
- word32 i, hmac_block_size = 0;
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
- return HmacCaviumSetKey(hmac, type, key, length);
-#endif
-
- ret = InitHmac(hmac, type);
- if (ret != 0)
- return ret;
-
-#ifdef HAVE_FIPS
- if (length < HMAC_FIPS_MIN_KEY)
- return HMAC_MIN_KEYLEN_E;
-#endif
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- {
- hmac_block_size = MD5_BLOCK_SIZE;
- if (length <= MD5_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- wc_Md5Update(&hmac->hash.md5, key, length);
- wc_Md5Final(&hmac->hash.md5, ip);
- length = MD5_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- {
- hmac_block_size = SHA_BLOCK_SIZE;
- if (length <= SHA_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- wc_ShaUpdate(&hmac->hash.sha, key, length);
- wc_ShaFinal(&hmac->hash.sha, ip);
- length = SHA_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- {
- hmac_block_size = SHA256_BLOCK_SIZE;
- if (length <= SHA256_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Final(&hmac->hash.sha256, ip);
- if (ret != 0)
- return ret;
-
- length = SHA256_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- {
- hmac_block_size = SHA384_BLOCK_SIZE;
- if (length <= SHA384_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Final(&hmac->hash.sha384, ip);
- if (ret != 0)
- return ret;
-
- length = SHA384_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- {
- hmac_block_size = SHA512_BLOCK_SIZE;
- if (length <= SHA512_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Final(&hmac->hash.sha512, ip);
- if (ret != 0)
- return ret;
-
- length = SHA512_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- {
- hmac_block_size = BLAKE2B_BLOCKBYTES;
- if (length <= BLAKE2B_BLOCKBYTES) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
- if (ret != 0)
- return ret;
-
- length = BLAKE2B_256;
- }
- }
- break;
- #endif
-
- default:
- return BAD_FUNC_ARG;
- }
- if (length < hmac_block_size)
- XMEMSET(ip + length, 0, hmac_block_size - length);
-
- for(i = 0; i < hmac_block_size; i++) {
- op[i] = ip[i] ^ OPAD;
- ip[i] ^= IPAD;
- }
- return 0;
-}
-
-
-static int HmacKeyInnerHash(Hmac* hmac)
-{
- int ret = 0;
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- wc_Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- ret = wc_Sha256Update(&hmac->hash.sha256,
- (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- ret = wc_Sha384Update(&hmac->hash.sha384,
- (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- ret = wc_Sha512Update(&hmac->hash.sha512,
- (byte*) hmac->ipad, SHA512_BLOCK_SIZE);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
- (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- default:
- break;
- }
-
- hmac->innerHashKeyed = 1;
-
- return ret;
-}
-
-
-int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
-{
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
- return HmacCaviumUpdate(hmac, msg, length);
-#endif
-
- if (!hmac->innerHashKeyed) {
- ret = HmacKeyInnerHash(hmac);
- if (ret != 0)
- return ret;
- }
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- wc_Md5Update(&hmac->hash.md5, msg, length);
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- wc_ShaUpdate(&hmac->hash.sha, msg, length);
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- ret = wc_Sha256Update(&hmac->hash.sha256, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- ret = wc_Sha384Update(&hmac->hash.sha384, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- ret = wc_Sha512Update(&hmac->hash.sha512, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- default:
- break;
- }
-
- return 0;
-}
-
-
-int wc_HmacFinal(Hmac* hmac, byte* hash)
-{
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
- return HmacCaviumFinal(hmac, hash);
-#endif
-
- if (!hmac->innerHashKeyed) {
- ret = HmacKeyInnerHash(hmac);
- if (ret != 0)
- return ret;
- }
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- {
- wc_Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
-
- wc_Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
- wc_Md5Update(&hmac->hash.md5,
- (byte*) hmac->innerHash, MD5_DIGEST_SIZE);
-
- wc_Md5Final(&hmac->hash.md5, hash);
- }
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- {
- wc_ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
-
- wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
- wc_ShaUpdate(&hmac->hash.sha,
- (byte*) hmac->innerHash, SHA_DIGEST_SIZE);
-
- wc_ShaFinal(&hmac->hash.sha, hash);
- }
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- {
- ret = wc_Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Update(&hmac->hash.sha256,
- (byte*) hmac->opad, SHA256_BLOCK_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Update(&hmac->hash.sha256,
- (byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Final(&hmac->hash.sha256, hash);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- {
- ret = wc_Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Update(&hmac->hash.sha384,
- (byte*) hmac->opad, SHA384_BLOCK_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Update(&hmac->hash.sha384,
- (byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Final(&hmac->hash.sha384, hash);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- {
- ret = wc_Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Update(&hmac->hash.sha512,
- (byte*) hmac->opad, SHA512_BLOCK_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Update(&hmac->hash.sha512,
- (byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Final(&hmac->hash.sha512, hash);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- {
- ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
- BLAKE2B_256);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
- (byte*) hmac->opad, BLAKE2B_BLOCKBYTES);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
- (byte*) hmac->innerHash, BLAKE2B_256);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- default:
- break;
- }
-
- hmac->innerHashKeyed = 0;
-
- return 0;
-}
-
-
-#ifdef HAVE_CAVIUM
-
-/* Initiliaze Hmac for use with Nitrox device */
-int wc_HmacInitCavium(Hmac* hmac, int devId)
-{
- if (hmac == NULL)
- return -1;
-
- if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0)
- return -1;
-
- hmac->keyLen = 0;
- hmac->dataLen = 0;
- hmac->type = 0;
- hmac->devId = devId;
- hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC;
- hmac->data = NULL; /* buffered input data */
-
- hmac->innerHashKeyed = 0;
-
- return 0;
-}
-
-
-/* Free Hmac from use with Nitrox device */
-void wc_HmacFreeCavium(Hmac* hmac)
-{
- if (hmac == NULL)
- return;
-
- CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId);
- hmac->magic = 0;
- XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
- hmac->data = NULL;
-}
-
-
-static void HmacCaviumFinal(Hmac* hmac, byte* hash)
-{
- word32 requestId;
-
- if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
- (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
- hmac->devId) != 0) {
- WOLFSSL_MSG("Cavium Hmac failed");
- }
- hmac->innerHashKeyed = 0; /* tell update to start over if used again */
-}
-
-
-static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
-{
- word16 add = (word16)length;
- word32 total;
- byte* tmp;
-
- if (length > WOLFSSL_MAX_16BIT) {
- WOLFSSL_MSG("Too big msg for cavium hmac");
- return;
- }
-
- if (hmac->innerHashKeyed == 0) { /* starting new */
- hmac->dataLen = 0;
- hmac->innerHashKeyed = 1;
- }
-
- total = add + hmac->dataLen;
- if (total > WOLFSSL_MAX_16BIT) {
- WOLFSSL_MSG("Too big msg for cavium hmac");
- return;
- }
-
- tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP);
- if (tmp == NULL) {
- WOLFSSL_MSG("Out of memory for cavium update");
- return;
- }
- if (hmac->dataLen)
- XMEMCPY(tmp, hmac->data, hmac->dataLen);
- XMEMCPY(tmp + hmac->dataLen, msg, add);
-
- hmac->dataLen += add;
- XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
- hmac->data = tmp;
-}
-
-
-static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
- word32 length)
-{
- hmac->macType = (byte)type;
- if (type == MD5)
- hmac->type = MD5_TYPE;
- else if (type == SHA)
- hmac->type = SHA1_TYPE;
- else if (type == SHA256)
- hmac->type = SHA256_TYPE;
- else {
- WOLFSSL_MSG("unsupported cavium hmac type");
- }
-
- hmac->innerHashKeyed = 0; /* should we key Startup flag */
-
- hmac->keyLen = (word16)length;
- /* store key in ipad */
- XMEMCPY(hmac->ipad, key, length);
-}
-
-#endif /* HAVE_CAVIUM */
-
-int wolfSSL_GetHmacMaxSize(void)
-{
- return MAX_DIGEST_SIZE;
-}
-
-#ifdef HAVE_HKDF
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-static INLINE int GetHashSizeByType(int type)
-{
- if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
- || type == SHA512 || type == BLAKE2B_ID))
- return BAD_FUNC_ARG;
-
- switch (type) {
- #ifndef NO_MD5
- case MD5:
- return MD5_DIGEST_SIZE;
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- return SHA_DIGEST_SIZE;
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- return SHA256_DIGEST_SIZE;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- return SHA384_DIGEST_SIZE;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- return SHA512_DIGEST_SIZE;
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- return BLAKE2B_OUTBYTES;
- break;
- #endif
-
- default:
- return BAD_FUNC_ARG;
- break;
- }
-}
-
-
-/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
-int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
- const byte* salt, word32 saltSz,
- const byte* info, word32 infoSz,
- byte* out, word32 outSz)
-{
- Hmac myHmac;
-#ifdef WOLFSSL_SMALL_STACK
- byte* tmp;
- byte* prk;
-#else
- byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
- byte prk[MAX_DIGEST_SIZE];
-#endif
- const byte* localSalt; /* either points to user input or tmp */
- int hashSz = GetHashSizeByType(type);
- word32 outIdx = 0;
- byte n = 0x1;
- int ret;
-
- if (hashSz < 0)
- return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
- tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return MEMORY_E;
-
- prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (prk == NULL) {
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- localSalt = salt;
- if (localSalt == NULL) {
- XMEMSET(tmp, 0, hashSz);
- localSalt = tmp;
- saltSz = hashSz;
- }
-
- do {
- ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(&myHmac, prk);
- } while (0);
-
- if (ret == 0) {
- while (outIdx < outSz) {
- int tmpSz = (n == 1) ? 0 : hashSz;
- word32 left = outSz - outIdx;
-
- ret = wc_HmacSetKey(&myHmac, type, prk, hashSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, info, infoSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, &n, 1);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(&myHmac, tmp);
- if (ret != 0)
- break;
-
- left = min(left, (word32)hashSz);
- XMEMCPY(out+outIdx, tmp, left);
-
- outIdx += hashSz;
- n++;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#endif /* HAVE_HKDF */
-
-#endif /* HAVE_FIPS */
-#endif /* NO_HMAC */
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfcrypt/src/idea.c Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,287 @@
+/* idea.c
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef HAVE_IDEA
+
+#include <wolfssl/wolfcrypt/idea.h>
+
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#ifdef NO_INLINE
+ #include <wolfssl/wolfcrypt/misc.h>
+#else
+ #include <wolfcrypt/src/misc.c>
+#endif
+
+/* multiplication of x and y modulo 2^16+1
+ * IDEA specify a special case when an entry value is 0 ( x or y)
+ * then it must be replaced by 2^16
+ */
+static INLINE word16 idea_mult(word16 x, word16 y)
+{
+ long mul, res;
+
+ mul = (long)x * (long)y;
+ if (mul) {
+ res = (mul & IDEA_MASK) - ((word32)mul >> 16);
+ if (res <= 0)
+ res += IDEA_MODULO;
+
+ return (word16) (res & IDEA_MASK);
+ }
+
+ if (!x)
+ return ((IDEA_MODULO - y) & IDEA_MASK);
+
+ /* !y */
+ return ((IDEA_MODULO - x) & IDEA_MASK);
+}
+
+/* compute 1/a modulo 2^16+1 using Extended euclidean algorithm
+ * adapted from fp_invmod */
+static INLINE word16 idea_invmod(word16 x)
+{
+ int u, v, b, d;
+
+ if (x <= 1)
+ return x;
+
+ u = IDEA_MODULO;
+ v = x;
+ d = 1;
+ b = 0;
+
+ do {
+ while (!(u & 1)) {
+ u >>= 1;
+ if (b & 1)
+ b -= IDEA_MODULO;
+ b >>= 1;
+ }
+
+ while (!(v & 1)) {
+ v >>= 1;
+ if (d & 1) {
+ d -= IDEA_MODULO;
+ }
+ d >>= 1;
+ }
+
+ if (u >= v) {
+ u -= v;
+ b -= d;
+ } else {
+ v -= u;
+ d -= b;
+ }
+ } while (u != 0);
+
+ /* d is now the inverse, put positive value if required */
+ while (d < 0)
+ d += IDEA_MODULO;
+
+ /* d must be < IDEA_MODULO */
+ while (d >= (int)IDEA_MODULO)
+ d -= IDEA_MODULO;
+
+ return (word16)(d & IDEA_MASK);
+}
+
+/* generate the 52 16-bits key sub-blocks from the 128 key */
+int wc_IdeaSetKey(Idea *idea, const byte* key, word16 keySz,
+ const byte *iv, int dir)
+{
+ word16 idx = 0;
+ word32 t;
+ short i;
+
+ if (idea == NULL || key == NULL || keySz != IDEA_KEY_SIZE ||
+ (dir != IDEA_ENCRYPTION && dir != IDEA_DECRYPTION))
+ return BAD_FUNC_ARG;
+
+ /* initial key schedule for 0 -> 7 */
+ for (i = 0; i < IDEA_ROUNDS; i++) {
+ idea->skey[i] = (word16)key[idx++] << 8;
+ idea->skey[i] |= (word16)key[idx++];
+ }
+
+ /* shift phase key schedule for 8 -> 51 */
+ for (i = IDEA_ROUNDS; i < IDEA_SK_NUM; i++) {
+ t = (word32)idea->skey[((i+1) & 7) ? i-7 : i-15] << 9;
+ t |= (word32)idea->skey[((i+2) & 7) < 2 ? i-14 : i-6] >> 7;
+ idea->skey[i] = (word16)(t & IDEA_MASK);
+ }
+
+ /* compute decryption key from encryption key */
+ if (dir == IDEA_DECRYPTION) {
+ word16 enckey[IDEA_SK_NUM];
+
+ /* put encryption key in tmp buffer */
+ XMEMCPY(enckey, idea->skey, sizeof(idea->skey));
+
+ idx = 0;
+
+ idea->skey[6*IDEA_ROUNDS] = idea_invmod(enckey[idx++]);
+ idea->skey[6*IDEA_ROUNDS+1] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
+ idea->skey[6*IDEA_ROUNDS+2] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
+ idea->skey[6*IDEA_ROUNDS+3] = idea_invmod(enckey[idx++]);
+
+ for (i = 6*(IDEA_ROUNDS-1); i >= 0; i -= 6) {
+ idea->skey[i+4] = enckey[idx++];
+ idea->skey[i+5] = enckey[idx++];
+
+ idea->skey[i] = idea_invmod(enckey[idx++]);
+ if (i) {
+ idea->skey[i+2] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
+ idea->skey[i+1] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
+ }
+ else {
+ idea->skey[1] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
+ idea->skey[2] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
+ }
+
+ idea->skey[i+3] = idea_invmod(enckey[idx++]);
+ }
+
+ /* erase temporary buffer */
+ ForceZero(enckey, sizeof(enckey));
+ }
+
+ /* set the iv */
+ return wc_IdeaSetIV(idea, iv);
+}
+
+/* set the IV in the Idea key structure */
+int wc_IdeaSetIV(Idea *idea, const byte* iv)
+{
+ if (idea == NULL)
+ return BAD_FUNC_ARG;
+
+ if (iv != NULL)
+ XMEMCPY(idea->reg, iv, IDEA_BLOCK_SIZE);
+ else
+ XMEMSET(idea->reg, 0, IDEA_BLOCK_SIZE);
+
+ return 0;
+}
+
+/* encryption/decryption for a block (64 bits)
+ */
+void wc_IdeaCipher(Idea *idea, byte* out, const byte* in)
+{
+ word32 t1, t2;
+ word16 i, skey_idx = 0, idx = 0;
+ word16 x[4];
+
+ /* put input byte block in word16 */
+ for (i = 0; i < IDEA_BLOCK_SIZE/2; i++) {
+ x[i] = (word16)in[idx++] << 8;
+ x[i] |= (word16)in[idx++];
+ }
+
+ for (i = 0; i < IDEA_ROUNDS; i++) {
+ x[0] = idea_mult(x[0], idea->skey[skey_idx++]);
+ x[1] = ((word32)x[1] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
+ x[2] = ((word32)x[2] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
+ x[3] = idea_mult(x[3], idea->skey[skey_idx++]);
+
+ t2 = x[0] ^ x[2];
+ t2 = idea_mult((word16)t2, idea->skey[skey_idx++]);
+ t1 = (t2 + (x[1] ^ x[3])) & IDEA_MASK;
+ t1 = idea_mult((word16)t1, idea->skey[skey_idx++]);
+ t2 = (t1 + t2) & IDEA_MASK;
+
+ x[0] ^= t1;
+ x[3] ^= t2;
+
+ t2 ^= x[1];
+ x[1] = x[2] ^ (word16)t1;
+ x[2] = (word16)t2;
+ }
+
+ x[0] = idea_mult(x[0], idea->skey[skey_idx++]);
+ out[0] = (x[0] >> 8) & 0xFF;
+ out[1] = x[0] & 0xFF;
+
+ x[2] = ((word32)x[2] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
+ out[2] = (x[2] >> 8) & 0xFF;
+ out[3] = x[2] & 0xFF;
+
+ x[1] = ((word32)x[1] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
+ out[4] = (x[1] >> 8) & 0xFF;
+ out[5] = x[1] & 0xFF;
+
+ x[3] = idea_mult(x[3], idea->skey[skey_idx++]);
+ out[6] = (x[3] >> 8) & 0xFF;
+ out[7] = x[3] & 0xFF;
+}
+
+int wc_IdeaCbcEncrypt(Idea *idea, byte* out, const byte* in, word32 len)
+{
+ int blocks;
+
+ if (idea == NULL || out == NULL || in == NULL)
+ return BAD_FUNC_ARG;
+
+ blocks = len / IDEA_BLOCK_SIZE;
+ while (blocks--) {
+ xorbuf((byte*)idea->reg, in, IDEA_BLOCK_SIZE);
+ wc_IdeaCipher(idea, (byte*)idea->reg, (byte*)idea->reg);
+ XMEMCPY(out, idea->reg, IDEA_BLOCK_SIZE);
+
+ out += IDEA_BLOCK_SIZE;
+ in += IDEA_BLOCK_SIZE;
+ }
+
+ return 0;
+}
+
+int wc_IdeaCbcDecrypt(Idea *idea, byte* out, const byte* in, word32 len)
+{
+ int blocks;
+
+ if (idea == NULL || out == NULL || in == NULL)
+ return BAD_FUNC_ARG;
+
+ blocks = len / IDEA_BLOCK_SIZE;
+ while (blocks--) {
+ XMEMCPY((byte*)idea->tmp, in, IDEA_BLOCK_SIZE);
+ wc_IdeaCipher(idea, out, (byte*)idea->tmp);
+ xorbuf(out, (byte*)idea->reg, IDEA_BLOCK_SIZE);
+ XMEMCPY(idea->reg, idea->tmp, IDEA_BLOCK_SIZE);
+
+ out += IDEA_BLOCK_SIZE;
+ in += IDEA_BLOCK_SIZE;
+ }
+
+ return 0;
+}
+
+#endif /* HAVE_IDEA */
+
--- a/wolfcrypt/src/integer.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,4523 +0,0 @@
-/* integer.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/*
- * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
- * http://math.libtomcrypt.com
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-/* in case user set USE_FAST_MATH there */
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_BIG_INT
-
-#ifndef USE_FAST_MATH
-
-#include <wolfssl/wolfcrypt/integer.h>
-
-#ifndef NO_WOLFSSL_SMALL_STACK
- #ifndef WOLFSSL_SMALL_STACK
- #define WOLFSSL_SMALL_STACK
- #endif
-#endif
-
-static void bn_reverse (unsigned char *s, int len);
-
-/* math settings check */
-word32 CheckRunTimeSettings(void)
-{
- return CTC_SETTINGS;
-}
-
-
-/* handle up to 6 inits */
-int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
- mp_int* f)
-{
- int res = MP_OKAY;
-
- if (a && ((res = mp_init(a)) != MP_OKAY))
- return res;
-
- if (b && ((res = mp_init(b)) != MP_OKAY)) {
- mp_clear(a);
- return res;
- }
-
- if (c && ((res = mp_init(c)) != MP_OKAY)) {
- mp_clear(a); mp_clear(b);
- return res;
- }
-
- if (d && ((res = mp_init(d)) != MP_OKAY)) {
- mp_clear(a); mp_clear(b); mp_clear(c);
- return res;
- }
-
- if (e && ((res = mp_init(e)) != MP_OKAY)) {
- mp_clear(a); mp_clear(b); mp_clear(c); mp_clear(d);
- return res;
- }
-
- if (f && ((res = mp_init(f)) != MP_OKAY)) {
- mp_clear(a); mp_clear(b); mp_clear(c); mp_clear(d); mp_clear(e);
- return res;
- }
-
- return res;
-}
-
-
-/* init a new mp_int */
-int mp_init (mp_int * a)
-{
- int i;
-
- /* allocate memory required and clear it */
- a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * MP_PREC, 0,
- DYNAMIC_TYPE_BIGINT);
- if (a->dp == NULL) {
- return MP_MEM;
- }
-
- /* set the digits to zero */
- for (i = 0; i < MP_PREC; i++) {
- a->dp[i] = 0;
- }
-
- /* set the used to zero, allocated digits to the default precision
- * and sign to positive */
- a->used = 0;
- a->alloc = MP_PREC;
- a->sign = MP_ZPOS;
-
- return MP_OKAY;
-}
-
-
-/* clear one (frees) */
-void
-mp_clear (mp_int * a)
-{
- int i;
-
- if (a == NULL)
- return;
-
- /* only do anything if a hasn't been freed previously */
- if (a->dp != NULL) {
- /* first zero the digits */
- for (i = 0; i < a->used; i++) {
- a->dp[i] = 0;
- }
-
- /* free ram */
- XFREE(a->dp, 0, DYNAMIC_TYPE_BIGINT);
-
- /* reset members to make debugging easier */
- a->dp = NULL;
- a->alloc = a->used = 0;
- a->sign = MP_ZPOS;
- }
-}
-
-
-/* get the size for an unsigned equivalent */
-int mp_unsigned_bin_size (mp_int * a)
-{
- int size = mp_count_bits (a);
- return (size / 8 + ((size & 7) != 0 ? 1 : 0));
-}
-
-
-/* returns the number of bits in an int */
-int
-mp_count_bits (mp_int * a)
-{
- int r;
- mp_digit q;
-
- /* shortcut */
- if (a->used == 0) {
- return 0;
- }
-
- /* get number of digits and add that */
- r = (a->used - 1) * DIGIT_BIT;
-
- /* take the last digit and count the bits in it */
- q = a->dp[a->used - 1];
- while (q > ((mp_digit) 0)) {
- ++r;
- q >>= ((mp_digit) 1);
- }
- return r;
-}
-
-
-int mp_leading_bit (mp_int * a)
-{
- int bit = 0;
- mp_int t;
-
- if (mp_init_copy(&t, a) != MP_OKAY)
- return 0;
-
- while (mp_iszero(&t) == 0) {
-#ifndef MP_8BIT
- bit = (t.dp[0] & 0x80) != 0;
-#else
- bit = (t.dp[0] | ((t.dp[1] & 0x01) << 7)) & 0x80 != 0;
-#endif
- if (mp_div_2d (&t, 8, &t, NULL) != MP_OKAY)
- break;
- }
- mp_clear(&t);
- return bit;
-}
-
-
-/* store in unsigned [big endian] format */
-int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
-{
- int x, res;
- mp_int t;
-
- if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
- return res;
- }
-
- x = 0;
- while (mp_iszero (&t) == 0) {
-#ifndef MP_8BIT
- b[x++] = (unsigned char) (t.dp[0] & 255);
-#else
- b[x++] = (unsigned char) (t.dp[0] | ((t.dp[1] & 0x01) << 7));
-#endif
- if ((res = mp_div_2d (&t, 8, &t, NULL)) != MP_OKAY) {
- mp_clear (&t);
- return res;
- }
- }
- bn_reverse (b, x);
- mp_clear (&t);
- return MP_OKAY;
-}
-
-
-/* creates "a" then copies b into it */
-int mp_init_copy (mp_int * a, mp_int * b)
-{
- int res;
-
- if ((res = mp_init (a)) != MP_OKAY) {
- return res;
- }
- return mp_copy (b, a);
-}
-
-
-/* copy, b = a */
-int
-mp_copy (mp_int * a, mp_int * b)
-{
- int res, n;
-
- /* if dst == src do nothing */
- if (a == b) {
- return MP_OKAY;
- }
-
- /* grow dest */
- if (b->alloc < a->used) {
- if ((res = mp_grow (b, a->used)) != MP_OKAY) {
- return res;
- }
- }
-
- /* zero b and copy the parameters over */
- {
- register mp_digit *tmpa, *tmpb;
-
- /* pointer aliases */
-
- /* source */
- tmpa = a->dp;
-
- /* destination */
- tmpb = b->dp;
-
- /* copy all the digits */
- for (n = 0; n < a->used; n++) {
- *tmpb++ = *tmpa++;
- }
-
- /* clear high digits */
- for (; n < b->used; n++) {
- *tmpb++ = 0;
- }
- }
-
- /* copy used count and sign */
- b->used = a->used;
- b->sign = a->sign;
- return MP_OKAY;
-}
-
-
-/* grow as required */
-int mp_grow (mp_int * a, int size)
-{
- int i;
- mp_digit *tmp;
-
- /* if the alloc size is smaller alloc more ram */
- if (a->alloc < size) {
- /* ensure there are always at least MP_PREC digits extra on top */
- size += (MP_PREC * 2) - (size % MP_PREC);
-
- /* reallocate the array a->dp
- *
- * We store the return in a temporary variable
- * in case the operation failed we don't want
- * to overwrite the dp member of a.
- */
- tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * size, 0,
- DYNAMIC_TYPE_BIGINT);
- if (tmp == NULL) {
- /* reallocation failed but "a" is still valid [can be freed] */
- return MP_MEM;
- }
-
- /* reallocation succeeded so set a->dp */
- a->dp = tmp;
-
- /* zero excess digits */
- i = a->alloc;
- a->alloc = size;
- for (; i < a->alloc; i++) {
- a->dp[i] = 0;
- }
- }
- return MP_OKAY;
-}
-
-
-/* reverse an array, used for radix code */
-void
-bn_reverse (unsigned char *s, int len)
-{
- int ix, iy;
- unsigned char t;
-
- ix = 0;
- iy = len - 1;
- while (ix < iy) {
- t = s[ix];
- s[ix] = s[iy];
- s[iy] = t;
- ++ix;
- --iy;
- }
-}
-
-
-/* shift right by a certain bit count (store quotient in c, optional
- remainder in d) */
-int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d)
-{
- int D, res;
- mp_int t;
-
-
- /* if the shift count is <= 0 then we do no work */
- if (b <= 0) {
- res = mp_copy (a, c);
- if (d != NULL) {
- mp_zero (d);
- }
- return res;
- }
-
- if ((res = mp_init (&t)) != MP_OKAY) {
- return res;
- }
-
- /* get the remainder */
- if (d != NULL) {
- if ((res = mp_mod_2d (a, b, &t)) != MP_OKAY) {
- mp_clear (&t);
- return res;
- }
- }
-
- /* copy */
- if ((res = mp_copy (a, c)) != MP_OKAY) {
- mp_clear (&t);
- return res;
- }
-
- /* shift by as many digits in the bit count */
- if (b >= (int)DIGIT_BIT) {
- mp_rshd (c, b / DIGIT_BIT);
- }
-
- /* shift any bit count < DIGIT_BIT */
- D = (b % DIGIT_BIT);
- if (D != 0) {
- mp_rshb(c, D);
- }
- mp_clamp (c);
- if (d != NULL) {
- mp_exch (&t, d);
- }
- mp_clear (&t);
- return MP_OKAY;
-}
-
-
-/* set to zero */
-void mp_zero (mp_int * a)
-{
- int n;
- mp_digit *tmp;
-
- a->sign = MP_ZPOS;
- a->used = 0;
-
- tmp = a->dp;
- for (n = 0; n < a->alloc; n++) {
- *tmp++ = 0;
- }
-}
-
-
-/* trim unused digits
- *
- * This is used to ensure that leading zero digits are
- * trimed and the leading "used" digit will be non-zero
- * Typically very fast. Also fixes the sign if there
- * are no more leading digits
- */
-void
-mp_clamp (mp_int * a)
-{
- /* decrease used while the most significant digit is
- * zero.
- */
- while (a->used > 0 && a->dp[a->used - 1] == 0) {
- --(a->used);
- }
-
- /* reset the sign flag if used == 0 */
- if (a->used == 0) {
- a->sign = MP_ZPOS;
- }
-}
-
-
-/* swap the elements of two integers, for cases where you can't simply swap the
- * mp_int pointers around
- */
-void
-mp_exch (mp_int * a, mp_int * b)
-{
- mp_int t;
-
- t = *a;
- *a = *b;
- *b = t;
-}
-
-
-/* shift right a certain number of bits */
-void mp_rshb (mp_int *c, int x)
-{
- register mp_digit *tmpc, mask, shift;
- mp_digit r, rr;
- mp_digit D = x;
-
- /* mask */
- mask = (((mp_digit)1) << D) - 1;
-
- /* shift for lsb */
- shift = DIGIT_BIT - D;
-
- /* alias */
- tmpc = c->dp + (c->used - 1);
-
- /* carry */
- r = 0;
- for (x = c->used - 1; x >= 0; x--) {
- /* get the lower bits of this word in a temp */
- rr = *tmpc & mask;
-
- /* shift the current word and mix in the carry bits from previous word */
- *tmpc = (*tmpc >> D) | (r << shift);
- --tmpc;
-
- /* set the carry to the carry bits of the current word found above */
- r = rr;
- }
-}
-
-
-/* shift right a certain amount of digits */
-void mp_rshd (mp_int * a, int b)
-{
- int x;
-
- /* if b <= 0 then ignore it */
- if (b <= 0) {
- return;
- }
-
- /* if b > used then simply zero it and return */
- if (a->used <= b) {
- mp_zero (a);
- return;
- }
-
- {
- register mp_digit *bottom, *top;
-
- /* shift the digits down */
-
- /* bottom */
- bottom = a->dp;
-
- /* top [offset into digits] */
- top = a->dp + b;
-
- /* this is implemented as a sliding window where
- * the window is b-digits long and digits from
- * the top of the window are copied to the bottom
- *
- * e.g.
-
- b-2 | b-1 | b0 | b1 | b2 | ... | bb | ---->
- /\ | ---->
- \-------------------/ ---->
- */
- for (x = 0; x < (a->used - b); x++) {
- *bottom++ = *top++;
- }
-
- /* zero the top digits */
- for (; x < a->used; x++) {
- *bottom++ = 0;
- }
- }
-
- /* remove excess digits */
- a->used -= b;
-}
-
-
-/* calc a value mod 2**b */
-int
-mp_mod_2d (mp_int * a, int b, mp_int * c)
-{
- int x, res;
-
- /* if b is <= 0 then zero the int */
- if (b <= 0) {
- mp_zero (c);
- return MP_OKAY;
- }
-
- /* if the modulus is larger than the value than return */
- if (b >= (int) (a->used * DIGIT_BIT)) {
- res = mp_copy (a, c);
- return res;
- }
-
- /* copy */
- if ((res = mp_copy (a, c)) != MP_OKAY) {
- return res;
- }
-
- /* zero digits above the last digit of the modulus */
- for (x = (b / DIGIT_BIT) + ((b % DIGIT_BIT) == 0 ? 0 : 1); x < c->used; x++) {
- c->dp[x] = 0;
- }
- /* clear the digit that is not completely outside/inside the modulus */
- c->dp[b / DIGIT_BIT] &= (mp_digit) ((((mp_digit) 1) <<
- (((mp_digit) b) % DIGIT_BIT)) - ((mp_digit) 1));
- mp_clamp (c);
- return MP_OKAY;
-}
-
-
-/* reads a unsigned char array, assumes the msb is stored first [big endian] */
-int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c)
-{
- int res;
-
- /* make sure there are at least two digits */
- if (a->alloc < 2) {
- if ((res = mp_grow(a, 2)) != MP_OKAY) {
- return res;
- }
- }
-
- /* zero the int */
- mp_zero (a);
-
- /* read the bytes in */
- while (c-- > 0) {
- if ((res = mp_mul_2d (a, 8, a)) != MP_OKAY) {
- return res;
- }
-
-#ifndef MP_8BIT
- a->dp[0] |= *b++;
- a->used += 1;
-#else
- a->dp[0] = (*b & MP_MASK);
- a->dp[1] |= ((*b++ >> 7U) & 1);
- a->used += 2;
-#endif
- }
- mp_clamp (a);
- return MP_OKAY;
-}
-
-
-/* shift left by a certain bit count */
-int mp_mul_2d (mp_int * a, int b, mp_int * c)
-{
- mp_digit d;
- int res;
-
- /* copy */
- if (a != c) {
- if ((res = mp_copy (a, c)) != MP_OKAY) {
- return res;
- }
- }
-
- if (c->alloc < (int)(c->used + b/DIGIT_BIT + 1)) {
- if ((res = mp_grow (c, c->used + b / DIGIT_BIT + 1)) != MP_OKAY) {
- return res;
- }
- }
-
- /* shift by as many digits in the bit count */
- if (b >= (int)DIGIT_BIT) {
- if ((res = mp_lshd (c, b / DIGIT_BIT)) != MP_OKAY) {
- return res;
- }
- }
-
- /* shift any bit count < DIGIT_BIT */
- d = (mp_digit) (b % DIGIT_BIT);
- if (d != 0) {
- register mp_digit *tmpc, shift, mask, r, rr;
- register int x;
-
- /* bitmask for carries */
- mask = (((mp_digit)1) << d) - 1;
-
- /* shift for msbs */
- shift = DIGIT_BIT - d;
-
- /* alias */
- tmpc = c->dp;
-
- /* carry */
- r = 0;
- for (x = 0; x < c->used; x++) {
- /* get the higher bits of the current word */
- rr = (*tmpc >> shift) & mask;
-
- /* shift the current word and OR in the carry */
- *tmpc = ((*tmpc << d) | r) & MP_MASK;
- ++tmpc;
-
- /* set the carry to the carry bits of the current word */
- r = rr;
- }
-
- /* set final carry */
- if (r != 0) {
- c->dp[(c->used)++] = r;
- }
- }
- mp_clamp (c);
- return MP_OKAY;
-}
-
-
-/* shift left a certain amount of digits */
-int mp_lshd (mp_int * a, int b)
-{
- int x, res;
-
- /* if its less than zero return */
- if (b <= 0) {
- return MP_OKAY;
- }
-
- /* grow to fit the new digits */
- if (a->alloc < a->used + b) {
- if ((res = mp_grow (a, a->used + b)) != MP_OKAY) {
- return res;
- }
- }
-
- {
- register mp_digit *top, *bottom;
-
- /* increment the used by the shift amount then copy upwards */
- a->used += b;
-
- /* top */
- top = a->dp + a->used - 1;
-
- /* base */
- bottom = a->dp + a->used - 1 - b;
-
- /* much like mp_rshd this is implemented using a sliding window
- * except the window goes the otherway around. Copying from
- * the bottom to the top. see bn_mp_rshd.c for more info.
- */
- for (x = a->used - 1; x >= b; x--) {
- *top-- = *bottom--;
- }
-
- /* zero the lower digits */
- top = a->dp;
- for (x = 0; x < b; x++) {
- *top++ = 0;
- }
- }
- return MP_OKAY;
-}
-
-
-/* this is a shell function that calls either the normal or Montgomery
- * exptmod functions. Originally the call to the montgomery code was
- * embedded in the normal function but that wasted alot of stack space
- * for nothing (since 99% of the time the Montgomery code would be called)
- */
-int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
-{
- int dr;
-
- /* modulus P must be positive */
- if (P->sign == MP_NEG) {
- return MP_VAL;
- }
-
- /* if exponent X is negative we have to recurse */
- if (X->sign == MP_NEG) {
-#ifdef BN_MP_INVMOD_C
- mp_int tmpG, tmpX;
- int err;
-
- /* first compute 1/G mod P */
- if ((err = mp_init(&tmpG)) != MP_OKAY) {
- return err;
- }
- if ((err = mp_invmod(G, P, &tmpG)) != MP_OKAY) {
- mp_clear(&tmpG);
- return err;
- }
-
- /* now get |X| */
- if ((err = mp_init(&tmpX)) != MP_OKAY) {
- mp_clear(&tmpG);
- return err;
- }
- if ((err = mp_abs(X, &tmpX)) != MP_OKAY) {
- mp_clear(&tmpG);
- mp_clear(&tmpX);
- return err;
- }
-
- /* and now compute (1/G)**|X| instead of G**X [X < 0] */
- err = mp_exptmod(&tmpG, &tmpX, P, Y);
- mp_clear(&tmpG);
- mp_clear(&tmpX);
- return err;
-#else
- /* no invmod */
- return MP_VAL;
-#endif
- }
-
-/* modified diminished radix reduction */
-#if defined(BN_MP_REDUCE_IS_2K_L_C) && defined(BN_MP_REDUCE_2K_L_C) && \
- defined(BN_S_MP_EXPTMOD_C)
- if (mp_reduce_is_2k_l(P) == MP_YES) {
- return s_mp_exptmod(G, X, P, Y, 1);
- }
-#endif
-
-#ifdef BN_MP_DR_IS_MODULUS_C
- /* is it a DR modulus? */
- dr = mp_dr_is_modulus(P);
-#else
- /* default to no */
- dr = 0;
-#endif
-
-#ifdef BN_MP_REDUCE_IS_2K_C
- /* if not, is it a unrestricted DR modulus? */
- if (dr == 0) {
- dr = mp_reduce_is_2k(P) << 1;
- }
-#endif
-
- /* if the modulus is odd or dr != 0 use the montgomery method */
-#ifdef BN_MP_EXPTMOD_FAST_C
- if (mp_isodd (P) == 1 || dr != 0) {
- return mp_exptmod_fast (G, X, P, Y, dr);
- } else {
-#endif
-#ifdef BN_S_MP_EXPTMOD_C
- /* otherwise use the generic Barrett reduction technique */
- return s_mp_exptmod (G, X, P, Y, 0);
-#else
- /* no exptmod for evens */
- return MP_VAL;
-#endif
-#ifdef BN_MP_EXPTMOD_FAST_C
- }
-#endif
-}
-
-
-/* b = |a|
- *
- * Simple function copies the input and fixes the sign to positive
- */
-int
-mp_abs (mp_int * a, mp_int * b)
-{
- int res;
-
- /* copy a to b */
- if (a != b) {
- if ((res = mp_copy (a, b)) != MP_OKAY) {
- return res;
- }
- }
-
- /* force the sign of b to positive */
- b->sign = MP_ZPOS;
-
- return MP_OKAY;
-}
-
-
-/* hac 14.61, pp608 */
-int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
-{
- /* b cannot be negative */
- if (b->sign == MP_NEG || mp_iszero(b) == 1) {
- return MP_VAL;
- }
-
-#ifdef BN_FAST_MP_INVMOD_C
- /* if the modulus is odd we can use a faster routine instead */
- if (mp_isodd (b) == 1) {
- return fast_mp_invmod (a, b, c);
- }
-#endif
-
-#ifdef BN_MP_INVMOD_SLOW_C
- return mp_invmod_slow(a, b, c);
-#endif
-}
-
-
-/* computes the modular inverse via binary extended euclidean algorithm,
- * that is c = 1/a mod b
- *
- * Based on slow invmod except this is optimized for the case where b is
- * odd as per HAC Note 14.64 on pp. 610
- */
-int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
-{
- mp_int x, y, u, v, B, D;
- int res, neg, loop_check = 0;
-
- /* 2. [modified] b must be odd */
- if (mp_iseven (b) == 1) {
- return MP_VAL;
- }
-
- /* init all our temps */
- if ((res = mp_init_multi(&x, &y, &u, &v, &B, &D)) != MP_OKAY) {
- return res;
- }
-
- /* x == modulus, y == value to invert */
- if ((res = mp_copy (b, &x)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- /* we need y = |a| */
- if ((res = mp_mod (a, b, &y)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
- if ((res = mp_copy (&x, &u)) != MP_OKAY) {
- goto LBL_ERR;
- }
- if ((res = mp_copy (&y, &v)) != MP_OKAY) {
- goto LBL_ERR;
- }
- mp_set (&D, 1);
-
-top:
- /* 4. while u is even do */
- while (mp_iseven (&u) == 1) {
- /* 4.1 u = u/2 */
- if ((res = mp_div_2 (&u, &u)) != MP_OKAY) {
- goto LBL_ERR;
- }
- /* 4.2 if B is odd then */
- if (mp_isodd (&B) == 1) {
- if ((res = mp_sub (&B, &x, &B)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
- /* B = B/2 */
- if ((res = mp_div_2 (&B, &B)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* 5. while v is even do */
- while (mp_iseven (&v) == 1) {
- /* 5.1 v = v/2 */
- if ((res = mp_div_2 (&v, &v)) != MP_OKAY) {
- goto LBL_ERR;
- }
- /* 5.2 if D is odd then */
- if (mp_isodd (&D) == 1) {
- /* D = (D-x)/2 */
- if ((res = mp_sub (&D, &x, &D)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
- /* D = D/2 */
- if ((res = mp_div_2 (&D, &D)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* 6. if u >= v then */
- if (mp_cmp (&u, &v) != MP_LT) {
- /* u = u - v, B = B - D */
- if ((res = mp_sub (&u, &v, &u)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- if ((res = mp_sub (&B, &D, &B)) != MP_OKAY) {
- goto LBL_ERR;
- }
- } else {
- /* v - v - u, D = D - B */
- if ((res = mp_sub (&v, &u, &v)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- if ((res = mp_sub (&D, &B, &D)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* if not zero goto step 4 */
- if (mp_iszero (&u) == 0) {
- if (++loop_check > 1024) {
- res = MP_VAL;
- goto LBL_ERR;
- }
- goto top;
- }
-
- /* now a = C, b = D, gcd == g*v */
-
- /* if v != 1 then there is no inverse */
- if (mp_cmp_d (&v, 1) != MP_EQ) {
- res = MP_VAL;
- goto LBL_ERR;
- }
-
- /* b is now the inverse */
- neg = a->sign;
- while (D.sign == MP_NEG) {
- if ((res = mp_add (&D, b, &D)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
- mp_exch (&D, c);
- c->sign = neg;
- res = MP_OKAY;
-
-LBL_ERR:mp_clear(&x);
- mp_clear(&y);
- mp_clear(&u);
- mp_clear(&v);
- mp_clear(&B);
- mp_clear(&D);
- return res;
-}
-
-
-/* hac 14.61, pp608 */
-int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
-{
- mp_int x, y, u, v, A, B, C, D;
- int res;
-
- /* b cannot be negative */
- if (b->sign == MP_NEG || mp_iszero(b) == 1) {
- return MP_VAL;
- }
-
- /* init temps */
- if ((res = mp_init_multi(&x, &y, &u, &v,
- &A, &B)) != MP_OKAY) {
- return res;
- }
-
- /* init rest of tmps temps */
- if ((res = mp_init_multi(&C, &D, 0, 0, 0, 0)) != MP_OKAY) {
- return res;
- }
-
- /* x = a, y = b */
- if ((res = mp_mod(a, b, &x)) != MP_OKAY) {
- goto LBL_ERR;
- }
- if ((res = mp_copy (b, &y)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- /* 2. [modified] if x,y are both even then return an error! */
- if (mp_iseven (&x) == 1 && mp_iseven (&y) == 1) {
- res = MP_VAL;
- goto LBL_ERR;
- }
-
- /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
- if ((res = mp_copy (&x, &u)) != MP_OKAY) {
- goto LBL_ERR;
- }
- if ((res = mp_copy (&y, &v)) != MP_OKAY) {
- goto LBL_ERR;
- }
- mp_set (&A, 1);
- mp_set (&D, 1);
-
-top:
- /* 4. while u is even do */
- while (mp_iseven (&u) == 1) {
- /* 4.1 u = u/2 */
- if ((res = mp_div_2 (&u, &u)) != MP_OKAY) {
- goto LBL_ERR;
- }
- /* 4.2 if A or B is odd then */
- if (mp_isodd (&A) == 1 || mp_isodd (&B) == 1) {
- /* A = (A+y)/2, B = (B-x)/2 */
- if ((res = mp_add (&A, &y, &A)) != MP_OKAY) {
- goto LBL_ERR;
- }
- if ((res = mp_sub (&B, &x, &B)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
- /* A = A/2, B = B/2 */
- if ((res = mp_div_2 (&A, &A)) != MP_OKAY) {
- goto LBL_ERR;
- }
- if ((res = mp_div_2 (&B, &B)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* 5. while v is even do */
- while (mp_iseven (&v) == 1) {
- /* 5.1 v = v/2 */
- if ((res = mp_div_2 (&v, &v)) != MP_OKAY) {
- goto LBL_ERR;
- }
- /* 5.2 if C or D is odd then */
- if (mp_isodd (&C) == 1 || mp_isodd (&D) == 1) {
- /* C = (C+y)/2, D = (D-x)/2 */
- if ((res = mp_add (&C, &y, &C)) != MP_OKAY) {
- goto LBL_ERR;
- }
- if ((res = mp_sub (&D, &x, &D)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
- /* C = C/2, D = D/2 */
- if ((res = mp_div_2 (&C, &C)) != MP_OKAY) {
- goto LBL_ERR;
- }
- if ((res = mp_div_2 (&D, &D)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* 6. if u >= v then */
- if (mp_cmp (&u, &v) != MP_LT) {
- /* u = u - v, A = A - C, B = B - D */
- if ((res = mp_sub (&u, &v, &u)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- if ((res = mp_sub (&A, &C, &A)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- if ((res = mp_sub (&B, &D, &B)) != MP_OKAY) {
- goto LBL_ERR;
- }
- } else {
- /* v - v - u, C = C - A, D = D - B */
- if ((res = mp_sub (&v, &u, &v)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- if ((res = mp_sub (&C, &A, &C)) != MP_OKAY) {
- goto LBL_ERR;
- }
-
- if ((res = mp_sub (&D, &B, &D)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* if not zero goto step 4 */
- if (mp_iszero (&u) == 0)
- goto top;
-
- /* now a = C, b = D, gcd == g*v */
-
- /* if v != 1 then there is no inverse */
- if (mp_cmp_d (&v, 1) != MP_EQ) {
- res = MP_VAL;
- goto LBL_ERR;
- }
-
- /* if its too low */
- while (mp_cmp_d(&C, 0) == MP_LT) {
- if ((res = mp_add(&C, b, &C)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* too big */
- while (mp_cmp_mag(&C, b) != MP_LT) {
- if ((res = mp_sub(&C, b, &C)) != MP_OKAY) {
- goto LBL_ERR;
- }
- }
-
- /* C is now the inverse */
- mp_exch (&C, c);
- res = MP_OKAY;
-LBL_ERR:mp_clear(&x);
- mp_clear(&y);
- mp_clear(&u);
- mp_clear(&v);
- mp_clear(&A);
- mp_clear(&B);
- mp_clear(&C);
- mp_clear(&D);
- return res;
-}
-
-
-/* compare maginitude of two ints (unsigned) */
-int mp_cmp_mag (mp_int * a, mp_int * b)
-{
- int n;
- mp_digit *tmpa, *tmpb;
-
- /* compare based on # of non-zero digits */
- if (a->used > b->used) {
- return MP_GT;
- }
-
- if (a->used < b->used) {
- return MP_LT;
- }
-
- /* alias for a */
- tmpa = a->dp + (a->used - 1);
-
- /* alias for b */
- tmpb = b->dp + (a->used - 1);
-
- /* compare based on digits */
- for (n = 0; n < a->used; ++n, --tmpa, --tmpb) {
- if (*tmpa > *tmpb) {
- return MP_GT;
- }
-
- if (*tmpa < *tmpb) {
- return MP_LT;
- }
- }
- return MP_EQ;
-}
-
-
-/* compare two ints (signed)*/
-int
-mp_cmp (mp_int * a, mp_int * b)
-{
- /* compare based on sign */
- if (a->sign != b->sign) {
- if (a->sign == MP_NEG) {
- return MP_LT;
- } else {
- return MP_GT;
- }
- }
-
- /* compare digits */
- if (a->sign == MP_NEG) {
- /* if negative compare opposite direction */
- return mp_cmp_mag(b, a);
- } else {
- return mp_cmp_mag(a, b);
- }
-}
-
-
-/* compare a digit */
-int mp_cmp_d(mp_int * a, mp_digit b)
-{
- /* compare based on sign */
- if (a->sign == MP_NEG) {
- return MP_LT;
- }
-
- /* compare based on magnitude */
- if (a->used > 1) {
- return MP_GT;
- }
-
- /* compare the only digit of a to b */
- if (a->dp[0] > b) {
- return MP_GT;
- } else if (a->dp[0] < b) {
- return MP_LT;
- } else {
- return MP_EQ;
- }
-}
-
-
-/* set to a digit */
-void mp_set (mp_int * a, mp_digit b)
-{
- mp_zero (a);
- a->dp[0] = b & MP_MASK;
- a->used = (a->dp[0] != 0) ? 1 : 0;
-}
-
-
-/* c = a mod b, 0 <= c < b */
-int
-mp_mod (mp_int * a, mp_int * b, mp_int * c)
-{
- mp_int t;
- int res;
-
- if ((res = mp_init (&t)) != MP_OKAY) {
- return res;
- }
-
- if ((res = mp_div (a, b, NULL, &t)) != MP_OKAY) {
- mp_clear (&t);
- return res;
- }
-
- if (t.sign != b->sign) {
- res = mp_add (b, &t, c);
- } else {
- res = MP_OKAY;
- mp_exch (&t, c);
- }
-
- mp_clear (&t);
- return res;
-}
-
-
-/* slower bit-bang division... also smaller */
-int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
-{
- mp_int ta, tb, tq, q;
- int res, n, n2;
-
- /* is divisor zero ? */
- if (mp_iszero (b) == 1) {
- return MP_VAL;
- }
-
- /* if a < b then q=0, r = a */
- if (mp_cmp_mag (a, b) == MP_LT) {
- if (d != NULL) {
- res = mp_copy (a, d);
- } else {
- res = MP_OKAY;
- }
- if (c != NULL) {
- mp_zero (c);
- }
- return res;
- }
-
- /* init our temps */
- if ((res = mp_init_multi(&ta, &tb, &tq, &q, 0, 0)) != MP_OKAY) {
- return res;
- }
-
-
- mp_set(&tq, 1);
- n = mp_count_bits(a) - mp_count_bits(b);
- if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
- ((res = mp_abs(b, &tb)) != MP_OKAY) ||
- ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) ||
- ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) {
- goto LBL_ERR;
- }
-
- while (n-- >= 0) {
- if (mp_cmp(&tb, &ta) != MP_GT) {
- if (((res = mp_sub(&ta, &tb, &ta)) != MP_OKAY) ||
- ((res = mp_add(&q, &tq, &q)) != MP_OKAY)) {
- goto LBL_ERR;
- }
- }
- if (((res = mp_div_2d(&tb, 1, &tb, NULL)) != MP_OKAY) ||
- ((res = mp_div_2d(&tq, 1, &tq, NULL)) != MP_OKAY)) {
- goto LBL_ERR;
- }
- }
-
- /* now q == quotient and ta == remainder */
- n = a->sign;
- n2 = (a->sign == b->sign ? MP_ZPOS : MP_NEG);
- if (c != NULL) {
- mp_exch(c, &q);
- c->sign = (mp_iszero(c) == MP_YES) ? MP_ZPOS : n2;
- }
- if (d != NULL) {
- mp_exch(d, &ta);
- d->sign = (mp_iszero(d) == MP_YES) ? MP_ZPOS : n;
- }
-LBL_ERR:
- mp_clear(&ta);
- mp_clear(&tb);
- mp_clear(&tq);
- mp_clear(&q);
- return res;
-}
-
-
-/* b = a/2 */
-int mp_div_2(mp_int * a, mp_int * b)
-{
- int x, res, oldused;
-
- /* copy */
- if (b->alloc < a->used) {
- if ((res = mp_grow (b, a->used)) != MP_OKAY) {
- return res;
- }
- }
-
- oldused = b->used;
- b->used = a->used;
- {
- register mp_digit r, rr, *tmpa, *tmpb;
-
- /* source alias */
- tmpa = a->dp + b->used - 1;
-
- /* dest alias */
- tmpb = b->dp + b->used - 1;
-
- /* carry */
- r = 0;
- for (x = b->used - 1; x >= 0; x--) {
- /* get the carry for the next iteration */
- rr = *tmpa & 1;
-
- /* shift the current digit, add in carry and store */
- *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1));
-
- /* forward carry to next iteration */
- r = rr;
- }
-
- /* zero excess digits */
- tmpb = b->dp + b->used;
- for (x = b->used; x < oldused; x++) {
- *tmpb++ = 0;
- }
- }
- b->sign = a->sign;
- mp_clamp (b);
- return MP_OKAY;
-}
-
-
-/* high level addition (handles signs) */
-int mp_add (mp_int * a, mp_int * b, mp_int * c)
-{
- int sa, sb, res;
-
- /* get sign of both inputs */
- sa = a->sign;
- sb = b->sign;
-
- /* handle two cases, not four */
- if (sa == sb) {
- /* both positive or both negative */
- /* add their magnitudes, copy the sign */
- c->sign = sa;
- res = s_mp_add (a, b, c);
- } else {
- /* one positive, the other negative */
- /* subtract the one with the greater magnitude from */
- /* the one of the lesser magnitude. The result gets */
- /* the sign of the one with the greater magnitude. */
- if (mp_cmp_mag (a, b) == MP_LT) {
- c->sign = sb;
- res = s_mp_sub (b, a, c);
- } else {
- c->sign = sa;
- res = s_mp_sub (a, b, c);
- }
- }
- return res;
-}
-
-
-/* low level addition, based on HAC pp.594, Algorithm 14.7 */
-int
-s_mp_add (mp_int * a, mp_int * b, mp_int * c)
-{
- mp_int *x;
- int olduse, res, min, max;
-
- /* find sizes, we let |a| <= |b| which means we have to sort
- * them. "x" will point to the input with the most digits
- */
- if (a->used > b->used) {
- min = b->used;
- max = a->used;
- x = a;
- } else {
- min = a->used;
- max = b->used;
- x = b;
- }
-
- /* init result */
- if (c->alloc < max + 1) {
- if ((res = mp_grow (c, max + 1)) != MP_OKAY) {
- return res;
- }
- }
-
- /* get old used digit count and set new one */
- olduse = c->used;
- c->used = max + 1;
-
- {
- register mp_digit u, *tmpa, *tmpb, *tmpc;
- register int i;
-
- /* alias for digit pointers */
-
- /* first input */
- tmpa = a->dp;
-
- /* second input */
- tmpb = b->dp;
-
- /* destination */
- tmpc = c->dp;
-
- /* zero the carry */
- u = 0;
- for (i = 0; i < min; i++) {
- /* Compute the sum at one digit, T[i] = A[i] + B[i] + U */
- *tmpc = *tmpa++ + *tmpb++ + u;
-
- /* U = carry bit of T[i] */
- u = *tmpc >> ((mp_digit)DIGIT_BIT);
-
- /* take away carry bit from T[i] */
- *tmpc++ &= MP_MASK;
- }
-
- /* now copy higher words if any, that is in A+B
- * if A or B has more digits add those in
- */
- if (min != max) {
- for (; i < max; i++) {
- /* T[i] = X[i] + U */
- *tmpc = x->dp[i] + u;
-
- /* U = carry bit of T[i] */
- u = *tmpc >> ((mp_digit)DIGIT_BIT);
-
- /* take away carry bit from T[i] */
- *tmpc++ &= MP_MASK;
- }
- }
-
- /* add carry */
- *tmpc++ = u;
-
- /* clear digits above oldused */
- for (i = c->used; i < olduse; i++) {
- *tmpc++ = 0;
- }
- }
-
- mp_clamp (c);
- return MP_OKAY;
-}
-
-
-/* low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 */
-int
-s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
-{
- int olduse, res, min, max;
-
- /* find sizes */
- min = b->used;
- max = a->used;
-
- /* init result */
- if (c->alloc < max) {
- if ((res = mp_grow (c, max)) != MP_OKAY) {
- return res;
- }
- }
- olduse = c->used;
- c->used = max;
-
- {
- register mp_digit u, *tmpa, *tmpb, *tmpc;
- register int i;
-
- /* alias for digit pointers */
- tmpa = a->dp;
- tmpb = b->dp;
- tmpc = c->dp;
-
- /* set carry to zero */
- u = 0;
- for (i = 0; i < min; i++) {
- /* T[i] = A[i] - B[i] - U */
- *tmpc = *tmpa++ - *tmpb++ - u;
-
- /* U = carry bit of T[i]
- * Note this saves performing an AND operation since
- * if a carry does occur it will propagate all the way to the
- * MSB. As a result a single shift is enough to get the carry
- */
- u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1));
-
- /* Clear carry from T[i] */
- *tmpc++ &= MP_MASK;
- }
-
- /* now copy higher words if any, e.g. if A has more digits than B */
- for (; i < max; i++) {
- /* T[i] = A[i] - U */
- *tmpc = *tmpa++ - u;
-
- /* U = carry bit of T[i] */
- u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1));
-
- /* Clear carry from T[i] */
- *tmpc++ &= MP_MASK;
- }
-
- /* clear digits above used (since we may not have grown result above) */
- for (i = c->used; i < olduse; i++) {
- *tmpc++ = 0;
- }
- }
-
- mp_clamp (c);
- return MP_OKAY;
-}
-
-
-/* high level subtraction (handles signs) */
-int
-mp_sub (mp_int * a, mp_int * b, mp_int * c)
-{
- int sa, sb, res;
-
- sa = a->sign;
- sb = b->sign;
-
- if (sa != sb) {
- /* subtract a negative from a positive, OR */
- /* subtract a positive from a negative. */
- /* In either case, ADD their magnitudes, */
- /* and use the sign of the first number. */
- c->sign = sa;
- res = s_mp_add (a, b, c);
- } else {
- /* subtract a positive from a positive, OR */
- /* subtract a negative from a negative. */
- /* First, take the difference between their */
- /* magnitudes, then... */
- if (mp_cmp_mag (a, b) != MP_LT) {
- /* Copy the sign from the first */
- c->sign = sa;
- /* The first has a larger or equal magnitude */
- res = s_mp_sub (a, b, c);
- } else {
- /* The result has the *opposite* sign from */
- /* the first number. */
- c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS;
- /* The second has a larger magnitude */
- res = s_mp_sub (b, a, c);
- }
- }
- return res;
-}
-
-
-/* determines if reduce_2k_l can be used */
-int mp_reduce_is_2k_l(mp_int *a)
-{
- int ix, iy;
-
- if (a->used == 0) {
- return MP_NO;
- } else if (a->used == 1) {
- return MP_YES;
- } else if (a->used > 1) {
- /* if more than half of the digits are -1 we're sold */
- for (iy = ix = 0; ix < a->used; ix++) {
- if (a->dp[ix] == MP_MASK) {
- ++iy;
- }
- }
- return (iy >= (a->used/2)) ? MP_YES : MP_NO;
-
- }
- return MP_NO;
-}
-
-
-/* determines if mp_reduce_2k can be used */
-int mp_reduce_is_2k(mp_int *a)
-{
- int ix, iy, iw;
- mp_digit iz;
-
- if (a->used == 0) {
- return MP_NO;
- } else if (a->used == 1) {
- return MP_YES;
- } else if (a->used > 1) {
- iy = mp_count_bits(a);
- iz = 1;
- iw = 1;
-
- /* Test every bit from the second digit up, must be 1 */
- for (ix = DIGIT_BIT; ix < iy; ix++) {
- if ((a->dp[iw] & iz) == 0) {
- return MP_NO;
- }
- iz <<= 1;
- if (iz > (mp_digit)MP_MASK) {
- ++iw;
- iz = 1;
- }
- }
- }
- return MP_YES;
-}
-
-
-/* determines if a number is a valid DR modulus */
-int mp_dr_is_modulus(mp_int *a)
-{
- int ix;
-
- /* must be at least two digits */
- if (a->used < 2) {
- return 0;
- }
-
- /* must be of the form b**k - a [a <= b] so all
- * but the first digit must be equal to -1 (mod b).
- */
- for (ix = 1; ix < a->used; ix++) {
- if (a->dp[ix] != MP_MASK) {
- return 0;
- }
- }
- return 1;
-}
-
-
-/* computes Y == G**X mod P, HAC pp.616, Algorithm 14.85
- *
- * Uses a left-to-right k-ary sliding window to compute the modular
- * exponentiation.
- * The value of k changes based on the size of the exponent.
- *
- * Uses Montgomery or Diminished Radix reduction [whichever appropriate]
- */
-
-#ifdef MP_LOW_MEM
- #define TAB_SIZE 32
-#else
- #define TAB_SIZE 256
-#endif
-
-int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
- int redmode)
-{
- mp_int res;
- mp_digit buf, mp;
- int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
-#ifdef WOLFSSL_SMALL_STACK
- mp_int* M = NULL;
-#else
- mp_int M[TAB_SIZE];
-#endif
- /* use a pointer to the reduction algorithm. This allows us to use
- * one of many reduction algorithms without modding the guts of
- * the code with if statements everywhere.
- */
- int (*redux)(mp_int*,mp_int*,mp_digit);
-
-#ifdef WOLFSSL_SMALL_STACK
- M = (mp_int*) XMALLOC(sizeof(mp_int) * TAB_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (M == NULL)
- return MP_MEM;
-#endif
-
- /* find window size */
- x = mp_count_bits (X);
- if (x <= 7) {
- winsize = 2;
- } else if (x <= 36) {
- winsize = 3;
- } else if (x <= 140) {
- winsize = 4;
- } else if (x <= 450) {
- winsize = 5;
- } else if (x <= 1303) {
- winsize = 6;
- } else if (x <= 3529) {
- winsize = 7;
- } else {
- winsize = 8;
- }
-
-#ifdef MP_LOW_MEM
- if (winsize > 5) {
- winsize = 5;
- }
-#endif
-
- /* init M array */
- /* init first cell */
- if ((err = mp_init(&M[1])) != MP_OKAY) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return err;
- }
-
- /* now init the second half of the array */
- for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
- if ((err = mp_init(&M[x])) != MP_OKAY) {
- for (y = 1<<(winsize-1); y < x; y++) {
- mp_clear (&M[y]);
- }
- mp_clear(&M[1]);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return err;
- }
- }
-
- /* determine and setup reduction code */
- if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_SETUP_C
- /* now setup montgomery */
- if ((err = mp_montgomery_setup (P, &mp)) != MP_OKAY) {
- goto LBL_M;
- }
-#else
- err = MP_VAL;
- goto LBL_M;
-#endif
-
- /* automatically pick the comba one if available (saves quite a few
- calls/ifs) */
-#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
- if (((P->used * 2 + 1) < MP_WARRAY) &&
- P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
- redux = fast_mp_montgomery_reduce;
- } else
-#endif
- {
-#ifdef BN_MP_MONTGOMERY_REDUCE_C
- /* use slower baseline Montgomery method */
- redux = mp_montgomery_reduce;
-#else
- err = MP_VAL;
- goto LBL_M;
-#endif
- }
- } else if (redmode == 1) {
-#if defined(BN_MP_DR_SETUP_C) && defined(BN_MP_DR_REDUCE_C)
- /* setup DR reduction for moduli of the form B**k - b */
- mp_dr_setup(P, &mp);
- redux = mp_dr_reduce;
-#else
- err = MP_VAL;
- goto LBL_M;
-#endif
- } else {
-#if defined(BN_MP_REDUCE_2K_SETUP_C) && defined(BN_MP_REDUCE_2K_C)
- /* setup DR reduction for moduli of the form 2**k - b */
- if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) {
- goto LBL_M;
- }
- redux = mp_reduce_2k;
-#else
- err = MP_VAL;
- goto LBL_M;
-#endif
- }
-
- /* setup result */
- if ((err = mp_init (&res)) != MP_OKAY) {
- goto LBL_M;
- }
-
- /* create M table
- *
-
- *
- * The first half of the table is not computed though accept for M[0] and M[1]
- */
-
- if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
- /* now we need R mod m */
- if ((err = mp_montgomery_calc_normalization (&res, P)) != MP_OKAY) {
- goto LBL_RES;
- }
-#else
- err = MP_VAL;
- goto LBL_RES;
-#endif
-
- /* now set M[1] to G * R mod m */
- if ((err = mp_mulmod (G, &res, P, &M[1])) != MP_OKAY) {
- goto LBL_RES;
- }
- } else {
- mp_set(&res, 1);
- if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) {
- goto LBL_RES;
- }
- }
-
- /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/
- if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
- goto LBL_RES;
- }
-
- for (x = 0; x < (winsize - 1); x++) {
- if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
- }
-
- /* create upper table */
- for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
- if ((err = mp_mul (&M[x - 1], &M[1], &M[x])) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&M[x], P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
- }
-
- /* set initial mode and bit cnt */
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = X->used - 1;
- bitcpy = 0;
- bitbuf = 0;
-
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- /* if digidx == -1 we are out of digits so break */
- if (digidx == -1) {
- break;
- }
- /* read next digit and reset bitcnt */
- buf = X->dp[digidx--];
- bitcnt = (int)DIGIT_BIT;
- }
-
- /* grab the next msb from the exponent */
- y = (int)(buf >> (DIGIT_BIT - 1)) & 1;
- buf <<= (mp_digit)1;
-
- /* if the bit is zero and mode == 0 then we ignore it
- * These represent the leading zero bits before the first 1 bit
- * in the exponent. Technically this opt is not required but it
- * does lower the # of trivial squaring/reductions used
- */
- if (mode == 0 && y == 0) {
- continue;
- }
-
- /* if the bit is zero and mode == 1 then we square */
- if (mode == 1 && y == 0) {
- if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
- continue;
- }
-
- /* else we add it to the window */
- bitbuf |= (y << (winsize - ++bitcpy));
- mode = 2;
-
- if (bitcpy == winsize) {
- /* ok window is filled so square as required and multiply */
- /* square first */
- for (x = 0; x < winsize; x++) {
- if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
- }
-
- /* then multiply */
- if ((err = mp_mul (&res, &M[bitbuf], &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
-
- /* empty window and reset */
- bitcpy = 0;
- bitbuf = 0;
- mode = 1;
- }
- }
-
- /* if bits remain then square/multiply */
- if (mode == 2 && bitcpy > 0) {
- /* square then multiply if the bit is set */
- for (x = 0; x < bitcpy; x++) {
- if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
-
- /* get next bit of the window */
- bitbuf <<= 1;
- if ((bitbuf & (1 << winsize)) != 0) {
- /* then multiply */
- if ((err = mp_mul (&res, &M[1], &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
- }
- }
- }
-
- if (redmode == 0) {
- /* fixup result if Montgomery reduction is used
- * recall that any value in a Montgomery system is
- * actually multiplied by R mod n. So we have
- * to reduce one more time to cancel out the factor
- * of R.
- */
- if ((err = redux(&res, P, mp)) != MP_OKAY) {
- goto LBL_RES;
- }
- }
-
- /* swap res with Y */
- mp_exch (&res, Y);
- err = MP_OKAY;
-LBL_RES:mp_clear (&res);
-LBL_M:
- mp_clear(&M[1]);
- for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
- mp_clear (&M[x]);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return err;
-}
-
-
-/* setups the montgomery reduction stuff */
-int
-mp_montgomery_setup (mp_int * n, mp_digit * rho)
-{
- mp_digit x, b;
-
-/* fast inversion mod 2**k
- *
- * Based on the fact that
- *
- * XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n)
- * => 2*X*A - X*X*A*A = 1
- * => 2*(1) - (1) = 1
- */
- b = n->dp[0];
-
- if ((b & 1) == 0) {
- return MP_VAL;
- }
-
- x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
- x *= 2 - b * x; /* here x*a==1 mod 2**8 */
-#if !defined(MP_8BIT)
- x *= 2 - b * x; /* here x*a==1 mod 2**16 */
-#endif
-#if defined(MP_64BIT) || !(defined(MP_8BIT) || defined(MP_16BIT))
- x *= 2 - b * x; /* here x*a==1 mod 2**32 */
-#endif
-#ifdef MP_64BIT
- x *= 2 - b * x; /* here x*a==1 mod 2**64 */
-#endif
-
- /* rho = -1/m mod b */
- /* TAO, switched mp_word casts to mp_digit to shut up compiler */
- *rho = (((mp_digit)1 << ((mp_digit) DIGIT_BIT)) - x) & MP_MASK;
-
- return MP_OKAY;
-}
-
-
-/* computes xR**-1 == x (mod N) via Montgomery Reduction
- *
- * This is an optimized implementation of montgomery_reduce
- * which uses the comba method to quickly calculate the columns of the
- * reduction.
- *
- * Based on Algorithm 14.32 on pp.601 of HAC.
-*/
-int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
-{
- int ix, res, olduse;
-#ifdef WOLFSSL_SMALL_STACK
- mp_word* W; /* uses dynamic memory and slower */
-#else
- mp_word W[MP_WARRAY];
-#endif
-
- /* get old used count */
- olduse = x->used;
-
- /* grow a as required */
- if (x->alloc < n->used + 1) {
- if ((res = mp_grow (x, n->used + 1)) != MP_OKAY) {
- return res;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
- return MP_MEM;
-#endif
-
- /* first we have to get the digits of the input into
- * an array of double precision words W[...]
- */
- {
- register mp_word *_W;
- register mp_digit *tmpx;
-
- /* alias for the W[] array */
- _W = W;
-
- /* alias for the digits of x*/
- tmpx = x->dp;
-
- /* copy the digits of a into W[0..a->used-1] */
- for (ix = 0; ix < x->used; ix++) {
- *_W++ = *tmpx++;
- }
-
- /* zero the high words of W[a->used..m->used*2] */
- for (; ix < n->used * 2 + 1; ix++) {
- *_W++ = 0;
- }
- }
-
- /* now we proceed to zero successive digits
- * from the least significant upwards
- */
- for (ix = 0; ix < n->used; ix++) {
- /* mu = ai * m' mod b
- *
- * We avoid a double precision multiplication (which isn't required)
- * by casting the value down to a mp_digit. Note this requires
- * that W[ix-1] have the carry cleared (see after the inner loop)
- */
- register mp_digit mu;
- mu = (mp_digit) (((W[ix] & MP_MASK) * rho) & MP_MASK);
-
- /* a = a + mu * m * b**i
- *
- * This is computed in place and on the fly. The multiplication
- * by b**i is handled by offseting which columns the results
- * are added to.
- *
- * Note the comba method normally doesn't handle carries in the
- * inner loop In this case we fix the carry from the previous
- * column since the Montgomery reduction requires digits of the
- * result (so far) [see above] to work. This is
- * handled by fixing up one carry after the inner loop. The
- * carry fixups are done in order so after these loops the
- * first m->used words of W[] have the carries fixed
- */
- {
- register int iy;
- register mp_digit *tmpn;
- register mp_word *_W;
-
- /* alias for the digits of the modulus */
- tmpn = n->dp;
-
- /* Alias for the columns set by an offset of ix */
- _W = W + ix;
-
- /* inner loop */
- for (iy = 0; iy < n->used; iy++) {
- *_W++ += ((mp_word)mu) * ((mp_word)*tmpn++);
- }
- }
-
- /* now fix carry for next digit, W[ix+1] */
- W[ix + 1] += W[ix] >> ((mp_word) DIGIT_BIT);
- }
-
- /* now we have to propagate the carries and
- * shift the words downward [all those least
- * significant digits we zeroed].
- */
- {
- register mp_digit *tmpx;
- register mp_word *_W, *_W1;
-
- /* nox fix rest of carries */
-
- /* alias for current word */
- _W1 = W + ix;
-
- /* alias for next word, where the carry goes */
- _W = W + ++ix;
-
- for (; ix <= n->used * 2 + 1; ix++) {
- *_W++ += *_W1++ >> ((mp_word) DIGIT_BIT);
- }
-
- /* copy out, A = A/b**n
- *
- * The result is A/b**n but instead of converting from an
- * array of mp_word to mp_digit than calling mp_rshd
- * we just copy them in the right order
- */
-
- /* alias for destination word */
- tmpx = x->dp;
-
- /* alias for shifted double precision result */
- _W = W + n->used;
-
- for (ix = 0; ix < n->used + 1; ix++) {
- *tmpx++ = (mp_digit)(*_W++ & ((mp_word) MP_MASK));
- }
-
- /* zero oldused digits, if the input a was larger than
- * m->used+1 we'll have to clear the digits
- */
- for (; ix < olduse; ix++) {
- *tmpx++ = 0;
- }
- }
-
- /* set the max used and clamp */
- x->used = n->used + 1;
- mp_clamp (x);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
-#endif
-
- /* if A >= m then A = A - m */
- if (mp_cmp_mag (x, n) != MP_LT) {
- return s_mp_sub (x, n, x);
- }
- return MP_OKAY;
-}
-
-
-/* computes xR**-1 == x (mod N) via Montgomery Reduction */
-int
-mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
-{
- int ix, res, digs;
- mp_digit mu;
-
- /* can the fast reduction [comba] method be used?
- *
- * Note that unlike in mul you're safely allowed *less*
- * than the available columns [255 per default] since carries
- * are fixed up in the inner loop.
- */
- digs = n->used * 2 + 1;
- if ((digs < MP_WARRAY) &&
- n->used <
- (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
- return fast_mp_montgomery_reduce (x, n, rho);
- }
-
- /* grow the input as required */
- if (x->alloc < digs) {
- if ((res = mp_grow (x, digs)) != MP_OKAY) {
- return res;
- }
- }
- x->used = digs;
-
- for (ix = 0; ix < n->used; ix++) {
- /* mu = ai * rho mod b
- *
- * The value of rho must be precalculated via
- * montgomery_setup() such that
- * it equals -1/n0 mod b this allows the
- * following inner loop to reduce the
- * input one digit at a time
- */
- mu = (mp_digit) (((mp_word)x->dp[ix]) * ((mp_word)rho) & MP_MASK);
-
- /* a = a + mu * m * b**i */
- {
- register int iy;
- register mp_digit *tmpn, *tmpx, u;
- register mp_word r;
-
- /* alias for digits of the modulus */
- tmpn = n->dp;
-
- /* alias for the digits of x [the input] */
- tmpx = x->dp + ix;
-
- /* set the carry to zero */
- u = 0;
-
- /* Multiply and add in place */
- for (iy = 0; iy < n->used; iy++) {
- /* compute product and sum */
- r = ((mp_word)mu) * ((mp_word)*tmpn++) +
- ((mp_word) u) + ((mp_word) * tmpx);
-
- /* get carry */
- u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
-
- /* fix digit */
- *tmpx++ = (mp_digit)(r & ((mp_word) MP_MASK));
- }
- /* At this point the ix'th digit of x should be zero */
-
-
- /* propagate carries upwards as required*/
- while (u) {
- *tmpx += u;
- u = *tmpx >> DIGIT_BIT;
- *tmpx++ &= MP_MASK;
- }
- }
- }
-
- /* at this point the n.used'th least
- * significant digits of x are all zero
- * which means we can shift x to the
- * right by n.used digits and the
- * residue is unchanged.
- */
-
- /* x = x/b**n.used */
- mp_clamp(x);
- mp_rshd (x, n->used);
-
- /* if x >= n then x = x - n */
- if (mp_cmp_mag (x, n) != MP_LT) {
- return s_mp_sub (x, n, x);
- }
-
- return MP_OKAY;
-}
-
-
-/* determines the setup value */
-void mp_dr_setup(mp_int *a, mp_digit *d)
-{
- /* the casts are required if DIGIT_BIT is one less than
- * the number of bits in a mp_digit [e.g. DIGIT_BIT==31]
- */
- *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) -
- ((mp_word)a->dp[0]));
-}
-
-
-/* reduce "x" in place modulo "n" using the Diminished Radix algorithm.
- *
- * Based on algorithm from the paper
- *
- * "Generating Efficient Primes for Discrete Log Cryptosystems"
- * Chae Hoon Lim, Pil Joong Lee,
- * POSTECH Information Research Laboratories
- *
- * The modulus must be of a special format [see manual]
- *
- * Has been modified to use algorithm 7.10 from the LTM book instead
- *
- * Input x must be in the range 0 <= x <= (n-1)**2
- */
-int
-mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k)
-{
- int err, i, m;
- mp_word r;
- mp_digit mu, *tmpx1, *tmpx2;
-
- /* m = digits in modulus */
- m = n->used;
-
- /* ensure that "x" has at least 2m digits */
- if (x->alloc < m + m) {
- if ((err = mp_grow (x, m + m)) != MP_OKAY) {
- return err;
- }
- }
-
-/* top of loop, this is where the code resumes if
- * another reduction pass is required.
- */
-top:
- /* aliases for digits */
- /* alias for lower half of x */
- tmpx1 = x->dp;
-
- /* alias for upper half of x, or x/B**m */
- tmpx2 = x->dp + m;
-
- /* set carry to zero */
- mu = 0;
-
- /* compute (x mod B**m) + k * [x/B**m] inline and inplace */
- for (i = 0; i < m; i++) {
- r = ((mp_word)*tmpx2++) * ((mp_word)k) + *tmpx1 + mu;
- *tmpx1++ = (mp_digit)(r & MP_MASK);
- mu = (mp_digit)(r >> ((mp_word)DIGIT_BIT));
- }
-
- /* set final carry */
- *tmpx1++ = mu;
-
- /* zero words above m */
- for (i = m + 1; i < x->used; i++) {
- *tmpx1++ = 0;
- }
-
- /* clamp, sub and return */
- mp_clamp (x);
-
- /* if x >= n then subtract and reduce again
- * Each successive "recursion" makes the input smaller and smaller.
- */
- if (mp_cmp_mag (x, n) != MP_LT) {
- s_mp_sub(x, n, x);
- goto top;
- }
- return MP_OKAY;
-}
-
-
-/* reduces a modulo n where n is of the form 2**p - d */
-int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d)
-{
- mp_int q;
- int p, res;
-
- if ((res = mp_init(&q)) != MP_OKAY) {
- return res;
- }
-
- p = mp_count_bits(n);
-top:
- /* q = a/2**p, a = a mod 2**p */
- if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
- goto ERR;
- }
-
- if (d != 1) {
- /* q = q * d */
- if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
- goto ERR;
- }
- }
-
- /* a = a + q */
- if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
- goto ERR;
- }
-
- if (mp_cmp_mag(a, n) != MP_LT) {
- s_mp_sub(a, n, a);
- goto top;
- }
-
-ERR:
- mp_clear(&q);
- return res;
-}
-
-
-/* determines the setup value */
-int mp_reduce_2k_setup(mp_int *a, mp_digit *d)
-{
- int res, p;
- mp_int tmp;
-
- if ((res = mp_init(&tmp)) != MP_OKAY) {
- return res;
- }
-
- p = mp_count_bits(a);
- if ((res = mp_2expt(&tmp, p)) != MP_OKAY) {
- mp_clear(&tmp);
- return res;
- }
-
- if ((res = s_mp_sub(&tmp, a, &tmp)) != MP_OKAY) {
- mp_clear(&tmp);
- return res;
- }
-
- *d = tmp.dp[0];
- mp_clear(&tmp);
- return MP_OKAY;
-}
-
-
-/* computes a = 2**b
- *
- * Simple algorithm which zeroes the int, grows it then just sets one bit
- * as required.
- */
-int
-mp_2expt (mp_int * a, int b)
-{
- int res;
-
- /* zero a as per default */
- mp_zero (a);
-
- /* grow a to accomodate the single bit */
- if ((res = mp_grow (a, b / DIGIT_BIT + 1)) != MP_OKAY) {
- return res;
- }
-
- /* set the used count of where the bit will go */
- a->used = b / DIGIT_BIT + 1;
-
- /* put the single bit in its place */
- a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT);
-
- return MP_OKAY;
-}
-
-
-/* multiply by a digit */
-int
-mp_mul_d (mp_int * a, mp_digit b, mp_int * c)
-{
- mp_digit u, *tmpa, *tmpc;
- mp_word r;
- int ix, res, olduse;
-
- /* make sure c is big enough to hold a*b */
- if (c->alloc < a->used + 1) {
- if ((res = mp_grow (c, a->used + 1)) != MP_OKAY) {
- return res;
- }
- }
-
- /* get the original destinations used count */
- olduse = c->used;
-
- /* set the sign */
- c->sign = a->sign;
-
- /* alias for a->dp [source] */
- tmpa = a->dp;
-
- /* alias for c->dp [dest] */
- tmpc = c->dp;
-
- /* zero carry */
- u = 0;
-
- /* compute columns */
- for (ix = 0; ix < a->used; ix++) {
- /* compute product and carry sum for this term */
- r = ((mp_word) u) + ((mp_word)*tmpa++) * ((mp_word)b);
-
- /* mask off higher bits to get a single digit */
- *tmpc++ = (mp_digit) (r & ((mp_word) MP_MASK));
-
- /* send carry into next iteration */
- u = (mp_digit) (r >> ((mp_word) DIGIT_BIT));
- }
-
- /* store final carry [if any] and increment ix offset */
- *tmpc++ = u;
- ++ix;
-
- /* now zero digits above the top */
- while (ix++ < olduse) {
- *tmpc++ = 0;
- }
-
- /* set used count */
- c->used = a->used + 1;
- mp_clamp(c);
-
- return MP_OKAY;
-}
-
-
-/* d = a * b (mod c) */
-int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
-{
- int res;
- mp_int t;
-
- if ((res = mp_init (&t)) != MP_OKAY) {
- return res;
- }
-
- if ((res = mp_mul (a, b, &t)) != MP_OKAY) {
- mp_clear (&t);
- return res;
- }
- res = mp_mod (&t, c, d);
- mp_clear (&t);
- return res;
-}
-
-
-/* computes b = a*a */
-int
-mp_sqr (mp_int * a, mp_int * b)
-{
- int res;
-
- {
-#ifdef BN_FAST_S_MP_SQR_C
- /* can we use the fast comba multiplier? */
- if ((a->used * 2 + 1) < MP_WARRAY &&
- a->used <
- (1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) {
- res = fast_s_mp_sqr (a, b);
- } else
-#endif
-#ifdef BN_S_MP_SQR_C
- res = s_mp_sqr (a, b);
-#else
- res = MP_VAL;
-#endif
- }
- b->sign = MP_ZPOS;
- return res;
-}
-
-
-/* high level multiplication (handles sign) */
-int mp_mul (mp_int * a, mp_int * b, mp_int * c)
-{
- int res, neg;
- neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
-
- {
- /* can we use the fast multiplier?
- *
- * The fast multiplier can be used if the output will
- * have less than MP_WARRAY digits and the number of
- * digits won't affect carry propagation
- */
- int digs = a->used + b->used + 1;
-
-#ifdef BN_FAST_S_MP_MUL_DIGS_C
- if ((digs < MP_WARRAY) &&
- MIN(a->used, b->used) <=
- (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
- res = fast_s_mp_mul_digs (a, b, c, digs);
- } else
-#endif
-#ifdef BN_S_MP_MUL_DIGS_C
- res = s_mp_mul (a, b, c); /* uses s_mp_mul_digs */
-#else
- res = MP_VAL;
-#endif
-
- }
- c->sign = (c->used > 0) ? neg : MP_ZPOS;
- return res;
-}
-
-
-/* b = a*2 */
-int mp_mul_2(mp_int * a, mp_int * b)
-{
- int x, res, oldused;
-
- /* grow to accomodate result */
- if (b->alloc < a->used + 1) {
- if ((res = mp_grow (b, a->used + 1)) != MP_OKAY) {
- return res;
- }
- }
-
- oldused = b->used;
- b->used = a->used;
-
- {
- register mp_digit r, rr, *tmpa, *tmpb;
-
- /* alias for source */
- tmpa = a->dp;
-
- /* alias for dest */
- tmpb = b->dp;
-
- /* carry */
- r = 0;
- for (x = 0; x < a->used; x++) {
-
- /* get what will be the *next* carry bit from the
- * MSB of the current digit
- */
- rr = *tmpa >> ((mp_digit)(DIGIT_BIT - 1));
-
- /* now shift up this digit, add in the carry [from the previous] */
- *tmpb++ = ((*tmpa++ << ((mp_digit)1)) | r) & MP_MASK;
-
- /* copy the carry that would be from the source
- * digit into the next iteration
- */
- r = rr;
- }
-
- /* new leading digit? */
- if (r != 0) {
- /* add a MSB which is always 1 at this point */
- *tmpb = 1;
- ++(b->used);
- }
-
- /* now zero any excess digits on the destination
- * that we didn't write to
- */
- tmpb = b->dp + b->used;
- for (x = b->used; x < oldused; x++) {
- *tmpb++ = 0;
- }
- }
- b->sign = a->sign;
- return MP_OKAY;
-}
-
-
-/* divide by three (based on routine from MPI and the GMP manual) */
-int
-mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
-{
- mp_int q;
- mp_word w, t;
- mp_digit b;
- int res, ix;
-
- /* b = 2**DIGIT_BIT / 3 */
- b = (mp_digit) ( (((mp_word)1) << ((mp_word)DIGIT_BIT)) / ((mp_word)3) );
-
- if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
- return res;
- }
-
- q.used = a->used;
- q.sign = a->sign;
- w = 0;
- for (ix = a->used - 1; ix >= 0; ix--) {
- w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
-
- if (w >= 3) {
- /* multiply w by [1/3] */
- t = (w * ((mp_word)b)) >> ((mp_word)DIGIT_BIT);
-
- /* now subtract 3 * [w/3] from w, to get the remainder */
- w -= t+t+t;
-
- /* fixup the remainder as required since
- * the optimization is not exact.
- */
- while (w >= 3) {
- t += 1;
- w -= 3;
- }
- } else {
- t = 0;
- }
- q.dp[ix] = (mp_digit)t;
- }
-
- /* [optional] store the remainder */
- if (d != NULL) {
- *d = (mp_digit)w;
- }
-
- /* [optional] store the quotient */
- if (c != NULL) {
- mp_clamp(&q);
- mp_exch(&q, c);
- }
- mp_clear(&q);
-
- return res;
-}
-
-
-/* init an mp_init for a given size */
-int mp_init_size (mp_int * a, int size)
-{
- int x;
-
- /* pad size so there are always extra digits */
- size += (MP_PREC * 2) - (size % MP_PREC);
-
- /* alloc mem */
- a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size, 0,
- DYNAMIC_TYPE_BIGINT);
- if (a->dp == NULL) {
- return MP_MEM;
- }
-
- /* set the members */
- a->used = 0;
- a->alloc = size;
- a->sign = MP_ZPOS;
-
- /* zero the digits */
- for (x = 0; x < size; x++) {
- a->dp[x] = 0;
- }
-
- return MP_OKAY;
-}
-
-
-/* the jist of squaring...
- * you do like mult except the offset of the tmpx [one that
- * starts closer to zero] can't equal the offset of tmpy.
- * So basically you set up iy like before then you min it with
- * (ty-tx) so that it never happens. You double all those
- * you add in the inner loop
-
-After that loop you do the squares and add them in.
-*/
-
-int fast_s_mp_sqr (mp_int * a, mp_int * b)
-{
- int olduse, res, pa, ix, iz;
-#ifdef WOLFSSL_SMALL_STACK
- mp_digit* W; /* uses dynamic memory and slower */
-#else
- mp_digit W[MP_WARRAY];
-#endif
- mp_digit *tmpx;
- mp_word W1;
-
- /* grow the destination as required */
- pa = a->used + a->used;
- if (b->alloc < pa) {
- if ((res = mp_grow (b, pa)) != MP_OKAY) {
- return res;
- }
- }
-
- if (pa > MP_WARRAY)
- return MP_RANGE; /* TAO range check */
-
-#ifdef WOLFSSL_SMALL_STACK
- W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
- return MP_MEM;
-#endif
-
- /* number of output digits to produce */
- W1 = 0;
- for (ix = 0; ix < pa; ix++) {
- int tx, ty, iy;
- mp_word _W;
- mp_digit *tmpy;
-
- /* clear counter */
- _W = 0;
-
- /* get offsets into the two bignums */
- ty = MIN(a->used-1, ix);
- tx = ix - ty;
-
- /* setup temp aliases */
- tmpx = a->dp + tx;
- tmpy = a->dp + ty;
-
- /* this is the number of times the loop will iterrate, essentially
- while (tx++ < a->used && ty-- >= 0) { ... }
- */
- iy = MIN(a->used-tx, ty+1);
-
- /* now for squaring tx can never equal ty
- * we halve the distance since they approach at a rate of 2x
- * and we have to round because odd cases need to be executed
- */
- iy = MIN(iy, (ty-tx+1)>>1);
-
- /* execute loop */
- for (iz = 0; iz < iy; iz++) {
- _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--);
- }
-
- /* double the inner product and add carry */
- _W = _W + _W + W1;
-
- /* even columns have the square term in them */
- if ((ix&1) == 0) {
- _W += ((mp_word)a->dp[ix>>1])*((mp_word)a->dp[ix>>1]);
- }
-
- /* store it */
- W[ix] = (mp_digit)(_W & MP_MASK);
-
- /* make next carry */
- W1 = _W >> ((mp_word)DIGIT_BIT);
- }
-
- /* setup dest */
- olduse = b->used;
- b->used = a->used+a->used;
-
- {
- mp_digit *tmpb;
- tmpb = b->dp;
- for (ix = 0; ix < pa; ix++) {
- *tmpb++ = W[ix] & MP_MASK;
- }
-
- /* clear unused digits [that existed in the old copy of c] */
- for (; ix < olduse; ix++) {
- *tmpb++ = 0;
- }
- }
- mp_clamp (b);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
-#endif
-
- return MP_OKAY;
-}
-
-
-/* Fast (comba) multiplier
- *
- * This is the fast column-array [comba] multiplier. It is
- * designed to compute the columns of the product first
- * then handle the carries afterwards. This has the effect
- * of making the nested loops that compute the columns very
- * simple and schedulable on super-scalar processors.
- *
- * This has been modified to produce a variable number of
- * digits of output so if say only a half-product is required
- * you don't have to compute the upper half (a feature
- * required for fast Barrett reduction).
- *
- * Based on Algorithm 14.12 on pp.595 of HAC.
- *
- */
-int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
-{
- int olduse, res, pa, ix, iz;
-#ifdef WOLFSSL_SMALL_STACK
- mp_digit* W; /* uses dynamic memory and slower */
-#else
- mp_digit W[MP_WARRAY];
-#endif
- register mp_word _W;
-
- /* grow the destination as required */
- if (c->alloc < digs) {
- if ((res = mp_grow (c, digs)) != MP_OKAY) {
- return res;
- }
- }
-
- /* number of output digits to produce */
- pa = MIN(digs, a->used + b->used);
- if (pa > MP_WARRAY)
- return MP_RANGE; /* TAO range check */
-
-#ifdef WOLFSSL_SMALL_STACK
- W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
- return MP_MEM;
-#endif
-
- /* clear the carry */
- _W = 0;
- for (ix = 0; ix < pa; ix++) {
- int tx, ty;
- int iy;
- mp_digit *tmpx, *tmpy;
-
- /* get offsets into the two bignums */
- ty = MIN(b->used-1, ix);
- tx = ix - ty;
-
- /* setup temp aliases */
- tmpx = a->dp + tx;
- tmpy = b->dp + ty;
-
- /* this is the number of times the loop will iterrate, essentially
- while (tx++ < a->used && ty-- >= 0) { ... }
- */
- iy = MIN(a->used-tx, ty+1);
-
- /* execute loop */
- for (iz = 0; iz < iy; ++iz) {
- _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--);
-
- }
-
- /* store term */
- W[ix] = ((mp_digit)_W) & MP_MASK;
-
- /* make next carry */
- _W = _W >> ((mp_word)DIGIT_BIT);
- }
-
- /* setup dest */
- olduse = c->used;
- c->used = pa;
-
- {
- register mp_digit *tmpc;
- tmpc = c->dp;
- for (ix = 0; ix < pa+1; ix++) {
- /* now extract the previous digit [below the carry] */
- *tmpc++ = W[ix];
- }
-
- /* clear unused digits [that existed in the old copy of c] */
- for (; ix < olduse; ix++) {
- *tmpc++ = 0;
- }
- }
- mp_clamp (c);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
-#endif
-
- return MP_OKAY;
-}
-
-
-/* low level squaring, b = a*a, HAC pp.596-597, Algorithm 14.16 */
-int s_mp_sqr (mp_int * a, mp_int * b)
-{
- mp_int t;
- int res, ix, iy, pa;
- mp_word r;
- mp_digit u, tmpx, *tmpt;
-
- pa = a->used;
- if ((res = mp_init_size (&t, 2*pa + 1)) != MP_OKAY) {
- return res;
- }
-
- /* default used is maximum possible size */
- t.used = 2*pa + 1;
-
- for (ix = 0; ix < pa; ix++) {
- /* first calculate the digit at 2*ix */
- /* calculate double precision result */
- r = ((mp_word) t.dp[2*ix]) +
- ((mp_word)a->dp[ix])*((mp_word)a->dp[ix]);
-
- /* store lower part in result */
- t.dp[ix+ix] = (mp_digit) (r & ((mp_word) MP_MASK));
-
- /* get the carry */
- u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
-
- /* left hand side of A[ix] * A[iy] */
- tmpx = a->dp[ix];
-
- /* alias for where to store the results */
- tmpt = t.dp + (2*ix + 1);
-
- for (iy = ix + 1; iy < pa; iy++) {
- /* first calculate the product */
- r = ((mp_word)tmpx) * ((mp_word)a->dp[iy]);
-
- /* now calculate the double precision result, note we use
- * addition instead of *2 since it's easier to optimize
- */
- r = ((mp_word) *tmpt) + r + r + ((mp_word) u);
-
- /* store lower part */
- *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
-
- /* get carry */
- u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
- }
- /* propagate upwards */
- while (u != ((mp_digit) 0)) {
- r = ((mp_word) *tmpt) + ((mp_word) u);
- *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
- u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
- }
- }
-
- mp_clamp (&t);
- mp_exch (&t, b);
- mp_clear (&t);
- return MP_OKAY;
-}
-
-
-/* multiplies |a| * |b| and only computes upto digs digits of result
- * HAC pp. 595, Algorithm 14.12 Modified so you can control how
- * many digits of output are created.
- */
-int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
-{
- mp_int t;
- int res, pa, pb, ix, iy;
- mp_digit u;
- mp_word r;
- mp_digit tmpx, *tmpt, *tmpy;
-
- /* can we use the fast multiplier? */
- if (((digs) < MP_WARRAY) &&
- MIN (a->used, b->used) <
- (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
- return fast_s_mp_mul_digs (a, b, c, digs);
- }
-
- if ((res = mp_init_size (&t, digs)) != MP_OKAY) {
- return res;
- }
- t.used = digs;
-
- /* compute the digits of the product directly */
- pa = a->used;
- for (ix = 0; ix < pa; ix++) {
- /* set the carry to zero */
- u = 0;
-
- /* limit ourselves to making digs digits of output */
- pb = MIN (b->used, digs - ix);
-
- /* setup some aliases */
- /* copy of the digit from a used within the nested loop */
- tmpx = a->dp[ix];
-
- /* an alias for the destination shifted ix places */
- tmpt = t.dp + ix;
-
- /* an alias for the digits of b */
- tmpy = b->dp;
-
- /* compute the columns of the output and propagate the carry */
- for (iy = 0; iy < pb; iy++) {
- /* compute the column as a mp_word */
- r = ((mp_word)*tmpt) +
- ((mp_word)tmpx) * ((mp_word)*tmpy++) +
- ((mp_word) u);
-
- /* the new column is the lower part of the result */
- *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
-
- /* get the carry word from the result */
- u = (mp_digit) (r >> ((mp_word) DIGIT_BIT));
- }
- /* set carry if it is placed below digs */
- if (ix + iy < digs) {
- *tmpt = u;
- }
- }
-
- mp_clamp (&t);
- mp_exch (&t, c);
-
- mp_clear (&t);
- return MP_OKAY;
-}
-
-
-/*
- * shifts with subtractions when the result is greater than b.
- *
- * The method is slightly modified to shift B unconditionally upto just under
- * the leading bit of b. This saves alot of multiple precision shifting.
- */
-int mp_montgomery_calc_normalization (mp_int * a, mp_int * b)
-{
- int x, bits, res;
-
- /* how many bits of last digit does b use */
- bits = mp_count_bits (b) % DIGIT_BIT;
-
- if (b->used > 1) {
- if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) {
- return res;
- }
- } else {
- mp_set(a, 1);
- bits = 1;
- }
-
-
- /* now compute C = A * B mod b */
- for (x = bits - 1; x < (int)DIGIT_BIT; x++) {
- if ((res = mp_mul_2 (a, a)) != MP_OKAY) {
- return res;
- }
- if (mp_cmp_mag (a, b) != MP_LT) {
- if ((res = s_mp_sub (a, b, a)) != MP_OKAY) {
- return res;
- }
- }
- }
-
- return MP_OKAY;
-}
-
-
-#ifdef MP_LOW_MEM
- #define TAB_SIZE 32
-#else
- #define TAB_SIZE 256
-#endif
-
-int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
-{
- mp_int M[TAB_SIZE], res, mu;
- mp_digit buf;
- int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
- int (*redux)(mp_int*,mp_int*,mp_int*);
-
- /* find window size */
- x = mp_count_bits (X);
- if (x <= 7) {
- winsize = 2;
- } else if (x <= 36) {
- winsize = 3;
- } else if (x <= 140) {
- winsize = 4;
- } else if (x <= 450) {
- winsize = 5;
- } else if (x <= 1303) {
- winsize = 6;
- } else if (x <= 3529) {
- winsize = 7;
- } else {
- winsize = 8;
- }
-
-#ifdef MP_LOW_MEM
- if (winsize > 5) {
- winsize = 5;
- }
-#endif
-
- /* init M array */
- /* init first cell */
- if ((err = mp_init(&M[1])) != MP_OKAY) {
- return err;
- }
-
- /* now init the second half of the array */
- for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
- if ((err = mp_init(&M[x])) != MP_OKAY) {
- for (y = 1<<(winsize-1); y < x; y++) {
- mp_clear (&M[y]);
- }
- mp_clear(&M[1]);
- return err;
- }
- }
-
- /* create mu, used for Barrett reduction */
- if ((err = mp_init (&mu)) != MP_OKAY) {
- goto LBL_M;
- }
-
- if (redmode == 0) {
- if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) {
- goto LBL_MU;
- }
- redux = mp_reduce;
- } else {
- if ((err = mp_reduce_2k_setup_l (P, &mu)) != MP_OKAY) {
- goto LBL_MU;
- }
- redux = mp_reduce_2k_l;
- }
-
- /* create M table
- *
- * The M table contains powers of the base,
- * e.g. M[x] = G**x mod P
- *
- * The first half of the table is not
- * computed though accept for M[0] and M[1]
- */
- if ((err = mp_mod (G, P, &M[1])) != MP_OKAY) {
- goto LBL_MU;
- }
-
- /* compute the value at M[1<<(winsize-1)] by squaring
- * M[1] (winsize-1) times
- */
- if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
- goto LBL_MU;
- }
-
- for (x = 0; x < (winsize - 1); x++) {
- /* square it */
- if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
- &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
- goto LBL_MU;
- }
-
- /* reduce modulo P */
- if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, &mu)) != MP_OKAY) {
- goto LBL_MU;
- }
- }
-
- /* create upper table, that is M[x] = M[x-1] * M[1] (mod P)
- * for x = (2**(winsize - 1) + 1) to (2**winsize - 1)
- */
- for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
- if ((err = mp_mul (&M[x - 1], &M[1], &M[x])) != MP_OKAY) {
- goto LBL_MU;
- }
- if ((err = redux (&M[x], P, &mu)) != MP_OKAY) {
- goto LBL_MU;
- }
- }
-
- /* setup result */
- if ((err = mp_init (&res)) != MP_OKAY) {
- goto LBL_MU;
- }
- mp_set (&res, 1);
-
- /* set initial mode and bit cnt */
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = X->used - 1;
- bitcpy = 0;
- bitbuf = 0;
-
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- /* if digidx == -1 we are out of digits */
- if (digidx == -1) {
- break;
- }
- /* read next digit and reset the bitcnt */
- buf = X->dp[digidx--];
- bitcnt = (int) DIGIT_BIT;
- }
-
- /* grab the next msb from the exponent */
- y = (int)(buf >> (mp_digit)(DIGIT_BIT - 1)) & 1;
- buf <<= (mp_digit)1;
-
- /* if the bit is zero and mode == 0 then we ignore it
- * These represent the leading zero bits before the first 1 bit
- * in the exponent. Technically this opt is not required but it
- * does lower the # of trivial squaring/reductions used
- */
- if (mode == 0 && y == 0) {
- continue;
- }
-
- /* if the bit is zero and mode == 1 then we square */
- if (mode == 1 && y == 0) {
- if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, &mu)) != MP_OKAY) {
- goto LBL_RES;
- }
- continue;
- }
-
- /* else we add it to the window */
- bitbuf |= (y << (winsize - ++bitcpy));
- mode = 2;
-
- if (bitcpy == winsize) {
- /* ok window is filled so square as required and multiply */
- /* square first */
- for (x = 0; x < winsize; x++) {
- if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, &mu)) != MP_OKAY) {
- goto LBL_RES;
- }
- }
-
- /* then multiply */
- if ((err = mp_mul (&res, &M[bitbuf], &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, &mu)) != MP_OKAY) {
- goto LBL_RES;
- }
-
- /* empty window and reset */
- bitcpy = 0;
- bitbuf = 0;
- mode = 1;
- }
- }
-
- /* if bits remain then square/multiply */
- if (mode == 2 && bitcpy > 0) {
- /* square then multiply if the bit is set */
- for (x = 0; x < bitcpy; x++) {
- if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, &mu)) != MP_OKAY) {
- goto LBL_RES;
- }
-
- bitbuf <<= 1;
- if ((bitbuf & (1 << winsize)) != 0) {
- /* then multiply */
- if ((err = mp_mul (&res, &M[1], &res)) != MP_OKAY) {
- goto LBL_RES;
- }
- if ((err = redux (&res, P, &mu)) != MP_OKAY) {
- goto LBL_RES;
- }
- }
- }
- }
-
- mp_exch (&res, Y);
- err = MP_OKAY;
-LBL_RES:mp_clear (&res);
-LBL_MU:mp_clear (&mu);
-LBL_M:
- mp_clear(&M[1]);
- for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
- mp_clear (&M[x]);
- }
- return err;
-}
-
-
-/* pre-calculate the value required for Barrett reduction
- * For a given modulus "b" it calulates the value required in "a"
- */
-int mp_reduce_setup (mp_int * a, mp_int * b)
-{
- int res;
-
- if ((res = mp_2expt (a, b->used * 2 * DIGIT_BIT)) != MP_OKAY) {
- return res;
- }
- return mp_div (a, b, a, NULL);
-}
-
-
-/* reduces x mod m, assumes 0 < x < m**2, mu is
- * precomputed via mp_reduce_setup.
- * From HAC pp.604 Algorithm 14.42
- */
-int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
-{
- mp_int q;
- int res, um = m->used;
-
- /* q = x */
- if ((res = mp_init_copy (&q, x)) != MP_OKAY) {
- return res;
- }
-
- /* q1 = x / b**(k-1) */
- mp_rshd (&q, um - 1);
-
- /* according to HAC this optimization is ok */
- if (((mp_word) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
- if ((res = mp_mul (&q, mu, &q)) != MP_OKAY) {
- goto CLEANUP;
- }
- } else {
-#ifdef BN_S_MP_MUL_HIGH_DIGS_C
- if ((res = s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
- goto CLEANUP;
- }
-#elif defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C)
- if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
- goto CLEANUP;
- }
-#else
- {
- res = MP_VAL;
- goto CLEANUP;
- }
-#endif
- }
-
- /* q3 = q2 / b**(k+1) */
- mp_rshd (&q, um + 1);
-
- /* x = x mod b**(k+1), quick (no division) */
- if ((res = mp_mod_2d (x, DIGIT_BIT * (um + 1), x)) != MP_OKAY) {
- goto CLEANUP;
- }
-
- /* q = q * m mod b**(k+1), quick (no division) */
- if ((res = s_mp_mul_digs (&q, m, &q, um + 1)) != MP_OKAY) {
- goto CLEANUP;
- }
-
- /* x = x - q */
- if ((res = mp_sub (x, &q, x)) != MP_OKAY) {
- goto CLEANUP;
- }
-
- /* If x < 0, add b**(k+1) to it */
- if (mp_cmp_d (x, 0) == MP_LT) {
- mp_set (&q, 1);
- if ((res = mp_lshd (&q, um + 1)) != MP_OKAY)
- goto CLEANUP;
- if ((res = mp_add (x, &q, x)) != MP_OKAY)
- goto CLEANUP;
- }
-
- /* Back off if it's too big */
- while (mp_cmp (x, m) != MP_LT) {
- if ((res = s_mp_sub (x, m, x)) != MP_OKAY) {
- goto CLEANUP;
- }
- }
-
-CLEANUP:
- mp_clear (&q);
-
- return res;
-}
-
-
-/* reduces a modulo n where n is of the form 2**p - d
- This differs from reduce_2k since "d" can be larger
- than a single digit.
-*/
-int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d)
-{
- mp_int q;
- int p, res;
-
- if ((res = mp_init(&q)) != MP_OKAY) {
- return res;
- }
-
- p = mp_count_bits(n);
-top:
- /* q = a/2**p, a = a mod 2**p */
- if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
- goto ERR;
- }
-
- /* q = q * d */
- if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
- goto ERR;
- }
-
- /* a = a + q */
- if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
- goto ERR;
- }
-
- if (mp_cmp_mag(a, n) != MP_LT) {
- s_mp_sub(a, n, a);
- goto top;
- }
-
-ERR:
- mp_clear(&q);
- return res;
-}
-
-
-/* determines the setup value */
-int mp_reduce_2k_setup_l(mp_int *a, mp_int *d)
-{
- int res;
- mp_int tmp;
-
- if ((res = mp_init(&tmp)) != MP_OKAY) {
- return res;
- }
-
- if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) {
- goto ERR;
- }
-
- if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) {
- goto ERR;
- }
-
-ERR:
- mp_clear(&tmp);
- return res;
-}
-
-
-/* multiplies |a| * |b| and does not compute the lower digs digits
- * [meant to get the higher part of the product]
- */
-int
-s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
-{
- mp_int t;
- int res, pa, pb, ix, iy;
- mp_digit u;
- mp_word r;
- mp_digit tmpx, *tmpt, *tmpy;
-
- /* can we use the fast multiplier? */
-#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
- if (((a->used + b->used + 1) < MP_WARRAY)
- && MIN (a->used, b->used) < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
- return fast_s_mp_mul_high_digs (a, b, c, digs);
- }
-#endif
-
- if ((res = mp_init_size (&t, a->used + b->used + 1)) != MP_OKAY) {
- return res;
- }
- t.used = a->used + b->used + 1;
-
- pa = a->used;
- pb = b->used;
- for (ix = 0; ix < pa; ix++) {
- /* clear the carry */
- u = 0;
-
- /* left hand side of A[ix] * B[iy] */
- tmpx = a->dp[ix];
-
- /* alias to the address of where the digits will be stored */
- tmpt = &(t.dp[digs]);
-
- /* alias for where to read the right hand side from */
- tmpy = b->dp + (digs - ix);
-
- for (iy = digs - ix; iy < pb; iy++) {
- /* calculate the double precision result */
- r = ((mp_word)*tmpt) +
- ((mp_word)tmpx) * ((mp_word)*tmpy++) +
- ((mp_word) u);
-
- /* get the lower part */
- *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
-
- /* carry the carry */
- u = (mp_digit) (r >> ((mp_word) DIGIT_BIT));
- }
- *tmpt = u;
- }
- mp_clamp (&t);
- mp_exch (&t, c);
- mp_clear (&t);
- return MP_OKAY;
-}
-
-
-/* this is a modified version of fast_s_mul_digs that only produces
- * output digits *above* digs. See the comments for fast_s_mul_digs
- * to see how it works.
- *
- * This is used in the Barrett reduction since for one of the multiplications
- * only the higher digits were needed. This essentially halves the work.
- *
- * Based on Algorithm 14.12 on pp.595 of HAC.
- */
-int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
-{
- int olduse, res, pa, ix, iz;
-#ifdef WOLFSSL_SMALL_STACK
- mp_digit* W; /* uses dynamic memory and slower */
-#else
- mp_digit W[MP_WARRAY];
-#endif
- mp_word _W;
-
- /* grow the destination as required */
- pa = a->used + b->used;
- if (c->alloc < pa) {
- if ((res = mp_grow (c, pa)) != MP_OKAY) {
- return res;
- }
- }
-
- if (pa > MP_WARRAY)
- return MP_RANGE; /* TAO range check */
-
-#ifdef WOLFSSL_SMALL_STACK
- W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
- return MP_MEM;
-#endif
-
- /* number of output digits to produce */
- pa = a->used + b->used;
- _W = 0;
- for (ix = digs; ix < pa; ix++) {
- int tx, ty, iy;
- mp_digit *tmpx, *tmpy;
-
- /* get offsets into the two bignums */
- ty = MIN(b->used-1, ix);
- tx = ix - ty;
-
- /* setup temp aliases */
- tmpx = a->dp + tx;
- tmpy = b->dp + ty;
-
- /* this is the number of times the loop will iterrate, essentially its
- while (tx++ < a->used && ty-- >= 0) { ... }
- */
- iy = MIN(a->used-tx, ty+1);
-
- /* execute loop */
- for (iz = 0; iz < iy; iz++) {
- _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--);
- }
-
- /* store term */
- W[ix] = ((mp_digit)_W) & MP_MASK;
-
- /* make next carry */
- _W = _W >> ((mp_word)DIGIT_BIT);
- }
-
- /* setup dest */
- olduse = c->used;
- c->used = pa;
-
- {
- register mp_digit *tmpc;
-
- tmpc = c->dp + digs;
- for (ix = digs; ix <= pa; ix++) {
- /* now extract the previous digit [below the carry] */
- *tmpc++ = W[ix];
- }
-
- /* clear unused digits [that existed in the old copy of c] */
- for (; ix < olduse; ix++) {
- *tmpc++ = 0;
- }
- }
- mp_clamp (c);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
-#endif
-
- return MP_OKAY;
-}
-
-
-/* set a 32-bit const */
-int mp_set_int (mp_int * a, unsigned long b)
-{
- int x, res;
-
- mp_zero (a);
-
- /* set four bits at a time */
- for (x = 0; x < 8; x++) {
- /* shift the number up four bits */
- if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
- return res;
- }
-
- /* OR in the top four bits of the source */
- a->dp[0] |= (b >> 28) & 15;
-
- /* shift the source up to the next four bits */
- b <<= 4;
-
- /* ensure that digits are not clamped off */
- a->used += 1;
- }
- mp_clamp (a);
- return MP_OKAY;
-}
-
-
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_ECC)
-
-/* c = a * a (mod b) */
-int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
-{
- int res;
- mp_int t;
-
- if ((res = mp_init (&t)) != MP_OKAY) {
- return res;
- }
-
- if ((res = mp_sqr (a, &t)) != MP_OKAY) {
- mp_clear (&t);
- return res;
- }
- res = mp_mod (&t, b, c);
- mp_clear (&t);
- return res;
-}
-
-#endif
-
-
-#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN)
-
-/* single digit addition */
-int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
-{
- int res, ix, oldused;
- mp_digit *tmpa, *tmpc, mu;
-
- /* grow c as required */
- if (c->alloc < a->used + 1) {
- if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
- return res;
- }
- }
-
- /* if a is negative and |a| >= b, call c = |a| - b */
- if (a->sign == MP_NEG && (a->used > 1 || a->dp[0] >= b)) {
- /* temporarily fix sign of a */
- a->sign = MP_ZPOS;
-
- /* c = |a| - b */
- res = mp_sub_d(a, b, c);
-
- /* fix sign */
- a->sign = c->sign = MP_NEG;
-
- /* clamp */
- mp_clamp(c);
-
- return res;
- }
-
- /* old number of used digits in c */
- oldused = c->used;
-
- /* sign always positive */
- c->sign = MP_ZPOS;
-
- /* source alias */
- tmpa = a->dp;
-
- /* destination alias */
- tmpc = c->dp;
-
- /* if a is positive */
- if (a->sign == MP_ZPOS) {
- /* add digit, after this we're propagating
- * the carry.
- */
- *tmpc = *tmpa++ + b;
- mu = *tmpc >> DIGIT_BIT;
- *tmpc++ &= MP_MASK;
-
- /* now handle rest of the digits */
- for (ix = 1; ix < a->used; ix++) {
- *tmpc = *tmpa++ + mu;
- mu = *tmpc >> DIGIT_BIT;
- *tmpc++ &= MP_MASK;
- }
- /* set final carry */
- if (mu != 0 && ix < c->alloc) {
- ix++;
- *tmpc++ = mu;
- }
-
- /* setup size */
- c->used = a->used + 1;
- } else {
- /* a was negative and |a| < b */
- c->used = 1;
-
- /* the result is a single digit */
- if (a->used == 1) {
- *tmpc++ = b - a->dp[0];
- } else {
- *tmpc++ = b;
- }
-
- /* setup count so the clearing of oldused
- * can fall through correctly
- */
- ix = 1;
- }
-
- /* now zero to oldused */
- while (ix++ < oldused) {
- *tmpc++ = 0;
- }
- mp_clamp(c);
-
- return MP_OKAY;
-}
-
-
-/* single digit subtraction */
-int mp_sub_d (mp_int * a, mp_digit b, mp_int * c)
-{
- mp_digit *tmpa, *tmpc, mu;
- int res, ix, oldused;
-
- /* grow c as required */
- if (c->alloc < a->used + 1) {
- if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
- return res;
- }
- }
-
- /* if a is negative just do an unsigned
- * addition [with fudged signs]
- */
- if (a->sign == MP_NEG) {
- a->sign = MP_ZPOS;
- res = mp_add_d(a, b, c);
- a->sign = c->sign = MP_NEG;
-
- /* clamp */
- mp_clamp(c);
-
- return res;
- }
-
- /* setup regs */
- oldused = c->used;
- tmpa = a->dp;
- tmpc = c->dp;
-
- /* if a <= b simply fix the single digit */
- if ((a->used == 1 && a->dp[0] <= b) || a->used == 0) {
- if (a->used == 1) {
- *tmpc++ = b - *tmpa;
- } else {
- *tmpc++ = b;
- }
- ix = 1;
-
- /* negative/1digit */
- c->sign = MP_NEG;
- c->used = 1;
- } else {
- /* positive/size */
- c->sign = MP_ZPOS;
- c->used = a->used;
-
- /* subtract first digit */
- *tmpc = *tmpa++ - b;
- mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1);
- *tmpc++ &= MP_MASK;
-
- /* handle rest of the digits */
- for (ix = 1; ix < a->used; ix++) {
- *tmpc = *tmpa++ - mu;
- mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1);
- *tmpc++ &= MP_MASK;
- }
- }
-
- /* zero excess digits */
- while (ix++ < oldused) {
- *tmpc++ = 0;
- }
- mp_clamp(c);
- return MP_OKAY;
-}
-
-#endif /* defined(HAVE_ECC) || !defined(NO_PWDBASED) */
-
-
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
-
-static const int lnz[16] = {
- 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
-};
-
-/* Counts the number of lsbs which are zero before the first zero bit */
-int mp_cnt_lsb(mp_int *a)
-{
- int x;
- mp_digit q, qq;
-
- /* easy out */
- if (mp_iszero(a) == 1) {
- return 0;
- }
-
- /* scan lower digits until non-zero */
- for (x = 0; x < a->used && a->dp[x] == 0; x++);
- q = a->dp[x];
- x *= DIGIT_BIT;
-
- /* now scan this digit until a 1 is found */
- if ((q & 1) == 0) {
- do {
- qq = q & 15;
- x += lnz[qq];
- q >>= 4;
- } while (qq == 0);
- }
- return x;
-}
-
-
-
-
-static int s_is_power_of_two(mp_digit b, int *p)
-{
- int x;
-
- /* fast return if no power of two */
- if ((b==0) || (b & (b-1))) {
- return 0;
- }
-
- for (x = 0; x < DIGIT_BIT; x++) {
- if (b == (((mp_digit)1)<<x)) {
- *p = x;
- return 1;
- }
- }
- return 0;
-}
-
-/* single digit division (based on routine from MPI) */
-static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
-{
- mp_int q;
- mp_word w;
- mp_digit t;
- int res, ix;
-
- /* cannot divide by zero */
- if (b == 0) {
- return MP_VAL;
- }
-
- /* quick outs */
- if (b == 1 || mp_iszero(a) == 1) {
- if (d != NULL) {
- *d = 0;
- }
- if (c != NULL) {
- return mp_copy(a, c);
- }
- return MP_OKAY;
- }
-
- /* power of two ? */
- if (s_is_power_of_two(b, &ix) == 1) {
- if (d != NULL) {
- *d = a->dp[0] & ((((mp_digit)1)<<ix) - 1);
- }
- if (c != NULL) {
- return mp_div_2d(a, ix, c, NULL);
- }
- return MP_OKAY;
- }
-
-#ifdef BN_MP_DIV_3_C
- /* three? */
- if (b == 3) {
- return mp_div_3(a, c, d);
- }
-#endif
-
- /* no easy answer [c'est la vie]. Just division */
- if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
- return res;
- }
-
- q.used = a->used;
- q.sign = a->sign;
- w = 0;
- for (ix = a->used - 1; ix >= 0; ix--) {
- w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
-
- if (w >= b) {
- t = (mp_digit)(w / b);
- w -= ((mp_word)t) * ((mp_word)b);
- } else {
- t = 0;
- }
- q.dp[ix] = (mp_digit)t;
- }
-
- if (d != NULL) {
- *d = (mp_digit)w;
- }
-
- if (c != NULL) {
- mp_clamp(&q);
- mp_exch(&q, c);
- }
- mp_clear(&q);
-
- return res;
-}
-
-
-int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
-{
- return mp_div_d(a, b, NULL, c);
-}
-
-#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
-
-#ifdef WOLFSSL_KEY_GEN
-
-const mp_digit ltm_prime_tab[] = {
- 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
- 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
- 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
- 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F,
-#ifndef MP_8BIT
- 0x0083,
- 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
- 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
- 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
- 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
-
- 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
- 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
- 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
- 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
- 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
- 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
- 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
- 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
-
- 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
- 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
- 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
- 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
- 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
- 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
- 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
- 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
-
- 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
- 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
- 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
- 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
- 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
- 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
- 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
- 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653
-#endif
-};
-
-
-/* Miller-Rabin test of "a" to the base of "b" as described in
- * HAC pp. 139 Algorithm 4.24
- *
- * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
- * very much lower.
- */
-static int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
-{
- mp_int n1, y, r;
- int s, j, err;
-
- /* default */
- *result = MP_NO;
-
- /* ensure b > 1 */
- if (mp_cmp_d(b, 1) != MP_GT) {
- return MP_VAL;
- }
-
- /* get n1 = a - 1 */
- if ((err = mp_init_copy (&n1, a)) != MP_OKAY) {
- return err;
- }
- if ((err = mp_sub_d (&n1, 1, &n1)) != MP_OKAY) {
- goto LBL_N1;
- }
-
- /* set 2**s * r = n1 */
- if ((err = mp_init_copy (&r, &n1)) != MP_OKAY) {
- goto LBL_N1;
- }
-
- /* count the number of least significant bits
- * which are zero
- */
- s = mp_cnt_lsb(&r);
-
- /* now divide n - 1 by 2**s */
- if ((err = mp_div_2d (&r, s, &r, NULL)) != MP_OKAY) {
- goto LBL_R;
- }
-
- /* compute y = b**r mod a */
- if ((err = mp_init (&y)) != MP_OKAY) {
- goto LBL_R;
- }
- if ((err = mp_exptmod (b, &r, a, &y)) != MP_OKAY) {
- goto LBL_Y;
- }
-
- /* if y != 1 and y != n1 do */
- if (mp_cmp_d (&y, 1) != MP_EQ && mp_cmp (&y, &n1) != MP_EQ) {
- j = 1;
- /* while j <= s-1 and y != n1 */
- while ((j <= (s - 1)) && mp_cmp (&y, &n1) != MP_EQ) {
- if ((err = mp_sqrmod (&y, a, &y)) != MP_OKAY) {
- goto LBL_Y;
- }
-
- /* if y == 1 then composite */
- if (mp_cmp_d (&y, 1) == MP_EQ) {
- goto LBL_Y;
- }
-
- ++j;
- }
-
- /* if y != n1 then composite */
- if (mp_cmp (&y, &n1) != MP_EQ) {
- goto LBL_Y;
- }
- }
-
- /* probably prime now */
- *result = MP_YES;
-LBL_Y:mp_clear (&y);
-LBL_R:mp_clear (&r);
-LBL_N1:mp_clear (&n1);
- return err;
-}
-
-
-/* determines if an integers is divisible by one
- * of the first PRIME_SIZE primes or not
- *
- * sets result to 0 if not, 1 if yes
- */
-static int mp_prime_is_divisible (mp_int * a, int *result)
-{
- int err, ix;
- mp_digit res;
-
- /* default to not */
- *result = MP_NO;
-
- for (ix = 0; ix < PRIME_SIZE; ix++) {
- /* what is a mod LBL_prime_tab[ix] */
- if ((err = mp_mod_d (a, ltm_prime_tab[ix], &res)) != MP_OKAY) {
- return err;
- }
-
- /* is the residue zero? */
- if (res == 0) {
- *result = MP_YES;
- return MP_OKAY;
- }
- }
-
- return MP_OKAY;
-}
-
-
-/*
- * Sets result to 1 if probably prime, 0 otherwise
- */
-int mp_prime_is_prime (mp_int * a, int t, int *result)
-{
- mp_int b;
- int ix, err, res;
-
- /* default to no */
- *result = MP_NO;
-
- /* valid value of t? */
- if (t <= 0 || t > PRIME_SIZE) {
- return MP_VAL;
- }
-
- /* is the input equal to one of the primes in the table? */
- for (ix = 0; ix < PRIME_SIZE; ix++) {
- if (mp_cmp_d(a, ltm_prime_tab[ix]) == MP_EQ) {
- *result = 1;
- return MP_OKAY;
- }
- }
-
- /* first perform trial division */
- if ((err = mp_prime_is_divisible (a, &res)) != MP_OKAY) {
- return err;
- }
-
- /* return if it was trivially divisible */
- if (res == MP_YES) {
- return MP_OKAY;
- }
-
- /* now perform the miller-rabin rounds */
- if ((err = mp_init (&b)) != MP_OKAY) {
- return err;
- }
-
- for (ix = 0; ix < t; ix++) {
- /* set the prime */
- mp_set (&b, ltm_prime_tab[ix]);
-
- if ((err = mp_prime_miller_rabin (a, &b, &res)) != MP_OKAY) {
- goto LBL_B;
- }
-
- if (res == MP_NO) {
- goto LBL_B;
- }
- }
-
- /* passed the test */
- *result = MP_YES;
-LBL_B:mp_clear (&b);
- return err;
-}
-
-
-/* computes least common multiple as |a*b|/(a, b) */
-int mp_lcm (mp_int * a, mp_int * b, mp_int * c)
-{
- int res;
- mp_int t1, t2;
-
-
- if ((res = mp_init_multi (&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
- return res;
- }
-
- /* t1 = get the GCD of the two inputs */
- if ((res = mp_gcd (a, b, &t1)) != MP_OKAY) {
- goto LBL_T;
- }
-
- /* divide the smallest by the GCD */
- if (mp_cmp_mag(a, b) == MP_LT) {
- /* store quotient in t2 such that t2 * b is the LCM */
- if ((res = mp_div(a, &t1, &t2, NULL)) != MP_OKAY) {
- goto LBL_T;
- }
- res = mp_mul(b, &t2, c);
- } else {
- /* store quotient in t2 such that t2 * a is the LCM */
- if ((res = mp_div(b, &t1, &t2, NULL)) != MP_OKAY) {
- goto LBL_T;
- }
- res = mp_mul(a, &t2, c);
- }
-
- /* fix the sign to positive */
- c->sign = MP_ZPOS;
-
-LBL_T:
- mp_clear(&t1);
- mp_clear(&t2);
- return res;
-}
-
-
-
-/* Greatest Common Divisor using the binary method */
-int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
-{
- mp_int u, v;
- int k, u_lsb, v_lsb, res;
-
- /* either zero than gcd is the largest */
- if (mp_iszero (a) == MP_YES) {
- return mp_abs (b, c);
- }
- if (mp_iszero (b) == MP_YES) {
- return mp_abs (a, c);
- }
-
- /* get copies of a and b we can modify */
- if ((res = mp_init_copy (&u, a)) != MP_OKAY) {
- return res;
- }
-
- if ((res = mp_init_copy (&v, b)) != MP_OKAY) {
- goto LBL_U;
- }
-
- /* must be positive for the remainder of the algorithm */
- u.sign = v.sign = MP_ZPOS;
-
- /* B1. Find the common power of two for u and v */
- u_lsb = mp_cnt_lsb(&u);
- v_lsb = mp_cnt_lsb(&v);
- k = MIN(u_lsb, v_lsb);
-
- if (k > 0) {
- /* divide the power of two out */
- if ((res = mp_div_2d(&u, k, &u, NULL)) != MP_OKAY) {
- goto LBL_V;
- }
-
- if ((res = mp_div_2d(&v, k, &v, NULL)) != MP_OKAY) {
- goto LBL_V;
- }
- }
-
- /* divide any remaining factors of two out */
- if (u_lsb != k) {
- if ((res = mp_div_2d(&u, u_lsb - k, &u, NULL)) != MP_OKAY) {
- goto LBL_V;
- }
- }
-
- if (v_lsb != k) {
- if ((res = mp_div_2d(&v, v_lsb - k, &v, NULL)) != MP_OKAY) {
- goto LBL_V;
- }
- }
-
- while (mp_iszero(&v) == 0) {
- /* make sure v is the largest */
- if (mp_cmp_mag(&u, &v) == MP_GT) {
- /* swap u and v to make sure v is >= u */
- mp_exch(&u, &v);
- }
-
- /* subtract smallest from largest */
- if ((res = s_mp_sub(&v, &u, &v)) != MP_OKAY) {
- goto LBL_V;
- }
-
- /* Divide out all factors of two */
- if ((res = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
- goto LBL_V;
- }
- }
-
- /* multiply by 2**k which we divided out at the beginning */
- if ((res = mp_mul_2d (&u, k, c)) != MP_OKAY) {
- goto LBL_V;
- }
- c->sign = MP_ZPOS;
- res = MP_OKAY;
-LBL_V:mp_clear (&u);
-LBL_U:mp_clear (&v);
- return res;
-}
-
-
-
-#endif /* WOLFSSL_KEY_GEN */
-
-
-#ifdef HAVE_ECC
-
-/* chars used in radix conversions */
-const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
-
-/* read a string [ASCII] in a given radix */
-int mp_read_radix (mp_int * a, const char *str, int radix)
-{
- int y, res, neg;
- char ch;
-
- /* zero the digit bignum */
- mp_zero(a);
-
- /* make sure the radix is ok */
- if (radix < 2 || radix > 64) {
- return MP_VAL;
- }
-
- /* if the leading digit is a
- * minus set the sign to negative.
- */
- if (*str == '-') {
- ++str;
- neg = MP_NEG;
- } else {
- neg = MP_ZPOS;
- }
-
- /* set the integer to the default of zero */
- mp_zero (a);
-
- /* process each digit of the string */
- while (*str) {
- /* if the radix < 36 the conversion is case insensitive
- * this allows numbers like 1AB and 1ab to represent the same value
- * [e.g. in hex]
- */
- ch = (char) ((radix < 36) ? XTOUPPER((unsigned char)*str) : *str);
- for (y = 0; y < 64; y++) {
- if (ch == mp_s_rmap[y]) {
- break;
- }
- }
-
- /* if the char was found in the map
- * and is less than the given radix add it
- * to the number, otherwise exit the loop.
- */
- if (y < radix) {
- if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) {
- return res;
- }
- if ((res = mp_add_d (a, (mp_digit) y, a)) != MP_OKAY) {
- return res;
- }
- } else {
- break;
- }
- ++str;
- }
-
- /* set the sign only if a != 0 */
- if (mp_iszero(a) != 1) {
- a->sign = neg;
- }
- return MP_OKAY;
-}
-
-#endif /* HAVE_ECC */
-
-#endif /* USE_FAST_MATH */
-
-#endif /* NO_BIG_INT */
-
-
--- a/wolfcrypt/src/logging.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,163 +0,0 @@
-/* logging.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-/* submitted by eof */
-
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
- WOLFSSL_API int wolfSSL_Debugging_ON(void);
- WOLFSSL_API void wolfSSL_Debugging_OFF(void);
-#ifdef __cplusplus
- }
-#endif
-
-
-#ifdef DEBUG_WOLFSSL
-
-/* Set these to default values initially. */
-static wolfSSL_Logging_cb log_function = 0;
-static int loggingEnabled = 0;
-
-#endif /* DEBUG_WOLFSSL */
-
-
-int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb f)
-{
-#ifdef DEBUG_WOLFSSL
- int res = 0;
-
- if (f)
- log_function = f;
- else
- res = BAD_FUNC_ARG;
-
- return res;
-#else
- (void)f;
- return NOT_COMPILED_IN;
-#endif
-}
-
-
-int wolfSSL_Debugging_ON(void)
-{
-#ifdef DEBUG_WOLFSSL
- loggingEnabled = 1;
- return 0;
-#else
- return NOT_COMPILED_IN;
-#endif
-}
-
-
-void wolfSSL_Debugging_OFF(void)
-{
-#ifdef DEBUG_WOLFSSL
- loggingEnabled = 0;
-#endif
-}
-
-
-#ifdef DEBUG_WOLFSSL
-
-#ifdef FREESCALE_MQX
- #include <fio.h>
-#else
- #include <stdio.h> /* for default printf stuff */
-#endif
-
-#ifdef THREADX
- int dc_log_printf(char*, ...);
-#endif
-
-static void wolfssl_log(const int logLevel, const char *const logMessage)
-{
- if (log_function)
- log_function(logLevel, logMessage);
- else {
- if (loggingEnabled) {
-#ifdef THREADX
- dc_log_printf("%s\n", logMessage);
-#elif defined(MICRIUM)
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- NetSecure_TraceOut((CPU_CHAR *)logMessage);
- #endif
-#elif defined(WOLFSSL_MDK_ARM)
- fflush(stdout) ;
- printf("%s\n", logMessage);
- fflush(stdout) ;
-#else
- fprintf(stderr, "%s\n", logMessage);
-#endif
- }
- }
-}
-
-
-void WOLFSSL_MSG(const char* msg)
-{
- if (loggingEnabled)
- wolfssl_log(INFO_LOG , msg);
-}
-
-
-void WOLFSSL_ENTER(const char* msg)
-{
- if (loggingEnabled) {
- char buffer[80];
- sprintf(buffer, "wolfSSL Entering %s", msg);
- wolfssl_log(ENTER_LOG , buffer);
- }
-}
-
-
-void WOLFSSL_LEAVE(const char* msg, int ret)
-{
- if (loggingEnabled) {
- char buffer[80];
- sprintf(buffer, "wolfSSL Leaving %s, return %d", msg, ret);
- wolfssl_log(LEAVE_LOG , buffer);
- }
-}
-
-
-void WOLFSSL_ERROR(int error)
-{
- if (loggingEnabled) {
- char buffer[80];
- sprintf(buffer, "wolfSSL error occured, error = %d", error);
- wolfssl_log(ERROR_LOG , buffer);
- }
-}
-
-#endif /* DEBUG_WOLFSSL */
-
--- a/wolfcrypt/src/md2.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,161 +0,0 @@
-/* md2.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_MD2
-
-#include <wolfssl/wolfcrypt/md2.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-void wc_InitMd2(Md2* md2)
-{
- XMEMSET(md2->X, 0, MD2_X_SIZE);
- XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
- XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
- md2->count = 0;
-}
-
-
-void wc_Md2Update(Md2* md2, const byte* data, word32 len)
-{
- static const byte S[256] =
- {
- 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
- 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
- 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
- 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
- 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
- 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
- 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
- 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
- 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
- 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
- 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
- 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
- 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
- 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
- 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
- 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
- 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
- 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
- };
-
- while (len) {
- word32 L = (MD2_PAD_SIZE - md2->count) < len ?
- (MD2_PAD_SIZE - md2->count) : len;
- XMEMCPY(md2->buffer + md2->count, data, L);
- md2->count += L;
- data += L;
- len -= L;
-
- if (md2->count == MD2_PAD_SIZE) {
- int i;
- byte t;
-
- md2->count = 0;
- XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
- t = md2->C[15];
-
- for(i = 0; i < MD2_PAD_SIZE; i++) {
- md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
- t = md2->C[i] ^= S[md2->buffer[i] ^ t];
- }
-
- t=0;
- for(i = 0; i < 18; i++) {
- int j;
- for(j = 0; j < MD2_X_SIZE; j += 8) {
- t = md2->X[j+0] ^= S[t];
- t = md2->X[j+1] ^= S[t];
- t = md2->X[j+2] ^= S[t];
- t = md2->X[j+3] ^= S[t];
- t = md2->X[j+4] ^= S[t];
- t = md2->X[j+5] ^= S[t];
- t = md2->X[j+6] ^= S[t];
- t = md2->X[j+7] ^= S[t];
- }
- t = (t + i) & 0xFF;
- }
- }
- }
-}
-
-
-void wc_Md2Final(Md2* md2, byte* hash)
-{
- byte padding[MD2_BLOCK_SIZE];
- word32 padLen = MD2_PAD_SIZE - md2->count;
- word32 i;
-
- for (i = 0; i < padLen; i++)
- padding[i] = (byte)padLen;
-
- wc_Md2Update(md2, padding, padLen);
- wc_Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
-
- XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
-
- wc_InitMd2(md2);
-}
-
-
-int wc_Md2Hash(const byte* data, word32 len, byte* hash)
-{
-#ifdef WOLFSSL_SMALL_STACK
- Md2* md2;
-#else
- Md2 md2[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- md2 = (Md2*)XMALLOC(sizeof(Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md2 == NULL)
- return MEMORY_E;
-#endif
-
- wc_InitMd2(md2);
- wc_Md2Update(md2, data, len);
- wc_Md2Final(md2, hash);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(md2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-
-#endif /* WOLFSSL_MD2 */
-
-
--- a/wolfcrypt/src/md4.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,221 +0,0 @@
-/* md4.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_MD4
-
-#include <wolfssl/wolfcrypt/md4.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-void wc_InitMd4(Md4* md4)
-{
- md4->digest[0] = 0x67452301L;
- md4->digest[1] = 0xefcdab89L;
- md4->digest[2] = 0x98badcfeL;
- md4->digest[3] = 0x10325476L;
-
- md4->buffLen = 0;
- md4->loLen = 0;
- md4->hiLen = 0;
-}
-
-
-static void Transform(Md4* md4)
-{
-#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
-#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-
- /* Copy context->state[] to working vars */
- word32 A = md4->digest[0];
- word32 B = md4->digest[1];
- word32 C = md4->digest[2];
- word32 D = md4->digest[3];
-
-#define function(a,b,c,d,k,s) a=rotlFixed(a+F(b,c,d)+md4->buffer[k],s);
- function(A,B,C,D, 0, 3);
- function(D,A,B,C, 1, 7);
- function(C,D,A,B, 2,11);
- function(B,C,D,A, 3,19);
- function(A,B,C,D, 4, 3);
- function(D,A,B,C, 5, 7);
- function(C,D,A,B, 6,11);
- function(B,C,D,A, 7,19);
- function(A,B,C,D, 8, 3);
- function(D,A,B,C, 9, 7);
- function(C,D,A,B,10,11);
- function(B,C,D,A,11,19);
- function(A,B,C,D,12, 3);
- function(D,A,B,C,13, 7);
- function(C,D,A,B,14,11);
- function(B,C,D,A,15,19);
-
-#undef function
-#define function(a,b,c,d,k,s) \
- a=rotlFixed(a+G(b,c,d)+md4->buffer[k]+0x5a827999,s);
-
- function(A,B,C,D, 0, 3);
- function(D,A,B,C, 4, 5);
- function(C,D,A,B, 8, 9);
- function(B,C,D,A,12,13);
- function(A,B,C,D, 1, 3);
- function(D,A,B,C, 5, 5);
- function(C,D,A,B, 9, 9);
- function(B,C,D,A,13,13);
- function(A,B,C,D, 2, 3);
- function(D,A,B,C, 6, 5);
- function(C,D,A,B,10, 9);
- function(B,C,D,A,14,13);
- function(A,B,C,D, 3, 3);
- function(D,A,B,C, 7, 5);
- function(C,D,A,B,11, 9);
- function(B,C,D,A,15,13);
-
-#undef function
-#define function(a,b,c,d,k,s) \
- a=rotlFixed(a+H(b,c,d)+md4->buffer[k]+0x6ed9eba1,s);
-
- function(A,B,C,D, 0, 3);
- function(D,A,B,C, 8, 9);
- function(C,D,A,B, 4,11);
- function(B,C,D,A,12,15);
- function(A,B,C,D, 2, 3);
- function(D,A,B,C,10, 9);
- function(C,D,A,B, 6,11);
- function(B,C,D,A,14,15);
- function(A,B,C,D, 1, 3);
- function(D,A,B,C, 9, 9);
- function(C,D,A,B, 5,11);
- function(B,C,D,A,13,15);
- function(A,B,C,D, 3, 3);
- function(D,A,B,C,11, 9);
- function(C,D,A,B, 7,11);
- function(B,C,D,A,15,15);
-
- /* Add the working vars back into digest state[] */
- md4->digest[0] += A;
- md4->digest[1] += B;
- md4->digest[2] += C;
- md4->digest[3] += D;
-}
-
-
-static INLINE void AddLength(Md4* md4, word32 len)
-{
- word32 tmp = md4->loLen;
- if ( (md4->loLen += len) < tmp)
- md4->hiLen++; /* carry low to high */
-}
-
-
-void wc_Md4Update(Md4* md4, const byte* data, word32 len)
-{
- /* do block size increments */
- byte* local = (byte*)md4->buffer;
-
- while (len) {
- word32 add = min(len, MD4_BLOCK_SIZE - md4->buffLen);
- XMEMCPY(&local[md4->buffLen], data, add);
-
- md4->buffLen += add;
- data += add;
- len -= add;
-
- if (md4->buffLen == MD4_BLOCK_SIZE) {
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
- #endif
- Transform(md4);
- AddLength(md4, MD4_BLOCK_SIZE);
- md4->buffLen = 0;
- }
- }
-}
-
-
-void wc_Md4Final(Md4* md4, byte* hash)
-{
- byte* local = (byte*)md4->buffer;
-
- AddLength(md4, md4->buffLen); /* before adding pads */
-
- local[md4->buffLen++] = 0x80; /* add 1 */
-
- /* pad with zeros */
- if (md4->buffLen > MD4_PAD_SIZE) {
- XMEMSET(&local[md4->buffLen], 0, MD4_BLOCK_SIZE - md4->buffLen);
- md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen;
-
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
- #endif
- Transform(md4);
- md4->buffLen = 0;
- }
- XMEMSET(&local[md4->buffLen], 0, MD4_PAD_SIZE - md4->buffLen);
-
- /* put lengths in bits */
- md4->hiLen = (md4->loLen >> (8*sizeof(md4->loLen) - 3)) +
- (md4->hiLen << 3);
- md4->loLen = md4->loLen << 3;
-
- /* store lengths */
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
- #endif
- /* ! length ordering dependent on digest endian type ! */
- XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32));
- XMEMCPY(&local[MD4_PAD_SIZE + sizeof(word32)], &md4->hiLen, sizeof(word32));
-
- Transform(md4);
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(md4->digest, md4->digest, MD4_DIGEST_SIZE);
- #endif
- XMEMCPY(hash, md4->digest, MD4_DIGEST_SIZE);
-
- wc_InitMd4(md4); /* reset state */
-}
-
-
-#endif /* NO_MD4 */
-
-
--- a/wolfcrypt/src/md5.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,398 +0,0 @@
-/* md5.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if !defined(NO_MD5)
-
-#if defined(WOLFSSL_TI_HASH)
- /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
-#else
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitMd5 wc_InitMd5_sw
-#define wc_Md5Update wc_Md5Update_sw
-#define wc_Md5Final wc_Md5Final_sw
-#endif
-
-#include <wolfssl/wolfcrypt/md5.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef FREESCALE_MMCAU
- #include "cau_api.h"
- #define XTRANSFORM(S,B) cau_md5_hash_n((B), 1, (unsigned char*)(S)->digest)
-#else
- #define XTRANSFORM(S,B) Transform((S))
-#endif
-
-
-#ifdef STM32F2_HASH
- /*
- * STM32F2 hardware MD5 support through the STM32F2 standard peripheral
- * library. Documentation located in STM32F2xx Standard Peripheral Library
- * document (See note in README).
- */
- #include "stm32f2xx.h"
-
- void wc_InitMd5(Md5* md5)
- {
- /* STM32F2 struct notes:
- * md5->buffer = first 4 bytes used to hold partial block if needed
- * md5->buffLen = num bytes currently stored in md5->buffer
- * md5->loLen = num bytes that have been written to STM32 FIFO
- */
- XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
-
- md5->buffLen = 0;
- md5->loLen = 0;
-
- /* initialize HASH peripheral */
- HASH_DeInit();
-
- /* configure algo used, algo mode, datatype */
- HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
- HASH->CR |= (HASH_AlgoSelection_MD5 | HASH_AlgoMode_HASH
- | HASH_DataType_8b);
-
- /* reset HASH processor */
- HASH->CR |= HASH_CR_INIT;
- }
-
- void wc_Md5Update(Md5* md5, const byte* data, word32 len)
- {
- word32 i = 0;
- word32 fill = 0;
- word32 diff = 0;
-
- /* if saved partial block is available */
- if (md5->buffLen > 0) {
- fill = 4 - md5->buffLen;
-
- /* if enough data to fill, fill and push to FIFO */
- if (fill <= len) {
- XMEMCPY((byte*)md5->buffer + md5->buffLen, data, fill);
- HASH_DataIn(*(uint32_t*)md5->buffer);
-
- data += fill;
- len -= fill;
- md5->loLen += 4;
- md5->buffLen = 0;
- } else {
- /* append partial to existing stored block */
- XMEMCPY((byte*)md5->buffer + md5->buffLen, data, len);
- md5->buffLen += len;
- return;
- }
- }
-
- /* write input block in the IN FIFO */
- for (i = 0; i < len; i += 4)
- {
- diff = len - i;
- if (diff < 4) {
- /* store incomplete last block, not yet in FIFO */
- XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
- XMEMCPY((byte*)md5->buffer, data, diff);
- md5->buffLen = diff;
- } else {
- HASH_DataIn(*(uint32_t*)data);
- data+=4;
- }
- }
-
- /* keep track of total data length thus far */
- md5->loLen += (len - md5->buffLen);
- }
-
- void wc_Md5Final(Md5* md5, byte* hash)
- {
- __IO uint16_t nbvalidbitsdata = 0;
-
- /* finish reading any trailing bytes into FIFO */
- if (md5->buffLen > 0) {
- HASH_DataIn(*(uint32_t*)md5->buffer);
- md5->loLen += md5->buffLen;
- }
-
- /* calculate number of valid bits in last word of input data */
- nbvalidbitsdata = 8 * (md5->loLen % MD5_REG_SIZE);
-
- /* configure number of valid bits in last word of the data */
- HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
-
- /* start HASH processor */
- HASH_StartDigest();
-
- /* wait until Busy flag == RESET */
- while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
-
- /* read message digest */
- md5->digest[0] = HASH->HR[0];
- md5->digest[1] = HASH->HR[1];
- md5->digest[2] = HASH->HR[2];
- md5->digest[3] = HASH->HR[3];
-
- ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
-
- XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
-
- wc_InitMd5(md5); /* reset state */
- }
-
-#else /* CTaoCrypt software implementation */
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-void wc_InitMd5(Md5* md5)
-{
- md5->digest[0] = 0x67452301L;
- md5->digest[1] = 0xefcdab89L;
- md5->digest[2] = 0x98badcfeL;
- md5->digest[3] = 0x10325476L;
-
- md5->buffLen = 0;
- md5->loLen = 0;
- md5->hiLen = 0;
-}
-
-#ifndef FREESCALE_MMCAU
-
-static void Transform(Md5* md5)
-{
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-#define MD5STEP(f, w, x, y, z, data, s) \
- w = rotlFixed(w + f(x, y, z) + data, s) + x
-
- /* Copy context->state[] to working vars */
- word32 a = md5->digest[0];
- word32 b = md5->digest[1];
- word32 c = md5->digest[2];
- word32 d = md5->digest[3];
-
- MD5STEP(F1, a, b, c, d, md5->buffer[0] + 0xd76aa478, 7);
- MD5STEP(F1, d, a, b, c, md5->buffer[1] + 0xe8c7b756, 12);
- MD5STEP(F1, c, d, a, b, md5->buffer[2] + 0x242070db, 17);
- MD5STEP(F1, b, c, d, a, md5->buffer[3] + 0xc1bdceee, 22);
- MD5STEP(F1, a, b, c, d, md5->buffer[4] + 0xf57c0faf, 7);
- MD5STEP(F1, d, a, b, c, md5->buffer[5] + 0x4787c62a, 12);
- MD5STEP(F1, c, d, a, b, md5->buffer[6] + 0xa8304613, 17);
- MD5STEP(F1, b, c, d, a, md5->buffer[7] + 0xfd469501, 22);
- MD5STEP(F1, a, b, c, d, md5->buffer[8] + 0x698098d8, 7);
- MD5STEP(F1, d, a, b, c, md5->buffer[9] + 0x8b44f7af, 12);
- MD5STEP(F1, c, d, a, b, md5->buffer[10] + 0xffff5bb1, 17);
- MD5STEP(F1, b, c, d, a, md5->buffer[11] + 0x895cd7be, 22);
- MD5STEP(F1, a, b, c, d, md5->buffer[12] + 0x6b901122, 7);
- MD5STEP(F1, d, a, b, c, md5->buffer[13] + 0xfd987193, 12);
- MD5STEP(F1, c, d, a, b, md5->buffer[14] + 0xa679438e, 17);
- MD5STEP(F1, b, c, d, a, md5->buffer[15] + 0x49b40821, 22);
-
- MD5STEP(F2, a, b, c, d, md5->buffer[1] + 0xf61e2562, 5);
- MD5STEP(F2, d, a, b, c, md5->buffer[6] + 0xc040b340, 9);
- MD5STEP(F2, c, d, a, b, md5->buffer[11] + 0x265e5a51, 14);
- MD5STEP(F2, b, c, d, a, md5->buffer[0] + 0xe9b6c7aa, 20);
- MD5STEP(F2, a, b, c, d, md5->buffer[5] + 0xd62f105d, 5);
- MD5STEP(F2, d, a, b, c, md5->buffer[10] + 0x02441453, 9);
- MD5STEP(F2, c, d, a, b, md5->buffer[15] + 0xd8a1e681, 14);
- MD5STEP(F2, b, c, d, a, md5->buffer[4] + 0xe7d3fbc8, 20);
- MD5STEP(F2, a, b, c, d, md5->buffer[9] + 0x21e1cde6, 5);
- MD5STEP(F2, d, a, b, c, md5->buffer[14] + 0xc33707d6, 9);
- MD5STEP(F2, c, d, a, b, md5->buffer[3] + 0xf4d50d87, 14);
- MD5STEP(F2, b, c, d, a, md5->buffer[8] + 0x455a14ed, 20);
- MD5STEP(F2, a, b, c, d, md5->buffer[13] + 0xa9e3e905, 5);
- MD5STEP(F2, d, a, b, c, md5->buffer[2] + 0xfcefa3f8, 9);
- MD5STEP(F2, c, d, a, b, md5->buffer[7] + 0x676f02d9, 14);
- MD5STEP(F2, b, c, d, a, md5->buffer[12] + 0x8d2a4c8a, 20);
-
- MD5STEP(F3, a, b, c, d, md5->buffer[5] + 0xfffa3942, 4);
- MD5STEP(F3, d, a, b, c, md5->buffer[8] + 0x8771f681, 11);
- MD5STEP(F3, c, d, a, b, md5->buffer[11] + 0x6d9d6122, 16);
- MD5STEP(F3, b, c, d, a, md5->buffer[14] + 0xfde5380c, 23);
- MD5STEP(F3, a, b, c, d, md5->buffer[1] + 0xa4beea44, 4);
- MD5STEP(F3, d, a, b, c, md5->buffer[4] + 0x4bdecfa9, 11);
- MD5STEP(F3, c, d, a, b, md5->buffer[7] + 0xf6bb4b60, 16);
- MD5STEP(F3, b, c, d, a, md5->buffer[10] + 0xbebfbc70, 23);
- MD5STEP(F3, a, b, c, d, md5->buffer[13] + 0x289b7ec6, 4);
- MD5STEP(F3, d, a, b, c, md5->buffer[0] + 0xeaa127fa, 11);
- MD5STEP(F3, c, d, a, b, md5->buffer[3] + 0xd4ef3085, 16);
- MD5STEP(F3, b, c, d, a, md5->buffer[6] + 0x04881d05, 23);
- MD5STEP(F3, a, b, c, d, md5->buffer[9] + 0xd9d4d039, 4);
- MD5STEP(F3, d, a, b, c, md5->buffer[12] + 0xe6db99e5, 11);
- MD5STEP(F3, c, d, a, b, md5->buffer[15] + 0x1fa27cf8, 16);
- MD5STEP(F3, b, c, d, a, md5->buffer[2] + 0xc4ac5665, 23);
-
- MD5STEP(F4, a, b, c, d, md5->buffer[0] + 0xf4292244, 6);
- MD5STEP(F4, d, a, b, c, md5->buffer[7] + 0x432aff97, 10);
- MD5STEP(F4, c, d, a, b, md5->buffer[14] + 0xab9423a7, 15);
- MD5STEP(F4, b, c, d, a, md5->buffer[5] + 0xfc93a039, 21);
- MD5STEP(F4, a, b, c, d, md5->buffer[12] + 0x655b59c3, 6);
- MD5STEP(F4, d, a, b, c, md5->buffer[3] + 0x8f0ccc92, 10);
- MD5STEP(F4, c, d, a, b, md5->buffer[10] + 0xffeff47d, 15);
- MD5STEP(F4, b, c, d, a, md5->buffer[1] + 0x85845dd1, 21);
- MD5STEP(F4, a, b, c, d, md5->buffer[8] + 0x6fa87e4f, 6);
- MD5STEP(F4, d, a, b, c, md5->buffer[15] + 0xfe2ce6e0, 10);
- MD5STEP(F4, c, d, a, b, md5->buffer[6] + 0xa3014314, 15);
- MD5STEP(F4, b, c, d, a, md5->buffer[13] + 0x4e0811a1, 21);
- MD5STEP(F4, a, b, c, d, md5->buffer[4] + 0xf7537e82, 6);
- MD5STEP(F4, d, a, b, c, md5->buffer[11] + 0xbd3af235, 10);
- MD5STEP(F4, c, d, a, b, md5->buffer[2] + 0x2ad7d2bb, 15);
- MD5STEP(F4, b, c, d, a, md5->buffer[9] + 0xeb86d391, 21);
-
- /* Add the working vars back into digest state[] */
- md5->digest[0] += a;
- md5->digest[1] += b;
- md5->digest[2] += c;
- md5->digest[3] += d;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-
-static INLINE void AddLength(Md5* md5, word32 len)
-{
- word32 tmp = md5->loLen;
- if ( (md5->loLen += len) < tmp)
- md5->hiLen++; /* carry low to high */
-}
-
-
-void wc_Md5Update(Md5* md5, const byte* data, word32 len)
-{
- /* do block size increments */
- byte* local = (byte*)md5->buffer;
-
- while (len) {
- word32 add = min(len, MD5_BLOCK_SIZE - md5->buffLen);
- XMEMCPY(&local[md5->buffLen], data, add);
-
- md5->buffLen += add;
- data += add;
- len -= add;
-
- if (md5->buffLen == MD5_BLOCK_SIZE) {
- #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
- #endif
- XTRANSFORM(md5, local);
- AddLength(md5, MD5_BLOCK_SIZE);
- md5->buffLen = 0;
- }
- }
-}
-
-
-void wc_Md5Final(Md5* md5, byte* hash)
-{
- byte* local = (byte*)md5->buffer;
-
- AddLength(md5, md5->buffLen); /* before adding pads */
-
- local[md5->buffLen++] = 0x80; /* add 1 */
-
- /* pad with zeros */
- if (md5->buffLen > MD5_PAD_SIZE) {
- XMEMSET(&local[md5->buffLen], 0, MD5_BLOCK_SIZE - md5->buffLen);
- md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
-
- #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
- #endif
- XTRANSFORM(md5, local);
- md5->buffLen = 0;
- }
- XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
-
- /* put lengths in bits */
- md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) +
- (md5->hiLen << 3);
- md5->loLen = md5->loLen << 3;
-
- /* store lengths */
- #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
- #endif
- /* ! length ordering dependent on digest endian type ! */
- XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
- XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32));
-
- XTRANSFORM(md5, local);
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
- #endif
- XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
-
- wc_InitMd5(md5); /* reset state */
-}
-
-#endif /* STM32F2_HASH */
-
-
-int wc_Md5Hash(const byte* data, word32 len, byte* hash)
-{
-#ifdef WOLFSSL_SMALL_STACK
- Md5* md5;
-#else
- Md5 md5[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- return MEMORY_E;
-#endif
-
- wc_InitMd5(md5);
- wc_Md5Update(md5, data, len);
- wc_Md5Final(md5, hash);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-#endif /* WOLFSSL_TI_HASH */
-
-#endif /* NO_MD5 */
-
--- a/wolfcrypt/src/memory.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,192 +0,0 @@
-/* memory.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-/* check old macros @wc_fips */
-#if defined(USE_CYASSL_MEMORY) && !defined(USE_WOLFSSL_MEMORY)
- #define USE_WOLFSSL_MEMORY
-#endif
-#if defined(CYASSL_MALLOC_CHECK) && !defined(WOLFSSL_MALLOC_CHECK)
- #define WOLFSSL_MALLOC_CHECK
-#endif
-
-#ifdef USE_WOLFSSL_MEMORY
-
-#include <wolfssl/wolfcrypt/memory.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef WOLFSSL_MALLOC_CHECK
- #include <stdio.h>
-#endif
-
-/* Set these to default values initially. */
-static wolfSSL_Malloc_cb malloc_function = 0;
-static wolfSSL_Free_cb free_function = 0;
-static wolfSSL_Realloc_cb realloc_function = 0;
-
-int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf,
- wolfSSL_Free_cb ff,
- wolfSSL_Realloc_cb rf)
-{
- int res = 0;
-
- if (mf)
- malloc_function = mf;
- else
- res = BAD_FUNC_ARG;
-
- if (ff)
- free_function = ff;
- else
- res = BAD_FUNC_ARG;
-
- if (rf)
- realloc_function = rf;
- else
- res = BAD_FUNC_ARG;
-
- return res;
-}
-
-
-void* wolfSSL_Malloc(size_t size)
-{
- void* res = 0;
-
- if (malloc_function)
- res = malloc_function(size);
- else
- res = malloc(size);
-
- #ifdef WOLFSSL_MALLOC_CHECK
- if (res == NULL)
- puts("wolfSSL_malloc failed");
- #endif
-
- return res;
-}
-
-void wolfSSL_Free(void *ptr)
-{
- if (free_function)
- free_function(ptr);
- else
- free(ptr);
-}
-
-void* wolfSSL_Realloc(void *ptr, size_t size)
-{
- void* res = 0;
-
- if (realloc_function)
- res = realloc_function(ptr, size);
- else
- res = realloc(ptr, size);
-
- return res;
-}
-
-#endif /* USE_WOLFSSL_MEMORY */
-
-
-#ifdef HAVE_IO_POOL
-
-/* Example for user io pool, shared build may need definitions in lib proper */
-
-#include <wolfssl/wolfcrypt/types.h>
-#include <stdlib.h>
-
-#ifndef HAVE_THREAD_LS
- #error "Oops, simple I/O pool example needs thread local storage"
-#endif
-
-
-/* allow simple per thread in and out pools */
-/* use 17k size sense max record size is 16k plus overhead */
-static THREAD_LS_T byte pool_in[17*1024];
-static THREAD_LS_T byte pool_out[17*1024];
-
-
-void* XMALLOC(size_t n, void* heap, int type)
-{
- (void)heap;
-
- if (type == DYNAMIC_TYPE_IN_BUFFER) {
- if (n < sizeof(pool_in))
- return pool_in;
- else
- return NULL;
- }
-
- if (type == DYNAMIC_TYPE_OUT_BUFFER) {
- if (n < sizeof(pool_out))
- return pool_out;
- else
- return NULL;
- }
-
- return malloc(n);
-}
-
-void* XREALLOC(void *p, size_t n, void* heap, int type)
-{
- (void)heap;
-
- if (type == DYNAMIC_TYPE_IN_BUFFER) {
- if (n < sizeof(pool_in))
- return pool_in;
- else
- return NULL;
- }
-
- if (type == DYNAMIC_TYPE_OUT_BUFFER) {
- if (n < sizeof(pool_out))
- return pool_out;
- else
- return NULL;
- }
-
- return realloc(p, n);
-}
-
-
-/* unit api calls, let's make sure visible with WOLFSSL_API */
-WOLFSSL_API void XFREE(void *p, void* heap, int type)
-{
- (void)heap;
-
- if (type == DYNAMIC_TYPE_IN_BUFFER)
- return; /* do nothing, static pool */
-
- if (type == DYNAMIC_TYPE_OUT_BUFFER)
- return; /* do nothing, static pool */
-
- free(p);
-}
-
-#endif /* HAVE_IO_POOL */
-
-
--- a/wolfcrypt/src/misc.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,202 +0,0 @@
-/* misc.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef WOLF_CRYPT_MISC_C
-#define WOLF_CRYPT_MISC_C
-
-#include <wolfssl/wolfcrypt/misc.h>
-
-/* inlining these functions is a huge speed increase and a small size decrease,
- because the functions are smaller than function call setup/cleanup, e.g.,
- md5 benchmark is twice as fast with inline. If you don't want it, then
- define NO_INLINE and compile this file into wolfssl, otherwise it's used as
- a source header
- */
-
-#ifdef NO_INLINE
- #define STATIC
-#else
- #define STATIC static
-#endif
-
-
-#ifdef INTEL_INTRINSICS
-
- #include <stdlib.h> /* get intrinsic definitions */
-
- /* for non visual studio probably need no long version, 32 bit only
- * i.e., _rotl and _rotr */
- #pragma intrinsic(_lrotl, _lrotr)
-
- STATIC INLINE word32 rotlFixed(word32 x, word32 y)
- {
- return y ? _lrotl(x, y) : x;
- }
-
- STATIC INLINE word32 rotrFixed(word32 x, word32 y)
- {
- return y ? _lrotr(x, y) : x;
- }
-
-#else /* generic */
-
- STATIC INLINE word32 rotlFixed(word32 x, word32 y)
- {
- return (x << y) | (x >> (sizeof(y) * 8 - y));
- }
-
-
- STATIC INLINE word32 rotrFixed(word32 x, word32 y)
- {
- return (x >> y) | (x << (sizeof(y) * 8 - y));
- }
-
-#endif
-
-
-STATIC INLINE word32 ByteReverseWord32(word32 value)
-{
-#ifdef PPC_INTRINSICS
- /* PPC: load reverse indexed instruction */
- return (word32)__lwbrx(&value,0);
-#elif defined(KEIL_INTRINSICS)
- return (word32)__rev(value);
-#elif defined(FAST_ROTATE)
- /* 5 instructions with rotate instruction, 9 without */
- return (rotrFixed(value, 8U) & 0xff00ff00) |
- (rotlFixed(value, 8U) & 0x00ff00ff);
-#else
- /* 6 instructions with rotate instruction, 8 without */
- value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8);
- return rotlFixed(value, 16U);
-#endif
-}
-
-
-STATIC INLINE void ByteReverseWords(word32* out, const word32* in,
- word32 byteCount)
-{
- word32 count = byteCount/(word32)sizeof(word32), i;
-
- for (i = 0; i < count; i++)
- out[i] = ByteReverseWord32(in[i]);
-
-}
-
-
-#ifdef WORD64_AVAILABLE
-
-
-STATIC INLINE word64 rotlFixed64(word64 x, word64 y)
-{
- return (x << y) | (x >> (sizeof(y) * 8 - y));
-}
-
-
-STATIC INLINE word64 rotrFixed64(word64 x, word64 y)
-{
- return (x >> y) | (x << (sizeof(y) * 8 - y));
-}
-
-
-STATIC INLINE word64 ByteReverseWord64(word64 value)
-{
-#ifdef WOLFCRYPT_SLOW_WORD64
- return (word64)(ByteReverseWord32((word32)value)) << 32 |
- ByteReverseWord32((word32)(value>>32));
-#else
- value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) |
- ((value & W64LIT(0x00FF00FF00FF00FF)) << 8);
- value = ((value & W64LIT(0xFFFF0000FFFF0000)) >> 16) |
- ((value & W64LIT(0x0000FFFF0000FFFF)) << 16);
- return rotlFixed64(value, 32U);
-#endif
-}
-
-
-STATIC INLINE void ByteReverseWords64(word64* out, const word64* in,
- word32 byteCount)
-{
- word32 count = byteCount/(word32)sizeof(word64), i;
-
- for (i = 0; i < count; i++)
- out[i] = ByteReverseWord64(in[i]);
-
-}
-
-#endif /* WORD64_AVAILABLE */
-
-
-STATIC INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n)
-{
- word32 i;
-
- for (i = 0; i < n; i++) r[i] ^= a[i];
-}
-
-
-STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
-{
- if (((wolfssl_word)buf | (wolfssl_word)mask | count) % WOLFSSL_WORD_SIZE == 0)
- XorWords( (wolfssl_word*)buf,
- (const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE);
- else {
- word32 i;
- byte* b = (byte*)buf;
- const byte* m = (const byte*)mask;
-
- for (i = 0; i < count; i++) b[i] ^= m[i];
- }
-}
-
-
-/* Make sure compiler doesn't skip */
-STATIC INLINE void ForceZero(const void* mem, word32 len)
-{
- volatile byte* z = (volatile byte*)mem;
-
- while (len--) *z++ = 0;
-}
-
-
-/* check all length bytes for equality, return 0 on success */
-STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length)
-{
- int i;
- int compareSum = 0;
-
- for (i = 0; i < length; i++) {
- compareSum |= a[i] ^ b[i];
- }
-
- return compareSum;
-}
-
-#undef STATIC
-
-#endif /* WOLF_CRYPT_MISC_C */
-
--- a/wolfcrypt/src/pkcs7.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1859 +0,0 @@
-/* pkcs7.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_PKCS7
-
-#include <wolfssl/wolfcrypt/pkcs7.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-/* placed ASN.1 contentType OID into *output, return idx on success,
- * 0 upon failure */
-WOLFSSL_LOCAL int wc_SetContentType(int pkcs7TypeOID, byte* output)
-{
- /* PKCS#7 content types, RFC 2315, section 14 */
- static const byte pkcs7[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x07 };
- static const byte data[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x07, 0x01 };
- static const byte signedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x07, 0x02};
- static const byte envelopedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x07, 0x03 };
- static const byte signedAndEnveloped[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x07, 0x04 };
- static const byte digestedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x07, 0x05 };
- static const byte encryptedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x07, 0x06 };
-
- int idSz;
- int typeSz = 0, idx = 0;
- const byte* typeName = 0;
- byte ID_Length[MAX_LENGTH_SZ];
-
- switch (pkcs7TypeOID) {
- case PKCS7_MSG:
- typeSz = sizeof(pkcs7);
- typeName = pkcs7;
- break;
-
- case DATA:
- typeSz = sizeof(data);
- typeName = data;
- break;
-
- case SIGNED_DATA:
- typeSz = sizeof(signedData);
- typeName = signedData;
- break;
-
- case ENVELOPED_DATA:
- typeSz = sizeof(envelopedData);
- typeName = envelopedData;
- break;
-
- case SIGNED_AND_ENVELOPED_DATA:
- typeSz = sizeof(signedAndEnveloped);
- typeName = signedAndEnveloped;
- break;
-
- case DIGESTED_DATA:
- typeSz = sizeof(digestedData);
- typeName = digestedData;
- break;
-
- case ENCRYPTED_DATA:
- typeSz = sizeof(encryptedData);
- typeName = encryptedData;
- break;
-
- default:
- WOLFSSL_MSG("Unknown PKCS#7 Type");
- return 0;
- };
-
- idSz = SetLength(typeSz, ID_Length);
- output[idx++] = ASN_OBJECT_ID;
- XMEMCPY(output + idx, ID_Length, idSz);
- idx += idSz;
- XMEMCPY(output + idx, typeName, typeSz);
- idx += typeSz;
-
- return idx;
-
-}
-
-
-/* get ASN.1 contentType OID sum, return 0 on success, <0 on failure */
-int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid,
- word32 maxIdx)
-{
- int length;
- word32 i = *inOutIdx;
- byte b;
- *oid = 0;
-
- WOLFSSL_ENTER("wc_GetContentType");
-
- b = input[i++];
- if (b != ASN_OBJECT_ID)
- return ASN_OBJECT_ID_E;
-
- if (GetLength(input, &i, &length, maxIdx) < 0)
- return ASN_PARSE_E;
-
- while(length--) {
- *oid += input[i];
- i++;
- }
-
- *inOutIdx = i;
-
- return 0;
-}
-
-
-/* init PKCS7 struct with recipient cert, decode into DecodedCert */
-int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
-{
- int ret = 0;
-
- XMEMSET(pkcs7, 0, sizeof(PKCS7));
- if (cert != NULL && certSz > 0) {
-#ifdef WOLFSSL_SMALL_STACK
- DecodedCert* dCert;
-
- dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (dCert == NULL)
- return MEMORY_E;
-#else
- DecodedCert stack_dCert;
- DecodedCert* dCert = &stack_dCert;
-#endif
-
- pkcs7->singleCert = cert;
- pkcs7->singleCertSz = certSz;
- InitDecodedCert(dCert, cert, certSz, 0);
-
- ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
- if (ret < 0) {
- FreeDecodedCert(dCert);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
- pkcs7->publicKeySz = dCert->pubKeySize;
- XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
- pkcs7->issuer = dCert->issuerRaw;
- pkcs7->issuerSz = dCert->issuerRawLen;
- XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
- pkcs7->issuerSnSz = dCert->serialSz;
- FreeDecodedCert(dCert);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- }
-
- return ret;
-}
-
-
-/* releases any memory allocated by a PKCS7 initializer */
-void wc_PKCS7_Free(PKCS7* pkcs7)
-{
- (void)pkcs7;
-}
-
-
-/* build PKCS#7 data content type */
-int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
-{
- static const byte oid[] =
- { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
- 0x07, 0x01 };
- byte seq[MAX_SEQ_SZ];
- byte octetStr[MAX_OCTET_STR_SZ];
- word32 seqSz;
- word32 octetStrSz;
- word32 oidSz = (word32)sizeof(oid);
- int idx = 0;
-
- octetStrSz = SetOctetString(pkcs7->contentSz, octetStr);
- seqSz = SetSequence(pkcs7->contentSz + octetStrSz + oidSz, seq);
-
- if (outputSz < pkcs7->contentSz + octetStrSz + oidSz + seqSz)
- return BUFFER_E;
-
- XMEMCPY(output, seq, seqSz);
- idx += seqSz;
- XMEMCPY(output + idx, oid, oidSz);
- idx += oidSz;
- XMEMCPY(output + idx, octetStr, octetStrSz);
- idx += octetStrSz;
- XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
- idx += pkcs7->contentSz;
-
- return idx;
-}
-
-
-typedef struct EncodedAttrib {
- byte valueSeq[MAX_SEQ_SZ];
- const byte* oid;
- byte valueSet[MAX_SET_SZ];
- const byte* value;
- word32 valueSeqSz, oidSz, idSz, valueSetSz, valueSz, totalSz;
-} EncodedAttrib;
-
-
-typedef struct ESD {
- Sha sha;
- byte contentDigest[SHA_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
- byte contentAttribsDigest[SHA_DIGEST_SIZE];
- byte encContentDigest[512];
-
- byte outerSeq[MAX_SEQ_SZ];
- byte outerContent[MAX_EXP_SZ];
- byte innerSeq[MAX_SEQ_SZ];
- byte version[MAX_VERSION_SZ];
- byte digAlgoIdSet[MAX_SET_SZ];
- byte singleDigAlgoId[MAX_ALGO_SZ];
-
- byte contentInfoSeq[MAX_SEQ_SZ];
- byte innerContSeq[MAX_EXP_SZ];
- byte innerOctets[MAX_OCTET_STR_SZ];
-
- byte certsSet[MAX_SET_SZ];
-
- byte signerInfoSet[MAX_SET_SZ];
- byte signerInfoSeq[MAX_SEQ_SZ];
- byte signerVersion[MAX_VERSION_SZ];
- byte issuerSnSeq[MAX_SEQ_SZ];
- byte issuerName[MAX_SEQ_SZ];
- byte issuerSn[MAX_SN_SZ];
- byte signerDigAlgoId[MAX_ALGO_SZ];
- byte digEncAlgoId[MAX_ALGO_SZ];
- byte signedAttribSet[MAX_SET_SZ];
- EncodedAttrib signedAttribs[6];
- byte signerDigest[MAX_OCTET_STR_SZ];
- word32 innerOctetsSz, innerContSeqSz, contentInfoSeqSz;
- word32 outerSeqSz, outerContentSz, innerSeqSz, versionSz, digAlgoIdSetSz,
- singleDigAlgoIdSz, certsSetSz;
- word32 signerInfoSetSz, signerInfoSeqSz, signerVersionSz,
- issuerSnSeqSz, issuerNameSz, issuerSnSz,
- signerDigAlgoIdSz, digEncAlgoIdSz, signerDigestSz;
- word32 encContentDigestSz, signedAttribsSz, signedAttribsCount,
- signedAttribSetSz;
-} ESD;
-
-
-static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
- PKCS7Attrib* attribs, int attribsSz)
-{
- int i;
- int maxSz = min(eaSz, attribsSz);
- int allAttribsSz = 0;
-
- for (i = 0; i < maxSz; i++)
- {
- int attribSz = 0;
-
- ea[i].value = attribs[i].value;
- ea[i].valueSz = attribs[i].valueSz;
- attribSz += ea[i].valueSz;
- ea[i].valueSetSz = SetSet(attribSz, ea[i].valueSet);
- attribSz += ea[i].valueSetSz;
- ea[i].oid = attribs[i].oid;
- ea[i].oidSz = attribs[i].oidSz;
- attribSz += ea[i].oidSz;
- ea[i].valueSeqSz = SetSequence(attribSz, ea[i].valueSeq);
- attribSz += ea[i].valueSeqSz;
- ea[i].totalSz = attribSz;
-
- allAttribsSz += attribSz;
- }
- return allAttribsSz;
-}
-
-
-static int FlattenAttributes(byte* output, EncodedAttrib* ea, int eaSz)
-{
- int i, idx;
-
- idx = 0;
- for (i = 0; i < eaSz; i++) {
- XMEMCPY(output + idx, ea[i].valueSeq, ea[i].valueSeqSz);
- idx += ea[i].valueSeqSz;
- XMEMCPY(output + idx, ea[i].oid, ea[i].oidSz);
- idx += ea[i].oidSz;
- XMEMCPY(output + idx, ea[i].valueSet, ea[i].valueSetSz);
- idx += ea[i].valueSetSz;
- XMEMCPY(output + idx, ea[i].value, ea[i].valueSz);
- idx += ea[i].valueSz;
- }
- return 0;
-}
-
-
-/* build PKCS#7 signedData content type */
-int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
-{
- static const byte outerOid[] =
- { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
- 0x07, 0x02 };
- static const byte innerOid[] =
- { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
- 0x07, 0x01 };
-
-#ifdef WOLFSSL_SMALL_STACK
- ESD* esd = NULL;
-#else
- ESD stack_esd;
- ESD* esd = &stack_esd;
-#endif
-
- word32 signerInfoSz = 0;
- word32 totalSz = 0;
- int idx = 0, ret = 0;
- byte* flatSignedAttribs = NULL;
- word32 flatSignedAttribsSz = 0;
- word32 innerOidSz = sizeof(innerOid);
- word32 outerOidSz = sizeof(outerOid);
-
- if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
- pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 ||
- pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 ||
- pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 ||
- output == NULL || outputSz == 0)
- return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
- esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (esd == NULL)
- return MEMORY_E;
-#endif
-
- XMEMSET(esd, 0, sizeof(ESD));
- ret = wc_InitSha(&esd->sha);
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- if (pkcs7->contentSz != 0)
- {
- wc_ShaUpdate(&esd->sha, pkcs7->content, pkcs7->contentSz);
- esd->contentDigest[0] = ASN_OCTET_STRING;
- esd->contentDigest[1] = SHA_DIGEST_SIZE;
- wc_ShaFinal(&esd->sha, &esd->contentDigest[2]);
- }
-
- esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets);
- esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz + pkcs7->contentSz,
- esd->innerContSeq);
- esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd->innerOctetsSz +
- innerOidSz + esd->innerContSeqSz,
- esd->contentInfoSeq);
-
- esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
- esd->issuerSn);
- signerInfoSz += esd->issuerSnSz;
- esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
- signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
- esd->issuerSnSeqSz = SetSequence(signerInfoSz, esd->issuerSnSeq);
- signerInfoSz += esd->issuerSnSeqSz;
- esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0);
- signerInfoSz += esd->signerVersionSz;
- esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId,
- hashType, 0);
- signerInfoSz += esd->signerDigAlgoIdSz;
- esd->digEncAlgoIdSz = SetAlgoID(pkcs7->encryptOID, esd->digEncAlgoId,
- keyType, 0);
- signerInfoSz += esd->digEncAlgoIdSz;
-
- if (pkcs7->signedAttribsSz != 0) {
- byte contentTypeOid[] =
- { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01,
- 0x09, 0x03 };
- byte contentType[] =
- { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
- 0x07, 0x01 };
- byte messageDigestOid[] =
- { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
- 0x09, 0x04 };
-
- PKCS7Attrib cannedAttribs[2] =
- {
- { contentTypeOid, sizeof(contentTypeOid),
- contentType, sizeof(contentType) },
- { messageDigestOid, sizeof(messageDigestOid),
- esd->contentDigest, sizeof(esd->contentDigest) }
- };
- word32 cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
-
- esd->signedAttribsCount += cannedAttribsCount;
- esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[0], 2,
- cannedAttribs, cannedAttribsCount);
-
- esd->signedAttribsCount += pkcs7->signedAttribsSz;
- esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[2], 4,
- pkcs7->signedAttribs, pkcs7->signedAttribsSz);
-
- flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, 0, NULL);
- flatSignedAttribsSz = esd->signedAttribsSz;
- if (flatSignedAttribs == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return MEMORY_E;
- }
- FlattenAttributes(flatSignedAttribs,
- esd->signedAttribs, esd->signedAttribsCount);
- esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz,
- esd->signedAttribSet);
- }
- /* Calculate the final hash and encrypt it. */
- {
- int result;
- word32 scratch = 0;
-
-#ifdef WOLFSSL_SMALL_STACK
- byte* digestInfo;
- RsaKey* privKey;
-#else
- RsaKey stack_privKey;
- RsaKey* privKey = &stack_privKey;
- byte digestInfo[MAX_SEQ_SZ + MAX_ALGO_SZ +
- MAX_OCTET_STR_SZ + SHA_DIGEST_SIZE];
-#endif
- byte digestInfoSeq[MAX_SEQ_SZ];
- byte digestStr[MAX_OCTET_STR_SZ];
- word32 digestInfoSeqSz, digestStrSz;
- int digIdx = 0;
-
- if (pkcs7->signedAttribsSz != 0) {
- byte attribSet[MAX_SET_SZ];
- word32 attribSetSz;
-
- attribSetSz = SetSet(flatSignedAttribsSz, attribSet);
-
- ret = wc_InitSha(&esd->sha);
- if (ret < 0) {
- XFREE(flatSignedAttribs, 0, NULL);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- wc_ShaUpdate(&esd->sha, attribSet, attribSetSz);
- wc_ShaUpdate(&esd->sha, flatSignedAttribs, flatSignedAttribsSz);
- }
- wc_ShaFinal(&esd->sha, esd->contentAttribsDigest);
-
- digestStrSz = SetOctetString(SHA_DIGEST_SIZE, digestStr);
- digestInfoSeqSz = SetSequence(esd->signerDigAlgoIdSz +
- digestStrSz + SHA_DIGEST_SIZE,
- digestInfoSeq);
-
-#ifdef WOLFSSL_SMALL_STACK
- digestInfo = (byte*)XMALLOC(MAX_SEQ_SZ + MAX_ALGO_SZ +
- MAX_OCTET_STR_SZ + SHA_DIGEST_SIZE,
- NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (digestInfo == NULL) {
- if (pkcs7->signedAttribsSz != 0)
- XFREE(flatSignedAttribs, 0, NULL);
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
- digIdx += digestInfoSeqSz;
- XMEMCPY(digestInfo + digIdx,
- esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
- digIdx += esd->signerDigAlgoIdSz;
- XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
- digIdx += digestStrSz;
- XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest,
- SHA_DIGEST_SIZE);
- digIdx += SHA_DIGEST_SIZE;
-
-#ifdef WOLFSSL_SMALL_STACK
- privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (privKey == NULL) {
- if (pkcs7->signedAttribsSz != 0)
- XFREE(flatSignedAttribs, 0, NULL);
- XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- result = wc_InitRsaKey(privKey, NULL);
- if (result == 0)
- result = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, privKey,
- pkcs7->privateKeySz);
- if (result < 0) {
- if (pkcs7->signedAttribsSz != 0)
- XFREE(flatSignedAttribs, 0, NULL);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return PUBLIC_KEY_E;
- }
-
- result = wc_RsaSSL_Sign(digestInfo, digIdx,
- esd->encContentDigest,
- sizeof(esd->encContentDigest),
- privKey, pkcs7->rng);
-
- wc_FreeRsaKey(privKey);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (result < 0) {
- if (pkcs7->signedAttribsSz != 0)
- XFREE(flatSignedAttribs, 0, NULL);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return result;
- }
- esd->encContentDigestSz = (word32)result;
- }
- signerInfoSz += flatSignedAttribsSz + esd->signedAttribSetSz;
-
- esd->signerDigestSz = SetOctetString(esd->encContentDigestSz,
- esd->signerDigest);
- signerInfoSz += esd->signerDigestSz + esd->encContentDigestSz;
-
- esd->signerInfoSeqSz = SetSequence(signerInfoSz, esd->signerInfoSeq);
- signerInfoSz += esd->signerInfoSeqSz;
- esd->signerInfoSetSz = SetSet(signerInfoSz, esd->signerInfoSet);
- signerInfoSz += esd->signerInfoSetSz;
-
- esd->certsSetSz = SetImplicit(ASN_SET, 0, pkcs7->singleCertSz,
- esd->certsSet);
-
- esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
- hashType, 0);
- esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet);
-
-
- esd->versionSz = SetMyVersion(1, esd->version, 0);
-
- totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz +
- esd->contentInfoSeqSz + esd->certsSetSz + pkcs7->singleCertSz +
- esd->innerOctetsSz + esd->innerContSeqSz +
- innerOidSz + pkcs7->contentSz +
- signerInfoSz;
- esd->innerSeqSz = SetSequence(totalSz, esd->innerSeq);
- totalSz += esd->innerSeqSz;
- esd->outerContentSz = SetExplicit(0, totalSz, esd->outerContent);
- totalSz += esd->outerContentSz + outerOidSz;
- esd->outerSeqSz = SetSequence(totalSz, esd->outerSeq);
- totalSz += esd->outerSeqSz;
-
- if (outputSz < totalSz) {
- if (pkcs7->signedAttribsSz != 0)
- XFREE(flatSignedAttribs, 0, NULL);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BUFFER_E;
- }
-
- idx = 0;
- XMEMCPY(output + idx, esd->outerSeq, esd->outerSeqSz);
- idx += esd->outerSeqSz;
- XMEMCPY(output + idx, outerOid, outerOidSz);
- idx += outerOidSz;
- XMEMCPY(output + idx, esd->outerContent, esd->outerContentSz);
- idx += esd->outerContentSz;
- XMEMCPY(output + idx, esd->innerSeq, esd->innerSeqSz);
- idx += esd->innerSeqSz;
- XMEMCPY(output + idx, esd->version, esd->versionSz);
- idx += esd->versionSz;
- XMEMCPY(output + idx, esd->digAlgoIdSet, esd->digAlgoIdSetSz);
- idx += esd->digAlgoIdSetSz;
- XMEMCPY(output + idx, esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
- idx += esd->singleDigAlgoIdSz;
- XMEMCPY(output + idx, esd->contentInfoSeq, esd->contentInfoSeqSz);
- idx += esd->contentInfoSeqSz;
- XMEMCPY(output + idx, innerOid, innerOidSz);
- idx += innerOidSz;
- XMEMCPY(output + idx, esd->innerContSeq, esd->innerContSeqSz);
- idx += esd->innerContSeqSz;
- XMEMCPY(output + idx, esd->innerOctets, esd->innerOctetsSz);
- idx += esd->innerOctetsSz;
- XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
- idx += pkcs7->contentSz;
- XMEMCPY(output + idx, esd->certsSet, esd->certsSetSz);
- idx += esd->certsSetSz;
- XMEMCPY(output + idx, pkcs7->singleCert, pkcs7->singleCertSz);
- idx += pkcs7->singleCertSz;
- XMEMCPY(output + idx, esd->signerInfoSet, esd->signerInfoSetSz);
- idx += esd->signerInfoSetSz;
- XMEMCPY(output + idx, esd->signerInfoSeq, esd->signerInfoSeqSz);
- idx += esd->signerInfoSeqSz;
- XMEMCPY(output + idx, esd->signerVersion, esd->signerVersionSz);
- idx += esd->signerVersionSz;
- XMEMCPY(output + idx, esd->issuerSnSeq, esd->issuerSnSeqSz);
- idx += esd->issuerSnSeqSz;
- XMEMCPY(output + idx, esd->issuerName, esd->issuerNameSz);
- idx += esd->issuerNameSz;
- XMEMCPY(output + idx, pkcs7->issuer, pkcs7->issuerSz);
- idx += pkcs7->issuerSz;
- XMEMCPY(output + idx, esd->issuerSn, esd->issuerSnSz);
- idx += esd->issuerSnSz;
- XMEMCPY(output + idx, esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
- idx += esd->signerDigAlgoIdSz;
-
- /* SignerInfo:Attributes */
- if (pkcs7->signedAttribsSz != 0) {
- XMEMCPY(output + idx, esd->signedAttribSet, esd->signedAttribSetSz);
- idx += esd->signedAttribSetSz;
- XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz);
- idx += flatSignedAttribsSz;
- XFREE(flatSignedAttribs, 0, NULL);
- }
-
- XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz);
- idx += esd->digEncAlgoIdSz;
- XMEMCPY(output + idx, esd->signerDigest, esd->signerDigestSz);
- idx += esd->signerDigestSz;
- XMEMCPY(output + idx, esd->encContentDigest, esd->encContentDigestSz);
- idx += esd->encContentDigestSz;
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return idx;
-}
-
-
-/* Finds the certificates in the message and saves it. */
-int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
-{
- word32 idx, contentType;
- int length, version, ret;
- byte* content = NULL;
- byte* sig = NULL;
- byte* cert = NULL;
- int contentSz = 0, sigSz = 0, certSz = 0;
-
- if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0)
- return BAD_FUNC_ARG;
-
- idx = 0;
-
- /* Get the contentInfo sequence */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Get the contentInfo contentType */
- if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (contentType != SIGNED_DATA) {
- WOLFSSL_MSG("PKCS#7 input not of type SignedData");
- return PKCS7_OID_E;
- }
-
- /* get the ContentInfo content */
- if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
- return ASN_PARSE_E;
-
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Get the signedData sequence */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Get the version */
- if (GetMyVersion(pkiMsg, &idx, &version) < 0)
- return ASN_PARSE_E;
-
- if (version != 1) {
- WOLFSSL_MSG("PKCS#7 signedData needs to be of version 1");
- return ASN_VERSION_E;
- }
-
- /* Get the set of DigestAlgorithmIdentifiers */
- if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Skip the set. */
- idx += length;
-
- /* Get the inner ContentInfo sequence */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Get the inner ContentInfo contentType */
- if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (contentType != DATA) {
- WOLFSSL_MSG("PKCS#7 inner input not of type Data");
- return PKCS7_OID_E;
- }
-
- if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
- return ASN_PARSE_E;
-
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (pkiMsg[idx++] != ASN_OCTET_STRING)
- return ASN_PARSE_E;
-
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Save the inner data as the content. */
- if (length > 0) {
- /* Local pointer for calculating hashes later */
- pkcs7->content = content = &pkiMsg[idx];
- pkcs7->contentSz = contentSz = length;
- idx += length;
- }
-
- /* Get the implicit[0] set of certificates */
- if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
- idx++;
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (length > 0) {
- /* At this point, idx is at the first certificate in
- * a set of certificates. There may be more than one,
- * or none, or they may be a PKCS 6 extended
- * certificate. We want to save the first cert if it
- * is X.509. */
-
- word32 certIdx = idx;
-
- if (pkiMsg[certIdx++] == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
- if (GetLength(pkiMsg, &certIdx, &certSz, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- cert = &pkiMsg[idx];
- certSz += (certIdx - idx);
- }
- wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
- }
- idx += length;
- }
-
- /* Get the implicit[1] set of crls */
- if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
- idx++;
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Skip the set */
- idx += length;
- }
-
- /* Get the set of signerInfos */
- if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (length > 0) {
- /* Get the sequence of the first signerInfo */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Get the version */
- if (GetMyVersion(pkiMsg, &idx, &version) < 0)
- return ASN_PARSE_E;
-
- if (version != 1) {
- WOLFSSL_MSG("PKCS#7 signerInfo needs to be of version 1");
- return ASN_VERSION_E;
- }
-
- /* Get the sequence of IssuerAndSerialNumber */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Skip it */
- idx += length;
-
- /* Get the sequence of digestAlgorithm */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Skip it */
- idx += length;
-
- /* Get the IMPLICIT[0] SET OF signedAttributes */
- if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
- idx++;
-
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- idx += length;
- }
-
- /* Get the sequence of digestEncryptionAlgorithm */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* Skip it */
- idx += length;
-
- /* Get the signature */
- if (pkiMsg[idx] == ASN_OCTET_STRING) {
- idx++;
-
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* save pointer and length */
- sig = &pkiMsg[idx];
- sigSz = length;
-
- idx += length;
- }
-
- pkcs7->content = content;
- pkcs7->contentSz = contentSz;
-
- {
- word32 scratch = 0;
- int plainSz = 0;
- int digestSz = MAX_SEQ_SZ + MAX_ALGO_SZ +
- MAX_OCTET_STR_SZ + SHA_DIGEST_SIZE;
-
-#ifdef WOLFSSL_SMALL_STACK
- byte* digest;
- RsaKey* key;
-
- digest = (byte*)XMALLOC(digestSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- if (digest == NULL)
- return MEMORY_E;
-
- key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL) {
- XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#else
- byte digest[digestSz];
- RsaKey stack_key;
- RsaKey* key = &stack_key;
-#endif
-
- XMEMSET(digest, 0, digestSz);
-
- ret = wc_InitRsaKey(key, NULL);
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key,
- pkcs7->publicKeySz) < 0) {
- WOLFSSL_MSG("ASN RSA key decode error");
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return PUBLIC_KEY_E;
- }
-
- plainSz = wc_RsaSSL_Verify(sig, sigSz, digest, digestSz, key);
- wc_FreeRsaKey(key);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (plainSz < 0)
- return plainSz;
- }
- }
-
- return 0;
-}
-
-
-/* create ASN.1 fomatted RecipientInfo structure, returns sequence size */
-WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
- int keyEncAlgo, int blockKeySz,
- RNG* rng, byte* contentKeyPlain,
- byte* contentKeyEnc,
- int* keyEncSz, byte* out, word32 outSz)
-{
- word32 idx = 0;
- int ret = 0, totalSz = 0;
- int verSz, issuerSz, snSz, keyEncAlgSz;
- int issuerSeqSz, recipSeqSz, issuerSerialSeqSz;
- int encKeyOctetStrSz;
-
- byte ver[MAX_VERSION_SZ];
- byte issuerSerialSeq[MAX_SEQ_SZ];
- byte recipSeq[MAX_SEQ_SZ];
- byte issuerSeq[MAX_SEQ_SZ];
- byte encKeyOctetStr[MAX_OCTET_STR_SZ];
-
-#ifdef WOLFSSL_SMALL_STACK
- byte *serial;
- byte *keyAlgArray;
-
- RsaKey* pubKey;
- DecodedCert* decoded;
-
- serial = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- keyAlgArray = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
-
- if (decoded == NULL || serial == NULL || keyAlgArray == NULL) {
- if (serial) XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (keyAlgArray) XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded) XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-
-#else
- byte serial[MAX_SN_SZ];
- byte keyAlgArray[MAX_ALGO_SZ];
-
- RsaKey stack_pubKey;
- RsaKey* pubKey = &stack_pubKey;
- DecodedCert stack_decoded;
- DecodedCert* decoded = &stack_decoded;
-#endif
-
- InitDecodedCert(decoded, (byte*)cert, certSz, 0);
- ret = ParseCert(decoded, CA_TYPE, NO_VERIFY, 0);
- if (ret < 0) {
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- /* version */
- verSz = SetMyVersion(0, ver, 0);
-
- /* IssuerAndSerialNumber */
- if (decoded->issuerRaw == NULL || decoded->issuerRawLen == 0) {
- WOLFSSL_MSG("DecodedCert lacks raw issuer pointer and length");
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return -1;
- }
- issuerSz = decoded->issuerRawLen;
- issuerSeqSz = SetSequence(issuerSz, issuerSeq);
-
- if (decoded->serialSz == 0) {
- WOLFSSL_MSG("DecodedCert missing serial number");
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return -1;
- }
- snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial);
-
- issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
- issuerSerialSeq);
-
- /* KeyEncryptionAlgorithmIdentifier, only support RSA now */
- if (keyEncAlgo != RSAk) {
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ALGO_ID_E;
- }
-
- keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0);
- if (keyEncAlgSz == 0) {
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BAD_FUNC_ARG;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubKey == NULL) {
- FreeDecodedCert(decoded);
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- /* EncryptedKey */
- ret = wc_InitRsaKey(pubKey, 0);
- if (ret != 0) {
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- if (wc_RsaPublicKeyDecode(decoded->publicKey, &idx, pubKey,
- decoded->pubKeySize) < 0) {
- WOLFSSL_MSG("ASN RSA key decode error");
- wc_FreeRsaKey(pubKey);
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return PUBLIC_KEY_E;
- }
-
- *keyEncSz = wc_RsaPublicEncrypt(contentKeyPlain, blockKeySz, contentKeyEnc,
- MAX_ENCRYPTED_KEY_SZ, pubKey, rng);
- wc_FreeRsaKey(pubKey);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (*keyEncSz < 0) {
- WOLFSSL_MSG("RSA Public Encrypt failed");
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return *keyEncSz;
- }
-
- encKeyOctetStrSz = SetOctetString(*keyEncSz, encKeyOctetStr);
-
- /* RecipientInfo */
- recipSeqSz = SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz +
- issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz +
- *keyEncSz, recipSeq);
-
- if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz +
- keyEncAlgSz + encKeyOctetStrSz + *keyEncSz > (int)outSz) {
- WOLFSSL_MSG("RecipientInfo output buffer too small");
- FreeDecodedCert(decoded);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return BUFFER_E;
- }
-
- XMEMCPY(out + totalSz, recipSeq, recipSeqSz);
- totalSz += recipSeqSz;
- XMEMCPY(out + totalSz, ver, verSz);
- totalSz += verSz;
- XMEMCPY(out + totalSz, issuerSerialSeq, issuerSerialSeqSz);
- totalSz += issuerSerialSeqSz;
- XMEMCPY(out + totalSz, issuerSeq, issuerSeqSz);
- totalSz += issuerSeqSz;
- XMEMCPY(out + totalSz, decoded->issuerRaw, issuerSz);
- totalSz += issuerSz;
- XMEMCPY(out + totalSz, serial, snSz);
- totalSz += snSz;
- XMEMCPY(out + totalSz, keyAlgArray, keyEncAlgSz);
- totalSz += keyEncAlgSz;
- XMEMCPY(out + totalSz, encKeyOctetStr, encKeyOctetStrSz);
- totalSz += encKeyOctetStrSz;
- XMEMCPY(out + totalSz, contentKeyEnc, *keyEncSz);
- totalSz += *keyEncSz;
-
- FreeDecodedCert(decoded);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return totalSz;
-}
-
-
-/* build PKCS#7 envelopedData content type, return enveloped size */
-int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
-{
- int i, ret = 0, idx = 0;
- int totalSz = 0, padSz = 0, desOutSz = 0;
-
- int contentInfoSeqSz, outerContentTypeSz, outerContentSz;
- byte contentInfoSeq[MAX_SEQ_SZ];
- byte outerContentType[MAX_ALGO_SZ];
- byte outerContent[MAX_SEQ_SZ];
-
- int envDataSeqSz, verSz;
- byte envDataSeq[MAX_SEQ_SZ];
- byte ver[MAX_VERSION_SZ];
-
- RNG rng;
- int contentKeyEncSz, blockKeySz;
- int dynamicFlag = 0;
- byte contentKeyPlain[MAX_CONTENT_KEY_LEN];
-#ifdef WOLFSSL_SMALL_STACK
- byte* contentKeyEnc;
-#else
- byte contentKeyEnc[MAX_ENCRYPTED_KEY_SZ];
-#endif
- byte* plain;
- byte* encryptedContent;
-
- int recipSz, recipSetSz;
-#ifdef WOLFSSL_SMALL_STACK
- byte* recip;
-#else
- byte recip[MAX_RECIP_SZ];
-#endif
- byte recipSet[MAX_SET_SZ];
-
- int encContentOctetSz, encContentSeqSz, contentTypeSz;
- int contentEncAlgoSz, ivOctetStringSz;
- byte encContentSeq[MAX_SEQ_SZ];
- byte contentType[MAX_ALGO_SZ];
- byte contentEncAlgo[MAX_ALGO_SZ];
- byte tmpIv[DES_BLOCK_SIZE];
- byte ivOctetString[MAX_OCTET_STR_SZ];
- byte encContentOctet[MAX_OCTET_STR_SZ];
-
- if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
- pkcs7->encryptOID == 0 || pkcs7->singleCert == NULL)
- return BAD_FUNC_ARG;
-
- if (output == NULL || outputSz == 0)
- return BAD_FUNC_ARG;
-
- /* PKCS#7 only supports DES, 3DES for now */
- switch (pkcs7->encryptOID) {
- case DESb:
- blockKeySz = DES_KEYLEN;
- break;
-
- case DES3b:
- blockKeySz = DES3_KEYLEN;
- break;
-
- default:
- WOLFSSL_MSG("Unsupported content cipher type");
- return ALGO_ID_E;
- };
-
- /* outer content type */
- outerContentTypeSz = wc_SetContentType(ENVELOPED_DATA, outerContentType);
-
- /* version, defined as 0 in RFC 2315 */
- verSz = SetMyVersion(0, ver, 0);
-
- /* generate random content encryption key */
- ret = wc_InitRng(&rng);
- if (ret != 0)
- return ret;
-
- ret = wc_RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- recip = (byte*)XMALLOC(MAX_RECIP_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- contentKeyEnc = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (contentKeyEnc == NULL || recip == NULL) {
- if (recip) XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (contentKeyEnc) XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- return MEMORY_E;
- }
-
-#endif
-
- /* build RecipientInfo, only handle 1 for now */
- recipSz = wc_CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk,
- blockKeySz, &rng, contentKeyPlain,
- contentKeyEnc, &contentKeyEncSz, recip,
- MAX_RECIP_SZ);
-
- ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (recipSz < 0) {
- WOLFSSL_MSG("Failed to create RecipientInfo");
- wc_FreeRng(&rng);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return recipSz;
- }
- recipSetSz = SetSet(recipSz, recipSet);
-
- /* generate IV for block cipher */
- ret = wc_RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE);
- wc_FreeRng(&rng);
- if (ret != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- /* EncryptedContentInfo */
- contentTypeSz = wc_SetContentType(pkcs7->contentOID, contentType);
- if (contentTypeSz == 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return BAD_FUNC_ARG;
- }
-
- /* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */
- padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
- desOutSz = pkcs7->contentSz + padSz;
-
- if (padSz != 0) {
- plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (plain == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return MEMORY_E;
- }
- XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
- dynamicFlag = 1;
-
- for (i = 0; i < padSz; i++) {
- plain[pkcs7->contentSz + i] = padSz;
- }
-
- } else {
- plain = pkcs7->content;
- desOutSz = pkcs7->contentSz;
- }
-
- encryptedContent = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (encryptedContent == NULL) {
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return MEMORY_E;
- }
-
- /* put together IV OCTET STRING */
- ivOctetStringSz = SetOctetString(DES_BLOCK_SIZE, ivOctetString);
-
- /* build up our ContentEncryptionAlgorithmIdentifier sequence,
- * adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */
- contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
- blkType, ivOctetStringSz + DES_BLOCK_SIZE);
-
- if (contentEncAlgoSz == 0) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return BAD_FUNC_ARG;
- }
-
- /* encrypt content */
- if (pkcs7->encryptOID == DESb) {
- Des des;
-
- ret = wc_Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION);
-
- if (ret == 0)
- wc_Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz);
-
- if (ret != 0) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- }
- else if (pkcs7->encryptOID == DES3b) {
- Des3 des3;
-
- ret = wc_Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION);
-
- if (ret == 0)
- ret = wc_Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz);
-
- if (ret != 0) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- }
-
- encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
- desOutSz, encContentOctet);
-
- encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
- ivOctetStringSz + DES_BLOCK_SIZE +
- encContentOctetSz + desOutSz, encContentSeq);
-
- /* keep track of sizes for outer wrapper layering */
- totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
- contentEncAlgoSz + ivOctetStringSz + DES_BLOCK_SIZE +
- encContentOctetSz + desOutSz;
-
- /* EnvelopedData */
- envDataSeqSz = SetSequence(totalSz, envDataSeq);
- totalSz += envDataSeqSz;
-
- /* outer content */
- outerContentSz = SetExplicit(0, totalSz, outerContent);
- totalSz += outerContentTypeSz;
- totalSz += outerContentSz;
-
- /* ContentInfo */
- contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
- totalSz += contentInfoSeqSz;
-
- if (totalSz > (int)outputSz) {
- WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
- return BUFFER_E;
- }
-
- XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
- idx += contentInfoSeqSz;
- XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
- idx += outerContentTypeSz;
- XMEMCPY(output + idx, outerContent, outerContentSz);
- idx += outerContentSz;
- XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
- idx += envDataSeqSz;
- XMEMCPY(output + idx, ver, verSz);
- idx += verSz;
- XMEMCPY(output + idx, recipSet, recipSetSz);
- idx += recipSetSz;
- XMEMCPY(output + idx, recip, recipSz);
- idx += recipSz;
- XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
- idx += encContentSeqSz;
- XMEMCPY(output + idx, contentType, contentTypeSz);
- idx += contentTypeSz;
- XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
- idx += contentEncAlgoSz;
- XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
- idx += ivOctetStringSz;
- XMEMCPY(output + idx, tmpIv, DES_BLOCK_SIZE);
- idx += DES_BLOCK_SIZE;
- XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
- idx += encContentOctetSz;
- XMEMCPY(output + idx, encryptedContent, desOutSz);
- idx += desOutSz;
-
- ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN);
-
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
-#endif
-
- return idx;
-}
-
-/* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
- word32 pkiMsgSz, byte* output,
- word32 outputSz)
-{
- int recipFound = 0;
- int ret, version, length;
- word32 savedIdx = 0, idx = 0;
- word32 contentType, encOID;
- byte issuerHash[SHA_DIGEST_SIZE];
-
- int encryptedKeySz, keySz;
- byte tmpIv[DES_BLOCK_SIZE];
- byte* decryptedKey = NULL;
-
-#ifdef WOLFSSL_SMALL_STACK
- mp_int* serialNum;
- byte* encryptedKey;
- RsaKey* privKey;
-#else
- mp_int stack_serialNum;
- mp_int* serialNum = &stack_serialNum;
- byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
-
- RsaKey stack_privKey;
- RsaKey* privKey = &stack_privKey;
-#endif
- int encryptedContentSz;
- byte padLen;
- byte* encryptedContent = NULL;
-
- if (pkcs7 == NULL || pkcs7->singleCert == NULL ||
- pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL ||
- pkcs7->privateKeySz == 0)
- return BAD_FUNC_ARG;
-
- if (pkiMsg == NULL || pkiMsgSz == 0 ||
- output == NULL || outputSz == 0)
- return BAD_FUNC_ARG;
-
- /* read past ContentInfo, verify type is envelopedData */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (contentType != ENVELOPED_DATA) {
- WOLFSSL_MSG("PKCS#7 input not of type EnvelopedData");
- return PKCS7_OID_E;
- }
-
- if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
- return ASN_PARSE_E;
-
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- /* remove EnvelopedData and version */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
- if (GetMyVersion(pkiMsg, &idx, &version) < 0)
- return ASN_PARSE_E;
-
- if (version != 0) {
- WOLFSSL_MSG("PKCS#7 envelopedData needs to be of version 0");
- return ASN_VERSION_E;
- }
-
- /* walk through RecipientInfo set, find correct recipient */
- if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
- return ASN_PARSE_E;
-
-#ifdef WOLFSSL_SMALL_STACK
- encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encryptedKey == NULL)
- return MEMORY_E;
-#endif
-
- savedIdx = idx;
- recipFound = 0;
-
- /* when looking for next recipient, use first sequence and version to
- * indicate there is another, if not, move on */
- while(recipFound == 0) {
-
- /* remove RecipientInfo, if we don't have a SEQUENCE, back up idx to
- * last good saved one */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
- idx = savedIdx;
- break;
- }
-
- if (GetMyVersion(pkiMsg, &idx, &version) < 0) {
- idx = savedIdx;
- break;
- }
-
- if (version != 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_VERSION_E;
- }
-
- /* remove IssuerAndSerialNumber */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (GetNameHash(pkiMsg, &idx, issuerHash, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- /* if we found correct recipient, issuer hashes will match */
- if (XMEMCMP(issuerHash, pkcs7->issuerHash, SHA_DIGEST_SIZE) == 0) {
- recipFound = 1;
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- serialNum = (mp_int*)XMALLOC(sizeof(mp_int), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (serialNum == NULL) {
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- if (GetInt(serialNum, pkiMsg, &idx, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- mp_clear(serialNum);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- /* key encryption algorithm must be RSA for now */
- if (encOID != RSAk) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ALGO_ID_E;
- }
-
- /* read encryptedKey */
- if (pkiMsg[idx++] != ASN_OCTET_STRING) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (GetLength(pkiMsg, &idx, &encryptedKeySz, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (recipFound == 1)
- XMEMCPY(encryptedKey, &pkiMsg[idx], encryptedKeySz);
- idx += encryptedKeySz;
-
- /* update good idx */
- savedIdx = idx;
- }
-
- if (recipFound == 0) {
- WOLFSSL_MSG("No recipient found in envelopedData that matches input");
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return PKCS7_RECIP_E;
- }
-
- /* remove EncryptedContentInfo */
- if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- /* get block cipher IV, stored in OPTIONAL parameter of AlgoID */
- if (pkiMsg[idx++] != ASN_OCTET_STRING) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (length != DES_BLOCK_SIZE) {
- WOLFSSL_MSG("Incorrect IV length, must be of DES_BLOCK_SIZE");
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- XMEMCPY(tmpIv, &pkiMsg[idx], length);
- idx += length;
-
- /* read encryptedContent, cont[0] */
- if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) < 0) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ASN_PARSE_E;
- }
-
- encryptedContent = (byte*)XMALLOC(encryptedContentSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encryptedContent == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return MEMORY_E;
- }
-
- XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
-
- /* load private key */
-#ifdef WOLFSSL_SMALL_STACK
- privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (privKey == NULL) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E;
- }
-#endif
-
- ret = wc_InitRsaKey(privKey, 0);
- if (ret != 0) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- idx = 0;
-
- ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
- pkcs7->privateKeySz);
- if (ret != 0) {
- WOLFSSL_MSG("Failed to decode RSA private key");
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
-
- /* decrypt encryptedKey */
- keySz = wc_RsaPrivateDecryptInline(encryptedKey, encryptedKeySz,
- &decryptedKey, privKey);
- wc_FreeRsaKey(privKey);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- if (keySz <= 0) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return keySz;
- }
-
- /* decrypt encryptedContent */
- if (encOID == DESb) {
- Des des;
- ret = wc_Des_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION);
-
- if (ret == 0)
- wc_Des_CbcDecrypt(&des, encryptedContent, encryptedContent,
- encryptedContentSz);
-
- if (ret != 0) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- }
- else if (encOID == DES3b) {
- Des3 des;
- ret = wc_Des3_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION);
- if (ret == 0)
- ret = wc_Des3_CbcDecrypt(&des, encryptedContent, encryptedContent,
- encryptedContentSz);
-
- if (ret != 0) {
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ret;
- }
- } else {
- WOLFSSL_MSG("Unsupported content encryption OID type");
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return ALGO_ID_E;
- }
-
- padLen = encryptedContent[encryptedContentSz-1];
-
- /* copy plaintext to output */
- XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
-
- /* free memory, zero out keys */
- ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
- ForceZero(encryptedContent, encryptedContentSz);
- XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return encryptedContentSz - padLen;
-}
-
-
-#else /* HAVE_PKCS7 */
-
-
-#ifdef _MSC_VER
- /* 4206 warning for blank file */
- #pragma warning(disable: 4206)
-#endif
-
-
-#endif /* HAVE_PKCS7 */
-
-
--- a/wolfcrypt/src/poly1305.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,555 +0,0 @@
-/* poly1305.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * Based off the public domain implementations by Andrew Moon
- * and Daniel J. Bernstein
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_POLY1305
-#include <wolfssl/wolfcrypt/poly1305.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-#ifdef CHACHA_AEAD_TEST
- #include <stdio.h>
-#endif
-
-#ifdef _MSC_VER
- /* 4127 warning constant while(1) */
- #pragma warning(disable: 4127)
-#endif
-
-#if defined(POLY130564)
-
- #if defined(_MSC_VER)
- #define POLY1305_NOINLINE __declspec(noinline)
- #elif defined(__GNUC__)
- #define POLY1305_NOINLINE __attribute__((noinline))
- #else
- #define POLY1305_NOINLINE
- #endif
-
- #if defined(_MSC_VER)
- #include <intrin.h>
-
- typedef struct word128 {
- word64 lo;
- word64 hi;
- } word128;
-
- #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi)
- #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo;
- out.hi += (out.lo < t) + in.hi; }
- #define ADDLO(out, in) { word64 t = out.lo; out.lo += in;
- out.hi += (out.lo < t); }
- #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift)))
- #define LO(in) (in.lo)
-
- #elif defined(__GNUC__)
- #if defined(__SIZEOF_INT128__)
- typedef unsigned __int128 word128;
- #else
- typedef unsigned word128 __attribute__((mode(TI)));
- #endif
-
- #define MUL(out, x, y) out = ((word128)x * y)
- #define ADD(out, in) out += in
- #define ADDLO(out, in) out += in
- #define SHR(in, shift) (word64)(in >> (shift))
- #define LO(in) (word64)(in)
- #endif
-
- static word64 U8TO64(const byte* p) {
- return
- (((word64)(p[0] & 0xff) ) |
- ((word64)(p[1] & 0xff) << 8) |
- ((word64)(p[2] & 0xff) << 16) |
- ((word64)(p[3] & 0xff) << 24) |
- ((word64)(p[4] & 0xff) << 32) |
- ((word64)(p[5] & 0xff) << 40) |
- ((word64)(p[6] & 0xff) << 48) |
- ((word64)(p[7] & 0xff) << 56));
- }
-
- static void U64TO8(byte* p, word64 v) {
- p[0] = (v ) & 0xff;
- p[1] = (v >> 8) & 0xff;
- p[2] = (v >> 16) & 0xff;
- p[3] = (v >> 24) & 0xff;
- p[4] = (v >> 32) & 0xff;
- p[5] = (v >> 40) & 0xff;
- p[6] = (v >> 48) & 0xff;
- p[7] = (v >> 56) & 0xff;
- }
-
-#else /* if not 64 bit then use 32 bit */
-
- static word32 U8TO32(const byte *p) {
- return
- (((word32)(p[0] & 0xff) ) |
- ((word32)(p[1] & 0xff) << 8) |
- ((word32)(p[2] & 0xff) << 16) |
- ((word32)(p[3] & 0xff) << 24));
- }
-
- static void U32TO8(byte *p, word32 v) {
- p[0] = (v ) & 0xff;
- p[1] = (v >> 8) & 0xff;
- p[2] = (v >> 16) & 0xff;
- p[3] = (v >> 24) & 0xff;
- }
-#endif
-
-static void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
- size_t bytes) {
-
-#ifdef POLY130564
-
- const word64 hibit = (ctx->final) ? 0 : ((word64)1 << 40); /* 1 << 128 */
- word64 r0,r1,r2;
- word64 s1,s2;
- word64 h0,h1,h2;
- word64 c;
- word128 d0,d1,d2,d;
-
-#else
-
- const word32 hibit = (ctx->final) ? 0 : (1 << 24); /* 1 << 128 */
- word32 r0,r1,r2,r3,r4;
- word32 s1,s2,s3,s4;
- word32 h0,h1,h2,h3,h4;
- word64 d0,d1,d2,d3,d4;
- word32 c;
-
-#endif
-
-#ifdef POLY130564
-
- r0 = ctx->r[0];
- r1 = ctx->r[1];
- r2 = ctx->r[2];
-
- h0 = ctx->h[0];
- h1 = ctx->h[1];
- h2 = ctx->h[2];
-
- s1 = r1 * (5 << 2);
- s2 = r2 * (5 << 2);
-
- while (bytes >= POLY1305_BLOCK_SIZE) {
- word64 t0,t1;
-
- /* h += m[i] */
- t0 = U8TO64(&m[0]);
- t1 = U8TO64(&m[8]);
-
- h0 += (( t0 ) & 0xfffffffffff);
- h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff);
- h2 += (((t1 >> 24) ) & 0x3ffffffffff) | hibit;
-
- /* h *= r */
- MUL(d0, h0, r0); MUL(d, h1, s2); ADD(d0, d); MUL(d, h2, s1); ADD(d0, d);
- MUL(d1, h0, r1); MUL(d, h1, r0); ADD(d1, d); MUL(d, h2, s2); ADD(d1, d);
- MUL(d2, h0, r2); MUL(d, h1, r1); ADD(d2, d); MUL(d, h2, r0); ADD(d2, d);
-
- /* (partial) h %= p */
- c = SHR(d0, 44); h0 = LO(d0) & 0xfffffffffff;
- ADDLO(d1, c); c = SHR(d1, 44); h1 = LO(d1) & 0xfffffffffff;
- ADDLO(d2, c); c = SHR(d2, 42); h2 = LO(d2) & 0x3ffffffffff;
- h0 += c * 5; c = (h0 >> 44); h0 = h0 & 0xfffffffffff;
- h1 += c;
-
- m += POLY1305_BLOCK_SIZE;
- bytes -= POLY1305_BLOCK_SIZE;
- }
-
- ctx->h[0] = h0;
- ctx->h[1] = h1;
- ctx->h[2] = h2;
-
-#else /* if not 64 bit then use 32 bit */
-
- r0 = ctx->r[0];
- r1 = ctx->r[1];
- r2 = ctx->r[2];
- r3 = ctx->r[3];
- r4 = ctx->r[4];
-
- s1 = r1 * 5;
- s2 = r2 * 5;
- s3 = r3 * 5;
- s4 = r4 * 5;
-
- h0 = ctx->h[0];
- h1 = ctx->h[1];
- h2 = ctx->h[2];
- h3 = ctx->h[3];
- h4 = ctx->h[4];
-
- while (bytes >= POLY1305_BLOCK_SIZE) {
- /* h += m[i] */
- h0 += (U8TO32(m+ 0) ) & 0x3ffffff;
- h1 += (U8TO32(m+ 3) >> 2) & 0x3ffffff;
- h2 += (U8TO32(m+ 6) >> 4) & 0x3ffffff;
- h3 += (U8TO32(m+ 9) >> 6) & 0x3ffffff;
- h4 += (U8TO32(m+12) >> 8) | hibit;
-
- /* h *= r */
- d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) +
- ((word64)h3 * s2) + ((word64)h4 * s1);
- d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) +
- ((word64)h3 * s3) + ((word64)h4 * s2);
- d2 = ((word64)h0 * r2) + ((word64)h1 * r1) + ((word64)h2 * r0) +
- ((word64)h3 * s4) + ((word64)h4 * s3);
- d3 = ((word64)h0 * r3) + ((word64)h1 * r2) + ((word64)h2 * r1) +
- ((word64)h3 * r0) + ((word64)h4 * s4);
- d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) +
- ((word64)h3 * r1) + ((word64)h4 * r0);
-
- /* (partial) h %= p */
- c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff;
- d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff;
- d2 += c; c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff;
- d3 += c; c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff;
- d4 += c; c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff;
- h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff;
- h1 += c;
-
- m += POLY1305_BLOCK_SIZE;
- bytes -= POLY1305_BLOCK_SIZE;
- }
-
- ctx->h[0] = h0;
- ctx->h[1] = h1;
- ctx->h[2] = h2;
- ctx->h[3] = h3;
- ctx->h[4] = h4;
-
-#endif /* end of 64 bit cpu blocks or 32 bit cpu */
-}
-
-
-int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) {
-
-#if defined(POLY130564)
- word64 t0,t1;
-#endif
-
-#ifdef CHACHA_AEAD_TEST
- word32 k;
- printf("Poly key used:\n");
- for (k = 0; k < keySz; k++) {
- printf("%02x", key[k]);
- if ((k+1) % 8 == 0)
- printf("\n");
- }
- printf("\n");
-#endif
-
- if (keySz != 32 || ctx == NULL)
- return BAD_FUNC_ARG;
-
-#if defined(POLY130564)
-
- /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
- t0 = U8TO64(key + 0);
- t1 = U8TO64(key + 8);
-
- ctx->r[0] = ( t0 ) & 0xffc0fffffff;
- ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
- ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f;
-
- /* h (accumulator) = 0 */
- ctx->h[0] = 0;
- ctx->h[1] = 0;
- ctx->h[2] = 0;
-
- /* save pad for later */
- ctx->pad[0] = U8TO64(key + 16);
- ctx->pad[1] = U8TO64(key + 24);
-
-#else /* if not 64 bit then use 32 bit */
-
- /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
- ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff;
- ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03;
- ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff;
- ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff;
- ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff;
-
- /* h = 0 */
- ctx->h[0] = 0;
- ctx->h[1] = 0;
- ctx->h[2] = 0;
- ctx->h[3] = 0;
- ctx->h[4] = 0;
-
- /* save pad for later */
- ctx->pad[0] = U8TO32(key + 16);
- ctx->pad[1] = U8TO32(key + 20);
- ctx->pad[2] = U8TO32(key + 24);
- ctx->pad[3] = U8TO32(key + 28);
-
-#endif
-
- ctx->leftover = 0;
- ctx->final = 0;
-
- return 0;
-}
-
-
-int wc_Poly1305Final(Poly1305* ctx, byte* mac) {
-
-#if defined(POLY130564)
-
- word64 h0,h1,h2,c;
- word64 g0,g1,g2;
- word64 t0,t1;
-
-#else
-
- word32 h0,h1,h2,h3,h4,c;
- word32 g0,g1,g2,g3,g4;
- word64 f;
- word32 mask;
-
-#endif
-
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
-#if defined(POLY130564)
-
- /* process the remaining block */
- if (ctx->leftover) {
- size_t i = ctx->leftover;
- ctx->buffer[i] = 1;
- for (i = i + 1; i < POLY1305_BLOCK_SIZE; i++)
- ctx->buffer[i] = 0;
- ctx->final = 1;
- poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE);
- }
-
- /* fully carry h */
- h0 = ctx->h[0];
- h1 = ctx->h[1];
- h2 = ctx->h[2];
-
- c = (h1 >> 44); h1 &= 0xfffffffffff;
- h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff;
- h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff;
- h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff;
- h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff;
- h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff;
- h1 += c;
-
- /* compute h + -p */
- g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff;
- g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff;
- g2 = h2 + c - ((word64)1 << 42);
-
- /* select h if h < p, or h + -p if h >= p */
- c = (g2 >> ((sizeof(word64) * 8) - 1)) - 1;
- g0 &= c;
- g1 &= c;
- g2 &= c;
- c = ~c;
- h0 = (h0 & c) | g0;
- h1 = (h1 & c) | g1;
- h2 = (h2 & c) | g2;
-
- /* h = (h + pad) */
- t0 = ctx->pad[0];
- t1 = ctx->pad[1];
-
- h0 += (( t0 ) & 0xfffffffffff) ;
- c = (h0 >> 44); h0 &= 0xfffffffffff;
- h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff) + c;
- c = (h1 >> 44); h1 &= 0xfffffffffff;
- h2 += (((t1 >> 24) ) & 0x3ffffffffff) + c;
- h2 &= 0x3ffffffffff;
-
- /* mac = h % (2^128) */
- h0 = ((h0 ) | (h1 << 44));
- h1 = ((h1 >> 20) | (h2 << 24));
-
- U64TO8(mac + 0, h0);
- U64TO8(mac + 8, h1);
-
- /* zero out the state */
- ctx->h[0] = 0;
- ctx->h[1] = 0;
- ctx->h[2] = 0;
- ctx->r[0] = 0;
- ctx->r[1] = 0;
- ctx->r[2] = 0;
- ctx->pad[0] = 0;
- ctx->pad[1] = 0;
-
-#else /* if not 64 bit then use 32 bit */
-
- /* process the remaining block */
- if (ctx->leftover) {
- size_t i = ctx->leftover;
- ctx->buffer[i++] = 1;
- for (; i < POLY1305_BLOCK_SIZE; i++)
- ctx->buffer[i] = 0;
- ctx->final = 1;
- poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE);
- }
-
- /* fully carry h */
- h0 = ctx->h[0];
- h1 = ctx->h[1];
- h2 = ctx->h[2];
- h3 = ctx->h[3];
- h4 = ctx->h[4];
-
- c = h1 >> 26; h1 = h1 & 0x3ffffff;
- h2 += c; c = h2 >> 26; h2 = h2 & 0x3ffffff;
- h3 += c; c = h3 >> 26; h3 = h3 & 0x3ffffff;
- h4 += c; c = h4 >> 26; h4 = h4 & 0x3ffffff;
- h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff;
- h1 += c;
-
- /* compute h + -p */
- g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff;
- g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff;
- g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff;
- g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff;
- g4 = h4 + c - (1 << 26);
-
- /* select h if h < p, or h + -p if h >= p */
- mask = (g4 >> ((sizeof(word32) * 8) - 1)) - 1;
- g0 &= mask;
- g1 &= mask;
- g2 &= mask;
- g3 &= mask;
- g4 &= mask;
- mask = ~mask;
- h0 = (h0 & mask) | g0;
- h1 = (h1 & mask) | g1;
- h2 = (h2 & mask) | g2;
- h3 = (h3 & mask) | g3;
- h4 = (h4 & mask) | g4;
-
- /* h = h % (2^128) */
- h0 = ((h0 ) | (h1 << 26)) & 0xffffffff;
- h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff;
- h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
- h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff;
-
- /* mac = (h + pad) % (2^128) */
- f = (word64)h0 + ctx->pad[0] ; h0 = (word32)f;
- f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word32)f;
- f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word32)f;
- f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word32)f;
-
- U32TO8(mac + 0, h0);
- U32TO8(mac + 4, h1);
- U32TO8(mac + 8, h2);
- U32TO8(mac + 12, h3);
-
- /* zero out the state */
- ctx->h[0] = 0;
- ctx->h[1] = 0;
- ctx->h[2] = 0;
- ctx->h[3] = 0;
- ctx->h[4] = 0;
- ctx->r[0] = 0;
- ctx->r[1] = 0;
- ctx->r[2] = 0;
- ctx->r[3] = 0;
- ctx->r[4] = 0;
- ctx->pad[0] = 0;
- ctx->pad[1] = 0;
- ctx->pad[2] = 0;
- ctx->pad[3] = 0;
-
-#endif
-
- return 0;
-}
-
-
-int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) {
-
- size_t i;
-
-#ifdef CHACHA_AEAD_TEST
- word32 k;
- printf("Raw input to poly:\n");
- for (k = 0; k < bytes; k++) {
- printf("%02x", m[k]);
- if ((k+1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
-#endif
-
- if (ctx == NULL)
- return BAD_FUNC_ARG;
-
- /* handle leftover */
- if (ctx->leftover) {
- size_t want = (POLY1305_BLOCK_SIZE - ctx->leftover);
- if (want > bytes)
- want = bytes;
- for (i = 0; i < want; i++)
- ctx->buffer[ctx->leftover + i] = m[i];
- bytes -= want;
- m += want;
- ctx->leftover += want;
- if (ctx->leftover < POLY1305_BLOCK_SIZE)
- return 0;
- poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE);
- ctx->leftover = 0;
- }
-
- /* process full blocks */
- if (bytes >= POLY1305_BLOCK_SIZE) {
- size_t want = (bytes & ~(POLY1305_BLOCK_SIZE - 1));
- poly1305_blocks(ctx, m, want);
- m += want;
- bytes -= want;
- }
-
- /* store leftover */
- if (bytes) {
- for (i = 0; i < bytes; i++)
- ctx->buffer[ctx->leftover + i] = m[i];
- ctx->leftover += bytes;
- }
- return 0;
-}
-#endif /* HAVE_POLY1305 */
-
-
--- a/wolfcrypt/src/pwdbased.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,563 +0,0 @@
-/* pwdbased.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_PWDBASED
-
-#ifdef WOLFSSL_PIC32MZ_HASH
- #ifndef NO_MD5
- #define wc_InitMd5 wc_InitMd5_sw
- #define wc_Md5Update wc_Md5Update_sw
- #define wc_Md5Final wc_Md5Final_sw
- #endif /* NO_MD5 */
-
- #define wc_InitSha wc_InitSha_sw
- #define wc_ShaUpdate wc_ShaUpdate_sw
- #define wc_ShaFinal wc_ShaFinal_sw
-
- #define wc_InitSha256 wc_InitSha256_sw
- #define wc_Sha256Update wc_Sha256Update_sw
- #define wc_Sha256Final wc_Sha256Final_sw
-#endif
-
-#include <wolfssl/wolfcrypt/pwdbased.h>
-#include <wolfssl/wolfcrypt/hmac.h>
-#include <wolfssl/wolfcrypt/integer.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
- #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-#ifndef NO_SHA
-/* PBKDF1 needs at least SHA available */
-int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
- int sLen, int iterations, int kLen, int hashType)
-{
- Sha sha;
-#ifndef NO_MD5
- Md5 md5;
-#endif
- int hLen = (int)SHA_DIGEST_SIZE;
- int i, ret = 0;
- byte buffer[SHA_DIGEST_SIZE]; /* max size */
-
- if (hashType != MD5 && hashType != SHA)
- return BAD_FUNC_ARG;
-
-#ifndef NO_MD5
- if (hashType == MD5)
- hLen = (int)MD5_DIGEST_SIZE;
-#endif
-
- if (kLen > hLen)
- return BAD_FUNC_ARG;
-
- if (iterations < 1)
- return BAD_FUNC_ARG;
-
- switch (hashType) {
-#ifndef NO_MD5
- case MD5:
- wc_InitMd5(&md5);
- wc_Md5Update(&md5, passwd, pLen);
- wc_Md5Update(&md5, salt, sLen);
- wc_Md5Final(&md5, buffer);
- break;
-#endif /* NO_MD5 */
- case SHA:
- default:
- ret = wc_InitSha(&sha);
- if (ret != 0)
- return ret;
- wc_ShaUpdate(&sha, passwd, pLen);
- wc_ShaUpdate(&sha, salt, sLen);
- wc_ShaFinal(&sha, buffer);
- break;
- }
-
- for (i = 1; i < iterations; i++) {
- if (hashType == SHA) {
- wc_ShaUpdate(&sha, buffer, hLen);
- wc_ShaFinal(&sha, buffer);
- }
-#ifndef NO_MD5
- else {
- wc_Md5Update(&md5, buffer, hLen);
- wc_Md5Final(&md5, buffer);
- }
-#endif
- }
- XMEMCPY(output, buffer, kLen);
-
- return 0;
-}
-#endif /* NO_SHA */
-
-
-int GetDigestSize(int hashType)
-{
- int hLen;
-
- switch (hashType) {
-#ifndef NO_MD5
- case MD5:
- hLen = MD5_DIGEST_SIZE;
- break;
-#endif
-#ifndef NO_SHA
- case SHA:
- hLen = SHA_DIGEST_SIZE;
- break;
-#endif
-#ifndef NO_SHA256
- case SHA256:
- hLen = SHA256_DIGEST_SIZE;
- break;
-#endif
-#ifdef WOLFSSL_SHA512
- case SHA512:
- hLen = SHA512_DIGEST_SIZE;
- break;
-#endif
- default:
- return BAD_FUNC_ARG;
- }
-
- return hLen;
-}
-
-
-int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
- int sLen, int iterations, int kLen, int hashType)
-{
- word32 i = 1;
- int hLen;
- int j, ret;
- Hmac hmac;
-#ifdef WOLFSSL_SMALL_STACK
- byte* buffer;
-#else
- byte buffer[MAX_DIGEST_SIZE];
-#endif
-
- hLen = GetDigestSize(hashType);
- if (hLen < 0)
- return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
- buffer = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buffer == NULL)
- return MEMORY_E;
-#endif
-
- ret = wc_HmacSetKey(&hmac, hashType, passwd, pLen);
-
- if (ret == 0) {
- while (kLen) {
- int currentLen;
-
- ret = wc_HmacUpdate(&hmac, salt, sLen);
- if (ret != 0)
- break;
-
- /* encode i */
- for (j = 0; j < 4; j++) {
- byte b = (byte)(i >> ((3-j) * 8));
-
- ret = wc_HmacUpdate(&hmac, &b, 1);
- if (ret != 0)
- break;
- }
-
- /* check ret from inside for loop */
- if (ret != 0)
- break;
-
- ret = wc_HmacFinal(&hmac, buffer);
- if (ret != 0)
- break;
-
- currentLen = min(kLen, hLen);
- XMEMCPY(output, buffer, currentLen);
-
- for (j = 1; j < iterations; j++) {
- ret = wc_HmacUpdate(&hmac, buffer, hLen);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(&hmac, buffer);
- if (ret != 0)
- break;
- xorbuf(output, buffer, currentLen);
- }
-
- /* check ret from inside for loop */
- if (ret != 0)
- break;
-
- output += currentLen;
- kLen -= currentLen;
- i++;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#ifdef WOLFSSL_SHA512
- #define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE
-#elif !defined(NO_SHA256)
- #define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE
-#else
- #define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE
-#endif
-
-/* helper for wc_PKCS12_PBKDF(), sets block and digest sizes */
-int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
-{
- if (!v || !u)
- return BAD_FUNC_ARG;
-
- switch (hashType) {
-#ifndef NO_MD5
- case MD5:
- *v = MD5_BLOCK_SIZE;
- *u = MD5_DIGEST_SIZE;
- break;
-#endif
-#ifndef NO_SHA
- case SHA:
- *v = SHA_BLOCK_SIZE;
- *u = SHA_DIGEST_SIZE;
- break;
-#endif
-#ifndef NO_SHA256
- case SHA256:
- *v = SHA256_BLOCK_SIZE;
- *u = SHA256_DIGEST_SIZE;
- break;
-#endif
-#ifdef WOLFSSL_SHA512
- case SHA512:
- *v = SHA512_BLOCK_SIZE;
- *u = SHA512_DIGEST_SIZE;
- break;
-#endif
- default:
- return BAD_FUNC_ARG;
- }
-
- return 0;
-}
-
-/* helper for PKCS12_PBKDF(), does hash operation */
-int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
- byte* Ai, word32 u, int iterations)
-{
- int i;
- int ret = 0;
-
- if (buffer == NULL || Ai == NULL)
- return BAD_FUNC_ARG;
-
- switch (hashType) {
-#ifndef NO_MD5
- case MD5:
- {
- Md5 md5;
- wc_InitMd5(&md5);
- wc_Md5Update(&md5, buffer, totalLen);
- wc_Md5Final(&md5, Ai);
-
- for (i = 1; i < iterations; i++) {
- wc_Md5Update(&md5, Ai, u);
- wc_Md5Final(&md5, Ai);
- }
- }
- break;
-#endif /* NO_MD5 */
-#ifndef NO_SHA
- case SHA:
- {
- Sha sha;
- ret = wc_InitSha(&sha);
- if (ret != 0)
- break;
- wc_ShaUpdate(&sha, buffer, totalLen);
- wc_ShaFinal(&sha, Ai);
-
- for (i = 1; i < iterations; i++) {
- wc_ShaUpdate(&sha, Ai, u);
- wc_ShaFinal(&sha, Ai);
- }
- }
- break;
-#endif /* NO_SHA */
-#ifndef NO_SHA256
- case SHA256:
- {
- Sha256 sha256;
- ret = wc_InitSha256(&sha256);
- if (ret != 0)
- break;
-
- ret = wc_Sha256Update(&sha256, buffer, totalLen);
- if (ret != 0)
- break;
-
- ret = wc_Sha256Final(&sha256, Ai);
- if (ret != 0)
- break;
-
- for (i = 1; i < iterations; i++) {
- ret = wc_Sha256Update(&sha256, Ai, u);
- if (ret != 0)
- break;
-
- ret = wc_Sha256Final(&sha256, Ai);
- if (ret != 0)
- break;
- }
- }
- break;
-#endif /* NO_SHA256 */
-#ifdef WOLFSSL_SHA512
- case SHA512:
- {
- Sha512 sha512;
- ret = wc_InitSha512(&sha512);
- if (ret != 0)
- break;
-
- ret = wc_Sha512Update(&sha512, buffer, totalLen);
- if (ret != 0)
- break;
-
- ret = wc_Sha512Final(&sha512, Ai);
- if (ret != 0)
- break;
-
- for (i = 1; i < iterations; i++) {
- ret = wc_Sha512Update(&sha512, Ai, u);
- if (ret != 0)
- break;
-
- ret = wc_Sha512Final(&sha512, Ai);
- if (ret != 0)
- break;
- }
- }
- break;
-#endif /* WOLFSSL_SHA512 */
-
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
-
- return ret;
-}
-
-int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
- int saltLen, int iterations, int kLen, int hashType, int id)
-{
- /* all in bytes instead of bits */
- word32 u, v, dLen, pLen, iLen, sLen, totalLen;
- int dynamic = 0;
- int ret = 0;
- int i;
- byte *D, *S, *P, *I;
-#ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; /* force dynamic usage */
-#else
- byte staticBuffer[1024];
-#endif
- byte* buffer = staticBuffer;
-
-#ifdef WOLFSSL_SMALL_STACK
- byte* Ai;
- byte* B;
-#else
- byte Ai[PBKDF_DIGEST_SIZE];
- byte B[PBKDF_DIGEST_SIZE];
-#endif
-
- if (!iterations)
- iterations = 1;
-
- ret = GetPKCS12HashSizes(hashType, &v, &u);
- if (ret < 0)
- return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
- Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (Ai == NULL)
- return MEMORY_E;
-
- B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (B == NULL) {
- XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- XMEMSET(Ai, 0, PBKDF_DIGEST_SIZE);
- XMEMSET(B, 0, PBKDF_DIGEST_SIZE);
-
- dLen = v;
- sLen = v * ((saltLen + v - 1) / v);
- if (passLen)
- pLen = v * ((passLen + v - 1) / v);
- else
- pLen = 0;
- iLen = sLen + pLen;
-
- totalLen = dLen + sLen + pLen;
-
- if (totalLen > sizeof(staticBuffer)) {
- buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY);
- if (buffer == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
- return MEMORY_E;
- }
- dynamic = 1;
- }
-
- D = buffer;
- S = D + dLen;
- P = S + sLen;
- I = S;
-
- XMEMSET(D, id, dLen);
-
- for (i = 0; i < (int)sLen; i++)
- S[i] = salt[i % saltLen];
- for (i = 0; i < (int)pLen; i++)
- P[i] = passwd[i % passLen];
-
- while (kLen > 0) {
- word32 currentLen;
- mp_int B1;
-
- ret = DoPKCS12Hash(hashType, buffer, totalLen, Ai, u, iterations);
- if (ret < 0)
- break;
-
- for (i = 0; i < (int)v; i++)
- B[i] = Ai[i % u];
-
- if (mp_init(&B1) != MP_OKAY)
- ret = MP_INIT_E;
- else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
- ret = MP_READ_E;
- else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY)
- ret = MP_ADD_E;
-
- if (ret != 0) {
- mp_clear(&B1);
- break;
- }
-
- for (i = 0; i < (int)iLen; i += v) {
- int outSz;
- mp_int i1;
- mp_int res;
-
- if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
- ret = MP_INIT_E;
- break;
- }
- if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
- ret = MP_READ_E;
- else if (mp_add(&i1, &B1, &res) != MP_OKAY)
- ret = MP_ADD_E;
- else if ( (outSz = mp_unsigned_bin_size(&res)) < 0)
- ret = MP_TO_E;
- else {
- if (outSz > (int)v) {
- /* take off MSB */
- byte tmp[129];
- ret = mp_to_unsigned_bin(&res, tmp);
- XMEMCPY(I + i, tmp + 1, v);
- }
- else if (outSz < (int)v) {
- XMEMSET(I + i, 0, v - outSz);
- ret = mp_to_unsigned_bin(&res, I + i + v - outSz);
- }
- else
- ret = mp_to_unsigned_bin(&res, I + i);
- }
-
- mp_clear(&i1);
- mp_clear(&res);
- if (ret < 0) break;
- }
-
- currentLen = min(kLen, (int)u);
- XMEMCPY(output, Ai, currentLen);
- output += currentLen;
- kLen -= currentLen;
- mp_clear(&B1);
- }
-
- if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#undef PBKDF_DIGEST_SIZE
-
-#endif /* NO_PWDBASED */
-
-
--- a/wolfcrypt/src/rabbit.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,311 +0,0 @@
-/* rabbit.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_RABBIT
-
-#include <wolfssl/wolfcrypt/rabbit.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-#ifdef BIG_ENDIAN_ORDER
- #define LITTLE32(x) ByteReverseWord32(x)
-#else
- #define LITTLE32(x) (x)
-#endif
-
-#define U32V(x) ((word32)(x) & 0xFFFFFFFFU)
-
-
-/* Square a 32-bit unsigned integer to obtain the 64-bit result and return */
-/* the upper 32 bits XOR the lower 32 bits */
-static word32 RABBIT_g_func(word32 x)
-{
- /* Temporary variables */
- word32 a, b, h, l;
-
- /* Construct high and low argument for squaring */
- a = x&0xFFFF;
- b = x>>16;
-
- /* Calculate high and low result of squaring */
- h = (((U32V(a*a)>>17) + U32V(a*b))>>15) + b*b;
- l = x*x;
-
- /* Return high XOR low */
- return U32V(h^l);
-}
-
-
-/* Calculate the next internal state */
-static void RABBIT_next_state(RabbitCtx* ctx)
-{
- /* Temporary variables */
- word32 g[8], c_old[8], i;
-
- /* Save old counter values */
- for (i=0; i<8; i++)
- c_old[i] = ctx->c[i];
-
- /* Calculate new counter values */
- ctx->c[0] = U32V(ctx->c[0] + 0x4D34D34D + ctx->carry);
- ctx->c[1] = U32V(ctx->c[1] + 0xD34D34D3 + (ctx->c[0] < c_old[0]));
- ctx->c[2] = U32V(ctx->c[2] + 0x34D34D34 + (ctx->c[1] < c_old[1]));
- ctx->c[3] = U32V(ctx->c[3] + 0x4D34D34D + (ctx->c[2] < c_old[2]));
- ctx->c[4] = U32V(ctx->c[4] + 0xD34D34D3 + (ctx->c[3] < c_old[3]));
- ctx->c[5] = U32V(ctx->c[5] + 0x34D34D34 + (ctx->c[4] < c_old[4]));
- ctx->c[6] = U32V(ctx->c[6] + 0x4D34D34D + (ctx->c[5] < c_old[5]));
- ctx->c[7] = U32V(ctx->c[7] + 0xD34D34D3 + (ctx->c[6] < c_old[6]));
- ctx->carry = (ctx->c[7] < c_old[7]);
-
- /* Calculate the g-values */
- for (i=0;i<8;i++)
- g[i] = RABBIT_g_func(U32V(ctx->x[i] + ctx->c[i]));
-
- /* Calculate new state values */
- ctx->x[0] = U32V(g[0] + rotlFixed(g[7],16) + rotlFixed(g[6], 16));
- ctx->x[1] = U32V(g[1] + rotlFixed(g[0], 8) + g[7]);
- ctx->x[2] = U32V(g[2] + rotlFixed(g[1],16) + rotlFixed(g[0], 16));
- ctx->x[3] = U32V(g[3] + rotlFixed(g[2], 8) + g[1]);
- ctx->x[4] = U32V(g[4] + rotlFixed(g[3],16) + rotlFixed(g[2], 16));
- ctx->x[5] = U32V(g[5] + rotlFixed(g[4], 8) + g[3]);
- ctx->x[6] = U32V(g[6] + rotlFixed(g[5],16) + rotlFixed(g[4], 16));
- ctx->x[7] = U32V(g[7] + rotlFixed(g[6], 8) + g[5]);
-}
-
-
-/* IV setup */
-static void wc_RabbitSetIV(Rabbit* ctx, const byte* inIv)
-{
- /* Temporary variables */
- word32 i0, i1, i2, i3, i;
- word32 iv[2];
-
- if (inIv)
- XMEMCPY(iv, inIv, sizeof(iv));
- else
- XMEMSET(iv, 0, sizeof(iv));
-
- /* Generate four subvectors */
- i0 = LITTLE32(iv[0]);
- i2 = LITTLE32(iv[1]);
- i1 = (i0>>16) | (i2&0xFFFF0000);
- i3 = (i2<<16) | (i0&0x0000FFFF);
-
- /* Modify counter values */
- ctx->workCtx.c[0] = ctx->masterCtx.c[0] ^ i0;
- ctx->workCtx.c[1] = ctx->masterCtx.c[1] ^ i1;
- ctx->workCtx.c[2] = ctx->masterCtx.c[2] ^ i2;
- ctx->workCtx.c[3] = ctx->masterCtx.c[3] ^ i3;
- ctx->workCtx.c[4] = ctx->masterCtx.c[4] ^ i0;
- ctx->workCtx.c[5] = ctx->masterCtx.c[5] ^ i1;
- ctx->workCtx.c[6] = ctx->masterCtx.c[6] ^ i2;
- ctx->workCtx.c[7] = ctx->masterCtx.c[7] ^ i3;
-
- /* Copy state variables */
- for (i=0; i<8; i++)
- ctx->workCtx.x[i] = ctx->masterCtx.x[i];
- ctx->workCtx.carry = ctx->masterCtx.carry;
-
- /* Iterate the system four times */
- for (i=0; i<4; i++)
- RABBIT_next_state(&(ctx->workCtx));
-}
-
-
-/* Key setup */
-static INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv)
-{
- /* Temporary variables */
- word32 k0, k1, k2, k3, i;
-
- /* Generate four subkeys */
- k0 = LITTLE32(*(word32*)(key+ 0));
- k1 = LITTLE32(*(word32*)(key+ 4));
- k2 = LITTLE32(*(word32*)(key+ 8));
- k3 = LITTLE32(*(word32*)(key+12));
-
- /* Generate initial state variables */
- ctx->masterCtx.x[0] = k0;
- ctx->masterCtx.x[2] = k1;
- ctx->masterCtx.x[4] = k2;
- ctx->masterCtx.x[6] = k3;
- ctx->masterCtx.x[1] = U32V(k3<<16) | (k2>>16);
- ctx->masterCtx.x[3] = U32V(k0<<16) | (k3>>16);
- ctx->masterCtx.x[5] = U32V(k1<<16) | (k0>>16);
- ctx->masterCtx.x[7] = U32V(k2<<16) | (k1>>16);
-
- /* Generate initial counter values */
- ctx->masterCtx.c[0] = rotlFixed(k2, 16);
- ctx->masterCtx.c[2] = rotlFixed(k3, 16);
- ctx->masterCtx.c[4] = rotlFixed(k0, 16);
- ctx->masterCtx.c[6] = rotlFixed(k1, 16);
- ctx->masterCtx.c[1] = (k0&0xFFFF0000) | (k1&0xFFFF);
- ctx->masterCtx.c[3] = (k1&0xFFFF0000) | (k2&0xFFFF);
- ctx->masterCtx.c[5] = (k2&0xFFFF0000) | (k3&0xFFFF);
- ctx->masterCtx.c[7] = (k3&0xFFFF0000) | (k0&0xFFFF);
-
- /* Clear carry bit */
- ctx->masterCtx.carry = 0;
-
- /* Iterate the system four times */
- for (i=0; i<4; i++)
- RABBIT_next_state(&(ctx->masterCtx));
-
- /* Modify the counters */
- for (i=0; i<8; i++)
- ctx->masterCtx.c[i] ^= ctx->masterCtx.x[(i+4)&0x7];
-
- /* Copy master instance to work instance */
- for (i=0; i<8; i++) {
- ctx->workCtx.x[i] = ctx->masterCtx.x[i];
- ctx->workCtx.c[i] = ctx->masterCtx.c[i];
- }
- ctx->workCtx.carry = ctx->masterCtx.carry;
-
- wc_RabbitSetIV(ctx, iv);
-
- return 0;
-}
-
-
-/* Key setup */
-int wc_RabbitSetKey(Rabbit* ctx, const byte* key, const byte* iv)
-{
-#ifdef XSTREAM_ALIGN
- if ((wolfssl_word)key % 4) {
- int alignKey[4];
-
- /* iv aligned in SetIV */
- WOLFSSL_MSG("wc_RabbitSetKey unaligned key");
-
- XMEMCPY(alignKey, key, sizeof(alignKey));
-
- return DoKey(ctx, (const byte*)alignKey, iv);
- }
-#endif /* XSTREAM_ALIGN */
-
- return DoKey(ctx, key, iv);
-}
-
-
-/* Encrypt/decrypt a message of any size */
-static INLINE int DoProcess(Rabbit* ctx, byte* output, const byte* input,
- word32 msglen)
-{
- /* Encrypt/decrypt all full blocks */
- while (msglen >= 16) {
- /* Iterate the system */
- RABBIT_next_state(&(ctx->workCtx));
-
- /* Encrypt/decrypt 16 bytes of data */
- *(word32*)(output+ 0) = *(word32*)(input+ 0) ^
- LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^
- U32V(ctx->workCtx.x[3]<<16));
- *(word32*)(output+ 4) = *(word32*)(input+ 4) ^
- LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^
- U32V(ctx->workCtx.x[5]<<16));
- *(word32*)(output+ 8) = *(word32*)(input+ 8) ^
- LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^
- U32V(ctx->workCtx.x[7]<<16));
- *(word32*)(output+12) = *(word32*)(input+12) ^
- LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^
- U32V(ctx->workCtx.x[1]<<16));
-
- /* Increment pointers and decrement length */
- input += 16;
- output += 16;
- msglen -= 16;
- }
-
- /* Encrypt/decrypt remaining data */
- if (msglen) {
-
- word32 i;
- word32 tmp[4];
- byte* buffer = (byte*)tmp;
-
- XMEMSET(tmp, 0, sizeof(tmp)); /* help static analysis */
-
- /* Iterate the system */
- RABBIT_next_state(&(ctx->workCtx));
-
- /* Generate 16 bytes of pseudo-random data */
- tmp[0] = LITTLE32(ctx->workCtx.x[0] ^
- (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16));
- tmp[1] = LITTLE32(ctx->workCtx.x[2] ^
- (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16));
- tmp[2] = LITTLE32(ctx->workCtx.x[4] ^
- (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16));
- tmp[3] = LITTLE32(ctx->workCtx.x[6] ^
- (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16));
-
- /* Encrypt/decrypt the data */
- for (i=0; i<msglen; i++)
- output[i] = input[i] ^ buffer[i];
- }
-
- return 0;
-}
-
-
-/* Encrypt/decrypt a message of any size */
-int wc_RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen)
-{
-#ifdef XSTREAM_ALIGN
- if ((wolfssl_word)input % 4 || (wolfssl_word)output % 4) {
- #ifndef NO_WOLFSSL_ALLOC_ALIGN
- byte* tmp;
- WOLFSSL_MSG("wc_RabbitProcess unaligned");
-
- tmp = (byte*)XMALLOC(msglen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) return MEMORY_E;
-
- XMEMCPY(tmp, input, msglen);
- DoProcess(ctx, tmp, tmp, msglen);
- XMEMCPY(output, tmp, msglen);
-
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
- return 0;
- #else
- return BAD_ALIGN_E;
- #endif
- }
-#endif /* XSTREAM_ALIGN */
-
- return DoProcess(ctx, output, input, msglen);
-}
-
-
-#endif /* NO_RABBIT */
-
--- a/wolfcrypt/src/random.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1340 +0,0 @@
-/* random.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-/* on HPUX 11 you may need to install /dev/random see
- http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
-
-*/
-
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifdef HAVE_FIPS
-int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
-{
- return GenerateSeed(os, seed, sz);
-}
-
-#ifdef HAVE_CAVIUM
- int wc_InitRngCavium(RNG* rng, int i)
- {
- return InitRngCavium(rng, i);
- }
-#endif
-
-
-int wc_InitRng(RNG* rng)
-{
- return InitRng_fips(rng);
-}
-
-
-int wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz)
-{
- return RNG_GenerateBlock_fips(rng, b, sz);
-}
-
-
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
-{
- return RNG_GenerateByte(rng, b);
-}
-
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
-
- int wc_FreeRng(RNG* rng)
- {
- return FreeRng_fips(rng);
- }
-
-
- int wc_RNG_HealthTest(int reseed,
- const byte* entropyA, word32 entropyASz,
- const byte* entropyB, word32 entropyBSz,
- byte* output, word32 outputSz)
- {
- return RNG_HealthTest_fips(reseed, entropyA, entropyASz,
- entropyB, entropyBSz, output, outputSz);
- }
-#endif /* HAVE_HASHDRBG || NO_RC4 */
-#else /* else build without fips */
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
-
- #include <wolfssl/wolfcrypt/sha256.h>
-
- #ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
- #else
- #include <wolfcrypt/src/misc.c>
- #endif
-#endif /* HAVE_HASHDRBG || NO_RC4 */
-
-#if defined(USE_WINDOWS_API)
- #ifndef _WIN32_WINNT
- #define _WIN32_WINNT 0x0400
- #endif
- #include <windows.h>
- #include <wincrypt.h>
-#else
- #if !defined(NO_DEV_RANDOM) && !defined(CUSTOM_RAND_GENERATE) && \
- !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)
- #include <fcntl.h>
- #ifndef EBSNET
- #include <unistd.h>
- #endif
- #else
- /* include headers that may be needed to get good seed */
- #endif
-#endif /* USE_WINDOWS_API */
-
-#ifdef HAVE_INTEL_RDGEN
- static int wc_InitRng_IntelRD(void) ;
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) ;
- #else
- static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz) ;
- #endif
- static word32 cpuid_check = 0 ;
- static word32 cpuid_flags = 0 ;
- #define CPUID_RDRAND 0x4
- #define CPUID_RDSEED 0x8
- #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND)
- #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED)
-#endif
-
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
-
-/* Start NIST DRBG code */
-
-#define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE)
-#define MAX_REQUEST_LEN (0x10000)
-#define RESEED_INTERVAL (1000000)
-#define SECURITY_STRENGTH (256)
-#define ENTROPY_SZ (SECURITY_STRENGTH/8)
-#define NONCE_SZ (ENTROPY_SZ/2)
-#define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ)
-
-/* Internal return codes */
-#define DRBG_SUCCESS 0
-#define DRBG_ERROR 1
-#define DRBG_FAILURE 2
-#define DRBG_NEED_RESEED 3
-#define DRBG_CONT_FAILURE 4
-
-/* RNG health states */
-#define DRBG_NOT_INIT 0
-#define DRBG_OK 1
-#define DRBG_FAILED 2
-#define DRBG_CONT_FAILED 3
-
-
-enum {
- drbgInitC = 0,
- drbgReseed = 1,
- drbgGenerateW = 2,
- drbgGenerateH = 3,
- drbgInitV
-};
-
-
-typedef struct DRBG {
- word32 reseedCtr;
- word32 lastBlock;
- byte V[DRBG_SEED_LEN];
- byte C[DRBG_SEED_LEN];
- byte matchCount;
-} DRBG;
-
-
-static int wc_RNG_HealthTestLocal(int reseed);
-
-/* Hash Derivation Function */
-/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
-static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
- const byte* inA, word32 inASz,
- const byte* inB, word32 inBSz)
-{
- byte ctr;
- int i;
- int len;
- word32 bits = (outSz * 8); /* reverse byte order */
- Sha256 sha;
- byte digest[SHA256_DIGEST_SIZE];
-
- (void)drbg;
- #ifdef LITTLE_ENDIAN_ORDER
- bits = ByteReverseWord32(bits);
- #endif
- len = (outSz / OUTPUT_BLOCK_LEN)
- + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
-
- for (i = 0, ctr = 1; i < len; i++, ctr++)
- {
- if (wc_InitSha256(&sha) != 0)
- return DRBG_FAILURE;
-
- if (wc_Sha256Update(&sha, &ctr, sizeof(ctr)) != 0)
- return DRBG_FAILURE;
-
- if (wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits)) != 0)
- return DRBG_FAILURE;
-
- /* churning V is the only string that doesn't have the type added */
- if (type != drbgInitV)
- if (wc_Sha256Update(&sha, &type, sizeof(type)) != 0)
- return DRBG_FAILURE;
-
- if (wc_Sha256Update(&sha, inA, inASz) != 0)
- return DRBG_FAILURE;
-
- if (inB != NULL && inBSz > 0)
- if (wc_Sha256Update(&sha, inB, inBSz) != 0)
- return DRBG_FAILURE;
-
- if (wc_Sha256Final(&sha, digest) != 0)
- return DRBG_FAILURE;
-
- if (outSz > OUTPUT_BLOCK_LEN) {
- XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
- outSz -= OUTPUT_BLOCK_LEN;
- out += OUTPUT_BLOCK_LEN;
- }
- else {
- XMEMCPY(out, digest, outSz);
- }
- }
- ForceZero(digest, sizeof(digest));
-
- return DRBG_SUCCESS;
-}
-
-
-/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
-static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz)
-{
- byte seed[DRBG_SEED_LEN];
-
- if (Hash_df(drbg, seed, sizeof(seed), drbgReseed, drbg->V, sizeof(drbg->V),
- entropy, entropySz) != DRBG_SUCCESS) {
- return DRBG_FAILURE;
- }
-
- XMEMCPY(drbg->V, seed, sizeof(drbg->V));
- ForceZero(seed, sizeof(seed));
-
- if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
- sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) {
- return DRBG_FAILURE;
- }
-
- drbg->reseedCtr = 1;
- drbg->lastBlock = 0;
- drbg->matchCount = 0;
- return DRBG_SUCCESS;
-}
-
-static INLINE void array_add_one(byte* data, word32 dataSz)
-{
- int i;
-
- for (i = dataSz - 1; i >= 0; i--)
- {
- data[i]++;
- if (data[i] != 0) break;
- }
-}
-
-
-/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
-static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
-{
- byte data[DRBG_SEED_LEN];
- int i;
- int len;
- word32 checkBlock;
- Sha256 sha;
- byte digest[SHA256_DIGEST_SIZE];
-
- /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
- * the continuous test. */
-
- if (outSz == 0) outSz = 1;
-
- len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
-
- XMEMCPY(data, V, sizeof(data));
- for (i = 0; i < len; i++) {
- if (wc_InitSha256(&sha) != 0 ||
- wc_Sha256Update(&sha, data, sizeof(data)) != 0 ||
- wc_Sha256Final(&sha, digest) != 0) {
-
- return DRBG_FAILURE;
- }
-
- XMEMCPY(&checkBlock, digest, sizeof(word32));
- if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
- if (drbg->matchCount == 1) {
- return DRBG_CONT_FAILURE;
- }
- else {
- if (i == len) {
- len++;
- }
- drbg->matchCount = 1;
- }
- }
- else {
- drbg->matchCount = 0;
- drbg->lastBlock = checkBlock;
- }
-
- if (outSz >= OUTPUT_BLOCK_LEN) {
- XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
- outSz -= OUTPUT_BLOCK_LEN;
- out += OUTPUT_BLOCK_LEN;
- array_add_one(data, DRBG_SEED_LEN);
- }
- else if (out != NULL && outSz != 0) {
- XMEMCPY(out, digest, outSz);
- outSz = 0;
- }
- }
- ForceZero(data, sizeof(data));
-
- return DRBG_SUCCESS;
-}
-
-
-static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
-{
- word16 carry = 0;
-
- if (dLen > 0 && sLen > 0 && dLen >= sLen) {
- int sIdx, dIdx;
-
- for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--)
- {
- carry += d[dIdx] + s[sIdx];
- d[dIdx] = (byte)carry;
- carry >>= 8;
- }
-
- for (; carry != 0 && dIdx >= 0; dIdx--) {
- carry += d[dIdx];
- d[dIdx] = (byte)carry;
- carry >>= 8;
- }
- }
-}
-
-
-/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
-static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
-{
- int ret = DRBG_NEED_RESEED;
- Sha256 sha;
- byte digest[SHA256_DIGEST_SIZE];
-
- if (drbg->reseedCtr != RESEED_INTERVAL) {
- byte type = drbgGenerateH;
- word32 reseedCtr = drbg->reseedCtr;
-
- ret = Hash_gen(drbg, out, outSz, drbg->V);
- if (ret == DRBG_SUCCESS) {
- if (wc_InitSha256(&sha) != 0 ||
- wc_Sha256Update(&sha, &type, sizeof(type)) != 0 ||
- wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V)) != 0 ||
- wc_Sha256Final(&sha, digest) != 0) {
-
- ret = DRBG_FAILURE;
- }
- else {
- array_add(drbg->V, sizeof(drbg->V), digest, sizeof(digest));
- array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C));
- #ifdef LITTLE_ENDIAN_ORDER
- reseedCtr = ByteReverseWord32(reseedCtr);
- #endif
- array_add(drbg->V, sizeof(drbg->V),
- (byte*)&reseedCtr, sizeof(reseedCtr));
- ret = DRBG_SUCCESS;
- }
- drbg->reseedCtr++;
- }
- }
- ForceZero(digest, sizeof(digest));
-
- return ret;
-}
-
-
-/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
-static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
- const byte* nonce, word32 nonceSz)
-{
- int ret = DRBG_FAILURE;
-
- XMEMSET(drbg, 0, sizeof(DRBG));
-
- if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz,
- nonce, nonceSz) == DRBG_SUCCESS &&
- Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
- sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) {
-
- drbg->reseedCtr = 1;
- drbg->lastBlock = 0;
- drbg->matchCount = 0;
- ret = DRBG_SUCCESS;
- }
-
- return ret;
-}
-
-
-/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
-static int Hash_DRBG_Uninstantiate(DRBG* drbg)
-{
- word32 i;
- int compareSum = 0;
- byte* compareDrbg = (byte*)drbg;
-
- ForceZero(drbg, sizeof(DRBG));
-
- for (i = 0; i < sizeof(DRBG); i++)
- compareSum |= compareDrbg[i] ^ 0;
-
- return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
-}
-
-/* End NIST DRBG Code */
-
-
-/* Get seed and key cipher */
-int wc_InitRng(RNG* rng)
-{
- int ret = BAD_FUNC_ARG;
-
- if (rng != NULL) {
- if (wc_RNG_HealthTestLocal(0) == 0) {
- byte entropy[ENTROPY_NONCE_SZ];
-
- rng->drbg =
- (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG);
- if (rng->drbg == NULL) {
- ret = MEMORY_E;
- }
- /* This doesn't use a separate nonce. The entropy input will be
- * the default size plus the size of the nonce making the seed
- * size. */
- else if (wc_GenerateSeed(&rng->seed,
- entropy, ENTROPY_NONCE_SZ) == 0 &&
- Hash_DRBG_Instantiate(rng->drbg,
- entropy, ENTROPY_NONCE_SZ, NULL, 0) == DRBG_SUCCESS) {
-
- ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
- }
- else
- ret = DRBG_FAILURE;
-
- ForceZero(entropy, ENTROPY_NONCE_SZ);
- }
- else
- ret = DRBG_CONT_FAILURE;
-
- if (ret == DRBG_SUCCESS) {
- rng->status = DRBG_OK;
- ret = 0;
- }
- else if (ret == DRBG_CONT_FAILURE) {
- rng->status = DRBG_CONT_FAILED;
- ret = DRBG_CONT_FIPS_E;
- }
- else if (ret == DRBG_FAILURE) {
- rng->status = DRBG_FAILED;
- ret = RNG_FAILURE_E;
- }
- else {
- rng->status = DRBG_FAILED;
- }
- }
-
- return ret;
-}
-
-
-/* place a generated block in output */
-int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
-{
- int ret;
-
- if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN)
- return BAD_FUNC_ARG;
-
- if (rng->status != DRBG_OK)
- return RNG_FAILURE_E;
-
- ret = Hash_DRBG_Generate(rng->drbg, output, sz);
-
- if (ret == DRBG_NEED_RESEED) {
- if (wc_RNG_HealthTestLocal(1) == 0) {
- byte entropy[ENTROPY_SZ];
-
- if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 &&
- Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ)
- == DRBG_SUCCESS) {
-
- ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
- if (ret == DRBG_SUCCESS)
- ret = Hash_DRBG_Generate(rng->drbg, output, sz);
- }
- else
- ret = DRBG_FAILURE;
-
- ForceZero(entropy, ENTROPY_SZ);
- }
- else
- ret = DRBG_CONT_FAILURE;
- }
-
- if (ret == DRBG_SUCCESS) {
- ret = 0;
- }
- else if (ret == DRBG_CONT_FAILURE) {
- ret = DRBG_CONT_FIPS_E;
- rng->status = DRBG_CONT_FAILED;
- }
- else {
- ret = RNG_FAILURE_E;
- rng->status = DRBG_FAILED;
- }
-
- return ret;
-}
-
-
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
-{
- return wc_RNG_GenerateBlock(rng, b, 1);
-}
-
-
-int wc_FreeRng(RNG* rng)
-{
- int ret = BAD_FUNC_ARG;
-
- if (rng != NULL) {
- if (rng->drbg != NULL) {
- if (Hash_DRBG_Uninstantiate(rng->drbg) == DRBG_SUCCESS)
- ret = 0;
- else
- ret = RNG_FAILURE_E;
-
- XFREE(rng->drbg, NULL, DYNAMIC_TYPE_RNG);
- rng->drbg = NULL;
- }
-
- rng->status = DRBG_NOT_INIT;
- }
-
- return ret;
-}
-
-
-int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
- const byte* entropyB, word32 entropyBSz,
- byte* output, word32 outputSz)
-{
- DRBG drbg;
-
- if (entropyA == NULL || output == NULL)
- return BAD_FUNC_ARG;
-
- if (reseed != 0 && entropyB == NULL)
- return BAD_FUNC_ARG;
-
- if (outputSz != (SHA256_DIGEST_SIZE * 4))
- return -1;
-
- if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0)
- return -1;
-
- if (reseed) {
- if (Hash_DRBG_Reseed(&drbg, entropyB, entropyBSz) != 0) {
- Hash_DRBG_Uninstantiate(&drbg);
- return -1;
- }
- }
-
- if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
- Hash_DRBG_Uninstantiate(&drbg);
- return -1;
- }
-
- if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
- Hash_DRBG_Uninstantiate(&drbg);
- return -1;
- }
-
- if (Hash_DRBG_Uninstantiate(&drbg) != 0) {
- return -1;
- }
-
- return 0;
-}
-
-
-const byte entropyA[] = {
- 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
- 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
- 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
- 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
-};
-
-const byte reseedEntropyA[] = {
- 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
- 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
- 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
-};
-
-const byte outputA[] = {
- 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
- 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
- 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
- 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
- 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
- 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
- 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
- 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
- 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
- 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
- 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
-};
-
-const byte entropyB[] = {
- 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
- 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
- 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
- 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
-};
-
-const byte outputB[] = {
- 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
- 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
- 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
- 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
- 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
- 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
- 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
- 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
- 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
- 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
- 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
-};
-
-
-static int wc_RNG_HealthTestLocal(int reseed)
-{
- int ret = 0;
- byte check[SHA256_DIGEST_SIZE * 4];
-
- if (reseed) {
- ret = wc_RNG_HealthTest(1, entropyA, sizeof(entropyA),
- reseedEntropyA, sizeof(reseedEntropyA),
- check, sizeof(check));
- if (ret == 0) {
- if (ConstantCompare(check, outputA, sizeof(check)) != 0)
- ret = -1;
- }
- }
- else {
- ret = wc_RNG_HealthTest(0, entropyB, sizeof(entropyB),
- NULL, 0,
- check, sizeof(check));
- if (ret == 0) {
- if (ConstantCompare(check, outputB, sizeof(check)) != 0)
- ret = -1;
- }
- }
-
- return ret;
-}
-
-
-#else /* HAVE_HASHDRBG || NO_RC4 */
-
-/* Get seed and key cipher */
-int wc_InitRng(RNG* rng)
-{
- int ret;
-#ifdef WOLFSSL_SMALL_STACK
- byte* key;
- byte* junk;
-#else
- byte key[32];
- byte junk[256];
-#endif
-
-#ifdef HAVE_INTEL_RDGEN
- wc_InitRng_IntelRD() ;
- if(IS_INTEL_RDRAND)return 0 ;
-#endif
-#ifdef HAVE_CAVIUM
- if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
- return 0;
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- return MEMORY_E;
-
- junk = (byte*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (junk == NULL) {
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- ret = wc_GenerateSeed(&rng->seed, key, 32);
-
- if (ret == 0) {
- wc_Arc4SetKey(&rng->cipher, key, sizeof(key));
-
- ret = wc_RNG_GenerateBlock(rng, junk, 256); /*rid initial state*/
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(junk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#ifdef HAVE_CAVIUM
- static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz);
-#endif
-
-/* place a generated block in output */
-int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
-{
-#ifdef HAVE_INTEL_RDGEN
- if(IS_INTEL_RDRAND)
- return wc_GenerateRand_IntelRD(NULL, output, sz) ;
-#endif
-#ifdef HAVE_CAVIUM
- if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
- return CaviumRNG_GenerateBlock(rng, output, sz);
-#endif
- XMEMSET(output, 0, sz);
- wc_Arc4Process(&rng->cipher, output, output, sz);
-
- return 0;
-}
-
-
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
-{
- return wc_RNG_GenerateBlock(rng, b, 1);
-}
-
-
-int wc_FreeRng(RNG* rng)
-{
- (void)rng;
- return 0;
-}
-
-
-#ifdef HAVE_CAVIUM
-
-#include <wolfssl/ctaocrypt/logging.h>
-#include "cavium_common.h"
-
-/* Initiliaze RNG for use with Nitrox device */
-int wc_InitRngCavium(RNG* rng, int devId)
-{
- if (rng == NULL)
- return -1;
-
- rng->devId = devId;
- rng->magic = WOLFSSL_RNG_CAVIUM_MAGIC;
-
- return 0;
-}
-
-
-static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
-{
- wolfssl_word offset = 0;
- word32 requestId;
-
- while (sz > WOLFSSL_MAX_16BIT) {
- word16 slen = (word16)WOLFSSL_MAX_16BIT;
- if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
- rng->devId) != 0) {
- WOLFSSL_MSG("Cavium RNG failed");
- }
- sz -= WOLFSSL_MAX_16BIT;
- offset += WOLFSSL_MAX_16BIT;
- }
- if (sz) {
- word16 slen = (word16)sz;
- if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
- rng->devId) != 0) {
- WOLFSSL_MSG("Cavium RNG failed");
- }
- }
-}
-
-#endif /* HAVE_CAVIUM */
-
-#endif /* HAVE_HASHDRBG || NO_RC4 */
-
-
-#if defined(HAVE_INTEL_RDGEN)
-
-#ifndef _MSC_VER
- #define cpuid(reg, leaf, sub)\
- __asm__ __volatile__ ("cpuid":\
- "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
- "a" (leaf), "c"(sub));
-
- #define XASM_LINK(f) asm(f)
-#else
-
- #include <intrin.h>
- #define cpuid(a,b) __cpuid((int*)a,b)
-
- #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-#define EAX 0
-#define EBX 1
-#define ECX 2
-#define EDX 3
-
-static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
- int got_intel_cpu=0;
- unsigned int reg[5];
-
- reg[4] = '\0' ;
- cpuid(reg, 0, 0);
- if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
- memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
- memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
- got_intel_cpu = 1;
- }
- if (got_intel_cpu) {
- cpuid(reg, leaf, sub);
- return((reg[num]>>bit)&0x1) ;
- }
- return 0 ;
-}
-
-static int wc_InitRng_IntelRD()
-{
- if(cpuid_check==0) {
- if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;}
- if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;}
- cpuid_check = 1 ;
- }
- return 1 ;
-}
-
-#define INTELRD_RETRY 10
-
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
-
-/* return 0 on success */
-static inline int IntelRDseed32(unsigned int *seed)
-{
- int rdseed; unsigned char ok ;
-
- __asm__ volatile("rdseed %0; setc %1":"=r"(rdseed), "=qm"(ok));
- if(ok){
- *seed = rdseed ;
- return 0 ;
- } else
- return 1;
-}
-
-/* return 0 on success */
-static inline int IntelRDseed32_r(unsigned int *rnd)
-{
- int i ;
- for(i=0; i<INTELRD_RETRY;i++) {
- if(IntelRDseed32(rnd) == 0) return 0 ;
- }
- return 1 ;
-}
-
-/* return 0 on success */
-static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
-{
- (void) os ;
- int ret ;
- unsigned int rndTmp ;
-
- for( ; sz/4 > 0; sz-=4, output+=4) {
- if(IS_INTEL_RDSEED)ret = IntelRDseed32_r((word32 *)output) ;
- else return 1 ;
- if(ret)
- return 1 ;
- }
- if(sz == 0)return 0 ;
-
- if(IS_INTEL_RDSEED)ret = IntelRDseed32_r(&rndTmp) ;
- else return 1 ;
- if(ret)
- return 1 ;
- XMEMCPY(output, &rndTmp, sz) ;
- return 0;
-}
-
-#else
-
-/* return 0 on success */
-static inline int IntelRDrand32(unsigned int *rnd)
-{
- int rdrand; unsigned char ok ;
- __asm__ volatile("rdrand %0; setc %1":"=r"(rdrand), "=qm"(ok));
- if(ok){
- *rnd = rdrand;
- return 0 ;
- } else
- return 1;
-}
-
-/* return 0 on success */
-static inline int IntelRDrand32_r(unsigned int *rnd)
-{
- int i ;
- for(i=0; i<INTELRD_RETRY;i++) {
- if(IntelRDrand32(rnd) == 0) return 0 ;
- }
- return 1 ;
-}
-
-/* return 0 on success */
-static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz)
-{
- (void) os ;
- int ret ;
- unsigned int rndTmp;
-
- for( ; sz/4 > 0; sz-=4, output+=4) {
- if(IS_INTEL_RDRAND)ret = IntelRDrand32_r((word32 *)output);
- else return 1 ;
- if(ret)
- return 1 ;
- }
- if(sz == 0)return 0 ;
-
- if(IS_INTEL_RDRAND)ret = IntelRDrand32_r(&rndTmp);
- else return 1 ;
- if(ret)
- return 1 ;
- XMEMCPY(output, &rndTmp, sz) ;
- return 0;
-}
-#endif /* defined(HAVE_HASHDRBG) || defined(NO_RC4) */
-
-#endif /* HAVE_INTEL_RDGEN */
-
-
-#if defined(USE_WINDOWS_API)
-
-
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
- if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT))
- return WINCRYPT_E;
-
- if (!CryptGenRandom(os->handle, sz, output))
- return CRYPTGEN_E;
-
- CryptReleaseContext(os->handle, 0);
-
- return 0;
-}
-
-
-#elif defined(HAVE_RTP_SYS) || defined(EBSNET)
-
-#include "rtprand.h" /* rtp_rand () */
-#include "rtptime.h" /* rtp_get_system_msec() */
-
-
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
- int i;
- rtp_srand(rtp_get_system_msec());
-
- for (i = 0; i < sz; i++ ) {
- output[i] = rtp_rand() % 256;
- if ( (i % 8) == 7)
- rtp_srand(rtp_get_system_msec());
- }
-
- return 0;
-}
-
-
-#elif defined(MICRIUM)
-
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- NetSecure_InitSeed(output, sz);
- #endif
- return 0;
-}
-
-#elif defined(MBED)
-
-/* write a real one !!!, just for testing board */
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
- int i;
- for (i = 0; i < sz; i++ )
- output[i] = i;
-
- return 0;
-}
-
-#elif defined(MICROCHIP_PIC32)
-
-#ifdef MICROCHIP_MPLAB_HARMONY
- #define PIC32_SEED_COUNT _CP0_GET_COUNT
-#else
- #if !defined(WOLFSSL_MICROCHIP_PIC32MZ)
- #include <peripheral/timer.h>
- #endif
- #define PIC32_SEED_COUNT ReadCoreTimer
-#endif
- #ifdef WOLFSSL_MIC32MZ_RNG
- #include "xc.h"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i ;
- byte rnd[8] ;
- word32 *rnd32 = (word32 *)rnd ;
- word32 size = sz ;
- byte* op = output ;
-
- /* This part has to be replaced with better random seed */
- RNGNUMGEN1 = ReadCoreTimer();
- RNGPOLY1 = ReadCoreTimer();
- RNGPOLY2 = ReadCoreTimer();
- RNGNUMGEN2 = ReadCoreTimer();
-#ifdef DEBUG_WOLFSSL
- printf("GenerateSeed::Seed=%08x, %08x\n", RNGNUMGEN1, RNGNUMGEN2) ;
-#endif
- RNGCONbits.PLEN = 0x40;
- RNGCONbits.PRNGEN = 1;
- for(i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
- volatile int x ;
- x = RNGNUMGEN1 ;
- x = RNGNUMGEN2 ;
- }
- do {
- rnd32[0] = RNGNUMGEN1;
- rnd32[1] = RNGNUMGEN2;
-
- for(i=0; i<8; i++, op++) {
- *op = rnd[i] ;
- size -- ;
- if(size==0)break ;
- }
- } while(size) ;
- return 0;
- }
- #else /* WOLFSSL_MIC32MZ_RNG */
- /* uses the core timer, in nanoseconds to seed srand */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- srand(PIC32_SEED_COUNT() * 25);
-
- for (i = 0; i < sz; i++ ) {
- output[i] = rand() % 256;
- if ( (i % 8) == 7)
- srand(PIC32_SEED_COUNT() * 25);
- }
- return 0;
- }
- #endif /* WOLFSSL_MIC32MZ_RNG */
-
-#elif defined(FREESCALE_MQX)
-
- #ifdef FREESCALE_K70_RNGA
- /*
- * wc_Generates a RNG seed using the Random Number Generator Accelerator
- * on the Kinetis K70. Documentation located in Chapter 37 of
- * K70 Sub-Family Reference Manual (see Note 3 in the README for link).
- */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
-
- /* turn on RNGA module */
- SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK;
-
- /* set SLP bit to 0 - "RNGA is not in sleep mode" */
- RNG_CR &= ~RNG_CR_SLP_MASK;
-
- /* set HA bit to 1 - "security violations masked" */
- RNG_CR |= RNG_CR_HA_MASK;
-
- /* set GO bit to 1 - "output register loaded with data" */
- RNG_CR |= RNG_CR_GO_MASK;
-
- for (i = 0; i < sz; i++) {
-
- /* wait for RNG FIFO to be full */
- while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {}
-
- /* get value */
- output[i] = RNG_OR;
- }
-
- return 0;
- }
-
- #elif defined(FREESCALE_K53_RNGB)
- /*
- * wc_Generates a RNG seed using the Random Number Generator (RNGB)
- * on the Kinetis K53. Documentation located in Chapter 33 of
- * K53 Sub-Family Reference Manual (see note in the README for link).
- */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
-
- /* turn on RNGB module */
- SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK;
-
- /* reset RNGB */
- RNG_CMD |= RNG_CMD_SR_MASK;
-
- /* FIFO generate interrupt, return all zeros on underflow,
- * set auto reseed */
- RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK);
-
- /* gen seed, clear interrupts, clear errors */
- RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK);
-
- /* wait for seeding to complete */
- while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {}
-
- for (i = 0; i < sz; i++) {
-
- /* wait for a word to be available from FIFO */
- while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {}
-
- /* get value */
- output[i] = RNG_OUT;
- }
-
- return 0;
- }
-
- #else
- #warning "write a real random seed!!!!, just for testing now"
-
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- for (i = 0; i < sz; i++ )
- output[i] = i;
-
- return 0;
- }
- #endif /* FREESCALE_K70_RNGA */
-
-#elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) \
- || defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) \
- || defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2)
-
-#warning "write a real random seed!!!!, just for testing now"
-
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
- word32 i;
- for (i = 0; i < sz; i++ )
- output[i] = i;
-
- (void)os;
-
- return 0;
-}
-
-#elif defined(STM32F2_RNG)
- #undef RNG
- #include "stm32f2xx_rng.h"
- #include "stm32f2xx_rcc.h"
- /*
- * wc_Generate a RNG seed using the hardware random number generator
- * on the STM32F2. Documentation located in STM32F2xx Standard Peripheral
- * Library document (See note in README).
- */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
-
- /* enable RNG clock source */
- RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE);
-
- /* enable RNG peripheral */
- RNG_Cmd(ENABLE);
-
- for (i = 0; i < sz; i++) {
- /* wait until RNG number is ready */
- while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { }
-
- /* get value */
- output[i] = RNG_GetRandomNumber();
- }
-
- return 0;
- }
-#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx)
-
- #warning "write a real random seed!!!!, just for testing now"
-
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
-
- for (i = 0; i < sz; i++ )
- output[i] = i;
-
- return 0;
- }
-
-#elif defined(WOLFSSL_TIRTOS)
-
- #include <xdc/runtime/Timestamp.h>
- #include <stdlib.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- srand(xdc_runtime_Timestamp_get32());
-
- for (i = 0; i < sz; i++ ) {
- output[i] = rand() % 256;
- if ((i % 8) == 7) {
- srand(xdc_runtime_Timestamp_get32());
- }
- }
-
- return 0;
- }
-
-#elif defined(CUSTOM_RAND_GENERATE)
-
- /* Implement your own random generation function
- * word32 rand_gen(void);
- * #define CUSTOM_RAND_GENERATE rand_gen */
-
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
-
- (void)os;
-
- for (i = 0; i < sz; i++ )
- output[i] = CUSTOM_RAND_GENERATE();
-
- return 0;
- }
-
-#elif defined(NO_DEV_RANDOM)
-
-#error "you need to write an os specific wc_GenerateSeed() here"
-
-/*
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
- return 0;
-}
-*/
-
-
-#else /* !USE_WINDOWS_API && !HAVE_RPT_SYS && !MICRIUM && !NO_DEV_RANDOM */
-
-/* may block */
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
- int ret = 0;
-
-
-#if defined(HAVE_INTEL_RDGEN) && (defined(HAVE_HASHDRBG) || defined(NO_RC4))
- wc_InitRng_IntelRD() ; /* set cpuid_flags if not yet */
- if(IS_INTEL_RDSEED)
- return wc_GenerateSeed_IntelRD(NULL, output, sz) ;
-#endif
-
- os->fd = open("/dev/urandom",O_RDONLY);
- if (os->fd == -1) {
- /* may still have /dev/random */
- os->fd = open("/dev/random",O_RDONLY);
- if (os->fd == -1)
- return OPEN_RAN_E;
- }
-
- while (sz) {
- int len = (int)read(os->fd, output, sz);
- if (len == -1) {
- ret = READ_RAN_E;
- break;
- }
-
- sz -= len;
- output += len;
-
- if (sz) {
-#ifdef BLOCKING
- sleep(0); /* context switch */
-#else
- ret = RAN_BLOCK_E;
- break;
-#endif
- }
- }
- close(os->fd);
-
- return ret;
-}
-
-#endif /* USE_WINDOWS_API */
-#endif /* HAVE_FIPS */
-
-
--- a/wolfcrypt/src/ripemd.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,355 +0,0 @@
-/* ripemd.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_RIPEMD
-
-#include <wolfssl/wolfcrypt/ripemd.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-void wc_InitRipeMd(RipeMd* ripemd)
-{
- ripemd->digest[0] = 0x67452301L;
- ripemd->digest[1] = 0xEFCDAB89L;
- ripemd->digest[2] = 0x98BADCFEL;
- ripemd->digest[3] = 0x10325476L;
- ripemd->digest[4] = 0xC3D2E1F0L;
-
- ripemd->buffLen = 0;
- ripemd->loLen = 0;
- ripemd->hiLen = 0;
-}
-
-
-/* for all */
-#define F(x, y, z) (x ^ y ^ z)
-#define G(x, y, z) (z ^ (x & (y^z)))
-#define H(x, y, z) (z ^ (x | ~y))
-#define I(x, y, z) (y ^ (z & (x^y)))
-#define J(x, y, z) (x ^ (y | ~z))
-
-#define k0 0
-#define k1 0x5a827999
-#define k2 0x6ed9eba1
-#define k3 0x8f1bbcdc
-#define k4 0xa953fd4e
-#define k5 0x50a28be6
-#define k6 0x5c4dd124
-#define k7 0x6d703ef3
-#define k8 0x7a6d76e9
-#define k9 0
-
-/* for 160 and 320 */
-#define Subround(f, a, b, c, d, e, x, s, k) \
- a += f(b, c, d) + x + k;\
- a = rotlFixed((word32)a, s) + e;\
- c = rotlFixed((word32)c, 10U)
-
-static void Transform(RipeMd* ripemd)
-{
- word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2;
- a1 = a2 = ripemd->digest[0];
- b1 = b2 = ripemd->digest[1];
- c1 = c2 = ripemd->digest[2];
- d1 = d2 = ripemd->digest[3];
- e1 = e2 = ripemd->digest[4];
-
- Subround(F, a1, b1, c1, d1, e1, ripemd->buffer[ 0], 11, k0);
- Subround(F, e1, a1, b1, c1, d1, ripemd->buffer[ 1], 14, k0);
- Subround(F, d1, e1, a1, b1, c1, ripemd->buffer[ 2], 15, k0);
- Subround(F, c1, d1, e1, a1, b1, ripemd->buffer[ 3], 12, k0);
- Subround(F, b1, c1, d1, e1, a1, ripemd->buffer[ 4], 5, k0);
- Subround(F, a1, b1, c1, d1, e1, ripemd->buffer[ 5], 8, k0);
- Subround(F, e1, a1, b1, c1, d1, ripemd->buffer[ 6], 7, k0);
- Subround(F, d1, e1, a1, b1, c1, ripemd->buffer[ 7], 9, k0);
- Subround(F, c1, d1, e1, a1, b1, ripemd->buffer[ 8], 11, k0);
- Subround(F, b1, c1, d1, e1, a1, ripemd->buffer[ 9], 13, k0);
- Subround(F, a1, b1, c1, d1, e1, ripemd->buffer[10], 14, k0);
- Subround(F, e1, a1, b1, c1, d1, ripemd->buffer[11], 15, k0);
- Subround(F, d1, e1, a1, b1, c1, ripemd->buffer[12], 6, k0);
- Subround(F, c1, d1, e1, a1, b1, ripemd->buffer[13], 7, k0);
- Subround(F, b1, c1, d1, e1, a1, ripemd->buffer[14], 9, k0);
- Subround(F, a1, b1, c1, d1, e1, ripemd->buffer[15], 8, k0);
-
- Subround(G, e1, a1, b1, c1, d1, ripemd->buffer[ 7], 7, k1);
- Subround(G, d1, e1, a1, b1, c1, ripemd->buffer[ 4], 6, k1);
- Subround(G, c1, d1, e1, a1, b1, ripemd->buffer[13], 8, k1);
- Subround(G, b1, c1, d1, e1, a1, ripemd->buffer[ 1], 13, k1);
- Subround(G, a1, b1, c1, d1, e1, ripemd->buffer[10], 11, k1);
- Subround(G, e1, a1, b1, c1, d1, ripemd->buffer[ 6], 9, k1);
- Subround(G, d1, e1, a1, b1, c1, ripemd->buffer[15], 7, k1);
- Subround(G, c1, d1, e1, a1, b1, ripemd->buffer[ 3], 15, k1);
- Subround(G, b1, c1, d1, e1, a1, ripemd->buffer[12], 7, k1);
- Subround(G, a1, b1, c1, d1, e1, ripemd->buffer[ 0], 12, k1);
- Subround(G, e1, a1, b1, c1, d1, ripemd->buffer[ 9], 15, k1);
- Subround(G, d1, e1, a1, b1, c1, ripemd->buffer[ 5], 9, k1);
- Subround(G, c1, d1, e1, a1, b1, ripemd->buffer[ 2], 11, k1);
- Subround(G, b1, c1, d1, e1, a1, ripemd->buffer[14], 7, k1);
- Subround(G, a1, b1, c1, d1, e1, ripemd->buffer[11], 13, k1);
- Subround(G, e1, a1, b1, c1, d1, ripemd->buffer[ 8], 12, k1);
-
- Subround(H, d1, e1, a1, b1, c1, ripemd->buffer[ 3], 11, k2);
- Subround(H, c1, d1, e1, a1, b1, ripemd->buffer[10], 13, k2);
- Subround(H, b1, c1, d1, e1, a1, ripemd->buffer[14], 6, k2);
- Subround(H, a1, b1, c1, d1, e1, ripemd->buffer[ 4], 7, k2);
- Subround(H, e1, a1, b1, c1, d1, ripemd->buffer[ 9], 14, k2);
- Subround(H, d1, e1, a1, b1, c1, ripemd->buffer[15], 9, k2);
- Subround(H, c1, d1, e1, a1, b1, ripemd->buffer[ 8], 13, k2);
- Subround(H, b1, c1, d1, e1, a1, ripemd->buffer[ 1], 15, k2);
- Subround(H, a1, b1, c1, d1, e1, ripemd->buffer[ 2], 14, k2);
- Subround(H, e1, a1, b1, c1, d1, ripemd->buffer[ 7], 8, k2);
- Subround(H, d1, e1, a1, b1, c1, ripemd->buffer[ 0], 13, k2);
- Subround(H, c1, d1, e1, a1, b1, ripemd->buffer[ 6], 6, k2);
- Subround(H, b1, c1, d1, e1, a1, ripemd->buffer[13], 5, k2);
- Subround(H, a1, b1, c1, d1, e1, ripemd->buffer[11], 12, k2);
- Subround(H, e1, a1, b1, c1, d1, ripemd->buffer[ 5], 7, k2);
- Subround(H, d1, e1, a1, b1, c1, ripemd->buffer[12], 5, k2);
-
- Subround(I, c1, d1, e1, a1, b1, ripemd->buffer[ 1], 11, k3);
- Subround(I, b1, c1, d1, e1, a1, ripemd->buffer[ 9], 12, k3);
- Subround(I, a1, b1, c1, d1, e1, ripemd->buffer[11], 14, k3);
- Subround(I, e1, a1, b1, c1, d1, ripemd->buffer[10], 15, k3);
- Subround(I, d1, e1, a1, b1, c1, ripemd->buffer[ 0], 14, k3);
- Subround(I, c1, d1, e1, a1, b1, ripemd->buffer[ 8], 15, k3);
- Subround(I, b1, c1, d1, e1, a1, ripemd->buffer[12], 9, k3);
- Subround(I, a1, b1, c1, d1, e1, ripemd->buffer[ 4], 8, k3);
- Subround(I, e1, a1, b1, c1, d1, ripemd->buffer[13], 9, k3);
- Subround(I, d1, e1, a1, b1, c1, ripemd->buffer[ 3], 14, k3);
- Subround(I, c1, d1, e1, a1, b1, ripemd->buffer[ 7], 5, k3);
- Subround(I, b1, c1, d1, e1, a1, ripemd->buffer[15], 6, k3);
- Subround(I, a1, b1, c1, d1, e1, ripemd->buffer[14], 8, k3);
- Subround(I, e1, a1, b1, c1, d1, ripemd->buffer[ 5], 6, k3);
- Subround(I, d1, e1, a1, b1, c1, ripemd->buffer[ 6], 5, k3);
- Subround(I, c1, d1, e1, a1, b1, ripemd->buffer[ 2], 12, k3);
-
- Subround(J, b1, c1, d1, e1, a1, ripemd->buffer[ 4], 9, k4);
- Subround(J, a1, b1, c1, d1, e1, ripemd->buffer[ 0], 15, k4);
- Subround(J, e1, a1, b1, c1, d1, ripemd->buffer[ 5], 5, k4);
- Subround(J, d1, e1, a1, b1, c1, ripemd->buffer[ 9], 11, k4);
- Subround(J, c1, d1, e1, a1, b1, ripemd->buffer[ 7], 6, k4);
- Subround(J, b1, c1, d1, e1, a1, ripemd->buffer[12], 8, k4);
- Subround(J, a1, b1, c1, d1, e1, ripemd->buffer[ 2], 13, k4);
- Subround(J, e1, a1, b1, c1, d1, ripemd->buffer[10], 12, k4);
- Subround(J, d1, e1, a1, b1, c1, ripemd->buffer[14], 5, k4);
- Subround(J, c1, d1, e1, a1, b1, ripemd->buffer[ 1], 12, k4);
- Subround(J, b1, c1, d1, e1, a1, ripemd->buffer[ 3], 13, k4);
- Subround(J, a1, b1, c1, d1, e1, ripemd->buffer[ 8], 14, k4);
- Subround(J, e1, a1, b1, c1, d1, ripemd->buffer[11], 11, k4);
- Subround(J, d1, e1, a1, b1, c1, ripemd->buffer[ 6], 8, k4);
- Subround(J, c1, d1, e1, a1, b1, ripemd->buffer[15], 5, k4);
- Subround(J, b1, c1, d1, e1, a1, ripemd->buffer[13], 6, k4);
-
- Subround(J, a2, b2, c2, d2, e2, ripemd->buffer[ 5], 8, k5);
- Subround(J, e2, a2, b2, c2, d2, ripemd->buffer[14], 9, k5);
- Subround(J, d2, e2, a2, b2, c2, ripemd->buffer[ 7], 9, k5);
- Subround(J, c2, d2, e2, a2, b2, ripemd->buffer[ 0], 11, k5);
- Subround(J, b2, c2, d2, e2, a2, ripemd->buffer[ 9], 13, k5);
- Subround(J, a2, b2, c2, d2, e2, ripemd->buffer[ 2], 15, k5);
- Subround(J, e2, a2, b2, c2, d2, ripemd->buffer[11], 15, k5);
- Subround(J, d2, e2, a2, b2, c2, ripemd->buffer[ 4], 5, k5);
- Subround(J, c2, d2, e2, a2, b2, ripemd->buffer[13], 7, k5);
- Subround(J, b2, c2, d2, e2, a2, ripemd->buffer[ 6], 7, k5);
- Subround(J, a2, b2, c2, d2, e2, ripemd->buffer[15], 8, k5);
- Subround(J, e2, a2, b2, c2, d2, ripemd->buffer[ 8], 11, k5);
- Subround(J, d2, e2, a2, b2, c2, ripemd->buffer[ 1], 14, k5);
- Subround(J, c2, d2, e2, a2, b2, ripemd->buffer[10], 14, k5);
- Subround(J, b2, c2, d2, e2, a2, ripemd->buffer[ 3], 12, k5);
- Subround(J, a2, b2, c2, d2, e2, ripemd->buffer[12], 6, k5);
-
- Subround(I, e2, a2, b2, c2, d2, ripemd->buffer[ 6], 9, k6);
- Subround(I, d2, e2, a2, b2, c2, ripemd->buffer[11], 13, k6);
- Subround(I, c2, d2, e2, a2, b2, ripemd->buffer[ 3], 15, k6);
- Subround(I, b2, c2, d2, e2, a2, ripemd->buffer[ 7], 7, k6);
- Subround(I, a2, b2, c2, d2, e2, ripemd->buffer[ 0], 12, k6);
- Subround(I, e2, a2, b2, c2, d2, ripemd->buffer[13], 8, k6);
- Subround(I, d2, e2, a2, b2, c2, ripemd->buffer[ 5], 9, k6);
- Subround(I, c2, d2, e2, a2, b2, ripemd->buffer[10], 11, k6);
- Subround(I, b2, c2, d2, e2, a2, ripemd->buffer[14], 7, k6);
- Subround(I, a2, b2, c2, d2, e2, ripemd->buffer[15], 7, k6);
- Subround(I, e2, a2, b2, c2, d2, ripemd->buffer[ 8], 12, k6);
- Subround(I, d2, e2, a2, b2, c2, ripemd->buffer[12], 7, k6);
- Subround(I, c2, d2, e2, a2, b2, ripemd->buffer[ 4], 6, k6);
- Subround(I, b2, c2, d2, e2, a2, ripemd->buffer[ 9], 15, k6);
- Subround(I, a2, b2, c2, d2, e2, ripemd->buffer[ 1], 13, k6);
- Subround(I, e2, a2, b2, c2, d2, ripemd->buffer[ 2], 11, k6);
-
- Subround(H, d2, e2, a2, b2, c2, ripemd->buffer[15], 9, k7);
- Subround(H, c2, d2, e2, a2, b2, ripemd->buffer[ 5], 7, k7);
- Subround(H, b2, c2, d2, e2, a2, ripemd->buffer[ 1], 15, k7);
- Subround(H, a2, b2, c2, d2, e2, ripemd->buffer[ 3], 11, k7);
- Subround(H, e2, a2, b2, c2, d2, ripemd->buffer[ 7], 8, k7);
- Subround(H, d2, e2, a2, b2, c2, ripemd->buffer[14], 6, k7);
- Subround(H, c2, d2, e2, a2, b2, ripemd->buffer[ 6], 6, k7);
- Subround(H, b2, c2, d2, e2, a2, ripemd->buffer[ 9], 14, k7);
- Subround(H, a2, b2, c2, d2, e2, ripemd->buffer[11], 12, k7);
- Subround(H, e2, a2, b2, c2, d2, ripemd->buffer[ 8], 13, k7);
- Subround(H, d2, e2, a2, b2, c2, ripemd->buffer[12], 5, k7);
- Subround(H, c2, d2, e2, a2, b2, ripemd->buffer[ 2], 14, k7);
- Subround(H, b2, c2, d2, e2, a2, ripemd->buffer[10], 13, k7);
- Subround(H, a2, b2, c2, d2, e2, ripemd->buffer[ 0], 13, k7);
- Subround(H, e2, a2, b2, c2, d2, ripemd->buffer[ 4], 7, k7);
- Subround(H, d2, e2, a2, b2, c2, ripemd->buffer[13], 5, k7);
-
- Subround(G, c2, d2, e2, a2, b2, ripemd->buffer[ 8], 15, k8);
- Subround(G, b2, c2, d2, e2, a2, ripemd->buffer[ 6], 5, k8);
- Subround(G, a2, b2, c2, d2, e2, ripemd->buffer[ 4], 8, k8);
- Subround(G, e2, a2, b2, c2, d2, ripemd->buffer[ 1], 11, k8);
- Subround(G, d2, e2, a2, b2, c2, ripemd->buffer[ 3], 14, k8);
- Subround(G, c2, d2, e2, a2, b2, ripemd->buffer[11], 14, k8);
- Subround(G, b2, c2, d2, e2, a2, ripemd->buffer[15], 6, k8);
- Subround(G, a2, b2, c2, d2, e2, ripemd->buffer[ 0], 14, k8);
- Subround(G, e2, a2, b2, c2, d2, ripemd->buffer[ 5], 6, k8);
- Subround(G, d2, e2, a2, b2, c2, ripemd->buffer[12], 9, k8);
- Subround(G, c2, d2, e2, a2, b2, ripemd->buffer[ 2], 12, k8);
- Subround(G, b2, c2, d2, e2, a2, ripemd->buffer[13], 9, k8);
- Subround(G, a2, b2, c2, d2, e2, ripemd->buffer[ 9], 12, k8);
- Subround(G, e2, a2, b2, c2, d2, ripemd->buffer[ 7], 5, k8);
- Subround(G, d2, e2, a2, b2, c2, ripemd->buffer[10], 15, k8);
- Subround(G, c2, d2, e2, a2, b2, ripemd->buffer[14], 8, k8);
-
- Subround(F, b2, c2, d2, e2, a2, ripemd->buffer[12], 8, k9);
- Subround(F, a2, b2, c2, d2, e2, ripemd->buffer[15], 5, k9);
- Subround(F, e2, a2, b2, c2, d2, ripemd->buffer[10], 12, k9);
- Subround(F, d2, e2, a2, b2, c2, ripemd->buffer[ 4], 9, k9);
- Subround(F, c2, d2, e2, a2, b2, ripemd->buffer[ 1], 12, k9);
- Subround(F, b2, c2, d2, e2, a2, ripemd->buffer[ 5], 5, k9);
- Subround(F, a2, b2, c2, d2, e2, ripemd->buffer[ 8], 14, k9);
- Subround(F, e2, a2, b2, c2, d2, ripemd->buffer[ 7], 6, k9);
- Subround(F, d2, e2, a2, b2, c2, ripemd->buffer[ 6], 8, k9);
- Subround(F, c2, d2, e2, a2, b2, ripemd->buffer[ 2], 13, k9);
- Subround(F, b2, c2, d2, e2, a2, ripemd->buffer[13], 6, k9);
- Subround(F, a2, b2, c2, d2, e2, ripemd->buffer[14], 5, k9);
- Subround(F, e2, a2, b2, c2, d2, ripemd->buffer[ 0], 15, k9);
- Subround(F, d2, e2, a2, b2, c2, ripemd->buffer[ 3], 13, k9);
- Subround(F, c2, d2, e2, a2, b2, ripemd->buffer[ 9], 11, k9);
- Subround(F, b2, c2, d2, e2, a2, ripemd->buffer[11], 11, k9);
-
- c1 = ripemd->digest[1] + c1 + d2;
- ripemd->digest[1] = ripemd->digest[2] + d1 + e2;
- ripemd->digest[2] = ripemd->digest[3] + e1 + a2;
- ripemd->digest[3] = ripemd->digest[4] + a1 + b2;
- ripemd->digest[4] = ripemd->digest[0] + b1 + c2;
- ripemd->digest[0] = c1;
-}
-
-
-static INLINE void AddLength(RipeMd* ripemd, word32 len)
-{
- word32 tmp = ripemd->loLen;
- if ( (ripemd->loLen += len) < tmp)
- ripemd->hiLen++; /* carry low to high */
-}
-
-
-void wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len)
-{
- /* do block size increments */
- byte* local = (byte*)ripemd->buffer;
-
- while (len) {
- word32 add = min(len, RIPEMD_BLOCK_SIZE - ripemd->buffLen);
- XMEMCPY(&local[ripemd->buffLen], data, add);
-
- ripemd->buffLen += add;
- data += add;
- len -= add;
-
- if (ripemd->buffLen == RIPEMD_BLOCK_SIZE) {
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(ripemd->buffer, ripemd->buffer,
- RIPEMD_BLOCK_SIZE);
- #endif
- Transform(ripemd);
- AddLength(ripemd, RIPEMD_BLOCK_SIZE);
- ripemd->buffLen = 0;
- }
- }
-}
-
-
-void wc_RipeMdFinal(RipeMd* ripemd, byte* hash)
-{
- byte* local = (byte*)ripemd->buffer;
-
- AddLength(ripemd, ripemd->buffLen); /* before adding pads */
-
- local[ripemd->buffLen++] = 0x80; /* add 1 */
-
- /* pad with zeros */
- if (ripemd->buffLen > RIPEMD_PAD_SIZE) {
- XMEMSET(&local[ripemd->buffLen], 0, RIPEMD_BLOCK_SIZE - ripemd->buffLen);
- ripemd->buffLen += RIPEMD_BLOCK_SIZE - ripemd->buffLen;
-
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
- #endif
- Transform(ripemd);
- ripemd->buffLen = 0;
- }
- XMEMSET(&local[ripemd->buffLen], 0, RIPEMD_PAD_SIZE - ripemd->buffLen);
-
- /* put lengths in bits */
- ripemd->loLen = ripemd->loLen << 3;
- ripemd->hiLen = (ripemd->loLen >> (8*sizeof(ripemd->loLen) - 3)) +
- (ripemd->hiLen << 3);
-
- /* store lengths */
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
- #endif
- /* ! length ordering dependent on digest endian type ! */
- XMEMCPY(&local[RIPEMD_PAD_SIZE], &ripemd->loLen, sizeof(word32));
- XMEMCPY(&local[RIPEMD_PAD_SIZE + sizeof(word32)], &ripemd->hiLen,
- sizeof(word32));
-
- Transform(ripemd);
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords(ripemd->digest, ripemd->digest, RIPEMD_DIGEST_SIZE);
- #endif
- XMEMCPY(hash, ripemd->digest, RIPEMD_DIGEST_SIZE);
-
- wc_InitRipeMd(ripemd); /* reset state */
-}
-
-
-#endif /* WOLFSSL_RIPEMD */
-
--- a/wolfcrypt/src/rsa.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,973 +0,0 @@
-/* rsa.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_RSA
-
-#include <wolfssl/wolfcrypt/rsa.h>
-
-#ifdef HAVE_FIPS
-int wc_InitRsaKey(RsaKey* key, void* ptr)
-{
- return InitRsaKey_fips(key, ptr);
-}
-
-
-int wc_FreeRsaKey(RsaKey* key)
-{
- return FreeRsaKey_fips(key);
-}
-
-
-int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key, RNG* rng)
-{
- return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
-}
-
-
-int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
- RsaKey* key)
-{
- return RsaPrivateDecryptInline_fips(in, inLen, out, key);
-}
-
-
-int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key)
-{
- return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key);
-}
-
-
-int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key, RNG* rng)
-{
- return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
-}
-
-
-int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
- return RsaSSL_VerifyInline_fips(in, inLen, out, key);
-}
-
-
-int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key)
-{
- return RsaSSL_Verify_fips(in, inLen, out, outLen, key);
-}
-
-
-int wc_RsaEncryptSize(RsaKey* key)
-{
- return RsaEncryptSize_fips(key);
-}
-
-
-int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
- word32* bSz)
-{
- /* not specified as fips so not needing _fips */
- return RsaFlattenPublicKey(key, a, aSz, b, bSz);
-}
-#ifdef WOLFSSL_KEY_GEN
- int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
- {
- return MakeRsaKey(key, size, e, rng);
- }
-#endif
-
-
-#ifdef HAVE_CAVIUM
- int wc_RsaInitCavium(RsaKey* key, int i)
- {
- return RsaInitCavium(key, i);
- }
-
-
- void wc_RsaFreeCavium(RsaKey* key)
- {
- RsaFreeCavium(key);
- }
-#endif
-
-/* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c
-* wc_RsaPrivateKeyDecode
-* wc_RsaPublicKeyDecode
-*/
-
-#else /* else build without fips */
-#include <wolfssl/wolfcrypt/random.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef SHOW_GEN
- #ifdef FREESCALE_MQX
- #include <fio.h>
- #else
- #include <stdio.h>
- #endif
-#endif
-
-#ifdef HAVE_CAVIUM
- static int InitCaviumRsaKey(RsaKey* key, void* heap);
- static int FreeCaviumRsaKey(RsaKey* key);
- static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key);
- static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key);
- static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key);
- static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key);
-#endif
-
-enum {
- RSA_PUBLIC_ENCRYPT = 0,
- RSA_PUBLIC_DECRYPT = 1,
- RSA_PRIVATE_ENCRYPT = 2,
- RSA_PRIVATE_DECRYPT = 3,
-
- RSA_BLOCK_TYPE_1 = 1,
- RSA_BLOCK_TYPE_2 = 2,
-
- RSA_MIN_SIZE = 512,
- RSA_MAX_SIZE = 4096,
-
- RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */
-};
-
-
-int wc_InitRsaKey(RsaKey* key, void* heap)
-{
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return InitCaviumRsaKey(key, heap);
-#endif
-
- key->type = -1; /* haven't decided yet */
- key->heap = heap;
-
-/* TomsFastMath doesn't use memory allocation */
-#ifndef USE_FAST_MATH
- key->n.dp = key->e.dp = 0; /* public alloc parts */
-
- key->d.dp = key->p.dp = 0; /* private alloc parts */
- key->q.dp = key->dP.dp = 0;
- key->u.dp = key->dQ.dp = 0;
-#else
- mp_init(&key->n);
- mp_init(&key->e);
- mp_init(&key->d);
- mp_init(&key->p);
- mp_init(&key->q);
- mp_init(&key->dP);
- mp_init(&key->dQ);
- mp_init(&key->u);
-#endif
-
- return 0;
-}
-
-
-int wc_FreeRsaKey(RsaKey* key)
-{
- (void)key;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return FreeCaviumRsaKey(key);
-#endif
-
-/* TomsFastMath doesn't use memory allocation */
-#ifndef USE_FAST_MATH
- if (key->type == RSA_PRIVATE) {
- mp_clear(&key->u);
- mp_clear(&key->dQ);
- mp_clear(&key->dP);
- mp_clear(&key->q);
- mp_clear(&key->p);
- mp_clear(&key->d);
- }
- mp_clear(&key->e);
- mp_clear(&key->n);
-#endif
-
- return 0;
-}
-
-static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
- word32 pkcsBlockLen, byte padValue, RNG* rng)
-{
- if (inputLen == 0)
- return 0;
-
- pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
- pkcsBlock++; pkcsBlockLen--;
- pkcsBlock[0] = padValue; /* insert padValue */
-
- if (padValue == RSA_BLOCK_TYPE_1)
- /* pad with 0xff bytes */
- XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
- else {
- /* pad with non-zero random bytes */
- word32 padLen = pkcsBlockLen - inputLen - 1, i;
- int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
-
- if (ret != 0)
- return ret;
-
- /* remove zeros */
- for (i = 1; i < padLen; i++)
- if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
- }
-
- pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
- XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
-
- return 0;
-}
-
-
-/* UnPad plaintext, set start to *output, return length of plaintext,
- * < 0 on error */
-static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
- byte **output, byte padValue)
-{
- word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
- invalid = 0,
- i = 1,
- outputLen;
-
- if (pkcsBlock[0] != 0x0) /* skip past zero */
- invalid = 1;
- pkcsBlock++; pkcsBlockLen--;
-
- /* Require block type padValue */
- invalid = (pkcsBlock[0] != padValue) || invalid;
-
- /* verify the padding until we find the separator */
- if (padValue == RSA_BLOCK_TYPE_1) {
- while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
- }
- else {
- while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
- }
-
- if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
- WOLFSSL_MSG("RsaUnPad error, bad formatting");
- return RSA_PAD_E;
- }
-
- outputLen = pkcsBlockLen - i;
- invalid = (outputLen > maxOutputLen) || invalid;
-
- if (invalid) {
- WOLFSSL_MSG("RsaUnPad error, bad formatting");
- return RSA_PAD_E;
- }
-
- *output = (byte *)(pkcsBlock + i);
- return outputLen;
-}
-
-
-static int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
- word32* outLen, int type, RsaKey* key)
-{
- #define ERROR_OUT(x) { ret = (x); goto done;}
-
- mp_int tmp;
- int ret = 0;
- word32 keyLen, len;
-
- if (mp_init(&tmp) != MP_OKAY)
- return MP_INIT_E;
-
- if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY)
- ERROR_OUT(MP_READ_E);
-
- if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) {
- #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */
- if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY)
- ERROR_OUT(MP_EXPTMOD_E);
- #else
- #define INNER_ERROR_OUT(x) { ret = (x); goto inner_done; }
-
- mp_int tmpa, tmpb;
-
- if (mp_init(&tmpa) != MP_OKAY)
- ERROR_OUT(MP_INIT_E);
-
- if (mp_init(&tmpb) != MP_OKAY) {
- mp_clear(&tmpa);
- ERROR_OUT(MP_INIT_E);
- }
-
- /* tmpa = tmp^dP mod p */
- if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY)
- INNER_ERROR_OUT(MP_EXPTMOD_E);
-
- /* tmpb = tmp^dQ mod q */
- if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY)
- INNER_ERROR_OUT(MP_EXPTMOD_E);
-
- /* tmp = (tmpa - tmpb) * qInv (mod p) */
- if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY)
- INNER_ERROR_OUT(MP_SUB_E);
-
- if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY)
- INNER_ERROR_OUT(MP_MULMOD_E);
-
- /* tmp = tmpb + q * tmp */
- if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY)
- INNER_ERROR_OUT(MP_MUL_E);
-
- if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY)
- INNER_ERROR_OUT(MP_ADD_E);
-
- inner_done:
- mp_clear(&tmpa);
- mp_clear(&tmpb);
-
- if (ret != 0) return ret;
-
- #endif /* RSA_LOW_MEM */
- }
- else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
- if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY)
- ERROR_OUT(MP_EXPTMOD_E);
- }
- else
- ERROR_OUT(RSA_WRONG_TYPE_E);
-
- keyLen = mp_unsigned_bin_size(&key->n);
- if (keyLen > *outLen)
- ERROR_OUT(RSA_BUFFER_E);
-
- len = mp_unsigned_bin_size(&tmp);
-
- /* pad front w/ zeros to match key length */
- while (len < keyLen) {
- *out++ = 0x00;
- len++;
- }
-
- *outLen = keyLen;
-
- /* convert */
- if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY)
- ERROR_OUT(MP_TO_E);
-
-done:
- mp_clear(&tmp);
- if (ret == MP_EXPTMOD_E) {
- WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
- }
- return ret;
-}
-
-
-int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
- RsaKey* key, RNG* rng)
-{
- int sz, ret;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key);
-#endif
-
- sz = mp_unsigned_bin_size(&key->n);
- if (sz > (int)outLen)
- return RSA_BUFFER_E;
-
- if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
- return RSA_BUFFER_E;
-
- ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng);
- if (ret != 0)
- return ret;
-
- if ((ret = wc_RsaFunction(out, sz, out, &outLen,
- RSA_PUBLIC_ENCRYPT, key)) < 0)
- sz = ret;
-
- return sz;
-}
-
-
-int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
- ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key);
- if (ret > 0)
- *out = in;
- return ret;
- }
-#endif
-
- if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key))
- < 0) {
- return ret;
- }
-
- return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2);
-}
-
-
-int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
- RsaKey* key)
-{
- int plainLen;
- byte* tmp;
- byte* pad = 0;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key);
-#endif
-
- tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
- if (tmp == NULL) {
- return MEMORY_E;
- }
-
- XMEMCPY(tmp, in, inLen);
-
- if ( (plainLen = wc_RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) {
- XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
- return plainLen;
- }
- if (plainLen > (int)outLen)
- plainLen = BAD_FUNC_ARG;
- else
- XMEMCPY(out, pad, plainLen);
-
- ForceZero(tmp, inLen);
- XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
-
- return plainLen;
-}
-
-
-/* for Rsa Verify */
-int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
- ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key);
- if (ret > 0)
- *out = in;
- return ret;
- }
-#endif
-
- if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key))
- < 0) {
- return ret;
- }
-
- return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
-}
-
-
-int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
- RsaKey* key)
-{
- int plainLen;
- byte* tmp;
- byte* pad = 0;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return CaviumRsaSSL_Verify(in, inLen, out, outLen, key);
-#endif
-
- tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
- if (tmp == NULL) {
- return MEMORY_E;
- }
-
- XMEMCPY(tmp, in, inLen);
-
- if ( (plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) {
- XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
- return plainLen;
- }
-
- if (plainLen > (int)outLen)
- plainLen = BAD_FUNC_ARG;
- else
- XMEMCPY(out, pad, plainLen);
-
- ForceZero(tmp, inLen);
- XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
-
- return plainLen;
-}
-
-
-/* for Rsa Sign */
-int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
- RsaKey* key, RNG* rng)
-{
- int sz, ret;
-
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return CaviumRsaSSL_Sign(in, inLen, out, outLen, key);
-#endif
-
- sz = mp_unsigned_bin_size(&key->n);
- if (sz > (int)outLen)
- return RSA_BUFFER_E;
-
- if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
- return RSA_BUFFER_E;
-
- ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng);
- if (ret != 0)
- return ret;
-
- if ((ret = wc_RsaFunction(out, sz, out, &outLen,
- RSA_PRIVATE_ENCRYPT,key)) < 0)
- sz = ret;
-
- return sz;
-}
-
-
-int wc_RsaEncryptSize(RsaKey* key)
-{
-#ifdef HAVE_CAVIUM
- if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
- return key->c_nSz;
-#endif
- return mp_unsigned_bin_size(&key->n);
-}
-
-/* flatten RsaKey structure into individual elements (e, n) */
-int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
- word32* nSz)
-{
- int sz, ret;
-
- if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL)
- return BAD_FUNC_ARG;
-
- sz = mp_unsigned_bin_size(&key->e);
- if ((word32)sz > *nSz)
- return RSA_BUFFER_E;
- ret = mp_to_unsigned_bin(&key->e, e);
- if (ret != MP_OKAY)
- return ret;
- *eSz = (word32)sz;
-
- sz = mp_unsigned_bin_size(&key->n);
- if ((word32)sz > *nSz)
- return RSA_BUFFER_E;
- ret = mp_to_unsigned_bin(&key->n, n);
- if (ret != MP_OKAY)
- return ret;
- *nSz = (word32)sz;
-
- return 0;
-}
-
-
-#ifdef WOLFSSL_KEY_GEN
-
-static const int USE_BBS = 1;
-
-static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
-{
- int err, res, type;
- byte* buf;
-
- (void)heap;
- if (N == NULL || rng == NULL)
- return BAD_FUNC_ARG;
-
- /* get type */
- if (len < 0) {
- type = USE_BBS;
- len = -len;
- } else {
- type = 0;
- }
-
- /* allow sizes between 2 and 512 bytes for a prime size */
- if (len < 2 || len > 512) {
- return BAD_FUNC_ARG;
- }
-
- /* allocate buffer to work with */
- buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
- if (buf == NULL) {
- return MEMORY_E;
- }
- XMEMSET(buf, 0, len);
-
- do {
-#ifdef SHOW_GEN
- printf(".");
- fflush(stdout);
-#endif
- /* generate value */
- err = wc_RNG_GenerateBlock(rng, buf, len);
- if (err != 0) {
- XFREE(buf, heap, DYNAMIC_TYPE_RSA);
- return err;
- }
-
- /* munge bits */
- buf[0] |= 0x80 | 0x40;
- buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
-
- /* load value */
- if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
- XFREE(buf, heap, DYNAMIC_TYPE_RSA);
- return err;
- }
-
- /* test */
- if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
- XFREE(buf, heap, DYNAMIC_TYPE_RSA);
- return err;
- }
- } while (res == MP_NO);
-
- ForceZero(buf, len);
- XFREE(buf, heap, DYNAMIC_TYPE_RSA);
-
- return 0;
-}
-
-
-/* Make an RSA key for size bits, with e specified, 65537 is a good e */
-int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
-{
- mp_int p, q, tmp1, tmp2, tmp3;
- int err;
-
- if (key == NULL || rng == NULL)
- return BAD_FUNC_ARG;
-
- if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE)
- return BAD_FUNC_ARG;
-
- if (e < 3 || (e & 1) == 0)
- return BAD_FUNC_ARG;
-
- if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY)
- return err;
-
- err = mp_set_int(&tmp3, e);
-
- /* make p */
- if (err == MP_OKAY) {
- do {
- err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
-
- if (err == MP_OKAY)
- err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */
-
- if (err == MP_OKAY)
- err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */
- } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */
- }
-
- /* make q */
- if (err == MP_OKAY) {
- do {
- err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
-
- if (err == MP_OKAY)
- err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */
-
- if (err == MP_OKAY)
- err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */
- } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */
- }
-
- if (err == MP_OKAY)
- err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);
-
- if (err == MP_OKAY)
- err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);
-
- if (err == MP_OKAY)
- err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */
-
- if (err == MP_OKAY)
- err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */
-
- /* make key */
- if (err == MP_OKAY)
- err = mp_set_int(&key->e, e); /* key->e = e */
-
- if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */
- err = mp_invmod(&key->e, &tmp1, &key->d);
-
- if (err == MP_OKAY)
- err = mp_mul(&p, &q, &key->n); /* key->n = pq */
-
- if (err == MP_OKAY)
- err = mp_sub_d(&p, 1, &tmp1);
-
- if (err == MP_OKAY)
- err = mp_sub_d(&q, 1, &tmp2);
-
- if (err == MP_OKAY)
- err = mp_mod(&key->d, &tmp1, &key->dP);
-
- if (err == MP_OKAY)
- err = mp_mod(&key->d, &tmp2, &key->dQ);
-
- if (err == MP_OKAY)
- err = mp_invmod(&q, &p, &key->u);
-
- if (err == MP_OKAY)
- err = mp_copy(&p, &key->p);
-
- if (err == MP_OKAY)
- err = mp_copy(&q, &key->q);
-
- if (err == MP_OKAY)
- key->type = RSA_PRIVATE;
-
- mp_clear(&tmp3);
- mp_clear(&tmp2);
- mp_clear(&tmp1);
- mp_clear(&q);
- mp_clear(&p);
-
- if (err != MP_OKAY) {
- wc_FreeRsaKey(key);
- return err;
- }
-
- return 0;
-}
-
-
-#endif /* WOLFSSL_KEY_GEN */
-
-
-#ifdef HAVE_CAVIUM
-
-#include <cyassl/ctaocrypt/logging.h>
-#include "cavium_common.h"
-
-/* Initiliaze RSA for use with Nitrox device */
-int RsaInitCavium(RsaKey* rsa, int devId)
-{
- if (rsa == NULL)
- return -1;
-
- if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0)
- return -1;
-
- rsa->devId = devId;
- rsa->magic = WOLFSSL_RSA_CAVIUM_MAGIC;
-
- return 0;
-}
-
-
-/* Free RSA from use with Nitrox device */
-void wc_RsaFreeCavium(RsaKey* rsa)
-{
- if (rsa == NULL)
- return;
-
- CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId);
- rsa->magic = 0;
-}
-
-
-/* Initialize cavium RSA key */
-static int InitCaviumRsaKey(RsaKey* key, void* heap)
-{
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- key->heap = heap;
- key->type = -1; /* don't know yet */
-
- key->c_n = NULL;
- key->c_e = NULL;
- key->c_d = NULL;
- key->c_p = NULL;
- key->c_q = NULL;
- key->c_dP = NULL;
- key->c_dQ = NULL;
- key->c_u = NULL;
-
- key->c_nSz = 0;
- key->c_eSz = 0;
- key->c_dSz = 0;
- key->c_pSz = 0;
- key->c_qSz = 0;
- key->c_dP_Sz = 0;
- key->c_dQ_Sz = 0;
- key->c_uSz = 0;
-
- return 0;
-}
-
-
-/* Free cavium RSA key */
-static int FreeCaviumRsaKey(RsaKey* key)
-{
- if (key == NULL)
- return BAD_FUNC_ARG;
-
- XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
- XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
- XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
- XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
- XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
- XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
- XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
- XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
-
- return InitCaviumRsaKey(key, key->heap); /* reset pointers */
-}
-
-
-static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key)
-{
- word32 requestId;
- word32 ret;
-
- if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz)
- return -1;
-
- ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz,
- (word16)inLen, key->c_n, key->c_e, (byte*)in, out,
- &requestId, key->devId);
- if (ret != 0) {
- WOLFSSL_MSG("Cavium Enc BT2 failed");
- return -1;
- }
- return key->c_nSz;
-}
-
-
-static INLINE void ato16(const byte* c, word16* u16)
-{
- *u16 = (c[0] << 8) | (c[1]);
-}
-
-
-static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key)
-{
- word32 requestId;
- word32 ret;
- word16 outSz = (word16)outLen;
-
- if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
- return -1;
-
- ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q,
- key->c_dQ, key->c_p, key->c_dP, key->c_u,
- (byte*)in, &outSz, out, &requestId, key->devId);
- if (ret != 0) {
- WOLFSSL_MSG("Cavium CRT Dec BT2 failed");
- return -1;
- }
- ato16((const byte*)&outSz, &outSz);
-
- return outSz;
-}
-
-
-static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key)
-{
- word32 requestId;
- word32 ret;
-
- if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen <
- (word32)key->c_nSz)
- return -1;
-
- ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen,
- key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u,
- (byte*)in, out, &requestId, key->devId);
- if (ret != 0) {
- WOLFSSL_MSG("Cavium CRT Enc BT1 failed");
- return -1;
- }
- return key->c_nSz;
-}
-
-
-static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key)
-{
- word32 requestId;
- word32 ret;
- word16 outSz = (word16)outLen;
-
- if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
- return -1;
-
- ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz,
- key->c_n, key->c_e, (byte*)in, &outSz, out,
- &requestId, key->devId);
- if (ret != 0) {
- WOLFSSL_MSG("Cavium Dec BT1 failed");
- return -1;
- }
- outSz = ntohs(outSz);
-
- return outSz;
-}
-
-
-#endif /* HAVE_CAVIUM */
-
-#endif /* HAVE_FIPS */
-#endif /* NO_RSA */
-
-
--- a/wolfcrypt/src/sha.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,459 +0,0 @@
-/* sha.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if !defined(NO_SHA)
-
-#include <wolfssl/wolfcrypt/sha.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-/* fips wrapper calls, user can call direct */
-#ifdef HAVE_FIPS
- int wc_InitSha(Sha* sha)
- {
- return InitSha_fips(sha);
- }
-
-
- int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
- {
- return ShaUpdate_fips(sha, data, len);
- }
-
-
- int wc_ShaFinal(Sha* sha, byte* out)
- {
- return ShaFinal_fips(sha,out);
- }
-
- int wc_ShaHash(const byte* data, word32 sz, byte* out)
- {
- return ShaHash(data, sz, out);
- }
-
-#else /* else build without fips */
-
-#if defined(WOLFSSL_TI_HASH)
- /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
-#else
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitSha wc_InitSha_sw
-#define wc_ShaUpdate wc_ShaUpdate_sw
-#define wc_ShaFinal wc_ShaFinal_sw
-#endif
-
-
-#ifdef FREESCALE_MMCAU
- #include "cau_api.h"
- #define XTRANSFORM(S,B) cau_sha1_hash_n((B), 1, ((S))->digest)
-#else
- #define XTRANSFORM(S,B) Transform((S))
-#endif
-
-#ifdef STM32F2_HASH
-/*
- * STM32F2 hardware SHA1 support through the STM32F2 standard peripheral
- * library. Documentation located in STM32F2xx Standard Peripheral Library
- * document (See note in README).
- */
-#include "stm32f2xx.h"
-#include "stm32f2xx_hash.h"
-
-int wc_InitSha(Sha* sha)
-{
- /* STM32F2 struct notes:
- * sha->buffer = first 4 bytes used to hold partial block if needed
- * sha->buffLen = num bytes currently stored in sha->buffer
- * sha->loLen = num bytes that have been written to STM32 FIFO
- */
- XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
- sha->buffLen = 0;
- sha->loLen = 0;
-
- /* initialize HASH peripheral */
- HASH_DeInit();
-
- /* configure algo used, algo mode, datatype */
- HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
- HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH
- | HASH_DataType_8b);
-
- /* reset HASH processor */
- HASH->CR |= HASH_CR_INIT;
-
- return 0;
-}
-
-int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-{
- word32 i = 0;
- word32 fill = 0;
- word32 diff = 0;
-
- /* if saved partial block is available */
- if (sha->buffLen) {
- fill = 4 - sha->buffLen;
-
- /* if enough data to fill, fill and push to FIFO */
- if (fill <= len) {
- XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill);
- HASH_DataIn(*(uint32_t*)sha->buffer);
-
- data += fill;
- len -= fill;
- sha->loLen += 4;
- sha->buffLen = 0;
- } else {
- /* append partial to existing stored block */
- XMEMCPY((byte*)sha->buffer + sha->buffLen, data, len);
- sha->buffLen += len;
- return;
- }
- }
-
- /* write input block in the IN FIFO */
- for(i = 0; i < len; i += 4)
- {
- diff = len - i;
- if ( diff < 4) {
- /* store incomplete last block, not yet in FIFO */
- XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
- XMEMCPY((byte*)sha->buffer, data, diff);
- sha->buffLen = diff;
- } else {
- HASH_DataIn(*(uint32_t*)data);
- data+=4;
- }
- }
-
- /* keep track of total data length thus far */
- sha->loLen += (len - sha->buffLen);
-
- return 0;
-}
-
-int wc_ShaFinal(Sha* sha, byte* hash)
-{
- __IO uint16_t nbvalidbitsdata = 0;
-
- /* finish reading any trailing bytes into FIFO */
- if (sha->buffLen) {
- HASH_DataIn(*(uint32_t*)sha->buffer);
- sha->loLen += sha->buffLen;
- }
-
- /* calculate number of valid bits in last word of input data */
- nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE);
-
- /* configure number of valid bits in last word of the data */
- HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
-
- /* start HASH processor */
- HASH_StartDigest();
-
- /* wait until Busy flag == RESET */
- while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
-
- /* read message digest */
- sha->digest[0] = HASH->HR[0];
- sha->digest[1] = HASH->HR[1];
- sha->digest[2] = HASH->HR[2];
- sha->digest[3] = HASH->HR[3];
- sha->digest[4] = HASH->HR[4];
-
- ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
-
- XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
-
- return wc_InitSha(sha); /* reset state */
-}
-
-#else /* wc_ software implementation */
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-int wc_InitSha(Sha* sha)
-{
-#ifdef FREESCALE_MMCAU
- cau_sha1_initialize_output(sha->digest);
-#else
- sha->digest[0] = 0x67452301L;
- sha->digest[1] = 0xEFCDAB89L;
- sha->digest[2] = 0x98BADCFEL;
- sha->digest[3] = 0x10325476L;
- sha->digest[4] = 0xC3D2E1F0L;
-#endif
-
- sha->buffLen = 0;
- sha->loLen = 0;
- sha->hiLen = 0;
-
- return 0;
-}
-
-#ifndef FREESCALE_MMCAU
-
-#define blk0(i) (W[i] = sha->buffer[i])
-#define blk1(i) (W[(i)&15] = \
-rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1))
-
-#define f1(x,y,z) ((z)^((x) &((y)^(z))))
-#define f2(x,y,z) ((x)^(y)^(z))
-#define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
-#define f4(x,y,z) ((x)^(y)^(z))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk0((i)) + 0x5A827999+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R1(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk1((i)) + 0x5A827999+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R2(v,w,x,y,z,i) (z)+= f2((w),(x),(y)) + blk1((i)) + 0x6ED9EBA1+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R3(v,w,x,y,z,i) (z)+= f3((w),(x),(y)) + blk1((i)) + 0x8F1BBCDC+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-
-static void Transform(Sha* sha)
-{
- word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
-
- /* Copy context->state[] to working vars */
- word32 a = sha->digest[0];
- word32 b = sha->digest[1];
- word32 c = sha->digest[2];
- word32 d = sha->digest[3];
- word32 e = sha->digest[4];
-
-#ifdef USE_SLOW_SHA
- word32 t, i;
-
- for (i = 0; i < 16; i++) {
- R0(a, b, c, d, e, i);
- t = e; e = d; d = c; c = b; b = a; a = t;
- }
-
- for (; i < 20; i++) {
- R1(a, b, c, d, e, i);
- t = e; e = d; d = c; c = b; b = a; a = t;
- }
-
- for (; i < 40; i++) {
- R2(a, b, c, d, e, i);
- t = e; e = d; d = c; c = b; b = a; a = t;
- }
-
- for (; i < 60; i++) {
- R3(a, b, c, d, e, i);
- t = e; e = d; d = c; c = b; b = a; a = t;
- }
-
- for (; i < 80; i++) {
- R4(a, b, c, d, e, i);
- t = e; e = d; d = c; c = b; b = a; a = t;
- }
-#else
- /* nearly 1 K bigger in code size but 25% faster */
- /* 4 rounds of 20 operations each. Loop unrolled. */
- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
-
- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
-
- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
-
- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
-
- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-#endif
-
- /* Add the working vars back into digest state[] */
- sha->digest[0] += a;
- sha->digest[1] += b;
- sha->digest[2] += c;
- sha->digest[3] += d;
- sha->digest[4] += e;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-
-static INLINE void AddLength(Sha* sha, word32 len)
-{
- word32 tmp = sha->loLen;
- if ( (sha->loLen += len) < tmp)
- sha->hiLen++; /* carry low to high */
-}
-
-
-int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-{
- /* do block size increments */
- byte* local = (byte*)sha->buffer;
-
- while (len) {
- word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
- XMEMCPY(&local[sha->buffLen], data, add);
-
- sha->buffLen += add;
- data += add;
- len -= add;
-
- if (sha->buffLen == SHA_BLOCK_SIZE) {
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
- XTRANSFORM(sha, local);
- AddLength(sha, SHA_BLOCK_SIZE);
- sha->buffLen = 0;
- }
- }
-
- return 0;
-}
-
-
-int wc_ShaFinal(Sha* sha, byte* hash)
-{
- byte* local = (byte*)sha->buffer;
-
- AddLength(sha, sha->buffLen); /* before adding pads */
-
- local[sha->buffLen++] = 0x80; /* add 1 */
-
- /* pad with zeros */
- if (sha->buffLen > SHA_PAD_SIZE) {
- XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen);
- sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
-
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
- XTRANSFORM(sha, local);
- sha->buffLen = 0;
- }
- XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
-
- /* put lengths in bits */
- sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
- (sha->hiLen << 3);
- sha->loLen = sha->loLen << 3;
-
- /* store lengths */
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
- /* ! length ordering dependent on digest endian type ! */
- XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
- XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
-
-#ifdef FREESCALE_MMCAU
- /* Kinetis requires only these bytes reversed */
- ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
- &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
- 2 * sizeof(word32));
-#endif
-
- XTRANSFORM(sha, local);
-#ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
-#endif
- XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
-
- return wc_InitSha(sha); /* reset state */
-}
-
-#endif /* STM32F2_HASH */
-
-
-int wc_ShaHash(const byte* data, word32 len, byte* hash)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Sha* sha;
-#else
- Sha sha[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha == NULL)
- return MEMORY_E;
-#endif
-
- if ((ret = wc_InitSha(sha)) != 0) {
- WOLFSSL_MSG("wc_InitSha failed");
- }
- else {
- wc_ShaUpdate(sha, data, len);
- wc_ShaFinal(sha, hash);
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-
-}
-
-#endif /* HAVE_FIPS */
-#endif /* WOLFSSL_TI_HASH */
-#endif /* NO_SHA */
-
-
--- a/wolfcrypt/src/sha256.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1767 +0,0 @@
-/* sha256.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* code submitted by raphael.huck@efixo.com */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/sha256.h>
-
-#if !defined(NO_SHA256)
-#ifdef HAVE_FIPS
-
-int wc_InitSha256(Sha256* sha)
-{
- return InitSha256_fips(sha);
-}
-
-
-int wc_Sha256Update(Sha256* sha, const byte* data, word32 len)
-{
- return Sha256Update_fips(sha, data, len);
-}
-
-
-int wc_Sha256Final(Sha256* sha, byte* out)
-{
- return Sha256Final_fips(sha, out);
-}
-
-
-int wc_Sha256Hash(const byte* data, word32 len, byte* out)
-{
- return Sha256Hash(data, len, out);
-}
-
-#else /* else build without fips */
-
-#if !defined(NO_SHA256) && defined(WOLFSSL_TI_HASH)
- /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
-#else
-
-#if !defined (ALIGN32)
- #if defined (__GNUC__)
- #define ALIGN32 __attribute__ ( (aligned (32)))
- #elif defined(_MSC_VER)
- /* disable align warning, we want alignment ! */
- #pragma warning(disable: 4324)
- #define ALIGN32 __declspec (align (32))
- #else
- #define ALIGN32
- #endif
-#endif
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitSha256 wc_InitSha256_sw
-#define wc_Sha256Update wc_Sha256Update_sw
-#define wc_Sha256Final wc_Sha256Final_sw
-#endif
-
-#ifdef HAVE_FIPS
- /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
- #define FIPS_NO_WRAPPERS
-#endif
-
-#if defined(USE_INTEL_SPEEDUP)
-#define HAVE_INTEL_AVX1
-#define HAVE_INTEL_AVX2
-
-#if defined(DEBUG_XMM)
-#include "stdio.h"
-#endif
-
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-#define HAVE_INTEL_RORX
-#endif
-
-
-/*****
-Intel AVX1/AVX2 Macro Control Structure
-
-#define HAVE_INTEL_AVX1
-#define HAVE_INTEL_AVX2
-
-#define HAVE_INTEL_RORX
-
-
-int InitSha256(Sha256* sha256) {
- Save/Recover XMM, YMM
- ...
-}
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
- Transform() ; Function prototype
-#else
- Transform() { }
- int Sha256Final() {
- Save/Recover XMM, YMM
- ...
- }
-#endif
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
- #if defined(HAVE_INTEL_RORX
- #define RND with rorx instuction
- #else
- #define RND
- #endif
-#endif
-
-#if defined(HAVE_INTEL_AVX1)
-
- #define XMM Instructions/inline asm
-
- int Transform() {
- Stitched Message Sched/Round
- }
-
-#elif defined(HAVE_INTEL_AVX2)
-
- #define YMM Instructions/inline asm
-
- int Transform() {
- More granural Stitched Message Sched/Round
- }
-
-*/
-
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-/* Each platform needs to query info type 1 from cpuid to see if aesni is
- * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
- */
-
-#ifndef _MSC_VER
- #define cpuid(reg, leaf, sub)\
- __asm__ __volatile__ ("cpuid":\
- "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
- "a" (leaf), "c"(sub));
-
- #define XASM_LINK(f) asm(f)
-#else
-
- #include <intrin.h>
- #define cpuid(a,b) __cpuid((int*)a,b)
-
- #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-#define EAX 0
-#define EBX 1
-#define ECX 2
-#define EDX 3
-
-#define CPUID_AVX1 0x1
-#define CPUID_AVX2 0x2
-#define CPUID_RDRAND 0x4
-#define CPUID_RDSEED 0x8
-#define CPUID_BMI2 0x10 /* MULX, RORX */
-
-#define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1)
-#define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2)
-#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2)
-#define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND)
-#define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED)
-
-static word32 cpuid_check = 0 ;
-static word32 cpuid_flags = 0 ;
-
-static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
- int got_intel_cpu=0;
- unsigned int reg[5];
-
- reg[4] = '\0' ;
- cpuid(reg, 0, 0);
- if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
- memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
- memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
- got_intel_cpu = 1;
- }
- if (got_intel_cpu) {
- cpuid(reg, leaf, sub);
- return((reg[num]>>bit)&0x1) ;
- }
- return 0 ;
-}
-
-static int set_cpuid_flags(void) {
- if(cpuid_check==0) {
- if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
- if(cpuid_flag(7, 0, EBX, 5)){ cpuid_flags |= CPUID_AVX2 ; }
- if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
- if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; }
- if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; }
- cpuid_check = 1 ;
- return 0 ;
- }
- return 1 ;
-}
-
-
-/* #if defined(HAVE_INTEL_AVX1/2) at the tail of sha512 */
-static int Transform(Sha256* sha256);
-
-#if defined(HAVE_INTEL_AVX1)
-static int Transform_AVX1(Sha256 *sha256) ;
-#endif
-#if defined(HAVE_INTEL_AVX2)
-static int Transform_AVX2(Sha256 *sha256) ;
-static int Transform_AVX1_RORX(Sha256 *sha256) ;
-#endif
-
-static int (*Transform_p)(Sha256* sha256) /* = _Transform */;
-
-#define XTRANSFORM(sha256, B) (*Transform_p)(sha256)
-
-static void set_Transform(void) {
- if(set_cpuid_flags())return ;
-
-#if defined(HAVE_INTEL_AVX2)
- if(IS_INTEL_AVX2 && IS_INTEL_BMI2){
- Transform_p = Transform_AVX1_RORX; return ;
- Transform_p = Transform_AVX2 ;
- /* for avoiding warning,"not used" */
- }
-#endif
-#if defined(HAVE_INTEL_AVX1)
- Transform_p = ((IS_INTEL_AVX1) ? Transform_AVX1 : Transform) ; return ;
-#endif
- Transform_p = Transform ; return ;
-}
-
-#else
- #if defined(FREESCALE_MMCAU)
- #define XTRANSFORM(sha256, B) Transform(sha256, B)
- #else
- #define XTRANSFORM(sha256, B) Transform(sha256)
- #endif
-#endif
-
-/* Dummy for saving MM_REGs on behalf of Transform */
-#if defined(HAVE_INTEL_AVX2)&& !defined(HAVE_INTEL_AVX1)
-#define SAVE_XMM_YMM __asm__ volatile("or %%r8d, %%r8d":::\
- "%ymm4","%ymm5","%ymm6","%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15")
-#elif defined(HAVE_INTEL_AVX1)
-#define SAVE_XMM_YMM __asm__ volatile("or %%r8d, %%r8d":::\
- "xmm0","xmm1","xmm2","xmm3","xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10",\
- "xmm11","xmm12","xmm13","xmm14","xmm15")
-#else
-#define SAVE_XMM_YMM
-#endif
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define InitSha256 InitSha256_sw
-#define Sha256Update Sha256Update_sw
-#define Sha256Final Sha256Final_sw
-#endif
-
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef FREESCALE_MMCAU
- #include "cau_api.h"
-#endif
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-int wc_InitSha256(Sha256* sha256)
-{
- #ifdef FREESCALE_MMCAU
- cau_sha256_initialize_output(sha256->digest);
- #else
- sha256->digest[0] = 0x6A09E667L;
- sha256->digest[1] = 0xBB67AE85L;
- sha256->digest[2] = 0x3C6EF372L;
- sha256->digest[3] = 0xA54FF53AL;
- sha256->digest[4] = 0x510E527FL;
- sha256->digest[5] = 0x9B05688CL;
- sha256->digest[6] = 0x1F83D9ABL;
- sha256->digest[7] = 0x5BE0CD19L;
- #endif
-
- sha256->buffLen = 0;
- sha256->loLen = 0;
- sha256->hiLen = 0;
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
- set_Transform() ; /* choose best Transform function under this runtime environment */
-#endif
-
- return 0;
-}
-
-
-#if !defined(FREESCALE_MMCAU)
-static const ALIGN32 word32 K[64] = {
- 0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
- 0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
- 0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
- 0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
- 0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
- 0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
- 0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
- 0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
- 0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
- 0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
- 0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
- 0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
- 0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
-};
-
-#endif
-
-#if defined(FREESCALE_MMCAU)
-
-static int Transform(Sha256* sha256, byte* buf)
-{
- cau_sha256_hash_n(buf, 1, sha256->digest);
-
- return 0;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-#define Ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-#define Maj(x,y,z) ((((x) | (y)) & (z)) | ((x) & (y)))
-#define R(x, n) (((x)&0xFFFFFFFFU)>>(n))
-
-#define S(x, n) rotrFixed(x, n)
-#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
-#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
-#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
-#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
-
-#define RND(a,b,c,d,e,f,g,h,i) \
- t0 = (h) + Sigma1((e)) + Ch((e), (f), (g)) + K[(i)] + W[(i)]; \
- t1 = Sigma0((a)) + Maj((a), (b), (c)); \
- (d) += t0; \
- (h) = t0 + t1;
-
-#if !defined(FREESCALE_MMCAU)
-static int Transform(Sha256* sha256)
-{
- word32 S[8], t0, t1;
- int i;
-
-#ifdef WOLFSSL_SMALL_STACK
- word32* W;
-
- W = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (W == NULL)
- return MEMORY_E;
-#else
- word32 W[64];
-#endif
-
- /* Copy context->state[] to working vars */
- for (i = 0; i < 8; i++)
- S[i] = sha256->digest[i];
-
- for (i = 0; i < 16; i++)
- W[i] = sha256->buffer[i];
-
- for (i = 16; i < 64; i++)
- W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
-
- for (i = 0; i < 64; i += 8) {
- RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
- RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
- RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
- RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
- RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
- RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
- RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
- RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
- }
-
- /* Add the working vars back into digest state[] */
- for (i = 0; i < 8; i++) {
- sha256->digest[i] += S[i];
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-#endif /* #if !defined(FREESCALE_MMCAU) */
-
-static INLINE void AddLength(Sha256* sha256, word32 len)
-{
- word32 tmp = sha256->loLen;
- if ( (sha256->loLen += len) < tmp)
- sha256->hiLen++; /* carry low to high */
-}
-
-int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
-{
-
- /* do block size increments */
- byte* local = (byte*)sha256->buffer;
-
- SAVE_XMM_YMM ; /* for Intel AVX */
-
- while (len) {
- word32 add = min(len, SHA256_BLOCK_SIZE - sha256->buffLen);
- XMEMCPY(&local[sha256->buffLen], data, add);
-
- sha256->buffLen += add;
- data += add;
- len -= add;
-
- if (sha256->buffLen == SHA256_BLOCK_SIZE) {
- int ret;
-
- #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords(sha256->buffer, sha256->buffer,
- SHA256_BLOCK_SIZE);
- #endif
- ret = XTRANSFORM(sha256, local);
- if (ret != 0)
- return ret;
-
- AddLength(sha256, SHA256_BLOCK_SIZE);
- sha256->buffLen = 0;
- }
- }
-
- return 0;
-}
-
-int wc_Sha256Final(Sha256* sha256, byte* hash)
-{
- byte* local = (byte*)sha256->buffer;
- int ret;
-
- SAVE_XMM_YMM ; /* for Intel AVX */
-
- AddLength(sha256, sha256->buffLen); /* before adding pads */
-
- local[sha256->buffLen++] = 0x80; /* add 1 */
-
- /* pad with zeros */
- if (sha256->buffLen > SHA256_PAD_SIZE) {
- XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
- sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
-
- #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
- #endif
-
- ret = XTRANSFORM(sha256, local);
- if (ret != 0)
- return ret;
-
- sha256->buffLen = 0;
- }
- XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
-
- /* put lengths in bits */
- sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
- (sha256->hiLen << 3);
- sha256->loLen = sha256->loLen << 3;
-
- /* store lengths */
- #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
- #endif
- /* ! length ordering dependent on digest endian type ! */
- XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
- XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
- sizeof(word32));
-
- #if defined(FREESCALE_MMCAU) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- /* Kinetis requires only these bytes reversed */
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(IS_INTEL_AVX1 || IS_INTEL_AVX2)
- #endif
- ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
- &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
- 2 * sizeof(word32));
- #endif
-
- ret = XTRANSFORM(sha256, local);
- if (ret != 0)
- return ret;
-
- #if defined(LITTLE_ENDIAN_ORDER)
- ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
- #endif
- XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
-
- return wc_InitSha256(sha256); /* reset state */
-}
-
-
-
-int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Sha256* sha256;
-#else
- Sha256 sha256[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha256 == NULL)
- return MEMORY_E;
-#endif
-
- if ((ret = wc_InitSha256(sha256)) != 0) {
- WOLFSSL_MSG("InitSha256 failed");
- }
- else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
- WOLFSSL_MSG("Sha256Update failed");
- }
- else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
- WOLFSSL_MSG("Sha256Final failed");
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-#define _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- { word32 d ;\
- d = sha256->digest[0]; __asm__ volatile("movl %0, %"#S_0::"r"(d):SSE_REGs) ;\
- d = sha256->digest[1]; __asm__ volatile("movl %0, %"#S_1::"r"(d):SSE_REGs) ;\
- d = sha256->digest[2]; __asm__ volatile("movl %0, %"#S_2::"r"(d):SSE_REGs) ;\
- d = sha256->digest[3]; __asm__ volatile("movl %0, %"#S_3::"r"(d):SSE_REGs) ;\
- d = sha256->digest[4]; __asm__ volatile("movl %0, %"#S_4::"r"(d):SSE_REGs) ;\
- d = sha256->digest[5]; __asm__ volatile("movl %0, %"#S_5::"r"(d):SSE_REGs) ;\
- d = sha256->digest[6]; __asm__ volatile("movl %0, %"#S_6::"r"(d):SSE_REGs) ;\
- d = sha256->digest[7]; __asm__ volatile("movl %0, %"#S_7::"r"(d):SSE_REGs) ;\
-}
-
-#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- { word32 d ; \
- __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ; sha256->digest[0] += d;\
- __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ; sha256->digest[1] += d;\
- __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ; sha256->digest[2] += d;\
- __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ; sha256->digest[3] += d;\
- __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ; sha256->digest[4] += d;\
- __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ; sha256->digest[5] += d;\
- __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ; sha256->digest[6] += d;\
- __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ; sha256->digest[7] += d;\
-}
-
-
-#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-
-
-
-#define S_0 %r15d
-#define S_1 %r10d
-#define S_2 %r11d
-#define S_3 %r12d
-#define S_4 %r13d
-#define S_5 %r14d
-#define S_6 %ebx
-#define S_7 %r9d
-
-#define SSE_REGs "%edi", "%ecx", "%esi", "%edx", "%ebx","%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"
-
-#if defined(HAVE_INTEL_RORX)
-#define RND_STEP_RORX_1(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx $6, %"#e", %%edx\n\t":::"%edx",SSE_REGs); /* edx = e>>6 */\
-
-#define RND_STEP_RORX_2(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx $11, %"#e",%%edi\n\t":::"%edi",SSE_REGs); /* edi = e>>11 */\
-__asm__ volatile("xorl %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6) */\
-__asm__ volatile("rorx $25, %"#e", %%edx\n\t":::"%edx",SSE_REGs); /* edx = e>>25 */\
-
-#define RND_STEP_RORX_3(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl %"#f", %%esi\n\t":::"%esi",SSE_REGs); /* esi = f */\
-__asm__ volatile("xorl %"#g", %%esi\n\t":::"%esi",SSE_REGs); /* esi = f ^ g */\
-__asm__ volatile("xorl %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs); /* edx = Sigma1(e) */\
-__asm__ volatile("andl %"#e", %%esi\n\t":::"%esi",SSE_REGs); /* esi = (f ^ g) & e */\
-__asm__ volatile("xorl %"#g", %%esi\n\t":::"%esi",SSE_REGs); /* esi = Ch(e,f,g) */\
-
-#define RND_STEP_RORX_4(a,b,c,d,e,f,g,h,i)\
-/*__asm__ volatile("movl %0, %%edx\n\t"::"m"(w_k):"%edx");*/\
-__asm__ volatile("addl %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs); /* h += w_k */\
-__asm__ volatile("addl %%edx, %"#h"\n\t":::"%edx",SSE_REGs); /* h = h + w_k + Sigma1(e) */\
-__asm__ volatile("rorx $2, %"#a", %%r8d\n\t":::"%r8",SSE_REGs); /* r8d = a>>2 */\
-__asm__ volatile("rorx $13, %"#a", %%edi\n\t":::"%edi",SSE_REGs);/* edi = a>>13 */\
-
-#define RND_STEP_RORX_5(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx $22, %"#a", %%edx\n\t":::"%edx",SSE_REGs); /* edx = a>>22 */\
-__asm__ volatile("xorl %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs);/* edi = (a>>2) ^ (a>>13) */\
-__asm__ volatile("xorl %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs); /* edx = Sigma0(a) */\
-
-#define RND_STEP_RORX_6(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl %"#b", %%edi\n\t":::"%edi",SSE_REGs); /* edi = b */\
-__asm__ volatile("orl %"#a", %%edi\n\t":::"%edi",SSE_REGs); /* edi = a | b */\
-__asm__ volatile("andl %"#c", %%edi\n\t":::"%edi",SSE_REGs); /* edi = (a | b) & c*/\
-__asm__ volatile("movl %"#b", %%r8d\n\t":::"%r8",SSE_REGs); /* r8d = b */\
-
-#define RND_STEP_RORX_7(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl %%esi, %"#h"\n\t":::"%esi",SSE_REGs); /* h += Ch(e,f,g) */\
-__asm__ volatile("andl %"#a", %%r8d\n\t":::"%r8",SSE_REGs); /* r8d = b & a */\
-__asm__ volatile("orl %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
-
-#define RND_STEP_RORX_8(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl "#h", "#d"\n\t"); /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
-__asm__ volatile("addl %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
-__asm__ volatile("addl %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs); \
-__asm__ volatile("movl %r8d, "#h"\n\t");
-
-#endif
-
-#define RND_STEP_1(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl %"#e", %%edx\n\t":::"%edx",SSE_REGs);\
-__asm__ volatile("roll $26, %%edx\n\t":::"%edx",SSE_REGs); /* edx = e>>6 */\
-__asm__ volatile("movl %"#e", %%edi\n\t":::"%edi",SSE_REGs);\
-
-#define RND_STEP_2(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("roll $21, %%edi\n\t":::"%edi",SSE_REGs); /* edi = e>>11 */\
-__asm__ volatile("xorl %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6) */\
-__asm__ volatile("movl %"#e", %%edx\n\t":::"%edx",SSE_REGs); /* edx = e */\
-__asm__ volatile("roll $7, %%edx\n\t":::"%edx",SSE_REGs); /* edx = e>>25 */\
-
-#define RND_STEP_3(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl %"#f", %%esi\n\t":::"%esi",SSE_REGs); /* esi = f */\
-__asm__ volatile("xorl %"#g", %%esi\n\t":::"%esi",SSE_REGs); /* esi = f ^ g */\
-__asm__ volatile("xorl %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs); /* edx = Sigma1(e) */\
-__asm__ volatile("andl %"#e", %%esi\n\t":::"%esi",SSE_REGs); /* esi = (f ^ g) & e */\
-__asm__ volatile("xorl %"#g", %%esi\n\t":::"%esi",SSE_REGs); /* esi = Ch(e,f,g) */\
-
-#define RND_STEP_4(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs); /* h += w_k */\
-__asm__ volatile("addl %%edx, %"#h"\n\t":::"%edx",SSE_REGs); /* h = h + w_k + Sigma1(e) */\
-__asm__ volatile("movl %"#a", %%r8d\n\t":::"%r8",SSE_REGs); /* r8d = a */\
-__asm__ volatile("roll $30, %%r8d\n\t":::"%r8",SSE_REGs); /* r8d = a>>2 */\
-__asm__ volatile("movl %"#a", %%edi\n\t":::"%edi",SSE_REGs); /* edi = a */\
-__asm__ volatile("roll $19, %%edi\n\t":::"%edi",SSE_REGs); /* edi = a>>13 */\
-__asm__ volatile("movl %"#a", %%edx\n\t":::"%edx",SSE_REGs); /* edx = a */\
-
-#define RND_STEP_5(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("roll $10, %%edx\n\t":::"%edx",SSE_REGs); /* edx = a>>22 */\
-__asm__ volatile("xorl %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs); /* edi = (a>>2) ^ (a>>13) */\
-__asm__ volatile("xorl %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);/* edx = Sigma0(a) */\
-
-#define RND_STEP_6(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl %"#b", %%edi\n\t":::"%edi",SSE_REGs); /* edi = b */\
-__asm__ volatile("orl %"#a", %%edi\n\t":::"%edi",SSE_REGs); /* edi = a | b */\
-__asm__ volatile("andl %"#c", %%edi\n\t":::"%edi",SSE_REGs); /* edi = (a | b) & c */\
-__asm__ volatile("movl %"#b", %%r8d\n\t":::"%r8",SSE_REGs); /* r8d = b */\
-
-#define RND_STEP_7(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl %%esi, %"#h"\n\t":::"%esi",SSE_REGs); /* h += Ch(e,f,g) */\
-__asm__ volatile("andl %"#a", %%r8d\n\t":::"%r8",SSE_REGs); /* r8d = b & a */\
-__asm__ volatile("orl %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
-
-#define RND_STEP_8(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl "#h", "#d"\n\t"); /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
-__asm__ volatile("addl %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
- /* r8b = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */\
-__asm__ volatile("addl %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs);\
- /* r8b = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */\
-__asm__ volatile("movl %%r8d, %"#h"\n\t":::"%r8", SSE_REGs); \
- /* h = h + w_k + Sigma1(e) + Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \
-
-#define RND_X(a,b,c,d,e,f,g,h,i) \
- RND_STEP_1(a,b,c,d,e,f,g,h,i); \
- RND_STEP_2(a,b,c,d,e,f,g,h,i); \
- RND_STEP_3(a,b,c,d,e,f,g,h,i); \
- RND_STEP_4(a,b,c,d,e,f,g,h,i); \
- RND_STEP_5(a,b,c,d,e,f,g,h,i); \
- RND_STEP_6(a,b,c,d,e,f,g,h,i); \
- RND_STEP_7(a,b,c,d,e,f,g,h,i); \
- RND_STEP_8(a,b,c,d,e,f,g,h,i);
-
-#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-
-#define RND_1_3(a,b,c,d,e,f,g,h,i) {\
- RND_STEP_1(a,b,c,d,e,f,g,h,i); \
- RND_STEP_2(a,b,c,d,e,f,g,h,i); \
- RND_STEP_3(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_4_6(a,b,c,d,e,f,g,h,i) {\
- RND_STEP_4(a,b,c,d,e,f,g,h,i); \
- RND_STEP_5(a,b,c,d,e,f,g,h,i); \
- RND_STEP_6(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_7_8(a,b,c,d,e,f,g,h,i) {\
- RND_STEP_7(a,b,c,d,e,f,g,h,i); \
- RND_STEP_8(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-
-#define RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define FOR(cnt, init, max, inc, loop) \
- __asm__ volatile("movl $"#init", %0\n\t"#loop":"::"m"(cnt):)
-#define END(cnt, init, max, inc, loop) \
- __asm__ volatile("addl $"#inc", %0\n\tcmpl $"#max", %0\n\tjle "#loop"\n\t":"=m"(cnt)::) ;
-
-#endif /* defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) */
-
-#if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */
-
-#define VPALIGNR(op1,op2,op3,op4) __asm__ volatile("vpalignr $"#op4", %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPADDD(op1,op2,op3) __asm__ volatile("vpaddd %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSRLD(op1,op2,op3) __asm__ volatile("vpsrld $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSRLQ(op1,op2,op3) __asm__ volatile("vpsrlq $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSLLD(op1,op2,op3) __asm__ volatile("vpslld $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPOR(op1,op2,op3) __asm__ volatile("vpor %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPXOR(op1,op2,op3) __asm__ volatile("vpxor %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSHUFD(op1,op2,op3) __asm__ volatile("vpshufd $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSHUFB(op1,op2,op3) __asm__ volatile("vpshufb %"#op3", %"#op2", %"#op1:::XMM_REGs)
-
-#define MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, SHUF_00BA, SHUF_DC00,\
- a,b,c,d,e,f,g,h,_i)\
- RND_STEP_1(a,b,c,d,e,f,g,h,_i);\
- VPALIGNR (XTMP0, X3, X2, 4) ;\
- RND_STEP_2(a,b,c,d,e,f,g,h,_i);\
- VPADDD (XTMP0, XTMP0, X0) ;\
- RND_STEP_3(a,b,c,d,e,f,g,h,_i);\
- VPALIGNR (XTMP1, X1, X0, 4) ; /* XTMP1 = W[-15] */\
- RND_STEP_4(a,b,c,d,e,f,g,h,_i);\
- VPSRLD (XTMP2, XTMP1, 7) ;\
- RND_STEP_5(a,b,c,d,e,f,g,h,_i);\
- VPSLLD (XTMP3, XTMP1, 25) ; /* VPSLLD (XTMP3, XTMP1, (32-7)) */\
- RND_STEP_6(a,b,c,d,e,f,g,h,_i);\
- VPOR (XTMP3, XTMP3, XTMP2) ; /* XTMP1 = W[-15] MY_ROR 7 */\
- RND_STEP_7(a,b,c,d,e,f,g,h,_i);\
- VPSRLD (XTMP2, XTMP1,18) ;\
- RND_STEP_8(a,b,c,d,e,f,g,h,_i);\
-\
- RND_STEP_1(h,a,b,c,d,e,f,g,_i+1);\
- VPSRLD (XTMP4, XTMP1, 3) ; /* XTMP4 = W[-15] >> 3 */\
- RND_STEP_2(h,a,b,c,d,e,f,g,_i+1);\
- VPSLLD (XTMP1, XTMP1, 14) ; /* VPSLLD (XTMP1, XTMP1, (32-18)) */\
- RND_STEP_3(h,a,b,c,d,e,f,g,_i+1);\
- VPXOR (XTMP3, XTMP3, XTMP1) ;\
- RND_STEP_4(h,a,b,c,d,e,f,g,_i+1);\
- VPXOR (XTMP3, XTMP3, XTMP2) ; /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
- RND_STEP_5(h,a,b,c,d,e,f,g,_i+1);\
- VPXOR (XTMP1, XTMP3, XTMP4) ; /* XTMP1 = s0 */\
- RND_STEP_6(h,a,b,c,d,e,f,g,_i+1);\
- VPSHUFD(XTMP2, X3, 0b11111010) ; /* XTMP2 = W[-2] {BBAA}*/\
- RND_STEP_7(h,a,b,c,d,e,f,g,_i+1);\
- VPADDD (XTMP0, XTMP0, XTMP1) ; /* XTMP0 = W[-16] + W[-7] + s0 */\
- RND_STEP_8(h,a,b,c,d,e,f,g,_i+1);\
-\
- RND_STEP_1(g,h,a,b,c,d,e,f,_i+2);\
- VPSRLD (XTMP4, XTMP2, 10) ; /* XTMP4 = W[-2] >> 10 {BBAA} */\
- RND_STEP_2(g,h,a,b,c,d,e,f,_i+2);\
- VPSRLQ (XTMP3, XTMP2, 19) ; /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
- RND_STEP_3(g,h,a,b,c,d,e,f,_i+2);\
- VPSRLQ (XTMP2, XTMP2, 17) ; /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
- RND_STEP_4(g,h,a,b,c,d,e,f,_i+2);\
- VPXOR (XTMP2, XTMP2, XTMP3) ;\
- RND_STEP_5(g,h,a,b,c,d,e,f,_i+2);\
- VPXOR (XTMP4, XTMP4, XTMP2) ; /* XTMP4 = s1 {xBxA} */\
- RND_STEP_6(g,h,a,b,c,d,e,f,_i+2);\
- VPSHUFB (XTMP4, XTMP4, SHUF_00BA) ; /* XTMP4 = s1 {00BA} */\
- RND_STEP_7(g,h,a,b,c,d,e,f,_i+2);\
- VPADDD (XTMP0, XTMP0, XTMP4) ; /* XTMP0 = {..., ..., W[1], W[0]} */\
- RND_STEP_8(g,h,a,b,c,d,e,f,_i+2);\
-\
- RND_STEP_1(f,g,h,a,b,c,d,e,_i+3);\
- VPSHUFD (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
- RND_STEP_2(f,g,h,a,b,c,d,e,_i+3);\
- VPSRLD (XTMP5, XTMP2, 10); /* XTMP5 = W[-2] >> 10 {DDCC} */\
- RND_STEP_3(f,g,h,a,b,c,d,e,_i+3);\
- VPSRLQ (XTMP3, XTMP2, 19); /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
- RND_STEP_4(f,g,h,a,b,c,d,e,_i+3);\
- VPSRLQ (XTMP2, XTMP2, 17) ; /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
- RND_STEP_5(f,g,h,a,b,c,d,e,_i+3);\
- VPXOR (XTMP2, XTMP2, XTMP3) ;\
- RND_STEP_6(f,g,h,a,b,c,d,e,_i+3);\
- VPXOR (XTMP5, XTMP5, XTMP2) ; /* XTMP5 = s1 {xDxC} */\
- RND_STEP_7(f,g,h,a,b,c,d,e,_i+3);\
- VPSHUFB (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
- RND_STEP_8(f,g,h,a,b,c,d,e,_i+3);\
- VPADDD (X0, XTMP5, XTMP0) ; /* X0 = {W[3], W[2], W[1], W[0]} */\
-
-#if defined(HAVE_INTEL_RORX)
-
-#define MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, \
- XFER, SHUF_00BA, SHUF_DC00,a,b,c,d,e,f,g,h,_i)\
- RND_STEP_RORX_1(a,b,c,d,e,f,g,h,_i);\
- VPALIGNR (XTMP0, X3, X2, 4) ;\
- RND_STEP_RORX_2(a,b,c,d,e,f,g,h,_i);\
- VPADDD (XTMP0, XTMP0, X0) ;\
- RND_STEP_RORX_3(a,b,c,d,e,f,g,h,_i);\
- VPALIGNR (XTMP1, X1, X0, 4) ; /* XTMP1 = W[-15] */\
- RND_STEP_RORX_4(a,b,c,d,e,f,g,h,_i);\
- VPSRLD (XTMP2, XTMP1, 7) ;\
- RND_STEP_RORX_5(a,b,c,d,e,f,g,h,_i);\
- VPSLLD (XTMP3, XTMP1, 25) ; /* VPSLLD (XTMP3, XTMP1, (32-7)) */\
- RND_STEP_RORX_6(a,b,c,d,e,f,g,h,_i);\
- VPOR (XTMP3, XTMP3, XTMP2) ; /* XTMP1 = W[-15] MY_ROR 7 */\
- RND_STEP_RORX_7(a,b,c,d,e,f,g,h,_i);\
- VPSRLD (XTMP2, XTMP1,18) ;\
- RND_STEP_RORX_8(a,b,c,d,e,f,g,h,_i);\
-\
- RND_STEP_RORX_1(h,a,b,c,d,e,f,g,_i+1);\
- VPSRLD (XTMP4, XTMP1, 3) ; /* XTMP4 = W[-15] >> 3 */\
- RND_STEP_RORX_2(h,a,b,c,d,e,f,g,_i+1);\
- VPSLLD (XTMP1, XTMP1, 14) ; /* VPSLLD (XTMP1, XTMP1, (32-18)) */\
- RND_STEP_RORX_3(h,a,b,c,d,e,f,g,_i+1);\
- VPXOR (XTMP3, XTMP3, XTMP1) ;\
- RND_STEP_RORX_4(h,a,b,c,d,e,f,g,_i+1);\
- VPXOR (XTMP3, XTMP3, XTMP2) ; /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
- RND_STEP_RORX_5(h,a,b,c,d,e,f,g,_i+1);\
- VPXOR (XTMP1, XTMP3, XTMP4) ; /* XTMP1 = s0 */\
- RND_STEP_RORX_6(h,a,b,c,d,e,f,g,_i+1);\
- VPSHUFD(XTMP2, X3, 0b11111010) ; /* XTMP2 = W[-2] {BBAA}*/\
- RND_STEP_RORX_7(h,a,b,c,d,e,f,g,_i+1);\
- VPADDD (XTMP0, XTMP0, XTMP1) ; /* XTMP0 = W[-16] + W[-7] + s0 */\
- RND_STEP_RORX_8(h,a,b,c,d,e,f,g,_i+1);\
-\
- RND_STEP_RORX_1(g,h,a,b,c,d,e,f,_i+2);\
- VPSRLD (XTMP4, XTMP2, 10) ; /* XTMP4 = W[-2] >> 10 {BBAA} */\
- RND_STEP_RORX_2(g,h,a,b,c,d,e,f,_i+2);\
- VPSRLQ (XTMP3, XTMP2, 19) ; /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
- RND_STEP_RORX_3(g,h,a,b,c,d,e,f,_i+2);\
- VPSRLQ (XTMP2, XTMP2, 17) ; /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
- RND_STEP_RORX_4(g,h,a,b,c,d,e,f,_i+2);\
- VPXOR (XTMP2, XTMP2, XTMP3) ;\
- RND_STEP_RORX_5(g,h,a,b,c,d,e,f,_i+2);\
- VPXOR (XTMP4, XTMP4, XTMP2) ; /* XTMP4 = s1 {xBxA} */\
- RND_STEP_RORX_6(g,h,a,b,c,d,e,f,_i+2);\
- VPSHUFB (XTMP4, XTMP4, SHUF_00BA) ; /* XTMP4 = s1 {00BA} */\
- RND_STEP_RORX_7(g,h,a,b,c,d,e,f,_i+2);\
- VPADDD (XTMP0, XTMP0, XTMP4) ; /* XTMP0 = {..., ..., W[1], W[0]} */\
- RND_STEP_RORX_8(g,h,a,b,c,d,e,f,_i+2);\
-\
- RND_STEP_RORX_1(f,g,h,a,b,c,d,e,_i+3);\
- VPSHUFD (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
- RND_STEP_RORX_2(f,g,h,a,b,c,d,e,_i+3);\
- VPSRLD (XTMP5, XTMP2, 10); /* XTMP5 = W[-2] >> 10 {DDCC} */\
- RND_STEP_RORX_3(f,g,h,a,b,c,d,e,_i+3);\
- VPSRLQ (XTMP3, XTMP2, 19); /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
- RND_STEP_RORX_4(f,g,h,a,b,c,d,e,_i+3);\
- VPSRLQ (XTMP2, XTMP2, 17) ; /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
- RND_STEP_RORX_5(f,g,h,a,b,c,d,e,_i+3);\
- VPXOR (XTMP2, XTMP2, XTMP3) ;\
- RND_STEP_RORX_6(f,g,h,a,b,c,d,e,_i+3);\
- VPXOR (XTMP5, XTMP5, XTMP2) ; /* XTMP5 = s1 {xDxC} */\
- RND_STEP_RORX_7(f,g,h,a,b,c,d,e,_i+3);\
- VPSHUFB (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
- RND_STEP_RORX_8(f,g,h,a,b,c,d,e,_i+3);\
- VPADDD (X0, XTMP5, XTMP0) ; /* X0 = {W[3], W[2], W[1], W[0]} */\
-
-#endif
-
-
-#define W_K_from_buff\
- __asm__ volatile("vmovdqu %0, %%xmm4\n\t"\
- "vpshufb %%xmm13, %%xmm4, %%xmm4\n\t"\
- :: "m"(sha256->buffer[0]):"%xmm4") ;\
- __asm__ volatile("vmovdqu %0, %%xmm5\n\t"\
- "vpshufb %%xmm13, %%xmm5, %%xmm5\n\t"\
- ::"m"(sha256->buffer[4]):"%xmm5") ;\
- __asm__ volatile("vmovdqu %0, %%xmm6\n\t"\
- "vpshufb %%xmm13, %%xmm6, %%xmm6\n\t"\
- ::"m"(sha256->buffer[8]):"%xmm6") ;\
- __asm__ volatile("vmovdqu %0, %%xmm7\n\t"\
- "vpshufb %%xmm13, %%xmm7, %%xmm7\n\t"\
- ::"m"(sha256->buffer[12]):"%xmm7") ;\
-
-#define _SET_W_K_XFER(reg, i)\
- __asm__ volatile("vpaddd %0, %"#reg", %%xmm9"::"m"(K[i]):XMM_REGs) ;\
- __asm__ volatile("vmovdqa %%xmm9, %0":"=m"(W_K[i])::XMM_REGs) ;
-
-#define SET_W_K_XFER(reg, i) _SET_W_K_XFER(reg, i)
-
-static const ALIGN32 word64 mSHUF_00BA[] = { 0x0b0a090803020100, 0xFFFFFFFFFFFFFFFF } ; /* shuffle xBxA -> 00BA */
-static const ALIGN32 word64 mSHUF_DC00[] = { 0xFFFFFFFFFFFFFFFF, 0x0b0a090803020100 } ; /* shuffle xDxC -> DC00 */
-static const ALIGN32 word64 mBYTE_FLIP_MASK[] = { 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
-
-
-#define _Init_Masks(mask1, mask2, mask3)\
-__asm__ volatile("vmovdqu %0, %"#mask1 ::"m"(mBYTE_FLIP_MASK[0])) ;\
-__asm__ volatile("vmovdqu %0, %"#mask2 ::"m"(mSHUF_00BA[0])) ;\
-__asm__ volatile("vmovdqu %0, %"#mask3 ::"m"(mSHUF_DC00[0])) ;
-
-#define Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)\
- _Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)
-
-#define X0 %xmm4
-#define X1 %xmm5
-#define X2 %xmm6
-#define X3 %xmm7
-#define X_ X0
-
-#define XTMP0 %xmm0
-#define XTMP1 %xmm1
-#define XTMP2 %xmm2
-#define XTMP3 %xmm3
-#define XTMP4 %xmm8
-#define XTMP5 %xmm9
-#define XFER %xmm10
-
-#define SHUF_00BA %xmm11 /* shuffle xBxA -> 00BA */
-#define SHUF_DC00 %xmm12 /* shuffle xDxC -> DC00 */
-#define BYTE_FLIP_MASK %xmm13
-
-#define XMM_REGs /* Registers are saved in Sha256Update/Finel */
- /*"xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10","xmm11","xmm12","xmm13" */
-
-static int Transform_AVX1(Sha256* sha256)
-{
-
- word32 W_K[64] ; /* temp for W+K */
-
- #if defined(DEBUG_XMM)
- int i, j ;
- word32 xmm[29][4*15] ;
- #endif
-
- Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
- W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
-
- DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-
- SET_W_K_XFER(X0, 0) ;
- MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
- SET_W_K_XFER(X1, 4) ;
- MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
- SET_W_K_XFER(X2, 8) ;
- MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
- SET_W_K_XFER(X3, 12) ;
- MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
- SET_W_K_XFER(X0, 16) ;
- MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
- SET_W_K_XFER(X1, 20) ;
- MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
- SET_W_K_XFER(X2, 24) ;
- MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
- SET_W_K_XFER(X3, 28) ;
- MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
- SET_W_K_XFER(X0, 32) ;
- MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
- SET_W_K_XFER(X1, 36) ;
- MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
- SET_W_K_XFER(X2, 40) ;
- MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
- SET_W_K_XFER(X3, 44) ;
- MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
- SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
-
- SET_W_K_XFER(X0, 48) ;
- SET_W_K_XFER(X1, 52) ;
- SET_W_K_XFER(X2, 56) ;
- SET_W_K_XFER(X3, 60) ;
-
- RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
- RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
- RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
- RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-
- RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
- RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
- RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
- RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
- RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;
- RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
- RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
- RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
- RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
- RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
- RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
- RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-
- RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-
- #if defined(DEBUG_XMM)
- for(i=0; i<29; i++) {
- for(j=0; j<4*14; j+=4)
- printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i,
- xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
- printf("\n") ;
- }
-
- for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
- #endif
-
- return 0;
-}
-
-#if defined(HAVE_INTEL_RORX)
-static int Transform_AVX1_RORX(Sha256* sha256)
-{
-
- word32 W_K[64] ; /* temp for W+K */
-
- #if defined(DEBUG_XMM)
- int i, j ;
- word32 xmm[29][4*15] ;
- #endif
-
- Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
- W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
-
- DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
- SET_W_K_XFER(X0, 0) ;
- MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
- SET_W_K_XFER(X1, 4) ;
- MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
- SET_W_K_XFER(X2, 8) ;
- MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
- SET_W_K_XFER(X3, 12) ;
- MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
- SET_W_K_XFER(X0, 16) ;
- MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
- SET_W_K_XFER(X1, 20) ;
- MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
- SET_W_K_XFER(X2, 24) ;
- MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
- SET_W_K_XFER(X3, 28) ;
- MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
- SET_W_K_XFER(X0, 32) ;
- MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
- SET_W_K_XFER(X1, 36) ;
- MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
- SET_W_K_XFER(X2, 40) ;
- MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
- SET_W_K_XFER(X3, 44) ;
- MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
- XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
-
- SET_W_K_XFER(X0, 48) ;
- SET_W_K_XFER(X1, 52) ;
- SET_W_K_XFER(X2, 56) ;
- SET_W_K_XFER(X3, 60) ;
-
- RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
- RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
- RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
- RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-
- RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
- RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
- RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
- RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
- RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;
- RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
- RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
- RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
- RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
- RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
- RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
- RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-
- RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-
- #if defined(DEBUG_XMM)
- for(i=0; i<29; i++) {
- for(j=0; j<4*14; j+=4)
- printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i,
- xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
- printf("\n") ;
- }
-
- for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
- #endif
-
- return 0;
-}
-#endif /* HAVE_INTEL_RORX */
-
-#endif /* HAVE_INTEL_AVX1 */
-
-
-#if defined(HAVE_INTEL_AVX2)
-
-#define _MOVE_to_REG(ymm, mem) __asm__ volatile("vmovdqu %0, %%"#ymm" ":: "m"(mem):YMM_REGs) ;
-#define _MOVE_to_MEM(mem, ymm) __asm__ volatile("vmovdqu %%"#ymm", %0" : "=m"(mem)::YMM_REGs) ;
-#define _BYTE_SWAP(ymm, map) __asm__ volatile("vpshufb %0, %%"#ymm", %%"#ymm"\n\t"\
- :: "m"(map):YMM_REGs) ;
-#define _MOVE_128(ymm0, ymm1, ymm2, map) __asm__ volatile("vperm2i128 $"#map", %%"\
- #ymm2", %%"#ymm1", %%"#ymm0" ":::YMM_REGs) ;
-#define _MOVE_BYTE(ymm0, ymm1, map) __asm__ volatile("vpshufb %0, %%"#ymm1", %%"\
- #ymm0"\n\t":: "m"(map):YMM_REGs) ;
-#define _S_TEMP(dest, src, bits, temp) __asm__ volatile("vpsrld $"#bits", %%"\
- #src", %%"#dest"\n\tvpslld $32-"#bits", %%"#src", %%"#temp"\n\tvpor %%"\
- #temp",%%"#dest", %%"#dest" ":::YMM_REGs) ;
-#define _AVX2_R(dest, src, bits) __asm__ volatile("vpsrld $"#bits", %%"\
- #src", %%"#dest" ":::YMM_REGs) ;
-#define _XOR(dest, src1, src2) __asm__ volatile("vpxor %%"#src1", %%"\
- #src2", %%"#dest" ":::YMM_REGs) ;
-#define _OR(dest, src1, src2) __asm__ volatile("vpor %%"#src1", %%"\
- #src2", %%"#dest" ":::YMM_REGs) ;
-#define _ADD(dest, src1, src2) __asm__ volatile("vpaddd %%"#src1", %%"\
- #src2", %%"#dest" ":::YMM_REGs) ;
-#define _ADD_MEM(dest, src1, mem) __asm__ volatile("vpaddd %0, %%"#src1", %%"\
- #dest" "::"m"(mem):YMM_REGs) ;
-#define _BLEND(map, dest, src1, src2) __asm__ volatile("vpblendd $"#map", %%"\
- #src1", %%"#src2", %%"#dest" ":::YMM_REGs) ;
-
-#define _EXTRACT_XMM_0(xmm, mem) __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define _EXTRACT_XMM_1(xmm, mem) __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define _EXTRACT_XMM_2(xmm, mem) __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define _EXTRACT_XMM_3(xmm, mem) __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define _EXTRACT_XMM_4(ymm, xmm, mem)\
- __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;\
- __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define _EXTRACT_XMM_5(xmm, mem) __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define _EXTRACT_XMM_6(xmm, mem) __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define _EXTRACT_XMM_7(xmm, mem) __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-
-#define _SWAP_YMM_HL(ymm) __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;
-#define SWAP_YMM_HL(ymm) _SWAP_YMM_HL(ymm)
-
-#define MOVE_to_REG(ymm, mem) _MOVE_to_REG(ymm, mem)
-#define MOVE_to_MEM(mem, ymm) _MOVE_to_MEM(mem, ymm)
-#define BYTE_SWAP(ymm, map) _BYTE_SWAP(ymm, map)
-#define MOVE_128(ymm0, ymm1, ymm2, map) _MOVE_128(ymm0, ymm1, ymm2, map)
-#define MOVE_BYTE(ymm0, ymm1, map) _MOVE_BYTE(ymm0, ymm1, map)
-#define XOR(dest, src1, src2) _XOR(dest, src1, src2)
-#define OR(dest, src1, src2) _OR(dest, src1, src2)
-#define ADD(dest, src1, src2) _ADD(dest, src1, src2)
-#define ADD_MEM(dest, src1, mem) _ADD_MEM(dest, src1, mem)
-#define BLEND(map, dest, src1, src2) _BLEND(map, dest, src1, src2)
-
-#define S_TMP(dest, src, bits, temp) _S_TEMP(dest, src, bits, temp);
-#define AVX2_S(dest, src, bits) S_TMP(dest, src, bits, S_TEMP)
-#define AVX2_R(dest, src, bits) _AVX2_R(dest, src, bits)
-
-#define GAMMA0(dest, src) AVX2_S(dest, src, 7); AVX2_S(G_TEMP, src, 18); \
- XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3); XOR(dest, G_TEMP, dest) ;
-#define GAMMA0_1(dest, src) AVX2_S(dest, src, 7); AVX2_S(G_TEMP, src, 18);
-#define GAMMA0_2(dest, src) XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3); \
- XOR(dest, G_TEMP, dest) ;
-
-#define GAMMA1(dest, src) AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); \
- XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); XOR(dest, G_TEMP, dest) ;
-#define GAMMA1_1(dest, src) AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19);
-#define GAMMA1_2(dest, src) XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); \
- XOR(dest, G_TEMP, dest) ;
-
-#define FEEDBACK1_to_W_I_2 MOVE_BYTE(YMM_TEMP0, W_I, mMAP1toW_I_2[0]) ; \
- BLEND(0x0c, W_I_2, YMM_TEMP0, W_I_2) ;
-#define FEEDBACK2_to_W_I_2 MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ; \
- MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAP2toW_I_2[0]) ; BLEND(0x30, W_I_2, YMM_TEMP0, W_I_2) ;
-#define FEEDBACK3_to_W_I_2 MOVE_BYTE(YMM_TEMP0, W_I, mMAP3toW_I_2[0]) ; \
- BLEND(0xc0, W_I_2, YMM_TEMP0, W_I_2) ;
-
-#define FEEDBACK_to_W_I_7 MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;\
- MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAPtoW_I_7[0]) ; BLEND(0x80, W_I_7, YMM_TEMP0, W_I_7) ;
-
-#undef voitle
-
-#define W_I_16 ymm8
-#define W_I_15 ymm9
-#define W_I_7 ymm10
-#define W_I_2 ymm11
-#define W_I ymm12
-#define G_TEMP ymm13
-#define S_TEMP ymm14
-#define YMM_TEMP0 ymm15
-#define YMM_TEMP0x xmm15
-#define W_I_TEMP ymm7
-#define W_K_TEMP ymm15
-#define W_K_TEMPx xmm15
-
-#define YMM_REGs /* Registers are saved in Sha256Update/Finel */
- /* "%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15"*/
-
-
-#define MOVE_15_to_16(w_i_16, w_i_15, w_i_7)\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i_15", %%"#w_i_15", %%"#w_i_15" ":::YMM_REGs) ;\
- __asm__ volatile("vpblendd $0x08, %%"#w_i_15", %%"#w_i_7", %%"#w_i_16" ":::YMM_REGs) ;\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i_7", %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
- __asm__ volatile("vpblendd $0x80, %%"#w_i_15", %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
- __asm__ volatile("vpshufd $0x93, %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
-
-#define MOVE_7_to_15(w_i_15, w_i_7)\
- __asm__ volatile("vmovdqu %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_7(w_i_7, w_i)\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i", %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
- __asm__ volatile("vpblendd $0x01, %%"#w_i_7", %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
- __asm__ volatile("vpshufd $0x39, %%"#w_i_7", %%"#w_i_7" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_2(w_i_2, w_i)\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i", %%"#w_i", %%"#w_i_2" ":::YMM_REGs) ;\
- __asm__ volatile("vpshufd $0x0e, %%"#w_i_2", %%"#w_i_2" ":::YMM_REGs) ;\
-
-#define ROTATE_W(w_i_16, w_i_15, w_i_7, w_i_2, w_i)\
- MOVE_15_to_16(w_i_16, w_i_15, w_i_7) ; \
- MOVE_7_to_15(w_i_15, w_i_7) ; \
- MOVE_I_to_7(w_i_7, w_i) ; \
- MOVE_I_to_2(w_i_2, w_i) ;\
-
-#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- { word32 d ;\
- __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[0] += d;\
- __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[1] += d;\
- __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[2] += d;\
- __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[3] += d;\
- __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[4] += d;\
- __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[5] += d;\
- __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[6] += d;\
- __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ;\
- sha256->digest[7] += d;\
-}
-
-#define _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- { word32 d[8] ;\
- __asm__ volatile("movl %"#S_0", %0":"=r"(d[0])::SSE_REGs) ;\
- __asm__ volatile("movl %"#S_1", %0":"=r"(d[1])::SSE_REGs) ;\
- __asm__ volatile("movl %"#S_2", %0":"=r"(d[2])::SSE_REGs) ;\
- __asm__ volatile("movl %"#S_3", %0":"=r"(d[3])::SSE_REGs) ;\
- __asm__ volatile("movl %"#S_4", %0":"=r"(d[4])::SSE_REGs) ;\
- __asm__ volatile("movl %"#S_5", %0":"=r"(d[5])::SSE_REGs) ;\
- __asm__ volatile("movl %"#S_6", %0":"=r"(d[6])::SSE_REGs) ;\
- __asm__ volatile("movl %"#S_7", %0":"=r"(d[7])::SSE_REGs) ;\
- printf("S[0..7]=%08x,%08x,%08x,%08x,%08x,%08x,%08x,%08x\n", d[0],d[1],d[2],d[3],d[4],d[5],d[6],d[7]);\
- __asm__ volatile("movl %0, %"#S_0::"r"(d[0]):SSE_REGs) ;\
- __asm__ volatile("movl %0, %"#S_1::"r"(d[1]):SSE_REGs) ;\
- __asm__ volatile("movl %0, %"#S_2::"r"(d[2]):SSE_REGs) ;\
- __asm__ volatile("movl %0, %"#S_3::"r"(d[3]):SSE_REGs) ;\
- __asm__ volatile("movl %0, %"#S_4::"r"(d[4]):SSE_REGs) ;\
- __asm__ volatile("movl %0, %"#S_5::"r"(d[5]):SSE_REGs) ;\
- __asm__ volatile("movl %0, %"#S_6::"r"(d[6]):SSE_REGs) ;\
- __asm__ volatile("movl %0, %"#S_7::"r"(d[7]):SSE_REGs) ;\
-}
-
-
-#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define DumS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
- _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-
- /* Byte swap Masks to ensure that rest of the words are filled with zero's. */
- static const unsigned long mBYTE_FLIP_MASK_16[] =
- { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
- static const unsigned long mBYTE_FLIP_MASK_15[] =
- { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
- static const unsigned long mBYTE_FLIP_MASK_7 [] =
- { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x8080808008090a0b } ;
- static const unsigned long mBYTE_FLIP_MASK_2 [] =
- { 0x0405060700010203, 0x8080808080808080, 0x8080808080808080, 0x8080808080808080 } ;
-
- static const unsigned long mMAPtoW_I_7[] =
- { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0302010080808080 } ;
- static const unsigned long mMAP1toW_I_2[] =
- { 0x8080808080808080, 0x0706050403020100, 0x8080808080808080, 0x8080808080808080 } ;
- static const unsigned long mMAP2toW_I_2[] =
- { 0x8080808080808080, 0x8080808080808080, 0x0f0e0d0c0b0a0908, 0x8080808080808080 } ;
- static const unsigned long mMAP3toW_I_2[] =
- { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0706050403020100 } ;
-
-static int Transform_AVX2(Sha256* sha256)
-{
-
- #ifdef WOLFSSL_SMALL_STACK
- word32* W_K;
- W_K = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (W_K == NULL)
- return MEMORY_E;
- #else
- word32 W_K[64] ;
- #endif
-
- MOVE_to_REG(W_I_16, sha256->buffer[0]); BYTE_SWAP(W_I_16, mBYTE_FLIP_MASK_16[0]) ;
- MOVE_to_REG(W_I_15, sha256->buffer[1]); BYTE_SWAP(W_I_15, mBYTE_FLIP_MASK_15[0]) ;
- MOVE_to_REG(W_I, sha256->buffer[8]) ; BYTE_SWAP(W_I, mBYTE_FLIP_MASK_16[0]) ;
- MOVE_to_REG(W_I_7, sha256->buffer[16-7]) ; BYTE_SWAP(W_I_7, mBYTE_FLIP_MASK_7[0]) ;
- MOVE_to_REG(W_I_2, sha256->buffer[16-2]) ; BYTE_SWAP(W_I_2, mBYTE_FLIP_MASK_2[0]) ;
-
- DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-
- ADD_MEM(W_K_TEMP, W_I_16, K[0]) ;
- MOVE_to_MEM(W_K[0], W_K_TEMP) ;
-
- RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
- RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,1) ;
- RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,2) ;
- RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,3) ;
- RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,4) ;
- RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,5) ;
- RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,6) ;
- RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,7) ;
-
- ADD_MEM(YMM_TEMP0, W_I, K[8]) ;
- MOVE_to_MEM(W_K[8], YMM_TEMP0) ;
-
- /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
- RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
- GAMMA0_1(W_I_TEMP, W_I_15) ;
- RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
- GAMMA0_2(W_I_TEMP, W_I_15) ;
- RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
- ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
- RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
- ADD(W_I, W_I_7, W_I_TEMP);
- RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
- ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
- RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
- FEEDBACK1_to_W_I_2 ;
- RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
- FEEDBACK_to_W_I_7 ;
- RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
- ADD(W_I_TEMP, W_I_7, W_I_TEMP);
- RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
- RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
- FEEDBACK2_to_W_I_2 ;
- RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
- RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
- FEEDBACK3_to_W_I_2 ;
- RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
- GAMMA1(YMM_TEMP0, W_I_2) ;
- RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
- RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
- RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
-
- MOVE_to_REG(YMM_TEMP0, K[16]) ;
- RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
- ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
- RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
- ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
- MOVE_to_MEM(W_K[16], YMM_TEMP0) ;
-
- /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
- RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
- GAMMA0_1(W_I_TEMP, W_I_15) ;
- RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
- GAMMA0_2(W_I_TEMP, W_I_15) ;
- RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
- ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
- RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
- ADD(W_I, W_I_7, W_I_TEMP);
- RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
- ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
- RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
- FEEDBACK1_to_W_I_2 ;
- RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
- FEEDBACK_to_W_I_7 ;
- RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
- ADD(W_I_TEMP, W_I_7, W_I_TEMP);
- RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
- GAMMA1(YMM_TEMP0, W_I_2) ;
- RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
- RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
- FEEDBACK2_to_W_I_2 ;
- RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
- RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
- FEEDBACK3_to_W_I_2 ;
- RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
- RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
-
- MOVE_to_REG(YMM_TEMP0, K[24]) ;
- RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
- ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
- RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
- ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
- MOVE_to_MEM(W_K[24], YMM_TEMP0) ;
-
- /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
- RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
- GAMMA0_1(W_I_TEMP, W_I_15) ;
- RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
- GAMMA0_2(W_I_TEMP, W_I_15) ;
- RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
- ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
- RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
- ADD(W_I, W_I_7, W_I_TEMP);
- RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
- ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
- RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
- FEEDBACK1_to_W_I_2 ;
- RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
- FEEDBACK_to_W_I_7 ;
- RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
- ADD(W_I_TEMP, W_I_7, W_I_TEMP);
- RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
- RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
- FEEDBACK2_to_W_I_2 ;
- RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
- RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
- FEEDBACK3_to_W_I_2 ;
- RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
- GAMMA1(YMM_TEMP0, W_I_2) ;
- RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
- RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
- RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
-
- MOVE_to_REG(YMM_TEMP0, K[32]) ;
- RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
- ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
- RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
- ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
- MOVE_to_MEM(W_K[32], YMM_TEMP0) ;
-
-
- /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
- RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
- GAMMA0_1(W_I_TEMP, W_I_15) ;
- RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
- GAMMA0_2(W_I_TEMP, W_I_15) ;
- RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
- ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
- RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
- ADD(W_I, W_I_7, W_I_TEMP);
- RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
- ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
- RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
- FEEDBACK1_to_W_I_2 ;
- RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
- FEEDBACK_to_W_I_7 ;
- RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
- ADD(W_I_TEMP, W_I_7, W_I_TEMP);
- RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
- RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
- FEEDBACK2_to_W_I_2 ;
- RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
- RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
- FEEDBACK3_to_W_I_2 ;
- RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
- RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
-
- MOVE_to_REG(YMM_TEMP0, K[40]) ;
- RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
- ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
- RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
- ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
- MOVE_to_MEM(W_K[40], YMM_TEMP0) ;
-
- /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
- RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
- GAMMA0_1(W_I_TEMP, W_I_15) ;
- RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
- GAMMA0_2(W_I_TEMP, W_I_15) ;
- RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
- ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
- RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
- ADD(W_I, W_I_7, W_I_TEMP);
- RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
- ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
- RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
- FEEDBACK1_to_W_I_2 ;
- RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
- FEEDBACK_to_W_I_7 ;
- RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
- ADD(W_I_TEMP, W_I_7, W_I_TEMP);
- RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
- RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
- FEEDBACK2_to_W_I_2 ;
- RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
- RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
- FEEDBACK3_to_W_I_2 ;
- RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
- RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
-
- MOVE_to_REG(YMM_TEMP0, K[48]) ;
- RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
- ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
- RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
- ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
- MOVE_to_MEM(W_K[48], YMM_TEMP0) ;
-
- /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
- RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
- GAMMA0_1(W_I_TEMP, W_I_15) ;
- RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
- GAMMA0_2(W_I_TEMP, W_I_15) ;
- RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
- ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
- RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
- ADD(W_I, W_I_7, W_I_TEMP);
- RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
- ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
- RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
- FEEDBACK1_to_W_I_2 ;
- RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
- FEEDBACK_to_W_I_7 ;
- RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
- ADD(W_I_TEMP, W_I_7, W_I_TEMP);
- RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
- RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
- FEEDBACK2_to_W_I_2 ;
- RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
- RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
- FEEDBACK3_to_W_I_2 ;
- RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
- GAMMA1_1(YMM_TEMP0, W_I_2) ;
- RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
- GAMMA1_2(YMM_TEMP0, W_I_2) ;
- RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
- ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
- RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
- MOVE_to_REG(YMM_TEMP0, K[56]) ;
- RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
- ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
- RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
- ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
- MOVE_to_MEM(W_K[56], YMM_TEMP0) ;
-
- RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;
- RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
- RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
- RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
- RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
- RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
- RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
- RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-
- RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
-
- return 0;
-}
-
-#endif /* HAVE_INTEL_AVX2 */
-
-#endif /* HAVE_FIPS */
-
-#endif /* WOLFSSL_TI_HAHS */
-
-#endif /* NO_SHA256 */
-
-
--- a/wolfcrypt/src/sha512.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1806 +0,0 @@
-/* sha512.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/sha512.h>
-
-#ifdef WOLFSSL_SHA512
-
-#ifdef HAVE_FIPS
-int wc_InitSha512(Sha512* sha)
-{
- return InitSha512_fips(sha);
-}
-
-
-int wc_Sha512Update(Sha512* sha, const byte* data, word32 len)
-{
- return Sha512Update_fips(sha, data, len);
-}
-
-
-int wc_Sha512Final(Sha512* sha, byte* out)
-{
- return Sha512Final_fips(sha, out);
-}
-
-
-int wc_Sha512Hash(const byte* data, word32 len, byte* out)
-{
- return Sha512Hash(data, len, out);
-}
-
-#if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
-
-int wc_InitSha384(Sha384* sha)
-{
- return InitSha384_fips(sha);
-}
-
-
-int wc_Sha384Update(Sha384* sha, const byte* data, word32 len)
-{
- return Sha384Update_fips(sha, data, len);
-}
-
-
-int wc_Sha384Final(Sha384* sha, byte* out)
-{
- return Sha384Final_fips(sha, out);
-}
-
-
-int wc_Sha384Hash(const byte* data, word32 len, byte* out)
-{
- return Sha384Hash(data, len, out);
-}
-#endif /* WOLFSSL_SHA384 */
-#else /* else build without using fips */
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
-#else
- #include <wolfcrypt/src/misc.c>
-#endif
-
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-#if defined(USE_INTEL_SPEEDUP)
- #define HAVE_INTEL_AVX1
- #define HAVE_INTEL_AVX2
-#endif
-
-#if defined(HAVE_INTEL_AVX1)
-/* #define DEBUG_XMM */
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-#define HAVE_INTEL_RORX
-/* #define DEBUG_YMM */
-#endif
-
-/*****
-Intel AVX1/AVX2 Macro Control Structure
-
-#if defined(HAVE_INteL_SPEEDUP)
- #define HAVE_INTEL_AVX1
- #define HAVE_INTEL_AVX2
-#endif
-
-int InitSha512(Sha512* sha512) {
- Save/Recover XMM, YMM
- ...
-
- Check Intel AVX cpuid flags
-}
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
- Transform_AVX1() ; # Function prototype
- Transform_AVX2() ; #
-#endif
-
- _Transform() { # Native Transform Function body
-
- }
-
- int Sha512Update() {
- Save/Recover XMM, YMM
- ...
- }
-
- int Sha512Final() {
- Save/Recover XMM, YMM
- ...
- }
-
-
-#if defined(HAVE_INTEL_AVX1)
-
- XMM Instructions/inline asm Definitions
-
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-
- YMM Instructions/inline asm Definitions
-
-#endif
-
-#if defnied(HAVE_INTEL_AVX1)
-
- int Transform_AVX1() {
- Stitched Message Sched/Round
- }
-
-#endif
-
-#if defnied(HAVE_INTEL_AVX2)
-
- int Transform_AVX2() {
- Stitched Message Sched/Round
- }
-#endif
-
-
-*/
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-
-/* Each platform needs to query info type 1 from cpuid to see if aesni is
- * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
- */
-
-#ifndef _MSC_VER
- #define cpuid(reg, leaf, sub)\
- __asm__ __volatile__ ("cpuid":\
- "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
- "a" (leaf), "c"(sub));
-
- #define XASM_LINK(f) asm(f)
-#else
-
- #include <intrin.h>
- #define cpuid(a,b) __cpuid((int*)a,b)
-
- #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-#define EAX 0
-#define EBX 1
-#define ECX 2
-#define EDX 3
-
-#define CPUID_AVX1 0x1
-#define CPUID_AVX2 0x2
-#define CPUID_RDRAND 0x4
-#define CPUID_RDSEED 0x8
-#define CPUID_BMI2 0x10 /* MULX, RORX */
-
-#define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1)
-#define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2)
-#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2)
-#define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND)
-#define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED)
-
-static word32 cpuid_check = 0 ;
-static word32 cpuid_flags = 0 ;
-
-static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
- int got_intel_cpu=0;
- unsigned int reg[5];
-
- reg[4] = '\0' ;
- cpuid(reg, 0, 0);
- if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
- memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
- memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
- got_intel_cpu = 1;
- }
- if (got_intel_cpu) {
- cpuid(reg, leaf, sub);
- return((reg[num]>>bit)&0x1) ;
- }
- return 0 ;
-}
-
-#define CHECK_SHA512 0x1
-#define CHECK_SHA384 0x2
-
-static int set_cpuid_flags(int sha) {
- if((cpuid_check & sha) ==0) {
- if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
- if(cpuid_flag(7, 0, EBX, 5)){ cpuid_flags |= CPUID_AVX2 ; }
- if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
- if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; }
- if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; }
- cpuid_check |= sha ;
- return 0 ;
- }
- return 1 ;
-}
-
-
-/* #if defined(HAVE_INTEL_AVX1/2) at the tail of sha512 */
-
-#if defined(HAVE_INTEL_AVX1)
-static int Transform_AVX1(Sha512 *sha512) ;
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-static int Transform_AVX2(Sha512 *sha512) ;
-
-#if defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_AVX2) && defined(HAVE_INTEL_RORX)
-static int Transform_AVX1_RORX(Sha512 *sha512) ;
-#endif
-
-#endif
-
-static int _Transform(Sha512 *sha512) ;
-
-static int (*Transform_p)(Sha512* sha512) = _Transform ;
-
-#define Transform(sha512) (*Transform_p)(sha512)
-
-static void set_Transform(void) {
- if(set_cpuid_flags(CHECK_SHA512)) return ;
-
-#if defined(HAVE_INTEL_AVX2)
- if(IS_INTEL_AVX2 && IS_INTEL_BMI2){
- Transform_p = Transform_AVX1_RORX; return ;
- Transform_p = Transform_AVX2 ;
- /* for avoiding warning,"not used" */
- }
-#endif
-#if defined(HAVE_INTEL_AVX1)
- Transform_p = ((IS_INTEL_AVX1) ? Transform_AVX1 : _Transform) ; return ;
-#endif
- Transform_p = _Transform ; return ;
-}
-
-#else
- #define Transform(sha512) _Transform(sha512)
-#endif
-
-/* Dummy for saving MM_REGs on behalf of Transform */
-/* #if defined(HAVE_INTEL_AVX2)
- #define SAVE_XMM_YMM __asm__ volatile("orq %%r8, %%r8":::\
- "%ymm0","%ymm1","%ymm2","%ymm3","%ymm4","%ymm5","%ymm6","%ymm7","%ymm8","%ymm9","%ymm10","%ymm11",\
- "%ymm12","%ymm13","%ymm14","%ymm15")
-*/
-#if defined(HAVE_INTEL_AVX1)
- #define SAVE_XMM_YMM __asm__ volatile("orq %%r8, %%r8":::\
- "xmm0","xmm1","xmm2","xmm3","xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10","xmm11","xmm12","xmm13","xmm14","xmm15")
-#else
-#define SAVE_XMM_YMM
-#endif
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
-
-#include <string.h>
-
-#endif /* defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2) */
-
-
-#if defined(HAVE_INTEL_RORX)
-#define ROTR(func, bits, x) \
-word64 func(word64 x) { word64 ret ;\
- __asm__ ("rorx $"#bits", %1, %0\n\t":"=r"(ret):"r"(x):) ;\
- return ret ;\
-}
-
-static INLINE ROTR(rotrFixed64_28, 28, x)
-static INLINE ROTR(rotrFixed64_34, 34, x)
-static INLINE ROTR(rotrFixed64_39, 39, x)
-static INLINE ROTR(rotrFixed64_14, 14, x)
-static INLINE ROTR(rotrFixed64_18, 18, x)
-static INLINE ROTR(rotrFixed64_41, 41, x)
-
-#define S0_RORX(x) (rotrFixed64_28(x)^rotrFixed64_34(x)^rotrFixed64_39(x))
-#define S1_RORX(x) (rotrFixed64_14(x)^rotrFixed64_18(x)^rotrFixed64_41(x))
-#endif
-
-#if defined(HAVE_BYTEREVERSE64) && !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2)
-#define ByteReverseWords64(out, in, size) ByteReverseWords64_1(out, size)
-#define ByteReverseWords64_1(buf, size)\
- { unsigned int i ;\
- for(i=0; i< size/sizeof(word64); i++){\
- __asm__ volatile("bswapq %0":"+r"(buf[i])::) ;\
- }\
-}
-#endif
-
-
-int wc_InitSha512(Sha512* sha512)
-{
- sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
- sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
- sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b);
- sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1);
- sha512->digest[4] = W64LIT(0x510e527fade682d1);
- sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f);
- sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b);
- sha512->digest[7] = W64LIT(0x5be0cd19137e2179);
-
- sha512->buffLen = 0;
- sha512->loLen = 0;
- sha512->hiLen = 0;
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
- set_Transform() ; /* choose best Transform function under this runtime environment */
-#endif
-
- return 0 ;
-}
-
-
-static const word64 K512[80] = {
- W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
- W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
- W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
- W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
- W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
- W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
- W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
- W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
- W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
- W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
- W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
- W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
- W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
- W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
- W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
- W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
- W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
- W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
- W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
- W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
- W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
- W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
- W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
- W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
- W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
- W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
- W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
- W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
- W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
- W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
- W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
- W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
- W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
- W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
- W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
- W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
- W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
- W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
- W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
- W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
-};
-
-
-
-#define blk0(i) (W[i] = sha512->buffer[i])
-
-#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
-
-#define Ch(x,y,z) (z^(x&(y^z)))
-#define Maj(x,y,z) ((x&y)|(z&(x|y)))
-
-#define a(i) T[(0-i)&7]
-#define b(i) T[(1-i)&7]
-#define c(i) T[(2-i)&7]
-#define d(i) T[(3-i)&7]
-#define e(i) T[(4-i)&7]
-#define f(i) T[(5-i)&7]
-#define g(i) T[(6-i)&7]
-#define h(i) T[(7-i)&7]
-
-#define S0(x) (rotrFixed64(x,28)^rotrFixed64(x,34)^rotrFixed64(x,39))
-#define S1(x) (rotrFixed64(x,14)^rotrFixed64(x,18)^rotrFixed64(x,41))
-#define s0(x) (rotrFixed64(x,1)^rotrFixed64(x,8)^(x>>7))
-#define s1(x) (rotrFixed64(x,19)^rotrFixed64(x,61)^(x>>6))
-
-#define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+K[i+j]+(j?blk2(i):blk0(i));\
- d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
-
-#define blk384(i) (W[i] = sha384->buffer[i])
-
-#define R2(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+K[i+j]+(j?blk2(i):blk384(i));\
- d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
-
-static int _Transform(Sha512* sha512)
-{
- const word64* K = K512;
-
- word32 j;
- word64 T[8];
-
-
-#ifdef WOLFSSL_SMALL_STACK
- word64* W;
- W = (word64*) XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (W == NULL)
- return MEMORY_E;
-#else
- word64 W[16];
-#endif
-
- /* Copy digest to working vars */
- XMEMCPY(T, sha512->digest, sizeof(T));
-
-#ifdef USE_SLOW_SHA2
- /* over twice as small, but 50% slower */
- /* 80 operations, not unrolled */
- for (j = 0; j < 80; j += 16) {
- int m;
- for (m = 0; m < 16; m++) { /* braces needed here for macros {} */
- R(m);
- }
- }
-#else
- /* 80 operations, partially loop unrolled */
- for (j = 0; j < 80; j += 16) {
- R( 0); R( 1); R( 2); R( 3);
- R( 4); R( 5); R( 6); R( 7);
- R( 8); R( 9); R(10); R(11);
- R(12); R(13); R(14); R(15);
- }
-#endif /* USE_SLOW_SHA2 */
-
- /* Add the working vars back into digest */
-
- sha512->digest[0] += a(0);
- sha512->digest[1] += b(0);
- sha512->digest[2] += c(0);
- sha512->digest[3] += d(0);
- sha512->digest[4] += e(0);
- sha512->digest[5] += f(0);
- sha512->digest[6] += g(0);
- sha512->digest[7] += h(0);
-
- /* Wipe variables */
- ForceZero(W, sizeof(word64) * 16);
- ForceZero(T, sizeof(T));
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-
-static INLINE void AddLength(Sha512* sha512, word32 len)
-{
- word32 tmp = sha512->loLen;
- if ( (sha512->loLen += len) < tmp)
- sha512->hiLen++; /* carry low to high */
-}
-
-int wc_Sha512Update(Sha512* sha512, const byte* data, word32 len)
-{
- /* do block size increments */
- byte* local = (byte*)sha512->buffer;
- SAVE_XMM_YMM ; /* for Intel AVX */
-
- while (len) {
- word32 add = min(len, SHA512_BLOCK_SIZE - sha512->buffLen);
- XMEMCPY(&local[sha512->buffLen], data, add);
-
- sha512->buffLen += add;
- data += add;
- len -= add;
-
- if (sha512->buffLen == SHA512_BLOCK_SIZE) {
- int ret;
- #if defined(LITTLE_ENDIAN_ORDER)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords64(sha512->buffer, sha512->buffer,
- SHA512_BLOCK_SIZE);
- #endif
- ret = Transform(sha512);
- if (ret != 0)
- return ret;
-
- AddLength(sha512, SHA512_BLOCK_SIZE);
- sha512->buffLen = 0;
- }
- }
- return 0;
-}
-
-
-int wc_Sha512Final(Sha512* sha512, byte* hash)
-{
- byte* local = (byte*)sha512->buffer;
- int ret;
-
- SAVE_XMM_YMM ; /* for Intel AVX */
- AddLength(sha512, sha512->buffLen); /* before adding pads */
-
- local[sha512->buffLen++] = 0x80; /* add 1 */
-
- /* pad with zeros */
- if (sha512->buffLen > SHA512_PAD_SIZE) {
- XMEMSET(&local[sha512->buffLen], 0, SHA512_BLOCK_SIZE -sha512->buffLen);
- sha512->buffLen += SHA512_BLOCK_SIZE - sha512->buffLen;
- #if defined(LITTLE_ENDIAN_ORDER)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords64(sha512->buffer,sha512->buffer,SHA512_BLOCK_SIZE);
- #endif
- ret = Transform(sha512);
- if (ret != 0)
- return ret;
-
- sha512->buffLen = 0;
- }
- XMEMSET(&local[sha512->buffLen], 0, SHA512_PAD_SIZE - sha512->buffLen);
-
- /* put lengths in bits */
- sha512->hiLen = (sha512->loLen >> (8*sizeof(sha512->loLen) - 3)) +
- (sha512->hiLen << 3);
- sha512->loLen = sha512->loLen << 3;
-
- /* store lengths */
- #if defined(LITTLE_ENDIAN_ORDER)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords64(sha512->buffer, sha512->buffer, SHA512_PAD_SIZE);
- #endif
- /* ! length ordering dependent on digest endian type ! */
-
- sha512->buffer[SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen;
- sha512->buffer[SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(IS_INTEL_AVX1 || IS_INTEL_AVX2)
- ByteReverseWords64(&(sha512->buffer[SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
- &(sha512->buffer[SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
- SHA512_BLOCK_SIZE - SHA512_PAD_SIZE);
- #endif
- ret = Transform(sha512);
- if (ret != 0)
- return ret;
-
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(sha512->digest, sha512->digest, SHA512_DIGEST_SIZE);
- #endif
- XMEMCPY(hash, sha512->digest, SHA512_DIGEST_SIZE);
-
- return wc_InitSha512(sha512); /* reset state */
-}
-
-
-int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Sha512* sha512;
-#else
- Sha512 sha512[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha512 == NULL)
- return MEMORY_E;
-#endif
-
- if ((ret = wc_InitSha512(sha512)) != 0) {
- WOLFSSL_MSG("InitSha512 failed");
- }
- else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
- WOLFSSL_MSG("Sha512Update failed");
- }
- else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
- WOLFSSL_MSG("Sha512Final failed");
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#if defined(HAVE_INTEL_AVX1)
-
-#define Rx_1(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+K[i+j] + W_X[i] ;
-#define Rx_2(i) d(i)+=h(i);
-#define Rx_3(i) h(i)+=S0(a(i))+Maj(a(i),b(i),c(i));
-
-#if defined(HAVE_INTEL_RORX)
-#define Rx_RORX_1(i) h(i)+=S1_RORX(e(i))+Ch(e(i),f(i),g(i))+K[i+j] + W_X[i] ;
-#define Rx_RORX_2(i) d(i)+=h(i);
-#define Rx_RORX_3(i) h(i)+=S0_RORX(a(i))+Maj(a(i),b(i),c(i));
-#endif
-
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-#define Ry_1(i, w) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+K[i+j] + w ;
-#define Ry_2(i, w) d(i)+=h(i);
-#define Ry_3(i, w) h(i)+=S0(a(i))+Maj(a(i),b(i),c(i));
-#endif
-
-#if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */
-#if defined(DEBUG_XMM)
-
-#define SAVE_REG(i) __asm__ volatile("vmovdqu %%xmm"#i", %0 \n\t":"=m"(reg[i][0])::XMM_REGs);
-#define RECV_REG(i) __asm__ volatile("vmovdqu %0, %%xmm"#i" \n\t"::"m"(reg[i][0]):XMM_REGs);
-
-#define _DUMP_REG(REG, name)\
- { word64 buf[16] ;word64 reg[16][2];int k ;\
- SAVE_REG(0); SAVE_REG(1); SAVE_REG(2); SAVE_REG(3); SAVE_REG(4); \
- SAVE_REG(5); SAVE_REG(6); SAVE_REG(7);SAVE_REG(8); SAVE_REG(9); SAVE_REG(10);\
- SAVE_REG(11); SAVE_REG(12); SAVE_REG(13); SAVE_REG(14); SAVE_REG(15); \
- __asm__ volatile("vmovdqu %%"#REG", %0 \n\t":"=m"(buf[0])::XMM_REGs);\
- printf(" "#name":\t") ; for(k=0; k<2; k++) printf("%016lx.", (word64)(buf[k])); printf("\n") ; \
- RECV_REG(0); RECV_REG(1); RECV_REG(2); RECV_REG(3); RECV_REG(4);\
- RECV_REG(5); RECV_REG(6); RECV_REG(7); RECV_REG(8); RECV_REG(9);\
- RECV_REG(10); RECV_REG(11); RECV_REG(12); RECV_REG(13); RECV_REG(14); RECV_REG(15);\
- }
-
-#define DUMP_REG(REG) _DUMP_REG(REG, #REG)
-#define PRINTF(fmt, ...)
-
-#else
-
-#define DUMP_REG(REG)
-#define PRINTF(fmt, ...)
-
-#endif
-
-#define _MOVE_to_REG(xymm, mem) __asm__ volatile("vmovdqu %0, %%"#xymm" "\
- :: "m"(mem):XMM_REGs) ;
-#define _MOVE_to_MEM(mem,i, xymm) __asm__ volatile("vmovdqu %%"#xymm", %0" :\
- "=m"(mem[i]),"=m"(mem[i+1]),"=m"(mem[i+2]),"=m"(mem[i+3])::XMM_REGs) ;
-#define _MOVE(dest, src) __asm__ volatile("vmovdqu %%"#src", %%"\
- #dest" ":::XMM_REGs) ;
-
-#define _S_TEMP(dest, src, bits, temp) __asm__ volatile("vpsrlq $"#bits", %%"\
- #src", %%"#dest"\n\tvpsllq $64-"#bits", %%"#src", %%"#temp"\n\tvpor %%"\
- #temp",%%"#dest", %%"#dest" ":::XMM_REGs) ;
-#define _AVX1_R(dest, src, bits) __asm__ volatile("vpsrlq $"#bits", %%"\
- #src", %%"#dest" ":::XMM_REGs) ;
-#define _XOR(dest, src1, src2) __asm__ volatile("vpxor %%"#src1", %%"\
- #src2", %%"#dest" ":::XMM_REGs) ;
-#define _OR(dest, src1, src2) __asm__ volatile("vpor %%"#src1", %%"\
- #src2", %%"#dest" ":::XMM_REGs) ;
-#define _ADD(dest, src1, src2) __asm__ volatile("vpaddq %%"#src1", %%"\
- #src2", %%"#dest" ":::XMM_REGs) ;
-#define _ADD_MEM(dest, src1, mem) __asm__ volatile("vpaddq %0, %%"#src1", %%"\
- #dest" "::"m"(mem):XMM_REGs) ;
-
-#define MOVE_to_REG(xymm, mem) _MOVE_to_REG(xymm, mem)
-#define MOVE_to_MEM(mem, i, xymm) _MOVE_to_MEM(mem, i, xymm)
-#define MOVE(dest, src) _MOVE(dest, src)
-
-#define XOR(dest, src1, src2) _XOR(dest, src1, src2)
-#define OR(dest, src1, src2) _OR(dest, src1, src2)
-#define ADD(dest, src1, src2) _ADD(dest, src1, src2)
-
-#define S_TMP(dest, src, bits, temp) _S_TEMP(dest, src, bits, temp);
-#define AVX1_S(dest, src, bits) S_TMP(dest, src, bits, S_TEMP)
-#define AVX1_R(dest, src, bits) _AVX1_R(dest, src, bits)
-
-#define Init_Mask(mask) \
- __asm__ volatile("vmovdqu %0, %%xmm1\n\t"::"m"(mask):"%xmm1") ;
-
-#define _W_from_buff1(w, buff, xmm) \
- /* X0..3(xmm4..7), W[0..15] = sha512->buffer[0.15]; */\
- __asm__ volatile("vmovdqu %1, %%"#xmm"\n\t"\
- "vpshufb %%xmm1, %%"#xmm", %%"#xmm"\n\t"\
- "vmovdqu %%"#xmm", %0"\
- :"=m"(w): "m"(buff):"%xmm0") ;
-
-#define W_from_buff1(w, buff, xmm) _W_from_buff1(w, buff, xmm)
-
-#define W_from_buff(w, buff)\
- Init_Mask(mBYTE_FLIP_MASK[0]) ;\
- W_from_buff1(w[0], buff[0], W_0);\
- W_from_buff1(w[2], buff[2], W_2);\
- W_from_buff1(w[4], buff[4], W_4);\
- W_from_buff1(w[6], buff[6], W_6);\
- W_from_buff1(w[8], buff[8], W_8);\
- W_from_buff1(w[10],buff[10],W_10);\
- W_from_buff1(w[12],buff[12],W_12);\
- W_from_buff1(w[14],buff[14],W_14);
-
-static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f } ;
-
-#define W_I_15 xmm14
-#define W_I_7 xmm11
-#define W_I_2 xmm13
-#define W_I xmm12
-#define G_TEMP xmm0
-#define S_TEMP xmm1
-#define XMM_TEMP0 xmm2
-
-#define W_0 xmm12
-#define W_2 xmm3
-#define W_4 xmm4
-#define W_6 xmm5
-#define W_8 xmm6
-#define W_10 xmm7
-#define W_12 xmm8
-#define W_14 xmm9
-
-#define XMM_REGs
-
-#define s0_1(dest, src) AVX1_S(dest, src, 1);
-#define s0_2(dest, src) AVX1_S(G_TEMP, src, 8); XOR(dest, G_TEMP, dest) ;
-#define s0_3(dest, src) AVX1_R(G_TEMP, src, 7); XOR(dest, G_TEMP, dest) ;
-
-#define s1_1(dest, src) AVX1_S(dest, src, 19);
-#define s1_2(dest, src) AVX1_S(G_TEMP, src, 61); XOR(dest, G_TEMP, dest) ;
-#define s1_3(dest, src) AVX1_R(G_TEMP, src, 6); XOR(dest, G_TEMP, dest) ;
-
-#define s0_(dest, src) s0_1(dest, src) ; s0_2(dest, src) ; s0_3(dest, src)
-#define s1_(dest, src) s1_1(dest, src) ; s1_2(dest, src) ; s1_3(dest, src)
-
-#define Block_xx_1(i) \
- MOVE_to_REG(W_I_15, W_X[(i-15)&15]) ;\
- MOVE_to_REG(W_I_7, W_X[(i- 7)&15]) ;\
-
-#define Block_xx_2(i) \
- MOVE_to_REG(W_I_2, W_X[(i- 2)&15]) ;\
- MOVE_to_REG(W_I, W_X[(i)]) ;\
-
-#define Block_xx_3(i) \
- s0_ (XMM_TEMP0, W_I_15) ;\
-
-#define Block_xx_4(i) \
- ADD(W_I, W_I, XMM_TEMP0) ;\
- ADD(W_I, W_I, W_I_7) ;\
-
-#define Block_xx_5(i) \
- s1_ (XMM_TEMP0, W_I_2) ;\
-
-#define Block_xx_6(i) \
- ADD(W_I, W_I, XMM_TEMP0) ;\
- MOVE_to_MEM(W_X,i, W_I) ;\
- if(i==0)\
- MOVE_to_MEM(W_X,16, W_I) ;\
-
-#define Block_xx_7(i) \
- MOVE_to_REG(W_I_15, W_X[(i-15)&15]) ;\
- MOVE_to_REG(W_I_7, W_X[(i- 7)&15]) ;\
-
-#define Block_xx_8(i) \
- MOVE_to_REG(W_I_2, W_X[(i- 2)&15]) ;\
- MOVE_to_REG(W_I, W_X[(i)]) ;\
-
-#define Block_xx_9(i) \
- s0_ (XMM_TEMP0, W_I_15) ;\
-
-#define Block_xx_10(i) \
- ADD(W_I, W_I, XMM_TEMP0) ;\
- ADD(W_I, W_I, W_I_7) ;\
-
-#define Block_xx_11(i) \
- s1_ (XMM_TEMP0, W_I_2) ;\
-
-#define Block_xx_12(i) \
- ADD(W_I, W_I, XMM_TEMP0) ;\
- MOVE_to_MEM(W_X,i, W_I) ;\
- if((i)==0)\
- MOVE_to_MEM(W_X,16, W_I) ;\
-
-static inline void Block_0_1(word64 *W_X) { Block_xx_1(0) ; }
-static inline void Block_0_2(word64 *W_X) { Block_xx_2(0) ; }
-static inline void Block_0_3(void) { Block_xx_3(0) ; }
-static inline void Block_0_4(void) { Block_xx_4(0) ; }
-static inline void Block_0_5(void) { Block_xx_5(0) ; }
-static inline void Block_0_6(word64 *W_X) { Block_xx_6(0) ; }
-static inline void Block_0_7(word64 *W_X) { Block_xx_7(2) ; }
-static inline void Block_0_8(word64 *W_X) { Block_xx_8(2) ; }
-static inline void Block_0_9(void) { Block_xx_9(2) ; }
-static inline void Block_0_10(void){ Block_xx_10(2) ; }
-static inline void Block_0_11(void){ Block_xx_11(2) ; }
-static inline void Block_0_12(word64 *W_X){ Block_xx_12(2) ; }
-
-static inline void Block_4_1(word64 *W_X) { Block_xx_1(4) ; }
-static inline void Block_4_2(word64 *W_X) { Block_xx_2(4) ; }
-static inline void Block_4_3(void) { Block_xx_3(4) ; }
-static inline void Block_4_4(void) { Block_xx_4(4) ; }
-static inline void Block_4_5(void) { Block_xx_5(4) ; }
-static inline void Block_4_6(word64 *W_X) { Block_xx_6(4) ; }
-static inline void Block_4_7(word64 *W_X) { Block_xx_7(6) ; }
-static inline void Block_4_8(word64 *W_X) { Block_xx_8(6) ; }
-static inline void Block_4_9(void) { Block_xx_9(6) ; }
-static inline void Block_4_10(void){ Block_xx_10(6) ; }
-static inline void Block_4_11(void){ Block_xx_11(6) ; }
-static inline void Block_4_12(word64 *W_X){ Block_xx_12(6) ; }
-
-static inline void Block_8_1(word64 *W_X) { Block_xx_1(8) ; }
-static inline void Block_8_2(word64 *W_X) { Block_xx_2(8) ; }
-static inline void Block_8_3(void) { Block_xx_3(8) ; }
-static inline void Block_8_4(void) { Block_xx_4(8) ; }
-static inline void Block_8_5(void) { Block_xx_5(8) ; }
-static inline void Block_8_6(word64 *W_X) { Block_xx_6(8) ; }
-static inline void Block_8_7(word64 *W_X) { Block_xx_7(10) ; }
-static inline void Block_8_8(word64 *W_X) { Block_xx_8(10) ; }
-static inline void Block_8_9(void) { Block_xx_9(10) ; }
-static inline void Block_8_10(void){ Block_xx_10(10) ; }
-static inline void Block_8_11(void){ Block_xx_11(10) ; }
-static inline void Block_8_12(word64 *W_X){ Block_xx_12(10) ; }
-
-static inline void Block_12_1(word64 *W_X) { Block_xx_1(12) ; }
-static inline void Block_12_2(word64 *W_X) { Block_xx_2(12) ; }
-static inline void Block_12_3(void) { Block_xx_3(12) ; }
-static inline void Block_12_4(void) { Block_xx_4(12) ; }
-static inline void Block_12_5(void) { Block_xx_5(12) ; }
-static inline void Block_12_6(word64 *W_X) { Block_xx_6(12) ; }
-static inline void Block_12_7(word64 *W_X) { Block_xx_7(14) ; }
-static inline void Block_12_8(word64 *W_X) { Block_xx_8(14) ; }
-static inline void Block_12_9(void) { Block_xx_9(14) ; }
-static inline void Block_12_10(void){ Block_xx_10(14) ; }
-static inline void Block_12_11(void){ Block_xx_11(14) ; }
-static inline void Block_12_12(word64 *W_X){ Block_xx_12(14) ; }
-
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-static const unsigned long mBYTE_FLIP_MASK_Y[] =
- { 0x0001020304050607, 0x08090a0b0c0d0e0f, 0x0001020304050607, 0x08090a0b0c0d0e0f } ;
-
-#define W_from_buff_Y(buff)\
- { /* X0..3(ymm9..12), W_X[0..15] = sha512->buffer[0.15]; */\
- __asm__ volatile("vmovdqu %0, %%ymm8\n\t"::"m"(mBYTE_FLIP_MASK_Y[0]):YMM_REGs) ;\
- __asm__ volatile("vmovdqu %0, %%ymm12\n\t"\
- "vmovdqu %1, %%ymm4\n\t"\
- "vpshufb %%ymm8, %%ymm12, %%ymm12\n\t"\
- "vpshufb %%ymm8, %%ymm4, %%ymm4\n\t"\
- :: "m"(buff[0]), "m"(buff[4]):YMM_REGs) ;\
- __asm__ volatile("vmovdqu %0, %%ymm5\n\t"\
- "vmovdqu %1, %%ymm6\n\t"\
- "vpshufb %%ymm8, %%ymm5, %%ymm5\n\t"\
- "vpshufb %%ymm8, %%ymm6, %%ymm6\n\t"\
- :: "m"(buff[8]), "m"(buff[12]):YMM_REGs) ;\
- }
-
-#if defined(DEBUG_YMM)
-
-#define SAVE_REG_Y(i) __asm__ volatile("vmovdqu %%ymm"#i", %0 \n\t":"=m"(reg[i-4][0])::YMM_REGs);
-#define RECV_REG_Y(i) __asm__ volatile("vmovdqu %0, %%ymm"#i" \n\t"::"m"(reg[i-4][0]):YMM_REGs);
-
-#define _DUMP_REG_Y(REG, name)\
- { word64 buf[16] ;word64 reg[16][2];int k ;\
- SAVE_REG_Y(4); SAVE_REG_Y(5); SAVE_REG_Y(6); SAVE_REG_Y(7); \
- SAVE_REG_Y(8); SAVE_REG_Y(9); SAVE_REG_Y(10); SAVE_REG_Y(11); SAVE_REG_Y(12);\
- SAVE_REG_Y(13); SAVE_REG_Y(14); SAVE_REG_Y(15); \
- __asm__ volatile("vmovdqu %%"#REG", %0 \n\t":"=m"(buf[0])::YMM_REGs);\
- printf(" "#name":\t") ; for(k=0; k<4; k++) printf("%016lx.", (word64)buf[k]) ; printf("\n") ; \
- RECV_REG_Y(4); RECV_REG_Y(5); RECV_REG_Y(6); RECV_REG_Y(7); \
- RECV_REG_Y(8); RECV_REG_Y(9); RECV_REG_Y(10); RECV_REG_Y(11); RECV_REG_Y(12); \
- RECV_REG_Y(13); RECV_REG_Y(14); RECV_REG_Y(15);\
- }
-
-#define DUMP_REG_Y(REG) _DUMP_REG_Y(REG, #REG)
-#define DUMP_REG2_Y(REG) _DUMP_REG_Y(REG, #REG)
-#define PRINTF_Y(fmt, ...)
-
-#else
-
-#define DUMP_REG_Y(REG)
-#define DUMP_REG2_Y(REG)
-#define PRINTF_Y(fmt, ...)
-
-#endif
-
-#define _MOVE_to_REGy(ymm, mem) __asm__ volatile("vmovdqu %0, %%"#ymm" "\
- :: "m"(mem):YMM_REGs) ;
-#define _MOVE_to_MEMy(mem,i, ymm) __asm__ volatile("vmovdqu %%"#ymm", %0" \
- : "=m"(mem[i]),"=m"(mem[i+1]),"=m"(mem[i+2]),"=m"(mem[i+3])::YMM_REGs) ;
-#define _MOVE_128y(ymm0, ymm1, ymm2, map) __asm__ volatile("vperm2i128 $"\
- #map", %%"#ymm2", %%"#ymm1", %%"#ymm0" ":::YMM_REGs) ;
-#define _S_TEMPy(dest, src, bits, temp) \
- __asm__ volatile("vpsrlq $"#bits", %%"#src", %%"#dest"\n\tvpsllq $64-"#bits\
- ", %%"#src", %%"#temp"\n\tvpor %%"#temp",%%"#dest", %%"#dest" ":::YMM_REGs) ;
-#define _AVX2_R(dest, src, bits) __asm__ volatile("vpsrlq $"#bits", %%"\
- #src", %%"#dest" ":::YMM_REGs) ;
-#define _XORy(dest, src1, src2) __asm__ volatile("vpxor %%"#src1", %%"\
- #src2", %%"#dest" ":::YMM_REGs) ;
-#define _ADDy(dest, src1, src2) __asm__ volatile("vpaddq %%"#src1", %%"\
- #src2", %%"#dest" ":::YMM_REGs) ;
-#define _BLENDy(map, dest, src1, src2) __asm__ volatile("vpblendd $"#map", %%"\
- #src1", %%"#src2", %%"#dest" ":::YMM_REGs) ;
-#define _BLENDQy(map, dest, src1, src2) __asm__ volatile("vblendpd $"#map", %%"\
- #src1", %%"#src2", %%"#dest" ":::YMM_REGs) ;
-#define _PERMQy(map, dest, src) __asm__ volatile("vpermq $"#map", %%"\
- #src", %%"#dest" ":::YMM_REGs) ;
-
-#define MOVE_to_REGy(ymm, mem) _MOVE_to_REGy(ymm, mem)
-#define MOVE_to_MEMy(mem, i, ymm) _MOVE_to_MEMy(mem, i, ymm)
-
-#define MOVE_128y(ymm0, ymm1, ymm2, map) _MOVE_128y(ymm0, ymm1, ymm2, map)
-#define XORy(dest, src1, src2) _XORy(dest, src1, src2)
-#define ADDy(dest, src1, src2) _ADDy(dest, src1, src2)
-#define BLENDy(map, dest, src1, src2) _BLENDy(map, dest, src1, src2)
-#define BLENDQy(map, dest, src1, src2) _BLENDQy(map, dest, src1, src2)
-#define PERMQy(map, dest, src) _PERMQy(map, dest, src)
-
-
-#define S_TMPy(dest, src, bits, temp) _S_TEMPy(dest, src, bits, temp);
-#define AVX2_S(dest, src, bits) S_TMPy(dest, src, bits, S_TEMPy)
-#define AVX2_R(dest, src, bits) _AVX2_R(dest, src, bits)
-
-
-#define FEEDBACK1_to_W_I_2(w_i_2, w_i) MOVE_128y(YMM_TEMP0, w_i, w_i, 0x08) ;\
- BLENDy(0xf0, w_i_2, YMM_TEMP0, w_i_2) ;
-
-#define MOVE_W_to_W_I_15(w_i_15, w_0, w_4) BLENDQy(0x1, w_i_15, w_4, w_0) ;\
- PERMQy(0x39, w_i_15, w_i_15) ;
-#define MOVE_W_to_W_I_7(w_i_7, w_8, w_12) BLENDQy(0x1, w_i_7, w_12, w_8) ;\
- PERMQy(0x39, w_i_7, w_i_7) ;
-#define MOVE_W_to_W_I_2(w_i_2, w_12) BLENDQy(0xc, w_i_2, w_12, w_i_2) ;\
- PERMQy(0x0e, w_i_2, w_i_2) ;
-
-
-#define W_I_16y ymm8
-#define W_I_15y ymm9
-#define W_I_7y ymm10
-#define W_I_2y ymm11
-#define W_Iy ymm12
-#define G_TEMPy ymm13
-#define S_TEMPy ymm14
-#define YMM_TEMP0 ymm15
-#define YMM_TEMP0x xmm15
-#define W_I_TEMPy ymm7
-#define W_K_TEMPy ymm15
-#define W_K_TEMPx xmm15
-#define W_0y ymm12
-#define W_4y ymm4
-#define W_8y ymm5
-#define W_12y ymm6
-
-#define YMM_REGs
-/* Registers are saved in Sha512Update/Final */
- /* "%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15"*/
-
-#define MOVE_15_to_16(w_i_16, w_i_15, w_i_7)\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i_15", %%"#w_i_15", %%"#w_i_15" ":::YMM_REGs) ;\
- __asm__ volatile("vpblendd $0x08, %%"#w_i_15", %%"#w_i_7", %%"#w_i_16" ":::YMM_REGs) ;\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i_7", %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
- __asm__ volatile("vpblendd $0x80, %%"#w_i_15", %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
- __asm__ volatile("vpshufd $0x93, %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
-
-#define MOVE_7_to_15(w_i_15, w_i_7)\
- __asm__ volatile("vmovdqu %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_7(w_i_7, w_i)\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i", %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
- __asm__ volatile("vpblendd $0x01, %%"#w_i_7", %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
- __asm__ volatile("vpshufd $0x39, %%"#w_i_7", %%"#w_i_7" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_2(w_i_2, w_i)\
- __asm__ volatile("vperm2i128 $0x01, %%"#w_i", %%"#w_i", %%"#w_i_2" ":::YMM_REGs) ;\
- __asm__ volatile("vpshufd $0x0e, %%"#w_i_2", %%"#w_i_2" ":::YMM_REGs) ;\
-
-#endif
-
-
-/*** Transform Body ***/
-#if defined(HAVE_INTEL_AVX1)
-
-static int Transform_AVX1(Sha512* sha512)
-{
- const word64* K = K512;
- word64 W_X[16+4];
- word32 j;
- word64 T[8];
- /* Copy digest to working vars */
- XMEMCPY(T, sha512->digest, sizeof(T));
-
- W_from_buff(W_X, sha512->buffer) ;
- for (j = 0; j < 80; j += 16) {
- Rx_1( 0); Block_0_1(W_X); Rx_2( 0); Block_0_2(W_X); Rx_3( 0); Block_0_3();
- Rx_1( 1); Block_0_4(); Rx_2( 1); Block_0_5(); Rx_3( 1); Block_0_6(W_X);
- Rx_1( 2); Block_0_7(W_X); Rx_2( 2); Block_0_8(W_X); Rx_3( 2); Block_0_9();
- Rx_1( 3); Block_0_10();Rx_2( 3); Block_0_11();Rx_3( 3); Block_0_12(W_X);
-
- Rx_1( 4); Block_4_1(W_X); Rx_2( 4); Block_4_2(W_X); Rx_3( 4); Block_4_3();
- Rx_1( 5); Block_4_4(); Rx_2( 5); Block_4_5(); Rx_3( 5); Block_4_6(W_X);
- Rx_1( 6); Block_4_7(W_X); Rx_2( 6); Block_4_8(W_X); Rx_3( 6); Block_4_9();
- Rx_1( 7); Block_4_10();Rx_2( 7); Block_4_11();Rx_3( 7); Block_4_12(W_X);
-
- Rx_1( 8); Block_8_1(W_X); Rx_2( 8); Block_8_2(W_X); Rx_3( 8); Block_8_3();
- Rx_1( 9); Block_8_4(); Rx_2( 9); Block_8_5(); Rx_3( 9); Block_8_6(W_X);
- Rx_1(10); Block_8_7(W_X); Rx_2(10); Block_8_8(W_X); Rx_3(10); Block_8_9();
- Rx_1(11); Block_8_10();Rx_2(11); Block_8_11();Rx_3(11); Block_8_12(W_X);
-
- Rx_1(12); Block_12_1(W_X); Rx_2(12); Block_12_2(W_X); Rx_3(12); Block_12_3();
- Rx_1(13); Block_12_4(); Rx_2(13); Block_12_5(); Rx_3(13); Block_12_6(W_X);
- Rx_1(14); Block_12_7(W_X); Rx_2(14); Block_12_8(W_X); Rx_3(14); Block_12_9();
- Rx_1(15); Block_12_10();Rx_2(15); Block_12_11();Rx_3(15); Block_12_12(W_X);
- }
-
- /* Add the working vars back into digest */
-
- sha512->digest[0] += a(0);
- sha512->digest[1] += b(0);
- sha512->digest[2] += c(0);
- sha512->digest[3] += d(0);
- sha512->digest[4] += e(0);
- sha512->digest[5] += f(0);
- sha512->digest[6] += g(0);
- sha512->digest[7] += h(0);
-
- /* Wipe variables */
- #if !defined(HAVE_INTEL_AVX1)&&!defined(HAVE_INTEL_AVX2)
- XMEMSET(W_X, 0, sizeof(word64) * 16);
- #endif
- XMEMSET(T, 0, sizeof(T));
-
- return 0;
-}
-
-#endif
-
-#if defined(HAVE_INTEL_AVX2) && defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_RORX)
-
-static int Transform_AVX1_RORX(Sha512* sha512)
-{
- const word64* K = K512;
- word64 W_X[16+4];
- word32 j;
- word64 T[8];
- /* Copy digest to working vars */
- XMEMCPY(T, sha512->digest, sizeof(T));
-
- W_from_buff(W_X, sha512->buffer) ;
- for (j = 0; j < 80; j += 16) {
- Rx_RORX_1( 0); Block_0_1(W_X); Rx_RORX_2( 0); Block_0_2(W_X);
- Rx_RORX_3( 0); Block_0_3();
- Rx_RORX_1( 1); Block_0_4(); Rx_RORX_2( 1); Block_0_5();
- Rx_RORX_3( 1); Block_0_6(W_X);
- Rx_RORX_1( 2); Block_0_7(W_X); Rx_RORX_2( 2); Block_0_8(W_X);
- Rx_RORX_3( 2); Block_0_9();
- Rx_RORX_1( 3); Block_0_10();Rx_RORX_2( 3); Block_0_11();
- Rx_RORX_3( 3); Block_0_12(W_X);
-
- Rx_RORX_1( 4); Block_4_1(W_X); Rx_RORX_2( 4); Block_4_2(W_X);
- Rx_RORX_3( 4); Block_4_3();
- Rx_RORX_1( 5); Block_4_4(); Rx_RORX_2( 5); Block_4_5();
- Rx_RORX_3( 5); Block_4_6(W_X);
- Rx_RORX_1( 6); Block_4_7(W_X); Rx_RORX_2( 6); Block_4_8(W_X);
- Rx_RORX_3( 6); Block_4_9();
- Rx_RORX_1( 7); Block_4_10();Rx_RORX_2( 7); Block_4_11();
- Rx_RORX_3( 7); Block_4_12(W_X);
-
- Rx_RORX_1( 8); Block_8_1(W_X); Rx_RORX_2( 8); Block_8_2(W_X);
- Rx_RORX_3( 8); Block_8_3();
- Rx_RORX_1( 9); Block_8_4(); Rx_RORX_2( 9); Block_8_5();
- Rx_RORX_3( 9); Block_8_6(W_X);
- Rx_RORX_1(10); Block_8_7(W_X); Rx_RORX_2(10); Block_8_8(W_X);
- Rx_RORX_3(10); Block_8_9();
- Rx_RORX_1(11); Block_8_10();Rx_RORX_2(11); Block_8_11();
- Rx_RORX_3(11); Block_8_12(W_X);
-
- Rx_RORX_1(12); Block_12_1(W_X); Rx_RORX_2(12); Block_12_2(W_X);
- Rx_RORX_3(12); Block_12_3();
- Rx_RORX_1(13); Block_12_4(); Rx_RORX_2(13); Block_12_5();
- Rx_RORX_3(13); Block_12_6(W_X);
- Rx_RORX_1(14); Block_12_7(W_X); Rx_RORX_2(14); Block_12_8(W_X);
- Rx_RORX_3(14); Block_12_9();
- Rx_RORX_1(15); Block_12_10();Rx_RORX_2(15); Block_12_11();
- Rx_RORX_3(15); Block_12_12(W_X);
- }
- /* Add the working vars back into digest */
-
- sha512->digest[0] += a(0);
- sha512->digest[1] += b(0);
- sha512->digest[2] += c(0);
- sha512->digest[3] += d(0);
- sha512->digest[4] += e(0);
- sha512->digest[5] += f(0);
- sha512->digest[6] += g(0);
- sha512->digest[7] += h(0);
-
- /* Wipe variables */
- #if !defined(HAVE_INTEL_AVX1)&&!defined(HAVE_INTEL_AVX2)
- XMEMSET(W_X, 0, sizeof(word64) * 16);
- #endif
- XMEMSET(T, 0, sizeof(T));
-
- return 0;
-}
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-
-#define s0_1y(dest, src) AVX2_S(dest, src, 1);
-#define s0_2y(dest, src) AVX2_S(G_TEMPy, src, 8); XORy(dest, G_TEMPy, dest) ;
-#define s0_3y(dest, src) AVX2_R(G_TEMPy, src, 7); XORy(dest, G_TEMPy, dest) ;
-
-#define s1_1y(dest, src) AVX2_S(dest, src, 19);
-#define s1_2y(dest, src) AVX2_S(G_TEMPy, src, 61); XORy(dest, G_TEMPy, dest) ;
-#define s1_3y(dest, src) AVX2_R(G_TEMPy, src, 6); XORy(dest, G_TEMPy, dest) ;
-
-#define s0_y(dest, src) s0_1y(dest, src) ; s0_2y(dest, src) ; s0_3y(dest, src)
-#define s1_y(dest, src) s1_1y(dest, src) ; s1_2y(dest, src) ; s1_3y(dest, src)
-
-#define blk384(i) (W[i] = sha384->buffer[i])
-
-
-#define Block_Y_xx_1(i, w_0, w_4, w_8, w_12)\
- MOVE_W_to_W_I_15(W_I_15y, w_0, w_4) ;\
- MOVE_W_to_W_I_7 (W_I_7y, w_8, w_12) ;\
- MOVE_W_to_W_I_2 (W_I_2y, w_12) ;\
-
-#define Block_Y_xx_2(i, w_0, w_4, w_8, w_12)\
- s0_1y (YMM_TEMP0, W_I_15y) ;\
-
-#define Block_Y_xx_3(i, w_0, w_4, w_8, w_12)\
- s0_2y (YMM_TEMP0, W_I_15y) ;\
-
-#define Block_Y_xx_4(i, w_0, w_4, w_8, w_12)\
- s0_3y (YMM_TEMP0, W_I_15y) ;\
-
-#define Block_Y_xx_5(i, w_0, w_4, w_8, w_12)\
- ADDy(W_I_TEMPy, w_0, YMM_TEMP0) ;\
-
-#define Block_Y_xx_6(i, w_0, w_4, w_8, w_12)\
- ADDy(W_I_TEMPy, W_I_TEMPy, W_I_7y) ;\
- s1_1y (YMM_TEMP0, W_I_2y) ;\
-
-#define Block_Y_xx_7(i, w_0, w_4, w_8, w_12)\
- s1_2y (YMM_TEMP0, W_I_2y) ;\
-
-#define Block_Y_xx_8(i, w_0, w_4, w_8, w_12)\
- s1_3y (YMM_TEMP0, W_I_2y) ;\
- ADDy(w_0, W_I_TEMPy, YMM_TEMP0) ;\
-
-#define Block_Y_xx_9(i, w_0, w_4, w_8, w_12)\
- FEEDBACK1_to_W_I_2(W_I_2y, w_0) ;\
-
-#define Block_Y_xx_10(i, w_0, w_4, w_8, w_12) \
- s1_1y (YMM_TEMP0, W_I_2y) ;\
-
-#define Block_Y_xx_11(i, w_0, w_4, w_8, w_12) \
- s1_2y (YMM_TEMP0, W_I_2y) ;\
-
-#define Block_Y_xx_12(i, w_0, w_4, w_8, w_12)\
- s1_3y (YMM_TEMP0, W_I_2y) ;\
- ADDy(w_0, W_I_TEMPy, YMM_TEMP0) ;\
- MOVE_to_MEMy(w,0, w_4) ;\
-
-
-static inline void Block_Y_0_1(void) { Block_Y_xx_1(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_2(void) { Block_Y_xx_2(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_3(void) { Block_Y_xx_3(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_4(void) { Block_Y_xx_4(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_5(void) { Block_Y_xx_5(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_6(void) { Block_Y_xx_6(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_7(void) { Block_Y_xx_7(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_8(void) { Block_Y_xx_8(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_9(void) { Block_Y_xx_9(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_10(void){ Block_Y_xx_10(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_11(void){ Block_Y_xx_11(0, W_0y, W_4y, W_8y, W_12y) ; }
-static inline void Block_Y_0_12(word64 *w){ Block_Y_xx_12(0, W_0y, W_4y, W_8y, W_12y) ; }
-
-static inline void Block_Y_4_1(void) { Block_Y_xx_1(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_2(void) { Block_Y_xx_2(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_3(void) { Block_Y_xx_3(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_4(void) { Block_Y_xx_4(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_5(void) { Block_Y_xx_5(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_6(void) { Block_Y_xx_6(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_7(void) { Block_Y_xx_7(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_8(void) { Block_Y_xx_8(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_9(void) { Block_Y_xx_9(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_10(void) { Block_Y_xx_10(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_11(void) { Block_Y_xx_11(4, W_4y, W_8y, W_12y, W_0y) ; }
-static inline void Block_Y_4_12(word64 *w) { Block_Y_xx_12(4, W_4y, W_8y, W_12y, W_0y) ; }
-
-static inline void Block_Y_8_1(void) { Block_Y_xx_1(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_2(void) { Block_Y_xx_2(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_3(void) { Block_Y_xx_3(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_4(void) { Block_Y_xx_4(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_5(void) { Block_Y_xx_5(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_6(void) { Block_Y_xx_6(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_7(void) { Block_Y_xx_7(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_8(void) { Block_Y_xx_8(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_9(void) { Block_Y_xx_9(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_10(void) { Block_Y_xx_10(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_11(void) { Block_Y_xx_11(8, W_8y, W_12y, W_0y, W_4y) ; }
-static inline void Block_Y_8_12(word64 *w) { Block_Y_xx_12(8, W_8y, W_12y, W_0y, W_4y) ; }
-
-static inline void Block_Y_12_1(void) { Block_Y_xx_1(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_2(void) { Block_Y_xx_2(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_3(void) { Block_Y_xx_3(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_4(void) { Block_Y_xx_4(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_5(void) { Block_Y_xx_5(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_6(void) { Block_Y_xx_6(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_7(void) { Block_Y_xx_7(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_8(void) { Block_Y_xx_8(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_9(void) { Block_Y_xx_9(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_10(void) { Block_Y_xx_10(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_11(void) { Block_Y_xx_11(12, W_12y, W_0y, W_4y, W_8y) ; }
-static inline void Block_Y_12_12(word64 *w) { Block_Y_xx_12(12, W_12y, W_0y, W_4y, W_8y) ; }
-
-
-static int Transform_AVX2(Sha512* sha512)
-{
- const word64* K = K512;
- word64 w[4] ;
- word32 j /*, k*/;
- word64 T[8];
- /* Copy digest to working vars */
- XMEMCPY(T, sha512->digest, sizeof(T));
-
- W_from_buff_Y(sha512->buffer) ;
- MOVE_to_MEMy(w,0, W_0y) ;
- for (j = 0; j < 80; j += 16) {
- Ry_1( 0, w[0]); Block_Y_0_1(); Ry_2( 0, w[0]); Block_Y_0_2();
- Ry_3( 0, w[0]); Block_Y_0_3();
- Ry_1( 1, w[1]); Block_Y_0_4(); Ry_2( 1, w[1]); Block_Y_0_5();
- Ry_3( 1, w[1]); Block_Y_0_6();
- Ry_1( 2, w[2]); Block_Y_0_7(); Ry_2( 2, w[2]); Block_Y_0_8();
- Ry_3( 2, w[2]); Block_Y_0_9();
- Ry_1( 3, w[3]); Block_Y_0_10();Ry_2( 3, w[3]); Block_Y_0_11();
- Ry_3( 3, w[3]); Block_Y_0_12(w);
-
- Ry_1( 4, w[0]); Block_Y_4_1(); Ry_2( 4, w[0]); Block_Y_4_2();
- Ry_3( 4, w[0]); Block_Y_4_3();
- Ry_1( 5, w[1]); Block_Y_4_4(); Ry_2( 5, w[1]); Block_Y_4_5();
- Ry_3( 5, w[1]); Block_Y_4_6();
- Ry_1( 6, w[2]); Block_Y_4_7(); Ry_2( 6, w[2]); Block_Y_4_8();
- Ry_3( 6, w[2]); Block_Y_4_9();
- Ry_1( 7, w[3]); Block_Y_4_10(); Ry_2( 7, w[3]);Block_Y_4_11();
- Ry_3( 7, w[3]);Block_Y_4_12(w);
-
- Ry_1( 8, w[0]); Block_Y_8_1(); Ry_2( 8, w[0]); Block_Y_8_2();
- Ry_3( 8, w[0]); Block_Y_8_3();
- Ry_1( 9, w[1]); Block_Y_8_4(); Ry_2( 9, w[1]); Block_Y_8_5();
- Ry_3( 9, w[1]); Block_Y_8_6();
- Ry_1(10, w[2]); Block_Y_8_7(); Ry_2(10, w[2]); Block_Y_8_8();
- Ry_3(10, w[2]); Block_Y_8_9();
- Ry_1(11, w[3]); Block_Y_8_10();Ry_2(11, w[3]); Block_Y_8_11();
- Ry_3(11, w[3]); Block_Y_8_12(w);
-
- Ry_1(12, w[0]); Block_Y_12_1(); Ry_2(12, w[0]); Block_Y_12_2();
- Ry_3(12, w[0]); Block_Y_12_3();
- Ry_1(13, w[1]); Block_Y_12_4(); Ry_2(13, w[1]); Block_Y_12_5();
- Ry_3(13, w[1]); Block_Y_12_6();
- Ry_1(14, w[2]); Block_Y_12_7(); Ry_2(14, w[2]); Block_Y_12_8();
- Ry_3(14, w[2]); Block_Y_12_9();
- Ry_1(15, w[3]); Block_Y_12_10();Ry_2(15, w[3]); Block_Y_12_11();
- Ry_3(15, w[3]);Block_Y_12_12(w);
- }
-
- /* Add the working vars back into digest */
-
- sha512->digest[0] += a(0);
- sha512->digest[1] += b(0);
- sha512->digest[2] += c(0);
- sha512->digest[3] += d(0);
- sha512->digest[4] += e(0);
- sha512->digest[5] += f(0);
- sha512->digest[6] += g(0);
- sha512->digest[7] += h(0);
-
- /* Wipe variables */
- #if !defined(HAVE_INTEL_AVX1)&&!defined(HAVE_INTEL_AVX2)
- XMEMSET(W, 0, sizeof(word64) * 16);
- #endif
- XMEMSET(T, 0, sizeof(T));
-
- return 0;
-}
-
-#endif
-
-
-#ifdef WOLFSSL_SHA384
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-#if defined(HAVE_INTEL_AVX1)
-static int Transform384_AVX1(Sha384 *sha384) ;
-#endif
-#if defined(HAVE_INTEL_AVX2)
-static int Transform384_AVX2(Sha384 *sha384) ;
-#endif
-
-#if defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_AVX2) &&defined(HAVE_INTEL_RORX)
-static int Transform384_AVX1_RORX(Sha384 *sha384) ;
-#endif
-
-static int _Transform384(Sha384 *sha384) ;
-static int (*Transform384_p)(Sha384* sha384) = _Transform384 ;
-
-#define Transform384(sha384) (*Transform384_p)(sha384)
-static void set_Transform384(void) {
- if(set_cpuid_flags(CHECK_SHA384))return ;
-
-#if defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2)
- Transform384_p = ((IS_INTEL_AVX1) ? Transform384_AVX1 : _Transform384) ;
-#elif defined(HAVE_INTEL_AVX2)
- #if defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_RORX)
- if(IS_INTEL_AVX2 && IS_INTEL_BMI2) { Transform384_p = Transform384_AVX1_RORX ; return ; }
- #endif
- if(IS_INTEL_AVX2) { Transform384_p = Transform384_AVX2 ; return ; }
- #if defined(HAVE_INTEL_AVX1)
- Transform384_p = ((IS_INTEL_AVX1) ? Transform384_AVX1 : _Transform384) ;
- #endif
-#else
- Transform384_p = ((IS_INTEL_AVX1) ? Transform384_AVX1 : _Transform384) ;
-#endif
-}
-
-#else
- #define Transform384(sha512) _Transform384(sha512)
-#endif
-
-int wc_InitSha384(Sha384* sha384)
-{
- sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
- sha384->digest[1] = W64LIT(0x629a292a367cd507);
- sha384->digest[2] = W64LIT(0x9159015a3070dd17);
- sha384->digest[3] = W64LIT(0x152fecd8f70e5939);
- sha384->digest[4] = W64LIT(0x67332667ffc00b31);
- sha384->digest[5] = W64LIT(0x8eb44a8768581511);
- sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7);
- sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
-
- sha384->buffLen = 0;
- sha384->loLen = 0;
- sha384->hiLen = 0;
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
- set_Transform384() ;
-#endif
-
- return 0;
-}
-
-static int _Transform384(Sha384* sha384)
-{
- const word64* K = K512;
-
- word32 j;
- word64 T[8];
-
-#ifdef WOLFSSL_SMALL_STACK
- word64* W;
-
- W = (word64*) XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (W == NULL)
- return MEMORY_E;
-#else
- word64 W[16];
-#endif
-
- /* Copy digest to working vars */
- XMEMCPY(T, sha384->digest, sizeof(T));
-
-#ifdef USE_SLOW_SHA2
- /* over twice as small, but 50% slower */
- /* 80 operations, not unrolled */
- for (j = 0; j < 80; j += 16) {
- int m;
- for (m = 0; m < 16; m++) { /* braces needed for macros {} */
- R2(m);
- }
- }
-#else
- /* 80 operations, partially loop unrolled */
- for (j = 0; j < 80; j += 16) {
- R2( 0); R2( 1); R2( 2); R2( 3);
- R2( 4); R2( 5); R2( 6); R2( 7);
- R2( 8); R2( 9); R2(10); R2(11);
- R2(12); R2(13); R2(14); R2(15);
- }
-#endif /* USE_SLOW_SHA2 */
-
- /* Add the working vars back into digest */
-
- sha384->digest[0] += a(0);
- sha384->digest[1] += b(0);
- sha384->digest[2] += c(0);
- sha384->digest[3] += d(0);
- sha384->digest[4] += e(0);
- sha384->digest[5] += f(0);
- sha384->digest[6] += g(0);
- sha384->digest[7] += h(0);
-
- /* Wipe variables */
- XMEMSET(W, 0, sizeof(word64) * 16);
- XMEMSET(T, 0, sizeof(T));
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return 0;
-}
-
-static INLINE void AddLength384(Sha384* sha384, word32 len)
-{
- word32 tmp = sha384->loLen;
- if ( (sha384->loLen += len) < tmp)
- sha384->hiLen++; /* carry low to high */
-}
-
-int wc_Sha384Update(Sha384* sha384, const byte* data, word32 len)
-{
- /* do block size increments */
- byte* local = (byte*)sha384->buffer;
-
- SAVE_XMM_YMM ; /* for Intel AVX */
-
- while (len) {
- word32 add = min(len, SHA384_BLOCK_SIZE - sha384->buffLen);
- XMEMCPY(&local[sha384->buffLen], data, add);
-
- sha384->buffLen += add;
- data += add;
- len -= add;
-
- if (sha384->buffLen == SHA384_BLOCK_SIZE) {
- int ret;
-
- #if defined(LITTLE_ENDIAN_ORDER)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords64(sha384->buffer, sha384->buffer,
- SHA384_BLOCK_SIZE);
- #endif
- ret = Transform384(sha384);
- if (ret != 0)
- return ret;
-
- AddLength384(sha384, SHA384_BLOCK_SIZE);
- sha384->buffLen = 0;
- }
- }
- return 0;
-}
-
-
-int wc_Sha384Final(Sha384* sha384, byte* hash)
-{
- byte* local = (byte*)sha384->buffer;
- int ret;
-
- SAVE_XMM_YMM ; /* for Intel AVX */
- AddLength384(sha384, sha384->buffLen); /* before adding pads */
-
- local[sha384->buffLen++] = 0x80; /* add 1 */
-
- /* pad with zeros */
- if (sha384->buffLen > SHA384_PAD_SIZE) {
- XMEMSET(&local[sha384->buffLen], 0, SHA384_BLOCK_SIZE -sha384->buffLen);
- sha384->buffLen += SHA384_BLOCK_SIZE - sha384->buffLen;
-
- #if defined(LITTLE_ENDIAN_ORDER)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords64(sha384->buffer, sha384->buffer,
- SHA384_BLOCK_SIZE);
- #endif
- ret = Transform384(sha384);
- if (ret != 0)
- return ret;
-
- sha384->buffLen = 0;
- }
- XMEMSET(&local[sha384->buffLen], 0, SHA384_PAD_SIZE - sha384->buffLen);
-
- /* put lengths in bits */
- sha384->hiLen = (sha384->loLen >> (8*sizeof(sha384->loLen) - 3)) +
- (sha384->hiLen << 3);
- sha384->loLen = sha384->loLen << 3;
-
- /* store lengths */
- #if defined(LITTLE_ENDIAN_ORDER)
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
- #endif
- ByteReverseWords64(sha384->buffer, sha384->buffer,
- SHA384_BLOCK_SIZE);
- #endif
- /* ! length ordering dependent on digest endian type ! */
- sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 2] = sha384->hiLen;
- sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 1] = sha384->loLen;
- #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
- if(IS_INTEL_AVX1 || IS_INTEL_AVX2)
- ByteReverseWords64(&(sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 2]),
- &(sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 2]),
- SHA384_BLOCK_SIZE - SHA384_PAD_SIZE);
- #endif
- ret = Transform384(sha384);
- if (ret != 0)
- return ret;
-
- #ifdef LITTLE_ENDIAN_ORDER
- ByteReverseWords64(sha384->digest, sha384->digest, SHA384_DIGEST_SIZE);
- #endif
- XMEMCPY(hash, sha384->digest, SHA384_DIGEST_SIZE);
-
- return wc_InitSha384(sha384); /* reset state */
-}
-
-
-int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Sha384* sha384;
-#else
- Sha384 sha384[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha384 == NULL)
- return MEMORY_E;
-#endif
-
- if ((ret = wc_InitSha384(sha384)) != 0) {
- WOLFSSL_MSG("InitSha384 failed");
- }
- else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
- WOLFSSL_MSG("Sha384Update failed");
- }
- else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
- WOLFSSL_MSG("Sha384Final failed");
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#if defined(HAVE_INTEL_AVX1)
-
-static int Transform384_AVX1(Sha384* sha384)
-{
- const word64* K = K512;
- word64 W_X[16+4];
- word32 j;
- word64 T[8];
-
- /* Copy digest to working vars */
- XMEMCPY(T, sha384->digest, sizeof(T));
- W_from_buff(W_X, sha384->buffer) ;
- for (j = 0; j < 80; j += 16) {
- Rx_1( 0); Block_0_1(W_X); Rx_2( 0); Block_0_2(W_X); Rx_3( 0); Block_0_3();
- Rx_1( 1); Block_0_4(); Rx_2( 1); Block_0_5(); Rx_3( 1); Block_0_6(W_X);
- Rx_1( 2); Block_0_7(W_X); Rx_2( 2); Block_0_8(W_X); Rx_3( 2); Block_0_9();
- Rx_1( 3); Block_0_10();Rx_2( 3); Block_0_11();Rx_3( 3); Block_0_12(W_X);
-
- Rx_1( 4); Block_4_1(W_X); Rx_2( 4); Block_4_2(W_X); Rx_3( 4); Block_4_3();
- Rx_1( 5); Block_4_4(); Rx_2( 5); Block_4_5(); Rx_3( 5); Block_4_6(W_X);
- Rx_1( 6); Block_4_7(W_X); Rx_2( 6); Block_4_8(W_X); Rx_3( 6); Block_4_9();
- Rx_1( 7); Block_4_10();Rx_2( 7); Block_4_11();Rx_3( 7); Block_4_12(W_X);
-
- Rx_1( 8); Block_8_1(W_X); Rx_2( 8); Block_8_2(W_X); Rx_3( 8); Block_8_3();
- Rx_1( 9); Block_8_4(); Rx_2( 9); Block_8_5(); Rx_3( 9); Block_8_6(W_X);
- Rx_1(10); Block_8_7(W_X); Rx_2(10); Block_8_8(W_X); Rx_3(10); Block_8_9();
- Rx_1(11); Block_8_10();Rx_2(11); Block_8_11();Rx_3(11); Block_8_12(W_X);
-
- Rx_1(12); Block_12_1(W_X); Rx_2(12); Block_12_2(W_X); Rx_3(12); Block_12_3();
- Rx_1(13); Block_12_4(); Rx_2(13); Block_12_5(); Rx_3(13); Block_12_6(W_X);
- Rx_1(14); Block_12_7(W_X); Rx_2(14); Block_12_8(W_X); Rx_3(14); Block_12_9();
- Rx_1(15); Block_12_10();Rx_2(15); Block_12_11();Rx_3(15); Block_12_12(W_X);
- }
-
- /* Add the working vars back into digest */
-
- sha384->digest[0] += a(0);
- sha384->digest[1] += b(0);
- sha384->digest[2] += c(0);
- sha384->digest[3] += d(0);
- sha384->digest[4] += e(0);
- sha384->digest[5] += f(0);
- sha384->digest[6] += g(0);
- sha384->digest[7] += h(0);
-
- /* Wipe variables */
- #if !defined(HAVE_INTEL_AVX1)&&!defined(HAVE_INTEL_AVX2)
- XMEMSET(W, 0, sizeof(word64) * 16);
- #endif
- XMEMSET(T, 0, sizeof(T));
-
- return 0;
-}
-
-#endif
-
-#if defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_AVX2) && defined(HAVE_INTEL_RORX)
-static int Transform384_AVX1_RORX(Sha384* sha384)
-{
- const word64* K = K512;
- word64 W_X[16+4];
- word32 j;
- word64 T[8];
-
- /* Copy digest to working vars */
- XMEMCPY(T, sha384->digest, sizeof(T));
-
- W_from_buff(W_X, sha384->buffer) ;
- for (j = 0; j < 80; j += 16) {
- Rx_RORX_1( 0); Block_0_1(W_X); Rx_RORX_2( 0);
- Block_0_2(W_X); Rx_RORX_3( 0); Block_0_3();
- Rx_RORX_1( 1); Block_0_4(); Rx_RORX_2( 1);
- Block_0_5(); Rx_RORX_3( 1); Block_0_6(W_X);
- Rx_RORX_1( 2); Block_0_7(W_X); Rx_RORX_2( 2);
- Block_0_8(W_X); Rx_RORX_3( 2); Block_0_9();
- Rx_RORX_1( 3); Block_0_10();Rx_RORX_2( 3);
- Block_0_11();Rx_RORX_3( 3); Block_0_12(W_X);
-
- Rx_RORX_1( 4); Block_4_1(W_X); Rx_RORX_2( 4);
- Block_4_2(W_X); Rx_RORX_3( 4); Block_4_3();
- Rx_RORX_1( 5); Block_4_4(); Rx_RORX_2( 5);
- Block_4_5(); Rx_RORX_3( 5); Block_4_6(W_X);
- Rx_RORX_1( 6); Block_4_7(W_X); Rx_RORX_2( 6);
- Block_4_8(W_X); Rx_RORX_3( 6); Block_4_9();
- Rx_RORX_1( 7); Block_4_10();Rx_RORX_2( 7);
- Block_4_11();Rx_RORX_3( 7); Block_4_12(W_X);
-
- Rx_RORX_1( 8); Block_8_1(W_X); Rx_RORX_2( 8);
- Block_8_2(W_X); Rx_RORX_3( 8); Block_8_3();
- Rx_RORX_1( 9); Block_8_4(); Rx_RORX_2( 9);
- Block_8_5(); Rx_RORX_3( 9); Block_8_6(W_X);
- Rx_RORX_1(10); Block_8_7(W_X); Rx_RORX_2(10);
- Block_8_8(W_X); Rx_RORX_3(10); Block_8_9();
- Rx_RORX_1(11); Block_8_10();Rx_RORX_2(11);
- Block_8_11();Rx_RORX_3(11); Block_8_12(W_X);
-
- Rx_RORX_1(12); Block_12_1(W_X); Rx_RORX_2(12);
- Block_12_2(W_X); Rx_RORX_3(12); Block_12_3();
- Rx_RORX_1(13); Block_12_4(); Rx_RORX_2(13);
- Block_12_5(); Rx_RORX_3(13); Block_12_6(W_X);
- Rx_RORX_1(14); Block_12_7(W_X); Rx_RORX_2(14);
- Block_12_8(W_X); Rx_RORX_3(14); Block_12_9();
- Rx_RORX_1(15); Block_12_10();Rx_RORX_2(15);
- Block_12_11();Rx_RORX_3(15); Block_12_12(W_X);
- }
-
- /* Add the working vars back into digest */
-
- sha384->digest[0] += a(0);
- sha384->digest[1] += b(0);
- sha384->digest[2] += c(0);
- sha384->digest[3] += d(0);
- sha384->digest[4] += e(0);
- sha384->digest[5] += f(0);
- sha384->digest[6] += g(0);
- sha384->digest[7] += h(0);
-
- /* Wipe variables */
- #if !defined(HAVE_INTEL_AVX1)&&!defined(HAVE_INTEL_AVX2)
- XMEMSET(W, 0, sizeof(word64) * 16);
- #endif
- XMEMSET(T, 0, sizeof(T));
-
- return 0;
-}
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-
-static int Transform384_AVX2(Sha384* sha384)
-{
- const word64* K = K512;
- word64 w[4] ;
- word32 j;
- word64 T[8];
-
- /* Copy digest to working vars */
- XMEMCPY(T, sha384->digest, sizeof(T));
-
- /* over twice as small, but 50% slower */
- /* 80 operations, not unrolled */
-
- W_from_buff_Y(sha384->buffer) ;
-
- MOVE_to_MEMy(w,0, W_0y) ;
- for (j = 0; j < 80; j += 16) {
- Ry_1( 0, w[0]); Block_Y_0_1(); Ry_2( 0, w[0]);
- Block_Y_0_2(); Ry_3( 0, w[0]); Block_Y_0_3();
- Ry_1( 1, w[1]); Block_Y_0_4(); Ry_2( 1, w[1]);
- Block_Y_0_5(); Ry_3( 1, w[1]); Block_Y_0_6();
- Ry_1( 2, w[2]); Block_Y_0_7(); Ry_2( 2, w[2]);
- Block_Y_0_8(); Ry_3( 2, w[2]); Block_Y_0_9();
- Ry_1( 3, w[3]); Block_Y_0_10();Ry_2( 3, w[3]);
- Block_Y_0_11();Ry_3( 3, w[3]); Block_Y_0_12(w);
-
- Ry_1( 4, w[0]); Block_Y_4_1(); Ry_2( 4, w[0]);
- Block_Y_4_2(); Ry_3( 4, w[0]); Block_Y_4_3();
- Ry_1( 5, w[1]); Block_Y_4_4(); Ry_2( 5, w[1]);
- Block_Y_4_5(); Ry_3( 5, w[1]); Block_Y_4_6();
- Ry_1( 6, w[2]); Block_Y_4_7(); Ry_2( 6, w[2]);
- Block_Y_4_8(); Ry_3( 6, w[2]); Block_Y_4_9();
- Ry_1( 7, w[3]); Block_Y_4_10(); Ry_2( 7, w[3]);
- Block_Y_4_11(); Ry_3( 7, w[3]);Block_Y_4_12(w);
-
- Ry_1( 8, w[0]); Block_Y_8_1(); Ry_2( 8, w[0]);
- Block_Y_8_2(); Ry_3( 8, w[0]); Block_Y_8_3();
- Ry_1( 9, w[1]); Block_Y_8_4(); Ry_2( 9, w[1]);
- Block_Y_8_5(); Ry_3( 9, w[1]); Block_Y_8_6();
- Ry_1(10, w[2]); Block_Y_8_7(); Ry_2(10, w[2]);
- Block_Y_8_8(); Ry_3(10, w[2]); Block_Y_8_9();
- Ry_1(11, w[3]); Block_Y_8_10();Ry_2(11, w[3]);
- Block_Y_8_11();Ry_3(11, w[3]); Block_Y_8_12(w);
-
- Ry_1(12, w[0]); Block_Y_12_1(); Ry_2(12, w[0]);
- Block_Y_12_2(); Ry_3(12, w[0]); Block_Y_12_3();
- Ry_1(13, w[1]); Block_Y_12_4(); Ry_2(13, w[1]);
- Block_Y_12_5(); Ry_3(13, w[1]); Block_Y_12_6();
- Ry_1(14, w[2]); Block_Y_12_7(); Ry_2(14, w[2]);
- Block_Y_12_8(); Ry_3(14, w[2]); Block_Y_12_9();
- Ry_1(15, w[3]); Block_Y_12_10();Ry_2(15, w[3]);
- Block_Y_12_11();Ry_3(15, w[3]); Block_Y_12_12(w);
- }
-
- /* Add the working vars back into digest */
-
- sha384->digest[0] += a(0);
- sha384->digest[1] += b(0);
- sha384->digest[2] += c(0);
- sha384->digest[3] += d(0);
- sha384->digest[4] += e(0);
- sha384->digest[5] += f(0);
- sha384->digest[6] += g(0);
- sha384->digest[7] += h(0);
-
- /* Wipe variables */
- XMEMSET(T, 0, sizeof(T));
-
- return 0;
-}
-
-#endif
-
-#endif /* WOLFSSL_SHA384 */
-
-#endif /* HAVE_FIPS */
-
-#endif /* WOLFSSL_SHA512 */
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfcrypt/src/signature.c Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,347 @@
+/* signature.c
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/signature.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#ifndef NO_ASN
+#include <wolfssl/wolfcrypt/asn.h>
+#endif
+#ifdef HAVE_ECC
+#include <wolfssl/wolfcrypt/ecc.h>
+#endif
+#ifndef NO_RSA
+#include <wolfssl/wolfcrypt/rsa.h>
+#endif
+
+/* If ECC and RSA are disabled then disable signature wrapper */
+#if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(HAVE_ECC_SIGN) \
+ && !defined(HAVE_ECC_VERIFY))) && defined(NO_RSA)
+ #undef NO_SIG_WRAPPER
+ #define NO_SIG_WRAPPER
+#endif
+
+/* Signature wrapper disabled check */
+#ifndef NO_SIG_WRAPPER
+
+#if !defined(NO_RSA) && !defined(NO_ASN)
+static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte** hash_data,
+ word32* hash_len)
+{
+ int ret = wc_HashGetOID(hash_type);
+ if (ret > 0) {
+ int oid = ret;
+
+ /* Allocate buffer for hash and max DER encoded */
+ word32 digest_len = *hash_len + MAX_DER_DIGEST_SZ;
+ byte *digest_buf = (byte*)XMALLOC(digest_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (digest_buf) {
+ ret = wc_EncodeSignature(digest_buf, *hash_data, *hash_len, oid);
+ if (ret > 0) {
+ digest_len = ret;
+
+ /* Replace hash with digest (DER encoding + hash) */
+ XFREE(*hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ *hash_data = digest_buf;
+ *hash_len = digest_len;
+ }
+ else {
+ XFREE(digest_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ }
+ }
+ else {
+ ret = MEMORY_E;
+ }
+ }
+ return ret;
+}
+#endif /* !NO_RSA && !NO_ASN */
+
+int wc_SignatureGetSize(enum wc_SignatureType sig_type,
+ const void* key, word32 key_len)
+{
+ int sig_len = BAD_FUNC_ARG;
+
+ /* Suppress possible unused args if all signature types are disabled */
+ (void)key;
+ (void)key_len;
+
+ switch(sig_type) {
+ case WC_SIGNATURE_TYPE_ECC:
+#ifdef HAVE_ECC
+ /* Santity check that void* key is at least ecc_key in size */
+ if (key_len >= sizeof(ecc_key)) {
+ sig_len = wc_ecc_sig_size((ecc_key*)key);
+ }
+ else {
+ WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size");
+ }
+#else
+ sig_len = SIG_TYPE_E;
+#endif
+ break;
+
+ case WC_SIGNATURE_TYPE_RSA_W_ENC:
+ case WC_SIGNATURE_TYPE_RSA:
+#ifndef NO_RSA
+ /* Santity check that void* key is at least RsaKey in size */
+ if (key_len >= sizeof(RsaKey)) {
+ sig_len = wc_RsaEncryptSize((RsaKey*)key);
+ }
+ else {
+ WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size");
+ }
+#else
+ sig_len = SIG_TYPE_E;
+#endif
+ break;
+
+ case WC_SIGNATURE_TYPE_NONE:
+ default:
+ sig_len = BAD_FUNC_ARG;
+ break;
+ }
+ return sig_len;
+}
+
+int wc_SignatureVerify(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* data, word32 data_len,
+ const byte* sig, word32 sig_len,
+ const void* key, word32 key_len)
+{
+ int ret;
+ word32 hash_len;
+ byte *hash_data = NULL;
+
+ /* Check arguments */
+ if (data == NULL || data_len <= 0 || sig == NULL || sig_len <= 0 ||
+ key == NULL || key_len <= 0) {
+ return BAD_FUNC_ARG;
+ }
+
+ /* Validate signature len (1 to max is okay) */
+ if ((int)sig_len > wc_SignatureGetSize(sig_type, key, key_len)) {
+ WOLFSSL_MSG("wc_SignatureVerify: Invalid sig type/len");
+ return BAD_FUNC_ARG;
+ }
+
+ /* Validate hash size */
+ ret = wc_HashGetDigestSize(hash_type);
+ if (ret < 0) {
+ WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len");
+ return ret;
+ }
+ hash_len = ret;
+
+ /* Allocate temporary buffer for hash data */
+ hash_data = (byte*)XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (hash_data == NULL) {
+ return MEMORY_E;
+ }
+
+ /* Perform hash of data */
+ ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len);
+ if(ret == 0) {
+ /* Verify signature using hash as data */
+ switch(sig_type) {
+ case WC_SIGNATURE_TYPE_ECC:
+ {
+#if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY)
+ int is_valid_sig = 0;
+
+ /* Perform verification of signature using provided ECC key */
+ ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len, &is_valid_sig, (ecc_key*)key);
+ if (ret != 0 || is_valid_sig != 1) {
+ ret = SIG_VERIFY_E;
+ }
+#else
+ ret = SIG_TYPE_E;
+#endif
+ break;
+ }
+
+ case WC_SIGNATURE_TYPE_RSA_W_ENC:
+#if defined(NO_RSA) || defined(NO_ASN)
+ ret = SIG_TYPE_E;
+ break;
+#else
+ ret = wc_SignatureDerEncode(hash_type, &hash_data, &hash_len);
+ /* Check for error */
+ if (ret < 0) {
+ break;
+ }
+ /* Otherwise fall-through and perform normal RSA verify against updated
+ * DER encoding + hash */
+#endif
+
+ case WC_SIGNATURE_TYPE_RSA:
+ {
+#ifndef NO_RSA
+ word32 plain_len = hash_len;
+ byte *plain_data;
+
+ /* Make sure the plain text output is at least key size */
+ if (plain_len < sig_len) {
+ plain_len = sig_len;
+ }
+ plain_data = (byte*)XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (plain_data) {
+ /* Perform verification of signature using provided RSA key */
+ ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, plain_len,
+ (RsaKey*)key);
+ if (ret >= 0) {
+ if ((word32)ret == hash_len &&
+ XMEMCMP(plain_data, hash_data, hash_len) == 0) {
+ ret = 0; /* Success */
+ }
+ else {
+ WOLFSSL_MSG("RSA Signature Verify difference!");
+ ret = SIG_VERIFY_E;
+ }
+ }
+ XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ }
+ else {
+ ret = MEMORY_E;
+ }
+#else
+ ret = SIG_TYPE_E;
+#endif
+ break;
+ }
+
+ case WC_SIGNATURE_TYPE_NONE:
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (hash_data) {
+ XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ }
+
+ return ret;
+}
+
+int wc_SignatureGenerate(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* data, word32 data_len,
+ byte* sig, word32 *sig_len,
+ const void* key, word32 key_len, WC_RNG* rng)
+{
+ int ret;
+ word32 hash_len;
+ byte *hash_data = NULL;
+
+ /* Suppress possible unused arg if all signature types are disabled */
+ (void)rng;
+
+ /* Check arguments */
+ if (data == NULL || data_len <= 0 || sig == NULL || sig_len == NULL ||
+ *sig_len <= 0 || key == NULL || key_len <= 0) {
+ return BAD_FUNC_ARG;
+ }
+
+ /* Validate signature len (needs to be at least max) */
+ if ((int)*sig_len < wc_SignatureGetSize(sig_type, key, key_len)) {
+ WOLFSSL_MSG("wc_SignatureGenerate: Invalid sig type/len");
+ return BAD_FUNC_ARG;
+ }
+
+ /* Validate hash size */
+ ret = wc_HashGetDigestSize(hash_type);
+ if (ret < 0) {
+ WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len");
+ return ret;
+ }
+ hash_len = ret;
+
+ /* Allocate temporary buffer for hash data */
+ hash_data = (byte*)XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (hash_data == NULL) {
+ return MEMORY_E;
+ }
+
+ /* Perform hash of data */
+ ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len);
+ if (ret == 0) {
+ /* Create signature using hash as data */
+ switch(sig_type) {
+ case WC_SIGNATURE_TYPE_ECC:
+#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
+ /* Create signature using provided ECC key */
+ ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key);
+#else
+ ret = SIG_TYPE_E;
+#endif
+ break;
+
+ case WC_SIGNATURE_TYPE_RSA_W_ENC:
+#if defined(NO_RSA) || defined(NO_ASN)
+ ret = SIG_TYPE_E;
+ break;
+#else
+ ret = wc_SignatureDerEncode(hash_type, &hash_data, &hash_len);
+ /* Check for error */
+ if (ret < 0) {
+ break;
+ }
+ /* Otherwise fall-through and perform normal RSA sign against updated
+ * DER encoding + hash */
+#endif
+
+ case WC_SIGNATURE_TYPE_RSA:
+#ifndef NO_RSA
+ /* Create signature using provided RSA key */
+ ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, (RsaKey*)key, rng);
+ if (ret >= 0) {
+ *sig_len = ret;
+ ret = 0; /* Success */
+ }
+#else
+ ret = SIG_TYPE_E;
+#endif
+ break;
+
+ case WC_SIGNATURE_TYPE_NONE:
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ }
+
+ if (hash_data) {
+ XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ }
+
+ return ret;
+}
+
+#endif /* NO_SIG_WRAPPER */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfcrypt/src/srp.c Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,740 @@
+/* srp.c
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFCRYPT_HAVE_SRP
+
+#include <wolfssl/wolfcrypt/srp.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+ #include <wolfssl/wolfcrypt/misc.h>
+#else
+ #include <wolfcrypt/src/misc.c>
+#endif
+
+/** Computes the session key using the Mask Generation Function 1. */
+static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size);
+
+static int SrpHashInit(SrpHash* hash, SrpType type)
+{
+ hash->type = type;
+
+ switch (type) {
+ case SRP_TYPE_SHA:
+ #ifndef NO_SHA
+ return wc_InitSha(&hash->data.sha);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA256:
+ #ifndef NO_SHA256
+ return wc_InitSha256(&hash->data.sha256);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA384:
+ #ifdef WOLFSSL_SHA384
+ return wc_InitSha384(&hash->data.sha384);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA512:
+ #ifdef WOLFSSL_SHA512
+ return wc_InitSha512(&hash->data.sha512);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ default:
+ return BAD_FUNC_ARG;
+ }
+}
+
+static int SrpHashUpdate(SrpHash* hash, const byte* data, word32 size)
+{
+ switch (hash->type) {
+ case SRP_TYPE_SHA:
+ #ifndef NO_SHA
+ return wc_ShaUpdate(&hash->data.sha, data, size);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA256:
+ #ifndef NO_SHA256
+ return wc_Sha256Update(&hash->data.sha256, data, size);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA384:
+ #ifdef WOLFSSL_SHA384
+ return wc_Sha384Update(&hash->data.sha384, data, size);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA512:
+ #ifdef WOLFSSL_SHA512
+ return wc_Sha512Update(&hash->data.sha512, data, size);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ default:
+ return BAD_FUNC_ARG;
+ }
+}
+
+static int SrpHashFinal(SrpHash* hash, byte* digest)
+{
+ switch (hash->type) {
+ case SRP_TYPE_SHA:
+ #ifndef NO_SHA
+ return wc_ShaFinal(&hash->data.sha, digest);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA256:
+ #ifndef NO_SHA256
+ return wc_Sha256Final(&hash->data.sha256, digest);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA384:
+ #ifdef WOLFSSL_SHA384
+ return wc_Sha384Final(&hash->data.sha384, digest);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ case SRP_TYPE_SHA512:
+ #ifdef WOLFSSL_SHA512
+ return wc_Sha512Final(&hash->data.sha512, digest);
+ #else
+ return BAD_FUNC_ARG;
+ #endif
+
+ default:
+ return BAD_FUNC_ARG;
+ }
+}
+
+static word32 SrpHashSize(SrpType type)
+{
+ switch (type) {
+ case SRP_TYPE_SHA:
+ #ifndef NO_SHA
+ return SHA_DIGEST_SIZE;
+ #else
+ return 0;
+ #endif
+
+ case SRP_TYPE_SHA256:
+ #ifndef NO_SHA256
+ return SHA256_DIGEST_SIZE;
+ #else
+ return 0;
+ #endif
+
+ case SRP_TYPE_SHA384:
+ #ifdef WOLFSSL_SHA384
+ return SHA384_DIGEST_SIZE;
+ #else
+ return 0;
+ #endif
+
+ case SRP_TYPE_SHA512:
+ #ifdef WOLFSSL_SHA512
+ return SHA512_DIGEST_SIZE;
+ #else
+ return 0;
+ #endif
+
+ default:
+ return 0;
+ }
+}
+
+int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
+{
+ int r;
+
+ /* validating params */
+
+ if (!srp)
+ return BAD_FUNC_ARG;
+
+ if (side != SRP_CLIENT_SIDE && side != SRP_SERVER_SIDE)
+ return BAD_FUNC_ARG;
+
+ switch (type) {
+ case SRP_TYPE_SHA:
+ #ifdef NO_SHA
+ return NOT_COMPILED_IN;
+ #else
+ break; /* OK */
+ #endif
+
+ case SRP_TYPE_SHA256:
+ #ifdef NO_SHA256
+ return NOT_COMPILED_IN;
+ #else
+ break; /* OK */
+ #endif
+
+ case SRP_TYPE_SHA384:
+ #ifndef WOLFSSL_SHA384
+ return NOT_COMPILED_IN;
+ #else
+ break; /* OK */
+ #endif
+
+ case SRP_TYPE_SHA512:
+ #ifndef WOLFSSL_SHA512
+ return NOT_COMPILED_IN;
+ #else
+ break; /* OK */
+ #endif
+
+ default:
+ return BAD_FUNC_ARG;
+ }
+
+ /* initializing variables */
+
+ XMEMSET(srp, 0, sizeof(Srp));
+
+ if ((r = SrpHashInit(&srp->client_proof, type)) != 0)
+ return r;
+
+ if ((r = SrpHashInit(&srp->server_proof, type)) != 0)
+ return r;
+
+ if ((r = mp_init_multi(&srp->N, &srp->g, &srp->auth,
+ &srp->priv, 0, 0)) != 0)
+ return r;
+
+ srp->side = side; srp->type = type;
+ srp->salt = NULL; srp->saltSz = 0;
+ srp->user = NULL; srp->userSz = 0;
+ srp->key = NULL; srp->keySz = 0;
+
+ srp->keyGenFunc_cb = wc_SrpSetKey;
+
+ return 0;
+}
+
+void wc_SrpTerm(Srp* srp)
+{
+ if (srp) {
+ mp_clear(&srp->N); mp_clear(&srp->g);
+ mp_clear(&srp->auth); mp_clear(&srp->priv);
+
+ ForceZero(srp->salt, srp->saltSz);
+ XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
+ ForceZero(srp->user, srp->userSz);
+ XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP);
+ ForceZero(srp->key, srp->keySz);
+ XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP);
+
+ ForceZero(srp, sizeof(Srp));
+ }
+}
+
+int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
+{
+ if (!srp || !username)
+ return BAD_FUNC_ARG;
+
+ srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP);
+ if (srp->user == NULL)
+ return MEMORY_E;
+
+ srp->userSz = size;
+ XMEMCPY(srp->user, username, srp->userSz);
+
+ return 0;
+}
+
+int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
+ const byte* g, word32 gSz,
+ const byte* salt, word32 saltSz)
+{
+ SrpHash hash;
+ byte digest1[SRP_MAX_DIGEST_SIZE];
+ byte digest2[SRP_MAX_DIGEST_SIZE];
+ byte pad = 0;
+ int i, j, r;
+
+ if (!srp || !N || !g || !salt || nSz < gSz)
+ return BAD_FUNC_ARG;
+
+ if (!srp->user)
+ return SRP_CALL_ORDER_E;
+
+ /* Set N */
+ if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
+ return MP_READ_E;
+
+ if (mp_count_bits(&srp->N) < SRP_DEFAULT_MIN_BITS)
+ return BAD_FUNC_ARG;
+
+ /* Set g */
+ if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
+ return MP_READ_E;
+
+ if (mp_cmp(&srp->N, &srp->g) != MP_GT)
+ return BAD_FUNC_ARG;
+
+ /* Set salt */
+ if (srp->salt) {
+ ForceZero(srp->salt, srp->saltSz);
+ XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
+ }
+
+ srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP);
+ if (srp->salt == NULL)
+ return MEMORY_E;
+
+ XMEMCPY(srp->salt, salt, saltSz);
+ srp->saltSz = saltSz;
+
+ /* Set k = H(N, g) */
+ r = SrpHashInit(&hash, srp->type);
+ if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
+ for (i = 0; (word32)i < nSz - gSz; i++)
+ SrpHashUpdate(&hash, &pad, 1);
+ if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
+ if (!r) r = SrpHashFinal(&hash, srp->k);
+
+ /* update client proof */
+
+ /* digest1 = H(N) */
+ if (!r) r = SrpHashInit(&hash, srp->type);
+ if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
+ if (!r) r = SrpHashFinal(&hash, digest1);
+
+ /* digest2 = H(g) */
+ if (!r) r = SrpHashInit(&hash, srp->type);
+ if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
+ if (!r) r = SrpHashFinal(&hash, digest2);
+
+ /* digest1 = H(N) ^ H(g) */
+ if (r == 0) {
+ for (i = 0, j = SrpHashSize(srp->type); i < j; i++)
+ digest1[i] ^= digest2[i];
+ }
+
+ /* digest2 = H(user) */
+ if (!r) r = SrpHashInit(&hash, srp->type);
+ if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
+ if (!r) r = SrpHashFinal(&hash, digest2);
+
+ /* client proof = H( H(N) ^ H(g) | H(user) | salt) */
+ if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j);
+ if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j);
+ if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz);
+
+ return r;
+}
+
+int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
+{
+ SrpHash hash;
+ byte digest[SRP_MAX_DIGEST_SIZE];
+ word32 digestSz;
+ int r;
+
+ if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
+ return BAD_FUNC_ARG;
+
+ if (!srp->salt)
+ return SRP_CALL_ORDER_E;
+
+ digestSz = SrpHashSize(srp->type);
+
+ /* digest = H(username | ':' | password) */
+ r = SrpHashInit(&hash, srp->type);
+ if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
+ if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1);
+ if (!r) r = SrpHashUpdate(&hash, password, size);
+ if (!r) r = SrpHashFinal(&hash, digest);
+
+ /* digest = H(salt | H(username | ':' | password)) */
+ if (!r) r = SrpHashInit(&hash, srp->type);
+ if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
+ if (!r) r = SrpHashUpdate(&hash, digest, digestSz);
+ if (!r) r = SrpHashFinal(&hash, digest);
+
+ /* Set x (private key) */
+ if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz);
+
+ ForceZero(digest, SRP_MAX_DIGEST_SIZE);
+
+ return r;
+}
+
+int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
+{
+ mp_int v;
+ int r;
+
+ if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE)
+ return BAD_FUNC_ARG;
+
+ if (mp_iszero(&srp->auth))
+ return SRP_CALL_ORDER_E;
+
+ r = mp_init(&v);
+ if (r != MP_OKAY)
+ return MP_INIT_E;
+
+ /* v = g ^ x % N */
+ if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v);
+ if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
+ if (!r) r = mp_to_unsigned_bin(&v, verifier);
+ if (!r) *size = mp_unsigned_bin_size(&v);
+
+ mp_clear(&v);
+
+ return r;
+}
+
+int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
+{
+ if (!srp || !verifier || srp->side != SRP_SERVER_SIDE)
+ return BAD_FUNC_ARG;
+
+ return mp_read_unsigned_bin(&srp->auth, verifier, size);
+}
+
+int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
+{
+ mp_int p;
+ int r;
+
+ if (!srp || !private || !size)
+ return BAD_FUNC_ARG;
+
+ if (mp_iszero(&srp->auth))
+ return SRP_CALL_ORDER_E;
+
+ r = mp_init(&p);
+ if (r != MP_OKAY)
+ return MP_INIT_E;
+ if (!r) r = mp_read_unsigned_bin(&p, private, size);
+ if (!r) r = mp_mod(&p, &srp->N, &srp->priv);
+ if (!r) r = mp_iszero(&srp->priv) ? SRP_BAD_KEY_E : 0;
+
+ mp_clear(&p);
+
+ return r;
+}
+
+/** Generates random data using wolfcrypt RNG. */
+static int wc_SrpGenPrivate(Srp* srp, byte* priv, word32 size)
+{
+ WC_RNG rng;
+ int r = wc_InitRng(&rng);
+
+ if (!r) r = wc_RNG_GenerateBlock(&rng, priv, size);
+ if (!r) r = wc_SrpSetPrivate(srp, priv, size);
+ if (!r) wc_FreeRng(&rng);
+
+ return r;
+}
+
+int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
+{
+ mp_int pubkey;
+ word32 modulusSz;
+ int r;
+
+ if (!srp || !pub || !size)
+ return BAD_FUNC_ARG;
+
+ if (mp_iszero(&srp->auth))
+ return SRP_CALL_ORDER_E;
+
+ modulusSz = mp_unsigned_bin_size(&srp->N);
+ if (*size < modulusSz)
+ return BUFFER_E;
+
+ r = mp_init(&pubkey);
+ if (r != MP_OKAY)
+ return MP_INIT_E;
+
+ /* priv = random() */
+ if (mp_iszero(&srp->priv))
+ r = wc_SrpGenPrivate(srp, pub, modulusSz);
+
+ /* client side: A = g ^ a % N */
+ if (srp->side == SRP_CLIENT_SIDE) {
+ if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
+
+ /* server side: B = (k * v + (g ^ b % N)) % N */
+ } else {
+ mp_int i, j;
+
+ if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
+ if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
+ if (!r) r = mp_iszero(&i) ? SRP_BAD_KEY_E : 0;
+ if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
+ if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j);
+ if (!r) r = mp_add(&j, &pubkey, &i);
+ if (!r) r = mp_mod(&i, &srp->N, &pubkey);
+
+ mp_clear(&i); mp_clear(&j);
+ }
+ }
+
+ /* extract public key to buffer */
+ XMEMSET(pub, 0, modulusSz);
+ if (!r) r = mp_to_unsigned_bin(&pubkey, pub);
+ if (!r) *size = mp_unsigned_bin_size(&pubkey);
+ mp_clear(&pubkey);
+
+ return r;
+}
+
+static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
+{
+ SrpHash hash;
+ byte digest[SRP_MAX_DIGEST_SIZE];
+ word32 i, j, digestSz = SrpHashSize(srp->type);
+ byte counter[4];
+ int r = BAD_FUNC_ARG;
+
+ srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP);
+ if (srp->key == NULL)
+ return MEMORY_E;
+
+ srp->keySz = 2 * digestSz;
+
+ for (i = j = 0; j < srp->keySz; i++) {
+ counter[0] = (i >> 24) & 0xFF;
+ counter[1] = (i >> 16) & 0xFF;
+ counter[2] = (i >> 8) & 0xFF;
+ counter[3] = i & 0xFF;
+
+ r = SrpHashInit(&hash, srp->type);
+ if (!r) r = SrpHashUpdate(&hash, secret, size);
+ if (!r) r = SrpHashUpdate(&hash, counter, 4);
+
+ if(j + digestSz > srp->keySz) {
+ if (!r) r = SrpHashFinal(&hash, digest);
+ XMEMCPY(srp->key + j, digest, srp->keySz - j);
+ j = srp->keySz;
+ }
+ else {
+ if (!r) r = SrpHashFinal(&hash, srp->key + j);
+ j += digestSz;
+ }
+ }
+
+ ForceZero(digest, sizeof(digest));
+ ForceZero(&hash, sizeof(SrpHash));
+
+ return r;
+}
+
+int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
+ byte* serverPubKey, word32 serverPubKeySz)
+{
+ SrpHash hash;
+ byte *secret;
+ byte digest[SRP_MAX_DIGEST_SIZE];
+ word32 i, secretSz, digestSz;
+ mp_int u, s, temp1, temp2;
+ byte pad = 0;
+ int r;
+
+ /* validating params */
+
+ if (!srp || !clientPubKey || clientPubKeySz == 0
+ || !serverPubKey || serverPubKeySz == 0)
+ return BAD_FUNC_ARG;
+
+ if (mp_iszero(&srp->priv))
+ return SRP_CALL_ORDER_E;
+
+ /* initializing variables */
+
+ if ((r = SrpHashInit(&hash, srp->type)) != 0)
+ return r;
+
+ digestSz = SrpHashSize(srp->type);
+ secretSz = mp_unsigned_bin_size(&srp->N);
+
+ if ((secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP)) == NULL)
+ return MEMORY_E;
+
+ if ((r = mp_init_multi(&u, &s, &temp1, &temp2, 0, 0)) != MP_OKAY) {
+ XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
+ return r;
+ }
+
+ /* building u (random scrambling parameter) */
+
+ /* H(A) */
+ for (i = 0; !r && i < secretSz - clientPubKeySz; i++)
+ r = SrpHashUpdate(&hash, &pad, 1);
+ if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz);
+
+ /* H(A | B) */
+ for (i = 0; !r && i < secretSz - serverPubKeySz; i++)
+ r = SrpHashUpdate(&hash, &pad, 1);
+ if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz);
+
+ /* set u */
+ if (!r) r = SrpHashFinal(&hash, digest);
+ if (!r) r = mp_read_unsigned_bin(&u, digest, SrpHashSize(srp->type));
+
+ /* building s (secret) */
+
+ if (!r && srp->side == SRP_CLIENT_SIDE) {
+
+ /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */
+ r = mp_read_unsigned_bin(&temp1, srp->k, digestSz);
+ if (!r) r = mp_iszero(&temp1) ? SRP_BAD_KEY_E : 0;
+ if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &temp2);
+ if (!r) r = mp_mulmod(&temp1, &temp2, &srp->N, &s);
+ if (!r) r = mp_read_unsigned_bin(&temp2, serverPubKey, serverPubKeySz);
+ if (!r) r = mp_iszero(&temp2) ? SRP_BAD_KEY_E : 0;
+ if (!r) r = mp_cmp(&temp2, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0;
+ if (!r) r = mp_sub(&temp2, &s, &temp1);
+
+ /* temp2 = a + u * x */
+ if (!r) r = mp_mulmod(&u, &srp->auth, &srp->N, &s);
+ if (!r) r = mp_add(&srp->priv, &s, &temp2);
+
+ /* secret = temp1 ^ temp2 % N */
+ if (!r) r = mp_exptmod(&temp1, &temp2, &srp->N, &s);
+
+ } else if (!r && srp->side == SRP_SERVER_SIDE) {
+ /* temp1 = v ^ u % N */
+ r = mp_exptmod(&srp->auth, &u, &srp->N, &temp1);
+
+ /* temp2 = A * temp1 % N; rejects A == 0, A >= N */
+ if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz);
+ if (!r) r = mp_iszero(&s) ? SRP_BAD_KEY_E : 0;
+ if (!r) r = mp_cmp(&s, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0;
+ if (!r) r = mp_mulmod(&s, &temp1, &srp->N, &temp2);
+
+ /* rejects A * v ^ u % N >= 1, A * v ^ u % N == -1 % N */
+ if (!r) r = mp_read_unsigned_bin(&temp1, (const byte*)"\001", 1);
+ if (!r) r = mp_cmp(&temp2, &temp1) != MP_GT ? SRP_BAD_KEY_E : 0;
+ if (!r) r = mp_sub(&srp->N, &temp1, &s);
+ if (!r) r = mp_cmp(&temp2, &s) == MP_EQ ? SRP_BAD_KEY_E : 0;
+
+ /* secret = temp2 * b % N */
+ if (!r) r = mp_exptmod(&temp2, &srp->priv, &srp->N, &s);
+ }
+
+ /* building session key from secret */
+
+ if (!r) r = mp_to_unsigned_bin(&s, secret);
+ if (!r) r = srp->keyGenFunc_cb(srp, secret, mp_unsigned_bin_size(&s));
+
+ /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
+
+ if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz);
+ if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz);
+ if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, srp->keySz);
+
+ /* updating server proof = H(A) */
+
+ if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz);
+
+ XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
+ mp_clear(&u); mp_clear(&s); mp_clear(&temp1); mp_clear(&temp2);
+
+ return r;
+}
+
+int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
+{
+ int r;
+
+ if (!srp || !proof || !size)
+ return BAD_FUNC_ARG;
+
+ if (*size < SrpHashSize(srp->type))
+ return BUFFER_E;
+
+ if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE
+ ? &srp->client_proof
+ : &srp->server_proof, proof)) != 0)
+ return r;
+
+ *size = SrpHashSize(srp->type);
+
+ if (srp->side == SRP_CLIENT_SIDE) {
+ /* server proof = H( A | client proof | K) */
+ if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size);
+ if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz);
+ }
+
+ return r;
+}
+
+int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
+{
+ byte digest[SRP_MAX_DIGEST_SIZE];
+ int r;
+
+ if (!srp || !proof)
+ return BAD_FUNC_ARG;
+
+ if (size != SrpHashSize(srp->type))
+ return BUFFER_E;
+
+ r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof
+ : &srp->client_proof, digest);
+
+ if (srp->side == SRP_SERVER_SIDE) {
+ /* server proof = H( A | client proof | K) */
+ if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size);
+ if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz);
+ }
+
+ if (!r && XMEMCMP(proof, digest, size) != 0)
+ r = SRP_VERIFY_E;
+
+ return r;
+}
+
+#endif /* WOLFCRYPT_HAVE_SRP */
+
--- a/wolfcrypt/src/tfm.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2702 +0,0 @@
-/* tfm.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/*
- * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
- * http://math.libtomcrypt.com
- */
-
-/**
- * Edited by Moisés Guimarães (moisesguimaraesm@gmail.com)
- * to fit CyaSSL's needs.
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-/* in case user set USE_FAST_MATH there */
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef USE_FAST_MATH
-
-#include <wolfssl/wolfcrypt/tfm.h>
-#include <wolfcrypt/src/asm.c> /* will define asm MACROS or C ones */
-
-
-/* math settings check */
-word32 CheckRunTimeSettings(void)
-{
- return CTC_SETTINGS;
-}
-
-
-/* math settings size check */
-word32 CheckRunTimeFastMath(void)
-{
- return FP_SIZE;
-}
-
-
-/* Functions */
-
-void fp_add(fp_int *a, fp_int *b, fp_int *c)
-{
- int sa, sb;
-
- /* get sign of both inputs */
- sa = a->sign;
- sb = b->sign;
-
- /* handle two cases, not four */
- if (sa == sb) {
- /* both positive or both negative */
- /* add their magnitudes, copy the sign */
- c->sign = sa;
- s_fp_add (a, b, c);
- } else {
- /* one positive, the other negative */
- /* subtract the one with the greater magnitude from */
- /* the one of the lesser magnitude. The result gets */
- /* the sign of the one with the greater magnitude. */
- if (fp_cmp_mag (a, b) == FP_LT) {
- c->sign = sb;
- s_fp_sub (b, a, c);
- } else {
- c->sign = sa;
- s_fp_sub (a, b, c);
- }
- }
-}
-
-/* unsigned addition */
-void s_fp_add(fp_int *a, fp_int *b, fp_int *c)
-{
- int x, y, oldused;
- register fp_word t;
-
- y = MAX(a->used, b->used);
- oldused = MIN(c->used, FP_SIZE); /* help static analysis w/ largest size */
- c->used = y;
-
- t = 0;
- for (x = 0; x < y; x++) {
- t += ((fp_word)a->dp[x]) + ((fp_word)b->dp[x]);
- c->dp[x] = (fp_digit)t;
- t >>= DIGIT_BIT;
- }
- if (t != 0 && x < FP_SIZE) {
- c->dp[c->used++] = (fp_digit)t;
- ++x;
- }
-
- c->used = x;
- for (; x < oldused; x++) {
- c->dp[x] = 0;
- }
- fp_clamp(c);
-}
-
-/* c = a - b */
-void fp_sub(fp_int *a, fp_int *b, fp_int *c)
-{
- int sa, sb;
-
- sa = a->sign;
- sb = b->sign;
-
- if (sa != sb) {
- /* subtract a negative from a positive, OR */
- /* subtract a positive from a negative. */
- /* In either case, ADD their magnitudes, */
- /* and use the sign of the first number. */
- c->sign = sa;
- s_fp_add (a, b, c);
- } else {
- /* subtract a positive from a positive, OR */
- /* subtract a negative from a negative. */
- /* First, take the difference between their */
- /* magnitudes, then... */
- if (fp_cmp_mag (a, b) != FP_LT) {
- /* Copy the sign from the first */
- c->sign = sa;
- /* The first has a larger or equal magnitude */
- s_fp_sub (a, b, c);
- } else {
- /* The result has the *opposite* sign from */
- /* the first number. */
- c->sign = (sa == FP_ZPOS) ? FP_NEG : FP_ZPOS;
- /* The second has a larger magnitude */
- s_fp_sub (b, a, c);
- }
- }
-}
-
-/* unsigned subtraction ||a|| >= ||b|| ALWAYS! */
-void s_fp_sub(fp_int *a, fp_int *b, fp_int *c)
-{
- int x, oldbused, oldused;
- fp_word t;
-
- oldused = c->used;
- oldbused = b->used;
- c->used = a->used;
- t = 0;
- for (x = 0; x < oldbused; x++) {
- t = ((fp_word)a->dp[x]) - (((fp_word)b->dp[x]) + t);
- c->dp[x] = (fp_digit)t;
- t = (t >> DIGIT_BIT)&1;
- }
- for (; x < a->used; x++) {
- t = ((fp_word)a->dp[x]) - t;
- c->dp[x] = (fp_digit)t;
- t = (t >> DIGIT_BIT)&1;
- }
- for (; x < oldused; x++) {
- c->dp[x] = 0;
- }
- fp_clamp(c);
-}
-
-/* c = a * b */
-void fp_mul(fp_int *A, fp_int *B, fp_int *C)
-{
- int y, yy;
-
- y = MAX(A->used, B->used);
- yy = MIN(A->used, B->used);
-
- /* call generic if we're out of range */
- if (y + yy > FP_SIZE) {
- fp_mul_comba(A, B, C);
- return ;
- }
-
- /* pick a comba (unrolled 4/8/16/32 x or rolled) based on the size
- of the largest input. We also want to avoid doing excess mults if the
- inputs are not close to the next power of two. That is, for example,
- if say y=17 then we would do (32-17)^2 = 225 unneeded multiplications
- */
-
-#ifdef TFM_MUL3
- if (y <= 3) {
- fp_mul_comba3(A,B,C);
- return;
- }
-#endif
-#ifdef TFM_MUL4
- if (y == 4) {
- fp_mul_comba4(A,B,C);
- return;
- }
-#endif
-#ifdef TFM_MUL6
- if (y <= 6) {
- fp_mul_comba6(A,B,C);
- return;
- }
-#endif
-#ifdef TFM_MUL7
- if (y == 7) {
- fp_mul_comba7(A,B,C);
- return;
- }
-#endif
-#ifdef TFM_MUL8
- if (y == 8) {
- fp_mul_comba8(A,B,C);
- return;
- }
-#endif
-#ifdef TFM_MUL9
- if (y == 9) {
- fp_mul_comba9(A,B,C);
- return;
- }
-#endif
-#ifdef TFM_MUL12
- if (y <= 12) {
- fp_mul_comba12(A,B,C);
- return;
- }
-#endif
-#ifdef TFM_MUL17
- if (y <= 17) {
- fp_mul_comba17(A,B,C);
- return;
- }
-#endif
-
-#ifdef TFM_SMALL_SET
- if (y <= 16) {
- fp_mul_comba_small(A,B,C);
- return;
- }
-#endif
-#if defined(TFM_MUL20)
- if (y <= 20) {
- fp_mul_comba20(A,B,C);
- return;
- }
-#endif
-#if defined(TFM_MUL24)
- if (yy >= 16 && y <= 24) {
- fp_mul_comba24(A,B,C);
- return;
- }
-#endif
-#if defined(TFM_MUL28)
- if (yy >= 20 && y <= 28) {
- fp_mul_comba28(A,B,C);
- return;
- }
-#endif
-#if defined(TFM_MUL32)
- if (yy >= 24 && y <= 32) {
- fp_mul_comba32(A,B,C);
- return;
- }
-#endif
-#if defined(TFM_MUL48)
- if (yy >= 40 && y <= 48) {
- fp_mul_comba48(A,B,C);
- return;
- }
-#endif
-#if defined(TFM_MUL64)
- if (yy >= 56 && y <= 64) {
- fp_mul_comba64(A,B,C);
- return;
- }
-#endif
- fp_mul_comba(A,B,C);
-}
-
-void fp_mul_2(fp_int * a, fp_int * b)
-{
- int x, oldused;
-
- oldused = b->used;
- b->used = a->used;
-
- {
- register fp_digit r, rr, *tmpa, *tmpb;
-
- /* alias for source */
- tmpa = a->dp;
-
- /* alias for dest */
- tmpb = b->dp;
-
- /* carry */
- r = 0;
- for (x = 0; x < a->used; x++) {
-
- /* get what will be the *next* carry bit from the
- * MSB of the current digit
- */
- rr = *tmpa >> ((fp_digit)(DIGIT_BIT - 1));
-
- /* now shift up this digit, add in the carry [from the previous] */
- *tmpb++ = ((*tmpa++ << ((fp_digit)1)) | r);
-
- /* copy the carry that would be from the source
- * digit into the next iteration
- */
- r = rr;
- }
-
- /* new leading digit? */
- if (r != 0 && b->used != (FP_SIZE-1)) {
- /* add a MSB which is always 1 at this point */
- *tmpb = 1;
- ++(b->used);
- }
-
- /* now zero any excess digits on the destination
- * that we didn't write to
- */
- tmpb = b->dp + b->used;
- for (x = b->used; x < oldused; x++) {
- *tmpb++ = 0;
- }
- }
- b->sign = a->sign;
-}
-
-/* c = a * b */
-void fp_mul_d(fp_int *a, fp_digit b, fp_int *c)
-{
- fp_word w;
- int x, oldused;
-
- oldused = c->used;
- c->used = a->used;
- c->sign = a->sign;
- w = 0;
- for (x = 0; x < a->used; x++) {
- w = ((fp_word)a->dp[x]) * ((fp_word)b) + w;
- c->dp[x] = (fp_digit)w;
- w = w >> DIGIT_BIT;
- }
- if (w != 0 && (a->used != FP_SIZE)) {
- c->dp[c->used++] = (fp_digit) w;
- ++x;
- }
- for (; x < oldused; x++) {
- c->dp[x] = 0;
- }
- fp_clamp(c);
-}
-
-/* c = a * 2**d */
-void fp_mul_2d(fp_int *a, int b, fp_int *c)
-{
- fp_digit carry, carrytmp, shift;
- int x;
-
- /* copy it */
- fp_copy(a, c);
-
- /* handle whole digits */
- if (b >= DIGIT_BIT) {
- fp_lshd(c, b/DIGIT_BIT);
- }
- b %= DIGIT_BIT;
-
- /* shift the digits */
- if (b != 0) {
- carry = 0;
- shift = DIGIT_BIT - b;
- for (x = 0; x < c->used; x++) {
- carrytmp = c->dp[x] >> shift;
- c->dp[x] = (c->dp[x] << b) + carry;
- carry = carrytmp;
- }
- /* store last carry if room */
- if (carry && x < FP_SIZE) {
- c->dp[c->used++] = carry;
- }
- }
- fp_clamp(c);
-}
-
-/* generic PxQ multiplier */
-#if defined(HAVE_INTEL_MULX)
-
-INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
-
-{
- int ix, iy, iz, pa;
- fp_int tmp, *dst;
-
- /* get size of output and trim */
- pa = A->used + B->used;
- if (pa >= FP_SIZE) {
- pa = FP_SIZE-1;
- }
-
- if (A == C || B == C) {
- fp_init(&tmp);
- dst = &tmp;
- } else {
- fp_zero(C);
- dst = C;
- }
-
- TFM_INTEL_MUL_COMBA(A, B, dst) ;
-
- dst->used = pa;
- dst->sign = A->sign ^ B->sign;
- fp_clamp(dst);
- fp_copy(dst, C);
-}
-#endif
-
-void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
-{
- int ix, iy, iz, tx, ty, pa;
- fp_digit c0, c1, c2, *tmpx, *tmpy;
- fp_int tmp, *dst;
-
- IF_HAVE_INTEL_MULX(fp_mul_comba_mulx(A, B, C), return) ;
-
- COMBA_START;
- COMBA_CLEAR;
-
- /* get size of output and trim */
- pa = A->used + B->used;
- if (pa >= FP_SIZE) {
- pa = FP_SIZE-1;
- }
-
- if (A == C || B == C) {
- fp_init(&tmp);
- dst = &tmp;
- } else {
- fp_zero(C);
- dst = C;
- }
-
- for (ix = 0; ix < pa; ix++) {
- /* get offsets into the two bignums */
- ty = MIN(ix, B->used-1);
- tx = ix - ty;
-
- /* setup temp aliases */
- tmpx = A->dp + tx;
- tmpy = B->dp + ty;
-
- /* this is the number of times the loop will iterrate, essentially its
- while (tx++ < a->used && ty-- >= 0) { ... }
- */
- iy = MIN(A->used-tx, ty+1);
-
- /* execute loop */
- COMBA_FORWARD;
- for (iz = 0; iz < iy; ++iz) {
- /* TAO change COMBA_ADD back to MULADD */
- MULADD(*tmpx++, *tmpy--);
- }
-
- /* store term */
- COMBA_STORE(dst->dp[ix]);
- }
- COMBA_FINI;
-
- dst->used = pa;
- dst->sign = A->sign ^ B->sign;
- fp_clamp(dst);
- fp_copy(dst, C);
-}
-
-/* a/b => cb + d == a */
-int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
-{
- fp_int q, x, y, t1, t2;
- int n, t, i, norm, neg;
-
- /* is divisor zero ? */
- if (fp_iszero (b) == 1) {
- return FP_VAL;
- }
-
- /* if a < b then q=0, r = a */
- if (fp_cmp_mag (a, b) == FP_LT) {
- if (d != NULL) {
- fp_copy (a, d);
- }
- if (c != NULL) {
- fp_zero (c);
- }
- return FP_OKAY;
- }
-
- fp_init(&q);
- q.used = a->used + 2;
-
- fp_init(&t1);
- fp_init(&t2);
- fp_init_copy(&x, a);
- fp_init_copy(&y, b);
-
- /* fix the sign */
- neg = (a->sign == b->sign) ? FP_ZPOS : FP_NEG;
- x.sign = y.sign = FP_ZPOS;
-
- /* normalize both x and y, ensure that y >= b/2, [b == 2**DIGIT_BIT] */
- norm = fp_count_bits(&y) % DIGIT_BIT;
- if (norm < (int)(DIGIT_BIT-1)) {
- norm = (DIGIT_BIT-1) - norm;
- fp_mul_2d (&x, norm, &x);
- fp_mul_2d (&y, norm, &y);
- } else {
- norm = 0;
- }
-
- /* note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 */
- n = x.used - 1;
- t = y.used - 1;
-
- /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */
- fp_lshd (&y, n - t); /* y = y*b**{n-t} */
-
- while (fp_cmp (&x, &y) != FP_LT) {
- ++(q.dp[n - t]);
- fp_sub (&x, &y, &x);
- }
-
- /* reset y by shifting it back down */
- fp_rshd (&y, n - t);
-
- /* step 3. for i from n down to (t + 1) */
- for (i = n; i >= (t + 1); i--) {
- if (i > x.used) {
- continue;
- }
-
- /* step 3.1 if xi == yt then set q{i-t-1} to b-1,
- * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */
- if (x.dp[i] == y.dp[t]) {
- q.dp[i - t - 1] = (fp_digit) ((((fp_word)1) << DIGIT_BIT) - 1);
- } else {
- fp_word tmp;
- tmp = ((fp_word) x.dp[i]) << ((fp_word) DIGIT_BIT);
- tmp |= ((fp_word) x.dp[i - 1]);
- tmp /= ((fp_word)y.dp[t]);
- q.dp[i - t - 1] = (fp_digit) (tmp);
- }
-
- /* while (q{i-t-1} * (yt * b + y{t-1})) >
- xi * b**2 + xi-1 * b + xi-2
-
- do q{i-t-1} -= 1;
- */
- q.dp[i - t - 1] = (q.dp[i - t - 1] + 1);
- do {
- q.dp[i - t - 1] = (q.dp[i - t - 1] - 1);
-
- /* find left hand */
- fp_zero (&t1);
- t1.dp[0] = (t - 1 < 0) ? 0 : y.dp[t - 1];
- t1.dp[1] = y.dp[t];
- t1.used = 2;
- fp_mul_d (&t1, q.dp[i - t - 1], &t1);
-
- /* find right hand */
- t2.dp[0] = (i - 2 < 0) ? 0 : x.dp[i - 2];
- t2.dp[1] = (i - 1 < 0) ? 0 : x.dp[i - 1];
- t2.dp[2] = x.dp[i];
- t2.used = 3;
- } while (fp_cmp_mag(&t1, &t2) == FP_GT);
-
- /* step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} */
- fp_mul_d (&y, q.dp[i - t - 1], &t1);
- fp_lshd (&t1, i - t - 1);
- fp_sub (&x, &t1, &x);
-
- /* if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } */
- if (x.sign == FP_NEG) {
- fp_copy (&y, &t1);
- fp_lshd (&t1, i - t - 1);
- fp_add (&x, &t1, &x);
- q.dp[i - t - 1] = q.dp[i - t - 1] - 1;
- }
- }
-
- /* now q is the quotient and x is the remainder
- * [which we have to normalize]
- */
-
- /* get sign before writing to c */
- x.sign = x.used == 0 ? FP_ZPOS : a->sign;
-
- if (c != NULL) {
- fp_clamp (&q);
- fp_copy (&q, c);
- c->sign = neg;
- }
-
- if (d != NULL) {
- fp_div_2d (&x, norm, &x, NULL);
-
-/* the following is a kludge, essentially we were seeing the right remainder but
- with excess digits that should have been zero
- */
- for (i = b->used; i < x.used; i++) {
- x.dp[i] = 0;
- }
- fp_clamp(&x);
- fp_copy (&x, d);
- }
-
- return FP_OKAY;
-}
-
-/* b = a/2 */
-void fp_div_2(fp_int * a, fp_int * b)
-{
- int x, oldused;
-
- oldused = b->used;
- b->used = a->used;
- {
- register fp_digit r, rr, *tmpa, *tmpb;
-
- /* source alias */
- tmpa = a->dp + b->used - 1;
-
- /* dest alias */
- tmpb = b->dp + b->used - 1;
-
- /* carry */
- r = 0;
- for (x = b->used - 1; x >= 0; x--) {
- /* get the carry for the next iteration */
- rr = *tmpa & 1;
-
- /* shift the current digit, add in carry and store */
- *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1));
-
- /* forward carry to next iteration */
- r = rr;
- }
-
- /* zero excess digits */
- tmpb = b->dp + b->used;
- for (x = b->used; x < oldused; x++) {
- *tmpb++ = 0;
- }
- }
- b->sign = a->sign;
- fp_clamp (b);
-}
-
-/* c = a / 2**b */
-void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d)
-{
- int D;
- fp_int t;
-
- /* if the shift count is <= 0 then we do no work */
- if (b <= 0) {
- fp_copy (a, c);
- if (d != NULL) {
- fp_zero (d);
- }
- return;
- }
-
- fp_init(&t);
-
- /* get the remainder */
- if (d != NULL) {
- fp_mod_2d (a, b, &t);
- }
-
- /* copy */
- fp_copy(a, c);
-
- /* shift by as many digits in the bit count */
- if (b >= (int)DIGIT_BIT) {
- fp_rshd (c, b / DIGIT_BIT);
- }
-
- /* shift any bit count < DIGIT_BIT */
- D = (b % DIGIT_BIT);
- if (D != 0) {
- fp_rshb(c, D);
- }
- fp_clamp (c);
- if (d != NULL) {
- fp_copy (&t, d);
- }
-}
-
-/* c = a mod b, 0 <= c < b */
-int fp_mod(fp_int *a, fp_int *b, fp_int *c)
-{
- fp_int t;
- int err;
-
- fp_init(&t);
- if ((err = fp_div(a, b, NULL, &t)) != FP_OKAY) {
- return err;
- }
- if (t.sign != b->sign) {
- fp_add(&t, b, c);
- } else {
- fp_copy(&t, c);
- }
- return FP_OKAY;
-}
-
-/* c = a mod 2**d */
-void fp_mod_2d(fp_int *a, int b, fp_int *c)
-{
- int x;
-
- /* zero if count less than or equal to zero */
- if (b <= 0) {
- fp_zero(c);
- return;
- }
-
- /* get copy of input */
- fp_copy(a, c);
-
- /* if 2**d is larger than we just return */
- if (b >= (DIGIT_BIT * a->used)) {
- return;
- }
-
- /* zero digits above the last digit of the modulus */
- for (x = (b / DIGIT_BIT) + ((b % DIGIT_BIT) == 0 ? 0 : 1); x < c->used; x++) {
- c->dp[x] = 0;
- }
- /* clear the digit that is not completely outside/inside the modulus */
- c->dp[b / DIGIT_BIT] &= ~((fp_digit)0) >> (DIGIT_BIT - b);
- fp_clamp (c);
-}
-
-static int fp_invmod_slow (fp_int * a, fp_int * b, fp_int * c)
-{
- fp_int x, y, u, v, A, B, C, D;
- int res;
-
- /* b cannot be negative */
- if (b->sign == FP_NEG || fp_iszero(b) == 1) {
- return FP_VAL;
- }
-
- /* init temps */
- fp_init(&x); fp_init(&y);
- fp_init(&u); fp_init(&v);
- fp_init(&A); fp_init(&B);
- fp_init(&C); fp_init(&D);
-
- /* x = a, y = b */
- if ((res = fp_mod(a, b, &x)) != FP_OKAY) {
- return res;
- }
- fp_copy(b, &y);
-
- /* 2. [modified] if x,y are both even then return an error! */
- if (fp_iseven (&x) == 1 && fp_iseven (&y) == 1) {
- return FP_VAL;
- }
-
- /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
- fp_copy (&x, &u);
- fp_copy (&y, &v);
- fp_set (&A, 1);
- fp_set (&D, 1);
-
-top:
- /* 4. while u is even do */
- while (fp_iseven (&u) == 1) {
- /* 4.1 u = u/2 */
- fp_div_2 (&u, &u);
-
- /* 4.2 if A or B is odd then */
- if (fp_isodd (&A) == 1 || fp_isodd (&B) == 1) {
- /* A = (A+y)/2, B = (B-x)/2 */
- fp_add (&A, &y, &A);
- fp_sub (&B, &x, &B);
- }
- /* A = A/2, B = B/2 */
- fp_div_2 (&A, &A);
- fp_div_2 (&B, &B);
- }
-
- /* 5. while v is even do */
- while (fp_iseven (&v) == 1) {
- /* 5.1 v = v/2 */
- fp_div_2 (&v, &v);
-
- /* 5.2 if C or D is odd then */
- if (fp_isodd (&C) == 1 || fp_isodd (&D) == 1) {
- /* C = (C+y)/2, D = (D-x)/2 */
- fp_add (&C, &y, &C);
- fp_sub (&D, &x, &D);
- }
- /* C = C/2, D = D/2 */
- fp_div_2 (&C, &C);
- fp_div_2 (&D, &D);
- }
-
- /* 6. if u >= v then */
- if (fp_cmp (&u, &v) != FP_LT) {
- /* u = u - v, A = A - C, B = B - D */
- fp_sub (&u, &v, &u);
- fp_sub (&A, &C, &A);
- fp_sub (&B, &D, &B);
- } else {
- /* v - v - u, C = C - A, D = D - B */
- fp_sub (&v, &u, &v);
- fp_sub (&C, &A, &C);
- fp_sub (&D, &B, &D);
- }
-
- /* if not zero goto step 4 */
- if (fp_iszero (&u) == 0)
- goto top;
-
- /* now a = C, b = D, gcd == g*v */
-
- /* if v != 1 then there is no inverse */
- if (fp_cmp_d (&v, 1) != FP_EQ) {
- return FP_VAL;
- }
-
- /* if its too low */
- while (fp_cmp_d(&C, 0) == FP_LT) {
- fp_add(&C, b, &C);
- }
-
- /* too big */
- while (fp_cmp_mag(&C, b) != FP_LT) {
- fp_sub(&C, b, &C);
- }
-
- /* C is now the inverse */
- fp_copy(&C, c);
- return FP_OKAY;
-}
-
-
-/* c = 1/a (mod b) for odd b only */
-int fp_invmod(fp_int *a, fp_int *b, fp_int *c)
-{
- fp_int x, y, u, v, B, D;
- int neg, loop_check = 0;
-
- /* 2. [modified] b must be odd */
- if (fp_iseven (b) == FP_YES) {
- return fp_invmod_slow(a,b,c);
- }
-
- /* init all our temps */
- fp_init(&x); fp_init(&y);
- fp_init(&u); fp_init(&v);
- fp_init(&B); fp_init(&D);
-
- /* x == modulus, y == value to invert */
- fp_copy(b, &x);
-
- /* we need y = |a| */
- fp_abs(a, &y);
-
- /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
- fp_copy(&x, &u);
- fp_copy(&y, &v);
- fp_set (&D, 1);
-
-top:
- /* 4. while u is even do */
- while (fp_iseven (&u) == FP_YES) {
- /* 4.1 u = u/2 */
- fp_div_2 (&u, &u);
-
- /* 4.2 if B is odd then */
- if (fp_isodd (&B) == FP_YES) {
- fp_sub (&B, &x, &B);
- }
- /* B = B/2 */
- fp_div_2 (&B, &B);
- }
-
- /* 5. while v is even do */
- while (fp_iseven (&v) == FP_YES) {
- /* 5.1 v = v/2 */
- fp_div_2 (&v, &v);
-
- /* 5.2 if D is odd then */
- if (fp_isodd (&D) == FP_YES) {
- /* D = (D-x)/2 */
- fp_sub (&D, &x, &D);
- }
- /* D = D/2 */
- fp_div_2 (&D, &D);
- }
-
- /* 6. if u >= v then */
- if (fp_cmp (&u, &v) != FP_LT) {
- /* u = u - v, B = B - D */
- fp_sub (&u, &v, &u);
- fp_sub (&B, &D, &B);
- } else {
- /* v - v - u, D = D - B */
- fp_sub (&v, &u, &v);
- fp_sub (&D, &B, &D);
- }
-
- /* if not zero goto step 4 */
- if (fp_iszero (&u) == FP_NO) {
- if (++loop_check > 1024) /* bad input */
- return FP_VAL;
- goto top;
- }
-
- /* now a = C, b = D, gcd == g*v */
-
- /* if v != 1 then there is no inverse */
- if (fp_cmp_d (&v, 1) != FP_EQ) {
- return FP_VAL;
- }
-
- /* b is now the inverse */
- neg = a->sign;
- while (D.sign == FP_NEG) {
- fp_add (&D, b, &D);
- }
- fp_copy (&D, c);
- c->sign = neg;
- return FP_OKAY;
-}
-
-/* d = a * b (mod c) */
-int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
-{
- fp_int tmp;
- fp_init(&tmp);
- fp_mul(a, b, &tmp);
- return fp_mod(&tmp, c, d);
-}
-
-#ifdef TFM_TIMING_RESISTANT
-
-/* timing resistant montgomery ladder based exptmod
-
- Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder", Cryptographic Hardware and Embedded Systems, CHES 2002
-*/
-static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
-{
- fp_int R[2];
- fp_digit buf, mp;
- int err, bitcnt, digidx, y;
-
- /* now setup montgomery */
- if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) {
- return err;
- }
-
- fp_init(&R[0]);
- fp_init(&R[1]);
-
- /* now we need R mod m */
- fp_montgomery_calc_normalization (&R[0], P);
-
- /* now set R[0][1] to G * R mod m */
- if (fp_cmp_mag(P, G) != FP_GT) {
- /* G > P so we reduce it first */
- fp_mod(G, P, &R[1]);
- } else {
- fp_copy(G, &R[1]);
- }
- fp_mulmod (&R[1], &R[0], P, &R[1]);
-
- /* for j = t-1 downto 0 do
- r_!k = R0*R1; r_k = r_k^2
- */
-
- /* set initial mode and bit cnt */
- bitcnt = 1;
- buf = 0;
- digidx = X->used - 1;
-
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- /* if digidx == -1 we are out of digits so break */
- if (digidx == -1) {
- break;
- }
- /* read next digit and reset bitcnt */
- buf = X->dp[digidx--];
- bitcnt = (int)DIGIT_BIT;
- }
-
- /* grab the next msb from the exponent */
- y = (int)(buf >> (DIGIT_BIT - 1)) & 1;
- buf <<= (fp_digit)1;
-
- /* do ops */
- fp_mul(&R[0], &R[1], &R[y^1]); fp_montgomery_reduce(&R[y^1], P, mp);
- fp_sqr(&R[y], &R[y]); fp_montgomery_reduce(&R[y], P, mp);
- }
-
- fp_montgomery_reduce(&R[0], P, mp);
- fp_copy(&R[0], Y);
- return FP_OKAY;
-}
-
-#else
-
-/* y = g**x (mod b)
- * Some restrictions... x must be positive and < b
- */
-static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
-{
- fp_int M[64], res;
- fp_digit buf, mp;
- int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
-
- /* find window size */
- x = fp_count_bits (X);
- if (x <= 21) {
- winsize = 1;
- } else if (x <= 36) {
- winsize = 3;
- } else if (x <= 140) {
- winsize = 4;
- } else if (x <= 450) {
- winsize = 5;
- } else {
- winsize = 6;
- }
-
- /* init M array */
- XMEMSET(M, 0, sizeof(M));
-
- /* now setup montgomery */
- if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) {
- return err;
- }
-
- /* setup result */
- fp_init(&res);
-
- /* create M table
- *
- * The M table contains powers of the input base, e.g. M[x] = G^x mod P
- *
- * The first half of the table is not computed though accept for M[0] and M[1]
- */
-
- /* now we need R mod m */
- fp_montgomery_calc_normalization (&res, P);
-
- /* now set M[1] to G * R mod m */
- if (fp_cmp_mag(P, G) != FP_GT) {
- /* G > P so we reduce it first */
- fp_mod(G, P, &M[1]);
- } else {
- fp_copy(G, &M[1]);
- }
- fp_mulmod (&M[1], &res, P, &M[1]);
-
- /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */
- fp_copy (&M[1], &M[1 << (winsize - 1)]);
- for (x = 0; x < (winsize - 1); x++) {
- fp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)]);
- fp_montgomery_reduce (&M[1 << (winsize - 1)], P, mp);
- }
-
- /* create upper table */
- for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
- fp_mul(&M[x - 1], &M[1], &M[x]);
- fp_montgomery_reduce(&M[x], P, mp);
- }
-
- /* set initial mode and bit cnt */
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = X->used - 1;
- bitcpy = 0;
- bitbuf = 0;
-
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- /* if digidx == -1 we are out of digits so break */
- if (digidx == -1) {
- break;
- }
- /* read next digit and reset bitcnt */
- buf = X->dp[digidx--];
- bitcnt = (int)DIGIT_BIT;
- }
-
- /* grab the next msb from the exponent */
- y = (int)(buf >> (DIGIT_BIT - 1)) & 1;
- buf <<= (fp_digit)1;
-
- /* if the bit is zero and mode == 0 then we ignore it
- * These represent the leading zero bits before the first 1 bit
- * in the exponent. Technically this opt is not required but it
- * does lower the # of trivial squaring/reductions used
- */
- if (mode == 0 && y == 0) {
- continue;
- }
-
- /* if the bit is zero and mode == 1 then we square */
- if (mode == 1 && y == 0) {
- fp_sqr(&res, &res);
- fp_montgomery_reduce(&res, P, mp);
- continue;
- }
-
- /* else we add it to the window */
- bitbuf |= (y << (winsize - ++bitcpy));
- mode = 2;
-
- if (bitcpy == winsize) {
- /* ok window is filled so square as required and multiply */
- /* square first */
- for (x = 0; x < winsize; x++) {
- fp_sqr(&res, &res);
- fp_montgomery_reduce(&res, P, mp);
- }
-
- /* then multiply */
- fp_mul(&res, &M[bitbuf], &res);
- fp_montgomery_reduce(&res, P, mp);
-
- /* empty window and reset */
- bitcpy = 0;
- bitbuf = 0;
- mode = 1;
- }
- }
-
- /* if bits remain then square/multiply */
- if (mode == 2 && bitcpy > 0) {
- /* square then multiply if the bit is set */
- for (x = 0; x < bitcpy; x++) {
- fp_sqr(&res, &res);
- fp_montgomery_reduce(&res, P, mp);
-
- /* get next bit of the window */
- bitbuf <<= 1;
- if ((bitbuf & (1 << winsize)) != 0) {
- /* then multiply */
- fp_mul(&res, &M[1], &res);
- fp_montgomery_reduce(&res, P, mp);
- }
- }
- }
-
- /* fixup result if Montgomery reduction is used
- * recall that any value in a Montgomery system is
- * actually multiplied by R mod n. So we have
- * to reduce one more time to cancel out the factor
- * of R.
- */
- fp_montgomery_reduce(&res, P, mp);
-
- /* swap res with Y */
- fp_copy (&res, Y);
- return FP_OKAY;
-}
-
-#endif
-
-int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
-{
- /* prevent overflows */
- if (P->used > (FP_SIZE/2)) {
- return FP_VAL;
- }
-
- if (X->sign == FP_NEG) {
-#ifndef POSITIVE_EXP_ONLY /* reduce stack if assume no negatives */
- int err;
- fp_int tmp;
-
- /* yes, copy G and invmod it */
- fp_copy(G, &tmp);
- if ((err = fp_invmod(&tmp, P, &tmp)) != FP_OKAY) {
- return err;
- }
- X->sign = FP_ZPOS;
- err = _fp_exptmod(&tmp, X, P, Y);
- if (X != Y) {
- X->sign = FP_NEG;
- }
- return err;
-#else
- return FP_VAL;
-#endif
- }
- else {
- /* Positive exponent so just exptmod */
- return _fp_exptmod(G, X, P, Y);
- }
-}
-
-/* computes a = 2**b */
-void fp_2expt(fp_int *a, int b)
-{
- int z;
-
- /* zero a as per default */
- fp_zero (a);
-
- if (b < 0) {
- return;
- }
-
- z = b / DIGIT_BIT;
- if (z >= FP_SIZE) {
- return;
- }
-
- /* set the used count of where the bit will go */
- a->used = z + 1;
-
- /* put the single bit in its place */
- a->dp[z] = ((fp_digit)1) << (b % DIGIT_BIT);
-}
-
-/* b = a*a */
-void fp_sqr(fp_int *A, fp_int *B)
-{
- int y = A->used;
-
- /* call generic if we're out of range */
- if (y + y > FP_SIZE) {
- fp_sqr_comba(A, B);
- return ;
- }
-
-#if defined(TFM_SQR3)
- if (y <= 3) {
- fp_sqr_comba3(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR4)
- if (y == 4) {
- fp_sqr_comba4(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR6)
- if (y <= 6) {
- fp_sqr_comba6(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR7)
- if (y == 7) {
- fp_sqr_comba7(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR8)
- if (y == 8) {
- fp_sqr_comba8(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR9)
- if (y == 9) {
- fp_sqr_comba9(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR12)
- if (y <= 12) {
- fp_sqr_comba12(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR17)
- if (y <= 17) {
- fp_sqr_comba17(A,B);
- return;
- }
-#endif
-#if defined(TFM_SMALL_SET)
- if (y <= 16) {
- fp_sqr_comba_small(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR20)
- if (y <= 20) {
- fp_sqr_comba20(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR24)
- if (y <= 24) {
- fp_sqr_comba24(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR28)
- if (y <= 28) {
- fp_sqr_comba28(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR32)
- if (y <= 32) {
- fp_sqr_comba32(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR48)
- if (y <= 48) {
- fp_sqr_comba48(A,B);
- return;
- }
-#endif
-#if defined(TFM_SQR64)
- if (y <= 64) {
- fp_sqr_comba64(A,B);
- return;
- }
-#endif
- fp_sqr_comba(A, B);
-}
-
-/* generic comba squarer */
-void fp_sqr_comba(fp_int *A, fp_int *B)
-{
- int pa, ix, iz;
- fp_digit c0, c1, c2;
- fp_int tmp, *dst;
-#ifdef TFM_ISO
- fp_word tt;
-#endif
-
- /* get size of output and trim */
- pa = A->used + A->used;
- if (pa >= FP_SIZE) {
- pa = FP_SIZE-1;
- }
-
- /* number of output digits to produce */
- COMBA_START;
- COMBA_CLEAR;
-
- if (A == B) {
- fp_init(&tmp);
- dst = &tmp;
- } else {
- fp_zero(B);
- dst = B;
- }
-
- for (ix = 0; ix < pa; ix++) {
- int tx, ty, iy;
- fp_digit *tmpy, *tmpx;
-
- /* get offsets into the two bignums */
- ty = MIN(A->used-1, ix);
- tx = ix - ty;
-
- /* setup temp aliases */
- tmpx = A->dp + tx;
- tmpy = A->dp + ty;
-
- /* this is the number of times the loop will iterrate,
- while (tx++ < a->used && ty-- >= 0) { ... }
- */
- iy = MIN(A->used-tx, ty+1);
-
- /* now for squaring tx can never equal ty
- * we halve the distance since they approach
- * at a rate of 2x and we have to round because
- * odd cases need to be executed
- */
- iy = MIN(iy, (ty-tx+1)>>1);
-
- /* forward carries */
- COMBA_FORWARD;
-
- /* execute loop */
- for (iz = 0; iz < iy; iz++) {
- SQRADD2(*tmpx++, *tmpy--);
- }
-
- /* even columns have the square term in them */
- if ((ix&1) == 0) {
- /* TAO change COMBA_ADD back to SQRADD */
- SQRADD(A->dp[ix>>1], A->dp[ix>>1]);
- }
-
- /* store it */
- COMBA_STORE(dst->dp[ix]);
- }
-
- COMBA_FINI;
-
- /* setup dest */
- dst->used = pa;
- fp_clamp (dst);
- if (dst != B) {
- fp_copy(dst, B);
- }
-}
-
-int fp_cmp(fp_int *a, fp_int *b)
-{
- if (a->sign == FP_NEG && b->sign == FP_ZPOS) {
- return FP_LT;
- } else if (a->sign == FP_ZPOS && b->sign == FP_NEG) {
- return FP_GT;
- } else {
- /* compare digits */
- if (a->sign == FP_NEG) {
- /* if negative compare opposite direction */
- return fp_cmp_mag(b, a);
- } else {
- return fp_cmp_mag(a, b);
- }
- }
-}
-
-/* compare against a single digit */
-int fp_cmp_d(fp_int *a, fp_digit b)
-{
- /* compare based on sign */
- if ((b && a->used == 0) || a->sign == FP_NEG) {
- return FP_LT;
- }
-
- /* compare based on magnitude */
- if (a->used > 1) {
- return FP_GT;
- }
-
- /* compare the only digit of a to b */
- if (a->dp[0] > b) {
- return FP_GT;
- } else if (a->dp[0] < b) {
- return FP_LT;
- } else {
- return FP_EQ;
- }
-
-}
-
-int fp_cmp_mag(fp_int *a, fp_int *b)
-{
- int x;
-
- if (a->used > b->used) {
- return FP_GT;
- } else if (a->used < b->used) {
- return FP_LT;
- } else {
- for (x = a->used - 1; x >= 0; x--) {
- if (a->dp[x] > b->dp[x]) {
- return FP_GT;
- } else if (a->dp[x] < b->dp[x]) {
- return FP_LT;
- }
- }
- }
- return FP_EQ;
-}
-
-/* setups the montgomery reduction */
-int fp_montgomery_setup(fp_int *a, fp_digit *rho)
-{
- fp_digit x, b;
-
-/* fast inversion mod 2**k
- *
- * Based on the fact that
- *
- * XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n)
- * => 2*X*A - X*X*A*A = 1
- * => 2*(1) - (1) = 1
- */
- b = a->dp[0];
-
- if ((b & 1) == 0) {
- return FP_VAL;
- }
-
- x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
- x *= 2 - b * x; /* here x*a==1 mod 2**8 */
- x *= 2 - b * x; /* here x*a==1 mod 2**16 */
- x *= 2 - b * x; /* here x*a==1 mod 2**32 */
-#ifdef FP_64BIT
- x *= 2 - b * x; /* here x*a==1 mod 2**64 */
-#endif
-
- /* rho = -1/m mod b */
- *rho = (fp_digit) (((fp_word) 1 << ((fp_word) DIGIT_BIT)) - ((fp_word)x));
-
- return FP_OKAY;
-}
-
-/* computes a = B**n mod b without division or multiplication useful for
- * normalizing numbers in a Montgomery system.
- */
-void fp_montgomery_calc_normalization(fp_int *a, fp_int *b)
-{
- int x, bits;
-
- /* how many bits of last digit does b use */
- bits = fp_count_bits (b) % DIGIT_BIT;
- if (!bits) bits = DIGIT_BIT;
-
- /* compute A = B^(n-1) * 2^(bits-1) */
- if (b->used > 1) {
- fp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1);
- } else {
- fp_set(a, 1);
- bits = 1;
- }
-
- /* now compute C = A * B mod b */
- for (x = bits - 1; x < (int)DIGIT_BIT; x++) {
- fp_mul_2 (a, a);
- if (fp_cmp_mag (a, b) != FP_LT) {
- s_fp_sub (a, b, a);
- }
- }
-}
-
-
-#ifdef TFM_SMALL_MONT_SET
- #include "fp_mont_small.i"
-#endif
-
-#ifdef HAVE_INTEL_MULX
-static inline void innermul8_mulx(fp_digit *c_mulx, fp_digit *cy_mulx, fp_digit *tmpm, fp_digit mu)
-{
- fp_digit _c0, _c1, _c2, _c3, _c4, _c5, _c6, _c7, cy ;
-
- cy = *cy_mulx ;
- _c0=c_mulx[0]; _c1=c_mulx[1]; _c2=c_mulx[2]; _c3=c_mulx[3]; _c4=c_mulx[4]; _c5=c_mulx[5]; _c6=c_mulx[6]; _c7=c_mulx[7];
- INNERMUL8_MULX ;
- c_mulx[0]=_c0; c_mulx[1]=_c1; c_mulx[2]=_c2; c_mulx[3]=_c3; c_mulx[4]=_c4; c_mulx[5]=_c5; c_mulx[6]=_c6; c_mulx[7]=_c7;
- *cy_mulx = cy ;
-}
-
-/* computes x/R == x (mod N) via Montgomery Reduction */
-static void fp_montgomery_reduce_mulx(fp_int *a, fp_int *m, fp_digit mp)
-{
- fp_digit c[FP_SIZE], *_c, *tmpm, mu = 0;
- int oldused, x, y, pa;
-
- /* bail if too large */
- if (m->used > (FP_SIZE/2)) {
- (void)mu; /* shut up compiler */
- return;
- }
-
-#ifdef TFM_SMALL_MONT_SET
- if (m->used <= 16) {
- fp_montgomery_reduce_small(a, m, mp);
- return;
- }
-#endif
-
-
- /* now zero the buff */
- XMEMSET(c, 0, sizeof c);
- pa = m->used;
-
- /* copy the input */
- oldused = a->used;
- for (x = 0; x < oldused; x++) {
- c[x] = a->dp[x];
- }
- MONT_START;
-
- for (x = 0; x < pa; x++) {
- fp_digit cy = 0;
- /* get Mu for this round */
- LOOP_START;
- _c = c + x;
- tmpm = m->dp;
- y = 0;
- for (; y < (pa & ~7); y += 8) {
- innermul8_mulx(_c, &cy, tmpm, mu) ;
- _c += 8;
- tmpm += 8;
- }
- for (; y < pa; y++) {
- INNERMUL;
- ++_c;
- }
- LOOP_END;
- while (cy) {
- PROPCARRY;
- ++_c;
- }
- }
-
- /* now copy out */
- _c = c + pa;
- tmpm = a->dp;
- for (x = 0; x < pa+1; x++) {
- *tmpm++ = *_c++;
- }
-
- for (; x < oldused; x++) {
- *tmpm++ = 0;
- }
-
- MONT_FINI;
-
- a->used = pa+1;
- fp_clamp(a);
-
- /* if A >= m then A = A - m */
- if (fp_cmp_mag (a, m) != FP_LT) {
- s_fp_sub (a, m, a);
- }
-}
-#endif
-
-/* computes x/R == x (mod N) via Montgomery Reduction */
-void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
-{
- fp_digit c[FP_SIZE], *_c, *tmpm, mu = 0;
- int oldused, x, y, pa;
-
- IF_HAVE_INTEL_MULX(fp_montgomery_reduce_mulx(a, m, mp), return) ;
-
- /* bail if too large */
- if (m->used > (FP_SIZE/2)) {
- (void)mu; /* shut up compiler */
- return;
- }
-
-#ifdef TFM_SMALL_MONT_SET
- if (m->used <= 16) {
- fp_montgomery_reduce_small(a, m, mp);
- return;
- }
-#endif
-
-
- /* now zero the buff */
- XMEMSET(c, 0, sizeof c);
- pa = m->used;
-
- /* copy the input */
- oldused = a->used;
- for (x = 0; x < oldused; x++) {
- c[x] = a->dp[x];
- }
- MONT_START;
-
- for (x = 0; x < pa; x++) {
- fp_digit cy = 0;
- /* get Mu for this round */
- LOOP_START;
- _c = c + x;
- tmpm = m->dp;
- y = 0;
- #if (defined(TFM_SSE2) || defined(TFM_X86_64))
- for (; y < (pa & ~7); y += 8) {
- INNERMUL8 ;
- _c += 8;
- tmpm += 8;
- }
- #endif
- for (; y < pa; y++) {
- INNERMUL;
- ++_c;
- }
- LOOP_END;
- while (cy) {
- PROPCARRY;
- ++_c;
- }
- }
-
- /* now copy out */
- _c = c + pa;
- tmpm = a->dp;
- for (x = 0; x < pa+1; x++) {
- *tmpm++ = *_c++;
- }
-
- for (; x < oldused; x++) {
- *tmpm++ = 0;
- }
-
- MONT_FINI;
-
- a->used = pa+1;
- fp_clamp(a);
-
- /* if A >= m then A = A - m */
- if (fp_cmp_mag (a, m) != FP_LT) {
- s_fp_sub (a, m, a);
- }
-}
-
-void fp_read_unsigned_bin(fp_int *a, unsigned char *b, int c)
-{
- /* zero the int */
- fp_zero (a);
-
- /* If we know the endianness of this architecture, and we're using
- 32-bit fp_digits, we can optimize this */
-#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && defined(FP_32BIT)
- /* But not for both simultaneously */
-#if defined(LITTLE_ENDIAN_ORDER) && defined(BIG_ENDIAN_ORDER)
-#error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined.
-#endif
- {
- unsigned char *pd = (unsigned char *)a->dp;
-
- if ((unsigned)c > (FP_SIZE * sizeof(fp_digit))) {
- int excess = c - (FP_SIZE * sizeof(fp_digit));
- c -= excess;
- b += excess;
- }
- a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
- /* read the bytes in */
-#ifdef BIG_ENDIAN_ORDER
- {
- /* Use Duff's device to unroll the loop. */
- int idx = (c - 1) & ~3;
- switch (c % 4) {
- case 0: do { pd[idx+0] = *b++;
- case 3: pd[idx+1] = *b++;
- case 2: pd[idx+2] = *b++;
- case 1: pd[idx+3] = *b++;
- idx -= 4;
- } while ((c -= 4) > 0);
- }
- }
-#else
- for (c -= 1; c >= 0; c -= 1) {
- pd[c] = *b++;
- }
-#endif
- }
-#else
- /* read the bytes in */
- for (; c > 0; c--) {
- fp_mul_2d (a, 8, a);
- a->dp[0] |= *b++;
- a->used += 1;
- }
-#endif
- fp_clamp (a);
-}
-
-void fp_to_unsigned_bin(fp_int *a, unsigned char *b)
-{
- int x;
- fp_int t;
-
- fp_init_copy(&t, a);
-
- x = 0;
- while (fp_iszero (&t) == FP_NO) {
- b[x++] = (unsigned char) (t.dp[0] & 255);
- fp_div_2d (&t, 8, &t, NULL);
- }
- fp_reverse (b, x);
-}
-
-int fp_unsigned_bin_size(fp_int *a)
-{
- int size = fp_count_bits (a);
- return (size / 8 + ((size & 7) != 0 ? 1 : 0));
-}
-
-void fp_set(fp_int *a, fp_digit b)
-{
- fp_zero(a);
- a->dp[0] = b;
- a->used = a->dp[0] ? 1 : 0;
-}
-
-int fp_count_bits (fp_int * a)
-{
- int r;
- fp_digit q;
-
- /* shortcut */
- if (a->used == 0) {
- return 0;
- }
-
- /* get number of digits and add that */
- r = (a->used - 1) * DIGIT_BIT;
-
- /* take the last digit and count the bits in it */
- q = a->dp[a->used - 1];
- while (q > ((fp_digit) 0)) {
- ++r;
- q >>= ((fp_digit) 1);
- }
- return r;
-}
-
-int fp_leading_bit(fp_int *a)
-{
- int bit = 0;
-
- if (a->used != 0) {
- fp_digit q = a->dp[a->used - 1];
- int qSz = sizeof(fp_digit);
-
- while (qSz > 0) {
- if ((unsigned char)q != 0)
- bit = (q & 0x80) != 0;
- q >>= 8;
- qSz--;
- }
- }
-
- return bit;
-}
-
-void fp_lshd(fp_int *a, int x)
-{
- int y;
-
- /* move up and truncate as required */
- y = MIN(a->used + x - 1, (int)(FP_SIZE-1));
-
- /* store new size */
- a->used = y + 1;
-
- /* move digits */
- for (; y >= x; y--) {
- a->dp[y] = a->dp[y-x];
- }
-
- /* zero lower digits */
- for (; y >= 0; y--) {
- a->dp[y] = 0;
- }
-
- /* clamp digits */
- fp_clamp(a);
-}
-
-
-/* right shift by bit count */
-void fp_rshb(fp_int *c, int x)
-{
- register fp_digit *tmpc, mask, shift;
- fp_digit r, rr;
- fp_digit D = x;
-
- /* mask */
- mask = (((fp_digit)1) << D) - 1;
-
- /* shift for lsb */
- shift = DIGIT_BIT - D;
-
- /* alias */
- tmpc = c->dp + (c->used - 1);
-
- /* carry */
- r = 0;
- for (x = c->used - 1; x >= 0; x--) {
- /* get the lower bits of this word in a temp */
- rr = *tmpc & mask;
-
- /* shift the current word and mix in the carry bits from previous word */
- *tmpc = (*tmpc >> D) | (r << shift);
- --tmpc;
-
- /* set the carry to the carry bits of the current word found above */
- r = rr;
- }
-}
-
-
-void fp_rshd(fp_int *a, int x)
-{
- int y;
-
- /* too many digits just zero and return */
- if (x >= a->used) {
- fp_zero(a);
- return;
- }
-
- /* shift */
- for (y = 0; y < a->used - x; y++) {
- a->dp[y] = a->dp[y+x];
- }
-
- /* zero rest */
- for (; y < a->used; y++) {
- a->dp[y] = 0;
- }
-
- /* decrement count */
- a->used -= x;
- fp_clamp(a);
-}
-
-/* reverse an array, used for radix code */
-void fp_reverse (unsigned char *s, int len)
-{
- int ix, iy;
- unsigned char t;
-
- ix = 0;
- iy = len - 1;
- while (ix < iy) {
- t = s[ix];
- s[ix] = s[iy];
- s[iy] = t;
- ++ix;
- --iy;
- }
-}
-
-
-/* c = a - b */
-void fp_sub_d(fp_int *a, fp_digit b, fp_int *c)
-{
- fp_int tmp;
- fp_init(&tmp);
- fp_set(&tmp, b);
- fp_sub(a, &tmp, c);
-}
-
-
-/* CyaSSL callers from normal lib */
-
-/* init a new mp_int */
-int mp_init (mp_int * a)
-{
- if (a)
- fp_init(a);
- return MP_OKAY;
-}
-
-#ifdef ALT_ECC_SIZE
-void fp_init(fp_int *a)
-{
- a->size = FP_SIZE;
- fp_zero(a);
-}
-
-void fp_zero(fp_int *a)
-{
- a->used = 0;
- a->sign = FP_ZPOS;
- XMEMSET(a->dp, 0, a->size * sizeof(fp_digit));
-}
-#endif
-
-
-/* clear one (frees) */
-void mp_clear (mp_int * a)
-{
- fp_zero(a);
-}
-
-/* handle up to 6 inits */
-int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, mp_int* f)
-{
- if (a)
- fp_init(a);
- if (b)
- fp_init(b);
- if (c)
- fp_init(c);
- if (d)
- fp_init(d);
- if (e)
- fp_init(e);
- if (f)
- fp_init(f);
-
- return MP_OKAY;
-}
-
-/* high level addition (handles signs) */
-int mp_add (mp_int * a, mp_int * b, mp_int * c)
-{
- fp_add(a, b, c);
- return MP_OKAY;
-}
-
-/* high level subtraction (handles signs) */
-int mp_sub (mp_int * a, mp_int * b, mp_int * c)
-{
- fp_sub(a, b, c);
- return MP_OKAY;
-}
-
-/* high level multiplication (handles sign) */
-int mp_mul (mp_int * a, mp_int * b, mp_int * c)
-{
- fp_mul(a, b, c);
- return MP_OKAY;
-}
-
-/* d = a * b (mod c) */
-int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
-{
- return fp_mulmod(a, b, c, d);
-}
-
-/* c = a mod b, 0 <= c < b */
-int mp_mod (mp_int * a, mp_int * b, mp_int * c)
-{
- return fp_mod (a, b, c);
-}
-
-/* hac 14.61, pp608 */
-int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
-{
- return fp_invmod(a, b, c);
-}
-
-/* this is a shell function that calls either the normal or Montgomery
- * exptmod functions. Originally the call to the montgomery code was
- * embedded in the normal function but that wasted alot of stack space
- * for nothing (since 99% of the time the Montgomery code would be called)
- */
-int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
-{
- return fp_exptmod(G, X, P, Y);
-}
-
-/* compare two ints (signed)*/
-int mp_cmp (mp_int * a, mp_int * b)
-{
- return fp_cmp(a, b);
-}
-
-/* compare a digit */
-int mp_cmp_d(mp_int * a, mp_digit b)
-{
- return fp_cmp_d(a, b);
-}
-
-/* get the size for an unsigned equivalent */
-int mp_unsigned_bin_size (mp_int * a)
-{
- return fp_unsigned_bin_size(a);
-}
-
-/* store in unsigned [big endian] format */
-int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
-{
- fp_to_unsigned_bin(a,b);
- return MP_OKAY;
-}
-
-/* reads a unsigned char array, assumes the msb is stored first [big endian] */
-int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c)
-{
- fp_read_unsigned_bin(a, (unsigned char *)b, c);
- return MP_OKAY;
-}
-
-
-int mp_sub_d(fp_int *a, fp_digit b, fp_int *c)
-{
- fp_sub_d(a, b, c);
- return MP_OKAY;
-}
-
-
-#ifdef ALT_ECC_SIZE
-void fp_copy(fp_int *a, fp_int* b)
-{
- if (a != b) {
- b->used = a->used;
- b->sign = a->sign;
- XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit));
- }
-}
-
-void fp_init_copy(fp_int *a, fp_int* b)
-{
- if (a != b) {
- fp_init(a);
- fp_copy(b, a);
- }
-}
-#endif
-
-/* fast math conversion */
-int mp_copy(fp_int* a, fp_int* b)
-{
- fp_copy(a, b);
- return MP_OKAY;
-}
-
-
-/* fast math conversion */
-int mp_isodd(mp_int* a)
-{
- return fp_isodd(a);
-}
-
-
-/* fast math conversion */
-int mp_iszero(mp_int* a)
-{
- return fp_iszero(a);
-}
-
-
-/* fast math conversion */
-int mp_count_bits (mp_int* a)
-{
- return fp_count_bits(a);
-}
-
-
-int mp_leading_bit (mp_int* a)
-{
- return fp_leading_bit(a);
-}
-
-
-/* fast math conversion */
-void mp_rshb (mp_int* a, int x)
-{
- fp_rshb(a, x);
-}
-
-
-/* fast math wrappers */
-int mp_set_int(fp_int *a, fp_digit b)
-{
- fp_set(a, b);
- return MP_OKAY;
-}
-
-
-#if defined(WOLFSSL_KEY_GEN) || defined (HAVE_ECC)
-
-/* c = a * a (mod b) */
-int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c)
-{
- fp_int tmp;
- fp_init(&tmp);
- fp_sqr(a, &tmp);
- return fp_mod(&tmp, b, c);
-}
-
-/* fast math conversion */
-int mp_sqrmod(mp_int *a, mp_int *b, mp_int *c)
-{
- return fp_sqrmod(a, b, c);
-}
-
-/* fast math conversion */
-int mp_montgomery_calc_normalization(mp_int *a, mp_int *b)
-{
- fp_montgomery_calc_normalization(a, b);
- return MP_OKAY;
-}
-
-#endif /* WOLFSSL_KEYGEN || HAVE_ECC */
-
-
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
-
-static const int lnz[16] = {
- 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
-};
-
-/* Counts the number of lsbs which are zero before the first zero bit */
-int fp_cnt_lsb(fp_int *a)
-{
- int x;
- fp_digit q, qq;
-
- /* easy out */
- if (fp_iszero(a) == 1) {
- return 0;
- }
-
- /* scan lower digits until non-zero */
- for (x = 0; x < a->used && a->dp[x] == 0; x++);
- q = a->dp[x];
- x *= DIGIT_BIT;
-
- /* now scan this digit until a 1 is found */
- if ((q & 1) == 0) {
- do {
- qq = q & 15;
- x += lnz[qq];
- q >>= 4;
- } while (qq == 0);
- }
- return x;
-}
-
-
-
-
-static int s_is_power_of_two(fp_digit b, int *p)
-{
- int x;
-
- /* fast return if no power of two */
- if ((b==0) || (b & (b-1))) {
- return 0;
- }
-
- for (x = 0; x < DIGIT_BIT; x++) {
- if (b == (((fp_digit)1)<<x)) {
- *p = x;
- return 1;
- }
- }
- return 0;
-}
-
-/* a/b => cb + d == a */
-static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d)
-{
- fp_int q;
- fp_word w;
- fp_digit t;
- int ix;
-
- /* cannot divide by zero */
- if (b == 0) {
- return FP_VAL;
- }
-
- /* quick outs */
- if (b == 1 || fp_iszero(a) == 1) {
- if (d != NULL) {
- *d = 0;
- }
- if (c != NULL) {
- fp_copy(a, c);
- }
- return FP_OKAY;
- }
-
- /* power of two ? */
- if (s_is_power_of_two(b, &ix) == 1) {
- if (d != NULL) {
- *d = a->dp[0] & ((((fp_digit)1)<<ix) - 1);
- }
- if (c != NULL) {
- fp_div_2d(a, ix, c, NULL);
- }
- return FP_OKAY;
- }
-
- /* no easy answer [c'est la vie]. Just division */
- fp_init(&q);
-
- q.used = a->used;
- q.sign = a->sign;
- w = 0;
- for (ix = a->used - 1; ix >= 0; ix--) {
- w = (w << ((fp_word)DIGIT_BIT)) | ((fp_word)a->dp[ix]);
-
- if (w >= b) {
- t = (fp_digit)(w / b);
- w -= ((fp_word)t) * ((fp_word)b);
- } else {
- t = 0;
- }
- q.dp[ix] = (fp_digit)t;
- }
-
- if (d != NULL) {
- *d = (fp_digit)w;
- }
-
- if (c != NULL) {
- fp_clamp(&q);
- fp_copy(&q, c);
- }
-
- return FP_OKAY;
-}
-
-
-/* c = a mod b, 0 <= c < b */
-static int fp_mod_d(fp_int *a, fp_digit b, fp_digit *c)
-{
- return fp_div_d(a, b, NULL, c);
-}
-
-int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c)
-{
- return fp_mod_d(a, b, c);
-}
-
-#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
-
-#ifdef WOLFSSL_KEY_GEN
-
-void fp_gcd(fp_int *a, fp_int *b, fp_int *c);
-void fp_lcm(fp_int *a, fp_int *b, fp_int *c);
-int fp_isprime(fp_int *a);
-
-int mp_gcd(fp_int *a, fp_int *b, fp_int *c)
-{
- fp_gcd(a, b, c);
- return MP_OKAY;
-}
-
-
-int mp_lcm(fp_int *a, fp_int *b, fp_int *c)
-{
- fp_lcm(a, b, c);
- return MP_OKAY;
-}
-
-
-int mp_prime_is_prime(mp_int* a, int t, int* result)
-{
- (void)t;
- *result = fp_isprime(a);
- return MP_OKAY;
-}
-
-/* Miller-Rabin test of "a" to the base of "b" as described in
- * HAC pp. 139 Algorithm 4.24
- *
- * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
- * very much lower.
- */
-static void fp_prime_miller_rabin (fp_int * a, fp_int * b, int *result)
-{
- fp_int n1, y, r;
- int s, j;
-
- /* default */
- *result = FP_NO;
-
- /* ensure b > 1 */
- if (fp_cmp_d(b, 1) != FP_GT) {
- return;
- }
-
- /* get n1 = a - 1 */
- fp_init_copy(&n1, a);
- fp_sub_d(&n1, 1, &n1);
-
- /* set 2**s * r = n1 */
- fp_init_copy(&r, &n1);
-
- /* count the number of least significant bits
- * which are zero
- */
- s = fp_cnt_lsb(&r);
-
- /* now divide n - 1 by 2**s */
- fp_div_2d (&r, s, &r, NULL);
-
- /* compute y = b**r mod a */
- fp_init(&y);
- fp_exptmod(b, &r, a, &y);
-
- /* if y != 1 and y != n1 do */
- if (fp_cmp_d (&y, 1) != FP_EQ && fp_cmp (&y, &n1) != FP_EQ) {
- j = 1;
- /* while j <= s-1 and y != n1 */
- while ((j <= (s - 1)) && fp_cmp (&y, &n1) != FP_EQ) {
- fp_sqrmod (&y, a, &y);
-
- /* if y == 1 then composite */
- if (fp_cmp_d (&y, 1) == FP_EQ) {
- return;
- }
- ++j;
- }
-
- /* if y != n1 then composite */
- if (fp_cmp (&y, &n1) != FP_EQ) {
- return;
- }
- }
-
- /* probably prime now */
- *result = FP_YES;
-}
-
-
-/* a few primes */
-static const fp_digit primes[256] = {
- 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
- 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
- 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
- 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083,
- 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
- 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
- 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
- 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
-
- 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
- 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
- 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
- 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
- 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
- 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
- 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
- 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
-
- 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
- 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
- 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
- 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
- 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
- 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
- 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
- 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
-
- 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
- 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
- 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
- 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
- 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
- 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
- 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
- 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653
-};
-
-int fp_isprime(fp_int *a)
-{
- fp_int b;
- fp_digit d = 0;
- int r, res;
-
- /* do trial division */
- for (r = 0; r < 256; r++) {
- fp_mod_d(a, primes[r], &d);
- if (d == 0) {
- return FP_NO;
- }
- }
-
- /* now do 8 miller rabins */
- fp_init(&b);
- for (r = 0; r < 8; r++) {
- fp_set(&b, primes[r]);
- fp_prime_miller_rabin(a, &b, &res);
- if (res == FP_NO) {
- return FP_NO;
- }
- }
- return FP_YES;
-}
-
-
-/* c = [a, b] */
-void fp_lcm(fp_int *a, fp_int *b, fp_int *c)
-{
- fp_int t1, t2;
-
- fp_init(&t1);
- fp_init(&t2);
- fp_gcd(a, b, &t1);
- if (fp_cmp_mag(a, b) == FP_GT) {
- fp_div(a, &t1, &t2, NULL);
- fp_mul(b, &t2, c);
- } else {
- fp_div(b, &t1, &t2, NULL);
- fp_mul(a, &t2, c);
- }
-}
-
-
-
-/* c = (a, b) */
-void fp_gcd(fp_int *a, fp_int *b, fp_int *c)
-{
- fp_int u, v, r;
-
- /* either zero than gcd is the largest */
- if (fp_iszero (a) == 1 && fp_iszero (b) == 0) {
- fp_abs (b, c);
- return;
- }
- if (fp_iszero (a) == 0 && fp_iszero (b) == 1) {
- fp_abs (a, c);
- return;
- }
-
- /* optimized. At this point if a == 0 then
- * b must equal zero too
- */
- if (fp_iszero (a) == 1) {
- fp_zero(c);
- return;
- }
-
- /* sort inputs */
- if (fp_cmp_mag(a, b) != FP_LT) {
- fp_init_copy(&u, a);
- fp_init_copy(&v, b);
- } else {
- fp_init_copy(&u, b);
- fp_init_copy(&v, a);
- }
-
- fp_init(&r);
- while (fp_iszero(&v) == FP_NO) {
- fp_mod(&u, &v, &r);
- fp_copy(&v, &u);
- fp_copy(&r, &v);
- }
- fp_copy(&u, c);
-}
-
-#endif /* WOLFSSL_KEY_GEN */
-
-
-#if defined(HAVE_ECC) || !defined(NO_PWDBASED)
-/* c = a + b */
-void fp_add_d(fp_int *a, fp_digit b, fp_int *c)
-{
- fp_int tmp;
- fp_init(&tmp);
- fp_set(&tmp, b);
- fp_add(a,&tmp,c);
-}
-
-/* external compatibility */
-int mp_add_d(fp_int *a, fp_digit b, fp_int *c)
-{
- fp_add_d(a, b, c);
- return MP_OKAY;
-}
-
-#endif /* HAVE_ECC || !NO_PWDBASED */
-
-
-#ifdef HAVE_ECC
-
-/* chars used in radix conversions */
-static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
-
-static int fp_read_radix(fp_int *a, const char *str, int radix)
-{
- int y, neg;
- char ch;
-
- /* make sure the radix is ok */
- if (radix < 2 || radix > 64) {
- return FP_VAL;
- }
-
- /* if the leading digit is a
- * minus set the sign to negative.
- */
- if (*str == '-') {
- ++str;
- neg = FP_NEG;
- } else {
- neg = FP_ZPOS;
- }
-
- /* set the integer to the default of zero */
- fp_zero (a);
-
- /* process each digit of the string */
- while (*str) {
- /* if the radix < 36 the conversion is case insensitive
- * this allows numbers like 1AB and 1ab to represent the same value
- * [e.g. in hex]
- */
- ch = (char) ((radix < 36) ? XTOUPPER((unsigned char)*str) : *str);
- for (y = 0; y < 64; y++) {
- if (ch == fp_s_rmap[y]) {
- break;
- }
- }
-
- /* if the char was found in the map
- * and is less than the given radix add it
- * to the number, otherwise exit the loop.
- */
- if (y < radix) {
- fp_mul_d (a, (fp_digit) radix, a);
- fp_add_d (a, (fp_digit) y, a);
- } else {
- break;
- }
- ++str;
- }
-
- /* set the sign only if a != 0 */
- if (fp_iszero(a) != FP_YES) {
- a->sign = neg;
- }
- return FP_OKAY;
-}
-
-/* fast math conversion */
-int mp_read_radix(mp_int *a, const char *str, int radix)
-{
- return fp_read_radix(a, str, radix);
-}
-
-/* fast math conversion */
-void mp_set(fp_int *a, fp_digit b)
-{
- fp_set(a,b);
-}
-
-/* fast math conversion */
-int mp_sqr(fp_int *A, fp_int *B)
-{
- fp_sqr(A, B);
- return MP_OKAY;
-}
-
-/* fast math conversion */
-int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
-{
- fp_montgomery_reduce(a, m, mp);
- return MP_OKAY;
-}
-
-
-/* fast math conversion */
-int mp_montgomery_setup(fp_int *a, fp_digit *rho)
-{
- return fp_montgomery_setup(a, rho);
-}
-
-int mp_div_2(fp_int * a, fp_int * b)
-{
- fp_div_2(a, b);
- return MP_OKAY;
-}
-
-
-int mp_init_copy(fp_int * a, fp_int * b)
-{
- fp_init_copy(a, b);
- return MP_OKAY;
-}
-
-
-#ifdef HAVE_COMP_KEY
-
-int mp_cnt_lsb(fp_int* a)
-{
- fp_cnt_lsb(a);
- return MP_OKAY;
-}
-
-int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
-{
- fp_div_2d(a, b, c, d);
- return MP_OKAY;
-}
-
-#endif /* HAVE_COMP_KEY */
-
-
-#endif /* HAVE_ECC */
-
-#endif /* USE_FAST_MATH */
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfcrypt/src/wc_encrypt.c Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,203 @@
+/* wc_encrypt.c
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/des3.h>
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+
+#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
+ const byte* key, word32 keySz, const byte* iv)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Aes* aes = NULL;
+#else
+ Aes aes[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (aes == NULL)
+ return MEMORY_E;
+#endif
+
+ ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
+ if (ret == 0)
+ ret = wc_AesCbcDecrypt(aes, out, in, inSz);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+ const byte* key, word32 keySz, const byte* iv)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Aes* aes = NULL;
+#else
+ Aes aes[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (aes == NULL)
+ return MEMORY_E;
+#endif
+
+ ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
+ if (ret == 0)
+ ret = wc_AesCbcEncrypt(aes, out, in, inSz);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+#endif /* !NO_AES && HAVE_AES_CBC */
+
+
+#ifndef NO_DES3
+int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
+ const byte* key, const byte* iv)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Des* des = NULL;
+#else
+ Des des[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (des == NULL)
+ return MEMORY_E;
+#endif
+
+ ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION);
+ if (ret == 0)
+ ret = wc_Des_CbcEncrypt(des, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+ const byte* key, const byte* iv)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Des* des = NULL;
+#else
+ Des des[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (des == NULL)
+ return MEMORY_E;
+#endif
+
+ ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
+ if (ret == 0)
+ ret = wc_Des_CbcDecrypt(des, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
+ const byte* key, const byte* iv)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Des3* des3 = NULL;
+#else
+ Des3 des3[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (des3 == NULL)
+ return MEMORY_E;
+#endif
+
+ ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION);
+ if (ret == 0)
+ ret = wc_Des3_CbcEncrypt(des3, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+ const byte* key, const byte* iv)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Des3* des3 = NULL;
+#else
+ Des3 des3[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (des3 == NULL)
+ return MEMORY_E;
+#endif
+
+ ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
+ if (ret == 0)
+ ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+#endif /* !NO_DES3 */
+
--- a/wolfcrypt/src/wc_port.c Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,657 +0,0 @@
-/* port.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-
-#ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable: 4996)
-#endif
-
-
-
-#ifdef SINGLE_THREADED
-
-int InitMutex(wolfSSL_Mutex* m)
-{
- (void)m;
- return 0;
-}
-
-
-int FreeMutex(wolfSSL_Mutex *m)
-{
- (void)m;
- return 0;
-}
-
-
-int LockMutex(wolfSSL_Mutex *m)
-{
- (void)m;
- return 0;
-}
-
-
-int UnLockMutex(wolfSSL_Mutex *m)
-{
- (void)m;
- return 0;
-}
-
-#else /* MULTI_THREAD */
-
- #if defined(FREERTOS)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- int iReturn;
-
- *m = ( wolfSSL_Mutex ) xSemaphoreCreateMutex();
- if( *m != NULL )
- iReturn = 0;
- else
- iReturn = BAD_MUTEX_E;
-
- return iReturn;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- vSemaphoreDelete( *m );
- return 0;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- /* Assume an infinite block, or should there be zero block? */
- xSemaphoreTake( *m, portMAX_DELAY );
- return 0;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- xSemaphoreGive( *m );
- return 0;
- }
-
- #elif defined(WOLFSSL_SAFERTOS)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- vSemaphoreCreateBinary(m->mutexBuffer, m->mutex);
- if (m->mutex == NULL)
- return BAD_MUTEX_E;
-
- return 0;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- (void)m;
- return 0;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- /* Assume an infinite block */
- xSemaphoreTake(m->mutex, portMAX_DELAY);
- return 0;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- xSemaphoreGive(m->mutex);
- return 0;
- }
-
-
- #elif defined(USE_WINDOWS_API)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- InitializeCriticalSection(m);
- return 0;
- }
-
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- DeleteCriticalSection(m);
- return 0;
- }
-
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- EnterCriticalSection(m);
- return 0;
- }
-
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- LeaveCriticalSection(m);
- return 0;
- }
-
- #elif defined(WOLFSSL_PTHREADS)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- if (pthread_mutex_init(m, 0) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- if (pthread_mutex_destroy(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- if (pthread_mutex_lock(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- if (pthread_mutex_unlock(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
- #elif defined(THREADX)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- if (tx_mutex_create(m, "wolfSSL Mutex", TX_NO_INHERIT) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- if (tx_mutex_delete(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- if (tx_mutex_put(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
- #elif defined(MICRIUM)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- if (NetSecure_OS_MutexCreate(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- #else
- return 0;
- #endif
- }
-
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- if (NetSecure_OS_FreeMutex(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- #else
- return 0;
- #endif
- }
-
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- if (NetSecure_OS_LockMutex(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- #else
- return 0;
- #endif
- }
-
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
- if (NetSecure_OS_UnLockMutex(m) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- #else
- return 0;
- #endif
-
- }
-
- #elif defined(EBSNET)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- if (rtp_sig_mutex_alloc(m, "wolfSSL Mutex") == -1)
- return BAD_MUTEX_E;
- else
- return 0;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- rtp_sig_mutex_free(*m);
- return 0;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- rtp_sig_mutex_release(*m);
- return 0;
- }
-
- #elif defined(FREESCALE_MQX)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- if (_mutex_init(m, NULL) == MQX_EOK)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- if (_mutex_destroy(m) == MQX_EOK)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- if (_mutex_lock(m) == MQX_EOK)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- if (_mutex_unlock(m) == MQX_EOK)
- return 0;
- else
- return BAD_MUTEX_E;
- }
-
- #elif defined (WOLFSSL_TIRTOS)
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- Semaphore_Params params;
-
- Semaphore_Params_init(¶ms);
- params.mode = Semaphore_Mode_BINARY;
-
- *m = Semaphore_create(1, ¶ms, NULL);
-
- return 0;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- Semaphore_delete(m);
-
- return 0;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- Semaphore_pend(*m, BIOS_WAIT_FOREVER);
-
- return 0;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- Semaphore_post(*m);
-
- return 0;
- }
-
- #elif defined(WOLFSSL_uITRON4)
- #include "kernel.h"
- int InitMutex(wolfSSL_Mutex* m)
- {
- int iReturn;
- m->sem.sematr = TA_TFIFO ;
- m->sem.isemcnt = 1 ;
- m->sem.maxsem = 1 ;
- m->sem.name = NULL ;
-
- m->id = acre_sem(&m->sem);
- if( m->id != NULL )
- iReturn = 0;
- else
- iReturn = BAD_MUTEX_E;
-
- return iReturn;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- del_sem( m->id );
- return 0;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- wai_sem(m->id);
- return 0;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- sig_sem(m->id);
- return 0;
- }
-
- /**** uITRON malloc/free ***/
- static ID ID_wolfssl_MPOOL = 0 ;
- static T_CMPL wolfssl_MPOOL = {TA_TFIFO, 0, NULL, "wolfSSL_MPOOL"};
-
- int uITRON4_minit(size_t poolsz) {
- ER ercd;
- wolfssl_MPOOL.mplsz = poolsz ;
- ercd = acre_mpl(&wolfssl_MPOOL);
- if (ercd > 0) {
- ID_wolfssl_MPOOL = ercd;
- return 0;
- } else {
- return -1;
- }
- }
-
- void *uITRON4_malloc(size_t sz) {
- ER ercd;
- void *p ;
- ercd = get_mpl(ID_wolfssl_MPOOL, sz, (VP)&p);
- if (ercd == E_OK) {
- return p;
- } else {
- return 0 ;
- }
- }
-
- void *uITRON4_realloc(void *p, size_t sz) {
- ER ercd;
- void *newp ;
- if(p) {
- ercd = get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp);
- if (ercd == E_OK) {
- memcpy(newp, p, sz) ;
- ercd = rel_mpl(ID_wolfssl_MPOOL, (VP)p);
- if (ercd == E_OK) {
- return newp;
- }
- }
- }
- return 0 ;
- }
-
- void uITRON4_free(void *p) {
- ER ercd;
- ercd = rel_mpl(ID_wolfssl_MPOOL, (VP)p);
- if (ercd == E_OK) {
- return ;
- } else {
- return ;
- }
- }
-
-#elif defined(WOLFSSL_uTKERNEL2)
- #include "tk/tkernel.h"
- int InitMutex(wolfSSL_Mutex* m)
- {
- int iReturn;
- m->sem.sematr = TA_TFIFO ;
- m->sem.isemcnt = 1 ;
- m->sem.maxsem = 1 ;
-
- m->id = tk_cre_sem(&m->sem);
- if( m->id != NULL )
- iReturn = 0;
- else
- iReturn = BAD_MUTEX_E;
-
- return iReturn;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- tk_del_sem( m->id );
- return 0;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- tk_wai_sem(m->id, 1, TMO_FEVR);
- return 0;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- tk_sig_sem(m->id, 1);
- return 0;
- }
-
- /**** uT-Kernel malloc/free ***/
- static ID ID_wolfssl_MPOOL = 0 ;
- static T_CMPL wolfssl_MPOOL =
- {(void *)NULL,
- TA_TFIFO , 0, "wolfSSL_MPOOL"};
-
- int uTKernel_init_mpool(unsigned int sz) {
- ER ercd;
- wolfssl_MPOOL.mplsz = sz ;
- ercd = tk_cre_mpl(&wolfssl_MPOOL);
- if (ercd > 0) {
- ID_wolfssl_MPOOL = ercd;
- return 0;
- } else {
- return -1;
- }
- }
-
- void *uTKernel_malloc(unsigned int sz) {
- ER ercd;
- void *p ;
- ercd = tk_get_mpl(ID_wolfssl_MPOOL, sz, (VP)&p, TMO_FEVR);
- if (ercd == E_OK) {
- return p;
- } else {
- return 0 ;
- }
- }
-
- void *uTKernel_realloc(void *p, unsigned int sz) {
- ER ercd;
- void *newp ;
- if(p) {
- ercd = tk_get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp, TMO_FEVR);
- if (ercd == E_OK) {
- memcpy(newp, p, sz) ;
- ercd = tk_rel_mpl(ID_wolfssl_MPOOL, (VP)p);
- if (ercd == E_OK) {
- return newp;
- }
- }
- }
- return 0 ;
- }
-
- void uTKernel_free(void *p) {
- ER ercd;
- ercd = tk_rel_mpl(ID_wolfssl_MPOOL, (VP)p);
- if (ercd == E_OK) {
- return ;
- } else {
- return ;
- }
- }
-
- #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_CMSIS_RTOS)
-
- #if defined(WOLFSSL_CMSIS_RTOS)
- #include "cmsis_os.h"
- #define CMSIS_NMUTEX 10
- osMutexDef(wolfSSL_mt0) ; osMutexDef(wolfSSL_mt1) ; osMutexDef(wolfSSL_mt2) ;
- osMutexDef(wolfSSL_mt3) ; osMutexDef(wolfSSL_mt4) ; osMutexDef(wolfSSL_mt5) ;
- osMutexDef(wolfSSL_mt6) ; osMutexDef(wolfSSL_mt7) ; osMutexDef(wolfSSL_mt8) ;
- osMutexDef(wolfSSL_mt9) ;
-
- static const osMutexDef_t *CMSIS_mutex[] = { osMutex(wolfSSL_mt0),
- osMutex(wolfSSL_mt1), osMutex(wolfSSL_mt2), osMutex(wolfSSL_mt3),
- osMutex(wolfSSL_mt4), osMutex(wolfSSL_mt5), osMutex(wolfSSL_mt6),
- osMutex(wolfSSL_mt7), osMutex(wolfSSL_mt8), osMutex(wolfSSL_mt9) } ;
-
- static osMutexId CMSIS_mutexID[CMSIS_NMUTEX] = {0} ;
-
- int InitMutex(wolfSSL_Mutex* m)
- {
- int i ;
- for (i=0; i<CMSIS_NMUTEX; i++) {
- if(CMSIS_mutexID[i] == 0) {
- CMSIS_mutexID[i] = osMutexCreate(CMSIS_mutex[i]) ;
- (*m) = CMSIS_mutexID[i] ;
- return 0 ;
- }
- }
- return -1 ;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- int i ;
- osMutexDelete (*m) ;
- for (i=0; i<CMSIS_NMUTEX; i++) {
- if(CMSIS_mutexID[i] == (*m)) {
- CMSIS_mutexID[i] = 0 ;
- return(0) ;
- }
- }
- return(-1) ;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- osMutexWait(*m, osWaitForever) ;
- return(0) ;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- osMutexRelease (*m);
- return 0;
- }
- #else
- int InitMutex(wolfSSL_Mutex* m)
- {
- os_mut_init (m);
- return 0;
- }
-
- int FreeMutex(wolfSSL_Mutex* m)
- {
- return(0) ;
- }
-
- int LockMutex(wolfSSL_Mutex* m)
- {
- os_mut_wait (m, 0xffff);
- return(0) ;
- }
-
- int UnLockMutex(wolfSSL_Mutex* m)
- {
- os_mut_release (m);
- return 0;
- }
- #endif
- #endif /* USE_WINDOWS_API */
-
-#endif /* SINGLE_THREADED */
-
-#if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH)
- #include <wolfcrypt/src/port/ti/ti-ccm.c> /* initialize and Mutex for TI Crypt Engine */
- #include <wolfcrypt/src/port/ti/ti-hash.c> /* md5, sha1, sha224, sha256 */
-#endif
-
--- a/wolfssl/callbacks.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
-/* callbacks.h
- *
- * Copyright (C) 2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLFSSL_CALLBACKS_H
-#define WOLFSSL_CALLBACKS_H
-
-#include <sys/time.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-enum { /* CALLBACK CONTSTANTS */
- MAX_PACKETNAME_SZ = 24,
- MAX_CIPHERNAME_SZ = 24,
- MAX_TIMEOUT_NAME_SZ = 24,
- MAX_PACKETS_HANDSHAKE = 14, /* 12 for client auth plus 2 alerts */
- MAX_VALUE_SZ = 128, /* all handshake packets but Cert should
- fit here */
-};
-
-
-typedef struct handShakeInfo_st {
- char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated cipher */
- char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1];
- /* SSL packet names */
- int numberPackets; /* actual # of packets */
- int negotiationError; /* cipher/parameter err */
-} HandShakeInfo;
-
-
-typedef struct timeval Timeval;
-
-
-typedef struct packetInfo_st {
- char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */
- Timeval timestamp; /* when it occured */
- unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */
- unsigned char* bufferValue; /* otherwise here (non 0) */
- int valueSz; /* sz of value or buffer */
-} PacketInfo;
-
-
-typedef struct timeoutInfo_st {
- char timeoutName[MAX_TIMEOUT_NAME_SZ + 1]; /* timeout Name */
- int flags; /* for future use */
- int numberPackets; /* actual # of packets */
- PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of all packets */
- Timeval timeoutValue; /* timer that caused it */
-} TimeoutInfo;
-
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* WOLFSSL_CALLBACKS_H */
-
-
--- a/wolfssl/certs_test.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,135 +0,0 @@
-/* certs_test.h */
-
-#ifndef WOLFSSL_CERTS_TEST_H
-#define WOLFSSL_CERTS_TEST_H
-
-/* ./certs/ca-cert.der, 2048-bit */
-static const unsigned char ca_cert_der_2048[] =
-{
- 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03,
- 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xD9, 0x80, 0x3A, 0xC3,
- 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
- 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
- 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
- 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
- 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
- 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
- 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
- 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
- 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
- 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
- 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
- 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
- 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
- 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
- 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
- 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
- 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
- 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37,
- 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31,
- 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30,
- 0x31, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06,
- 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
- 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
- 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
- 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
- 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03,
- 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F,
- 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
- 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C,
- 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
- 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
- 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
- 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
- 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
- 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06,
- 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
- 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01,
- 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D,
- 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A,
- 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA,
- 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A,
- 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98,
- 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE,
- 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB,
- 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1,
- 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41,
- 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70,
- 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED,
- 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED,
- 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38,
- 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C,
- 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13,
- 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D,
- 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC,
- 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D,
- 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67,
- 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68,
- 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5,
- 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17,
- 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3,
- 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52,
- 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9,
- 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED,
- 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC,
- 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
- 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3,
- 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D,
- 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55,
- 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14,
- 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED,
- 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5,
- 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31,
- 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
- 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
- 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
- 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
- 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11,
- 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53,
- 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30,
- 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F,
- 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18,
- 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
- 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
- 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
- 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
- 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
- 0xD9, 0x80, 0x3A, 0xC3, 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0C,
- 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
- 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01,
- 0x01, 0x00, 0x7A, 0xAF, 0x44, 0x3B, 0xAA, 0x6F, 0x53, 0x42,
- 0xB2, 0x33, 0xAA, 0x43, 0x5F, 0x56, 0x30, 0xD3, 0xB9, 0x96,
- 0x0B, 0x9A, 0x55, 0x5A, 0x39, 0x2A, 0x0B, 0x4E, 0xE4, 0x2E,
- 0xF1, 0x95, 0x66, 0xC9, 0x86, 0x36, 0x82, 0x8D, 0x63, 0x7C,
- 0x4D, 0xA2, 0xEE, 0x48, 0xBA, 0x03, 0xC7, 0x90, 0xD7, 0xA7,
- 0xC6, 0x74, 0x60, 0x48, 0x5F, 0x31, 0xA2, 0xF9, 0x5E, 0x3E,
- 0xC3, 0x82, 0xE1, 0xE5, 0x2F, 0x41, 0x81, 0x83, 0x29, 0x25,
- 0x79, 0xD1, 0x53, 0x00, 0x69, 0x3C, 0xED, 0x0A, 0x30, 0x3B,
- 0x41, 0x1D, 0x92, 0xA1, 0x2C, 0xA8, 0x9D, 0x2C, 0xE3, 0x23,
- 0x87, 0x79, 0xE0, 0x55, 0x6E, 0x91, 0xA8, 0x50, 0xDA, 0x46,
- 0x2F, 0xC2, 0x20, 0x50, 0x3E, 0x2B, 0x47, 0x97, 0x14, 0xB0,
- 0x7D, 0x04, 0xBA, 0x45, 0x51, 0xD0, 0x6E, 0xE1, 0x5A, 0xA2,
- 0x4B, 0x84, 0x9C, 0x4D, 0xCD, 0x85, 0x04, 0xF9, 0x28, 0x31,
- 0x82, 0x93, 0xBC, 0xC7, 0x59, 0x49, 0x91, 0x03, 0xE8, 0xDF,
- 0x6A, 0xE4, 0x56, 0xAD, 0x6A, 0xCB, 0x1F, 0x0D, 0x37, 0xE4,
- 0x5E, 0xBD, 0xE7, 0x9F, 0xD5, 0xEC, 0x9D, 0x3C, 0x18, 0x25,
- 0x9B, 0xF1, 0x2F, 0x50, 0x7D, 0xEB, 0x31, 0xCB, 0xF1, 0x63,
- 0x22, 0x9D, 0x57, 0xFC, 0xF3, 0x84, 0x20, 0x1A, 0xC6, 0x07,
- 0x87, 0x92, 0x26, 0x9E, 0x15, 0x18, 0x59, 0x33, 0x06, 0xDC,
- 0xFB, 0xB0, 0xB6, 0x76, 0x5D, 0xF1, 0xC1, 0x2F, 0xC8, 0x2F,
- 0x62, 0x9C, 0xC0, 0xD6, 0xDE, 0xEB, 0x65, 0x77, 0xF3, 0x5C,
- 0xA6, 0xC3, 0x88, 0x27, 0x96, 0x75, 0xB4, 0xF4, 0x54, 0xCD,
- 0xFF, 0x2D, 0x21, 0x2E, 0x96, 0xF0, 0x07, 0x73, 0x4B, 0xE9,
- 0x93, 0x92, 0x90, 0xDE, 0x62, 0xD9, 0xA3, 0x3B, 0xAC, 0x6E,
- 0x24, 0x5F, 0x27, 0x4A, 0xB3, 0x94, 0x70, 0xFF, 0x30, 0x17,
- 0xE7, 0x7E, 0x32, 0x8F, 0x65, 0xB7, 0x75, 0x58
-};
-static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
-
-
-#endif /* WOLFSSL_CERTS_TEST_H */
-
-
--- a/wolfssl/crl.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-/* crl.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLFSSL_CRL_H
-#define WOLFSSL_CRL_H
-
-
-#ifdef HAVE_CRL
-
-#include <wolfssl/ssl.h>
-#include <wolfssl/wolfcrypt/asn.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-typedef struct WOLFSSL_CRL WOLFSSL_CRL;
-
-WOLFSSL_LOCAL int InitCRL(WOLFSSL_CRL*, WOLFSSL_CERT_MANAGER*);
-WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL*, int dynamic);
-
-WOLFSSL_LOCAL int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int mon);
-WOLFSSL_LOCAL int BufferLoadCRL(WOLFSSL_CRL*, const byte*, long, int);
-WOLFSSL_LOCAL int CheckCertCRL(WOLFSSL_CRL*, DecodedCert*);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_CRL */
-#endif /* WOLFSSL_CRL_H */
-
--- a/wolfssl/error-ssl.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,170 +0,0 @@
-/* error-ssl.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLFSSL_ERROR_H
-#define WOLFSSL_ERROR_H
-
-#include <wolfssl/wolfcrypt/error-crypt.h> /* pull in wolfCrypt errors */
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-enum wolfSSL_ErrorCodes {
- INPUT_CASE_ERROR = -301, /* process input state error */
- PREFIX_ERROR = -302, /* bad index to key rounds */
- MEMORY_ERROR = -303, /* out of memory */
- VERIFY_FINISHED_ERROR = -304, /* verify problem on finished */
- VERIFY_MAC_ERROR = -305, /* verify mac problem */
- PARSE_ERROR = -306, /* parse error on header */
- UNKNOWN_HANDSHAKE_TYPE = -307, /* weird handshake type */
- SOCKET_ERROR_E = -308, /* error state on socket */
- SOCKET_NODATA = -309, /* expected data, not there */
- INCOMPLETE_DATA = -310, /* don't have enough data to
- complete task */
- UNKNOWN_RECORD_TYPE = -311, /* unknown type in record hdr */
- DECRYPT_ERROR = -312, /* error during decryption */
- FATAL_ERROR = -313, /* recvd alert fatal error */
- ENCRYPT_ERROR = -314, /* error during encryption */
- FREAD_ERROR = -315, /* fread problem */
- NO_PEER_KEY = -316, /* need peer's key */
- NO_PRIVATE_KEY = -317, /* need the private key */
- RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */
- NO_DH_PARAMS = -319, /* server missing DH params */
- BUILD_MSG_ERROR = -320, /* build message failure */
-
- BAD_HELLO = -321, /* client hello malformed */
- DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
- WANT_READ = -323, /* want read, call again */
- NOT_READY_ERROR = -324, /* handshake layer not ready */
- PMS_VERSION_ERROR = -325, /* pre m secret version error */
- VERSION_ERROR = -326, /* record layer version error */
- WANT_WRITE = -327, /* want write, call again */
- BUFFER_ERROR = -328, /* malformed buffer input */
- VERIFY_CERT_ERROR = -329, /* verify cert error */
- VERIFY_SIGN_ERROR = -330, /* verify sign error */
- CLIENT_ID_ERROR = -331, /* psk client identity error */
- SERVER_HINT_ERROR = -332, /* psk server hint error */
- PSK_KEY_ERROR = -333, /* psk key error */
- ZLIB_INIT_ERROR = -334, /* zlib init error */
- ZLIB_COMPRESS_ERROR = -335, /* zlib compression error */
- ZLIB_DECOMPRESS_ERROR = -336, /* zlib decompression error */
-
- GETTIME_ERROR = -337, /* gettimeofday failed ??? */
- GETITIMER_ERROR = -338, /* getitimer failed ??? */
- SIGACT_ERROR = -339, /* sigaction failed ??? */
- SETITIMER_ERROR = -340, /* setitimer failed ??? */
- LENGTH_ERROR = -341, /* record layer length error */
- PEER_KEY_ERROR = -342, /* can't decode peer key */
- ZERO_RETURN = -343, /* peer sent close notify */
- SIDE_ERROR = -344, /* wrong client/server type */
- NO_PEER_CERT = -345, /* peer didn't send key */
- NTRU_KEY_ERROR = -346, /* NTRU key error */
- NTRU_DRBG_ERROR = -347, /* NTRU drbg error */
- NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */
- NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */
- ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */
- ECC_CURVE_ERROR = -351, /* Bad ECC Curve */
- ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */
- ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */
- ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */
- ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */
- NOT_CA_ERROR = -357, /* Not a CA cert error */
- BAD_PATH_ERROR = -358, /* Bad path for opendir */
- BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */
- OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */
- CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */
- CRL_MISSING = -362, /* CRL Not loaded */
- MONITOR_RUNNING_E = -363, /* CRL Monitor already running */
- THREAD_CREATE_E = -364, /* Thread Create Error */
- OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */
- OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */
- OCSP_LOOKUP_FAIL = -367, /* OCSP lookup not successful */
- MAX_CHAIN_ERROR = -368, /* max chain depth exceeded */
- COOKIE_ERROR = -369, /* dtls cookie error */
- SEQUENCE_ERROR = -370, /* dtls sequence error */
- SUITES_ERROR = -371, /* suites pointer error */
- SSL_NO_PEM_HEADER = -372, /* no PEM header found */
- OUT_OF_ORDER_E = -373, /* out of order message */
- BAD_KEA_TYPE_E = -374, /* bad KEA type found */
- SANITY_CIPHER_E = -375, /* sanity check on cipher error */
- RECV_OVERFLOW_E = -376, /* RXCB returned more than rqed */
- GEN_COOKIE_E = -377, /* Generate Cookie Error */
- NO_PEER_VERIFY = -378, /* Need peer cert verify Error */
- FWRITE_ERROR = -379, /* fwrite problem */
- CACHE_MATCH_ERROR = -380, /* chache hdr match error */
- UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */
- UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */
- KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */
- KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */
- EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */
- SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */
- SECURE_RENEGOTIATION_E = -388, /* Invalid Renegotiation Info */
- SESSION_TICKET_LEN_E = -389, /* Session Ticket too large */
- SESSION_TICKET_EXPECT_E = -390, /* Session Ticket missing */
- SCR_DIFFERENT_CERT_E = -391, /* SCR Different cert error */
- SESSION_SECRET_CB_E = -392, /* Session secret Cb fcn failure */
- NO_CHANGE_CIPHER_E = -393, /* Finished before change cipher */
- SANITY_MSG_E = -394, /* Sanity check on msg order error */
- DUPLICATE_MSG_E = -395, /* Duplicate message error */
- SNI_UNSUPPORTED = -396, /* SSL 3.0 does not support SNI */
- SOCKET_PEER_CLOSED_E = -397, /* Underlying transport closed */
-
- BAD_TICKET_KEY_CB_SZ = -398, /* Bad session ticket key cb size */
- BAD_TICKET_MSG_SZ = -399, /* Bad session ticket msg size */
- BAD_TICKET_ENCRYPT = -400, /* Bad user ticket encrypt */
-
- DH_KEY_SIZE_E = -401, /* DH Key too small */
-
- /* add strings to SetErrorString !!!!! */
-
- /* begin negotiation parameter errors */
- UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */
- MATCH_SUITE_ERROR = -501 /* can't match cipher suite */
- /* end negotiation parameter errors only 10 for now */
- /* add strings to SetErrorString !!!!! */
-
- /* no error stings go down here, add above negotiation errors !!!! */
-};
-
-
-#ifdef WOLFSSL_CALLBACKS
- enum {
- MIN_PARAM_ERR = UNSUPPORTED_SUITE,
- MAX_PARAM_ERR = MIN_PARAM_ERR - 10
- };
-#endif
-
-
-WOLFSSL_LOCAL
-void SetErrorString(int err, char* buff);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* wolfSSL_ERROR_H */
-
-
-
--- a/wolfssl/internal.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2515 +0,0 @@
-/* internal.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as wolfSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLFSSL_INT_H
-#define WOLFSSL_INT_H
-
-
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/ssl.h>
-#ifdef HAVE_CRL
- #include <wolfssl/crl.h>
-#endif
-#include <wolfssl/wolfcrypt/random.h>
-#ifndef NO_DES3
- #include <wolfssl/wolfcrypt/des3.h>
-#endif
-#ifndef NO_HC128
- #include <wolfssl/wolfcrypt/hc128.h>
-#endif
-#ifndef NO_RABBIT
- #include <wolfssl/wolfcrypt/rabbit.h>
-#endif
-#ifdef HAVE_CHACHA
- #include <wolfssl/wolfcrypt/chacha.h>
-#endif
-#ifndef NO_ASN
- #include <wolfssl/wolfcrypt/asn.h>
-#endif
-#ifndef NO_MD5
- #include <wolfssl/wolfcrypt/md5.h>
-#endif
-#ifndef NO_SHA
- #include <wolfssl/wolfcrypt/sha.h>
-#endif
-#ifndef NO_AES
- #include <wolfssl/wolfcrypt/aes.h>
-#endif
-#ifdef HAVE_POLY1305
- #include <wolfssl/wolfcrypt/poly1305.h>
-#endif
-#ifdef HAVE_CAMELLIA
- #include <wolfssl/wolfcrypt/camellia.h>
-#endif
-#include <wolfssl/wolfcrypt/logging.h>
-#ifndef NO_HMAC
- #include <wolfssl/wolfcrypt/hmac.h>
-#endif
-#ifndef NO_RC4
- #include <wolfssl/wolfcrypt/arc4.h>
-#endif
-#ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
-#endif
-#ifndef NO_SHA256
- #include <wolfssl/wolfcrypt/sha256.h>
-#endif
-#ifdef HAVE_OCSP
- #include <wolfssl/ocsp.h>
-#endif
-#ifdef WOLFSSL_SHA512
- #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-
-#ifdef HAVE_AESGCM
- #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-
-#ifdef WOLFSSL_RIPEMD
- #include <wolfssl/wolfcrypt/ripemd.h>
-#endif
-
-#include <wolfssl/wolfcrypt/hash.h>
-
-#ifdef WOLFSSL_CALLBACKS
- #include <wolfssl/callbacks.h>
- #include <signal.h>
-#endif
-
-#ifdef USE_WINDOWS_API
- #ifdef WOLFSSL_GAME_BUILD
- #include "system/xtl.h"
- #else
- #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
- /* On WinCE winsock2.h must be included before windows.h */
- #include <winsock2.h>
- #endif
- #include <windows.h>
- #endif
-#elif defined(THREADX)
- #ifndef SINGLE_THREADED
- #include "tx_api.h"
- #endif
-#elif defined(MICRIUM)
- /* do nothing, just don't pick Unix */
-#elif defined(FREERTOS) || defined(WOLFSSL_SAFERTOS)
- /* do nothing */
-#elif defined(EBSNET)
- /* do nothing */
-#elif defined(FREESCALE_MQX)
- /* do nothing */
-#elif defined(WOLFSSL_MDK_ARM)
- #if defined(WOLFSSL_MDK5)
- #include "cmsis_os.h"
- #else
- #include <rtl.h>
- #endif
-#elif defined(MBED)|| defined(WOLFSSL_CMSIS_RTOS)
- /* do nothing */
-#elif defined(WOLFSSL_TIRTOS)
- /* do nothing */
-#else
- #ifndef SINGLE_THREADED
- #define WOLFSSL_PTHREADS
- #include <pthread.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
- #include <unistd.h> /* for close of BIO */
- #endif
-#endif
-
-
-#ifdef HAVE_LIBZ
- #include "zlib.h"
-#endif
-
-#ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable: 4996)
-#endif
-
-#ifdef NO_AES
- #if !defined (ALIGN16)
- #define ALIGN16
- #endif
-#endif
-
-#ifdef NO_SHA
- #define SHA_DIGEST_SIZE 20
-#endif
-
-#ifdef NO_SHA256
- #define SHA256_DIGEST_SIZE 32
-#endif
-
-#ifdef NO_MD5
- #define MD5_DIGEST_SIZE 16
-#endif
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-#ifdef USE_WINDOWS_API
- typedef unsigned int SOCKET_T;
-#else
- typedef int SOCKET_T;
-#endif
-
-
-typedef byte word24[3];
-
-/* Define or comment out the cipher suites you'd like to be compiled in
- make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
-
- When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
-
- Now that there is a maximum strength crypto build, the following BUILD_XXX
- flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
- Those that do not use Perfect Forward Security and do not use AEAD ciphers
- need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
- CHACHA-POLY.
-*/
-
-/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
- * not turned off. */
-#if defined(WOLFSSL_MAX_STRENGTH) && \
- ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
- (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
- (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
- (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
- !defined(NO_OLD_TLS))
-
- #error "You are trying to build max strength with requirements disabled."
-#endif
-
-#ifndef WOLFSSL_MAX_STRENGTH
-
- #if !defined(NO_RSA) && !defined(NO_RC4)
- #if !defined(NO_SHA)
- #define BUILD_SSL_RSA_WITH_RC4_128_SHA
- #endif
- #if !defined(NO_MD5)
- #define BUILD_SSL_RSA_WITH_RC4_128_MD5
- #endif
- #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
- #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
- #endif
- #endif
-
- #if !defined(NO_RSA) && !defined(NO_DES3)
- #if !defined(NO_SHA)
- #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
- #if !defined(NO_TLS) && defined(HAVE_NTRU)
- #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
- #endif
- #endif
- #endif
-
- #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
- #if !defined(NO_SHA)
- #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
- #if defined(HAVE_NTRU)
- #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
- #endif
- #endif
- #if !defined (NO_SHA256)
- #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
- #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
- #endif
- #if defined (HAVE_AESGCM)
- #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
- #if defined (WOLFSSL_SHA384)
- #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
- #endif
- #endif
- #if defined (HAVE_AESCCM)
- #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
- #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
- #endif
- #if defined(HAVE_BLAKE2)
- #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
- #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
- #endif
- #endif
-
- #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
- #ifndef NO_RSA
- #if !defined(NO_SHA)
- #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- #endif
- #ifndef NO_SHA256
- #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- #endif
- #if !defined(NO_DH)
- #if !defined(NO_SHA)
- #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- #endif
- #ifndef NO_SHA256
- #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- #endif
- #endif
- #endif
- #endif
-
- #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
- #if !defined(NO_SHA)
- #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
- #endif
- #ifndef NO_SHA256
- #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
- #ifdef HAVE_AESGCM
- #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
- #endif
- #ifdef HAVE_AESCCM
- #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
- #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
- #define BUILD_TLS_PSK_WITH_AES_128_CCM
- #define BUILD_TLS_PSK_WITH_AES_256_CCM
- #endif
- #endif
- #ifdef WOLFSSL_SHA384
- #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
- #ifdef HAVE_AESGCM
- #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
- #endif
- #endif
- #endif
-
- #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
- #if !defined(NO_RSA)
- #if !defined(NO_SHA)
- #define BUILD_TLS_RSA_WITH_NULL_SHA
- #endif
- #ifndef NO_SHA256
- #define BUILD_TLS_RSA_WITH_NULL_SHA256
- #endif
- #endif
- #if !defined(NO_PSK)
- #if !defined(NO_SHA)
- #define BUILD_TLS_PSK_WITH_NULL_SHA
- #endif
- #ifndef NO_SHA256
- #define BUILD_TLS_PSK_WITH_NULL_SHA256
- #endif
- #ifdef WOLFSSL_SHA384
- #define BUILD_TLS_PSK_WITH_NULL_SHA384
- #endif
- #endif
- #endif
-
- #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
- #define BUILD_TLS_RSA_WITH_HC_128_MD5
- #if !defined(NO_SHA)
- #define BUILD_TLS_RSA_WITH_HC_128_SHA
- #endif
- #if defined(HAVE_BLAKE2)
- #define BUILD_TLS_RSA_WITH_HC_128_B2B256
- #endif
- #endif
-
- #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
- #if !defined(NO_SHA)
- #define BUILD_TLS_RSA_WITH_RABBIT_SHA
- #endif
- #endif
-
- #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
- !defined(NO_RSA)
-
- #if !defined(NO_SHA)
- #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- #endif
- #if !defined(NO_SHA256)
- #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- #endif
- #endif
-
- #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
- !defined(NO_AES) && !defined(NO_SHA)
- #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
- #endif
-
- #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
- #ifndef NO_SHA256
- #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- #ifdef HAVE_NULL_CIPHER
- #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
- #endif
- #endif
- #ifdef WOLFSSL_SHA384
- #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- #ifdef HAVE_NULL_CIPHER
- #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
- #endif
- #endif
- #endif
-
- #if defined(HAVE_ECC) && !defined(NO_TLS)
- #if !defined(NO_AES)
- #if !defined(NO_SHA)
- #if !defined(NO_RSA)
- #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- #endif
-
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-
- #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- #endif /* NO_SHA */
- #ifndef NO_SHA256
- #if !defined(NO_RSA)
- #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- #endif
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- #endif
-
- #ifdef WOLFSSL_SHA384
- #if !defined(NO_RSA)
- #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- #endif
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- #endif
-
- #if defined (HAVE_AESGCM)
- #if !defined(NO_RSA)
- #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- #if defined(WOLFSSL_SHA384)
- #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- #endif
- #endif
-
- #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
-
- #if defined(WOLFSSL_SHA384)
- #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- #endif
- #endif
- #endif /* NO_AES */
- #if !defined(NO_RC4)
- #if !defined(NO_SHA)
- #if !defined(NO_RSA)
- #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
- #endif
-
- #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- #endif
- #endif
- #if !defined(NO_DES3)
- #ifndef NO_SHA
- #if !defined(NO_RSA)
- #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- #endif
-
- #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- #endif /* NO_SHA */
- #endif
- #endif
-
-#endif /* !WOLFSSL_MAX_STRENGTH */
-
-#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
- !defined(NO_RSA) && defined(HAVE_AESGCM)
-
- #ifndef NO_SHA256
- #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- #endif
-
- #ifdef WOLFSSL_SHA384
- #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- #endif
-#endif
-
-#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
- #ifndef NO_SHA256
- #ifdef HAVE_AESGCM
- #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- #endif
- #ifdef HAVE_AESCCM
- #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
- #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
- #endif
- #endif
- #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
- #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- #endif
-#endif
-
-#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
- #ifdef HAVE_AESGCM
- #ifndef NO_SHA256
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- #ifndef NO_RSA
- #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- #endif
- #endif
- #ifdef WOLFSSL_SHA384
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- #ifndef NO_RSA
- #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- #endif
- #endif
- #endif
- #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
- #endif
-#endif
-
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
- #ifdef HAVE_ECC
- #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- #ifndef NO_RSA
- #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- #endif
- #endif
- #if !defined(NO_DH) && !defined(NO_RSA)
- #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- #endif
-#endif
-
-
-#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
- defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
- #define BUILD_ARC4
-#endif
-
-#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
- #define BUILD_DES3
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
- defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
- defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
- #undef BUILD_AES
- #define BUILD_AES
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
- defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
- defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
- defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256)
- #define BUILD_AESGCM
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
- defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
- defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
- #define BUILD_HC128
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
- #define BUILD_RABBIT
-#endif
-
-#ifdef NO_DES3
- #define DES_BLOCK_SIZE 8
-#else
- #undef BUILD_DES3
- #define BUILD_DES3
-#endif
-
-#ifdef NO_AES
- #define AES_BLOCK_SIZE 16
-#else
- #undef BUILD_AES
- #define BUILD_AES
-#endif
-
-#ifndef NO_RC4
- #undef BUILD_ARC4
- #define BUILD_ARC4
-#endif
-
-#ifdef HAVE_CHACHA
- #define CHACHA20_BLOCK_SIZE 16
-#endif
-
-#if defined(WOLFSSL_MAX_STRENGTH) || \
- defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
- (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-
- #define HAVE_AEAD
-#endif
-
-#if defined(WOLFSSL_MAX_STRENGTH) || \
- defined(HAVE_ECC) || !defined(NO_DH)
-
- #define HAVE_PFS
-#endif
-
-
-/* actual cipher values, 2nd byte */
-enum {
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
- TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
- TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
- TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
- TLS_RSA_WITH_NULL_SHA = 0x02,
- TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
- TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
- TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
- TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
- TLS_PSK_WITH_NULL_SHA256 = 0xb0,
- TLS_PSK_WITH_NULL_SHA384 = 0xb1,
- TLS_PSK_WITH_NULL_SHA = 0x2c,
- SSL_RSA_WITH_RC4_128_SHA = 0x05,
- SSL_RSA_WITH_RC4_128_MD5 = 0x04,
- SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
-
- /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
- TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
-
- /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
- TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
-
- /* wolfSSL extension - eSTREAM */
- TLS_RSA_WITH_HC_128_MD5 = 0xFB,
- TLS_RSA_WITH_HC_128_SHA = 0xFC,
- TLS_RSA_WITH_RABBIT_SHA = 0xFD,
-
- /* wolfSSL extension - Blake2b 256 */
- TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
- TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
- TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
-
- /* wolfSSL extension - NTRU */
- TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
- TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
- TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
- TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
-
- /* SHA256 */
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
- TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
- TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
- TLS_RSA_WITH_NULL_SHA256 = 0x3b,
- TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
- TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
-
- /* SHA384 */
- TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
- TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
-
- /* AES-GCM */
- TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
- TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
- TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
- TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
- TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
- TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
-
- /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
-
- /* AES-CCM, first byte is 0xC0 but isn't ECC,
- * also, in some of the other AES-CCM suites
- * there will be second byte number conflicts
- * with non-ECC AES-GCM */
- TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
- TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
- TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
- TLS_PSK_WITH_AES_128_CCM = 0xa4,
- TLS_PSK_WITH_AES_256_CCM = 0xa5,
- TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
- TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
- TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
- TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
-
- /* Camellia */
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
-
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13,
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14,
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15,
-
- /* Renegotiation Indication Extension Special Suite */
- TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
-};
-
-
-#ifndef WOLFSSL_SESSION_TIMEOUT
- #define WOLFSSL_SESSION_TIMEOUT 500
- /* default session resumption cache timeout in seconds */
-#endif
-
-
-enum Misc {
- ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
- CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
-
- SEND_CERT = 1,
- SEND_BLANK_CERT = 2,
-
- DTLS_MAJOR = 0xfe, /* DTLS major version number */
- DTLS_MINOR = 0xff, /* DTLS minor version number */
- DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
- SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
- SSLv3_MINOR = 0, /* TLSv1 minor version number */
- TLSv1_MINOR = 1, /* TLSv1 minor version number */
- TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
- TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
- OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
- INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
- NO_COMPRESSION = 0,
- ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
- HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
- SECRET_LEN = 48, /* pre RSA and all master */
- ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
- SIZEOF_SENDER = 4, /* clnt or srvr */
- FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
- MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
- MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
- /* max added to msg, mac + pad from */
- /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
- digest sz + BLOC_SZ (iv) + pad byte (1) */
- MAX_COMP_EXTRA = 1024, /* max compression extra */
- MAX_MTU = 1500, /* max expected MTU */
- MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
- MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
- MAX_STR_VERSION = 8, /* string rep of protocol version */
-
- PAD_MD5 = 48, /* pad length for finished */
- PAD_SHA = 40, /* pad length for finished */
- MAX_PAD_SIZE = 256, /* maximum length of padding */
- COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
- COMPRESS_CONSTANT = 13, /* compression calc constant */
- COMPRESS_UPPER = 55, /* compression calc numerator */
- COMPRESS_LOWER = 64, /* compression calc denominator */
-
- PEM_LINE_LEN = 80, /* PEM line max + fudge */
- LENGTH_SZ = 2, /* length field for HMAC, data only */
- VERSION_SZ = 2, /* length of proctocol version */
- SEQ_SZ = 8, /* 64 bit sequence number */
- BYTE3_LEN = 3, /* up to 24 bit byte lengths */
- ALERT_SIZE = 2, /* level + description */
- VERIFY_HEADER = 2, /* always use 2 bytes */
- EXT_ID_SZ = 2, /* always use 2 bytes */
- MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
- SESSION_HINT_SZ = 4, /* session timeout hint */
-
- MAX_SUITE_SZ = 200, /* 100 suites for now! */
- RAN_LEN = 32, /* random length */
- SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
- ID_LEN = 32, /* session id length */
- MAX_COOKIE_LEN = 32, /* max dtls cookie size */
- COOKIE_SZ = 20, /* use a 20 byte cookie */
- SUITE_LEN = 2, /* cipher suite sz length */
- ENUM_LEN = 1, /* always a byte */
- OPAQUE8_LEN = 1, /* 1 byte */
- OPAQUE16_LEN = 2, /* 2 bytes */
- OPAQUE24_LEN = 3, /* 3 bytes */
- OPAQUE32_LEN = 4, /* 4 bytes */
- COMP_LEN = 1, /* compression length */
- CURVE_LEN = 2, /* ecc named curve length */
- SERVER_ID_LEN = 20, /* server session id length */
-
- HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
- RECORD_HEADER_SZ = 5, /* type + version + len(2) */
- CERT_HEADER_SZ = 3, /* always 3 bytes */
- REQ_HEADER_SZ = 2, /* cert request header sz */
- HINT_LEN_SZ = 2, /* length of hint size field */
- TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
- HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
- HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
- HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
- HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
- HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
-
- DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
- DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
- DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
- DTLS_RECORD_EXTRA = 8, /* diff from normal */
- DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
- DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
- DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
-
- FINISHED_LABEL_SZ = 15, /* TLS finished label size */
- TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
- MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
- KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
- MAX_PRF_HALF = 256, /* Maximum half secret len */
- MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
- MAX_PRF_DIG = 224, /* Maximum digest len */
- MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
- SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
-
- RC4_KEY_SIZE = 16, /* always 128bit */
- DES_KEY_SIZE = 8, /* des */
- DES3_KEY_SIZE = 24, /* 3 des ede */
- DES_IV_SIZE = DES_BLOCK_SIZE,
- AES_256_KEY_SIZE = 32, /* for 256 bit */
- AES_192_KEY_SIZE = 24, /* for 192 bit */
- AES_IV_SIZE = 16, /* always block size */
- AES_128_KEY_SIZE = 16, /* for 128 bit */
-
- AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
- AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
- AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
- AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
- AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
- AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
- AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
- AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
- AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
-
- AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
- AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
- AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
-
- CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
- CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
- CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
- CAMELLIA_IV_SIZE = 16, /* always block size */
-
- CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
- CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
- CHACHA20_IV_SIZE = 8, /* 64 bits for iv */
-
- POLY1305_AUTH_SZ = 16, /* 128 bits */
-
- HC_128_KEY_SIZE = 16, /* 128 bits */
- HC_128_IV_SIZE = 16, /* also 128 bits */
-
- RABBIT_KEY_SIZE = 16, /* 128 bits */
- RABBIT_IV_SIZE = 8, /* 64 bits for iv */
-
- EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
-
- ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
- MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
-
- MAX_HELLO_SZ = 128, /* max client or server hello */
- MAX_CERT_VERIFY_SZ = 1024, /* max */
- CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
- MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
-
- DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
- DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
- DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
-
- MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
- MAX_PSK_KEY_LEN = 64, /* max psk key supported */
-
- MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
-
-#ifdef FORTRESS
- MAX_EX_DATA = 3, /* allow for three items of ex_data */
-#endif
-
- MAX_X509_SIZE = 2048, /* max static x509 buffer size */
- CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
- MAX_FILENAME_SZ = 256, /* max file name length */
- FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
- will use dynamic buffer if not big enough */
-
- MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
- MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
- MAX_NTRU_BITS = 256, /* max symmetric bit strength */
- NO_SNIFF = 0, /* not sniffing */
- SNIFF = 1, /* currently sniffing */
-
- HASH_SIG_SIZE = 2, /* default SHA1 RSA */
-
- NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
-
- NO_COPY = 0, /* should we copy static buffer for write */
- COPY = 1 /* should we copy static buffer for write */
-};
-
-
-#ifndef WOLFSSL_MIN_DHKEY_BITS
- #ifdef WOLFSSL_MAX_STRENGTH
- #define WOLFSSL_MIN_DHKEY_BITS 2048
- #else
- #define WOLFSSL_MIN_DHKEY_BITS 1024
- #endif
-#endif
-#if (WOLFSSL_MIN_DHKEY_BITS % 8)
- #error DH minimum bit size must be multiple of 8
-#endif
-#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
- #error DH minimum bit size must not be greater than 16000
-#endif
-#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
-
-
-#ifdef SESSION_INDEX
-/* Shift values for making a session index */
-#define SESSIDX_ROW_SHIFT 4
-#define SESSIDX_IDX_MASK 0x0F
-#endif
-
-
-/* max cert chain peer depth */
-#ifndef MAX_CHAIN_DEPTH
- #define MAX_CHAIN_DEPTH 9
-#endif
-
-#ifndef SESSION_TICKET_LEN
- #define SESSION_TICKET_LEN 256
-#endif
-
-#ifndef SESSION_TICKET_HINT_DEFAULT
- #define SESSION_TICKET_HINT_DEFAULT 300
-#endif
-
-
-/* don't use extra 3/4k stack space unless need to */
-#ifdef HAVE_NTRU
- #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
-#else
- #define MAX_ENCRYPT_SZ ENCRYPT_LEN
-#endif
-
-
-/* states */
-enum states {
- NULL_STATE = 0,
-
- SERVER_HELLOVERIFYREQUEST_COMPLETE,
- SERVER_HELLO_COMPLETE,
- SERVER_CERT_COMPLETE,
- SERVER_KEYEXCHANGE_COMPLETE,
- SERVER_HELLODONE_COMPLETE,
- SERVER_FINISHED_COMPLETE,
-
- CLIENT_HELLO_COMPLETE,
- CLIENT_KEYEXCHANGE_COMPLETE,
- CLIENT_FINISHED_COMPLETE,
-
- HANDSHAKE_DONE
-};
-
-
-#if defined(__GNUC__)
- #define WOLFSSL_PACK __attribute__ ((packed))
-#else
- #define WOLFSSL_PACK
-#endif
-
-/* SSL Version */
-typedef struct ProtocolVersion {
- byte major;
- byte minor;
-} WOLFSSL_PACK ProtocolVersion;
-
-
-WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
-WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
-WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
-WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
-
-#ifdef WOLFSSL_DTLS
- WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
- WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
-#endif
-
-
-enum BIO_TYPE {
- BIO_BUFFER = 1,
- BIO_SOCKET = 2,
- BIO_SSL = 3,
- BIO_MEMORY = 4
-};
-
-
-/* wolfSSL BIO_METHOD type */
-struct WOLFSSL_BIO_METHOD {
- byte type; /* method type */
-};
-
-
-/* wolfSSL BIO type */
-struct WOLFSSL_BIO {
- byte type; /* method type */
- byte close; /* close flag */
- byte eof; /* eof flag */
- WOLFSSL* ssl; /* possible associated ssl */
- byte* mem; /* memory buffer */
- int memLen; /* memory buffer length */
- int fd; /* possible file descriptor */
- WOLFSSL_BIO* prev; /* previous in chain */
- WOLFSSL_BIO* next; /* next in chain */
-};
-
-
-/* wolfSSL method type */
-struct WOLFSSL_METHOD {
- ProtocolVersion version;
- byte side; /* connection side, server or client */
- byte downgrade; /* whether to downgrade version, default no */
-};
-
-
-/* defautls to client */
-WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
-
-/* for sniffer */
-WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- word32 size, word32 totalSz, int sniff);
-WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
-
-
-/* wolfSSL buffer type */
-typedef struct buffer {
- byte* buffer;
- word32 length;
-} buffer;
-
-
-enum {
- FORCED_FREE = 1,
- NO_FORCED_FREE = 0
-};
-
-
-/* only use compression extra if using compression */
-#ifdef HAVE_LIBZ
- #define COMP_EXTRA MAX_COMP_EXTRA
-#else
- #define COMP_EXTRA 0
-#endif
-
-/* only the sniffer needs space in the buffer for extra MTU record(s) */
-#ifdef WOLFSSL_SNIFFER
- #define MTU_EXTRA MAX_MTU * 3
-#else
- #define MTU_EXTRA 0
-#endif
-
-
-/* embedded callbacks require large static buffers, make sure on */
-#ifdef WOLFSSL_CALLBACKS
- #undef LARGE_STATIC_BUFFERS
- #define LARGE_STATIC_BUFFERS
-#endif
-
-
-/* give user option to use 16K static buffers */
-#if defined(LARGE_STATIC_BUFFERS)
- #define RECORD_SIZE MAX_RECORD_SIZE
-#else
- #ifdef WOLFSSL_DTLS
- #define RECORD_SIZE MAX_MTU
- #else
- #define RECORD_SIZE 128
- #endif
-#endif
-
-
-/* user option to turn off 16K output option */
-/* if using small static buffers (default) and SSL_write tries to write data
- larger than the record we have, dynamically get it, unless user says only
- write in static buffer chuncks */
-#ifndef STATIC_CHUNKS_ONLY
- #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
-#else
- #define OUTPUT_RECORD_SIZE RECORD_SIZE
-#endif
-
-/* wolfSSL input buffer
-
- RFC 2246:
-
- length
- The length (in bytes) of the following TLSPlaintext.fragment.
- The length should not exceed 2^14.
-*/
-#if defined(LARGE_STATIC_BUFFERS)
- #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
- MTU_EXTRA + MAX_MSG_EXTRA
-#else
- /* don't fragment memory from the record header */
- #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
-#endif
-
-typedef struct {
- ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
- byte* buffer; /* place holder for static or dynamic buffer */
- word32 length; /* total buffer length used */
- word32 idx; /* idx to part of length already consumed */
- word32 bufferSize; /* current buffer size */
- byte dynamicFlag; /* dynamic memory currently in use */
- byte offset; /* alignment offset attempt */
-} bufferStatic;
-
-/* Cipher Suites holder */
-typedef struct Suites {
- word16 suiteSz; /* suite length in bytes */
- word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
- byte suites[MAX_SUITE_SZ];
- byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
- byte setSuites; /* user set suites from default */
- byte hashAlgo; /* selected hash algorithm */
- byte sigAlgo; /* selected sig algorithm */
-} Suites;
-
-
-WOLFSSL_LOCAL
-void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
- word16, word16, int);
-WOLFSSL_LOCAL
-int SetCipherList(Suites*, const char* list);
-
-#ifndef PSK_TYPES_DEFINED
- typedef unsigned int (*psk_client_callback)(WOLFSSL*, const char*, char*,
- unsigned int, unsigned char*, unsigned int);
- typedef unsigned int (*psk_server_callback)(WOLFSSL*, const char*,
- unsigned char*, unsigned int);
-#endif /* PSK_TYPES_DEFINED */
-
-
-#ifdef HAVE_NETX
- WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
- WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-#endif /* HAVE_NETX */
-
-
-/* wolfSSL Cipher type just points back to SSL */
-struct WOLFSSL_CIPHER {
- WOLFSSL* ssl;
-};
-
-
-typedef struct OCSP_Entry OCSP_Entry;
-
-#ifdef NO_SHA
- #define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
-#else
- #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
-#endif
-
-#ifdef NO_ASN
- /* no_asn won't have */
- typedef struct CertStatus CertStatus;
-#endif
-
-struct OCSP_Entry {
- OCSP_Entry* next; /* next entry */
- byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
- byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
- CertStatus* status; /* OCSP response list */
- int totalStatus; /* number on list */
-};
-
-
-#ifndef HAVE_OCSP
- typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
-#endif
-
-/* wolfSSL OCSP controller */
-struct WOLFSSL_OCSP {
- WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
- OCSP_Entry* ocspList; /* OCSP response list */
- wolfSSL_Mutex ocspLock; /* OCSP list lock */
-};
-
-#ifndef MAX_DATE_SIZE
-#define MAX_DATE_SIZE 32
-#endif
-
-typedef struct CRL_Entry CRL_Entry;
-
-#ifdef NO_SHA
- #define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
-#else
- #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
-#endif
-
-#ifdef NO_ASN
- typedef struct RevokedCert RevokedCert;
-#endif
-
-/* Complete CRL */
-struct CRL_Entry {
- CRL_Entry* next; /* next entry */
- byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
- /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
- /* restore the hash here if needed for optimized comparisons */
- byte lastDate[MAX_DATE_SIZE]; /* last date updated */
- byte nextDate[MAX_DATE_SIZE]; /* next update date */
- byte lastDateFormat; /* last date format */
- byte nextDateFormat; /* next date format */
- RevokedCert* certs; /* revoked cert list */
- int totalCerts; /* number on list */
-};
-
-
-typedef struct CRL_Monitor CRL_Monitor;
-
-/* CRL directory monitor */
-struct CRL_Monitor {
- char* path; /* full dir path, if valid pointer we're using */
- int type; /* PEM or ASN1 type */
-};
-
-
-#ifndef HAVE_CRL
- typedef struct WOLFSSL_CRL WOLFSSL_CRL;
-#endif
-
-/* wolfSSL CRL controller */
-struct WOLFSSL_CRL {
- WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
- CRL_Entry* crlList; /* our CRL list */
- wolfSSL_Mutex crlLock; /* CRL list lock */
- CRL_Monitor monitors[2]; /* PEM and DER possible */
-#ifdef HAVE_CRL_MONITOR
- pthread_t tid; /* monitoring thread */
- int mfd; /* monitor fd, -1 if no init yet */
-#endif
-};
-
-
-#ifdef NO_ASN
- typedef struct Signer Signer;
-#endif
-
-
-#ifndef CA_TABLE_SIZE
- #define CA_TABLE_SIZE 11
-#endif
-
-/* wolfSSL Certificate Manager */
-struct WOLFSSL_CERT_MANAGER {
- Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
- void* heap; /* heap helper */
- WOLFSSL_CRL* crl; /* CRL checker */
- WOLFSSL_OCSP* ocsp; /* OCSP checker */
- char* ocspOverrideURL; /* use this responder */
- void* ocspIOCtx; /* I/O callback CTX */
- CallbackCACache caCacheCallback; /* CA cache addition callback */
- CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
- CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
- CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
- wolfSSL_Mutex caLock; /* CA list lock */
- byte crlEnabled; /* is CRL on ? */
- byte crlCheckAll; /* always leaf, but all ? */
- byte ocspEnabled; /* is OCSP on ? */
- byte ocspCheckAll; /* always leaf, but all ? */
- byte ocspSendNonce; /* send the OCSP nonce ? */
- byte ocspUseOverrideURL; /* ignore cert's responder, override */
-};
-
-WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
-WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
-WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
-WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
-WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
-
-/* wolfSSL Sock Addr */
-struct WOLFSSL_SOCKADDR {
- unsigned int sz; /* sockaddr size */
- void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
-};
-
-typedef struct WOLFSSL_DTLS_CTX {
- WOLFSSL_SOCKADDR peer;
- int fd;
-} WOLFSSL_DTLS_CTX;
-
-
-#ifdef WOLFSSL_DTLS
-
- #ifdef WORD64_AVAILABLE
- typedef word64 DtlsSeq;
- #else
- typedef word32 DtlsSeq;
- #endif
- #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
-
- typedef struct DtlsState {
- DtlsSeq window; /* Sliding window for current epoch */
- word16 nextEpoch; /* Expected epoch in next record */
- word32 nextSeq; /* Expected sequence in next record */
-
- word16 curEpoch; /* Received epoch in current record */
- word32 curSeq; /* Received sequence in current record */
-
- DtlsSeq prevWindow; /* Sliding window for old epoch */
- word32 prevSeq; /* Next sequence in allowed old epoch */
- } DtlsState;
-
-#endif /* WOLFSSL_DTLS */
-
-
-/* keys and secrets */
-typedef struct Keys {
- byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
- byte server_write_MAC_secret[MAX_DIGEST_SIZE];
- byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
- byte server_write_key[AES_256_KEY_SIZE];
- byte client_write_IV[AES_IV_SIZE]; /* max sizes */
- byte server_write_IV[AES_IV_SIZE];
-#ifdef HAVE_AEAD
- byte aead_exp_IV[AEAD_EXP_IV_SZ];
- byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
- byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
-#endif
-
- word32 peer_sequence_number;
- word32 sequence_number;
-
-#ifdef WOLFSSL_DTLS
- DtlsState dtls_state; /* Peer's state */
- word16 dtls_peer_handshake_number;
- word16 dtls_expected_peer_handshake_number;
-
- word16 dtls_epoch; /* Current tx epoch */
- word32 dtls_sequence_number; /* Current tx sequence */
- word16 dtls_handshake_number; /* Current tx handshake seq */
-#endif
-
- word32 encryptSz; /* last size of encrypted data */
- word32 padSz; /* how much to advance after decrypt part */
- byte encryptionOn; /* true after change cipher spec */
- byte decryptedCur; /* only decrypt current record once */
-} Keys;
-
-
-
-/* RFC 6066 TLS Extensions */
-#ifdef HAVE_TLS_EXTENSIONS
-
-typedef enum {
- SERVER_NAME_INDICATION = 0x0000,
- MAX_FRAGMENT_LENGTH = 0x0001,
- TRUNCATED_HMAC = 0x0004,
- ELLIPTIC_CURVES = 0x000a,
- SESSION_TICKET = 0x0023,
- SECURE_RENEGOTIATION = 0xff01
-} TLSX_Type;
-
-typedef struct TLSX {
- TLSX_Type type; /* Extension Type */
- void* data; /* Extension Data */
- byte resp; /* IsResponse Flag */
- struct TLSX* next; /* List Behavior */
-} TLSX;
-
-WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
-WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list);
-WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
-
-#ifndef NO_WOLFSSL_CLIENT
-WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl);
-WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
-#endif
-
-#ifndef NO_WOLFSSL_SERVER
-WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl);
-WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
-#endif
-
-WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
- byte isRequest, Suites *suites);
-
-#elif defined(HAVE_SNI) \
- || defined(HAVE_MAX_FRAGMENT) \
- || defined(HAVE_TRUNCATED_HMAC) \
- || defined(HAVE_SUPPORTED_CURVES) \
- || defined(HAVE_SECURE_RENEGOTIATION) \
- || defined(HAVE_SESSION_TICKET)
-
-#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
-
-#endif /* HAVE_TLS_EXTENSIONS */
-
-/* Server Name Indication */
-#ifdef HAVE_SNI
-
-typedef struct SNI {
- byte type; /* SNI Type */
- union { char* host_name; } data; /* SNI Data */
- struct SNI* next; /* List Behavior */
-#ifndef NO_WOLFSSL_SERVER
- byte options; /* Behaviour options */
- byte status; /* Matching result */
-#endif
-} SNI;
-
-WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
- word16 size);
-
-#ifndef NO_WOLFSSL_SERVER
-WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
- byte options);
-WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
-WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
- void** data);
-WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
- byte type, byte* sni, word32* inOutSz);
-#endif
-
-#endif /* HAVE_SNI */
-
-/* Maximum Fragment Length */
-#ifdef HAVE_MAX_FRAGMENT
-
-WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
-
-#endif /* HAVE_MAX_FRAGMENT */
-
-#ifdef HAVE_TRUNCATED_HMAC
-
-WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
-
-#endif /* HAVE_TRUNCATED_HMAC */
-
-#ifdef HAVE_SUPPORTED_CURVES
-
-typedef struct EllipticCurve {
- word16 name; /* CurveNames */
- struct EllipticCurve* next; /* List Behavior */
-} EllipticCurve;
-
-WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
-
-#ifndef NO_WOLFSSL_SERVER
-WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
- byte second);
-#endif
-
-#endif /* HAVE_SUPPORTED_CURVES */
-
-#ifdef HAVE_SECURE_RENEGOTIATION
-
-enum key_cache_state {
- SCR_CACHE_NULL = 0, /* empty / begin state */
- SCR_CACHE_NEEDED, /* need to cache keys */
- SCR_CACHE_COPY, /* we have a cached copy */
- SCR_CACHE_PARTIAL, /* partial restore to real keys */
- SCR_CACHE_COMPLETE /* complete restore to real keys */
-};
-
-
-/* Additional Conection State according to rfc5746 section 3.1 */
-typedef struct SecureRenegotiation {
- byte enabled; /* secure_renegotiation flag in rfc */
- byte startScr; /* server requested client to start scr */
- enum key_cache_state cache_status; /* track key cache state */
- byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
- byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
- byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
- Keys tmp_keys; /* can't overwrite real keys yet */
-} SecureRenegotiation;
-
-WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
-
-#endif /* HAVE_SECURE_RENEGOTIATION */
-
-#ifdef HAVE_SESSION_TICKET
-
-typedef struct SessionTicket {
- word32 lifetime;
- byte* data;
- word16 size;
-} SessionTicket;
-
-WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
- SessionTicket* ticket);
-WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
- byte* data, word16 size);
-WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
-#endif /* HAVE_SESSION_TICKET */
-
-/* wolfSSL context type */
-struct WOLFSSL_CTX {
- WOLFSSL_METHOD* method;
- wolfSSL_Mutex countMutex; /* reference count mutex */
- int refCount; /* reference count */
-#ifndef NO_DH
- buffer serverDH_P;
- buffer serverDH_G;
-#endif
-#ifndef NO_CERTS
- buffer certificate;
- buffer certChain;
- /* chain after self, in DER, with leading size for each cert */
- buffer privateKey;
- WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
-#endif
- Suites* suites; /* make dynamic, user may not need/set */
- void* heap; /* for user memory overrides */
- byte verifyPeer;
- byte verifyNone;
- byte failNoCert;
- byte sessionCacheOff;
- byte sessionCacheFlushOff;
- byte sendVerify; /* for client side */
- byte haveRSA; /* RSA available */
- byte haveDH; /* server DH parms set by user */
- byte haveNTRU; /* server private NTRU key loaded */
- byte haveECDSAsig; /* server cert signed w/ ECDSA */
- byte haveStaticECC; /* static server ECC private key */
- byte partialWrite; /* only one msg per write call */
- byte quietShutdown; /* don't send close notify */
- byte groupMessages; /* group handshake messages before sending */
- byte minDowngrade; /* minimum downgrade version */
-#ifndef NO_DH
- word16 minDhKeySz; /* minimum DH key size */
-#endif
- CallbackIORecv CBIORecv;
- CallbackIOSend CBIOSend;
-#ifdef WOLFSSL_DTLS
- CallbackGenCookie CBIOCookie; /* gen cookie callback */
-#endif
- VerifyCallback verifyCallback; /* cert verification callback */
- word32 timeout; /* session timeout */
-#ifdef HAVE_ECC
- word16 eccTempKeySz; /* in octets 20 - 66 */
- word32 pkCurveOID; /* curve Ecc_Sum */
-#endif
-#ifndef NO_PSK
- byte havePSK; /* psk key set by user */
- psk_client_callback client_psk_cb; /* client callback */
- psk_server_callback server_psk_cb; /* server callback */
- char server_hint[MAX_PSK_ID_LEN];
-#endif /* NO_PSK */
-#ifdef HAVE_ANON
- byte haveAnon; /* User wants to allow Anon suites */
-#endif /* HAVE_ANON */
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- pem_password_cb passwd_cb;
- void* userdata;
-#endif /* OPENSSL_EXTRA */
-#ifdef HAVE_OCSP
- WOLFSSL_OCSP ocsp;
-#endif
-#ifdef HAVE_CAVIUM
- int devId; /* cavium device id to use */
-#endif
-#ifdef HAVE_TLS_EXTENSIONS
- TLSX* extensions; /* RFC 6066 TLS Extensions data */
- #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER)
- SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
- void* ticketEncCtx; /* session encrypt context */
- int ticketHint; /* ticket hint in seconds */
- #endif
-#endif
-#ifdef ATOMIC_USER
- CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
- CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
-#endif
-#ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- CallbackEccSign EccSignCb; /* User EccSign Callback handler */
- CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
- CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
- CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
- CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
- #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-};
-
-
-WOLFSSL_LOCAL
-int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*);
-WOLFSSL_LOCAL
-void FreeSSL_Ctx(WOLFSSL_CTX*);
-WOLFSSL_LOCAL
-void SSL_CtxResourceFree(WOLFSSL_CTX*);
-
-WOLFSSL_LOCAL
-int DeriveTlsKeys(WOLFSSL* ssl);
-WOLFSSL_LOCAL
-int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
- word32 inSz, word16 sz);
-#ifndef NO_CERTS
- WOLFSSL_LOCAL
- int AddCA(WOLFSSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
- WOLFSSL_LOCAL
- int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
-#endif
-
-/* All cipher suite related info */
-typedef struct CipherSpecs {
- word16 key_size;
- word16 iv_size;
- word16 block_size;
- word16 aead_mac_size;
- byte bulk_cipher_algorithm;
- byte cipher_type; /* block, stream, or aead */
- byte mac_algorithm;
- byte kea; /* key exchange algo */
- byte sig_algo;
- byte hash_size;
- byte pad_size;
- byte static_ecdh;
-} CipherSpecs;
-
-
-void InitCipherSpecs(CipherSpecs* cs);
-
-
-/* Supported Message Authentication Codes from page 43 */
-enum MACAlgorithm {
- no_mac,
- md5_mac,
- sha_mac,
- sha224_mac,
- sha256_mac, /* needs to match external KDF_MacAlgorithm */
- sha384_mac,
- sha512_mac,
- rmd_mac,
- blake2b_mac
-};
-
-
-/* Supported Key Exchange Protocols */
-enum KeyExchangeAlgorithm {
- no_kea,
- rsa_kea,
- diffie_hellman_kea,
- fortezza_kea,
- psk_kea,
- dhe_psk_kea,
- ntru_kea,
- ecc_diffie_hellman_kea,
- ecc_static_diffie_hellman_kea /* for verify suite only */
-};
-
-
-/* Supported Authentication Schemes */
-enum SignatureAlgorithm {
- anonymous_sa_algo,
- rsa_sa_algo,
- dsa_sa_algo,
- ecc_dsa_sa_algo
-};
-
-
-/* Supprted ECC Curve Types */
-enum EccCurves {
- named_curve = 3
-};
-
-
-/* Valid client certificate request types from page 27 */
-enum ClientCertificateType {
- rsa_sign = 1,
- dss_sign = 2,
- rsa_fixed_dh = 3,
- dss_fixed_dh = 4,
- rsa_ephemeral_dh = 5,
- dss_ephemeral_dh = 6,
- fortezza_kea_cert = 20,
- ecdsa_sign = 64,
- rsa_fixed_ecdh = 65,
- ecdsa_fixed_ecdh = 66
-};
-
-
-enum CipherType { stream, block, aead };
-
-
-
-
-
-
-/* cipher for now */
-typedef struct Ciphers {
-#ifdef BUILD_ARC4
- Arc4* arc4;
-#endif
-#ifdef BUILD_DES3
- Des3* des3;
-#endif
-#if defined(BUILD_AES) || defined(BUILD_AESGCM)
- Aes* aes;
-#endif
-#ifdef HAVE_CAMELLIA
- Camellia* cam;
-#endif
-#ifdef HAVE_CHACHA
- ChaCha* chacha;
-#endif
-#ifdef HAVE_HC128
- HC128* hc128;
-#endif
-#ifdef BUILD_RABBIT
- Rabbit* rabbit;
-#endif
- byte setup; /* have we set it up flag for detection */
-} Ciphers;
-
-
-#ifdef HAVE_ONE_TIME_AUTH
-/* Ciphers for one time authentication such as poly1305 */
-typedef struct OneTimeAuth {
-#ifdef HAVE_POLY1305
- Poly1305* poly1305;
-#endif
- byte setup; /* flag for if a cipher has been set */
-
-} OneTimeAuth;
-#endif
-
-
-WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
-WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
-
-
-/* hashes type */
-typedef struct Hashes {
- #ifndef NO_OLD_TLS
- byte md5[MD5_DIGEST_SIZE];
- #endif
- byte sha[SHA_DIGEST_SIZE];
- #ifndef NO_SHA256
- byte sha256[SHA256_DIGEST_SIZE];
- #endif
- #ifdef WOLFSSL_SHA384
- byte sha384[SHA384_DIGEST_SIZE];
- #endif
- #ifdef WOLFSSL_SHA512
- byte sha512[SHA512_DIGEST_SIZE];
- #endif
-} Hashes;
-
-
-/* Static x509 buffer */
-typedef struct x509_buffer {
- int length; /* actual size */
- byte buffer[MAX_X509_SIZE]; /* max static cert size */
-} x509_buffer;
-
-
-/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
-struct WOLFSSL_X509_CHAIN {
- int count; /* total number in chain */
- x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
-};
-
-
-/* wolfSSL session type */
-struct WOLFSSL_SESSION {
- word32 bornOn; /* create time in seconds */
- word32 timeout; /* timeout in seconds */
- byte sessionID[ID_LEN]; /* id for protocol */
- byte sessionIDSz;
- byte masterSecret[SECRET_LEN]; /* stored secret */
-#ifdef SESSION_CERTS
- WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
- ProtocolVersion version; /* which version was used */
- byte cipherSuite0; /* first byte, normally 0 */
- byte cipherSuite; /* 2nd byte, actual suite */
-#endif
-#ifndef NO_CLIENT_CACHE
- word16 idLen; /* serverID length */
- byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
-#endif
-#ifdef HAVE_SESSION_TICKET
- word16 ticketLen;
- byte ticket[SESSION_TICKET_LEN];
-#endif
-};
-
-
-WOLFSSL_LOCAL
-WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*);
-WOLFSSL_LOCAL
-int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
-
-typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int);
-
-#ifndef NO_CLIENT_CACHE
- WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
-#endif
-
-/* client connect state for nonblocking restart */
-enum ConnectState {
- CONNECT_BEGIN = 0,
- CLIENT_HELLO_SENT,
- HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
- HELLO_AGAIN_REPLY,
- FIRST_REPLY_DONE,
- FIRST_REPLY_FIRST,
- FIRST_REPLY_SECOND,
- FIRST_REPLY_THIRD,
- FIRST_REPLY_FOURTH,
- FINISHED_DONE,
- SECOND_REPLY_DONE
-};
-
-
-/* server accept state for nonblocking restart */
-enum AcceptState {
- ACCEPT_BEGIN = 0,
- ACCEPT_CLIENT_HELLO_DONE,
- HELLO_VERIFY_SENT,
- ACCEPT_FIRST_REPLY_DONE,
- SERVER_HELLO_SENT,
- CERT_SENT,
- KEY_EXCHANGE_SENT,
- CERT_REQ_SENT,
- SERVER_HELLO_DONE,
- ACCEPT_SECOND_REPLY_DONE,
- TICKET_SENT,
- CHANGE_CIPHER_SENT,
- ACCEPT_FINISHED_DONE,
- ACCEPT_THIRD_REPLY_DONE
-};
-
-
-typedef struct Buffers {
- bufferStatic inputBuffer;
- bufferStatic outputBuffer;
- buffer domainName; /* for client check */
- buffer clearOutputBuffer;
- int prevSent; /* previous plain text bytes sent
- when got WANT_WRITE */
- int plainSz; /* plain text bytes in buffer to send
- when got WANT_WRITE */
- byte weOwnCert; /* SSL own cert flag */
- byte weOwnCertChain; /* SSL own cert chain flag */
- byte weOwnKey; /* SSL own key flag */
- byte weOwnDH; /* SSL own dh (p,g) flag */
-#ifndef NO_DH
- buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
- buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
- buffer serverDH_Pub;
- buffer serverDH_Priv;
-#endif
-#ifndef NO_CERTS
- buffer certificate; /* WOLFSSL_CTX owns, unless we own */
- buffer key; /* WOLFSSL_CTX owns, unless we own */
- buffer certChain; /* WOLFSSL_CTX owns, unless we own */
- /* chain after self, in DER, with leading size for each cert */
-#endif
-#ifdef WOLFSSL_DTLS
- WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
-#endif
-#ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
- #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-} Buffers;
-
-typedef struct Options {
-#ifndef NO_PSK
- psk_client_callback client_psk_cb;
- psk_server_callback server_psk_cb;
- word16 havePSK:1; /* psk key set by user */
-#endif /* NO_PSK */
-
- /* on/off or small bit flags, optimize layout */
- word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
- word16 sessionCacheOff:1;
- word16 sessionCacheFlushOff:1;
- word16 side:1; /* client or server end */
- word16 verifyPeer:1;
- word16 verifyNone:1;
- word16 failNoCert:1;
- word16 downgrade:1; /* allow downgrade of versions */
- word16 resuming:1;
- word16 haveSessionId:1; /* server may not send */
- word16 tls:1; /* using TLS ? */
- word16 tls1_1:1; /* using TLSv1.1+ ? */
- word16 dtls:1; /* using datagrams ? */
- word16 connReset:1; /* has the peer reset */
- word16 isClosed:1; /* if we consider conn closed */
- word16 closeNotify:1; /* we've recieved a close notify */
- word16 sentNotify:1; /* we've sent a close notify */
- word16 usingCompression:1; /* are we using compression */
- word16 haveRSA:1; /* RSA available */
- word16 haveDH:1; /* server DH parms set by user */
- word16 haveNTRU:1; /* server NTRU private key loaded */
- word16 haveECDSAsig:1; /* server ECDSA signed cert */
- word16 haveStaticECC:1; /* static server ECC private key */
- word16 havePeerCert:1; /* do we have peer's cert */
- word16 havePeerVerify:1; /* and peer's cert verify */
- word16 usingPSK_cipher:1; /* are using psk as cipher */
- word16 usingAnon_cipher:1; /* are we using an anon cipher */
- word16 sendAlertState:1; /* nonblocking resume */
- word16 partialWrite:1; /* only one msg per write call */
- word16 quietShutdown:1; /* don't send close notify */
- word16 certOnly:1; /* stop once we get cert */
- word16 groupMessages:1; /* group handshake messages */
- word16 usingNonblock:1; /* are we using nonblocking socket */
- word16 saveArrays:1; /* save array Memory for user get keys
- or psk */
-#ifdef HAVE_POLY1305
- word16 oldPoly:1; /* set when to use old rfc way of poly*/
-#endif
-#ifdef HAVE_ANON
- word16 haveAnon:1; /* User wants to allow Anon suites */
-#endif
-#ifdef HAVE_SESSION_TICKET
- word16 createTicket:1; /* Server to create new Ticket */
- word16 useTicket:1; /* Use Ticket not session cache */
-#endif
-
- /* need full byte values for this section */
- byte processReply; /* nonblocking resume */
- byte cipherSuite0; /* first byte, normally 0 */
- byte cipherSuite; /* second byte, actual suite */
- byte serverState;
- byte clientState;
- byte handShakeState;
- byte handShakeDone; /* at least one handshake complete */
- byte minDowngrade; /* minimum downgrade version */
- byte connectState; /* nonblocking resume */
- byte acceptState; /* nonblocking resume */
-#ifndef NO_DH
- word16 minDhKeySz; /* minimum DH key size */
- word16 dhKeySz; /* actual DH key size */
-#endif
-
-} Options;
-
-typedef struct Arrays {
- word32 preMasterSz; /* differs for DH, actual size */
-#ifndef NO_PSK
- word32 psk_keySz; /* acutal size */
- char client_identity[MAX_PSK_ID_LEN];
- char server_hint[MAX_PSK_ID_LEN];
- byte psk_key[MAX_PSK_KEY_LEN];
-#endif
- byte clientRandom[RAN_LEN];
- byte serverRandom[RAN_LEN];
- byte sessionID[ID_LEN];
- byte sessionIDSz;
- byte preMasterSecret[ENCRYPT_LEN];
- byte masterSecret[SECRET_LEN];
-#ifdef WOLFSSL_DTLS
- byte cookie[MAX_COOKIE_LEN];
- byte cookieSz;
-#endif
-} Arrays;
-
-#ifndef ASN_NAME_MAX
-#define ASN_NAME_MAX 256
-#endif
-
-#ifndef MAX_DATE_SZ
-#define MAX_DATE_SZ 32
-#endif
-
-struct WOLFSSL_X509_NAME {
- char *name;
- char staticName[ASN_NAME_MAX];
- int dynamicName;
- int sz;
-#ifdef OPENSSL_EXTRA
- DecodedName fullName;
-#endif /* OPENSSL_EXTRA */
-};
-
-#ifndef EXTERNAL_SERIAL_SIZE
- #define EXTERNAL_SERIAL_SIZE 32
-#endif
-
-#ifdef NO_ASN
- typedef struct DNS_entry DNS_entry;
-#endif
-
-struct WOLFSSL_X509 {
- int version;
- WOLFSSL_X509_NAME issuer;
- WOLFSSL_X509_NAME subject;
- int serialSz;
- byte serial[EXTERNAL_SERIAL_SIZE];
- char subjectCN[ASN_NAME_MAX]; /* common name short cut */
-#ifdef WOLFSSL_SEP
- int deviceTypeSz;
- byte deviceType[EXTERNAL_SERIAL_SIZE];
- int hwTypeSz;
- byte hwType[EXTERNAL_SERIAL_SIZE];
- int hwSerialNumSz;
- byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
- #ifdef OPENSSL_EXTRA
- byte certPolicySet;
- byte certPolicyCrit;
- #endif /* OPENSSL_EXTRA */
-#endif
- int notBeforeSz;
- byte notBefore[MAX_DATE_SZ];
- int notAfterSz;
- byte notAfter[MAX_DATE_SZ];
- int sigOID;
- buffer sig;
- int pubKeyOID;
- buffer pubKey;
- #ifdef HAVE_ECC
- word32 pkCurveOID;
- #endif /* HAVE_ECC */
- buffer derCert; /* may need */
- DNS_entry* altNames; /* alt names list */
- DNS_entry* altNamesNext; /* hint for retrieval */
- byte dynamicMemory; /* dynamic memory flag */
- byte isCa;
-#ifdef OPENSSL_EXTRA
- word32 pathLength;
- word16 keyUsage;
- byte basicConstSet;
- byte basicConstCrit;
- byte basicConstPlSet;
- byte subjAltNameSet;
- byte subjAltNameCrit;
- byte authKeyIdSet;
- byte authKeyIdCrit;
- byte* authKeyId;
- word32 authKeyIdSz;
- byte subjKeyIdSet;
- byte subjKeyIdCrit;
- byte* subjKeyId;
- word32 subjKeyIdSz;
- byte keyUsageSet;
- byte keyUsageCrit;
-#endif /* OPENSSL_EXTRA */
-};
-
-
-/* record layer header for PlainText, Compressed, and CipherText */
-typedef struct RecordLayerHeader {
- byte type;
- byte pvMajor;
- byte pvMinor;
- byte length[2];
-} RecordLayerHeader;
-
-
-/* record layer header for DTLS PlainText, Compressed, and CipherText */
-typedef struct DtlsRecordLayerHeader {
- byte type;
- byte pvMajor;
- byte pvMinor;
- byte epoch[2]; /* increment on cipher state change */
- byte sequence_number[6]; /* per record */
- byte length[2];
-} DtlsRecordLayerHeader;
-
-
-typedef struct DtlsPool {
- buffer buf[DTLS_POOL_SZ];
- int used;
-} DtlsPool;
-
-typedef struct DtlsMsg {
- struct DtlsMsg* next;
- word32 seq; /* Handshake sequence number */
- word32 sz; /* Length of whole mesage */
- word32 fragSz; /* Length of fragments received */
- byte type;
- byte* buf;
- byte* msg;
-} DtlsMsg;
-
-
-#ifdef HAVE_NETX
-
- /* NETX I/O Callback default */
- typedef struct NetX_Ctx {
- NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
- NX_PACKET* nxPacket; /* incoming packet handle for short reads */
- ULONG nxOffset; /* offset already read from nxPacket */
- ULONG nxWait; /* wait option flag */
- } NetX_Ctx;
-
-#endif
-
-
-/* Handshake messages recevied from peer (plus change cipher */
-typedef struct MsgsReceived {
- word16 got_hello_request:1;
- word16 got_client_hello:1;
- word16 got_server_hello:1;
- word16 got_hello_verify_request:1;
- word16 got_session_ticket:1;
- word16 got_certificate:1;
- word16 got_server_key_exchange:1;
- word16 got_certificate_request:1;
- word16 got_server_hello_done:1;
- word16 got_certificate_verify:1;
- word16 got_client_key_exchange:1;
- word16 got_finished:1;
- word16 got_change_cipher:1;
-} MsgsReceived;
-
-
-/* Handshake hashes */
-typedef struct HS_Hashes {
- Hashes verifyHashes;
- Hashes certHashes; /* for cert verify */
-#ifndef NO_OLD_TLS
-#ifndef NO_SHA
- Sha hashSha; /* sha hash of handshake msgs */
-#endif
-#ifndef NO_MD5
- Md5 hashMd5; /* md5 hash of handshake msgs */
-#endif
-#endif /* NO_OLD_TLS */
-#ifndef NO_SHA256
- Sha256 hashSha256; /* sha256 hash of handshake msgs */
-#endif
-#ifdef WOLFSSL_SHA384
- Sha384 hashSha384; /* sha384 hash of handshake msgs */
-#endif
-#ifdef WOLFSSL_SHA512
- Sha512 hashSha512; /* sha512 hash of handshake msgs */
-#endif
-} HS_Hashes;
-
-
-/* wolfSSL ssl type */
-struct WOLFSSL {
- WOLFSSL_CTX* ctx;
- Suites* suites; /* only need during handshake */
- Arrays* arrays;
- HS_Hashes* hsHashes;
- void* IOCB_ReadCtx;
- void* IOCB_WriteCtx;
- RNG* rng;
- void* verifyCbCtx; /* cert verify callback user ctx*/
- VerifyCallback verifyCallback; /* cert verification callback */
- void* heap; /* for user overrides */
-#ifndef NO_HANDSHAKE_DONE_CB
- HandShakeDoneCb hsDoneCb; /* notify user handshake done */
- void* hsDoneCtx; /* user handshake cb context */
-#endif
- WOLFSSL_CIPHER cipher;
- hmacfp hmac;
- Ciphers encrypt;
- Ciphers decrypt;
- Buffers buffers;
- WOLFSSL_SESSION session;
- WOLFSSL_ALERT_HISTORY alert_history;
- int error;
- int rfd; /* read file descriptor */
- int wfd; /* write file descriptor */
- int rflags; /* user read flags */
- int wflags; /* user write flags */
- word32 timeout; /* session timeout */
- word16 curSize;
- RecordLayerHeader curRL;
- MsgsReceived msgsReceived; /* peer messages received */
- ProtocolVersion version; /* negotiated version */
- ProtocolVersion chVersion; /* client hello version */
- CipherSpecs specs;
- Keys keys;
- Options options;
-#ifdef OPENSSL_EXTRA
- WOLFSSL_BIO* biord; /* socket bio read to free/close */
- WOLFSSL_BIO* biowr; /* socket bio write to free/close */
-#endif
-#ifndef NO_RSA
- RsaKey* peerRsaKey;
- byte peerRsaKeyPresent;
-#endif
-#ifdef HAVE_NTRU
- word16 peerNtruKeyLen;
- byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
- byte peerNtruKeyPresent;
-#endif
-#ifdef HAVE_ECC
- ecc_key* peerEccKey; /* peer's ECDHE key */
- ecc_key* peerEccDsaKey; /* peer's ECDSA key */
- ecc_key* eccTempKey; /* private ECDHE key */
- word32 pkCurveOID; /* curve Ecc_Sum */
- word16 eccTempKeySz; /* in octets 20 - 66 */
- byte peerEccKeyPresent;
- byte peerEccDsaKeyPresent;
- byte eccTempKeyPresent;
-#endif
-#ifdef HAVE_LIBZ
- z_stream c_stream; /* compression stream */
- z_stream d_stream; /* decompression stream */
- byte didStreamInit; /* for stream init and end */
-#endif
-#ifdef WOLFSSL_DTLS
- int dtls_timeout_init; /* starting timeout vaule */
- int dtls_timeout_max; /* maximum timeout value */
- int dtls_timeout; /* current timeout value, changes */
- DtlsPool* dtls_pool;
- DtlsMsg* dtls_msg_list;
- void* IOCB_CookieCtx; /* gen cookie ctx */
- word32 dtls_expected_rx;
-#endif
-#ifdef WOLFSSL_CALLBACKS
- HandShakeInfo handShakeInfo; /* info saved during handshake */
- TimeoutInfo timeoutInfo; /* info saved during handshake */
- byte hsInfoOn; /* track handshake info */
- byte toInfoOn; /* track timeout info */
-#endif
-#ifdef HAVE_FUZZER
- CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
- void* fuzzerCtx; /* user defined pointer */
-#endif
-#ifdef KEEP_PEER_CERT
- WOLFSSL_X509 peerCert; /* X509 peer cert */
-#endif
-#ifdef FORTRESS
- void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
-#endif
-#ifdef HAVE_CAVIUM
- int devId; /* cavium device id to use */
-#endif
-#ifdef HAVE_ONE_TIME_AUTH
- OneTimeAuth auth;
-#endif
-#ifdef HAVE_TLS_EXTENSIONS
- TLSX* extensions; /* RFC 6066 TLS Extensions data */
- #ifdef HAVE_MAX_FRAGMENT
- word16 max_fragment;
- #endif
- #ifdef HAVE_TRUNCATED_HMAC
- byte truncated_hmac;
- #endif
- #ifdef HAVE_SECURE_RENEGOTIATION
- SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
- #endif /* user turned on */
- #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
- CallbackSessionTicket session_ticket_cb;
- void* session_ticket_ctx;
- byte expect_session_ticket;
- #endif
-#endif /* HAVE_TLS_EXTENSIONS */
-#ifdef HAVE_NETX
- NetX_Ctx nxCtx; /* NetX IO Context */
-#endif
-#ifdef SESSION_INDEX
- int sessionIndex; /* Session's location in the cache. */
-#endif
-#ifdef ATOMIC_USER
- void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
- void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
-#endif
-#ifdef HAVE_PK_CALLBACKS
- #ifdef HAVE_ECC
- void* EccSignCtx; /* Ecc Sign Callback Context */
- void* EccVerifyCtx; /* Ecc Verify Callback Context */
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- void* RsaSignCtx; /* Rsa Sign Callback Context */
- void* RsaVerifyCtx; /* Rsa Verify Callback Context */
- void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
- void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
- #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-#ifdef HAVE_SECRET_CALLBACK
- SessionSecretCb sessionSecretCb;
- void* sessionSecretCtx;
-#endif /* HAVE_SECRET_CALLBACK */
-};
-
-
-WOLFSSL_LOCAL
-int InitSSL(WOLFSSL*, WOLFSSL_CTX*);
-WOLFSSL_LOCAL
-void FreeSSL(WOLFSSL*);
-WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
-
-
-enum {
- IV_SZ = 32, /* max iv sz */
- NAME_SZ = 80 /* max one line */
-};
-
-
-typedef struct EncryptedInfo {
- char name[NAME_SZ]; /* encryption name */
- byte iv[IV_SZ]; /* encrypted IV */
- word32 ivSz; /* encrypted IV size */
- long consumed; /* tracks PEM bytes consumed */
- byte set; /* if encryption set */
- WOLFSSL_CTX* ctx; /* CTX owner */
-} EncryptedInfo;
-
-
-#ifndef NO_CERTS
- WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
- buffer* der, void* heap, EncryptedInfo* info,
- int* eccKey);
-
- WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
- int type, WOLFSSL* ssl, int userChain,
- WOLFSSL_CRL* crl);
-#endif
-
-
-#ifdef WOLFSSL_CALLBACKS
- WOLFSSL_LOCAL
- void InitHandShakeInfo(HandShakeInfo*);
- WOLFSSL_LOCAL
- void FinishHandShakeInfo(HandShakeInfo*, const WOLFSSL*);
- WOLFSSL_LOCAL
- void AddPacketName(const char*, HandShakeInfo*);
-
- WOLFSSL_LOCAL
- void InitTimeoutInfo(TimeoutInfo*);
- WOLFSSL_LOCAL
- void FreeTimeoutInfo(TimeoutInfo*, void*);
- WOLFSSL_LOCAL
- void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
- WOLFSSL_LOCAL
- void AddLateName(const char*, TimeoutInfo*);
- WOLFSSL_LOCAL
- void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
-#endif
-
-
-/* Record Layer Header identifier from page 12 */
-enum ContentType {
- no_type = 0,
- change_cipher_spec = 20,
- alert = 21,
- handshake = 22,
- application_data = 23
-};
-
-
-/* handshake header, same for each message type, pgs 20/21 */
-typedef struct HandShakeHeader {
- byte type;
- word24 length;
-} HandShakeHeader;
-
-
-/* DTLS handshake header, same for each message type */
-typedef struct DtlsHandShakeHeader {
- byte type;
- word24 length;
- byte message_seq[2]; /* start at 0, restransmit gets same # */
- word24 fragment_offset; /* bytes in previous fragments */
- word24 fragment_length; /* length of this fragment */
-} DtlsHandShakeHeader;
-
-
-enum HandShakeType {
- no_shake = -1,
- hello_request = 0,
- client_hello = 1,
- server_hello = 2,
- hello_verify_request = 3, /* DTLS addition */
- session_ticket = 4,
- certificate = 11,
- server_key_exchange = 12,
- certificate_request = 13,
- server_hello_done = 14,
- certificate_verify = 15,
- client_key_exchange = 16,
- finished = 20,
- certificate_status = 22,
- change_cipher_hs = 55 /* simulate unique handshake type for sanity
- checks. record layer change_cipher
- conflicts with handshake finished */
-};
-
-
-static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
-static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
-
-static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
-static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
-
-
-/* internal functions */
-WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
-WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
-WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
-WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
-WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
-WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
-WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
-WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
-WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
-WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
-WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
-WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
-
-WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
-WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
-
-WOLFSSL_LOCAL int AddSession(WOLFSSL*);
-WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
-WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
-
-WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
-WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
-
-WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
-WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
-WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
-
-WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
-#ifndef NO_CERTS
- WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
- #ifndef NO_SKID
- WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
- #endif
-#endif
-WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
- const byte* sender);
-WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
-WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
-WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
-
-#ifndef NO_TLS
- WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
- WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
- word32 sz, int content, int verify);
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
- WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
- WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
- WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
-#endif /* NO_WOLFSSL_CLIENT */
-
-#ifndef NO_WOLFSSL_SERVER
- WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
- WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
- #ifdef WOLFSSL_DTLS
- WOLFSSL_LOCAL int SendHelloVerifyRequest(WOLFSSL*);
- #endif
-#endif /* NO_WOLFSSL_SERVER */
-
-#ifdef WOLFSSL_DTLS
- WOLFSSL_LOCAL int DtlsPoolInit(WOLFSSL*);
- WOLFSSL_LOCAL int DtlsPoolSave(WOLFSSL*, const byte*, int);
- WOLFSSL_LOCAL int DtlsPoolTimeout(WOLFSSL*);
- WOLFSSL_LOCAL int DtlsPoolSend(WOLFSSL*);
- WOLFSSL_LOCAL void DtlsPoolReset(WOLFSSL*);
-
- WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
- WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
- WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
- WOLFSSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
- word32, word32);
- WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
- WOLFSSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32,
- byte, word32, word32, void*);
- WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
-#endif /* WOLFSSL_DTLS */
-
-#ifndef NO_TLS
-
-
-#endif /* NO_TLS */
-
-
-WOLFSSL_LOCAL word32 LowResTimer(void);
-
-WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
-WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
-WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int);
-WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
-#ifndef NO_CERTS
- WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
-#endif
-
-/* used by ssl.c and wolfssl_int.c */
-WOLFSSL_LOCAL void c32to24(word32 in, word24 out);
-
-WOLFSSL_LOCAL const char* const* GetCipherNames(void);
-WOLFSSL_LOCAL int GetCipherNamesSize(void);
-
-
-enum encrypt_side {
- ENCRYPT_SIDE_ONLY = 1,
- DECRYPT_SIDE_ONLY,
- ENCRYPT_AND_DECRYPT_SIDE
-};
-
-WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* wolfSSL_INT_H */
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/mem_track.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,157 @@
+/* mem_track.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLFSSL_MEM_TRACK_H
+#define WOLFSSL_MEM_TRACK_H
+
+#ifdef USE_WOLFSSL_MEMORY
+
+ #include "wolfssl/wolfcrypt/logging.h"
+
+ typedef struct memoryStats {
+ size_t totalAllocs; /* number of allocations */
+ size_t totalBytes; /* total number of bytes allocated */
+ size_t peakBytes; /* concurrent max bytes */
+ size_t currentBytes; /* total current bytes in use */
+ } memoryStats;
+
+ typedef struct memHint {
+ size_t thisSize; /* size of this memory */
+ void* thisMemory; /* actual memory for user */
+ } memHint;
+
+ typedef struct memoryTrack {
+ union {
+ memHint hint;
+ byte alignit[16]; /* make sure we have strong alignment */
+ } u;
+ } memoryTrack;
+
+ #if defined(WOLFSSL_TRACK_MEMORY)
+ #define DO_MEM_STATS
+ static memoryStats ourMemStats;
+ #endif
+
+ static INLINE void* TrackMalloc(size_t sz)
+ {
+ memoryTrack* mt;
+
+ if (sz == 0)
+ return NULL;
+
+ mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
+ if (mt == NULL)
+ return NULL;
+
+ mt->u.hint.thisSize = sz;
+ mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack);
+
+#ifdef DO_MEM_STATS
+ ourMemStats.totalAllocs++;
+ ourMemStats.totalBytes += sz;
+ ourMemStats.currentBytes += sz;
+ if (ourMemStats.currentBytes > ourMemStats.peakBytes)
+ ourMemStats.peakBytes = ourMemStats.currentBytes;
+#endif
+
+ return mt->u.hint.thisMemory;
+ }
+
+
+ static INLINE void TrackFree(void* ptr)
+ {
+ memoryTrack* mt;
+
+ if (ptr == NULL) {
+ return;
+ }
+
+ mt = (memoryTrack*)ptr;
+ --mt; /* same as minus sizeof(memoryTrack), removes header */
+
+#ifdef DO_MEM_STATS
+ ourMemStats.currentBytes -= mt->u.hint.thisSize;
+#endif
+
+ free(mt);
+ }
+
+
+ static INLINE void* TrackRealloc(void* ptr, size_t sz)
+ {
+ void* ret = TrackMalloc(sz);
+
+ if (ptr) {
+ /* if realloc is bigger, don't overread old ptr */
+ memoryTrack* mt = (memoryTrack*)ptr;
+ --mt; /* same as minus sizeof(memoryTrack), removes header */
+
+ if (mt->u.hint.thisSize < sz)
+ sz = mt->u.hint.thisSize;
+ }
+
+ if (ret && ptr)
+ memcpy(ret, ptr, sz);
+
+ if (ret)
+ TrackFree(ptr);
+
+ return ret;
+ }
+
+ static INLINE int InitMemoryTracker(void)
+ {
+ int ret = wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc);
+ if (ret < 0) {
+ printf("wolfSSL SetAllocators failed for track memory\n");
+ return ret;
+ }
+
+ #ifdef DO_MEM_STATS
+ ourMemStats.totalAllocs = 0;
+ ourMemStats.totalBytes = 0;
+ ourMemStats.peakBytes = 0;
+ ourMemStats.currentBytes = 0;
+ #endif
+
+ return ret;
+ }
+
+ static INLINE void ShowMemoryTracker(void)
+ {
+ #ifdef DO_MEM_STATS
+ printf("total Allocs = %9lu\n",
+ (unsigned long)ourMemStats.totalAllocs);
+ printf("total Bytes = %9lu\n",
+ (unsigned long)ourMemStats.totalBytes);
+ printf("peak Bytes = %9lu\n",
+ (unsigned long)ourMemStats.peakBytes);
+ printf("current Bytes = %9lu\n",
+ (unsigned long)ourMemStats.currentBytes);
+ #endif
+ }
+
+#endif /* USE_WOLFSSL_MEMORY */
+
+#endif /* WOLFSSL_MEM_TRACK_H */
+
--- a/wolfssl/ocsp.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,53 +0,0 @@
-/* ocsp.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/* wolfSSL OCSP API */
-
-#ifndef WOLFSSL_OCSP_H
-#define WOLFSSL_OCSP_H
-
-#ifdef HAVE_OCSP
-
-#include <wolfssl/ssl.h>
-#include <wolfssl/wolfcrypt/asn.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
-
-WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
-WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
-
-WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* HAVE_OCSP */
-#endif /* WOLFSSL_OCSP_H */
-
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/asn1.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,20 @@
+/* asn1.h for openssl */
+
+#ifndef WOLFSSL_ASN1_H_
+#define WOLFSSL_ASN1_H_
+struct WOLFSSL_ASN1_BIT_STRING {
+ int length;
+ int type;
+ char* data;
+ long flags;
+};
+
+struct WOLFSSL_ASN1_STRING {
+ int length;
+ int type;
+ char* data;
+ long flags;
+};
+
+#endif /* WOLFSSL_ASN1_H_ */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/bio.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,24 @@
+/* bio.h for openssl */
+
+
+#ifndef WOLFSSL_BIO_H_
+#define WOLFSSL_BIO_H_
+
+#include <wolfssl/openssl/ssl.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_BIO_H_ */
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/bn.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,152 @@
+/* bn.h for openssl */
+
+
+#ifndef WOLFSSL_BN_H_
+#define WOLFSSL_BN_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/integer.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef struct WOLFSSL_BIGNUM {
+ int neg; /* openssh deference */
+ void* internal; /* our big num */
+} WOLFSSL_BIGNUM;
+
+
+#define WOLFSSL_BN_ULONG mp_digit
+
+typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
+typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
+
+WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
+WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*);
+WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*);
+
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
+WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM*);
+WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
+
+
+WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
+ const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
+ const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
+
+WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
+
+
+WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len,
+ WOLFSSL_BIGNUM* ret);
+
+WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
+
+WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
+WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
+WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
+
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*,
+ const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
+WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+
+WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+ WOLFSSL_BIGNUM*);
+WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
+ WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
+ WOLFSSL_BN_ULONG);
+#ifndef NO_FILESYSTEM
+ WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
+#endif
+WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
+
+typedef WOLFSSL_BIGNUM BIGNUM;
+typedef WOLFSSL_BN_CTX BN_CTX;
+typedef WOLFSSL_BN_GENCB BN_GENCB;
+
+#define BN_CTX_new wolfSSL_BN_CTX_new
+#define BN_CTX_init wolfSSL_BN_CTX_init
+#define BN_CTX_free wolfSSL_BN_CTX_free
+
+#define BN_new wolfSSL_BN_new
+#define BN_free wolfSSL_BN_free
+#define BN_clear_free wolfSSL_BN_clear_free
+
+#define BN_num_bytes wolfSSL_BN_num_bytes
+#define BN_num_bits wolfSSL_BN_num_bits
+
+#define BN_is_zero wolfSSL_BN_is_zero
+#define BN_is_one wolfSSL_BN_is_one
+#define BN_is_odd wolfSSL_BN_is_odd
+
+#define BN_cmp wolfSSL_BN_cmp
+
+#define BN_bn2bin wolfSSL_BN_bn2bin
+#define BN_bin2bn wolfSSL_BN_bin2bn
+
+#define BN_mod wolfSSL_BN_mod
+#define BN_sub wolfSSL_BN_sub
+#define BN_value_one wolfSSL_BN_value_one
+
+#define BN_mask_bits wolfSSL_mask_bits
+
+#define BN_rand wolfSSL_BN_rand
+#define BN_is_bit_set wolfSSL_BN_is_bit_set
+#define BN_hex2bn wolfSSL_BN_hex2bn
+
+#define BN_dup wolfSSL_BN_dup
+#define BN_copy wolfSSL_BN_copy
+
+#define BN_set_word wolfSSL_BN_set_word
+
+#define BN_dec2bn wolfSSL_BN_dec2bn
+#define BN_bn2dec wolfSSL_BN_bn2dec
+#define BN_bn2hex wolfSSL_BN_bn2hex
+
+#define BN_lshift wolfSSL_BN_lshift
+#define BN_add_word wolfSSL_BN_add_word
+#define BN_add wolfSSL_BN_add
+#define BN_set_word wolfSSL_BN_set_word
+#define BN_set_bit wolfSSL_BN_set_bit
+
+
+#define BN_is_prime_ex wolfSSL_BN_is_prime_ex
+#define BN_print_fp wolfSSL_BN_print_fp
+#define BN_rshift wolfSSL_BN_rshift
+#define BN_mod_word wolfSSL_BN_mod_word
+
+#define BN_CTX_get wolfSSL_BN_CTX_get
+#define BN_CTX_start wolfSSL_BN_CTX_start
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL__H_ */
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/conf.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,3 @@ +/* conf.h for openssl */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/crypto.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,39 @@ +/* crypto.h for openSSL */ + +#ifndef WOLFSSL_CRYPTO_H_ +#define WOLFSSL_CRYPTO_H_ + + +#include <wolfssl/wolfcrypt/settings.h> + +#ifdef WOLFSSL_PREFIX +#include "prefix_crypto.h" +#endif + + +WOLFSSL_API const char* wolfSSLeay_version(int type); +WOLFSSL_API unsigned long wolfSSLeay(void); + +#define CRYPTO_THREADID void + +#define SSLeay_version wolfSSLeay_version +#define SSLeay wolfSSLeay + + +#define SSLEAY_VERSION 0x0090600fL +#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION + +#ifdef HAVE_STUNNEL +#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions +#define FIPS_mode wolfSSL_FIPS_mode +#define FIPS_mode_set wolfSSL_FIPS_mode_set +typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void* argp); +#define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback +#define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric +#endif /* HAVE_STUNNEL */ + +#endif /* header */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/des.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,108 @@
+/* des.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* des.h defines mini des openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_DES_H_
+#define WOLFSSL_DES_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_DES3
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_des.h"
+#endif
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef unsigned char WOLFSSL_DES_cblock[8];
+typedef /* const */ WOLFSSL_DES_cblock WOLFSSL_const_DES_cblock;
+typedef WOLFSSL_DES_cblock WOLFSSL_DES_key_schedule;
+
+
+enum {
+ DES_ENCRYPT = 1,
+ DES_DECRYPT = 0
+};
+
+
+WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock*,
+ WOLFSSL_DES_key_schedule*);
+WOLFSSL_API int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
+ WOLFSSL_DES_key_schedule* schedule);
+WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
+ unsigned char* output, long length,
+ WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
+ int enc);
+WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
+ unsigned char* output, long length,
+ WOLFSSL_DES_key_schedule* schedule,
+ WOLFSSL_DES_cblock* ivec, int enc);
+
+WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*);
+WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*,
+ WOLFSSL_DES_key_schedule*, int);
+
+
+typedef WOLFSSL_DES_cblock DES_cblock;
+typedef WOLFSSL_const_DES_cblock const_DES_cblock;
+typedef WOLFSSL_DES_key_schedule DES_key_schedule;
+
+#define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked
+#define DES_key_sched wolfSSL_DES_key_sched
+#define DES_cbc_encrypt wolfSSL_DES_cbc_encrypt
+#define DES_ncbc_encrypt wolfSSL_DES_ncbc_encrypt
+#define DES_set_odd_parity wolfSSL_DES_set_odd_parity
+#define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt
+#define DES_ede3_cbc_encrypt(input, output, sz, ks1, ks2, ks3, ivec, enc) \
+do { \
+ Des3 des; \
+ byte key[24];/* EDE uses 24 size key */ \
+ memcpy(key, (ks1), DES_BLOCK_SIZE); \
+ memcpy(&key[DES_BLOCK_SIZE], (ks2), DES_BLOCK_SIZE); \
+ memcpy(&key[DES_BLOCK_SIZE * 2], (ks3), DES_BLOCK_SIZE); \
+ if (enc) { \
+ wc_Des3_SetKey(&des, key, (const byte*)(ivec), DES_ENCRYPTION); \
+ wc_Des3_CbcEncrypt(&des, (output), (input), (sz)); \
+ } \
+ else { \
+ wc_Des3_SetKey(&des, key, (const byte*)(ivec), DES_ENCRYPTION); \
+ wc_Des3_CbcDecrypt(&des, (output), (input), (sz)); \
+ } \
+} while(0)
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_DES3 */
+
+#endif /* WOLFSSL_DES_H_ */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/dh.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,56 @@
+/* dh.h for openSSL */
+
+
+#ifndef WOLFSSL_DH_H_
+#define WOLFSSL_DH_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+struct WOLFSSL_DH {
+ WOLFSSL_BIGNUM* p;
+ WOLFSSL_BIGNUM* g;
+ WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */
+ WOLFSSL_BIGNUM* priv_key; /* openssh deference x */
+ void* internal; /* our DH */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+ /*added for lighttpd openssl compatibility, go back and add a getter in
+ * lighttpd src code.
+ */
+ int length;
+};
+
+
+WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
+WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*);
+
+WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub,
+ WOLFSSL_DH*);
+
+typedef WOLFSSL_DH DH;
+
+#define DH_new wolfSSL_DH_new
+#define DH_free wolfSSL_DH_free
+
+#define DH_size wolfSSL_DH_size
+#define DH_generate_key wolfSSL_DH_generate_key
+#define DH_compute_key wolfSSL_DH_compute_key
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#ifdef HAVE_STUNNEL
+#define DH_generate_parameters wolfSSL_DH_generate_parameters
+#define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex
+#endif /* HAVE_STUNNEL */
+#endif /* header */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/dsa.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,55 @@
+/* dsa.h for openSSL */
+
+
+#ifndef WOLFSSL_DSA_H_
+#define WOLFSSL_DSA_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+struct WOLFSSL_DSA {
+ WOLFSSL_BIGNUM* p;
+ WOLFSSL_BIGNUM* q;
+ WOLFSSL_BIGNUM* g;
+ WOLFSSL_BIGNUM* pub_key; /* our y */
+ WOLFSSL_BIGNUM* priv_key; /* our x */
+ void* internal; /* our Dsa Key */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+};
+
+
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
+WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
+
+WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
+WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
+ unsigned char* seed, int seedLen, int* counterRet,
+ unsigned long* hRet, void* cb);
+
+WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
+
+WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d,
+ unsigned char* sigRet, WOLFSSL_DSA* dsa);
+
+WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
+ unsigned char* sig,
+ WOLFSSL_DSA* dsa, int *dsacheck);
+
+#define DSA_new wolfSSL_DSA_new
+#define DSA_free wolfSSL_DSA_free
+
+#define DSA_generate_key wolfSSL_DSA_generate_key
+#define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* header */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/ec.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,166 @@
+/* ec.h for openssl */
+
+#ifndef WOLFSSL_EC_H_
+#define WOLFSSL_EC_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Map OpenSSL NID value */
+enum {
+ POINT_CONVERSION_UNCOMPRESSED = 4,
+ NID_secp111r1 = 0,
+ NID_secp128r1 = 1,
+ NID_secp160r1 = 2,
+ NID_cert192 = 3,
+ NID_cert224 = 4,
+ NID_X9_62_prime256v1 = 5,
+ NID_secp384r1 = 6,
+ NID_secp521r1 = 7,
+ NID_X9_62_prime_field = 100,
+ OPENSSL_EC_NAMED_CURVE = 0x001
+};
+
+struct WOLFSSL_EC_POINT {
+ WOLFSSL_BIGNUM *X;
+ WOLFSSL_BIGNUM *Y;
+ WOLFSSL_BIGNUM *Z;
+
+ void* internal; /* our ECC point */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+};
+
+struct WOLFSSL_EC_GROUP {
+ int curve_idx; /* index of curve, used by WolfSSL as reference */
+ int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as reference */
+};
+
+struct WOLFSSL_EC_KEY {
+ WOLFSSL_EC_GROUP *group;
+ WOLFSSL_EC_POINT *pub_key;
+ WOLFSSL_BIGNUM *priv_key;
+
+ void* internal; /* our ECC Key */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+};
+
+WOLFSSL_API
+int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve,
+ const WOLFSSL_EC_POINT *p,
+ unsigned char *out, unsigned int *len);
+WOLFSSL_API
+int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
+ const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
+WOLFSSL_API
+int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
+ const unsigned char* der, int derSz);
+WOLFSSL_API
+void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
+ const WOLFSSL_BIGNUM *priv_key);
+WOLFSSL_API
+WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
+ const WOLFSSL_EC_POINT *pub);
+WOLFSSL_API
+void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
+WOLFSSL_API
+WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
+ WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
+#if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
+WOLFSSL_API
+void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
+#endif
+WOLFSSL_API
+WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *p,
+ WOLFSSL_BIGNUM *x,
+ WOLFSSL_BIGNUM *y,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
+ const WOLFSSL_BIGNUM *n,
+ const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API
+int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API
+int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *a);
+
+#define EC_KEY_free wolfSSL_EC_KEY_free
+#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key
+#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group
+#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key
+#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key
+#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name
+#define EC_KEY_set_group wolfSSL_EC_KEY_set_group
+#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key
+#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag
+#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key
+#define EC_KEY_new wolfSSL_EC_KEY_new
+
+#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
+#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
+#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp
+#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name
+#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
+#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
+#define EC_GROUP_free wolfSSL_EC_GROUP_free
+
+#define EC_POINT_new wolfSSL_EC_POINT_new
+#define EC_POINT_get_affine_coordinates_GFp \
+ wolfSSL_EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_mul wolfSSL_EC_POINT_mul
+#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
+#define EC_POINT_cmp wolfSSL_EC_POINT_cmp
+#define EC_POINT_free wolfSSL_EC_POINT_free
+#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/ec25519.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,24 @@
+/* ec25519.h */
+
+#ifndef WOLFSSL_EC25519_H_
+#define WOLFSSL_EC25519_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz);
+
+WOLFSSL_API
+int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
+ const unsigned char *priv, unsigned int privSz,
+ const unsigned char *pub, unsigned int pubSz);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/ecdh.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,29 @@
+/* ecdh.h for openssl */
+
+#ifndef WOLFSSL_ECDH_H_
+#define WOLFSSL_ECDH_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+WOLFSSL_API int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
+ const WOLFSSL_EC_POINT *pub_key,
+ WOLFSSL_EC_KEY *ecdh,
+ void *(*KDF) (const void *in,
+ size_t inlen,
+ void *out,
+ size_t *outlen));
+
+#define ECDH_compute_key wolfSSL_ECDH_compute_key
+
+#ifdef __cplusplus
+} /* extern C */
+#endif
+
+#endif /* header */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/ecdsa.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,40 @@
+/* ecdsa.h for openssl */
+
+#ifndef WOLFSSL_ECDSA_H_
+#define WOLFSSL_ECDSA_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct WOLFSSL_ECDSA_SIG {
+ WOLFSSL_BIGNUM *r;
+ WOLFSSL_BIGNUM *s;
+};
+
+WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig);
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void);
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst,
+ int dgst_len,
+ WOLFSSL_EC_KEY *eckey);
+WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst,
+ int dgst_len,
+ const WOLFSSL_ECDSA_SIG *sig,
+ WOLFSSL_EC_KEY *eckey);
+
+#define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free
+#define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new
+#define ECDSA_do_sign wolfSSL_ECDSA_do_sign
+#define ECDSA_do_verify wolfSSL_ECDSA_do_verify
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/ed25519.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,27 @@
+/* ed25519.h */
+
+#ifndef WOLFSSL_ED25519_H_
+#define WOLFSSL_ED25519_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz);
+WOLFSSL_API
+int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *priv, unsigned int privSz,
+ unsigned char *sig, unsigned int *sigSz);
+WOLFSSL_API
+int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *pub, unsigned int pubSz,
+ const unsigned char *sig, unsigned int sigSz);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/engine.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,6 @@ +/* engine.h for libcurl */ + +#undef HAVE_OPENSSL_ENGINE_H + + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/err.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,4 @@ +/* err.h for openssl */ +#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings +#define ERR_peek_last_error wolfSSL_ERR_peek_last_error +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/evp.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,271 @@
+/* evp.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* evp.h defines mini evp openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_EVP_H_
+#define WOLFSSL_EVP_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_evp.h"
+#endif
+
+#ifndef NO_MD5
+ #include <wolfssl/openssl/md5.h>
+#endif
+#include <wolfssl/openssl/sha.h>
+#include <wolfssl/openssl/ripemd.h>
+#include <wolfssl/openssl/rsa.h>
+#include <wolfssl/openssl/dsa.h>
+#include <wolfssl/openssl/ec.h>
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/des3.h>
+#include <wolfssl/wolfcrypt/arc4.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef char WOLFSSL_EVP_MD;
+typedef char WOLFSSL_EVP_CIPHER;
+
+#ifndef NO_MD5
+ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
+#endif
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void);
+
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void);
+
+
+typedef union {
+ #ifndef NO_MD5
+ WOLFSSL_MD5_CTX md5;
+ #endif
+ WOLFSSL_SHA_CTX sha;
+ WOLFSSL_SHA256_CTX sha256;
+ #ifdef WOLFSSL_SHA384
+ WOLFSSL_SHA384_CTX sha384;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ WOLFSSL_SHA512_CTX sha512;
+ #endif
+ #ifdef WOLFSSL_RIPEMD
+ WOLFSSL_RIPEMD_CTX ripemd;
+ #endif
+} WOLFSSL_Hasher;
+
+
+typedef struct WOLFSSL_EVP_MD_CTX {
+ unsigned char macType;
+ WOLFSSL_Hasher hash;
+} WOLFSSL_EVP_MD_CTX;
+
+
+typedef union {
+#ifndef NO_AES
+ Aes aes;
+#endif
+#ifndef NO_DES3
+ Des des;
+ Des3 des3;
+#endif
+ Arc4 arc4;
+#ifdef HAVE_IDEA
+ Idea idea;
+#endif
+} WOLFSSL_Cipher;
+
+
+enum {
+ AES_128_CBC_TYPE = 1,
+ AES_192_CBC_TYPE = 2,
+ AES_256_CBC_TYPE = 3,
+ AES_128_CTR_TYPE = 4,
+ AES_192_CTR_TYPE = 5,
+ AES_256_CTR_TYPE = 6,
+ DES_CBC_TYPE = 7,
+ DES_EDE3_CBC_TYPE = 8,
+ ARC4_TYPE = 9,
+ NULL_CIPHER_TYPE = 10,
+ EVP_PKEY_RSA = 11,
+ EVP_PKEY_DSA = 12,
+ EVP_PKEY_EC = 13,
+ IDEA_CBC_TYPE = 14,
+ NID_sha1 = 64,
+ NID_md2 = 3,
+ NID_md5 = 4
+};
+
+
+typedef struct WOLFSSL_EVP_CIPHER_CTX {
+ int keyLen; /* user may set for variable */
+ unsigned char enc; /* if encrypt side, then true */
+ unsigned char cipherType;
+#ifndef NO_AES
+ unsigned char iv[AES_BLOCK_SIZE]; /* working iv pointer into cipher */
+#elif !defined(NO_DES3)
+ unsigned char iv[DES_BLOCK_SIZE]; /* working iv pointer into cipher */
+#endif
+ WOLFSSL_Cipher cipher;
+} WOLFSSL_EVP_CIPHER_CTX;
+
+
+WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md);
+WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx);
+
+WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
+ const WOLFSSL_EVP_MD* type);
+WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
+ unsigned long sz);
+WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
+ unsigned int* s);
+WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
+ unsigned char* md, unsigned int* s);
+#ifndef NO_MD5
+WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*,
+ const WOLFSSL_EVP_MD*, const unsigned char*,
+ const unsigned char*, int, int, unsigned char*,
+ unsigned char*);
+#endif
+
+WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx);
+
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*);
+
+
+WOLFSSL_API int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ const WOLFSSL_EVP_CIPHER* type,
+ unsigned char* key, unsigned char* iv,
+ int enc);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ int keylen);
+WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ unsigned char* dst, unsigned char* src,
+ unsigned int len);
+
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
+
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
+
+/* these next ones don't need real OpenSSL type, for OpenSSH compat only */
+WOLFSSL_API void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx);
+
+WOLFSSL_API void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
+ unsigned char* iv, int len);
+WOLFSSL_API void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
+ unsigned char* iv, int len);
+
+WOLFSSL_API int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
+
+
+/* end OpenSSH compat */
+
+typedef WOLFSSL_EVP_MD EVP_MD;
+typedef WOLFSSL_EVP_CIPHER EVP_CIPHER;
+typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX;
+typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
+
+#ifndef NO_MD5
+ #define EVP_md5 wolfSSL_EVP_md5
+#endif
+#define EVP_sha1 wolfSSL_EVP_sha1
+#define EVP_sha256 wolfSSL_EVP_sha256
+#define EVP_sha384 wolfSSL_EVP_sha384
+#define EVP_sha512 wolfSSL_EVP_sha512
+#define EVP_ripemd160 wolfSSL_EVP_ripemd160
+
+#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc
+#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc
+#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc
+#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr
+#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr
+#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr
+#define EVP_des_cbc wolfSSL_EVP_des_cbc
+#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc
+#define EVP_rc4 wolfSSL_EVP_rc4
+#define EVP_idea_cbc wolfSSL_EVP_idea_cbc
+#define EVP_enc_null wolfSSL_EVP_enc_null
+
+#define EVP_MD_size wolfSSL_EVP_MD_size
+#define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init
+#define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup
+#define EVP_DigestInit wolfSSL_EVP_DigestInit
+#define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate
+#define EVP_DigestFinal wolfSSL_EVP_DigestFinal
+#define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex
+#define EVP_BytesToKey wolfSSL_EVP_BytesToKey
+
+#define EVP_CIPHER_CTX_init wolfSSL_EVP_CIPHER_CTX_init
+#define EVP_CIPHER_CTX_cleanup wolfSSL_EVP_CIPHER_CTX_cleanup
+#define EVP_CIPHER_CTX_iv_length wolfSSL_EVP_CIPHER_CTX_iv_length
+#define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length
+#define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length
+#define EVP_CipherInit wolfSSL_EVP_CipherInit
+#define EVP_Cipher wolfSSL_EVP_Cipher
+
+#define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid
+
+#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA
+#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA
+#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY
+
+
+#ifndef EVP_MAX_MD_SIZE
+ #define EVP_MAX_MD_SIZE 64 /* sha512 */
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_EVP_H_ */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/hmac.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,83 @@
+/* hmac.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* hmac.h defines mini hamc openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_HMAC_H_
+#define WOLFSSL_HMAC_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_hmac.h"
+#endif
+
+#include <wolfssl/openssl/evp.h>
+#include <wolfssl/wolfcrypt/hmac.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md,
+ const void* key, int key_len,
+ const unsigned char* d, int n, unsigned char* md,
+ unsigned int* md_len);
+
+
+typedef struct WOLFSSL_HMAC_CTX {
+ Hmac hmac;
+ int type;
+} WOLFSSL_HMAC_CTX;
+
+
+WOLFSSL_API void wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key,
+ int keylen, const EVP_MD* type);
+WOLFSSL_API void wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx,
+ const unsigned char* data, int len);
+WOLFSSL_API void wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
+ unsigned int* len);
+WOLFSSL_API void wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx);
+
+
+typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
+
+#define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g))
+
+#define HMAC_Init wolfSSL_HMAC_Init
+#define HMAC_Update wolfSSL_HMAC_Update
+#define HMAC_Final wolfSSL_HMAC_Final
+#define HMAC_cleanup wolfSSL_HMAC_cleanup
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_HMAC_H_ */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/include.am Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,40 @@ +# vim:ft=automake +# All paths should be given relative to the root + +nobase_include_HEADERS+= \ + wolfssl/openssl/asn1.h \ + wolfssl/openssl/bio.h \ + wolfssl/openssl/bn.h \ + wolfssl/openssl/conf.h \ + wolfssl/openssl/crypto.h \ + wolfssl/openssl/des.h \ + wolfssl/openssl/dh.h \ + wolfssl/openssl/dsa.h \ + wolfssl/openssl/ecdsa.h \ + wolfssl/openssl/ecdh.h \ + wolfssl/openssl/ec.h \ + wolfssl/openssl/ec25519.h \ + wolfssl/openssl/ed25519.h \ + wolfssl/openssl/engine.h \ + wolfssl/openssl/err.h \ + wolfssl/openssl/evp.h \ + wolfssl/openssl/hmac.h \ + wolfssl/openssl/lhash.h \ + wolfssl/openssl/md4.h \ + wolfssl/openssl/md5.h \ + wolfssl/openssl/ripemd.h \ + wolfssl/openssl/ocsp.h \ + wolfssl/openssl/opensslconf.h \ + wolfssl/openssl/opensslv.h \ + wolfssl/openssl/ossl_typ.h \ + wolfssl/openssl/pem.h \ + wolfssl/openssl/pkcs12.h \ + wolfssl/openssl/rand.h \ + wolfssl/openssl/rsa.h \ + wolfssl/openssl/sha.h \ + wolfssl/openssl/ssl.h \ + wolfssl/openssl/stack.h \ + wolfssl/openssl/ui.h \ + wolfssl/openssl/x509.h \ + wolfssl/openssl/x509v3.h +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/lhash.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,3 @@ +/* lhash.h for openSSL */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/md4.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,2 @@ +/* md4.h for libcurl */ +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/md5.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,43 @@
+/* md5.h for openssl */
+
+
+#ifndef WOLFSSL_MD5_H_
+#define WOLFSSL_MD5_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_MD5
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_md5.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef struct WOLFSSL_MD5_CTX {
+ int holder[24]; /* big enough to hold wolfcrypt md5, but check on init */
+} WOLFSSL_MD5_CTX;
+
+WOLFSSL_API void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
+WOLFSSL_API void wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
+WOLFSSL_API void wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
+
+
+typedef WOLFSSL_MD5_CTX MD5_CTX;
+
+#define MD5_Init wolfSSL_MD5_Init
+#define MD5_Update wolfSSL_MD5_Update
+#define MD5_Final wolfSSL_MD5_Final
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_MD5 */
+
+#endif /* WOLFSSL_MD5_H_ */
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/ocsp.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,2 @@ +/* ocsp.h for libcurl */ +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/opensslconf.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,9 @@ +/* opensslconf.h for openSSL */ + + +#ifndef OPENSSL_THREADS + #define OPENSSL_THREADS +#endif + + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/opensslv.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,21 @@ +/* opensslv.h compatibility */ + +#ifndef WOLFSSL_OPENSSLV_H_ +#define WOLFSSL_OPENSSLV_H_ + + +/* api version compatibility */ +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) + /* version number can be increased for Lighty after compatibility for ECDH + is added */ + #define OPENSSL_VERSION_NUMBER 0x10001000L +#else + #define OPENSSL_VERSION_NUMBER 0x0090810fL +#endif + +#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING + + +#endif /* header */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/ossl_typ.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,3 @@ +/* ossl_typ.h for openssl */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/pem.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,126 @@
+/* pem.h for openssl */
+
+
+#ifndef WOLFSSL_PEM_H_
+#define WOLFSSL_PEM_H_
+
+#include <wolfssl/openssl/evp.h>
+#include <wolfssl/openssl/bio.h>
+#include <wolfssl/openssl/rsa.h>
+#include <wolfssl/openssl/dsa.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+/* RSA */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ unsigned char **pem, int *plen);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x);
+
+WOLFSSL_API
+int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x);
+#endif /* NO_FILESYSTEM */
+
+/* DSA */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_DSA* dsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ unsigned char **pem, int *plen);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x);
+#endif /* NO_FILESYSTEM */
+
+/* ECC */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ unsigned char **pem, int *plen);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key);
+#endif /* NO_FILESYSTEM */
+
+/* EVP_KEY */
+WOLFSSL_API
+WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_EVP_PKEY**,
+ pem_password_cb cb,
+ void* arg);
+WOLFSSL_API
+int wolfSSL_EVP_PKEY_type(int type);
+
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u);
+#endif /* NO_FILESYSTEM */
+
+/* RSA */
+#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey
+#define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey
+#define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY
+#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey
+#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey
+/* DSA */
+#define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey
+#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey
+#define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY
+/* ECC */
+#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey
+#define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY
+#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey
+/* EVP_KEY */
+#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey
+#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY
+#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_PEM_H_ */
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/pkcs12.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,3 @@ +/* pkcs12.h for openssl */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/rand.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,7 @@ +/* rand.h for openSSL */ + +#include <wolfssl/openssl/ssl.h> +#include <wolfssl/wolfcrypt/random.h> + +#define RAND_set_rand_method wolfSSL_RAND_set_rand_method +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/ripemd.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,38 @@
+/* ripemd.h for openssl */
+
+
+#ifndef WOLFSSL_RIPEMD_H_
+#define WOLFSSL_RIPEMD_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef struct WOLFSSL_RIPEMD_CTX {
+ int holder[32]; /* big enough to hold wolfcrypt, but check on init */
+} WOLFSSL_RIPEMD_CTX;
+
+WOLFSSL_API void wolfSSL_RIPEMD_Init(WOLFSSL_RIPEMD_CTX*);
+WOLFSSL_API void wolfSSL_RIPEMD_Update(WOLFSSL_RIPEMD_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API void wolfSSL_RIPEMD_Final(unsigned char*, WOLFSSL_RIPEMD_CTX*);
+
+
+typedef WOLFSSL_RIPEMD_CTX RIPEMD_CTX;
+
+#define RIPEMD_Init wolfSSL_RIPEMD_Init
+#define RIPEMD_Update wolfSSL_RIPEMD_Update
+#define RIPEMD_Final wolfSSL_RIPEMD_Final
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_MD5_H_ */
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/rsa.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,83 @@
+/* rsa.h for openSSL */
+
+
+#ifndef WOLFSSL_RSA_H_
+#define WOLFSSL_RSA_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+enum {
+ RSA_PKCS1_PADDING = 1
+ };
+
+/* rsaTypes */
+enum {
+ NID_sha256 = 672,
+ NID_sha384 = 673,
+ NID_sha512 = 674
+};
+
+struct WOLFSSL_RSA {
+ WOLFSSL_BIGNUM* n;
+ WOLFSSL_BIGNUM* e;
+ WOLFSSL_BIGNUM* d;
+ WOLFSSL_BIGNUM* p;
+ WOLFSSL_BIGNUM* q;
+ WOLFSSL_BIGNUM* dmp1; /* dP */
+ WOLFSSL_BIGNUM* dmq1; /* dQ */
+ WOLFSSL_BIGNUM* iqmp; /* u */
+ void* internal; /* our RSA */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+};
+
+
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
+WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA*);
+
+WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*,
+ void* cb);
+
+WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
+ unsigned char* to, WOLFSSL_RSA*, int padding);
+WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
+ unsigned char* to, WOLFSSL_RSA*, int padding);
+
+WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
+ unsigned int mLen, unsigned char* sigRet,
+ unsigned int* sigLen, WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
+ unsigned char* to, WOLFSSL_RSA*, int padding);
+WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
+
+
+#define RSA_new wolfSSL_RSA_new
+#define RSA_free wolfSSL_RSA_free
+
+#define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex
+
+#define RSA_blinding_on wolfSSL_RSA_blinding_on
+#define RSA_public_encrypt wolfSSL_RSA_public_encrypt
+#define RSA_private_decrypt wolfSSL_RSA_private_decrypt
+
+#define RSA_size wolfSSL_RSA_size
+#define RSA_sign wolfSSL_RSA_sign
+#define RSA_public_decrypt wolfSSL_RSA_public_decrypt
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* header */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/sha.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,126 @@
+/* sha.h for openssl */
+
+
+#ifndef WOLFSSL_SHA_H_
+#define WOLFSSL_SHA_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_sha.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef struct WOLFSSL_SHA_CTX {
+ int holder[24]; /* big enough to hold wolfcrypt sha, but check on init */
+} WOLFSSL_SHA_CTX;
+
+WOLFSSL_API void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
+WOLFSSL_API void wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
+WOLFSSL_API void wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
+
+/* SHA1 points to above, shouldn't use SHA0 ever */
+WOLFSSL_API void wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
+WOLFSSL_API void wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
+WOLFSSL_API void wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
+
+enum {
+ SHA_DIGEST_LENGTH = 20
+};
+
+
+typedef WOLFSSL_SHA_CTX SHA_CTX;
+
+#define SHA_Init wolfSSL_SHA_Init
+#define SHA_Update wolfSSL_SHA_Update
+#define SHA_Final wolfSSL_SHA_Final
+
+#define SHA1_Init wolfSSL_SHA1_Init
+#define SHA1_Update wolfSSL_SHA1_Update
+#define SHA1_Final wolfSSL_SHA1_Final
+
+
+typedef struct WOLFSSL_SHA256_CTX {
+ int holder[28]; /* big enough to hold wolfcrypt sha, but check on init */
+} WOLFSSL_SHA256_CTX;
+
+WOLFSSL_API void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
+WOLFSSL_API void wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API void wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
+
+enum {
+ SHA256_DIGEST_LENGTH = 32
+};
+
+
+typedef WOLFSSL_SHA256_CTX SHA256_CTX;
+
+#define SHA256_Init wolfSSL_SHA256_Init
+#define SHA256_Update wolfSSL_SHA256_Update
+#define SHA256_Final wolfSSL_SHA256_Final
+
+
+#ifdef WOLFSSL_SHA384
+
+typedef struct WOLFSSL_SHA384_CTX {
+ long long holder[32]; /* big enough, but check on init */
+} WOLFSSL_SHA384_CTX;
+
+WOLFSSL_API void wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*);
+WOLFSSL_API void wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API void wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*);
+
+enum {
+ SHA384_DIGEST_LENGTH = 48
+};
+
+
+typedef WOLFSSL_SHA384_CTX SHA384_CTX;
+
+#define SHA384_Init wolfSSL_SHA384_Init
+#define SHA384_Update wolfSSL_SHA384_Update
+#define SHA384_Final wolfSSL_SHA384_Final
+
+#endif /* WOLFSSL_SHA384 */
+
+#ifdef WOLFSSL_SHA512
+
+typedef struct WOLFSSL_SHA512_CTX {
+ long long holder[36]; /* big enough, but check on init */
+} WOLFSSL_SHA512_CTX;
+
+WOLFSSL_API void wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
+WOLFSSL_API void wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API void wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
+
+enum {
+ SHA512_DIGEST_LENGTH = 64
+};
+
+
+typedef WOLFSSL_SHA512_CTX SHA512_CTX;
+
+#define SHA512_Init wolfSSL_SHA512_Init
+#define SHA512_Update wolfSSL_SHA512_Update
+#define SHA512_Final wolfSSL_SHA512_Final
+
+#endif /* WOLFSSL_SHA512 */
+
+
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_SHA_H_ */
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/openssl/ssl.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,512 @@
+/* ssl.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* ssl.h defines wolfssl_openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_OPENSSL_H_
+#define WOLFSSL_OPENSSL_H_
+
+/* wolfssl_openssl compatibility layer */
+#include <wolfssl/ssl.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef _WIN32
+ /* wincrypt.h clashes */
+ #undef X509_NAME
+#endif
+
+
+typedef WOLFSSL SSL;
+typedef WOLFSSL_SESSION SSL_SESSION;
+typedef WOLFSSL_METHOD SSL_METHOD;
+typedef WOLFSSL_CTX SSL_CTX;
+
+typedef WOLFSSL_X509 X509;
+typedef WOLFSSL_X509_NAME X509_NAME;
+typedef WOLFSSL_X509_CHAIN X509_CHAIN;
+
+
+/* redeclare guard */
+#define WOLFSSL_TYPES_DEFINED
+
+
+typedef WOLFSSL_EVP_PKEY EVP_PKEY;
+typedef WOLFSSL_RSA RSA;
+typedef WOLFSSL_DSA DSA;
+typedef WOLFSSL_EC_KEY EC_KEY;
+typedef WOLFSSL_EC_GROUP EC_GROUP;
+typedef WOLFSSL_EC_POINT EC_POINT;
+typedef WOLFSSL_ECDSA_SIG ECDSA_SIG;
+typedef WOLFSSL_BIO BIO;
+typedef WOLFSSL_BIO_METHOD BIO_METHOD;
+typedef WOLFSSL_CIPHER SSL_CIPHER;
+typedef WOLFSSL_X509_LOOKUP X509_LOOKUP;
+typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
+typedef WOLFSSL_X509_CRL X509_CRL;
+typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
+typedef WOLFSSL_ASN1_TIME ASN1_TIME;
+typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER;
+typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT;
+typedef WOLFSSL_ASN1_STRING ASN1_STRING;
+typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
+
+#define ASN1_UTCTIME WOLFSSL_ASN1_TIME
+
+typedef WOLFSSL_MD4_CTX MD4_CTX;
+typedef WOLFSSL_COMP_METHOD COMP_METHOD;
+typedef WOLFSSL_X509_STORE X509_STORE;
+typedef WOLFSSL_X509_REVOKED X509_REVOKED;
+typedef WOLFSSL_X509_OBJECT X509_OBJECT;
+typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
+
+#define SSL_get_cipher_list(ctx,i) wolfSSL_get_cipher_list((i))
+#define SSL_get_cipher_name(ctx) wolfSSL_get_cipher((ctx))
+#define SSL_get_shared_ciphers(ctx,buf,len) \
+ strncpy(buf, "Not Implemented, SSLv2 only", len)
+
+/* @TODO */
+#define ERR_print_errors_fp(file)
+
+/* at the moment only returns ok */
+#define SSL_get_verify_result(ctx) X509_V_OK
+#define SSL_get_verify_mode wolfSSL_SSL_get_mode
+#define SSL_get_verify_depth wolfSSL_get_verify_depth
+#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode
+#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth
+#define SSL_get_certificate(ctx) 0 /* used to pass to get_privatekey */
+
+#define SSLv3_server_method wolfSSLv3_server_method
+#define SSLv3_client_method wolfSSLv3_client_method
+#define TLSv1_server_method wolfTLSv1_server_method
+#define TLSv1_client_method wolfTLSv1_client_method
+#define TLSv1_1_server_method wolfTLSv1_1_server_method
+#define TLSv1_1_client_method wolfTLSv1_1_client_method
+#define TLSv1_2_server_method wolfTLSv1_2_server_method
+#define TLSv1_2_client_method wolfTLSv1_2_client_method
+
+#ifdef WOLFSSL_DTLS
+ #define DTLSv1_client_method wolfDTLSv1_client_method
+ #define DTLSv1_server_method wolfDTLSv1_server_method
+ #define DTLSv1_2_client_method wolfDTLSv1_2_client_method
+ #define DTLSv1_2_server_method wolfDTLSv1_2_server_method
+#endif
+
+
+#ifndef NO_FILESYSTEM
+ #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file
+ #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file
+ #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations
+ #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
+ #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file
+
+ #define SSL_use_certificate_file wolfSSL_use_certificate_file
+ #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file
+ #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file
+ #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file
+#endif
+
+#define SSL_CTX_new wolfSSL_CTX_new
+#define SSL_new wolfSSL_new
+#define SSL_set_fd wolfSSL_set_fd
+#define SSL_get_fd wolfSSL_get_fd
+#define SSL_connect wolfSSL_connect
+#define SSL_clear wolfSSL_clear
+
+#define SSL_write wolfSSL_write
+#define SSL_read wolfSSL_read
+#define SSL_peek wolfSSL_peek
+#define SSL_accept wolfSSL_accept
+#define SSL_CTX_free wolfSSL_CTX_free
+#define SSL_free wolfSSL_free
+#define SSL_shutdown wolfSSL_shutdown
+
+#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown
+#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown
+#define SSL_get_error wolfSSL_get_error
+#define SSL_set_session wolfSSL_set_session
+#define SSL_get_session wolfSSL_get_session
+#define SSL_flush_sessions wolfSSL_flush_sessions
+/* assume unlimited temporarily */
+#define SSL_CTX_get_session_cache_mode(ctx) 0
+
+#define SSL_CTX_set_verify wolfSSL_CTX_set_verify
+#define SSL_set_verify wolfSSL_set_verify
+#define SSL_pending wolfSSL_pending
+#define SSL_load_error_strings wolfSSL_load_error_strings
+#define SSL_library_init wolfSSL_library_init
+#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode
+#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list
+#define SSL_set_cipher_list wolfSSL_set_cipher_list
+
+#define ERR_error_string wolfSSL_ERR_error_string
+#define ERR_error_string_n wolfSSL_ERR_error_string_n
+#define ERR_reason_error_string wolfSSL_ERR_reason_error_string
+
+#define SSL_set_ex_data wolfSSL_set_ex_data
+#define SSL_get_shutdown wolfSSL_get_shutdown
+#define SSL_set_rfd wolfSSL_set_rfd
+#define SSL_set_wfd wolfSSL_set_wfd
+#define SSL_set_shutdown wolfSSL_set_shutdown
+#define SSL_set_session_id_context wolfSSL_set_session_id_context
+#define SSL_set_connect_state wolfSSL_set_connect_state
+#define SSL_set_accept_state wolfSSL_set_accept_state
+#define SSL_session_reused wolfSSL_session_reused
+#define SSL_SESSION_free wolfSSL_SESSION_free
+#define SSL_is_init_finished wolfSSL_is_init_finished
+
+#define SSL_get_version wolfSSL_get_version
+#define SSL_get_current_cipher wolfSSL_get_current_cipher
+#define SSL_get_cipher wolfSSL_get_cipher
+#define SSL_CIPHER_description wolfSSL_CIPHER_description
+#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name
+#define SSL_get1_session wolfSSL_get1_session
+
+#define SSL_get_keyblock_size wolfSSL_get_keyblock_size
+#define SSL_get_keys wolfSSL_get_keys
+
+#define X509_free wolfSSL_X509_free
+#define OPENSSL_free wolfSSL_OPENSSL_free
+
+#define OCSP_parse_url wolfSSL_OCSP_parse_url
+#define SSLv23_client_method wolfSSLv23_client_method
+#define SSLv2_client_method wolfSSLv2_client_method
+#define SSLv2_server_method wolfSSLv2_server_method
+
+#define MD4_Init wolfSSL_MD4_Init
+#define MD4_Update wolfSSL_MD4_Update
+#define MD4_Final wolfSSL_MD4_Final
+
+#define BIO_new wolfSSL_BIO_new
+#define BIO_free wolfSSL_BIO_free
+#define BIO_free_all wolfSSL_BIO_free_all
+#define BIO_read wolfSSL_BIO_read
+#define BIO_write wolfSSL_BIO_write
+#define BIO_push wolfSSL_BIO_push
+#define BIO_pop wolfSSL_BIO_pop
+#define BIO_flush wolfSSL_BIO_flush
+#define BIO_pending wolfSSL_BIO_pending
+
+#define BIO_get_mem_data wolfSSL_BIO_get_mem_data
+#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf
+
+#define BIO_f_buffer wolfSSL_BIO_f_buffer
+#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size
+#define BIO_f_ssl wolfSSL_BIO_f_ssl
+#define BIO_new_socket wolfSSL_BIO_new_socket
+#define SSL_set_bio wolfSSL_set_bio
+#define BIO_eof wolfSSL_BIO_eof
+#define BIO_set_ss wolfSSL_BIO_set_ss
+
+#define BIO_s_mem wolfSSL_BIO_s_mem
+#define BIO_f_base64 wolfSSL_BIO_f_base64
+#define BIO_set_flags wolfSSL_BIO_set_flags
+
+#define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms
+#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms
+#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms
+
+#define RAND_screen wolfSSL_RAND_screen
+#define RAND_file_name wolfSSL_RAND_file_name
+#define RAND_write_file wolfSSL_RAND_write_file
+#define RAND_load_file wolfSSL_RAND_load_file
+#define RAND_egd wolfSSL_RAND_egd
+#define RAND_seed wolfSSL_RAND_seed
+#define RAND_add wolfSSL_RAND_add
+
+#define COMP_zlib wolfSSL_COMP_zlib
+#define COMP_rle wolfSSL_COMP_rle
+#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
+
+#define SSL_get_ex_new_index wolfSSL_get_ex_new_index
+
+#define CRYPTO_set_id_callback wolfSSL_set_id_callback
+#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback
+#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback
+#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback
+#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback
+#define CRYPTO_num_locks wolfSSL_num_locks
+
+#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
+#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
+#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
+
+#define X509_NAME_oneline wolfSSL_X509_NAME_oneline
+#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
+#define X509_get_subject_name wolfSSL_X509_get_subject_name
+#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string
+
+#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
+#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file
+#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir
+#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file
+
+#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
+#define X509_STORE_new wolfSSL_X509_STORE_new
+#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
+#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
+#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup
+
+#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
+#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
+
+#define X509_get_pubkey wolfSSL_X509_get_pubkey
+#define X509_CRL_verify wolfSSL_X509_CRL_verify
+#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error
+#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
+#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
+#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
+#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num
+#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
+#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
+#define X509_get_notBefore(cert) (ASN1_TIME*)wolfSSL_X509_notBefore((cert))
+#define X509_get_notAfter(cert) (ASN1_TIME*)wolfSSL_X509_notAfter((cert))
+
+
+#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
+
+#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
+
+#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
+#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
+
+#define SSL_load_client_CA_file wolfSSL_load_client_CA_file
+
+#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list
+#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data
+#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data wolfSSL_get_ex_data
+
+#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
+#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
+
+#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
+#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
+
+#define ERR_peek_error wolfSSL_ERR_peek_error
+#define ERR_GET_REASON wolfSSL_ERR_GET_REASON
+
+#define SSL_alert_type_string wolfSSL_alert_type_string
+#define SSL_alert_desc_string wolfSSL_alert_desc_string
+#define SSL_state_string wolfSSL_state_string
+
+#define RSA_free wolfSSL_RSA_free
+#define RSA_generate_key wolfSSL_RSA_generate_key
+#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
+
+#define PEM_def_callback wolfSSL_PEM_def_callback
+
+#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept
+#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect
+#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good
+#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good
+#define SSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate
+#define SSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate
+#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits
+#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits
+#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full
+#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses
+#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts
+#define SSL_CTX_sess_number wolfSSL_CTX_sess_number
+#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size
+
+
+#define SSL_DEFAULT_CIPHER_LIST WOLFSSL_DEFAULT_CIPHER_LIST
+#define RSA_F4 WOLFSSL_RSA_F4
+
+#define SSL_CTX_set_psk_client_callback wolfSSL_CTX_set_psk_client_callback
+#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback
+
+#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint
+#define SSL_get_psk_identity wolfSSL_get_psk_identity
+
+#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint
+#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint
+
+#define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback
+#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback
+
+#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data
+
+#define ERR_get_error wolfSSL_ERR_get_error
+#define ERR_clear_error wolfSSL_ERR_clear_error
+
+#define RAND_status wolfSSL_RAND_status
+#define RAND_bytes wolfSSL_RAND_bytes
+#define SSLv23_server_method wolfSSLv23_server_method
+#define SSL_CTX_set_options wolfSSL_CTX_set_options
+#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key
+
+#define ERR_free_strings wolfSSL_ERR_free_strings
+#define ERR_remove_state wolfSSL_ERR_remove_state
+#define EVP_cleanup wolfSSL_EVP_cleanup
+
+#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data
+#define SSL_CTX_set_mode wolfSSL_CTX_set_mode
+#define SSL_CTX_get_mode wolfSSL_CTX_get_mode
+#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead
+
+#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size
+#define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
+
+#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context
+#define SSL_get_peer_certificate wolfSSL_get_peer_certificate
+
+#define SSL_want_read wolfSSL_want_read
+#define SSL_want_write wolfSSL_want_write
+
+#define BIO_prf wolfSSL_BIO_prf
+#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr
+
+#define sk_num wolfSSL_sk_num
+#define sk_value wolfSSL_sk_value
+
+#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data
+#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data
+#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb
+#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb
+#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb
+
+#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION
+#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION
+#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout
+#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout
+#define SSL_SESSION_get_time wolfSSL_SESSION_get_time
+#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index
+
+/* yassl had set the default to be 500 */
+#define SSL_get_default_timeout(ctx) 500
+
+/* Lighthttp compatibility */
+
+#ifdef HAVE_LIGHTY
+typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
+
+#define SSL_CB_HANDSHAKE_START 0x10
+#define X509_NAME_free wolfSSL_X509_NAME_free
+#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
+#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
+#define BIO_read_filename wolfSSL_BIO_read_filename
+#define BIO_s_file wolfSSL_BIO_s_file
+#define OBJ_nid2sn wolf_OBJ_nid2sn
+#define OBJ_obj2nid wolf_OBJ_obj2nid
+#define OBJ_sn2nid wolf_OBJ_sn2nid
+#define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509
+#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
+#define SSL_get_app_data wolfSSL_get_app_data
+#define SSL_set_app_data wolfSSL_set_app_data
+#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
+#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
+#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry
+#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free
+#define SHA1 wolfSSL_SHA1
+#define X509_check_private_key wolfSSL_X509_check_private_key
+#define SSL_dup_CA_list wolfSSL_dup_CA_list
+
+#endif
+
+#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
+
+#define OBJ_nid2ln wolf_OBJ_nid2ln
+#define OBJ_txt2nid wolf_OBJ_txt2nid
+#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
+#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
+#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
+#define BIO_new_file wolfSSL_BIO_new_file
+
+
+#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
+
+#ifdef HAVE_STUNNEL
+#include <wolfssl/openssl/asn1.h>
+
+/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/
+#define SSL_CB_ACCEPT_LOOP 0x2001
+#define SSL2_VERSION 0x0002
+#define SSL3_VERSION 0x0300
+#define TLS1_VERSION 0x0301
+#define DTLS1_VERSION 0xFEFF
+#define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000)
+#define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000)
+#define ASN1_STRFLGS_ESC_MSB 4
+#define X509_V_ERR_CERT_REJECTED 28
+
+#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long
+#define SSL_alert_type_string_long wolfSSL_alert_type_string_long
+#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits
+#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num
+#define sk_X509_num wolfSSL_sk_X509_num
+#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
+#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
+#define SSL_CTX_get_options wolfSSL_CTX_get_options
+
+#define SSL_CTX_flush_sessions wolfSSL_flush_sessions
+#define SSL_CTX_add_session wolfSSL_CTX_add_session
+#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
+#define SSL_version wolfSSL_version
+#define SSL_get_state wolfSSL_get_state
+#define SSL_state_string_long wolfSSL_state_string_long
+#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain
+#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value
+#define sk_X509_value wolfSSL_sk_X509_value
+#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data
+#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data
+#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index
+#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
+#define CRYPTO_dynlock_value WOLFSSL_dynlock_value
+typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
+#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs
+#define sk_X509_pop_free wolfSSL_sk_X509_pop_free
+
+#define SSL_TLSEXT_ERR_OK 0
+#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
+#define SSL_TLSEXT_ERR_NOACK alert_warning
+#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME
+
+#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
+#define SSL_get_servername wolfSSL_get_servername
+#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX
+#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback
+#define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_servername_callback
+#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg
+
+#define PSK_MAX_PSK_LEN 256
+#define PSK_MAX_IDENTITY_LEN 128
+#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state
+#define SSL_CTX_clear_options wolfSSL_CTX_clear_options
+
+
+#endif /* HAVE_STUNNEL */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* wolfSSL_openssl_h__ */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/stack.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,3 @@ +/* stack.h for openssl */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/ui.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,3 @@ +/* ui.h for openssl */ + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/x509.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,4 @@ +/* x509.h for openssl */ + +#include <wolfssl/openssl/ssl.h> +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfssl/openssl/x509v3.h Thu Apr 28 00:56:55 2016 +0000 @@ -0,0 +1,3 @@ +/* x509v3.h for openssl */ + +
--- a/wolfssl/options.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,91 +0,0 @@
-/* wolfssl options.h
- * generated from configure options
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef WOLFSSL_OPTIONS_IGNORE_SYS
-#undef _POSIX_THREADS
-#define _POSIX_THREADS
-#endif
-
-#undef HAVE_THREAD_LS
-#define HAVE_THREAD_LS
-
-#ifndef WOLFSSL_OPTIONS_IGNORE_SYS
-#undef _THREAD_SAFE
-#define _THREAD_SAFE
-#endif
-
-#undef HAVE_AESGCM
-#define HAVE_AESGCM
-
-#undef WOLFSSL_SHA512
-#define WOLFSSL_SHA512
-
-#undef WOLFSSL_SHA384
-#define WOLFSSL_SHA384
-
-#undef NO_DSA
-#define NO_DSA
-
-#undef HAVE_ECC
-#define HAVE_ECC
-
-#undef TFM_ECC256
-#define TFM_ECC256
-
-#undef ECC_SHAMIR
-#define ECC_SHAMIR
-
-#undef NO_PSK
-#define NO_PSK
-
-#undef NO_RC4
-#define NO_RC4
-
-#undef NO_MD4
-#define NO_MD4
-
-#undef NO_HC128
-#define NO_HC128
-
-#undef NO_RABBIT
-#define NO_RABBIT
-
-#undef HAVE_POLY1305
-#define HAVE_POLY1305
-
-#undef HAVE_ONE_TIME_AUTH
-#define HAVE_ONE_TIME_AUTH
-
-#undef HAVE_CHACHA
-#define HAVE_CHACHA
-
-#undef HAVE_HASHDRBG
-#define HAVE_HASHDRBG
-
-#undef NO_PWDBASED
-#define NO_PWDBASED
-
-#undef USE_FAST_MATH
-#define USE_FAST_MATH
-
-#undef WOLFSSL_X86_64_BUILD
-#define WOLFSSL_X86_64_BUILD
-
-
-#ifdef __cplusplus
-}
-#endif
-
-
--- a/wolfssl/sniffer.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,83 +0,0 @@
-/* sniffer.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLFSSL_SNIFFER_H
-#define WOLFSSL_SNIFFER_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef _WIN32
- #ifdef SSL_SNIFFER_EXPORTS
- #define SSL_SNIFFER_API __declspec(dllexport)
- #else
- #define SSL_SNIFFER_API __declspec(dllimport)
- #endif
-#else
- #define SSL_SNIFFER_API
-#endif /* _WIN32 */
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* @param typeK: (formerly keyType) was shadowing a global declaration in
- * wolfssl/wolfcrypt/asn.h line 175
- */
-WOLFSSL_API
-SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port,
- const char* keyFile, int typeK,
- const char* password, char* error);
-
-WOLFSSL_API
-SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
- const char* address, int port,
- const char* keyFile, int typeK,
- const char* password, char* error);
-
-WOLFSSL_API
-SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
- unsigned char* data, char* error);
-
-WOLFSSL_API
-SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error);
-
-
-WOLFSSL_API void ssl_InitSniffer(void);
-
-WOLFSSL_API void ssl_FreeSniffer(void);
-
-
-/* ssl_SetPrivateKey typeKs */
-enum {
- FILETYPE_PEM = 1,
- FILETYPE_DER = 2,
-};
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* wolfSSL_SNIFFER_H */
-
-
--- a/wolfssl/sniffer_error.h Tue Jul 21 11:37:09 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,115 +0,0 @@ -/* sniffer_error.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - - -#ifndef WOLFSSL_SNIFFER_ERROR_H -#define WOLFSSL_SNIFFER_ERROR_H - -/* need to have errors as #defines since .rc files can't handle enums */ -/* need to start at 1 and go in order for same reason */ - -#define MEMORY_STR 1 -#define NEW_SERVER_STR 2 -#define IP_CHECK_STR 3 -#define SERVER_NOT_REG_STR 4 -#define TCP_CHECK_STR 5 -#define SERVER_PORT_NOT_REG_STR 6 -#define RSA_DECRYPT_STR 7 -#define RSA_DECODE_STR 8 -#define BAD_CIPHER_SPEC_STR 9 -#define SERVER_HELLO_INPUT_STR 10 - -#define BAD_SESSION_RESUME_STR 11 -#define SERVER_DID_RESUMPTION_STR 12 -#define CLIENT_HELLO_INPUT_STR 13 -#define CLIENT_RESUME_TRY_STR 14 -#define HANDSHAKE_INPUT_STR 15 -#define GOT_HELLO_VERIFY_STR 16 -#define GOT_SERVER_HELLO_STR 17 -#define GOT_CERT_REQ_STR 18 -#define GOT_SERVER_KEY_EX_STR 19 -#define GOT_CERT_STR 20 - -#define GOT_SERVER_HELLO_DONE_STR 21 -#define GOT_FINISHED_STR 22 -#define GOT_CLIENT_HELLO_STR 23 -#define GOT_CLIENT_KEY_EX_STR 24 -#define GOT_CERT_VER_STR 25 -#define GOT_UNKNOWN_HANDSHAKE_STR 26 -#define NEW_SESSION_STR 27 -#define BAD_NEW_SSL_STR 28 -#define GOT_PACKET_STR 29 -#define NO_DATA_STR 30 - -#define BAD_SESSION_STR 31 -#define GOT_OLD_CLIENT_HELLO_STR 32 -#define OLD_CLIENT_INPUT_STR 33 -#define OLD_CLIENT_OK_STR 34 -#define BAD_OLD_CLIENT_STR 35 -#define BAD_RECORD_HDR_STR 36 -#define RECORD_INPUT_STR 37 -#define GOT_HANDSHAKE_STR 38 -#define BAD_HANDSHAKE_STR 39 -#define GOT_CHANGE_CIPHER_STR 40 - -#define GOT_APP_DATA_STR 41 -#define BAD_APP_DATA_STR 42 -#define GOT_ALERT_STR 43 -#define ANOTHER_MSG_STR 44 -#define REMOVE_SESSION_STR 45 -#define KEY_FILE_STR 46 -#define BAD_IPVER_STR 47 -#define BAD_PROTO_STR 48 -#define PACKET_HDR_SHORT_STR 49 -#define GOT_UNKNOWN_RECORD_STR 50 - -#define BAD_TRACE_FILE_STR 51 -#define FATAL_ERROR_STR 52 -#define PARTIAL_INPUT_STR 53 -#define BUFFER_ERROR_STR 54 -#define PARTIAL_ADD_STR 55 -#define DUPLICATE_STR 56 -#define OUT_OF_ORDER_STR 57 -#define OVERLAP_DUPLICATE_STR 58 -#define OVERLAP_REASSEMBLY_BEGIN_STR 59 -#define OVERLAP_REASSEMBLY_END_STR 60 - -#define MISSED_CLIENT_HELLO_STR 61 -#define GOT_HELLO_REQUEST_STR 62 -#define GOT_SESSION_TICKET_STR 63 -#define BAD_INPUT_STR 64 -#define BAD_DECRYPT_TYPE 65 -#define BAD_FINISHED_MSG 66 -#define BAD_COMPRESSION_STR 67 -#define BAD_DERIVE_STR 68 -#define ACK_MISSED_STR 69 -#define BAD_DECRYPT 70 - -#define DECRYPT_KEYS_NOT_SETUP 71 -#define CLIENT_HELLO_LATE_KEY_STR 72 -#define GOT_CERT_STATUS_STR 73 -#define RSA_KEY_MISSING_STR 74 -/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ - - -#endif /* wolfSSL_SNIFFER_ERROR_H */ - -
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/sniffer_error.rc Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,103 @@
+
+STRINGTABLE
+{
+ 1, "Out of Memory"
+ 2, "New SSL Sniffer Server Registered"
+ 3, "Checking IP Header"
+ 4, "SSL Sniffer Server Not Registered"
+ 5, "Checking TCP Header"
+
+ 6, "SSL Sniffer Server Port Not Registered"
+ 7, "RSA Private Decrypt Error"
+ 8, "RSA Private Decode Error"
+ 9, "Set Cipher Spec Error"
+ 10, "Server Hello Input Malformed"
+
+ 11, "Couldn't Resume Session Error"
+ 12, "Server Did Resumption"
+ 13, "Client Hello Input Malformed"
+ 14, "Client Trying to Resume"
+ 15, "Handshake Input Malformed"
+
+ 16, "Got Hello Verify msg"
+ 17, "Got Server Hello msg"
+ 18, "Got Cert Request msg"
+ 19, "Got Server Key Exchange msg"
+ 20, "Got Cert msg"
+
+ 21, "Got Server Hello Done msg"
+ 22, "Got Finished msg"
+ 23, "Got Client Hello msg"
+ 24, "Got Client Key Exchange msg"
+ 25, "Got Cert Verify msg"
+
+ 26, "Got Unknown Handshake msg"
+ 27, "New SSL Sniffer Session created"
+ 28, "Couldn't create new SSL"
+ 29, "Got a Packet to decode"
+ 30, "No data present"
+
+ 31, "Session Not Found"
+ 32, "Got an Old Client Hello msg"
+ 33, "Old Client Hello Input Malformed"
+ 34, "Old Client Hello OK"
+ 35, "Bad Old Client Hello"
+
+ 36, "Bad Record Header"
+ 37, "Record Header Input Malformed"
+ 38, "Got a HandShake msg"
+ 39, "Bad HandShake msg"
+ 40, "Got a Change Cipher Spec msg"
+
+ 41, "Got Application Data msg"
+ 42, "Bad Application Data"
+ 43, "Got an Alert msg"
+ 44, "Another msg to Process"
+ 45, "Removing Session From Table"
+
+ 46, "Bad Key File"
+ 47, "Wrong IP Version"
+ 48, "Wrong Protocol type"
+ 49, "Packet Short for header processing"
+ 50, "Got Unknown Record Type"
+
+ 51, "Can't Open Trace File"
+ 52, "Session in Fatal Error State"
+ 53, "Partial SSL record received"
+ 54, "Buffer Error, malformed input"
+ 55, "Added to Partial Input"
+
+ 56, "Received a Duplicate Packet"
+ 57, "Received an Out of Order Packet"
+ 58, "Received an Overlap Duplicate Packet"
+ 59, "Received an Overlap Reassembly Begin Duplicate Packet"
+ 60, "Received an Overlap Reassembly End Duplicate Packet"
+
+ 61, "Missed the Client Hello Entirely"
+ 62, "Got Hello Request msg"
+ 63, "Got Session Ticket msg"
+ 64, "Bad Input"
+ 65, "Bad Decrypt Type"
+
+ 66, "Bad Finished Message Processing"
+ 67, "Bad Compression Type"
+ 68, "Bad DeriveKeys Error"
+ 69, "Saw ACK for Missing Packet Error"
+ 70, "Bad Decrypt Operation"
+
+ 71, "Decrypt Keys Not Set Up"
+ 72, "Late Key Load Error"
+ 73, "Got Certificate Status msg"
+ 74, "RSA Key Missing Error"
+ 75, "Secure Renegotiation Not Supported"
+
+ 76, "Get Session Stats Failure"
+ 77, "Reassembly Buffer Size Exceeded"
+ 78, "Dropping Lost Fragment"
+ 79, "Dropping Partial Record"
+ 80, "Clear ACK Fault"
+
+ 81, "Bad Decrypt Size"
+}
+
+
--- a/wolfssl/ssl.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1465 +0,0 @@
-/* ssl.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/* wolfSSL API */
-
-#ifndef WOLFSSL_SSL_H
-#define WOLFSSL_SSL_H
-
-
-/* for users not using preprocessor flags*/
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-
-#ifndef NO_FILESYSTEM
- #ifdef FREESCALE_MQX
- #include <fio.h>
- #else
- #include <stdio.h> /* ERR_printf */
- #endif
-#endif
-
-#ifdef WOLFSSL_PREFIX
- #include "prefix_ssl.h"
-#endif
-
-#ifdef LIBWOLFSSL_VERSION_STRING
- #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING
-#endif
-
-#ifdef _WIN32
- /* wincrypt.h clashes */
- #undef OCSP_REQUEST
- #undef OCSP_RESPONSE
-#endif
-
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-typedef struct WOLFSSL WOLFSSL;
-typedef struct WOLFSSL_SESSION WOLFSSL_SESSION;
-typedef struct WOLFSSL_METHOD WOLFSSL_METHOD;
-typedef struct WOLFSSL_CTX WOLFSSL_CTX;
-
-typedef struct WOLFSSL_X509 WOLFSSL_X509;
-typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME;
-typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
-
-typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
-typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
-
-/* redeclare guard */
-#define WOLFSSL_TYPES_DEFINED
-
-
-typedef struct WOLFSSL_RSA WOLFSSL_RSA;
-typedef struct WOLFSSL_DSA WOLFSSL_DSA;
-typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER;
-typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP;
-typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
-typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL;
-typedef struct WOLFSSL_BIO WOLFSSL_BIO;
-typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
-typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
-typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME;
-typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER;
-typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
-typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
-typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
-
-#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
-
-typedef struct WOLFSSL_EVP_PKEY {
- int type; /* openssh dereference */
- int save_type; /* openssh dereference */
- int pkey_sz;
- union {
- char* ptr;
- } pkey;
- #ifdef HAVE_ECC
- int pkey_curve;
- #endif
-} WOLFSSL_EVP_PKEY;
-
-typedef struct WOLFSSL_MD4_CTX {
- int buffer[32]; /* big enough to hold, check size in Init */
-} WOLFSSL_MD4_CTX;
-
-
-typedef struct WOLFSSL_COMP_METHOD {
- int type; /* stunnel dereference */
-} WOLFSSL_COMP_METHOD;
-
-
-typedef struct WOLFSSL_X509_STORE {
- int cache; /* stunnel dereference */
- WOLFSSL_CERT_MANAGER* cm;
-} WOLFSSL_X509_STORE;
-
-typedef struct WOLFSSL_ALERT {
- int code;
- int level;
-} WOLFSSL_ALERT;
-
-typedef struct WOLFSSL_ALERT_HISTORY {
- WOLFSSL_ALERT last_rx;
- WOLFSSL_ALERT last_tx;
-} WOLFSSL_ALERT_HISTORY;
-
-typedef struct WOLFSSL_X509_REVOKED {
- WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
-} WOLFSSL_X509_REVOKED;
-
-
-typedef struct WOLFSSL_X509_OBJECT {
- union {
- char* ptr;
- WOLFSSL_X509_CRL* crl; /* stunnel dereference */
- } data;
-} WOLFSSL_X509_OBJECT;
-
-
-typedef struct WOLFSSL_X509_STORE_CTX {
- WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
- WOLFSSL_X509* current_cert; /* stunnel dereference */
- char* domain; /* subject CN domain name */
- void* ex_data; /* external data, for fortress build */
- void* userCtx; /* user ctx */
- int error; /* current error */
- int error_depth; /* cert depth for this error */
- int discardSessionCerts; /* so verify callback can flag for discard */
-} WOLFSSL_X509_STORE_CTX;
-
-
-/* Valid Alert types from page 16/17 */
-enum AlertDescription {
- close_notify = 0,
- unexpected_message = 10,
- bad_record_mac = 20,
- record_overflow = 22,
- decompression_failure = 30,
- handshake_failure = 40,
- no_certificate = 41,
- bad_certificate = 42,
- unsupported_certificate = 43,
- certificate_revoked = 44,
- certificate_expired = 45,
- certificate_unknown = 46,
- illegal_parameter = 47,
- decrypt_error = 51,
- #ifdef WOLFSSL_MYSQL_COMPATIBLE
- /* catch name conflict for enum protocol with MYSQL build */
- wc_protocol_version = 70,
- #else
- protocol_version = 70,
- #endif
- no_renegotiation = 100,
- unrecognized_name = 112
-};
-
-
-enum AlertLevel {
- alert_warning = 1,
- alert_fatal = 2
-};
-
-
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
-
-#ifdef WOLFSSL_DTLS
- WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
- WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
- WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void);
- WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
-#endif
-
-#ifdef HAVE_POLY1305
- WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int);
-#endif
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
-
-WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
-WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
-WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
- const char*);
-WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *,
- const char *file);
-WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
-
-WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
-WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
-WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int);
-WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int);
-WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file);
-WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
-
-#ifdef WOLFSSL_DER_LOAD
- WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*,
- const char*, int);
-#endif
-
-#ifdef HAVE_NTRU
- WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
- /* load NTRU private key blob */
-#endif
-
-#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
- WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int);
- #define WOLFSSL_PEMCERT_TODER_DEFINED
-#endif
-
-#endif /* !NO_FILESYSTEM && !NO_CERTS */
-
-WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
-WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
-WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
-WOLFSSL_API char* wolfSSL_get_cipher_list(int priority);
-WOLFSSL_API int wolfSSL_get_ciphers(char*, int);
-WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
-WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int);
-WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*);
-WOLFSSL_API int wolfSSL_connect(WOLFSSL*); /* please see note at top of README
- if you get an error from connect */
-WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
-WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
-WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
-WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
-WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
-WOLFSSL_API void wolfSSL_free(WOLFSSL*);
-WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
-WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags);
-WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags);
-
-WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int);
-WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int);
-
-WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int);
-WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
-
-WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session);
-WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
-WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm);
-WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char*,
- int, int);
-
-#ifdef SESSION_INDEX
-WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
-#endif /* SESSION_INDEX */
-
-#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
-WOLFSSL_API
- WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
-#endif /* SESSION_INDEX && SESSION_CERTS */
-
-typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
-typedef int (*pem_password_cb)(char*, int, int, void*);
-
-WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int,
- VerifyCallback verify_callback);
-WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
-WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
-
-WOLFSSL_API int wolfSSL_pending(WOLFSSL*);
-
-WOLFSSL_API void wolfSSL_load_error_strings(void);
-WOLFSSL_API int wolfSSL_library_init(void);
-WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long);
-
-#ifdef HAVE_SECRET_CALLBACK
-typedef int (*SessionSecretCb)(WOLFSSL* ssl,
- void* secret, int* secretSz, void* ctx);
-WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*);
-#endif /* HAVE_SECRET_CALLBACK */
-
-/* session cache persistence */
-WOLFSSL_API int wolfSSL_save_session_cache(const char*);
-WOLFSSL_API int wolfSSL_restore_session_cache(const char*);
-WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int);
-WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int);
-WOLFSSL_API int wolfSSL_get_session_cache_memsize(void);
-
-/* certificate cache persistence, uses ctx since certs are per ctx */
-WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*);
-WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*);
-WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*);
-WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int);
-WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*);
-
-/* only supports full name from cipher_name[] delimited by : */
-WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*);
-WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*);
-
-/* Nonblocking DTLS helper functions */
-WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
-WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
-WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
-
-WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
-WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
-
-WOLFSSL_API int wolfSSL_ERR_GET_REASON(int err);
-WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
-WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
- unsigned long sz);
-WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
-
-/* extras */
-
-#define STACK_OF(x) x
-
-WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
-WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
-WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int);
-WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int);
-WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int);
-WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
- unsigned int);
-WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
-WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
-WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
-WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
-WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
-
-WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*);
-WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
-WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
-WOLFSSL_API char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER*, char*, int);
-WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
- /* what's ref count */
-
-WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*);
-WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
-
-WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
- char** path, int* ssl);
-
-WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void);
-
-WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*);
-WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long);
-WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*);
-
-
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*);
-WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*);
-WOLFSSL_API int wolfSSL_BIO_free_all(WOLFSSL_BIO*);
-WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int);
-WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*);
-WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*);
-WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*);
-
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
-WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size);
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag);
-WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*);
-
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
-WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
-
-WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,const unsigned char** p);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len);
-
-
-WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag);
-WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
-
-WOLFSSL_API int wolfSSL_add_all_algorithms(void);
-
-WOLFSSL_API void wolfSSL_RAND_screen(void);
-WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
-WOLFSSL_API int wolfSSL_RAND_write_file(const char*);
-WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long);
-WOLFSSL_API int wolfSSL_RAND_egd(const char*);
-WOLFSSL_API int wolfSSL_RAND_seed(const void*, int);
-WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double);
-
-WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
-WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
-WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*);
-
-WOLFSSL_API int wolfSSL_get_ex_new_index(long, void*, void*, void*, void*);
-
-WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
-WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*,
- int));
-WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)
- (const char*, int));
-WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int,
- WOLFSSL_dynlock_value*, const char*, int));
-WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f)
- (WOLFSSL_dynlock_value*, const char*, int));
-WOLFSSL_API int wolfSSL_num_locks(void);
-
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
- WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*);
-
-WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int);
-WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*);
-WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
-WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
-WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
-WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
-WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*);
-WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
- WOLFSSL_X509*, unsigned char*, int*);
-WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
- WOLFSSL_X509*, unsigned char*, int*);
-WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
-WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(
- WOLFSSL_X509_NAME*, int, char*, int);
-WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
-WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*);
-
-WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long);
-WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*,
- long);
-WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void);
-WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void);
-
-WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*,
- WOLFSSL_X509_LOOKUP_METHOD*);
-WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void);
-WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*);
-WOLFSSL_API int wolfSSL_X509_STORE_add_cert(
- WOLFSSL_X509_STORE*, WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
-WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*,
- int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*);
-WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
-WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*,
- WOLFSSL_X509_STORE*, WOLFSSL_X509*, STACK_OF(WOLFSSL_X509)*);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
-
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
-
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX*,
- int);
-WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
-WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
-WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
-WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
-
-WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
-WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
- WOLFSSL_X509_REVOKED*,int);
-WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
-
-WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
-
-WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*,
- const WOLFSSL_ASN1_INTEGER*);
-WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*);
-
-WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
-
-WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
- STACK_OF(WOLFSSL_X509_NAME)*);
-WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX*, int);
-WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void);
-WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int);
-
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
- void* userdata);
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb);
-
-
-WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(void));
-
-WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
-WOLFSSL_API int wolfSSL_GET_REASON(int);
-
-WOLFSSL_API char* wolfSSL_alert_type_string_long(int);
-WOLFSSL_API char* wolfSSL_alert_desc_string_long(int);
-WOLFSSL_API char* wolfSSL_state_string_long(WOLFSSL*);
-
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
- void(*)(int, int, void*), void*);
-WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*,
- WOLFSSL_RSA*(*)(WOLFSSL*, int, int));
-
-WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key);
-
-WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*);
-
-#define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */
-#define WOLFSSL_RSA_F4 0x10001L
-
-enum {
- OCSP_NOCERTS = 1,
- OCSP_NOINTERN = 2,
- OCSP_NOSIGS = 4,
- OCSP_NOCHAIN = 8,
- OCSP_NOVERIFY = 16,
- OCSP_NOEXPLICIT = 32,
- OCSP_NOCASIGN = 64,
- OCSP_NODELEGATED = 128,
- OCSP_NOCHECKS = 256,
- OCSP_TRUSTOTHER = 512,
- OCSP_RESPID_KEY = 1024,
- OCSP_NOTIME = 2048,
-
- OCSP_CERTID = 2,
- OCSP_REQUEST = 4,
- OCSP_RESPONSE = 8,
- OCSP_BASICRESP = 16,
-
- WOLFSSL_OCSP_URL_OVERRIDE = 1,
- WOLFSSL_OCSP_NO_NONCE = 2,
- WOLFSSL_OCSP_CHECKALL = 4,
-
- WOLFSSL_CRL_CHECKALL = 1,
-
- ASN1_GENERALIZEDTIME = 4,
-
- SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
- SSL_OP_NETSCAPE_CHALLENGE_BUG = 2,
- SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3,
- SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4,
- SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5,
- SSL_OP_MSIE_SSLV2_RSA_PADDING = 6,
- SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7,
- SSL_OP_TLS_D5_BUG = 8,
- SSL_OP_TLS_BLOCK_PADDING_BUG = 9,
- SSL_OP_TLS_ROLLBACK_BUG = 10,
- SSL_OP_ALL = 11,
- SSL_OP_EPHEMERAL_RSA = 12,
- SSL_OP_NO_SSLv3 = 13,
- SSL_OP_NO_TLSv1 = 14,
- SSL_OP_PKCS1_CHECK_1 = 15,
- SSL_OP_PKCS1_CHECK_2 = 16,
- SSL_OP_NETSCAPE_CA_DN_BUG = 17,
- SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18,
- SSL_OP_SINGLE_DH_USE = 19,
- SSL_OP_NO_TICKET = 20,
- SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21,
- SSL_OP_NO_QUERY_MTU = 22,
- SSL_OP_COOKIE_EXCHANGE = 23,
- SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24,
- SSL_OP_SINGLE_ECDH_USE = 25,
- SSL_OP_CIPHER_SERVER_PREFERENCE = 26,
-
- SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
-
- EVP_R_BAD_DECRYPT = 2,
-
- SSL_CB_LOOP = 4,
- SSL_ST_CONNECT = 5,
- SSL_ST_ACCEPT = 6,
- SSL_CB_ALERT = 7,
- SSL_CB_READ = 8,
- SSL_CB_HANDSHAKE_DONE = 9,
-
- SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
-
- BIO_FLAGS_BASE64_NO_NL = 1,
- BIO_CLOSE = 1,
- BIO_NOCLOSE = 0,
-
- NID_undef = 0,
-
- X509_FILETYPE_PEM = 8,
- X509_LU_X509 = 9,
- X509_LU_CRL = 12,
-
- X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
- X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
- X509_V_ERR_CRL_HAS_EXPIRED = 15,
- X509_V_ERR_CERT_REVOKED = 16,
- X509_V_ERR_CERT_CHAIN_TOO_LONG = 17,
- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18,
- X509_V_ERR_CERT_NOT_YET_VALID = 19,
- X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
- X509_V_ERR_CERT_HAS_EXPIRED = 21,
- X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
-
- X509_V_OK = 0,
-
- CRYPTO_LOCK = 1,
- CRYPTO_NUM_LOCKS = 10
-};
-
-/* extras end */
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-/* wolfSSL extension, provide last error from SSL_get_error
- since not using thread storage error queue */
-WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err);
-#endif
-
-enum { /* ssl Constants */
- SSL_ERROR_NONE = 0, /* for most functions */
- SSL_FAILURE = 0, /* for some functions */
- SSL_SUCCESS = 1,
- SSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */
-
- SSL_BAD_CERTTYPE = -8,
- SSL_BAD_STAT = -7,
- SSL_BAD_PATH = -6,
- SSL_BAD_FILETYPE = -5,
- SSL_BAD_FILE = -4,
- SSL_NOT_IMPLEMENTED = -3,
- SSL_UNKNOWN = -2,
- SSL_FATAL_ERROR = -1,
-
- SSL_FILETYPE_ASN1 = 2,
- SSL_FILETYPE_PEM = 1,
- SSL_FILETYPE_DEFAULT = 2, /* ASN1 */
- SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
-
- SSL_VERIFY_NONE = 0,
- SSL_VERIFY_PEER = 1,
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
- SSL_VERIFY_CLIENT_ONCE = 4,
-
- SSL_SESS_CACHE_OFF = 30,
- SSL_SESS_CACHE_CLIENT = 31,
- SSL_SESS_CACHE_SERVER = 32,
- SSL_SESS_CACHE_BOTH = 33,
- SSL_SESS_CACHE_NO_AUTO_CLEAR = 34,
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,
-
- SSL_ERROR_WANT_READ = 2,
- SSL_ERROR_WANT_WRITE = 3,
- SSL_ERROR_WANT_CONNECT = 7,
- SSL_ERROR_WANT_ACCEPT = 8,
- SSL_ERROR_SYSCALL = 5,
- SSL_ERROR_WANT_X509_LOOKUP = 83,
- SSL_ERROR_ZERO_RETURN = 6,
- SSL_ERROR_SSL = 85,
-
- SSL_SENT_SHUTDOWN = 1,
- SSL_RECEIVED_SHUTDOWN = 2,
- SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
- SSL_OP_NO_SSLv2 = 8,
-
- SSL_R_SSL_HANDSHAKE_FAILURE = 101,
- SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102,
- SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
- SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104,
-
- PEM_BUFSIZE = 1024
-};
-
-
-#ifndef NO_PSK
- typedef unsigned int (*psk_client_callback)(WOLFSSL*, const char*, char*,
- unsigned int, unsigned char*, unsigned int);
- WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*,
- psk_client_callback);
- WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,psk_client_callback);
-
- WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
- WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*);
-
- WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*);
- WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*);
-
- typedef unsigned int (*psk_server_callback)(WOLFSSL*, const char*,
- unsigned char*, unsigned int);
- WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*,
- psk_server_callback);
- WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*,psk_server_callback);
-
- #define PSK_TYPES_DEFINED
-#endif /* NO_PSK */
-
-
-#ifdef HAVE_ANON
- WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
-#endif /* HAVE_ANON */
-
-
-/* extra begins */
-
-enum { /* ERR Constants */
- ERR_TXT_STRING = 1
-};
-
-WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*,
- const char**, int *);
-
-WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void);
-WOLFSSL_API void wolfSSL_ERR_clear_error(void);
-
-
-WOLFSSL_API int wolfSSL_RAND_status(void);
-WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
-WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
-#ifndef NO_CERTS
- WOLFSSL_API int wolfSSL_CTX_check_private_key(WOLFSSL_CTX*);
-#endif /* !NO_CERTS */
-
-WOLFSSL_API void wolfSSL_ERR_free_strings(void);
-WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
-WOLFSSL_API void wolfSSL_EVP_cleanup(void);
-WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
-
-WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void);
-WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode);
-WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx);
-WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m);
-WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);
-
-WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long);
-
-WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
-WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
- const unsigned char*, unsigned int);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl);
-
-WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
-WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
-
-WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...);
-WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*,
- const WOLFSSL_ASN1_UTCTIME*);
-WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_X509_REVOKED*);
-WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED*, int);
-
-/* stunnel 4.28 needs */
-WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
-WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
-WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
- WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
-WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
- int (*f)(WOLFSSL*, WOLFSSL_SESSION*));
-WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*,
- void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*));
-
-WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**,
- const unsigned char**, long);
-
-WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
-WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
-WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
-
-/* extra ends */
-
-
-/* wolfSSL extensions */
-
-/* call before SSL_connect, if verifying will add name check to
- date check and signature check */
-WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
-
-/* need to call once to load library (session cache) */
-WOLFSSL_API int wolfSSL_Init(void);
-/* call when done to cleanup/free session cache mutex / resources */
-WOLFSSL_API int wolfSSL_Cleanup(void);
-
-/* which library version do we have */
-WOLFSSL_API const char* wolfSSL_lib_version(void);
-/* which library version do we have in hex */
-WOLFSSL_API unsigned int wolfSSL_lib_version_hex(void);
-
-/* turn logging on, only if compiled in */
-WOLFSSL_API int wolfSSL_Debugging_ON(void);
-/* turn logging off */
-WOLFSSL_API void wolfSSL_Debugging_OFF(void);
-
-/* do accept or connect depedning on side */
-WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl);
-/* turn on wolfSSL data compression */
-WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl);
-
-WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int);
-WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int);
-
-/* get wolfSSL peer X509_CHAIN */
-WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
-/* peer chain count */
-WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
-/* index cert length */
-WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx);
-/* index cert */
-WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx);
-/* index cert in X509 */
-WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx);
-/* free X509 */
-WOLFSSL_API void wolfSSL_FreeX509(WOLFSSL_X509*);
-/* get index cert in PEM */
-WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx,
- unsigned char* buffer, int inLen, int* outLen);
-WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s);
-WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*);
-WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
-WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*);
-WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*);
-WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
-
-WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
-
-WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
-
-WOLFSSL_API WOLFSSL_X509*
- wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
-#ifndef NO_FILESYSTEM
- #ifndef NO_STDIO_FILESYSTEM
- WOLFSSL_API WOLFSSL_X509*
- wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file);
- #endif
-WOLFSSL_API WOLFSSL_X509*
- wolfSSL_X509_load_certificate_file(const char* fname, int format);
-#endif
-
-#ifdef WOLFSSL_SEP
- WOLFSSL_API unsigned char*
- wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*);
- WOLFSSL_API unsigned char*
- wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*);
- WOLFSSL_API unsigned char*
- wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*);
-#endif
-
-/* connect enough to get peer cert */
-WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl);
-
-#ifndef NO_DH
-/* server Diffie-Hellman parameters */
-WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
- const unsigned char* g, int gSz);
-WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
- int format);
-#ifndef NO_FILESYSTEM
- WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
-#endif
-
-/* server ctx Diffie-Hellman parameters */
-WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
- int pSz, const unsigned char* g, int gSz);
-WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
- long sz, int format);
-
-#ifndef NO_FILESYSTEM
- WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
- int format);
-#endif
-
-WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, unsigned short);
-WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short);
-WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
-#endif /* NO_DH */
-
-WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
-WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
-
-/* keyblock size in bytes or -1 */
-/* need to call wolfSSL_KeepArrays before handshake to save keys */
-WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);
-WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen,
- unsigned char** sr, unsigned int* srLen,
- unsigned char** cr, unsigned int* crLen);
-
-/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
-WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
- const char* label);
-
-
-#ifndef _WIN32
- #ifndef NO_WRITEV
- #ifdef __PPU
- #include <sys/types.h>
- #include <sys/socket.h>
- #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && !defined(WOLFSSL_PICOTCP)
- #include <sys/uio.h>
- #endif
- /* allow writev style writing */
- WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
- int iovcnt);
- #endif
-#endif
-
-
-#ifndef NO_CERTS
- /* SSL_CTX versions */
- WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
- WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
- const unsigned char*, long, int);
- WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*,
- const unsigned char*, long, int);
- WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
- const unsigned char*, long, int);
- WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
- const unsigned char*, long);
-
- /* SSL versions */
- WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*,
- long, int);
- WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
- long, int);
- WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
- const unsigned char*, long);
- WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
-#endif
-
-WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
-WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*);
-
-/* I/O callbacks */
-typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-
-#ifdef HAVE_FUZZER
-enum fuzzer_type {
- FUZZ_HMAC = 0,
- FUZZ_ENCRYPT = 1,
- FUZZ_SIGNATURE = 2,
- FUZZ_HASH = 3,
- FUZZ_HEAD = 4
-};
-
-typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz,
- int type, void* fuzzCtx);
-
-WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
-#endif
-
-WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
-WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
-
-WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
-
-WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
-WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
-
-WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
-WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
-
-
-#ifndef WOLFSSL_USER_IO
- /* default IO callbacks */
- WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
- WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-
- #ifdef HAVE_OCSP
- WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
- int, unsigned char**);
- WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);
- #endif
-
- #ifdef WOLFSSL_DTLS
- WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
- WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
- WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
- int sz, void*);
- #endif /* WOLFSSL_DTLS */
-#endif /* WOLFSSL_USER_IO */
-
-
-#ifdef HAVE_NETX
- WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
- ULONG waitoption);
-#endif
-
-typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
- void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie);
-WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
-
-
-/* I/O Callback default errors */
-enum IOerrors {
- WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
- WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */
- WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */
- WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */
- WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */
- WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */
- WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
-};
-
-
-/* CA cache callbacks */
-enum {
- WOLFSSL_SSLV3 = 0,
- WOLFSSL_TLSV1 = 1,
- WOLFSSL_TLSV1_1 = 2,
- WOLFSSL_TLSV1_2 = 3,
- WOLFSSL_USER_CA = 1, /* user added as trusted */
- WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */
-};
-
-WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
-WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
-WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */
-WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
-WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
- int, const char*);
-WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int sz, unsigned char*,
- int, int);
-
-typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
-typedef void (*CbMissingCRL)(const char* url);
-typedef int (*CbOCSPIO)(void*, const char*, int,
- unsigned char*, int, unsigned char**);
-typedef void (*CbOCSPRespFree)(void*,unsigned char*);
-
-/* User Atomic Record Layer CallBacks */
-typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
- const unsigned char* macIn, unsigned int macInSz, int macContent,
- int macVerify, unsigned char* encOut, const unsigned char* encIn,
- unsigned int encSz, void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt);
-WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl,
- unsigned char* decOut, const unsigned char* decIn,
- unsigned int decSz, int content, int verify, unsigned int* padSz,
- void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*,
- CallbackDecryptVerify);
-WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
-
-WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
-WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
-WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
-WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
-WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*);
-WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*);
-WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*,
- unsigned int, int, int);
-
-/* Atomic User Needs */
-enum {
- WOLFSSL_SERVER_END = 0,
- WOLFSSL_CLIENT_END = 1,
- WOLFSSL_BLOCK_TYPE = 2,
- WOLFSSL_STREAM_TYPE = 3,
- WOLFSSL_AEAD_TYPE = 4,
- WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
-};
-
-/* for GetBulkCipher and internal use */
-enum BulkCipherAlgorithm {
- wolfssl_cipher_null,
- wolfssl_rc4,
- wolfssl_rc2,
- wolfssl_des,
- wolfssl_triple_des, /* leading 3 (3des) not valid identifier */
- wolfssl_des40,
- wolfssl_idea,
- wolfssl_aes,
- wolfssl_aes_gcm,
- wolfssl_aes_ccm,
- wolfssl_chacha,
- wolfssl_camellia,
- wolfssl_hc128, /* wolfSSL extensions */
- wolfssl_rabbit
-};
-
-
-/* for KDF TLS 1.2 mac types */
-enum KDF_MacAlgorithm {
- wolfssl_sha256 = 4, /* needs to match internal MACAlgorithm */
- wolfssl_sha384,
- wolfssl_sha512
-};
-
-
-/* Public Key Callback support */
-typedef int (*CallbackEccSign)(WOLFSSL* ssl,
- const unsigned char* in, unsigned int inSz,
- unsigned char* out, unsigned int* outSz,
- const unsigned char* keyDer, unsigned int keySz,
- void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign);
-WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackEccVerify)(WOLFSSL* ssl,
- const unsigned char* sig, unsigned int sigSz,
- const unsigned char* hash, unsigned int hashSz,
- const unsigned char* keyDer, unsigned int keySz,
- int* result, void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
-WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
- const unsigned char* in, unsigned int inSz,
- unsigned char* out, unsigned int* outSz,
- const unsigned char* keyDer, unsigned int keySz,
- void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
-WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackRsaVerify)(WOLFSSL* ssl,
- unsigned char* sig, unsigned int sigSz,
- unsigned char** out,
- const unsigned char* keyDer, unsigned int keySz,
- void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify);
-WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
-
-/* RSA Public Encrypt cb */
-typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
- const unsigned char* in, unsigned int inSz,
- unsigned char* out, unsigned int* outSz,
- const unsigned char* keyDer, unsigned int keySz,
- void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
-WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
-
-/* RSA Private Decrypt cb */
-typedef int (*CallbackRsaDec)(WOLFSSL* ssl,
- unsigned char* in, unsigned int inSz,
- unsigned char** out,
- const unsigned char* keyDer, unsigned int keySz,
- void* ctx);
-WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec);
-WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
-
-
-#ifndef NO_CERTS
- WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
-
- WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
- WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
-
- WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
- const char* d);
- WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
- WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f,
- int format);
- WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
- const unsigned char* buff, long sz, int format);
- WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*,
- unsigned char*, int sz);
- WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*,
- int options);
- WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
- WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*, const char*,
- int, int);
- WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*,
- CbMissingCRL);
- WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*,
- unsigned char*, int sz);
- WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*,
- int options);
- WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
- WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*,
- const char*);
- WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*,
- CbOCSPIO, CbOCSPRespFree, void*);
-
- WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
- WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
- WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int);
- WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL);
- WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options);
- WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
- WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
- WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*);
-
- WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
- WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
- WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int);
- WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL);
- WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
- WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
- WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);
- WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*,
- CbOCSPIO, CbOCSPRespFree, void*);
-#endif /* !NO_CERTS */
-
-/* end of handshake frees temporary arrays, if user needs for get_keys or
- psk hints, call KeepArrays before handshake and then FreeArrays when done
- if don't want to wait for object free */
-WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
-WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
-
-
-/* cavium additions */
-WOLFSSL_API int wolfSSL_UseCavium(WOLFSSL*, int devId);
-WOLFSSL_API int wolfSSL_CTX_UseCavium(WOLFSSL_CTX*, int devId);
-
-/* TLS Extensions */
-
-/* Server Name Indication */
-#ifdef HAVE_SNI
-
-/* SNI types */
-enum {
- WOLFSSL_SNI_HOST_NAME = 0
-};
-
-WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, const void* data,
- unsigned short size);
-WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
- const void* data, unsigned short size);
-
-#ifndef NO_WOLFSSL_SERVER
-
-/* SNI options */
-enum {
- WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */
- WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 /* fake match on mismatch flag */
-};
-
-WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
- unsigned char options);
-WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, unsigned char type,
- unsigned char options);
-
-/* SNI status */
-enum {
- WOLFSSL_SNI_NO_MATCH = 0,
- WOLFSSL_SNI_FAKE_MATCH = 1, /* if WOLFSSL_SNI_ANSWER_ON_MISMATCH is enabled */
- WOLFSSL_SNI_REAL_MATCH = 2
-};
-
-WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
-
-WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, unsigned char type,
- void** data);
-WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
- const unsigned char* clientHello, unsigned int helloSz,
- unsigned char type, unsigned char* sni, unsigned int* inOutSz);
-
-#endif
-#endif
-
-/* Maximum Fragment Length */
-#ifdef HAVE_MAX_FRAGMENT
-
-/* Fragment lengths */
-enum {
- WOLFSSL_MFL_2_9 = 1, /* 512 bytes */
- WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
- WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
- WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */
- WOLFSSL_MFL_2_13 = 5 /* 8192 bytes *//* wolfSSL ONLY!!! */
-};
-
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
-WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
-
-#endif
-#endif
-
-/* Truncated HMAC */
-#ifdef HAVE_TRUNCATED_HMAC
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
-
-#endif
-#endif
-
-/* Elliptic Curves */
-enum {
- WOLFSSL_ECC_SECP160R1 = 0x10,
- WOLFSSL_ECC_SECP192R1 = 0x13,
- WOLFSSL_ECC_SECP224R1 = 0x15,
- WOLFSSL_ECC_SECP256R1 = 0x17,
- WOLFSSL_ECC_SECP384R1 = 0x18,
- WOLFSSL_ECC_SECP521R1 = 0x19
-};
-
-#ifdef HAVE_SUPPORTED_CURVES
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, unsigned short name);
-WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
- unsigned short name);
-
-#endif
-#endif
-
-/* Secure Renegotiation */
-#ifdef HAVE_SECURE_RENEGOTIATION
-
-WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
-
-#endif
-
-/* Session Ticket */
-#ifdef HAVE_SESSION_TICKET
-
-#ifndef NO_WOLFSSL_CLIENT
-WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
-WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*);
-WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, unsigned char*, unsigned int);
-typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
-WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
- CallbackSessionTicket, void*);
-#endif /* NO_WOLFSSL_CLIENT */
-
-#ifndef NO_WOLFSSL_SERVER
-
-#define WOLFSSL_TICKET_NAME_SZ 16
-#define WOLFSSL_TICKET_IV_SZ 16
-#define WOLFSSL_TICKET_MAC_SZ 32
-
-enum TicketEncRet {
- WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */
- WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */
- WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */
- WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */
-};
-
-typedef int (*SessionTicketEncCb)(WOLFSSL*,
- unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
- unsigned char iv[WOLFSSL_TICKET_IV_SZ],
- unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
- int enc, unsigned char*, int, int*, void*);
-WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
- SessionTicketEncCb);
-WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
-WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
-
-#endif /* NO_WOLFSSL_SERVER */
-
-#endif /* HAVE_SESSION_TICKET */
-
-#define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */
-#define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */
-
-
-/* notify user the hanshake is done */
-typedef int (*HandShakeDoneCb)(WOLFSSL*, void*);
-WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*);
-
-
-WOLFSSL_API int wolfSSL_PrintSessionStats(void);
-WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
- unsigned int* total,
- unsigned int* peak,
- unsigned int* maxSessions);
-/* External facing KDF */
-WOLFSSL_API
-int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen,
- const unsigned char* pms, unsigned int pmsLen,
- const unsigned char* cr, const unsigned char* sr,
- int tls1_2, int hash_type);
-
-WOLFSSL_API
-int wolfSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen,
- const unsigned char* ms, unsigned int msLen,
- const unsigned char* sr, const unsigned char* cr,
- int tls1_2, int hash_type);
-
-#ifdef WOLFSSL_CALLBACKS
-
-/* used internally by wolfSSL while OpenSSL types aren't */
-#include <wolfssl/callbacks.h>
-
-typedef int (*HandShakeCallBack)(HandShakeInfo*);
-typedef int (*TimeoutCallBack)(TimeoutInfo*);
-
-/* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
- for diagnostics */
-WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
- Timeval);
-WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
- Timeval);
-
-#endif /* WOLFSSL_CALLBACKS */
-
-
-#ifdef WOLFSSL_HAVE_WOLFSCEP
- WOLFSSL_API void wolfSSL_wolfSCEP(void);
-#endif /* WOLFSSL_HAVE_WOLFSCEP */
-
-#ifdef WOLFSSL_HAVE_CERT_SERVICE
- WOLFSSL_API void wolfSSL_cert_service(void);
-#endif
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* WOLFSSL_SSL_H */
-
-
--- a/wolfssl/test.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1953 +0,0 @@
-/* test.h */
-
-#ifndef wolfSSL_TEST_H
-#define wolfSSL_TEST_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <ctype.h>
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifdef ATOMIC_USER
- #include <wolfssl/wolfcrypt/aes.h>
- #include <wolfssl/wolfcrypt/arc4.h>
- #include <wolfssl/wolfcrypt/hmac.h>
-#endif
-#ifdef HAVE_PK_CALLBACKS
- #include <wolfssl/wolfcrypt/asn.h>
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif /* HAVE_ECC */
-#endif /*HAVE_PK_CALLBACKS */
-
-#ifdef USE_WINDOWS_API
- #include <winsock2.h>
- #include <process.h>
- #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
- #include <ws2tcpip.h>
- #include <wspiapi.h>
- #endif
- #define SOCKET_T SOCKET
- #define SNPRINTF _snprintf
-#elif defined(WOLFSSL_MDK_ARM)
- #include <string.h>
-#elif defined(WOLFSSL_TIRTOS)
- #include <string.h>
- #include <netdb.h>
- #include <sys/types.h>
- #include <arpa/inet.h>
- #include <sys/socket.h>
- #include <ti/sysbios/knl/Task.h>
- struct hostent {
- char *h_name; /* official name of host */
- char **h_aliases; /* alias list */
- int h_addrtype; /* host address type */
- int h_length; /* length of address */
- char **h_addr_list; /* list of addresses from name server */
- };
- #define SOCKET_T int
-#else
- #include <string.h>
- #include <sys/types.h>
-#ifndef WOLFSSL_LEANPSK
- #include <unistd.h>
- #include <netdb.h>
- #include <netinet/in.h>
- #include <netinet/tcp.h>
- #include <arpa/inet.h>
- #include <sys/ioctl.h>
- #include <sys/time.h>
- #include <sys/socket.h>
- #include <pthread.h>
- #include <fcntl.h>
- #ifdef TEST_IPV6
- #include <netdb.h>
- #endif
-#endif
- #define SOCKET_T int
- #ifndef SO_NOSIGPIPE
- #include <signal.h> /* ignore SIGPIPE */
- #endif
- #define SNPRINTF snprintf
-#endif /* USE_WINDOWS_API */
-
-#ifdef HAVE_CAVIUM
- #include "cavium_sysdep.h"
- #include "cavium_common.h"
- #include "cavium_ioctl.h"
-#endif
-
-#ifdef _MSC_VER
- /* disable conversion warning */
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable:4244 4996)
-#endif
-
-
-#if defined(__MACH__) || defined(USE_WINDOWS_API)
- #ifndef _SOCKLEN_T
- typedef int socklen_t;
- #endif
-#endif
-
-
-/* HPUX doesn't use socklent_t for third parameter to accept, unless
- _XOPEN_SOURCE_EXTENDED is defined */
-#if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)
- typedef socklen_t* ACCEPT_THIRD_T;
-#else
- #if defined _XOPEN_SOURCE_EXTENDED
- typedef socklen_t* ACCEPT_THIRD_T;
- #else
- typedef int* ACCEPT_THIRD_T;
- #endif
-#endif
-
-
-#ifdef USE_WINDOWS_API
- #define CloseSocket(s) closesocket(s)
- #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
-#elif defined(WOLFSSL_MDK_ARM)
- #define CloseSocket(s) closesocket(s)
- #define StartTCP()
-#else
- #define CloseSocket(s) close(s)
- #define StartTCP()
-#endif
-
-
-#ifdef SINGLE_THREADED
- typedef unsigned int THREAD_RETURN;
- typedef void* THREAD_TYPE;
- #define WOLFSSL_THREAD
-#else
- #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
- typedef void* THREAD_RETURN;
- typedef pthread_t THREAD_TYPE;
- #define WOLFSSL_THREAD
- #define INFINITE -1
- #define WAIT_OBJECT_0 0L
- #elif defined(WOLFSSL_MDK_ARM)
- typedef unsigned int THREAD_RETURN;
- typedef int THREAD_TYPE;
- #define WOLFSSL_THREAD
- #elif defined(WOLFSSL_TIRTOS)
- typedef void THREAD_RETURN;
- typedef Task_Handle THREAD_TYPE;
- #define WOLFSSL_THREAD
- #else
- typedef unsigned int THREAD_RETURN;
- typedef intptr_t THREAD_TYPE;
- #define WOLFSSL_THREAD __stdcall
- #endif
-#endif
-
-
-#ifdef TEST_IPV6
- typedef struct sockaddr_in6 SOCKADDR_IN_T;
- #define AF_INET_V AF_INET6
-#else
- typedef struct sockaddr_in SOCKADDR_IN_T;
- #define AF_INET_V AF_INET
-#endif
-
-
-#define SERVER_DEFAULT_VERSION 3
-#define SERVER_DTLS_DEFAULT_VERSION (-2)
-#define SERVER_INVALID_VERSION (-99)
-#define CLIENT_DEFAULT_VERSION 3
-#define CLIENT_DTLS_DEFAULT_VERSION (-2)
-#define CLIENT_INVALID_VERSION (-99)
-#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
- #define DEFAULT_MIN_DHKEY_BITS 2048
-#else
- #define DEFAULT_MIN_DHKEY_BITS 1024
-#endif
-
-/* all certs relative to wolfSSL home directory now */
-#define caCert "./certs/ca-cert.pem"
-#define eccCert "./certs/server-ecc.pem"
-#define eccKey "./certs/ecc-key.pem"
-#define svrCert "./certs/server-cert.pem"
-#define svrKey "./certs/server-key.pem"
-#define cliCert "./certs/client-cert.pem"
-#define cliKey "./certs/client-key.pem"
-#define ntruCert "./certs/ntru-cert.pem"
-#define ntruKey "./certs/ntru-key.raw"
-#define dhParam "./certs/dh2048.pem"
-#define cliEccKey "./certs/ecc-client-key.pem"
-#define cliEccCert "./certs/client-ecc-cert.pem"
-#define crlPemDir "./certs/crl"
-
-typedef struct tcp_ready {
- word16 ready; /* predicate */
- word16 port;
-#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
- pthread_mutex_t mutex;
- pthread_cond_t cond;
-#endif
-} tcp_ready;
-
-
-void InitTcpReady(tcp_ready*);
-void FreeTcpReady(tcp_ready*);
-
-typedef WOLFSSL_METHOD* (*method_provider)(void);
-typedef void (*ctx_callback)(WOLFSSL_CTX* ctx);
-typedef void (*ssl_callback)(WOLFSSL* ssl);
-
-typedef struct callback_functions {
- method_provider method;
- ctx_callback ctx_ready;
- ssl_callback ssl_ready;
- ssl_callback on_result;
-} callback_functions;
-
-typedef struct func_args {
- int argc;
- char** argv;
- int return_code;
- tcp_ready* signal;
- callback_functions *callbacks;
-} func_args;
-
-void wait_tcp_ready(func_args*);
-
-typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
-
-void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
-void join_thread(THREAD_TYPE);
-
-/* wolfSSL */
-#ifndef TEST_IPV6
- static const char* const wolfSSLIP = "127.0.0.1";
-#else
- static const char* const wolfSSLIP = "::1";
-#endif
-static const word16 wolfSSLPort = 11111;
-
-static INLINE void err_sys(const char* msg)
-{
- printf("wolfSSL error: %s\n", msg);
- if (msg)
- exit(EXIT_FAILURE);
-}
-
-
-#define MY_EX_USAGE 2
-
-extern int myoptind;
-extern char* myoptarg;
-
-static INLINE int mygetopt(int argc, char** argv, const char* optstring)
-{
- static char* next = NULL;
-
- char c;
- char* cp;
-
- if (myoptind == 0)
- next = NULL; /* we're starting new/over */
-
- if (next == NULL || *next == '\0') {
- if (myoptind == 0)
- myoptind++;
-
- if (myoptind >= argc || argv[myoptind][0] != '-' ||
- argv[myoptind][1] == '\0') {
- myoptarg = NULL;
- if (myoptind < argc)
- myoptarg = argv[myoptind];
-
- return -1;
- }
-
- if (strcmp(argv[myoptind], "--") == 0) {
- myoptind++;
- myoptarg = NULL;
-
- if (myoptind < argc)
- myoptarg = argv[myoptind];
-
- return -1;
- }
-
- next = argv[myoptind];
- next++; /* skip - */
- myoptind++;
- }
-
- c = *next++;
- /* The C++ strchr can return a different value */
- cp = (char*)strchr(optstring, c);
-
- if (cp == NULL || c == ':')
- return '?';
-
- cp++;
-
- if (*cp == ':') {
- if (*next != '\0') {
- myoptarg = next;
- next = NULL;
- }
- else if (myoptind < argc) {
- myoptarg = argv[myoptind];
- myoptind++;
- }
- else
- return '?';
- }
-
- return c;
-}
-
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-
-static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
-{
- (void)rw;
- (void)userdata;
- strncpy(passwd, "yassl123", sz);
- return 8;
-}
-
-#endif
-
-
-#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
-
-static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
-{
- char* altName;
- char* issuer = wolfSSL_X509_NAME_oneline(
- wolfSSL_X509_get_issuer_name(x509), 0, 0);
- char* subject = wolfSSL_X509_NAME_oneline(
- wolfSSL_X509_get_subject_name(x509), 0, 0);
- byte serial[32];
- int ret;
- int sz = sizeof(serial);
-
- printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
-
- while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
- printf(" altname = %s\n", altName);
-
- ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
- if (ret == SSL_SUCCESS) {
- int i;
- int strLen;
- char serialMsg[80];
-
- /* testsuite has multiple threads writing to stdout, get output
- message ready to write once */
- strLen = sprintf(serialMsg, " serial number");
- for (i = 0; i < sz; i++)
- sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
- printf("%s\n", serialMsg);
- }
-
- XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
- XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
-}
-
-#endif /* KEEP_PEER_CERT || SESSION_CERTS */
-
-
-static INLINE void showPeer(WOLFSSL* ssl)
-{
-
- WOLFSSL_CIPHER* cipher;
-#ifdef KEEP_PEER_CERT
- WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
- if (peer)
- ShowX509(peer, "peer's cert info:");
- else
- printf("peer has no cert!\n");
-#endif
- printf("SSL version is %s\n", wolfSSL_get_version(ssl));
-
- cipher = wolfSSL_get_current_cipher(ssl);
- printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
-
-#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
- {
- WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl);
- int count = wolfSSL_get_chain_count(chain);
- int i;
-
- for (i = 0; i < count; i++) {
- int length;
- unsigned char buffer[3072];
- WOLFSSL_X509* chainX509;
-
- wolfSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
- buffer[length] = 0;
- printf("cert %d has length %d data = \n%s\n", i, length, buffer);
-
- chainX509 = wolfSSL_get_chain_X509(chain, i);
- if (chainX509)
- ShowX509(chainX509, "session cert info:");
- else
- printf("get_chain_X509 failed\n");
- wolfSSL_FreeX509(chainX509);
- }
- }
-#endif
- (void)ssl;
-}
-
-
-static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
- word16 port, int udp)
-{
- int useLookup = 0;
- (void)useLookup;
- (void)udp;
-
- memset(addr, 0, sizeof(SOCKADDR_IN_T));
-
-#ifndef TEST_IPV6
- /* peer could be in human readable form */
- if ( (peer != INADDR_ANY) && isalpha((int)peer[0])) {
- #ifdef WOLFSSL_MDK_ARM
- int err;
- struct hostent* entry = gethostbyname(peer, &err);
- #elif defined(WOLFSSL_TIRTOS)
- struct hostent* entry = DNSGetHostByName(peer);
- #else
- struct hostent* entry = gethostbyname(peer);
- #endif
-
- if (entry) {
- memcpy(&addr->sin_addr.s_addr, entry->h_addr_list[0],
- entry->h_length);
- useLookup = 1;
- }
- else
- err_sys("no entry for host");
- }
-#endif
-
-
-#ifndef TEST_IPV6
- #if defined(WOLFSSL_MDK_ARM)
- addr->sin_family = PF_INET;
- #else
- addr->sin_family = AF_INET_V;
- #endif
- addr->sin_port = htons(port);
- if (peer == INADDR_ANY)
- addr->sin_addr.s_addr = INADDR_ANY;
- else {
- if (!useLookup)
- addr->sin_addr.s_addr = inet_addr(peer);
- }
-#else
- addr->sin6_family = AF_INET_V;
- addr->sin6_port = htons(port);
- if (peer == INADDR_ANY)
- addr->sin6_addr = in6addr_any;
- else {
- #ifdef HAVE_GETADDRINFO
- struct addrinfo hints;
- struct addrinfo* answer = NULL;
- int ret;
- char strPort[80];
-
- memset(&hints, 0, sizeof(hints));
-
- hints.ai_family = AF_INET_V;
- hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
- hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
-
- SNPRINTF(strPort, sizeof(strPort), "%d", port);
- strPort[79] = '\0';
-
- ret = getaddrinfo(peer, strPort, &hints, &answer);
- if (ret < 0 || answer == NULL)
- err_sys("getaddrinfo failed");
-
- memcpy(addr, answer->ai_addr, answer->ai_addrlen);
- freeaddrinfo(answer);
- #else
- printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
- addr->sin6_addr = in6addr_loopback;
- #endif
- }
-#endif
-}
-
-
-static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
-{
- if (udp)
- *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
- else
- *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
-
-#ifdef USE_WINDOWS_API
- if (*sockfd == INVALID_SOCKET)
- err_sys("socket failed\n");
-#elif defined(WOLFSSL_TIRTOS)
- if (*sockfd == -1)
- err_sys("socket failed\n");
-#else
- if (*sockfd < 0)
- err_sys("socket failed\n");
-#endif
-
-#ifndef USE_WINDOWS_API
-#ifdef SO_NOSIGPIPE
- {
- int on = 1;
- socklen_t len = sizeof(on);
- int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
- if (res < 0)
- err_sys("setsockopt SO_NOSIGPIPE failed\n");
- }
-#elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS)
- /* nothing to define */
-#else /* no S_NOSIGPIPE */
- signal(SIGPIPE, SIG_IGN);
-#endif /* S_NOSIGPIPE */
-
-#if defined(TCP_NODELAY)
- if (!udp)
- {
- int on = 1;
- socklen_t len = sizeof(on);
- int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
- if (res < 0)
- err_sys("setsockopt TCP_NODELAY failed\n");
- }
-#endif
-#endif /* USE_WINDOWS_API */
-}
-
-static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
- int udp)
-{
- SOCKADDR_IN_T addr;
- build_addr(&addr, ip, port, udp);
- tcp_socket(sockfd, udp);
-
- if (!udp) {
- if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
- err_sys("tcp connect failed");
- }
-}
-
-
-static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
-{
- if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
- err_sys("tcp connect failed");
-}
-
-
-enum {
- TEST_SELECT_FAIL,
- TEST_TIMEOUT,
- TEST_RECV_READY,
- TEST_ERROR_READY
-};
-
-
-#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_TIRTOS)
-static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
-{
- fd_set recvfds, errfds;
- SOCKET_T nfds = socketfd + 1;
- struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
- int result;
-
- FD_ZERO(&recvfds);
- FD_SET(socketfd, &recvfds);
- FD_ZERO(&errfds);
- FD_SET(socketfd, &errfds);
-
- result = select(nfds, &recvfds, NULL, &errfds, &timeout);
-
- if (result == 0)
- return TEST_TIMEOUT;
- else if (result > 0) {
- if (FD_ISSET(socketfd, &recvfds))
- return TEST_RECV_READY;
- else if(FD_ISSET(socketfd, &errfds))
- return TEST_ERROR_READY;
- }
-
- return TEST_SELECT_FAIL;
-}
-#elif defined(WOLFSSL_TIRTOS)
-static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
-{
- return TEST_RECV_READY;
-}
-#endif /* !WOLFSSL_MDK_ARM */
-
-
-static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
- int udp)
-{
- SOCKADDR_IN_T addr;
-
- /* don't use INADDR_ANY by default, firewall may block, make user switch
- on */
- build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp);
- tcp_socket(sockfd, udp);
-
-#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)
- {
- int res, on = 1;
- socklen_t len = sizeof(on);
- res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
- if (res < 0)
- err_sys("setsockopt SO_REUSEADDR failed\n");
- }
-#endif
-
- if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
- err_sys("tcp bind failed");
- if (!udp) {
- if (listen(*sockfd, 5) != 0)
- err_sys("tcp listen failed");
- }
- #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
- if (*port == 0) {
- socklen_t len = sizeof(addr);
- if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
- #ifndef TEST_IPV6
- *port = ntohs(addr.sin_port);
- #else
- *port = ntohs(addr.sin6_port);
- #endif
- }
- }
- #endif
-}
-
-
-static INLINE int udp_read_connect(SOCKET_T sockfd)
-{
- SOCKADDR_IN_T cliaddr;
- byte b[1500];
- int n;
- socklen_t len = sizeof(cliaddr);
-
- n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
- (struct sockaddr*)&cliaddr, &len);
- if (n > 0) {
- if (connect(sockfd, (const struct sockaddr*)&cliaddr,
- sizeof(cliaddr)) != 0)
- err_sys("udp connect failed");
- }
- else
- err_sys("recvfrom failed");
-
- return sockfd;
-}
-
-static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
- int useAnyAddr, word16 port, func_args* args)
-{
- SOCKADDR_IN_T addr;
-
- (void)args;
- build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1);
- tcp_socket(sockfd, 1);
-
-
-#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)
- {
- int res, on = 1;
- socklen_t len = sizeof(on);
- res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
- if (res < 0)
- err_sys("setsockopt SO_REUSEADDR failed\n");
- }
-#endif
-
- if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
- err_sys("tcp bind failed");
-
- #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
- if (port == 0) {
- socklen_t len = sizeof(addr);
- if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
- #ifndef TEST_IPV6
- port = ntohs(addr.sin_port);
- #else
- port = ntohs(addr.sin6_port);
- #endif
- }
- }
- #endif
-
-#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
- /* signal ready to accept data */
- {
- tcp_ready* ready = args->signal;
- pthread_mutex_lock(&ready->mutex);
- ready->ready = 1;
- ready->port = port;
- pthread_cond_signal(&ready->cond);
- pthread_mutex_unlock(&ready->mutex);
- }
-#elif defined (WOLFSSL_TIRTOS)
- /* Need mutex? */
- tcp_ready* ready = args->signal;
- ready->ready = 1;
- ready->port = port;
-#endif
-
- *clientfd = udp_read_connect(*sockfd);
-}
-
-static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
- func_args* args, word16 port, int useAnyAddr,
- int udp, int ready_file)
-{
- SOCKADDR_IN_T client;
- socklen_t client_len = sizeof(client);
-
- if (udp) {
- udp_accept(sockfd, clientfd, useAnyAddr, port, args);
- return;
- }
-
- tcp_listen(sockfd, &port, useAnyAddr, udp);
-
-#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
- /* signal ready to tcp_accept */
- {
- tcp_ready* ready = args->signal;
- pthread_mutex_lock(&ready->mutex);
- ready->ready = 1;
- ready->port = port;
- pthread_cond_signal(&ready->cond);
- pthread_mutex_unlock(&ready->mutex);
- }
-#elif defined (WOLFSSL_TIRTOS)
- /* Need mutex? */
- tcp_ready* ready = args->signal;
- ready->ready = 1;
- ready->port = port;
-#endif
-
- if (ready_file) {
-#ifndef NO_FILESYSTEM
- #ifndef USE_WINDOWS_API
- FILE* srf = fopen("/tmp/wolfssl_server_ready", "w");
- #else
- FILE* srf = fopen("wolfssl_server_ready", "w");
- #endif
-
- if (srf) {
- fputs("ready", srf);
- fclose(srf);
- }
-#endif
- }
-
- *clientfd = accept(*sockfd, (struct sockaddr*)&client,
- (ACCEPT_THIRD_T)&client_len);
-#ifdef USE_WINDOWS_API
- if (*clientfd == INVALID_SOCKET)
- err_sys("tcp accept failed");
-#else
- if (*clientfd == -1)
- err_sys("tcp accept failed");
-#endif
-}
-
-
-static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
-{
- #ifdef USE_WINDOWS_API
- unsigned long blocking = 1;
- int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
- if (ret == SOCKET_ERROR)
- err_sys("ioctlsocket failed");
- #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS)
- /* non blocking not suppported, for now */
- #else
- int flags = fcntl(*sockfd, F_GETFL, 0);
- if (flags < 0)
- err_sys("fcntl get failed");
- flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
- if (flags < 0)
- err_sys("fcntl set failed");
- #endif
-}
-
-
-#ifndef NO_PSK
-
-static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
- char* identity, unsigned int id_max_len, unsigned char* key,
- unsigned int key_max_len)
-{
- (void)ssl;
- (void)hint;
- (void)key_max_len;
-
- /* identity is OpenSSL testing default for openssl s_client, keep same */
- strncpy(identity, "Client_identity", id_max_len);
-
-
- /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
- unsigned binary */
- key[0] = 26;
- key[1] = 43;
- key[2] = 60;
- key[3] = 77;
-
- return 4; /* length of key in octets or 0 for error */
-}
-
-
-static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
- unsigned char* key, unsigned int key_max_len)
-{
- (void)ssl;
- (void)key_max_len;
-
- /* identity is OpenSSL testing default for openssl s_client, keep same */
- if (strncmp(identity, "Client_identity", 15) != 0)
- return 0;
-
- /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
- unsigned binary */
- key[0] = 26;
- key[1] = 43;
- key[2] = 60;
- key[3] = 77;
-
- return 4; /* length of key in octets or 0 for error */
-}
-
-#endif /* NO_PSK */
-
-
-#ifdef USE_WINDOWS_API
-
- #define WIN32_LEAN_AND_MEAN
- #include <windows.h>
-
- static INLINE double current_time()
- {
- static int init = 0;
- static LARGE_INTEGER freq;
-
- LARGE_INTEGER count;
-
- if (!init) {
- QueryPerformanceFrequency(&freq);
- init = 1;
- }
-
- QueryPerformanceCounter(&count);
-
- return (double)count.QuadPart / freq.QuadPart;
- }
-
-#elif defined(WOLFSSL_TIRTOS)
- extern double current_time();
-#else
-
-#if !defined(WOLFSSL_MDK_ARM)
- #include <sys/time.h>
-
- static INLINE double current_time(void)
- {
- struct timeval tv;
- gettimeofday(&tv, 0);
-
- return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
- }
-
-#endif
-#endif /* USE_WINDOWS_API */
-
-
-#if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
-
- enum {
- WOLFSSL_CA = 1,
- WOLFSSL_CERT = 2,
- WOLFSSL_KEY = 3
- };
-
- static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
- {
- /* test buffer load */
- long sz = 0;
- byte buff[10000];
- FILE* file = fopen(fname, "rb");
-
- if (!file)
- err_sys("can't open file for buffer load "
- "Please run from wolfSSL home directory if not");
- fseek(file, 0, SEEK_END);
- sz = ftell(file);
- rewind(file);
- fread(buff, sizeof(buff), 1, file);
-
- if (type == WOLFSSL_CA) {
- if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM)
- != SSL_SUCCESS)
- err_sys("can't load buffer ca file");
- }
- else if (type == WOLFSSL_CERT) {
- if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, sz,
- SSL_FILETYPE_PEM) != SSL_SUCCESS)
- err_sys("can't load buffer cert file");
- }
- else if (type == WOLFSSL_KEY) {
- if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz,
- SSL_FILETYPE_PEM) != SSL_SUCCESS)
- err_sys("can't load buffer key file");
- }
- }
-
-#endif /* NO_FILESYSTEM */
-
-#ifdef VERIFY_CALLBACK
-
-static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
-{
- (void)preverify;
- char buffer[WOLFSSL_MAX_ERROR_SZ];
-
-#ifdef OPENSSL_EXTRA
- WOLFSSL_X509* peer;
-#endif
-
- printf("In verification callback, error = %d, %s\n", store->error,
- wolfSSL_ERR_error_string(store->error, buffer));
-#ifdef OPENSSL_EXTRA
- peer = store->current_cert;
- if (peer) {
- char* issuer = wolfSSL_X509_NAME_oneline(
- wolfSSL_X509_get_issuer_name(peer), 0, 0);
- char* subject = wolfSSL_X509_NAME_oneline(
- wolfSSL_X509_get_subject_name(peer), 0, 0);
- printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
- subject);
- XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
- XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
- }
- else
- printf("peer has no cert!\n");
-#endif
- printf("Subject's domain name is %s\n", store->domain);
-
- printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n");
- return 1;
-}
-
-#endif /* VERIFY_CALLBACK */
-
-
-static INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
-{
- char buffer[WOLFSSL_MAX_ERROR_SZ];
- (void)preverify;
-
- printf("In verification callback, error = %d, %s\n", store->error,
- wolfSSL_ERR_error_string(store->error, buffer));
- printf("Subject's domain name is %s\n", store->domain);
-
- if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
- printf("Overriding cert date error as example for bad clock testing\n");
- return 1;
- }
- printf("Cert error is not date error, not overriding\n");
-
- return 0;
-}
-
-
-#ifdef HAVE_CRL
-
-static INLINE void CRL_CallBack(const char* url)
-{
- printf("CRL callback url = %s\n", url);
-}
-
-#endif
-
-#ifndef NO_DH
-static INLINE void SetDH(WOLFSSL* ssl)
-{
- /* dh1024 p */
- static unsigned char p[] =
- {
- 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
- 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
- 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
- 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
- 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
- 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
- 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
- 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
- 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
- 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
- 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
- };
-
- /* dh1024 g */
- static unsigned char g[] =
- {
- 0x02,
- };
-
- wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
-}
-
-static INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
-{
- /* dh1024 p */
- static unsigned char p[] =
- {
- 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
- 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
- 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
- 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
- 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
- 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
- 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
- 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
- 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
- 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
- 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
- };
-
- /* dh1024 g */
- static unsigned char g[] =
- {
- 0x02,
- };
-
- wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
-}
-#endif /* NO_DH */
-
-#ifndef NO_CERTS
-
-static INLINE void CaCb(unsigned char* der, int sz, int type)
-{
- (void)der;
- printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
-}
-
-#endif /* !NO_CERTS */
-
-#ifdef HAVE_CAVIUM
-
-static INLINE int OpenNitroxDevice(int dma_mode,int dev_id)
-{
- Csp1CoreAssignment core_assign;
- Uint32 device;
-
- if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
- return -1;
- if (Csp1GetDevType(&device))
- return -1;
- if (device != NPX_DEVICE) {
- if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
- (Uint32 *)&core_assign)!= 0)
- return -1;
- }
- CspShutdown(CAVIUM_DEV_ID);
-
- return CspInitialize(dma_mode, dev_id);
-}
-
-#endif /* HAVE_CAVIUM */
-
-
-#ifdef USE_WINDOWS_API
-
-/* do back x number of directories */
-static INLINE void ChangeDirBack(int x)
-{
- char path[MAX_PATH];
-
- if (x == 1)
- strncpy(path, "..\\", MAX_PATH);
- else if (x == 2)
- strncpy(path, "..\\..\\", MAX_PATH);
- else if (x == 3)
- strncpy(path, "..\\..\\..\\", MAX_PATH);
- else if (x == 4)
- strncpy(path, "..\\..\\..\\..\\", MAX_PATH);
- else
- strncpy(path, ".\\", MAX_PATH);
-
- SetCurrentDirectoryA(path);
-}
-
-/* does current dir contain str */
-static INLINE int CurrentDir(const char* str)
-{
- char path[MAX_PATH];
- char* baseName;
-
- GetCurrentDirectoryA(sizeof(path), path);
-
- baseName = strrchr(path, '\\');
- if (baseName)
- baseName++;
- else
- baseName = path;
-
- if (strstr(baseName, str))
- return 1;
-
- return 0;
-}
-
-#elif defined(WOLFSSL_MDK_ARM)
- /* KEIL-RL File System does not support relative directry */
-#elif defined(WOLFSSL_TIRTOS)
-#else
-
-#ifndef MAX_PATH
- #define MAX_PATH 256
-#endif
-
-/* do back x number of directories */
-static INLINE void ChangeDirBack(int x)
-{
- char path[MAX_PATH];
-
- if (x == 1)
- strncpy(path, "../", MAX_PATH);
- else if (x == 2)
- strncpy(path, "../../", MAX_PATH);
- else if (x == 3)
- strncpy(path, "../../../", MAX_PATH);
- else if (x == 4)
- strncpy(path, "../../../../", MAX_PATH);
- else
- strncpy(path, "./", MAX_PATH);
-
- if (chdir(path) < 0)
- printf("chdir to %s failed\n", path);
-}
-
-/* does current dir contain str */
-static INLINE int CurrentDir(const char* str)
-{
- char path[MAX_PATH];
- char* baseName;
-
- if (getcwd(path, sizeof(path)) == NULL) {
- printf("no current dir?\n");
- return 0;
- }
-
- baseName = strrchr(path, '/');
- if (baseName)
- baseName++;
- else
- baseName = path;
-
- if (strstr(baseName, str))
- return 1;
-
- return 0;
-}
-
-#endif /* USE_WINDOWS_API */
-
-
-#ifdef USE_WOLFSSL_MEMORY
-
- typedef struct memoryStats {
- size_t totalAllocs; /* number of allocations */
- size_t totalBytes; /* total number of bytes allocated */
- size_t peakBytes; /* concurrent max bytes */
- size_t currentBytes; /* total current bytes in use */
- } memoryStats;
-
- typedef struct memHint {
- size_t thisSize; /* size of this memory */
- void* thisMemory; /* actual memory for user */
- } memHint;
-
- typedef struct memoryTrack {
- union {
- memHint hint;
- byte alignit[16]; /* make sure we have strong alignment */
- } u;
- } memoryTrack;
-
- #if defined(WOLFSSL_TRACK_MEMORY)
- #define DO_MEM_STATS
- static memoryStats ourMemStats;
- #endif
-
- static INLINE void* TrackMalloc(size_t sz)
- {
- memoryTrack* mt;
-
- if (sz == 0)
- return NULL;
-
- mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
- if (mt == NULL)
- return NULL;
-
- mt->u.hint.thisSize = sz;
- mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack);
-
-#ifdef DO_MEM_STATS
- ourMemStats.totalAllocs++;
- ourMemStats.totalBytes += sz;
- ourMemStats.currentBytes += sz;
- if (ourMemStats.currentBytes > ourMemStats.peakBytes)
- ourMemStats.peakBytes = ourMemStats.currentBytes;
-#endif
-
- return mt->u.hint.thisMemory;
- }
-
-
- static INLINE void TrackFree(void* ptr)
- {
- memoryTrack* mt;
-
- if (ptr == NULL)
- return;
-
- mt = (memoryTrack*)ptr;
- --mt; /* same as minus sizeof(memoryTrack), removes header */
-
-#ifdef DO_MEM_STATS
- ourMemStats.currentBytes -= mt->u.hint.thisSize;
-#endif
-
- free(mt);
- }
-
-
- static INLINE void* TrackRealloc(void* ptr, size_t sz)
- {
- void* ret = TrackMalloc(sz);
-
- if (ptr) {
- /* if realloc is bigger, don't overread old ptr */
- memoryTrack* mt = (memoryTrack*)ptr;
- --mt; /* same as minus sizeof(memoryTrack), removes header */
-
- if (mt->u.hint.thisSize < sz)
- sz = mt->u.hint.thisSize;
- }
-
- if (ret && ptr)
- memcpy(ret, ptr, sz);
-
- if (ret)
- TrackFree(ptr);
-
- return ret;
- }
-
- static INLINE void InitMemoryTracker(void)
- {
- if (wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0)
- err_sys("wolfSSL SetAllocators failed for track memory");
-
- #ifdef DO_MEM_STATS
- ourMemStats.totalAllocs = 0;
- ourMemStats.totalBytes = 0;
- ourMemStats.peakBytes = 0;
- ourMemStats.currentBytes = 0;
- #endif
- }
-
- static INLINE void ShowMemoryTracker(void)
- {
- #ifdef DO_MEM_STATS
- printf("total Allocs = %9lu\n",
- (unsigned long)ourMemStats.totalAllocs);
- printf("total Bytes = %9lu\n",
- (unsigned long)ourMemStats.totalBytes);
- printf("peak Bytes = %9lu\n",
- (unsigned long)ourMemStats.peakBytes);
- printf("current Bytes = %9lu\n",
- (unsigned long)ourMemStats.currentBytes);
- #endif
- }
-
-#endif /* USE_WOLFSSL_MEMORY */
-
-
-#ifdef HAVE_STACK_SIZE
-
-typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
-
-
-static INLINE void StackSizeCheck(func_args* args, thread_func tf)
-{
- int ret, i, used;
- unsigned char* myStack;
- int stackSize = 1024*128;
- pthread_attr_t myAttr;
- pthread_t threadId;
-
-#ifdef PTHREAD_STACK_MIN
- if (stackSize < PTHREAD_STACK_MIN)
- stackSize = PTHREAD_STACK_MIN;
-#endif
-
- ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
- if (ret != 0)
- err_sys("posix_memalign failed\n");
-
- memset(myStack, 0x01, stackSize);
-
- ret = pthread_attr_init(&myAttr);
- if (ret != 0)
- err_sys("attr_init failed");
-
- ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
- if (ret != 0)
- err_sys("attr_setstackaddr failed");
-
- ret = pthread_create(&threadId, &myAttr, tf, args);
- if (ret != 0) {
- perror("pthread_create failed");
- exit(EXIT_FAILURE);
- }
-
- ret = pthread_join(threadId, NULL);
- if (ret != 0)
- err_sys("pthread_join failed");
-
- for (i = 0; i < stackSize; i++) {
- if (myStack[i] != 0x01) {
- break;
- }
- }
-
- used = stackSize - i;
- printf("stack used = %d\n", used);
-}
-
-
-#endif /* HAVE_STACK_SIZE */
-
-
-#ifdef STACK_TRAP
-
-/* good settings
- --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
-
-*/
-
-#ifdef HAVE_STACK_SIZE
- /* client only for now, setrlimit will fail if pthread_create() called */
- /* STACK_SIZE does pthread_create() on client */
- #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
-#endif /* HAVE_STACK_SIZE */
-
-static INLINE void StackTrap(void)
-{
- struct rlimit rl;
- if (getrlimit(RLIMIT_STACK, &rl) != 0)
- err_sys("getrlimit failed");
- printf("rlim_cur = %llu\n", rl.rlim_cur);
- rl.rlim_cur = 1024*21; /* adjust trap size here */
- if (setrlimit(RLIMIT_STACK, &rl) != 0) {
- perror("setrlimit");
- err_sys("setrlimit failed");
- }
-}
-
-#else /* STACK_TRAP */
-
-static INLINE void StackTrap(void)
-{
-}
-
-#endif /* STACK_TRAP */
-
-
-#ifdef ATOMIC_USER
-
-/* Atomic Encrypt Context example */
-typedef struct AtomicEncCtx {
- int keySetup; /* have we done key setup yet */
- Aes aes; /* for aes example */
-} AtomicEncCtx;
-
-
-/* Atomic Decrypt Context example */
-typedef struct AtomicDecCtx {
- int keySetup; /* have we done key setup yet */
- Aes aes; /* for aes example */
-} AtomicDecCtx;
-
-
-static INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
- const unsigned char* macIn, unsigned int macInSz, int macContent,
- int macVerify, unsigned char* encOut, const unsigned char* encIn,
- unsigned int encSz, void* ctx)
-{
- int ret;
- Hmac hmac;
- byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
- AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
- const char* tlsStr = "TLS";
-
- /* example supports (d)tls aes */
- if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
- printf("myMacEncryptCb not using AES\n");
- return -1;
- }
-
- if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
- printf("myMacEncryptCb not using (D)TLS\n");
- return -1;
- }
-
- /* hmac, not needed if aead mode */
- wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
-
- ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
- wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
- if (ret != 0)
- return ret;
- ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
- if (ret != 0)
- return ret;
- ret = wc_HmacUpdate(&hmac, macIn, macInSz);
- if (ret != 0)
- return ret;
- ret = wc_HmacFinal(&hmac, macOut);
- if (ret != 0)
- return ret;
-
-
- /* encrypt setup on first time */
- if (encCtx->keySetup == 0) {
- int keyLen = wolfSSL_GetKeySize(ssl);
- const byte* key;
- const byte* iv;
-
- if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
- key = wolfSSL_GetClientWriteKey(ssl);
- iv = wolfSSL_GetClientWriteIV(ssl);
- }
- else {
- key = wolfSSL_GetServerWriteKey(ssl);
- iv = wolfSSL_GetServerWriteIV(ssl);
- }
-
- ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
- if (ret != 0) {
- printf("AesSetKey failed in myMacEncryptCb\n");
- return ret;
- }
- encCtx->keySetup = 1;
- }
-
- /* encrypt */
- return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
-}
-
-
-static INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
- unsigned char* decOut, const unsigned char* decIn,
- unsigned int decSz, int macContent, int macVerify,
- unsigned int* padSz, void* ctx)
-{
- AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
- int ret = 0;
- int macInSz = 0;
- int ivExtra = 0;
- int digestSz = wolfSSL_GetHmacSize(ssl);
- unsigned int pad = 0;
- unsigned int padByte = 0;
- Hmac hmac;
- byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
- byte verify[MAX_DIGEST_SIZE];
- const char* tlsStr = "TLS";
-
- /* example supports (d)tls aes */
- if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
- printf("myMacEncryptCb not using AES\n");
- return -1;
- }
-
- if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
- printf("myMacEncryptCb not using (D)TLS\n");
- return -1;
- }
-
- /*decrypt */
- if (decCtx->keySetup == 0) {
- int keyLen = wolfSSL_GetKeySize(ssl);
- const byte* key;
- const byte* iv;
-
- /* decrypt is from other side (peer) */
- if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
- key = wolfSSL_GetClientWriteKey(ssl);
- iv = wolfSSL_GetClientWriteIV(ssl);
- }
- else {
- key = wolfSSL_GetServerWriteKey(ssl);
- iv = wolfSSL_GetServerWriteIV(ssl);
- }
-
- ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
- if (ret != 0) {
- printf("AesSetKey failed in myDecryptVerifyCb\n");
- return ret;
- }
- decCtx->keySetup = 1;
- }
-
- /* decrypt */
- ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
-
- if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
- *padSz = wolfSSL_GetAeadMacSize(ssl);
- return 0; /* hmac, not needed if aead mode */
- }
-
- if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
- pad = *(decOut + decSz - 1);
- padByte = 1;
- if (wolfSSL_IsTLSv1_1(ssl))
- ivExtra = wolfSSL_GetCipherBlockSize(ssl);
- }
-
- *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
- macInSz = decSz - ivExtra - digestSz - pad - padByte;
-
- wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
-
- ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
- wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
- if (ret != 0)
- return ret;
- ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
- if (ret != 0)
- return ret;
- ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
- if (ret != 0)
- return ret;
- ret = wc_HmacFinal(&hmac, verify);
- if (ret != 0)
- return ret;
-
- if (memcmp(verify, decOut + decSz - digestSz - pad - padByte,
- digestSz) != 0) {
- printf("myDecryptVerify verify failed\n");
- return -1;
- }
-
- return ret;
-}
-
-
-static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
-{
- AtomicEncCtx* encCtx;
- AtomicDecCtx* decCtx;
-
- encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
- if (encCtx == NULL)
- err_sys("AtomicEncCtx malloc failed");
- memset(encCtx, 0, sizeof(AtomicEncCtx));
-
- decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
- if (decCtx == NULL) {
- free(encCtx);
- err_sys("AtomicDecCtx malloc failed");
- }
- memset(decCtx, 0, sizeof(AtomicDecCtx));
-
- wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
- wolfSSL_SetMacEncryptCtx(ssl, encCtx);
-
- wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
- wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
-}
-
-
-static INLINE void FreeAtomicUser(WOLFSSL* ssl)
-{
- AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl);
- AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl);
-
- free(decCtx);
- free(encCtx);
-}
-
-#endif /* ATOMIC_USER */
-
-
-#ifdef HAVE_PK_CALLBACKS
-
-#ifdef HAVE_ECC
-
-static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
- byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
-{
- RNG rng;
- int ret;
- word32 idx = 0;
- ecc_key myKey;
-
- (void)ssl;
- (void)ctx;
-
- ret = wc_InitRng(&rng);
- if (ret != 0)
- return ret;
-
- wc_ecc_init(&myKey);
-
- ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
- if (ret == 0)
- ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
- wc_ecc_free(&myKey);
- wc_FreeRng(&rng);
-
- return ret;
-}
-
-
-static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
- const byte* hash, word32 hashSz, const byte* key, word32 keySz,
- int* result, void* ctx)
-{
- int ret;
- ecc_key myKey;
-
- (void)ssl;
- (void)ctx;
-
- wc_ecc_init(&myKey);
-
- ret = wc_ecc_import_x963(key, keySz, &myKey);
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
- wc_ecc_free(&myKey);
-
- return ret;
-}
-
-#endif /* HAVE_ECC */
-
-#ifndef NO_RSA
-
-static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
- byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
-{
- RNG rng;
- int ret;
- word32 idx = 0;
- RsaKey myKey;
-
- (void)ssl;
- (void)ctx;
-
- ret = wc_InitRng(&rng);
- if (ret != 0)
- return ret;
-
- wc_InitRsaKey(&myKey, NULL);
-
- ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
- if (ret == 0)
- ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
- if (ret > 0) { /* save and convert to 0 success */
- *outSz = ret;
- ret = 0;
- }
- wc_FreeRsaKey(&myKey);
- wc_FreeRng(&rng);
-
- return ret;
-}
-
-
-static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
- byte** out,
- const byte* key, word32 keySz,
- void* ctx)
-{
- int ret;
- word32 idx = 0;
- RsaKey myKey;
-
- (void)ssl;
- (void)ctx;
-
- wc_InitRsaKey(&myKey, NULL);
-
- ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
- if (ret == 0)
- ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
- wc_FreeRsaKey(&myKey);
-
- return ret;
-}
-
-
-static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
- byte* out, word32* outSz, const byte* key,
- word32 keySz, void* ctx)
-{
- int ret;
- word32 idx = 0;
- RsaKey myKey;
- RNG rng;
-
- (void)ssl;
- (void)ctx;
-
- ret = wc_InitRng(&rng);
- if (ret != 0)
- return ret;
-
- wc_InitRsaKey(&myKey, NULL);
-
- ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
- if (ret == 0) {
- ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
- if (ret > 0) {
- *outSz = ret;
- ret = 0; /* reset to success */
- }
- }
- wc_FreeRsaKey(&myKey);
- wc_FreeRng(&rng);
-
- return ret;
-}
-
-static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
- byte** out,
- const byte* key, word32 keySz, void* ctx)
-{
- int ret;
- word32 idx = 0;
- RsaKey myKey;
-
- (void)ssl;
- (void)ctx;
-
- wc_InitRsaKey(&myKey, NULL);
-
- ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
- if (ret == 0) {
- ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
- }
- wc_FreeRsaKey(&myKey);
-
- return ret;
-}
-
-#endif /* NO_RSA */
-
-static INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
-{
- (void)ctx;
- (void)ssl;
-
- #ifdef HAVE_ECC
- wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
- wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
- wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
- wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
- wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
- #endif /* NO_RSA */
-}
-
-#endif /* HAVE_PK_CALLBACKS */
-
-
-
-
-
-#if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
- || defined(_MSC_VER)
-
-/* HP/UX doesn't have strsep, needed by test/suites.c */
-static INLINE char* strsep(char **stringp, const char *delim)
-{
- char* start;
- char* end;
-
- start = *stringp;
- if (start == NULL)
- return NULL;
-
- if ((end = strpbrk(start, delim))) {
- *end++ = '\0';
- *stringp = end;
- } else {
- *stringp = NULL;
- }
-
- return start;
-}
-
-#endif /* __hpux__ and others */
-
-/* Create unique filename, len is length of tempfn name, assuming
- len does not include null terminating character,
- num is number of characters in tempfn name to randomize */
-static INLINE const char* mymktemp(char *tempfn, int len, int num)
-{
- int x, size;
- static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz";
- RNG rng;
- byte out;
-
- if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
- printf("Bad input\n");
- return NULL;
- }
-
- size = len - 1;
-
- if (wc_InitRng(&rng) != 0) {
- printf("InitRng failed\n");
- return NULL;
- }
-
- for (x = size; x > size - num; x--) {
- if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
- printf("RNG_GenerateBlock failed\n");
- return NULL;
- }
- tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
- }
- tempfn[len] = '\0';
-
- wc_FreeRng(&rng);
-
- return tempfn;
-}
-
-
-
-#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
- defined(HAVE_POLY1305)
-
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
-
- typedef struct key_ctx {
- byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
- byte key[16]; /* cipher key */
- } key_ctx;
-
- static key_ctx myKey_ctx;
- static RNG rng;
-
- static INLINE int TicketInit(void)
- {
- int ret = wc_InitRng(&rng);
- if (ret != 0) return ret;
-
- ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
- if (ret != 0) return ret;
-
- ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
- if (ret != 0) return ret;
-
- return 0;
- }
-
- static INLINE void TicketCleanup(void)
- {
- wc_FreeRng(&rng);
- }
-
- static INLINE int myTicketEncCb(WOLFSSL* ssl,
- byte key_name[WOLFSSL_TICKET_NAME_SZ],
- byte iv[WOLFSSL_TICKET_IV_SZ],
- byte mac[WOLFSSL_TICKET_MAC_SZ],
- int enc, byte* ticket, int inLen, int* outLen,
- void* userCtx)
- {
- (void)ssl;
- (void)userCtx;
-
- int ret;
- word16 sLen = htons(inLen);
- byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
- int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
- byte* tmp = aad;
-
- if (enc) {
- XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
-
- ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
- if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
-
- /* build aad from key name, iv, and length */
- XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
- tmp += WOLFSSL_TICKET_NAME_SZ;
- XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
- tmp += WOLFSSL_TICKET_IV_SZ;
- XMEMCPY(tmp, &sLen, 2);
-
- ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
- aad, aadSz,
- ticket, inLen,
- ticket,
- mac);
- if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
- *outLen = inLen; /* no padding in this mode */
- } else {
- /* decrypt */
-
- /* see if we know this key */
- if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
- printf("client presented unknown ticket key name ");
- return WOLFSSL_TICKET_RET_FATAL;
- }
-
- /* build aad from key name, iv, and length */
- XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
- tmp += WOLFSSL_TICKET_NAME_SZ;
- XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
- tmp += WOLFSSL_TICKET_IV_SZ;
- XMEMCPY(tmp, &sLen, 2);
-
- ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
- aad, aadSz,
- ticket, inLen,
- mac,
- ticket);
- if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
- *outLen = inLen; /* no padding in this mode */
- }
-
- return WOLFSSL_TICKET_RET_OK;
- }
-
-#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
-
-#endif /* wolfSSL_TEST_H */
-
--- a/wolfssl/version.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-/* wolfssl_version.h.in
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define LIBWOLFSSL_VERSION_STRING "3.6.0"
-#define LIBWOLFSSL_VERSION_HEX 0x03006000
-
-#ifdef __cplusplus
-}
-#endif
-
-
--- a/wolfssl/wolfcrypt/aes.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,189 +0,0 @@
-/* aes.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_AES_H
-#define WOLF_CRYPT_AES_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_AES
-
-/* included for fips @wc_fips */
-#ifdef HAVE_FIPS
-#include <cyassl/ctaocrypt/aes.h>
-#if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER)
- #define WOLFSSL_AES_COUNTER
-#endif
-#if !defined(WOLFSSL_AES_DIRECT) && defined(CYASSL_AES_DIRECT)
- #define WOLFSSL_AES_DIRECT
-#endif
-#endif
-
-#ifndef HAVE_FIPS /* to avoid redefinition of macros */
-#ifdef HAVE_CAVIUM
- #include <wolfssl/ctaocrypt/logging.h>
- #include "cavium_common.h"
-#endif
-
-#ifdef WOLFSSL_AESNI
-
-#include <wmmintrin.h>
-
-#if !defined (ALIGN16)
- #if defined (__GNUC__)
- #define ALIGN16 __attribute__ ( (aligned (16)))
- #elif defined(_MSC_VER)
- /* disable align warning, we want alignment ! */
- #pragma warning(disable: 4324)
- #define ALIGN16 __declspec (align (16))
- #else
- #define ALIGN16
- #endif
-#endif
-
-#endif /* WOLFSSL_AESNI */
-
-#if !defined (ALIGN16)
- #define ALIGN16
-#endif
-#endif /* HAVE_FIPS */
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* to avoid redefinition of structures */
-#define WOLFSSL_AES_CAVIUM_MAGIC 0xBEEF0002
-
-enum {
- AES_ENC_TYPE = 1, /* cipher unique type */
- AES_ENCRYPTION = 0,
- AES_DECRYPTION = 1,
- AES_BLOCK_SIZE = 16
-};
-
-
-typedef struct Aes {
- /* AESNI needs key first, rounds 2nd, not sure why yet */
- ALIGN16 word32 key[60];
- word32 rounds;
-
- ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
- ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */
-
-#ifdef HAVE_AESGCM
- ALIGN16 byte H[AES_BLOCK_SIZE];
-#ifdef GCM_TABLE
- /* key-based fast multiplication table. */
- ALIGN16 byte M0[256][AES_BLOCK_SIZE];
-#endif /* GCM_TABLE */
-#endif /* HAVE_AESGCM */
-#ifdef WOLFSSL_AESNI
- byte use_aesni;
-#endif /* WOLFSSL_AESNI */
-#ifdef HAVE_CAVIUM
- AesType type; /* aes key type */
- int devId; /* nitrox device id */
- word32 magic; /* using cavium magic */
- word64 contextHandle; /* nitrox context memory handle */
-#endif
-#ifdef WOLFSSL_AES_COUNTER
- word32 left; /* unsued bytes left from last call */
-#endif
-#ifdef WOLFSSL_PIC32MZ_CRYPT
- word32 key_ce[AES_BLOCK_SIZE*2/sizeof(word32)] ;
- word32 iv_ce [AES_BLOCK_SIZE /sizeof(word32)] ;
- int keylen ;
-#endif
-#ifdef WOLFSSL_TI_CRYPT
- int keylen ;
-#endif
-} Aes;
-
-
-#ifdef HAVE_AESGCM
-typedef struct Gmac {
- Aes aes;
-} Gmac;
-#endif /* HAVE_AESGCM */
-#endif /* HAVE_FIPS */
-
- WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
- int dir);
- WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
- WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
- WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
- WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
- const byte* key, word32 keySz, const byte* iv);
-
-/* AES-CTR */
-#ifdef WOLFSSL_AES_COUNTER
- WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
-#endif
-/* AES-DIRECT */
-#if defined(WOLFSSL_AES_DIRECT)
- WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
- WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
- WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
- const byte* iv, int dir);
-#endif
-#ifdef HAVE_AESGCM
- WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
- WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
- const byte* iv, word32 ivSz,
- byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz);
- WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
- const byte* iv, word32 ivSz,
- const byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz);
-
- WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
- WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
- const byte* authIn, word32 authInSz,
- byte* authTag, word32 authTagSz);
-#endif /* HAVE_AESGCM */
-#ifdef HAVE_AESCCM
- WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
- WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
- const byte* nonce, word32 nonceSz,
- byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz);
- WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
- const byte* nonce, word32 nonceSz,
- const byte* authTag, word32 authTagSz,
- const byte* authIn, word32 authInSz);
-#endif /* HAVE_AESCCM */
-
-#ifdef HAVE_CAVIUM
- WOLFSSL_API int wc_AesInitCavium(Aes*, int);
- WOLFSSL_API void wc_AesFreeCavium(Aes*);
-#endif
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* NO_AES */
-#endif /* WOLF_CRYPT_AES_H */
-
-
--- a/wolfssl/wolfcrypt/arc4.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,66 +0,0 @@
-/* arc4.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_ARC4_H
-#define WOLF_CRYPT_ARC4_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#define WOLFSSL_ARC4_CAVIUM_MAGIC 0xBEEF0001
-
-enum {
- ARC4_ENC_TYPE = 4, /* cipher unique type */
- ARC4_STATE_SIZE = 256
-};
-
-/* ARC4 encryption and decryption */
-typedef struct Arc4 {
- byte x;
- byte y;
- byte state[ARC4_STATE_SIZE];
-#ifdef HAVE_CAVIUM
- int devId; /* nitrox device id */
- word32 magic; /* using cavium magic */
- word64 contextHandle; /* nitrox context memory handle */
-#endif
-} Arc4;
-
-WOLFSSL_API void wc_Arc4Process(Arc4*, byte*, const byte*, word32);
-WOLFSSL_API void wc_Arc4SetKey(Arc4*, const byte*, word32);
-
-#ifdef HAVE_CAVIUM
- WOLFSSL_API int wc_Arc4InitCavium(Arc4*, int);
- WOLFSSL_API void wc_Arc4FreeCavium(Arc4*);
-#endif
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* WOLF_CRYPT_ARC4_H */
-
-
--- a/wolfssl/wolfcrypt/asn.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,743 +0,0 @@
-/* asn.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_ASN_H
-#define WOLF_CRYPT_ASN_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_ASN
-
-#include <wolfssl/wolfcrypt/integer.h>
-#ifndef NO_RSA
- #include <wolfssl/wolfcrypt/rsa.h>
-#endif
-
-/* fips declare of RsaPrivateKeyDecode @wc_fips */
-#if defined(HAVE_FIPS) && !defined(NO_RSA)
- #include <cyassl/ctaocrypt/rsa.h>
-#endif
-
-#ifndef NO_DH
- #include <wolfssl/wolfcrypt/dh.h>
-#endif
-#ifndef NO_DSA
- #include <wolfssl/wolfcrypt/dsa.h>
-#endif
-#ifndef NO_SHA
- #include <wolfssl/wolfcrypt/sha.h>
-#endif
-#ifndef NO_MD5
- #include <wolfssl/wolfcrypt/md5.h>
-#endif
-#include <wolfssl/wolfcrypt/sha256.h>
-#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
-#ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-enum {
- ISSUER = 0,
- SUBJECT = 1,
-
- EXTERNAL_SERIAL_SIZE = 32,
-
- BEFORE = 0,
- AFTER = 1
-};
-
-/* ASN Tags */
-enum ASN_Tags {
- ASN_BOOLEAN = 0x01,
- ASN_INTEGER = 0x02,
- ASN_BIT_STRING = 0x03,
- ASN_OCTET_STRING = 0x04,
- ASN_TAG_NULL = 0x05,
- ASN_OBJECT_ID = 0x06,
- ASN_ENUMERATED = 0x0a,
- ASN_UTF8STRING = 0x0c,
- ASN_SEQUENCE = 0x10,
- ASN_SET = 0x11,
- ASN_UTC_TIME = 0x17,
- ASN_OTHER_TYPE = 0x00,
- ASN_RFC822_TYPE = 0x01,
- ASN_DNS_TYPE = 0x02,
- ASN_DIR_TYPE = 0x04,
- ASN_GENERALIZED_TIME = 0x18,
- CRL_EXTENSIONS = 0xa0,
- ASN_EXTENSIONS = 0xa3,
- ASN_LONG_LENGTH = 0x80
-};
-
-enum ASN_Flags{
- ASN_CONSTRUCTED = 0x20,
- ASN_CONTEXT_SPECIFIC = 0x80
-};
-
-enum DN_Tags {
- ASN_COMMON_NAME = 0x03, /* CN */
- ASN_SUR_NAME = 0x04, /* SN */
- ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
- ASN_COUNTRY_NAME = 0x06, /* C */
- ASN_LOCALITY_NAME = 0x07, /* L */
- ASN_STATE_NAME = 0x08, /* ST */
- ASN_ORG_NAME = 0x0a, /* O */
- ASN_ORGUNIT_NAME = 0x0b /* OU */
-};
-
-enum PBES {
- PBE_MD5_DES = 0,
- PBE_SHA1_DES = 1,
- PBE_SHA1_DES3 = 2,
- PBE_SHA1_RC4_128 = 3,
- PBES2 = 13 /* algo ID */
-};
-
-enum ENCRYPTION_TYPES {
- DES_TYPE = 0,
- DES3_TYPE = 1,
- RC4_TYPE = 2
-};
-
-enum ECC_TYPES {
- ECC_PREFIX_0 = 160,
- ECC_PREFIX_1 = 161
-};
-
-enum Misc_ASN {
- ASN_NAME_MAX = 256,
- MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
- MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
- MAX_KEY_SIZE = 64, /* MAX PKCS Key length */
- PKCS5 = 5, /* PKCS oid tag */
- PKCS5v2 = 6, /* PKCS #5 v2.0 */
- PKCS12 = 12, /* PKCS #12 */
- MAX_UNICODE_SZ = 256,
- ASN_BOOL_SIZE = 2, /* including type */
- ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
- ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
-#ifdef NO_SHA
- KEYID_SIZE = SHA256_DIGEST_SIZE,
-#else
- KEYID_SIZE = SHA_DIGEST_SIZE,
-#endif
- RSA_INTS = 8, /* RSA ints in private key */
- MIN_DATE_SIZE = 13,
- MAX_DATE_SIZE = 32,
- ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
- MAX_ENCODED_SIG_SZ = 512,
- MAX_SIG_SZ = 256,
- MAX_ALGO_SZ = 20,
- MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
- MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
- MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
- MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
- MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
- MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
- MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
- MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
- MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
- MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
- MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
- MAX_RSA_E_SZ = 16, /* Max RSA public e size */
- MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
- MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
-#ifdef WOLFSSL_CERT_GEN
- #ifdef WOLFSSL_CERT_REQ
- /* Max encoded cert req attributes length */
- MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
- MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
- #endif
- #ifdef WOLFSSL_ALT_NAMES
- MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
- #else
- MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
- #endif
- /* Max total extensions, id + len + others */
-#endif
- MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
- MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */
- EIGHTK_BUF = 8192, /* Tmp buffer size */
- MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
- /* use bigger NTRU size */
-};
-
-
-enum Oid_Types {
- hashType = 0,
- sigType = 1,
- keyType = 2,
- curveType = 3,
- blkType = 4
-};
-
-
-enum Hash_Sum {
- MD2h = 646,
- MD5h = 649,
- SHAh = 88,
- SHA256h = 414,
- SHA384h = 415,
- SHA512h = 416
-};
-
-
-enum Block_Sum {
- DESb = 69,
- DES3b = 652
-};
-
-
-enum Key_Sum {
- DSAk = 515,
- RSAk = 645,
- NTRUk = 274,
- ECDSAk = 518
-};
-
-
-enum Ecc_Sum {
- ECC_256R1 = 526,
- ECC_384R1 = 210,
- ECC_521R1 = 211,
- ECC_160R1 = 184,
- ECC_192R1 = 520,
- ECC_224R1 = 209
-};
-
-
-enum KDF_Sum {
- PBKDF2_OID = 660
-};
-
-
-enum Extensions_Sum {
- BASIC_CA_OID = 133,
- ALT_NAMES_OID = 131,
- CRL_DIST_OID = 145,
- AUTH_INFO_OID = 69,
- CA_ISSUER_OID = 117,
- AUTH_KEY_OID = 149,
- SUBJ_KEY_OID = 128,
- CERT_POLICY_OID = 146,
- KEY_USAGE_OID = 129, /* 2.5.29.15 */
- INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
- EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
- NAME_CONS_OID = 144 /* 2.5.29.30 */
-};
-
-enum CertificatePolicy_Sum {
- CP_ANY_OID = 146 /* id-ce 32 0 */
-};
-
-enum SepHardwareName_Sum {
- HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
-};
-
-enum AuthInfo_Sum {
- AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
- AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
-};
-
-enum ExtKeyUsage_Sum { /* From RFC 5280 */
- EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
- EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
- EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
- EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */
-};
-
-
-enum VerifyType {
- NO_VERIFY = 0,
- VERIFY = 1
-};
-
-
-/* Key usage extension bits */
-#define KEYUSE_DIGITAL_SIG 0x0100
-#define KEYUSE_CONTENT_COMMIT 0x0080
-#define KEYUSE_KEY_ENCIPHER 0x0040
-#define KEYUSE_DATA_ENCIPHER 0x0020
-#define KEYUSE_KEY_AGREE 0x0010
-#define KEYUSE_KEY_CERT_SIGN 0x0008
-#define KEYUSE_CRL_SIGN 0x0004
-#define KEYUSE_ENCIPHER_ONLY 0x0002
-#define KEYUSE_DECIPHER_ONLY 0x0001
-
-#define EXTKEYUSE_ANY 0x08
-#define EXTKEYUSE_OCSP_SIGN 0x04
-#define EXTKEYUSE_CLIENT_AUTH 0x02
-#define EXTKEYUSE_SERVER_AUTH 0x01
-
-typedef struct DNS_entry DNS_entry;
-
-struct DNS_entry {
- DNS_entry* next; /* next on DNS list */
- char* name; /* actual DNS name */
-};
-
-
-typedef struct Base_entry Base_entry;
-
-struct Base_entry {
- Base_entry* next; /* next on name base list */
- char* name; /* actual name base */
- int nameSz; /* name length */
- byte type; /* Name base type (DNS or RFC822) */
-};
-
-
-struct DecodedName {
- char* fullName;
- int fullNameLen;
- int entryCount;
- int cnIdx;
- int cnLen;
- int snIdx;
- int snLen;
- int cIdx;
- int cLen;
- int lIdx;
- int lLen;
- int stIdx;
- int stLen;
- int oIdx;
- int oLen;
- int ouIdx;
- int ouLen;
- int emailIdx;
- int emailLen;
- int uidIdx;
- int uidLen;
- int serialIdx;
- int serialLen;
-};
-
-
-typedef struct DecodedCert DecodedCert;
-typedef struct DecodedName DecodedName;
-typedef struct Signer Signer;
-
-
-struct DecodedCert {
- byte* publicKey;
- word32 pubKeySize;
- int pubKeyStored;
- word32 certBegin; /* offset to start of cert */
- word32 sigIndex; /* offset to start of signature */
- word32 sigLength; /* length of signature */
- word32 signatureOID; /* sum of algorithm object id */
- word32 keyOID; /* sum of key algo object id */
- int version; /* cert version, 1 or 3 */
- DNS_entry* altNames; /* alt names list of dns entries */
-#ifndef IGNORE_NAME_CONSTRAINTS
- DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
- Base_entry* permittedNames; /* Permitted name bases */
- Base_entry* excludedNames; /* Excluded name bases */
-#endif /* IGNORE_NAME_CONSTRAINTS */
- byte subjectHash[KEYID_SIZE]; /* hash of all Names */
- byte issuerHash[KEYID_SIZE]; /* hash of all Names */
-#ifdef HAVE_OCSP
- byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
-#endif /* HAVE_OCSP */
- byte* signature; /* not owned, points into raw cert */
- char* subjectCN; /* CommonName */
- int subjectCNLen; /* CommonName Length */
- char subjectCNEnc; /* CommonName Encoding */
- int subjectCNStored; /* have we saved a copy we own */
- char issuer[ASN_NAME_MAX]; /* full name including common name */
- char subject[ASN_NAME_MAX]; /* full name including common name */
- int verify; /* Default to yes, but could be off */
- byte* source; /* byte buffer holder cert, NOT owner */
- word32 srcIdx; /* current offset into buffer */
- word32 maxIdx; /* max offset based on init size */
- void* heap; /* for user memory overrides */
- byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
- int serialSz; /* raw serial bytes stored */
- byte* extensions; /* not owned, points into raw cert */
- int extensionsSz; /* length of cert extensions */
- word32 extensionsIdx; /* if want to go back and parse later */
- byte* extAuthInfo; /* Authority Information Access URI */
- int extAuthInfoSz; /* length of the URI */
- byte* extCrlInfo; /* CRL Distribution Points */
- int extCrlInfoSz; /* length of the URI */
- byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
- byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
- byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
- byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
-#ifndef IGNORE_NAME_CONSTRAINTS
- byte extNameConstraintSet;
-#endif /* IGNORE_NAME_CONSTRAINTS */
- byte isCA; /* CA basic constraint true */
- byte weOwnAltNames; /* altNames haven't been given to copy */
- byte extKeyUsageSet;
- word16 extKeyUsage; /* Key usage bitfield */
- byte extExtKeyUsageSet; /* Extended Key Usage */
- byte extExtKeyUsage; /* Extended Key usage bitfield */
-#ifdef OPENSSL_EXTRA
- byte extBasicConstSet;
- byte extBasicConstCrit;
- byte extBasicConstPlSet;
- word32 pathLength; /* CA basic constraint path length, opt */
- byte extSubjAltNameSet;
- byte extSubjAltNameCrit;
- byte extAuthKeyIdCrit;
-#ifndef IGNORE_NAME_CONSTRAINTS
- byte extNameConstraintCrit;
-#endif /* IGNORE_NAME_CONSTRAINTS */
- byte extSubjKeyIdCrit;
- byte extKeyUsageCrit;
- byte extExtKeyUsageCrit;
- byte* extExtKeyUsageSrc;
- word32 extExtKeyUsageSz;
- word32 extExtKeyUsageCount;
- byte* extAuthKeyIdSrc;
- word32 extAuthKeyIdSz;
- byte* extSubjKeyIdSrc;
- word32 extSubjKeyIdSz;
-#endif
-#ifdef HAVE_ECC
- word32 pkCurveOID; /* Public Key's curve OID */
-#endif /* HAVE_ECC */
- byte* beforeDate;
- int beforeDateLen;
- byte* afterDate;
- int afterDateLen;
-#ifdef HAVE_PKCS7
- byte* issuerRaw; /* pointer to issuer inside source */
- int issuerRawLen;
-#endif
-#ifndef IGNORE_NAME_CONSTRAINT
- byte* subjectRaw; /* pointer to subject inside source */
- int subjectRawLen;
-#endif
-#if defined(WOLFSSL_CERT_GEN)
- /* easy access to subject info for other sign */
- char* subjectSN;
- int subjectSNLen;
- char subjectSNEnc;
- char* subjectC;
- int subjectCLen;
- char subjectCEnc;
- char* subjectL;
- int subjectLLen;
- char subjectLEnc;
- char* subjectST;
- int subjectSTLen;
- char subjectSTEnc;
- char* subjectO;
- int subjectOLen;
- char subjectOEnc;
- char* subjectOU;
- int subjectOULen;
- char subjectOUEnc;
- char* subjectEmail;
- int subjectEmailLen;
-#endif /* WOLFSSL_CERT_GEN */
-#ifdef OPENSSL_EXTRA
- DecodedName issuerName;
- DecodedName subjectName;
-#endif /* OPENSSL_EXTRA */
-#ifdef WOLFSSL_SEP
- int deviceTypeSz;
- byte* deviceType;
- int hwTypeSz;
- byte* hwType;
- int hwSerialNumSz;
- byte* hwSerialNum;
- #ifdef OPENSSL_EXTRA
- byte extCertPolicySet;
- byte extCertPolicyCrit;
- #endif /* OPENSSL_EXTRA */
-#endif /* WOLFSSL_SEP */
-};
-
-
-#ifdef NO_SHA
- #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
-#else
- #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
-#endif
-
-/* CA Signers */
-/* if change layout change PERSIST_CERT_CACHE functions too */
-struct Signer {
- word32 pubKeySize;
- word32 keyOID; /* key type */
- word16 keyUsage;
- byte* publicKey;
- int nameLen;
- char* name; /* common name */
-#ifndef IGNORE_NAME_CONSTRAINTS
- Base_entry* permittedNames;
- Base_entry* excludedNames;
-#endif /* IGNORE_NAME_CONSTRAINTS */
- byte subjectNameHash[SIGNER_DIGEST_SIZE];
- /* sha hash of names in certificate */
- #ifndef NO_SKID
- byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
- /* sha hash of names in certificate */
- #endif
- Signer* next;
-};
-
-
-/* not for public consumption but may use for testing sometimes */
-#ifdef WOLFSSL_TEST_CERT
- #define WOLFSSL_TEST_API WOLFSSL_API
-#else
- #define WOLFSSL_TEST_API WOLFSSL_LOCAL
-#endif
-
-WOLFSSL_TEST_API void FreeAltNames(DNS_entry*, void*);
-#ifndef IGNORE_NAME_CONSTRAINTS
- WOLFSSL_TEST_API void FreeNameSubtrees(Base_entry*, void*);
-#endif /* IGNORE_NAME_CONSTRAINTS */
-WOLFSSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
-WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*);
-WOLFSSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
-
-WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm);
-WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
-
-WOLFSSL_LOCAL Signer* MakeSigner(void*);
-WOLFSSL_LOCAL void FreeSigner(Signer*, void*);
-WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*);
-
-
-WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length);
-WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
-
-WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
-
-/* ASN.1 helper functions */
-WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx);
-WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx);
-WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx);
-WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
- int* version);
-WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
- word32 maxIdx);
-WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
- word32 maxIdx);
-WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
-WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output);
-WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
-WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
-WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
-WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
- int maxIdx);
-
-#ifdef HAVE_ECC
- /* ASN sig helpers */
- WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
- mp_int* s);
- WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
- mp_int* r, mp_int* s);
-#endif
-
-#ifdef WOLFSSL_CERT_GEN
-
-enum cert_enums {
- NAME_ENTRIES = 8,
- JOINT_LEN = 2,
- EMAIL_JOINT_LEN = 9,
- RSA_KEY = 10,
- NTRU_KEY = 11,
- ECC_KEY = 12
-};
-
-#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
-#ifndef NO_FILESYSTEM
-/* forward from wolfSSL */
-WOLFSSL_API
-int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz);
-#define WOLFSSL_PEMCERT_TODER_DEFINED
-#endif
-#endif
-
-#endif /* WOLFSSL_CERT_GEN */
-
-
-
-/* for pointer use */
-typedef struct CertStatus CertStatus;
-
-#ifdef HAVE_OCSP
-
-enum Ocsp_Response_Status {
- OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
- OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
- OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
- OCSP_TRY_LATER = 3, /* Try again later */
- OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
- OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
-};
-
-
-enum Ocsp_Cert_Status {
- CERT_GOOD = 0,
- CERT_REVOKED = 1,
- CERT_UNKNOWN = 2
-};
-
-
-enum Ocsp_Sums {
- OCSP_BASIC_OID = 117,
- OCSP_NONCE_OID = 118
-};
-
-
-typedef struct OcspRequest OcspRequest;
-typedef struct OcspResponse OcspResponse;
-
-
-struct CertStatus {
- CertStatus* next;
-
- byte serial[EXTERNAL_SERIAL_SIZE];
- int serialSz;
-
- int status;
-
- byte thisDate[MAX_DATE_SIZE];
- byte nextDate[MAX_DATE_SIZE];
- byte thisDateFormat;
- byte nextDateFormat;
-};
-
-
-struct OcspResponse {
- int responseStatus; /* return code from Responder */
-
- byte* response; /* Pointer to beginning of OCSP Response */
- word32 responseSz; /* length of the OCSP Response */
-
- byte producedDate[MAX_DATE_SIZE];
- /* Date at which this response was signed */
- byte producedDateFormat; /* format of the producedDate */
- byte* issuerHash;
- byte* issuerKeyHash;
-
- byte* cert;
- word32 certSz;
-
- byte* sig; /* Pointer to sig in source */
- word32 sigSz; /* Length in octets for the sig */
- word32 sigOID; /* OID for hash used for sig */
-
- CertStatus* status; /* certificate status to fill out */
-
- byte* nonce; /* pointer to nonce inside ASN.1 response */
- int nonceSz; /* length of the nonce string */
-
- byte* source; /* pointer to source buffer, not owned */
- word32 maxIdx; /* max offset based on init size */
-};
-
-
-struct OcspRequest {
- DecodedCert* cert;
-
- byte useNonce;
- byte nonce[MAX_OCSP_NONCE_SZ];
- int nonceSz;
-
- byte* issuerHash; /* pointer to issuerHash in source cert */
- byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */
- byte* serial; /* pointer to serial number in source cert */
- int serialSz; /* length of the serial number */
-
- byte* dest; /* pointer to the destination ASN.1 buffer */
- word32 destSz; /* length of the destination buffer */
-};
-
-
-WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
-WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*);
-
-WOLFSSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*,
- byte, byte*, word32);
-WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*);
-
-WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
-
-
-#endif /* HAVE_OCSP */
-
-
-/* for pointer use */
-typedef struct RevokedCert RevokedCert;
-
-#ifdef HAVE_CRL
-
-struct RevokedCert {
- byte serialNumber[EXTERNAL_SERIAL_SIZE];
- int serialSz;
- RevokedCert* next;
-};
-
-typedef struct DecodedCRL DecodedCRL;
-
-struct DecodedCRL {
- word32 certBegin; /* offset to start of cert */
- word32 sigIndex; /* offset to start of signature */
- word32 sigLength; /* length of signature */
- word32 signatureOID; /* sum of algorithm object id */
- byte* signature; /* pointer into raw source, not owned */
- byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */
- byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
- byte lastDate[MAX_DATE_SIZE]; /* last date updated */
- byte nextDate[MAX_DATE_SIZE]; /* next update date */
- byte lastDateFormat; /* format of last date */
- byte nextDateFormat; /* format of next date */
- RevokedCert* certs; /* revoked cert list */
- int totalCerts; /* number on list */
-};
-
-WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*);
-WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
-WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
-
-
-#endif /* HAVE_CRL */
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* !NO_ASN */
-#endif /* WOLF_CRYPT_ASN_H */
-
-
--- a/wolfssl/wolfcrypt/asn_public.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,198 +0,0 @@
-/* asn_public.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_ASN_PUBLIC_H
-#define WOLF_CRYPT_ASN_PUBLIC_H
-
-#include <wolfssl/wolfcrypt/types.h>
-#ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
-#endif
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
- #include <wolfssl/wolfcrypt/rsa.h>
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* Certificate file Type */
-enum CertType {
- CERT_TYPE = 0,
- PRIVATEKEY_TYPE,
- DH_PARAM_TYPE,
- CRL_TYPE,
- CA_TYPE,
- ECC_PRIVATEKEY_TYPE,
- CERTREQ_TYPE
-};
-
-
-/* Signature type, by OID sum */
-enum Ctc_SigType {
- CTC_SHAwDSA = 517,
- CTC_MD2wRSA = 646,
- CTC_MD5wRSA = 648,
- CTC_SHAwRSA = 649,
- CTC_SHAwECDSA = 520,
- CTC_SHA256wRSA = 655,
- CTC_SHA256wECDSA = 524,
- CTC_SHA384wRSA = 656,
- CTC_SHA384wECDSA = 525,
- CTC_SHA512wRSA = 657,
- CTC_SHA512wECDSA = 526
-};
-
-enum Ctc_Encoding {
- CTC_UTF8 = 0x0c, /* utf8 */
- CTC_PRINTABLE = 0x13 /* printable */
-};
-
-
-#ifdef WOLFSSL_CERT_GEN
-
-#ifndef HAVE_ECC
- typedef struct ecc_key ecc_key;
-#endif
-
-enum Ctc_Misc {
- CTC_NAME_SIZE = 64,
- CTC_DATE_SIZE = 32,
- CTC_MAX_ALT_SIZE = 16384, /* may be huge */
- CTC_SERIAL_SIZE = 8
-};
-
-typedef struct CertName {
- char country[CTC_NAME_SIZE];
- char countryEnc;
- char state[CTC_NAME_SIZE];
- char stateEnc;
- char locality[CTC_NAME_SIZE];
- char localityEnc;
- char sur[CTC_NAME_SIZE];
- char surEnc;
- char org[CTC_NAME_SIZE];
- char orgEnc;
- char unit[CTC_NAME_SIZE];
- char unitEnc;
- char commonName[CTC_NAME_SIZE];
- char commonNameEnc;
- char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */
-} CertName;
-
-
-/* for user to fill for certificate generation */
-typedef struct Cert {
- int version; /* x509 version */
- byte serial[CTC_SERIAL_SIZE]; /* serial number */
- int sigType; /* signature algo type */
- CertName issuer; /* issuer info */
- int daysValid; /* validity days */
- int selfSigned; /* self signed flag */
- CertName subject; /* subject info */
- int isCA; /* is this going to be a CA */
- /* internal use only */
- int bodySz; /* pre sign total size */
- int keyType; /* public key type of subject */
-#ifdef WOLFSSL_ALT_NAMES
- byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
- int altNamesSz; /* altNames size in bytes */
- byte beforeDate[CTC_DATE_SIZE]; /* before date copy */
- int beforeDateSz; /* size of copy */
- byte afterDate[CTC_DATE_SIZE]; /* after date copy */
- int afterDateSz; /* size of copy */
-#endif
-#ifdef WOLFSSL_CERT_REQ
- char challengePw[CTC_NAME_SIZE];
-#endif
-} Cert;
-#endif /* WOLFSSL_CERT_GEN */
-
-
-#ifdef WOLFSSL_CERT_GEN
-
-
-
-/* Initialize and Set Certficate defaults:
- version = 3 (0x2)
- serial = 0 (Will be randomly generated)
- sigType = SHA_WITH_RSA
- issuer = blank
- daysValid = 500
- selfSigned = 1 (true) use subject as issuer
- subject = blank
- isCA = 0 (false)
- keyType = RSA_KEY (default)
-*/
-WOLFSSL_API void wc_InitCert(Cert*);
-WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
- ecc_key*, RNG*);
-#ifdef WOLFSSL_CERT_REQ
- WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
- ecc_key*);
-#endif
-WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
- word32 derSz, RsaKey*, ecc_key*, RNG*);
-WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
- RNG*);
-WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
-WOLFSSL_API int wc_SetSubject(Cert*, const char*);
-#ifdef WOLFSSL_ALT_NAMES
- WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
-#endif
-WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
-
- #ifdef HAVE_NTRU
- WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
- const byte* ntruKey, word16 keySz, RNG*);
- #endif
-
-#endif /* WOLFSSL_CERT_GEN */
-
-
-#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
- WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
- word32 outputSz, int type);
-#endif
-
-#ifdef HAVE_ECC
- /* private key helpers */
- WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input,word32* inOutIdx,
- ecc_key*,word32);
- WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
-#endif
-
-/* DER encode signature */
-WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
- int hashOID);
-WOLFSSL_API int wc_GetCTC_HashOID(int type);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_ASN_PUBLIC_H */
-
-
--- a/wolfssl/wolfcrypt/blake2-impl.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,155 +0,0 @@
-/*
- BLAKE2 reference source code package - reference C implementations
-
- Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
-
- To the extent possible under law, the author(s) have dedicated all copyright
- and related and neighboring rights to this software to the public domain
- worldwide. This software is distributed without any warranty.
-
- You should have received a copy of the CC0 Public Domain Dedication along with
- this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
-*/
-/* blake2-impl.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLFCRYPT_BLAKE2_IMPL_H
-#define WOLFCRYPT_BLAKE2_IMPL_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-static inline word32 load32( const void *src )
-{
-#if defined(LITTLE_ENDIAN_ORDER)
- return *( word32 * )( src );
-#else
- const byte *p = ( byte * )src;
- word32 w = *p++;
- w |= ( word32 )( *p++ ) << 8;
- w |= ( word32 )( *p++ ) << 16;
- w |= ( word32 )( *p++ ) << 24;
- return w;
-#endif
-}
-
-static inline word64 load64( const void *src )
-{
-#if defined(LITTLE_ENDIAN_ORDER)
- return *( word64 * )( src );
-#else
- const byte *p = ( byte * )src;
- word64 w = *p++;
- w |= ( word64 )( *p++ ) << 8;
- w |= ( word64 )( *p++ ) << 16;
- w |= ( word64 )( *p++ ) << 24;
- w |= ( word64 )( *p++ ) << 32;
- w |= ( word64 )( *p++ ) << 40;
- w |= ( word64 )( *p++ ) << 48;
- w |= ( word64 )( *p++ ) << 56;
- return w;
-#endif
-}
-
-static inline void store32( void *dst, word32 w )
-{
-#if defined(LITTLE_ENDIAN_ORDER)
- *( word32 * )( dst ) = w;
-#else
- byte *p = ( byte * )dst;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w;
-#endif
-}
-
-static inline void store64( void *dst, word64 w )
-{
-#if defined(LITTLE_ENDIAN_ORDER)
- *( word64 * )( dst ) = w;
-#else
- byte *p = ( byte * )dst;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w;
-#endif
-}
-
-static inline word64 load48( const void *src )
-{
- const byte *p = ( const byte * )src;
- word64 w = *p++;
- w |= ( word64 )( *p++ ) << 8;
- w |= ( word64 )( *p++ ) << 16;
- w |= ( word64 )( *p++ ) << 24;
- w |= ( word64 )( *p++ ) << 32;
- w |= ( word64 )( *p++ ) << 40;
- return w;
-}
-
-static inline void store48( void *dst, word64 w )
-{
- byte *p = ( byte * )dst;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w; w >>= 8;
- *p++ = ( byte )w;
-}
-
-static inline word32 rotl32( const word32 w, const unsigned c )
-{
- return ( w << c ) | ( w >> ( 32 - c ) );
-}
-
-static inline word64 rotl64( const word64 w, const unsigned c )
-{
- return ( w << c ) | ( w >> ( 64 - c ) );
-}
-
-static inline word32 rotr32( const word32 w, const unsigned c )
-{
- return ( w >> c ) | ( w << ( 32 - c ) );
-}
-
-static inline word64 rotr64( const word64 w, const unsigned c )
-{
- return ( w >> c ) | ( w << ( 64 - c ) );
-}
-
-/* prevents compiler optimizing out memset() */
-static inline void secure_zero_memory( void *v, word64 n )
-{
- volatile byte *p = ( volatile byte * )v;
-
- while( n-- ) *p++ = 0;
-}
-
-#endif /* WOLFCRYPT_BLAKE2_IMPL_H */
-
-
--- a/wolfssl/wolfcrypt/blake2-int.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,184 +0,0 @@
-/*
- BLAKE2 reference source code package - reference C implementations
-
- Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
-
- To the extent possible under law, the author(s) have dedicated all copyright
- and related and neighboring rights to this software to the public domain
- worldwide. This software is distributed without any warranty.
-
- You should have received a copy of the CC0 Public Domain Dedication along with
- this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
-*/
-/* blake2-int.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-
-#ifndef WOLFCRYPT_BLAKE2_INT_H
-#define WOLFCRYPT_BLAKE2_INT_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-
-#if defined(_MSC_VER)
- #define ALIGN(x) __declspec(align(x))
-#elif defined(__GNUC__)
- #define ALIGN(x) __attribute__((aligned(x)))
-#else
- #define ALIGN(x)
-#endif
-
-
-#if defined(__cplusplus)
- extern "C" {
-#endif
-
- enum blake2s_constant
- {
- BLAKE2S_BLOCKBYTES = 64,
- BLAKE2S_OUTBYTES = 32,
- BLAKE2S_KEYBYTES = 32,
- BLAKE2S_SALTBYTES = 8,
- BLAKE2S_PERSONALBYTES = 8
- };
-
- enum blake2b_constant
- {
- BLAKE2B_BLOCKBYTES = 128,
- BLAKE2B_OUTBYTES = 64,
- BLAKE2B_KEYBYTES = 64,
- BLAKE2B_SALTBYTES = 16,
- BLAKE2B_PERSONALBYTES = 16
- };
-
-#pragma pack(push, 1)
- typedef struct __blake2s_param
- {
- byte digest_length; /* 1 */
- byte key_length; /* 2 */
- byte fanout; /* 3 */
- byte depth; /* 4 */
- word32 leaf_length; /* 8 */
- byte node_offset[6];/* 14 */
- byte node_depth; /* 15 */
- byte inner_length; /* 16 */
- /* byte reserved[0]; */
- byte salt[BLAKE2B_SALTBYTES]; /* 24 */
- byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */
- } blake2s_param;
-
- ALIGN( 64 ) typedef struct __blake2s_state
- {
- word32 h[8];
- word32 t[2];
- word32 f[2];
- byte buf[2 * BLAKE2S_BLOCKBYTES];
- word64 buflen;
- byte last_node;
- } blake2s_state ;
-
- typedef struct __blake2b_param
- {
- byte digest_length; /* 1 */
- byte key_length; /* 2 */
- byte fanout; /* 3 */
- byte depth; /* 4 */
- word32 leaf_length; /* 8 */
- word64 node_offset; /* 16 */
- byte node_depth; /* 17 */
- byte inner_length; /* 18 */
- byte reserved[14]; /* 32 */
- byte salt[BLAKE2B_SALTBYTES]; /* 48 */
- byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */
- } blake2b_param;
-
- ALIGN( 64 ) typedef struct __blake2b_state
- {
- word64 h[8];
- word64 t[2];
- word64 f[2];
- byte buf[2 * BLAKE2B_BLOCKBYTES];
- word64 buflen;
- byte last_node;
- } blake2b_state;
-
- typedef struct __blake2sp_state
- {
- blake2s_state S[8][1];
- blake2s_state R[1];
- byte buf[8 * BLAKE2S_BLOCKBYTES];
- word64 buflen;
- } blake2sp_state;
-
- typedef struct __blake2bp_state
- {
- blake2b_state S[4][1];
- blake2b_state R[1];
- byte buf[4 * BLAKE2B_BLOCKBYTES];
- word64 buflen;
- } blake2bp_state;
-#pragma pack(pop)
-
- /* Streaming API */
- int blake2s_init( blake2s_state *S, const byte outlen );
- int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen );
- int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
- int blake2s_update( blake2s_state *S, const byte *in, word64 inlen );
- int blake2s_final( blake2s_state *S, byte *out, byte outlen );
-
- int blake2b_init( blake2b_state *S, const byte outlen );
- int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen );
- int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
- int blake2b_update( blake2b_state *S, const byte *in, word64 inlen );
- int blake2b_final( blake2b_state *S, byte *out, byte outlen );
-
- int blake2sp_init( blake2sp_state *S, const byte outlen );
- int blake2sp_init_key( blake2sp_state *S, const byte outlen, const void *key, const byte keylen );
- int blake2sp_update( blake2sp_state *S, const byte *in, word64 inlen );
- int blake2sp_final( blake2sp_state *S, byte *out, byte outlen );
-
- int blake2bp_init( blake2bp_state *S, const byte outlen );
- int blake2bp_init_key( blake2bp_state *S, const byte outlen, const void *key, const byte keylen );
- int blake2bp_update( blake2bp_state *S, const byte *in, word64 inlen );
- int blake2bp_final( blake2bp_state *S, byte *out, byte outlen );
-
- /* Simple API */
- int blake2s( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
- int blake2b( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
-
- int blake2sp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
- int blake2bp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
-
- static inline int blake2( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen )
- {
- return blake2b( out, in, key, outlen, inlen, keylen );
- }
-
-
-
-#if defined(__cplusplus)
- }
-#endif
-
-#endif /* WOLFCRYPT_BLAKE2_INT_H */
-
-
--- a/wolfssl/wolfcrypt/blake2.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/* blake2.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * a with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-
-#ifndef WOLF_CRYPT_BLAKE2_H
-#define WOLF_CRYPT_BLAKE2_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_BLAKE2
-
-#include <wolfssl/wolfcrypt/blake2-int.h>
-
-/* call old functions if using fips for the sake of hmac @wc_fips */
-#ifdef HAVE_FIPS
- /* Since hmac can call blake functions provide original calls */
- #define wc_InitBlake2b InitBlake2b
- #define wc_Blake2bUpdate Blake2bUpdate
- #define wc_Blake2bFinal Blake2bFinal
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* in bytes, variable digest size up to 512 bits (64 bytes) */
-enum {
- BLAKE2B_ID = 7, /* hash type unique */
- BLAKE2B_256 = 32 /* 256 bit type, SSL default */
-};
-
-
-/* BLAKE2b digest */
-typedef struct Blake2b {
- blake2b_state S[1]; /* our state */
- word32 digestSz; /* digest size used on init */
-} Blake2b;
-
-
-WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32);
-WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32);
-WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32);
-
-
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif /* HAVE_BLAKE2 */
-#endif /* WOLF_CRYPT_BLAKE2_H */
-
-
--- a/wolfssl/wolfcrypt/camellia.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,97 +0,0 @@
-/* camellia.h ver 1.2.0
- *
- * Copyright (c) 2006,2007
- * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer as
- * the first lines of this file unmodified.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* camellia.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_CAMELLIA_H
-#define WOLF_CRYPT_CAMELLIA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_CAMELLIA
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-enum {
- CAMELLIA_BLOCK_SIZE = 16
-};
-
-#define CAMELLIA_TABLE_BYTE_LEN 272
-#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / sizeof(word32))
-
-typedef word32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
-
-typedef struct Camellia {
- word32 keySz;
- KEY_TABLE_TYPE key;
- word32 reg[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
- word32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
-} Camellia;
-
-
-WOLFSSL_API int wc_CamelliaSetKey(Camellia* cam,
- const byte* key, word32 len, const byte* iv);
-WOLFSSL_API int wc_CamelliaSetIV(Camellia* cam, const byte* iv);
-WOLFSSL_API void wc_CamelliaEncryptDirect(Camellia* cam, byte* out,
- const byte* in);
-WOLFSSL_API void wc_CamelliaDecryptDirect(Camellia* cam, byte* out,
- const byte* in);
-WOLFSSL_API void wc_CamelliaCbcEncrypt(Camellia* cam,
- byte* out, const byte* in, word32 sz);
-WOLFSSL_API void wc_CamelliaCbcDecrypt(Camellia* cam,
- byte* out, const byte* in, word32 sz);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_CAMELLIA */
-#endif /* WOLF_CRYPT_CAMELLIA_H */
-
-
--- a/wolfssl/wolfcrypt/chacha.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
-/* chacha.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_CHACHA_H
-#define WOLF_CRYPT_CHACHA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_CHACHA
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-enum {
- CHACHA_ENC_TYPE = 7 /* cipher unique type */
-};
-
-typedef struct ChaCha {
- word32 X[16]; /* state of cipher */
-} ChaCha;
-
-/**
- * IV(nonce) changes with each record
- * counter is for what value the block counter should start ... usually 0
- */
-WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
-
-WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
- word32 msglen);
-WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_CHACHA */
-#endif /* WOLF_CRYPT_CHACHA_H */
-
-
--- a/wolfssl/wolfcrypt/chacha20_poly1305.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,80 +0,0 @@
-/* chacha20_poly1305.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20
- * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
- * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
- */
-
-#ifndef WOLF_CRYPT_CHACHA20_POLY1305_H
-#define WOLF_CRYPT_CHACHA20_POLY1305_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#define CHACHA20_POLY1305_AEAD_KEYSIZE 32
-#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
-#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
-
-enum {
- CHACHA20_POLY_1305_ENC_TYPE = 8 /* cipher unique type */
-};
-
- /*
- * The IV for this implementation is 96 bits to give the most flexibility.
- *
- * Some protocols may have unique per-invocation inputs that are not
- * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In
- * such a case, it is up to the protocol document to define how to
- * transform the protocol nonce into a 96-bit nonce, for example by
- * concatenating a constant value.
- */
-
-WOLFSSL_API
-int wc_ChaCha20Poly1305_Encrypt(
- const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
- const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
- const byte* inAAD, const word32 inAADLen,
- const byte* inPlaintext, const word32 inPlaintextLen,
- byte* outCiphertext,
- byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
-
-WOLFSSL_API
-int wc_ChaCha20Poly1305_Decrypt(
- const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
- const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
- const byte* inAAD, const word32 inAADLen,
- const byte* inCiphertext, const word32 inCiphertextLen,
- const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
- byte* outPlaintext);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_CHACHA && HAVE_POLY1305 */
-#endif /* WOLF_CRYPT_CHACHA20_POLY1305_H */
-
--- a/wolfssl/wolfcrypt/coding.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-/* coding.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_CODING_H
-#define WOLF_CRYPT_CODING_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
- word32* outLen);
-
-#if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || defined(HAVE_WEBSERVER)
- #ifndef WOLFSSL_BASE64_ENCODE
- #define WOLFSSL_BASE64_ENCODE
- #endif
-#endif
-
-
-#ifdef WOLFSSL_BASE64_ENCODE
- /* encode isn't */
- WOLFSSL_API
- int Base64_Encode(const byte* in, word32 inLen, byte* out,
- word32* outLen);
- WOLFSSL_API
- int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
- word32* outLen);
-#endif
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)
- WOLFSSL_API
- int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
-#endif
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_CODING_H */
-
-
--- a/wolfssl/wolfcrypt/compress.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,49 +0,0 @@
-/* compress.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_COMPRESS_H
-#define WOLF_CRYPT_COMPRESS_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_LIBZ
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-#define COMPRESS_FIXED 1
-
-
-WOLFSSL_API int wc_Compress(byte*, word32, const byte*, word32, word32);
-WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* HAVE_LIBZ */
-#endif /* WOLF_CRYPT_COMPRESS_H */
-
-
--- a/wolfssl/wolfcrypt/curve25519.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,103 +0,0 @@
-/* curve25519.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_CURVE25519_H
-#define WOLF_CRYPT_CURVE25519_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_CURVE25519
-
-#include <wolfssl/wolfcrypt/fe_operations.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#define CURVE25519_KEYSIZE 32
-
-/* curve25519 set type */
-typedef struct {
- int size; /* The size of the curve in octets */
- const char* name; /* name of this curve */
-} curve25519_set_type;
-
-
-/* ECC point */
-typedef struct {
- byte point[CURVE25519_KEYSIZE];
-}ECPoint;
-
-/* A CURVE25519 Key */
-typedef struct {
- int idx; /* Index into the ecc_sets[] for the parameters of
- this curve if -1, this key is using user supplied
- curve in dp */
- const curve25519_set_type* dp; /* domain parameters, either points to
- curves (idx >= 0) or user supplied */
- ECPoint p; /* public key */
- ECPoint k; /* private key */
-} curve25519_key;
-
-WOLFSSL_API
-int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key);
-
-WOLFSSL_API
-int wc_curve25519_shared_secret(curve25519_key* private_key,
- curve25519_key* public_key,
- byte* out, word32* outlen);
-
-WOLFSSL_API
-int wc_curve25519_init(curve25519_key* key);
-
-WOLFSSL_API
-void wc_curve25519_free(curve25519_key* key);
-
-
-/* raw key helpers */
-WOLFSSL_API
-int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
- const byte* pub, word32 pubSz, curve25519_key* key);
-WOLFSSL_API
-int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
- word32* outLen);
-
-WOLFSSL_API
-int wc_curve25519_import_public(const byte* in, word32 inLen,
- curve25519_key* key);
-
-WOLFSSL_API
-int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen);
-
-
-/* size helper */
-WOLFSSL_API
-int wc_curve25519_size(curve25519_key* key);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_CURVE25519 */
-#endif /* WOLF_CRYPT_CURVE25519_H */
-
-
--- a/wolfssl/wolfcrypt/des3.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,114 +0,0 @@
-/* des3.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_DES3_H
-#define WOLF_CRYPT_DES3_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_DES3
-
-#ifdef HAVE_FIPS
-/* included for fips @wc_fips */
-#include <cyassl/ctaocrypt/des3.h>
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* to avoid redifinition of macros */
-#define WOLFSSL_3DES_CAVIUM_MAGIC 0xBEEF0003
-
-enum {
- DES_ENC_TYPE = 2, /* cipher unique type */
- DES3_ENC_TYPE = 3, /* cipher unique type */
- DES_BLOCK_SIZE = 8,
- DES_KS_SIZE = 32,
-
- DES_ENCRYPTION = 0,
- DES_DECRYPTION = 1
-};
-
-#define DES_IVLEN 8
-#define DES_KEYLEN 8
-#define DES3_IVLEN 8
-#define DES3_KEYLEN 24
-
-
-#ifdef STM32F2_CRYPTO
-enum {
- DES_CBC = 0,
- DES_ECB = 1
-};
-#endif
-
-
-/* DES encryption and decryption */
-typedef struct Des {
- word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
- word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
- word32 key[DES_KS_SIZE];
-} Des;
-
-
-/* DES3 encryption and decryption */
-typedef struct Des3 {
- word32 key[3][DES_KS_SIZE];
- word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
- word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
-#ifdef HAVE_CAVIUM
- int devId; /* nitrox device id */
- word32 magic; /* using cavium magic */
- word64 contextHandle; /* nitrox context memory handle */
-#endif
-} Des3;
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
-WOLFSSL_API void wc_Des_SetIV(Des* des, const byte* iv);
-WOLFSSL_API int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
-WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
-WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
-WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv);
-
-WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
-WOLFSSL_API int wc_Des3_SetIV(Des3* des, const byte* iv);
-WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);
-WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz);
-WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv);
-
-
-#ifdef HAVE_CAVIUM
- WOLFSSL_API int wc_Des3_InitCavium(Des3*, int);
- WOLFSSL_API void wc_Des3_FreeCavium(Des3*);
-#endif
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_DES3 */
-#endif /* WOLF_CRYPT_DES3_H */
-
-
--- a/wolfssl/wolfcrypt/dh.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,67 +0,0 @@
-/* dh.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_DH_H
-#define WOLF_CRYPT_DH_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_DH
-
-#include <wolfssl/wolfcrypt/integer.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-/* Diffie-Hellman Key */
-typedef struct DhKey {
- mp_int p, g; /* group parameters */
-} DhKey;
-
-
-WOLFSSL_API void wc_InitDhKey(DhKey* key);
-WOLFSSL_API void wc_FreeDhKey(DhKey* key);
-
-WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv,
- word32* privSz, byte* pub, word32* pubSz);
-WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
- const byte* priv, word32 privSz, const byte* otherPub,
- word32 pubSz);
-
-WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
- word32);
-WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
- word32 gSz);
-WOLFSSL_API int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
- word32* pInOutSz, byte* g, word32* gInOutSz);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_DH */
-#endif /* WOLF_CRYPT_DH_H */
-
-
--- a/wolfssl/wolfcrypt/dsa.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-/* dsa.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_DSA_H
-#define WOLF_CRYPT_DSA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_DSA
-
-#include <wolfssl/wolfcrypt/integer.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-/* for DSA reverse compatibility */
-#define InitDsaKey wc_InitDsaKey
-#define FreeDsaKey wc_FreeDsaKey
-#define DsaSign wc_DsaSign
-#define DsaVerify wc_DsaVerify
-#define DsaPublicKeyDecode wc_DsaPublicKeyDecode
-#define DsaPrivateKeyDecode wc_DsaPrivateKeyDecode
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-enum {
- DSA_PUBLIC = 0,
- DSA_PRIVATE = 1
-};
-
-/* DSA */
-typedef struct DsaKey {
- mp_int p, q, g, y, x;
- int type; /* public or private */
-} DsaKey;
-
-
-WOLFSSL_API void wc_InitDsaKey(DsaKey* key);
-WOLFSSL_API void wc_FreeDsaKey(DsaKey* key);
-
-WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng);
-WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key,
- int* answer);
-
-WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*,
- word32);
-WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*,
- word32);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_DSA */
-#endif /* WOLF_CRYPT_DSA_H */
-
-
--- a/wolfssl/wolfcrypt/ecc.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,246 +0,0 @@
-/* ecc.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_ECC_H
-#define WOLF_CRYPT_ECC_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_ECC
-
-#include <wolfssl/wolfcrypt/integer.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-enum {
- ECC_PUBLICKEY = 1,
- ECC_PRIVATEKEY = 2,
- ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
- SIG_HEADER_SZ = 6, /* ECC signature header size */
- ECC_BUFSIZE = 256, /* for exported keys temp buffer */
- ECC_MINSIZE = 20, /* MIN Private Key size */
- ECC_MAXSIZE = 66 /* MAX Private Key size */
-};
-
-
-/* ECC set type defined a NIST GF(p) curve */
-typedef struct {
- int size; /* The size of the curve in octets */
- const char* name; /* name of this curve */
- const char* prime; /* prime that defines the field, curve is in (hex) */
- const char* Af; /* fields A param (hex) */
- const char* Bf; /* fields B param (hex) */
- const char* order; /* order of the curve (hex) */
- const char* Gx; /* x coordinate of the base point on curve (hex) */
- const char* Gy; /* y coordinate of the base point on curve (hex) */
-} ecc_set_type;
-
-
-#ifdef ALT_ECC_SIZE
-
-/* Note on ALT_ECC_SIZE:
- * The fast math code uses an array of a fixed size to store the big integers.
- * By default, the array is big enough for RSA keys. There is a size,
- * FP_MAX_BITS which can be used to make the array smaller when one wants ECC
- * but not RSA. Some people want fast math sized for both RSA and ECC, where
- * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate
- * ecc_point structure that uses an alternate fp_int that has a shorter array
- * of fp_digits.
- *
- * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of
- * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
- * of the point are pointers that are set to each of a three item array of
- * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
- * structure, the alt_fp_int will only have 512 bits. A size value was added
- * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
- * functions fp_zero() and fp_copy() use the size parameter. An int needs to
- * be initialized before using it instead of just fp_zeroing it, the init will
- * call zero. FP_MAX_BITS_ECC defaults to 512, but can be set to change the
- * number of bits used in the alternate FP_INT.
- *
- * Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
- */
-
-#ifndef FP_MAX_BITS_ECC
- #define FP_MAX_BITS_ECC 512
-#endif
-#define FP_MAX_SIZE_ECC (FP_MAX_BITS_ECC+(8*DIGIT_BIT))
-#if FP_MAX_BITS_ECC % CHAR_BIT
- #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
-#endif
-#define FP_SIZE_ECC (FP_MAX_SIZE_ECC/DIGIT_BIT)
-
-/* This needs to match the size of the fp_int struct, except the
- * fp_digit array will be shorter. */
-typedef struct alt_fp_int {
- int used, sign, size;
- fp_digit dp[FP_SIZE_ECC];
-} alt_fp_int;
-#endif
-
-/* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
- (x/z^2, y/z^3, 1) when interpreted as affine */
-typedef struct {
-#ifndef ALT_ECC_SIZE
- mp_int x[1]; /* The x coordinate */
- mp_int y[1]; /* The y coordinate */
- mp_int z[1]; /* The z coordinate */
-#else
- mp_int* x; /* The x coordinate */
- mp_int* y; /* The y coordinate */
- mp_int* z; /* The z coordinate */
- alt_fp_int xyz[3];
-#endif
-} ecc_point;
-
-
-/* An ECC Key */
-typedef struct {
- int type; /* Public or Private */
- int idx; /* Index into the ecc_sets[] for the parameters of
- this curve if -1, this key is using user supplied
- curve in dp */
- const ecc_set_type* dp; /* domain parameters, either points to NIST
- curves (idx >= 0) or user supplied */
- ecc_point pubkey; /* public key */
- mp_int k; /* private key */
-} ecc_key;
-
-
-/* ECC predefined curve sets */
-extern const ecc_set_type ecc_sets[];
-
-
-WOLFSSL_API
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_check_key(ecc_key* key);
-WOLFSSL_API
-int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
- word32* outlen);
-WOLFSSL_API
-int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
- RNG* rng, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
- word32 hashlen, int* stat, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_init(ecc_key* key);
-WOLFSSL_API
-void wc_ecc_free(ecc_key* key);
-WOLFSSL_API
-void wc_ecc_fp_free(void);
-
-
-/* ASN key helpers */
-WOLFSSL_API
-int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
-WOLFSSL_API
-int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
- /* extended functionality with compressed option */
-WOLFSSL_API
-int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
- word32 pubSz, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
-WOLFSSL_API
-int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
- const char* d, const char* curveName);
-
-WOLFSSL_API
-int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
-
-/* size helper */
-WOLFSSL_API
-int wc_ecc_size(ecc_key* key);
-WOLFSSL_API
-int wc_ecc_sig_size(ecc_key* key);
-
-
-#ifdef HAVE_ECC_ENCRYPT
-/* ecc encrypt */
-
-enum ecEncAlgo {
- ecAES_128_CBC = 1, /* default */
- ecAES_256_CBC = 2
-};
-
-enum ecKdfAlgo {
- ecHKDF_SHA256 = 1, /* default */
- ecHKDF_SHA1 = 2
-};
-
-enum ecMacAlgo {
- ecHMAC_SHA256 = 1, /* default */
- ecHMAC_SHA1 = 2
-};
-
-enum {
- KEY_SIZE_128 = 16,
- KEY_SIZE_256 = 32,
- IV_SIZE_64 = 8,
- EXCHANGE_SALT_SZ = 16,
- EXCHANGE_INFO_SZ = 23
-};
-
-enum ecFlags {
- REQ_RESP_CLIENT = 1,
- REQ_RESP_SERVER = 2
-};
-
-
-typedef struct ecEncCtx ecEncCtx;
-
-WOLFSSL_API
-ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng);
-WOLFSSL_API
-void wc_ecc_ctx_free(ecEncCtx*);
-WOLFSSL_API
-int wc_ecc_ctx_reset(ecEncCtx*, RNG*); /* reset for use again w/o alloc/free */
-
-WOLFSSL_API
-const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
-WOLFSSL_API
-int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
-WOLFSSL_API
-int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
-
-WOLFSSL_API
-int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
- word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
-WOLFSSL_API
-int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
- word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
-
-#endif /* HAVE_ECC_ENCRYPT */
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_ECC */
-#endif /* WOLF_CRYPT_ECC_H */
-
--- a/wolfssl/wolfcrypt/ed25519.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
-/* ed25519.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_ED25519_H
-#define WOLF_CRYPT_ED25519_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_ED25519
-
-#include <wolfssl/wolfcrypt/fe_operations.h>
-#include <wolfssl/wolfcrypt/ge_operations.h>
-#include <wolfssl/wolfcrypt/random.h>
-#include <wolfssl/wolfcrypt/sha512.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-/* info about EdDSA curve specifically ed25519, defined as an elliptic curve
- over GF(p) */
-/*
- 32, key size
- "ED25519", curve name
- "2^255-19", prime number
- "SHA512", hash function
- "-121665/121666", value of d
-*/
-
-#define ED25519_KEY_SIZE 32
-#define ED25519_SIG_SIZE 64
-
-
-/* An ED25519 Key */
-typedef struct {
- byte p[32]; /* compressed public key */
- byte k[64]; /* private key : 32 secret -- 32 public */
-} ed25519_key;
-
-
-WOLFSSL_API
-int wc_ed25519_make_key(RNG* rng, int keysize, ed25519_key* key);
-WOLFSSL_API
-int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
- word32 *outlen, ed25519_key* key);
-WOLFSSL_API
-int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
- word32 msglen, int* stat, ed25519_key* key);
-WOLFSSL_API
-int wc_ed25519_init(ed25519_key* key);
-WOLFSSL_API
-void wc_ed25519_free(ed25519_key* key);
-WOLFSSL_API
-int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
-WOLFSSL_API
-int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
- const byte* pub, word32 pubSz, ed25519_key* key);
-WOLFSSL_API
-int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen);
-WOLFSSL_API
-int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
-
-/* size helper */
-WOLFSSL_API
-int wc_ed25519_size(ed25519_key* key);
-WOLFSSL_API
-int wc_ed25519_sig_size(ed25519_key* key);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_ED25519 */
-#endif /* WOLF_CRYPT_ED25519_H */
-
-
--- a/wolfssl/wolfcrypt/error-crypt.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,168 +0,0 @@
-/* error-crypt.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_ERROR_H
-#define WOLF_CRYPT_ERROR_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_FIPS
- #include <cyassl/ctaocrypt/error-crypt.h>
- #define wc_ErrorString CTaoCryptErrorString
- #define wc_GetErrorString CTaoCryptGetErrorString
-#endif /* HAVE_FIPS */
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-/* error codes */
-enum {
- MAX_CODE_E = -100, /* errors -101 - -299 */
- OPEN_RAN_E = -101, /* opening random device error */
- READ_RAN_E = -102, /* reading random device error */
- WINCRYPT_E = -103, /* windows crypt init error */
- CRYPTGEN_E = -104, /* windows crypt generation error */
- RAN_BLOCK_E = -105, /* reading random device would block */
- BAD_MUTEX_E = -106, /* Bad mutex operation */
-
- MP_INIT_E = -110, /* mp_init error state */
- MP_READ_E = -111, /* mp_read error state */
- MP_EXPTMOD_E = -112, /* mp_exptmod error state */
- MP_TO_E = -113, /* mp_to_xxx error state, can't convert */
- MP_SUB_E = -114, /* mp_sub error state, can't subtract */
- MP_ADD_E = -115, /* mp_add error state, can't add */
- MP_MUL_E = -116, /* mp_mul error state, can't multiply */
- MP_MULMOD_E = -117, /* mp_mulmod error state, can't multiply mod */
- MP_MOD_E = -118, /* mp_mod error state, can't mod */
- MP_INVMOD_E = -119, /* mp_invmod error state, can't inv mod */
- MP_CMP_E = -120, /* mp_cmp error state */
- MP_ZERO_E = -121, /* got a mp zero result, not expected */
-
- MEMORY_E = -125, /* out of memory error */
-
- RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */
- RSA_BUFFER_E = -131, /* RSA buffer error, output too small or
- input too large */
- BUFFER_E = -132, /* output buffer too small or input too large */
- ALGO_ID_E = -133, /* setting algo id error */
- PUBLIC_KEY_E = -134, /* setting public key error */
- DATE_E = -135, /* setting date validity error */
- SUBJECT_E = -136, /* setting subject name error */
- ISSUER_E = -137, /* setting issuer name error */
- CA_TRUE_E = -138, /* setting CA basic constraint true error */
- EXTENSIONS_E = -139, /* setting extensions error */
-
- ASN_PARSE_E = -140, /* ASN parsing error, invalid input */
- ASN_VERSION_E = -141, /* ASN version error, invalid number */
- ASN_GETINT_E = -142, /* ASN get big int error, invalid data */
- ASN_RSA_KEY_E = -143, /* ASN key init error, invalid input */
- ASN_OBJECT_ID_E = -144, /* ASN object id error, invalid id */
- ASN_TAG_NULL_E = -145, /* ASN tag error, not null */
- ASN_EXPECT_0_E = -146, /* ASN expect error, not zero */
- ASN_BITSTR_E = -147, /* ASN bit string error, wrong id */
- ASN_UNKNOWN_OID_E = -148, /* ASN oid error, unknown sum id */
- ASN_DATE_SZ_E = -149, /* ASN date error, bad size */
- ASN_BEFORE_DATE_E = -150, /* ASN date error, current date before */
- ASN_AFTER_DATE_E = -151, /* ASN date error, current date after */
- ASN_SIG_OID_E = -152, /* ASN signature error, mismatched oid */
- ASN_TIME_E = -153, /* ASN time error, unknown time type */
- ASN_INPUT_E = -154, /* ASN input error, not enough data */
- ASN_SIG_CONFIRM_E = -155, /* ASN sig error, confirm failure */
- ASN_SIG_HASH_E = -156, /* ASN sig error, unsupported hash type */
- ASN_SIG_KEY_E = -157, /* ASN sig error, unsupported key type */
- ASN_DH_KEY_E = -158, /* ASN key init error, invalid input */
- ASN_NTRU_KEY_E = -159, /* ASN ntru key decode error, invalid input */
- ASN_CRIT_EXT_E = -160, /* ASN unsupported critical extension */
-
- ECC_BAD_ARG_E = -170, /* ECC input argument of wrong type */
- ASN_ECC_KEY_E = -171, /* ASN ECC bad input */
- ECC_CURVE_OID_E = -172, /* Unsupported ECC OID curve type */
- BAD_FUNC_ARG = -173, /* Bad function argument provided */
- NOT_COMPILED_IN = -174, /* Feature not compiled in */
- UNICODE_SIZE_E = -175, /* Unicode password too big */
- NO_PASSWORD = -176, /* no password provided by user */
- ALT_NAME_E = -177, /* alt name size problem, too big */
-
- AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */
- AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */
-
- CAVIUM_INIT_E = -182, /* Cavium Init type error */
-
- COMPRESS_INIT_E = -183, /* Compress init error */
- COMPRESS_E = -184, /* Compress error */
- DECOMPRESS_INIT_E = -185, /* DeCompress init error */
- DECOMPRESS_E = -186, /* DeCompress error */
-
- BAD_ALIGN_E = -187, /* Bad alignment for operation, no alloc */
- ASN_NO_SIGNER_E = -188, /* ASN no signer to confirm failure */
- ASN_CRL_CONFIRM_E = -189, /* ASN CRL signature confirm failure */
- ASN_CRL_NO_SIGNER_E = -190, /* ASN CRL no signer to confirm failure */
- ASN_OCSP_CONFIRM_E = -191, /* ASN OCSP signature confirm failure */
-
- BAD_ENC_STATE_E = -192, /* Bad ecc enc state operation */
- BAD_PADDING_E = -193, /* Bad padding, msg not correct length */
-
- REQ_ATTRIBUTE_E = -194, /* setting cert request attributes error */
-
- PKCS7_OID_E = -195, /* PKCS#7, mismatched OID error */
- PKCS7_RECIP_E = -196, /* PKCS#7, recipient error */
- FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */
- ASN_NAME_INVALID_E = -198, /* ASN name constraint error */
-
- RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */
- HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */
- RSA_PAD_E = -201, /* RSA Padding Error */
- LENGTH_ONLY_E = -202, /* Returning output length only */
-
- IN_CORE_FIPS_E = -203, /* In Core Integrity check failure */
- AES_KAT_FIPS_E = -204, /* AES KAT failure */
- DES3_KAT_FIPS_E = -205, /* DES3 KAT failure */
- HMAC_KAT_FIPS_E = -206, /* HMAC KAT failure */
- RSA_KAT_FIPS_E = -207, /* RSA KAT failure */
- DRBG_KAT_FIPS_E = -208, /* HASH DRBG KAT failure */
- DRBG_CONT_FIPS_E = -209, /* HASH DRBG Continious test failure */
- AESGCM_KAT_FIPS_E = -210, /* AESGCM KAT failure */
- THREAD_STORE_KEY_E = -211, /* Thread local storage key create failure */
- THREAD_STORE_SET_E = -212, /* Thread local storage key set failure */
-
- MAC_CMP_FAILED_E = -213, /* MAC comparison failed */
- IS_POINT_E = -214, /* ECC is point on curve failed */
- ECC_INF_E = -215, /* ECC point infinity error */
- ECC_PRIV_KEY_E = -216, /* ECC private key not valid error */
-
- MIN_CODE_E = -300 /* errors -101 - -299 */
-};
-
-
-WOLFSSL_API void wc_ErrorString(int err, char* buff);
-WOLFSSL_API const char* wc_GetErrorString(int error);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-#endif /* WOLF_CRYPT_ERROR_H */
-
-
-
--- a/wolfssl/wolfcrypt/fe_operations.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,133 +0,0 @@
-/* fe_operations.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_FE_OPERATIONS_H
-#define WOLF_CRYPT_FE_OPERATIONS_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
-
-#ifndef CURVED25519_SMALL
- #include <stdint.h>
-#endif
-#include <wolfssl/wolfcrypt/types.h>
-
-/*
-fe means field element.
-Here the field is \Z/(2^255-19).
-An element t, entries t[0]...t[9], represents the integer
-t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
-Bounds on each t[i] vary depending on context.
-*/
-
-#ifdef CURVED25519_SMALL
- #define F25519_SIZE 32
- typedef byte fe[32];
-#else
- typedef int32_t fe[10];
-#endif
-
-WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p);
-WOLFSSL_LOCAL void fe_copy(fe, const fe);
-WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
-WOLFSSL_LOCAL void fe_neg(fe,const fe);
-WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
-WOLFSSL_LOCAL void fe_invert(fe, const fe);
-WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
-
-/* default to be faster but take more memory */
-#ifndef CURVED25519_SMALL
-
-/* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
- work. */
-
-WOLFSSL_LOCAL void fe_0(fe);
-WOLFSSL_LOCAL void fe_1(fe);
-WOLFSSL_LOCAL int fe_isnonzero(const fe);
-WOLFSSL_LOCAL int fe_isnegative(const fe);
-WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe);
-WOLFSSL_LOCAL void fe_sq(fe, const fe);
-WOLFSSL_LOCAL void fe_sq2(fe,const fe);
-WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *);
-WOLFSSL_LOCAL void fe_cswap(fe,fe,unsigned int);
-WOLFSSL_LOCAL void fe_mul121666(fe,fe);
-WOLFSSL_LOCAL void fe_cmov(fe,const fe,unsigned int);
-WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
-
-/* 64 type needed for SHA512 */
-WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in);
-WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in);
-#endif /* not defined CURVED25519_SMALL */
-
-/* Use less memory and only 32bit types or less, but is slower
- Based on Daniel Beer's public domain work. */
-#ifdef CURVED25519_SMALL
-static const byte c25519_base_x[F25519_SIZE] = {9};
-static const byte f25519_zero[F25519_SIZE] = {0};
-static const byte f25519_one[F25519_SIZE] = {1};
-static const byte fprime_zero[F25519_SIZE] = {0};
-static const byte fprime_one[F25519_SIZE] = {1};
-
-WOLFSSL_LOCAL void fe_load(byte *x, word32 c);
-WOLFSSL_LOCAL void fe_normalize(byte *x);
-WOLFSSL_LOCAL void fe_inv__distinct(byte *r, const byte *x);
-
-/* Conditional copy. If condition == 0, then zero is copied to dst. If
- * condition == 1, then one is copied to dst. Any other value results in
- * undefined behaviour.
- */
-WOLFSSL_LOCAL void fe_select(byte *dst, const byte *zero, const byte *one,
- byte condition);
-
-/* Multiply a point by a small constant. The two pointers are not
- * required to be distinct.
- *
- * The constant must be less than 2^24.
- */
-WOLFSSL_LOCAL void fe_mul_c(byte *r, const byte *a, word32 b);
-WOLFSSL_LOCAL void fe_mul__distinct(byte *r, const byte *a, const byte *b);
-
-/* Compute one of the square roots of the field element, if the element
- * is square. The other square is -r.
- *
- * If the input is not square, the returned value is a valid field
- * element, but not the correct answer. If you don't already know that
- * your element is square, you should square the return value and test.
- */
-WOLFSSL_LOCAL void fe_sqrt(byte *r, const byte *x);
-
-/* Conditional copy. If condition == 0, then zero is copied to dst. If
- * condition == 1, then one is copied to dst. Any other value results in
- * undefined behaviour.
- */
-WOLFSSL_LOCAL void fprime_select(byte *dst, const byte *zero, const byte *one,
- byte condition);
-WOLFSSL_LOCAL void fprime_add(byte *r, const byte *a, const byte *modulus);
-WOLFSSL_LOCAL void fprime_sub(byte *r, const byte *a, const byte *modulus);
-WOLFSSL_LOCAL void fprime_mul(byte *r, const byte *a, const byte *b,
- const byte *modulus);
-WOLFSSL_LOCAL void fprime_copy(byte *x, const byte *a);
-#endif /* CURVED25519_SMALL */
-#endif /* HAVE_CURVE25519 or HAVE_ED25519 */
-#endif /* WOLF_CRYPT_FE_OPERATIONS_H */
-
-
--- a/wolfssl/wolfcrypt/fips_test.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-/* fips_test.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_FIPS_TEST_H
-#define WOLF_CRYPT_FIPS_TEST_H
-
-#include <cyassl/ctaocrypt/types.h>
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* Known Answer Test string inputs are hex, internal */
-CYASSL_LOCAL int DoKnownAnswerTests(char*, int);
-
-
-/* FIPS failure callback */
-typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash);
-
-/* Public set function */
-CYASSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
-
-/* Public get status functions */
-CYASSL_API int wolfCrypt_GetStatus_fips(void);
-CYASSL_API const char* wolfCrypt_GetCoreHash_fips(void);
-
-#ifdef HAVE_FORCE_FIPS_FAILURE
- /* Public function to force failure mode for operational testing */
- CYASSL_API int wolfCrypt_SetStatus_fips(int);
-#endif
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_FIPS_TEST_H */
-
-
--- a/wolfssl/wolfcrypt/ge_operations.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,116 +0,0 @@
-/* ge_operations.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
- /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
-
-#ifndef WOLF_CRYPT_GE_OPERATIONS_H
-#define WOLF_CRYPT_GE_OPERATIONS_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef HAVE_ED25519
-
-#ifndef CURVED25519_SMALL
- #include <stdint.h>
-#endif
-#include <wolfssl/wolfcrypt/fe_operations.h>
-
-/*
-ge means group element.
-
-Here the group is the set of pairs (x,y) of field elements (see fe.h)
-satisfying -x^2 + y^2 = 1 + d x^2y^2
-where d = -121665/121666.
-
-Representations:
- ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
- ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
- ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- ge_precomp (Duif): (y+x,y-x,2dxy)
-*/
-
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
-} ge_p2;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p3;
-
-WOLFSSL_LOCAL int ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
- word32 keySz);
-WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
-
-WOLFSSL_LOCAL int ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,
- const ge_p3 *,const unsigned char *);
-WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *);
-WOLFSSL_LOCAL void sc_reduce(byte* s);
-WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b,
- const byte* c);
-WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *);
-WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *);
-
-#ifndef CURVED25519_SMALL
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p1p1;
-
-typedef struct {
- fe yplusx;
- fe yminusx;
- fe xy2d;
-} ge_precomp;
-
-typedef struct {
- fe YplusX;
- fe YminusX;
- fe Z;
- fe T2d;
-} ge_cached;
-
-WOLFSSL_LOCAL void ge_p2_0(ge_p2 *);
-WOLFSSL_LOCAL void ge_p3_0(ge_p3 *);
-WOLFSSL_LOCAL void ge_precomp_0(ge_precomp *);
-WOLFSSL_LOCAL void ge_p3_to_p2(ge_p2 *,const ge_p3 *);
-WOLFSSL_LOCAL void ge_p3_to_cached(ge_cached *,const ge_p3 *);
-WOLFSSL_LOCAL void ge_p1p1_to_p2(ge_p2 *,const ge_p1p1 *);
-WOLFSSL_LOCAL void ge_p1p1_to_p3(ge_p3 *,const ge_p1p1 *);
-WOLFSSL_LOCAL void ge_p2_dbl(ge_p1p1 *,const ge_p2 *);
-WOLFSSL_LOCAL void ge_p3_dbl(ge_p1p1 *,const ge_p3 *);
-
-WOLFSSL_LOCAL void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-WOLFSSL_LOCAL void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-WOLFSSL_LOCAL void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-WOLFSSL_LOCAL void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-#endif /* no CURVED25519_SMALL */
-#endif /* HAVE_ED25519 */
-#endif /* WOLF_CRYPT_GE_OPERATIONS_H */
-
-
--- a/wolfssl/wolfcrypt/hash.h Tue Jul 21 11:37:09 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,42 +0,0 @@ -/* hash.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - -#ifndef WOLF_CRYPT_HASH_H -#define WOLF_CRYPT_HASH_H - -#ifndef NO_MD5 -#include <wolfssl/wolfcrypt/md5.h> -WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); -WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; -#endif -#ifndef NO_SHA -#include <wolfssl/wolfcrypt/sha.h> -WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); -WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; -#endif -#ifndef NO_SHA256 -#include <wolfssl/wolfcrypt/sha256.h> -WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); -WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; -#endif - -#endif -
--- a/wolfssl/wolfcrypt/hc128.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-/* hc128.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_HC128_H
-#define WOLF_CRYPT_HC128_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_HC128
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-enum {
- HC128_ENC_TYPE = 6 /* cipher unique type */
-};
-
-/* HC-128 stream cipher */
-typedef struct HC128 {
- word32 T[1024]; /* P[i] = T[i]; Q[i] = T[1024 + i ]; */
- word32 X[16];
- word32 Y[16];
- word32 counter1024; /* counter1024 = i mod 1024 at the ith step */
- word32 key[8];
- word32 iv[8];
-} HC128;
-
-
-WOLFSSL_API int wc_Hc128_Process(HC128*, byte*, const byte*, word32);
-WOLFSSL_API int wc_Hc128_SetKey(HC128*, const byte* key, const byte* iv);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_HC128 */
-#endif /* WOLF_CRYPT_HC128_H */
-
-
--- a/wolfssl/wolfcrypt/hmac.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,191 +0,0 @@
-/* hmac.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef NO_HMAC
-
-#ifndef WOLF_CRYPT_HMAC_H
-#define WOLF_CRYPT_HMAC_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_MD5
- #include <wolfssl/wolfcrypt/md5.h>
-#endif
-
-#ifndef NO_SHA
- #include <wolfssl/wolfcrypt/sha.h>
-#endif
-
-#ifndef NO_SHA256
- #include <wolfssl/wolfcrypt/sha256.h>
-#endif
-
-#ifdef WOLFSSL_SHA512
- #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-
-#ifdef HAVE_BLAKE2
- #include <wolfssl/wolfcrypt/blake2.h>
-#endif
-
-#ifdef HAVE_FIPS
-/* for fips */
- #include <cyassl/ctaocrypt/hmac.h>
-#endif
-
-#ifdef HAVE_CAVIUM
- #include <wolfssl/wolfcrypt/logging.h>
- #include "cavium_common.h"
-#endif
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-#ifndef HAVE_FIPS
-#define WOLFSSL_HMAC_CAVIUM_MAGIC 0xBEEF0005
-
-enum {
- HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
-
- IPAD = 0x36,
- OPAD = 0x5C,
-
-/* If any hash is not enabled, add the ID here. */
-#ifdef NO_MD5
- MD5 = 0,
-#endif
-#ifdef NO_SHA
- SHA = 1,
-#endif
-#ifdef NO_SHA256
- SHA256 = 2,
-#endif
-#ifndef WOLFSSL_SHA512
- SHA512 = 4,
-#endif
-#ifndef WOLFSSL_SHA384
- SHA384 = 5,
-#endif
-#ifndef HAVE_BLAKE2
- BLAKE2B_ID = 7,
-#endif
-
-/* Select the largest available hash for the buffer size. */
-#if defined(WOLFSSL_SHA512)
- MAX_DIGEST_SIZE = SHA512_DIGEST_SIZE,
- HMAC_BLOCK_SIZE = SHA512_BLOCK_SIZE
-#elif defined(HAVE_BLAKE2)
- MAX_DIGEST_SIZE = BLAKE2B_OUTBYTES,
- HMAC_BLOCK_SIZE = BLAKE2B_BLOCKBYTES,
-#elif defined(WOLFSSL_SHA384)
- MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE,
- HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
-#elif !defined(NO_SHA256)
- MAX_DIGEST_SIZE = SHA256_DIGEST_SIZE,
- HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE
-#elif !defined(NO_SHA)
- MAX_DIGEST_SIZE = SHA_DIGEST_SIZE,
- HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE
-#elif !defined(NO_MD5)
- MAX_DIGEST_SIZE = MD5_DIGEST_SIZE,
- HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE
-#else
- #error "You have to have some kind of hash if you want to use HMAC."
-#endif
-};
-
-
-/* hash union */
-typedef union {
- #ifndef NO_MD5
- Md5 md5;
- #endif
- #ifndef NO_SHA
- Sha sha;
- #endif
- #ifndef NO_SHA256
- Sha256 sha256;
- #endif
- #ifdef WOLFSSL_SHA384
- Sha384 sha384;
- #endif
- #ifdef WOLFSSL_SHA512
- Sha512 sha512;
- #endif
- #ifdef HAVE_BLAKE2
- Blake2b blake2b;
- #endif
-} Hash;
-
-/* Hmac digest */
-typedef struct Hmac {
- Hash hash;
- word32 ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
- word32 opad[HMAC_BLOCK_SIZE / sizeof(word32)];
- word32 innerHash[MAX_DIGEST_SIZE / sizeof(word32)];
- byte macType; /* md5 sha or sha256 */
- byte innerHashKeyed; /* keyed flag */
-#ifdef HAVE_CAVIUM
- word16 keyLen; /* hmac key length */
- word16 dataLen;
- HashType type; /* hmac key type */
- int devId; /* nitrox device id */
- word32 magic; /* using cavium magic */
- word64 contextHandle; /* nitrox context memory handle */
- byte* data; /* buffered input data for one call */
-#endif
-} Hmac;
-
-#endif /* HAVE_FIPS */
-
-/* does init */
-WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
-WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
-WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
-
-#ifdef HAVE_CAVIUM
- WOLFSSL_API int wc_HmacInitCavium(Hmac*, int);
- WOLFSSL_API void wc_HmacFreeCavium(Hmac*);
-#endif
-
-WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
-
-
-#ifdef HAVE_HKDF
-
-WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
- const byte* salt, word32 saltSz,
- const byte* info, word32 infoSz,
- byte* out, word32 outSz);
-
-#endif /* HAVE_HKDF */
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_HMAC_H */
-
-#endif /* NO_HMAC */
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/wolfcrypt/idea.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,68 @@
+/* idea.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_IDEA_H
+#define WOLF_CRYPT_IDEA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_IDEA
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum {
+ IDEA_MODULO = 0x10001, /* 2^16+1 */
+ IDEA_2EXP16 = 0x10000, /* 2^16 */
+ IDEA_MASK = 0xFFFF, /* 16 bits set to one */
+ IDEA_ROUNDS = 8, /* number of rounds for IDEA */
+ IDEA_SK_NUM = (6*IDEA_ROUNDS + 4), /* number of subkeys */
+ IDEA_KEY_SIZE = 16, /* size of key in bytes */
+ IDEA_BLOCK_SIZE = 8, /* size of IDEA blocks in bytes */
+ IDEA_IV_SIZE = 8, /* size of IDEA IV in bytes */
+ IDEA_ENCRYPTION = 0,
+ IDEA_DECRYPTION = 1
+};
+
+/* IDEA encryption and decryption */
+typedef struct Idea {
+ word32 reg[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ word32 tmp[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ word16 skey[IDEA_SK_NUM]; /* 832 bits expanded key */
+} Idea;
+
+WOLFSSL_API int wc_IdeaSetKey(Idea *idea, const byte* key, word16 keySz,
+ const byte *iv, int dir);
+WOLFSSL_API int wc_IdeaSetIV(Idea *idea, const byte* iv);
+WOLFSSL_API void wc_IdeaCipher(Idea *idea, byte* out, const byte* in);
+WOLFSSL_API int wc_IdeaCbcEncrypt(Idea *idea, byte* out,
+ const byte* in, word32 len);
+WOLFSSL_API int wc_IdeaCbcDecrypt(Idea *idea, byte* out,
+ const byte* in, word32 len);
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_IDEA */
+#endif /* WOLF_CRYPT_IDEA_H */
+
--- a/wolfssl/wolfcrypt/integer.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,325 +0,0 @@
-/* integer.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/*
- * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
- * http://math.libtomcrypt.com
- */
-
-
-#ifndef WOLF_CRYPT_INTEGER_H
-#define WOLF_CRYPT_INTEGER_H
-
-/* may optionally use fast math instead, not yet supported on all platforms and
- may not be faster on all
-*/
-#include <wolfssl/wolfcrypt/types.h> /* will set MP_xxBIT if not default */
-#ifdef USE_FAST_MATH
- #include <wolfssl/wolfcrypt/tfm.h>
-#else
-
-#ifndef CHAR_BIT
- #include <limits.h>
-#endif
-
-#include <wolfssl/wolfcrypt/mpi_class.h>
-
-#ifndef MIN
- #define MIN(x,y) ((x)<(y)?(x):(y))
-#endif
-
-#ifndef MAX
- #define MAX(x,y) ((x)>(y)?(x):(y))
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-
-/* C++ compilers don't like assigning void * to mp_digit * */
-#define OPT_CAST(x) (x *)
-
-#else
-
-/* C on the other hand doesn't care */
-#define OPT_CAST(x)
-
-#endif
-
-
-/* detect 64-bit mode if possible */
-#if defined(__x86_64__)
- #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
- #define MP_64BIT
- #endif
-#endif
-/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
-#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
- #undef MP_64BIT
-#endif
-
-/* some default configurations.
- *
- * A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
- * A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
- *
- * At the very least a mp_digit must be able to hold 7 bits
- * [any size beyond that is ok provided it doesn't overflow the data type]
- */
-#ifdef MP_8BIT
- typedef unsigned char mp_digit;
- typedef unsigned short mp_word;
-#elif defined(MP_16BIT) || defined(NO_64BIT)
- typedef unsigned short mp_digit;
- typedef unsigned int mp_word;
-#elif defined(MP_64BIT)
- /* for GCC only on supported platforms */
- typedef unsigned long long mp_digit; /* 64 bit type, 128 uses mode(TI) */
- typedef unsigned long mp_word __attribute__ ((mode(TI)));
-
- #define DIGIT_BIT 60
-#else
- /* this is the default case, 28-bit digits */
-
- #if defined(_MSC_VER) || defined(__BORLANDC__)
- typedef unsigned __int64 ulong64;
- #else
- typedef unsigned long long ulong64;
- #endif
-
- typedef unsigned int mp_digit; /* long could be 64 now, changed TAO */
- typedef ulong64 mp_word;
-
-#ifdef MP_31BIT
- /* this is an extension that uses 31-bit digits */
- #define DIGIT_BIT 31
-#else
- /* default case is 28-bit digits, defines MP_28BIT as a handy test macro */
- #define DIGIT_BIT 28
- #define MP_28BIT
-#endif
-#endif
-
-
-/* otherwise the bits per digit is calculated automatically from the size of
- a mp_digit */
-#ifndef DIGIT_BIT
- #define DIGIT_BIT ((int)((CHAR_BIT * sizeof(mp_digit) - 1)))
- /* bits per digit */
-#endif
-
-#define MP_DIGIT_BIT DIGIT_BIT
-#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
-#define MP_DIGIT_MAX MP_MASK
-
-/* equalities */
-#define MP_LT -1 /* less than */
-#define MP_EQ 0 /* equal to */
-#define MP_GT 1 /* greater than */
-
-#define MP_ZPOS 0 /* positive integer */
-#define MP_NEG 1 /* negative */
-
-#define MP_OKAY 0 /* ok result */
-#define MP_MEM -2 /* out of mem */
-#define MP_VAL -3 /* invalid input */
-#define MP_RANGE MP_VAL
-
-#define MP_YES 1 /* yes response */
-#define MP_NO 0 /* no response */
-
-/* Primality generation flags */
-#define LTM_PRIME_BBS 0x0001 /* BBS style prime */
-#define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */
-#define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */
-
-typedef int mp_err;
-
-/* define this to use lower memory usage routines (exptmods mostly) */
-#define MP_LOW_MEM
-
-/* default precision */
-#ifndef MP_PREC
- #ifndef MP_LOW_MEM
- #define MP_PREC 32 /* default digits of precision */
- #else
- #define MP_PREC 1 /* default digits of precision */
- #endif
-#endif
-
-/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD -
- BITS_PER_DIGIT*2) */
-#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
-
-/* the infamous mp_int structure */
-typedef struct {
- int used, alloc, sign;
- mp_digit *dp;
-} mp_int;
-
-/* callback for mp_prime_random, should fill dst with random bytes and return
- how many read [upto len] */
-typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
-
-
-#define USED(m) ((m)->used)
-#define DIGIT(m,k) ((m)->dp[(k)])
-#define SIGN(m) ((m)->sign)
-
-
-/* ---> Basic Manipulations <--- */
-#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
-#define mp_iseven(a) \
- (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO)
-#define mp_isodd(a) \
- (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO)
-
-
-/* number of primes */
-#ifdef MP_8BIT
- #define PRIME_SIZE 31
-#else
- #define PRIME_SIZE 256
-#endif
-
-#define mp_prime_random(a, t, size, bbs, cb, dat) \
- mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat)
-
-#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len))
-#define mp_raw_size(mp) mp_signed_bin_size(mp)
-#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str))
-#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
-#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
-#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
-
-#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
-#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
-#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
-#define mp_tohex(M, S) mp_toradix((M), (S), 16)
-
-#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
-
-extern const char *mp_s_rmap;
-
-/* 6 functions needed by Rsa */
-int mp_init (mp_int * a);
-void mp_clear (mp_int * a);
-int mp_unsigned_bin_size(mp_int * a);
-int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
-int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
-int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
-/* end functions needed by Rsa */
-
-/* functions added to support above needed, removed TOOM and KARATSUBA */
-int mp_count_bits (mp_int * a);
-int mp_leading_bit (mp_int * a);
-int mp_init_copy (mp_int * a, mp_int * b);
-int mp_copy (mp_int * a, mp_int * b);
-int mp_grow (mp_int * a, int size);
-int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
-void mp_zero (mp_int * a);
-void mp_clamp (mp_int * a);
-void mp_exch (mp_int * a, mp_int * b);
-void mp_rshd (mp_int * a, int b);
-void mp_rshb (mp_int * a, int b);
-int mp_mod_2d (mp_int * a, int b, mp_int * c);
-int mp_mul_2d (mp_int * a, int b, mp_int * c);
-int mp_lshd (mp_int * a, int b);
-int mp_abs (mp_int * a, mp_int * b);
-int mp_invmod (mp_int * a, mp_int * b, mp_int * c);
-int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c);
-int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
-int mp_cmp_mag (mp_int * a, mp_int * b);
-int mp_cmp (mp_int * a, mp_int * b);
-int mp_cmp_d(mp_int * a, mp_digit b);
-void mp_set (mp_int * a, mp_digit b);
-int mp_mod (mp_int * a, mp_int * b, mp_int * c);
-int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
-int mp_div_2(mp_int * a, mp_int * b);
-int mp_add (mp_int * a, mp_int * b, mp_int * c);
-int s_mp_add (mp_int * a, mp_int * b, mp_int * c);
-int s_mp_sub (mp_int * a, mp_int * b, mp_int * c);
-int mp_sub (mp_int * a, mp_int * b, mp_int * c);
-int mp_reduce_is_2k_l(mp_int *a);
-int mp_reduce_is_2k(mp_int *a);
-int mp_dr_is_modulus(mp_int *a);
-int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int);
-int mp_montgomery_setup (mp_int * n, mp_digit * rho);
-int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
-int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
-void mp_dr_setup(mp_int *a, mp_digit *d);
-int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k);
-int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
-int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-int mp_reduce_2k_setup_l(mp_int *a, mp_int *d);
-int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d);
-int mp_reduce (mp_int * x, mp_int * m, mp_int * mu);
-int mp_reduce_setup (mp_int * a, mp_int * b);
-int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode);
-int mp_montgomery_calc_normalization (mp_int * a, mp_int * b);
-int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-int s_mp_sqr (mp_int * a, mp_int * b);
-int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-int fast_s_mp_sqr (mp_int * a, mp_int * b);
-int mp_init_size (mp_int * a, int size);
-int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d);
-int mp_mul_2(mp_int * a, mp_int * b);
-int mp_mul (mp_int * a, mp_int * b, mp_int * c);
-int mp_sqr (mp_int * a, mp_int * b);
-int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
-int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
-int mp_2expt (mp_int * a, int b);
-int mp_reduce_2k_setup(mp_int *a, mp_digit *d);
-int mp_add_d (mp_int* a, mp_digit b, mp_int* c);
-int mp_set_int (mp_int * a, unsigned long b);
-int mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
-/* end support added functions */
-
-/* added */
-int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
- mp_int* f);
-
-#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
-#endif
-#ifdef HAVE_ECC
- int mp_read_radix(mp_int* a, const char* str, int radix);
-#endif
-
-#ifdef WOLFSSL_KEY_GEN
- int mp_prime_is_prime (mp_int * a, int t, int *result);
- int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
- int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
-#endif
-
-int mp_cnt_lsb(mp_int *a);
-int mp_mod_d(mp_int* a, mp_digit b, mp_digit* c);
-
-#ifdef __cplusplus
- }
-#endif
-
-
-#endif /* USE_FAST_MATH */
-
-#endif /* WOLF_CRYPT_INTEGER_H */
-
-
--- a/wolfssl/wolfcrypt/logging.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-/* logging.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* submitted by eof */
-
-
-#ifndef WOLFSSL_LOGGING_H
-#define WOLFSSL_LOGGING_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-enum CYA_Log_Levels {
- ERROR_LOG = 0,
- INFO_LOG,
- ENTER_LOG,
- LEAVE_LOG,
- OTHER_LOG
-};
-
-typedef void (*wolfSSL_Logging_cb)(const int logLevel,
- const char *const logMessage);
-
-WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
-
-#ifdef DEBUG_WOLFSSL
-
- void WOLFSSL_ENTER(const char* msg);
- void WOLFSSL_LEAVE(const char* msg, int ret);
-
- void WOLFSSL_ERROR(int);
- void WOLFSSL_MSG(const char* msg);
-
-#else /* DEBUG_WOLFSSL */
-
- #define WOLFSSL_ENTER(m)
- #define WOLFSSL_LEAVE(m, r)
-
- #define WOLFSSL_ERROR(e)
- #define WOLFSSL_MSG(m)
-
-#endif /* DEBUG_WOLFSSL */
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* WOLFSSL_LOGGING_H */
-
-
--- a/wolfssl/wolfcrypt/md2.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-/* md2.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_MD2_H
-#define WOLF_CRYPT_MD2_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef WOLFSSL_MD2
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* in bytes */
-enum {
- MD2 = 6, /* hash type unique */
- MD2_BLOCK_SIZE = 16,
- MD2_DIGEST_SIZE = 16,
- MD2_PAD_SIZE = 16,
- MD2_X_SIZE = 48
-};
-
-
-/* Md2 digest */
-typedef struct Md2 {
- word32 count; /* bytes % PAD_SIZE */
- byte X[MD2_X_SIZE];
- byte C[MD2_BLOCK_SIZE];
- byte buffer[MD2_BLOCK_SIZE];
-} Md2;
-
-
-WOLFSSL_API void wc_InitMd2(Md2*);
-WOLFSSL_API void wc_Md2Update(Md2*, const byte*, word32);
-WOLFSSL_API void wc_Md2Final(Md2*, byte*);
-WOLFSSL_API int wc_Md2Hash(const byte*, word32, byte*);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLFSSL_MD2 */
-#endif /* WOLF_CRYPT_MD2_H */
-
-
--- a/wolfssl/wolfcrypt/md4.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-/* md4.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_MD4_H
-#define WOLF_CRYPT_MD4_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_MD4
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* in bytes */
-enum {
- MD4_BLOCK_SIZE = 64,
- MD4_DIGEST_SIZE = 16,
- MD4_PAD_SIZE = 56
-};
-
-
-/* MD4 digest */
-typedef struct Md4 {
- word32 buffLen; /* in bytes */
- word32 loLen; /* length in bytes */
- word32 hiLen; /* length in bytes */
- word32 digest[MD4_DIGEST_SIZE / sizeof(word32)];
- word32 buffer[MD4_BLOCK_SIZE / sizeof(word32)];
-} Md4;
-
-
-WOLFSSL_API void wc_InitMd4(Md4*);
-WOLFSSL_API void wc_Md4Update(Md4*, const byte*, word32);
-WOLFSSL_API void wc_Md4Final(Md4*, byte*);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_MD4 */
-#endif /* WOLF_CRYPT_MD4_H */
-
-
--- a/wolfssl/wolfcrypt/md5.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-/* md5.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_MD5_H
-#define WOLF_CRYPT_MD5_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_MD5
-
-#ifdef HAVE_FIPS
- #define wc_InitMd5 InitMd5
- #define wc_Md5Update Md5Update
- #define wc_Md5Final Md5Final
- #define wc_Md5Hash Md5Hash
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* in bytes */
-enum {
-#ifdef STM32F2_HASH
- MD5_REG_SIZE = 4, /* STM32 register size, bytes */
-#endif
- MD5 = 0, /* hash type unique */
- MD5_BLOCK_SIZE = 64,
- MD5_DIGEST_SIZE = 16,
- MD5_PAD_SIZE = 56
-};
-
-#if defined(WOLFSSL_PIC32MZ_HASH)
-#include "port/pic32/pic32mz-crypt.h"
-#endif
-
-#ifndef WOLFSSL_TI_HASH
-
-/* MD5 digest */
-typedef struct Md5 {
- word32 buffLen; /* in bytes */
- word32 loLen; /* length in bytes */
- word32 hiLen; /* length in bytes */
- word32 buffer[MD5_BLOCK_SIZE / sizeof(word32)];
- #if !defined(WOLFSSL_PIC32MZ_HASH)
- word32 digest[MD5_DIGEST_SIZE / sizeof(word32)];
- #else
- word32 digest[PIC32_HASH_SIZE / sizeof(word32)];
- pic32mz_desc desc ; /* Crypt Engine descripter */
- #endif
-} Md5;
-
-#else /* WOLFSSL_TI_HASH */
- #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-WOLFSSL_API void wc_InitMd5(Md5*);
-WOLFSSL_API void wc_Md5Update(Md5*, const byte*, word32);
-WOLFSSL_API void wc_Md5Final(Md5*, byte*);
-WOLFSSL_API int wc_Md5Hash(const byte*, word32, byte*);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_MD5 */
-#endif /* WOLF_CRYPT_MD5_H */
-
--- a/wolfssl/wolfcrypt/memory.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,57 +0,0 @@
-/* memory.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* submitted by eof */
-
-
-#ifndef WOLFSSL_MEMORY_H
-#define WOLFSSL_MEMORY_H
-
-#include <stdlib.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-typedef void *(*wolfSSL_Malloc_cb)(size_t size);
-typedef void (*wolfSSL_Free_cb)(void *ptr);
-typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size);
-
-
-/* Public set function */
-WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function,
- wolfSSL_Free_cb free_function,
- wolfSSL_Realloc_cb realloc_function);
-
-/* Public in case user app wants to use XMALLOC/XFREE */
-WOLFSSL_API void* wolfSSL_Malloc(size_t size);
-WOLFSSL_API void wolfSSL_Free(void *ptr);
-WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLFSSL_MEMORY_H */
-
-
--- a/wolfssl/wolfcrypt/misc.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-/* misc.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_MISC_H
-#define WOLF_CRYPT_MISC_H
-
-
-#include <wolfssl/wolfcrypt/types.h>
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-#ifdef NO_INLINE
-WOLFSSL_LOCAL
-word32 rotlFixed(word32, word32);
-WOLFSSL_LOCAL
-word32 rotrFixed(word32, word32);
-
-WOLFSSL_LOCAL
-word32 ByteReverseWord32(word32);
-WOLFSSL_LOCAL
-void ByteReverseWords(word32*, const word32*, word32);
-
-WOLFSSL_LOCAL
-void XorWords(wolfssl_word*, const wolfssl_word*, word32);
-WOLFSSL_LOCAL
-void xorbuf(void*, const void*, word32);
-
-WOLFSSL_LOCAL
-void ForceZero(const void*, word32);
-
-WOLFSSL_LOCAL
-int ConstantCompare(const byte*, const byte*, int);
-
-#ifdef WORD64_AVAILABLE
-WOLFSSL_LOCAL
-word64 rotlFixed64(word64, word64);
-WOLFSSL_LOCAL
-word64 rotrFixed64(word64, word64);
-
-WOLFSSL_LOCAL
-word64 ByteReverseWord64(word64);
-WOLFSSL_LOCAL
-void ByteReverseWords64(word64*, const word64*, word32);
-#endif /* WORD64_AVAILABLE */
-
-#endif /* NO_INLINE */
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-
-#endif /* WOLF_CRYPT_MISC_H */
-
-
--- a/wolfssl/wolfcrypt/mpi_class.h Tue Jul 21 11:37:09 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1019 +0,0 @@ -/* mpi_class.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - - -#if !(defined(LTM1) && defined(LTM2) && defined(LTM3)) -#if defined(LTM2) -#define LTM3 -#endif -#if defined(LTM1) -#define LTM2 -#endif -#define LTM1 - -#if defined(LTM_ALL) -#define BN_ERROR_C -#define BN_FAST_MP_INVMOD_C -#define BN_FAST_MP_MONTGOMERY_REDUCE_C -#define BN_FAST_S_MP_MUL_DIGS_C -#define BN_FAST_S_MP_MUL_HIGH_DIGS_C -#define BN_FAST_S_MP_SQR_C -#define BN_MP_2EXPT_C -#define BN_MP_ABS_C -#define BN_MP_ADD_C -#define BN_MP_ADD_D_C -#define BN_MP_ADDMOD_C -#define BN_MP_AND_C -#define BN_MP_CLAMP_C -#define BN_MP_CLEAR_C -#define BN_MP_CLEAR_MULTI_C -#define BN_MP_CMP_C -#define BN_MP_CMP_D_C -#define BN_MP_CMP_MAG_C -#define BN_MP_CNT_LSB_C -#define BN_MP_COPY_C -#define BN_MP_COUNT_BITS_C -#define BN_MP_DIV_C -#define BN_MP_DIV_2_C -#define BN_MP_DIV_2D_C -#define BN_MP_DIV_3_C -#define BN_MP_DIV_D_C -#define BN_MP_DR_IS_MODULUS_C -#define BN_MP_DR_REDUCE_C -#define BN_MP_DR_SETUP_C -#define BN_MP_EXCH_C -#define BN_MP_EXPT_D_C -#define BN_MP_EXPTMOD_C -#define BN_MP_EXPTMOD_FAST_C -#define BN_MP_EXTEUCLID_C -#define BN_MP_FREAD_C -#define BN_MP_FWRITE_C -#define BN_MP_GCD_C -#define BN_MP_GET_INT_C -#define BN_MP_GROW_C -#define BN_MP_INIT_C -#define BN_MP_INIT_COPY_C -#define BN_MP_INIT_MULTI_C -#define BN_MP_INIT_SET_C -#define BN_MP_INIT_SET_INT_C -#define BN_MP_INIT_SIZE_C -#define BN_MP_INVMOD_C -#define BN_MP_INVMOD_SLOW_C -#define BN_MP_IS_SQUARE_C -#define BN_MP_JACOBI_C -#define BN_MP_KARATSUBA_MUL_C -#define BN_MP_KARATSUBA_SQR_C -#define BN_MP_LCM_C -#define BN_MP_LSHD_C -#define BN_MP_MOD_C -#define BN_MP_MOD_2D_C -#define BN_MP_MOD_D_C -#define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C -#define BN_MP_MONTGOMERY_REDUCE_C -#define BN_MP_MONTGOMERY_SETUP_C -#define BN_MP_MUL_C -#define BN_MP_MUL_2_C -#define BN_MP_MUL_2D_C -#define BN_MP_MUL_D_C -#define BN_MP_MULMOD_C -#define BN_MP_N_ROOT_C -#define BN_MP_NEG_C -#define BN_MP_OR_C -#define BN_MP_PRIME_FERMAT_C -#define BN_MP_PRIME_IS_DIVISIBLE_C -#define BN_MP_PRIME_IS_PRIME_C -#define BN_MP_PRIME_MILLER_RABIN_C -#define BN_MP_PRIME_NEXT_PRIME_C -#define BN_MP_PRIME_RABIN_MILLER_TRIALS_C -#define BN_MP_PRIME_RANDOM_EX_C -#define BN_MP_RADIX_SIZE_C -#define BN_MP_RADIX_SMAP_C -#define BN_MP_RAND_C -#define BN_MP_READ_RADIX_C -#define BN_MP_READ_SIGNED_BIN_C -#define BN_MP_READ_UNSIGNED_BIN_C -#define BN_MP_REDUCE_C -#define BN_MP_REDUCE_2K_C -#define BN_MP_REDUCE_2K_L_C -#define BN_MP_REDUCE_2K_SETUP_C -#define BN_MP_REDUCE_2K_SETUP_L_C -#define BN_MP_REDUCE_IS_2K_C -#define BN_MP_REDUCE_IS_2K_L_C -#define BN_MP_REDUCE_SETUP_C -#define BN_MP_RSHD_C -#define BN_MP_SET_C -#define BN_MP_SET_INT_C -#define BN_MP_SHRINK_C -#define BN_MP_SIGNED_BIN_SIZE_C -#define BN_MP_SQR_C -#define BN_MP_SQRMOD_C -#define BN_MP_SQRT_C -#define BN_MP_SUB_C -#define BN_MP_SUB_D_C -#define BN_MP_SUBMOD_C -#define BN_MP_TO_SIGNED_BIN_C -#define BN_MP_TO_SIGNED_BIN_N_C -#define BN_MP_TO_UNSIGNED_BIN_C -#define BN_MP_TO_UNSIGNED_BIN_N_C -#define BN_MP_TOOM_MUL_C -#define BN_MP_TOOM_SQR_C -#define BN_MP_TORADIX_C -#define BN_MP_TORADIX_N_C -#define BN_MP_UNSIGNED_BIN_SIZE_C -#define BN_MP_XOR_C -#define BN_MP_ZERO_C -#define BN_PRIME_TAB_C -#define BN_REVERSE_C -#define BN_S_MP_ADD_C -#define BN_S_MP_EXPTMOD_C -#define BN_S_MP_MUL_DIGS_C -#define BN_S_MP_MUL_HIGH_DIGS_C -#define BN_S_MP_SQR_C -#define BN_S_MP_SUB_C -#define BNCORE_C -#endif - -#if defined(BN_ERROR_C) - #define BN_MP_ERROR_TO_STRING_C -#endif - -#if defined(BN_FAST_MP_INVMOD_C) - #define BN_MP_ISEVEN_C - #define BN_MP_INIT_MULTI_C - #define BN_MP_COPY_C - #define BN_MP_MOD_C - #define BN_MP_SET_C - #define BN_MP_DIV_2_C - #define BN_MP_ISODD_C - #define BN_MP_SUB_C - #define BN_MP_CMP_C - #define BN_MP_ISZERO_C - #define BN_MP_CMP_D_C - #define BN_MP_ADD_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_MULTI_C -#endif - -#if defined(BN_FAST_MP_MONTGOMERY_REDUCE_C) - #define BN_MP_GROW_C - #define BN_MP_RSHD_C - #define BN_MP_CLAMP_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C -#endif - -#if defined(BN_FAST_S_MP_MUL_DIGS_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_FAST_S_MP_SQR_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_2EXPT_C) - #define BN_MP_ZERO_C - #define BN_MP_GROW_C -#endif - -#if defined(BN_MP_ABS_C) - #define BN_MP_COPY_C -#endif - -#if defined(BN_MP_ADD_C) - #define BN_S_MP_ADD_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C -#endif - -#if defined(BN_MP_ADD_D_C) - #define BN_MP_GROW_C - #define BN_MP_SUB_D_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_ADDMOD_C) - #define BN_MP_INIT_C - #define BN_MP_ADD_C - #define BN_MP_CLEAR_C - #define BN_MP_MOD_C -#endif - -#if defined(BN_MP_AND_C) - #define BN_MP_INIT_COPY_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_CLAMP_C) -#endif - -#if defined(BN_MP_CLEAR_C) -#endif - -#if defined(BN_MP_CLEAR_MULTI_C) - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_CMP_C) - #define BN_MP_CMP_MAG_C -#endif - -#if defined(BN_MP_CMP_D_C) -#endif - -#if defined(BN_MP_CMP_MAG_C) -#endif - -#if defined(BN_MP_CNT_LSB_C) - #define BN_MP_ISZERO_C -#endif - -#if defined(BN_MP_COPY_C) - #define BN_MP_GROW_C -#endif - -#if defined(BN_MP_COUNT_BITS_C) -#endif - -#if defined(BN_MP_DIV_C) - #define BN_MP_ISZERO_C - #define BN_MP_CMP_MAG_C - #define BN_MP_COPY_C - #define BN_MP_ZERO_C - #define BN_MP_INIT_MULTI_C - #define BN_MP_SET_C - #define BN_MP_COUNT_BITS_C - #define BN_MP_ABS_C - #define BN_MP_MUL_2D_C - #define BN_MP_CMP_C - #define BN_MP_SUB_C - #define BN_MP_ADD_C - #define BN_MP_DIV_2D_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_MULTI_C - #define BN_MP_INIT_SIZE_C - #define BN_MP_INIT_C - #define BN_MP_INIT_COPY_C - #define BN_MP_LSHD_C - #define BN_MP_RSHD_C - #define BN_MP_MUL_D_C - #define BN_MP_CLAMP_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_DIV_2_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_DIV_2D_C) - #define BN_MP_COPY_C - #define BN_MP_ZERO_C - #define BN_MP_INIT_C - #define BN_MP_MOD_2D_C - #define BN_MP_CLEAR_C - #define BN_MP_RSHD_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C -#endif - -#if defined(BN_MP_DIV_3_C) - #define BN_MP_INIT_SIZE_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_DIV_D_C) - #define BN_MP_ISZERO_C - #define BN_MP_COPY_C - #define BN_MP_DIV_2D_C - #define BN_MP_DIV_3_C - #define BN_MP_INIT_SIZE_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_DR_IS_MODULUS_C) -#endif - -#if defined(BN_MP_DR_REDUCE_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C -#endif - -#if defined(BN_MP_DR_SETUP_C) -#endif - -#if defined(BN_MP_EXCH_C) -#endif - -#if defined(BN_MP_EXPT_D_C) - #define BN_MP_INIT_COPY_C - #define BN_MP_SET_C - #define BN_MP_SQR_C - #define BN_MP_CLEAR_C - #define BN_MP_MUL_C -#endif - -#if defined(BN_MP_EXPTMOD_C) - #define BN_MP_INIT_C - #define BN_MP_INVMOD_C - #define BN_MP_CLEAR_C - #define BN_MP_ABS_C - #define BN_MP_CLEAR_MULTI_C - #define BN_MP_REDUCE_IS_2K_L_C - #define BN_S_MP_EXPTMOD_C - #define BN_MP_DR_IS_MODULUS_C - #define BN_MP_REDUCE_IS_2K_C - #define BN_MP_ISODD_C - #define BN_MP_EXPTMOD_FAST_C -#endif - -#if defined(BN_MP_EXPTMOD_FAST_C) - #define BN_MP_COUNT_BITS_C - #define BN_MP_INIT_C - #define BN_MP_CLEAR_C - #define BN_MP_MONTGOMERY_SETUP_C - #define BN_FAST_MP_MONTGOMERY_REDUCE_C - #define BN_MP_MONTGOMERY_REDUCE_C - #define BN_MP_DR_SETUP_C - #define BN_MP_DR_REDUCE_C - #define BN_MP_REDUCE_2K_SETUP_C - #define BN_MP_REDUCE_2K_C - #define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C - #define BN_MP_MULMOD_C - #define BN_MP_SET_C - #define BN_MP_MOD_C - #define BN_MP_COPY_C - #define BN_MP_SQR_C - #define BN_MP_MUL_C - #define BN_MP_EXCH_C -#endif - -#if defined(BN_MP_EXTEUCLID_C) - #define BN_MP_INIT_MULTI_C - #define BN_MP_SET_C - #define BN_MP_COPY_C - #define BN_MP_ISZERO_C - #define BN_MP_DIV_C - #define BN_MP_MUL_C - #define BN_MP_SUB_C - #define BN_MP_NEG_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_MULTI_C -#endif - -#if defined(BN_MP_FREAD_C) - #define BN_MP_ZERO_C - #define BN_MP_S_RMAP_C - #define BN_MP_MUL_D_C - #define BN_MP_ADD_D_C - #define BN_MP_CMP_D_C -#endif - -#if defined(BN_MP_FWRITE_C) - #define BN_MP_RADIX_SIZE_C - #define BN_MP_TORADIX_C -#endif - -#if defined(BN_MP_GCD_C) - #define BN_MP_ISZERO_C - #define BN_MP_ABS_C - #define BN_MP_ZERO_C - #define BN_MP_INIT_COPY_C - #define BN_MP_CNT_LSB_C - #define BN_MP_DIV_2D_C - #define BN_MP_CMP_MAG_C - #define BN_MP_EXCH_C - #define BN_S_MP_SUB_C - #define BN_MP_MUL_2D_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_GET_INT_C) -#endif - -#if defined(BN_MP_GROW_C) -#endif - -#if defined(BN_MP_INIT_C) -#endif - -#if defined(BN_MP_INIT_COPY_C) - #define BN_MP_COPY_C -#endif - -#if defined(BN_MP_INIT_MULTI_C) - #define BN_MP_ERR_C - #define BN_MP_INIT_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_INIT_SET_C) - #define BN_MP_INIT_C - #define BN_MP_SET_C -#endif - -#if defined(BN_MP_INIT_SET_INT_C) - #define BN_MP_INIT_C - #define BN_MP_SET_INT_C -#endif - -#if defined(BN_MP_INIT_SIZE_C) - #define BN_MP_INIT_C -#endif - -#if defined(BN_MP_INVMOD_C) - #define BN_MP_ISZERO_C - #define BN_MP_ISODD_C - #define BN_FAST_MP_INVMOD_C - #define BN_MP_INVMOD_SLOW_C -#endif - -#if defined(BN_MP_INVMOD_SLOW_C) - #define BN_MP_ISZERO_C - #define BN_MP_INIT_MULTI_C - #define BN_MP_MOD_C - #define BN_MP_COPY_C - #define BN_MP_ISEVEN_C - #define BN_MP_SET_C - #define BN_MP_DIV_2_C - #define BN_MP_ISODD_C - #define BN_MP_ADD_C - #define BN_MP_SUB_C - #define BN_MP_CMP_C - #define BN_MP_CMP_D_C - #define BN_MP_CMP_MAG_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_MULTI_C -#endif - -#if defined(BN_MP_IS_SQUARE_C) - #define BN_MP_MOD_D_C - #define BN_MP_INIT_SET_INT_C - #define BN_MP_MOD_C - #define BN_MP_GET_INT_C - #define BN_MP_SQRT_C - #define BN_MP_SQR_C - #define BN_MP_CMP_MAG_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_JACOBI_C) - #define BN_MP_CMP_D_C - #define BN_MP_ISZERO_C - #define BN_MP_INIT_COPY_C - #define BN_MP_CNT_LSB_C - #define BN_MP_DIV_2D_C - #define BN_MP_MOD_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_KARATSUBA_MUL_C) - #define BN_MP_MUL_C - #define BN_MP_INIT_SIZE_C - #define BN_MP_CLAMP_C - #define BN_MP_SUB_C - #define BN_MP_ADD_C - #define BN_MP_LSHD_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_KARATSUBA_SQR_C) - #define BN_MP_INIT_SIZE_C - #define BN_MP_CLAMP_C - #define BN_MP_SQR_C - #define BN_MP_SUB_C - #define BN_S_MP_ADD_C - #define BN_MP_LSHD_C - #define BN_MP_ADD_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_LCM_C) - #define BN_MP_INIT_MULTI_C - #define BN_MP_GCD_C - #define BN_MP_CMP_MAG_C - #define BN_MP_DIV_C - #define BN_MP_MUL_C - #define BN_MP_CLEAR_MULTI_C -#endif - -#if defined(BN_MP_LSHD_C) - #define BN_MP_GROW_C - #define BN_MP_RSHD_C -#endif - -#if defined(BN_MP_MOD_C) - #define BN_MP_INIT_C - #define BN_MP_DIV_C - #define BN_MP_CLEAR_C - #define BN_MP_ADD_C - #define BN_MP_EXCH_C -#endif - -#if defined(BN_MP_MOD_2D_C) - #define BN_MP_ZERO_C - #define BN_MP_COPY_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_MOD_D_C) - #define BN_MP_DIV_D_C -#endif - -#if defined(BN_MP_MONTGOMERY_CALC_NORMALIZATION_C) - #define BN_MP_COUNT_BITS_C - #define BN_MP_2EXPT_C - #define BN_MP_SET_C - #define BN_MP_MUL_2_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C -#endif - -#if defined(BN_MP_MONTGOMERY_REDUCE_C) - #define BN_FAST_MP_MONTGOMERY_REDUCE_C - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C - #define BN_MP_RSHD_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C -#endif - -#if defined(BN_MP_MONTGOMERY_SETUP_C) -#endif - -#if defined(BN_MP_MUL_C) - #define BN_MP_TOOM_MUL_C - #define BN_MP_KARATSUBA_MUL_C - #define BN_FAST_S_MP_MUL_DIGS_C - #define BN_S_MP_MUL_C - #define BN_S_MP_MUL_DIGS_C -#endif - -#if defined(BN_MP_MUL_2_C) - #define BN_MP_GROW_C -#endif - -#if defined(BN_MP_MUL_2D_C) - #define BN_MP_COPY_C - #define BN_MP_GROW_C - #define BN_MP_LSHD_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_MUL_D_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_MULMOD_C) - #define BN_MP_INIT_C - #define BN_MP_MUL_C - #define BN_MP_CLEAR_C - #define BN_MP_MOD_C -#endif - -#if defined(BN_MP_N_ROOT_C) - #define BN_MP_INIT_C - #define BN_MP_SET_C - #define BN_MP_COPY_C - #define BN_MP_EXPT_D_C - #define BN_MP_MUL_C - #define BN_MP_SUB_C - #define BN_MP_MUL_D_C - #define BN_MP_DIV_C - #define BN_MP_CMP_C - #define BN_MP_SUB_D_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_NEG_C) - #define BN_MP_COPY_C - #define BN_MP_ISZERO_C -#endif - -#if defined(BN_MP_OR_C) - #define BN_MP_INIT_COPY_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_PRIME_FERMAT_C) - #define BN_MP_CMP_D_C - #define BN_MP_INIT_C - #define BN_MP_EXPTMOD_C - #define BN_MP_CMP_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_PRIME_IS_DIVISIBLE_C) - #define BN_MP_MOD_D_C -#endif - -#if defined(BN_MP_PRIME_IS_PRIME_C) - #define BN_MP_CMP_D_C - #define BN_MP_PRIME_IS_DIVISIBLE_C - #define BN_MP_INIT_C - #define BN_MP_SET_C - #define BN_MP_PRIME_MILLER_RABIN_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_PRIME_MILLER_RABIN_C) - #define BN_MP_CMP_D_C - #define BN_MP_INIT_COPY_C - #define BN_MP_SUB_D_C - #define BN_MP_CNT_LSB_C - #define BN_MP_DIV_2D_C - #define BN_MP_EXPTMOD_C - #define BN_MP_CMP_C - #define BN_MP_SQRMOD_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_PRIME_NEXT_PRIME_C) - #define BN_MP_CMP_D_C - #define BN_MP_SET_C - #define BN_MP_SUB_D_C - #define BN_MP_ISEVEN_C - #define BN_MP_MOD_D_C - #define BN_MP_INIT_C - #define BN_MP_ADD_D_C - #define BN_MP_PRIME_MILLER_RABIN_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_PRIME_RABIN_MILLER_TRIALS_C) -#endif - -#if defined(BN_MP_PRIME_RANDOM_EX_C) - #define BN_MP_READ_UNSIGNED_BIN_C - #define BN_MP_PRIME_IS_PRIME_C - #define BN_MP_SUB_D_C - #define BN_MP_DIV_2_C - #define BN_MP_MUL_2_C - #define BN_MP_ADD_D_C -#endif - -#if defined(BN_MP_RADIX_SIZE_C) - #define BN_MP_COUNT_BITS_C - #define BN_MP_INIT_COPY_C - #define BN_MP_ISZERO_C - #define BN_MP_DIV_D_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_RADIX_SMAP_C) - #define BN_MP_S_RMAP_C -#endif - -#if defined(BN_MP_RAND_C) - #define BN_MP_ZERO_C - #define BN_MP_ADD_D_C - #define BN_MP_LSHD_C -#endif - -#if defined(BN_MP_READ_RADIX_C) - #define BN_MP_ZERO_C - #define BN_MP_S_RMAP_C - #define BN_MP_RADIX_SMAP_C - #define BN_MP_MUL_D_C - #define BN_MP_ADD_D_C - #define BN_MP_ISZERO_C -#endif - -#if defined(BN_MP_READ_SIGNED_BIN_C) - #define BN_MP_READ_UNSIGNED_BIN_C -#endif - -#if defined(BN_MP_READ_UNSIGNED_BIN_C) - #define BN_MP_GROW_C - #define BN_MP_ZERO_C - #define BN_MP_MUL_2D_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_REDUCE_C) - #define BN_MP_REDUCE_SETUP_C - #define BN_MP_INIT_COPY_C - #define BN_MP_RSHD_C - #define BN_MP_MUL_C - #define BN_S_MP_MUL_HIGH_DIGS_C - #define BN_FAST_S_MP_MUL_HIGH_DIGS_C - #define BN_MP_MOD_2D_C - #define BN_S_MP_MUL_DIGS_C - #define BN_MP_SUB_C - #define BN_MP_CMP_D_C - #define BN_MP_SET_C - #define BN_MP_LSHD_C - #define BN_MP_ADD_C - #define BN_MP_CMP_C - #define BN_S_MP_SUB_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_REDUCE_2K_C) - #define BN_MP_INIT_C - #define BN_MP_COUNT_BITS_C - #define BN_MP_DIV_2D_C - #define BN_MP_MUL_D_C - #define BN_S_MP_ADD_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_REDUCE_2K_L_C) - #define BN_MP_INIT_C - #define BN_MP_COUNT_BITS_C - #define BN_MP_DIV_2D_C - #define BN_MP_MUL_C - #define BN_S_MP_ADD_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_REDUCE_2K_SETUP_C) - #define BN_MP_INIT_C - #define BN_MP_COUNT_BITS_C - #define BN_MP_2EXPT_C - #define BN_MP_CLEAR_C - #define BN_S_MP_SUB_C -#endif - -#if defined(BN_MP_REDUCE_2K_SETUP_L_C) - #define BN_MP_INIT_C - #define BN_MP_2EXPT_C - #define BN_MP_COUNT_BITS_C - #define BN_S_MP_SUB_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_REDUCE_IS_2K_C) - #define BN_MP_REDUCE_2K_C - #define BN_MP_COUNT_BITS_C -#endif - -#if defined(BN_MP_REDUCE_IS_2K_L_C) -#endif - -#if defined(BN_MP_REDUCE_SETUP_C) - #define BN_MP_2EXPT_C - #define BN_MP_DIV_C -#endif - -#if defined(BN_MP_RSHD_C) - #define BN_MP_ZERO_C -#endif - -#if defined(BN_MP_SET_C) - #define BN_MP_ZERO_C -#endif - -#if defined(BN_MP_SET_INT_C) - #define BN_MP_ZERO_C - #define BN_MP_MUL_2D_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_SHRINK_C) -#endif - -#if defined(BN_MP_SIGNED_BIN_SIZE_C) - #define BN_MP_UNSIGNED_BIN_SIZE_C -#endif - -#if defined(BN_MP_SQR_C) - #define BN_MP_TOOM_SQR_C - #define BN_MP_KARATSUBA_SQR_C - #define BN_FAST_S_MP_SQR_C - #define BN_S_MP_SQR_C -#endif - -#if defined(BN_MP_SQRMOD_C) - #define BN_MP_INIT_C - #define BN_MP_SQR_C - #define BN_MP_CLEAR_C - #define BN_MP_MOD_C -#endif - -#if defined(BN_MP_SQRT_C) - #define BN_MP_N_ROOT_C - #define BN_MP_ISZERO_C - #define BN_MP_ZERO_C - #define BN_MP_INIT_COPY_C - #define BN_MP_RSHD_C - #define BN_MP_DIV_C - #define BN_MP_ADD_C - #define BN_MP_DIV_2_C - #define BN_MP_CMP_MAG_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_SUB_C) - #define BN_S_MP_ADD_C - #define BN_MP_CMP_MAG_C - #define BN_S_MP_SUB_C -#endif - -#if defined(BN_MP_SUB_D_C) - #define BN_MP_GROW_C - #define BN_MP_ADD_D_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_MP_SUBMOD_C) - #define BN_MP_INIT_C - #define BN_MP_SUB_C - #define BN_MP_CLEAR_C - #define BN_MP_MOD_C -#endif - -#if defined(BN_MP_TO_SIGNED_BIN_C) - #define BN_MP_TO_UNSIGNED_BIN_C -#endif - -#if defined(BN_MP_TO_SIGNED_BIN_N_C) - #define BN_MP_SIGNED_BIN_SIZE_C - #define BN_MP_TO_SIGNED_BIN_C -#endif - -#if defined(BN_MP_TO_UNSIGNED_BIN_C) - #define BN_MP_INIT_COPY_C - #define BN_MP_ISZERO_C - #define BN_MP_DIV_2D_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_TO_UNSIGNED_BIN_N_C) - #define BN_MP_UNSIGNED_BIN_SIZE_C - #define BN_MP_TO_UNSIGNED_BIN_C -#endif - -#if defined(BN_MP_TOOM_MUL_C) - #define BN_MP_INIT_MULTI_C - #define BN_MP_MOD_2D_C - #define BN_MP_COPY_C - #define BN_MP_RSHD_C - #define BN_MP_MUL_C - #define BN_MP_MUL_2_C - #define BN_MP_ADD_C - #define BN_MP_SUB_C - #define BN_MP_DIV_2_C - #define BN_MP_MUL_2D_C - #define BN_MP_MUL_D_C - #define BN_MP_DIV_3_C - #define BN_MP_LSHD_C - #define BN_MP_CLEAR_MULTI_C -#endif - -#if defined(BN_MP_TOOM_SQR_C) - #define BN_MP_INIT_MULTI_C - #define BN_MP_MOD_2D_C - #define BN_MP_COPY_C - #define BN_MP_RSHD_C - #define BN_MP_SQR_C - #define BN_MP_MUL_2_C - #define BN_MP_ADD_C - #define BN_MP_SUB_C - #define BN_MP_DIV_2_C - #define BN_MP_MUL_2D_C - #define BN_MP_MUL_D_C - #define BN_MP_DIV_3_C - #define BN_MP_LSHD_C - #define BN_MP_CLEAR_MULTI_C -#endif - -#if defined(BN_MP_TORADIX_C) - #define BN_MP_ISZERO_C - #define BN_MP_INIT_COPY_C - #define BN_MP_DIV_D_C - #define BN_MP_CLEAR_C - #define BN_MP_S_RMAP_C -#endif - -#if defined(BN_MP_TORADIX_N_C) - #define BN_MP_ISZERO_C - #define BN_MP_INIT_COPY_C - #define BN_MP_DIV_D_C - #define BN_MP_CLEAR_C - #define BN_MP_S_RMAP_C -#endif - -#if defined(BN_MP_UNSIGNED_BIN_SIZE_C) - #define BN_MP_COUNT_BITS_C -#endif - -#if defined(BN_MP_XOR_C) - #define BN_MP_INIT_COPY_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_MP_ZERO_C) -#endif - -#if defined(BN_PRIME_TAB_C) -#endif - -#if defined(BN_REVERSE_C) -#endif - -#if defined(BN_S_MP_ADD_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BN_S_MP_EXPTMOD_C) - #define BN_MP_COUNT_BITS_C - #define BN_MP_INIT_C - #define BN_MP_CLEAR_C - #define BN_MP_REDUCE_SETUP_C - #define BN_MP_REDUCE_C - #define BN_MP_REDUCE_2K_SETUP_L_C - #define BN_MP_REDUCE_2K_L_C - #define BN_MP_MOD_C - #define BN_MP_COPY_C - #define BN_MP_SQR_C - #define BN_MP_MUL_C - #define BN_MP_SET_C - #define BN_MP_EXCH_C -#endif - -#if defined(BN_S_MP_MUL_DIGS_C) - #define BN_FAST_S_MP_MUL_DIGS_C - #define BN_MP_INIT_SIZE_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_S_MP_MUL_HIGH_DIGS_C) - #define BN_FAST_S_MP_MUL_HIGH_DIGS_C - #define BN_MP_INIT_SIZE_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_S_MP_SQR_C) - #define BN_MP_INIT_SIZE_C - #define BN_MP_CLAMP_C - #define BN_MP_EXCH_C - #define BN_MP_CLEAR_C -#endif - -#if defined(BN_S_MP_SUB_C) - #define BN_MP_GROW_C - #define BN_MP_CLAMP_C -#endif - -#if defined(BNCORE_C) -#endif - -#ifdef LTM3 -#define LTM_LAST -#endif -#include "mpi_superclass.h" -#include "mpi_class.h" -#else -#define LTM_LAST -#endif - -
--- a/wolfssl/wolfcrypt/mpi_superclass.h Tue Jul 21 11:37:09 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,96 +0,0 @@ -/* mpi_superclass.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - - -/* super class file for PK algos */ - -/* default ... include all MPI */ -#define LTM_ALL - -/* RSA only (does not support DH/DSA/ECC) */ -/* #define SC_RSA_1 */ - -/* For reference.... On an Athlon64 optimizing for speed... - - LTM's mpi.o with all functions [striped] is 142KiB in size. - -*/ - -/* Works for RSA only, mpi.o is 68KiB */ -#ifdef SC_RSA_1 - #define BN_MP_SHRINK_C - #define BN_MP_LCM_C - #define BN_MP_PRIME_RANDOM_EX_C - #define BN_MP_INVMOD_C - #define BN_MP_GCD_C - #define BN_MP_MOD_C - #define BN_MP_MULMOD_C - #define BN_MP_ADDMOD_C - #define BN_MP_EXPTMOD_C - #define BN_MP_SET_INT_C - #define BN_MP_INIT_MULTI_C - #define BN_MP_CLEAR_MULTI_C - #define BN_MP_UNSIGNED_BIN_SIZE_C - #define BN_MP_TO_UNSIGNED_BIN_C - #define BN_MP_MOD_D_C - #define BN_MP_PRIME_RABIN_MILLER_TRIALS_C - #define BN_REVERSE_C - #define BN_PRIME_TAB_C - - /* other modifiers */ - #define BN_MP_DIV_SMALL /* Slower division, not critical */ - - /* here we are on the last pass so we turn things off. The functions classes are still there - * but we remove them specifically from the build. This also invokes tweaks in functions - * like removing support for even moduli, etc... - */ -#ifdef LTM_LAST - #undef BN_MP_TOOM_MUL_C - #undef BN_MP_TOOM_SQR_C - #undef BN_MP_KARATSUBA_MUL_C - #undef BN_MP_KARATSUBA_SQR_C - #undef BN_MP_REDUCE_C - #undef BN_MP_REDUCE_SETUP_C - #undef BN_MP_DR_IS_MODULUS_C - #undef BN_MP_DR_SETUP_C - #undef BN_MP_DR_REDUCE_C - #undef BN_MP_REDUCE_IS_2K_C - #undef BN_MP_REDUCE_2K_SETUP_C - #undef BN_MP_REDUCE_2K_C - #undef BN_S_MP_EXPTMOD_C - #undef BN_MP_DIV_3_C - #undef BN_S_MP_MUL_HIGH_DIGS_C - #undef BN_FAST_S_MP_MUL_HIGH_DIGS_C - #undef BN_FAST_MP_INVMOD_C - - /* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold - * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines] - * which means roughly speaking you can handle upto 2536-bit RSA keys with these defined without - * trouble. - */ - #undef BN_S_MP_MUL_DIGS_C - #undef BN_S_MP_SQR_C - #undef BN_MP_MONTGOMERY_REDUCE_C -#endif - -#endif - -
--- a/wolfssl/wolfcrypt/pkcs7.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,127 +0,0 @@
-/* pkcs7.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_PKCS7_H
-#define WOLF_CRYPT_PKCS7_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_PKCS7
-
-#ifndef NO_ASN
- #include <wolfssl/wolfcrypt/asn.h>
-#endif
-#include <wolfssl/wolfcrypt/asn_public.h>
-#include <wolfssl/wolfcrypt/random.h>
-#ifndef NO_DES3
- #include <wolfssl/wolfcrypt/des3.h>
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* PKCS#7 content types, ref RFC 2315 (Section 14) */
-enum PKCS7_TYPES {
- PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
- DATA = 651, /* 1.2.840.113549.1.7.1 */
- SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */
- ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */
- SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */
- DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */
- ENCRYPTED_DATA = 656 /* 1.2.840.113549.1.7.6 */
-};
-
-enum Pkcs7_Misc {
- PKCS7_NONCE_SZ = 16,
- MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
- MAX_CONTENT_KEY_LEN = DES3_KEYLEN, /* highest current cipher is 3DES */
- MAX_RECIP_SZ = MAX_VERSION_SZ +
- MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
- MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ
-};
-
-
-typedef struct PKCS7Attrib {
- byte* oid;
- word32 oidSz;
- byte* value;
- word32 valueSz;
-} PKCS7Attrib;
-
-
-typedef struct PKCS7 {
- byte* content; /* inner content, not owner */
- word32 contentSz; /* content size */
- int contentOID; /* PKCS#7 content type OID sum */
-
- RNG* rng;
-
- int hashOID;
- int encryptOID; /* key encryption algorithm OID */
-
- byte* singleCert; /* recipient cert, DER, not owner */
- word32 singleCertSz; /* size of recipient cert buffer, bytes */
- byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
- byte* issuer; /* issuer name of singleCert */
- word32 issuerSz; /* length of issuer name */
- byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
- word32 issuerSnSz; /* length of serial number */
- byte publicKey[512];
- word32 publicKeySz;
- byte* privateKey; /* private key, DER, not owner */
- word32 privateKeySz; /* size of private key buffer, bytes */
-
- PKCS7Attrib* signedAttribs;
- word32 signedAttribsSz;
-} PKCS7;
-
-
-WOLFSSL_LOCAL int wc_SetContentType(int pkcs7TypeOID, byte* output);
-WOLFSSL_LOCAL int wc_GetContentType(const byte* input, word32* inOutIdx,
- word32* oid, word32 maxIdx);
-WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
- int keyEncAlgo, int blockKeySz,
- RNG* rng, byte* contentKeyPlain,
- byte* contentKeyEnc,
- int* keyEncSz, byte* out, word32 outSz);
-
-WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
-WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
-WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz);
-WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
- byte* output, word32 outputSz);
-WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
- byte* pkiMsg, word32 pkiMsgSz);
-WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
- byte* output, word32 outputSz);
-WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
- word32 pkiMsgSz, byte* output,
- word32 outputSz);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_PKCS7 */
-#endif /* WOLF_CRYPT_PKCS7_H */
-
-
--- a/wolfssl/wolfcrypt/poly1305.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,82 +0,0 @@
-/* poly1305.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_POLY1305_H
-#define WOLF_CRYPT_POLY1305_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_POLY1305
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* auto detect between 32bit / 64bit */
-#define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__))
-#define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64))
-#define HAS_GCC_4_4_64BIT (defined(__GNUC__) && defined(__LP64__) && \
- ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4))))
-
-#if (HAS_SIZEOF_INT128_64BIT || HAS_MSVC_64BIT || HAS_GCC_4_4_64BIT)
-#define POLY130564
-#else
-#define POLY130532
-#endif
-
-enum {
- POLY1305 = 7,
- POLY1305_BLOCK_SIZE = 16,
- POLY1305_DIGEST_SIZE = 16,
- POLY1305_PAD_SIZE = 56
-};
-
-/* Poly1305 state */
-typedef struct Poly1305 {
-#if defined(POLY130564)
- word64 r[3];
- word64 h[3];
- word64 pad[2];
-#else
- word32 r[5];
- word32 h[5];
- word32 pad[4];
-#endif
- size_t leftover;
- unsigned char buffer[POLY1305_BLOCK_SIZE];
- unsigned char final;
-} Poly1305;
-
-
-/* does init */
-
-WOLFSSL_API int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key, word32 kySz);
-WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte*, word32);
-WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* HAVE_POLY1305 */
-#endif /* WOLF_CRYPT_POLY1305_H */
-
-
--- a/wolfssl/wolfcrypt/pwdbased.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,66 +0,0 @@
-/* pwdbased.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_PWDBASED_H
-#define WOLF_CRYPT_PWDBASED_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_PWDBASED
-
-#ifndef NO_MD5
- #include <wolfssl/wolfcrypt/md5.h> /* for hash type */
-#endif
-
-#include <wolfssl/wolfcrypt/sha.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/*
- * hashType renamed to typeH to avoid shadowing global declation here:
- * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types
- */
-WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
- const byte* salt, int sLen, int iterations, int kLen,
- int typeH);
-WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
- const byte* salt, int sLen, int iterations, int kLen,
- int typeH);
-WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
- const byte* salt, int sLen, int iterations,
- int kLen, int typeH, int purpose);
-
-/* helper functions */
-WOLFSSL_LOCAL int GetDigestSize(int hashType);
-WOLFSSL_LOCAL int GetPKCS12HashSizes(int hashType, word32* v, word32* u);
-WOLFSSL_LOCAL int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
- byte* Ai, word32 u, int iterations);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_PWDBASED */
-#endif /* WOLF_CRYPT_PWDBASED_H */
-
--- a/wolfssl/wolfcrypt/rabbit.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-/* rabbit.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_RABBIT_H
-#define WOLF_CRYPT_RABBIT_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_RABBIT
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-enum {
- RABBIT_ENC_TYPE = 5 /* cipher unique type */
-};
-
-
-/* Rabbit Context */
-typedef struct RabbitCtx {
- word32 x[8];
- word32 c[8];
- word32 carry;
-} RabbitCtx;
-
-
-/* Rabbit stream cipher */
-typedef struct Rabbit {
- RabbitCtx masterCtx;
- RabbitCtx workCtx;
-} Rabbit;
-
-
-WOLFSSL_API int wc_RabbitProcess(Rabbit*, byte*, const byte*, word32);
-WOLFSSL_API int wc_RabbitSetKey(Rabbit*, const byte* key, const byte* iv);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_RABBIT */
-#endif /* WOLF_CRYPT_RABBIT_H */
-
-
--- a/wolfssl/wolfcrypt/random.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,144 +0,0 @@
-/* random.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_RANDOM_H
-#define WOLF_CRYPT_RANDOM_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_FIPS
-/* for fips @wc_fips */
-#include <cyassl/ctaocrypt/random.h>
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefining structs and macros */
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- #ifdef NO_SHA256
- #error "Hash DRBG requires SHA-256."
- #endif /* NO_SHA256 */
-
- #include <wolfssl/wolfcrypt/sha256.h>
-#else /* HAVE_HASHDRBG || NO_RC4 */
- #include <wolfssl/wolfcrypt/arc4.h>
-#endif /* HAVE_HASHDRBG || NO_RC4 */
-
-#if defined(USE_WINDOWS_API)
- #if defined(_WIN64)
- typedef unsigned __int64 ProviderHandle;
- /* type HCRYPTPROV, avoid #include <windows.h> */
- #else
- typedef unsigned long ProviderHandle;
- #endif
-#endif
-
-
-/* OS specific seeder */
-typedef struct OS_Seed {
- #if defined(USE_WINDOWS_API)
- ProviderHandle handle;
- #else
- int fd;
- #endif
-} OS_Seed;
-
-
-#if defined(WOLFSSL_MDK_ARM)
-#undef RNG
-#define RNG wolfSSL_RNG /* for avoiding name conflict in "stm32f2xx.h" */
-#endif
-
-
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
-
-
-#define DRBG_SEED_LEN (440/8)
-
-
-struct DRBG; /* Private DRBG state */
-
-
-/* Hash-based Deterministic Random Bit Generator */
-typedef struct RNG {
- struct DRBG* drbg;
- OS_Seed seed;
- byte status;
-} RNG;
-
-
-#else /* HAVE_HASHDRBG || NO_RC4 */
-
-
-#define WOLFSSL_RNG_CAVIUM_MAGIC 0xBEEF0004
-
-/* secure Random Number Generator */
-
-
-typedef struct RNG {
- OS_Seed seed;
- Arc4 cipher;
-#ifdef HAVE_CAVIUM
- int devId; /* nitrox device id */
- word32 magic; /* using cavium magic */
-#endif
-} RNG;
-
-
-#endif /* HAVE_HASH_DRBG || NO_RC4 */
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_LOCAL
-int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
-
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
-
-#ifdef HAVE_CAVIUM
- WOLFSSL_API int wc_InitRngCavium(RNG*, int);
-#endif
-
-#endif /* HAVE_HASH_DRBG || NO_RC4 */
-
-
-WOLFSSL_API int wc_InitRng(RNG*);
-WOLFSSL_API int wc_RNG_GenerateBlock(RNG*, byte*, word32 sz);
-WOLFSSL_API int wc_RNG_GenerateByte(RNG*, byte*);
-WOLFSSL_API int wc_FreeRng(RNG*);
-
-
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- WOLFSSL_API int wc_RNG_HealthTest(int reseed,
- const byte* entropyA, word32 entropyASz,
- const byte* entropyB, word32 entropyBSz,
- byte* output, word32 outputSz);
-#endif /* HAVE_HASHDRBG || NO_RC4 */
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_RANDOM_H */
-
-
--- a/wolfssl/wolfcrypt/ripemd.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,64 +0,0 @@
-/* ripemd.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_RIPEMD_H
-#define WOLF_CRYPT_RIPEMD_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef WOLFSSL_RIPEMD
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-/* in bytes */
-enum {
- RIPEMD = 3, /* hash type unique */
- RIPEMD_BLOCK_SIZE = 64,
- RIPEMD_DIGEST_SIZE = 20,
- RIPEMD_PAD_SIZE = 56
-};
-
-
-/* RipeMd 160 digest */
-typedef struct RipeMd {
- word32 buffLen; /* in bytes */
- word32 loLen; /* length in bytes */
- word32 hiLen; /* length in bytes */
- word32 digest[RIPEMD_DIGEST_SIZE / sizeof(word32)];
- word32 buffer[RIPEMD_BLOCK_SIZE / sizeof(word32)];
-} RipeMd;
-
-
-WOLFSSL_API void wc_InitRipeMd(RipeMd*);
-WOLFSSL_API void wc_RipeMdUpdate(RipeMd*, const byte*, word32);
-WOLFSSL_API void wc_RipeMdFinal(RipeMd*, byte*);
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLFSSL_RIPEMD */
-#endif /* WOLF_CRYPT_RIPEMD_H */
-
--- a/wolfssl/wolfcrypt/rsa.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,122 +0,0 @@
-/* rsa.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_RSA_H
-#define WOLF_CRYPT_RSA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_RSA
-
-#ifdef HAVE_FIPS
-/* for fips @wc_fips */
-#include <cyassl/ctaocrypt/rsa.h>
-#if defined(CYASSL_KEY_GEN) && !defined(WOLFSSL_KEY_GEN)
- #define WOLFSSL_KEY_GEN
-#endif
-#else
- #include <wolfssl/wolfcrypt/integer.h>
- #include <wolfssl/wolfcrypt/random.h>
-#endif /* HAVE_FIPS */
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefinition of structs */
-#define WOLFSSL_RSA_CAVIUM_MAGIC 0xBEEF0006
-
-enum {
- RSA_PUBLIC = 0,
- RSA_PRIVATE = 1
-};
-
-/* RSA */
-typedef struct RsaKey {
- mp_int n, e, d, p, q, dP, dQ, u;
- int type; /* public or private */
- void* heap; /* for user memory overrides */
-#ifdef HAVE_CAVIUM
- int devId; /* nitrox device id */
- word32 magic; /* using cavium magic */
- word64 contextHandle; /* nitrox context memory handle */
- byte* c_n; /* cavium byte buffers for key parts */
- byte* c_e;
- byte* c_d;
- byte* c_p;
- byte* c_q;
- byte* c_dP;
- byte* c_dQ;
- byte* c_u; /* sizes in bytes */
- word16 c_nSz, c_eSz, c_dSz, c_pSz, c_qSz, c_dP_Sz, c_dQ_Sz, c_uSz;
-#endif
-} RsaKey;
-#endif /*HAVE_FIPS */
-
-
-WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*);
-WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
-
-WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key, RNG* rng);
-WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
- RsaKey* key);
-WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key);
-WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key, RNG* rng);
-WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
- RsaKey* key);
-WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
- word32 outLen, RsaKey* key);
-WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
-
-#ifndef HAVE_FIPS /* to avoid asn duplicate symbols @wc_fips */
-WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
- RsaKey*, word32);
-WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
- RsaKey*, word32);
-WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
- const byte* e, word32 eSz, RsaKey* key);
-#ifdef WOLFSSL_KEY_GEN
- WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
-#endif
-#endif /* HAVE_FIPS*/
-WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
- word32*);
-
-#ifdef WOLFSSL_KEY_GEN
- WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
-#endif
-
-#ifdef HAVE_CAVIUM
- WOLFSSL_API int wc_RsaInitCavium(RsaKey*, int);
- WOLFSSL_API void wc_RsaFreeCavium(RsaKey*);
-#endif
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_RSA */
-#endif /* WOLF_CRYPT_RSA_H */
-
-
--- a/wolfssl/wolfcrypt/settings.h Tue Jul 21 11:37:09 2015 +0000
+++ b/wolfssl/wolfcrypt/settings.h Thu Apr 28 00:56:55 2016 +0000
@@ -1,8 +1,8 @@
/* settings.h
*
- * Copyright (C) 2006-2015 wolfSSL Inc.
+ * Copyright (C) 2006-2016 wolfSSL Inc.
*
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,9 +16,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
+
/* Place OS specific preprocessor flags, defines, includes here, will be
included into every file because types.h includes it */
@@ -57,6 +58,9 @@
/* Uncomment next line if using FreeRTOS */
/* #define FREERTOS */
+/* Uncomment next line if using FreeRTOS+ TCP */
+/* #define FREERTOS_TCP */
+
/* Uncomment next line if using FreeRTOS Windows Simulator */
/* #define FREERTOS_WINSIM */
@@ -72,9 +76,18 @@
/* Uncomment next line if building wolfSSL for LSR */
/* #define WOLFSSL_LSR */
-/* Uncomment next line if building wolfSSL for Freescale MQX/RTCS/MFS */
+/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */
/* #define FREESCALE_MQX */
+/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */
+/* #define FREESCALE_KSDK_MQX */
+
+/* Uncomment next line if building for Freescale KSDK Bare Metal */
+/* #define FREESCALE_KSDK_BM */
+
+/* Uncomment next line if building for Freescale FreeRTOS */
+/* #define FREESCALE_FREE_RTOS */
+
/* Uncomment next line if using STM32F2 */
/* #define WOLFSSL_STM32F2 */
@@ -90,6 +103,9 @@
/* Uncomment next line if building for IAR EWARM */
/* #define WOLFSSL_IAR_ARM */
+/* Uncomment next line if building for Rowley CrossWorks ARM */
+/* #define WOLFSSL_ROWLEY_ARM */
+
/* Uncomment next line if using TI-RTOS settings */
/* #define WOLFSSL_TIRTOS */
@@ -111,6 +127,15 @@
/* Uncomment next line if building for VxWorks */
/* #define WOLFSSL_VXWORKS */
+/* Uncomment next line to enable deprecated less secure static DH suites */
+/* #define WOLFSSL_STATIC_DH */
+
+/* Uncomment next line to enable deprecated less secure static RSA suites */
+/* #define WOLFSSL_STATIC_RSA */
+
+/* Uncomment next line if building for ARDUINO */
+/* #define WOLFSSL_ARDUINO */
+
#include <wolfssl/wolfcrypt/visibility.h>
#define WOLFSSL_USER_SETTINGS
@@ -119,6 +144,12 @@
#endif
+/* make sure old RNG name is used with CTaoCrypt FIPS */
+#ifdef HAVE_FIPS
+ #define WC_RNG RNG
+#endif
+
+
#ifdef IPHONE
#define SIZEOF_LONG_LONG 8
#endif
@@ -133,6 +164,8 @@
#define NO_FILESYSTEM
#define NO_SHA512
#define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
#define NO_DSA
#define NO_HC128
#define NO_RSA
@@ -157,7 +190,7 @@
#define NO_FILESYSTEM
#endif
-#if defined(WOLFSSL_IAR_ARM)
+#if defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_ROWLEY_ARM)
#define NO_MAIN_DRIVER
#define SINGLE_THREADED
#define USE_CERT_BUFFERS_1024
@@ -165,7 +198,7 @@
#define NO_FILESYSTEM
#define NO_WRITEV
#define WOLFSSL_USER_IO
- #define BENCH_EMBEDDED
+ #define BENCH_EMBEDDED
#endif
#ifdef MICROCHIP_PIC32
@@ -179,6 +212,7 @@
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define NEED_AES_TABLES
+ #define WOLFSSL_HAVE_MIN
#endif
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
@@ -209,11 +243,23 @@
#ifdef MBED
#define WOLFSSL_USER_IO
+ #define NO_FILESYSTEM
+ #define NO_CERT
+ #define USE_CERT_BUFFERS_1024
#define NO_WRITEV
#define NO_DEV_RANDOM
+ #define NO_SHA512
+ #define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
+ #define NO_DSA
+ #define NO_HC128
+ #define HAVE_ECC
+ #define NO_SESSION_CACHE
#define WOLFSSL_CMSIS_RTOS
#endif
+
#ifdef WOLFSSL_EROAD
#define FREESCALE_MQX
#define FREESCALE_MMCAU
@@ -227,6 +273,8 @@
#define NO_RSA
#define NO_DSA
#define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
#define NO_CERTS
#define NO_PWDBASED
#define NO_DES3
@@ -268,17 +316,91 @@
#ifdef WOLFSSL_VXWORKS
+ /* VxWorks simulator incorrectly detects building for i386 */
+ #ifdef VXWORKS_SIM
+ #define TFM_NO_ASM
+ #endif
+ #define WOLFSSL_HAVE_MIN
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define NO_MAIN_DRIVER
#define NO_DEV_RANDOM
#define NO_WRITEV
#endif
+#ifdef WOLFSSL_ARDUINO
+ #define NO_WRITEV
+ #define NO_WOLFSSL_DIR
+ #define SINGLE_THREADED
+ #define NO_DEV_RANDOM
+ #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */
+ #define TIME_OVERRIDES /* must define XTIME and XGMTIME externally */
+ #endif
+ #define WOLFSSL_USER_IO
+ #define HAVE_ECC
+ #define NO_DH
+ #define NO_SESSION_CACHE
+ #define USE_SLOW_SHA
+ #define NO_WOLFSSL_SERVER
+ #define NO_ERROR_STRINGS
+#endif
+
+
/* Micrium will use Visual Studio for compilation but not the Win32 API */
-#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
+#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && !defined(FREERTOS_TCP)\
&& !defined(EBSNET) && !defined(WOLFSSL_EROAD)
#define USE_WINDOWS_API
#endif
+#if defined(WOLFSSL_uITRON4)
+
+#define XMALLOC_USER
+#include <stddef.h>
+#define ITRON_POOL_SIZE 1024*20
+extern int uITRON4_minit(size_t poolsz) ;
+extern void *uITRON4_malloc(size_t sz) ;
+extern void *uITRON4_realloc(void *p, size_t sz) ;
+extern void uITRON4_free(void *p) ;
+
+#define XMALLOC(sz, heap, type) uITRON4_malloc(sz)
+#define XREALLOC(p, sz, heap, type) uITRON4_realloc(p, sz)
+#define XFREE(p, heap, type) uITRON4_free(p)
+#endif
+
+#if defined(WOLFSSL_uTKERNEL2)
+#define WOLFSSL_CLOSESOCKET
+#define XMALLOC_USER
+int uTKernel_init_mpool(unsigned int sz) ; /* initializing malloc pool */
+void *uTKernel_malloc(unsigned int sz) ;
+void *uTKernel_realloc(void *p, unsigned int sz) ;
+void uTKernel_free(void *p) ;
+#define XMALLOC(s, h, type) uTKernel_malloc((s))
+#define XREALLOC(p, n, h, t) uTKernel_realloc((p), (n))
+#define XFREE(p, h, type) uTKernel_free((p))
+
+#include <stdio.h>
+#include "tm/tmonitor.h"
+static char *fgets(char *buff, int sz, FILE *fp)
+/*static char * gets(char *buff)*/
+{
+ char * p = buff ;
+ *p = '\0' ;
+ while(1) {
+ *p = tm_getchar(-1) ;
+ tm_putchar(*p) ;
+ if(*p == '\r') {
+ tm_putchar('\n') ;
+ *p = '\0' ;
+ break ;
+ }
+ p ++ ;
+ }
+ return buff ;
+}
+
+#endif
+
#if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER)
#include <stdlib.h>
@@ -298,6 +420,14 @@
#ifdef FREERTOS
+ #include "FreeRTOS.h"
+
+ /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */
+ #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
+ #define XMALLOC(s, h, type) pvPortMalloc((s))
+ #define XFREE(p, h, type) vPortFree((p))
+ #endif
+
#ifndef NO_WRITEV
#define NO_WRITEV
#endif
@@ -319,11 +449,28 @@
#endif
#ifndef SINGLE_THREADED
- #include "FreeRTOS.h"
#include "semphr.h"
#endif
#endif
+#ifdef FREERTOS_TCP
+
+#if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER)
+#define XMALLOC(s, h, type) pvPortMalloc((s))
+#define XFREE(p, h, type) vPortFree((p))
+#endif
+
+#define WOLFSSL_GENSEED_FORTEST
+
+#define NO_WOLFSSL_DIR
+#define NO_WRITEV
+#define WOLFSSL_HAVE_MIN
+#define USE_FAST_MATH
+#define TFM_TIMING_REGISTANT
+#define NO_MAIN_DRIVER
+
+#endif
+
#ifdef WOLFSSL_TIRTOS
#define SIZEOF_LONG_LONG 8
#define NO_WRITEV
@@ -335,6 +482,7 @@
#define USE_CERT_BUFFERS_2048
#define NO_ERROR_STRINGS
#define USER_TIME
+ #define HAVE_ECC
#ifdef __IAR_SYSTEMS_ICC__
#pragma diag_suppress=Pa089
@@ -393,6 +541,8 @@
#define NO_WRITEV
#define NO_SHA512
#define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
#define NO_DSA
#define NO_HC128
#define NO_DEV_RANDOM
@@ -433,19 +583,15 @@
#endif
#ifdef FREESCALE_MQX
- #define SIZEOF_LONG_LONG 8
- #define NO_WRITEV
- #define NO_DEV_RANDOM
- #define NO_RABBIT
- #define NO_WOLFSSL_DIR
- #define USE_FAST_MATH
- #define TFM_TIMING_RESISTANT
- #define FREESCALE_K70_RNGA
- /* #define FREESCALE_K53_RNGB */
+ #define FREESCALE_COMMON
#include "mqx.h"
#ifndef NO_FILESYSTEM
#include "mfs.h"
- #include "fio.h"
+ #if MQX_USE_IO_OLD
+ #include "fio.h"
+ #else
+ #include "nio.h"
+ #endif
#endif
#ifndef SINGLE_THREADED
#include "mutex.h"
@@ -456,6 +602,100 @@
/* Note: MQX has no realloc, using fastmath above */
#endif
+#ifdef FREESCALE_KSDK_MQX
+ #define FREESCALE_COMMON
+ #include <mqx.h>
+ #ifndef NO_FILESYSTEM
+ #if MQX_USE_IO_OLD
+ #include <fio.h>
+ #else
+ #include <stdio.h>
+ #include <nio.h>
+ #endif
+ #endif
+ #ifndef SINGLE_THREADED
+ #include <mutex.h>
+ #endif
+
+ #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s))
+ #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));}
+ #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */
+
+ #define MQX_FILE_PTR FILE *
+ #define IO_SEEK_SET SEEK_SET
+ #define IO_SEEK_END SEEK_END
+#endif
+
+#ifdef FREESCALE_KSDK_BM
+ #define FREESCALE_COMMON
+ #define WOLFSSL_USER_IO
+ #define SINGLE_THREADED
+ #define NO_FILESYSTEM
+ #define USE_WOLFSSL_MEMORY
+#endif
+
+#ifdef FREESCALE_FREE_RTOS
+ #define FREESCALE_COMMON
+ #define NO_FILESYSTEM
+ #define NO_MAIN_DRIVER
+ #define XMALLOC(s, h, t) OSA_MemAlloc(s);(void)h;(void)t;
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) OSA_MemFree((xp));}
+ #ifdef FREESCALE_KSDK_BM
+ #error Baremetal and FreeRTOS cannot be both enabled at the same time!
+ #endif
+ #ifndef SINGLE_THREADED
+ #include "FreeRTOS.h"
+ #include "semphr.h"
+ #endif
+#endif
+
+#ifdef FREESCALE_COMMON
+ #define SIZEOF_LONG_LONG 8
+
+ /* disable features */
+ #define NO_WRITEV
+ #define NO_DEV_RANDOM
+ #define NO_RABBIT
+ #define NO_WOLFSSL_DIR
+
+ /* enable features */
+ #define USE_FAST_MATH
+ #define HAVE_ECC
+ #define HAVE_AESGCM
+
+ /* memory reduction */
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+ #define ALT_ECC_SIZE
+
+ /* setting for PIT timer */
+ #define PIT_INSTANCE 0
+ #define PIT_CHANNEL 0
+
+ #if defined(FREESCALE_KSDK_MQX) || defined(FREESCALE_KSDK_BM) || \
+ defined(FREESCALE_FREE_RTOS)
+ #include "fsl_device_registers.h"
+ #endif
+
+ /* random seed */
+ #define NO_OLD_RNGNAME
+ #if (FSL_FEATURE_SOC_TRNG_COUNT > 0)
+ #define FREESCALE_TRNG
+ #define TRNG_INSTANCE (0)
+ #elif (FSL_FEATURE_SOC_RNG_COUNT > 0)
+ #include "fsl_rnga_driver.h"
+ #define FREESCALE_RNGA
+ #define RNGA_INSTANCE (0)
+ #elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS)
+ /* defaulting to K70 RNGA, user should change if different */
+ /* #define FREESCALE_K53_RNGB */
+ #define FREESCALE_K70_RNGA
+ #endif
+
+ /* HW crypto */
+ /* #define FREESCALE_MMCAU */
+#endif
+
#ifdef WOLFSSL_STM32F2
#define SIZEOF_LONG_LONG 8
#define NO_DEV_RANDOM
@@ -721,7 +961,7 @@
#endif
/* if using hardware crypto and have alignment requirements, specify the
- requirement here. The record header of SSL/TLS will prvent easy alignment.
+ requirement here. The record header of SSL/TLS will prevent easy alignment.
This hint tries to help as much as possible. */
#ifndef WOLFSSL_GENERAL_ALIGNMENT
#ifdef WOLFSSL_AESNI
@@ -766,6 +1006,90 @@
#endif
#endif
+/* ECC Configs */
+#ifdef HAVE_ECC
+ /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
+ #ifndef NO_ECC_SIGN
+ #undef HAVE_ECC_SIGN
+ #define HAVE_ECC_SIGN
+ #endif
+ #ifndef NO_ECC_VERIFY
+ #undef HAVE_ECC_VERIFY
+ #define HAVE_ECC_VERIFY
+ #endif
+ #ifndef NO_ECC_DHE
+ #undef HAVE_ECC_DHE
+ #define HAVE_ECC_DHE
+ #endif
+ #ifndef NO_ECC_KEY_IMPORT
+ #undef HAVE_ECC_KEY_IMPORT
+ #define HAVE_ECC_KEY_IMPORT
+ #endif
+ #ifndef NO_ECC_KEY_EXPORT
+ #undef HAVE_ECC_KEY_EXPORT
+ #define HAVE_ECC_KEY_EXPORT
+ #endif
+#endif /* HAVE_ECC */
+
+/* Curve255519 Configs */
+#ifdef HAVE_CURVE25519
+ /* By default enable shared secret, key export and import */
+ #ifndef NO_CURVE25519_SHARED_SECRET
+ #undef HAVE_CURVE25519_SHARED_SECRET
+ #define HAVE_CURVE25519_SHARED_SECRET
+ #endif
+ #ifndef NO_CURVE25519_KEY_EXPORT
+ #undef HAVE_CURVE25519_KEY_EXPORT
+ #define HAVE_CURVE25519_KEY_EXPORT
+ #endif
+ #ifndef NO_CURVE25519_KEY_IMPORT
+ #undef HAVE_CURVE25519_KEY_IMPORT
+ #define HAVE_CURVE25519_KEY_IMPORT
+ #endif
+#endif /* HAVE_CURVE25519 */
+
+/* Ed255519 Configs */
+#ifdef HAVE_ED25519
+ /* By default enable sign, verify, key export and import */
+ #ifndef NO_ED25519_SIGN
+ #undef HAVE_ED25519_SIGN
+ #define HAVE_ED25519_SIGN
+ #endif
+ #ifndef NO_ED25519_VERIFY
+ #undef HAVE_ED25519_VERIFY
+ #define HAVE_ED25519_VERIFY
+ #endif
+ #ifndef NO_ED25519_KEY_EXPORT
+ #undef HAVE_ED25519_KEY_EXPORT
+ #define HAVE_ED25519_KEY_EXPORT
+ #endif
+ #ifndef NO_ED25519_KEY_IMPORT
+ #undef HAVE_ED25519_KEY_IMPORT
+ #define HAVE_ED25519_KEY_IMPORT
+ #endif
+#endif /* HAVE_ED25519 */
+
+/* AES Config */
+#ifndef NO_AES
+ /* By default enable all AES key sizes, decryption and CBC */
+ #ifndef AES_MAX_KEY_SIZE
+ #undef AES_MAX_KEY_SIZE
+ #define AES_MAX_KEY_SIZE 256
+ #endif
+ #ifndef NO_AES_DECRYPT
+ #undef HAVE_AES_DECRYPT
+ #define HAVE_AES_DECRYPT
+ #endif
+ #ifndef NO_AES_CBC
+ #undef HAVE_AES_CBC
+ #define HAVE_AES_CBC
+ #else
+ #ifndef WOLFCRYPT_ONLY
+ #error "AES CBC is required for TLS and can only be disabled for WOLFCRYPT_ONLY builds"
+ #endif
+ #endif
+#endif
+
/* if desktop type system and fastmath increase default max bits */
#ifdef WOLFSSL_X86_64_BUILD
#ifdef USE_FAST_MATH
@@ -781,6 +1105,50 @@
#define NO_OLD_TLS
#endif
+/* If not forcing ARC4 as the DRBG or using custom RNG block gen, enable Hash_DRBG */
+#undef HAVE_HASHDRBG
+#if !defined(WOLFSSL_FORCE_RC4_DRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+ #define HAVE_HASHDRBG
+#endif
+
+
+/* sniffer requires:
+ * static RSA cipher suites
+ * session stats and peak stats
+ */
+#ifdef WOLFSSL_SNIFFER
+ #ifndef WOLFSSL_STATIC_RSA
+ #define WOLFSSL_STATIC_RSA
+ #endif
+ #ifndef WOLFSSL_SESSION_STATS
+ #define WOLFSSL_SESSION_STATS
+ #endif
+ #ifndef WOLFSSL_PEAK_SESSIONS
+ #define WOLFSSL_PEAK_SESSIONS
+ #endif
+#endif
+
+/* Decode Public Key extras on by default, user can turn off with
+ * WOLFSSL_NO_DECODE_EXTRA */
+#ifndef WOLFSSL_NO_DECODE_EXTRA
+ #ifndef RSA_DECODE_EXTRA
+ #define RSA_DECODE_EXTRA
+ #endif
+ #ifndef ECC_DECODE_EXTRA
+ #define ECC_DECODE_EXTRA
+ #endif
+#endif
+
+/* C Sharp wrapper defines */
+#ifdef HAVE_CSHARP
+ #ifndef WOLFSSL_DTLS
+ #define WOLFSSL_DTLS
+ #endif
+ #undef NO_PSK
+ #undef NO_SHA256
+ #undef NO_DH
+#endif
+
/* Place any other flags or defines here */
--- a/wolfssl/wolfcrypt/sha.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,88 +0,0 @@
-/* sha.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_SHA_H
-#define WOLF_CRYPT_SHA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA
-
-#ifdef HAVE_FIPS
-/* for fips @wc_fips */
-#include <cyassl/ctaocrypt/sha.h>
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefining structs */
-/* in bytes */
-enum {
-#ifdef STM32F2_HASH
- SHA_REG_SIZE = 4, /* STM32 register size, bytes */
-#endif
- SHA = 1, /* hash type unique */
- SHA_BLOCK_SIZE = 64,
- SHA_DIGEST_SIZE = 20,
- SHA_PAD_SIZE = 56
-};
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#include "port/pic32/pic32mz-crypt.h"
-#endif
-
-#ifndef WOLFSSL_TI_HASH
-
-/* Sha digest */
-typedef struct Sha {
- word32 buffLen; /* in bytes */
- word32 loLen; /* length in bytes */
- word32 hiLen; /* length in bytes */
- word32 buffer[SHA_BLOCK_SIZE / sizeof(word32)];
- #ifndef WOLFSSL_PIC32MZ_HASH
- word32 digest[SHA_DIGEST_SIZE / sizeof(word32)];
- #else
- word32 digest[PIC32_HASH_SIZE / sizeof(word32)];
- pic32mz_desc desc; /* Crypt Engine descripter */
- #endif
-} Sha;
-
-#else /* WOLFSSL_TI_HASH */
- #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha(Sha*);
-WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
-WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
-WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_SHA */
-#endif /* WOLF_CRYPT_SHA_H */
-
-
--- a/wolfssl/wolfcrypt/sha256.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-/* sha256.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* code submitted by raphael.huck@efixo.com */
-
-#ifndef WOLF_CRYPT_SHA256_H
-#define WOLF_CRYPT_SHA256_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA256
-
-#ifdef HAVE_FIPS
- /* for fips @wc_fips */
- #include <cyassl/ctaocrypt/sha256.h>
-#endif
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefinition of structs */
-#ifdef WOLFSSL_PIC32MZ_HASH
- #include "port/pic32/pic32mz-crypt.h"
-#endif
-
-/* in bytes */
-enum {
- SHA256 = 2, /* hash type unique */
- SHA256_BLOCK_SIZE = 64,
- SHA256_DIGEST_SIZE = 32,
- SHA256_PAD_SIZE = 56
-};
-
-#ifndef WOLFSSL_TI_HASH
-
-/* Sha256 digest */
-typedef struct Sha256 {
- word32 buffLen; /* in bytes */
- word32 loLen; /* length in bytes */
- word32 hiLen; /* length in bytes */
- word32 digest[SHA256_DIGEST_SIZE / sizeof(word32)];
- word32 buffer[SHA256_BLOCK_SIZE / sizeof(word32)];
- #ifdef WOLFSSL_PIC32MZ_HASH
- pic32mz_desc desc ; /* Crypt Engine descripter */
- #endif
-} Sha256;
-
-#else /* WOLFSSL_TI_HASH */
- #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha256(Sha256*);
-WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
-WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
-WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* NO_SHA256 */
-#endif /* WOLF_CRYPT_SHA256_H */
-
-
--- a/wolfssl/wolfcrypt/sha512.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,105 +0,0 @@
-/* sha512.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_SHA512_H
-#define WOLF_CRYPT_SHA512_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef WOLFSSL_SHA512
-
-/* for fips @wc_fips */
-#ifdef HAVE_FIPS
- #define CYASSL_SHA512
- #if defined(WOLFSSL_SHA384)
- #define CYASSL_SHA384
- #endif
- #include <cyassl/ctaocrypt/sha512.h>
-#endif
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefinition of structs */
-
-/* in bytes */
-enum {
- SHA512 = 4, /* hash type unique */
- SHA512_BLOCK_SIZE = 128,
- SHA512_DIGEST_SIZE = 64,
- SHA512_PAD_SIZE = 112
-};
-
-
-/* Sha512 digest */
-typedef struct Sha512 {
- word32 buffLen; /* in bytes */
- word32 loLen; /* length in bytes */
- word32 hiLen; /* length in bytes */
- word64 digest[SHA512_DIGEST_SIZE / sizeof(word64)];
- word64 buffer[SHA512_BLOCK_SIZE / sizeof(word64)];
-} Sha512;
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha512(Sha512*);
-WOLFSSL_API int wc_Sha512Update(Sha512*, const byte*, word32);
-WOLFSSL_API int wc_Sha512Final(Sha512*, byte*);
-WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
-
-#if defined(WOLFSSL_SHA384)
-
-#ifndef HAVE_FIPS /* avoid redefinition of structs */
-/* in bytes */
-enum {
- SHA384 = 5, /* hash type unique */
- SHA384_BLOCK_SIZE = 128,
- SHA384_DIGEST_SIZE = 48,
- SHA384_PAD_SIZE = 112
-};
-
-
-/* Sha384 digest */
-typedef struct Sha384 {
- word32 buffLen; /* in bytes */
- word32 loLen; /* length in bytes */
- word32 hiLen; /* length in bytes */
- word64 digest[SHA512_DIGEST_SIZE / sizeof(word64)]; /* for transform 512 */
- word64 buffer[SHA384_BLOCK_SIZE / sizeof(word64)];
-} Sha384;
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha384(Sha384*);
-WOLFSSL_API int wc_Sha384Update(Sha384*, const byte*, word32);
-WOLFSSL_API int wc_Sha384Final(Sha384*, byte*);
-WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
-
-#endif /* WOLFSSL_SHA384 */
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLFSSL_SHA512 */
-#endif /* WOLF_CRYPT_SHA512_H */
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/wolfcrypt/signature.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,62 @@
+/* signature.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_SIGNATURE_H
+#define WOLF_CRYPT_SIGNATURE_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum wc_SignatureType {
+ WC_SIGNATURE_TYPE_NONE = 0,
+ WC_SIGNATURE_TYPE_ECC = 1,
+ WC_SIGNATURE_TYPE_RSA = 2,
+ WC_SIGNATURE_TYPE_RSA_W_ENC = 3, /* Adds DER header via wc_EncodeSignature */
+};
+
+WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type,
+ const void* key, word32 key_len);
+
+WOLFSSL_API int wc_SignatureVerify(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* data, word32 data_len,
+ const byte* sig, word32 sig_len,
+ const void* key, word32 key_len);
+
+WOLFSSL_API int wc_SignatureGenerate(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* data, word32 data_len,
+ byte* sig, word32 *sig_len,
+ const void* key, word32 key_len,
+ WC_RNG* rng);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_SIGNATURE_H */
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/wolfcrypt/srp.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,301 @@
+/* srp.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef WOLFCRYPT_HAVE_SRP
+
+#ifndef WOLFCRYPT_SRP_H
+#define WOLFCRYPT_SRP_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/integer.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Select the largest available hash for the buffer size. */
+#if defined(WOLFSSL_SHA512)
+ #define SRP_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
+#elif defined(WOLFSSL_SHA384)
+ #define SRP_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
+#elif !defined(NO_SHA256)
+ #define SRP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
+#elif !defined(NO_SHA)
+ #define SRP_MAX_DIGEST_SIZE SHA_DIGEST_SIZE
+#else
+ #error "You have to have some kind of SHA hash if you want to use SRP."
+#endif
+
+/* Set the minimum number of bits acceptable in an SRP modulus */
+#define SRP_DEFAULT_MIN_BITS 512
+
+/**
+ * SRP side, client or server.
+ */
+typedef enum {
+ SRP_CLIENT_SIDE = 0,
+ SRP_SERVER_SIDE = 1,
+} SrpSide;
+
+/**
+ * SRP hash type, SHA[1|256|384|512].
+ */
+typedef enum {
+ SRP_TYPE_SHA = 1,
+ SRP_TYPE_SHA256 = 2,
+ SRP_TYPE_SHA384 = 3,
+ SRP_TYPE_SHA512 = 4,
+} SrpType;
+
+/**
+ * SRP hash struct.
+ */
+typedef struct {
+ byte type;
+ union {
+ #ifndef NO_SHA
+ Sha sha;
+ #endif
+ #ifndef NO_SHA256
+ Sha256 sha256;
+ #endif
+ #ifdef WOLFSSL_SHA384
+ Sha384 sha384;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ Sha512 sha512;
+ #endif
+ } data;
+} SrpHash;
+
+typedef struct Srp {
+ SrpSide side; /**< Client or Server, @see SrpSide. */
+ SrpType type; /**< Hash type, @see SrpType. */
+ byte* user; /**< Username, login. */
+ word32 userSz; /**< Username length. */
+ byte* salt; /**< Small salt. */
+ word32 saltSz; /**< Salt length. */
+ mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes.*/
+ mp_int g; /**< Generator. A generator modulo N. */
+ byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameter. k = H(N, g) */
+ mp_int auth; /**< Client: x = H(salt + H(user:pswd)) */
+ /**< Server: v = g ^ x % N */
+ mp_int priv; /**< Private ephemeral value. */
+ SrpHash client_proof; /**< Client proof. Sent to the Server. */
+ SrpHash server_proof; /**< Server proof. Sent to the Client. */
+ byte* key; /**< Session key. */
+ word32 keySz; /**< Session key length. */
+ int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size);
+ /**< Function responsible for generating the session key. */
+ /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the */
+ /**< key buffer for this structure and set keySz to the buffer size. */
+ /**< The default function used by this implementation is a modified */
+ /**< version of t_mgf1 that uses the proper hash function according */
+ /**< to srp->type. */
+} Srp;
+
+/**
+ * Initializes the Srp struct for usage.
+ *
+ * @param[out] srp the Srp structure to be initialized.
+ * @param[in] type the hash type to be used.
+ * @param[in] side the side of the communication.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
+
+/**
+ * Releases the Srp struct resources after usage.
+ *
+ * @param[in,out] srp the Srp structure to be terminated.
+ */
+WOLFSSL_API void wc_SrpTerm(Srp* srp);
+
+/**
+ * Sets the username.
+ *
+ * This function MUST be called after wc_SrpInit.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] username the buffer containing the username.
+ * @param[in] size the username size in bytes
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);
+
+
+/**
+ * Sets the srp parameters based on the username.
+ *
+ * This function MUST be called after wc_SrpSetUsername.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] N the Modulus. N = 2q+1, [q, N] are primes.
+ * @param[in] nSz the N size in bytes.
+ * @param[in] g the Generator modulo N.
+ * @param[in] gSz the g size in bytes
+ * @param[in] salt a small random salt. Specific for each username.
+ * @param[in] saltSz the salt size in bytes
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
+ const byte* g, word32 gSz,
+ const byte* salt, word32 saltSz);
+
+/**
+ * Sets the password.
+ *
+ * Setting the password does not persists the clear password data in the
+ * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores
+ * it in the auth field.
+ *
+ * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] password the buffer containing the password.
+ * @param[in] size the password size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
+
+/**
+ * Sets the verifier.
+ *
+ * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] verifier the buffer containing the verifier.
+ * @param[in] size the verifier size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
+
+/**
+ * Gets the verifier.
+ *
+ * The client calculates the verifier with v = g ^ x % N.
+ * This function MAY be called after wc_SrpSetPassword and is CLIENT SIDE ONLY.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[out] verifier the buffer to write the verifier.
+ * @param[in,out] size the buffer size in bytes. Will be updated with the
+ * verifier size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
+
+/**
+ * Sets the private ephemeral value.
+ *
+ * The private ephemeral value is known as:
+ * a at the client side. a = random()
+ * b at the server side. b = random()
+ * This function is handy for unit test cases or if the developer wants to use
+ * an external random source to set the ephemeral value.
+ * This function MAY be called before wc_SrpGetPublic.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] priv the ephemeral value.
+ * @param[in] size the private size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size);
+
+/**
+ * Gets the public ephemeral value.
+ *
+ * The public ephemeral value is known as:
+ * A at the client side. A = g ^ a % N
+ * B at the server side. B = (k * v + (g Ë b % N)) % N
+ * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[out] pub the buffer to write the public ephemeral value.
+ * @param[in,out] size the the buffer size in bytes. Will be updated with
+ * the ephemeral value size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size);
+
+
+/**
+ * Computes the session key.
+ *
+ * The key can be accessed at srp->key after success.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] clientPubKey the client's public ephemeral value.
+ * @param[in] clientPubKeySz the client's public ephemeral value size.
+ * @param[in] serverPubKey the server's public ephemeral value.
+ * @param[in] serverPubKeySz the server's public ephemeral value size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
+ byte* clientPubKey, word32 clientPubKeySz,
+ byte* serverPubKey, word32 serverPubKeySz);
+
+/**
+ * Gets the proof.
+ *
+ * This function MUST be called after wc_SrpComputeKey.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[out] proof the buffer to write the proof.
+ * @param[in,out] size the buffer size in bytes. Will be updated with the
+ * proof size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
+
+/**
+ * Verifies the peers proof.
+ *
+ * This function MUST be called before wc_SrpGetSessionKey.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] proof the peers proof.
+ * @param[in] size the proof size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFCRYPT_SRP_H */
+#endif /* WOLFCRYPT_HAVE_SRP */
+
--- a/wolfssl/wolfcrypt/tfm.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,721 +0,0 @@
-/* tfm.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/*
- * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
- * http://math.libtomcrypt.com
- */
-
-
-/**
- * Edited by Moisés Guimarães (moises.guimaraes@phoebus.com.br)
- * to fit CyaSSL's needs.
- */
-
-
-#ifndef WOLF_CRYPT_TFM_H
-#define WOLF_CRYPT_TFM_H
-
-#include <wolfssl/wolfcrypt/types.h>
-#ifndef CHAR_BIT
- #include <limits.h>
-#endif
-
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifndef MIN
- #define MIN(x,y) ((x)<(y)?(x):(y))
-#endif
-
-#ifndef MAX
- #define MAX(x,y) ((x)>(y)?(x):(y))
-#endif
-
-
-#ifndef NO_64BIT
-/* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */
-#if defined(__x86_64__)
- #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM)
- #error x86-64 detected, x86-32/SSE2/ARM optimizations are not valid!
- #endif
- #if !defined(TFM_X86_64) && !defined(TFM_NO_ASM)
- #define TFM_X86_64
- #endif
-#endif
-#if defined(TFM_X86_64)
- #if !defined(FP_64BIT)
- #define FP_64BIT
- #endif
-#endif
-/* use 64-bit digit even if not using asm on x86_64 */
-#if defined(__x86_64__) && !defined(FP_64BIT)
- #define FP_64BIT
-#endif
-/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
-#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
- #undef FP_64BIT
- #undef TFM_X86_64
-#endif
-#endif /* NO_64BIT */
-
-/* try to detect x86-32 */
-#if defined(__i386__) && !defined(TFM_SSE2)
- #if defined(TFM_X86_64) || defined(TFM_ARM)
- #error x86-32 detected, x86-64/ARM optimizations are not valid!
- #endif
- #if !defined(TFM_X86) && !defined(TFM_NO_ASM)
- #define TFM_X86
- #endif
-#endif
-
-/* make sure we're 32-bit for x86-32/sse/arm/ppc32 */
-#if (defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) || defined(TFM_PPC32)) && defined(FP_64BIT)
- #warning x86-32, SSE2 and ARM, PPC32 optimizations require 32-bit digits (undefining)
- #undef FP_64BIT
-#endif
-
-/* multi asms? */
-#ifdef TFM_X86
- #define TFM_ASM
-#endif
-#ifdef TFM_X86_64
- #ifdef TFM_ASM
- #error TFM_ASM already defined!
- #endif
- #define TFM_ASM
-#endif
-#ifdef TFM_SSE2
- #ifdef TFM_ASM
- #error TFM_ASM already defined!
- #endif
- #define TFM_ASM
-#endif
-#ifdef TFM_ARM
- #ifdef TFM_ASM
- #error TFM_ASM already defined!
- #endif
- #define TFM_ASM
-#endif
-#ifdef TFM_PPC32
- #ifdef TFM_ASM
- #error TFM_ASM already defined!
- #endif
- #define TFM_ASM
-#endif
-#ifdef TFM_PPC64
- #ifdef TFM_ASM
- #error TFM_ASM already defined!
- #endif
- #define TFM_ASM
-#endif
-#ifdef TFM_AVR32
- #ifdef TFM_ASM
- #error TFM_ASM already defined!
- #endif
- #define TFM_ASM
-#endif
-
-/* we want no asm? */
-#ifdef TFM_NO_ASM
- #undef TFM_X86
- #undef TFM_X86_64
- #undef TFM_SSE2
- #undef TFM_ARM
- #undef TFM_PPC32
- #undef TFM_PPC64
- #undef TFM_AVR32
- #undef TFM_ASM
-#endif
-
-/* ECC helpers */
-#ifdef TFM_ECC192
- #ifdef FP_64BIT
- #define TFM_MUL3
- #define TFM_SQR3
- #else
- #define TFM_MUL6
- #define TFM_SQR6
- #endif
-#endif
-
-#ifdef TFM_ECC224
- #ifdef FP_64BIT
- #define TFM_MUL4
- #define TFM_SQR4
- #else
- #define TFM_MUL7
- #define TFM_SQR7
- #endif
-#endif
-
-#ifdef TFM_ECC256
- #ifdef FP_64BIT
- #define TFM_MUL4
- #define TFM_SQR4
- #else
- #define TFM_MUL8
- #define TFM_SQR8
- #endif
-#endif
-
-#ifdef TFM_ECC384
- #ifdef FP_64BIT
- #define TFM_MUL6
- #define TFM_SQR6
- #else
- #define TFM_MUL12
- #define TFM_SQR12
- #endif
-#endif
-
-#ifdef TFM_ECC521
- #ifdef FP_64BIT
- #define TFM_MUL9
- #define TFM_SQR9
- #else
- #define TFM_MUL17
- #define TFM_SQR17
- #endif
-#endif
-
-
-/* some default configurations.
- */
-#if defined(FP_64BIT)
- /* for GCC only on supported platforms */
- typedef unsigned long long fp_digit; /* 64bit, 128 uses mode(TI) below */
- typedef unsigned long fp_word __attribute__ ((mode(TI)));
-#else
- #if defined(_MSC_VER) || defined(__BORLANDC__)
- typedef unsigned __int64 ulong64;
- #else
- typedef unsigned long long ulong64;
- #endif
-
- #ifndef NO_64BIT
- typedef unsigned int fp_digit;
- typedef ulong64 fp_word;
- #define FP_32BIT
- #else
- /* some procs like coldfire prefer not to place multiply into 64bit type
- even though it exists */
- typedef unsigned short fp_digit;
- typedef unsigned int fp_word;
- #endif
-#endif
-
-/* # of digits this is */
-#define DIGIT_BIT (int)((CHAR_BIT) * sizeof(fp_digit))
-
-/* Max size of any number in bits. Basically the largest size you will be
- * multiplying should be half [or smaller] of FP_MAX_SIZE-four_digit
- *
- * It defaults to 4096-bits [allowing multiplications upto 2048x2048 bits ]
- */
-#ifndef FP_MAX_BITS
- #define FP_MAX_BITS 4096
-#endif
-#define FP_MAX_SIZE (FP_MAX_BITS+(8*DIGIT_BIT))
-
-/* will this lib work? */
-#if (CHAR_BIT & 7)
- #error CHAR_BIT must be a multiple of eight.
-#endif
-#if FP_MAX_BITS % CHAR_BIT
- #error FP_MAX_BITS must be a multiple of CHAR_BIT
-#endif
-
-#define FP_MASK (fp_digit)(-1)
-#define FP_SIZE (FP_MAX_SIZE/DIGIT_BIT)
-
-/* signs */
-#define FP_ZPOS 0
-#define FP_NEG 1
-
-/* return codes */
-#define FP_OKAY 0
-#define FP_VAL 1
-#define FP_MEM 2
-
-/* equalities */
-#define FP_LT -1 /* less than */
-#define FP_EQ 0 /* equal to */
-#define FP_GT 1 /* greater than */
-
-/* replies */
-#define FP_YES 1 /* yes response */
-#define FP_NO 0 /* no response */
-
-/* a FP type */
-typedef struct {
- int used,
- sign;
-#ifdef ALT_ECC_SIZE
- int size;
-#endif
- fp_digit dp[FP_SIZE];
-} fp_int;
-
-/* externally define this symbol to ignore the default settings, useful for changing the build from the make process */
-#ifndef TFM_ALREADY_SET
-
-/* do we want the large set of small multiplications ?
- Enable these if you are going to be doing a lot of small (<= 16 digit) multiplications say in ECC
- Or if you're on a 64-bit machine doing RSA as a 1024-bit integer == 16 digits ;-)
- */
-/* need to refactor the function */
-/*#define TFM_SMALL_SET */
-
-/* do we want huge code
- Enable these if you are doing 20, 24, 28, 32, 48, 64 digit multiplications (useful for RSA)
- Less important on 64-bit machines as 32 digits == 2048 bits
- */
-#if 0
-#define TFM_MUL3
-#define TFM_MUL4
-#define TFM_MUL6
-#define TFM_MUL7
-#define TFM_MUL8
-#define TFM_MUL9
-#define TFM_MUL12
-#define TFM_MUL17
-#endif
-#ifdef TFM_HUGE_SET
-#define TFM_MUL20
-#define TFM_MUL24
-#define TFM_MUL28
-#define TFM_MUL32
-#if (FP_MAX_BITS >= 6144) && defined(FP_64BIT)
- #define TFM_MUL48
-#endif
-#if (FP_MAX_BITS >= 8192) && defined(FP_64BIT)
- #define TFM_MUL64
-#endif
-#endif
-
-#if 0
-#define TFM_SQR3
-#define TFM_SQR4
-#define TFM_SQR6
-#define TFM_SQR7
-#define TFM_SQR8
-#define TFM_SQR9
-#define TFM_SQR12
-#define TFM_SQR17
-#endif
-#ifdef TFM_HUGE_SET
-#define TFM_SQR20
-#define TFM_SQR24
-#define TFM_SQR28
-#define TFM_SQR32
-#define TFM_SQR48
-#define TFM_SQR64
-#endif
-
-/* do we want some overflow checks
- Not required if you make sure your numbers are within range (e.g. by default a modulus for fp_exptmod() can only be upto 2048 bits long)
- */
-/* #define TFM_CHECK */
-
-/* Is the target a P4 Prescott
- */
-/* #define TFM_PRESCOTT */
-
-/* Do we want timing resistant fp_exptmod() ?
- * This makes it slower but also timing invariant with respect to the exponent
- */
-/* #define TFM_TIMING_RESISTANT */
-
-#endif /* TFM_ALREADY_SET */
-
-/* functions */
-
-/* returns a TFM ident string useful for debugging... */
-/*const char *fp_ident(void);*/
-
-/* initialize [or zero] an fp int */
-#ifdef ALT_ECC_SIZE
- void fp_init(fp_int *a);
- void fp_zero(fp_int *a);
-#else
- #define fp_init(a) (void)XMEMSET((a), 0, sizeof(fp_int))
- #define fp_zero(a) fp_init(a)
-#endif
-
-/* zero/even/odd ? */
-#define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO)
-#define fp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
-#define fp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
-
-/* set to a small digit */
-void fp_set(fp_int *a, fp_digit b);
-
-/* copy from a to b */
-#ifndef ALT_ECC_SIZE
- #define fp_copy(a, b) (void)(((a) != (b)) ? ((void)XMEMCPY((b), (a), sizeof(fp_int))) : (void)0)
- #define fp_init_copy(a, b) fp_copy(b, a)
-#else
- void fp_copy(fp_int *a, fp_int *b);
- void fp_init_copy(fp_int *a, fp_int *b);
-#endif
-
-/* clamp digits */
-#define fp_clamp(a) { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : FP_ZPOS; }
-
-/* negate and absolute */
-#define fp_neg(a, b) { fp_copy(a, b); (b)->sign ^= 1; fp_clamp(b); }
-#define fp_abs(a, b) { fp_copy(a, b); (b)->sign = 0; }
-
-/* right shift x digits */
-void fp_rshd(fp_int *a, int x);
-
-/* right shift x bits */
-void fp_rshb(fp_int *a, int x);
-
-/* left shift x digits */
-void fp_lshd(fp_int *a, int x);
-
-/* signed comparison */
-int fp_cmp(fp_int *a, fp_int *b);
-
-/* unsigned comparison */
-int fp_cmp_mag(fp_int *a, fp_int *b);
-
-/* power of 2 operations */
-void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);
-void fp_mod_2d(fp_int *a, int b, fp_int *c);
-void fp_mul_2d(fp_int *a, int b, fp_int *c);
-void fp_2expt (fp_int *a, int b);
-void fp_mul_2(fp_int *a, fp_int *c);
-void fp_div_2(fp_int *a, fp_int *c);
-
-/* Counts the number of lsbs which are zero before the first zero bit */
-int fp_cnt_lsb(fp_int *a);
-
-/* c = a + b */
-void fp_add(fp_int *a, fp_int *b, fp_int *c);
-
-/* c = a - b */
-void fp_sub(fp_int *a, fp_int *b, fp_int *c);
-
-/* c = a * b */
-void fp_mul(fp_int *a, fp_int *b, fp_int *c);
-
-/* b = a*a */
-void fp_sqr(fp_int *a, fp_int *b);
-
-/* a/b => cb + d == a */
-int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
-
-/* c = a mod b, 0 <= c < b */
-int fp_mod(fp_int *a, fp_int *b, fp_int *c);
-
-/* compare against a single digit */
-int fp_cmp_d(fp_int *a, fp_digit b);
-
-/* c = a + b */
-void fp_add_d(fp_int *a, fp_digit b, fp_int *c);
-
-/* c = a - b */
-void fp_sub_d(fp_int *a, fp_digit b, fp_int *c);
-
-/* c = a * b */
-void fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
-
-/* a/b => cb + d == a */
-/*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/
-
-/* c = a mod b, 0 <= c < b */
-/*int fp_mod_d(fp_int *a, fp_digit b, fp_digit *c);*/
-
-/* ---> number theory <--- */
-/* d = a + b (mod c) */
-/*int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);*/
-
-/* d = a - b (mod c) */
-/*int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);*/
-
-/* d = a * b (mod c) */
-int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
-
-/* c = a * a (mod b) */
-int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c);
-
-/* c = 1/a (mod b) */
-int fp_invmod(fp_int *a, fp_int *b, fp_int *c);
-
-/* c = (a, b) */
-/*void fp_gcd(fp_int *a, fp_int *b, fp_int *c);*/
-
-/* c = [a, b] */
-/*void fp_lcm(fp_int *a, fp_int *b, fp_int *c);*/
-
-/* setups the montgomery reduction */
-int fp_montgomery_setup(fp_int *a, fp_digit *mp);
-
-/* computes a = B**n mod b without division or multiplication useful for
- * normalizing numbers in a Montgomery system.
- */
-void fp_montgomery_calc_normalization(fp_int *a, fp_int *b);
-
-/* computes x/R == x (mod N) via Montgomery Reduction */
-void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
-
-/* d = a**b (mod c) */
-int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
-
-/* primality stuff */
-
-/* perform a Miller-Rabin test of a to the base b and store result in "result" */
-/*void fp_prime_miller_rabin (fp_int * a, fp_int * b, int *result);*/
-
-/* 256 trial divisions + 8 Miller-Rabins, returns FP_YES if probable prime */
-/*int fp_isprime(fp_int *a);*/
-
-/* Primality generation flags */
-/*#define TFM_PRIME_BBS 0x0001 */ /* BBS style prime */
-/*#define TFM_PRIME_SAFE 0x0002 */ /* Safe prime (p-1)/2 == prime */
-/*#define TFM_PRIME_2MSB_OFF 0x0004 */ /* force 2nd MSB to 0 */
-/*#define TFM_PRIME_2MSB_ON 0x0008 */ /* force 2nd MSB to 1 */
-
-/* callback for fp_prime_random, should fill dst with random bytes and return how many read [upto len] */
-/*typedef int tfm_prime_callback(unsigned char *dst, int len, void *dat);*/
-
-/*#define fp_prime_random(a, t, size, bbs, cb, dat) fp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?TFM_PRIME_BBS:0, cb, dat)*/
-
-/*int fp_prime_random_ex(fp_int *a, int t, int size, int flags, tfm_prime_callback cb, void *dat);*/
-
-/* radix conersions */
-int fp_count_bits(fp_int *a);
-int fp_leading_bit(fp_int *a);
-
-int fp_unsigned_bin_size(fp_int *a);
-void fp_read_unsigned_bin(fp_int *a, unsigned char *b, int c);
-void fp_to_unsigned_bin(fp_int *a, unsigned char *b);
-
-/*int fp_signed_bin_size(fp_int *a);*/
-/*void fp_read_signed_bin(fp_int *a, unsigned char *b, int c);*/
-/*void fp_to_signed_bin(fp_int *a, unsigned char *b);*/
-
-/*int fp_read_radix(fp_int *a, char *str, int radix);*/
-/*int fp_toradix(fp_int *a, char *str, int radix);*/
-/*int fp_toradix_n(fp_int * a, char *str, int radix, int maxlen);*/
-
-
-/* VARIOUS LOW LEVEL STUFFS */
-void s_fp_add(fp_int *a, fp_int *b, fp_int *c);
-void s_fp_sub(fp_int *a, fp_int *b, fp_int *c);
-void fp_reverse(unsigned char *s, int len);
-
-void fp_mul_comba(fp_int *a, fp_int *b, fp_int *c);
-
-#ifdef TFM_SMALL_SET
-void fp_mul_comba_small(fp_int *a, fp_int *b, fp_int *c);
-#endif
-
-#ifdef TFM_MUL3
-void fp_mul_comba3(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL4
-void fp_mul_comba4(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL6
-void fp_mul_comba6(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL7
-void fp_mul_comba7(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL8
-void fp_mul_comba8(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL9
-void fp_mul_comba9(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL12
-void fp_mul_comba12(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL17
-void fp_mul_comba17(fp_int *a, fp_int *b, fp_int *c);
-#endif
-
-#ifdef TFM_MUL20
-void fp_mul_comba20(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL24
-void fp_mul_comba24(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL28
-void fp_mul_comba28(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL32
-void fp_mul_comba32(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL48
-void fp_mul_comba48(fp_int *a, fp_int *b, fp_int *c);
-#endif
-#ifdef TFM_MUL64
-void fp_mul_comba64(fp_int *a, fp_int *b, fp_int *c);
-#endif
-
-void fp_sqr_comba(fp_int *a, fp_int *b);
-
-#ifdef TFM_SMALL_SET
-void fp_sqr_comba_small(fp_int *a, fp_int *b);
-#endif
-
-#ifdef TFM_SQR3
-void fp_sqr_comba3(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR4
-void fp_sqr_comba4(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR6
-void fp_sqr_comba6(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR7
-void fp_sqr_comba7(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR8
-void fp_sqr_comba8(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR9
-void fp_sqr_comba9(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR12
-void fp_sqr_comba12(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR17
-void fp_sqr_comba17(fp_int *a, fp_int *b);
-#endif
-
-#ifdef TFM_SQR20
-void fp_sqr_comba20(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR24
-void fp_sqr_comba24(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR28
-void fp_sqr_comba28(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR32
-void fp_sqr_comba32(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR48
-void fp_sqr_comba48(fp_int *a, fp_int *b);
-#endif
-#ifdef TFM_SQR64
-void fp_sqr_comba64(fp_int *a, fp_int *b);
-#endif
-/*extern const char *fp_s_rmap;*/
-
-
-/**
- * Used by wolfSSL
- */
-
-/* Types */
- typedef fp_digit mp_digit;
- typedef fp_word mp_word;
- typedef fp_int mp_int;
-
-/* Constants */
- #define MP_LT FP_LT /* less than */
- #define MP_EQ FP_EQ /* equal to */
- #define MP_GT FP_GT /* greater than */
- #define MP_VAL FP_VAL /* invalid */
- #define MP_OKAY FP_OKAY /* ok result */
- #define MP_NO FP_NO /* yes/no result */
- #define MP_YES FP_YES /* yes/no result */
-
-/* Prototypes */
-#define mp_zero(a) fp_zero(a)
-#define mp_iseven(a) fp_iseven(a)
-int mp_init (mp_int * a);
-void mp_clear (mp_int * a);
-int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, mp_int* f);
-
-int mp_add (mp_int * a, mp_int * b, mp_int * c);
-int mp_sub (mp_int * a, mp_int * b, mp_int * c);
-int mp_add_d (mp_int * a, mp_digit b, mp_int * c);
-
-int mp_mul (mp_int * a, mp_int * b, mp_int * c);
-int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
-int mp_mod(mp_int *a, mp_int *b, mp_int *c);
-int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
-int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y);
-
-int mp_cmp(mp_int *a, mp_int *b);
-int mp_cmp_d(mp_int *a, mp_digit b);
-
-int mp_unsigned_bin_size(mp_int * a);
-int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
-int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
-
-int mp_sub_d(fp_int *a, fp_digit b, fp_int *c);
-int mp_copy(fp_int* a, fp_int* b);
-int mp_isodd(mp_int* a);
-int mp_iszero(mp_int* a);
-int mp_count_bits(mp_int *a);
-int mp_leading_bit(mp_int *a);
-int mp_set_int(fp_int *a, fp_digit b);
-void mp_rshb(mp_int *a, int x);
-
-#ifdef HAVE_ECC
- int mp_read_radix(mp_int* a, const char* str, int radix);
- void mp_set(fp_int *a, fp_digit b);
- int mp_sqr(fp_int *a, fp_int *b);
- int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
- int mp_montgomery_setup(fp_int *a, fp_digit *rho);
- int mp_div_2(fp_int * a, fp_int * b);
- int mp_init_copy(fp_int * a, fp_int * b);
-#endif
-
-#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
- int mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
-#endif
-
-#ifdef WOLFSSL_KEY_GEN
-int mp_gcd(fp_int *a, fp_int *b, fp_int *c);
-int mp_lcm(fp_int *a, fp_int *b, fp_int *c);
-int mp_prime_is_prime(mp_int* a, int t, int* result);
-#endif /* WOLFSSL_KEY_GEN */
-
-int mp_cnt_lsb(fp_int *a);
-int mp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);
-int mp_mod_d(fp_int* a, fp_digit b, fp_digit* c);
-
-WOLFSSL_API word32 CheckRunTimeFastMath(void);
-
-/* If user uses RSA, DH, DSA, or ECC math lib directly then fast math FP_SIZE
- must match, return 1 if a match otherwise 0 */
-#define CheckFastMathSettings() (FP_SIZE == CheckRunTimeFastMath())
-#ifdef __cplusplus
- }
-#endif
-
-#endif /* WOLF_CRYPT_TFM_H */
-
-
--- a/wolfssl/wolfcrypt/types.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,323 +0,0 @@
-/* types.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_TYPES_H
-#define WOLF_CRYPT_TYPES_H
-
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
-
- #ifdef __cplusplus
- extern "C" {
- #endif
-
-
- #if defined(WORDS_BIGENDIAN)
- #define BIG_ENDIAN_ORDER
- #endif
-
- #ifndef BIG_ENDIAN_ORDER
- #define LITTLE_ENDIAN_ORDER
- #endif
-
- #ifndef WOLFSSL_TYPES
- #ifndef byte
- typedef unsigned char byte;
- #endif
- typedef unsigned short word16;
- typedef unsigned int word32;
- #endif
-
-
- /* try to set SIZEOF_LONG or LONG_LONG if user didn't */
- #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__)
- #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
- #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) \
- || defined(__mips64) || defined(__x86_64__))
- /* long should be 64bit */
- #define SIZEOF_LONG 8
- #elif defined(__i386__) || defined(__CORTEX_M3__)
- /* long long should be 64bit */
- #define SIZEOF_LONG_LONG 8
- #endif
- #endif
- #endif
-
-
- #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
- #define WORD64_AVAILABLE
- #define W64LIT(x) x##ui64
- typedef unsigned __int64 word64;
- #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
- #define WORD64_AVAILABLE
- #define W64LIT(x) x##LL
- typedef unsigned long word64;
- #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8
- #define WORD64_AVAILABLE
- #define W64LIT(x) x##LL
- typedef unsigned long long word64;
- #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8
- #define WORD64_AVAILABLE
- #define W64LIT(x) x##LL
- typedef unsigned long long word64;
- #else
- #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
- mp_digit, no 64 bit type so make mp_digit 16 bit */
- #endif
-
-
- /* These platforms have 64-bit CPU registers. */
- #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
- defined(__mips64) || defined(__x86_64__) || defined(_M_X64))
- typedef word64 wolfssl_word;
- #else
- typedef word32 wolfssl_word;
- #ifdef WORD64_AVAILABLE
- #define WOLFCRYPT_SLOW_WORD64
- #endif
- #endif
-
-
- enum {
- WOLFSSL_WORD_SIZE = sizeof(wolfssl_word),
- WOLFSSL_BIT_SIZE = 8,
- WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE
- };
-
- #define WOLFSSL_MAX_16BIT 0xffffU
-
- /* use inlining if compiler allows */
- #ifndef INLINE
- #ifndef NO_INLINE
- #ifdef _MSC_VER
- #define INLINE __inline
- #elif defined(__GNUC__)
- #define INLINE inline
- #elif defined(__IAR_SYSTEMS_ICC__)
- #define INLINE inline
- #elif defined(THREADX)
- #define INLINE _Inline
- #else
- #define INLINE
- #endif
- #else
- #define INLINE
- #endif
- #endif
-
-
- /* set up rotate style */
- #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
- #define INTEL_INTRINSICS
- #define FAST_ROTATE
- #elif defined(__MWERKS__) && TARGET_CPU_PPC
- #define PPC_INTRINSICS
- #define FAST_ROTATE
- #elif defined(__GNUC__) && defined(__i386__)
- /* GCC does peephole optimizations which should result in using rotate
- instructions */
- #define FAST_ROTATE
- #endif
-
-
- /* set up thread local storage if available */
- #ifdef HAVE_THREAD_LS
- #if defined(_MSC_VER)
- #define THREAD_LS_T __declspec(thread)
- #else
- #define THREAD_LS_T __thread
- #endif
- #else
- #define THREAD_LS_T
- #endif
-
-
- /* Micrium will use Visual Studio for compilation but not the Win32 API */
- #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
- && !defined(EBSNET)
- #define USE_WINDOWS_API
- #endif
-
-
- /* idea to add global alloc override by Moisés Guimarães */
- /* default to libc stuff */
- /* XREALLOC is used once in normal math lib, not in fast math lib */
- /* XFREE on some embeded systems doesn't like free(0) so test */
- #if defined(XMALLOC_USER)
- /* prototypes for user heap override functions */
- #include <stddef.h> /* for size_t */
- extern void *XMALLOC(size_t n, void* heap, int type);
- extern void *XREALLOC(void *p, size_t n, void* heap, int type);
- extern void XFREE(void *p, void* heap, int type);
- #elif defined(NO_WOLFSSL_MEMORY)
- /* just use plain C stdlib stuff if desired */
- #include <stdlib.h>
- #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s)))
- #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
- #define XREALLOC(p, n, h, t) realloc((p), (n))
- #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
- && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
- && !defined(WOLFSSL_LEANPSK)
- /* default C runtime, can install different routines at runtime via cbs */
- #include <wolfssl/wolfcrypt/memory.h>
- #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
- #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
- #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
- #endif
-
- #ifndef STRING_USER
- #include <string.h>
- char* mystrnstr(const char* s1, const char* s2, unsigned int n);
-
- #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
- #define XMEMSET(b,c,l) memset((b),(c),(l))
- #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
- #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
-
- #define XSTRLEN(s1) strlen((s1))
- #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
- /* strstr, strncmp, and strncat only used by wolfSSL proper, not required for
- CTaoCrypt only */
- #define XSTRSTR(s1,s2) strstr((s1),(s2))
- #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
- #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
- #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
- #ifndef USE_WINDOWS_API
- #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
- #define XSNPRINTF snprintf
- #else
- #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
- #define XSNPRINTF _snprintf
- #endif
- #endif
-
- #ifndef CTYPE_USER
- #include <ctype.h>
- #if defined(HAVE_ECC) || defined(HAVE_OCSP)
- #define XTOUPPER(c) toupper((c))
- #define XISALPHA(c) isalpha((c))
- #endif
- /* needed by wolfSSL_check_domain_name() */
- #define XTOLOWER(c) tolower((c))
- #endif
-
-
- /* memory allocation types for user hints */
- enum {
- DYNAMIC_TYPE_CA = 1,
- DYNAMIC_TYPE_CERT = 2,
- DYNAMIC_TYPE_KEY = 3,
- DYNAMIC_TYPE_FILE = 4,
- DYNAMIC_TYPE_SUBJECT_CN = 5,
- DYNAMIC_TYPE_PUBLIC_KEY = 6,
- DYNAMIC_TYPE_SIGNER = 7,
- DYNAMIC_TYPE_NONE = 8,
- DYNAMIC_TYPE_BIGINT = 9,
- DYNAMIC_TYPE_RSA = 10,
- DYNAMIC_TYPE_METHOD = 11,
- DYNAMIC_TYPE_OUT_BUFFER = 12,
- DYNAMIC_TYPE_IN_BUFFER = 13,
- DYNAMIC_TYPE_INFO = 14,
- DYNAMIC_TYPE_DH = 15,
- DYNAMIC_TYPE_DOMAIN = 16,
- DYNAMIC_TYPE_SSL = 17,
- DYNAMIC_TYPE_CTX = 18,
- DYNAMIC_TYPE_WRITEV = 19,
- DYNAMIC_TYPE_OPENSSL = 20,
- DYNAMIC_TYPE_DSA = 21,
- DYNAMIC_TYPE_CRL = 22,
- DYNAMIC_TYPE_REVOKED = 23,
- DYNAMIC_TYPE_CRL_ENTRY = 24,
- DYNAMIC_TYPE_CERT_MANAGER = 25,
- DYNAMIC_TYPE_CRL_MONITOR = 26,
- DYNAMIC_TYPE_OCSP_STATUS = 27,
- DYNAMIC_TYPE_OCSP_ENTRY = 28,
- DYNAMIC_TYPE_ALTNAME = 29,
- DYNAMIC_TYPE_SUITES = 30,
- DYNAMIC_TYPE_CIPHER = 31,
- DYNAMIC_TYPE_RNG = 32,
- DYNAMIC_TYPE_ARRAYS = 33,
- DYNAMIC_TYPE_DTLS_POOL = 34,
- DYNAMIC_TYPE_SOCKADDR = 35,
- DYNAMIC_TYPE_LIBZ = 36,
- DYNAMIC_TYPE_ECC = 37,
- DYNAMIC_TYPE_TMP_BUFFER = 38,
- DYNAMIC_TYPE_DTLS_MSG = 39,
- DYNAMIC_TYPE_CAVIUM_TMP = 40,
- DYNAMIC_TYPE_CAVIUM_RSA = 41,
- DYNAMIC_TYPE_X509 = 42,
- DYNAMIC_TYPE_TLSX = 43,
- DYNAMIC_TYPE_OCSP = 44,
- DYNAMIC_TYPE_SIGNATURE = 45,
- DYNAMIC_TYPE_HASHES = 46
- };
-
- /* max error buffer string size */
- enum {
- WOLFSSL_MAX_ERROR_SZ = 80
- };
-
- /* stack protection */
- enum {
- MIN_STACK_BUFFER = 8
- };
-
-
-
- /* settings detection for compile vs runtime math incombatibilities */
- enum {
- #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
- CTC_SETTINGS = 0x0
- #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
- CTC_SETTINGS = 0x1
- #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
- CTC_SETTINGS = 0x2
- #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
- CTC_SETTINGS = 0x4
- #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
- CTC_SETTINGS = 0x8
- #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
- CTC_SETTINGS = 0x10
- #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
- CTC_SETTINGS = 0x20
- #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
- CTC_SETTINGS = 0x40
- #else
- #error "bad math long / long long settings"
- #endif
- };
-
-
- WOLFSSL_API word32 CheckRunTimeSettings(void);
-
- /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long
- types need to match at compile time and run time, CheckCtcSettings will
- return 1 if a match otherwise 0 */
- #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
-
-
- #ifdef __cplusplus
- } /* extern "C" */
- #endif
-
-#endif /* WOLF_CRYPT_TYPES_H */
-
--- a/wolfssl/wolfcrypt/visibility.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-/* visibility.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* Visibility control macros */
-
-#ifndef WOLF_CRYPT_VISIBILITY_H
-#define WOLF_CRYPT_VISIBILITY_H
-
-
-/* for compatibility and so that fips is using same name of macro @wc_fips */
-#ifdef HAVE_FIPS
- #include <cyassl/ctaocrypt/visibility.h>
- #define WOLFSSL_API CYASSL_API
- #define WOLFSSL_LOCAL CYASSL_LOCAL
-#else
-
-/* WOLFSSL_API is used for the public API symbols.
- It either imports or exports (or does nothing for static builds)
-
- WOLFSSL_LOCAL is used for non-API symbols (private).
-*/
-
-#if defined(BUILDING_WOLFSSL)
- #if defined(HAVE_VISIBILITY) && HAVE_VISIBILITY
- #define WOLFSSL_API __attribute__ ((visibility("default")))
- #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden")))
- #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550)
- #define WOLFSSL_API __global
- #define WOLFSSL_LOCAL __hidden
- #elif defined(_MSC_VER)
- #ifdef WOLFSSL_DLL
- #define WOLFSSL_API __declspec(dllexport)
- #else
- #define WOLFSSL_API
- #endif
- #define WOLFSSL_LOCAL
- #else
- #define WOLFSSL_API
- #define WOLFSSL_LOCAL
- #endif /* HAVE_VISIBILITY */
-#else /* BUILDING_WOLFSSL */
- #if defined(_MSC_VER)
- #ifdef WOLFSSL_DLL
- #define WOLFSSL_API __declspec(dllimport)
- #else
- #define WOLFSSL_API
- #endif
- #define WOLFSSL_LOCAL
- #else
- #define WOLFSSL_API
- #define WOLFSSL_LOCAL
- #endif
-#endif /* BUILDING_WOLFSSL */
-
-#endif /* HAVE_FIPS */
-#endif /* WOLF_CRYPT_VISIBILITY_H */
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/wolfssl/wolfcrypt/wc_encrypt.h Thu Apr 28 00:56:55 2016 +0000
@@ -0,0 +1,64 @@
+/* wc_encrypt.h
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLF_CRYPT_ENCRYPT_H
+#define WOLF_CRYPT_ENCRYPT_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifndef NO_AES
+WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+ const byte* key, word32 keySz,
+ const byte* iv);
+WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
+ const byte* key, word32 keySz,
+ const byte* iv);
+#endif /* !NO_AES */
+
+
+#ifndef NO_DES3
+WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+#endif /* !NO_DES3 */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_ENCRYPT_H */
+
+
--- a/wolfssl/wolfcrypt/wc_port.h Tue Jul 21 11:37:09 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,208 +0,0 @@
-/* wc_port.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifndef WOLF_CRYPT_PORT_H
-#define WOLF_CRYPT_PORT_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-
-#ifdef USE_WINDOWS_API
- #ifdef WOLFSSL_GAME_BUILD
- #include "system/xtl.h"
- #else
- #ifndef WIN32_LEAN_AND_MEAN
- #define WIN32_LEAN_AND_MEAN
- #endif
- #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
- /* On WinCE winsock2.h must be included before windows.h */
- #include <winsock2.h>
- #endif
- #include <windows.h>
- #endif
-#elif defined(THREADX)
- #ifndef SINGLE_THREADED
- #include "tx_api.h"
- #endif
-#elif defined(MICRIUM)
- /* do nothing, just don't pick Unix */
-#elif defined(FREERTOS) || defined(WOLFSSL_SAFERTOS)
- /* do nothing */
-#elif defined(EBSNET)
- /* do nothing */
-#elif defined(FREESCALE_MQX)
- /* do nothing */
-#elif defined(WOLFSSL_MDK_ARM)
- #if defined(WOLFSSL_MDK5)
- #include "cmsis_os.h"
- #else
- #include <rtl.h>
- #endif
-#elif defined(WOLFSSL_CMSIS_RTOS)
- #include "cmsis_os.h"
-#elif defined(WOLFSSL_TIRTOS)
- #include <ti/sysbios/BIOS.h>
- #include <ti/sysbios/knl/Semaphore.h>
-#else
- #ifndef SINGLE_THREADED
- #define WOLFSSL_PTHREADS
- #include <pthread.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
- #include <unistd.h> /* for close of BIO */
- #endif
-#endif
-
-
-#ifdef SINGLE_THREADED
- typedef int wolfSSL_Mutex;
-#else /* MULTI_THREADED */
- /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
- #ifdef FREERTOS
- typedef xSemaphoreHandle wolfSSL_Mutex;
- #elif defined(WOLFSSL_SAFERTOS)
- typedef struct wolfSSL_Mutex {
- signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
- xSemaphoreHandle mutex;
- } wolfSSL_Mutex;
- #elif defined(USE_WINDOWS_API)
- typedef CRITICAL_SECTION wolfSSL_Mutex;
- #elif defined(WOLFSSL_PTHREADS)
- typedef pthread_mutex_t wolfSSL_Mutex;
- #elif defined(THREADX)
- typedef TX_MUTEX wolfSSL_Mutex;
- #elif defined(MICRIUM)
- typedef OS_MUTEX wolfSSL_Mutex;
- #elif defined(EBSNET)
- typedef RTP_MUTEX wolfSSL_Mutex;
- #elif defined(FREESCALE_MQX)
- typedef MUTEX_STRUCT wolfSSL_Mutex;
- #elif defined(WOLFSSL_MDK_ARM)
- #if defined(WOLFSSL_CMSIS_RTOS)
- typedef osMutexId wolfSSL_Mutex;
- #else
- typedef OS_MUT wolfSSL_Mutex;
- #endif
- #elif defined(WOLFSSL_CMSIS_RTOS)
- typedef osMutexId wolfSSL_Mutex;
- #elif defined(WOLFSSL_TIRTOS)
- typedef ti_sysbios_knl_Semaphore_Handle wolfSSL_Mutex;
- #else
- #error Need a mutex type in multithreaded mode
- #endif /* USE_WINDOWS_API */
-#endif /* SINGLE_THREADED */
-
-WOLFSSL_LOCAL int InitMutex(wolfSSL_Mutex*);
-WOLFSSL_LOCAL int FreeMutex(wolfSSL_Mutex*);
-WOLFSSL_LOCAL int LockMutex(wolfSSL_Mutex*);
-WOLFSSL_LOCAL int UnLockMutex(wolfSSL_Mutex*);
-
-
-/* filesystem abstraction layer, used by ssl.c */
-#ifndef NO_FILESYSTEM
-
-#if defined(EBSNET)
- #define XFILE int
- #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
- #define XFSEEK vf_lseek
- #define XFTELL vf_tell
- #define XREWIND vf_rewind
- #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
- #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
- #define XFCLOSE vf_close
- #define XSEEK_END VSEEK_END
- #define XBADFILE -1
-#elif defined(LSR_FS)
- #include <fs.h>
- #define XFILE struct fs_file*
- #define XFOPEN(NAME, MODE) fs_open((char*)NAME);
- #define XFSEEK(F, O, W) (void)F
- #define XFTELL(F) (F)->len
- #define XREWIND(F) (void)F
- #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
- #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
- #define XFCLOSE fs_close
- #define XSEEK_END 0
- #define XBADFILE NULL
-#elif defined(FREESCALE_MQX)
- #define XFILE MQX_FILE_PTR
- #define XFOPEN fopen
- #define XFSEEK fseek
- #define XFTELL ftell
- #define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
- #define XFREAD fread
- #define XFWRITE fwrite
- #define XFCLOSE fclose
- #define XSEEK_END IO_SEEK_END
- #define XBADFILE NULL
-#elif defined(MICRIUM)
- #include <fs.h>
- #define XFILE FS_FILE*
- #define XFOPEN fs_fopen
- #define XFSEEK fs_fseek
- #define XFTELL fs_ftell
- #define XREWIND fs_rewind
- #define XFREAD fs_fread
- #define XFWRITE fs_fwrite
- #define XFCLOSE fs_fclose
- #define XSEEK_END FS_SEEK_END
- #define XBADFILE NULL
-#else
- /* stdio, default case */
- #define XFILE FILE*
- #if defined(WOLFSSL_MDK_ARM)
- #include <stdio.h>
- extern FILE * wolfSSL_fopen(const char *name, const char *mode) ;
- #define XFOPEN wolfSSL_fopen
- #else
- #define XFOPEN fopen
- #endif
- #define XFSEEK fseek
- #define XFTELL ftell
- #define XREWIND rewind
- #define XFREAD fread
- #define XFWRITE fwrite
- #define XFCLOSE fclose
- #define XSEEK_END SEEK_END
- #define XBADFILE NULL
-#endif
-
-#endif /* NO_FILESYSTEM */
-
-
-/* Windows API defines its own min() macro. */
-#if defined(USE_WINDOWS_API) && defined(min)
- #define WOLFSSL_HAVE_MIN
-#endif
-
-
-#ifdef __cplusplus
- } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_PORT_H */
-
-