[have_system_polarssl=no]
)
-POLARSSL_SUBDIR=ext/polarssl-1.1.2
+POLARSSL_SUBDIR=ext/polarssl-1.3.2
POLARSSL_CFLAGS=-I\$\(top_srcdir\)/pdns/$POLARSSL_SUBDIR/include/
POLARSSL_LIBS=\$\(top_builddir\)/pdns/$POLARSSL_SUBDIR/library/libpolarssl.a
+++ /dev/null
-README for PolarSSL
-
--- COMPILING
-There are currently three active build systems within the PolarSSL releases:
- - Make
- - CMake
- - Microsoft Visual Studio
-
-The main system used for development is CMake. That system is always the most up-to-date. The others should reflect all changes present in the CMake build system, but some features are not ported there by default.
-
---- Make
-In order to build the source using Make, just enter at the command line:
-make
-
-In order to run the tests, enter:
-make check
-
---- CMake
-In order to build the source using CMake, just enter at the command line:
-cmake .
-make
-
-There are 3 different active build modes specified within the CMake buildsystem:
- - Release
- This generates the default code without any unnecessary information in the binary files.
- - Debug
- This generates debug information and disables optimization of the code.
- - Coverage
- This generates code coverage information in addition to debug information.
-
-Switching build modes in CMake is simple. For debug mode, enter at the command line:
-cmake -D CMAKE_BUILD_TYPE:String="Debug" .
-
-In order to run the tests, enter:
-make test
-
---- Microsoft Visual Studio
-The build files for Microsoft Visual Studio are generated for Visual Studio 6.0 all future Visual Studio's should be able to open and use this older version of the build files.
-
-The workspace 'polarssl.dsw' contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well.
+++ /dev/null
-/**
- * \file cipher_wrap.h
- *
- * \brief Cipher wrappers.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- * Copyright (C) 2006-2011, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_CIPHER_WRAP_H
-#define POLARSSL_CIPHER_WRAP_H
-
-#include "config.h"
-#include "cipher.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(POLARSSL_AES_C)
-
-extern const cipher_info_t aes_128_cbc_info;
-extern const cipher_info_t aes_192_cbc_info;
-extern const cipher_info_t aes_256_cbc_info;
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
-extern const cipher_info_t aes_128_cfb128_info;
-extern const cipher_info_t aes_192_cfb128_info;
-extern const cipher_info_t aes_256_cfb128_info;
-#endif /* POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
-extern const cipher_info_t aes_128_ctr_info;
-extern const cipher_info_t aes_192_ctr_info;
-extern const cipher_info_t aes_256_ctr_info;
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
-#endif /* defined(POLARSSL_AES_C) */
-
-#if defined(POLARSSL_CAMELLIA_C)
-
-extern const cipher_info_t camellia_128_cbc_info;
-extern const cipher_info_t camellia_192_cbc_info;
-extern const cipher_info_t camellia_256_cbc_info;
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
-extern const cipher_info_t camellia_128_cfb128_info;
-extern const cipher_info_t camellia_192_cfb128_info;
-extern const cipher_info_t camellia_256_cfb128_info;
-#endif /* POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
-extern const cipher_info_t camellia_128_ctr_info;
-extern const cipher_info_t camellia_192_ctr_info;
-extern const cipher_info_t camellia_256_ctr_info;
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
-#endif /* defined(POLARSSL_CAMELLIA_C) */
-
-#if defined(POLARSSL_DES_C)
-
-extern const cipher_info_t des_cbc_info;
-extern const cipher_info_t des_ede_cbc_info;
-extern const cipher_info_t des_ede3_cbc_info;
-
-#endif /* defined(POLARSSL_DES_C) */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* POLARSSL_CIPHER_WRAP_H */
+++ /dev/null
-/**
- * \file config.h
- *
- * \brief Configuration options (set of defines)
- *
- * Copyright (C) 2006-2011, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def POLARSSL_HAVE_INT8
- *
- * The system uses 8-bit wide native integers.
- *
- * Uncomment if native integers are 8-bit wide.
-#define POLARSSL_HAVE_INT8
- */
-
-/**
- * \def POLARSSL_HAVE_INT16
- *
- * The system uses 16-bit wide native integers.
- *
- * Uncomment if native integers are 16-bit wide.
-#define POLARSSL_HAVE_INT16
- */
-
-/**
- * \def POLARSSL_HAVE_LONGLONG
- *
- * The compiler supports the use of long long.
- *
- * Uncomment if the compiler supports long long.
-#define POLARSSL_HAVE_LONGLONG
- */
-
-/**
- * \def POLARSSL_HAVE_ASM
- *
- * The compiler has support for asm()
- *
- * Uncomment to enable the use of assembly code.
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/timing.c
- * library/padlock.c
- * include/polarssl/bn_mul.h
- *
- */
-#define POLARSSL_HAVE_ASM
-
-/**
- * \def POLARSSL_HAVE_SSE2
- *
- * CPI supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- *
-#define POLARSSL_HAVE_SSE2
- */
-/* \} name */
-
-/**
- * \name SECTION: PolarSSL feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def POLARSSL_AES_ROM_TABLES
- *
- * Store the AES tables in ROM.
- *
- * Uncomment this macro to store the AES tables in ROM.
- *
-#define POLARSSL_AES_ROM_TABLES
- */
-
-/**
- * \def POLARSSL_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CFB
-
-/**
- * \def POLARSSL_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CTR
-
-/**
- * \def POLARSSL_DEBUG_MSG
- *
- * Requires: POLARSSL_DEBUG_C
- *
- * Enable all SSL/TLS debugging messages.
- */
-#define POLARSSL_DEBUG_MSG
-
-/**
- * \def POLARSSL_GENPRIME
- *
- * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
- *
- * Enable the RSA prime-number generation code.
- */
-#define POLARSSL_GENPRIME
-
-/**
- * \def POLARSSL_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-#define POLARSSL_FS_IO
-
-/**
- * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
-#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
- */
-
-/**
- * \def POLARSSL_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
-#define POLARSSL_NO_PLATFORM_ENTROPY
- */
-
-/**
- * \def POLARSSL_PKCS1_V21
- *
- * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
- *
- * Enable support for PKCS#1 v2.1 encoding.
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define POLARSSL_PKCS1_V21
-
-/**
- * \def POLARSSL_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
-#define POLARSSL_RSA_NO_CRT
- */
-
-/**
- * \def POLARSSL_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-#define POLARSSL_SELF_TEST
-
-/**
- * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * Uncomment to prevent an error.
- *
-#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- */
-/* \} name */
-
-/**
- * \name SECTION: PolarSSL modules
- *
- * This section enables or disables entire modules in PolarSSL
- * \{
- */
-
-/**
- * \def POLARSSL_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/ssl_tls.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module enables the following ciphersuites:
- * SSL_RSA_AES_128_SHA
- * SSL_RSA_AES_256_SHA
- * SSL_EDH_RSA_AES_256_SHA
- */
-#define POLARSSL_AES_C
-
-/**
- * \def POLARSSL_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module: library/arc4.c
- * Caller: library/ssl_tls.c
- *
- * This module enables the following ciphersuites:
- * SSL_RSA_RC4_128_MD5
- * SSL_RSA_RC4_128_SHA
- */
-#define POLARSSL_ARC4_C
-
-/**
- * \def POLARSSL_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module: library/asn1.c
- * Caller: library/x509parse.c
- */
-#define POLARSSL_ASN1_PARSE_C
-
-/**
- * \def POLARSSL_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module: library/base64.c
- * Caller: library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define POLARSSL_BASE64_C
-
-/**
- * \def POLARSSL_BIGNUM_C
- *
- * Enable the multo-precision integer library.
- *
- * Module: library/bignum.c
- * Caller: library/dhm.c
- * library/rsa.c
- * library/ssl_tls.c
- * library/x509parse.c
- *
- * This module is required for RSA and DHM support.
- */
-#define POLARSSL_BIGNUM_C
-
-/**
- * \def POLARSSL_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module: library/camellia.c
- * Caller: library/ssl_tls.c
- *
- * This module enabled the following cipher suites:
- * SSL_RSA_CAMELLIA_128_SHA
- * SSL_RSA_CAMELLIA_256_SHA
- * SSL_EDH_RSA_CAMELLIA_256_SHA
- */
-#define POLARSSL_CAMELLIA_C
-
-/**
- * \def POLARSSL_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module: library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-#define POLARSSL_CERTS_C
-
-/**
- * \def POLARSSL_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- * Caller:
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define POLARSSL_CIPHER_C
-
-/**
- * \def POLARSSL_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-256-based random generator
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: POLARSSL_AES_C
- *
- * This module provides the CTR_DRBG AES-256 random number generator.
- */
-#define POLARSSL_CTR_DRBG_C
-
-/**
- * \def POLARSSL_DEBUG_C
- *
- * Enable the debug functions.
- *
- * Module: library/debug.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * This module provides debugging functions.
- */
-#define POLARSSL_DEBUG_C
-
-/**
- * \def POLARSSL_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module: library/des.c
- * Caller: library/ssl_tls.c
- *
- * This module enables the following ciphersuites:
- * SSL_RSA_DES_168_SHA
- * SSL_EDH_RSA_DES_168_SHA
- */
-#define POLARSSL_DES_C
-
-/**
- * \def POLARSSL_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle key exchange.
- *
- * Module: library/dhm.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module enables the following ciphersuites:
- * SSL_EDH_RSA_DES_168_SHA
- * SSL_EDH_RSA_AES_256_SHA
- * SSL_EDH_RSA_CAMELLIA_256_SHA
- */
-#define POLARSSL_DHM_C
-
-/**
- * \def POLARSSL_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: POLARSSL_SHA4_C
- *
- * This module provides a generic entropy pool
- */
-#define POLARSSL_ENTROPY_C
-
-/**
- * \def POLARSSL_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables err_strerror().
- */
-#define POLARSSL_ERROR_C
-
-/**
- * \def POLARSSL_HAVEGE_C
- *
- * Enable the HAVEGE random generator.
- *
- * Module: library/havege.c
- * Caller:
- *
- * Requires: POLARSSL_TIMING_C
- *
- * This module enables the HAVEGE random number generator.
- */
-#define POLARSSL_HAVEGE_C
-
-/**
- * \def POLARSSL_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module: library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define POLARSSL_MD_C
-
-/**
- * \def POLARSSL_MD2_C
- *
- * Enable the MD2 hash algorithm
- *
- * Module: library/md2.c
- * Caller: library/x509parse.c
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
-#define POLARSSL_MD2_C
- */
-
-/**
- * \def POLARSSL_MD4_C
- *
- * Enable the MD4 hash algorithm
- *
- * Module: library/md4.c
- * Caller: library/x509parse.c
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
-#define POLARSSL_MD4_C
- */
-
-/**
- * \def POLARSSL_MD5_C
- *
- * Enable the MD5 hash algorithm
- *
- * Module: library/md5.c
- * Caller: library/ssl_tls.c
- * library/x509parse.c
- *
- * This module is required for SSL/TLS and X.509.
- */
-#define POLARSSL_MD5_C
-
-/**
- * \def POLARSSL_NET_C
- *
- * Enable the TCP/IP networking routines.
- *
- * Module: library/net.c
- * Caller:
- *
- * This module provides TCP/IP networking routines.
- */
-#define POLARSSL_NET_C
-
-/**
- * \def POLARSSL_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-#define POLARSSL_PADLOCK_C
-
-/**
- * \def POLARSSL_PEM_C
- *
- * Enable PEM decoding
- *
- * Module: library/pem.c
- * Caller: library/x509parse.c
- *
- * Requires: POLARSSL_BASE64_C
- *
- * This modules adds support for decoding PEM files.
- */
-#define POLARSSL_PEM_C
-
-/**
- * \def POLARSSL_PKCS11_C
- *
- * Enable support for PKCS#11 smartcard support.
- *
- * Module: library/ssl_srv.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: POLARSSL_SSL_TLS_C
- *
- * This module is required for SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
-#define POLARSSL_PKCS11_C
- */
-
-/**
- * \def POLARSSL_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module: library/rsa.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509.c
- *
- * Requires: POLARSSL_BIGNUM_C
- *
- * This module is required for SSL/TLS and MD5-signed certificates.
- */
-#define POLARSSL_RSA_C
-
-/**
- * \def POLARSSL_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module: library/sha1.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509parse.c
- *
- * This module is required for SSL/TLS and SHA1-signed certificates.
- */
-#define POLARSSL_SHA1_C
-
-/**
- * \def POLARSSL_SHA2_C
- *
- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
- *
- * Module: library/sha2.c
- * Caller: library/md_wrap.c
- * library/x509parse.c
- *
- * This module adds support for SHA-224 and SHA-256.
- */
-#define POLARSSL_SHA2_C
-
-/**
- * \def POLARSSL_SHA4_C
- *
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
- *
- * Module: library/sha4.c
- * Caller: library/md_wrap.c
- * library/x509parse.c
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define POLARSSL_SHA4_C
-
-/**
- * \def POLARSSL_SSL_CLI_C
- *
- * Enable the SSL/TLS client code.
- *
- * Module: library/ssl_cli.c
- * Caller:
- *
- * Requires: POLARSSL_SSL_TLS_C
- *
- * This module is required for SSL/TLS client support.
- */
-#define POLARSSL_SSL_CLI_C
-
-/*
- * \def POLARSSL_SSL_SRV_C
- *
- * Enable the SSL/TLS server code.
- *
- * Module: library/ssl_srv.c
- * Caller:
- *
- * Requires: POLARSSL_SSL_TLS_C
- *
- * This module is required for SSL/TLS server support.
- */
-#define POLARSSL_SSL_SRV_C
-
-/**
- * \def POLARSSL_SSL_TLS_C
- *
- * Enable the generic SSL/TLS code.
- *
- * Module: library/ssl_tls.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_X509_PARSE_C
- *
- * This module is required for SSL/TLS.
- */
-#define POLARSSL_SSL_TLS_C
-
-/**
- * \def POLARSSL_TIMING_C
- *
- * Enable the portable timing interface.
- *
- * Module: library/timing.c
- * Caller: library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-#define POLARSSL_TIMING_C
-
-/**
- * \def POLARSSL_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module: library/version.c
- *
- * This module provides run-time version information.
- */
-#define POLARSSL_VERSION_C
-
-/**
- * \def POLARSSL_X509_PARSE_C
- *
- * Enable X.509 certificate parsing.
- *
- * Module: library/x509parse.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_RSA_C
- *
- * This module is required for X.509 certificate parsing.
- */
-#define POLARSSL_X509_PARSE_C
-
-/**
- * \def POLARSSL_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module: library/xtea.c
- * Caller:
- */
-#define POLARSSL_XTEA_C
-/* \} name */
-
-#endif /* config.h */
+++ /dev/null
-/**
- * \file dhm.h
- *
- * \brief Diffie-Hellman-Merkle key exchange
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_DHM_H
-#define POLARSSL_DHM_H
-
-#include "bignum.h"
-
-/*
- * DHM Error codes
- */
-#define POLARSSL_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters to function. */
-#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */
-#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */
-#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */
-#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */
-#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */
-
-/**
- * \brief DHM context structure
- */
-typedef struct
-{
- size_t len; /*!< size(P) in chars */
- mpi P; /*!< prime modulus */
- mpi G; /*!< generator */
- mpi X; /*!< secret value */
- mpi GX; /*!< self = G^X mod P */
- mpi GY; /*!< peer = G^Y mod P */
- mpi K; /*!< key = GY^X mod P */
- mpi RP; /*!< cached R^2 mod P */
-}
-dhm_context;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Parse the ServerKeyExchange parameters
- *
- * \param ctx DHM context
- * \param p &(start of input buffer)
- * \param end end of buffer
- *
- * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
- */
-int dhm_read_params( dhm_context *ctx,
- unsigned char **p,
- const unsigned char *end );
-
-/**
- * \brief Setup and write the ServerKeyExchange parameters
- *
- * \param ctx DHM context
- * \param x_size private value size in bytes
- * \param output destination buffer
- * \param olen number of chars written
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \note This function assumes that ctx->P and ctx->G
- * have already been properly set (for example
- * using mpi_read_string or mpi_read_binary).
- *
- * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
- */
-int dhm_make_params( dhm_context *ctx, int x_size,
- unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Import the peer's public value G^Y
- *
- * \param ctx DHM context
- * \param input input buffer
- * \param ilen size of buffer
- *
- * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
- */
-int dhm_read_public( dhm_context *ctx,
- const unsigned char *input, size_t ilen );
-
-/**
- * \brief Create own private value X and export G^X
- *
- * \param ctx DHM context
- * \param x_size private value size in bytes
- * \param output destination buffer
- * \param olen must be equal to ctx->P.len
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
- */
-int dhm_make_public( dhm_context *ctx, int x_size,
- unsigned char *output, size_t olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Derive and export the shared secret (G^Y)^X mod P
- *
- * \param ctx DHM context
- * \param output destination buffer
- * \param olen number of chars written
- *
- * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
- */
-int dhm_calc_secret( dhm_context *ctx,
- unsigned char *output, size_t *olen );
-
-/*
- * \brief Free the components of a DHM key
- */
-void dhm_free( dhm_context *ctx );
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int dhm_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/**
- * \file rsa.h
- *
- * \brief The RSA public-key cryptosystem
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_RSA_H
-#define POLARSSL_RSA_H
-
-#include "bignum.h"
-
-/*
- * RSA Error codes
- */
-#define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */
-#define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */
-#define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */
-#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the libraries validity check. */
-#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */
-#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */
-#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
-#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
-#define POLARSSL_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
-
-/*
- * PKCS#1 constants
- */
-#define SIG_RSA_RAW 0
-#define SIG_RSA_MD2 2
-#define SIG_RSA_MD4 3
-#define SIG_RSA_MD5 4
-#define SIG_RSA_SHA1 5
-#define SIG_RSA_SHA224 14
-#define SIG_RSA_SHA256 11
-#define SIG_RSA_SHA384 12
-#define SIG_RSA_SHA512 13
-
-#define RSA_PUBLIC 0
-#define RSA_PRIVATE 1
-
-#define RSA_PKCS_V15 0
-#define RSA_PKCS_V21 1
-
-#define RSA_SIGN 1
-#define RSA_CRYPT 2
-
-#define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30"
-#define ASN1_STR_NULL "\x05"
-#define ASN1_STR_OID "\x06"
-#define ASN1_STR_OCTET_STRING "\x04"
-
-#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00"
-#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a"
-#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x00"
-
-#define OID_ISO_MEMBER_BODIES "\x2a"
-#define OID_ISO_IDENTIFIED_ORG "\x2b"
-
-/*
- * ISO Member bodies OID parts
- */
-#define OID_COUNTRY_US "\x86\x48"
-#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d"
-
-/*
- * ISO Identified organization OID parts
- */
-#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a"
-
-/*
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm DigestAlgorithmIdentifier,
- * digest Digest }
- *
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
- *
- * Digest ::= OCTET STRING
- */
-#define ASN1_HASH_MDX \
-( \
- ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \
- ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \
- ASN1_STR_OID "\x08" \
- OID_DIGEST_ALG_MDX \
- ASN1_STR_NULL "\x00" \
- ASN1_STR_OCTET_STRING "\x10" \
-)
-
-#define ASN1_HASH_SHA1 \
- ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \
- ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \
- ASN1_STR_OID "\x05" \
- OID_HASH_ALG_SHA1 \
- ASN1_STR_NULL "\x00" \
- ASN1_STR_OCTET_STRING "\x14"
-
-#define ASN1_HASH_SHA2X \
- ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \
- ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \
- ASN1_STR_OID "\x09" \
- OID_HASH_ALG_SHA2X \
- ASN1_STR_NULL "\x00" \
- ASN1_STR_OCTET_STRING "\x00"
-
-/**
- * \brief RSA context structure
- */
-typedef struct
-{
- int ver; /*!< always 0 */
- size_t len; /*!< size(N) in chars */
-
- mpi N; /*!< public modulus */
- mpi E; /*!< public exponent */
-
- mpi D; /*!< private exponent */
- mpi P; /*!< 1st prime factor */
- mpi Q; /*!< 2nd prime factor */
- mpi DP; /*!< D % (P - 1) */
- mpi DQ; /*!< D % (Q - 1) */
- mpi QP; /*!< 1 / (Q % P) */
-
- mpi RN; /*!< cached R^2 mod N */
- mpi RP; /*!< cached R^2 mod P */
- mpi RQ; /*!< cached R^2 mod Q */
-
- int padding; /*!< RSA_PKCS_V15 for 1.5 padding and
- RSA_PKCS_v21 for OAEP/PSS */
- int hash_id; /*!< Hash identifier of md_type_t as
- specified in the md.h header file
- for the EME-OAEP and EMSA-PSS
- encoding */
-}
-rsa_context;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Initialize an RSA context
- *
- * \param ctx RSA context to be initialized
- * \param padding RSA_PKCS_V15 or RSA_PKCS_V21
- * \param hash_id RSA_PKCS_V21 hash identifier
- *
- * \note The hash_id parameter is actually ignored
- * when using RSA_PKCS_V15 padding.
- */
-void rsa_init( rsa_context *ctx,
- int padding,
- int hash_id);
-
-/**
- * \brief Generate an RSA keypair
- *
- * \param ctx RSA context that will hold the key
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- * \param nbits size of the public key in bits
- * \param exponent public exponent (e.g., 65537)
- *
- * \note rsa_init() must be called beforehand to setup
- * the RSA context.
- *
- * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- */
-int rsa_gen_key( rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent );
-
-/**
- * \brief Check a public RSA key
- *
- * \param ctx RSA context to be checked
- *
- * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- */
-int rsa_check_pubkey( const rsa_context *ctx );
-
-/**
- * \brief Check a private RSA key
- *
- * \param ctx RSA context to be checked
- *
- * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- */
-int rsa_check_privkey( const rsa_context *ctx );
-
-/**
- * \brief Do an RSA public key operation
- *
- * \param ctx RSA context
- * \param input input buffer
- * \param output output buffer
- *
- * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note This function does NOT take care of message
- * padding. Also, be sure to set input[0] = 0 or assure that
- * input is smaller than N.
- *
- * \note The input and output buffers must be large
- * enough (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_public( rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Do an RSA private key operation
- *
- * \param ctx RSA context
- * \param input input buffer
- * \param output output buffer
- *
- * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note The input and output buffers must be large
- * enough (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_private( rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Add the message padding, then do an RSA operation
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding)
- * \param p_rng RNG parameter
- * \param mode RSA_PUBLIC or RSA_PRIVATE
- * \param ilen contains the plaintext length
- * \param input buffer holding the data to be encrypted
- * \param output buffer that will hold the ciphertext
- *
- * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note The output buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_pkcs1_encrypt( rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Do an RSA operation, then remove the message padding
- *
- * \param ctx RSA context
- * \param mode RSA_PUBLIC or RSA_PRIVATE
- * \param olen will contain the plaintext length
- * \param input buffer holding the encrypted data
- * \param output buffer that will hold the plaintext
- * \param output_max_len maximum length of the output buffer
- *
- * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note The output buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
- * an error is thrown.
- */
-int rsa_pkcs1_decrypt( rsa_context *ctx,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief Do a private RSA to sign a message digest
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding)
- * \param p_rng RNG parameter
- * \param mode RSA_PUBLIC or RSA_PRIVATE
- * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512}
- * \param hashlen message digest length (for SIG_RSA_RAW only)
- * \param hash buffer holding the message digest
- * \param sig buffer that will hold the ciphertext
- *
- * \return 0 if the signing operation was successful,
- * or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- *
- * \note In case of PKCS#1 v2.1 encoding keep in mind that
- * the hash_id in the RSA context is the one used for the
- * encoding. hash_id in the function call is the type of hash
- * that is encoded. According to RFC 3447 it is advised to
- * keep both hashes the same.
- */
-int rsa_pkcs1_sign( rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- int hash_id,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief Do a public RSA and check the message digest
- *
- * \param ctx points to an RSA public key
- * \param mode RSA_PUBLIC or RSA_PRIVATE
- * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512}
- * \param hashlen message digest length (for SIG_RSA_RAW only)
- * \param hash buffer holding the message digest
- * \param sig buffer holding the ciphertext
- *
- * \return 0 if the verify operation was successful,
- * or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- *
- * \note In case of PKCS#1 v2.1 encoding keep in mind that
- * the hash_id in the RSA context is the one used for the
- * verification. hash_id in the function call is the type of hash
- * that is verified. According to RFC 3447 it is advised to
- * keep both hashes the same.
- */
-int rsa_pkcs1_verify( rsa_context *ctx,
- int mode,
- int hash_id,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief Free the components of an RSA key
- *
- * \param ctx RSA Context to free
- */
-void rsa_free( rsa_context *ctx );
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int rsa_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa.h */
+++ /dev/null
-/**
- * \file ssl.h
- *
- * \brief SSL/TLS functions.
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_SSL_H
-#define POLARSSL_SSL_H
-
-#include <time.h>
-
-#include "net.h"
-#include "dhm.h"
-#include "rsa.h"
-#include "md5.h"
-#include "sha1.h"
-#include "x509.h"
-#include "config.h"
-
-#if defined(POLARSSL_PKCS11_C)
-#include "pkcs11.h"
-#endif
-
-#if defined(_MSC_VER) && !defined(inline)
-#define inline _inline
-#else
-#if defined(__ARMCC_VERSION) && !defined(inline)
-#define inline __inline
-#endif /* __ARMCC_VERSION */
-#endif /*_MSC_VER */
-
-/*
- * SSL Error codes
- */
-#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
-#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
-#define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
-#define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
-#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
-#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
-#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
-#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
-#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
-#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
-#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
-#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key is not set, but needed. */
-#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
-#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
-#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
-#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
-#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM Read Public. */
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret. */
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
-#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
-#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
-
-/*
- * Various constants
- */
-#define SSL_MAJOR_VERSION_3 3
-#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
-#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
-#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
-
-#define SSL_IS_CLIENT 0
-#define SSL_IS_SERVER 1
-#define SSL_COMPRESS_NULL 0
-
-#define SSL_VERIFY_NONE 0
-#define SSL_VERIFY_OPTIONAL 1
-#define SSL_VERIFY_REQUIRED 2
-
-#define SSL_MAX_CONTENT_LEN 16384
-
-/*
- * Allow an extra 512 bytes for the record header
- * and encryption overhead (counter + MAC + padding).
- */
-#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
-
-/*
- * Supported ciphersuites
- */
-#define SSL_RSA_RC4_128_MD5 0x04
-#define SSL_RSA_RC4_128_SHA 0x05
-#define SSL_RSA_DES_168_SHA 0x0A
-#define SSL_EDH_RSA_DES_168_SHA 0x16
-#define SSL_RSA_AES_128_SHA 0x2F
-#define SSL_EDH_RSA_AES_128_SHA 0x33
-#define SSL_RSA_AES_256_SHA 0x35
-#define SSL_EDH_RSA_AES_256_SHA 0x39
-
-#define SSL_RSA_CAMELLIA_128_SHA 0x41
-#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45
-#define SSL_RSA_CAMELLIA_256_SHA 0x84
-#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
-
-/*
- * Message, alert and handshake types
- */
-#define SSL_MSG_CHANGE_CIPHER_SPEC 20
-#define SSL_MSG_ALERT 21
-#define SSL_MSG_HANDSHAKE 22
-#define SSL_MSG_APPLICATION_DATA 23
-
-#define SSL_ALERT_LEVEL_WARNING 1
-#define SSL_ALERT_LEVEL_FATAL 2
-
-#define SSL_ALERT_MSG_CLOSE_NOTIFY 0
-#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
-#define SSL_ALERT_MSG_BAD_RECORD_MAC 20
-#define SSL_ALERT_MSG_DECRYPTION_FAILED 21
-#define SSL_ALERT_MSG_RECORD_OVERFLOW 22
-#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
-#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
-#define SSL_ALERT_MSG_NO_CERT 41
-#define SSL_ALERT_MSG_BAD_CERT 42
-#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43
-#define SSL_ALERT_MSG_CERT_REVOKED 44
-#define SSL_ALERT_MSG_CERT_EXPIRED 45
-#define SSL_ALERT_MSG_CERT_UNKNOWN 46
-#define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
-#define SSL_ALERT_MSG_UNKNOWN_CA 48
-#define SSL_ALERT_MSG_ACCESS_DENIED 49
-#define SSL_ALERT_MSG_DECODE_ERROR 50
-#define SSL_ALERT_MSG_DECRYPT_ERROR 51
-#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60
-#define SSL_ALERT_MSG_PROTOCOL_VERSION 70
-#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
-#define SSL_ALERT_MSG_INTERNAL_ERROR 80
-#define SSL_ALERT_MSG_USER_CANCELED 90
-#define SSL_ALERT_MSG_NO_RENEGOTIATION 100
-
-#define SSL_HS_HELLO_REQUEST 0
-#define SSL_HS_CLIENT_HELLO 1
-#define SSL_HS_SERVER_HELLO 2
-#define SSL_HS_CERTIFICATE 11
-#define SSL_HS_SERVER_KEY_EXCHANGE 12
-#define SSL_HS_CERTIFICATE_REQUEST 13
-#define SSL_HS_SERVER_HELLO_DONE 14
-#define SSL_HS_CERTIFICATE_VERIFY 15
-#define SSL_HS_CLIENT_KEY_EXCHANGE 16
-#define SSL_HS_FINISHED 20
-
-/*
- * TLS extensions
- */
-#define TLS_EXT_SERVERNAME 0
-#define TLS_EXT_SERVERNAME_HOSTNAME 0
-
-/*
- * SSL state machine
- */
-typedef enum
-{
- SSL_HELLO_REQUEST,
- SSL_CLIENT_HELLO,
- SSL_SERVER_HELLO,
- SSL_SERVER_CERTIFICATE,
- SSL_SERVER_KEY_EXCHANGE,
- SSL_CERTIFICATE_REQUEST,
- SSL_SERVER_HELLO_DONE,
- SSL_CLIENT_CERTIFICATE,
- SSL_CLIENT_KEY_EXCHANGE,
- SSL_CERTIFICATE_VERIFY,
- SSL_CLIENT_CHANGE_CIPHER_SPEC,
- SSL_CLIENT_FINISHED,
- SSL_SERVER_CHANGE_CIPHER_SPEC,
- SSL_SERVER_FINISHED,
- SSL_FLUSH_BUFFERS,
- SSL_HANDSHAKE_OVER
-}
-ssl_states;
-
-typedef struct _ssl_session ssl_session;
-typedef struct _ssl_context ssl_context;
-
-/*
- * This structure is used for session resuming.
- */
-struct _ssl_session
-{
- time_t start; /*!< starting time */
- int ciphersuite; /*!< chosen ciphersuite */
- size_t length; /*!< session id length */
- unsigned char id[32]; /*!< session identifier */
- unsigned char master[48]; /*!< the master secret */
- ssl_session *next; /*!< next session entry */
-};
-
-struct _ssl_context
-{
- /*
- * Miscellaneous
- */
- int state; /*!< SSL handshake: current state */
-
- int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
- int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
-
- int max_major_ver; /*!< max. major version from client */
- int max_minor_ver; /*!< max. minor version from client */
-
- /*
- * Callbacks (RNG, debug, I/O, verification)
- */
- int (*f_rng)(void *, unsigned char *, size_t);
- void (*f_dbg)(void *, int, const char *);
- int (*f_recv)(void *, unsigned char *, size_t);
- int (*f_send)(void *, const unsigned char *, size_t);
- int (*f_vrfy)(void *, x509_cert *, int, int);
-
- void *p_rng; /*!< context for the RNG function */
- void *p_dbg; /*!< context for the debug function */
- void *p_recv; /*!< context for reading operations */
- void *p_send; /*!< context for writing operations */
- void *p_vrfy; /*!< context for verification */
-
- /*
- * Session layer
- */
- int resume; /*!< session resuming flag */
- int timeout; /*!< sess. expiration time */
- ssl_session *session; /*!< current session data */
- int (*s_get)(ssl_context *); /*!< (server) get callback */
- int (*s_set)(ssl_context *); /*!< (server) set callback */
-
- /*
- * Record layer (incoming data)
- */
- unsigned char *in_ctr; /*!< 64-bit incoming message counter */
- unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
- unsigned char *in_msg; /*!< the message contents (in_hdr+5) */
- unsigned char *in_offt; /*!< read offset in application data */
-
- int in_msgtype; /*!< record header: message type */
- size_t in_msglen; /*!< record header: message length */
- size_t in_left; /*!< amount of data read so far */
-
- size_t in_hslen; /*!< current handshake message length */
- int nb_zero; /*!< # of 0-length encrypted messages */
-
- /*
- * Record layer (outgoing data)
- */
- unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
- unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
- unsigned char *out_msg; /*!< the message contents (out_hdr+5) */
-
- int out_msgtype; /*!< record header: message type */
- size_t out_msglen; /*!< record header: message length */
- size_t out_left; /*!< amount of data not yet written */
-
- /*
- * PKI layer
- */
- rsa_context *rsa_key; /*!< own RSA private key */
-#if defined(POLARSSL_PKCS11_C)
- pkcs11_context *pkcs11_key; /*!< own PKCS#11 RSA private key */
-#endif
- x509_cert *own_cert; /*!< own X.509 certificate */
- x509_cert *ca_chain; /*!< own trusted CA chain */
- x509_crl *ca_crl; /*!< trusted CA CRLs */
- x509_cert *peer_cert; /*!< peer X.509 cert chain */
- const char *peer_cn; /*!< expected peer CN */
-
- int endpoint; /*!< 0: client, 1: server */
- int authmode; /*!< verification mode */
- int client_auth; /*!< flag for client auth. */
- int verify_result; /*!< verification result */
-
- /*
- * Crypto layer
- */
- dhm_context dhm_ctx; /*!< DHM key exchange */
- md5_context fin_md5; /*!< Finished MD5 checksum */
- sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
-
- int do_crypt; /*!< en(de)cryption flag */
- int *ciphersuites; /*!< allowed ciphersuites */
- size_t pmslen; /*!< premaster length */
- unsigned int keylen; /*!< symmetric key length */
- size_t minlen; /*!< min. ciphertext length */
- size_t ivlen; /*!< IV length */
- size_t maclen; /*!< MAC length */
-
- unsigned char randbytes[64]; /*!< random bytes */
- unsigned char premaster[256]; /*!< premaster secret */
-
- unsigned char iv_enc[16]; /*!< IV (encryption) */
- unsigned char iv_dec[16]; /*!< IV (decryption) */
-
- unsigned char mac_enc[32]; /*!< MAC (encryption) */
- unsigned char mac_dec[32]; /*!< MAC (decryption) */
-
- unsigned long ctx_enc[128]; /*!< encryption context */
- unsigned long ctx_dec[128]; /*!< decryption context */
-
- /*
- * TLS extensions
- */
- unsigned char *hostname;
- size_t hostname_len;
-};
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern int ssl_default_ciphersuites[];
-
-/**
- * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
- *
- * \return a statically allocated array of ciphersuites, the last
- * entry is 0.
- */
-static inline const int *ssl_list_ciphersuites( void )
-{
- return ssl_default_ciphersuites;
-}
-
-/**
- * \brief Return the name of the ciphersuite associated with the given
- * ID
- *
- * \param ciphersuite_id SSL ciphersuite ID
- *
- * \return a string containing the ciphersuite name
- */
-const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
-
-/**
- * \brief Return the ID of the ciphersuite associated with the given
- * name
- *
- * \param ciphersuite_name SSL ciphersuite name
- *
- * \return the ID with the ciphersuite or 0 if not found
- */
-int ssl_get_ciphersuite_id( const char *ciphersuite_name );
-
-/**
- * \brief Initialize an SSL context
- *
- * \param ssl SSL context
- *
- * \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
- * memory allocation failed
- */
-int ssl_init( ssl_context *ssl );
-
-/**
- * \brief Reset an already initialized SSL context for re-use
- * while retaining application-set variables, function
- * pointers and data.
- *
- * \param ssl SSL context
- */
-void ssl_session_reset( ssl_context *ssl );
-
-/**
- * \brief Set the current endpoint type
- *
- * \param ssl SSL context
- * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
- */
-void ssl_set_endpoint( ssl_context *ssl, int endpoint );
-
-/**
- * \brief Set the certificate verification mode
- *
- * \param ssl SSL context
- * \param authmode can be:
- *
- * SSL_VERIFY_NONE: peer certificate is not checked (default),
- * this is insecure and SHOULD be avoided.
- *
- * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
- * handshake continues even if verification failed;
- * ssl_get_verify_result() can be called after the
- * handshake is complete.
- *
- * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
- * handshake is aborted if verification failed.
- */
-void ssl_set_authmode( ssl_context *ssl, int authmode );
-
-/**
- * \brief Set the verification callback (Optional).
- *
- * If set, the verification callback is called once for every
- * certificate in the chain. The verification function has the
- * following parameter: (void *parameter, x509_cert certificate,
- * int certifcate_depth, int preverify_ok). It should
- * return 0 on SUCCESS.
- *
- * \param ssl SSL context
- * \param f_vrfy verification function
- * \param p_vrfy verification parameter
- */
-void ssl_set_verify( ssl_context *ssl,
- int (*f_vrfy)(void *, x509_cert *, int, int),
- void *p_vrfy );
-
-/**
- * \brief Set the random number generator callback
- *
- * \param ssl SSL context
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- */
-void ssl_set_rng( ssl_context *ssl,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Set the debug callback
- *
- * \param ssl SSL context
- * \param f_dbg debug function
- * \param p_dbg debug parameter
- */
-void ssl_set_dbg( ssl_context *ssl,
- void (*f_dbg)(void *, int, const char *),
- void *p_dbg );
-
-/**
- * \brief Set the underlying BIO read and write callbacks
- *
- * \param ssl SSL context
- * \param f_recv read callback
- * \param p_recv read parameter
- * \param f_send write callback
- * \param p_send write parameter
- */
-void ssl_set_bio( ssl_context *ssl,
- int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
- int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
-
-/**
- * \brief Set the session callbacks (server-side only)
- *
- * \param ssl SSL context
- * \param s_get session get callback
- * \param s_set session set callback
- */
-void ssl_set_scb( ssl_context *ssl,
- int (*s_get)(ssl_context *),
- int (*s_set)(ssl_context *) );
-
-/**
- * \brief Set the session resuming flag, timeout and data
- *
- * \param ssl SSL context
- * \param resume if 0 (default), the session will not be resumed
- * \param timeout session timeout in seconds, or 0 (no timeout)
- * \param session session context
- */
-void ssl_set_session( ssl_context *ssl, int resume, int timeout,
- ssl_session *session );
-
-/**
- * \brief Set the list of allowed ciphersuites
- *
- * \param ssl SSL context
- * \param ciphersuites 0-terminated list of allowed ciphersuites
- */
-void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites );
-
-/**
- * \brief Set the data required to verify peer certificate
- *
- * \param ssl SSL context
- * \param ca_chain trusted CA chain
- * \param ca_crl trusted CA CRLs
- * \param peer_cn expected peer CommonName (or NULL)
- *
- * \note TODO: add two more parameters: depth and crl
- */
-void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
- x509_crl *ca_crl, const char *peer_cn );
-
-/**
- * \brief Set own certificate and private key
- *
- * \param ssl SSL context
- * \param own_cert own public certificate
- * \param rsa_key own private RSA key
- */
-void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
- rsa_context *rsa_key );
-
-#if defined(POLARSSL_PKCS11_C)
-/**
- * \brief Set own certificate and PKCS#11 private key
- *
- * \param ssl SSL context
- * \param own_cert own public certificate
- * \param pkcs11_key own PKCS#11 RSA key
- */
-void ssl_set_own_cert_pkcs11( ssl_context *ssl, x509_cert *own_cert,
- pkcs11_context *pkcs11_key );
-#endif
-
-/**
- * \brief Set the Diffie-Hellman public P and G values,
- * read as hexadecimal strings (server-side only)
- *
- * \param ssl SSL context
- * \param dhm_P Diffie-Hellman-Merkle modulus
- * \param dhm_G Diffie-Hellman-Merkle generator
- *
- * \return 0 if successful
- */
-int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
-
-/**
- * \brief Set the Diffie-Hellman public P and G values,
- * read from existing context (server-side only)
- *
- * \param ssl SSL context
- * \param dhm_ctx Diffie-Hellman-Merkle context
- *
- * \return 0 if successful
- */
-int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
-
-/**
- * \brief Set hostname for ServerName TLS Extension
- *
- *
- * \param ssl SSL context
- * \param hostname the server hostname
- *
- * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
- */
-int ssl_set_hostname( ssl_context *ssl, const char *hostname );
-
-/**
- * \brief Set the maximum supported version sent from the client side
- *
- * \param ssl SSL context
- * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
- * \param minor Minor version number (SSL_MINOR_VERSION_0,
- * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported)
- */
-void ssl_set_max_version( ssl_context *ssl, int major, int minor );
-
-/**
- * \brief Return the number of data bytes available to read
- *
- * \param ssl SSL context
- *
- * \return how many bytes are available in the read buffer
- */
-size_t ssl_get_bytes_avail( const ssl_context *ssl );
-
-/**
- * \brief Return the result of the certificate verification
- *
- * \param ssl SSL context
- *
- * \return 0 if successful, or a combination of:
- * BADCERT_EXPIRED
- * BADCERT_REVOKED
- * BADCERT_CN_MISMATCH
- * BADCERT_NOT_TRUSTED
- */
-int ssl_get_verify_result( const ssl_context *ssl );
-
-/**
- * \brief Return the name of the current ciphersuite
- *
- * \param ssl SSL context
- *
- * \return a string containing the ciphersuite name
- */
-const char *ssl_get_ciphersuite( const ssl_context *ssl );
-
-/**
- * \brief Return the current SSL version (SSLv3/TLSv1/etc)
- *
- * \param ssl SSL context
- *
- * \return a string containing the SSL version
- */
-const char *ssl_get_version( const ssl_context *ssl );
-
-/**
- * \brief Perform the SSL handshake
- *
- * \param ssl SSL context
- *
- * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
- * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
- */
-int ssl_handshake( ssl_context *ssl );
-
-/**
- * \brief Read at most 'len' application data bytes
- *
- * \param ssl SSL context
- * \param buf buffer that will hold the data
- * \param len how many bytes must be read
- *
- * \return This function returns the number of bytes read, 0 for EOF,
- * or a negative error code.
- */
-int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
-
-/**
- * \brief Write exactly 'len' application data bytes
- *
- * \param ssl SSL context
- * \param buf buffer holding the data
- * \param len how many bytes must be written
- *
- * \return This function returns the number of bytes written,
- * or a negative error code.
- *
- * \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
- * it must be called later with the *same* arguments,
- * until it returns a positive value.
- */
-int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
-
-/**
- * \brief Notify the peer that the connection is being closed
- *
- * \param ssl SSL context
- */
-int ssl_close_notify( ssl_context *ssl );
-
-/**
- * \brief Free an SSL context
- *
- * \param ssl SSL context
- */
-void ssl_free( ssl_context *ssl );
-
-/*
- * Internal functions (do not call directly)
- */
-int ssl_handshake_client( ssl_context *ssl );
-int ssl_handshake_server( ssl_context *ssl );
-
-int ssl_derive_keys( ssl_context *ssl );
-void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
-
-int ssl_read_record( ssl_context *ssl );
-/**
- * \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or
- * another negative error code.
- */
-int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
-
-int ssl_write_record( ssl_context *ssl );
-int ssl_flush_output( ssl_context *ssl );
-
-int ssl_parse_certificate( ssl_context *ssl );
-int ssl_write_certificate( ssl_context *ssl );
-
-int ssl_parse_change_cipher_spec( ssl_context *ssl );
-int ssl_write_change_cipher_spec( ssl_context *ssl );
-
-int ssl_parse_finished( ssl_context *ssl );
-int ssl_write_finished( ssl_context *ssl );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl.h */
+++ /dev/null
-/**
- * \file x509.h
- *
- * \brief X.509 certificate and private key decoding
- *
- * Copyright (C) 2006-2011, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_X509_H
-#define POLARSSL_X509_H
-
-#include "asn1.h"
-#include "rsa.h"
-#include "dhm.h"
-
-/**
- * \addtogroup x509_module
- * \{
- */
-
-/**
- * \name X509 Error codes
- * \{
- */
-#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
-#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x2100 /**< The PEM-encoded certificate contains invalid elements, e.g. invalid character. */
-#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x2180 /**< The certificate format is invalid, e.g. different type expected. */
-#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x2200 /**< The certificate version element is invalid. */
-#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x2280 /**< The serial tag or value is invalid. */
-#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */
-#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */
-#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */
-#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x2480 /**< The pubkey tag or value is invalid (only RSA is supported). */
-#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x2500 /**< The signature tag or value invalid. */
-#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2580 /**< The extension tag or value is invalid. */
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2600 /**< Certificate or CRL has an unsupported version number. */
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2680 /**< Signature algorithm (oid) is unsupported. */
-#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG -0x2700 /**< Key algorithm is unsupported (only RSA is supported). */
-#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2780 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
-#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2800 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Unsupported RSA key version */
-#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< Invalid RSA key tag or value. */
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2980 /**< Format not recognized as DER or PEM. */
-#define POLARSSL_ERR_X509_INVALID_INPUT -0x2A00 /**< Input invalid. */
-#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2A80 /**< Allocation of memory failed. */
-#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2B00 /**< Read/write of file failed. */
-/* \} name */
-
-
-/**
- * \name X509 Verify codes
- * \{
- */
-#define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
-#define BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
-#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
-#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
-#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
-#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
-#define BADCERT_MISSING 0x40 /**< Certificate was missing. */
-#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
-/* \} name */
-/* \} addtogroup x509_module */
-
-/*
- * various object identifiers
- */
-#define X520_COMMON_NAME 3
-#define X520_COUNTRY 6
-#define X520_LOCALITY 7
-#define X520_STATE 8
-#define X520_ORGANIZATION 10
-#define X520_ORG_UNIT 11
-#define PKCS9_EMAIL 1
-
-#define X509_OUTPUT_DER 0x01
-#define X509_OUTPUT_PEM 0x02
-#define PEM_LINE_LENGTH 72
-#define X509_ISSUER 0x01
-#define X509_SUBJECT 0x02
-
-#define OID_X520 "\x55\x04"
-#define OID_CN OID_X520 "\x03"
-
-#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
-#define OID_PKCS1_RSA OID_PKCS1 "\x01"
-
-#define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
-
-#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
-#define OID_PKCS9_EMAIL OID_PKCS9 "\x01"
-
-/** ISO arc for standard certificate and CRL extensions */
-#define OID_ID_CE "\x55\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
-
-/**
- * Private Internet Extensions
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * security(5) mechanisms(5) pkix(7) }
- */
-#define OID_PKIX "\x2B\x06\x01\x05\x05\x07"
-
-/*
- * OIDs for standard certificate extensions
- */
-#define OID_AUTHORITY_KEY_IDENTIFIER OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
-#define OID_SUBJECT_KEY_IDENTIFIER OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
-#define OID_KEY_USAGE OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
-#define OID_CERTIFICATE_POLICIES OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
-#define OID_POLICY_MAPPINGS OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
-#define OID_SUBJECT_ALT_NAME OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
-#define OID_ISSUER_ALT_NAME OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
-#define OID_SUBJECT_DIRECTORY_ATTRS OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
-#define OID_BASIC_CONSTRAINTS OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
-#define OID_NAME_CONSTRAINTS OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
-#define OID_POLICY_CONSTRAINTS OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
-#define OID_EXTENDED_KEY_USAGE OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define OID_CRL_DISTRIBUTION_POINTS OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
-#define OID_INIHIBIT_ANYPOLICY OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
-#define OID_FRESHEST_CRL OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
-
-/*
- * X.509 v3 Key Usage Extension flags
- */
-#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
-#define KU_NON_REPUDIATION (0x40) /* bit 1 */
-#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
-#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
-#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
-#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
-#define KU_CRL_SIGN (0x02) /* bit 6 */
-
-/*
- * X.509 v3 Extended key usage OIDs
- */
-#define OID_ANY_EXTENDED_KEY_USAGE OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-
-#define OID_KP OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define OID_SERVER_AUTH OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define OID_CLIENT_AUTH OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define OID_CODE_SIGNING OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define OID_EMAIL_PROTECTION OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
-
-#define STRING_SERVER_AUTH "TLS Web Server Authentication"
-#define STRING_CLIENT_AUTH "TLS Web Client Authentication"
-#define STRING_CODE_SIGNING "Code Signing"
-#define STRING_EMAIL_PROTECTION "E-mail Protection"
-#define STRING_TIME_STAMPING "Time Stamping"
-#define STRING_OCSP_SIGNING "OCSP Signing"
-
-/*
- * OIDs for CRL extensions
- */
-#define OID_PRIVATE_KEY_USAGE_PERIOD OID_ID_CE "\x10"
-#define OID_CRL_NUMBER OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
-
-/*
- * Netscape certificate extensions
- */
-#define OID_NETSCAPE "\x60\x86\x48\x01\x86\xF8\x42" /**< Netscape OID */
-#define OID_NS_CERT OID_NETSCAPE "\x01"
-#define OID_NS_CERT_TYPE OID_NS_CERT "\x01"
-#define OID_NS_BASE_URL OID_NS_CERT "\x02"
-#define OID_NS_REVOCATION_URL OID_NS_CERT "\x03"
-#define OID_NS_CA_REVOCATION_URL OID_NS_CERT "\x04"
-#define OID_NS_RENEWAL_URL OID_NS_CERT "\x07"
-#define OID_NS_CA_POLICY_URL OID_NS_CERT "\x08"
-#define OID_NS_SSL_SERVER_NAME OID_NS_CERT "\x0C"
-#define OID_NS_COMMENT OID_NS_CERT "\x0D"
-#define OID_NS_DATA_TYPE OID_NETSCAPE "\x02"
-#define OID_NS_CERT_SEQUENCE OID_NS_DATA_TYPE "\x05"
-
-/*
- * Netscape certificate types
- * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
- */
-
-#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
-#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
-#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
-#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
-#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
-#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
-#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
-#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
-
-#define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
-#define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
-#define EXT_KEY_USAGE (1 << 2)
-#define EXT_CERTIFICATE_POLICIES (1 << 3)
-#define EXT_POLICY_MAPPINGS (1 << 4)
-#define EXT_SUBJECT_ALT_NAME (1 << 5)
-#define EXT_ISSUER_ALT_NAME (1 << 6)
-#define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
-#define EXT_BASIC_CONSTRAINTS (1 << 8)
-#define EXT_NAME_CONSTRAINTS (1 << 9)
-#define EXT_POLICY_CONSTRAINTS (1 << 10)
-#define EXT_EXTENDED_KEY_USAGE (1 << 11)
-#define EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
-#define EXT_INIHIBIT_ANYPOLICY (1 << 13)
-#define EXT_FRESHEST_CRL (1 << 14)
-
-#define EXT_NS_CERT_TYPE (1 << 16)
-
-/*
- * Storage format identifiers
- * Recognized formats: PEM and DER
- */
-#define X509_FORMAT_DER 1
-#define X509_FORMAT_PEM 2
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures for parsing X.509 certificates and CRLs
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef asn1_buf x509_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef asn1_bitstring x509_bitstring;
-
-/**
- * Container for ASN1 named information objects.
- * It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).
- */
-typedef struct _x509_name
-{
- x509_buf oid; /**< The object identifier. */
- x509_buf val; /**< The named value. */
- struct _x509_name *next; /**< The next named information object. */
-}
-x509_name;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef asn1_sequence x509_sequence;
-
-/** Container for date and time (precision in seconds). */
-typedef struct _x509_time
-{
- int year, mon, day; /**< Date. */
- int hour, min, sec; /**< Time. */
-}
-x509_time;
-
-/**
- * Container for an X.509 certificate. The certificate may be chained.
- */
-typedef struct _x509_cert
-{
- x509_buf raw; /**< The raw certificate data (DER). */
- x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
-
- int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
- x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
- x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
-
- x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
- x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
-
- x509_name issuer; /**< The parsed issuer data (named information object). */
- x509_name subject; /**< The parsed subject data (named information object). */
-
- x509_time valid_from; /**< Start time of certificate validity. */
- x509_time valid_to; /**< End time of certificate validity. */
-
- x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */
- rsa_context rsa; /**< Container for the RSA context. Only RSA is supported for public keys at this time. */
-
- x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
- x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
- x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
-
- int ext_types; /**< Bit string containing detected and parsed extensions */
- int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
- int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. */
-
- unsigned char key_usage; /**< Optional key usage extension value: See the values below */
-
- x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
-
- unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values below */
-
- x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
- x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
- int sig_alg; /**< Internal representation of the signature algorithm, e.g. SIG_RSA_MD2 */
-
- struct _x509_cert *next; /**< Next certificate in the CA-chain. */
-}
-x509_cert;
-
-/**
- * Certificate revocation list entry.
- * Contains the CA-specific serial numbers and revocation dates.
- */
-typedef struct _x509_crl_entry
-{
- x509_buf raw;
-
- x509_buf serial;
-
- x509_time revocation_date;
-
- x509_buf entry_ext;
-
- struct _x509_crl_entry *next;
-}
-x509_crl_entry;
-
-/**
- * Certificate revocation list structure.
- * Every CRL may have multiple entries.
- */
-typedef struct _x509_crl
-{
- x509_buf raw; /**< The raw certificate data (DER). */
- x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
-
- int version;
- x509_buf sig_oid1;
-
- x509_buf issuer_raw; /**< The raw issuer data (DER). */
-
- x509_name issuer; /**< The parsed issuer data (named information object). */
-
- x509_time this_update;
- x509_time next_update;
-
- x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
-
- x509_buf crl_ext;
-
- x509_buf sig_oid2;
- x509_buf sig;
- int sig_alg;
-
- struct _x509_crl *next;
-}
-x509_crl;
-/** \} name Structures for parsing X.509 certificates and CRLs */
-/** \} addtogroup x509_module */
-
-/**
- * \name Structures for writing X.509 certificates.
- * XvP: commented out as they are not used.
- * - <tt>typedef struct _x509_node x509_node;</tt>
- * - <tt>typedef struct _x509_raw x509_raw;</tt>
- */
-/*
-typedef struct _x509_node
-{
- unsigned char *data;
- unsigned char *p;
- unsigned char *end;
-
- size_t len;
-}
-x509_node;
-
-typedef struct _x509_raw
-{
- x509_node raw;
- x509_node tbs;
-
- x509_node version;
- x509_node serial;
- x509_node tbs_signalg;
- x509_node issuer;
- x509_node validity;
- x509_node subject;
- x509_node subpubkey;
-
- x509_node signalg;
- x509_node sign;
-}
-x509_raw;
-*/
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to read in DHM parameters, a certificate, CRL or private RSA key
- * \{
- */
-
-/** \ingroup x509_module */
-/**
- * \brief Parse one or more certificates and add them
- * to the chained list. Parses permissively. If some
- * certificates can be parsed, the result is the number
- * of failed certificates it encountered. If none complete
- * correctly, the first error is returned.
- *
- * \param chain points to the start of the chain
- * \param buf buffer holding the certificate data
- * \param buflen size of the buffer
- *
- * \return 0 if all certificates parsed successfully, a positive number
- * if partly successful or a specific X509 or PEM error code
- */
-int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
-
-/** \ingroup x509_module */
-/**
- * \brief Load one or more certificates and add them
- * to the chained list. Parses permissively. If some
- * certificates can be parsed, the result is the number
- * of failed certificates it encountered. If none complete
- * correctly, the first error is returned.
- *
- * \param chain points to the start of the chain
- * \param path filename to read the certificates from
- *
- * \return 0 if all certificates parsed successfully, a positive number
- * if partly successful or a specific X509 or PEM error code
- */
-int x509parse_crtfile( x509_cert *chain, const char *path );
-
-/** \ingroup x509_module */
-/**
- * \brief Parse one or more CRLs and add them
- * to the chained list
- *
- * \param chain points to the start of the chain
- * \param buf buffer holding the CRL data
- * \param buflen size of the buffer
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
-
-/** \ingroup x509_module */
-/**
- * \brief Load one or more CRLs and add them
- * to the chained list
- *
- * \param chain points to the start of the chain
- * \param path filename to read the CRLs from
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_crlfile( x509_crl *chain, const char *path );
-
-/** \ingroup x509_module */
-/**
- * \brief Parse a private RSA key
- *
- * \param rsa RSA context to be initialized
- * \param key input buffer
- * \param keylen size of the buffer
- * \param pwd password for decryption (optional)
- * \param pwdlen size of the password
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_key( rsa_context *rsa,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen );
-
-/** \ingroup x509_module */
-/**
- * \brief Load and parse a private RSA key
- *
- * \param rsa RSA context to be initialized
- * \param path filename to read the private key from
- * \param password password to decrypt the file (can be NULL)
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_keyfile( rsa_context *rsa, const char *path,
- const char *password );
-
-/** \ingroup x509_module */
-/**
- * \brief Parse a public RSA key
- *
- * \param rsa RSA context to be initialized
- * \param key input buffer
- * \param keylen size of the buffer
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_public_key( rsa_context *rsa,
- const unsigned char *key, size_t keylen );
-
-/** \ingroup x509_module */
-/**
- * \brief Load and parse a public RSA key
- *
- * \param rsa RSA context to be initialized
- * \param path filename to read the private key from
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_public_keyfile( rsa_context *rsa, const char *path );
-
-/** \ingroup x509_module */
-/**
- * \brief Parse DHM parameters
- *
- * \param dhm DHM context to be initialized
- * \param dhmin input buffer
- * \param dhminlen size of the buffer
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen );
-
-/** \ingroup x509_module */
-/**
- * \brief Load and parse DHM parameters
- *
- * \param dhm DHM context to be initialized
- * \param path filename to read the DHM Parameters from
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int x509parse_dhmfile( dhm_context *dhm, const char *path );
-
-/** \} name Functions to read in DHM parameters, a certificate, CRL or private RSA key */
-
-/**
- * \brief Store the certificate DN in printable form into buf;
- * no more than size characters will be written.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param dn The X509 name to represent
- *
- * \return The amount of data written to the buffer, or -1 in
- * case of an error.
- */
-int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn );
-
-/**
- * \brief Store the certificate serial in printable form into buf;
- * no more than size characters will be written.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param serial The X509 serial to represent
- *
- * \return The amount of data written to the buffer, or -1 in
- * case of an error.
- */
-int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial );
-
-/**
- * \brief Returns an informational string about the
- * certificate.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param prefix A line prefix
- * \param crt The X509 certificate to represent
- *
- * \return The amount of data written to the buffer, or -1 in
- * case of an error.
- */
-int x509parse_cert_info( char *buf, size_t size, const char *prefix,
- const x509_cert *crt );
-
-/**
- * \brief Returns an informational string about the
- * CRL.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param prefix A line prefix
- * \param crl The X509 CRL to represent
- *
- * \return The amount of data written to the buffer, or -1 in
- * case of an error.
- */
-int x509parse_crl_info( char *buf, size_t size, const char *prefix,
- const x509_crl *crl );
-
-/**
- * \brief Give an known OID, return its descriptive string.
- *
- * \param oid buffer containing the oid
- *
- * \return Return a string if the OID is known,
- * or NULL otherwise.
- */
-const char *x509_oid_get_description( x509_buf *oid );
-
-/*
- * \brief Give an OID, return a string version of its OID number.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param oid Buffer containing the OID
- *
- * \return The amount of data written to the buffer, or -1 in
- * case of an error.
- */
-int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
-
-/**
- * \brief Check a given x509_time against the system time and check
- * if it is valid.
- *
- * \param time x509_time to check
- *
- * \return Return 0 if the x509_time is still valid,
- * or 1 otherwise.
- */
-int x509parse_time_expired( const x509_time *time );
-
-/**
- * \name Functions to verify a certificate
- * \{
- */
-/** \ingroup x509_module */
-/**
- * \brief Verify the certificate signature
- *
- * \param crt a certificate to be verified
- * \param trust_ca the trusted CA chain
- * \param ca_crl the CRL chain for trusted CA's
- * \param cn expected Common Name (can be set to
- * NULL if the CN must not be verified)
- * \param flags result of the verification
- * \param f_vrfy verification function
- * \param p_vrfy verification parameter
- *
- * \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
- * in which case *flags will have one or more of
- * the following values set:
- * BADCERT_EXPIRED --
- * BADCERT_REVOKED --
- * BADCERT_CN_MISMATCH --
- * BADCERT_NOT_TRUSTED
- *
- * \note TODO: add two arguments, depth and crl
- */
-int x509parse_verify( x509_cert *crt,
- x509_cert *trust_ca,
- x509_crl *ca_crl,
- const char *cn, int *flags,
- int (*f_vrfy)(void *, x509_cert *, int, int),
- void *p_vrfy );
-
-/**
- * \brief Verify the certificate signature
- *
- * \param crt a certificate to be verified
- * \param crl the CRL to verify against
- *
- * \return 1 if the certificate is revoked, 0 otherwise
- *
- */
-int x509parse_revoked( const x509_cert *crt, const x509_crl *crl );
-
-/** \} name Functions to verify a certificate */
-
-
-
-/**
- * \name Functions to clear a certificate, CRL or private RSA key
- * \{
- */
-/** \ingroup x509_module */
-/**
- * \brief Unallocate all certificate data
- *
- * \param crt Certificate chain to free
- */
-void x509_free( x509_cert *crt );
-
-/** \ingroup x509_module */
-/**
- * \brief Unallocate all CRL data
- *
- * \param crl CRL chain to free
- */
-void x509_crl_free( x509_crl *crl );
-
-/** \} name Functions to clear a certificate, CRL or private RSA key */
-
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int x509_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* x509.h */
+++ /dev/null
-
-# Also see "include/polarssl/config.h"
-
-CFLAGS += -I../include -D_FILE_OFFSET_BITS=64 -Wall -W -Wdeclaration-after-statement
-OFLAGS = -O
-
-# MicroBlaze specific options:
-# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift
-
-# To compile on Plan9:
-# CFLAGS += -D_BSD_EXTENSION
-
-# To compile as a shared library:
-CFLAGS += -fPIC
-
-SONAME=libpolarssl.so.0
-
-DLEXT=so
-# OSX shared library extension:
-# DLEXT=dylib
-
-# Windows shared library extension:
-# DLEXT=dll
-
-OBJS= aes.o arc4.o asn1parse.o \
- base64.o bignum.o camellia.o \
- certs.o cipher.o cipher_wrap.o \
- ctr_drbg.o debug.o des.o \
- dhm.o entropy.o entropy_poll.o \
- error.o havege.o \
- md.o md_wrap.o md2.o \
- md4.o md5.o net.o \
- padlock.o pem.o pkcs11.o \
- rsa.o sha1.o sha2.o \
- sha4.o ssl_cli.o ssl_srv.o \
- ssl_tls.o timing.o version.o \
- x509parse.o xtea.o
-
-all: static
-
-static: libpolarssl.a
-
-shared: libpolarssl.$(DLEXT)
-
-libpolarssl.a: $(OBJS)
- $(AR) r $@ $(OBJS)
- $(AR) s $@
-
-libpolarssl.so: libpolarssl.a
- $(CC) ${LDFLAGS} -shared -Wl,-soname,$(SONAME) -o $@ $(OBJS)
-
-libpolarssl.dylib: libpolarssl.a
- $(CC) ${LDFLAGS} -dynamiclib -o $@ $(OBJS)
-
-libpolarssl.dll: libpolarssl.a
- $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS) -lws2_32 -lwinmm -lgdi32
-
-.c.o:
- $(CC) $(CFLAGS) $(OFLAGS) -c $<
-
-clean:
- rm -f *.o libpolarssl.*
-
+++ /dev/null
-/**
- * \file cipher.c
- *
- * \brief Generic cipher wrapper for PolarSSL
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_CIPHER_C)
-
-#include "polarssl/cipher.h"
-#include "polarssl/cipher_wrap.h"
-
-#include <stdlib.h>
-
-#if defined _MSC_VER && !defined strcasecmp
-#define strcasecmp _stricmp
-#endif
-
-static const int supported_ciphers[] = {
-
-#if defined(POLARSSL_AES_C)
- POLARSSL_CIPHER_AES_128_CBC,
- POLARSSL_CIPHER_AES_192_CBC,
- POLARSSL_CIPHER_AES_256_CBC,
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- POLARSSL_CIPHER_AES_128_CFB128,
- POLARSSL_CIPHER_AES_192_CFB128,
- POLARSSL_CIPHER_AES_256_CFB128,
-#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- POLARSSL_CIPHER_AES_128_CTR,
- POLARSSL_CIPHER_AES_192_CTR,
- POLARSSL_CIPHER_AES_256_CTR,
-#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
-
-#endif /* defined(POLARSSL_AES_C) */
-
-#if defined(POLARSSL_CAMELLIA_C)
- POLARSSL_CIPHER_CAMELLIA_128_CBC,
- POLARSSL_CIPHER_CAMELLIA_192_CBC,
- POLARSSL_CIPHER_CAMELLIA_256_CBC,
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- POLARSSL_CIPHER_CAMELLIA_128_CFB128,
- POLARSSL_CIPHER_CAMELLIA_192_CFB128,
- POLARSSL_CIPHER_CAMELLIA_256_CFB128,
-#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- POLARSSL_CIPHER_CAMELLIA_128_CTR,
- POLARSSL_CIPHER_CAMELLIA_192_CTR,
- POLARSSL_CIPHER_CAMELLIA_256_CTR,
-#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
-
-#endif /* defined(POLARSSL_CAMELLIA_C) */
-
-#if defined(POLARSSL_DES_C)
- POLARSSL_CIPHER_DES_CBC,
- POLARSSL_CIPHER_DES_EDE_CBC,
- POLARSSL_CIPHER_DES_EDE3_CBC,
-#endif /* defined(POLARSSL_DES_C) */
-
- 0
-};
-
-const int *cipher_list( void )
-{
- return supported_ciphers;
-}
-
-const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
-{
- /* Find static cipher information */
- switch ( cipher_type )
- {
-#if defined(POLARSSL_AES_C)
- case POLARSSL_CIPHER_AES_128_CBC:
- return &aes_128_cbc_info;
- case POLARSSL_CIPHER_AES_192_CBC:
- return &aes_192_cbc_info;
- case POLARSSL_CIPHER_AES_256_CBC:
- return &aes_256_cbc_info;
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- case POLARSSL_CIPHER_AES_128_CFB128:
- return &aes_128_cfb128_info;
- case POLARSSL_CIPHER_AES_192_CFB128:
- return &aes_192_cfb128_info;
- case POLARSSL_CIPHER_AES_256_CFB128:
- return &aes_256_cfb128_info;
-#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- case POLARSSL_CIPHER_AES_128_CTR:
- return &aes_128_ctr_info;
- case POLARSSL_CIPHER_AES_192_CTR:
- return &aes_192_ctr_info;
- case POLARSSL_CIPHER_AES_256_CTR:
- return &aes_256_ctr_info;
-#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
-
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
- case POLARSSL_CIPHER_CAMELLIA_128_CBC:
- return &camellia_128_cbc_info;
- case POLARSSL_CIPHER_CAMELLIA_192_CBC:
- return &camellia_192_cbc_info;
- case POLARSSL_CIPHER_CAMELLIA_256_CBC:
- return &camellia_256_cbc_info;
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- case POLARSSL_CIPHER_CAMELLIA_128_CFB128:
- return &camellia_128_cfb128_info;
- case POLARSSL_CIPHER_CAMELLIA_192_CFB128:
- return &camellia_192_cfb128_info;
- case POLARSSL_CIPHER_CAMELLIA_256_CFB128:
- return &camellia_256_cfb128_info;
-#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- case POLARSSL_CIPHER_CAMELLIA_128_CTR:
- return &camellia_128_ctr_info;
- case POLARSSL_CIPHER_CAMELLIA_192_CTR:
- return &camellia_192_ctr_info;
- case POLARSSL_CIPHER_CAMELLIA_256_CTR:
- return &camellia_256_ctr_info;
-#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
-
-#endif
-
-#if defined(POLARSSL_DES_C)
- case POLARSSL_CIPHER_DES_CBC:
- return &des_cbc_info;
- case POLARSSL_CIPHER_DES_EDE_CBC:
- return &des_ede_cbc_info;
- case POLARSSL_CIPHER_DES_EDE3_CBC:
- return &des_ede3_cbc_info;
-#endif
-
- default:
- return NULL;
- }
-}
-
-const cipher_info_t *cipher_info_from_string( const char *cipher_name )
-{
- if( NULL == cipher_name )
- return NULL;
-
- /* Get the appropriate cipher information */
-#if defined(POLARSSL_CAMELLIA_C)
- if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CBC );
- if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CBC );
- if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CBC );
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CFB128 );
- if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CFB128 );
- if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CFB128 );
-#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CTR );
- if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CTR );
- if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CTR );
-#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
-#endif
-
-#if defined(POLARSSL_AES_C)
- if( !strcasecmp( "AES-128-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC );
- if( !strcasecmp( "AES-192-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CBC );
- if( !strcasecmp( "AES-256-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CBC );
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- if( !strcasecmp( "AES-128-CFB128", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CFB128 );
- if( !strcasecmp( "AES-192-CFB128", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CFB128 );
- if( !strcasecmp( "AES-256-CFB128", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CFB128 );
-#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- if( !strcasecmp( "AES-128-CTR", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CTR );
- if( !strcasecmp( "AES-192-CTR", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CTR );
- if( !strcasecmp( "AES-256-CTR", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR );
-#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
-#endif
-
-#if defined(POLARSSL_DES_C)
- if( !strcasecmp( "DES-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_DES_CBC );
- if( !strcasecmp( "DES-EDE-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE_CBC );
- if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
- return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
-#endif
- return NULL;
-}
-
-int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
-{
- if( NULL == cipher_info || NULL == ctx )
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
-
- memset( ctx, 0, sizeof( cipher_context_t ) );
-
- if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
- return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
-
- ctx->cipher_info = cipher_info;
-
- return 0;
-}
-
-int cipher_free_ctx( cipher_context_t *ctx )
-{
- if( ctx == NULL || ctx->cipher_info == NULL )
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
-
- ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
-
- return 0;
-}
-
-int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
- int key_length, const operation_t operation )
-{
- if( NULL == ctx || NULL == ctx->cipher_info )
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
-
- ctx->key_length = key_length;
- ctx->operation = operation;
-
- /*
- * For CFB128 and CTR mode always use the encryption key schedule
- */
- if( POLARSSL_ENCRYPT == operation ||
- POLARSSL_MODE_CFB128 == ctx->cipher_info->mode ||
- POLARSSL_MODE_CTR == ctx->cipher_info->mode )
- {
- return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
- ctx->key_length );
- }
-
- if( POLARSSL_DECRYPT == operation )
- return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
- ctx->key_length );
-
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
-}
-
-int cipher_reset( cipher_context_t *ctx, const unsigned char *iv )
-{
- if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
-
- ctx->unprocessed_len = 0;
-
- memcpy( ctx->iv, iv, cipher_get_iv_size( ctx ) );
-
- return 0;
-}
-
-int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen )
-{
- int ret;
- size_t copy_len = 0;
-
- if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ||
- input == output )
- {
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
- }
-
- *olen = 0;
-
- if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
- {
- /*
- * If there is not enough data for a full block, cache it.
- */
- if( ( ctx->operation == POLARSSL_DECRYPT &&
- ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
- ( ctx->operation == POLARSSL_ENCRYPT &&
- ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
- {
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
- ilen );
-
- ctx->unprocessed_len += ilen;
- return 0;
- }
-
- /*
- * Process cached data first
- */
- if( ctx->unprocessed_len != 0 )
- {
- copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
-
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
- copy_len );
-
- if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
- ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
- ctx->unprocessed_data, output ) ) )
- {
- return ret;
- }
-
- *olen += cipher_get_block_size( ctx );
- output += cipher_get_block_size( ctx );
- ctx->unprocessed_len = 0;
-
- input += copy_len;
- ilen -= copy_len;
- }
-
- /*
- * Cache final, incomplete block
- */
- if( 0 != ilen )
- {
- copy_len = ilen % cipher_get_block_size( ctx );
- if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
- copy_len = cipher_get_block_size(ctx);
-
- memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
- copy_len );
-
- ctx->unprocessed_len += copy_len;
- ilen -= copy_len;
- }
-
- /*
- * Process remaining full blocks
- */
- if( ilen )
- {
- if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
- ctx->operation, ilen, ctx->iv, input, output ) ) )
- {
- return ret;
- }
- *olen += ilen;
- }
-
- return 0;
- }
-
- if( ctx->cipher_info->mode == POLARSSL_MODE_CFB128 )
- {
- if( 0 != ( ret = ctx->cipher_info->base->cfb128_func( ctx->cipher_ctx,
- ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
- input, output ) ) )
- {
- return ret;
- }
-
- *olen = ilen;
-
- return 0;
- }
-
- if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
- {
- if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
- ilen, &ctx->unprocessed_len, ctx->iv,
- ctx->unprocessed_data, input, output ) ) )
- {
- return ret;
- }
-
- *olen = ilen;
-
- return 0;
- }
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-}
-
-static void add_pkcs_padding( unsigned char *output, size_t output_len,
- size_t data_len )
-{
- size_t padding_len = output_len - data_len;
- unsigned char i = 0;
-
- for( i = 0; i < padding_len; i++ )
- output[data_len + i] = (unsigned char) padding_len;
-}
-
-static int get_pkcs_padding( unsigned char *input, unsigned int input_len,
- size_t *data_len)
-{
- unsigned int i, padding_len = 0;
-
- if( NULL == input || NULL == data_len )
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
-
- padding_len = input[input_len - 1];
-
- if( padding_len > input_len )
- return POLARSSL_ERR_CIPHER_INVALID_PADDING;
-
- for( i = input_len - padding_len; i < input_len; i++ )
- if( input[i] != padding_len )
- return POLARSSL_ERR_CIPHER_INVALID_PADDING;
-
- *data_len = input_len - padding_len;
-
- return 0;
-}
-
-int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
-{
- int ret = 0;
-
- if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
- return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
-
- *olen = 0;
-
- if( POLARSSL_MODE_CFB128 == ctx->cipher_info->mode ||
- POLARSSL_MODE_CTR == ctx->cipher_info->mode )
- {
- return 0;
- }
-
- if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
- {
- if( POLARSSL_ENCRYPT == ctx->operation )
- {
- add_pkcs_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
- ctx->unprocessed_len );
- }
- else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
- {
- /* For decrypt operations, expect a full block */
- return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
- }
-
- /* cipher block */
- if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
- ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
- ctx->unprocessed_data, output ) ) )
- {
- return ret;
- }
-
- /* Set output size for decryption */
- if( POLARSSL_DECRYPT == ctx->operation )
- return get_pkcs_padding( output, cipher_get_block_size( ctx ), olen );
-
- /* Set output size for encryption */
- *olen = cipher_get_block_size( ctx );
- return 0;
- }
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-}
-
-#if defined(POLARSSL_SELF_TEST)
-
-#include <stdio.h>
-
-#define ASSERT(x) if (!(x)) { \
- printf( "failed with %i at %s\n", value, (#x) ); \
- return( 1 ); \
-}
-/*
- * Checkup routine
- */
-
-int cipher_self_test( int verbose )
-{
- ((void) verbose);
-
- return( 0 );
-}
-
-#endif
-
-#endif
+++ /dev/null
-/**
- * \file md_wrap.c
- *
- * \brief Generic cipher wrapper for PolarSSL
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- * Copyright (C) 2006-2011, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_CIPHER_C)
-
-#include "polarssl/cipher_wrap.h"
-#include "polarssl/aes.h"
-#include "polarssl/camellia.h"
-#include "polarssl/des.h"
-
-#include <stdlib.h>
-
-#if defined(POLARSSL_AES_C)
-
-int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
- return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input, output );
-}
-
-int aes_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
- size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- return aes_crypt_cfb128( (aes_context *) ctx, operation, length, iv_off, iv, input, output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv_off);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-#endif
-}
-
-int aes_crypt_ctr_wrap( void *ctx, size_t length,
- size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
-{
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- return aes_crypt_ctr( (aes_context *) ctx, length, nc_off, nonce_counter,
- stream_block, input, output );
-#else
- ((void) ctx);
- ((void) length);
- ((void) nc_off);
- ((void) nonce_counter);
- ((void) stream_block);
- ((void) input);
- ((void) output);
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-#endif
-}
-
-int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- return aes_setkey_dec( (aes_context *) ctx, key, key_length );
-}
-
-int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- return aes_setkey_enc( (aes_context *) ctx, key, key_length );
-}
-
-static void * aes_ctx_alloc( void )
-{
- return malloc( sizeof( aes_context ) );
-}
-
-static void aes_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const cipher_base_t aes_info = {
- POLARSSL_CIPHER_ID_AES,
- aes_crypt_cbc_wrap,
- aes_crypt_cfb128_wrap,
- aes_crypt_ctr_wrap,
- aes_setkey_enc_wrap,
- aes_setkey_dec_wrap,
- aes_ctx_alloc,
- aes_ctx_free
-};
-
-const cipher_info_t aes_128_cbc_info = {
- POLARSSL_CIPHER_AES_128_CBC,
- POLARSSL_MODE_CBC,
- 128,
- "AES-128-CBC",
- 16,
- 16,
- &aes_info
-};
-
-const cipher_info_t aes_192_cbc_info = {
- POLARSSL_CIPHER_AES_192_CBC,
- POLARSSL_MODE_CBC,
- 192,
- "AES-192-CBC",
- 16,
- 16,
- &aes_info
-};
-
-const cipher_info_t aes_256_cbc_info = {
- POLARSSL_CIPHER_AES_256_CBC,
- POLARSSL_MODE_CBC,
- 256,
- "AES-256-CBC",
- 16,
- 16,
- &aes_info
-};
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
-const cipher_info_t aes_128_cfb128_info = {
- POLARSSL_CIPHER_AES_128_CFB128,
- POLARSSL_MODE_CFB128,
- 128,
- "AES-128-CFB128",
- 16,
- 16,
- &aes_info
-};
-
-const cipher_info_t aes_192_cfb128_info = {
- POLARSSL_CIPHER_AES_192_CFB128,
- POLARSSL_MODE_CFB128,
- 192,
- "AES-192-CFB128",
- 16,
- 16,
- &aes_info
-};
-
-const cipher_info_t aes_256_cfb128_info = {
- POLARSSL_CIPHER_AES_256_CFB128,
- POLARSSL_MODE_CFB128,
- 256,
- "AES-256-CFB128",
- 16,
- 16,
- &aes_info
-};
-#endif /* POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
-const cipher_info_t aes_128_ctr_info = {
- POLARSSL_CIPHER_AES_128_CTR,
- POLARSSL_MODE_CTR,
- 128,
- "AES-128-CTR",
- 16,
- 16,
- &aes_info
-};
-
-const cipher_info_t aes_192_ctr_info = {
- POLARSSL_CIPHER_AES_192_CTR,
- POLARSSL_MODE_CTR,
- 192,
- "AES-192-CTR",
- 16,
- 16,
- &aes_info
-};
-
-const cipher_info_t aes_256_ctr_info = {
- POLARSSL_CIPHER_AES_256_CTR,
- POLARSSL_MODE_CTR,
- 256,
- "AES-256-CTR",
- 16,
- 16,
- &aes_info
-};
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
-
-int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
- return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv, input, output );
-}
-
-int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
- size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- return camellia_crypt_cfb128( (camellia_context *) ctx, operation, length, iv_off, iv, input, output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv_off);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-#endif
-}
-
-int camellia_crypt_ctr_wrap( void *ctx, size_t length,
- size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
-{
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- return camellia_crypt_ctr( (camellia_context *) ctx, length, nc_off, nonce_counter,
- stream_block, input, output );
-#else
- ((void) ctx);
- ((void) length);
- ((void) nc_off);
- ((void) nonce_counter);
- ((void) stream_block);
- ((void) input);
- ((void) output);
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-#endif
-}
-
-int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- return camellia_setkey_dec( (camellia_context *) ctx, key, key_length );
-}
-
-int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- return camellia_setkey_enc( (camellia_context *) ctx, key, key_length );
-}
-
-static void * camellia_ctx_alloc( void )
-{
- return malloc( sizeof( camellia_context ) );
-}
-
-static void camellia_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const cipher_base_t camellia_info = {
- POLARSSL_CIPHER_ID_CAMELLIA,
- camellia_crypt_cbc_wrap,
- camellia_crypt_cfb128_wrap,
- camellia_crypt_ctr_wrap,
- camellia_setkey_enc_wrap,
- camellia_setkey_dec_wrap,
- camellia_ctx_alloc,
- camellia_ctx_free
-};
-
-const cipher_info_t camellia_128_cbc_info = {
- POLARSSL_CIPHER_CAMELLIA_128_CBC,
- POLARSSL_MODE_CBC,
- 128,
- "CAMELLIA-128-CBC",
- 16,
- 16,
- &camellia_info
-};
-
-const cipher_info_t camellia_192_cbc_info = {
- POLARSSL_CIPHER_CAMELLIA_192_CBC,
- POLARSSL_MODE_CBC,
- 192,
- "CAMELLIA-192-CBC",
- 16,
- 16,
- &camellia_info
-};
-
-const cipher_info_t camellia_256_cbc_info = {
- POLARSSL_CIPHER_CAMELLIA_256_CBC,
- POLARSSL_MODE_CBC,
- 256,
- "CAMELLIA-256-CBC",
- 16,
- 16,
- &camellia_info
-};
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
-const cipher_info_t camellia_128_cfb128_info = {
- POLARSSL_CIPHER_CAMELLIA_128_CFB128,
- POLARSSL_MODE_CFB128,
- 128,
- "CAMELLIA-128-CFB128",
- 16,
- 16,
- &camellia_info
-};
-
-const cipher_info_t camellia_192_cfb128_info = {
- POLARSSL_CIPHER_CAMELLIA_192_CFB128,
- POLARSSL_MODE_CFB128,
- 192,
- "CAMELLIA-192-CFB128",
- 16,
- 16,
- &camellia_info
-};
-
-const cipher_info_t camellia_256_cfb128_info = {
- POLARSSL_CIPHER_CAMELLIA_256_CFB128,
- POLARSSL_MODE_CFB128,
- 256,
- "CAMELLIA-256-CFB128",
- 16,
- 16,
- &camellia_info
-};
-#endif /* POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
-const cipher_info_t camellia_128_ctr_info = {
- POLARSSL_CIPHER_CAMELLIA_128_CTR,
- POLARSSL_MODE_CTR,
- 128,
- "CAMELLIA-128-CTR",
- 16,
- 16,
- &camellia_info
-};
-
-const cipher_info_t camellia_192_ctr_info = {
- POLARSSL_CIPHER_CAMELLIA_192_CTR,
- POLARSSL_MODE_CTR,
- 192,
- "CAMELLIA-192-CTR",
- 16,
- 16,
- &camellia_info
-};
-
-const cipher_info_t camellia_256_ctr_info = {
- POLARSSL_CIPHER_CAMELLIA_256_CTR,
- POLARSSL_MODE_CTR,
- 256,
- "CAMELLIA-256-CTR",
- 16,
- 16,
- &camellia_info
-};
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
-#endif
-
-#if defined(POLARSSL_DES_C)
-
-int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
- return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input, output );
-}
-
-int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
- return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input, output );
-}
-
-int des_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
- size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv_off);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-}
-
-int des_crypt_ctr_wrap( void *ctx, size_t length,
- size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
-{
- ((void) ctx);
- ((void) length);
- ((void) nc_off);
- ((void) nonce_counter);
- ((void) stream_block);
- ((void) input);
- ((void) output);
-
- return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
-}
-
-
-int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- ((void) key_length);
-
- return des_setkey_dec( (des_context *) ctx, key );
-}
-
-int des_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- ((void) key_length);
-
- return des_setkey_enc( (des_context *) ctx, key );
-}
-
-int des3_set2key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- ((void) key_length);
-
- return des3_set2key_dec( (des3_context *) ctx, key );
-}
-
-int des3_set2key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- ((void) key_length);
-
- return des3_set2key_enc( (des3_context *) ctx, key );
-}
-
-int des3_set3key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- ((void) key_length);
-
- return des3_set3key_dec( (des3_context *) ctx, key );
-}
-
-int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
-{
- ((void) key_length);
-
- return des3_set3key_enc( (des3_context *) ctx, key );
-}
-
-static void * des_ctx_alloc( void )
-{
- return malloc( sizeof( des_context ) );
-}
-
-static void * des3_ctx_alloc( void )
-{
- return malloc( sizeof( des3_context ) );
-}
-
-static void des_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const cipher_base_t des_info = {
- POLARSSL_CIPHER_ID_DES,
- des_crypt_cbc_wrap,
- des_crypt_cfb128_wrap,
- des_crypt_ctr_wrap,
- des_setkey_enc_wrap,
- des_setkey_dec_wrap,
- des_ctx_alloc,
- des_ctx_free
-};
-
-const cipher_info_t des_cbc_info = {
- POLARSSL_CIPHER_DES_CBC,
- POLARSSL_MODE_CBC,
- POLARSSL_KEY_LENGTH_DES,
- "DES-CBC",
- 8,
- 8,
- &des_info
-};
-
-const cipher_base_t des_ede_info = {
- POLARSSL_CIPHER_ID_DES,
- des3_crypt_cbc_wrap,
- des_crypt_cfb128_wrap,
- des_crypt_ctr_wrap,
- des3_set2key_enc_wrap,
- des3_set2key_dec_wrap,
- des3_ctx_alloc,
- des_ctx_free
-};
-
-const cipher_info_t des_ede_cbc_info = {
- POLARSSL_CIPHER_DES_EDE_CBC,
- POLARSSL_MODE_CBC,
- POLARSSL_KEY_LENGTH_DES_EDE,
- "DES-EDE-CBC",
- 16,
- 16,
- &des_ede_info
-};
-
-const cipher_base_t des_ede3_info = {
- POLARSSL_CIPHER_ID_DES,
- des3_crypt_cbc_wrap,
- des_crypt_cfb128_wrap,
- des_crypt_ctr_wrap,
- des3_set3key_enc_wrap,
- des3_set3key_dec_wrap,
- des3_ctx_alloc,
- des_ctx_free
-};
-
-const cipher_info_t des_ede3_cbc_info = {
- POLARSSL_CIPHER_DES_EDE3_CBC,
- POLARSSL_MODE_CBC,
- POLARSSL_KEY_LENGTH_DES_EDE3,
- "DES-EDE3-CBC",
- 8,
- 8,
- &des_ede3_info
-};
-#endif
-
-#endif
+++ /dev/null
-/**
- * \file md_wrap.c
-
- * \brief Generic message digest wrapper for PolarSSL
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_MD_C)
-
-#include "polarssl/md_wrap.h"
-#include "polarssl/md2.h"
-#include "polarssl/md4.h"
-#include "polarssl/md5.h"
-#include "polarssl/sha1.h"
-#include "polarssl/sha2.h"
-#include "polarssl/sha4.h"
-
-#include <stdlib.h>
-
-#if defined(POLARSSL_MD2_C)
-
-static void md2_starts_wrap( void *ctx )
-{
- md2_starts( (md2_context *) ctx );
-}
-
-static void md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- md2_update( (md2_context *) ctx, input, ilen );
-}
-
-static void md2_finish_wrap( void *ctx, unsigned char *output )
-{
- md2_finish( (md2_context *) ctx, output );
-}
-
-int md2_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return md2_file( path, output );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-static void md2_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- md2_hmac_starts( (md2_context *) ctx, key, keylen );
-}
-
-static void md2_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- md2_hmac_update( (md2_context *) ctx, input, ilen );
-}
-
-static void md2_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- md2_hmac_finish( (md2_context *) ctx, output );
-}
-
-static void md2_hmac_reset_wrap( void *ctx )
-{
- md2_hmac_reset( (md2_context *) ctx );
-}
-
-static void * md2_ctx_alloc( void )
-{
- return malloc( sizeof( md2_context ) );
-}
-
-static void md2_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t md2_info = {
- POLARSSL_MD_MD2,
- "MD2",
- 16,
- md2_starts_wrap,
- md2_update_wrap,
- md2_finish_wrap,
- md2,
- md2_file_wrap,
- md2_hmac_starts_wrap,
- md2_hmac_update_wrap,
- md2_hmac_finish_wrap,
- md2_hmac_reset_wrap,
- md2_hmac,
- md2_ctx_alloc,
- md2_ctx_free,
-};
-
-#endif
-
-#if defined(POLARSSL_MD4_C)
-
-void md4_starts_wrap( void *ctx )
-{
- md4_starts( (md4_context *) ctx );
-}
-
-void md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- md4_update( (md4_context *) ctx, input, ilen );
-}
-
-void md4_finish_wrap( void *ctx, unsigned char *output )
-{
- md4_finish( (md4_context *) ctx, output );
-}
-
-int md4_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return md4_file( path, output );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-void md4_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- md4_hmac_starts( (md4_context *) ctx, key, keylen );
-}
-
-void md4_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- md4_hmac_update( (md4_context *) ctx, input, ilen );
-}
-
-void md4_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- md4_hmac_finish( (md4_context *) ctx, output );
-}
-
-void md4_hmac_reset_wrap( void *ctx )
-{
- md4_hmac_reset( (md4_context *) ctx );
-}
-
-void *md4_ctx_alloc( void )
-{
- return malloc( sizeof( md4_context ) );
-}
-
-void md4_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t md4_info = {
- POLARSSL_MD_MD4,
- "MD4",
- 16,
- md4_starts_wrap,
- md4_update_wrap,
- md4_finish_wrap,
- md4,
- md4_file_wrap,
- md4_hmac_starts_wrap,
- md4_hmac_update_wrap,
- md4_hmac_finish_wrap,
- md4_hmac_reset_wrap,
- md4_hmac,
- md4_ctx_alloc,
- md4_ctx_free,
-};
-
-#endif
-
-#if defined(POLARSSL_MD5_C)
-
-static void md5_starts_wrap( void *ctx )
-{
- md5_starts( (md5_context *) ctx );
-}
-
-static void md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- md5_update( (md5_context *) ctx, input, ilen );
-}
-
-static void md5_finish_wrap( void *ctx, unsigned char *output )
-{
- md5_finish( (md5_context *) ctx, output );
-}
-
-int md5_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return md5_file( path, output );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-static void md5_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- md5_hmac_starts( (md5_context *) ctx, key, keylen );
-}
-
-static void md5_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- md5_hmac_update( (md5_context *) ctx, input, ilen );
-}
-
-static void md5_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- md5_hmac_finish( (md5_context *) ctx, output );
-}
-
-static void md5_hmac_reset_wrap( void *ctx )
-{
- md5_hmac_reset( (md5_context *) ctx );
-}
-
-static void * md5_ctx_alloc( void )
-{
- return malloc( sizeof( md5_context ) );
-}
-
-static void md5_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t md5_info = {
- POLARSSL_MD_MD5,
- "MD5",
- 16,
- md5_starts_wrap,
- md5_update_wrap,
- md5_finish_wrap,
- md5,
- md5_file_wrap,
- md5_hmac_starts_wrap,
- md5_hmac_update_wrap,
- md5_hmac_finish_wrap,
- md5_hmac_reset_wrap,
- md5_hmac,
- md5_ctx_alloc,
- md5_ctx_free,
-};
-
-#endif
-
-#if defined(POLARSSL_SHA1_C)
-
-void sha1_starts_wrap( void *ctx )
-{
- sha1_starts( (sha1_context *) ctx );
-}
-
-void sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha1_update( (sha1_context *) ctx, input, ilen );
-}
-
-void sha1_finish_wrap( void *ctx, unsigned char *output )
-{
- sha1_finish( (sha1_context *) ctx, output );
-}
-
-int sha1_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return sha1_file( path, output );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-void sha1_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- sha1_hmac_starts( (sha1_context *) ctx, key, keylen );
-}
-
-void sha1_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha1_hmac_update( (sha1_context *) ctx, input, ilen );
-}
-
-void sha1_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- sha1_hmac_finish( (sha1_context *) ctx, output );
-}
-
-void sha1_hmac_reset_wrap( void *ctx )
-{
- sha1_hmac_reset( (sha1_context *) ctx );
-}
-
-void * sha1_ctx_alloc( void )
-{
- return malloc( sizeof( sha1_context ) );
-}
-
-void sha1_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t sha1_info = {
- POLARSSL_MD_SHA1,
- "SHA1",
- 20,
- sha1_starts_wrap,
- sha1_update_wrap,
- sha1_finish_wrap,
- sha1,
- sha1_file_wrap,
- sha1_hmac_starts_wrap,
- sha1_hmac_update_wrap,
- sha1_hmac_finish_wrap,
- sha1_hmac_reset_wrap,
- sha1_hmac,
- sha1_ctx_alloc,
- sha1_ctx_free,
-};
-
-#endif
-
-/*
- * Wrappers for generic message digests
- */
-#if defined(POLARSSL_SHA2_C)
-
-void sha224_starts_wrap( void *ctx )
-{
- sha2_starts( (sha2_context *) ctx, 1 );
-}
-
-void sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha2_update( (sha2_context *) ctx, input, ilen );
-}
-
-void sha224_finish_wrap( void *ctx, unsigned char *output )
-{
- sha2_finish( (sha2_context *) ctx, output );
-}
-
-void sha224_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha2( input, ilen, output, 1 );
-}
-
-int sha224_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return sha2_file( path, output, 1 );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-void sha224_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- sha2_hmac_starts( (sha2_context *) ctx, key, keylen, 1 );
-}
-
-void sha224_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha2_hmac_update( (sha2_context *) ctx, input, ilen );
-}
-
-void sha224_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- sha2_hmac_finish( (sha2_context *) ctx, output );
-}
-
-void sha224_hmac_reset_wrap( void *ctx )
-{
- sha2_hmac_reset( (sha2_context *) ctx );
-}
-
-void sha224_hmac_wrap( const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha2_hmac( key, keylen, input, ilen, output, 1 );
-}
-
-void * sha224_ctx_alloc( void )
-{
- return malloc( sizeof( sha2_context ) );
-}
-
-void sha224_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t sha224_info = {
- POLARSSL_MD_SHA224,
- "SHA224",
- 28,
- sha224_starts_wrap,
- sha224_update_wrap,
- sha224_finish_wrap,
- sha224_wrap,
- sha224_file_wrap,
- sha224_hmac_starts_wrap,
- sha224_hmac_update_wrap,
- sha224_hmac_finish_wrap,
- sha224_hmac_reset_wrap,
- sha224_hmac_wrap,
- sha224_ctx_alloc,
- sha224_ctx_free,
-};
-
-void sha256_starts_wrap( void *ctx )
-{
- sha2_starts( (sha2_context *) ctx, 0 );
-}
-
-void sha256_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha2_update( (sha2_context *) ctx, input, ilen );
-}
-
-void sha256_finish_wrap( void *ctx, unsigned char *output )
-{
- sha2_finish( (sha2_context *) ctx, output );
-}
-
-void sha256_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha2( input, ilen, output, 0 );
-}
-
-int sha256_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return sha2_file( path, output, 0 );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-void sha256_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- sha2_hmac_starts( (sha2_context *) ctx, key, keylen, 0 );
-}
-
-void sha256_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha2_hmac_update( (sha2_context *) ctx, input, ilen );
-}
-
-void sha256_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- sha2_hmac_finish( (sha2_context *) ctx, output );
-}
-
-void sha256_hmac_reset_wrap( void *ctx )
-{
- sha2_hmac_reset( (sha2_context *) ctx );
-}
-
-void sha256_hmac_wrap( const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha2_hmac( key, keylen, input, ilen, output, 0 );
-}
-
-void * sha256_ctx_alloc( void )
-{
- return malloc( sizeof( sha2_context ) );
-}
-
-void sha256_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t sha256_info = {
- POLARSSL_MD_SHA256,
- "SHA256",
- 32,
- sha256_starts_wrap,
- sha256_update_wrap,
- sha256_finish_wrap,
- sha256_wrap,
- sha256_file_wrap,
- sha256_hmac_starts_wrap,
- sha256_hmac_update_wrap,
- sha256_hmac_finish_wrap,
- sha256_hmac_reset_wrap,
- sha256_hmac_wrap,
- sha256_ctx_alloc,
- sha256_ctx_free,
-};
-
-#endif
-
-#if defined(POLARSSL_SHA4_C)
-
-void sha384_starts_wrap( void *ctx )
-{
- sha4_starts( (sha4_context *) ctx, 1 );
-}
-
-void sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha4_update( (sha4_context *) ctx, input, ilen );
-}
-
-void sha384_finish_wrap( void *ctx, unsigned char *output )
-{
- sha4_finish( (sha4_context *) ctx, output );
-}
-
-void sha384_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha4( input, ilen, output, 1 );
-}
-
-int sha384_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return sha4_file( path, output, 1 );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-void sha384_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- sha4_hmac_starts( (sha4_context *) ctx, key, keylen, 1 );
-}
-
-void sha384_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha4_hmac_update( (sha4_context *) ctx, input, ilen );
-}
-
-void sha384_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- sha4_hmac_finish( (sha4_context *) ctx, output );
-}
-
-void sha384_hmac_reset_wrap( void *ctx )
-{
- sha4_hmac_reset( (sha4_context *) ctx );
-}
-
-void sha384_hmac_wrap( const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha4_hmac( key, keylen, input, ilen, output, 1 );
-}
-
-void * sha384_ctx_alloc( void )
-{
- return malloc( sizeof( sha4_context ) );
-}
-
-void sha384_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t sha384_info = {
- POLARSSL_MD_SHA384,
- "SHA384",
- 48,
- sha384_starts_wrap,
- sha384_update_wrap,
- sha384_finish_wrap,
- sha384_wrap,
- sha384_file_wrap,
- sha384_hmac_starts_wrap,
- sha384_hmac_update_wrap,
- sha384_hmac_finish_wrap,
- sha384_hmac_reset_wrap,
- sha384_hmac_wrap,
- sha384_ctx_alloc,
- sha384_ctx_free,
-};
-
-void sha512_starts_wrap( void *ctx )
-{
- sha4_starts( (sha4_context *) ctx, 0 );
-}
-
-void sha512_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha4_update( (sha4_context *) ctx, input, ilen );
-}
-
-void sha512_finish_wrap( void *ctx, unsigned char *output )
-{
- sha4_finish( (sha4_context *) ctx, output );
-}
-
-void sha512_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha4( input, ilen, output, 0 );
-}
-
-int sha512_file_wrap( const char *path, unsigned char *output )
-{
-#if defined(POLARSSL_FS_IO)
- return sha4_file( path, output, 0 );
-#else
- ((void) path);
- ((void) output);
- return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
-#endif
-}
-
-void sha512_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
-{
- sha4_hmac_starts( (sha4_context *) ctx, key, keylen, 0 );
-}
-
-void sha512_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
-{
- sha4_hmac_update( (sha4_context *) ctx, input, ilen );
-}
-
-void sha512_hmac_finish_wrap( void *ctx, unsigned char *output )
-{
- sha4_hmac_finish( (sha4_context *) ctx, output );
-}
-
-void sha512_hmac_reset_wrap( void *ctx )
-{
- sha4_hmac_reset( (sha4_context *) ctx );
-}
-
-void sha512_hmac_wrap( const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- sha4_hmac( key, keylen, input, ilen, output, 0 );
-}
-
-void * sha512_ctx_alloc( void )
-{
- return malloc( sizeof( sha4_context ) );
-}
-
-void sha512_ctx_free( void *ctx )
-{
- free( ctx );
-}
-
-const md_info_t sha512_info = {
- POLARSSL_MD_SHA512,
- "SHA512",
- 64,
- sha512_starts_wrap,
- sha512_update_wrap,
- sha512_finish_wrap,
- sha512_wrap,
- sha512_file_wrap,
- sha512_hmac_starts_wrap,
- sha512_hmac_update_wrap,
- sha512_hmac_finish_wrap,
- sha512_hmac_reset_wrap,
- sha512_hmac_wrap,
- sha512_ctx_alloc,
- sha512_ctx_free,
-};
-
-#endif
-
-#endif
+++ /dev/null
-/*
- * The RSA public-key cryptosystem
- *
- * Copyright (C) 2006-2011, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * RSA was designed by Ron Rivest, Adi Shamir and Len Adleman.
- *
- * http://theory.lcs.mit.edu/~rivest/rsapaper.pdf
- * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_RSA_C)
-
-#include "polarssl/rsa.h"
-#include "polarssl/md.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-
-/*
- * Initialize an RSA context
- */
-void rsa_init( rsa_context *ctx,
- int padding,
- int hash_id )
-{
- memset( ctx, 0, sizeof( rsa_context ) );
-
- ctx->padding = padding;
- ctx->hash_id = hash_id;
-}
-
-#if defined(POLARSSL_GENPRIME)
-
-/*
- * Generate an RSA keypair
- */
-int rsa_gen_key( rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent )
-{
- int ret;
- mpi P1, Q1, H, G;
-
- if( f_rng == NULL || nbits < 128 || exponent < 3 )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
-
- /*
- * find primes P and Q with Q < P so that:
- * GCD( E, (P-1)*(Q-1) ) == 1
- */
- MPI_CHK( mpi_lset( &ctx->E, exponent ) );
-
- do
- {
- MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
- f_rng, p_rng ) );
-
- MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
- f_rng, p_rng ) );
-
- if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
- mpi_swap( &ctx->P, &ctx->Q );
-
- if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
- continue;
-
- MPI_CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
- if( mpi_msb( &ctx->N ) != nbits )
- continue;
-
- MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
- MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
- MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
- MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
- }
- while( mpi_cmp_int( &G, 1 ) != 0 );
-
- /*
- * D = E^-1 mod ((P-1)*(Q-1))
- * DP = D mod (P - 1)
- * DQ = D mod (Q - 1)
- * QP = Q^-1 mod P
- */
- MPI_CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H ) );
- MPI_CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
- MPI_CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
- MPI_CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
-
- ctx->len = ( mpi_msb( &ctx->N ) + 7 ) >> 3;
-
-cleanup:
-
- mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
-
- if( ret != 0 )
- {
- rsa_free( ctx );
- return( POLARSSL_ERR_RSA_KEY_GEN_FAILED + ret );
- }
-
- return( 0 );
-}
-
-#endif
-
-/*
- * Check a public RSA key
- */
-int rsa_check_pubkey( const rsa_context *ctx )
-{
- if( !ctx->N.p || !ctx->E.p )
- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
- if( ( ctx->N.p[0] & 1 ) == 0 ||
- ( ctx->E.p[0] & 1 ) == 0 )
- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
- if( mpi_msb( &ctx->N ) < 128 ||
- mpi_msb( &ctx->N ) > POLARSSL_MPI_MAX_BITS )
- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
- if( mpi_msb( &ctx->E ) < 2 ||
- mpi_msb( &ctx->E ) > 64 )
- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
- return( 0 );
-}
-
-/*
- * Check a private RSA key
- */
-int rsa_check_privkey( const rsa_context *ctx )
-{
- int ret;
- mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2;
-
- if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
- return( ret );
-
- if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
- mpi_init( &PQ ); mpi_init( &DE ); mpi_init( &P1 ); mpi_init( &Q1 );
- mpi_init( &H ); mpi_init( &I ); mpi_init( &G ); mpi_init( &G2 );
- mpi_init( &L1 ); mpi_init( &L2 );
-
- MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
- MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
- MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
- MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
- MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
- MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
-
- MPI_CHK( mpi_gcd( &G2, &P1, &Q1 ) );
- MPI_CHK( mpi_div_mpi( &L1, &L2, &H, &G2 ) );
- MPI_CHK( mpi_mod_mpi( &I, &DE, &L1 ) );
-
- /*
- * Check for a valid PKCS1v2 private key
- */
- if( mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
- mpi_cmp_int( &L2, 0 ) != 0 ||
- mpi_cmp_int( &I, 1 ) != 0 ||
- mpi_cmp_int( &G, 1 ) != 0 )
- {
- ret = POLARSSL_ERR_RSA_KEY_CHECK_FAILED;
- }
-
-
-cleanup:
-
- mpi_free( &PQ ); mpi_free( &DE ); mpi_free( &P1 ); mpi_free( &Q1 );
- mpi_free( &H ); mpi_free( &I ); mpi_free( &G ); mpi_free( &G2 );
- mpi_free( &L1 ); mpi_free( &L2 );
-
- if( ret == POLARSSL_ERR_RSA_KEY_CHECK_FAILED )
- return( ret );
-
- if( ret != 0 )
- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED + ret );
-
- return( 0 );
-}
-
-/*
- * Do an RSA public key operation
- */
-int rsa_public( rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output )
-{
- int ret;
- size_t olen;
- mpi T;
-
- mpi_init( &T );
-
- MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
-
- if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
- {
- mpi_free( &T );
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- }
-
- olen = ctx->len;
- MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
- MPI_CHK( mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-
- mpi_free( &T );
-
- if( ret != 0 )
- return( POLARSSL_ERR_RSA_PUBLIC_FAILED + ret );
-
- return( 0 );
-}
-
-/*
- * Do an RSA private key operation
- */
-int rsa_private( rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output )
-{
- int ret;
- size_t olen;
- mpi T, T1, T2;
-
- mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
-
- MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
-
- if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
- {
- mpi_free( &T );
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- }
-
-#if defined(POLARSSL_RSA_NO_CRT)
- MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
-#else
- /*
- * faster decryption using the CRT
- *
- * T1 = input ^ dP mod P
- * T2 = input ^ dQ mod Q
- */
- MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
- MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
-
- /*
- * T = (T1 - T2) * (Q^-1 mod P) mod P
- */
- MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
- MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
- MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
-
- /*
- * output = T2 + T * Q
- */
- MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
- MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
-#endif
-
- olen = ctx->len;
- MPI_CHK( mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-
- mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
-
- if( ret != 0 )
- return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret );
-
- return( 0 );
-}
-
-#if defined(POLARSSL_PKCS1_V21)
-/**
- * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
- *
- * \param dst buffer to mask
- * \param dlen length of destination buffer
- * \param src source of the mask generation
- * \param slen length of the source buffer
- * \param md_ctx message digest context to use
- */
-static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, size_t slen,
- md_context_t *md_ctx )
-{
- unsigned char mask[POLARSSL_MD_MAX_SIZE];
- unsigned char counter[4];
- unsigned char *p;
- unsigned int hlen;
- size_t i, use_len;
-
- memset( mask, 0, POLARSSL_MD_MAX_SIZE );
- memset( counter, 0, 4 );
-
- hlen = md_ctx->md_info->size;
-
- // Generate and apply dbMask
- //
- p = dst;
-
- while( dlen > 0 )
- {
- use_len = hlen;
- if( dlen < hlen )
- use_len = dlen;
-
- md_starts( md_ctx );
- md_update( md_ctx, src, slen );
- md_update( md_ctx, counter, 4 );
- md_finish( md_ctx, mask );
-
- for( i = 0; i < use_len; ++i )
- *p++ ^= mask[i];
-
- counter[3]++;
-
- dlen -= use_len;
- }
-}
-#endif
-
-/*
- * Add the message padding, then do an RSA operation
- */
-int rsa_pkcs1_encrypt( rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output )
-{
- size_t nb_pad, olen;
- int ret;
- unsigned char *p = output;
-#if defined(POLARSSL_PKCS1_V21)
- unsigned int hlen;
- const md_info_t *md_info;
- md_context_t md_ctx;
-#endif
-
- olen = ctx->len;
-
- if( f_rng == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- switch( ctx->padding )
- {
- case RSA_PKCS_V15:
-
- if( olen < ilen + 11 )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- nb_pad = olen - 3 - ilen;
-
- *p++ = 0;
- *p++ = RSA_CRYPT;
-
- while( nb_pad-- > 0 )
- {
- int rng_dl = 100;
-
- do {
- ret = f_rng( p_rng, p, 1 );
- } while( *p == 0 && --rng_dl && ret == 0 );
-
- // Check if RNG failed to generate data
- //
- if( rng_dl == 0 || ret != 0)
- return POLARSSL_ERR_RSA_RNG_FAILED + ret;
-
- p++;
- }
- *p++ = 0;
- memcpy( p, input, ilen );
- break;
-
-#if defined(POLARSSL_PKCS1_V21)
- case RSA_PKCS_V21:
-
- md_info = md_info_from_type( ctx->hash_id );
- if( md_info == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- hlen = md_get_size( md_info );
-
- if( olen < ilen + 2 * hlen + 2 || f_rng == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- memset( output, 0, olen );
- memset( &md_ctx, 0, sizeof( md_context_t ) );
-
- md_init_ctx( &md_ctx, md_info );
-
- *p++ = 0;
-
- // Generate a random octet string seed
- //
- if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
- return( POLARSSL_ERR_RSA_RNG_FAILED + ret );
-
- p += hlen;
-
- // Construct DB
- //
- md( md_info, p, 0, p );
- p += hlen;
- p += olen - 2 * hlen - 2 - ilen;
- *p++ = 1;
- memcpy( p, input, ilen );
-
- // maskedDB: Apply dbMask to DB
- //
- mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
- &md_ctx );
-
- // maskedSeed: Apply seedMask to seed
- //
- mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
- &md_ctx );
- break;
-#endif
-
- default:
-
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
- }
-
- return( ( mode == RSA_PUBLIC )
- ? rsa_public( ctx, output, output )
- : rsa_private( ctx, output, output ) );
-}
-
-/*
- * Do an RSA operation, then remove the message padding
- */
-int rsa_pkcs1_decrypt( rsa_context *ctx,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len)
-{
- int ret;
- size_t ilen;
- unsigned char *p;
- unsigned char buf[1024];
-#if defined(POLARSSL_PKCS1_V21)
- unsigned char lhash[POLARSSL_MD_MAX_SIZE];
- unsigned int hlen;
- const md_info_t *md_info;
- md_context_t md_ctx;
-#endif
-
- ilen = ctx->len;
-
- if( ilen < 16 || ilen > sizeof( buf ) )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- ret = ( mode == RSA_PUBLIC )
- ? rsa_public( ctx, input, buf )
- : rsa_private( ctx, input, buf );
-
- if( ret != 0 )
- return( ret );
-
- p = buf;
-
- switch( ctx->padding )
- {
- case RSA_PKCS_V15:
-
- if( *p++ != 0 || *p++ != RSA_CRYPT )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- while( *p != 0 )
- {
- if( p >= buf + ilen - 1 )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
- p++;
- }
- p++;
- break;
-
-#if defined(POLARSSL_PKCS1_V21)
- case RSA_PKCS_V21:
-
- if( *p++ != 0 )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- md_info = md_info_from_type( ctx->hash_id );
- if( md_info == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- hlen = md_get_size( md_info );
- memset( &md_ctx, 0, sizeof( md_context_t ) );
-
- md_init_ctx( &md_ctx, md_info );
-
- // Generate lHash
- //
- md( md_info, lhash, 0, lhash );
-
- // seed: Apply seedMask to maskedSeed
- //
- mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
- &md_ctx );
-
- // DB: Apply dbMask to maskedDB
- //
- mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
- &md_ctx );
-
- p += hlen;
-
- // Check validity
- //
- if( memcmp( lhash, p, hlen ) != 0 )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- p += hlen;
-
- while( *p == 0 && p < buf + ilen )
- p++;
-
- if( p == buf + ilen )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- if( *p++ != 0x01 )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- break;
-#endif
-
- default:
-
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
- }
-
- if (ilen - (p - buf) > output_max_len)
- return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
-
- *olen = ilen - (p - buf);
- memcpy( output, p, *olen );
-
- return( 0 );
-}
-
-/*
- * Do an RSA operation to sign the message digest
- */
-int rsa_pkcs1_sign( rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- int hash_id,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
-{
- size_t nb_pad, olen;
- unsigned char *p = sig;
-#if defined(POLARSSL_PKCS1_V21)
- unsigned char salt[POLARSSL_MD_MAX_SIZE];
- unsigned int slen, hlen, offset = 0;
- int ret;
- size_t msb;
- const md_info_t *md_info;
- md_context_t md_ctx;
-#else
- (void) f_rng;
- (void) p_rng;
-#endif
-
- olen = ctx->len;
-
- switch( ctx->padding )
- {
- case RSA_PKCS_V15:
-
- switch( hash_id )
- {
- case SIG_RSA_RAW:
- nb_pad = olen - 3 - hashlen;
- break;
-
- case SIG_RSA_MD2:
- case SIG_RSA_MD4:
- case SIG_RSA_MD5:
- nb_pad = olen - 3 - 34;
- break;
-
- case SIG_RSA_SHA1:
- nb_pad = olen - 3 - 35;
- break;
-
- case SIG_RSA_SHA224:
- nb_pad = olen - 3 - 47;
- break;
-
- case SIG_RSA_SHA256:
- nb_pad = olen - 3 - 51;
- break;
-
- case SIG_RSA_SHA384:
- nb_pad = olen - 3 - 67;
- break;
-
- case SIG_RSA_SHA512:
- nb_pad = olen - 3 - 83;
- break;
-
-
- default:
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- }
-
- if( nb_pad < 8 )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- *p++ = 0;
- *p++ = RSA_SIGN;
- memset( p, 0xFF, nb_pad );
- p += nb_pad;
- *p++ = 0;
-
- switch( hash_id )
- {
- case SIG_RSA_RAW:
- memcpy( p, hash, hashlen );
- break;
-
- case SIG_RSA_MD2:
- memcpy( p, ASN1_HASH_MDX, 18 );
- memcpy( p + 18, hash, 16 );
- p[13] = 2; break;
-
- case SIG_RSA_MD4:
- memcpy( p, ASN1_HASH_MDX, 18 );
- memcpy( p + 18, hash, 16 );
- p[13] = 4; break;
-
- case SIG_RSA_MD5:
- memcpy( p, ASN1_HASH_MDX, 18 );
- memcpy( p + 18, hash, 16 );
- p[13] = 5; break;
-
- case SIG_RSA_SHA1:
- memcpy( p, ASN1_HASH_SHA1, 15 );
- memcpy( p + 15, hash, 20 );
- break;
-
- case SIG_RSA_SHA224:
- memcpy( p, ASN1_HASH_SHA2X, 19 );
- memcpy( p + 19, hash, 28 );
- p[1] += 28; p[14] = 4; p[18] += 28; break;
-
- case SIG_RSA_SHA256:
- memcpy( p, ASN1_HASH_SHA2X, 19 );
- memcpy( p + 19, hash, 32 );
- p[1] += 32; p[14] = 1; p[18] += 32; break;
-
- case SIG_RSA_SHA384:
- memcpy( p, ASN1_HASH_SHA2X, 19 );
- memcpy( p + 19, hash, 48 );
- p[1] += 48; p[14] = 2; p[18] += 48; break;
-
- case SIG_RSA_SHA512:
- memcpy( p, ASN1_HASH_SHA2X, 19 );
- memcpy( p + 19, hash, 64 );
- p[1] += 64; p[14] = 3; p[18] += 64; break;
-
- default:
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- }
-
- break;
-
-#if defined(POLARSSL_PKCS1_V21)
- case RSA_PKCS_V21:
-
- if( f_rng == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- switch( hash_id )
- {
- case SIG_RSA_MD2:
- case SIG_RSA_MD4:
- case SIG_RSA_MD5:
- hashlen = 16;
- break;
-
- case SIG_RSA_SHA1:
- hashlen = 20;
- break;
-
- case SIG_RSA_SHA224:
- hashlen = 28;
- break;
-
- case SIG_RSA_SHA256:
- hashlen = 32;
- break;
-
- case SIG_RSA_SHA384:
- hashlen = 48;
- break;
-
- case SIG_RSA_SHA512:
- hashlen = 64;
- break;
-
- default:
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- }
-
- md_info = md_info_from_type( ctx->hash_id );
- if( md_info == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- hlen = md_get_size( md_info );
- slen = hlen;
-
- memset( sig, 0, olen );
- memset( &md_ctx, 0, sizeof( md_context_t ) );
-
- md_init_ctx( &md_ctx, md_info );
-
- msb = mpi_msb( &ctx->N ) - 1;
-
- // Generate salt of length slen
- //
- if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
- return( POLARSSL_ERR_RSA_RNG_FAILED + ret );
-
- // Note: EMSA-PSS encoding is over the length of N - 1 bits
- //
- msb = mpi_msb( &ctx->N ) - 1;
- p += olen - hlen * 2 - 2;
- *p++ = 0x01;
- memcpy( p, salt, slen );
- p += slen;
-
- // Generate H = Hash( M' )
- //
- md_starts( &md_ctx );
- md_update( &md_ctx, p, 8 );
- md_update( &md_ctx, hash, hashlen );
- md_update( &md_ctx, salt, slen );
- md_finish( &md_ctx, p );
-
- // Compensate for boundary condition when applying mask
- //
- if( msb % 8 == 0 )
- offset = 1;
-
- // maskedDB: Apply dbMask to DB
- //
- mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
-
- msb = mpi_msb( &ctx->N ) - 1;
- sig[0] &= 0xFF >> ( olen * 8 - msb );
-
- p += hlen;
- *p++ = 0xBC;
- break;
-#endif
-
- default:
-
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
- }
-
- return( ( mode == RSA_PUBLIC )
- ? rsa_public( ctx, sig, sig )
- : rsa_private( ctx, sig, sig ) );
-}
-
-/*
- * Do an RSA operation and check the message digest
- */
-int rsa_pkcs1_verify( rsa_context *ctx,
- int mode,
- int hash_id,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
-{
- int ret;
- size_t len, siglen;
- unsigned char *p, c;
- unsigned char buf[1024];
-#if defined(POLARSSL_PKCS1_V21)
- unsigned char result[POLARSSL_MD_MAX_SIZE];
- unsigned char zeros[8];
- unsigned int hlen;
- size_t slen, msb;
- const md_info_t *md_info;
- md_context_t md_ctx;
-#endif
- siglen = ctx->len;
-
- if( siglen < 16 || siglen > sizeof( buf ) )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- ret = ( mode == RSA_PUBLIC )
- ? rsa_public( ctx, sig, buf )
- : rsa_private( ctx, sig, buf );
-
- if( ret != 0 )
- return( ret );
-
- p = buf;
-
- switch( ctx->padding )
- {
- case RSA_PKCS_V15:
-
- if( *p++ != 0 || *p++ != RSA_SIGN )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- while( *p != 0 )
- {
- if( p >= buf + siglen - 1 || *p != 0xFF )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
- p++;
- }
- p++;
-
- len = siglen - ( p - buf );
-
- if( len == 34 )
- {
- c = p[13];
- p[13] = 0;
-
- if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 )
- return( POLARSSL_ERR_RSA_VERIFY_FAILED );
-
- if( ( c == 2 && hash_id == SIG_RSA_MD2 ) ||
- ( c == 4 && hash_id == SIG_RSA_MD4 ) ||
- ( c == 5 && hash_id == SIG_RSA_MD5 ) )
- {
- if( memcmp( p + 18, hash, 16 ) == 0 )
- return( 0 );
- else
- return( POLARSSL_ERR_RSA_VERIFY_FAILED );
- }
- }
-
- if( len == 35 && hash_id == SIG_RSA_SHA1 )
- {
- if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 &&
- memcmp( p + 15, hash, 20 ) == 0 )
- return( 0 );
- else
- return( POLARSSL_ERR_RSA_VERIFY_FAILED );
- }
- if( ( len == 19 + 28 && p[14] == 4 && hash_id == SIG_RSA_SHA224 ) ||
- ( len == 19 + 32 && p[14] == 1 && hash_id == SIG_RSA_SHA256 ) ||
- ( len == 19 + 48 && p[14] == 2 && hash_id == SIG_RSA_SHA384 ) ||
- ( len == 19 + 64 && p[14] == 3 && hash_id == SIG_RSA_SHA512 ) )
- {
- c = p[1] - 17;
- p[1] = 17;
- p[14] = 0;
-
- if( p[18] == c &&
- memcmp( p, ASN1_HASH_SHA2X, 18 ) == 0 &&
- memcmp( p + 19, hash, c ) == 0 )
- return( 0 );
- else
- return( POLARSSL_ERR_RSA_VERIFY_FAILED );
- }
-
- if( len == hashlen && hash_id == SIG_RSA_RAW )
- {
- if( memcmp( p, hash, hashlen ) == 0 )
- return( 0 );
- else
- return( POLARSSL_ERR_RSA_VERIFY_FAILED );
- }
-
- break;
-
-#if defined(POLARSSL_PKCS1_V21)
- case RSA_PKCS_V21:
-
- if( buf[siglen - 1] != 0xBC )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- switch( hash_id )
- {
- case SIG_RSA_MD2:
- case SIG_RSA_MD4:
- case SIG_RSA_MD5:
- hashlen = 16;
- break;
-
- case SIG_RSA_SHA1:
- hashlen = 20;
- break;
-
- case SIG_RSA_SHA224:
- hashlen = 28;
- break;
-
- case SIG_RSA_SHA256:
- hashlen = 32;
- break;
-
- case SIG_RSA_SHA384:
- hashlen = 48;
- break;
-
- case SIG_RSA_SHA512:
- hashlen = 64;
- break;
-
- default:
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- }
-
- md_info = md_info_from_type( ctx->hash_id );
- if( md_info == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- hlen = md_get_size( md_info );
- slen = siglen - hlen - 1;
-
- memset( &md_ctx, 0, sizeof( md_context_t ) );
- memset( zeros, 0, 8 );
-
- md_init_ctx( &md_ctx, md_info );
-
- // Note: EMSA-PSS verification is over the length of N - 1 bits
- //
- msb = mpi_msb( &ctx->N ) - 1;
-
- // Compensate for boundary condition when applying mask
- //
- if( msb % 8 == 0 )
- {
- p++;
- siglen -= 1;
- }
- if( buf[0] >> ( 8 - siglen * 8 + msb ) )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
- mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
-
- buf[0] &= 0xFF >> ( siglen * 8 - msb );
-
- while( *p == 0 && p < buf + siglen )
- p++;
-
- if( p == buf + siglen )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- if( *p++ != 0x01 )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- slen -= p - buf;
-
- // Generate H = Hash( M' )
- //
- md_starts( &md_ctx );
- md_update( &md_ctx, zeros, 8 );
- md_update( &md_ctx, hash, hashlen );
- md_update( &md_ctx, p, slen );
- md_finish( &md_ctx, result );
-
- if( memcmp( p + slen, result, hlen ) == 0 )
- return( 0 );
- else
- return( POLARSSL_ERR_RSA_VERIFY_FAILED );
-#endif
-
- default:
-
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
- }
-
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-}
-
-/*
- * Free the components of an RSA key
- */
-void rsa_free( rsa_context *ctx )
-{
- mpi_free( &ctx->RQ ); mpi_free( &ctx->RP ); mpi_free( &ctx->RN );
- mpi_free( &ctx->QP ); mpi_free( &ctx->DQ ); mpi_free( &ctx->DP );
- mpi_free( &ctx->Q ); mpi_free( &ctx->P ); mpi_free( &ctx->D );
- mpi_free( &ctx->E ); mpi_free( &ctx->N );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-
-#include "polarssl/sha1.h"
-
-/*
- * Example RSA-1024 keypair, for test purposes
- */
-#define KEY_LEN 128
-
-#define RSA_N "9292758453063D803DD603D5E777D788" \
- "8ED1D5BF35786190FA2F23EBC0848AEA" \
- "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
- "7130B9CED7ACDF54CFC7555AC14EEBAB" \
- "93A89813FBF3C4F8066D2D800F7C38A8" \
- "1AE31942917403FF4946B0A83D3D3E05" \
- "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
- "5E94BB77B07507233A0BC7BAC8F90F79"
-
-#define RSA_E "10001"
-
-#define RSA_D "24BF6185468786FDD303083D25E64EFC" \
- "66CA472BC44D253102F8B4A9D3BFA750" \
- "91386C0077937FE33FA3252D28855837" \
- "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
- "DF79C5CE07EE72C7F123142198164234" \
- "CABB724CF78B8173B9F880FC86322407" \
- "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
- "071513A1E85B5DFA031F21ECAE91A34D"
-
-#define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
- "2C01CAD19EA484A87EA4377637E75500" \
- "FCB2005C5C7DD6EC4AC023CDA285D796" \
- "C3D9E75E1EFC42488BB4F1D13AC30A57"
-
-#define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
- "E211C2B9E5DB1ED0BF61D0D9899620F4" \
- "910E4168387E3C30AA1E00C339A79508" \
- "8452DD96A9A5EA5D9DCA68DA636032AF"
-
-#define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \
- "3C94D22288ACD763FD8E5600ED4A702D" \
- "F84198A5F06C2E72236AE490C93F07F8" \
- "3CC559CD27BC2D1CA488811730BB5725"
-
-#define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \
- "D8AAEA56749EA28623272E4F7D0592AF" \
- "7C1F1313CAC9471B5C523BFE592F517B" \
- "407A1BD76C164B93DA2D32A383E58357"
-
-#define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \
- "F38D18D2B2F0E2DD275AA977E2BF4411" \
- "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
- "A74206CEC169D74BF5A8C50D6F48EA08"
-
-#define PT_LEN 24
-#define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
- "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
-
-static int myrand( void *rng_state, unsigned char *output, size_t len )
-{
- size_t i;
-
- if( rng_state != NULL )
- rng_state = NULL;
-
- for( i = 0; i < len; ++i )
- output[i] = rand();
-
- return( 0 );
-}
-
-/*
- * Checkup routine
- */
-int rsa_self_test( int verbose )
-{
- size_t len;
- rsa_context rsa;
- unsigned char rsa_plaintext[PT_LEN];
- unsigned char rsa_decrypted[PT_LEN];
- unsigned char rsa_ciphertext[KEY_LEN];
-#if defined(POLARSSL_SHA1_C)
- unsigned char sha1sum[20];
-#endif
-
- rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
- rsa.len = KEY_LEN;
- mpi_read_string( &rsa.N , 16, RSA_N );
- mpi_read_string( &rsa.E , 16, RSA_E );
- mpi_read_string( &rsa.D , 16, RSA_D );
- mpi_read_string( &rsa.P , 16, RSA_P );
- mpi_read_string( &rsa.Q , 16, RSA_Q );
- mpi_read_string( &rsa.DP, 16, RSA_DP );
- mpi_read_string( &rsa.DQ, 16, RSA_DQ );
- mpi_read_string( &rsa.QP, 16, RSA_QP );
-
- if( verbose != 0 )
- printf( " RSA key validation: " );
-
- if( rsa_check_pubkey( &rsa ) != 0 ||
- rsa_check_privkey( &rsa ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- printf( "passed\n PKCS#1 encryption : " );
-
- memcpy( rsa_plaintext, RSA_PT, PT_LEN );
-
- if( rsa_pkcs1_encrypt( &rsa, &myrand, NULL, RSA_PUBLIC, PT_LEN,
- rsa_plaintext, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- printf( "passed\n PKCS#1 decryption : " );
-
- if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
- rsa_ciphertext, rsa_decrypted,
- sizeof(rsa_decrypted) ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( 1 );
- }
-
- if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( 1 );
- }
-
-#if defined(POLARSSL_SHA1_C)
- if( verbose != 0 )
- printf( "passed\n PKCS#1 data sign : " );
-
- sha1( rsa_plaintext, PT_LEN, sha1sum );
-
- if( rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1, 20,
- sha1sum, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- printf( "passed\n PKCS#1 sig. verify: " );
-
- if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1, 20,
- sha1sum, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- printf( "passed\n\n" );
-#endif /* POLARSSL_SHA1_C */
-
- rsa_free( &rsa );
-
- return( 0 );
-}
-
-#endif
-
-#endif
+++ /dev/null
-/*
- * SSLv3/TLSv1 client-side functions
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_SSL_CLI_C)
-
-#include "polarssl/debug.h"
-#include "polarssl/ssl.h"
-
-#if defined(POLARSSL_PKCS11_C)
-#include "polarssl/pkcs11.h"
-#endif /* defined(POLARSSL_PKCS11_C) */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <time.h>
-
-static int ssl_write_client_hello( ssl_context *ssl )
-{
- int ret;
- size_t i, n;
- unsigned char *buf;
- unsigned char *p;
- time_t t;
-
- SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
-
- ssl->major_ver = SSL_MAJOR_VERSION_3;
- ssl->minor_ver = SSL_MINOR_VERSION_0;
-
- if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
- {
- ssl->max_major_ver = SSL_MAJOR_VERSION_3;
- ssl->max_minor_ver = SSL_MINOR_VERSION_2;
- }
-
- /*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 5 highest version supported
- * 6 . 9 current UNIX time
- * 10 . 37 random bytes
- */
- buf = ssl->out_msg;
- p = buf + 4;
-
- *p++ = (unsigned char) ssl->max_major_ver;
- *p++ = (unsigned char) ssl->max_minor_ver;
-
- SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
- buf[4], buf[5] ) );
-
- t = time( NULL );
- *p++ = (unsigned char)( t >> 24 );
- *p++ = (unsigned char)( t >> 16 );
- *p++ = (unsigned char)( t >> 8 );
- *p++ = (unsigned char)( t );
-
- SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
-
- if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
- return( ret );
-
- p += 28;
-
- memcpy( ssl->randbytes, buf + 6, 32 );
-
- SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 6, 32 );
-
- /*
- * 38 . 38 session id length
- * 39 . 39+n session id
- * 40+n . 41+n ciphersuitelist length
- * 42+n . .. ciphersuitelist
- * .. . .. compression alg. (0)
- * .. . .. extensions (unused)
- */
- n = ssl->session->length;
-
- if( n < 16 || n > 32 || ssl->resume == 0 ||
- ( ssl->timeout != 0 && t - ssl->session->start > ssl->timeout ) )
- n = 0;
-
- *p++ = (unsigned char) n;
-
- for( i = 0; i < n; i++ )
- *p++ = ssl->session->id[i];
-
- SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
- SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
-
- for( n = 0; ssl->ciphersuites[n] != 0; n++ );
- *p++ = (unsigned char)( n >> 7 );
- *p++ = (unsigned char)( n << 1 );
-
- SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
-
- for( i = 0; i < n; i++ )
- {
- SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
- ssl->ciphersuites[i] ) );
-
- *p++ = (unsigned char)( ssl->ciphersuites[i] >> 8 );
- *p++ = (unsigned char)( ssl->ciphersuites[i] );
- }
-
- SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
- SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", 0 ) );
-
- *p++ = 1;
- *p++ = SSL_COMPRESS_NULL;
-
- if ( ssl->hostname != NULL )
- {
- SSL_DEBUG_MSG( 3, ( "client hello, server name extension: %s",
- ssl->hostname ) );
-
- *p++ = (unsigned char)( ( (ssl->hostname_len + 9) >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( (ssl->hostname_len + 9) ) & 0xFF );
-
- *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME ) & 0xFF );
-
- *p++ = (unsigned char)( ( (ssl->hostname_len + 5) >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( (ssl->hostname_len + 5) ) & 0xFF );
-
- *p++ = (unsigned char)( ( (ssl->hostname_len + 3) >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( (ssl->hostname_len + 3) ) & 0xFF );
-
- *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
- *p++ = (unsigned char)( ( ssl->hostname_len >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( ssl->hostname_len ) & 0xFF );
-
- memcpy( p, ssl->hostname, ssl->hostname_len );
-
- p += ssl->hostname_len;
- }
-
- ssl->out_msglen = p - buf;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_CLIENT_HELLO;
-
- ssl->state++;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
-
- return( 0 );
-}
-
-static int ssl_parse_server_hello( ssl_context *ssl )
-{
-#if defined(POLARSSL_DEBUG_MSG) && defined(POLARSSL_DEBUG_C)
- time_t t;
-#endif
- int ret, i;
- size_t n;
- int ext_len;
- unsigned char *buf;
-
- SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
-
- /*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 5 protocol version
- * 6 . 9 UNIX time()
- * 10 . 37 random bytes
- */
- buf = ssl->in_msg;
-
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
- buf[4], buf[5] ) );
-
- if( ssl->in_hslen < 42 ||
- buf[0] != SSL_HS_SERVER_HELLO ||
- buf[4] != SSL_MAJOR_VERSION_3 )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- if( buf[5] > ssl->max_minor_ver )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- ssl->minor_ver = buf[5];
-
-#if defined(POLARSSL_DEBUG_MSG) && defined(POLARSSL_DEBUG_C)
- t = ( (time_t) buf[6] << 24 )
- | ( (time_t) buf[7] << 16 )
- | ( (time_t) buf[8] << 8 )
- | ( (time_t) buf[9] );
-#endif
-
- memcpy( ssl->randbytes + 32, buf + 6, 32 );
-
- n = buf[38];
-
- SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
- SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
-
- /*
- * 38 . 38 session id length
- * 39 . 38+n session id
- * 39+n . 40+n chosen ciphersuite
- * 41+n . 41+n chosen compression alg.
- * 42+n . 43+n extensions length
- * 44+n . 44+n+m extensions
- */
- if( n > 32 || ssl->in_hslen > 42 + n )
- {
- ext_len = ( ( buf[42 + n] << 8 )
- | ( buf[43 + n] ) ) + 2;
- }
- else
- {
- ext_len = 0;
- }
-
- if( n > 32 || ssl->in_hslen != 42 + n + ext_len )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- i = ( buf[39 + n] << 8 ) | buf[40 + n];
-
- SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
- SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
-
- /*
- * Check if the session can be resumed
- */
- if( ssl->resume == 0 || n == 0 ||
- ssl->session->ciphersuite != i ||
- ssl->session->length != n ||
- memcmp( ssl->session->id, buf + 39, n ) != 0 )
- {
- ssl->state++;
- ssl->resume = 0;
- ssl->session->start = time( NULL );
- ssl->session->ciphersuite = i;
- ssl->session->length = n;
- memcpy( ssl->session->id, buf + 39, n );
- }
- else
- {
- ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
-
- if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
- return( ret );
- }
- }
-
- SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
- ssl->resume ? "a" : "no" ) );
-
- SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
- SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
-
- i = 0;
- while( 1 )
- {
- if( ssl->ciphersuites[i] == 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- if( ssl->ciphersuites[i++] == ssl->session->ciphersuite )
- break;
- }
-
- if( buf[41 + n] != SSL_COMPRESS_NULL )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- /* TODO: Process extensions */
-
- SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
-
- return( 0 );
-}
-
-static int ssl_parse_server_key_exchange( ssl_context *ssl )
-{
-#if defined(POLARSSL_DHM_C)
- int ret;
- size_t n;
- unsigned char *p, *end;
- unsigned char hash[36];
- md5_context md5;
- sha1_context sha1;
-#endif
-
- SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
-
- if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
- {
- SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
- ssl->state++;
- return( 0 );
- }
-
-#if !defined(POLARSSL_DHM_C)
- SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-#else
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- if( ssl->in_msg[0] != SSL_HS_SERVER_KEY_EXCHANGE )
- {
- SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
- }
-
- /*
- * Ephemeral DH parameters:
- *
- * struct {
- * opaque dh_p<1..2^16-1>;
- * opaque dh_g<1..2^16-1>;
- * opaque dh_Ys<1..2^16-1>;
- * } ServerDHParams;
- */
- p = ssl->in_msg + 4;
- end = ssl->in_msg + ssl->in_hslen;
-
- if( ( ret = dhm_read_params( &ssl->dhm_ctx, &p, end ) ) != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
- }
-
- if( (unsigned int)( end - p ) != ssl->peer_cert->rsa.len )
- {
- SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
- }
-
- if( ssl->dhm_ctx.len < 64 || ssl->dhm_ctx.len > 512 )
- {
- SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
- }
-
- SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->dhm_ctx.P );
- SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->dhm_ctx.G );
- SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->dhm_ctx.GY );
-
- /*
- * digitally-signed struct {
- * opaque md5_hash[16];
- * opaque sha_hash[20];
- * };
- *
- * md5_hash
- * MD5(ClientHello.random + ServerHello.random
- * + ServerParams);
- * sha_hash
- * SHA(ClientHello.random + ServerHello.random
- * + ServerParams);
- */
- n = ssl->in_hslen - ( end - p ) - 6;
-
- md5_starts( &md5 );
- md5_update( &md5, ssl->randbytes, 64 );
- md5_update( &md5, ssl->in_msg + 4, n );
- md5_finish( &md5, hash );
-
- sha1_starts( &sha1 );
- sha1_update( &sha1, ssl->randbytes, 64 );
- sha1_update( &sha1, ssl->in_msg + 4, n );
- sha1_finish( &sha1, hash + 16 );
-
- SSL_DEBUG_BUF( 3, "parameters hash", hash, 36 );
-
- if( ( ret = rsa_pkcs1_verify( &ssl->peer_cert->rsa, RSA_PUBLIC,
- SIG_RSA_RAW, 36, hash, p ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
- return( ret );
- }
-
- ssl->state++;
-
- SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
-
- return( 0 );
-#endif
-}
-
-static int ssl_parse_certificate_request( ssl_context *ssl )
-{
- int ret;
-
- SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
-
- /*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 5 SSL version
- * 6 . 6 cert type count
- * 7 .. n-1 cert types
- * n .. n+1 length of all DNs
- * n+2 .. n+3 length of DN 1
- * n+4 .. ... Distinguished Name #1
- * ... .. ... length of DN 2, etc.
- */
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- ssl->client_auth = 0;
- ssl->state++;
-
- if( ssl->in_msg[0] == SSL_HS_CERTIFICATE_REQUEST )
- ssl->client_auth++;
-
- SSL_DEBUG_MSG( 3, ( "got %s certificate request",
- ssl->client_auth ? "a" : "no" ) );
-
- SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
-
- return( 0 );
-}
-
-static int ssl_parse_server_hello_done( ssl_context *ssl )
-{
- int ret;
-
- SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
-
- if( ssl->client_auth != 0 )
- {
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
- }
-
- if( ssl->in_hslen != 4 ||
- ssl->in_msg[0] != SSL_HS_SERVER_HELLO_DONE )
- {
- SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE );
- }
-
- ssl->state++;
-
- SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) );
-
- return( 0 );
-}
-
-static int ssl_write_client_key_exchange( ssl_context *ssl )
-{
- int ret;
- size_t i, n;
-
- SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
-
- if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
- {
-#if !defined(POLARSSL_DHM_C)
- SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-#else
- /*
- * DHM key exchange -- send G^X mod P
- */
- n = ssl->dhm_ctx.len;
-
- ssl->out_msg[4] = (unsigned char)( n >> 8 );
- ssl->out_msg[5] = (unsigned char)( n );
- i = 6;
-
- ret = dhm_make_public( &ssl->dhm_ctx, 256,
- &ssl->out_msg[i], n,
- ssl->f_rng, ssl->p_rng );
- if( ret != 0 )
- {
- SSL_DEBUG_RET( 1, "dhm_make_public", ret );
- return( ret );
- }
-
- SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->dhm_ctx.X );
- SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->dhm_ctx.GX );
-
- ssl->pmslen = ssl->dhm_ctx.len;
-
- if( ( ret = dhm_calc_secret( &ssl->dhm_ctx,
- ssl->premaster,
- &ssl->pmslen ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
- return( ret );
- }
-
- SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->dhm_ctx.K );
-#endif
- }
- else
- {
- /*
- * RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster))
- */
- ssl->premaster[0] = (unsigned char) ssl->max_major_ver;
- ssl->premaster[1] = (unsigned char) ssl->max_minor_ver;
- ssl->pmslen = 48;
-
- ret = ssl->f_rng( ssl->p_rng, ssl->premaster + 2, ssl->pmslen - 2 );
- if( ret != 0 )
- return( ret );
-
- i = 4;
- n = ssl->peer_cert->rsa.len;
-
- if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
- {
- i += 2;
- ssl->out_msg[4] = (unsigned char)( n >> 8 );
- ssl->out_msg[5] = (unsigned char)( n );
- }
-
- ret = rsa_pkcs1_encrypt( &ssl->peer_cert->rsa,
- ssl->f_rng, ssl->p_rng,
- RSA_PUBLIC,
- ssl->pmslen, ssl->premaster,
- ssl->out_msg + i );
- if( ret != 0 )
- {
- SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret );
- return( ret );
- }
- }
-
- if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
- return( ret );
- }
-
- ssl->out_msglen = i + n;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_CLIENT_KEY_EXCHANGE;
-
- ssl->state++;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
-
- return( 0 );
-}
-
-static int ssl_write_certificate_verify( ssl_context *ssl )
-{
- int ret = 0;
- size_t n = 0;
- unsigned char hash[36];
-
- SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
-
- if( ssl->client_auth == 0 || ssl->own_cert == NULL )
- {
- SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
- ssl->state++;
- return( 0 );
- }
-
- if( ssl->rsa_key == NULL )
- {
-#if defined(POLARSSL_PKCS11_C)
- if( ssl->pkcs11_key == NULL )
- {
-#endif /* defined(POLARSSL_PKCS11_C) */
- SSL_DEBUG_MSG( 1, ( "got no private key" ) );
- return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
-#if defined(POLARSSL_PKCS11_C)
- }
-#endif /* defined(POLARSSL_PKCS11_C) */
- }
-
- /*
- * Make an RSA signature of the handshake digests
- */
- ssl_calc_verify( ssl, hash );
-
- if ( ssl->rsa_key )
- n = ssl->rsa_key->len;
-#if defined(POLARSSL_PKCS11_C)
- else
- n = ssl->pkcs11_key->len;
-#endif /* defined(POLARSSL_PKCS11_C) */
-
- ssl->out_msg[4] = (unsigned char)( n >> 8 );
- ssl->out_msg[5] = (unsigned char)( n );
-
- if( ssl->rsa_key )
- {
- ret = rsa_pkcs1_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng,
- RSA_PRIVATE, SIG_RSA_RAW,
- 36, hash, ssl->out_msg + 6 );
- } else {
-#if defined(POLARSSL_PKCS11_C)
- ret = pkcs11_sign( ssl->pkcs11_key, RSA_PRIVATE, SIG_RSA_RAW,
- 36, hash, ssl->out_msg + 6 );
-#endif /* defined(POLARSSL_PKCS11_C) */
- }
-
- if (ret != 0)
- {
- SSL_DEBUG_RET( 1, "pkcs1_sign", ret );
- return( ret );
- }
-
- ssl->out_msglen = 6 + n;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_CERTIFICATE_VERIFY;
-
- ssl->state++;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
-
- return( 0 );
-}
-
-/*
- * SSL handshake -- client side
- */
-int ssl_handshake_client( ssl_context *ssl )
-{
- int ret = 0;
-
- SSL_DEBUG_MSG( 2, ( "=> handshake client" ) );
-
- while( ssl->state != SSL_HANDSHAKE_OVER )
- {
- SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
-
- if( ( ret = ssl_flush_output( ssl ) ) != 0 )
- break;
-
- switch( ssl->state )
- {
- case SSL_HELLO_REQUEST:
- ssl->state = SSL_CLIENT_HELLO;
- break;
-
- /*
- * ==> ClientHello
- */
- case SSL_CLIENT_HELLO:
- ret = ssl_write_client_hello( ssl );
- break;
-
- /*
- * <== ServerHello
- * Certificate
- * ( ServerKeyExchange )
- * ( CertificateRequest )
- * ServerHelloDone
- */
- case SSL_SERVER_HELLO:
- ret = ssl_parse_server_hello( ssl );
- break;
-
- case SSL_SERVER_CERTIFICATE:
- ret = ssl_parse_certificate( ssl );
- break;
-
- case SSL_SERVER_KEY_EXCHANGE:
- ret = ssl_parse_server_key_exchange( ssl );
- break;
-
- case SSL_CERTIFICATE_REQUEST:
- ret = ssl_parse_certificate_request( ssl );
- break;
-
- case SSL_SERVER_HELLO_DONE:
- ret = ssl_parse_server_hello_done( ssl );
- break;
-
- /*
- * ==> ( Certificate/Alert )
- * ClientKeyExchange
- * ( CertificateVerify )
- * ChangeCipherSpec
- * Finished
- */
- case SSL_CLIENT_CERTIFICATE:
- ret = ssl_write_certificate( ssl );
- break;
-
- case SSL_CLIENT_KEY_EXCHANGE:
- ret = ssl_write_client_key_exchange( ssl );
- break;
-
- case SSL_CERTIFICATE_VERIFY:
- ret = ssl_write_certificate_verify( ssl );
- break;
-
- case SSL_CLIENT_CHANGE_CIPHER_SPEC:
- ret = ssl_write_change_cipher_spec( ssl );
- break;
-
- case SSL_CLIENT_FINISHED:
- ret = ssl_write_finished( ssl );
- break;
-
- /*
- * <== ChangeCipherSpec
- * Finished
- */
- case SSL_SERVER_CHANGE_CIPHER_SPEC:
- ret = ssl_parse_change_cipher_spec( ssl );
- break;
-
- case SSL_SERVER_FINISHED:
- ret = ssl_parse_finished( ssl );
- break;
-
- case SSL_FLUSH_BUFFERS:
- SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
- ssl->state = SSL_HANDSHAKE_OVER;
- break;
-
- default:
- SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- }
-
- if( ret != 0 )
- break;
- }
-
- SSL_DEBUG_MSG( 2, ( "<= handshake client" ) );
-
- return( ret );
-}
-
-#endif
+++ /dev/null
-/*
- * SSLv3/TLSv1 server-side functions
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_SSL_SRV_C)
-
-#include "polarssl/debug.h"
-#include "polarssl/ssl.h"
-
-#if defined(POLARSSL_PKCS11_C)
-#include "polarssl/pkcs11.h"
-#endif /* defined(POLARSSL_PKCS11_C) */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <time.h>
-
-static int ssl_parse_client_hello( ssl_context *ssl )
-{
- int ret;
- unsigned int i, j;
- size_t n;
- unsigned int ciph_len, sess_len;
- unsigned int chal_len, comp_len;
- unsigned char *buf, *p;
-
- SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
-
- if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
- return( ret );
- }
-
- buf = ssl->in_hdr;
-
- if( ( buf[0] & 0x80 ) != 0 )
- {
- SSL_DEBUG_BUF( 4, "record header", buf, 5 );
-
- SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d",
- buf[2] ) );
- SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d",
- ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
- SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]",
- buf[3], buf[4] ) );
-
- /*
- * SSLv2 Client Hello
- *
- * Record layer:
- * 0 . 1 message length
- *
- * SSL layer:
- * 2 . 2 message type
- * 3 . 4 protocol version
- */
- if( buf[2] != SSL_HS_CLIENT_HELLO ||
- buf[3] != SSL_MAJOR_VERSION_3 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
-
- if( n < 17 || n > 512 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- ssl->max_major_ver = buf[3];
- ssl->max_minor_ver = buf[4];
-
- ssl->major_ver = SSL_MAJOR_VERSION_3;
- ssl->minor_ver = ( buf[4] <= SSL_MINOR_VERSION_2 )
- ? buf[4] : SSL_MINOR_VERSION_2;
-
- if( ( ret = ssl_fetch_input( ssl, 2 + n ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
- return( ret );
- }
-
- md5_update( &ssl->fin_md5 , buf + 2, n );
- sha1_update( &ssl->fin_sha1, buf + 2, n );
-
- buf = ssl->in_msg;
- n = ssl->in_left - 5;
-
- /*
- * 0 . 1 ciphersuitelist length
- * 2 . 3 session id length
- * 4 . 5 challenge length
- * 6 . .. ciphersuitelist
- * .. . .. session id
- * .. . .. challenge
- */
- SSL_DEBUG_BUF( 4, "record contents", buf, n );
-
- ciph_len = ( buf[0] << 8 ) | buf[1];
- sess_len = ( buf[2] << 8 ) | buf[3];
- chal_len = ( buf[4] << 8 ) | buf[5];
-
- SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
- ciph_len, sess_len, chal_len ) );
-
- /*
- * Make sure each parameter length is valid
- */
- if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- if( sess_len > 32 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- if( chal_len < 8 || chal_len > 32 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- if( n != 6 + ciph_len + sess_len + chal_len )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
- buf + 6, ciph_len );
- SSL_DEBUG_BUF( 3, "client hello, session id",
- buf + 6 + ciph_len, sess_len );
- SSL_DEBUG_BUF( 3, "client hello, challenge",
- buf + 6 + ciph_len + sess_len, chal_len );
-
- p = buf + 6 + ciph_len;
- ssl->session->length = sess_len;
- memset( ssl->session->id, 0, sizeof( ssl->session->id ) );
- memcpy( ssl->session->id, p, ssl->session->length );
-
- p += sess_len;
- memset( ssl->randbytes, 0, 64 );
- memcpy( ssl->randbytes + 32 - chal_len, p, chal_len );
-
- for( i = 0; ssl->ciphersuites[i] != 0; i++ )
- {
- for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
- {
- if( p[0] == 0 &&
- p[1] == 0 &&
- p[2] == ssl->ciphersuites[i] )
- goto have_ciphersuite;
- }
- }
- }
- else
- {
- SSL_DEBUG_BUF( 4, "record header", buf, 5 );
-
- SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d",
- buf[0] ) );
- SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d",
- ( buf[3] << 8 ) | buf[4] ) );
- SSL_DEBUG_MSG( 3, ( "client hello v3, protocol ver: [%d:%d]",
- buf[1], buf[2] ) );
-
- /*
- * SSLv3 Client Hello
- *
- * Record layer:
- * 0 . 0 message type
- * 1 . 2 protocol version
- * 3 . 4 message length
- */
- if( buf[0] != SSL_MSG_HANDSHAKE ||
- buf[1] != SSL_MAJOR_VERSION_3 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- n = ( buf[3] << 8 ) | buf[4];
-
- if( n < 45 || n > 512 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- if( ( ret = ssl_fetch_input( ssl, 5 + n ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
- return( ret );
- }
-
- buf = ssl->in_msg;
- n = ssl->in_left - 5;
-
- md5_update( &ssl->fin_md5 , buf, n );
- sha1_update( &ssl->fin_sha1, buf, n );
-
- /*
- * SSL layer:
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 5 protocol version
- * 6 . 9 UNIX time()
- * 10 . 37 random bytes
- * 38 . 38 session id length
- * 39 . 38+x session id
- * 39+x . 40+x ciphersuitelist length
- * 41+x . .. ciphersuitelist
- * .. . .. compression alg.
- * .. . .. extensions
- */
- SSL_DEBUG_BUF( 4, "record contents", buf, n );
-
- SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d",
- buf[0] ) );
- SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
- ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
- SSL_DEBUG_MSG( 3, ( "client hello v3, max. version: [%d:%d]",
- buf[4], buf[5] ) );
-
- /*
- * Check the handshake type and protocol version
- */
- if( buf[0] != SSL_HS_CLIENT_HELLO ||
- buf[4] != SSL_MAJOR_VERSION_3 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- ssl->major_ver = SSL_MAJOR_VERSION_3;
- ssl->minor_ver = ( buf[5] <= SSL_MINOR_VERSION_2 )
- ? buf[5] : SSL_MINOR_VERSION_2;
-
- ssl->max_major_ver = buf[4];
- ssl->max_minor_ver = buf[5];
-
- memcpy( ssl->randbytes, buf + 6, 32 );
-
- /*
- * Check the handshake message length
- */
- if( buf[1] != 0 || n != (unsigned int) 4 + ( ( buf[2] << 8 ) | buf[3] ) )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- /*
- * Check the session length
- */
- sess_len = buf[38];
-
- if( sess_len > 32 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- ssl->session->length = sess_len;
- memset( ssl->session->id, 0, sizeof( ssl->session->id ) );
- memcpy( ssl->session->id, buf + 39 , ssl->session->length );
-
- /*
- * Check the ciphersuitelist length
- */
- ciph_len = ( buf[39 + sess_len] << 8 )
- | ( buf[40 + sess_len] );
-
- if( ciph_len < 2 || ciph_len > 256 || ( ciph_len % 2 ) != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- /*
- * Check the compression algorithms length
- */
- comp_len = buf[41 + sess_len + ciph_len];
-
- if( comp_len < 1 || comp_len > 16 )
- {
- SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- SSL_DEBUG_BUF( 3, "client hello, random bytes",
- buf + 6, 32 );
- SSL_DEBUG_BUF( 3, "client hello, session id",
- buf + 38, sess_len );
- SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
- buf + 41 + sess_len, ciph_len );
- SSL_DEBUG_BUF( 3, "client hello, compression",
- buf + 42 + sess_len + ciph_len, comp_len );
-
- /*
- * Search for a matching ciphersuite
- */
- for( i = 0; ssl->ciphersuites[i] != 0; i++ )
- {
- for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
- j += 2, p += 2 )
- {
- if( p[0] == 0 && p[1] == ssl->ciphersuites[i] )
- goto have_ciphersuite;
- }
- }
- }
-
- SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-
- return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
-
-have_ciphersuite:
-
- ssl->session->ciphersuite = ssl->ciphersuites[i];
- ssl->in_left = 0;
- ssl->state++;
-
- SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
-
- return( 0 );
-}
-
-static int ssl_write_server_hello( ssl_context *ssl )
-{
- time_t t;
- int ret, n;
- unsigned char *buf, *p;
-
- SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
-
- /*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 5 protocol version
- * 6 . 9 UNIX time()
- * 10 . 37 random bytes
- */
- buf = ssl->out_msg;
- p = buf + 4;
-
- *p++ = (unsigned char) ssl->major_ver;
- *p++ = (unsigned char) ssl->minor_ver;
-
- SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
- buf[4], buf[5] ) );
-
- t = time( NULL );
- *p++ = (unsigned char)( t >> 24 );
- *p++ = (unsigned char)( t >> 16 );
- *p++ = (unsigned char)( t >> 8 );
- *p++ = (unsigned char)( t );
-
- SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
-
- if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
- return( ret );
-
- p += 28;
-
- memcpy( ssl->randbytes + 32, buf + 6, 32 );
-
- SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
-
- /*
- * 38 . 38 session id length
- * 39 . 38+n session id
- * 39+n . 40+n chosen ciphersuite
- * 41+n . 41+n chosen compression alg.
- */
- ssl->session->length = n = 32;
- *p++ = (unsigned char) ssl->session->length;
-
- if( ssl->s_get == NULL ||
- ssl->s_get( ssl ) != 0 )
- {
- /*
- * Not found, create a new session id
- */
- ssl->resume = 0;
- ssl->state++;
-
- if( ssl->session == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "No session struct set" ) );
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- }
-
- if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session->id, n ) ) != 0 )
- return( ret );
- }
- else
- {
- /*
- * Found a matching session, resume it
- */
- ssl->resume = 1;
- ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
-
- if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
- return( ret );
- }
- }
-
- memcpy( p, ssl->session->id, ssl->session->length );
- p += ssl->session->length;
-
- SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
- SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
- SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
- ssl->resume ? "a" : "no" ) );
-
- *p++ = (unsigned char)( ssl->session->ciphersuite >> 8 );
- *p++ = (unsigned char)( ssl->session->ciphersuite );
- *p++ = SSL_COMPRESS_NULL;
-
- SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d",
- ssl->session->ciphersuite ) );
- SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", 0 ) );
-
- ssl->out_msglen = p - buf;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_SERVER_HELLO;
-
- ret = ssl_write_record( ssl );
-
- SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
-
- return( ret );
-}
-
-static int ssl_write_certificate_request( ssl_context *ssl )
-{
- int ret;
- size_t n;
- unsigned char *buf, *p;
- const x509_cert *crt;
-
- SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
-
- ssl->state++;
-
- if( ssl->authmode == SSL_VERIFY_NONE )
- {
- SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
- return( 0 );
- }
-
- /*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 4 cert type count
- * 5 .. n-1 cert types
- * n .. n+1 length of all DNs
- * n+2 .. n+3 length of DN 1
- * n+4 .. ... Distinguished Name #1
- * ... .. ... length of DN 2, etc.
- */
- buf = ssl->out_msg;
- p = buf + 4;
-
- /*
- * At the moment, only RSA certificates are supported
- */
- *p++ = 1;
- *p++ = 1;
-
- p += 2;
- crt = ssl->ca_chain;
-
- while( crt != NULL )
- {
- if( p - buf > 4096 )
- break;
-
- n = crt->subject_raw.len;
- *p++ = (unsigned char)( n >> 8 );
- *p++ = (unsigned char)( n );
- memcpy( p, crt->subject_raw.p, n );
-
- SSL_DEBUG_BUF( 3, "requested DN", p, n );
- p += n; crt = crt->next;
- }
-
- ssl->out_msglen = n = p - buf;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_CERTIFICATE_REQUEST;
- ssl->out_msg[6] = (unsigned char)( ( n - 8 ) >> 8 );
- ssl->out_msg[7] = (unsigned char)( ( n - 8 ) );
-
- ret = ssl_write_record( ssl );
-
- SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
-
- return( ret );
-}
-
-static int ssl_write_server_key_exchange( ssl_context *ssl )
-{
-#if defined(POLARSSL_DHM_C)
- int ret;
- size_t n, rsa_key_len = 0;
- unsigned char hash[36];
- md5_context md5;
- sha1_context sha1;
-#endif
-
- SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
-
- if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
- ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
- {
- SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
- ssl->state++;
- return( 0 );
- }
-
-#if !defined(POLARSSL_DHM_C)
- SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-#else
-
- if( ssl->rsa_key == NULL )
- {
-#if defined(POLARSSL_PKCS11_C)
- if( ssl->pkcs11_key == NULL )
- {
-#endif /* defined(POLARSSL_PKCS11_C) */
- SSL_DEBUG_MSG( 1, ( "got no private key" ) );
- return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
-#if defined(POLARSSL_PKCS11_C)
- }
-#endif /* defined(POLARSSL_PKCS11_C) */
- }
-
- /*
- * Ephemeral DH parameters:
- *
- * struct {
- * opaque dh_p<1..2^16-1>;
- * opaque dh_g<1..2^16-1>;
- * opaque dh_Ys<1..2^16-1>;
- * } ServerDHParams;
- */
- if( ( ret = dhm_make_params( &ssl->dhm_ctx, 256, ssl->out_msg + 4,
- &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "dhm_make_params", ret );
- return( ret );
- }
-
- SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->dhm_ctx.X );
- SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->dhm_ctx.P );
- SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->dhm_ctx.G );
- SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->dhm_ctx.GX );
-
- /*
- * digitally-signed struct {
- * opaque md5_hash[16];
- * opaque sha_hash[20];
- * };
- *
- * md5_hash
- * MD5(ClientHello.random + ServerHello.random
- * + ServerParams);
- * sha_hash
- * SHA(ClientHello.random + ServerHello.random
- * + ServerParams);
- */
- md5_starts( &md5 );
- md5_update( &md5, ssl->randbytes, 64 );
- md5_update( &md5, ssl->out_msg + 4, n );
- md5_finish( &md5, hash );
-
- sha1_starts( &sha1 );
- sha1_update( &sha1, ssl->randbytes, 64 );
- sha1_update( &sha1, ssl->out_msg + 4, n );
- sha1_finish( &sha1, hash + 16 );
-
- SSL_DEBUG_BUF( 3, "parameters hash", hash, 36 );
-
- if ( ssl->rsa_key )
- rsa_key_len = ssl->rsa_key->len;
-#if defined(POLARSSL_PKCS11_C)
- else
- rsa_key_len = ssl->pkcs11_key->len;
-#endif /* defined(POLARSSL_PKCS11_C) */
-
- ssl->out_msg[4 + n] = (unsigned char)( rsa_key_len >> 8 );
- ssl->out_msg[5 + n] = (unsigned char)( rsa_key_len );
-
- if ( ssl->rsa_key )
- {
- ret = rsa_pkcs1_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng,
- RSA_PRIVATE,
- SIG_RSA_RAW, 36, hash, ssl->out_msg + 6 + n );
- }
-#if defined(POLARSSL_PKCS11_C)
- else {
- ret = pkcs11_sign( ssl->pkcs11_key, RSA_PRIVATE,
- SIG_RSA_RAW, 36, hash, ssl->out_msg + 6 + n );
- }
-#endif /* defined(POLARSSL_PKCS11_C) */
-
- if( ret != 0 )
- {
- SSL_DEBUG_RET( 1, "pkcs1_sign", ret );
- return( ret );
- }
-
- SSL_DEBUG_BUF( 3, "my RSA sig", ssl->out_msg + 6 + n, rsa_key_len );
-
- ssl->out_msglen = 6 + n + rsa_key_len;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_SERVER_KEY_EXCHANGE;
-
- ssl->state++;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) );
-
- return( 0 );
-#endif
-}
-
-static int ssl_write_server_hello_done( ssl_context *ssl )
-{
- int ret;
-
- SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) );
-
- ssl->out_msglen = 4;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_SERVER_HELLO_DONE;
-
- ssl->state++;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
-
- return( 0 );
-}
-
-static int ssl_parse_client_key_exchange( ssl_context *ssl )
-{
- int ret;
- size_t i, n = 0;
-
- SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
-
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
- }
-
- if( ssl->in_msg[0] != SSL_HS_CLIENT_KEY_EXCHANGE )
- {
- SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
- }
-
- if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
- {
-#if !defined(POLARSSL_DHM_C)
- SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-#else
- /*
- * Receive G^Y mod P, premaster = (G^Y)^X mod P
- */
- n = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
-
- if( n < 1 || n > ssl->dhm_ctx.len ||
- n + 6 != ssl->in_hslen )
- {
- SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
- }
-
- if( ( ret = dhm_read_public( &ssl->dhm_ctx,
- ssl->in_msg + 6, n ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "dhm_read_public", ret );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP );
- }
-
- SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->dhm_ctx.GY );
-
- ssl->pmslen = ssl->dhm_ctx.len;
-
- if( ( ret = dhm_calc_secret( &ssl->dhm_ctx,
- ssl->premaster, &ssl->pmslen ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS );
- }
-
- SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->dhm_ctx.K );
-#endif
- }
- else
- {
- if( ssl->rsa_key == NULL )
- {
-#if defined(POLARSSL_PKCS11_C)
- if( ssl->pkcs11_key == NULL )
- {
-#endif
- SSL_DEBUG_MSG( 1, ( "got no private key" ) );
- return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
-#if defined(POLARSSL_PKCS11_C)
- }
-#endif
- }
-
- /*
- * Decrypt the premaster using own private RSA key
- */
- i = 4;
- if( ssl->rsa_key )
- n = ssl->rsa_key->len;
-#if defined(POLARSSL_PKCS11_C)
- else
- n = ssl->pkcs11_key->len;
-#endif
- ssl->pmslen = 48;
-
- if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
- {
- i += 2;
- if( ssl->in_msg[4] != ( ( n >> 8 ) & 0xFF ) ||
- ssl->in_msg[5] != ( ( n ) & 0xFF ) )
- {
- SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
- }
- }
-
- if( ssl->in_hslen != i + n )
- {
- SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
- }
-
- if( ssl->rsa_key ) {
- ret = rsa_pkcs1_decrypt( ssl->rsa_key, RSA_PRIVATE, &ssl->pmslen,
- ssl->in_msg + i, ssl->premaster,
- sizeof(ssl->premaster) );
- }
-#if defined(POLARSSL_PKCS11_C)
- else {
- ret = pkcs11_decrypt( ssl->pkcs11_key, RSA_PRIVATE, &ssl->pmslen,
- ssl->in_msg + i, ssl->premaster,
- sizeof(ssl->premaster) );
- }
-#endif /* defined(POLARSSL_PKCS11_C) */
-
- if( ret != 0 || ssl->pmslen != 48 ||
- ssl->premaster[0] != ssl->max_major_ver ||
- ssl->premaster[1] != ssl->max_minor_ver )
- {
- SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-
- /*
- * Protection against Bleichenbacher's attack:
- * invalid PKCS#1 v1.5 padding must not cause
- * the connection to end immediately; instead,
- * send a bad_record_mac later in the handshake.
- */
- ssl->pmslen = 48;
-
- ret = ssl->f_rng( ssl->p_rng, ssl->premaster, ssl->pmslen );
- if( ret != 0 )
- return( ret );
- }
- }
-
- if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
- return( ret );
- }
-
- if( ssl->s_set != NULL )
- ssl->s_set( ssl );
-
- ssl->state++;
-
- SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) );
-
- return( 0 );
-}
-
-static int ssl_parse_certificate_verify( ssl_context *ssl )
-{
- int ret;
- size_t n1, n2;
- unsigned char hash[36];
-
- SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
-
- if( ssl->peer_cert == NULL )
- {
- SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
- ssl->state++;
- return( 0 );
- }
-
- ssl_calc_verify( ssl, hash );
-
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- ssl->state++;
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
- }
-
- if( ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
- }
-
- n1 = ssl->peer_cert->rsa.len;
- n2 = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
-
- if( n1 + 6 != ssl->in_hslen || n1 != n2 )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
- }
-
- ret = rsa_pkcs1_verify( &ssl->peer_cert->rsa, RSA_PUBLIC,
- SIG_RSA_RAW, 36, hash, ssl->in_msg + 6 );
- if( ret != 0 )
- {
- SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
-
- return( 0 );
-}
-
-/*
- * SSL handshake -- server side
- */
-int ssl_handshake_server( ssl_context *ssl )
-{
- int ret = 0;
-
- SSL_DEBUG_MSG( 2, ( "=> handshake server" ) );
-
- while( ssl->state != SSL_HANDSHAKE_OVER )
- {
- SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
-
- if( ( ret = ssl_flush_output( ssl ) ) != 0 )
- break;
-
- switch( ssl->state )
- {
- case SSL_HELLO_REQUEST:
- ssl->state = SSL_CLIENT_HELLO;
- break;
-
- /*
- * <== ClientHello
- */
- case SSL_CLIENT_HELLO:
- ret = ssl_parse_client_hello( ssl );
- break;
-
- /*
- * ==> ServerHello
- * Certificate
- * ( ServerKeyExchange )
- * ( CertificateRequest )
- * ServerHelloDone
- */
- case SSL_SERVER_HELLO:
- ret = ssl_write_server_hello( ssl );
- break;
-
- case SSL_SERVER_CERTIFICATE:
- ret = ssl_write_certificate( ssl );
- break;
-
- case SSL_SERVER_KEY_EXCHANGE:
- ret = ssl_write_server_key_exchange( ssl );
- break;
-
- case SSL_CERTIFICATE_REQUEST:
- ret = ssl_write_certificate_request( ssl );
- break;
-
- case SSL_SERVER_HELLO_DONE:
- ret = ssl_write_server_hello_done( ssl );
- break;
-
- /*
- * <== ( Certificate/Alert )
- * ClientKeyExchange
- * ( CertificateVerify )
- * ChangeCipherSpec
- * Finished
- */
- case SSL_CLIENT_CERTIFICATE:
- ret = ssl_parse_certificate( ssl );
- break;
-
- case SSL_CLIENT_KEY_EXCHANGE:
- ret = ssl_parse_client_key_exchange( ssl );
- break;
-
- case SSL_CERTIFICATE_VERIFY:
- ret = ssl_parse_certificate_verify( ssl );
- break;
-
- case SSL_CLIENT_CHANGE_CIPHER_SPEC:
- ret = ssl_parse_change_cipher_spec( ssl );
- break;
-
- case SSL_CLIENT_FINISHED:
- ret = ssl_parse_finished( ssl );
- break;
-
- /*
- * ==> ChangeCipherSpec
- * Finished
- */
- case SSL_SERVER_CHANGE_CIPHER_SPEC:
- ret = ssl_write_change_cipher_spec( ssl );
- break;
-
- case SSL_SERVER_FINISHED:
- ret = ssl_write_finished( ssl );
- break;
-
- case SSL_FLUSH_BUFFERS:
- SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
- ssl->state = SSL_HANDSHAKE_OVER;
- break;
-
- default:
- SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- }
-
- if( ret != 0 )
- break;
- }
-
- SSL_DEBUG_MSG( 2, ( "<= handshake server" ) );
-
- return( ret );
-}
-
-#endif
+++ /dev/null
-/*
- * SSLv3/TLSv1 shared functions
- *
- * Copyright (C) 2006-2010, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * The SSL 3.0 specification was drafted by Netscape in 1996,
- * and became an IETF standard in 1999.
- *
- * http://wp.netscape.com/eng/ssl3/
- * http://www.ietf.org/rfc/rfc2246.txt
- * http://www.ietf.org/rfc/rfc4346.txt
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_SSL_TLS_C)
-
-#include "polarssl/aes.h"
-#include "polarssl/arc4.h"
-#include "polarssl/camellia.h"
-#include "polarssl/des.h"
-#include "polarssl/debug.h"
-#include "polarssl/ssl.h"
-
-#include <stdlib.h>
-#include <time.h>
-
-#if defined _MSC_VER && !defined strcasecmp
-#define strcasecmp _stricmp
-#endif
-
-/*
- * Key material generation
- */
-static int tls1_prf( unsigned char *secret, size_t slen, char *label,
- unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
-{
- size_t nb, hs;
- size_t i, j, k;
- unsigned char *S1, *S2;
- unsigned char tmp[128];
- unsigned char h_i[20];
-
- if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
- hs = ( slen + 1 ) / 2;
- S1 = secret;
- S2 = secret + slen - hs;
-
- nb = strlen( label );
- memcpy( tmp + 20, label, nb );
- memcpy( tmp + 20 + nb, random, rlen );
- nb += rlen;
-
- /*
- * First compute P_md5(secret,label+random)[0..dlen]
- */
- md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
-
- for( i = 0; i < dlen; i += 16 )
- {
- md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
- md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
-
- k = ( i + 16 > dlen ) ? dlen % 16 : 16;
-
- for( j = 0; j < k; j++ )
- dstbuf[i + j] = h_i[j];
- }
-
- /*
- * XOR out with P_sha1(secret,label+random)[0..dlen]
- */
- sha1_hmac( S2, hs, tmp + 20, nb, tmp );
-
- for( i = 0; i < dlen; i += 20 )
- {
- sha1_hmac( S2, hs, tmp, 20 + nb, h_i );
- sha1_hmac( S2, hs, tmp, 20, tmp );
-
- k = ( i + 20 > dlen ) ? dlen % 20 : 20;
-
- for( j = 0; j < k; j++ )
- dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
- }
-
- memset( tmp, 0, sizeof( tmp ) );
- memset( h_i, 0, sizeof( h_i ) );
-
- return( 0 );
-}
-
-int ssl_derive_keys( ssl_context *ssl )
-{
- int i;
- md5_context md5;
- sha1_context sha1;
- unsigned char tmp[64];
- unsigned char padding[16];
- unsigned char sha1sum[20];
- unsigned char keyblk[256];
- unsigned char *key1;
- unsigned char *key2;
-
- SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
-
- /*
- * SSLv3:
- * master =
- * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) +
- * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) +
- * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
- *
- * TLSv1:
- * master = PRF( premaster, "master secret", randbytes )[0..47]
- */
- if( ssl->resume == 0 )
- {
- size_t len = ssl->pmslen;
-
- SSL_DEBUG_BUF( 3, "premaster secret", ssl->premaster, len );
-
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- for( i = 0; i < 3; i++ )
- {
- memset( padding, 'A' + i, 1 + i );
-
- sha1_starts( &sha1 );
- sha1_update( &sha1, padding, 1 + i );
- sha1_update( &sha1, ssl->premaster, len );
- sha1_update( &sha1, ssl->randbytes, 64 );
- sha1_finish( &sha1, sha1sum );
-
- md5_starts( &md5 );
- md5_update( &md5, ssl->premaster, len );
- md5_update( &md5, sha1sum, 20 );
- md5_finish( &md5, ssl->session->master + i * 16 );
- }
- }
- else
- tls1_prf( ssl->premaster, len, "master secret",
- ssl->randbytes, 64, ssl->session->master, 48 );
-
- memset( ssl->premaster, 0, sizeof( ssl->premaster ) );
- }
- else
- SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
-
- /*
- * Swap the client and server random values.
- */
- memcpy( tmp, ssl->randbytes, 64 );
- memcpy( ssl->randbytes, tmp + 32, 32 );
- memcpy( ssl->randbytes + 32, tmp, 32 );
- memset( tmp, 0, sizeof( tmp ) );
-
- /*
- * SSLv3:
- * key block =
- * MD5( master + SHA1( 'A' + master + randbytes ) ) +
- * MD5( master + SHA1( 'BB' + master + randbytes ) ) +
- * MD5( master + SHA1( 'CCC' + master + randbytes ) ) +
- * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
- * ...
- *
- * TLSv1:
- * key block = PRF( master, "key expansion", randbytes )
- */
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- for( i = 0; i < 16; i++ )
- {
- memset( padding, 'A' + i, 1 + i );
-
- sha1_starts( &sha1 );
- sha1_update( &sha1, padding, 1 + i );
- sha1_update( &sha1, ssl->session->master, 48 );
- sha1_update( &sha1, ssl->randbytes, 64 );
- sha1_finish( &sha1, sha1sum );
-
- md5_starts( &md5 );
- md5_update( &md5, ssl->session->master, 48 );
- md5_update( &md5, sha1sum, 20 );
- md5_finish( &md5, keyblk + i * 16 );
- }
-
- memset( &md5, 0, sizeof( md5 ) );
- memset( &sha1, 0, sizeof( sha1 ) );
-
- memset( padding, 0, sizeof( padding ) );
- memset( sha1sum, 0, sizeof( sha1sum ) );
- }
- else
- tls1_prf( ssl->session->master, 48, "key expansion",
- ssl->randbytes, 64, keyblk, 256 );
-
- SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", ssl_get_ciphersuite( ssl ) ) );
- SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 );
- SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 );
- SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
-
- memset( ssl->randbytes, 0, sizeof( ssl->randbytes ) );
-
- /*
- * Determine the appropriate key, IV and MAC length.
- */
- switch( ssl->session->ciphersuite )
- {
-#if defined(POLARSSL_ARC4_C)
- case SSL_RSA_RC4_128_MD5:
- ssl->keylen = 16; ssl->minlen = 16;
- ssl->ivlen = 0; ssl->maclen = 16;
- break;
-
- case SSL_RSA_RC4_128_SHA:
- ssl->keylen = 16; ssl->minlen = 20;
- ssl->ivlen = 0; ssl->maclen = 20;
- break;
-#endif
-
-#if defined(POLARSSL_DES_C)
- case SSL_RSA_DES_168_SHA:
- case SSL_EDH_RSA_DES_168_SHA:
- ssl->keylen = 24; ssl->minlen = 24;
- ssl->ivlen = 8; ssl->maclen = 20;
- break;
-#endif
-
-#if defined(POLARSSL_AES_C)
- case SSL_RSA_AES_128_SHA:
- case SSL_EDH_RSA_AES_128_SHA:
- ssl->keylen = 16; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
- break;
-
- case SSL_RSA_AES_256_SHA:
- case SSL_EDH_RSA_AES_256_SHA:
- ssl->keylen = 32; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
- break;
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
- case SSL_RSA_CAMELLIA_128_SHA:
- case SSL_EDH_RSA_CAMELLIA_128_SHA:
- ssl->keylen = 16; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
- break;
-
- case SSL_RSA_CAMELLIA_256_SHA:
- case SSL_EDH_RSA_CAMELLIA_256_SHA:
- ssl->keylen = 32; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
- break;
-#endif
-
- default:
- SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",
- ssl_get_ciphersuite( ssl ) ) );
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
- ssl->keylen, ssl->minlen, ssl->ivlen, ssl->maclen ) );
-
- /*
- * Finally setup the cipher contexts, IVs and MAC secrets.
- */
- if( ssl->endpoint == SSL_IS_CLIENT )
- {
- key1 = keyblk + ssl->maclen * 2;
- key2 = keyblk + ssl->maclen * 2 + ssl->keylen;
-
- memcpy( ssl->mac_enc, keyblk, ssl->maclen );
- memcpy( ssl->mac_dec, keyblk + ssl->maclen, ssl->maclen );
-
- /*
- * This is not used in TLS v1.1.
- */
- memcpy( ssl->iv_enc, key2 + ssl->keylen, ssl->ivlen );
- memcpy( ssl->iv_dec, key2 + ssl->keylen + ssl->ivlen,
- ssl->ivlen );
- }
- else
- {
- key1 = keyblk + ssl->maclen * 2 + ssl->keylen;
- key2 = keyblk + ssl->maclen * 2;
-
- memcpy( ssl->mac_dec, keyblk, ssl->maclen );
- memcpy( ssl->mac_enc, keyblk + ssl->maclen, ssl->maclen );
-
- /*
- * This is not used in TLS v1.1.
- */
- memcpy( ssl->iv_dec, key1 + ssl->keylen, ssl->ivlen );
- memcpy( ssl->iv_enc, key1 + ssl->keylen + ssl->ivlen,
- ssl->ivlen );
- }
-
- switch( ssl->session->ciphersuite )
- {
-#if defined(POLARSSL_ARC4_C)
- case SSL_RSA_RC4_128_MD5:
- case SSL_RSA_RC4_128_SHA:
- arc4_setup( (arc4_context *) ssl->ctx_enc, key1, ssl->keylen );
- arc4_setup( (arc4_context *) ssl->ctx_dec, key2, ssl->keylen );
- break;
-#endif
-
-#if defined(POLARSSL_DES_C)
- case SSL_RSA_DES_168_SHA:
- case SSL_EDH_RSA_DES_168_SHA:
- des3_set3key_enc( (des3_context *) ssl->ctx_enc, key1 );
- des3_set3key_dec( (des3_context *) ssl->ctx_dec, key2 );
- break;
-#endif
-
-#if defined(POLARSSL_AES_C)
- case SSL_RSA_AES_128_SHA:
- case SSL_EDH_RSA_AES_128_SHA:
- aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 );
- aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 );
- break;
-
- case SSL_RSA_AES_256_SHA:
- case SSL_EDH_RSA_AES_256_SHA:
- aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 256 );
- aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 256 );
- break;
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
- case SSL_RSA_CAMELLIA_128_SHA:
- case SSL_EDH_RSA_CAMELLIA_128_SHA:
- camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 );
- camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 );
- break;
-
- case SSL_RSA_CAMELLIA_256_SHA:
- case SSL_EDH_RSA_CAMELLIA_256_SHA:
- camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 256 );
- camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 256 );
- break;
-#endif
-
- default:
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- memset( keyblk, 0, sizeof( keyblk ) );
-
- SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
-
- return( 0 );
-}
-
-void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] )
-{
- md5_context md5;
- sha1_context sha1;
- unsigned char pad_1[48];
- unsigned char pad_2[48];
-
- SSL_DEBUG_MSG( 2, ( "=> calc verify" ) );
-
- memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) );
- memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) );
-
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- memset( pad_1, 0x36, 48 );
- memset( pad_2, 0x5C, 48 );
-
- md5_update( &md5, ssl->session->master, 48 );
- md5_update( &md5, pad_1, 48 );
- md5_finish( &md5, hash );
-
- md5_starts( &md5 );
- md5_update( &md5, ssl->session->master, 48 );
- md5_update( &md5, pad_2, 48 );
- md5_update( &md5, hash, 16 );
- md5_finish( &md5, hash );
-
- sha1_update( &sha1, ssl->session->master, 48 );
- sha1_update( &sha1, pad_1, 40 );
- sha1_finish( &sha1, hash + 16 );
-
- sha1_starts( &sha1 );
- sha1_update( &sha1, ssl->session->master, 48 );
- sha1_update( &sha1, pad_2, 40 );
- sha1_update( &sha1, hash + 16, 20 );
- sha1_finish( &sha1, hash + 16 );
- }
- else /* TLSv1 */
- {
- md5_finish( &md5, hash );
- sha1_finish( &sha1, hash + 16 );
- }
-
- SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
- SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
- return;
-}
-
-/*
- * SSLv3.0 MAC functions
- */
-static void ssl_mac_md5( unsigned char *secret,
- unsigned char *buf, size_t len,
- unsigned char *ctr, int type )
-{
- unsigned char header[11];
- unsigned char padding[48];
- md5_context md5;
-
- memcpy( header, ctr, 8 );
- header[ 8] = (unsigned char) type;
- header[ 9] = (unsigned char)( len >> 8 );
- header[10] = (unsigned char)( len );
-
- memset( padding, 0x36, 48 );
- md5_starts( &md5 );
- md5_update( &md5, secret, 16 );
- md5_update( &md5, padding, 48 );
- md5_update( &md5, header, 11 );
- md5_update( &md5, buf, len );
- md5_finish( &md5, buf + len );
-
- memset( padding, 0x5C, 48 );
- md5_starts( &md5 );
- md5_update( &md5, secret, 16 );
- md5_update( &md5, padding, 48 );
- md5_update( &md5, buf + len, 16 );
- md5_finish( &md5, buf + len );
-}
-
-static void ssl_mac_sha1( unsigned char *secret,
- unsigned char *buf, size_t len,
- unsigned char *ctr, int type )
-{
- unsigned char header[11];
- unsigned char padding[40];
- sha1_context sha1;
-
- memcpy( header, ctr, 8 );
- header[ 8] = (unsigned char) type;
- header[ 9] = (unsigned char)( len >> 8 );
- header[10] = (unsigned char)( len );
-
- memset( padding, 0x36, 40 );
- sha1_starts( &sha1 );
- sha1_update( &sha1, secret, 20 );
- sha1_update( &sha1, padding, 40 );
- sha1_update( &sha1, header, 11 );
- sha1_update( &sha1, buf, len );
- sha1_finish( &sha1, buf + len );
-
- memset( padding, 0x5C, 40 );
- sha1_starts( &sha1 );
- sha1_update( &sha1, secret, 20 );
- sha1_update( &sha1, padding, 40 );
- sha1_update( &sha1, buf + len, 20 );
- sha1_finish( &sha1, buf + len );
-}
-
-/*
- * Encryption/decryption functions
- */
-static int ssl_encrypt_buf( ssl_context *ssl )
-{
- size_t i, padlen;
-
- SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
-
- /*
- * Add MAC then encrypt
- */
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- if( ssl->maclen == 16 )
- ssl_mac_md5( ssl->mac_enc,
- ssl->out_msg, ssl->out_msglen,
- ssl->out_ctr, ssl->out_msgtype );
-
- if( ssl->maclen == 20 )
- ssl_mac_sha1( ssl->mac_enc,
- ssl->out_msg, ssl->out_msglen,
- ssl->out_ctr, ssl->out_msgtype );
- }
- else
- {
- if( ssl->maclen == 16 )
- md5_hmac( ssl->mac_enc, 16,
- ssl->out_ctr, ssl->out_msglen + 13,
- ssl->out_msg + ssl->out_msglen );
-
- if( ssl->maclen == 20 )
- sha1_hmac( ssl->mac_enc, 20,
- ssl->out_ctr, ssl->out_msglen + 13,
- ssl->out_msg + ssl->out_msglen );
- }
-
- SSL_DEBUG_BUF( 4, "computed mac",
- ssl->out_msg + ssl->out_msglen, ssl->maclen );
-
- ssl->out_msglen += ssl->maclen;
-
- for( i = 8; i > 0; i-- )
- if( ++ssl->out_ctr[i - 1] != 0 )
- break;
-
- if( ssl->ivlen == 0 )
- {
-#if defined(POLARSSL_ARC4_C)
- padlen = 0;
-
- SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
- "including %d bytes of padding",
- ssl->out_msglen, 0 ) );
-
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
-
- arc4_crypt( (arc4_context *) ssl->ctx_enc,
- ssl->out_msglen, ssl->out_msg,
- ssl->out_msg );
-#else
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-#endif
- }
- else
- {
- unsigned char *enc_msg;
- size_t enc_msglen;
-
- padlen = ssl->ivlen - ( ssl->out_msglen + 1 ) % ssl->ivlen;
- if( padlen == ssl->ivlen )
- padlen = 0;
-
- for( i = 0; i <= padlen; i++ )
- ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
-
- ssl->out_msglen += padlen + 1;
-
- enc_msglen = ssl->out_msglen;
- enc_msg = ssl->out_msg;
-
- /*
- * Prepend per-record IV for block cipher in TLS v1.1 as per
- * Method 1 (6.2.3.2. in RFC4346)
- */
- if( ssl->minor_ver == SSL_MINOR_VERSION_2 )
- {
- /*
- * Generate IV
- */
- int ret = ssl->f_rng( ssl->p_rng, ssl->iv_enc, ssl->ivlen );
- if( ret != 0 )
- return( ret );
-
- /*
- * Shift message for ivlen bytes and prepend IV
- */
- memmove( ssl->out_msg + ssl->ivlen, ssl->out_msg, ssl->out_msglen );
- memcpy( ssl->out_msg, ssl->iv_enc, ssl->ivlen );
-
- /*
- * Fix pointer positions and message length with added IV
- */
- enc_msg = ssl->out_msg + ssl->ivlen;
- enc_msglen = ssl->out_msglen;
- ssl->out_msglen += ssl->ivlen;
- }
-
- SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
- "including %d bytes of IV and %d bytes of padding",
- ssl->out_msglen, ssl->ivlen, padlen + 1 ) );
-
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
-
- switch( ssl->ivlen )
- {
- case 8:
-#if defined(POLARSSL_DES_C)
- des3_crypt_cbc( (des3_context *) ssl->ctx_enc,
- DES_ENCRYPT, enc_msglen,
- ssl->iv_enc, enc_msg, enc_msg );
- break;
-#endif
-
- case 16:
-#if defined(POLARSSL_AES_C)
- if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
- {
- aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
- AES_ENCRYPT, enc_msglen,
- ssl->iv_enc, enc_msg, enc_msg);
- break;
- }
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
- if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
- {
- camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
- CAMELLIA_ENCRYPT, enc_msglen,
- ssl->iv_enc, enc_msg, enc_msg );
- break;
- }
-#endif
-
- default:
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
- }
- }
-
- SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
-
- return( 0 );
-}
-
-static int ssl_decrypt_buf( ssl_context *ssl )
-{
- size_t i, padlen;
- unsigned char tmp[20];
-
- SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
-
- if( ssl->in_msglen < ssl->minlen )
- {
- SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
- ssl->in_msglen, ssl->minlen ) );
- return( POLARSSL_ERR_SSL_INVALID_MAC );
- }
-
- if( ssl->ivlen == 0 )
- {
-#if defined(POLARSSL_ARC4_C)
- padlen = 0;
- arc4_crypt( (arc4_context *) ssl->ctx_dec,
- ssl->in_msglen, ssl->in_msg,
- ssl->in_msg );
-#else
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-#endif
- }
- else
- {
- unsigned char *dec_msg;
- unsigned char *dec_msg_result;
- size_t dec_msglen;
-
- /*
- * Decrypt and check the padding
- */
- if( ssl->in_msglen % ssl->ivlen != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
- ssl->in_msglen, ssl->ivlen ) );
- return( POLARSSL_ERR_SSL_INVALID_MAC );
- }
-
- dec_msglen = ssl->in_msglen;
- dec_msg = ssl->in_msg;
- dec_msg_result = ssl->in_msg;
-
- /*
- * Initialize for prepended IV for block cipher in TLS v1.1
- */
- if( ssl->minor_ver == SSL_MINOR_VERSION_2 )
- {
- dec_msg += ssl->ivlen;
- dec_msglen -= ssl->ivlen;
- ssl->in_msglen -= ssl->ivlen;
-
- for( i = 0; i < ssl->ivlen; i++ )
- ssl->iv_dec[i] = ssl->in_msg[i];
- }
-
- switch( ssl->ivlen )
- {
-#if defined(POLARSSL_DES_C)
- case 8:
- des3_crypt_cbc( (des3_context *) ssl->ctx_dec,
- DES_DECRYPT, dec_msglen,
- ssl->iv_dec, dec_msg, dec_msg_result );
- break;
-#endif
-
- case 16:
-#if defined(POLARSSL_AES_C)
- if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
- {
- aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
- AES_DECRYPT, dec_msglen,
- ssl->iv_dec, dec_msg, dec_msg_result );
- break;
- }
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
- if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
- {
- camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
- CAMELLIA_DECRYPT, dec_msglen,
- ssl->iv_dec, dec_msg, dec_msg_result );
- break;
- }
-#endif
-
- default:
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
-
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- if( padlen > ssl->ivlen )
- {
- SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
- "should be no more than %d",
- padlen, ssl->ivlen ) );
- padlen = 0;
- }
- }
- else
- {
- /*
- * TLSv1: always check the padding
- */
- for( i = 1; i <= padlen; i++ )
- {
- if( ssl->in_msg[ssl->in_msglen - i] != padlen - 1 )
- {
- SSL_DEBUG_MSG( 1, ( "bad padding byte: should be "
- "%02x, but is %02x", padlen - 1,
- ssl->in_msg[ssl->in_msglen - i] ) );
- padlen = 0;
- }
- }
- }
- }
-
- SSL_DEBUG_BUF( 4, "raw buffer after decryption",
- ssl->in_msg, ssl->in_msglen );
-
- /*
- * Always compute the MAC (RFC4346, CBCTIME).
- */
- if( ssl->in_msglen <= ssl->maclen + padlen )
- {
- SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
- ssl->in_msglen, ssl->maclen, padlen ) );
- return( POLARSSL_ERR_SSL_INVALID_MAC );
- }
-
- ssl->in_msglen -= ( ssl->maclen + padlen );
-
- ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
- ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
-
- memcpy( tmp, ssl->in_msg + ssl->in_msglen, 20 );
-
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- if( ssl->maclen == 16 )
- ssl_mac_md5( ssl->mac_dec,
- ssl->in_msg, ssl->in_msglen,
- ssl->in_ctr, ssl->in_msgtype );
- else
- ssl_mac_sha1( ssl->mac_dec,
- ssl->in_msg, ssl->in_msglen,
- ssl->in_ctr, ssl->in_msgtype );
- }
- else
- {
- if( ssl->maclen == 16 )
- md5_hmac( ssl->mac_dec, 16,
- ssl->in_ctr, ssl->in_msglen + 13,
- ssl->in_msg + ssl->in_msglen );
- else
- sha1_hmac( ssl->mac_dec, 20,
- ssl->in_ctr, ssl->in_msglen + 13,
- ssl->in_msg + ssl->in_msglen );
- }
-
- SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->maclen );
- SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
- ssl->maclen );
-
- if( memcmp( tmp, ssl->in_msg + ssl->in_msglen,
- ssl->maclen ) != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
- return( POLARSSL_ERR_SSL_INVALID_MAC );
- }
-
- /*
- * Finally check the padding length; bad padding
- * will produce the same error as an invalid MAC.
- */
- if( ssl->ivlen != 0 && padlen == 0 )
- return( POLARSSL_ERR_SSL_INVALID_MAC );
-
- if( ssl->in_msglen == 0 )
- {
- ssl->nb_zero++;
-
- /*
- * Three or more empty messages may be a DoS attack
- * (excessive CPU consumption).
- */
- if( ssl->nb_zero > 3 )
- {
- SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
- "messages, possible DoS attack" ) );
- return( POLARSSL_ERR_SSL_INVALID_MAC );
- }
- }
- else
- ssl->nb_zero = 0;
-
- for( i = 8; i > 0; i-- )
- if( ++ssl->in_ctr[i - 1] != 0 )
- break;
-
- SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
-
- return( 0 );
-}
-
-/*
- * Fill the input message buffer
- */
-int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
-{
- int ret;
- size_t len;
-
- SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
-
- while( ssl->in_left < nb_want )
- {
- len = nb_want - ssl->in_left;
- ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len );
-
- SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
- ssl->in_left, nb_want ) );
- SSL_DEBUG_RET( 2, "ssl->f_recv", ret );
-
- if( ret == 0 )
- return( POLARSSL_ERR_SSL_CONN_EOF );
-
- if( ret < 0 )
- return( ret );
-
- ssl->in_left += ret;
- }
-
- SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
-
- return( 0 );
-}
-
-/*
- * Flush any data not yet written
- */
-int ssl_flush_output( ssl_context *ssl )
-{
- int ret;
- unsigned char *buf;
-
- SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
-
- while( ssl->out_left > 0 )
- {
- SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
- 5 + ssl->out_msglen, ssl->out_left ) );
-
- buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left;
- ret = ssl->f_send( ssl->p_send, buf, ssl->out_left );
- SSL_DEBUG_RET( 2, "ssl->f_send", ret );
-
- if( ret <= 0 )
- return( ret );
-
- ssl->out_left -= ret;
- }
-
- SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
-
- return( 0 );
-}
-
-/*
- * Record layer functions
- */
-int ssl_write_record( ssl_context *ssl )
-{
- int ret;
- size_t len = ssl->out_msglen;
-
- SSL_DEBUG_MSG( 2, ( "=> write record" ) );
-
- ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
- ssl->out_hdr[1] = (unsigned char) ssl->major_ver;
- ssl->out_hdr[2] = (unsigned char) ssl->minor_ver;
- ssl->out_hdr[3] = (unsigned char)( len >> 8 );
- ssl->out_hdr[4] = (unsigned char)( len );
-
- if( ssl->out_msgtype == SSL_MSG_HANDSHAKE )
- {
- ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
- ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
- ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
-
- md5_update( &ssl->fin_md5 , ssl->out_msg, len );
- sha1_update( &ssl->fin_sha1, ssl->out_msg, len );
- }
-
- if( ssl->do_crypt != 0 )
- {
- if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
- return( ret );
- }
-
- len = ssl->out_msglen;
- ssl->out_hdr[3] = (unsigned char)( len >> 8 );
- ssl->out_hdr[4] = (unsigned char)( len );
- }
-
- ssl->out_left = 5 + ssl->out_msglen;
-
- SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
- ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
- ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) );
-
- SSL_DEBUG_BUF( 4, "output record sent to network",
- ssl->out_hdr, 5 + ssl->out_msglen );
-
- if( ( ret = ssl_flush_output( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write record" ) );
-
- return( 0 );
-}
-
-int ssl_read_record( ssl_context *ssl )
-{
- int ret;
-
- SSL_DEBUG_MSG( 2, ( "=> read record" ) );
-
- if( ssl->in_hslen != 0 &&
- ssl->in_hslen < ssl->in_msglen )
- {
- /*
- * Get next Handshake message in the current record
- */
- ssl->in_msglen -= ssl->in_hslen;
-
- memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
- ssl->in_msglen );
-
- ssl->in_hslen = 4;
- ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
-
- SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
- " %d, type = %d, hslen = %d",
- ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
-
- if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- if( ssl->in_msglen < ssl->in_hslen )
- {
- SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen );
- sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen );
-
- return( 0 );
- }
-
- ssl->in_hslen = 0;
-
- /*
- * Read the record header and validate it
- */
- if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
- return( ret );
- }
-
- ssl->in_msgtype = ssl->in_hdr[0];
- ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4];
-
- SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
- ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2],
- ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) );
-
- if( ssl->in_hdr[1] != ssl->major_ver )
- {
- SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- if( ssl->in_hdr[2] > ssl->max_minor_ver )
- {
- SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- /*
- * Make sure the message length is acceptable
- */
- if( ssl->do_crypt == 0 )
- {
- if( ssl->in_msglen < 1 ||
- ssl->in_msglen > SSL_MAX_CONTENT_LEN )
- {
- SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
- }
- else
- {
- if( ssl->in_msglen < ssl->minlen )
- {
- SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
- ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN )
- {
- SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- /*
- * TLS encrypted messages can have up to 256 bytes of padding
- */
- if( ssl->minor_ver == SSL_MINOR_VERSION_1 &&
- ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 )
- {
- SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
- }
-
- /*
- * Read and optionally decrypt the message contents
- */
- if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
- return( ret );
- }
-
- SSL_DEBUG_BUF( 4, "input record from network",
- ssl->in_hdr, 5 + ssl->in_msglen );
-
- if( ssl->do_crypt != 0 )
- {
- if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
- return( ret );
- }
-
- SSL_DEBUG_BUF( 4, "input payload after decrypt",
- ssl->in_msg, ssl->in_msglen );
-
- if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
- {
- SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
- }
-
- if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
- {
- ssl->in_hslen = 4;
- ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
-
- SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
- " %d, type = %d, hslen = %d",
- ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
-
- /*
- * Additional checks to validate the handshake header
- */
- if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- if( ssl->in_msglen < ssl->in_hslen )
- {
- SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen );
- sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen );
- }
-
- if( ssl->in_msgtype == SSL_MSG_ALERT )
- {
- SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
- ssl->in_msg[0], ssl->in_msg[1] ) );
-
- /*
- * Ignore non-fatal alerts, except close_notify
- */
- if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
- {
- SSL_DEBUG_MSG( 1, ( "is a fatal alert message" ) );
- /**
- * Subtract from error code as ssl->in_msg[1] is 7-bit positive
- * error identifier.
- */
- return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE - ssl->in_msg[1] );
- }
-
- if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
- ssl->in_msg[1] == SSL_ALERT_MSG_CLOSE_NOTIFY )
- {
- SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
- return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
- }
- }
-
- ssl->in_left = 0;
-
- SSL_DEBUG_MSG( 2, ( "<= read record" ) );
-
- return( 0 );
-}
-
-/*
- * Handshake functions
- */
-int ssl_write_certificate( ssl_context *ssl )
-{
- int ret;
- size_t i, n;
- const x509_cert *crt;
-
- SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
-
- if( ssl->endpoint == SSL_IS_CLIENT )
- {
- if( ssl->client_auth == 0 )
- {
- SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
- ssl->state++;
- return( 0 );
- }
-
- /*
- * If using SSLv3 and got no cert, send an Alert message
- * (otherwise an empty Certificate message will be sent).
- */
- if( ssl->own_cert == NULL &&
- ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- ssl->out_msglen = 2;
- ssl->out_msgtype = SSL_MSG_ALERT;
- ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING;
- ssl->out_msg[1] = SSL_ALERT_MSG_NO_CERT;
-
- SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
- goto write_msg;
- }
- }
- else /* SSL_IS_SERVER */
- {
- if( ssl->own_cert == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
- return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
- }
- }
-
- SSL_DEBUG_CRT( 3, "own certificate", ssl->own_cert );
-
- /*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 6 length of all certs
- * 7 . 9 length of cert. 1
- * 10 . n-1 peer certificate
- * n . n+2 length of cert. 2
- * n+3 . ... upper level cert, etc.
- */
- i = 7;
- crt = ssl->own_cert;
-
- while( crt != NULL )
- {
- n = crt->raw.len;
- if( i + 3 + n > SSL_MAX_CONTENT_LEN )
- {
- SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
- i + 3 + n, SSL_MAX_CONTENT_LEN ) );
- return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
- }
-
- ssl->out_msg[i ] = (unsigned char)( n >> 16 );
- ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
- ssl->out_msg[i + 2] = (unsigned char)( n );
-
- i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
- i += n; crt = crt->next;
- }
-
- ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
- ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
- ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
-
- ssl->out_msglen = i;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_CERTIFICATE;
-
-write_msg:
-
- ssl->state++;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
-
- return( 0 );
-}
-
-int ssl_parse_certificate( ssl_context *ssl )
-{
- int ret;
- size_t i, n;
-
- SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-
- if( ssl->endpoint == SSL_IS_SERVER &&
- ssl->authmode == SSL_VERIFY_NONE )
- {
- ssl->verify_result = BADCERT_SKIP_VERIFY;
- SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
- ssl->state++;
- return( 0 );
- }
-
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- ssl->state++;
-
- /*
- * Check if the client sent an empty certificate
- */
- if( ssl->endpoint == SSL_IS_SERVER &&
- ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- if( ssl->in_msglen == 2 &&
- ssl->in_msgtype == SSL_MSG_ALERT &&
- ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
- ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT )
- {
- SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
-
- ssl->verify_result = BADCERT_MISSING;
- if( ssl->authmode == SSL_VERIFY_OPTIONAL )
- return( 0 );
- else
- return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
- }
- }
-
- if( ssl->endpoint == SSL_IS_SERVER &&
- ssl->minor_ver != SSL_MINOR_VERSION_0 )
- {
- if( ssl->in_hslen == 7 &&
- ssl->in_msgtype == SSL_MSG_HANDSHAKE &&
- ssl->in_msg[0] == SSL_HS_CERTIFICATE &&
- memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
- {
- SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
-
- ssl->verify_result = BADCERT_MISSING;
- if( ssl->authmode == SSL_VERIFY_REQUIRED )
- return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
- else
- return( 0 );
- }
- }
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
- }
-
- /*
- * Same message structure as in ssl_write_certificate()
- */
- n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6];
-
- if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
- }
-
- if( ( ssl->peer_cert = (x509_cert *) malloc(
- sizeof( x509_cert ) ) ) == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
- sizeof( x509_cert ) ) );
- return( POLARSSL_ERR_SSL_MALLOC_FAILED );
- }
-
- memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
-
- i = 7;
-
- while( i < ssl->in_hslen )
- {
- if( ssl->in_msg[i] != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
- }
-
- n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
- | (unsigned int) ssl->in_msg[i + 2];
- i += 3;
-
- if( n < 128 || i + n > ssl->in_hslen )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
- }
-
- ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
- if( ret != 0 )
- {
- SSL_DEBUG_RET( 1, " x509parse_crt", ret );
- return( ret );
- }
-
- i += n;
- }
-
- SSL_DEBUG_CRT( 3, "peer certificate", ssl->peer_cert );
-
- if( ssl->authmode != SSL_VERIFY_NONE )
- {
- if( ssl->ca_chain == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
- return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED );
- }
-
- ret = x509parse_verify( ssl->peer_cert, ssl->ca_chain, ssl->ca_crl,
- ssl->peer_cn, &ssl->verify_result,
- ssl->f_vrfy, ssl->p_vrfy );
-
- if( ret != 0 )
- SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
-
- if( ssl->authmode != SSL_VERIFY_REQUIRED )
- ret = 0;
- }
-
- SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
-
- return( ret );
-}
-
-int ssl_write_change_cipher_spec( ssl_context *ssl )
-{
- int ret;
-
- SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
-
- ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC;
- ssl->out_msglen = 1;
- ssl->out_msg[0] = 1;
-
- ssl->do_crypt = 0;
- ssl->state++;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
-
- return( 0 );
-}
-
-int ssl_parse_change_cipher_spec( ssl_context *ssl )
-{
- int ret;
-
- SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
-
- ssl->do_crypt = 0;
-
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC )
- {
- SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
- {
- SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
- }
-
- ssl->state++;
-
- SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
-
- return( 0 );
-}
-
-static void ssl_calc_finished(
- ssl_context *ssl, unsigned char *buf, int from,
- md5_context *md5, sha1_context *sha1 )
-{
- int len = 12;
- char *sender;
- unsigned char padbuf[48];
- unsigned char md5sum[16];
- unsigned char sha1sum[20];
-
- SSL_DEBUG_MSG( 2, ( "=> calc finished" ) );
-
- /*
- * SSLv3:
- * hash =
- * MD5( master + pad2 +
- * MD5( handshake + sender + master + pad1 ) )
- * + SHA1( master + pad2 +
- * SHA1( handshake + sender + master + pad1 ) )
- *
- * TLSv1:
- * hash = PRF( master, finished_label,
- * MD5( handshake ) + SHA1( handshake ) )[0..11]
- */
-
- SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
- md5->state, sizeof( md5->state ) );
-
- SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
- sha1->state, sizeof( sha1->state ) );
-
- if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
- {
- sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT"
- : (char *) "SRVR";
-
- memset( padbuf, 0x36, 48 );
-
- md5_update( md5, (unsigned char *) sender, 4 );
- md5_update( md5, ssl->session->master, 48 );
- md5_update( md5, padbuf, 48 );
- md5_finish( md5, md5sum );
-
- sha1_update( sha1, (unsigned char *) sender, 4 );
- sha1_update( sha1, ssl->session->master, 48 );
- sha1_update( sha1, padbuf, 40 );
- sha1_finish( sha1, sha1sum );
-
- memset( padbuf, 0x5C, 48 );
-
- md5_starts( md5 );
- md5_update( md5, ssl->session->master, 48 );
- md5_update( md5, padbuf, 48 );
- md5_update( md5, md5sum, 16 );
- md5_finish( md5, buf );
-
- sha1_starts( sha1 );
- sha1_update( sha1, ssl->session->master, 48 );
- sha1_update( sha1, padbuf , 40 );
- sha1_update( sha1, sha1sum, 20 );
- sha1_finish( sha1, buf + 16 );
-
- len += 24;
- }
- else
- {
- sender = ( from == SSL_IS_CLIENT )
- ? (char *) "client finished"
- : (char *) "server finished";
-
- md5_finish( md5, padbuf );
- sha1_finish( sha1, padbuf + 16 );
-
- tls1_prf( ssl->session->master, 48, sender,
- padbuf, 36, buf, len );
- }
-
- SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
-
- memset( md5, 0, sizeof( md5_context ) );
- memset( sha1, 0, sizeof( sha1_context ) );
-
- memset( padbuf, 0, sizeof( padbuf ) );
- memset( md5sum, 0, sizeof( md5sum ) );
- memset( sha1sum, 0, sizeof( sha1sum ) );
-
- SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
-}
-
-int ssl_write_finished( ssl_context *ssl )
-{
- int ret, hash_len;
- md5_context md5;
- sha1_context sha1;
-
- SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
-
- memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) );
- memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) );
-
- ssl_calc_finished( ssl, ssl->out_msg + 4,
- ssl->endpoint, &md5, &sha1 );
-
- hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
-
- ssl->out_msglen = 4 + hash_len;
- ssl->out_msgtype = SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = SSL_HS_FINISHED;
-
- /*
- * In case of session resuming, invert the client and server
- * ChangeCipherSpec messages order.
- */
- if( ssl->resume != 0 )
- {
- if( ssl->endpoint == SSL_IS_CLIENT )
- ssl->state = SSL_HANDSHAKE_OVER;
- else
- ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
- }
- else
- ssl->state++;
-
- ssl->do_crypt = 1;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
-
- return( 0 );
-}
-
-int ssl_parse_finished( ssl_context *ssl )
-{
- int ret;
- unsigned int hash_len;
- unsigned char buf[36];
- md5_context md5;
- sha1_context sha1;
-
- SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
-
- memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) );
- memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) );
-
- ssl->do_crypt = 1;
-
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
-
- if( ssl->in_msg[0] != SSL_HS_FINISHED ||
- ssl->in_hslen != 4 + hash_len )
- {
- SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
- }
-
- ssl_calc_finished( ssl, buf, ssl->endpoint ^ 1, &md5, &sha1 );
-
- if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
- }
-
- if( ssl->resume != 0 )
- {
- if( ssl->endpoint == SSL_IS_CLIENT )
- ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
-
- if( ssl->endpoint == SSL_IS_SERVER )
- ssl->state = SSL_HANDSHAKE_OVER;
- }
- else
- ssl->state++;
-
- SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
-
- return( 0 );
-}
-
-/*
- * Initialize an SSL context
- */
-int ssl_init( ssl_context *ssl )
-{
- int len = SSL_BUFFER_LEN;
-
- memset( ssl, 0, sizeof( ssl_context ) );
-
- ssl->in_ctr = (unsigned char *) malloc( len );
- ssl->in_hdr = ssl->in_ctr + 8;
- ssl->in_msg = ssl->in_ctr + 13;
-
- if( ssl->in_ctr == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
- return( POLARSSL_ERR_SSL_MALLOC_FAILED );
- }
-
- ssl->out_ctr = (unsigned char *) malloc( len );
- ssl->out_hdr = ssl->out_ctr + 8;
- ssl->out_msg = ssl->out_ctr + 13;
-
- if( ssl->out_ctr == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
- free( ssl-> in_ctr );
- return( POLARSSL_ERR_SSL_MALLOC_FAILED );
- }
-
- memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
- memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
-
- ssl->hostname = NULL;
- ssl->hostname_len = 0;
-
- md5_starts( &ssl->fin_md5 );
- sha1_starts( &ssl->fin_sha1 );
-
- return( 0 );
-}
-
-/*
- * Reset an initialized and used SSL context for re-use while retaining
- * all application-set variables, function pointers and data.
- */
-void ssl_session_reset( ssl_context *ssl )
-{
- ssl->state = SSL_HELLO_REQUEST;
-
- ssl->in_offt = NULL;
-
- ssl->in_msgtype = 0;
- ssl->in_msglen = 0;
- ssl->in_left = 0;
-
- ssl->in_hslen = 0;
- ssl->nb_zero = 0;
-
- ssl->out_msgtype = 0;
- ssl->out_msglen = 0;
- ssl->out_left = 0;
-
- ssl->do_crypt = 0;
- ssl->pmslen = 0;
- ssl->keylen = 0;
- ssl->minlen = 0;
- ssl->ivlen = 0;
- ssl->maclen = 0;
-
- memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
- memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
- memset( ssl->randbytes, 0, 64 );
- memset( ssl->premaster, 0, 256 );
- memset( ssl->iv_enc, 0, 16 );
- memset( ssl->iv_dec, 0, 16 );
- memset( ssl->mac_enc, 0, 32 );
- memset( ssl->mac_dec, 0, 32 );
- memset( ssl->ctx_enc, 0, 128 );
- memset( ssl->ctx_dec, 0, 128 );
-
- md5_starts( &ssl->fin_md5 );
- sha1_starts( &ssl->fin_sha1 );
-}
-
-/*
- * SSL set accessors
- */
-void ssl_set_endpoint( ssl_context *ssl, int endpoint )
-{
- ssl->endpoint = endpoint;
-}
-
-void ssl_set_authmode( ssl_context *ssl, int authmode )
-{
- ssl->authmode = authmode;
-}
-
-void ssl_set_verify( ssl_context *ssl,
- int (*f_vrfy)(void *, x509_cert *, int, int),
- void *p_vrfy )
-{
- ssl->f_vrfy = f_vrfy;
- ssl->p_vrfy = p_vrfy;
-}
-
-void ssl_set_rng( ssl_context *ssl,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
-{
- ssl->f_rng = f_rng;
- ssl->p_rng = p_rng;
-}
-
-void ssl_set_dbg( ssl_context *ssl,
- void (*f_dbg)(void *, int, const char *),
- void *p_dbg )
-{
- ssl->f_dbg = f_dbg;
- ssl->p_dbg = p_dbg;
-}
-
-void ssl_set_bio( ssl_context *ssl,
- int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
- int (*f_send)(void *, const unsigned char *, size_t), void *p_send )
-{
- ssl->f_recv = f_recv;
- ssl->f_send = f_send;
- ssl->p_recv = p_recv;
- ssl->p_send = p_send;
-}
-
-void ssl_set_scb( ssl_context *ssl,
- int (*s_get)(ssl_context *),
- int (*s_set)(ssl_context *) )
-{
- ssl->s_get = s_get;
- ssl->s_set = s_set;
-}
-
-void ssl_set_session( ssl_context *ssl, int resume, int timeout,
- ssl_session *session )
-{
- ssl->resume = resume;
- ssl->timeout = timeout;
- ssl->session = session;
-}
-
-void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites )
-{
- ssl->ciphersuites = ciphersuites;
-}
-
-void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
- x509_crl *ca_crl, const char *peer_cn )
-{
- ssl->ca_chain = ca_chain;
- ssl->ca_crl = ca_crl;
- ssl->peer_cn = peer_cn;
-}
-
-void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
- rsa_context *rsa_key )
-{
- ssl->own_cert = own_cert;
- ssl->rsa_key = rsa_key;
-}
-
-#if defined(POLARSSL_PKCS11_C)
-void ssl_set_own_cert_pkcs11( ssl_context *ssl, x509_cert *own_cert,
- pkcs11_context *pkcs11_key )
-{
- ssl->own_cert = own_cert;
- ssl->pkcs11_key = pkcs11_key;
-}
-#endif
-
-int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
-{
- int ret;
-
- if( ( ret = mpi_read_string( &ssl->dhm_ctx.P, 16, dhm_P ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "mpi_read_string", ret );
- return( ret );
- }
-
- if( ( ret = mpi_read_string( &ssl->dhm_ctx.G, 16, dhm_G ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "mpi_read_string", ret );
- return( ret );
- }
-
- return( 0 );
-}
-
-int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx )
-{
- int ret;
-
- if( ( ret = mpi_copy(&ssl->dhm_ctx.P, &dhm_ctx->P) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "mpi_copy", ret );
- return( ret );
- }
-
- if( ( ret = mpi_copy(&ssl->dhm_ctx.G, &dhm_ctx->G) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "mpi_copy", ret );
- return( ret );
- }
-
- return( 0 );
-}
-
-int ssl_set_hostname( ssl_context *ssl, const char *hostname )
-{
- if( hostname == NULL )
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
- ssl->hostname_len = strlen( hostname );
- ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
-
- if( ssl->hostname == NULL )
- return( POLARSSL_ERR_SSL_MALLOC_FAILED );
-
- memcpy( ssl->hostname, (unsigned char *) hostname,
- ssl->hostname_len );
-
- ssl->hostname[ssl->hostname_len] = '\0';
-
- return( 0 );
-}
-
-void ssl_set_max_version( ssl_context *ssl, int major, int minor )
-{
- ssl->max_major_ver = major;
- ssl->max_minor_ver = minor;
-}
-
-/*
- * SSL get accessors
- */
-size_t ssl_get_bytes_avail( const ssl_context *ssl )
-{
- return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
-}
-
-int ssl_get_verify_result( const ssl_context *ssl )
-{
- return( ssl->verify_result );
-}
-
-const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
-{
- switch( ciphersuite_id )
- {
-#if defined(POLARSSL_ARC4_C)
- case SSL_RSA_RC4_128_MD5:
- return( "SSL-RSA-RC4-128-MD5" );
-
- case SSL_RSA_RC4_128_SHA:
- return( "SSL-RSA-RC4-128-SHA" );
-#endif
-
-#if defined(POLARSSL_DES_C)
- case SSL_RSA_DES_168_SHA:
- return( "SSL-RSA-DES-168-SHA" );
-
- case SSL_EDH_RSA_DES_168_SHA:
- return( "SSL-EDH-RSA-DES-168-SHA" );
-#endif
-
-#if defined(POLARSSL_AES_C)
- case SSL_RSA_AES_128_SHA:
- return( "SSL-RSA-AES-128-SHA" );
-
- case SSL_EDH_RSA_AES_128_SHA:
- return( "SSL-EDH-RSA-AES-128-SHA" );
-
- case SSL_RSA_AES_256_SHA:
- return( "SSL-RSA-AES-256-SHA" );
-
- case SSL_EDH_RSA_AES_256_SHA:
- return( "SSL-EDH-RSA-AES-256-SHA" );
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
- case SSL_RSA_CAMELLIA_128_SHA:
- return( "SSL-RSA-CAMELLIA-128-SHA" );
-
- case SSL_EDH_RSA_CAMELLIA_128_SHA:
- return( "SSL-EDH-RSA-CAMELLIA-128-SHA" );
-
- case SSL_RSA_CAMELLIA_256_SHA:
- return( "SSL-RSA-CAMELLIA-256-SHA" );
-
- case SSL_EDH_RSA_CAMELLIA_256_SHA:
- return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
-#endif
-
- default:
- break;
- }
-
- return( "unknown" );
-}
-
-int ssl_get_ciphersuite_id( const char *ciphersuite_name )
-{
-#if defined(POLARSSL_ARC4_C)
- if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-MD5"))
- return( SSL_RSA_RC4_128_MD5 );
- if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-SHA"))
- return( SSL_RSA_RC4_128_SHA );
-#endif
-
-#if defined(POLARSSL_DES_C)
- if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-168-SHA"))
- return( SSL_RSA_DES_168_SHA );
- if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-168-SHA"))
- return( SSL_EDH_RSA_DES_168_SHA );
-#endif
-
-#if defined(POLARSSL_AES_C)
- if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA"))
- return( SSL_RSA_AES_128_SHA );
- if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA"))
- return( SSL_EDH_RSA_AES_128_SHA );
- if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA"))
- return( SSL_RSA_AES_256_SHA );
- if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA"))
- return( SSL_EDH_RSA_AES_256_SHA );
-#endif
-
-#if defined(POLARSSL_CAMELLIA_C)
- if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA"))
- return( SSL_RSA_CAMELLIA_128_SHA );
- if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
- return( SSL_EDH_RSA_CAMELLIA_128_SHA );
- if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA"))
- return( SSL_RSA_CAMELLIA_256_SHA );
- if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
- return( SSL_EDH_RSA_CAMELLIA_256_SHA );
-#endif
-
- return( 0 );
-}
-
-const char *ssl_get_ciphersuite( const ssl_context *ssl )
-{
- return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
-}
-
-const char *ssl_get_version( const ssl_context *ssl )
-{
- switch( ssl->minor_ver )
- {
- case SSL_MINOR_VERSION_0:
- return( "SSLv3.0" );
-
- case SSL_MINOR_VERSION_1:
- return( "TLSv1.0" );
-
- case SSL_MINOR_VERSION_2:
- return( "TLSv1.1" );
-
- default:
- break;
- }
- return( "unknown" );
-}
-
-int ssl_default_ciphersuites[] =
-{
-#if defined(POLARSSL_DHM_C)
-#if defined(POLARSSL_AES_C)
- SSL_EDH_RSA_AES_128_SHA,
- SSL_EDH_RSA_AES_256_SHA,
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
- SSL_EDH_RSA_CAMELLIA_128_SHA,
- SSL_EDH_RSA_CAMELLIA_256_SHA,
-#endif
-#if defined(POLARSSL_DES_C)
- SSL_EDH_RSA_DES_168_SHA,
-#endif
-#endif
-
-#if defined(POLARSSL_AES_C)
- SSL_RSA_AES_256_SHA,
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
- SSL_RSA_CAMELLIA_256_SHA,
-#endif
-#if defined(POLARSSL_AES_C)
- SSL_RSA_AES_128_SHA,
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
- SSL_RSA_CAMELLIA_128_SHA,
-#endif
-#if defined(POLARSSL_DES_C)
- SSL_RSA_DES_168_SHA,
-#endif
-#if defined(POLARSSL_ARC4_C)
- SSL_RSA_RC4_128_SHA,
- SSL_RSA_RC4_128_MD5,
-#endif
- 0
-};
-
-/*
- * Perform the SSL handshake
- */
-int ssl_handshake( ssl_context *ssl )
-{
- int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
-
- SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
-
-#if defined(POLARSSL_SSL_CLI_C)
- if( ssl->endpoint == SSL_IS_CLIENT )
- ret = ssl_handshake_client( ssl );
-#endif
-
-#if defined(POLARSSL_SSL_SRV_C)
- if( ssl->endpoint == SSL_IS_SERVER )
- ret = ssl_handshake_server( ssl );
-#endif
-
- SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
-
- return( ret );
-}
-
-/*
- * Receive application data decrypted from the SSL layer
- */
-int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
-{
- int ret;
- size_t n;
-
- SSL_DEBUG_MSG( 2, ( "=> read" ) );
-
- if( ssl->state != SSL_HANDSHAKE_OVER )
- {
- if( ( ret = ssl_handshake( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_handshake", ret );
- return( ret );
- }
- }
-
- if( ssl->in_offt == NULL )
- {
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_SSL_CONN_EOF )
- return( 0 );
-
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
-
- if( ssl->in_msglen == 0 &&
- ssl->in_msgtype == SSL_MSG_APPLICATION_DATA )
- {
- /*
- * OpenSSL sends empty messages to randomize the IV
- */
- if( ( ret = ssl_read_record( ssl ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_SSL_CONN_EOF )
- return( 0 );
-
- SSL_DEBUG_RET( 1, "ssl_read_record", ret );
- return( ret );
- }
- }
-
- if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
- {
- SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- ssl->in_offt = ssl->in_msg;
- }
-
- n = ( len < ssl->in_msglen )
- ? len : ssl->in_msglen;
-
- memcpy( buf, ssl->in_offt, n );
- ssl->in_msglen -= n;
-
- if( ssl->in_msglen == 0 )
- /* all bytes consumed */
- ssl->in_offt = NULL;
- else
- /* more data available */
- ssl->in_offt += n;
-
- SSL_DEBUG_MSG( 2, ( "<= read" ) );
-
- return( (int) n );
-}
-
-/*
- * Send application data to be encrypted by the SSL layer
- */
-int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
-{
- int ret;
- size_t n;
-
- SSL_DEBUG_MSG( 2, ( "=> write" ) );
-
- if( ssl->state != SSL_HANDSHAKE_OVER )
- {
- if( ( ret = ssl_handshake( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_handshake", ret );
- return( ret );
- }
- }
-
- n = ( len < SSL_MAX_CONTENT_LEN )
- ? len : SSL_MAX_CONTENT_LEN;
-
- if( ssl->out_left != 0 )
- {
- if( ( ret = ssl_flush_output( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
- return( ret );
- }
- }
- else
- {
- ssl->out_msglen = n;
- ssl->out_msgtype = SSL_MSG_APPLICATION_DATA;
- memcpy( ssl->out_msg, buf, n );
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write" ) );
-
- return( (int) n );
-}
-
-/*
- * Notify the peer that the connection is being closed
- */
-int ssl_close_notify( ssl_context *ssl )
-{
- int ret;
-
- SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
-
- if( ( ret = ssl_flush_output( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
- return( ret );
- }
-
- if( ssl->state == SSL_HANDSHAKE_OVER )
- {
- ssl->out_msgtype = SSL_MSG_ALERT;
- ssl->out_msglen = 2;
- ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING;
- ssl->out_msg[1] = SSL_ALERT_MSG_CLOSE_NOTIFY;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
- }
- }
-
- SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
-
- return( ret );
-}
-
-/*
- * Free an SSL context
- */
-void ssl_free( ssl_context *ssl )
-{
- SSL_DEBUG_MSG( 2, ( "=> free" ) );
-
- if( ssl->peer_cert != NULL )
- {
- x509_free( ssl->peer_cert );
- memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
- free( ssl->peer_cert );
- }
-
- if( ssl->out_ctr != NULL )
- {
- memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
- free( ssl->out_ctr );
- }
-
- if( ssl->in_ctr != NULL )
- {
- memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
- free( ssl->in_ctr );
- }
-
-#if defined(POLARSSL_DHM_C)
- dhm_free( &ssl->dhm_ctx );
-#endif
-
- if ( ssl->hostname != NULL)
- {
- memset( ssl->hostname, 0, ssl->hostname_len );
- free( ssl->hostname );
- ssl->hostname_len = 0;
- }
-
- SSL_DEBUG_MSG( 2, ( "<= free" ) );
-
- /* Actually free after last debug message */
- memset( ssl, 0, sizeof( ssl_context ) );
-}
-
-#endif
+++ /dev/null
-/*
- * X.509 certificate and private key decoding
- *
- * Copyright (C) 2006-2011, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * The ITU-T X.509 standard defines a certificat format for PKI.
- *
- * http://www.ietf.org/rfc/rfc2459.txt
- * http://www.ietf.org/rfc/rfc3279.txt
- *
- * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
- *
- * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_X509_PARSE_C)
-
-#include "polarssl/x509.h"
-#include "polarssl/asn1.h"
-#include "polarssl/pem.h"
-#include "polarssl/des.h"
-#include "polarssl/md2.h"
-#include "polarssl/md4.h"
-#include "polarssl/md5.h"
-#include "polarssl/sha1.h"
-#include "polarssl/sha2.h"
-#include "polarssl/sha4.h"
-#include "polarssl/dhm.h"
-
-#include <string.h>
-#include <stdlib.h>
-#if defined(_WIN32)
-#include <windows.h>
-#else
-#include <time.h>
-#endif
-
-#if defined(POLARSSL_FS_IO)
-#include <stdio.h>
-#endif
-
-/*
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- */
-static int x509_get_version( unsigned char **p,
- const unsigned char *end,
- int *ver )
-{
- int ret;
- size_t len;
-
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- {
- *ver = 0;
- return( 0 );
- }
-
- return( ret );
- }
-
- end = *p + len;
-
- if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_VERSION +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * Version ::= INTEGER { v1(0), v2(1) }
- */
-static int x509_crl_get_version( unsigned char **p,
- const unsigned char *end,
- int *ver )
-{
- int ret;
-
- if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- {
- *ver = 0;
- return( 0 );
- }
-
- return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
- }
-
- return( 0 );
-}
-
-/*
- * CertificateSerialNumber ::= INTEGER
- */
-static int x509_get_serial( unsigned char **p,
- const unsigned char *end,
- x509_buf *serial )
-{
- int ret;
-
- if( ( end - *p ) < 1 )
- return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
- POLARSSL_ERR_ASN1_OUT_OF_DATA );
-
- if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
- **p != ASN1_INTEGER )
- return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
- POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
-
- serial->tag = *(*p)++;
-
- if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL + ret );
-
- serial->p = *p;
- *p += serial->len;
-
- return( 0 );
-}
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- */
-static int x509_get_alg( unsigned char **p,
- const unsigned char *end,
- x509_buf *alg )
-{
- int ret;
- size_t len;
-
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
-
- end = *p + len;
- alg->tag = **p;
-
- if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
-
- alg->p = *p;
- *p += alg->len;
-
- if( *p == end )
- return( 0 );
-
- /*
- * assume the algorithm parameters must be NULL
- */
- if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_ALG +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- * AttributeType ::= OBJECT IDENTIFIER
- *
- * AttributeValue ::= ANY DEFINED BY AttributeType
- */
-static int x509_get_attr_type_value( unsigned char **p,
- const unsigned char *end,
- x509_name *cur )
-{
- int ret;
- size_t len;
- x509_buf *oid;
- x509_buf *val;
-
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
-
- oid = &cur->oid;
- oid->tag = **p;
-
- if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
-
- oid->p = *p;
- *p += oid->len;
-
- if( ( end - *p ) < 1 )
- return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
- POLARSSL_ERR_ASN1_OUT_OF_DATA );
-
- if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
- **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
- **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
- return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
- POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
-
- val = &cur->val;
- val->tag = *(*p)++;
-
- if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
-
- val->p = *p;
- *p += val->len;
-
- cur->next = NULL;
-
- return( 0 );
-}
-
-/*
- * RelativeDistinguishedName ::=
- * SET OF AttributeTypeAndValue
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- * AttributeType ::= OBJECT IDENTIFIER
- *
- * AttributeValue ::= ANY DEFINED BY AttributeType
- */
-static int x509_get_name( unsigned char **p,
- const unsigned char *end,
- x509_name *cur )
-{
- int ret;
- size_t len;
- const unsigned char *end2;
- x509_name *use;
-
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
-
- end2 = end;
- end = *p + len;
- use = cur;
-
- do
- {
- if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
- return( ret );
-
- if( *p != end )
- {
- use->next = (x509_name *) malloc(
- sizeof( x509_name ) );
-
- if( use->next == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- memset( use->next, 0, sizeof( x509_name ) );
-
- use = use->next;
- }
- }
- while( *p != end );
-
- /*
- * recurse until end of SEQUENCE is reached
- */
- if( *p == end2 )
- return( 0 );
-
- cur->next = (x509_name *) malloc(
- sizeof( x509_name ) );
-
- if( cur->next == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- return( x509_get_name( p, end2, cur->next ) );
-}
-
-/*
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- */
-static int x509_get_time( unsigned char **p,
- const unsigned char *end,
- x509_time *time )
-{
- int ret;
- size_t len;
- char date[64];
- unsigned char tag;
-
- if( ( end - *p ) < 1 )
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
- POLARSSL_ERR_ASN1_OUT_OF_DATA );
-
- tag = **p;
-
- if ( tag == ASN1_UTC_TIME )
- {
- (*p)++;
- ret = asn1_get_len( p, end, &len );
-
- if( ret != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
-
- memset( date, 0, sizeof( date ) );
- memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
- len : sizeof( date ) - 1 );
-
- if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
- &time->year, &time->mon, &time->day,
- &time->hour, &time->min, &time->sec ) < 5 )
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
-
- time->year += 100 * ( time->year < 50 );
- time->year += 1900;
-
- *p += len;
-
- return( 0 );
- }
- else if ( tag == ASN1_GENERALIZED_TIME )
- {
- (*p)++;
- ret = asn1_get_len( p, end, &len );
-
- if( ret != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
-
- memset( date, 0, sizeof( date ) );
- memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
- len : sizeof( date ) - 1 );
-
- if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
- &time->year, &time->mon, &time->day,
- &time->hour, &time->min, &time->sec ) < 5 )
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
-
- *p += len;
-
- return( 0 );
- }
- else
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
-}
-
-
-/*
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- */
-static int x509_get_dates( unsigned char **p,
- const unsigned char *end,
- x509_time *from,
- x509_time *to )
-{
- int ret;
- size_t len;
-
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
-
- end = *p + len;
-
- if( ( ret = x509_get_time( p, end, from ) ) != 0 )
- return( ret );
-
- if( ( ret = x509_get_time( p, end, to ) ) != 0 )
- return( ret );
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- */
-static int x509_get_pubkey( unsigned char **p,
- const unsigned char *end,
- x509_buf *pk_alg_oid,
- mpi *N, mpi *E )
-{
- int ret, can_handle;
- size_t len;
- unsigned char *end2;
-
- if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
- return( ret );
-
- /*
- * only RSA public keys handled at this time
- */
- can_handle = 0;
-
- if( pk_alg_oid->len == 9 &&
- memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) == 0 )
- can_handle = 1;
-
- if( pk_alg_oid->len == 9 &&
- memcmp( pk_alg_oid->p, OID_PKCS1, 8 ) == 0 )
- {
- if( pk_alg_oid->p[8] >= 2 && pk_alg_oid->p[8] <= 5 )
- can_handle = 1;
-
- if ( pk_alg_oid->p[8] >= 11 && pk_alg_oid->p[8] <= 14 )
- can_handle = 1;
- }
-
- if( pk_alg_oid->len == 5 &&
- memcmp( pk_alg_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
- can_handle = 1;
-
- if( can_handle == 0 )
- return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
-
- if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
-
- if( ( end - *p ) < 1 )
- return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
- POLARSSL_ERR_ASN1_OUT_OF_DATA );
-
- end2 = *p + len;
-
- if( *(*p)++ != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY );
-
- /*
- * RSAPublicKey ::= SEQUENCE {
- * modulus INTEGER, -- n
- * publicExponent INTEGER -- e
- * }
- */
- if( ( ret = asn1_get_tag( p, end2, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
-
- if( *p + len != end2 )
- return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
- ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-static int x509_get_sig( unsigned char **p,
- const unsigned char *end,
- x509_buf *sig )
-{
- int ret;
- size_t len;
-
- sig->tag = **p;
-
- if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + ret );
-
-
- if( --len < 1 || *(*p)++ != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE );
-
- sig->len = len;
- sig->p = *p;
-
- *p += len;
-
- return( 0 );
-}
-
-/*
- * X.509 v2/v3 unique identifier (not parsed)
- */
-static int x509_get_uid( unsigned char **p,
- const unsigned char *end,
- x509_buf *uid, int n )
-{
- int ret;
-
- if( *p == end )
- return( 0 );
-
- uid->tag = **p;
-
- if( ( ret = asn1_get_tag( p, end, &uid->len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
-
- return( ret );
- }
-
- uid->p = *p;
- *p += uid->len;
-
- return( 0 );
-}
-
-/*
- * X.509 Extensions (No parsing of extensions, pointer should
- * be either manually updated or extensions should be parsed!
- */
-static int x509_get_ext( unsigned char **p,
- const unsigned char *end,
- x509_buf *ext, int tag )
-{
- int ret;
- size_t len;
-
- if( *p == end )
- return( 0 );
-
- ext->tag = **p;
-
- if( ( ret = asn1_get_tag( p, end, &ext->len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
- return( ret );
-
- ext->p = *p;
- end = *p + ext->len;
-
- /*
- * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- */
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- if( end != *p + len )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * X.509 CRL v2 extensions (no extensions parsed yet.)
- */
-static int x509_get_crl_ext( unsigned char **p,
- const unsigned char *end,
- x509_buf *ext )
-{
- int ret;
- size_t len = 0;
-
- /* Get explicit tag */
- if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
-
- return( ret );
- }
-
- while( *p < end )
- {
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- *p += len;
- }
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * X.509 CRL v2 entry extensions (no extensions parsed yet.)
- */
-static int x509_get_crl_entry_ext( unsigned char **p,
- const unsigned char *end,
- x509_buf *ext )
-{
- int ret;
- size_t len = 0;
-
- /* OPTIONAL */
- if (end <= *p)
- return( 0 );
-
- ext->tag = **p;
- ext->p = *p;
-
- /*
- * Get CRL-entry extension sequence header
- * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
- */
- if( ( ret = asn1_get_tag( p, end, &ext->len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- {
- ext->p = NULL;
- return( 0 );
- }
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
- }
-
- end = *p + ext->len;
-
- if( end != *p + ext->len )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- while( *p < end )
- {
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- *p += len;
- }
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-static int x509_get_basic_constraints( unsigned char **p,
- const unsigned char *end,
- int *ca_istrue,
- int *max_pathlen )
-{
- int ret;
- size_t len;
-
- /*
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- */
- *ca_istrue = 0; /* DEFAULT FALSE */
- *max_pathlen = 0; /* endless */
-
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- if( *p == end )
- return 0;
-
- if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- ret = asn1_get_int( p, end, ca_istrue );
-
- if( ret != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- if( *ca_istrue != 0 )
- *ca_istrue = 1;
- }
-
- if( *p == end )
- return 0;
-
- if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- (*max_pathlen)++;
-
- return 0;
-}
-
-static int x509_get_ns_cert_type( unsigned char **p,
- const unsigned char *end,
- unsigned char *ns_cert_type)
-{
- int ret;
- x509_bitstring bs = { 0, 0, NULL };
-
- if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- if( bs.len != 1 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_INVALID_LENGTH );
-
- /* Get actual bitstring */
- *ns_cert_type = *bs.p;
- return 0;
-}
-
-static int x509_get_key_usage( unsigned char **p,
- const unsigned char *end,
- unsigned char *key_usage)
-{
- int ret;
- x509_bitstring bs = { 0, 0, NULL };
-
- if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- if( bs.len > 1 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_INVALID_LENGTH );
-
- /* Get actual bitstring */
- *key_usage = *bs.p;
- return 0;
-}
-
-/*
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- */
-static int x509_get_ext_key_usage( unsigned char **p,
- const unsigned char *end,
- x509_sequence *ext_key_usage)
-{
- int ret;
-
- if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- /* Sequence length must be >= 1 */
- if( ext_key_usage->buf.p == NULL )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_INVALID_LENGTH );
-
- return 0;
-}
-
-/*
- * X.509 v3 extensions
- *
- * TODO: Perform all of the basic constraints tests required by the RFC
- * TODO: Set values for undetected extensions to a sane default?
- *
- */
-static int x509_get_crt_ext( unsigned char **p,
- const unsigned char *end,
- x509_cert *crt )
-{
- int ret;
- size_t len;
- unsigned char *end_ext_data, *end_ext_octet;
-
- if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
-
- return( ret );
- }
-
- while( *p < end )
- {
- /*
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- */
- x509_buf extn_oid = {0, 0, NULL};
- int is_critical = 0; /* DEFAULT FALSE */
-
- if( ( ret = asn1_get_tag( p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- end_ext_data = *p + len;
-
- /* Get extension ID */
- extn_oid.tag = **p;
-
- if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- extn_oid.p = *p;
- *p += extn_oid.len;
-
- if( ( end - *p ) < 1 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_OUT_OF_DATA );
-
- /* Get optional critical */
- if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
- ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- /* Data should be octet string type */
- if( ( ret = asn1_get_tag( p, end_ext_data, &len,
- ASN1_OCTET_STRING ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
-
- end_ext_octet = *p + len;
-
- if( end_ext_octet != end_ext_data )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- /*
- * Detect supported extensions
- */
- if( ( OID_SIZE( OID_BASIC_CONSTRAINTS ) == extn_oid.len ) &&
- memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS, extn_oid.len ) == 0 )
- {
- /* Parse basic constraints */
- if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
- &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
- return ( ret );
- crt->ext_types |= EXT_BASIC_CONSTRAINTS;
- }
- else if( ( OID_SIZE( OID_NS_CERT_TYPE ) == extn_oid.len ) &&
- memcmp( extn_oid.p, OID_NS_CERT_TYPE, extn_oid.len ) == 0 )
- {
- /* Parse netscape certificate type */
- if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
- &crt->ns_cert_type ) ) != 0 )
- return ( ret );
- crt->ext_types |= EXT_NS_CERT_TYPE;
- }
- else if( ( OID_SIZE( OID_KEY_USAGE ) == extn_oid.len ) &&
- memcmp( extn_oid.p, OID_KEY_USAGE, extn_oid.len ) == 0 )
- {
- /* Parse key usage */
- if( ( ret = x509_get_key_usage( p, end_ext_octet,
- &crt->key_usage ) ) != 0 )
- return ( ret );
- crt->ext_types |= EXT_KEY_USAGE;
- }
- else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE ) == extn_oid.len ) &&
- memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE, extn_oid.len ) == 0 )
- {
- /* Parse extended key usage */
- if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
- &crt->ext_key_usage ) ) != 0 )
- return ( ret );
- crt->ext_types |= EXT_EXTENDED_KEY_USAGE;
- }
- else
- {
- /* No parser found, skip extension */
- *p = end_ext_octet;
-
-#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
- if( is_critical )
- {
- /* Data is marked as critical: fail */
- return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
- }
-#endif
- }
- }
-
- if( *p != end )
- return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * X.509 CRL Entries
- */
-static int x509_get_entries( unsigned char **p,
- const unsigned char *end,
- x509_crl_entry *entry )
-{
- int ret;
- size_t entry_len;
- x509_crl_entry *cur_entry = entry;
-
- if( *p == end )
- return( 0 );
-
- if( ( ret = asn1_get_tag( p, end, &entry_len,
- ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
- {
- if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
-
- return( ret );
- }
-
- end = *p + entry_len;
-
- while( *p < end )
- {
- size_t len2;
- const unsigned char *end2;
-
- if( ( ret = asn1_get_tag( p, end, &len2,
- ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
- {
- return( ret );
- }
-
- cur_entry->raw.tag = **p;
- cur_entry->raw.p = *p;
- cur_entry->raw.len = len2;
- end2 = *p + len2;
-
- if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
- return( ret );
-
- if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
- return( ret );
-
- if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
- return( ret );
-
- if ( *p < end )
- {
- cur_entry->next = malloc( sizeof( x509_crl_entry ) );
-
- if( cur_entry->next == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- cur_entry = cur_entry->next;
- memset( cur_entry, 0, sizeof( x509_crl_entry ) );
- }
- }
-
- return( 0 );
-}
-
-static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
-{
- if( sig_oid->len == 9 &&
- memcmp( sig_oid->p, OID_PKCS1, 8 ) == 0 )
- {
- if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
- {
- *sig_alg = sig_oid->p[8];
- return( 0 );
- }
-
- if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
- {
- *sig_alg = sig_oid->p[8];
- return( 0 );
- }
-
- return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
- }
- if( sig_oid->len == 5 &&
- memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
- {
- *sig_alg = SIG_RSA_SHA1;
- return( 0 );
- }
-
- return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
-}
-
-/*
- * Parse and fill a single X.509 certificate in DER format
- */
-int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
-{
- int ret;
- size_t len;
- unsigned char *p, *end;
-
- /*
- * Check for valid input
- */
- if( crt == NULL || buf == NULL )
- return( POLARSSL_ERR_X509_INVALID_INPUT );
-
- p = (unsigned char *) malloc( len = buflen );
-
- if( p == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- memcpy( p, buf, buflen );
-
- buflen = 0;
-
- crt->raw.p = p;
- crt->raw.len = len;
- end = p + len;
-
- /*
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING }
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
- }
-
- if( len != (size_t) ( end - p ) )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- /*
- * TBSCertificate ::= SEQUENCE {
- */
- crt->tbs.p = p;
-
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
- }
-
- end = p + len;
- crt->tbs.len = end - crt->tbs.p;
-
- /*
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * signature AlgorithmIdentifier
- */
- if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
- ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
- ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- crt->version++;
-
- if( crt->version > 3 )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
- }
-
- if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- /*
- * issuer Name
- */
- crt->issuer_raw.p = p;
-
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
- }
-
- if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- crt->issuer_raw.len = p - crt->issuer_raw.p;
-
- /*
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- */
- if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
- &crt->valid_to ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- /*
- * subject Name
- */
- crt->subject_raw.p = p;
-
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
- }
-
- if( ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- crt->subject_raw.len = p - crt->subject_raw.p;
-
- /*
- * SubjectPublicKeyInfo ::= SEQUENCE
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
- }
-
- if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
- &crt->rsa.N, &crt->rsa.E ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- crt->rsa.len = mpi_size( &crt->rsa.N );
-
- /*
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * extensions [3] EXPLICIT Extensions OPTIONAL
- * -- If present, version shall be v3
- */
- if( crt->version == 2 || crt->version == 3 )
- {
- ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
- if( ret != 0 )
- {
- x509_free( crt );
- return( ret );
- }
- }
-
- if( crt->version == 2 || crt->version == 3 )
- {
- ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
- if( ret != 0 )
- {
- x509_free( crt );
- return( ret );
- }
- }
-
- if( crt->version == 3 )
- {
- ret = x509_get_crt_ext( &p, end, crt);
- if( ret != 0 )
- {
- x509_free( crt );
- return( ret );
- }
- }
-
- if( p != end )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- end = crt->raw.p + crt->raw.len;
-
- /*
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING
- */
- if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
- }
-
- if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
- {
- x509_free( crt );
- return( ret );
- }
-
- if( p != end )
- {
- x509_free( crt );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- return( 0 );
-}
-
-/*
- * Parse one or more PEM certificates from a buffer and add them to the chained list
- */
-int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
-{
- int ret, success = 0, first_error = 0, total_failed = 0;
- x509_cert *crt, *prev = NULL;
- int buf_format = X509_FORMAT_DER;
-
- crt = chain;
-
- /*
- * Check for valid input
- */
- if( crt == NULL || buf == NULL )
- return( POLARSSL_ERR_X509_INVALID_INPUT );
-
- while( crt->version != 0 && crt->next != NULL )
- {
- prev = crt;
- crt = crt->next;
- }
-
- /*
- * Add new certificate on the end of the chain if needed.
- */
- if ( crt->version != 0 && crt->next == NULL)
- {
- crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
-
- if( crt->next == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- prev = crt;
- crt = crt->next;
- memset( crt, 0, sizeof( x509_cert ) );
- }
-
- /*
- * Determine buffer content. Buffer contains either one DER certificate or
- * one or more PEM certificates.
- */
-#if defined(POLARSSL_PEM_C)
- if( strstr( (char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
- buf_format = X509_FORMAT_PEM;
-#endif
-
- if( buf_format == X509_FORMAT_DER )
- return x509parse_crt_der( crt, buf, buflen );
-
-#if defined(POLARSSL_PEM_C)
- if( buf_format == X509_FORMAT_PEM )
- {
- pem_context pem;
-
- while( buflen > 0 )
- {
- size_t use_len;
- pem_init( &pem );
-
- ret = pem_read_buffer( &pem,
- "-----BEGIN CERTIFICATE-----",
- "-----END CERTIFICATE-----",
- buf, NULL, 0, &use_len );
-
- if( ret == 0 )
- {
- /*
- * Was PEM encoded
- */
- buflen -= use_len;
- buf += use_len;
- }
- else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
- {
- pem_free( &pem );
-
- if( first_error == 0 )
- first_error = ret;
-
- continue;
- }
- else
- break;
-
- ret = x509parse_crt_der( crt, pem.buf, pem.buflen );
-
- pem_free( &pem );
-
- if( ret != 0 )
- {
- /*
- * quit parsing on a memory error
- */
- if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
- {
- if( prev )
- prev->next = NULL;
-
- if( crt != chain )
- free( crt );
-
- return( ret );
- }
-
- if( first_error == 0 )
- first_error = ret;
-
- total_failed++;
-
- memset( crt, 0, sizeof( x509_cert ) );
- continue;
- }
-
- success = 1;
-
- /*
- * Add new certificate to the list
- */
- crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
-
- if( crt->next == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- prev = crt;
- crt = crt->next;
- memset( crt, 0, sizeof( x509_cert ) );
- }
- }
-#endif
-
- if( crt->version == 0 )
- {
- if( prev )
- prev->next = NULL;
-
- if( crt != chain )
- free( crt );
- }
-
- if( success )
- return( total_failed );
- else if( first_error )
- return( first_error );
- else
- return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
-}
-
-/*
- * Parse one or more CRLs and add them to the chained list
- */
-int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
-{
- int ret;
- size_t len;
- unsigned char *p, *end;
- x509_crl *crl;
-#if defined(POLARSSL_PEM_C)
- size_t use_len;
- pem_context pem;
-#endif
-
- crl = chain;
-
- /*
- * Check for valid input
- */
- if( crl == NULL || buf == NULL )
- return( POLARSSL_ERR_X509_INVALID_INPUT );
-
- while( crl->version != 0 && crl->next != NULL )
- crl = crl->next;
-
- /*
- * Add new CRL on the end of the chain if needed.
- */
- if ( crl->version != 0 && crl->next == NULL)
- {
- crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
-
- if( crl->next == NULL )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
- }
-
- crl = crl->next;
- memset( crl, 0, sizeof( x509_crl ) );
- }
-
-#if defined(POLARSSL_PEM_C)
- pem_init( &pem );
- ret = pem_read_buffer( &pem,
- "-----BEGIN X509 CRL-----",
- "-----END X509 CRL-----",
- buf, NULL, 0, &use_len );
-
- if( ret == 0 )
- {
- /*
- * Was PEM encoded
- */
- buflen -= use_len;
- buf += use_len;
-
- /*
- * Steal PEM buffer
- */
- p = pem.buf;
- pem.buf = NULL;
- len = pem.buflen;
- pem_free( &pem );
- }
- else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
- {
- pem_free( &pem );
- return( ret );
- }
- else
- {
- /*
- * nope, copy the raw DER data
- */
- p = (unsigned char *) malloc( len = buflen );
-
- if( p == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- memcpy( p, buf, buflen );
-
- buflen = 0;
- }
-#else
- p = (unsigned char *) malloc( len = buflen );
-
- if( p == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- memcpy( p, buf, buflen );
-
- buflen = 0;
-#endif
-
- crl->raw.p = p;
- crl->raw.len = len;
- end = p + len;
-
- /*
- * CertificateList ::= SEQUENCE {
- * tbsCertList TBSCertList,
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING }
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
- }
-
- if( len != (size_t) ( end - p ) )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- /*
- * TBSCertList ::= SEQUENCE {
- */
- crl->tbs.p = p;
-
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
- }
-
- end = p + len;
- crl->tbs.len = end - crl->tbs.p;
-
- /*
- * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
- * -- if present, MUST be v2
- *
- * signature AlgorithmIdentifier
- */
- if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
- ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
- {
- x509_crl_free( crl );
- return( ret );
- }
-
- crl->version++;
-
- if( crl->version > 2 )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
- }
-
- if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
- }
-
- /*
- * issuer Name
- */
- crl->issuer_raw.p = p;
-
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
- }
-
- if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
- {
- x509_crl_free( crl );
- return( ret );
- }
-
- crl->issuer_raw.len = p - crl->issuer_raw.p;
-
- /*
- * thisUpdate Time
- * nextUpdate Time OPTIONAL
- */
- if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
- {
- x509_crl_free( crl );
- return( ret );
- }
-
- if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
- {
- if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
- POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
- ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
- POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
- {
- x509_crl_free( crl );
- return( ret );
- }
- }
-
- /*
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, MUST be v2
- * } OPTIONAL
- */
- if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
- {
- x509_crl_free( crl );
- return( ret );
- }
-
- /*
- * crlExtensions EXPLICIT Extensions OPTIONAL
- * -- if present, MUST be v2
- */
- if( crl->version == 2 )
- {
- ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
-
- if( ret != 0 )
- {
- x509_crl_free( crl );
- return( ret );
- }
- }
-
- if( p != end )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- end = crl->raw.p + crl->raw.len;
-
- /*
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING
- */
- if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
- {
- x509_crl_free( crl );
- return( ret );
- }
-
- if( memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
- }
-
- if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
- {
- x509_crl_free( crl );
- return( ret );
- }
-
- if( p != end )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- if( buflen > 0 )
- {
- crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
-
- if( crl->next == NULL )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
- }
-
- crl = crl->next;
- memset( crl, 0, sizeof( x509_crl ) );
-
- return( x509parse_crl( crl, buf, buflen ) );
- }
-
- return( 0 );
-}
-
-#if defined(POLARSSL_FS_IO)
-/*
- * Load all data from a file into a given buffer.
- */
-int load_file( const char *path, unsigned char **buf, size_t *n )
-{
- FILE *f;
-
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( POLARSSL_ERR_X509_FILE_IO_ERROR );
-
- fseek( f, 0, SEEK_END );
- *n = (size_t) ftell( f );
- fseek( f, 0, SEEK_SET );
-
- if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- if( fread( *buf, 1, *n, f ) != *n )
- {
- fclose( f );
- free( *buf );
- return( POLARSSL_ERR_X509_FILE_IO_ERROR );
- }
-
- fclose( f );
-
- (*buf)[*n] = '\0';
-
- return( 0 );
-}
-
-/*
- * Load one or more certificates and add them to the chained list
- */
-int x509parse_crtfile( x509_cert *chain, const char *path )
-{
- int ret;
- size_t n;
- unsigned char *buf;
-
- if ( (ret = load_file( path, &buf, &n ) ) != 0 )
- return( ret );
-
- ret = x509parse_crt( chain, buf, n );
-
- memset( buf, 0, n + 1 );
- free( buf );
-
- return( ret );
-}
-
-/*
- * Load one or more CRLs and add them to the chained list
- */
-int x509parse_crlfile( x509_crl *chain, const char *path )
-{
- int ret;
- size_t n;
- unsigned char *buf;
-
- if ( (ret = load_file( path, &buf, &n ) ) != 0 )
- return( ret );
-
- ret = x509parse_crl( chain, buf, n );
-
- memset( buf, 0, n + 1 );
- free( buf );
-
- return( ret );
-}
-
-/*
- * Load and parse a private RSA key
- */
-int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
-{
- int ret;
- size_t n;
- unsigned char *buf;
-
- if ( (ret = load_file( path, &buf, &n ) ) != 0 )
- return( ret );
-
- if( pwd == NULL )
- ret = x509parse_key( rsa, buf, n, NULL, 0 );
- else
- ret = x509parse_key( rsa, buf, n,
- (unsigned char *) pwd, strlen( pwd ) );
-
- memset( buf, 0, n + 1 );
- free( buf );
-
- return( ret );
-}
-
-/*
- * Load and parse a public RSA key
- */
-int x509parse_public_keyfile( rsa_context *rsa, const char *path )
-{
- int ret;
- size_t n;
- unsigned char *buf;
-
- if ( (ret = load_file( path, &buf, &n ) ) != 0 )
- return( ret );
-
- ret = x509parse_public_key( rsa, buf, n );
-
- memset( buf, 0, n + 1 );
- free( buf );
-
- return( ret );
-}
-#endif /* POLARSSL_FS_IO */
-
-/*
- * Parse a private RSA key
- */
-int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen )
-{
- int ret;
- size_t len;
- unsigned char *p, *end;
- unsigned char *p_alt;
- x509_buf pk_alg_oid;
-
-#if defined(POLARSSL_PEM_C)
- pem_context pem;
-
- pem_init( &pem );
- ret = pem_read_buffer( &pem,
- "-----BEGIN RSA PRIVATE KEY-----",
- "-----END RSA PRIVATE KEY-----",
- key, pwd, pwdlen, &len );
-
- if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
- {
- ret = pem_read_buffer( &pem,
- "-----BEGIN PRIVATE KEY-----",
- "-----END PRIVATE KEY-----",
- key, pwd, pwdlen, &len );
- }
-
- if( ret == 0 )
- {
- /*
- * Was PEM encoded
- */
- keylen = pem.buflen;
- }
- else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
- {
- pem_free( &pem );
- return( ret );
- }
-
- p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
-#else
- ((void) pwd);
- ((void) pwdlen);
- p = (unsigned char *) key;
-#endif
- end = p + keylen;
-
- /*
- * Note: Depending on the type of private key file one can expect either a
- * PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
- *
- * PrivateKeyInfo ::= SEQUENCE {
- * version Version,
- * algorithm AlgorithmIdentifier,
- * PrivateKey BIT STRING
- * }
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * RSAPrivateKey ::= SEQUENCE {
- * version Version,
- * modulus INTEGER, -- n
- * publicExponent INTEGER, -- e
- * privateExponent INTEGER, -- d
- * prime1 INTEGER, -- p
- * prime2 INTEGER, -- q
- * exponent1 INTEGER, -- d mod (p-1)
- * exponent2 INTEGER, -- d mod (q-1)
- * coefficient INTEGER, -- (inverse of q) mod p
- * otherPrimeInfos OtherPrimeInfos OPTIONAL
- * }
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- end = p + len;
-
- if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- if( rsa->ver != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
- }
-
- p_alt = p;
-
- if( ( ret = x509_get_alg( &p_alt, end, &pk_alg_oid ) ) != 0 )
- {
- // Assume that we have the PKCS#1 format if wrong
- // tag was encountered
- //
- if( ret != POLARSSL_ERR_X509_CERT_INVALID_ALG +
- POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
- }
- }
- else
- {
- int can_handle;
-
- /*
- * only RSA keys handled at this time
- */
- can_handle = 0;
-
- if( pk_alg_oid.len == 9 &&
- memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) == 0 )
- can_handle = 1;
-
- if( pk_alg_oid.len == 9 &&
- memcmp( pk_alg_oid.p, OID_PKCS1, 8 ) == 0 )
- {
- if( pk_alg_oid.p[8] >= 2 && pk_alg_oid.p[8] <= 5 )
- can_handle = 1;
-
- if ( pk_alg_oid.p[8] >= 11 && pk_alg_oid.p[8] <= 14 )
- can_handle = 1;
- }
-
- if( pk_alg_oid.len == 5 &&
- memcmp( pk_alg_oid.p, OID_RSA_SHA_OBS, 5 ) == 0 )
- can_handle = 1;
-
- if( can_handle == 0 )
- return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
-
- /*
- * Parse the PKCS#8 format
- */
-
- p = p_alt;
- if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- if( ( end - p ) < 1 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_OUT_OF_DATA );
- }
-
- end = p + len;
-
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- end = p + len;
-
- if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- if( rsa->ver != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
- }
- }
-
- if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- rsa->len = mpi_size( &rsa->N );
-
- if( p != end )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( ret );
- }
-
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
-
- return( 0 );
-}
-
-/*
- * Parse a public RSA key
- */
-int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
-{
- int ret;
- size_t len;
- unsigned char *p, *end;
- x509_buf alg_oid;
-#if defined(POLARSSL_PEM_C)
- pem_context pem;
-
- pem_init( &pem );
- ret = pem_read_buffer( &pem,
- "-----BEGIN PUBLIC KEY-----",
- "-----END PUBLIC KEY-----",
- key, NULL, 0, &len );
-
- if( ret == 0 )
- {
- /*
- * Was PEM encoded
- */
- keylen = pem.buflen;
- }
- else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
- {
- pem_free( &pem );
- return( ret );
- }
-
- p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
-#else
- p = (unsigned char *) key;
-#endif
- end = p + keylen;
-
- /*
- * PublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * PublicKey BIT STRING
- * }
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * RSAPublicKey ::= SEQUENCE {
- * modulus INTEGER, -- n
- * publicExponent INTEGER -- e
- * }
- */
-
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
- }
-
- if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- rsa_free( rsa );
- return( ret );
- }
-
- rsa->len = mpi_size( &rsa->N );
-
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
-
- return( 0 );
-}
-
-#if defined(POLARSSL_DHM_C)
-/*
- * Parse DHM parameters
- */
-int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
-{
- int ret;
- size_t len;
- unsigned char *p, *end;
-#if defined(POLARSSL_PEM_C)
- pem_context pem;
-
- pem_init( &pem );
-
- ret = pem_read_buffer( &pem,
- "-----BEGIN DH PARAMETERS-----",
- "-----END DH PARAMETERS-----",
- dhmin, NULL, 0, &dhminlen );
-
- if( ret == 0 )
- {
- /*
- * Was PEM encoded
- */
- dhminlen = pem.buflen;
- }
- else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
- {
- pem_free( &pem );
- return( ret );
- }
-
- p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
-#else
- p = (unsigned char *) dhmin;
-#endif
- end = p + dhminlen;
-
- memset( dhm, 0, sizeof( dhm_context ) );
-
- /*
- * DHParams ::= SEQUENCE {
- * prime INTEGER, -- P
- * generator INTEGER, -- g
- * }
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- end = p + len;
-
- if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
- ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- dhm_free( dhm );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
- }
-
- if( p != end )
- {
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
- dhm_free( dhm );
- return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
-
-#if defined(POLARSSL_PEM_C)
- pem_free( &pem );
-#endif
-
- return( 0 );
-}
-
-#if defined(POLARSSL_FS_IO)
-/*
- * Load and parse a private RSA key
- */
-int x509parse_dhmfile( dhm_context *dhm, const char *path )
-{
- int ret;
- size_t n;
- unsigned char *buf;
-
- if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
- return( ret );
-
- ret = x509parse_dhm( dhm, buf, n );
-
- memset( buf, 0, n + 1 );
- free( buf );
-
- return( ret );
-}
-#endif /* POLARSSL_FS_IO */
-#endif /* POLARSSL_DHM_C */
-
-#if defined _MSC_VER && !defined snprintf
-#include <stdarg.h>
-
-#if !defined vsnprintf
-#define vsnprintf _vsnprintf
-#endif // vsnprintf
-
-/*
- * Windows _snprintf and _vsnprintf are not compatible to linux versions.
- * Result value is not size of buffer needed, but -1 if no fit is possible.
- *
- * This fuction tries to 'fix' this by at least suggesting enlarging the
- * size by 20.
- */
-int compat_snprintf(char *str, size_t size, const char *format, ...)
-{
- va_list ap;
- int res = -1;
-
- va_start( ap, format );
-
- res = vsnprintf( str, size, format, ap );
-
- va_end( ap );
-
- // No quick fix possible
- if ( res < 0 )
- return( (int) size + 20 );
-
- return res;
-}
-
-#define snprintf compat_snprintf
-#endif
-
-#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
-
-#define SAFE_SNPRINTF() \
-{ \
- if( ret == -1 ) \
- return( -1 ); \
- \
- if ( (unsigned int) ret > n ) { \
- p[n - 1] = '\0'; \
- return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
- } \
- \
- n -= (unsigned int) ret; \
- p += (unsigned int) ret; \
-}
-
-/*
- * Store the name in printable form into buf; no more
- * than size characters will be written
- */
-int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
-{
- int ret;
- size_t i, n;
- unsigned char c;
- const x509_name *name;
- char s[128], *p;
-
- memset( s, 0, sizeof( s ) );
-
- name = dn;
- p = buf;
- n = size;
-
- while( name != NULL )
- {
- if( name != dn )
- {
- ret = snprintf( p, n, ", " );
- SAFE_SNPRINTF();
- }
-
- if( memcmp( name->oid.p, OID_X520, 2 ) == 0 )
- {
- switch( name->oid.p[2] )
- {
- case X520_COMMON_NAME:
- ret = snprintf( p, n, "CN=" ); break;
-
- case X520_COUNTRY:
- ret = snprintf( p, n, "C=" ); break;
-
- case X520_LOCALITY:
- ret = snprintf( p, n, "L=" ); break;
-
- case X520_STATE:
- ret = snprintf( p, n, "ST=" ); break;
-
- case X520_ORGANIZATION:
- ret = snprintf( p, n, "O=" ); break;
-
- case X520_ORG_UNIT:
- ret = snprintf( p, n, "OU=" ); break;
-
- default:
- ret = snprintf( p, n, "0x%02X=",
- name->oid.p[2] );
- break;
- }
- SAFE_SNPRINTF();
- }
- else if( memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
- {
- switch( name->oid.p[8] )
- {
- case PKCS9_EMAIL:
- ret = snprintf( p, n, "emailAddress=" ); break;
-
- default:
- ret = snprintf( p, n, "0x%02X=",
- name->oid.p[8] );
- break;
- }
- SAFE_SNPRINTF();
- }
- else
- {
- ret = snprintf( p, n, "\?\?=" );
- SAFE_SNPRINTF();
- }
-
- for( i = 0; i < name->val.len; i++ )
- {
- if( i >= sizeof( s ) - 1 )
- break;
-
- c = name->val.p[i];
- if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
- s[i] = '?';
- else s[i] = c;
- }
- s[i] = '\0';
- ret = snprintf( p, n, "%s", s );
- SAFE_SNPRINTF();
- name = name->next;
- }
-
- return( (int) ( size - n ) );
-}
-
-/*
- * Store the serial in printable form into buf; no more
- * than size characters will be written
- */
-int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
-{
- int ret;
- size_t i, n, nr;
- char *p;
-
- p = buf;
- n = size;
-
- nr = ( serial->len <= 32 )
- ? serial->len : 28;
-
- for( i = 0; i < nr; i++ )
- {
- if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
- continue;
-
- ret = snprintf( p, n, "%02X%s",
- serial->p[i], ( i < nr - 1 ) ? ":" : "" );
- SAFE_SNPRINTF();
- }
-
- if( nr != serial->len )
- {
- ret = snprintf( p, n, "...." );
- SAFE_SNPRINTF();
- }
-
- return( (int) ( size - n ) );
-}
-
-/*
- * Return an informational string about the certificate.
- */
-int x509parse_cert_info( char *buf, size_t size, const char *prefix,
- const x509_cert *crt )
-{
- int ret;
- size_t n;
- char *p;
-
- p = buf;
- n = size;
-
- ret = snprintf( p, n, "%scert. version : %d\n",
- prefix, crt->version );
- SAFE_SNPRINTF();
- ret = snprintf( p, n, "%sserial number : ",
- prefix );
- SAFE_SNPRINTF();
-
- ret = x509parse_serial_gets( p, n, &crt->serial);
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%sissuer name : ", prefix );
- SAFE_SNPRINTF();
- ret = x509parse_dn_gets( p, n, &crt->issuer );
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%ssubject name : ", prefix );
- SAFE_SNPRINTF();
- ret = x509parse_dn_gets( p, n, &crt->subject );
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%sissued on : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crt->valid_from.year, crt->valid_from.mon,
- crt->valid_from.day, crt->valid_from.hour,
- crt->valid_from.min, crt->valid_from.sec );
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%sexpires on : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crt->valid_to.year, crt->valid_to.mon,
- crt->valid_to.day, crt->valid_to.hour,
- crt->valid_to.min, crt->valid_to.sec );
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
- SAFE_SNPRINTF();
-
- switch( crt->sig_alg )
- {
- case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
- case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
- case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
- case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
- case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
- case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
- case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
- case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
- default: ret = snprintf( p, n, "???" ); break;
- }
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
- (int) crt->rsa.N.n * (int) sizeof( unsigned long ) * 8 );
- SAFE_SNPRINTF();
-
- return( (int) ( size - n ) );
-}
-
-/* Compare a given OID string with an OID x509_buf * */
-#define OID_CMP(oid_str, oid_buf) \
- ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
- memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
-
-/*
- * Return an informational string describing the given OID
- */
-const char *x509_oid_get_description( x509_buf *oid )
-{
- if ( oid == NULL )
- return ( NULL );
-
- else if( OID_CMP( OID_SERVER_AUTH, oid ) )
- return( STRING_SERVER_AUTH );
-
- else if( OID_CMP( OID_CLIENT_AUTH, oid ) )
- return( STRING_CLIENT_AUTH );
-
- else if( OID_CMP( OID_CODE_SIGNING, oid ) )
- return( STRING_CODE_SIGNING );
-
- else if( OID_CMP( OID_EMAIL_PROTECTION, oid ) )
- return( STRING_EMAIL_PROTECTION );
-
- else if( OID_CMP( OID_TIME_STAMPING, oid ) )
- return( STRING_TIME_STAMPING );
-
- else if( OID_CMP( OID_OCSP_SIGNING, oid ) )
- return( STRING_OCSP_SIGNING );
-
- return( NULL );
-}
-
-/* Return the x.y.z.... style numeric string for the given OID */
-int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
-{
- int ret;
- size_t i, n;
- unsigned int value;
- char *p;
-
- p = buf;
- n = size;
-
- /* First byte contains first two dots */
- if( oid->len > 0 )
- {
- ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
- SAFE_SNPRINTF();
- }
-
- /* TODO: value can overflow in value. */
- value = 0;
- for( i = 1; i < oid->len; i++ )
- {
- value <<= 7;
- value += oid->p[i] & 0x7F;
-
- if( !( oid->p[i] & 0x80 ) )
- {
- /* Last byte */
- ret = snprintf( p, n, ".%d", value );
- SAFE_SNPRINTF();
- value = 0;
- }
- }
-
- return( (int) ( size - n ) );
-}
-
-/*
- * Return an informational string about the CRL.
- */
-int x509parse_crl_info( char *buf, size_t size, const char *prefix,
- const x509_crl *crl )
-{
- int ret;
- size_t n;
- char *p;
- const x509_crl_entry *entry;
-
- p = buf;
- n = size;
-
- ret = snprintf( p, n, "%sCRL version : %d",
- prefix, crl->version );
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%sissuer name : ", prefix );
- SAFE_SNPRINTF();
- ret = x509parse_dn_gets( p, n, &crl->issuer );
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%sthis update : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crl->this_update.year, crl->this_update.mon,
- crl->this_update.day, crl->this_update.hour,
- crl->this_update.min, crl->this_update.sec );
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n%snext update : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crl->next_update.year, crl->next_update.mon,
- crl->next_update.day, crl->next_update.hour,
- crl->next_update.min, crl->next_update.sec );
- SAFE_SNPRINTF();
-
- entry = &crl->entry;
-
- ret = snprintf( p, n, "\n%sRevoked certificates:",
- prefix );
- SAFE_SNPRINTF();
-
- while( entry != NULL && entry->raw.len != 0 )
- {
- ret = snprintf( p, n, "\n%sserial number: ",
- prefix );
- SAFE_SNPRINTF();
-
- ret = x509parse_serial_gets( p, n, &entry->serial);
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, " revocation date: " \
- "%04d-%02d-%02d %02d:%02d:%02d",
- entry->revocation_date.year, entry->revocation_date.mon,
- entry->revocation_date.day, entry->revocation_date.hour,
- entry->revocation_date.min, entry->revocation_date.sec );
- SAFE_SNPRINTF();
-
- entry = entry->next;
- }
-
- ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
- SAFE_SNPRINTF();
-
- switch( crl->sig_alg )
- {
- case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
- case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
- case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
- case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
- case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
- case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
- case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
- case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
- default: ret = snprintf( p, n, "???" ); break;
- }
- SAFE_SNPRINTF();
-
- ret = snprintf( p, n, "\n" );
- SAFE_SNPRINTF();
-
- return( (int) ( size - n ) );
-}
-
-/*
- * Return 0 if the x509_time is still valid, or 1 otherwise.
- */
-int x509parse_time_expired( const x509_time *to )
-{
- int year, mon, day;
- int hour, min, sec;
-
-#if defined(_WIN32)
- SYSTEMTIME st;
-
- GetLocalTime(&st);
-
- year = st.wYear;
- mon = st.wMonth;
- day = st.wDay;
- hour = st.wHour;
- min = st.wMinute;
- sec = st.wSecond;
-#else
- struct tm *lt;
- time_t tt;
-
- tt = time( NULL );
- lt = localtime( &tt );
-
- year = lt->tm_year + 1900;
- mon = lt->tm_mon + 1;
- day = lt->tm_mday;
- hour = lt->tm_hour;
- min = lt->tm_min;
- sec = lt->tm_sec;
-#endif
-
- if( year > to->year )
- return( 1 );
-
- if( year == to->year &&
- mon > to->mon )
- return( 1 );
-
- if( year == to->year &&
- mon == to->mon &&
- day > to->day )
- return( 1 );
-
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour > to->hour )
- return( 1 );
-
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour == to->hour &&
- min > to->min )
- return( 1 );
-
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour == to->hour &&
- min == to->min &&
- sec > to->sec )
- return( 1 );
-
- return( 0 );
-}
-
-/*
- * Return 1 if the certificate is revoked, or 0 otherwise.
- */
-int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
-{
- const x509_crl_entry *cur = &crl->entry;
-
- while( cur != NULL && cur->serial.len != 0 )
- {
- if( crt->serial.len == cur->serial.len &&
- memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
- {
- if( x509parse_time_expired( &cur->revocation_date ) )
- return( 1 );
- }
-
- cur = cur->next;
- }
-
- return( 0 );
-}
-
-/*
- * Wrapper for x509 hashes.
- *
- * \param out Buffer to receive the hash (Should be at least 64 bytes)
- */
-static void x509_hash( const unsigned char *in, size_t len, int alg,
- unsigned char *out )
-{
- switch( alg )
- {
-#if defined(POLARSSL_MD2_C)
- case SIG_RSA_MD2 : md2( in, len, out ); break;
-#endif
-#if defined(POLARSSL_MD4_C)
- case SIG_RSA_MD4 : md4( in, len, out ); break;
-#endif
-#if defined(POLARSSL_MD5_C)
- case SIG_RSA_MD5 : md5( in, len, out ); break;
-#endif
-#if defined(POLARSSL_SHA1_C)
- case SIG_RSA_SHA1 : sha1( in, len, out ); break;
-#endif
-#if defined(POLARSSL_SHA2_C)
- case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
- case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
-#endif
-#if defined(POLARSSL_SHA4_C)
- case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
- case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
-#endif
- default:
- memset( out, '\xFF', 64 );
- break;
- }
-}
-
-/*
- * Check that the given certificate is valid accoring to the CRL.
- */
-static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
- x509_crl *crl_list)
-{
- int flags = 0;
- int hash_id;
- unsigned char hash[64];
-
- /*
- * TODO: What happens if no CRL is present?
- * Suggestion: Revocation state should be unknown if no CRL is present.
- * For backwards compatibility this is not yet implemented.
- */
-
- while( ca != NULL && crl_list != NULL && crl_list->version != 0 )
- {
- if( crl_list->issuer_raw.len != ca->subject_raw.len ||
- memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
- crl_list->issuer_raw.len ) != 0 )
- {
- crl_list = crl_list->next;
- continue;
- }
-
- /*
- * Check if CRL is correctly signed by the trusted CA
- */
- hash_id = crl_list->sig_alg;
-
- x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
-
- if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, hash_id,
- 0, hash, crl_list->sig.p ) == 0 )
- {
- /*
- * CRL is not trusted
- */
- flags |= BADCRL_NOT_TRUSTED;
- break;
- }
-
- /*
- * Check for validity of CRL (Do not drop out)
- */
- if( x509parse_time_expired( &crl_list->next_update ) )
- flags |= BADCRL_EXPIRED;
-
- /*
- * Check if certificate is revoked
- */
- if( x509parse_revoked(crt, crl_list) )
- {
- flags |= BADCERT_REVOKED;
- break;
- }
-
- crl_list = crl_list->next;
- }
- return flags;
-}
-
-/*
- * Verify the certificate validity
- */
-int x509parse_verify( x509_cert *crt,
- x509_cert *trust_ca,
- x509_crl *ca_crl,
- const char *cn, int *flags,
- int (*f_vrfy)(void *, x509_cert *, int, int),
- void *p_vrfy )
-{
- size_t cn_len;
- int hash_id;
- int pathlen;
- x509_cert *parent;
- x509_name *name;
- unsigned char hash[64];
-
- *flags = 0;
-
- if( x509parse_time_expired( &crt->valid_to ) )
- *flags = BADCERT_EXPIRED;
-
- if( cn != NULL )
- {
- name = &crt->subject;
- cn_len = strlen( cn );
-
- while( name != NULL )
- {
- if( memcmp( name->oid.p, OID_CN, 3 ) == 0 &&
- memcmp( name->val.p, cn, cn_len ) == 0 &&
- name->val.len == cn_len )
- break;
-
- name = name->next;
- }
-
- if( name == NULL )
- *flags |= BADCERT_CN_MISMATCH;
- }
-
- /*
- * Iterate upwards in the given cert chain,
- * ignoring any upper cert with CA != TRUE.
- */
- parent = crt->next;
-
- pathlen = 1;
-
- while( parent != NULL && parent->version != 0 )
- {
- if( parent->ca_istrue == 0 ||
- crt->issuer_raw.len != parent->subject_raw.len ||
- memcmp( crt->issuer_raw.p, parent->subject_raw.p,
- crt->issuer_raw.len ) != 0 )
- {
- parent = parent->next;
- continue;
- }
-
- hash_id = crt->sig_alg;
-
- x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
-
- if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, hash_id, 0, hash,
- crt->sig.p ) != 0 )
- *flags |= BADCERT_NOT_TRUSTED;
-
- /* Check trusted CA's CRL for the given crt */
- *flags |= x509parse_verifycrl(crt, parent, ca_crl);
-
- /* crt is verified to be a child of the parent cur, call verify callback */
- if( NULL != f_vrfy )
- {
- if( f_vrfy( p_vrfy, crt, pathlen - 1, ( *flags == 0 ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
- else
- *flags = 0;
- }
- else if( *flags != 0 )
- return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
-
- pathlen++;
-
- crt = parent;
- parent = crt->next;
- }
-
- /*
- * Attempt to validate topmost cert with our CA chain.
- */
- *flags |= BADCERT_NOT_TRUSTED;
-
- while( trust_ca != NULL && trust_ca->version != 0 )
- {
- if( crt->issuer_raw.len != trust_ca->subject_raw.len ||
- memcmp( crt->issuer_raw.p, trust_ca->subject_raw.p,
- crt->issuer_raw.len ) != 0 )
- {
- trust_ca = trust_ca->next;
- continue;
- }
-
- if( trust_ca->max_pathlen > 0 &&
- trust_ca->max_pathlen < pathlen )
- break;
-
- hash_id = crt->sig_alg;
-
- x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
-
- if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
- 0, hash, crt->sig.p ) == 0 )
- {
- /*
- * cert. is signed by a trusted CA
- */
- *flags &= ~BADCERT_NOT_TRUSTED;
- break;
- }
-
- trust_ca = trust_ca->next;
- }
-
- /* Check trusted CA's CRL for the given crt */
- *flags |= x509parse_verifycrl( crt, trust_ca, ca_crl );
-
- /* Verification succeeded, call callback on top cert */
- if( NULL != f_vrfy )
- {
- if( f_vrfy(p_vrfy, crt, pathlen-1, ( *flags == 0 ) ) != 0 )
- return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
- else
- *flags = 0;
- }
- else if( *flags != 0 )
- return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
-
- return( 0 );
-}
-
-/*
- * Unallocate all certificate data
- */
-void x509_free( x509_cert *crt )
-{
- x509_cert *cert_cur = crt;
- x509_cert *cert_prv;
- x509_name *name_cur;
- x509_name *name_prv;
- x509_sequence *seq_cur;
- x509_sequence *seq_prv;
-
- if( crt == NULL )
- return;
-
- do
- {
- rsa_free( &cert_cur->rsa );
-
- name_cur = cert_cur->issuer.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- memset( name_prv, 0, sizeof( x509_name ) );
- free( name_prv );
- }
-
- name_cur = cert_cur->subject.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- memset( name_prv, 0, sizeof( x509_name ) );
- free( name_prv );
- }
-
- seq_cur = cert_cur->ext_key_usage.next;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- memset( seq_prv, 0, sizeof( x509_sequence ) );
- free( seq_prv );
- }
-
- if( cert_cur->raw.p != NULL )
- {
- memset( cert_cur->raw.p, 0, cert_cur->raw.len );
- free( cert_cur->raw.p );
- }
-
- cert_cur = cert_cur->next;
- }
- while( cert_cur != NULL );
-
- cert_cur = crt;
- do
- {
- cert_prv = cert_cur;
- cert_cur = cert_cur->next;
-
- memset( cert_prv, 0, sizeof( x509_cert ) );
- if( cert_prv != crt )
- free( cert_prv );
- }
- while( cert_cur != NULL );
-}
-
-/*
- * Unallocate all CRL data
- */
-void x509_crl_free( x509_crl *crl )
-{
- x509_crl *crl_cur = crl;
- x509_crl *crl_prv;
- x509_name *name_cur;
- x509_name *name_prv;
- x509_crl_entry *entry_cur;
- x509_crl_entry *entry_prv;
-
- if( crl == NULL )
- return;
-
- do
- {
- name_cur = crl_cur->issuer.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- memset( name_prv, 0, sizeof( x509_name ) );
- free( name_prv );
- }
-
- entry_cur = crl_cur->entry.next;
- while( entry_cur != NULL )
- {
- entry_prv = entry_cur;
- entry_cur = entry_cur->next;
- memset( entry_prv, 0, sizeof( x509_crl_entry ) );
- free( entry_prv );
- }
-
- if( crl_cur->raw.p != NULL )
- {
- memset( crl_cur->raw.p, 0, crl_cur->raw.len );
- free( crl_cur->raw.p );
- }
-
- crl_cur = crl_cur->next;
- }
- while( crl_cur != NULL );
-
- crl_cur = crl;
- do
- {
- crl_prv = crl_cur;
- crl_cur = crl_cur->next;
-
- memset( crl_prv, 0, sizeof( x509_crl ) );
- if( crl_prv != crl )
- free( crl_prv );
- }
- while( crl_cur != NULL );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-
-#include "polarssl/certs.h"
-
-/*
- * Checkup routine
- */
-int x509_self_test( int verbose )
-{
-#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
- int ret;
- int flags;
- size_t i, j;
- x509_cert cacert;
- x509_cert clicert;
- rsa_context rsa;
-#if defined(POLARSSL_DHM_C)
- dhm_context dhm;
-#endif
-
- if( verbose != 0 )
- printf( " X.509 certificate load: " );
-
- memset( &clicert, 0, sizeof( x509_cert ) );
-
- ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
- strlen( test_cli_crt ) );
- if( ret != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( ret );
- }
-
- memset( &cacert, 0, sizeof( x509_cert ) );
-
- ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
- strlen( test_ca_crt ) );
- if( ret != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( ret );
- }
-
- if( verbose != 0 )
- printf( "passed\n X.509 private key load: " );
-
- i = strlen( test_ca_key );
- j = strlen( test_ca_pwd );
-
- rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
- if( ( ret = x509parse_key( &rsa,
- (unsigned char *) test_ca_key, i,
- (unsigned char *) test_ca_pwd, j ) ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( ret );
- }
-
- if( verbose != 0 )
- printf( "passed\n X.509 signature verify: ");
-
- ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
- if( ret != 0 )
- {
- printf("%02x", flags);
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( ret );
- }
-
-#if defined(POLARSSL_DHM_C)
- if( verbose != 0 )
- printf( "passed\n X.509 DHM parameter load: " );
-
- i = strlen( test_dhm_params );
- j = strlen( test_ca_pwd );
-
- if( ( ret = x509parse_dhm( &dhm, (unsigned char *) test_dhm_params, i ) ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
-
- return( ret );
- }
-
- if( verbose != 0 )
- printf( "passed\n\n" );
-#endif
-
- x509_free( &cacert );
- x509_free( &clicert );
- rsa_free( &rsa );
-#if defined(POLARSSL_DHM_C)
- dhm_free( &dhm );
-#endif
-
- return( 0 );
-#else
- ((void) verbose);
- return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
-#endif
-}
-
-#endif
-
-#endif
--- /dev/null
+CMakeCache.txt
+CMakeFiles
+CTestTestfile.cmake
+cmake_install.cmake
+Testing
--- /dev/null
+cmake_minimum_required(VERSION 2.6)
+project(POLARSSL C)
+
+enable_testing()
+
+if(CMAKE_COMPILER_IS_GNUCC)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
+ set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
+ set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 -fprofile-arcs -ftest-coverage -lgcov")
+endif(CMAKE_COMPILER_IS_GNUCC)
+
+if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
+ if(CMAKE_COMPILER_IS_GNUCC)
+ set(CMAKE_SHARED_LINKER_FLAGS "-fprofile-arcs -ftest-coverage")
+ endif(CMAKE_COMPILER_IS_GNUCC)
+endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
+
+option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library." OFF)
+
+option(ENABLE_ZLIB_SUPPORT "Build PolarSSL with zlib library." OFF)
+
+if(LIB_INSTALL_DIR)
+else()
+set(LIB_INSTALL_DIR lib)
+endif()
+
+include_directories(include/)
+
+if(ENABLE_ZLIB_SUPPORT)
+ find_package(ZLIB)
+
+ if(ZLIB_FOUND)
+ include_directories(ZLIB_INCLUDE_DIR)
+ endif(ZLIB_FOUND)
+endif(ENABLE_ZLIB_SUPPORT)
+
+add_subdirectory(library)
+add_subdirectory(include)
+
+if(CMAKE_COMPILER_IS_GNUCC)
+ add_subdirectory(tests)
+endif(CMAKE_COMPILER_IS_GNUCC)
+
+add_subdirectory(programs)
+
+ADD_CUSTOM_TARGET(apidoc
+ COMMAND doxygen doxygen/polarssl.doxyfile
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+
+ADD_CUSTOM_TARGET(memcheck
+ COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
+ COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
+ COMMAND rm -f memcheck.log
+ )
-PolarSSL ChangeLog
+PolarSSL ChangeLog (Sorted per branch, date)
+
+= PolarSSL 1.3.2 released on 2013-11-04
+Features
+ * PK tests added to test framework
+ * Added optional optimization for NIST MODP curves (POLARSSL_ECP_NIST_OPTIM)
+ * Support for Camellia-GCM mode and ciphersuites
+
+Changes
+ * Padding checks in cipher layer are now constant-time
+ * Value comparisons in SSL layer are now constant-time
+ * Support for serialNumber, postalAddress and postalCode in X509 names
+ * SSL Renegotiation was refactored
+
+Bugfix
+ * More stringent checks in cipher layer
+ * Server does not send out extensions not advertised by client
+ * Prevent possible alignment warnings on casting from char * to 'aligned *'
+ * Misc fixes and additions to dependency checks
+ * Const correctness
+ * cert_write with selfsign should use issuer_name as subject_name
+ * Fix ECDSA corner case: missing reduction mod N (found by DualTachyon)
+ * Defines to handle UEFI environment under MSVC
+ * Server-side initiated renegotiations send HelloRequest
+
+= PolarSSL 1.3.1 released on 2013-10-15
+Features
+ * Support for Brainpool curves and TLS ciphersuites (RFC 7027)
+ * Support for ECDHE-PSK key-exchange and ciphersuites
+ * Support for RSA-PSK key-exchange and ciphersuites
+
+Changes
+ * RSA blinding locks for a smaller amount of time
+ * TLS compression only allocates working buffer once
+ * Introduced POLARSSL_HAVE_READDIR_R for systems without it
+ * config.h is more script-friendly
+
+Bugfix
+ * Missing MSVC defines added
+ * Compile errors with POLARSSL_RSA_NO_CRT
+ * Header files with 'polarssl/'
+ * Const correctness
+ * Possible naming collision in dhm_context
+ * Better support for MSVC
+ * threading_set_alt() name
+ * Added missing x509write_crt_set_version()
+
+= PolarSSL 1.3.0 released on 2013-10-01
+Features
+ * Elliptic Curve Cryptography module added
+ * Elliptic Curve Diffie Hellman module added
+ * Ephemeral Elliptic Curve Diffie Hellman support for SSL/TLS
+ (ECDHE-based ciphersuites)
+ * Ephemeral Elliptic Curve Digital Signature Algorithm support for SSL/TLS
+ (ECDSA-based ciphersuites)
+ * Ability to specify allowed ciphersuites based on the protocol version.
+ * PSK and DHE-PSK based ciphersuites added
+ * Memory allocation abstraction layer added
+ * Buffer-based memory allocator added (no malloc() / free() / HEAP usage)
+ * Threading abstraction layer added (dummy / pthread / alternate)
+ * Public Key abstraction layer added
+ * Parsing Elliptic Curve keys
+ * Parsing Elliptic Curve certificates
+ * Support for max_fragment_length extension (RFC 6066)
+ * Support for truncated_hmac extension (RFC 6066)
+ * Support for zeros-and-length (ANSI X.923) padding, one-and-zeros
+ (ISO/IEC 7816-4) padding and zero padding in the cipher layer
+ * Support for session tickets (RFC 5077)
+ * Certificate Request (CSR) generation with extensions (key_usage,
+ ns_cert_type)
+ * X509 Certificate writing with extensions (basic_constraints,
+ issuer_key_identifier, etc)
+ * Optional blinding for RSA, DHM and EC
+ * Support for multiple active certificate / key pairs in SSL servers for
+ the same host (Not to be confused with SNI!)
+
+Changes
+ * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
+ individually
+ * Introduced separate SSL Ciphersuites module that is based on
+ Cipher and MD information
+ * Internals for SSL module adapted to have separate IV pointer that is
+ dynamically set (Better support for hardware acceleration)
+ * Moved all OID functionality to a separate module. RSA function
+ prototypes for the RSA sign and verify functions changed as a result
+ * Split up the GCM module into a starts/update/finish cycle
+ * Client and server now filter sent and accepted ciphersuites on minimum
+ and maximum protocol version
+ * Ability to disable server_name extension (RFC 6066)
+ * Renamed error_strerror() to the less conflicting polarssl_strerror()
+ (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
+ * SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
+ * All RSA operations require a random generator for blinding purposes
+ * X509 core refactored
+ * x509_crt_verify() now case insensitive for cn (RFC 6125 6.4)
+ * Also compiles / runs without time-based functions (!POLARSSL_HAVE_TIME)
+ * Support faulty X509 v1 certificates with extensions
+ (POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
+
+Bugfix
+ * Fixed parse error in ssl_parse_certificate_request()
+ * zlib compression/decompression skipped on empty blocks
+ * Support for AIX header locations in net.c module
+ * Fixed file descriptor leaks
+
+Security
+ * RSA blinding on CRT operations to counter timing attacks
+ (found by Cyril Arnaud and Pierre-Alain Fouque)
+
+= Version 1.2.10 released 2013-10-07
+Changes
+ * Changed RSA blinding to a slower but thread-safe version
+
+Bugfix
+ * Fixed memory leak in RSA as a result of introduction of blinding
+ * Fixed ssl_pkcs11_decrypt() prototype
+ * Fixed MSVC project files
+
+= Version 1.2.9 released 2013-10-01
+Changes
+ * x509_verify() now case insensitive for cn (RFC 6125 6.4)
+
+Bugfix
+ * Fixed potential memory leak when failing to resume a session
+ * Fixed potential file descriptor leaks (found by Remi Gacogne)
+ * Minor fixes
+
+Security
+ * Fixed potential heap buffer overflow on large hostname setting
+ * Fixed potential negative value misinterpretation in load_file()
+ * RSA blinding on CRT operations to counter timing attacks
+ (found by Cyril Arnaud and Pierre-Alain Fouque)
+
+= Version 1.2.8 released 2013-06-19
+Features
+ * Parsing of PKCS#8 encrypted private key files
+ * PKCS#12 PBE and derivation functions
+ * Centralized module option values in config.h to allow user-defined
+ settings without editing header files by using POLARSSL_CONFIG_OPTIONS
+
+Changes
+ * HAVEGE random generator disabled by default
+ * Internally split up x509parse_key() into a (PEM) handler function
+ and specific DER parser functions for the PKCS#1 and unencrypted
+ PKCS#8 private key formats
+ * Added mechanism to provide alternative implementations for all
+ symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
+ config.h)
+ * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
+ old PBKDF2 module
+
+Bugfix
+ * Secure renegotiation extension should only be sent in case client
+ supports secure renegotiation
+ * Fixed offset for cert_type list in ssl_parse_certificate_request()
+ * Fixed const correctness issues that have no impact on the ABI
+ * x509parse_crt() now better handles PEM error situations
+ * ssl_parse_certificate() now calls x509parse_crt_der() directly
+ instead of the x509parse_crt() wrapper that can also parse PEM
+ certificates
+ * x509parse_crtpath() is now reentrant and uses more portable stat()
+ * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
+ * Fixed values for 2-key Triple DES in cipher layer
+ * ssl_write_certificate_request() can handle empty ca_chain
+
+Security
+ * A possible DoS during the SSL Handshake, due to faulty parsing of
+ PEM-encoded certificates has been fixed (found by Jack Lloyd)
+
+= Version 1.2.7 released 2013-04-13
+Features
+ * Ability to specify allowed ciphersuites based on the protocol version.
+
+Changes
+ * Default Blowfish keysize is now 128-bits
+ * Test suites made smaller to accommodate Raspberry Pi
+
+Bugfix
+ * Fix for MPI assembly for ARM
+ * GCM adapted to support sizes > 2^29
+
+= Version 1.2.6 released 2013-03-11
+Bugfix
+ * Fixed memory leak in ssl_free() and ssl_reset() for active session
+ * Corrected GCM counter incrementation to use only 32-bits instead of
+ 128-bits (found by Yawning Angel)
+ * Fixes for 64-bit compilation with MS Visual Studio
+ * Fixed net_bind() for specified IP addresses on little endian systems
+ * Fixed assembly code for ARM (Thumb and regular) for some compilers
+
+Changes
+ * Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(),
+ rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and
+ PKCS#1 v2.1 functions
+ * Added support for custom labels when using rsa_rsaes_oaep_encrypt()
+ or rsa_rsaes_oaep_decrypt()
+ * Re-added handling for SSLv2 Client Hello when the define
+ POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set
+ * The SSL session cache module (ssl_cache) now also retains peer_cert
+ information (not the entire chain)
+
+Security
+ * Removed further timing differences during SSL message decryption in
+ ssl_decrypt_buf()
+ * Removed timing differences due to bad padding from
+ rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5
+ operations
+
+= Version 1.2.5 released 2013-02-02
+Changes
+ * Allow enabling of dummy error_strerror() to support some use-cases
+ * Debug messages about padding errors during SSL message decryption are
+ disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
+ * Sending of security-relevant alert messages that do not break
+ interoperability can be switched on/off with the flag
+ POLARSSL_SSL_ALL_ALERT_MESSAGES
+
+Security
+ * Removed timing differences during SSL message decryption in
+ ssl_decrypt_buf() due to badly formatted padding
+
+= Version 1.2.4 released 2013-01-25
+Changes
+ * More advanced SSL ciphersuite representation and moved to more dynamic
+ SSL core
+ * Added ssl_handshake_step() to allow single stepping the handshake process
+
+Bugfix
+ * Memory leak when using RSA_PKCS_V21 operations fixed
+ * Handle future version properly in ssl_write_certificate_request()
+ * Correctly handle CertificateRequest message in client for <= TLS 1.1
+ without DN list
+
+= Version 1.2.3 released 2012-11-26
+Bugfix
+ * Server not always sending correct CertificateRequest message
+
+= Version 1.2.2 released 2012-11-24
+Changes
+ * Added p_hw_data to ssl_context for context specific hardware acceleration
+ data
+ * During verify trust-CA is only checked for expiration and CRL presence
+
+Bugfixes
+ * Fixed client authentication compatibility
+ * Fixed dependency on POLARSSL_SHA4_C in SSL modules
+
+= Version 1.2.1 released 2012-11-20
+Changes
+ * Depth that the certificate verify callback receives is now numbered
+ bottom-up (Peer cert depth is 0)
+
+Bugfixes
+ * Fixes for MSVC6
+ * Moved mpi_inv_mod() outside POLARSSL_GENPRIME
+ * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
+ Pégourié-Gonnard)
+ * Fixed possible segfault in mpi_shift_r() (found by Manuel
+ Pégourié-Gonnard)
+ * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
+
+= Version 1.2.0 released 2012-10-31
+Features
+ * Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak
+ ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
+ default!
+ * Added support for wildcard certificates
+ * Added support for multi-domain certificates through the X509 Subject
+ Alternative Name extension
+ * Added preliminary ASN.1 buffer writing support
+ * Added preliminary X509 Certificate Request writing support
+ * Added key_app_writer example application
+ * Added cert_req example application
+ * Added base Galois Counter Mode (GCM) for AES
+ * Added TLS 1.2 support (RFC 5246)
+ * Added GCM suites to TLS 1.2 (RFC 5288)
+ * Added commandline error code convertor (util/strerror)
+ * Added support for Hardware Acceleration hooking in SSL/TLS
+ * Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and
+ example application (programs/ssl/o_p_test) (requires OpenSSL)
+ * Added X509 CA Path support
+ * Added Thumb assembly optimizations
+ * Added DEFLATE compression support as per RFC3749 (requires zlib)
+ * Added blowfish algorithm (Generic and cipher layer)
+ * Added PKCS#5 PBKDF2 key derivation function
+ * Added Secure Renegotiation (RFC 5746)
+ * Added predefined DHM groups from RFC 5114
+ * Added simple SSL session cache implementation
+ * Added ServerName extension parsing (SNI) at server side
+ * Added option to add minimum accepted SSL/TLS protocol version
+
+Changes
+ * Removed redundant POLARSSL_DEBUG_MSG define
+ * AES code only check for Padlock once
+ * Fixed const-correctness mpi_get_bit()
+ * Documentation for mpi_lsb() and mpi_msb()
+ * Moved out_msg to out_hdr + 32 to support hardware acceleration
+ * Changed certificate verify behaviour to comply with RFC 6125 section 6.3
+ to not match CN if subjectAltName extension is present (Closes ticket #56)
+ * Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to
+ POLARSSL_MODE_CFB, to also handle different block size CFB modes.
+ * Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
+ * Revamped session resumption handling
+ * Generalized external private key implementation handling (like PKCS#11)
+ in SSL/TLS
+ * Revamped x509_verify() and the SSL f_vrfy callback implementations
+ * Moved from unsigned long to fixed width uint32_t types throughout code
+ * Renamed ciphersuites naming scheme to IANA reserved names
+
+Bugfix
+ * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
+ Hui Dong)
+ * Fixed potential heap corruption in x509_name allocation
+ * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
+ * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
+ #52)
+ * Handle encryption with private key and decryption with public key as per
+ RFC 2313
+ * Handle empty certificate subject names
+ * Prevent reading over buffer boundaries on X509 certificate parsing
+ * mpi_add_abs() now correctly handles adding short numbers to long numbers
+ with carry rollover (found by Ruslan Yushchenko)
+ * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
+ * Fixed MPI assembly for SPARC64 platform
+
+Security
+ * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
+ Vanderbeken)
+
+= Version 1.1.8 released on 2013-10-01
+Bugfix
+ * Fixed potential memory leak when failing to resume a session
+ * Fixed potential file descriptor leaks
+
+Security
+ * Potential buffer-overflow for ssl_read_record() (independently found by
+ both TrustInSoft and Paul Brodeur of Leviathan Security Group)
+ * Potential negative value misinterpretation in load_file()
+ * Potential heap buffer overflow on large hostname setting
+
+= Version 1.1.7 released on 2013-06-19
+Changes
+ * HAVEGE random generator disabled by default
+
+Bugfix
+ * x509parse_crt() now better handles PEM error situations
+ * ssl_parse_certificate() now calls x509parse_crt_der() directly
+ instead of the x509parse_crt() wrapper that can also parse PEM
+ certificates
+ * Fixed values for 2-key Triple DES in cipher layer
+ * ssl_write_certificate_request() can handle empty ca_chain
+
+Security
+ * A possible DoS during the SSL Handshake, due to faulty parsing of
+ PEM-encoded certificates has been fixed (found by Jack Lloyd)
+
+= Version 1.1.6 released on 2013-03-11
+Bugfix
+ * Fixed net_bind() for specified IP addresses on little endian systems
+
+Changes
+ * Allow enabling of dummy error_strerror() to support some use-cases
+ * Debug messages about padding errors during SSL message decryption are
+ disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
+
+Security
+ * Removed timing differences during SSL message decryption in
+ ssl_decrypt_buf()
+ * Removed timing differences due to bad padding from
+ rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5
+ operations
+
+= Version 1.1.5 released on 2013-01-16
+Bugfix
+ * Fixed MPI assembly for SPARC64 platform
+ * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
+ * mpi_add_abs() now correctly handles adding short numbers to long numbers
+ with carry rollover
+ * Moved mpi_inv_mod() outside POLARSSL_GENPRIME
+ * Prevent reading over buffer boundaries on X509 certificate parsing
+ * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
+ #52)
+ * Fixed possible segfault in mpi_shift_r() (found by Manuel
+ Pégourié-Gonnard)
+ * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
+ Pégourié-Gonnard)
+ * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
+ * Memory leak when using RSA_PKCS_V21 operations fixed
+ * Handle encryption with private key and decryption with public key as per
+ RFC 2313
+ * Fixes for MSVC6
+
+Security
+ * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
+ Vanderbeken)
+
+= Version 1.1.4 released on 2012-05-31
+Bugfix
+ * Correctly handle empty SSL/TLS packets (Found by James Yonan)
+ * Fixed potential heap corruption in x509_name allocation
+ * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
+
+= Version 1.1.3 released on 2012-04-29
+Bugfix
+ * Fixed random MPI generation to not generate more size than requested.
= Version 1.1.2 released on 2012-04-26
Bugfix
management (Closes ticket #44)
* Changed the used random function pointer to more flexible format. Renamed
havege_rand() to havege_random() to prevent mistakes. Lots of changes as
- a consequence in library code and programs
+ a consequence in library code and programs
* Moved all examples programs to use the new entropy and CTR_DRBG
* Added permissive certificate parsing to x509parse_crt() and
x509parse_crtfile(). With permissive parsing the parsing does not stop on
- encountering a parse-error. Beware that the meaning of return values has
- changed!
+ encountering a parse-error. Beware that the meaning of return values has
+ changed!
* All error codes are now negative. Even on mermory failures and IO errors.
Bugfix
Features
* Added additional Cipher Block Modes to symmetric ciphers
(AES CTR, Camellia CTR, XTEA CBC) including the option to
- enable and disable individual modes when needed
+ enable and disable individual modes when needed
* Functions requiring File System functions can now be disabled
by undefining POLARSSL_FS_IO
* A error_strerror function() has been added to translate between
Changes
* Major argument / variable rewrite. Introduced use of size_t
instead of int for buffer lengths and loop variables for
- better unsigned / signed use. Renamed internal bigint types
- t_int and t_dbl to t_uint and t_udbl in the process
+ better unsigned / signed use. Renamed internal bigint types
+ t_int and t_dbl to t_uint and t_udbl in the process
* mpi_init() and mpi_free() now only accept a single MPI
argument and do not accept variable argument lists anymore.
* The error codes have been remapped and combining error codes
is now done with a PLUS instead of an OR as error codes
- used are negative.
+ used are negative.
* Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv().
net_recv() now returns 0 on EOF instead of
- POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns
- POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
- ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received
- after the handshake.
+ POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns
+ POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
+ ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received
+ after the handshake.
* Network functions now return POLARSSL_ERR_NET_WANT_READ or
POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous
- POLARSSL_ERR_NET_TRY_AGAIN
+ POLARSSL_ERR_NET_TRY_AGAIN
= Version 0.99-pre4 released on 2011-04-01
Features
displays actual bit size of the value.
* x509parse_key() (and as a consequence x509parse_keyfile())
does not zeroize memory in advance anymore. Use rsa_init()
- before parsing a key or keyfile!
+ before parsing a key or keyfile!
Bugfix
* Debug output of MPI's now the same independent of underlying
platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads
- Kiilerich and Mihai Militaru)
+ Kiilerich and Mihai Militaru)
* Fixed bug in ssl_write() when flushing old data (Fixed ticket
#18, found by Nikolay Epifanov)
* Fixed proper handling of RSASSA-PSS verification with variable
Changes
* Parsing of PEM files moved to separate module (Fixes
ticket #13). Also possible to remove PEM support for
- systems only using DER encoding
+ systems only using DER encoding
Bugfixes
* Corrected parsing of UTCTime dates before 1990 and
* Replaced the expired test certificates
* Do not bail out if no client certificate specified. Try
to negotiate anonymous connection (Fixes ticket #12,
- found by Boris Krasnovskiy)
+ found by Boris Krasnovskiy)
Security fixes
* Fixed a possible Man-in-the-Middle attack on the
Diffie Hellman key exchange (thanks to Larry Highsmith,
- Subreption LLC)
+ Subreption LLC)
= Version 0.99-pre1 released on 2011-01-30
Features
the existing date check
* The ciphers member of ssl_context and the cipher member
of ssl_session have been renamed to ciphersuites and
- ciphersuite respectively. This clarifies the difference
- with the generic cipher layer and is better naming
- altogether
+ ciphersuite respectively. This clarifies the difference
+ with the generic cipher layer and is better naming
+ altogether
= Version 0.14.0 released on 2010-08-16
Features
* Made Makefile cleaner
* Removed dependency on rand() in rsa_pkcs1_encrypt().
Now using random fuction provided to function and
- changed the prototype of rsa_pkcs1_encrypt(),
- rsa_init() and rsa_gen_key().
+ changed the prototype of rsa_pkcs1_encrypt(),
+ rsa_init() and rsa_gen_key().
* Some SSL defines were renamed in order to avoid
future confusion
in a function to allow easy future expansion
* Changed symmetric cipher functions to
identical interface (returning int result values)
- * Changed ARC4 to use seperate input/output buffer
+ * Changed ARC4 to use separate input/output buffer
* Added reset function for HMAC context as speed-up
for specific use-cases
* Multiple fixes to enhance the compatibility with g++,
thanks to Xosé Antón Otero Ferreira
* Fixed a bug in the CBC code, thanks to dowst; also,
- the bignum code is no longer dependant on long long
+ the bignum code is no longer dependent on long long
* Updated rsa_pkcs1_sign to handle arbitrary large inputs
* Updated timing.c for improved compatibility with i386
and 486 processors, thanks to Arnaud Cornet
--- /dev/null
+Site: localhost
+BuildName: PolarSSL-test
+CoverageCommand: /usr/bin/gcov
+MemoryCheckCommand: /usr/bin/valgrind
all:
cd library && $(MAKE) all && cd ..
-install:
+lib:
+ cd library && $(MAKE) all && cd ..
+install:
+
uninstall:
-distclean: clean
-
clean:
cd library && $(MAKE) clean && cd ..
distdir:
mkdir -p $(distdir)
- cp ChangeLog LICENSE Makefile README $(distdir)
+ cp ChangeLog LICENSE Makefile README.rst $(distdir)
mkdir $(distdir)/library
mkdir -p $(distdir)/include/polarssl
cp library/Makefile library/*.c $(distdir)/library
--- /dev/null
+===================
+README for PolarSSL
+===================
+
+Compiling
+=========
+
+There are currently three active build systems within the PolarSSL releases:
+
+- Make
+- CMake
+- Microsoft Visual Studio
+
+The main system used for development is CMake. That system is always the most up-to-date. The others should reflect all changes present in the CMake build system, but some features are not ported there by default.
+
+Make
+----
+
+We intentionally only use the absolute minimum of **Make** functionality, as we have discovered that a lot of **Make** features are not supported on all different implementations of Make on different platforms. As such, the Makefiles sometimes require some handwork or `export` statements in order to work for your platform.
+
+In order to build the source using Make, just enter at the command line:
+
+ make
+
+In order to run the tests, enter:
+
+ make check
+
+Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the PolarSSL Knowledge Base <https://polarssl.org/kb>`_ for articles on your platform or issue.
+
+In case you find that you need to do something else as well, please let us know what, so we can add it to the KB.
+
+CMake
+-----
+
+In order to build the source using CMake, just enter at the command line:
+
+ cmake .
+
+ make
+
+There are 3 different active build modes specified within the CMake buildsystem:
+
+- Release.
+ This generates the default code without any unnecessary information in the binary files.
+- Debug.
+ This generates debug information and disables optimization of the code.
+- Coverage.
+ This generates code coverage information in addition to debug information.
+
+Switching build modes in CMake is simple. For debug mode, enter at the command line:
+
+ cmake -D CMAKE_BUILD_TYPE:String="Debug" .
+
+In order to run the tests, enter:
+
+ make test
+
+Microsoft Visual Studio
+-----------------------
+
+The build files for Microsoft Visual Studio are generated for Visual Studio 6.0 all future Visual Studio's should be able to open and use this older version of the build files.
+
+The workspace 'polarssl.dsw' contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well.
+
+Example programs
+================
+
+We've included example programs for a lot of different features and uses in *programs/*. Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code.
+
+Tests
+=====
+
+PolarSSL includes a elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
+
+Contributing
+============
+
+#. `Check for open issues <https://github.com/polarssl/polarssl/issues>`_ or
+ `start a discussion <https://polarssl.org/discussions>`_ around a feature
+ idea or a bug.
+#. Fork the `PolarSSL repository on Github <https://github.com/polarssl/polarssl>`_
+ to start making your changes.
+#. Write a test which shows that the bug was fixed or that the feature works
+ as expected.
+#. Send a pull request and bug us until it gets merged and published. We will
+ include your name in the ChangeLog :)
*
* \brief AES block cipher
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_AES_H
#define POLARSSL_AES_H
+#include "config.h"
+
#include <string.h>
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
#define AES_ENCRYPT 1
#define AES_DECRYPT 0
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
+#if !defined(POLARSSL_AES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief AES context structure
*/
typedef struct
{
int nr; /*!< number of rounds */
- unsigned long *rk; /*!< AES round keys */
- unsigned long buf[68]; /*!< unaligned data */
+ uint32_t *rk; /*!< AES round keys */
+ uint32_t buf[68]; /*!< unaligned data */
}
aes_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief AES key schedule (encryption)
*
const unsigned char input[16],
unsigned char output[16] );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/**
* \brief AES-CBC buffer encryption/decryption
* Length should be a multiple of the block
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
/**
* \brief AES-CFB128 buffer encryption/decryption.
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
- * both
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief AES-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
+ * \param ctx AES context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_AES_ALT */
+#include "aes_alt.h"
+#endif /* POLARSSL_AES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Checkup routine
*
*
* \brief The ARCFOUR stream cipher
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_ARC4_H
#define POLARSSL_ARC4_H
+#include "config.h"
+
#include <string.h>
+#if !defined(POLARSSL_ARC4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief ARC4 context structure
*/
}
arc4_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief ARC4 key schedule
*
* \param ctx ARC4 context to be initialized
* \param key the secret key
- * \param keylen length of the key
+ * \param keylen length of the key, in bytes
*/
void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen );
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
-/*
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_ARC4_ALT */
+#include "arc4_alt.h"
+#endif /* POLARSSL_ARC4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*
* \brief Generic ASN.1 parsing
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* ASN1 is a standard to specify data structures.
* \{
*/
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014 /**< Out of data when parsing an ASN1 data structure. */
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 /**< ASN1 tag was of an unexpected value. */
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 /**< Error when trying to determine the length or invalid length. */
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A /**< Actual length differs from expected length. */
-#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C /**< Data is invalid. (not used) */
-#define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x001E /**< Memory allocation failed */
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Out of data when parsing an ASN1 data structure. */
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< ASN1 tag was of an unexpected value. */
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Error when trying to determine the length or invalid length. */
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Actual length differs from expected length. */
+#define POLARSSL_ERR_ASN1_INVALID_DATA -0x0068 /**< Data is invalid. (not used) */
+#define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x006A /**< Memory allocation failed */
+#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Buffer too small when writing ASN.1 data structure. */
+
/* \} name */
/**
/** Returns the size of the binary string, without the trailing \\0 */
#define OID_SIZE(x) (sizeof(x) - 1)
+/** Compares two asn1_buf structures for the same OID. Only works for
+ * 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a 'unsigned
+ * char *oid' here!
+ */
+#define OID_CMP(oid_str, oid_buf) \
+ ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
+ memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0 )
+
#ifdef __cplusplus
extern "C" {
#endif
asn1_sequence;
/**
- * Get the length of an ASN.1 element.
- * Updates the pointer to immediately behind the length.
+ * Container for a sequence or list of 'named' ASN.1 data items
+ */
+typedef struct _asn1_named_data
+{
+ asn1_buf oid; /**< The object identifier. */
+ asn1_buf val; /**< The named value. */
+ struct _asn1_named_data *next; /**< The next entry in the sequence. */
+}
+asn1_named_data;
+
+/**
+ * \brief Get the length of an ASN.1 element.
+ * Updates the pointer to immediately behind the length.
*
* \param p The position in the ASN.1 data
* \param end End of data
size_t *len );
/**
- * Get the tag and length of the tag. Check for the requested tag.
- * Updates the pointer to immediately behind the tag and length.
+ * \brief Get the tag and length of the tag. Check for the requested tag.
+ * Updates the pointer to immediately behind the tag and length.
*
* \param p The position in the ASN.1 data
* \param end End of data
size_t *len, int tag );
/**
- * Retrieve a boolean ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
+ * \brief Retrieve a boolean ASN.1 tag and its value.
+ * Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
int *val );
/**
- * Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
+ * \brief Retrieve an integer ASN.1 tag and its value.
+ * Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
int *val );
/**
- * Retrieve a bitstring ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
+ * \brief Retrieve a bitstring ASN.1 tag and its value.
+ * Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
asn1_bitstring *bs);
/**
- * Parses and splits an ASN.1 "SEQUENCE OF <tag>"
- * Updated the pointer to immediately behind the full sequence tag.
+ * \brief Retrieve a bitstring ASN.1 tag without unused bits and its
+ * value.
+ * Updates the pointer to the beginning of the bit/octet string.
+ *
+ * \param p The position in the ASN.1 data
+ * \param end End of data
+ * \param len Length of the actual bit/octect string in bytes
+ *
+ * \return 0 if successful or a specific ASN.1 error code.
+ */
+int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+ size_t *len );
+
+/**
+ * \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>"
+ * Updated the pointer to immediately behind the full sequence tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
#if defined(POLARSSL_BIGNUM_C)
/**
- * Retrieve a MPI value from an integer ASN.1 tag.
- * Updates the pointer to immediately behind the full tag.
+ * \brief Retrieve a MPI value from an integer ASN.1 tag.
+ * Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
mpi *X );
#endif
+/**
+ * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
+ * Updates the pointer to immediately behind the full
+ * AlgorithmIdentifier.
+ *
+ * \param p The position in the ASN.1 data
+ * \param end End of data
+ * \param alg The buffer to receive the OID
+ * \param params The buffer to receive the params (if any)
+ *
+ * \return 0 if successful or a specific ASN.1 or MPI error code.
+ */
+int asn1_get_alg( unsigned char **p,
+ const unsigned char *end,
+ asn1_buf *alg, asn1_buf *params );
+
+/**
+ * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+ * params.
+ * Updates the pointer to immediately behind the full
+ * AlgorithmIdentifier.
+ *
+ * \param p The position in the ASN.1 data
+ * \param end End of data
+ * \param alg The buffer to receive the OID
+ *
+ * \return 0 if successful or a specific ASN.1 or MPI error code.
+ */
+int asn1_get_alg_null( unsigned char **p,
+ const unsigned char *end,
+ asn1_buf *alg );
+
+/**
+ * \brief Find a specific named_data entry in a sequence or list based on
+ * the OID.
+ *
+ * \param list The list to seek through
+ * \param oid The OID to look for
+ * \param len Size of the OID
+ *
+ * \return NULL if not found, or a pointer to the existing entry.
+ */
+asn1_named_data *asn1_find_named_data( asn1_named_data *list,
+ const char *oid, size_t len );
+
+/**
+ * \brief Free a asn1_named_data entry
+ *
+ * \param entry The named data entry to free
+ */
+void asn1_free_named_data( asn1_named_data *entry );
+
+/**
+ * \brief Free all entries in a asn1_named_data list
+ * Head will be set to NULL
+ *
+ * \param head Pointer to the head of the list of named data entries to free
+ */
+void asn1_free_named_data_list( asn1_named_data **head );
+
#ifdef __cplusplus
}
#endif
--- /dev/null
+/**
+ * \file asn1write.h
+ *
+ * \brief ASN.1 buffer writing functionality
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_ASN1_WRITE_H
+#define POLARSSL_ASN1_WRITE_H
+
+#include "asn1.h"
+
+#define ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else g += ret; } while( 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Write a length field in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param len the length to write
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
+
+/**
+ * \brief Write a ASN.1 tag in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param tag the tag to write
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
+
+/**
+ * \brief Write raw buffer data
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param buf data buffer to write
+ * \param size length of the data buffer
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size );
+
+#if defined(POLARSSL_BIGNUM_C)
+/**
+ * \brief Write a big number (ASN1_INTEGER) in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param X the MPI to write
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
+#endif
+
+/**
+ * \brief Write a NULL tag (ASN1_NULL) with zero data in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_null( unsigned char **p, unsigned char *start );
+
+/**
+ * \brief Write an OID tag (ASN1_OID) and data in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param oid the OID to write
+ * \param oid_len length of the OID
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_oid( unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len );
+
+/**
+ * \brief Write an AlgorithmIdentifier sequence in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param oid the OID of the algorithm
+ * \param oid_len length of the OID
+ * \param par_len length of parameters, which must be already written.
+ * If 0, NULL parameters are added
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len );
+
+/**
+ * \brief Write a boolean tag (ASN1_BOOLEAN) and value in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param boolean 0 or 1
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
+
+/**
+ * \brief Write an int tag (ASN1_INTEGER) and value in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param val the integer value
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_int( unsigned char **p, unsigned char *start, int val );
+
+/**
+ * \brief Write a printable string tag (ASN1_PRINTABLE_STRING) and
+ * value in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param text the text to write
+ * \param text_len length of the text
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_printable_string( unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len );
+
+/**
+ * \brief Write an IA5 string tag (ASN1_IA5_STRING) and
+ * value in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param text the text to write
+ * \param text_len length of the text
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len );
+
+/**
+ * \brief Write a bitstring tag (ASN1_BIT_STRING) and
+ * value in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param buf the bitstring
+ * \param bits the total number of bits in the bitstring
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_bitstring( unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t bits );
+
+/**
+ * \brief Write an octet string tag (ASN1_OCTET_STRING) and
+ * value in ASN.1 format
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param buf data buffer to write
+ * \param size length of the data buffer
+ *
+ * \return the length written or a negative error code
+ */
+int asn1_write_octet_string( unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size );
+
+/**
+ * \brief Create or find a specific named_data entry for writing in a
+ * sequence or list based on the OID. If not already in there,
+ * a new entry is added to the head of the list.
+ * Warning: Destructive behaviour for the val data!
+ *
+ * \param list Pointer to the location of the head of the list to seek
+ * through (will be updated in case of a new entry)
+ * \param oid The OID to look for
+ * \param oid_len Size of the OID
+ * \param val Data to store (can be NULL if you want to fill it by hand)
+ * \param val_len Minimum length of the data buffer needed
+ *
+ * \return NULL if if there was a memory allocation error, or a pointer
+ * to the new / existing entry.
+ */
+asn1_named_data *asn1_store_named_data( asn1_named_data **list,
+ const char *oid, size_t oid_len,
+ const unsigned char *val,
+ size_t val_len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* POLARSSL_ASN1_WRITE_H */
*
* \brief RFC 1521 base64 encoding/decoding
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
/**
* \brief Decode a base64-formatted buffer
*
- * \param dst destination buffer
+ * \param dst destination buffer (can be NULL for checking size)
* \param dlen size of the buffer
* \param src source buffer
* \param slen amount of data to be decoded
*
* \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, or
- * POLARSSL_ERR_BASE64_INVALID_DATA if the input data is not
- * correct. *dlen is always updated to reflect the amount
+ * POLARSSL_ERR_BASE64_INVALID_CHARACTER if the input data is
+ * not correct. *dlen is always updated to reflect the amount
* of data that has (or would have) been written.
*
- * \note Call this function with *dlen = 0 to obtain the
- * required buffer size in *dlen
+ * \note Call this function with *dst = NULL or *dlen = 0 to obtain
+ * the required buffer size in *dlen
*/
int base64_decode( unsigned char *dst, size_t *dlen,
const unsigned char *src, size_t slen );
*
* \brief Multi-precision integer library
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "config.h"
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+#if (_MSC_VER <= 1200)
+typedef signed short int16_t;
+typedef unsigned short uint16_t;
+#else
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+#endif
+typedef INT32 int32_t;
+typedef INT64 int64_t;
+typedef UINT32 uint32_t;
+typedef UINT64 uint64_t;
+#else
+#include <inttypes.h>
+#endif
+
#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */
#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */
*/
#define POLARSSL_MPI_MAX_LIMBS 10000
+#if !defined(POLARSSL_CONFIG_OPTIONS)
/*
* Maximum window size used for modular exponentiation. Default: 6
* Minimum value: 1. Maximum value: 6.
/*
* Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits )
+ * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
*
* Note: Calculations can results temporarily in larger MPIs. So the number
* of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
*/
#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
#define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
/*
- * When reading from files with mpi_read_file() the buffer should have space
+ * When reading from files with mpi_read_file() and writing to files with
+ * mpi_write_file() the buffer should have space
* for a (short) label, the MPI (in the provided radix), the newline
* characters and the '\0'.
*
* By default we assume at least a 10 char label, a minimum radix of 10
* (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
+ * Autosized at compile time for at least a 10 char label, a minimum radix
+ * of 10 (decimal) for a number of POLARSSL_MPI_MAX_BITS size.
+ *
+ * This used to be statically sized to 1250 for a maximum of 4096 bit
+ * numbers (1234 decimal chars).
+ *
+ * Calculate using the formula:
+ * POLARSSL_MPI_RW_BUFFER_SIZE = ceil(POLARSSL_MPI_MAX_BITS / ln(10) * ln(2)) +
+ * LabelSize + 6
*/
-#define POLARSSL_MPI_READ_BUFFER_SIZE 1250
+#define POLARSSL_MPI_MAX_BITS_SCALE100 ( 100 * POLARSSL_MPI_MAX_BITS )
+#define LN_2_DIV_LN_10_SCALE100 332
+#define POLARSSL_MPI_RW_BUFFER_SIZE ( ((POLARSSL_MPI_MAX_BITS_SCALE100 + LN_2_DIV_LN_10_SCALE100 - 1) / LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
/*
* Define the base integer type, architecture-wise
#if defined(POLARSSL_HAVE_INT8)
typedef signed char t_sint;
typedef unsigned char t_uint;
-typedef unsigned short t_udbl;
+typedef uint16_t t_udbl;
+#define POLARSSL_HAVE_UDBL
#else
#if defined(POLARSSL_HAVE_INT16)
-typedef signed short t_sint;
-typedef unsigned short t_uint;
-typedef unsigned long t_udbl;
+typedef int16_t t_sint;
+typedef uint16_t t_uint;
+typedef uint32_t t_udbl;
+#define POLARSSL_HAVE_UDBL
#else
- typedef signed long t_sint;
- typedef unsigned long t_uint;
- #if defined(_MSC_VER) && defined(_M_IX86)
- typedef unsigned __int64 t_udbl;
+ #if ( defined(_MSC_VER) && defined(_M_AMD64) )
+ #define POLARSSL_HAVE_INT64
+ typedef int64_t t_sint;
+ typedef uint64_t t_uint;
#else
- #if defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- (defined(__sparc__) && defined(__arch64__)) || \
- defined(__s390x__) )
- typedef unsigned int t_udbl __attribute__((mode(TI)));
- #define POLARSSL_HAVE_LONGLONG
+ #if ( defined(__GNUC__) && ( \
+ defined(__amd64__) || defined(__x86_64__) || \
+ defined(__ppc64__) || defined(__powerpc64__) || \
+ defined(__ia64__) || defined(__alpha__) || \
+ (defined(__sparc__) && defined(__arch64__)) || \
+ defined(__s390x__) ) )
+ #define POLARSSL_HAVE_INT64
+ typedef int64_t t_sint;
+ typedef uint64_t t_uint;
+ typedef unsigned int t_udbl __attribute__((mode(TI)));
+ #define POLARSSL_HAVE_UDBL
#else
- #if defined(POLARSSL_HAVE_LONGLONG)
- typedef unsigned long long t_udbl;
- #endif
+ #define POLARSSL_HAVE_INT32
+ typedef int32_t t_sint;
+ typedef uint32_t t_uint;
+ #if ( defined(_MSC_VER) && defined(_M_IX86) )
+ typedef uint64_t t_udbl;
+ #define POLARSSL_HAVE_UDBL
+ #else
+ #if defined( POLARSSL_HAVE_LONGLONG )
+ typedef unsigned long long t_udbl;
+ #define POLARSSL_HAVE_UDBL
+ #endif
+ #endif
#endif
#endif
-#endif
+#endif /* POLARSSL_HAVE_INT16 */
+#endif /* POLARSSL_HAVE_INT8 */
+
+#ifdef __cplusplus
+extern "C" {
#endif
/**
}
mpi;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Initialize one MPI
*
*/
int mpi_lset( mpi *X, t_sint z );
-/*
+/**
* \brief Get a specific bit from X
*
* \param X MPI to use
*
* \return Either a 0 or a 1
*/
-int mpi_get_bit( mpi *X, size_t pos );
+int mpi_get_bit( const mpi *X, size_t pos );
-/*
+/**
* \brief Set a bit of X to a specific value of 0 or 1
*
* \note Will grow X if necessary to set a bit to 1 in a not yet
int mpi_set_bit( mpi *X, size_t pos, unsigned char val );
/**
- * \brief Return the number of least significant bits
+ * \brief Return the number of zero-bits before the least significant
+ * '1' bit
+ *
+ * Note: Thus also the zero-based index of the least significant '1' bit
*
* \param X MPI to use
*/
size_t mpi_lsb( const mpi *X );
/**
- * \brief Return the number of most significant bits
+ * \brief Return the number of bits up to and including the most
+ * significant '1' bit'
+ *
+ * Note: Thus also the one-based index of the most significant '1' bit
*
* \param X MPI to use
*/
*/
int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
+#if defined(POLARSSL_FS_IO)
/**
* \brief Read X from an opened file
*
* \note Set fout == NULL to print X on the console.
*/
int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
+#endif /* POLARSSL_FS_IO */
/**
* \brief Import X from unsigned binary data, big endian
int mpi_add_abs( mpi *X, const mpi *A, const mpi *B );
/**
- * \brief Unsigned substraction: X = |A| - |B|
+ * \brief Unsigned subtraction: X = |A| - |B|
*
* \param X Destination MPI
* \param A Left-hand MPI
int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
/**
- * \brief Signed substraction: X = A - B
+ * \brief Signed subtraction: X = A - B
*
* \param X Destination MPI
* \param A Left-hand MPI
int mpi_add_int( mpi *X, const mpi *A, t_sint b );
/**
- * \brief Signed substraction: X = A - b
+ * \brief Signed subtraction: X = A - b
*
* \param X Destination MPI
* \param A Left-hand MPI
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
+ * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even or if
+ * E is negative
*
* \note _RR is used to avoid re-computing R*R mod N across
* multiple calls, which speeds up things a bit. It can
--- /dev/null
+/**
+ * \file blowfish.h
+ *
+ * \brief Blowfish block cipher
+ *
+ * Copyright (C) 2012-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_BLOWFISH_H
+#define POLARSSL_BLOWFISH_H
+
+#include "config.h"
+
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define BLOWFISH_ENCRYPT 1
+#define BLOWFISH_DECRYPT 0
+#define BLOWFISH_MAX_KEY 448
+#define BLOWFISH_MIN_KEY 32
+#define BLOWFISH_ROUNDS 16 /* when increasing this value, make sure to extend the initialisation vectors */
+#define BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
+
+#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
+#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
+
+#if !defined(POLARSSL_BLOWFISH_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Blowfish context structure
+ */
+typedef struct
+{
+ uint32_t P[BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
+ uint32_t S[4][256]; /*!< key dependent S-boxes */
+}
+blowfish_context;
+
+/**
+ * \brief Blowfish key schedule
+ *
+ * \param ctx Blowfish context to be initialized
+ * \param key encryption key
+ * \param keysize must be between 32 and 448 bits
+ *
+ * \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ */
+int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsigned int keysize );
+
+/**
+ * \brief Blowfish-ECB block encryption/decryption
+ *
+ * \param ctx Blowfish context
+ * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param input 8-byte input block
+ * \param output 8-byte output block
+ *
+ * \return 0 if successful
+ */
+int blowfish_crypt_ecb( blowfish_context *ctx,
+ int mode,
+ const unsigned char input[BLOWFISH_BLOCKSIZE],
+ unsigned char output[BLOWFISH_BLOCKSIZE] );
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/**
+ * \brief Blowfish-CBC buffer encryption/decryption
+ * Length should be a multiple of the block
+ * size (8 bytes)
+ *
+ * \param ctx Blowfish context
+ * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ */
+int blowfish_crypt_cbc( blowfish_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+/**
+ * \brief Blowfish CFB buffer encryption/decryption.
+ *
+ * \param ctx Blowfish context
+ * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param length length of the input data
+ * \param iv_off offset in IV (updated after use)
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful
+ */
+int blowfish_crypt_cfb64( blowfish_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /*POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+/**
+ * \brief Blowfish-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * \param ctx Blowfish context
+ * \param length The length of the data
+ * \param nc_off The offset in the current stream_block (for resuming
+ * within current cipher stream). The offset pointer to
+ * should be 0 at the start of a stream.
+ * \param nonce_counter The 64-bit nonce and counter.
+ * \param stream_block The saved stream-block for resuming. Is overwritten
+ * by the function.
+ * \param input The input data stream
+ * \param output The output data stream
+ *
+ * \return 0 if successful
+ */
+int blowfish_crypt_ctr( blowfish_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[BLOWFISH_BLOCKSIZE],
+ unsigned char stream_block[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_BLOWFISH_ALT */
+#include "blowfish_alt.h"
+#endif /* POLARSSL_BLOWFISH_ALT */
+
+#endif /* blowfish.h */
#endif /* PPC32 */
#endif /* PPC64 */
-#if defined(__sparc__)
+#if defined(__sparc__) && defined(__sparc64__)
#define MULADDC_INIT \
- asm( "ld %0, %%o0 " :: "m" (s)); \
- asm( "ld %0, %%o1 " :: "m" (d)); \
- asm( "ld %0, %%o2 " :: "m" (c)); \
- asm( "ld %0, %%o3 " :: "m" (b));
+ asm( \
+ " \
+ ldx %3, %%o0; \
+ ldx %4, %%o1; \
+ ld %5, %%o2; \
+ ld %6, %%o3; \
+ "
#define MULADDC_CORE \
- asm( "ld [%o0], %o4 " ); \
- asm( "inc 4, %o0 " ); \
- asm( "ld [%o1], %o5 " ); \
- asm( "umul %o3, %o4, %o4 " ); \
- asm( "addcc %o4, %o2, %o4 " ); \
- asm( "rd %y, %g1 " ); \
- asm( "addx %g1, 0, %g1 " ); \
- asm( "addcc %o4, %o5, %o4 " ); \
- asm( "st %o4, [%o1] " ); \
- asm( "addx %g1, 0, %o2 " ); \
- asm( "inc 4, %o1 " );
+ " \
+ ld [%%o0], %%o4; \
+ inc 4, %%o0; \
+ ld [%%o1], %%o5; \
+ umul %%o3, %%o4, %%o4; \
+ addcc %%o4, %%o2, %%o4; \
+ rd %%y, %%g1; \
+ addx %%g1, 0, %%g1; \
+ addcc %%o4, %%o5, %%o4; \
+ st %%o4, [%%o1]; \
+ addx %%g1, 0, %%o2; \
+ inc 4, %%o1; \
+ "
+
+#define MULADDC_STOP \
+ " \
+ st %%o2, %0; \
+ stx %%o1, %1; \
+ stx %%o0, %2; \
+ " \
+ : "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "g1", "o0", "o1", "o2", "o3", "o4", \
+ "o5" \
+ );
+#endif /* SPARCv9 */
+
+#if defined(__sparc__) && !defined(__sparc64__)
+
+#define MULADDC_INIT \
+ asm( \
+ " \
+ ld %3, %%o0; \
+ ld %4, %%o1; \
+ ld %5, %%o2; \
+ ld %6, %%o3; \
+ "
+
+#define MULADDC_CORE \
+ " \
+ ld [%%o0], %%o4; \
+ inc 4, %%o0; \
+ ld [%%o1], %%o5; \
+ umul %%o3, %%o4, %%o4; \
+ addcc %%o4, %%o2, %%o4; \
+ rd %%y, %%g1; \
+ addx %%g1, 0, %%g1; \
+ addcc %%o4, %%o5, %%o4; \
+ st %%o4, [%%o1]; \
+ addx %%g1, 0, %%o2; \
+ inc 4, %%o1; \
+ "
#define MULADDC_STOP \
- asm( "st %%o2, %0 " : "=m" (c)); \
- asm( "st %%o1, %0 " : "=m" (d)); \
- asm( "st %%o0, %0 " : "=m" (s) :: \
- "g1", "o0", "o1", "o2", "o3", "o4", "o5" );
+ " \
+ st %%o2, %0; \
+ st %%o1, %1; \
+ st %%o0, %2; \
+ " \
+ : "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "g1", "o0", "o1", "o2", "o3", "o4", \
+ "o5" \
+ );
#endif /* SPARCv8 */
#if defined(__arm__)
-#if !defined(__thumb__)
+#if defined(__thumb__) && !defined(__thumb2__)
+
+#define MULADDC_INIT \
+ asm( \
+ " \
+ ldr r0, %3; \
+ ldr r1, %4; \
+ ldr r2, %5; \
+ ldr r3, %6; \
+ lsr r7, r3, #16; \
+ mov r9, r7; \
+ lsl r7, r3, #16; \
+ lsr r7, r7, #16; \
+ mov r8, r7; \
+ "
+
+#define MULADDC_CORE \
+ " \
+ ldmia r0!, {r6}; \
+ lsr r7, r6, #16; \
+ lsl r6, r6, #16; \
+ lsr r6, r6, #16; \
+ mov r4, r8; \
+ mul r4, r6; \
+ mov r3, r9; \
+ mul r6, r3; \
+ mov r5, r9; \
+ mul r5, r7; \
+ mov r3, r8; \
+ mul r7, r3; \
+ lsr r3, r6, #16; \
+ add r5, r5, r3; \
+ lsr r3, r7, #16; \
+ add r5, r5, r3; \
+ add r4, r4, r2; \
+ mov r2, #0; \
+ adc r5, r2; \
+ lsl r3, r6, #16; \
+ add r4, r4, r3; \
+ adc r5, r2; \
+ lsl r3, r7, #16; \
+ add r4, r4, r3; \
+ adc r5, r2; \
+ ldr r3, [r1]; \
+ add r4, r4, r3; \
+ adc r2, r5; \
+ stmia r1!, {r4}; \
+ "
+
+#define MULADDC_STOP \
+ " \
+ str r2, %0; \
+ str r1, %1; \
+ str r0, %2; \
+ " \
+ : "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "r0", "r1", "r2", "r3", "r4", "r5", \
+ "r6", "r7", "r8", "r9", "cc" \
+ );
+
+#else
#define MULADDC_INIT \
- asm( "ldr r0, %0 " :: "m" (s)); \
- asm( "ldr r1, %0 " :: "m" (d)); \
- asm( "ldr r2, %0 " :: "m" (c)); \
- asm( "ldr r3, %0 " :: "m" (b));
+ asm( \
+ " \
+ ldr r0, %3; \
+ ldr r1, %4; \
+ ldr r2, %5; \
+ ldr r3, %6; \
+ "
#define MULADDC_CORE \
- asm( "ldr r4, [r0], #4 " ); \
- asm( "mov r5, #0 " ); \
- asm( "ldr r6, [r1] " ); \
- asm( "umlal r2, r5, r3, r4 " ); \
- asm( "adds r7, r6, r2 " ); \
- asm( "adc r2, r5, #0 " ); \
- asm( "str r7, [r1], #4 " );
+ " \
+ ldr r4, [r0], #4; \
+ mov r5, #0; \
+ ldr r6, [r1]; \
+ umlal r2, r5, r3, r4; \
+ adds r7, r6, r2; \
+ adc r2, r5, #0; \
+ str r7, [r1], #4; \
+ "
#define MULADDC_STOP \
- asm( "str r2, %0 " : "=m" (c)); \
- asm( "str r1, %0 " : "=m" (d)); \
- asm( "str r0, %0 " : "=m" (s) :: \
- "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7" );
+ " \
+ str r2, %0; \
+ str r1, %1; \
+ str r0, %2; \
+ " \
+ : "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "r0", "r1", "r2", "r3", "r4", "r5", \
+ "r6", "r7", "cc" \
+ );
#endif /* Thumb */
#endif /* POLARSSL_HAVE_ASM */
#if !defined(MULADDC_CORE)
-#if defined(POLARSSL_HAVE_LONGLONG)
+#if defined(POLARSSL_HAVE_UDBL)
#define MULADDC_INIT \
{ \
t_uint r0, r1;
#define MULADDC_CORE \
- r = *(s++) * (t_udbl) b; \
+ r = *(s++) * (t_udbl) b; \
r0 = r; \
r1 = r >> biL; \
r0 += c; r1 += (r0 < c); \
*
* \brief Camellia block cipher
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_CAMELLIA_H
#define POLARSSL_CAMELLIA_H
+#include "config.h"
+
#include <string.h>
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
+#if !defined(POLARSSL_CAMELLIA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief CAMELLIA context structure
*/
}
camellia_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief CAMELLIA key schedule (encryption)
*
const unsigned char input[16],
unsigned char output[16] );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/**
* \brief CAMELLIA-CBC buffer encryption/decryption
* Length should be a multiple of the block
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CIPHER_MODE_CFB)
/**
* \brief CAMELLIA-CFB128 buffer encryption/decryption
*
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
- *
+ *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
*/
int camellia_crypt_cfb128( camellia_context *ctx,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CFB */
-/*
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+/**
* \brief CAMELLIA-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
* both encryption and decryption. So a context initialized with
* camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT.
*
+ * \param ctx CAMELLIA context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_CAMELLIA_ALT */
+#include "camellia_alt.h"
+#endif /* POLARSSL_CAMELLIA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/**
* \brief Checkup routine
--- /dev/null
+/**
+ * \file certs.h
+ *
+ * \brief Sample certificates and DHM parameters for testing
+ *
+ * Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_CERTS_H
+#define POLARSSL_CERTS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Concatenation of all available CA certificates */
+extern const char test_ca_list[];
+
+/*
+ * Convenience for users who just want a certificate:
+ * RSA by default, or ECDSA if RSA i not available
+ */
+extern const char *test_ca_crt;
+extern const char *test_ca_key;
+extern const char *test_ca_pwd;
+extern const char *test_srv_crt;
+extern const char *test_srv_key;
+extern const char *test_cli_crt;
+extern const char *test_cli_key;
+
+#if defined(POLARSSL_ECDSA_C)
+extern const char test_ca_crt_ec[];
+extern const char test_ca_key_ec[];
+extern const char test_ca_pwd_ec[];
+extern const char test_srv_crt_ec[];
+extern const char test_srv_key_ec[];
+extern const char test_cli_crt_ec[];
+extern const char test_cli_key_ec[];
+#endif
+
+#if defined(POLARSSL_RSA_C)
+extern const char test_ca_crt_rsa[];
+extern const char test_ca_key_rsa[];
+extern const char test_ca_pwd_rsa[];
+extern const char test_srv_crt_rsa[];
+extern const char test_srv_key_rsa[];
+extern const char test_cli_crt_rsa[];
+extern const char test_cli_key_rsa[];
+#endif
+
+#if defined(POLARSSL_DHM_C)
+extern const char test_dhm_params[];
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* certs.h */
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_CIPHER_H
#define POLARSSL_CIPHER_H
+#include "config.h"
+
+#if defined(POLARSSL_GCM_C)
+#define POLARSSL_CIPHER_MODE_AEAD
+#endif
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#define POLARSSL_CIPHER_MODE_WITH_PADDING
+#endif
+
#include <string.h>
#if defined(_MSC_VER) && !defined(inline)
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */
#define POLARSSL_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
+#define POLARSSL_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
typedef enum {
POLARSSL_CIPHER_ID_NONE = 0,
+ POLARSSL_CIPHER_ID_NULL,
POLARSSL_CIPHER_ID_AES,
POLARSSL_CIPHER_ID_DES,
POLARSSL_CIPHER_ID_3DES,
POLARSSL_CIPHER_ID_CAMELLIA,
+ POLARSSL_CIPHER_ID_BLOWFISH,
+ POLARSSL_CIPHER_ID_ARC4,
} cipher_id_t;
typedef enum {
POLARSSL_CIPHER_NONE = 0,
+ POLARSSL_CIPHER_NULL,
+ POLARSSL_CIPHER_AES_128_ECB,
+ POLARSSL_CIPHER_AES_192_ECB,
+ POLARSSL_CIPHER_AES_256_ECB,
POLARSSL_CIPHER_AES_128_CBC,
POLARSSL_CIPHER_AES_192_CBC,
POLARSSL_CIPHER_AES_256_CBC,
POLARSSL_CIPHER_AES_128_CTR,
POLARSSL_CIPHER_AES_192_CTR,
POLARSSL_CIPHER_AES_256_CTR,
+ POLARSSL_CIPHER_AES_128_GCM,
+ POLARSSL_CIPHER_AES_192_GCM,
+ POLARSSL_CIPHER_AES_256_GCM,
+ POLARSSL_CIPHER_CAMELLIA_128_ECB,
+ POLARSSL_CIPHER_CAMELLIA_192_ECB,
+ POLARSSL_CIPHER_CAMELLIA_256_ECB,
POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_CIPHER_CAMELLIA_256_CBC,
POLARSSL_CIPHER_CAMELLIA_128_CTR,
POLARSSL_CIPHER_CAMELLIA_192_CTR,
POLARSSL_CIPHER_CAMELLIA_256_CTR,
+ POLARSSL_CIPHER_CAMELLIA_128_GCM,
+ POLARSSL_CIPHER_CAMELLIA_192_GCM,
+ POLARSSL_CIPHER_CAMELLIA_256_GCM,
+ POLARSSL_CIPHER_DES_ECB,
POLARSSL_CIPHER_DES_CBC,
+ POLARSSL_CIPHER_DES_EDE_ECB,
POLARSSL_CIPHER_DES_EDE_CBC,
- POLARSSL_CIPHER_DES_EDE3_CBC
+ POLARSSL_CIPHER_DES_EDE3_ECB,
+ POLARSSL_CIPHER_DES_EDE3_CBC,
+ POLARSSL_CIPHER_BLOWFISH_ECB,
+ POLARSSL_CIPHER_BLOWFISH_CBC,
+ POLARSSL_CIPHER_BLOWFISH_CFB64,
+ POLARSSL_CIPHER_BLOWFISH_CTR,
+ POLARSSL_CIPHER_ARC4_128,
} cipher_type_t;
typedef enum {
POLARSSL_MODE_NONE = 0,
+ POLARSSL_MODE_ECB,
POLARSSL_MODE_CBC,
- POLARSSL_MODE_CFB128,
+ POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB,
POLARSSL_MODE_CTR,
+ POLARSSL_MODE_GCM,
+ POLARSSL_MODE_STREAM,
} cipher_mode_t;
+typedef enum {
+ POLARSSL_PADDING_PKCS7 = 0, /**< PKCS7 padding (default) */
+ POLARSSL_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding */
+ POLARSSL_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding */
+ POLARSSL_PADDING_ZEROS, /**< zero padding (not reversible!) */
+ POLARSSL_PADDING_NONE, /**< never pad (full blocks only) */
+} cipher_padding_t;
+
typedef enum {
POLARSSL_OPERATION_NONE = -1,
POLARSSL_DECRYPT = 0,
POLARSSL_KEY_LENGTH_DES_EDE = 128,
/** Key length, in bits (including parity), for DES in three-key EDE */
POLARSSL_KEY_LENGTH_DES_EDE3 = 192,
- /** Maximum length of any IV, in bytes */
- POLARSSL_MAX_IV_LENGTH = 16,
};
+/** Maximum length of any IV, in bytes */
+#define POLARSSL_MAX_IV_LENGTH 16
+/** Maximum block size of any cipher, in bytes */
+#define POLARSSL_MAX_BLOCK_LENGTH 16
+
/**
* Base cipher information. The non-mode specific functions and values.
*/
/** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */
cipher_id_t cipher;
+ /** Encrypt using ECB */
+ int (*ecb_func)( void *ctx, operation_t mode,
+ const unsigned char *input, unsigned char *output );
+
/** Encrypt using CBC */
int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output );
- /** Encrypt using CFB128 */
- int (*cfb128_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off,
+ /** Encrypt using CFB (Full length) */
+ int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input, unsigned char *output );
/** Encrypt using CTR */
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter,
unsigned char *stream_block, const unsigned char *input, unsigned char *output );
+ /** Encrypt using STREAM */
+ int (*stream_func)( void *ctx, size_t length,
+ const unsigned char *input, unsigned char *output );
+
/** Set key for encryption purposes */
int (*setkey_enc_func)( void *ctx, const unsigned char *key, unsigned int key_length);
/** Name of the cipher */
const char * name;
- /** IV size, in bytes */
+ /** IV/NONCE size, in bytes.
+ * For cipher that accept many sizes: recommended size */
unsigned int iv_size;
+ /** Flag for ciphers that accept many sizes of IV/NONCE */
+ int accepts_variable_iv_size;
+
/** block size, in bytes */
unsigned int block_size;
/** Operation that the context's key has been initialised for */
operation_t operation;
+ /** Padding functions to use, if relevant for cipher mode */
+ void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
+ int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+
/** Buffer for data that hasn't been encrypted yet */
- unsigned char unprocessed_data[POLARSSL_MAX_IV_LENGTH];
+ unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH];
/** Number of bytes that still need processing */
size_t unprocessed_len;
/** Current IV or NONCE_COUNTER for CTR-mode */
unsigned char iv[POLARSSL_MAX_IV_LENGTH];
+ /** IV size in bytes (for ciphers with variable-length IVs) */
+ size_t iv_size;
+
/** Cipher-specific context */
void *cipher_ctx;
} cipher_context_t;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Returns the list of ciphers supported by the generic cipher module.
*
*/
const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type );
+/**
+ * \brief Returns the cipher information structure associated
+ * with the given cipher id, key size and mode.
+ *
+ * \param cipher_id Id of the cipher to search for
+ * (e.g. POLARSSL_CIPHER_ID_AES)
+ * \param key_length Length of the key in bits
+ * \param mode Cipher mode (e.g. POLARSSL_MODE_CBC)
+ *
+ * \return the cipher information structure associated with the
+ * given cipher_type, or NULL if not found.
+ */
+const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
+ int key_length,
+ const cipher_mode_t mode );
+
/**
* \brief Initialises and fills the cipher context structure with
* the appropriate values.
}
/**
- * \brief Returns the size of the cipher's IV.
+ * \brief Returns the size of the cipher's IV/NONCE in bytes.
*
* \param ctx cipher's context. Must have been initialised.
*
- * \return size of the cipher's IV, or 0 if ctx has not been
- * initialised.
+ * \return If IV has not been set yet: (recommended) IV size
+ * (0 for ciphers not using IV/NONCE).
+ * If IV has already been set: actual size.
*/
static inline int cipher_get_iv_size( const cipher_context_t *ctx )
{
if( NULL == ctx || NULL == ctx->cipher_info )
return 0;
+ if( ctx->iv_size != 0 )
+ return (int) ctx->iv_size;
+
return ctx->cipher_info->iv_size;
}
static inline cipher_type_t cipher_get_type( const cipher_context_t *ctx )
{
if( NULL == ctx || NULL == ctx->cipher_info )
- return 0;
+ return POLARSSL_CIPHER_NONE;
return ctx->cipher_info->type;
}
*/
static inline int cipher_get_key_size ( const cipher_context_t *ctx )
{
- if( NULL == ctx )
+ if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_KEY_LENGTH_NONE;
- return ctx->key_length;
+ return ctx->cipher_info->key_length;
}
/**
int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, int key_length,
const operation_t operation );
+#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
+/**
+ * \brief Set padding mode, for cipher modes that use padding.
+ * (Default: PKCS7 padding.)
+ *
+ * \param ctx generic cipher context
+ * \param mode padding mode
+ *
+ * \returns 0 on success, POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
+ * if selected padding mode is not supported, or
+ * POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+ * does not support padding.
+ */
+int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode );
+#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
+
+/**
+ * \brief Set the initialization vector (IV) or nonce
+ *
+ * \param ctx generic cipher context
+ * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len IV length for ciphers with variable-size IV;
+ * discarded by ciphers with fixed-size IV.
+ *
+ * \returns O on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+ *
+ * \note Some ciphers don't use IVs nor NONCE. For these
+ * ciphers, this function has no effect.
+ */
+int cipher_set_iv( cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len );
+
/**
- * \brief Reset the given context, setting the IV to iv
+ * \brief Finish preparation of the given context
*
* \param ctx generic cipher context
- * \param iv IV to use or NONCE_COUNTER in the case of a CTR-mode cipher
*
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int cipher_reset( cipher_context_t *ctx, const unsigned char *iv );
+int cipher_reset( cipher_context_t *ctx );
+
+#if defined(POLARSSL_CIPHER_MODE_AEAD)
+/**
+ * \brief Add additional data (for AEAD ciphers).
+ * This function has no effect for non-AEAD ciphers.
+ * For AEAD ciphers, it may or may not be called
+ * repeatedly, and/or interleaved with calls to
+ * cipher_udpate(), depending on the cipher.
+ * E.g. for GCM is must be called exactly once, right
+ * after cipher_reset().
+ *
+ * \param ctx generic cipher context
+ * \param ad Additional data to use.
+ * \param ad_len Length of ad.
+ *
+ * \returns 0 on success, or a specific error code.
+ */
+int cipher_update_ad( cipher_context_t *ctx,
+ const unsigned char *ad, size_t ad_len );
+#endif /* POLARSSL_CIPHER_MODE_AEAD */
/**
* \brief Generic cipher update function. Encrypts/decrypts
* that cannot be written immediately will either be added
* to the next block, or flushed when cipher_final is
* called.
+ * Exception: for POLARSSL_MODE_ECB, expects single block
+ * in size (e.g. 16 bytes for AES)
*
* \param ctx generic cipher context
* \param input buffer holding the input data
* POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE on an
* unsupported mode for a cipher or a cipher specific
* error code.
+ *
+ * \note If the underlying cipher is GCM, all calls to this
+ * function, except the last one before cipher_finish(),
+ * must have ilen a multiple of the block size.
*/
int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen );
* the last block, and written to the output buffer.
*
* \param ctx Generic cipher context
- * \param output buffer to write data to. Needs block_size data available.
+ * \param output buffer to write data to. Needs block_size available.
* \param olen length of the data written to the output buffer.
*
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
* POLARSSL_ERR_CIPHER_INVALID_PADDING on invalid padding
* while decrypting or a cipher specific error code.
*/
-int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen);
+int cipher_finish( cipher_context_t *ctx,
+ unsigned char *output, size_t *olen );
+
+#if defined(POLARSSL_CIPHER_MODE_AEAD)
+/**
+ * \brief Write tag for AEAD ciphers.
+ * No effect for other ciphers.
+ * Must be called after cipher_finish().
+ *
+ * \param ctx Generic cipher context
+ * \param tag buffer to write the tag
+ * \param tag_len Length of the tag to write
+ *
+ * \return 0 on success, or a specific error code.
+ */
+int cipher_write_tag( cipher_context_t *ctx,
+ unsigned char *tag, size_t tag_len );
+/**
+ * \brief Check tag for AEAD ciphers.
+ * No effect for other ciphers.
+ * Calling time depends on the cipher:
+ * for GCM, must be called after cipher_finish().
+ *
+ * \param ctx Generic cipher context
+ * \param tag Buffer holding the tag
+ * \param tag_len Length of the tag to check
+ *
+ * \return 0 on success, or a specific error code.
+ */
+int cipher_check_tag( cipher_context_t *ctx,
+ const unsigned char *tag, size_t tag_len );
+#endif /* POLARSSL_CIPHER_MODE_AEAD */
/**
* \brief Checkup routine
}
#endif
-#endif /* POLARSSL_MD_H */
+#endif /* POLARSSL_CIPHER_H */
/**
- * \file certs.h
+ * \file cipher_wrap.h
+ *
+ * \brief Cipher wrappers.
*
- * \brief Sample certificates and DHM parameters for testing
+ * \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#ifndef POLARSSL_CERTS_H
-#define POLARSSL_CERTS_H
+#ifndef POLARSSL_CIPHER_WRAP_H
+#define POLARSSL_CIPHER_WRAP_H
+
+#include "config.h"
+#include "cipher.h"
#ifdef __cplusplus
extern "C" {
#endif
-extern const char test_ca_crt[];
-extern const char test_ca_key[];
-extern const char test_ca_pwd[];
-extern const char test_srv_crt[];
-extern const char test_srv_key[];
-extern const char test_cli_crt[];
-extern const char test_cli_key[];
-extern const char test_dhm_params[];
+typedef struct
+{
+ cipher_type_t type;
+ const cipher_info_t *info;
+} cipher_definition_t;
+
+extern const cipher_definition_t cipher_definitions[];
+
+extern int supported_ciphers[];
#ifdef __cplusplus
}
#endif
-#endif /* certs.h */
+#endif /* POLARSSL_CIPHER_WRAP_H */
--- /dev/null
+/**
+ * \file compat-1.2.h
+ *
+ * \brief Backwards compatibility header for PolarSSL-1.2 from PolarSSL-1.3
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_COMPAT_1_2_H
+#define POLARSSL_COMPAT_1_2_H
+
+#include "config.h"
+
+// Comment out to disable prototype change warnings
+#define SHOW_PROTOTYPE_CHANGE_WARNINGS
+
+#if defined(_MSC_VER) && !defined(inline)
+#define inline _inline
+#else
+#if defined(__ARMCC_VERSION) && !defined(inline)
+#define inline __inline
+#endif /* __ARMCC_VERSION */
+#endif /* _MSC_VER */
+
+#if defined(_MSC_VER)
+// MSVC does not support #warning
+#undef SHOW_PROTOTYPE_CHANGE_WARNINGS
+#endif
+
+#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
+#warning "You can disable these warnings by commenting SHOW_PROTOTYPE_CHANGE_WARNINGS in compat-1.2.h"
+#endif
+
+#if defined(POLARSSL_SHA256_C)
+#define POLARSSL_SHA2_C
+#include "sha256.h"
+
+/*
+ * SHA-2 -> SHA-256
+ */
+typedef sha256_context sha2_context;
+
+inline void sha2_starts( sha256_context *ctx, int is224 ) {
+ sha256_starts( ctx, is224 );
+}
+inline void sha2_update( sha256_context *ctx, const unsigned char *input,
+ size_t ilen ) {
+ sha256_update( ctx, input, ilen );
+}
+inline void sha2_finish( sha256_context *ctx, unsigned char output[32] ) {
+ sha256_finish( ctx, output );
+}
+inline int sha2_file( const char *path, unsigned char output[32], int is224 ) {
+ return sha256_file( path, output, is224 );
+}
+inline void sha2( const unsigned char *input, size_t ilen,
+ unsigned char output[32], int is224 ) {
+ sha256( input, ilen, output, is224 );
+}
+inline void sha2_hmac_starts( sha256_context *ctx, const unsigned char *key,
+ size_t keylen, int is224 ) {
+ sha256_hmac_starts( ctx, key, keylen, is224 );
+}
+inline void sha2_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen ) {
+ sha256_hmac_update( ctx, input, ilen );
+}
+inline void sha2_hmac_finish( sha256_context *ctx, unsigned char output[32] ) {
+ sha256_hmac_finish( ctx, output );
+}
+inline void sha2_hmac_reset( sha256_context *ctx ) {
+ sha256_hmac_reset( ctx );
+}
+inline void sha2_hmac( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char output[32], int is224 ) {
+ sha256_hmac( key, keylen, input, ilen, output, is224 );
+}
+inline int sha2_self_test( int verbose ) {
+ return sha256_self_test( verbose );
+}
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+#define POLARSSL_SHA4_C
+#include "sha512.h"
+
+/*
+ * SHA-4 -> SHA-512
+ */
+typedef sha512_context sha4_context;
+
+inline void sha4_starts( sha512_context *ctx, int is384 ) {
+ sha512_starts( ctx, is384 );
+}
+inline void sha4_update( sha512_context *ctx, const unsigned char *input,
+ size_t ilen ) {
+ sha512_update( ctx, input, ilen );
+}
+inline void sha4_finish( sha512_context *ctx, unsigned char output[64] ) {
+ sha512_finish( ctx, output );
+}
+inline int sha4_file( const char *path, unsigned char output[64], int is384 ) {
+ return sha512_file( path, output, is384 );
+}
+inline void sha4( const unsigned char *input, size_t ilen,
+ unsigned char output[32], int is384 ) {
+ sha512( input, ilen, output, is384 );
+}
+inline void sha4_hmac_starts( sha512_context *ctx, const unsigned char *key,
+ size_t keylen, int is384 ) {
+ sha512_hmac_starts( ctx, key, keylen, is384 );
+}
+inline void sha4_hmac_update( sha512_context *ctx, const unsigned char *input, size_t ilen ) {
+ sha512_hmac_update( ctx, input, ilen );
+}
+inline void sha4_hmac_finish( sha512_context *ctx, unsigned char output[64] ) {
+ sha512_hmac_finish( ctx, output );
+}
+inline void sha4_hmac_reset( sha512_context *ctx ) {
+ sha512_hmac_reset( ctx );
+}
+inline void sha4_hmac( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char output[64], int is384 ) {
+ sha512_hmac( key, keylen, input, ilen, output, is384 );
+}
+inline int sha4_self_test( int verbose ) {
+ return sha512_self_test( verbose );
+}
+#endif /* POLARSSL_SHA512_C */
+
+#if defined(POLARSSL_CIPHER_C)
+#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
+#warning "cipher_reset() prototype changed. Manual change required if used"
+#endif
+#endif
+
+#if defined(POLARSSL_RSA_C)
+#define SIG_RSA_RAW POLARSSL_MD_NONE
+#define SIG_RSA_MD2 POLARSSL_MD_MD2
+#define SIG_RSA_MD4 POLARSSL_MD_MD4
+#define SIG_RSA_MD5 POLARSSL_MD_MD5
+#define SIG_RSA_SHA1 POLARSSL_MD_SHA1
+#define SIG_RSA_SHA224 POLARSSL_MD_SHA224
+#define SIG_RSA_SHA256 POLARSSL_MD_SHA256
+#define SIG_RSA_SHA384 POLARSSL_MD_SHA384
+#define SIG_RSA_SHA512 POLARSSL_MD_SHA512
+#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
+#warning "rsa_pkcs1_verify() prototype changed. Manual change required if used"
+#warning "rsa_pkcs1_decrypt() prototype changed. Manual change required if used"
+#endif
+#endif
+
+#if defined(POLARSSL_DHM_C)
+#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
+#warning "dhm_calc_secret() prototype changed. Manual change required if used"
+#endif
+#endif
+
+#if defined(POLARSSL_GCM_C)
+#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
+#warning "gcm_init() prototype changed. Manual change required if used"
+#endif
+#endif
+
+#if defined(POLARSSL_SSL_CLI_C)
+#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
+#warning "ssl_set_own_cert() prototype changed. Change to ssl_set_own_cert_rsa(). Manual change required if used"
+#endif
+#endif
+
+#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
+#include "x509.h"
+
+#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT POLARSSL_ERR_X509_INVALID_FORMAT
+#define POLARSSL_ERR_X509_CERT_INVALID_VERSION POLARSSL_ERR_X509_INVALID_VERSION
+#define POLARSSL_ERR_X509_CERT_INVALID_ALG POLARSSL_ERR_X509_INVALID_ALG
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
+#define POLARSSL_ERR_X509_CERT_INVALID_NAME POLARSSL_ERR_X509_INVALID_NAME
+#define POLARSSL_ERR_X509_CERT_INVALID_DATE POLARSSL_ERR_X509_INVALID_DATE
+#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS POLARSSL_ERR_X509_INVALID_EXTENSIONS
+#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH POLARSSL_ERR_X509_SIG_MISMATCH
+#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE POLARSSL_ERR_X509_INVALID_SIGNATURE
+#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL POLARSSL_ERR_X509_INVALID_SERIAL
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION POLARSSL_ERR_X509_UNKNOWN_VERSION
+
+inline int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial ) {
+ return x509_serial_gets( buf, size, serial );
+}
+inline int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn ) {
+ return x509_dn_gets( buf, size, dn );
+}
+inline int x509parse_time_expired( const x509_time *time ) {
+ return x509_time_expired( time );
+}
+#endif /* POLARSSL_X509_USE_C || POLARSSL_X509_CREATE_C */
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+#define POLARSSL_X509_PARSE_C
+#include "x509_crt.h"
+typedef x509_crt x509_cert;
+
+inline int x509parse_crt_der( x509_cert *chain, const unsigned char *buf,
+ size_t buflen ) {
+ return x509_crt_parse_der( chain, buf, buflen );
+}
+inline int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen ) {
+ return x509_crt_parse( chain, buf, buflen );
+}
+inline int x509parse_crtfile( x509_cert *chain, const char *path ) {
+ return x509_crt_parse_file( chain, path );
+}
+inline int x509parse_crtpath( x509_cert *chain, const char *path ) {
+ return x509_crt_parse_path( chain, path );
+}
+inline int x509parse_cert_info( char *buf, size_t size, const char *prefix,
+ const x509_cert *crt ) {
+ return x509_crt_info( buf, size, prefix, crt );
+}
+inline int x509parse_verify( x509_cert *crt, x509_cert *trust_ca,
+ x509_crl *ca_crl, const char *cn, int *flags,
+ int (*f_vrfy)(void *, x509_cert *, int, int *),
+ void *p_vrfy ) {
+ return x509_crt_verify( crt, trust_ca, ca_crl, cn, flags, f_vrfy, p_vrfy );
+}
+inline int x509parse_revoked( const x509_cert *crt, const x509_crl *crl ) {
+ return x509_crt_revoked( crt, crl );
+}
+inline void x509_free( x509_cert *crt ) {
+ x509_crt_free( crt );
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+#if defined(POLARSSL_X509_CRL_PARSE_C)
+#define POLARSSL_X509_PARSE_C
+#include "x509_crl.h"
+inline int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen ) {
+ return x509_crl_parse( chain, buf, buflen );
+}
+inline int x509parse_crlfile( x509_crl *chain, const char *path ) {
+ return x509_crl_parse_file( chain, path );
+}
+inline int x509parse_crl_info( char *buf, size_t size, const char *prefix,
+ const x509_crl *crl ) {
+ return x509_crl_info( buf, size, prefix, crl );
+}
+#endif /* POLARSSL_X509_CRL_PARSE_C */
+
+#if defined(POLARSSL_X509_CSR_PARSE_C)
+#define POLARSSL_X509_PARSE_C
+#include "x509_csr.h"
+inline int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen ) {
+ return x509_csr_parse( csr, buf, buflen );
+}
+inline int x509parse_csrfile( x509_csr *csr, const char *path ) {
+ return x509_csr_parse_file( csr, path );
+}
+inline int x509parse_csr_info( char *buf, size_t size, const char *prefix,
+ const x509_csr *csr ) {
+ return x509_csr_info( buf, size, prefix, csr );
+}
+#endif /* POLARSSL_X509_CSR_PARSE_C */
+
+#if defined(POLARSSL_SSL_TLS_C)
+#include "ssl_ciphersuites.h"
+
+#define ssl_default_ciphersuites ssl_list_ciphersuites()
+#endif
+
+#if defined(POLARSSL_PK_PARSE_C) && defined(POLARSSL_RSA_C)
+#include "rsa.h"
+#include "pk.h"
+
+#define POLARSSL_ERR_X509_PASSWORD_MISMATCH POLARSSL_ERR_PK_PASSWORD_MISMATCH
+#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT POLARSSL_ERR_PK_KEY_INVALID_FORMAT
+#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG POLARSSL_ERR_PK_UNKNOWN_PK_ALG
+#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY POLARSSL_ERR_PK_INVALID_PUBKEY
+
+#if defined(POLARSSL_FS_IO)
+inline int x509parse_keyfile( rsa_context *rsa, const char *path,
+ const char *pwd ) {
+ int ret;
+ pk_context pk;
+ pk_init( &pk );
+ ret = pk_parse_keyfile( &pk, path, pwd );
+ if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
+ ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
+ if( ret == 0 )
+ rsa_copy( rsa, pk_rsa( pk ) );
+ else
+ rsa_free( rsa );
+ pk_free( &pk );
+ return( ret );
+}
+inline int x509parse_public_keyfile( rsa_context *rsa, const char *path ) {
+ int ret;
+ pk_context pk;
+ pk_init( &pk );
+ ret = pk_parse_public_keyfile( &pk, path );
+ if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
+ ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
+ if( ret == 0 )
+ rsa_copy( rsa, pk_rsa( pk ) );
+ else
+ rsa_free( rsa );
+ pk_free( &pk );
+ return( ret );
+}
+#endif /* POLARSSL_FS_IO */
+
+inline int x509parse_key( rsa_context *rsa, const unsigned char *key,
+ size_t keylen,
+ const unsigned char *pwd, size_t pwdlen ) {
+ int ret;
+ pk_context pk;
+ pk_init( &pk );
+ ret = pk_parse_key( &pk, key, keylen, pwd, pwdlen );
+ if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
+ ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
+ if( ret == 0 )
+ rsa_copy( rsa, pk_rsa( pk ) );
+ else
+ rsa_free( rsa );
+ pk_free( &pk );
+ return( ret );
+}
+
+inline int x509parse_public_key( rsa_context *rsa,
+ const unsigned char *key, size_t keylen )
+{
+ int ret;
+ pk_context pk;
+ pk_init( &pk );
+ ret = pk_parse_public_key( &pk, key, keylen );
+ if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
+ ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
+ if( ret == 0 )
+ rsa_copy( rsa, pk_rsa( pk ) );
+ else
+ rsa_free( rsa );
+ pk_free( &pk );
+ return( ret );
+}
+#endif /* POLARSSL_PK_PARSE_C && POLARSSL_RSA_C */
+
+#if defined(POLARSSL_PK_WRITE_C) && defined(POLARSSL_RSA_C)
+#include "pk.h"
+inline int x509_write_pubkey_der( unsigned char *buf, size_t len, rsa_context *rsa ) {
+ int ret;
+ pk_context ctx;
+ if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret );
+ if( ( ret = rsa_copy( pk_rsa( ctx ), rsa ) ) != 0 ) return( ret );
+ ret = pk_write_pubkey_der( &ctx, buf, len );
+ pk_free( &ctx );
+ return( ret );
+}
+inline int x509_write_key_der( unsigned char *buf, size_t len, rsa_context *rsa ) {
+ int ret;
+ pk_context ctx;
+ if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret );
+ if( ( ret = rsa_copy( pk_rsa( ctx ), rsa ) ) != 0 ) return( ret );
+ ret = pk_write_key_der( &ctx, buf, len );
+ pk_free( &ctx );
+ return( ret );
+}
+#endif /* POLARSSL_PK_WRITE_C && POLARSSL_RSA_C */
+#endif /* compat-1.2.h */
--- /dev/null
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+#ifndef POLARSSL_CONFIG_H
+#define POLARSSL_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def POLARSSL_HAVE_INT8
+ *
+ * The system uses 8-bit wide native integers.
+ *
+ * Uncomment if native integers are 8-bit wide.
+ */
+//#define POLARSSL_HAVE_INT8
+
+/**
+ * \def POLARSSL_HAVE_INT16
+ *
+ * The system uses 16-bit wide native integers.
+ *
+ * Uncomment if native integers are 16-bit wide.
+ */
+//#define POLARSSL_HAVE_INT16
+
+/**
+ * \def POLARSSL_HAVE_LONGLONG
+ *
+ * The compiler supports the 'long long' type.
+ * (Only used on 32-bit platforms)
+ */
+#define POLARSSL_HAVE_LONGLONG
+
+/**
+ * \def POLARSSL_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ * library/timing.c
+ * library/padlock.c
+ * include/polarssl/bn_mul.h
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define POLARSSL_HAVE_ASM
+
+/**
+ * \def POLARSSL_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define POLARSSL_HAVE_SSE2
+
+/**
+ * \def POLARSSL_HAVE_READDIR_R
+ *
+ * (Non Windows) System has readdir_r().
+ *
+ * Required for x509_crt_parse_path() in non-Windows systems.
+ *
+ * Comment if your system does not have support.
+ */
+#define POLARSSL_HAVE_READDIR_R
+
+/**
+ * \def POLARSSL_HAVE_TIME
+ *
+ * System has time.h and time() / localtime() / gettimeofday().
+ *
+ * Comment if your system does not support time functions
+ */
+#define POLARSSL_HAVE_TIME
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: PolarSSL feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def POLARSSL_XXX_ALT
+ *
+ * Uncomment a macro to let PolarSSL use your alternate core implementation of
+ * a symmetric or hash algorithm (e.g. platform specific assembly optimized
+ * implementations). Keep in mind that the function prototypes should remain
+ * the same.
+ *
+ * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer
+ * provide the "struct aes_context" definition and omit the base function
+ * declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation for core algorithm
+ * functions
+ */
+//#define POLARSSL_AES_ALT
+//#define POLARSSL_ARC4_ALT
+//#define POLARSSL_BLOWFISH_ALT
+//#define POLARSSL_CAMELLIA_ALT
+//#define POLARSSL_DES_ALT
+//#define POLARSSL_XTEA_ALT
+//#define POLARSSL_MD2_ALT
+//#define POLARSSL_MD4_ALT
+//#define POLARSSL_MD5_ALT
+//#define POLARSSL_SHA1_ALT
+//#define POLARSSL_SHA256_ALT
+//#define POLARSSL_SHA512_ALT
+
+/**
+ * \def POLARSSL_AES_ROM_TABLES
+ *
+ * Store the AES tables in ROM.
+ *
+ * Uncomment this macro to store the AES tables in ROM.
+ *
+ */
+//#define POLARSSL_AES_ROM_TABLES
+
+/**
+ * \def POLARSSL_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CBC
+
+/**
+ * \def POLARSSL_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CFB
+
+/**
+ * \def POLARSSL_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CTR
+
+/**
+ * \def POLARSSL_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ * TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ * TLS_ECDHE_RSA_WITH_NULL_SHA
+ * TLS_ECDHE_PSK_WITH_NULL_SHA384
+ * TLS_ECDHE_PSK_WITH_NULL_SHA256
+ * TLS_ECDHE_PSK_WITH_NULL_SHA
+ * TLS_DHE_PSK_WITH_NULL_SHA384
+ * TLS_DHE_PSK_WITH_NULL_SHA256
+ * TLS_DHE_PSK_WITH_NULL_SHA
+ * TLS_RSA_WITH_NULL_SHA256
+ * TLS_RSA_WITH_NULL_SHA
+ * TLS_RSA_WITH_NULL_MD5
+ * TLS_RSA_PSK_WITH_NULL_SHA384
+ * TLS_RSA_PSK_WITH_NULL_SHA256
+ * TLS_RSA_PSK_WITH_NULL_SHA
+ * TLS_PSK_WITH_NULL_SHA384
+ * TLS_PSK_WITH_NULL_SHA256
+ * TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+#define POLARSSL_CIPHER_NULL_CIPHER
+ */
+
+/**
+ * \def POLARSSL_CIPHER_PADDING_XXX
+ *
+ * Uncomment or comment macros to add support for specific padding modes
+ * in the cipher layer with cipher modes that support padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define POLARSSL_CIPHER_PADDING_PKCS7
+#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
+#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
+#define POLARSSL_CIPHER_PADDING_ZEROS
+
+/**
+ * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ * TLS_RSA_WITH_DES_CBC_SHA
+ * TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ */
+
+/**
+ * \def POLARSSL_ECP_XXXX_ENABLED
+ *
+ * Enables specific curves within the Elliptic Curve module.
+ * By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#define POLARSSL_ECP_DP_SECP192R1_ENABLED
+#define POLARSSL_ECP_DP_SECP224R1_ENABLED
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED
+#define POLARSSL_ECP_DP_SECP384R1_ENABLED
+#define POLARSSL_ECP_DP_SECP521R1_ENABLED
+#define POLARSSL_ECP_DP_BP256R1_ENABLED
+#define POLARSSL_ECP_DP_BP384R1_ENABLED
+#define POLARSSL_ECP_DP_BP512R1_ENABLED
+
+/**
+ * \def POLARSSL_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define POLARSSL_ECP_NIST_OPTIM
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA
+ * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_MD5
+ */
+#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def POLARSSL_ERROR_STRERROR_BC
+ *
+ * Make available the backward compatible error_strerror() next to the
+ * current polarssl_strerror().
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * error_strerror()
+ */
+#define POLARSSL_ERROR_STRERROR_BC
+
+/**
+ * \def POLARSSL_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of polarssl_strerror() in
+ * third party libraries easier.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * polarssl_strerror()
+ */
+#define POLARSSL_ERROR_STRERROR_DUMMY
+
+/**
+ * \def POLARSSL_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: POLARSSL_BIGNUM_C
+ */
+#define POLARSSL_GENPRIME
+
+/**
+ * \def POLARSSL_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define POLARSSL_FS_IO
+
+/**
+ * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def POLARSSL_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define POLARSSL_NO_PLATFORM_ENTROPY
+
+/**
+ * \def POLARSSL_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
+ * fprintf()
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define POLARSSL_MEMORY_DEBUG
+
+/**
+ * \def POLARSSL_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
+ * GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define POLARSSL_MEMORY_BACKTRACE
+
+/**
+ * \def POLARSSL_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: POLARSSL_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define POLARSSL_PKCS1_V15
+
+/**
+ * \def POLARSSL_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define POLARSSL_PKCS1_V21
+
+/**
+ * \def POLARSSL_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define POLARSSL_RSA_NO_CRT
+
+/**
+ * \def POLARSSL_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define POLARSSL_SELF_TEST
+
+/**
+ * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, PolarSSL can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define POLARSSL_SSL_ALERT_MESSAGES
+
+/**
+ * \def POLARSSL_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define POLARSSL_SSL_DEBUG_ALL
+
+/**
+ * \def POLARSSL_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define POLARSSL_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (POLARSSL_SSL_SRV_C).
+ *
+ * Comment this macro to disable support for SSLv2 Client Hello messages.
+ */
+#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def POLARSSL_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: POLARSSL_MD5_C
+ * POLARSSL_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+#define POLARSSL_SSL_PROTO_SSL3
+
+/**
+ * \def POLARSSL_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: POLARSSL_MD5_C
+ * POLARSSL_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define POLARSSL_SSL_PROTO_TLS1
+
+/**
+ * \def POLARSSL_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1.
+ *
+ * Requires: POLARSSL_MD5_C
+ * POLARSSL_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1
+ */
+#define POLARSSL_SSL_PROTO_TLS1_1
+
+/**
+ * \def POLARSSL_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2.
+ *
+ * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
+ * (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2
+ */
+#define POLARSSL_SSL_PROTO_TLS1_2
+
+/**
+ * \def POLARSSL_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ *
+ * Requires: POLARSSL_AES_C
+ * POLARSSL_SHA256_C
+ * POLARSSL_CIPHER_MODE_CBC
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define POLARSSL_SSL_SESSION_TICKETS
+
+/**
+ * \def POLARSSL_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define POLARSSL_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def POLARSSL_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define POLARSSL_SSL_TRUNCATED_HMAC
+
+/**
+ * \def POLARSSL_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define POLARSSL_THREADING_ALT
+
+/**
+ * \def POLARSSL_THREADING_DUMMY
+ *
+ * Provide a dummy threading implementation.
+ * Warning: If you use this, all claims of thread-safety in the documentation
+ * are void!
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to enable code to compile like with threading enabled
+ */
+//#define POLARSSL_THREADING_DUMMY
+
+/**
+ * \def POLARSSL_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define POLARSSL_THREADING_PTHREAD
+
+/**
+ * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def POLARSSL_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * Used in: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define POLARSSL_ZLIB_SUPPORT
+/* \} name SECTION: PolarSSL feature support */
+
+/**
+ * \name SECTION: PolarSSL modules
+ *
+ * This section enables or disables entire modules in PolarSSL
+ * \{
+ */
+
+/**
+ * \def POLARSSL_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module: library/aes.c
+ * Caller: library/ssl_tls.c
+ * library/pem.c
+ * library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA
+ * TLS_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA
+ * TLS_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define POLARSSL_AES_C
+
+/**
+ * \def POLARSSL_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module: library/arc4.c
+ * Caller: library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ * TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ * TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ * TLS_DHE_PSK_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_MD5
+ * TLS_RSA_PSK_WITH_RC4_128_SHA
+ * TLS_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_ARC4_C
+
+/**
+ * \def POLARSSL_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module: library/asn1.c
+ * Caller: library/x509.c
+ * library/dhm.c
+ * library/pkcs12.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ */
+#define POLARSSL_ASN1_PARSE_C
+
+/**
+ * \def POLARSSL_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module: library/asn1write.c
+ * Caller: library/ecdsa.c
+ * library/pkwrite.c
+ * library/x509_create.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ */
+#define POLARSSL_ASN1_WRITE_C
+
+/**
+ * \def POLARSSL_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module: library/base64.c
+ * Caller: library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define POLARSSL_BASE64_C
+
+/**
+ * \def POLARSSL_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module: library/bignum.c
+ * Caller: library/dhm.c
+ * library/ecp.c
+ * library/rsa.c
+ * library/ssl_tls.c
+ *
+ * This module is required for RSA and DHM support.
+ */
+#define POLARSSL_BIGNUM_C
+
+/**
+ * \def POLARSSL_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module: library/blowfish.c
+ */
+#define POLARSSL_BLOWFISH_C
+
+/**
+ * \def POLARSSL_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module: library/camellia.c
+ * Caller: library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define POLARSSL_CAMELLIA_C
+
+/**
+ * \def POLARSSL_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module: library/certs.c
+ * Caller:
+ *
+ * Requires: POLARSSL_PEM_PARSE_C
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define POLARSSL_CERTS_C
+
+/**
+ * \def POLARSSL_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module: library/cipher.c
+ * Caller: library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define POLARSSL_CIPHER_C
+
+/**
+ * \def POLARSSL_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-256-based random generator.
+ *
+ * Module: library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: POLARSSL_AES_C
+ *
+ * This module provides the CTR_DRBG AES-256 random number generator.
+ */
+#define POLARSSL_CTR_DRBG_C
+
+/**
+ * \def POLARSSL_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module: library/debug.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define POLARSSL_DEBUG_C
+
+/**
+ * \def POLARSSL_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module: library/des.c
+ * Caller: library/pem.c
+ * library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ */
+#define POLARSSL_DES_C
+
+/**
+ * \def POLARSSL_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module: library/dhm.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * DHE-RSA, DHE-PSK
+ */
+#define POLARSSL_DHM_C
+
+/**
+ * \def POLARSSL_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module: library/ecdh.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: POLARSSL_ECP_C
+ */
+#define POLARSSL_ECDH_C
+
+/**
+ * \def POLARSSL_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module: library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA
+ *
+ * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
+ */
+#define POLARSSL_ECDSA_C
+
+/**
+ * \def POLARSSL_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module: library/ecp.c
+ * Caller: library/ecdh.c
+ * library/ecdsa.c
+ *
+ * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
+ */
+#define POLARSSL_ECP_C
+
+/**
+ * \def POLARSSL_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module: library/entropy.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SHA512_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define POLARSSL_ENTROPY_C
+
+/**
+ * \def POLARSSL_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module: library/error.c
+ * Caller:
+ *
+ * This module enables err_strerror().
+ */
+#define POLARSSL_ERROR_C
+
+/**
+ * \def POLARSSL_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module: library/gcm.c
+ *
+ * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define POLARSSL_GCM_C
+
+/**
+ * \def POLARSSL_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ * environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ * processor traits. It is therefore not advised to use HAVEGE as
+ * your applications primary random generator or primary entropy pool
+ * input. As a secondary input to your entropy pool, it IS able add
+ * the (limited) extra entropy it provides.
+ *
+ * Module: library/havege.c
+ * Caller:
+ *
+ * Requires: POLARSSL_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define POLARSSL_HAVEGE_C
+
+/**
+ * \def POLARSSL_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module: library/md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define POLARSSL_MD_C
+
+/**
+ * \def POLARSSL_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module: library/md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ */
+//#define POLARSSL_MD2_C
+
+/**
+ * \def POLARSSL_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module: library/md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ */
+//#define POLARSSL_MD4_C
+
+/**
+ * \def POLARSSL_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module: library/md5.c
+ * Caller: library/md.c
+ * library/pem.c
+ * library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
+ */
+#define POLARSSL_MD5_C
+
+/**
+ * \def POLARSSL_MEMORY_C
+ *
+ * Enable the memory allocation layer.
+ * By default PolarSSL uses the system-provided malloc() and free().
+ * (As long as POLARSSL_MEMORY_STDMALLOC and POLARSSL_MEMORY_STDFREE
+ * are defined and unmodified)
+ *
+ * This allows different allocators (self-implemented or provided)
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define POLARSSL_MEMORY_C
+
+/**
+ * \def POLARSSL_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
+ * calls)
+ *
+ * Module: library/memory_buffer_alloc.c
+ *
+ * Requires: POLARSSL_MEMORY_C
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define POLARSSL_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def POLARSSL_NET_C
+ *
+ * Enable the TCP/IP networking routines.
+ *
+ * Module: library/net.c
+ *
+ * This module provides TCP/IP networking routines.
+ */
+#define POLARSSL_NET_C
+
+/**
+ * \def POLARSSL_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module: library/oid.c
+ * Caller: library/asn1write.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ * library/pkwrite.c
+ * library/rsa.c
+ * library/x509.c
+ * library/x509_create.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define POLARSSL_OID_C
+
+/**
+ * \def POLARSSL_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module: library/padlock.c
+ * Caller: library/aes.c
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define POLARSSL_PADLOCK_C
+
+/**
+ * \def POLARSSL_PBKDF2_C
+ *
+ * Enable PKCS#5 PBKDF2 key derivation function.
+ * DEPRECATED: Use POLARSSL_PKCS5_C instead
+ *
+ * Module: library/pbkdf2.c
+ *
+ * Requires: POLARSSL_PKCS5_C
+ *
+ * This module adds support for the PKCS#5 PBKDF2 key derivation function.
+ */
+#define POLARSSL_PBKDF2_C
+
+/**
+ * \def POLARSSL_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module: library/pem.c
+ * Caller: library/dhm.c
+ * library/pkparse.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: POLARSSL_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define POLARSSL_PEM_PARSE_C
+
+/**
+ * \def POLARSSL_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module: library/pem.c
+ * Caller: library/pkwrite.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * Requires: POLARSSL_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define POLARSSL_PEM_WRITE_C
+
+/**
+ * \def POLARSSL_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module: library/pk.c
+ * Caller: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define POLARSSL_PK_C
+
+/**
+ * \def POLARSSL_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module: library/pkparse.c
+ * Caller: library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: POLARSSL_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define POLARSSL_PK_PARSE_C
+
+/**
+ * \def POLARSSL_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module: library/pkwrite.c
+ * Caller: library/x509write.c
+ *
+ * Requires: POLARSSL_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define POLARSSL_PK_WRITE_C
+
+/**
+ * \def POLARSSL_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module: library/pkcs5.c
+ *
+ * Requires: POLARSSL_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define POLARSSL_PKCS5_C
+
+/**
+ * \def POLARSSL_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module: library/pkcs11.c
+ * Caller: library/pk.c
+ *
+ * Requires: POLARSSL_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define POLARSSL_PKCS11_C
+
+/**
+ * \def POLARSSL_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module: library/pkcs12.c
+ * Caller: library/pkparse.c
+ *
+ * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
+ * Can use: POLARSSL_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define POLARSSL_PKCS12_C
+
+/**
+ * \def POLARSSL_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module: library/rsa.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
+ */
+#define POLARSSL_RSA_C
+
+/**
+ * \def POLARSSL_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module: library/sha1.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS and SHA1-signed certificates.
+ */
+#define POLARSSL_SHA1_C
+
+/**
+ * \def POLARSSL_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ * (Used to be POLARSSL_SHA2_C)
+ *
+ * Module: library/sha256.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define POLARSSL_SHA256_C
+
+/**
+ * \def POLARSSL_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ * (Used to be POLARSSL_SHA4_C)
+ *
+ * Module: library/sha512.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define POLARSSL_SHA512_C
+
+/**
+ * \def POLARSSL_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module: library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SSL_CACHE_C
+ */
+#define POLARSSL_SSL_CACHE_C
+
+/**
+ * \def POLARSSL_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module: library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define POLARSSL_SSL_CLI_C
+
+/**
+ * \def POLARSSL_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module: library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define POLARSSL_SSL_SRV_C
+
+/**
+ * \def POLARSSL_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module: library/ssl_tls.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
+ * and at least one of the POLARSSL_SSL_PROTO_* defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define POLARSSL_SSL_TLS_C
+
+/**
+ * \def POLARSSL_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default PolarSSL assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions.
+ *
+ * Module: library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either POLARSSL_THREADING_ALT,
+ * POLARSSL_THREADING_PTHREAD or POLARSSL_THREADING_DUMMY.
+ *
+ * Enable this layer to allow use of mutexes within PolarSSL
+ */
+//#define POLARSSL_THREADING_C
+
+/**
+ * \def POLARSSL_TIMING_C
+ *
+ * Enable the portable timing interface.
+ *
+ * Module: library/timing.c
+ * Caller: library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define POLARSSL_TIMING_C
+
+/**
+ * \def POLARSSL_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module: library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define POLARSSL_VERSION_C
+
+/**
+ * \def POLARSSL_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module: library/x509.c
+ * Caller: library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
+ * POLARSSL_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define POLARSSL_X509_USE_C
+
+/**
+ * \def POLARSSL_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module: library/x509_crt.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * Requires: POLARSSL_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define POLARSSL_X509_CRT_PARSE_C
+
+/**
+ * \def POLARSSL_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module: library/x509_crl.c
+ * Caller: library/x509_crt.c
+ *
+ * Requires: POLARSSL_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define POLARSSL_X509_CRL_PARSE_C
+
+/**
+ * \def POLARSSL_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module: library/x509_csr.c
+ * Caller: library/x509_crt_write.c
+ *
+ * Requires: POLARSSL_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define POLARSSL_X509_CSR_PARSE_C
+
+/**
+ * \def POLARSSL_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module: library/x509_create.c
+ *
+ * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define POLARSSL_X509_CREATE_C
+
+/**
+ * \def POLARSSL_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module: library/x509_crt_write.c
+ *
+ * Requires: POLARSSL_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define POLARSSL_X509_CRT_WRITE_C
+
+/**
+ * \def POLARSSL_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module: library/x509_csr_write.c
+ *
+ * Requires: POLARSSL_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define POLARSSL_X509_CSR_WRITE_C
+
+/**
+ * \def POLARSSL_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module: library/xtea.c
+ * Caller:
+ */
+#define POLARSSL_XTEA_C
+
+/* \} name SECTION: PolarSSL modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ * Our advice is to enable POLARSSL_CONFIG_OPTIONS and change values here
+ * only if you have a good reason and know the consequences.
+ *
+ * If POLARSSL_CONFIG_OPTIONS is undefined here the options in the module
+ * header file take precedence.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ *
+ * Uncomment POLARSSL_CONFIG_OPTIONS to enable using the values defined here.
+ * \{
+ */
+//#define POLARSSL_CONFIG_OPTIONS /**< Enable config.h module value configuration */
+
+#if defined(POLARSSL_CONFIG_OPTIONS)
+
+// MPI / BIGNUM options
+//
+#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+
+// CTR_DRBG options
+//
+#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+
+// Entropy options
+//
+#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
+#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
+
+// Memory options
+#define MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
+#define POLARSSL_MEMORY_STDMALLOC malloc /**< Default allocator to use, can be undefined */
+#define POLARSSL_MEMORY_STDFREE free /**< Default free to use, can be undefined */
+
+// SSL Cache options
+//
+#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
+#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
+
+// SSL options
+//
+#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
+#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
+
+#endif /* POLARSSL_CONFIG_OPTIONS */
+
+/* \} name */
+
+/*
+ * Sanity checks on defines and dependencies
+ */
+#if defined(POLARSSL_CERTS_C) && !defined(POLARSSL_PEM_PARSE_C)
+#error "POLARSSL_CERTS_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_CTR_DRBG_C) && !defined(POLARSSL_AES_C)
+#error "POLARSSL_CTR_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_DHM_C) && !defined(POLARSSL_BIGNUM_C)
+#error "POLARSSL_DHM_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_ECDH_C) && !defined(POLARSSL_ECP_C)
+#error "POLARSSL_ECDH_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_ECDSA_C) && \
+ ( !defined(POLARSSL_ECP_C) || \
+ !defined(POLARSSL_ASN1_PARSE_C) || \
+ !defined(POLARSSL_ASN1_WRITE_C) )
+#error "POLARSSL_ECDSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_ECP_C) && ( !defined(POLARSSL_BIGNUM_C) || ( \
+ !defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) && \
+ !defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) && \
+ !defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) && \
+ !defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) && \
+ !defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) && \
+ !defined(POLARSSL_ECP_DP_BP256R1_ENABLED) && \
+ !defined(POLARSSL_ECP_DP_BP384R1_ENABLED) && \
+ !defined(POLARSSL_ECP_DP_BP512R1_ENABLED) ) )
+#error "POLARSSL_ECP_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \
+ !defined(POLARSSL_SHA256_C))
+#error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
+#endif
+#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \
+ defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) && \
+ defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+
+#if defined(POLARSSL_GCM_C) && ( \
+ !defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
+#error "POLARSSL_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C)
+#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM_C)
+#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
+ !defined(POLARSSL_ECDH_C)
+#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
+ ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
+ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
+ !defined(POLARSSL_X509_CRT_PARSE_C) )
+#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
+ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
+ !defined(POLARSSL_PKCS1_V15) )
+#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
+ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
+ !defined(POLARSSL_PKCS1_V15) )
+#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && !defined(POLARSSL_MEMORY_C)
+#error "POLARSSL_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PBKDF2_C) && !defined(POLARSSL_MD_C)
+#error "POLARSSL_PBKDF2_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PEM_PARSE_C) && !defined(POLARSSL_BASE64_C)
+#error "POLARSSL_PEM_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PEM_WRITE_C) && !defined(POLARSSL_BASE64_C)
+#error "POLARSSL_PEM_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PK_PARSE_C) && !defined(POLARSSL_PK_C)
+#error "POLARSSL_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PK_WRITE_C) && !defined(POLARSSL_PK_C)
+#error "POLARSSL_PK_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C)
+#error "POLARSSL_PKCS11_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \
+ !defined(POLARSSL_OID_C) )
+#error "POLARSSL_RSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \
+ !defined(POLARSSL_SHA1_C) )
+#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) && ( !defined(POLARSSL_MD5_C) || \
+ !defined(POLARSSL_SHA1_C) )
+#error "POLARSSL_SSL_PROTO_TLS1 defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_1) && ( !defined(POLARSSL_MD5_C) || \
+ !defined(POLARSSL_SHA1_C) )
+#error "POLARSSL_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2) && ( !defined(POLARSSL_SHA1_C) && \
+ !defined(POLARSSL_SHA256_C) && !defined(POLARSSL_SHA512_C) )
+#error "POLARSSL_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C)
+#error "POLARSSL_SSL_CLI_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \
+ !defined(POLARSSL_MD_C) )
+#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_SRV_C) && !defined(POLARSSL_SSL_TLS_C)
+#error "POLARSSL_SSL_SRV_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_SSL_TLS_C) && (!defined(POLARSSL_SSL_PROTO_SSL3) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1) && !defined(POLARSSL_SSL_PROTO_TLS1_1) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1_2))
+#error "POLARSSL_SSL_TLS_C defined, but no protocols are active"
+#endif
+
+#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
+ defined(POLARSSL_SSL_PROTO_TLS1_1) && !defined(POLARSSL_SSL_PROTO_TLS1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_TLS1) && \
+ defined(POLARSSL_SSL_PROTO_TLS1_2) && !defined(POLARSSL_SSL_PROTO_TLS1_1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
+ defined(POLARSSL_SSL_PROTO_TLS1_2) && (!defined(POLARSSL_SSL_PROTO_TLS1) || \
+ !defined(POLARSSL_SSL_PROTO_TLS1_1)))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \
+ ( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \
+ !defined(POLARSSL_CIPHER_MODE_CBC) )
+#error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_THREADING_DUMMY)
+#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_DUMMY defined, but not all prerequisites"
+#endif
+#define POLARSSL_THREADING_IMPL
+#endif
+
+#if defined(POLARSSL_THREADING_PTHREAD)
+#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_PTHREAD defined, but not all prerequisites"
+#endif
+#define POLARSSL_THREADING_IMPL
+#endif
+
+#if defined(POLARSSL_THREADING_ALT)
+#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_ALT defined, but not all prerequisites"
+#endif
+#define POLARSSL_THREADING_IMPL
+#endif
+
+#if defined(POLARSSL_THREADING_C) && !defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_C defined, single threading implementation required"
+#endif
+#undef POLARSSL_THREADING_IMPL
+
+#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
+ !defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \
+ !defined(POLARSSL_PK_PARSE_C) )
+#error "POLARSSL_X509_USE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_X509_CREATE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
+ !defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
+ !defined(POLARSSL_PK_WRITE_C) )
+#error "POLARSSL_X509_CREATE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
+#error "POLARSSL_X509_CRT_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_X509_CRL_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
+#error "POLARSSL_X509_CRL_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_X509_CSR_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
+#error "POLARSSL_X509_CSR_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_X509_CRT_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
+#error "POLARSSL_X509_CRT_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_X509_CSR_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
+#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
+#endif
+
+#endif /* config.h */
*
* \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#define CTR_DRBG_KEYBITS ( CTR_DRBG_KEYSIZE * 8 )
#define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE )
/**< The seed length (counter + AES key) */
-#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
+
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#if defined(POLARSSL_SHA512_C)
+#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#else
+#define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#endif
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
#define CTR_DRBG_PR_OFF 0 /**< No prediction resistance */
#define CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */
/**
* \brief Write a seed file
*
+ * \param ctx CTR_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error, or
* \brief Read and update a seed file. Seed is added to this
* instance
*
+ * \param ctx CTR_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error,
*/
int ctr_drbg_self_test( int verbose );
+/* Internal functions (do not call directly) */
+int ctr_drbg_init_entropy_len( ctr_drbg_context *, int (*)(void *, unsigned char *, size_t), void *, const unsigned char *, size_t, size_t );
+
#ifdef __cplusplus
}
#endif
#include "config.h"
#include "ssl.h"
+#if defined(POLARSSL_ECP_C)
+#include "ecp.h"
+#endif
-#if defined(POLARSSL_DEBUG_MSG) && defined(POLARSSL_DEBUG_C)
+#if defined(POLARSSL_DEBUG_C)
#define SSL_DEBUG_MSG( level, args ) \
debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
#define SSL_DEBUG_BUF( level, text, buf, len ) \
debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
+#if defined(POLARSSL_BIGNUM_C)
#define SSL_DEBUG_MPI( level, text, X ) \
debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
+#endif
+#if defined(POLARSSL_ECP_C)
+#define SSL_DEBUG_ECP( level, text, X ) \
+ debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
#define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
+#endif
#else
#define SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
#define SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
#define SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
+#define SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
#define SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
#endif
const char *file, int line, const char *text,
unsigned char *buf, size_t len );
+#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mpi *X );
+#endif
+#if defined(POLARSSL_ECP_C)
+void debug_print_ecp( const ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const ecp_point *X );
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
- const char *text, const x509_cert *crt );
+ const char *text, const x509_crt *crt );
+#endif
#ifdef __cplusplus
}
*
* \brief DES block cipher
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_DES_H
#define POLARSSL_DES_H
+#include "config.h"
+
#include <string.h>
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
#define DES_KEY_SIZE 8
+#if !defined(POLARSSL_DES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief DES context structure
*/
typedef struct
{
int mode; /*!< encrypt/decrypt */
- unsigned long sk[32]; /*!< DES subkeys */
+ uint32_t sk[32]; /*!< DES subkeys */
}
des_context;
typedef struct
{
int mode; /*!< encrypt/decrypt */
- unsigned long sk[96]; /*!< 3DES subkeys */
+ uint32_t sk[96]; /*!< 3DES subkeys */
}
des3_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Set key parity on the given key to odd.
*
const unsigned char input[8],
unsigned char output[8] );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/**
* \brief DES-CBC buffer encryption/decryption
*
unsigned char iv[8],
const unsigned char *input,
unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
/**
* \brief 3DES-ECB block encryption/decryption
const unsigned char input[8],
unsigned char output[8] );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/**
* \brief 3DES-CBC buffer encryption/decryption
*
unsigned char iv[8],
const unsigned char *input,
unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_DES_ALT */
+#include "des_alt.h"
+#endif /* POLARSSL_DES_ALT */
-/*
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
--- /dev/null
+/**
+ * \file dhm.h
+ *
+ * \brief Diffie-Hellman-Merkle key exchange
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_DHM_H
+#define POLARSSL_DHM_H
+
+#include "bignum.h"
+
+/*
+ * DHM Error codes
+ */
+#define POLARSSL_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters to function. */
+#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */
+#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */
+#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */
+#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */
+#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */
+#define POLARSSL_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */
+#define POLARSSL_ERR_DHM_MALLOC_FAILED -0x3400 /**< Allocation of memory failed. */
+#define POLARSSL_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */
+
+/**
+ * RFC 3526 defines a number of standardized Diffie-Hellman groups
+ * for IKE.
+ * RFC 5114 defines a number of standardized Diffie-Hellman groups
+ * that can be used.
+ *
+ * Some are included here for convenience.
+ *
+ * Included are:
+ * RFC 3526 3. 2048-bit MODP Group
+ * RFC 3526 4. 3072-bit MODP Group
+ * RFC 5114 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup
+ * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
+ */
+#define POLARSSL_DHM_RFC3526_MODP_2048_P \
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+ "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
+
+#define POLARSSL_DHM_RFC3526_MODP_2048_G "02"
+
+#define POLARSSL_DHM_RFC3526_MODP_3072_P \
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+ "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+ "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+ "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
+
+#define POLARSSL_DHM_RFC3526_MODP_3072_G "02"
+
+#define POLARSSL_DHM_RFC5114_MODP_1024_P \
+ "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" \
+ "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" \
+ "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" \
+ "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" \
+ "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" \
+ "DF1FB2BC2E4A4371"
+
+#define POLARSSL_DHM_RFC5114_MODP_1024_G \
+ "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" \
+ "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" \
+ "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" \
+ "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" \
+ "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" \
+ "855E6EEB22B3B2E5"
+
+#define POLARSSL_DHM_RFC5114_MODP_2048_P \
+ "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
+ "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
+ "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
+ "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
+ "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
+ "B3BF8A317091883681286130BC8985DB1602E714415D9330" \
+ "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
+ "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
+ "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
+ "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
+ "CF9DE5384E71B81C0AC4DFFE0C10E64F"
+
+#define POLARSSL_DHM_RFC5114_MODP_2048_G \
+ "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
+ "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
+ "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
+ "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
+ "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
+ "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
+ "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
+ "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
+ "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
+ "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
+ "81BC087F2A7065B384B890D3191F2BFA"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief DHM context structure
+ */
+typedef struct
+{
+ size_t len; /*!< size(P) in chars */
+ mpi P; /*!< prime modulus */
+ mpi G; /*!< generator */
+ mpi X; /*!< secret value */
+ mpi GX; /*!< self = G^X mod P */
+ mpi GY; /*!< peer = G^Y mod P */
+ mpi K; /*!< key = GY^X mod P */
+ mpi RP; /*!< cached R^2 mod P */
+ mpi Vi; /*!< blinding value */
+ mpi Vf; /*!< un-blinding value */
+ mpi pX; /*!< previous X */
+}
+dhm_context;
+
+/**
+ * \brief Parse the ServerKeyExchange parameters
+ *
+ * \param ctx DHM context
+ * \param p &(start of input buffer)
+ * \param end end of buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ */
+int dhm_read_params( dhm_context *ctx,
+ unsigned char **p,
+ const unsigned char *end );
+
+/**
+ * \brief Setup and write the ServerKeyExchange parameters
+ *
+ * \param ctx DHM context
+ * \param x_size private value size in bytes
+ * \param output destination buffer
+ * \param olen number of chars written
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \note This function assumes that ctx->P and ctx->G
+ * have already been properly set (for example
+ * using mpi_read_string or mpi_read_binary).
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ */
+int dhm_make_params( dhm_context *ctx, int x_size,
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Import the peer's public value G^Y
+ *
+ * \param ctx DHM context
+ * \param input input buffer
+ * \param ilen size of buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ */
+int dhm_read_public( dhm_context *ctx,
+ const unsigned char *input, size_t ilen );
+
+/**
+ * \brief Create own private value X and export G^X
+ *
+ * \param ctx DHM context
+ * \param x_size private value size in bytes
+ * \param output destination buffer
+ * \param olen must be equal to ctx->P.len
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ */
+int dhm_make_public( dhm_context *ctx, int x_size,
+ unsigned char *output, size_t olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Derive and export the shared secret (G^Y)^X mod P
+ *
+ * \param ctx DHM context
+ * \param output destination buffer
+ * \param olen number of chars written
+ * \param f_rng RNG function, for blinding purposes
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ *
+ * \note If non-NULL, f_rng is used to blind the input as
+ * countermeasure against timing attacks. Blinding is
+ * automatically used if and only if our secret value X is
+ * re-used and costs nothing otherwise, so it is recommended
+ * to always pass a non-NULL f_rng argument.
+ */
+int dhm_calc_secret( dhm_context *ctx,
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Free the components of a DHM key
+ */
+void dhm_free( dhm_context *ctx );
+
+#if defined(POLARSSL_ASN1_PARSE_C)
+/** \ingroup x509_module */
+/**
+ * \brief Parse DHM parameters
+ *
+ * \param dhm DHM context to be initialized
+ * \param dhmin input buffer
+ * \param dhminlen size of the buffer
+ *
+ * \return 0 if successful, or a specific DHM or PEM error code
+ */
+int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin,
+ size_t dhminlen );
+
+#if defined(POLARSSL_FS_IO)
+/** \ingroup x509_module */
+/**
+ * \brief Load and parse DHM parameters
+ *
+ * \param dhm DHM context to be initialized
+ * \param path filename to read the DHM Parameters from
+ *
+ * \return 0 if successful, or a specific DHM or PEM error code
+ */
+int dhm_parse_dhmfile( dhm_context *dhm, const char *path );
+#endif /* POLARSSL_FS_IO */
+#endif /* POLARSSL_ASN1_PARSE_C */
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int dhm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/**
+ * \file ecdh.h
+ *
+ * \brief Elliptic curve Diffie-Hellman
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_ECDH_H
+#define POLARSSL_ECDH_H
+
+#include "ecp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief ECDH context structure
+ */
+typedef struct
+{
+ ecp_group grp; /*!< ellipitic curve used */
+ mpi d; /*!< our secret value */
+ ecp_point Q; /*!< our public value */
+ ecp_point Qp; /*!< peer's public value */
+ mpi z; /*!< shared secret */
+ int point_format; /*!< format for point export */
+ ecp_point Vi; /*!< blinding value (for later) */
+ ecp_point Vf; /*!< un-blinding value (for later) */
+ mpi _d; /*!< previous d */
+}
+ecdh_context;
+
+/**
+ * \brief Generate a public key
+ *
+ * \param grp ECP group
+ * \param d Destination MPI (secret exponent)
+ * \param Q Destination point (public key)
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful,
+ * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ */
+int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Compute shared secret
+ *
+ * \param grp ECP group
+ * \param z Destination MPI (shared secret)
+ * \param Q Public key from other party
+ * \param d Our secret exponent
+ * \param f_rng RNG function (see notes)
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful,
+ * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *
+ * \note If f_rng is not NULL, it is used to implement
+ * countermeasures against potential elaborate timing
+ * attacks, see \c ecp_mul() for details.
+ */
+int ecdh_compute_shared( ecp_group *grp, mpi *z,
+ const ecp_point *Q, const mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Initialize context
+ *
+ * \param ctx Context to initialize
+ */
+void ecdh_init( ecdh_context *ctx );
+
+/**
+ * \brief Free context
+ *
+ * \param ctx Context to free
+ */
+void ecdh_free( ecdh_context *ctx );
+
+/**
+ * \brief Setup and write the ServerKeyExhange parameters
+ *
+ * \param ctx ECDH context
+ * \param olen number of chars written
+ * \param buf destination buffer
+ * \param blen length of buffer
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \note This function assumes that ctx->grp has already been
+ * properly set (for example using ecp_use_known_dp).
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ */
+int ecdh_make_params( ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Parse the ServerKeyExhange parameters
+ *
+ * \param ctx ECDH context
+ * \param buf pointer to start of input buffer
+ * \param end one past end of buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ */
+int ecdh_read_params( ecdh_context *ctx,
+ const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief Setup and export the client's public value
+ *
+ * \param ctx ECDH context
+ * \param olen number of bytes actually written
+ * \param buf destination buffer
+ * \param blen size of destination buffer
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ */
+int ecdh_make_public( ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Parse and import the client's public value
+ *
+ * \param ctx ECDH context
+ * \param buf start of input buffer
+ * \param blen length of input buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ */
+int ecdh_read_public( ecdh_context *ctx,
+ const unsigned char *buf, size_t blen );
+
+/**
+ * \brief Derive and export the shared secret
+ *
+ * \param ctx ECDH context
+ * \param olen number of bytes written
+ * \param buf destination buffer
+ * \param blen buffer length
+ * \param f_rng RNG function, see notes for \c ecdh_compute_shared()
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ */
+int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int ecdh_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/**
+ * \file ecdsa.h
+ *
+ * \brief Elliptic curve DSA
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_ECDSA_H
+#define POLARSSL_ECDSA_H
+
+#include "ecp.h"
+
+/**
+ * \brief ECDSA context structure
+ *
+ * \note Purposefully begins with the same members as struct ecp_keypair.
+ */
+typedef struct
+{
+ ecp_group grp; /*!< ellipitic curve used */
+ mpi d; /*!< secret signature key */
+ ecp_point Q; /*!< public signature key */
+ mpi r; /*!< first integer from signature */
+ mpi s; /*!< second integer from signature */
+}
+ecdsa_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Compute ECDSA signature of a previously hashed message
+ *
+ * \param grp ECP group
+ * \param r First output integer
+ * \param s Second output integer
+ * \param d Private signing key
+ * \param buf Message hash
+ * \param blen Length of buf
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful,
+ * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ */
+int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
+ const mpi *d, const unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief Verify ECDSA signature of a previously hashed message
+ *
+ * \param grp ECP group
+ * \param buf Message hash
+ * \param blen Length of buf
+ * \param Q Public key to use for verification
+ * \param r First integer of the signature
+ * \param s Second integer of the signature
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ */
+int ecdsa_verify( ecp_group *grp,
+ const unsigned char *buf, size_t blen,
+ const ecp_point *Q, const mpi *r, const mpi *s);
+
+/**
+ * \brief Compute ECDSA signature and write it to buffer,
+ * serialized as defined in RFC 4492 page 20.
+ * (Not thread-safe to use same context in multiple threads)
+ *
+ * \param ctx ECDSA context
+ * \param hash Message hash
+ * \param hlen Length of hash
+ * \param sig Buffer that will hold the signature
+ * \param slen Length of the signature written
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \note The "sig" buffer must be at least as large as twice the
+ * size of the curve used, plus 7 (eg. 71 bytes if a 256-bit
+ * curve is used).
+ *
+ * \return 0 if successful,
+ * or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or
+ * POLARSSL_ERR_ASN1 error code
+ */
+int ecdsa_write_signature( ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Read and verify an ECDSA signature
+ *
+ * \param ctx ECDSA context
+ * \param hash Message hash
+ * \param hlen Size of hash
+ * \param sig Signature to read and verify
+ * \param slen Size of sig
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ * or a POLARSSL_ERR_ECP or POLARSSL_ERR_MPI error code
+ */
+int ecdsa_read_signature( ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen );
+
+/**
+ * \brief Generate an ECDSA keypair on the given curve
+ *
+ * \param ctx ECDSA context in which the keypair should be stored
+ * \param gid Group (elliptic curve) to use. One of the various
+ * POLARSSL_ECP_DP_XXX macros depending on configuration.
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 on success, or a POLARSSL_ERR_ECP code.
+ */
+int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief Set an ECDSA context from an EC key pair
+ *
+ * \param ctx ECDSA context to set
+ * \param key EC key to use
+ *
+ * \return 0 on success, or a POLARSSL_ERR_ECP code.
+ */
+int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key );
+
+/**
+ * \brief Initialize context
+ *
+ * \param ctx Context to initialize
+ */
+void ecdsa_init( ecdsa_context *ctx );
+
+/**
+ * \brief Free context
+ *
+ * \param ctx Context to free
+ */
+void ecdsa_free( ecdsa_context *ctx );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int ecdsa_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/**
+ * \file ecp.h
+ *
+ * \brief Elliptic curves over GF(p)
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_ECP_H
+#define POLARSSL_ECP_H
+
+#include "bignum.h"
+
+/*
+ * ECP error codes
+ */
+#define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */
+#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */
+#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */
+#define POLARSSL_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */
+#define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80 /**< Memory allocation failed. */
+#define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */
+#define POLARSSL_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Domain parameters (curve, subgroup and generator) identifiers.
+ *
+ * Only curves over prime fields are supported.
+ *
+ * \warning This library does not support validation of arbitrary domain
+ * parameters. Therefore, only well-known domain parameters from trusted
+ * sources should be used. See ecp_use_known_dp().
+ */
+typedef enum
+{
+ POLARSSL_ECP_DP_NONE = 0,
+ POLARSSL_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */
+ POLARSSL_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */
+ POLARSSL_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */
+ POLARSSL_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */
+ POLARSSL_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
+ POLARSSL_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */
+ POLARSSL_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */
+ POLARSSL_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */
+} ecp_group_id;
+
+/**
+ * Number of supported curves (plus one for NONE)
+ */
+#define POLARSSL_ECP_DP_MAX 9
+
+/**
+ * Curve information for use by other modules
+ */
+typedef struct
+{
+ ecp_group_id grp_id; /*!< Internal identifier */
+ uint16_t tls_id; /*!< TLS NamedCurve identifier */
+ uint16_t size; /*!< Curve size in bits */
+ const char *name; /*!< Human-friendly name */
+} ecp_curve_info;
+
+/**
+ * \brief ECP point structure (jacobian coordinates)
+ *
+ * \note All functions expect and return points satisfying
+ * the following condition: Z == 0 or Z == 1. (Other
+ * values of Z are used by internal functions only.)
+ * The point is zero, or "at infinity", if Z == 0.
+ * Otherwise, X and Y are its standard (affine) coordinates.
+ */
+typedef struct
+{
+ mpi X; /*!< the point's X coordinate */
+ mpi Y; /*!< the point's Y coordinate */
+ mpi Z; /*!< the point's Z coordinate */
+}
+ecp_point;
+
+/**
+ * \brief ECP group structure
+ *
+ * The curves we consider are defined by y^2 = x^3 + A x + B mod P,
+ * and a generator for a large subgroup of order N is fixed.
+ *
+ * pbits and nbits must be the size of P and N in bits.
+ *
+ * If modp is NULL, reduction modulo P is done using a generic algorithm.
+ * Otherwise, it must point to a function that takes an mpi in the range
+ * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
+ * than pbits, so that the integer may be efficiently brought in the 0..P-1
+ * range by a few additions or substractions. It must return 0 on success and
+ * non-zero on failure.
+ */
+typedef struct
+{
+ ecp_group_id id; /*!< internal group identifier */
+ mpi P; /*!< prime modulus of the base field */
+ mpi A; /*!< linear term in the equation */
+ mpi B; /*!< constant term in the equation */
+ ecp_point G; /*!< generator of the subgroup used */
+ mpi N; /*!< the order of G */
+ size_t pbits; /*!< number of bits in P */
+ size_t nbits; /*!< number of bits in N */
+ unsigned int h; /*!< cofactor (unused now: assume 1) */
+ int (*modp)(mpi *); /*!< function for fast reduction mod P */
+ int (*t_pre)(ecp_point *, void *); /*!< currently unused */
+ int (*t_post)(ecp_point *, void *); /*!< currently unused */
+ void *t_data; /*!< currently unused */
+ ecp_point *T; /*!< pre-computed points for ecp_mul() */
+ size_t T_size; /*!< number for pre-computed points */
+}
+ecp_group;
+
+/**
+ * \brief ECP key pair structure
+ *
+ * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
+ *
+ * \note Members purposefully in the same order as struc ecdsa_context.
+ */
+typedef struct
+{
+ ecp_group grp; /*!< Elliptic curve and base point */
+ mpi d; /*!< our secret value */
+ ecp_point Q; /*!< our public value */
+}
+ecp_keypair;
+
+/**
+ * Maximum size of the groups (that is, of N and P)
+ */
+#define POLARSSL_ECP_MAX_BITS 521
+#define POLARSSL_ECP_MAX_BYTES ( ( POLARSSL_ECP_MAX_BITS + 7 ) / 8 )
+#define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 )
+
+/*
+ * Maximum window size (actually, NAF width) used for point multipliation.
+ * Default: 8.
+ * Minimum value: 2. Maximum value: 8.
+ *
+ * Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
+ * points used for point multiplication.
+ *
+ * Reduction in size may reduce speed for big curves.
+ */
+#define POLARSSL_ECP_WINDOW_SIZE 8 /**< Maximum NAF width used. */
+
+/*
+ * Point formats, from RFC 4492's enum ECPointFormat
+ */
+#define POLARSSL_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */
+#define POLARSSL_ECP_PF_COMPRESSED 1 /**< Compressed point format */
+
+/*
+ * Some other constants from RFC 4492
+ */
+#define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
+
+/**
+ * \brief Return the list of supported curves with associated info
+ *
+ * \return A statically allocated array, the last entry is 0.
+ */
+const ecp_curve_info *ecp_curve_list( void );
+
+/**
+ * \brief Get curve information from an internal group identifier
+ *
+ * \param grp_id A POLARSSL_ECP_DP_XXX value
+ *
+ * \return The associated curve information or NULL
+ */
+const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id );
+
+/**
+ * \brief Get curve information from a TLS NamedCurve value
+ *
+ * \param grp_id A POLARSSL_ECP_DP_XXX value
+ *
+ * \return The associated curve information or NULL
+ */
+const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
+
+/**
+ * \brief Initialize a point (as zero)
+ */
+void ecp_point_init( ecp_point *pt );
+
+/**
+ * \brief Initialize a group (to something meaningless)
+ */
+void ecp_group_init( ecp_group *grp );
+
+/**
+ * \brief Initialize a key pair (as an invalid one)
+ */
+void ecp_keypair_init( ecp_keypair *key );
+
+/**
+ * \brief Free the components of a point
+ */
+void ecp_point_free( ecp_point *pt );
+
+/**
+ * \brief Free the components of an ECP group
+ */
+void ecp_group_free( ecp_group *grp );
+
+/**
+ * \brief Free the components of a key pair
+ */
+void ecp_keypair_free( ecp_keypair *key );
+
+/**
+ * \brief Copy the contents of point Q into P
+ *
+ * \param P Destination point
+ * \param Q Source point
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ */
+int ecp_copy( ecp_point *P, const ecp_point *Q );
+
+/**
+ * \brief Copy the contents of a group object
+ *
+ * \param dst Destination group
+ * \param src Source group
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ */
+int ecp_group_copy( ecp_group *dst, const ecp_group *src );
+
+/**
+ * \brief Set a point to zero
+ *
+ * \param pt Destination point
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ */
+int ecp_set_zero( ecp_point *pt );
+
+/**
+ * \brief Tell if a point is zero
+ *
+ * \param pt Point to test
+ *
+ * \return 1 if point is zero, 0 otherwise
+ */
+int ecp_is_zero( ecp_point *pt );
+
+/**
+ * \brief Import a non-zero point from two ASCII strings
+ *
+ * \param P Destination point
+ * \param radix Input numeric base
+ * \param x First affine coordinate as a null-terminated string
+ * \param y Second affine coordinate as a null-terminated string
+ *
+ * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
+ */
+int ecp_point_read_string( ecp_point *P, int radix,
+ const char *x, const char *y );
+
+/**
+ * \brief Export a point into unsigned binary data
+ *
+ * \param grp Group to which the point should belong
+ * \param P Point to export
+ * \param format Point format, should be a POLARSSL_ECP_PF_XXX macro
+ * \param olen Length of the actual output
+ * \param buf Output buffer
+ * \param buflen Length of the output buffer
+ *
+ * \return 0 if successful,
+ * or POLARSSL_ERR_ECP_BAD_INPUT_DATA
+ * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen );
+
+/**
+ * \brief Import a point from unsigned binary data
+ *
+ * \param grp Group to which the point should belong
+ * \param P Point to import
+ * \param buf Input buffer
+ * \param ilen Actual length of input
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *
+ * \note This function does NOT check that the point actually
+ * belongs to the given group, see ecp_check_pubkey() for
+ * that.
+ */
+int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
+ const unsigned char *buf, size_t ilen );
+
+/**
+ * \brief Import a point from a TLS ECPoint record
+ *
+ * \param grp ECP group used
+ * \param pt Destination point
+ * \param buf $(Start of input buffer)
+ * \param len Buffer length
+ *
+ * \return O if successful,
+ * POLARSSL_ERR_MPI_XXX if initialization failed
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
+ const unsigned char **buf, size_t len );
+
+/**
+ * \brief Export a point as a TLS ECPoint record
+ *
+ * \param grp ECP group used
+ * \param pt Point to export
+ * \param format Export format
+ * \param olen length of data written
+ * \param buf Buffer to write to
+ * \param blen Buffer length
+ *
+ * \return 0 if successful,
+ * or POLARSSL_ERR_ECP_BAD_INPUT_DATA
+ * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
+ int format, size_t *olen,
+ unsigned char *buf, size_t blen );
+
+/**
+ * \brief Import an ECP group from null-terminated ASCII strings
+ *
+ * \param grp Destination group
+ * \param radix Input numeric base
+ * \param p Prime modulus of the base field
+ * \param b Constant term in the equation
+ * \param gx The generator's X coordinate
+ * \param gy The generator's Y coordinate
+ * \param n The generator's order
+ *
+ * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
+ *
+ * \note Sets all fields except modp.
+ */
+int ecp_group_read_string( ecp_group *grp, int radix,
+ const char *p, const char *b,
+ const char *gx, const char *gy, const char *n);
+
+/**
+ * \brief Set a group using well-known domain parameters
+ *
+ * \param grp Destination group
+ * \param index Index in the list of well-known domain parameters
+ *
+ * \return O if successful,
+ * POLARSSL_ERR_MPI_XXX if initialization failed
+ * POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
+ *
+ * \note Index should be a value of RFC 4492's enum NamdeCurve,
+ * possibly in the form of a POLARSSL_ECP_DP_XXX macro.
+ */
+int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
+
+/**
+ * \brief Set a group from a TLS ECParameters record
+ *
+ * \param grp Destination group
+ * \param buf &(Start of input buffer)
+ * \param len Buffer length
+ *
+ * \return O if successful,
+ * POLARSSL_ERR_MPI_XXX if initialization failed
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len );
+
+/**
+ * \brief Write the TLS ECParameters record for a group
+ *
+ * \param grp ECP group used
+ * \param olen Number of bytes actually written
+ * \param buf Buffer to write to
+ * \param blen Buffer length
+ *
+ * \return 0 if successful,
+ * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
+ unsigned char *buf, size_t blen );
+
+/**
+ * \brief Addition: R = P + Q
+ *
+ * \param grp ECP group
+ * \param R Destination point
+ * \param P Left-hand point
+ * \param Q Right-hand point
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ */
+int ecp_add( const ecp_group *grp, ecp_point *R,
+ const ecp_point *P, const ecp_point *Q );
+
+/**
+ * \brief Subtraction: R = P - Q
+ *
+ * \param grp ECP group
+ * \param R Destination point
+ * \param P Left-hand point
+ * \param Q Right-hand point
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ */
+int ecp_sub( const ecp_group *grp, ecp_point *R,
+ const ecp_point *P, const ecp_point *Q );
+
+/**
+ * \brief Multiplication by an integer: R = m * P
+ * (Not thread-safe to use same group in multiple threads)
+ *
+ * \param grp ECP group
+ * \param R Destination point
+ * \param m Integer by which to multiply
+ * \param P Point to multiply
+ * \param f_rng RNG function (see notes)
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA if m < 0 of m has greater
+ * bit length than N, the number of points in the group.
+ *
+ * \note In order to prevent simple timing attacks, this function
+ * executes a constant number of operations (that is, point
+ * doubling and addition of distinct points) for random m in
+ * the allowed range.
+ *
+ * \note If f_rng is not NULL, it is used to randomize projective
+ * coordinates of indermediate results, in order to prevent
+ * more elaborate timing attacks relying on intermediate
+ * operations. (This is a prophylactic measure since no such
+ * attack has been published yet.) Since this contermeasure
+ * has very low overhead, it is recommended to always provide
+ * a non-NULL f_rng parameter when using secret inputs.
+ */
+int ecp_mul( ecp_group *grp, ecp_point *R,
+ const mpi *m, const ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+
+/**
+ * \brief Check that a point is a valid public key on this curve
+ *
+ * \param grp Curve/group the point should belong to
+ * \param pt Point to check
+ *
+ * \return 0 if point is a valid public key,
+ * POLARSSL_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note This function only checks the point is non-zero, has valid
+ * coordinates and lies on the curve, but not that it is
+ * indeed a multiple of G. This is additional check is more
+ * expensive, isn't required by standards, and shouldn't be
+ * necessary if the group used has a small cofactor. In
+ * particular, it is useless for the NIST groups which all
+ * have a cofactor of 1.
+ *
+ * \note Uses bare components rather than an ecp_keypair structure
+ * in order to ease use with other structures such as
+ * ecdh_context of ecdsa_context.
+ */
+int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
+
+/**
+ * \brief Check that an mpi is a valid private key for this curve
+ *
+ * \param grp Group used
+ * \param d Integer to check
+ *
+ * \return 0 if point is a valid private key,
+ * POLARSSL_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note Uses bare components rather than an ecp_keypair structure
+ * in order to ease use with other structures such as
+ * ecdh_context of ecdsa_context.
+ */
+int ecp_check_privkey( const ecp_group *grp, const mpi *d );
+
+/**
+ * \brief Generate a keypair
+ *
+ * \param grp ECP group
+ * \param d Destination MPI (secret part)
+ * \param Q Destination point (public part)
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful,
+ * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *
+ * \note Uses bare components rather than an ecp_keypair structure
+ * in order to ease use with other structures such as
+ * ecdh_context of ecdsa_context.
+ */
+int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int ecp_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
*
* \brief Entropy accumulator implementation
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "config.h"
-#include "sha4.h"
+#if defined(POLARSSL_SHA512_C)
+#include "sha512.h"
+#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
+#else
+#if defined(POLARSSL_SHA256_C)
+#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR
+#include "sha256.h"
+#endif
+#endif
+
+#if defined(POLARSSL_THREADING_C)
+#include "threading.h"
+#endif
+
#if defined(POLARSSL_HAVEGE_C)
#include "havege.h"
#endif
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */
+#if !defined(POLARSSL_CONFIG_OPTIONS)
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
+#else
+#define ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
+#endif
#define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES
/**
* \brief Entropy context structure
*/
-typedef struct
+typedef struct
{
- sha4_context accumulator;
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
+ sha512_context accumulator;
+#else
+ sha256_context accumulator;
+#endif
int source_count;
source_state source[ENTROPY_MAX_SOURCES];
#if defined(POLARSSL_HAVEGE_C)
havege_state havege_data;
#endif
+#if defined(POLARSSL_THREADING_C)
+ threading_mutex_t mutex; /*!< mutex */
+#endif
}
entropy_context;
*/
void entropy_init( entropy_context *ctx );
+/**
+ * \brief Free the data in the context
+ *
+ * \param ctx Entropy context to free
+ */
+void entropy_free( entropy_context *ctx );
+
/**
* \brief Adds an entropy source to poll
*
/**
* \brief Retrieve entropy from the accumulator (Max ENTROPY_BLOCK_SIZE)
+ * (Thread-safe if POLARSSL_THREADING_C is enabled)
*
* \param data Entropy context
* \param output Buffer to fill
*
* \brief Error to string translation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_ERROR_H
#define POLARSSL_ERROR_H
+#include <string.h>
+
/**
* Error code layout.
*
*
* Module Nr Codes assigned
* MPI 7 0x0002-0x0010
- * ASN1 6 0x0014-0x001E
+ * GCM 2 0x0012-0x0014
+ * BLOWFISH 2 0x0016-0x0018
+ * THREADING 3 0x001A-0x001E
* AES 2 0x0020-0x0022
* CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C
+ * OID 1 0x002E-0x002E
* PADLOCK 1 0x0030-0x0030
* DES 1 0x0032-0x0032
- * NET 11 0x0040-0x0054
* CTR_DBRG 3 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040
+ * NET 11 0x0042-0x0056
+ * ASN1 7 0x0060-0x006C
* MD2 1 0x0070-0x0070
* MD4 1 0x0072-0x0072
* MD5 1 0x0074-0x0074
* SHA1 1 0x0076-0x0076
- * SHA2 1 0x0078-0x0078
- * SHA4 1 0x007A-0x007A
+ * SHA256 1 0x0078-0x0078
+ * SHA512 1 0x007A-0x007A
+ * PBKDF2 1 0x007C-0x007C
*
* High-level module nr (3 bits - 0x1...-0x8...)
- * Name ID Nr of Errors
- * PEM 1 8
- * X509 2 21
- * DHM 3 6
- * RSA 4 9
- * MD 5 4
- * CIPHER 6 5
- * SSL 7 30
+ * Name ID Nr of Errors
+ * PEM 1 9
+ * PKCS#12 1 4 (Started from top)
+ * X509 2 18
+ * PK 2 13 (Started from top)
+ * DHM 3 9
+ * PKCS5 3 4 (Started from top)
+ * RSA 4 9
+ * ECP 4 7 (Started from top)
+ * MD 5 4
+ * CIPHER 6 6
+ * SSL 6 8 (Started from top)
+ * SSL 7 31
*
* Module dependent error code (5 bits 0x.08.-0x.F8.)
*/
* \param buffer buffer to place representation in
* \param buflen length of the buffer
*/
+void polarssl_strerror( int errnum, char *buffer, size_t buflen );
+
+#if defined(POLARSSL_ERROR_STRERROR_BC)
void error_strerror( int errnum, char *buffer, size_t buflen );
+#endif
#ifdef __cplusplus
}
--- /dev/null
+/**
+ * \file gcm.h
+ *
+ * \brief Galois/Counter mode for 128-bit block ciphers
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_GCM_H
+#define POLARSSL_GCM_H
+
+#include "cipher.h"
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+typedef UINT64 uint64_t;
+#else
+#include <stdint.h>
+#endif
+
+#define GCM_ENCRYPT 1
+#define GCM_DECRYPT 0
+
+#define POLARSSL_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
+#define POLARSSL_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief GCM context structure
+ */
+typedef struct {
+ cipher_context_t cipher_ctx;/*!< cipher context used */
+ uint64_t HL[16]; /*!< Precalculated HTable */
+ uint64_t HH[16]; /*!< Precalculated HTable */
+ uint64_t len; /*!< Total data length */
+ uint64_t add_len; /*!< Total add length */
+ unsigned char base_ectr[16];/*!< First ECTR for tag */
+ unsigned char y[16]; /*!< Y working value */
+ unsigned char buf[16]; /*!< buf working value */
+ int mode; /*!< Encrypt or Decrypt */
+}
+gcm_context;
+
+/**
+ * \brief GCM initialization (encryption)
+ *
+ * \param ctx GCM context to be initialized
+ * \param cipher cipher to use (a 128-bit block cipher)
+ * \param key encryption key
+ * \param keysize must be 128, 192 or 256
+ *
+ * \return 0 if successful, or a cipher specific error code
+ */
+int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
+ unsigned int keysize );
+
+/**
+ * \brief GCM buffer encryption/decryption using a block cipher
+ *
+ * \note On encryption, the output buffer can be the same as the input buffer.
+ * On decryption, the output buffer cannot be the same as input buffer.
+ * If buffers overlap, the output buffer must trail at least 8 bytes
+ * behind the input buffer.
+ *
+ * \param ctx GCM context
+ * \param mode GCM_ENCRYPT or GCM_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector
+ * \param iv_len length of IV
+ * \param add additional data
+ * \param add_len length of additional data
+ * \param input buffer holding the input data
+ * \param output buffer for holding the output data
+ * \param tag_len length of the tag to generate
+ * \param tag buffer for holding the tag
+ *
+ * \return 0 if successful
+ */
+int gcm_crypt_and_tag( gcm_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t tag_len,
+ unsigned char *tag );
+
+/**
+ * \brief GCM buffer authenticated decryption using a block cipher
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ * If buffers overlap, the output buffer must trail at least 8 bytes
+ * behind the input buffer.
+ *
+ * \param ctx GCM context
+ * \param length length of the input data
+ * \param iv initialization vector
+ * \param iv_len length of IV
+ * \param add additional data
+ * \param add_len length of additional data
+ * \param tag buffer holding the tag
+ * \param tag_len length of the tag
+ * \param input buffer holding the input data
+ * \param output buffer for holding the output data
+ *
+ * \return 0 if successful and authenticated,
+ * POLARSSL_ERR_GCM_AUTH_FAILED if tag does not match
+ */
+int gcm_auth_decrypt( gcm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *tag,
+ size_t tag_len,
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Generic GCM stream start function
+ *
+ * \param ctx GCM context
+ * \param mode GCM_ENCRYPT or GCM_DECRYPT
+ * \param iv initialization vector
+ * \param iv_len length of IV
+ * \param add additional data (or NULL if length is 0)
+ * \param add_len length of additional data
+ *
+ * \return 0 if successful
+ */
+int gcm_starts( gcm_context *ctx,
+ int mode,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len );
+
+/**
+ * \brief Generic GCM update function. Encrypts/decrypts using the
+ * given GCM context. Expects input to be a multiple of 16
+ * bytes! Only the last call before gcm_finish() can be less
+ * than 16 bytes!
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ * If buffers overlap, the output buffer must trail at least 8 bytes
+ * behind the input buffer.
+ *
+ * \param ctx GCM context
+ * \param length length of the input data
+ * \param input buffer holding the input data
+ * \param output buffer for holding the output data
+ *
+ * \return 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
+ */
+int gcm_update( gcm_context *ctx,
+ size_t length,
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Generic GCM finalisation function. Wraps up the GCM stream
+ * and generates the tag. The tag can have a maximum length of
+ * 16 bytes.
+ *
+ * \param ctx GCM context
+ * \param tag buffer for holding the tag (may be NULL if tag_len is 0)
+ * \param tag_len length of the tag to generate
+ *
+ * \return 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
+ */
+int gcm_finish( gcm_context *ctx,
+ unsigned char *tag,
+ size_t tag_len );
+
+/**
+ * \brief Free a GCM context and underlying cipher sub-context
+ *
+ * \param ctx
+ */
+void gcm_free( gcm_context *ctx );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int gcm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* gcm.h */
*
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#define COLLECT_SIZE 1024
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief HAVEGE state structure
*/
}
havege_state;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief HAVEGE initialization
*
* \param output Buffer to fill
* \param len Length of buffer
*
- * \return A random int
+ * \return 0
*/
int havege_random( void *p_rng, unsigned char *output, size_t len );
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#define POLARSSL_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
#define POLARSSL_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef enum {
POLARSSL_MD_NONE=0,
POLARSSL_MD_MD2,
POLARSSL_MD_SHA512,
} md_type_t;
+#if defined(POLARSSL_SHA512_C)
#define POLARSSL_MD_MAX_SIZE 64 /* longest known is SHA512 */
+#else
+#define POLARSSL_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
+#endif
/**
* Message digest information. Allows message digest functions to be called
/** Free the given context */
void (*ctx_free_func)( void *ctx );
+ /** Internal use only */
+ void (*process_func)( void *ctx, const unsigned char *input );
} md_info_t;
/**
NULL, /* md_ctx */ \
}
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Returns the list of digests supported by the generic digest module.
*
*/
static inline unsigned char md_get_size( const md_info_t *md_info )
{
+ if( md_info == NULL )
+ return( 0 );
+
return md_info->size;
}
*/
static inline md_type_t md_get_type( const md_info_t *md_info )
{
+ if( md_info == NULL )
+ return( POLARSSL_MD_NONE );
+
return md_info->type;
}
*/
static inline const char *md_get_name( const md_info_t *md_info )
{
+ if( md_info == NULL )
+ return( NULL );
+
return md_info->name;
}
const unsigned char *input, size_t ilen,
unsigned char *output );
+/* Internal use */
+int md_process( md_context_t *ctx, const unsigned char *data );
+
#ifdef __cplusplus
}
#endif
*
* \brief MD2 message digest algorithm (hash function)
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_MD2_H
#define POLARSSL_MD2_H
+#include "config.h"
+
#include <string.h>
#define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/write error in file. */
+#if !defined(POLARSSL_MD2_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief MD2 context structure
*/
}
md2_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief MD2 context setup
*
*/
void md2_finish( md2_context *ctx, unsigned char output[16] );
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_MD2_ALT */
+#include "md2_alt.h"
+#endif /* POLARSSL_MD2_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Output = MD2( input buffer )
*
*/
int md2_self_test( int verbose );
+/* Internal use */
+void md2_process( md2_context *ctx );
+
#ifdef __cplusplus
}
#endif
*
* \brief MD4 message digest algorithm (hash function)
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_MD4_H
#define POLARSSL_MD4_H
+#include "config.h"
+
#include <string.h>
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
#define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/write error in file. */
+#if !defined(POLARSSL_MD4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief MD4 context structure
*/
typedef struct
{
- unsigned long total[2]; /*!< number of bytes processed */
- unsigned long state[4]; /*!< intermediate digest state */
+ uint32_t total[2]; /*!< number of bytes processed */
+ uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */
}
md4_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief MD4 context setup
*
*/
void md4_finish( md4_context *ctx, unsigned char output[16] );
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_MD4_ALT */
+#include "md4_alt.h"
+#endif /* POLARSSL_MD4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Output = MD4( input buffer )
*
*/
int md4_self_test( int verbose );
+/* Internal use */
+void md4_process( md4_context *ctx, const unsigned char data[64] );
+
#ifdef __cplusplus
}
#endif
*
* \brief MD5 message digest algorithm (hash function)
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_MD5_H
#define POLARSSL_MD5_H
+#include "config.h"
+
#include <string.h>
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
#define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/write error in file. */
+#if !defined(POLARSSL_MD5_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief MD5 context structure
*/
typedef struct
{
- unsigned long total[2]; /*!< number of bytes processed */
- unsigned long state[4]; /*!< intermediate digest state */
+ uint32_t total[2]; /*!< number of bytes processed */
+ uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */
}
md5_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief MD5 context setup
*
*/
void md5_finish( md5_context *ctx, unsigned char output[16] );
+/* Internal use */
+void md5_process( md5_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_MD5_ALT */
+#include "md5_alt.h"
+#endif /* POLARSSL_MD5_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Output = MD5( input buffer )
*
#if defined(POLARSSL_SHA1_C)
extern const md_info_t sha1_info;
#endif
-#if defined(POLARSSL_SHA2_C)
+#if defined(POLARSSL_SHA256_C)
extern const md_info_t sha224_info;
extern const md_info_t sha256_info;
#endif
-#if defined(POLARSSL_SHA4_C)
+#if defined(POLARSSL_SHA512_C)
extern const md_info_t sha384_info;
extern const md_info_t sha512_info;
#endif
--- /dev/null
+/**
+ * \file memory.h
+ *
+ * \brief Memory allocation layer
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_MEMORY_H
+#define POLARSSL_MEMORY_H
+
+#include "config.h"
+
+#include <stdlib.h>
+
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
+
+#define POLARSSL_MEMORY_STDMALLOC malloc /**< Default allocator to use, can be undefined */
+#define POLARSSL_MEMORY_STDFREE free /**< Default free to use, can be undefined */
+#endif /* POLARSSL_CONFIG_OPTIONS */
+
+#define MEMORY_VERIFY_NONE 0
+#define MEMORY_VERIFY_ALLOC (1 << 0)
+#define MEMORY_VERIFY_FREE (1 << 1)
+#define MEMORY_VERIFY_ALWAYS (MEMORY_VERIFY_ALLOC | MEMORY_VERIFY_FREE)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The function pointers for malloc and free
+ */
+extern void * (*polarssl_malloc)( size_t len );
+extern void (*polarssl_free)( void *ptr );
+
+/**
+ * \brief Set your own memory implementation function pointers
+ *
+ * \param malloc_func the malloc function implementation
+ * \param free_func the free function implementation
+ *
+ * \return 0 if successful
+ */
+int memory_set_own( void * (*malloc_func)( size_t ),
+ void (*free_func)( void * ) );
+
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+/**
+ * \brief Initialize use of stack-based memory allocator.
+ * The stack-based allocator does memory management inside the
+ * presented buffer and does not call malloc() and free().
+ * It sets the global polarssl_malloc() and polarssl_free() pointers
+ * to its own functions.
+ * (Provided polarssl_malloc() and polarssl_free() are thread-safe if
+ * POLARSSL_THREADING_C is defined)
+ *
+ * \note This code is not optimized and provides a straight-forward
+ * implementation of a stack-based memory allocator.
+ *
+ * \param buf buffer to use as heap
+ * \param len size of the buffer
+ *
+ * \return 0 if successful
+ */
+int memory_buffer_alloc_init( unsigned char *buf, size_t len );
+
+/**
+ * \brief Free the mutex for thread-safety and clear remaining memory
+ */
+void memory_buffer_alloc_free();
+
+/**
+ * \brief Determine when the allocator should automatically verify the state
+ * of the entire chain of headers / meta-data.
+ * (Default: MEMORY_VERIFY_NONE)
+ *
+ * \param verify One of MEMORY_VERIFY_NONE, MEMORY_VERIFY_ALLOC,
+ * MEMORY_VERIFY_FREE or MEMORY_VERIFY_ALWAYS
+ */
+void memory_buffer_set_verify( int verify );
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+/**
+ * \brief Print out the status of the allocated memory (primarily for use
+ * after a program should have de-allocated all memory)
+ * Prints out a list of 'still allocated' blocks and their stack
+ * trace if POLARSSL_MEMORY_BACKTRACE is defined.
+ */
+void memory_buffer_alloc_status();
+#endif /* POLARSSL_MEMORY_DEBUG */
+
+/**
+ * \brief Verifies that all headers in the memory buffer are correct
+ * and contain sane values. Helps debug buffer-overflow errors.
+ *
+ * Prints out first failure if POLARSSL_MEMORY_DEBUG is defined.
+ * Prints out full header information if POLARSSL_MEMORY_DEBUG_HEADERS
+ * is defined. (Includes stack trace information for each block if
+ * POLARSSL_MEMORY_BACKTRACE is defined as well).
+ *
+ * \returns 0 if verified, 1 otherwise
+ */
+int memory_buffer_alloc_verify();
+
+#endif /* POLARSSL_MEMORY_BUFFER_ALLOC_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* memory.h */
#include <string.h>
-#define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0040 /**< Failed to get an IP address for the given hostname. */
+#define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0056 /**< Failed to get an IP address for the given hostname. */
#define POLARSSL_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */
#define POLARSSL_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */
#define POLARSSL_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */
--- /dev/null
+/**
+ * \file oid.h
+ *
+ * \brief Object Identifier (OID) database
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_OID_H
+#define POLARSSL_OID_H
+
+#include <string.h>
+#include "config.h"
+#include "asn1.h"
+#include "pk.h"
+#if defined(POLARSSL_CIPHER_C)
+#include "cipher.h"
+#endif
+
+#if defined(POLARSSL_MD_C)
+#include "md.h"
+#endif
+
+#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
+#include "x509.h"
+#endif
+
+#define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
+
+/*
+ * Top level OID tuples
+ */
+#define OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
+#define OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
+#define OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
+#define OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
+
+/*
+ * ISO Member bodies OID parts
+ */
+#define OID_COUNTRY_US "\x86\x48" /* {us(840)} */
+#define OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
+#define OID_RSA_COMPANY OID_ISO_MEMBER_BODIES OID_COUNTRY_US \
+ OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
+#define OID_ANSI_X9_62 OID_ISO_MEMBER_BODIES OID_COUNTRY_US \
+ OID_ORG_ANSI_X9_62
+
+/*
+ * ISO Identified organization OID parts
+ */
+#define OID_ORG_DOD "\x06" /* {dod(6)} */
+#define OID_ORG_OIW "\x0e"
+#define OID_OIW_SECSIG OID_ORG_OIW "\x03"
+#define OID_OIW_SECSIG_ALG OID_OIW_SECSIG "\x02"
+#define OID_OIW_SECSIG_SHA1 OID_OIW_SECSIG_ALG "\x1a"
+#define OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
+#define OID_CERTICOM OID_ISO_IDENTIFIED_ORG OID_ORG_CERTICOM
+#define OID_ORG_TELETRUST "\x24" /* teletrust(36) */
+#define OID_TELETRUST OID_ISO_IDENTIFIED_ORG OID_ORG_TELETRUST
+
+/*
+ * ISO ITU OID parts
+ */
+#define OID_ORGANIZATION "\x01" /* {organization(1)} */
+#define OID_ISO_ITU_US_ORG OID_ISO_ITU_COUNTRY OID_COUNTRY_US OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+
+#define OID_ORG_GOV "\x65" /* {gov(101)} */
+#define OID_GOV OID_ISO_ITU_US_ORG OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+
+#define OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
+#define OID_NETSCAPE OID_ISO_ITU_US_ORG OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+
+/* ISO arc for standard certificate and CRL extensions */
+#define OID_ID_CE OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
+
+/**
+ * Private Internet Extensions
+ * { iso(1) identified-organization(3) dod(6) internet(1)
+ * security(5) mechanisms(5) pkix(7) }
+ */
+#define OID_PKIX OID_ISO_IDENTIFIED_ORG OID_ORG_DOD "\x01\x05\x05\x07"
+
+/*
+ * Arc for standard naming attributes
+ */
+#define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define OID_AT_SERIAL_NUMBER OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define OID_AT_STATE OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define OID_AT_POSTAL_ADDRESS OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define OID_AT_POSTAL_CODE OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+
+/*
+ * OIDs for standard certificate extensions
+ */
+#define OID_AUTHORITY_KEY_IDENTIFIER OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
+#define OID_SUBJECT_KEY_IDENTIFIER OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
+#define OID_KEY_USAGE OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
+#define OID_CERTIFICATE_POLICIES OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
+#define OID_POLICY_MAPPINGS OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
+#define OID_SUBJECT_ALT_NAME OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
+#define OID_ISSUER_ALT_NAME OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
+#define OID_SUBJECT_DIRECTORY_ATTRS OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
+#define OID_BASIC_CONSTRAINTS OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
+#define OID_NAME_CONSTRAINTS OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
+#define OID_POLICY_CONSTRAINTS OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
+#define OID_EXTENDED_KEY_USAGE OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define OID_CRL_DISTRIBUTION_POINTS OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
+#define OID_INIHIBIT_ANYPOLICY OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
+#define OID_FRESHEST_CRL OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
+
+/*
+ * Netscape certificate extensions
+ */
+#define OID_NS_CERT OID_NETSCAPE "\x01"
+#define OID_NS_CERT_TYPE OID_NS_CERT "\x01"
+#define OID_NS_BASE_URL OID_NS_CERT "\x02"
+#define OID_NS_REVOCATION_URL OID_NS_CERT "\x03"
+#define OID_NS_CA_REVOCATION_URL OID_NS_CERT "\x04"
+#define OID_NS_RENEWAL_URL OID_NS_CERT "\x07"
+#define OID_NS_CA_POLICY_URL OID_NS_CERT "\x08"
+#define OID_NS_SSL_SERVER_NAME OID_NS_CERT "\x0C"
+#define OID_NS_COMMENT OID_NS_CERT "\x0D"
+#define OID_NS_DATA_TYPE OID_NETSCAPE "\x02"
+#define OID_NS_CERT_SEQUENCE OID_NS_DATA_TYPE "\x05"
+
+/*
+ * OIDs for CRL extensions
+ */
+#define OID_PRIVATE_KEY_USAGE_PERIOD OID_ID_CE "\x10"
+#define OID_CRL_NUMBER OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+
+/*
+ * X.509 v3 Extended key usage OIDs
+ */
+#define OID_ANY_EXTENDED_KEY_USAGE OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+
+#define OID_KP OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define OID_SERVER_AUTH OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define OID_CLIENT_AUTH OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define OID_CODE_SIGNING OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define OID_EMAIL_PROTECTION OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+
+/*
+ * PKCS definition OIDs
+ */
+
+#define OID_PKCS OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define OID_PKCS1 OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define OID_PKCS5 OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define OID_PKCS9 OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define OID_PKCS12 OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+
+/*
+ * PKCS#1 OIDs
+ */
+#define OID_PKCS1_RSA OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define OID_PKCS1_MD2 OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
+#define OID_PKCS1_MD4 OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
+#define OID_PKCS1_MD5 OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define OID_PKCS1_SHA1 OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define OID_PKCS1_SHA224 OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define OID_PKCS1_SHA256 OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define OID_PKCS1_SHA384 OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define OID_PKCS1_SHA512 OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+
+#define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
+
+#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+
+/*
+ * Digest algorithms
+ */
+#define OID_DIGEST_ALG_MD2 OID_RSA_COMPANY "\x02\x02" /**< id-md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
+#define OID_DIGEST_ALG_MD4 OID_RSA_COMPANY "\x02\x04" /**< id-md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
+#define OID_DIGEST_ALG_MD5 OID_RSA_COMPANY "\x02\x05" /**< id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define OID_DIGEST_ALG_SHA1 OID_ISO_IDENTIFIED_ORG OID_OIW_SECSIG_SHA1 /**< id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define OID_DIGEST_ALG_SHA224 OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define OID_DIGEST_ALG_SHA256 OID_GOV "\x03\x04\x02\x01" /**< id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+
+#define OID_DIGEST_ALG_SHA384 OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+
+#define OID_DIGEST_ALG_SHA512 OID_GOV "\x03\x04\x02\x03" /**< id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+
+#define OID_HMAC_SHA1 OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+
+/*
+ * Encryption algorithms
+ */
+#define OID_DES_CBC OID_ISO_IDENTIFIED_ORG OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define OID_DES_EDE3_CBC OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+
+/*
+ * PKCS#5 OIDs
+ */
+#define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define OID_PKCS5_PBES2 OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define OID_PKCS5_PBMAC1 OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+
+/*
+ * PKCS#5 PBES1 algorithms
+ */
+#define OID_PKCS5_PBE_MD2_DES_CBC OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
+#define OID_PKCS5_PBE_MD2_RC2_CBC OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
+#define OID_PKCS5_PBE_MD5_DES_CBC OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define OID_PKCS5_PBE_MD5_RC2_CBC OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define OID_PKCS5_PBE_SHA1_DES_CBC OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define OID_PKCS5_PBE_SHA1_RC2_CBC OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+
+/*
+ * PKCS#8 OIDs
+ */
+#define OID_PKCS9_CSR_EXT_REQ OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+
+/*
+ * PKCS#12 PBE OIDs
+ */
+#define OID_PKCS12_PBE OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+
+#define OID_PKCS12_PBE_SHA1_RC4_128 OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
+#define OID_PKCS12_PBE_SHA1_RC4_40 OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
+#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define OID_PKCS12_PBE_SHA1_RC2_128_CBC OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define OID_PKCS12_PBE_SHA1_RC2_40_CBC OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+
+/*
+ * EC key algorithms from RFC 5480
+ */
+
+/* id-ecPublicKey OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
+#define OID_EC_ALG_UNRESTRICTED OID_ANSI_X9_62 "\x02\01"
+
+/* id-ecDH OBJECT IDENTIFIER ::= {
+ * iso(1) identified-organization(3) certicom(132)
+ * schemes(1) ecdh(12) } */
+#define OID_EC_ALG_ECDH OID_CERTICOM "\x01\x0c"
+
+/*
+ * ECParameters namedCurve identifiers, from RFC 5480 and RFC 5639
+ */
+
+/* secp192r1 OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
+#define OID_EC_GRP_SECP192R1 OID_ANSI_X9_62 "\x03\x01\x01"
+
+/* secp224r1 OBJECT IDENTIFIER ::= {
+ * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
+#define OID_EC_GRP_SECP224R1 OID_CERTICOM "\x00\x21"
+
+/* secp256r1 OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
+#define OID_EC_GRP_SECP256R1 OID_ANSI_X9_62 "\x03\x01\x07"
+
+/* secp384r1 OBJECT IDENTIFIER ::= {
+ * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
+#define OID_EC_GRP_SECP384R1 OID_CERTICOM "\x00\x22"
+
+/* secp521r1 OBJECT IDENTIFIER ::= {
+ * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
+#define OID_EC_GRP_SECP521R1 OID_CERTICOM "\x00\x23"
+
+/* RFC 5639 4.1
+ * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
+ * identified-organization(3) teletrust(36) algorithm(3) signature-
+ * algorithm(3) ecSign(2) 8}
+ * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
+ * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
+#define OID_EC_BRAINPOOL_V1 OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+
+/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
+#define OID_EC_GRP_BP256R1 OID_EC_BRAINPOOL_V1 "\x07"
+
+/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
+#define OID_EC_GRP_BP384R1 OID_EC_BRAINPOOL_V1 "\x0B"
+
+/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
+#define OID_EC_GRP_BP512R1 OID_EC_BRAINPOOL_V1 "\x0D"
+
+/*
+ * ECDSA signature identifers, from RFC 5480
+ */
+#define OID_ANSI_X9_62_SIG OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define OID_ANSI_X9_62_SIG_SHA2 OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+
+/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
+#define OID_ECDSA_SHA1 OID_ANSI_X9_62_SIG "\x01"
+
+/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ * ecdsa-with-SHA2(3) 1 } */
+#define OID_ECDSA_SHA224 OID_ANSI_X9_62_SIG_SHA2 "\x01"
+
+/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ * ecdsa-with-SHA2(3) 2 } */
+#define OID_ECDSA_SHA256 OID_ANSI_X9_62_SIG_SHA2 "\x02"
+
+/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ * ecdsa-with-SHA2(3) 3 } */
+#define OID_ECDSA_SHA384 OID_ANSI_X9_62_SIG_SHA2 "\x03"
+
+/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ * ecdsa-with-SHA2(3) 4 } */
+#define OID_ECDSA_SHA512 OID_ANSI_X9_62_SIG_SHA2 "\x04"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Base OID descriptor structure
+ */
+typedef struct {
+ const char *asn1; /*!< OID ASN.1 representation */
+ size_t asn1_len; /*!< length of asn1 */
+ const char *name; /*!< official name (e.g. from RFC) */
+ const char *description; /*!< human friendly description */
+} oid_descriptor_t;
+
+/**
+ * \brief Translate an ASN.1 OID into its numeric representation
+ * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
+ *
+ * \param buf buffer to put representation in
+ * \param size size of the buffer
+ * \param oid OID to translate
+ *
+ * \return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL or actual length used
+ */
+int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
+
+#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
+/**
+ * \brief Translate an X.509 extension OID into local values
+ *
+ * \param oid OID to use
+ * \param ext_type place to store the extension type
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type );
+#endif
+
+/**
+ * \brief Translate an X.509 attribute type OID into the short name
+ * (e.g. the OID for an X520 Common Name into "CN")
+ *
+ * \param oid OID to use
+ * \param short_name place to store the string pointer
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name );
+
+/**
+ * \brief Translate PublicKeyAlgorithm OID into pk_type
+ *
+ * \param oid OID to use
+ * \param pk_alg place to store public key algorithm
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_pk_alg( const asn1_buf *oid, pk_type_t *pk_alg );
+
+/**
+ * \brief Translate pk_type into PublicKeyAlgorithm OID
+ *
+ * \param pk_alg Public key type to look for
+ * \param oid place to store ASN.1 OID string pointer
+ * \param olen length of the OID
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_oid_by_pk_alg( pk_type_t pk_alg,
+ const char **oid, size_t *olen );
+
+#if defined(POLARSSL_ECP_C)
+/**
+ * \brief Translate NamedCurve OID into an EC group identifier
+ *
+ * \param oid OID to use
+ * \param grp_id place to store group id
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_ec_grp( const asn1_buf *oid, ecp_group_id *grp_id );
+
+/**
+ * \brief Translate EC group identifier into NamedCurve OID
+ *
+ * \param grp_id EC group identifier
+ * \param oid place to store ASN.1 OID string pointer
+ * \param olen length of the OID
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_oid_by_ec_grp( ecp_group_id grp_id,
+ const char **oid, size_t *olen );
+#endif /* POLARSSL_ECP_C */
+
+#if defined(POLARSSL_MD_C)
+/**
+ * \brief Translate SignatureAlgorithm OID into md_type and pk_type
+ *
+ * \param oid OID to use
+ * \param md_alg place to store message digest algorithm
+ * \param pk_alg place to store public key algorithm
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_sig_alg( const asn1_buf *oid,
+ md_type_t *md_alg, pk_type_t *pk_alg );
+
+/**
+ * \brief Translate SignatureAlgorithm OID into description
+ *
+ * \param oid OID to use
+ * \param desc place to store string pointer
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_sig_alg_desc( const asn1_buf *oid, const char **desc );
+
+/**
+ * \brief Translate md_type and pk_type into SignatureAlgorithm OID
+ *
+ * \param md_alg message digest algorithm
+ * \param pk_alg public key algorithm
+ * \param oid place to store ASN.1 OID string pointer
+ * \param olen length of the OID
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_oid_by_sig_alg( pk_type_t pk_alg, md_type_t md_alg,
+ const char **oid, size_t *olen );
+
+/**
+ * \brief Translate hash algorithm OID into md_type
+ *
+ * \param oid OID to use
+ * \param md_alg place to store message digest algorithm
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_md_alg( const asn1_buf *oid, md_type_t *md_alg );
+#endif /* POLARSSL_MD_C */
+
+/**
+ * \brief Translate Extended Key Usage OID into description
+ *
+ * \param oid OID to use
+ * \param desc place to store string pointer
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc );
+
+/**
+ * \brief Translate md_type into hash algorithm OID
+ *
+ * \param md_alg message digest algorithm
+ * \param oid place to store ASN.1 OID string pointer
+ * \param olen length of the OID
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_oid_by_md( md_type_t md_alg, const char **oid, size_t *olen );
+
+#if defined(POLARSSL_CIPHER_C)
+/**
+ * \brief Translate encryption algorithm OID into cipher_type
+ *
+ * \param oid OID to use
+ * \param cipher_alg place to store cipher algorithm
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_cipher_alg( const asn1_buf *oid, cipher_type_t *cipher_alg );
+#endif /* POLARSSL_CIPHER_C */
+
+#if defined(POLARSSL_PKCS12_C)
+/**
+ * \brief Translate PKCS#12 PBE algorithm OID into md_type and
+ * cipher_type
+ *
+ * \param oid OID to use
+ * \param md_alg place to store message digest algorithm
+ * \param cipher_alg place to store cipher algorithm
+ *
+ * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ */
+int oid_get_pkcs12_pbe_alg( const asn1_buf *oid, md_type_t *md_alg,
+ cipher_type_t *cipher_alg );
+#endif /* POLARSSL_PKCS12_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* oid.h */
#define AES_cbc_encrypt( INPUT, OUTPUT, LEN, CTX, IV, MODE ) \
aes_crypt_cbc( (CTX), (MODE), (LEN), (IV), (INPUT), (OUTPUT) )
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/*
* RSA stuff follows. TODO: needs cleanup
*/
{
unsigned char *buffer = *(unsigned char **) bufptr;
rsa_context *rsa;
-
+
/*
* Not a general-purpose parser: only parses public key from *exactly*
* openssl genrsa -out privkey.pem 512 (or 1024)
#define POLARSSL_HAVE_X86
#endif
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef INT32 int32_t;
+#else
+#include <inttypes.h>
+#endif
+
+
#define PADLOCK_RNG 0x000C
#define PADLOCK_ACE 0x00C0
#define PADLOCK_PHE 0x0C00
#define PADLOCK_PMM 0x3000
-#define PADLOCK_ALIGN16(x) (unsigned long *) (16 + ((long) x & ~15))
+#define PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
#ifdef __cplusplus
extern "C" {
--- /dev/null
+/**
+ * \file pbkdf2.h
+ *
+ * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
+ * DEPRECATED: use pkcs5.h instead.
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ * Copyright (C) 2006-2012, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_PBKDF2_H
+#define POLARSSL_PBKDF2_H
+
+#include <string.h>
+
+#include "md.h"
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA -0x007C /**< Bad input parameters to function. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief PKCS#5 PBKDF2 using HMAC
+ * DEPRECATED: Use pkcs5_pbkdf2_hmac() instead!
+ *
+ * \param ctx Generic HMAC context
+ * \param password Password to use when generating key
+ * \param plen Length of password
+ * \param salt Salt to use when generating key
+ * \param slen Length of salt
+ * \param iteration_count Iteration count
+ * \param key_length Length of generated key
+ * \param output Generated key. Must be at least as big as key_length
+ *
+ * \returns 0 on success, or a PolarSSL error code if verification fails.
+ */
+int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output );
+
+/**
+ * \brief Checkup routine
+ * DEPRECATED: Use pkcs5_self_test() instead!
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int pbkdf2_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pbkdf2.h */
*
* \brief Privacy Enhanced Mail (PEM) decoding
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* PEM data.
* \{
*/
-#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x1080 /**< No PEM header found. */
+#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */
#define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Failed to allocate memory. */
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */
+#define POLARSSL_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */
/* \} name */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(POLARSSL_PEM_PARSE_C)
/**
* \brief PEM context structure
*/
}
pem_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief PEM context setup
*
* \param data source data to look in
* \param pwd password for decryption (can be NULL)
* \param pwdlen length of password
- * \param use_len destination for total length used
+ * \param use_len destination for total length used (set after header is
+ * correctly read, so unless you get
+ * POLARSSL_ERR_PEM_BAD_INPUT_DATA or
+ * POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
+ * the length to skip)
+ *
+ * \note Attempts to check password correctness by verifying if
+ * the decrypted text starts with an ASN.1 sequence of
+ * appropriate length
*
- * \return 0 on success, ior a specific PEM error code
+ * \return 0 on success, or a specific PEM error code
*/
-int pem_read_buffer( pem_context *ctx, char *header, char *footer,
+int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
const unsigned char *data,
const unsigned char *pwd,
size_t pwdlen, size_t *use_len );
* \param ctx context to be freed
*/
void pem_free( pem_context *ctx );
+#endif /* POLARSSL_PEM_PARSE_C */
+
+#if defined(POLARSSL_PEM_WRITE_C)
+/**
+ * \brief Write a buffer of PEM information from a DER encoded
+ * buffer.
+ *
+ * \param header header string to write
+ * \param footer footer string to write
+ * \param der_data DER data to write
+ * \param der_len length of the DER data
+ * \param buf buffer to write to
+ * \param buf_len length of output buffer
+ * \param olen total length written / required (if buf_len is not enough)
+ *
+ * \return 0 on success, or a specific PEM or BASE64 error code. On
+ * POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
+ * size.
+ */
+int pem_write_buffer( const char *header, const char *footer,
+ const unsigned char *der_data, size_t der_len,
+ unsigned char *buf, size_t buf_len, size_t *olen );
+#endif /* POLARSSL_PEM_WRITE_C */
#ifdef __cplusplus
}
--- /dev/null
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef POLARSSL_PK_H
+#define POLARSSL_PK_H
+
+#include "config.h"
+
+#include "md.h"
+
+#if defined(POLARSSL_RSA_C)
+#include "rsa.h"
+#endif
+
+#if defined(POLARSSL_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(POLARSSL_ECDSA_C)
+#include "ecdsa.h"
+#endif
+
+#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
+#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
+#define POLARSSL_ERR_PK_BAD_INPUT_DATA -0x2E80 /**< Bad input parameters to function. */
+#define POLARSSL_ERR_PK_FILE_IO_ERROR -0x2E00 /**< Read/write of file failed. */
+#define POLARSSL_ERR_PK_KEY_INVALID_VERSION -0x2D80 /**< Unsupported key version */
+#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT -0x2D00 /**< Invalid key tag or value. */
+#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG -0x2C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
+#define POLARSSL_ERR_PK_PASSWORD_REQUIRED -0x2C00 /**< Private key password can't be empty. */
+#define POLARSSL_ERR_PK_PASSWORD_MISMATCH -0x2B80 /**< Given private key password does not allow for correct decryption. */
+#define POLARSSL_ERR_PK_INVALID_PUBKEY -0x2B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
+#define POLARSSL_ERR_PK_INVALID_ALG -0x2A80 /**< The algorithm tag or value is invalid. */
+#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE -0x2A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
+#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE -0x2980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
+
+
+#if defined(POLARSSL_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an RSA context
+ * before using this macro!
+ */
+#define pk_rsa( pk ) ( (rsa_context *) (pk).pk_ctx )
+#endif /* POLARSSL_RSA_C */
+
+#if defined(POLARSSL_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an EC context
+ * before using this macro!
+ */
+#define pk_ec( pk ) ( (ecp_keypair *) (pk).pk_ctx )
+#endif /* POLARSSL_ECP_C */
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Public key types
+ */
+typedef enum {
+ POLARSSL_PK_NONE=0,
+ POLARSSL_PK_RSA,
+ POLARSSL_PK_ECKEY,
+ POLARSSL_PK_ECKEY_DH,
+ POLARSSL_PK_ECDSA,
+ POLARSSL_PK_RSA_ALT,
+} pk_type_t;
+
+/**
+ * \brief Types for interfacing with the debug module
+ */
+typedef enum
+{
+ POLARSSL_PK_DEBUG_NONE = 0,
+ POLARSSL_PK_DEBUG_MPI,
+ POLARSSL_PK_DEBUG_ECP,
+} pk_debug_type;
+
+/**
+ * \brief Item to send to the debug module
+ */
+typedef struct
+{
+ pk_debug_type type;
+ const char *name;
+ void *value;
+} pk_debug_item;
+
+/** Maximum number of item send for debugging, plus 1 */
+#define POLARSSL_PK_DEBUG_MAX_ITEMS 3
+
+/**
+ * \brief Public key information and operations
+ */
+typedef struct
+{
+ /** Public key type */
+ pk_type_t type;
+
+ /** Type name */
+ const char *name;
+
+ /** Get key size in bits */
+ size_t (*get_size)( const void * );
+
+ /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
+ int (*can_do)( pk_type_t type );
+
+ /** Verify signature */
+ int (*verify_func)( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len );
+
+ /** Make signature */
+ int (*sign_func)( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+ /** Decrypt message */
+ int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+ /** Encrypt message */
+ int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+ /** Allocate a new context */
+ void * (*ctx_alloc_func)( void );
+
+ /** Free the given context */
+ void (*ctx_free_func)( void *ctx );
+
+ /** Interface with the debug module */
+ void (*debug_func)( const void *ctx, pk_debug_item *items );
+
+} pk_info_t;
+
+/**
+ * \brief Public key container
+ */
+typedef struct
+{
+ const pk_info_t * pk_info; /**< Public key informations */
+ void * pk_ctx; /**< Underlying public key context */
+} pk_context;
+
+/**
+ * \brief Types for RSA-alt abstraction
+ */
+typedef int (*pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len );
+typedef int (*pk_rsa_alt_sign_func)( void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ int mode, int hash_id, unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig );
+typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx );
+
+/**
+ * \brief Return information associated with the given PK type
+ *
+ * \param pk_type PK type to search for.
+ *
+ * \return The PK info associated with the type or NULL if not found.
+ */
+const pk_info_t *pk_info_from_type( pk_type_t pk_type );
+
+/**
+ * \brief Initialize a pk_context (as NONE)
+ */
+void pk_init( pk_context *ctx );
+
+/**
+ * \brief Free a pk_context
+ */
+void pk_free( pk_context *ctx );
+
+/**
+ * \brief Initialize a PK context with the information given
+ * and allocates the type-specific PK subcontext.
+ *
+ * \param ctx Context to initialize. Must be empty (type NONE).
+ * \param info Information to use
+ *
+ * \return 0 on success,
+ * POLARSSL_ERR_PK_BAD_INPUT_DATA on invalid input,
+ * POLARSSL_ERR_PK_MALLOC_FAILED on allocation failure.
+ *
+ * \note For contexts holding an RSA-alt key, use
+ * \c pk_init_ctx_rsa_alt() instead.
+ */
+int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
+
+/**
+ * \brief Initialize an RSA-alt context
+ *
+ * \param ctx Context to initialize. Must be empty (type NONE).
+ * \param key RSA key pointer
+ * \param decrypt_func Decryption function
+ * \param sign_func Signing function
+ * \param key_len_func Function returning key length
+ *
+ * \return 0 on success, or POLARSSL_ERR_PK_BAD_INPUT_DATA if the
+ * context wasn't already initialized as RSA_ALT.
+ *
+ * \note This function replaces \c pk_init_ctx() for RSA-alt.
+ */
+int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
+ pk_rsa_alt_decrypt_func decrypt_func,
+ pk_rsa_alt_sign_func sign_func,
+ pk_rsa_alt_key_len_func key_len_func );
+
+/**
+ * \brief Get the size in bits of the underlying key
+ *
+ * \param ctx Context to use
+ *
+ * \return Key size in bits, or 0 on error
+ */
+size_t pk_get_size( const pk_context *ctx );
+
+/**
+ * \brief Get the length in bytes of the underlying key
+ * \param ctx Context to use
+ *
+ * \return Key length in bytes, or 0 on error
+ */
+static inline size_t pk_get_len( const pk_context *ctx )
+{
+ return( ( pk_get_size( ctx ) + 7 ) / 8 );
+}
+
+/**
+ * \brief Tell if a context can do the operation given by type
+ *
+ * \param ctx Context to test
+ * \param type Target type
+ *
+ * \return 0 if context can't do the operations,
+ * 1 otherwise.
+ */
+int pk_can_do( pk_context *ctx, pk_type_t type );
+
+/**
+ * \brief Verify signature
+ *
+ * \param ctx PK context to use
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length or 0 (see notes)
+ * \param sig Signature to verify
+ * \param sig_len Signature length
+ *
+ * \return 0 on success (signature is valid),
+ * or a specific error code.
+ *
+ * \note If hash_len is 0, then the length associated with md_alg
+ * is used instead, or an error returned if it is invalid.
+ *
+ * \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
+ */
+int pk_verify( pk_context *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief Make signature
+ *
+ * \param ctx PK context to use
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length or 0 (see notes)
+ * \param sig Place to write the signature
+ * \param sig_len Number of bytes written
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 on success, or a specific error code.
+ *
+ * \note If hash_len is 0, then the length associated with md_alg
+ * is used instead, or an error returned if it is invalid.
+ *
+ * \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
+ */
+int pk_sign( pk_context *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief Decrypt message
+ *
+ * \param ctx PK context to use
+ * \param input Input to decrypt
+ * \param ilen Input size
+ * \param output Decrypted output
+ * \param olen Decrypted message length
+ * \param osize Size of the output buffer
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 on success, or a specific error code.
+ */
+int pk_decrypt( pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief Encrypt message
+ *
+ * \param ctx PK context to use
+ * \param input Message to encrypt
+ * \param ilen Message size
+ * \param output Encrypted output
+ * \param olen Encrypted output length
+ * \param osize Size of the output buffer
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 on success, or a specific error code.
+ */
+int pk_encrypt( pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief Export debug information
+ *
+ * \param ctx Context to use
+ * \param items Place to write debug items
+ *
+ * \return 0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
+ */
+int pk_debug( const pk_context *ctx, pk_debug_item *items );
+
+/**
+ * \brief Access the type name
+ *
+ * \param ctx Context to use
+ *
+ * \return Type name on success, or "invalid PK"
+ */
+const char * pk_get_name( const pk_context *ctx );
+
+/**
+ * \brief Get the key type
+ *
+ * \param ctx Context to use
+ *
+ * \return Type on success, or POLARSSL_PK_NONE
+ */
+pk_type_t pk_get_type( const pk_context *ctx );
+
+#if defined(POLARSSL_PK_PARSE_C)
+/** \ingroup pk_module */
+/**
+ * \brief Parse a private key
+ *
+ * \param ctx key to be initialized
+ * \param key input buffer
+ * \param keylen size of the buffer
+ * \param pwd password for decryption (optional)
+ * \param pwdlen size of the password
+ *
+ * \return 0 if successful, or a specific PK or PEM error code
+ */
+int pk_parse_key( pk_context *ctx,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen );
+
+/** \ingroup pk_module */
+/**
+ * \brief Parse a public key
+ *
+ * \param ctx key to be initialized
+ * \param key input buffer
+ * \param keylen size of the buffer
+ *
+ * \return 0 if successful, or a specific PK or PEM error code
+ */
+int pk_parse_public_key( pk_context *ctx,
+ const unsigned char *key, size_t keylen );
+
+#if defined(POLARSSL_FS_IO)
+/** \ingroup pk_module */
+/**
+ * \brief Load and parse a private key
+ *
+ * \param ctx key to be initialized
+ * \param path filename to read the private key from
+ * \param password password to decrypt the file (can be NULL)
+ *
+ * \return 0 if successful, or a specific PK or PEM error code
+ */
+int pk_parse_keyfile( pk_context *ctx,
+ const char *path, const char *password );
+
+/** \ingroup pk_module */
+/**
+ * \brief Load and parse a public key
+ *
+ * \param ctx key to be initialized
+ * \param path filename to read the private key from
+ *
+ * \return 0 if successful, or a specific PK or PEM error code
+ */
+int pk_parse_public_keyfile( pk_context *ctx, const char *path );
+#endif /* POLARSSL_FS_IO */
+#endif /* POLARSSL_PK_PARSE_C */
+
+#if defined(POLARSSL_PK_WRITE_C)
+/**
+ * \brief Write a private key to a PKCS#1 or SEC1 DER structure
+ * Note: data is written at the end of the buffer! Use the
+ * return value to determine where you should start
+ * using the buffer
+ *
+ * \param key private to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ *
+ * \return length of data written if successful, or a specific
+ * error code
+ */
+int pk_write_key_der( pk_context *pk, unsigned char *buf, size_t size );
+
+/**
+ * \brief Write a public key to a SubjectPublicKeyInfo DER structure
+ * Note: data is written at the end of the buffer! Use the
+ * return value to determine where you should start
+ * using the buffer
+ *
+ * \param key public key to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ *
+ * \return length of data written if successful, or a specific
+ * error code
+ */
+int pk_write_pubkey_der( pk_context *key, unsigned char *buf, size_t size );
+
+#if defined(POLARSSL_PEM_WRITE_C)
+/**
+ * \brief Write a public key to a PEM string
+ *
+ * \param key public key to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ *
+ * \return 0 successful, or a specific error code
+ */
+int pk_write_pubkey_pem( pk_context *key, unsigned char *buf, size_t size );
+
+/**
+ * \brief Write a private key to a PKCS#1 or SEC1 PEM string
+ *
+ * \param key private to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ *
+ * \return 0 successful, or a specific error code
+ */
+int pk_write_key_pem( pk_context *key, unsigned char *buf, size_t size );
+#endif /* POLARSSL_PEM_WRITE_C */
+#endif /* POLARSSL_PK_WRITE_C */
+
+/*
+ * WARNING: Low-level functions. You probably do not want to use these unless
+ * you are certain you do ;)
+ */
+
+#if defined(POLARSSL_PK_PARSE_C)
+/**
+ * \brief Parse a SubjectPublicKeyInfo DER structure
+ *
+ * \param p the position in the ASN.1 data
+ * \param end end of the buffer
+ * \param pk the key to fill
+ *
+ * \return 0 if successful, or a specific PK error code
+ */
+int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+ pk_context *pk );
+#endif /* POLARSSL_PK_PARSE_C */
+
+#if defined(POLARSSL_PK_WRITE_C)
+/**
+ * \brief Write a subjectPublicKey to ASN.1 data
+ * Note: function works backwards in data buffer
+ *
+ * \param p reference to current position pointer
+ * \param start start of the buffer (for bounds-checking)
+ * \param key public key to write away
+ *
+ * \return the length written or a negative error code
+ */
+int pk_write_pubkey( unsigned char **p, unsigned char *start,
+ const pk_context *key );
+#endif /* POLARSSL_PK_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* POLARSSL_PK_H */
--- /dev/null
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer: wrapper functions
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef POLARSSL_PK_WRAP_H
+#define POLARSSL_PK_WRAP_H
+
+#include "config.h"
+
+#include "pk.h"
+
+/* Container for RSA-alt */
+typedef struct
+{
+ void *key;
+ pk_rsa_alt_decrypt_func decrypt_func;
+ pk_rsa_alt_sign_func sign_func;
+ pk_rsa_alt_key_len_func key_len_func;
+} rsa_alt_context;
+
+#if defined(POLARSSL_RSA_C)
+extern const pk_info_t rsa_info;
+#endif
+
+#if defined(POLARSSL_ECP_C)
+extern const pk_info_t eckey_info;
+extern const pk_info_t eckeydh_info;
+#endif
+
+#if defined(POLARSSL_ECDSA_C)
+extern const pk_info_t ecdsa_info;
+#endif
+
+extern const pk_info_t rsa_alt_info;
+
+#endif /* POLARSSL_PK_WRAP_H */
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#if defined(POLARSSL_PKCS11_C)
-#include "x509.h"
+#include "x509_crt.h"
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
+#if defined(_MSC_VER) && !defined(inline)
+#define inline _inline
+#else
+#if defined(__ARMCC_VERSION) && !defined(inline)
+#define inline __inline
+#endif /* __ARMCC_VERSION */
+#endif /*_MSC_VER */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* Context for PKCS #11 private keys.
*/
*
* \return 0 on success.
*/
-int pkcs11_x509_cert_init( x509_cert *cert, pkcs11h_certificate_t pkcs11h_cert );
+int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
/**
* Initialise a pkcs11_context, storing the given certificate. Note that the
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
- unsigned int output_max_len );
+ size_t output_max_len );
/**
* \brief Do a private RSA to sign a message digest
const unsigned char *hash,
unsigned char *sig );
+/**
+ * SSL/TLS wrappers for PKCS#11 functions
+ */
+static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len )
+{
+ return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, output,
+ output_max_len );
+}
+
+static inline int ssl_pkcs11_sign( void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ int mode, int hash_id, unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig )
+{
+ ((void) f_rng);
+ ((void) p_rng);
+ return pkcs11_sign( (pkcs11_context *) ctx, mode, hash_id,
+ hashlen, hash, sig );
+}
+
+static inline size_t ssl_pkcs11_key_len( void *ctx )
+{
+ return ( (pkcs11_context *) ctx )->len;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
#endif /* POLARSSL_PKCS11_C */
#endif /* POLARSSL_PKCS11_H */
--- /dev/null
+/**
+ * \file pkcs12.h
+ *
+ * \brief PKCS#12 Personal Information Exchange Syntax
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_PKCS12_H
+#define POLARSSL_PKCS12_H
+
+#include <string.h>
+
+#include "md.h"
+#include "cipher.h"
+#include "asn1.h"
+
+#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
+#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
+#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
+#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */
+
+#define PKCS12_DERIVE_KEY 1 /*< encryption/decryption key */
+#define PKCS12_DERIVE_IV 2 /*< initialization vector */
+#define PKCS12_DERIVE_MAC_KEY 3 /*< integrity / MAC key */
+
+#define PKCS12_PBE_DECRYPT 0
+#define PKCS12_PBE_ENCRYPT 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief PKCS12 Password Based function (encryption / decryption)
+ * for pbeWithSHAAnd128BitRC4
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
+ * \param pwd the password used (may be NULL if no password is used)
+ * \param pwdlen length of the password (may be 0)
+ * \param input the input data
+ * \param len data length
+ * \param output the output buffer
+ *
+ * \return 0 if successful, or a PolarSSL error code
+ */
+int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *input, size_t len,
+ unsigned char *output );
+
+/**
+ * \brief PKCS12 Password Based function (encryption / decryption)
+ * for cipher-based and md-based PBE's
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
+ * \param cipher_type the cipher used
+ * \param md_type the md used
+ * \param pwd the password used (may be NULL if no password is used)
+ * \param pwdlen length of the password (may be 0)
+ * \param input the input data
+ * \param len data length
+ * \param output the output buffer
+ *
+ * \return 0 if successful, or a PolarSSL error code
+ */
+int pkcs12_pbe( asn1_buf *pbe_params, int mode,
+ cipher_type_t cipher_type, md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *input, size_t len,
+ unsigned char *output );
+
+/**
+ * \brief The PKCS#12 derivation function uses a password and a salt
+ * to produce pseudo-random bits for a particular "purpose".
+ *
+ * Depending on the given id, this function can produce an
+ * encryption/decryption key, an nitialization vector or an
+ * integrity key.
+ *
+ * \param data buffer to store the derived data in
+ * \param datalen length to fill
+ * \param pwd password to use (may be NULL if no password is used)
+ * \param pwdlen length of the password (may be 0)
+ * \param salt salt buffer to use
+ * \param saltlen length of the salt
+ * \param md md type to use during the derivation
+ * \param id id that describes the purpose (can be PKCS12_DERIVE_KEY,
+ * PKCS12_DERIVE_IV or PKCS12_DERIVE_MAC_KEY)
+ * \param iterations number of iterations
+ *
+ * \return 0 if successful, or a MD, BIGNUM type error.
+ */
+int pkcs12_derivation( unsigned char *data, size_t datalen,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *salt, size_t saltlen,
+ md_type_t md, int id, int iterations );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs12.h */
--- /dev/null
+/**
+ * \file pkcs5.h
+ *
+ * \brief PKCS#5 functions
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_PKCS5_H
+#define POLARSSL_PKCS5_H
+
+#include <string.h>
+
+#include "asn1.h"
+#include "md.h"
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA -0x3f80 /**< Bad input parameters to function. */
+#define POLARSSL_ERR_PKCS5_INVALID_FORMAT -0x3f00 /**< Unexpected ASN.1 data. */
+#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE -0x3e80 /**< Requested encryption or digest alg not available. */
+#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH -0x3e00 /**< Given private key password does not allow for correct decryption. */
+
+#define PKCS5_DECRYPT 0
+#define PKCS5_ENCRYPT 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief PKCS#5 PBES2 function
+ *
+ * \param pbe_params the ASN.1 algorithm parameters
+ * \param mode either PKCS5_DECRYPT or PKCS5_ENCRYPT
+ * \param pwd password to use when generating key
+ * \param pwdlen length of password
+ * \param data data to process
+ * \param datalen length of data
+ * \param output output buffer
+ *
+ * \returns 0 on success, or a PolarSSL error code if verification fails.
+ */
+int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output );
+
+/**
+ * \brief PKCS#5 PBKDF2 using HMAC
+ *
+ * \param ctx Generic HMAC context
+ * \param password Password to use when generating key
+ * \param plen Length of password
+ * \param salt Salt to use when generating key
+ * \param slen Length of salt
+ * \param iteration_count Iteration count
+ * \param key_length Length of generated key
+ * \param output Generated key. Must be at least as big as key_length
+ *
+ * \returns 0 on success, or a PolarSSL error code if verification fails.
+ */
+int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int pkcs5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs5.h */
--- /dev/null
+/**
+ * \file rsa.h
+ *
+ * \brief The RSA public-key cryptosystem
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_RSA_H
+#define POLARSSL_RSA_H
+
+#include "config.h"
+
+#include "bignum.h"
+#include "md.h"
+
+#if defined(POLARSSL_THREADING_C)
+#include "threading.h"
+#endif
+
+/*
+ * RSA Error codes
+ */
+#define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */
+#define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */
+#define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */
+#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the libraries validity check. */
+#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */
+#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */
+#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
+#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
+#define POLARSSL_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
+
+/*
+ * RSA constants
+ */
+#define RSA_PUBLIC 0
+#define RSA_PRIVATE 1
+
+#define RSA_PKCS_V15 0
+#define RSA_PKCS_V21 1
+
+#define RSA_SIGN 1
+#define RSA_CRYPT 2
+
+/*
+ * The above constants may be used even if the RSA module is compile out,
+ * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ */
+#if defined(POLARSSL_RSA_C)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief RSA context structure
+ */
+typedef struct
+{
+ int ver; /*!< always 0 */
+ size_t len; /*!< size(N) in chars */
+
+ mpi N; /*!< public modulus */
+ mpi E; /*!< public exponent */
+
+ mpi D; /*!< private exponent */
+ mpi P; /*!< 1st prime factor */
+ mpi Q; /*!< 2nd prime factor */
+ mpi DP; /*!< D % (P - 1) */
+ mpi DQ; /*!< D % (Q - 1) */
+ mpi QP; /*!< 1 / (Q % P) */
+
+ mpi RN; /*!< cached R^2 mod N */
+ mpi RP; /*!< cached R^2 mod P */
+ mpi RQ; /*!< cached R^2 mod Q */
+
+#if !defined(POLARSSL_RSA_NO_CRT)
+ mpi Vi; /*!< cached blinding value */
+ mpi Vf; /*!< cached un-blinding value */
+#endif
+
+ int padding; /*!< RSA_PKCS_V15 for 1.5 padding and
+ RSA_PKCS_v21 for OAEP/PSS */
+ int hash_id; /*!< Hash identifier of md_type_t as
+ specified in the md.h header file
+ for the EME-OAEP and EMSA-PSS
+ encoding */
+#if defined(POLARSSL_THREADING_C)
+ threading_mutex_t mutex; /*!< Thread-safety mutex */
+#endif
+}
+rsa_context;
+
+/**
+ * \brief Initialize an RSA context
+ *
+ * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
+ * encryption scheme and the RSASSA-PSS signature scheme.
+ *
+ * \param ctx RSA context to be initialized
+ * \param padding RSA_PKCS_V15 or RSA_PKCS_V21
+ * \param hash_id RSA_PKCS_V21 hash identifier
+ *
+ * \note The hash_id parameter is actually ignored
+ * when using RSA_PKCS_V15 padding.
+ */
+void rsa_init( rsa_context *ctx,
+ int padding,
+ int hash_id);
+
+/**
+ * \brief Generate an RSA keypair
+ *
+ * \param ctx RSA context that will hold the key
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ * \param nbits size of the public key in bits
+ * \param exponent public exponent (e.g., 65537)
+ *
+ * \note rsa_init() must be called beforehand to setup
+ * the RSA context.
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ */
+int rsa_gen_key( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ unsigned int nbits, int exponent );
+
+/**
+ * \brief Check a public RSA key
+ *
+ * \param ctx RSA context to be checked
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ */
+int rsa_check_pubkey( const rsa_context *ctx );
+
+/**
+ * \brief Check a private RSA key
+ *
+ * \param ctx RSA context to be checked
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ */
+int rsa_check_privkey( const rsa_context *ctx );
+
+/**
+ * \brief Do an RSA public key operation
+ *
+ * \param ctx RSA context
+ * \param input input buffer
+ * \param output output buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note This function does NOT take care of message
+ * padding. Also, be sure to set input[0] = 0 or assure that
+ * input is smaller than N.
+ *
+ * \note The input and output buffers must be large
+ * enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int rsa_public( rsa_context *ctx,
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Do an RSA private key operation
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Needed for blinding)
+ * \param p_rng RNG parameter
+ * \param input input buffer
+ * \param output output buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The input and output buffers must be large
+ * enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int rsa_private( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Generic wrapper to perform a PKCS#1 encryption using the
+ * mode from the context. Add the message padding, then do an
+ * RSA operation.
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ * and RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param ilen contains the plaintext length
+ * \param input buffer holding the data to be encrypted
+ * \param output buffer that will hold the ciphertext
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The output buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int rsa_pkcs1_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Needed for padding and RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param ilen contains the plaintext length
+ * \param input buffer holding the data to be encrypted
+ * \param output buffer that will hold the ciphertext
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The output buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ * and RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param label buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param ilen contains the plaintext length
+ * \param input buffer holding the data to be encrypted
+ * \param output buffer that will hold the ciphertext
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The output buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Generic wrapper to perform a PKCS#1 decryption using the
+ * mode from the context. Do an RSA operation, then remove
+ * the message padding
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Only needed for RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param olen will contain the plaintext length
+ * \param input buffer holding the encrypted data
+ * \param output buffer that will hold the plaintext
+ * \param output_max_len maximum length of the output buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The output buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ * an error is thrown.
+ */
+int rsa_pkcs1_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len );
+
+/**
+ * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Only needed for RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param olen will contain the plaintext length
+ * \param input buffer holding the encrypted data
+ * \param output buffer that will hold the plaintext
+ * \param output_max_len maximum length of the output buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The output buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ * an error is thrown.
+ */
+int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len );
+
+/**
+ * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Only needed for RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param label buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param olen will contain the plaintext length
+ * \param input buffer holding the encrypted data
+ * \param output buffer that will hold the plaintext
+ * \param output_max_len maximum length of the output buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The output buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ * an error is thrown.
+ */
+int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len );
+
+/**
+ * \brief Generic wrapper to perform a PKCS#1 signature using the
+ * mode from the context. Do a private RSA operation to sign
+ * a message digest
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
+ * RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
+ * \param hashlen message digest length (for POLARSSL_MD_NONE only)
+ * \param hash buffer holding the message digest
+ * \param sig buffer that will hold the ciphertext
+ *
+ * \return 0 if the signing operation was successful,
+ * or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The "sig" buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note In case of PKCS#1 v2.1 encoding keep in mind that
+ * the hash_id in the RSA context is the one used for the
+ * encoding. hash_id in the function call is the type of hash
+ * that is encoded. According to RFC 3447 it is advised to
+ * keep both hashes the same.
+ */
+int rsa_pkcs1_sign( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig );
+
+/**
+ * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Only needed for RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
+ * \param hashlen message digest length (for POLARSSL_MD_NONE only)
+ * \param hash buffer holding the message digest
+ * \param sig buffer that will hold the ciphertext
+ *
+ * \return 0 if the signing operation was successful,
+ * or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The "sig" buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig );
+
+/**
+ * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
+ *
+ * \param ctx RSA context
+ * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
+ * RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
+ * \param hashlen message digest length (for POLARSSL_MD_NONE only)
+ * \param hash buffer holding the message digest
+ * \param sig buffer that will hold the ciphertext
+ *
+ * \return 0 if the signing operation was successful,
+ * or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The "sig" buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note In case of PKCS#1 v2.1 encoding keep in mind that
+ * the hash_id in the RSA context is the one used for the
+ * encoding. hash_id in the function call is the type of hash
+ * that is encoded. According to RFC 3447 it is advised to
+ * keep both hashes the same.
+ */
+int rsa_rsassa_pss_sign( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig );
+
+/**
+ * \brief Generic wrapper to perform a PKCS#1 verification using the
+ * mode from the context. Do a public RSA operation and check
+ * the message digest
+ *
+ * \param ctx points to an RSA public key
+ * \param f_rng RNG function (Only needed for RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
+ * \param hashlen message digest length (for POLARSSL_MD_NONE only)
+ * \param hash buffer holding the message digest
+ * \param sig buffer holding the ciphertext
+ *
+ * \return 0 if the verify operation was successful,
+ * or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The "sig" buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note In case of PKCS#1 v2.1 encoding keep in mind that
+ * the hash_id in the RSA context is the one used for the
+ * verification. hash_id in the function call is the type of hash
+ * that is verified. According to RFC 3447 it is advised to
+ * keep both hashes the same.
+ */
+int rsa_pkcs1_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig );
+
+/**
+ * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
+ *
+ * \param ctx points to an RSA public key
+ * \param f_rng RNG function (Only needed for RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
+ * \param hashlen message digest length (for POLARSSL_MD_NONE only)
+ * \param hash buffer holding the message digest
+ * \param sig buffer holding the ciphertext
+ *
+ * \return 0 if the verify operation was successful,
+ * or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The "sig" buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig );
+
+/**
+ * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
+ * \brief Do a public RSA and check the message digest
+ *
+ * \param ctx points to an RSA public key
+ * \param f_rng RNG function (Only needed for RSA_PRIVATE)
+ * \param p_rng RNG parameter
+ * \param mode RSA_PUBLIC or RSA_PRIVATE
+ * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
+ * \param hashlen message digest length (for POLARSSL_MD_NONE only)
+ * \param hash buffer holding the message digest
+ * \param sig buffer holding the ciphertext
+ *
+ * \return 0 if the verify operation was successful,
+ * or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The "sig" buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note In case of PKCS#1 v2.1 encoding keep in mind that
+ * the hash_id in the RSA context is the one used for the
+ * verification. hash_id in the function call is the type of hash
+ * that is verified. According to RFC 3447 it is advised to
+ * keep both hashes the same.
+ */
+int rsa_rsassa_pss_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig );
+
+/**
+ * \brief Copy the components of an RSA context
+ *
+ * \param dst Destination context
+ * \param src Source context
+ *
+ * \return O on success,
+ * POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure
+ */
+int rsa_copy( rsa_context *dst, const rsa_context *src );
+
+/**
+ * \brief Free the components of an RSA key
+ *
+ * \param ctx RSA Context to free
+ */
+void rsa_free( rsa_context *ctx );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int rsa_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* POLARSSL_RSA_C */
+
+#endif /* rsa.h */
*
* \brief SHA-1 cryptographic hash function
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_SHA1_H
#define POLARSSL_SHA1_H
+#include "config.h"
+
#include <string.h>
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
+#if !defined(POLARSSL_SHA1_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief SHA-1 context structure
*/
typedef struct
{
- unsigned long total[2]; /*!< number of bytes processed */
- unsigned long state[5]; /*!< intermediate digest state */
+ uint32_t total[2]; /*!< number of bytes processed */
+ uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */
}
sha1_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief SHA-1 context setup
*
*/
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
+/* Internal use */
+void sha1_process( sha1_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_SHA1_ALT */
+#include "sha1_alt.h"
+#endif /* POLARSSL_SHA1_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Output = SHA-1( input buffer )
*
/**
- * \file sha2.h
+ * \file sha256.h
*
* \brief SHA-224 and SHA-256 cryptographic hash function
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#ifndef POLARSSL_SHA2_H
-#define POLARSSL_SHA2_H
+#ifndef POLARSSL_SHA256_H
+#define POLARSSL_SHA256_H
+
+#include "config.h"
#include <string.h>
-#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define POLARSSL_ERR_SHA256_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
+
+#if !defined(POLARSSL_SHA256_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/**
* \brief SHA-256 context structure
*/
typedef struct
{
- unsigned long total[2]; /*!< number of bytes processed */
- unsigned long state[8]; /*!< intermediate digest state */
+ uint32_t total[2]; /*!< number of bytes processed */
+ uint32_t state[8]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */
int is224; /*!< 0 => SHA-256, else SHA-224 */
}
-sha2_context;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
+sha256_context;
/**
* \brief SHA-256 context setup
* \param ctx context to be initialized
* \param is224 0 = use SHA256, 1 = use SHA224
*/
-void sha2_starts( sha2_context *ctx, int is224 );
+void sha256_starts( sha256_context *ctx, int is224 );
/**
* \brief SHA-256 process buffer
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen );
+void sha256_update( sha256_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief SHA-256 final digest
* \param ctx SHA-256 context
* \param output SHA-224/256 checksum result
*/
-void sha2_finish( sha2_context *ctx, unsigned char output[32] );
+void sha256_finish( sha256_context *ctx, unsigned char output[32] );
+
+/* Internal use */
+void sha256_process( sha256_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_SHA256_ALT */
+#include "sha256_alt.h"
+#endif /* POLARSSL_SHA256_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/**
* \brief Output = SHA-256( input buffer )
* \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224
*/
-void sha2( const unsigned char *input, size_t ilen,
+void sha256( const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 );
/**
* \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224
*
- * \return 0 if successful, or POLARSSL_ERR_SHA2_FILE_IO_ERROR
+ * \return 0 if successful, or POLARSSL_ERR_SHA256_FILE_IO_ERROR
*/
-int sha2_file( const char *path, unsigned char output[32], int is224 );
+int sha256_file( const char *path, unsigned char output[32], int is224 );
/**
* \brief SHA-256 HMAC context setup
* \param keylen length of the HMAC key
* \param is224 0 = use SHA256, 1 = use SHA224
*/
-void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, size_t keylen,
- int is224 );
+void sha256_hmac_starts( sha256_context *ctx, const unsigned char *key,
+ size_t keylen, int is224 );
/**
* \brief SHA-256 HMAC process buffer
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, size_t ilen );
+void sha256_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief SHA-256 HMAC final digest
* \param ctx HMAC context
* \param output SHA-224/256 HMAC checksum result
*/
-void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] );
+void sha256_hmac_finish( sha256_context *ctx, unsigned char output[32] );
/**
* \brief SHA-256 HMAC context reset
*
* \param ctx HMAC context to be reset
*/
-void sha2_hmac_reset( sha2_context *ctx );
+void sha256_hmac_reset( sha256_context *ctx );
/**
* \brief Output = HMAC-SHA-256( hmac key, input buffer )
* \param output HMAC-SHA-224/256 result
* \param is224 0 = use SHA256, 1 = use SHA224
*/
-void sha2_hmac( const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char output[32], int is224 );
+void sha256_hmac( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char output[32], int is224 );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
-int sha2_self_test( int verbose );
+int sha256_self_test( int verbose );
#ifdef __cplusplus
}
#endif
-#endif /* sha2.h */
+#endif /* sha256.h */
/**
- * \file sha4.h
+ * \file sha512.h
*
* \brief SHA-384 and SHA-512 cryptographic hash function
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#ifndef POLARSSL_SHA4_H
-#define POLARSSL_SHA4_H
+#ifndef POLARSSL_SHA512_H
+#define POLARSSL_SHA512_H
-#include <string.h>
+#include "config.h"
-#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
+#include <string.h>
#if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64
- #define long64 __int64
+ typedef unsigned __int64 uint64_t;
#else
+ #include <inttypes.h>
#define UL64(x) x##ULL
- #define long64 long long
+#endif
+
+#define POLARSSL_ERR_SHA512_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
+
+#if !defined(POLARSSL_SHA512_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
#endif
/**
*/
typedef struct
{
- unsigned long64 total[2]; /*!< number of bytes processed */
- unsigned long64 state[8]; /*!< intermediate digest state */
+ uint64_t total[2]; /*!< number of bytes processed */
+ uint64_t state[8]; /*!< intermediate digest state */
unsigned char buffer[128]; /*!< data block being processed */
unsigned char ipad[128]; /*!< HMAC: inner padding */
unsigned char opad[128]; /*!< HMAC: outer padding */
int is384; /*!< 0 => SHA-512, else SHA-384 */
}
-sha4_context;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
+sha512_context;
/**
* \brief SHA-512 context setup
* \param ctx context to be initialized
* \param is384 0 = use SHA512, 1 = use SHA384
*/
-void sha4_starts( sha4_context *ctx, int is384 );
+void sha512_starts( sha512_context *ctx, int is384 );
/**
* \brief SHA-512 process buffer
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen );
+void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief SHA-512 final digest
* \param ctx SHA-512 context
* \param output SHA-384/512 checksum result
*/
-void sha4_finish( sha4_context *ctx, unsigned char output[64] );
+void sha512_finish( sha512_context *ctx, unsigned char output[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_SHA512_ALT */
+#include "sha512_alt.h"
+#endif /* POLARSSL_SHA512_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/**
* \brief Output = SHA-512( input buffer )
* \param output SHA-384/512 checksum result
* \param is384 0 = use SHA512, 1 = use SHA384
*/
-void sha4( const unsigned char *input, size_t ilen,
- unsigned char output[64], int is384 );
+void sha512( const unsigned char *input, size_t ilen,
+ unsigned char output[64], int is384 );
/**
* \brief Output = SHA-512( file contents )
* \param output SHA-384/512 checksum result
* \param is384 0 = use SHA512, 1 = use SHA384
*
- * \return 0 if successful, or POLARSSL_ERR_SHA4_FILE_IO_ERROR
+ * \return 0 if successful, or POLARSSL_ERR_SHA512_FILE_IO_ERROR
*/
-int sha4_file( const char *path, unsigned char output[64], int is384 );
+int sha512_file( const char *path, unsigned char output[64], int is384 );
/**
* \brief SHA-512 HMAC context setup
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
-void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keylen,
- int is384 );
+void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
+ size_t keylen, int is384 );
/**
* \brief SHA-512 HMAC process buffer
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, size_t ilen );
+void sha512_hmac_update( sha512_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief SHA-512 HMAC final digest
* \param ctx HMAC context
* \param output SHA-384/512 HMAC checksum result
*/
-void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] );
+void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] );
/**
* \brief SHA-512 HMAC context reset
*
* \param ctx HMAC context to be reset
*/
-void sha4_hmac_reset( sha4_context *ctx );
+void sha512_hmac_reset( sha512_context *ctx );
/**
* \brief Output = HMAC-SHA-512( hmac key, input buffer )
* \param output HMAC-SHA-384/512 result
* \param is384 0 = use SHA512, 1 = use SHA384
*/
-void sha4_hmac( const unsigned char *key, size_t keylen,
+void sha512_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char output[64], int is384 );
*
* \return 0 if successful, or 1 if the test failed
*/
-int sha4_self_test( int verbose );
+int sha512_self_test( int verbose );
+
+/* Internal use */
+void sha512_process( sha512_context *ctx, const unsigned char data[128] );
#ifdef __cplusplus
}
#endif
-#endif /* sha4.h */
+#endif /* sha512.h */
--- /dev/null
+/**
+ * \file ssl.h
+ *
+ * \brief SSL/TLS functions.
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_SSL_H
+#define POLARSSL_SSL_H
+
+#include "config.h"
+#include "net.h"
+#include "bignum.h"
+
+#include "ssl_ciphersuites.h"
+
+#if defined(POLARSSL_MD5_C)
+#include "md5.h"
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+#include "sha1.h"
+#endif
+
+#if defined(POLARSSL_SHA256_C)
+#include "sha256.h"
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+#include "sha512.h"
+#endif
+
+// for session tickets
+#if defined(POLARSSL_AES_C)
+#include "aes.h"
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+#include "x509_crt.h"
+#include "x509_crl.h"
+#endif
+
+#if defined(POLARSSL_DHM_C)
+#include "dhm.h"
+#endif
+
+#if defined(POLARSSL_ECDH_C)
+#include "ecdh.h"
+#endif
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+#include "zlib.h"
+#endif
+
+#if defined(POLARSSL_HAVE_TIME)
+#include <time.h>
+#endif
+
+/* For convenience below and in programs */
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
+#endif
+
+#if defined(_MSC_VER) && !defined(inline)
+#define inline _inline
+#else
+#if defined(__ARMCC_VERSION) && !defined(inline)
+#define inline __inline
+#endif /* __ARMCC_VERSION */
+#endif /*_MSC_VER */
+
+/*
+ * SSL Error codes
+ */
+#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
+#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
+#define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
+#define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
+#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
+#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
+#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
+#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
+#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
+#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
+#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
+#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
+#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
+#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
+#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
+#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
+#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
+#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
+#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
+#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
+#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
+#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
+#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
+#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
+#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
+#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
+#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unkown identity received (eg, PSK identity) */
+#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
+
+/*
+ * Various constants
+ */
+#define SSL_MAJOR_VERSION_3 3
+#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
+#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
+#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
+#define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
+
+/* Determine minimum supported version */
+#define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
+#else
+#if defined(POLARSSL_SSL_PROTO_TLS1)
+#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
+#else
+#if defined(POLARSSL_SSL_PROTO_TLS1_1)
+#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
+#else
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
+#endif
+#endif
+#endif
+#endif
+
+/* Determine maximum supported version */
+#define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
+#else
+#if defined(POLARSSL_SSL_PROTO_TLS1_1)
+#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
+#else
+#if defined(POLARSSL_SSL_PROTO_TLS1)
+#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
+#else
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
+#endif
+#endif
+#endif
+#endif
+
+/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
+ * NONE must be zero so that memset()ing structure to zero works */
+#define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
+#define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
+#define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
+#define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
+#define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
+#define SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
+
+#define SSL_IS_CLIENT 0
+#define SSL_IS_SERVER 1
+#define SSL_COMPRESS_NULL 0
+#define SSL_COMPRESS_DEFLATE 1
+
+#define SSL_VERIFY_NONE 0
+#define SSL_VERIFY_OPTIONAL 1
+#define SSL_VERIFY_REQUIRED 2
+
+#define SSL_INITIAL_HANDSHAKE 0
+#define SSL_RENEGOTIATION 1 /* In progress */
+#define SSL_RENEGOTIATION_DONE 2 /* Done */
+#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
+
+#define SSL_LEGACY_RENEGOTIATION 0
+#define SSL_SECURE_RENEGOTIATION 1
+
+#define SSL_RENEGOTIATION_DISABLED 0
+#define SSL_RENEGOTIATION_ENABLED 1
+
+#define SSL_LEGACY_NO_RENEGOTIATION 0
+#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
+#define SSL_LEGACY_BREAK_HANDSHAKE 2
+
+#define SSL_TRUNC_HMAC_DISABLED 0
+#define SSL_TRUNC_HMAC_ENABLED 1
+#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
+
+#define SSL_SESSION_TICKETS_DISABLED 0
+#define SSL_SESSION_TICKETS_ENABLED 1
+
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
+/*
+ * Size of the input / output buffer.
+ * Note: the RFC defines the default size of SSL / TLS messages. If you
+ * change the value here, other clients / servers may not be able to
+ * communicate with you anymore. Only change this value if you control
+ * both sides of the connection and have it reduced at both sides!
+ */
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
+/*
+ * Allow an extra 512 bytes for the record header
+ * and encryption overhead (counter + MAC + padding)
+ * and allow for a maximum of 1024 of compression expansion if
+ * enabled.
+ */
+#if defined(POLARSSL_ZLIB_SUPPORT)
+#define SSL_COMPRESSION_ADD 1024
+#else
+#define SSL_COMPRESSION_ADD 0
+#endif
+
+#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
+
+#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
+
+/*
+ * Supported Signature and Hash algorithms (For TLS 1.2)
+ * RFC 5246 section 7.4.1.4.1
+ */
+#define SSL_HASH_NONE 0
+#define SSL_HASH_MD5 1
+#define SSL_HASH_SHA1 2
+#define SSL_HASH_SHA224 3
+#define SSL_HASH_SHA256 4
+#define SSL_HASH_SHA384 5
+#define SSL_HASH_SHA512 6
+
+#define SSL_SIG_ANON 0
+#define SSL_SIG_RSA 1
+#define SSL_SIG_ECDSA 3
+
+/*
+ * Client Certificate Types
+ * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
+ */
+#define SSL_CERT_TYPE_RSA_SIGN 1
+#define SSL_CERT_TYPE_ECDSA_SIGN 64
+
+/*
+ * Message, alert and handshake types
+ */
+#define SSL_MSG_CHANGE_CIPHER_SPEC 20
+#define SSL_MSG_ALERT 21
+#define SSL_MSG_HANDSHAKE 22
+#define SSL_MSG_APPLICATION_DATA 23
+
+#define SSL_ALERT_LEVEL_WARNING 1
+#define SSL_ALERT_LEVEL_FATAL 2
+
+#define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
+#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
+#define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
+#define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
+#define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
+#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
+#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
+#define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
+#define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
+#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
+#define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
+#define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
+#define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
+#define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
+#define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
+#define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
+#define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
+#define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
+#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
+#define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
+#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
+#define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
+#define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
+#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
+#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
+#define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
+#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
+
+#define SSL_HS_HELLO_REQUEST 0
+#define SSL_HS_CLIENT_HELLO 1
+#define SSL_HS_SERVER_HELLO 2
+#define SSL_HS_NEW_SESSION_TICKET 4
+#define SSL_HS_CERTIFICATE 11
+#define SSL_HS_SERVER_KEY_EXCHANGE 12
+#define SSL_HS_CERTIFICATE_REQUEST 13
+#define SSL_HS_SERVER_HELLO_DONE 14
+#define SSL_HS_CERTIFICATE_VERIFY 15
+#define SSL_HS_CLIENT_KEY_EXCHANGE 16
+#define SSL_HS_FINISHED 20
+
+/*
+ * TLS extensions
+ */
+#define TLS_EXT_SERVERNAME 0
+#define TLS_EXT_SERVERNAME_HOSTNAME 0
+
+#define TLS_EXT_MAX_FRAGMENT_LENGTH 1
+
+#define TLS_EXT_TRUNCATED_HMAC 4
+
+#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
+#define TLS_EXT_SUPPORTED_POINT_FORMATS 11
+
+#define TLS_EXT_SIG_ALG 13
+
+#define TLS_EXT_SESSION_TICKET 35
+
+#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
+
+/*
+ * TLS extension flags (for extensions with outgoing ServerHello content
+ * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
+ * of state of the renegotiation flag, so no indicator is required)
+ */
+#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
+
+/*
+ * Size defines
+ */
+#if !defined(POLARSSL_MPI_MAX_SIZE)
+#define POLARSSL_PREMASTER_SIZE 512
+#else
+#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Generic function pointers for allowing external RSA private key
+ * implementations.
+ */
+typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len );
+typedef int (*rsa_sign_func)( void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ int mode, int hash_id, unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig );
+typedef size_t (*rsa_key_len_func)( void *ctx );
+
+/*
+ * SSL state machine
+ */
+typedef enum
+{
+ SSL_HELLO_REQUEST,
+ SSL_CLIENT_HELLO,
+ SSL_SERVER_HELLO,
+ SSL_SERVER_CERTIFICATE,
+ SSL_SERVER_KEY_EXCHANGE,
+ SSL_CERTIFICATE_REQUEST,
+ SSL_SERVER_HELLO_DONE,
+ SSL_CLIENT_CERTIFICATE,
+ SSL_CLIENT_KEY_EXCHANGE,
+ SSL_CERTIFICATE_VERIFY,
+ SSL_CLIENT_CHANGE_CIPHER_SPEC,
+ SSL_CLIENT_FINISHED,
+ SSL_SERVER_CHANGE_CIPHER_SPEC,
+ SSL_SERVER_FINISHED,
+ SSL_FLUSH_BUFFERS,
+ SSL_HANDSHAKE_WRAPUP,
+ SSL_HANDSHAKE_OVER,
+ SSL_SERVER_NEW_SESSION_TICKET,
+}
+ssl_states;
+
+typedef struct _ssl_session ssl_session;
+typedef struct _ssl_context ssl_context;
+typedef struct _ssl_transform ssl_transform;
+typedef struct _ssl_handshake_params ssl_handshake_params;
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+typedef struct _ssl_ticket_keys ssl_ticket_keys;
+#endif
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+typedef struct _ssl_key_cert ssl_key_cert;
+#endif
+
+/*
+ * This structure is used for storing current session data.
+ */
+struct _ssl_session
+{
+#if defined(POLARSSL_HAVE_TIME)
+ time_t start; /*!< starting time */
+#endif
+ int ciphersuite; /*!< chosen ciphersuite */
+ int compression; /*!< chosen compression */
+ size_t length; /*!< session id length */
+ unsigned char id[32]; /*!< session identifier */
+ unsigned char master[48]; /*!< the master secret */
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt *peer_cert; /*!< peer X.509 cert chain */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+ int verify_result; /*!< verification result */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ unsigned char *ticket; /*!< RFC 5077 session ticket */
+ size_t ticket_len; /*!< session ticket length */
+ uint32_t ticket_lifetime; /*!< ticket lifetime hint */
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ int trunc_hmac; /*!< flag for truncated hmac activation */
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+};
+
+/*
+ * This structure contains a full set of runtime transform parameters
+ * either in negotiation or active.
+ */
+struct _ssl_transform
+{
+ /*
+ * Session specific crypto layer
+ */
+ const ssl_ciphersuite_t *ciphersuite_info;
+ /*!< Chosen cipersuite_info */
+ unsigned int keylen; /*!< symmetric key length */
+ size_t minlen; /*!< min. ciphertext length */
+ size_t ivlen; /*!< IV length */
+ size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
+ size_t maclen; /*!< MAC length */
+
+ unsigned char iv_enc[16]; /*!< IV (encryption) */
+ unsigned char iv_dec[16]; /*!< IV (decryption) */
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ /* Needed only for SSL v3.0 secret */
+ unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */
+ unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+
+ md_context_t md_ctx_enc; /*!< MAC (encryption) */
+ md_context_t md_ctx_dec; /*!< MAC (decryption) */
+
+ cipher_context_t cipher_ctx_enc; /*!< encryption context */
+ cipher_context_t cipher_ctx_dec; /*!< decryption context */
+
+ /*
+ * Session specific compression layer
+ */
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ z_stream ctx_deflate; /*!< compression context */
+ z_stream ctx_inflate; /*!< decompression context */
+#endif
+};
+
+/*
+ * This structure contains the parameters only needed during handshake.
+ */
+struct _ssl_handshake_params
+{
+ /*
+ * Handshake specific crypto variables
+ */
+ int sig_alg; /*!< Signature algorithm */
+ int cert_type; /*!< Requested cert type */
+ int verify_sig_alg; /*!< Signature algorithm for verify */
+#if defined(POLARSSL_DHM_C)
+ dhm_context dhm_ctx; /*!< DHM key exchange */
+#endif
+#if defined(POLARSSL_ECDH_C)
+ ecdh_context ecdh_ctx; /*!< ECDH key exchange */
+#endif
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ const ecp_curve_info **curves; /*!< Supported elliptic curves */
+#endif
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ /**
+ * Current key/cert or key/cert list.
+ * On client: pointer to ssl->key_cert, only the first entry used.
+ * On server: starts as a pointer to ssl->key_cert, then becomes
+ * a pointer to the chosen key from this list or the SNI list.
+ */
+ ssl_key_cert *key_cert;
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
+#endif
+#endif
+
+ /*
+ * Checksum contexts
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ md5_context fin_md5;
+ sha1_context fin_sha1;
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+ sha256_context fin_sha256;
+#endif
+#if defined(POLARSSL_SHA512_C)
+ sha512_context fin_sha512;
+#endif
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+ void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
+ void (*calc_verify)(ssl_context *, unsigned char *);
+ void (*calc_finished)(ssl_context *, unsigned char *, int);
+ int (*tls_prf)(const unsigned char *, size_t, const char *,
+ const unsigned char *, size_t,
+ unsigned char *, size_t);
+
+ size_t pmslen; /*!< premaster length */
+
+ unsigned char randbytes[64]; /*!< random bytes */
+ unsigned char premaster[POLARSSL_PREMASTER_SIZE];
+ /*!< premaster secret */
+
+ int resume; /*!< session resume indicator*/
+ int max_major_ver; /*!< max. major version client*/
+ int max_minor_ver; /*!< max. minor version client*/
+ int cli_exts; /*!< client extension presence*/
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ int new_session_ticket; /*!< use NewSessionTicket? */
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+};
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+/*
+ * Parameters needed to secure session tickets
+ */
+struct _ssl_ticket_keys
+{
+ unsigned char key_name[16]; /*!< name to quickly discard bad tickets */
+ aes_context enc; /*!< encryption context */
+ aes_context dec; /*!< decryption context */
+ unsigned char mac_key[16]; /*!< authentication key */
+};
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/*
+ * List of certificate + private key pairs
+ */
+struct _ssl_key_cert
+{
+ x509_crt *cert; /*!< cert */
+ pk_context *key; /*!< private key */
+ int key_own_alloc; /*!< did we allocate key? */
+ ssl_key_cert *next; /*!< next key/cert pair */
+};
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+struct _ssl_context
+{
+ /*
+ * Miscellaneous
+ */
+ int state; /*!< SSL handshake: current state */
+ int renegotiation; /*!< Initial or renegotiation */
+
+ int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
+ int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
+
+ int max_major_ver; /*!< max. major version used */
+ int max_minor_ver; /*!< max. minor version used */
+ int min_major_ver; /*!< min. major version used */
+ int min_minor_ver; /*!< min. minor version used */
+
+ /*
+ * Callbacks (RNG, debug, I/O, verification)
+ */
+ int (*f_rng)(void *, unsigned char *, size_t);
+ void (*f_dbg)(void *, int, const char *);
+ int (*f_recv)(void *, unsigned char *, size_t);
+ int (*f_send)(void *, const unsigned char *, size_t);
+ int (*f_get_cache)(void *, ssl_session *);
+ int (*f_set_cache)(void *, const ssl_session *);
+
+ void *p_rng; /*!< context for the RNG function */
+ void *p_dbg; /*!< context for the debug function */
+ void *p_recv; /*!< context for reading operations */
+ void *p_send; /*!< context for writing operations */
+ void *p_get_cache; /*!< context for cache retrieval */
+ void *p_set_cache; /*!< context for cache store */
+ void *p_hw_data; /*!< context for HW acceleration */
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
+ void *p_sni; /*!< context for SNI extension */
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ int (*f_vrfy)(void *, x509_crt *, int, int *);
+ void *p_vrfy; /*!< context for verification */
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
+ void *p_psk; /*!< context for PSK retrieval */
+#endif
+
+ /*
+ * Session layer
+ */
+ ssl_session *session_in; /*!< current session data (in) */
+ ssl_session *session_out; /*!< current session data (out) */
+ ssl_session *session; /*!< negotiated session data */
+ ssl_session *session_negotiate; /*!< session data in negotiation */
+
+ ssl_handshake_params *handshake; /*!< params required only during
+ the handshake process */
+
+ /*
+ * Record layer transformations
+ */
+ ssl_transform *transform_in; /*!< current transform params (in) */
+ ssl_transform *transform_out; /*!< current transform params (in) */
+ ssl_transform *transform; /*!< negotiated transform params */
+ ssl_transform *transform_negotiate; /*!< transform params in negotiation */
+
+ /*
+ * Record layer (incoming data)
+ */
+ unsigned char *in_ctr; /*!< 64-bit incoming message counter */
+ unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
+ unsigned char *in_iv; /*!< ivlen-byte IV (in_hdr+5) */
+ unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
+ unsigned char *in_offt; /*!< read offset in application data */
+
+ int in_msgtype; /*!< record header: message type */
+ size_t in_msglen; /*!< record header: message length */
+ size_t in_left; /*!< amount of data read so far */
+
+ size_t in_hslen; /*!< current handshake message length */
+ int nb_zero; /*!< # of 0-length encrypted messages */
+ int record_read; /*!< record is already present */
+
+ /*
+ * Record layer (outgoing data)
+ */
+ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
+ unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
+ unsigned char *out_iv; /*!< ivlen-byte IV (out_hdr+5) */
+ unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
+
+ int out_msgtype; /*!< record header: message type */
+ size_t out_msglen; /*!< record header: message length */
+ size_t out_left; /*!< amount of data not yet written */
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ unsigned char *compress_buf; /*!< zlib data buffer */
+#endif
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+ /*
+ * PKI layer
+ */
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
+
+ x509_crt *ca_chain; /*!< own trusted CA chain */
+ x509_crl *ca_crl; /*!< trusted CA CRLs */
+ const char *peer_cn; /*!< expected peer CN */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ /*
+ * Support for generating and checking session tickets
+ */
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+ /*
+ * User settings
+ */
+ int endpoint; /*!< 0: client, 1: server */
+ int authmode; /*!< verification mode */
+ int client_auth; /*!< flag for client auth. */
+ int verify_result; /*!< verification result */
+ int disable_renegotiation; /*!< enable/disable renegotiation */
+ int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
+ const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ int trunc_hmac; /*!< negotiate truncated hmac? */
+#endif
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ int session_tickets; /*!< use session tickets? */
+ int ticket_lifetime; /*!< session ticket lifetime */
+#endif
+
+#if defined(POLARSSL_DHM_C)
+ mpi dhm_P; /*!< prime modulus for DHM */
+ mpi dhm_G; /*!< generator for DHM */
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ /*
+ * PSK values
+ */
+ unsigned char *psk;
+ size_t psk_len;
+ unsigned char *psk_identity;
+ size_t psk_identity_len;
+#endif
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ /*
+ * SNI extension
+ */
+ unsigned char *hostname;
+ size_t hostname_len;
+#endif
+
+ /*
+ * Secure renegotiation
+ */
+ int secure_renegotiation; /*!< does peer support legacy or
+ secure renegotiation */
+ size_t verify_data_len; /*!< length of verify data stored */
+ char own_verify_data[36]; /*!< previous handshake verify data */
+ char peer_verify_data[36]; /*!< previous handshake verify data */
+};
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+
+#define SSL_CHANNEL_OUTBOUND 0
+#define SSL_CHANNEL_INBOUND 1
+
+extern int (*ssl_hw_record_init)(ssl_context *ssl,
+ const unsigned char *key_enc, const unsigned char *key_dec,
+ size_t keylen,
+ const unsigned char *iv_enc, const unsigned char *iv_dec,
+ size_t ivlen,
+ const unsigned char *mac_enc, const unsigned char *mac_dec,
+ size_t maclen);
+extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
+extern int (*ssl_hw_record_reset)(ssl_context *ssl);
+extern int (*ssl_hw_record_write)(ssl_context *ssl);
+extern int (*ssl_hw_record_read)(ssl_context *ssl);
+extern int (*ssl_hw_record_finish)(ssl_context *ssl);
+#endif
+
+/**
+ * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
+ *
+ * \return a statically allocated array of ciphersuites, the last
+ * entry is 0.
+ */
+const int *ssl_list_ciphersuites( void );
+
+/**
+ * \brief Return the name of the ciphersuite associated with the given
+ * ID
+ *
+ * \param ciphersuite_id SSL ciphersuite ID
+ *
+ * \return a string containing the ciphersuite name
+ */
+const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
+
+/**
+ * \brief Return the ID of the ciphersuite associated with the given
+ * name
+ *
+ * \param ciphersuite_name SSL ciphersuite name
+ *
+ * \return the ID with the ciphersuite or 0 if not found
+ */
+int ssl_get_ciphersuite_id( const char *ciphersuite_name );
+
+/**
+ * \brief Initialize an SSL context
+ * (An individual SSL context is not thread-safe)
+ *
+ * \param ssl SSL context
+ *
+ * \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
+ * memory allocation failed
+ */
+int ssl_init( ssl_context *ssl );
+
+/**
+ * \brief Reset an already initialized SSL context for re-use
+ * while retaining application-set variables, function
+ * pointers and data.
+ *
+ * \param ssl SSL context
+ * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
+ POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
+ * POLARSSL_ERR_SSL_COMPRESSION_FAILED
+ */
+int ssl_session_reset( ssl_context *ssl );
+
+/**
+ * \brief Set the current endpoint type
+ *
+ * \param ssl SSL context
+ * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
+ *
+ * \note This function should be called right after ssl_init() since
+ * some other ssl_set_foo() functions depend on it.
+ */
+void ssl_set_endpoint( ssl_context *ssl, int endpoint );
+
+/**
+ * \brief Set the certificate verification mode
+ *
+ * \param ssl SSL context
+ * \param authmode can be:
+ *
+ * SSL_VERIFY_NONE: peer certificate is not checked (default),
+ * this is insecure and SHOULD be avoided.
+ *
+ * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
+ * handshake continues even if verification failed;
+ * ssl_get_verify_result() can be called after the
+ * handshake is complete.
+ *
+ * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
+ * handshake is aborted if verification failed.
+ */
+void ssl_set_authmode( ssl_context *ssl, int authmode );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/**
+ * \brief Set the verification callback (Optional).
+ *
+ * If set, the verify callback is called for each
+ * certificate in the chain. For implementation
+ * information, please see \c x509parse_verify()
+ *
+ * \param ssl SSL context
+ * \param f_vrfy verification function
+ * \param p_vrfy verification parameter
+ */
+void ssl_set_verify( ssl_context *ssl,
+ int (*f_vrfy)(void *, x509_crt *, int, int *),
+ void *p_vrfy );
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+/**
+ * \brief Set the random number generator callback
+ *
+ * \param ssl SSL context
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ */
+void ssl_set_rng( ssl_context *ssl,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief Set the debug callback
+ *
+ * \param ssl SSL context
+ * \param f_dbg debug function
+ * \param p_dbg debug parameter
+ */
+void ssl_set_dbg( ssl_context *ssl,
+ void (*f_dbg)(void *, int, const char *),
+ void *p_dbg );
+
+/**
+ * \brief Set the underlying BIO read and write callbacks
+ *
+ * \param ssl SSL context
+ * \param f_recv read callback
+ * \param p_recv read parameter
+ * \param f_send write callback
+ * \param p_send write parameter
+ */
+void ssl_set_bio( ssl_context *ssl,
+ int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
+ int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
+
+/**
+ * \brief Set the session cache callbacks (server-side only)
+ * If not set, no session resuming is done.
+ *
+ * The session cache has the responsibility to check for stale
+ * entries based on timeout. See RFC 5246 for recommendations.
+ *
+ * Warning: session.peer_cert is cleared by the SSL/TLS layer on
+ * connection shutdown, so do not cache the pointer! Either set
+ * it to NULL or make a full copy of the certificate.
+ *
+ * The get callback is called once during the initial handshake
+ * to enable session resuming. The get function has the
+ * following parameters: (void *parameter, ssl_session *session)
+ * If a valid entry is found, it should fill the master of
+ * the session object with the cached values and return 0,
+ * return 1 otherwise. Optionally peer_cert can be set as well
+ * if it is properly present in cache entry.
+ *
+ * The set callback is called once during the initial handshake
+ * to enable session resuming after the entire handshake has
+ * been finished. The set function has the following parameters:
+ * (void *parameter, const ssl_session *session). The function
+ * should create a cache entry for future retrieval based on
+ * the data in the session structure and should keep in mind
+ * that the ssl_session object presented (and all its referenced
+ * data) is cleared by the SSL/TLS layer when the connection is
+ * terminated. It is recommended to add metadata to determine if
+ * an entry is still valid in the future. Return 0 if
+ * successfully cached, return 1 otherwise.
+ *
+ * \param ssl SSL context
+ * \param f_get_cache session get callback
+ * \param p_get_cache session get parameter
+ * \param f_set_cache session set callback
+ * \param p_set_cache session set parameter
+ */
+void ssl_set_session_cache( ssl_context *ssl,
+ int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
+ int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
+
+/**
+ * \brief Request resumption of session (client-side only)
+ * Session data is copied from presented session structure.
+ *
+ * \param ssl SSL context
+ * \param session session context
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
+ * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ * arguments are otherwise invalid
+ *
+ * \sa ssl_get_session()
+ */
+int ssl_set_session( ssl_context *ssl, const ssl_session *session );
+
+/**
+ * \brief Set the list of allowed ciphersuites
+ * (Overrides all version specific lists)
+ *
+ * \param ssl SSL context
+ * \param ciphersuites 0-terminated list of allowed ciphersuites
+ */
+void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
+
+/**
+ * \brief Set the list of allowed ciphersuites for a specific
+ * version of the protocol.
+ * (Only useful on the server side)
+ *
+ * \param ssl SSL context
+ * \param ciphersuites 0-terminated list of allowed ciphersuites
+ * \param major Major version number (only SSL_MAJOR_VERSION_3
+ * supported)
+ * \param minor Minor version number (SSL_MINOR_VERSION_0,
+ * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
+ * SSL_MINOR_VERSION_3 supported)
+ */
+void ssl_set_ciphersuites_for_version( ssl_context *ssl,
+ const int *ciphersuites,
+ int major, int minor );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/**
+ * \brief Set the data required to verify peer certificate
+ *
+ * \param ssl SSL context
+ * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+ * \param ca_crl trusted CA CRLs
+ * \param peer_cn expected peer CommonName (or NULL)
+ */
+void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
+ x509_crl *ca_crl, const char *peer_cn );
+
+/**
+ * \brief Set own certificate chain and private key
+ *
+ * \note own_cert should contain in order from the bottom up your
+ * certificate chain. The top certificate (self-signed)
+ * can be omitted.
+ *
+ * \note This function may be called more than once if you want to
+ * support multiple certificates (eg, one using RSA and one
+ * using ECDSA). However, on client, currently only the first
+ * certificate is used (subsequent calls have no effect).
+ *
+ * \param ssl SSL context
+ * \param own_cert own public certificate chain
+ * \param pk_key own private key
+ *
+ * \return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED
+ */
+int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
+ pk_context *pk_key );
+
+#if defined(POLARSSL_RSA_C)
+/**
+ * \brief Set own certificate chain and private RSA key
+ *
+ * Note: own_cert should contain IN order from the bottom
+ * up your certificate chain. The top certificate (self-signed)
+ * can be omitted.
+ *
+ * \param ssl SSL context
+ * \param own_cert own public certificate chain
+ * \param rsa_key own private RSA key
+ *
+ * \return 0 on success, or a specific error code.
+ */
+int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
+ rsa_context *rsa_key );
+#endif /* POLARSSL_RSA_C */
+
+/**
+ * \brief Set own certificate and alternate non-PolarSSL RSA private
+ * key and handling callbacks, such as the PKCS#11 wrappers
+ * or any other external private key handler.
+ * (see the respective RSA functions in rsa.h for documentation
+ * of the callback parameters, with the only change being
+ * that the rsa_context * is a void * in the callbacks)
+ *
+ * Note: own_cert should contain IN order from the bottom
+ * up your certificate chain. The top certificate (self-signed)
+ * can be omitted.
+ *
+ * \param ssl SSL context
+ * \param own_cert own public certificate chain
+ * \param rsa_key alternate implementation private RSA key
+ * \param rsa_decrypt alternate implementation of \c rsa_pkcs1_decrypt()
+ * \param rsa_sign alternate implementation of \c rsa_pkcs1_sign()
+ * \param rsa_key_len function returning length of RSA key in bytes
+ *
+ * \return 0 on success, or a specific error code.
+ */
+int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
+ void *rsa_key,
+ rsa_decrypt_func rsa_decrypt,
+ rsa_sign_func rsa_sign,
+ rsa_key_len_func rsa_key_len );
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+/**
+ * \brief Set the Pre Shared Key (PSK) and the identity name connected
+ * to it.
+ *
+ * \param ssl SSL context
+ * \param psk pointer to the pre-shared key
+ * \param psk_len pre-shared key length
+ * \param psk_identity pointer to the pre-shared key identity
+ * \param psk_identity_len identity key length
+ *
+ * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
+ */
+int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
+ const unsigned char *psk_identity, size_t psk_identity_len );
+
+/**
+ * \brief Set the PSK callback (server-side only) (Optional).
+ *
+ * If set, the PSK callback is called for each
+ * handshake where a PSK ciphersuite was negotiated.
+ * The callback provides the identity received and wants to
+ * receive the actual PSK data and length.
+ *
+ * The callback has the following parameters: (void *parameter,
+ * ssl_context *ssl, const unsigned char *psk_identity,
+ * size_t identity_len)
+ * If a valid PSK identity is found, the callback should use
+ * ssl_set_psk() on the ssl context to set the correct PSK and
+ * identity and return 0.
+ * Any other return value will result in a denied PSK identity.
+ *
+ * \param ssl SSL context
+ * \param f_psk PSK identity function
+ * \param p_psk PSK identity parameter
+ */
+void ssl_set_psk_cb( ssl_context *ssl,
+ int (*f_psk)(void *, ssl_context *, const unsigned char *,
+ size_t),
+ void *p_psk );
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(POLARSSL_DHM_C)
+/**
+ * \brief Set the Diffie-Hellman public P and G values,
+ * read as hexadecimal strings (server-side only)
+ * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
+ *
+ * \param ssl SSL context
+ * \param dhm_P Diffie-Hellman-Merkle modulus
+ * \param dhm_G Diffie-Hellman-Merkle generator
+ *
+ * \return 0 if successful
+ */
+int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
+
+/**
+ * \brief Set the Diffie-Hellman public P and G values,
+ * read from existing context (server-side only)
+ *
+ * \param ssl SSL context
+ * \param dhm_ctx Diffie-Hellman-Merkle context
+ *
+ * \return 0 if successful
+ */
+int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
+#endif
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+/**
+ * \brief Set hostname for ServerName TLS extension
+ * (client-side only)
+ *
+ *
+ * \param ssl SSL context
+ * \param hostname the server hostname
+ *
+ * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
+ */
+int ssl_set_hostname( ssl_context *ssl, const char *hostname );
+
+/**
+ * \brief Set server side ServerName TLS extension callback
+ * (optional, server-side only).
+ *
+ * If set, the ServerName callback is called whenever the
+ * server receives a ServerName TLS extension from the client
+ * during a handshake. The ServerName callback has the
+ * following parameters: (void *parameter, ssl_context *ssl,
+ * const unsigned char *hostname, size_t len). If a suitable
+ * certificate is found, the callback should set the
+ * certificate and key to use with ssl_set_own_cert() (and
+ * possibly adjust the CA chain as well) and return 0. The
+ * callback should return -1 to abort the handshake at this
+ * point.
+ *
+ * \param ssl SSL context
+ * \param f_sni verification function
+ * \param p_sni verification parameter
+ */
+void ssl_set_sni( ssl_context *ssl,
+ int (*f_sni)(void *, ssl_context *, const unsigned char *,
+ size_t),
+ void *p_sni );
+#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
+
+/**
+ * \brief Set the maximum supported version sent from the client side
+ * and/or accepted at the server side
+ * (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION)
+ *
+ * Note: This ignores ciphersuites from 'higher' versions.
+ * Note: Input outside of the SSL_MAX_XXXXX_VERSION and
+ * SSL_MIN_XXXXX_VERSION range is ignored.
+ *
+ * \param ssl SSL context
+ * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
+ * \param minor Minor version number (SSL_MINOR_VERSION_0,
+ * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
+ * SSL_MINOR_VERSION_3 supported)
+ */
+void ssl_set_max_version( ssl_context *ssl, int major, int minor );
+
+
+/**
+ * \brief Set the minimum accepted SSL/TLS protocol version
+ * (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
+ *
+ * Note: Input outside of the SSL_MAX_XXXXX_VERSION and
+ * SSL_MIN_XXXXX_VERSION range is ignored.
+ *
+ * \param ssl SSL context
+ * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
+ * \param minor Minor version number (SSL_MINOR_VERSION_0,
+ * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
+ * SSL_MINOR_VERSION_3 supported)
+ */
+void ssl_set_min_version( ssl_context *ssl, int major, int minor );
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief Set the maximum fragment length to emit and/or negotiate
+ * (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ * (Server: set maximum fragment length to emit,
+ * usually negotiated by the client during handshake
+ * (Client: set maximum fragment length to emit *and*
+ * negotiate with the server during handshake)
+ *
+ * \param ssl SSL context
+ * \param mfl_code Code for maximum fragment length (allowed values:
+ * SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
+ * SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
+ *
+ * \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
+ */
+int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+/**
+ * \brief Activate negotiation of truncated HMAC (Client only)
+ * (Default: SSL_TRUNC_HMAC_ENABLED)
+ *
+ * \param ssl SSL context
+ * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
+ * SSL_TRUNC_HMAC_DISABLED)
+ *
+ * \return O if successful,
+ * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
+ */
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+/**
+ * \brief Enable / Disable session tickets
+ * (Default: SSL_SESSION_TICKETS_ENABLED on client,
+ * SSL_SESSION_TICKETS_DISABLED on server)
+ *
+ * \note On server, ssl_set_rng() must be called before this function
+ * to allow generating the ticket encryption and
+ * authentication keys.
+ *
+ * \param ssl SSL context
+ * \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or
+ * SSL_SESSION_TICKETS_DISABLED)
+ *
+ * \return O if successful,
+ * or a specific error code (server only).
+ */
+int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
+
+/**
+ * \brief Set session ticket lifetime (server only)
+ * (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
+ *
+ * \param ssl SSL context
+ * \param lifetime session ticket lifetime
+ */
+void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+/**
+ * \brief Enable / Disable renegotiation support for connection when
+ * initiated by peer
+ * (Default: SSL_RENEGOTIATION_DISABLED)
+ *
+ * Note: A server with support enabled is more vulnerable for a
+ * resource DoS by a malicious client. You should enable this on
+ * a client to enable server-initiated renegotiation.
+ *
+ * \param ssl SSL context
+ * \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
+ * SSL_RENEGOTIATION_DISABLED)
+ */
+void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
+
+/**
+ * \brief Prevent or allow legacy renegotiation.
+ * (Default: SSL_LEGACY_NO_RENEGOTIATION)
+ *
+ * SSL_LEGACY_NO_RENEGOTIATION allows connections to
+ * be established even if the peer does not support
+ * secure renegotiation, but does not allow renegotiation
+ * to take place if not secure.
+ * (Interoperable and secure option)
+ *
+ * SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+ * with non-upgraded peers. Allowing legacy renegotiation
+ * makes the connection vulnerable to specific man in the
+ * middle attacks. (See RFC 5746)
+ * (Most interoperable and least secure option)
+ *
+ * SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+ * if peer does not support secure renegotiation. Results
+ * in interoperability issues with non-upgraded peers
+ * that do not support renegotiation altogether.
+ * (Most secure option, interoperability issues)
+ *
+ * \param ssl SSL context
+ * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+ * SSL_ALLOW_LEGACY_RENEGOTIATION or
+ * SSL_LEGACY_BREAK_HANDSHAKE)
+ */
+void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
+
+/**
+ * \brief Return the number of data bytes available to read
+ *
+ * \param ssl SSL context
+ *
+ * \return how many bytes are available in the read buffer
+ */
+size_t ssl_get_bytes_avail( const ssl_context *ssl );
+
+/**
+ * \brief Return the result of the certificate verification
+ *
+ * \param ssl SSL context
+ *
+ * \return 0 if successful, or a combination of:
+ * BADCERT_EXPIRED
+ * BADCERT_REVOKED
+ * BADCERT_CN_MISMATCH
+ * BADCERT_NOT_TRUSTED
+ */
+int ssl_get_verify_result( const ssl_context *ssl );
+
+/**
+ * \brief Return the name of the current ciphersuite
+ *
+ * \param ssl SSL context
+ *
+ * \return a string containing the ciphersuite name
+ */
+const char *ssl_get_ciphersuite( const ssl_context *ssl );
+
+/**
+ * \brief Return the current SSL version (SSLv3/TLSv1/etc)
+ *
+ * \param ssl SSL context
+ *
+ * \return a string containing the SSL version
+ */
+const char *ssl_get_version( const ssl_context *ssl );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/**
+ * \brief Return the peer certificate from the current connection
+ *
+ * Note: Can be NULL in case no certificate was sent during
+ * the handshake. Different calls for the same connection can
+ * return the same or different pointers for the same
+ * certificate and even a different certificate altogether.
+ * The peer cert CAN change in a single connection if
+ * renegotiation is performed.
+ *
+ * \param ssl SSL context
+ *
+ * \return the current peer certificate
+ */
+const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+/**
+ * \brief Save session in order to resume it later (client-side only)
+ * Session data is copied to presented session structure.
+ *
+ * \warning Currently, peer certificate is lost in the operation.
+ *
+ * \param ssl SSL context
+ * \param session session context
+ *
+ * \return 0 if successful,
+ * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
+ * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ * arguments are otherwise invalid
+ *
+ * \sa ssl_set_session()
+ */
+int ssl_get_session( const ssl_context *ssl, ssl_session *session );
+
+/**
+ * \brief Perform the SSL handshake
+ *
+ * \param ssl SSL context
+ *
+ * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
+ * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
+ */
+int ssl_handshake( ssl_context *ssl );
+
+/**
+ * \brief Perform a single step of the SSL handshake
+ *
+ * Note: the state of the context (ssl->state) will be at
+ * the following state after execution of this function.
+ * Do not call this function if state is SSL_HANDSHAKE_OVER.
+ *
+ * \param ssl SSL context
+ *
+ * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
+ * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
+ */
+int ssl_handshake_step( ssl_context *ssl );
+
+/**
+ * \brief Initiate an SSL renegotiation on the running connection.
+ * Client: perform the renegotiation right now.
+ * Server: request renegotiation, which will be performed
+ * during the next call to ssl_read() if honored by client.
+ *
+ * \param ssl SSL context
+ *
+ * \return 0 if successful, or any ssl_handshake() return value.
+ */
+int ssl_renegotiate( ssl_context *ssl );
+
+/**
+ * \brief Read at most 'len' application data bytes
+ *
+ * \param ssl SSL context
+ * \param buf buffer that will hold the data
+ * \param len how many bytes must be read
+ *
+ * \return This function returns the number of bytes read, 0 for EOF,
+ * or a negative error code.
+ */
+int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
+
+/**
+ * \brief Write exactly 'len' application data bytes
+ *
+ * \param ssl SSL context
+ * \param buf buffer holding the data
+ * \param len how many bytes must be written
+ *
+ * \return This function returns the number of bytes written,
+ * or a negative error code.
+ *
+ * \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
+ * it must be called later with the *same* arguments,
+ * until it returns a positive value.
+ */
+int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
+
+/**
+ * \brief Send an alert message
+ *
+ * \param ssl SSL context
+ * \param level The alert level of the message
+ * (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
+ * \param message The alert message (SSL_ALERT_MSG_*)
+ *
+ * \return 0 if successful, or a specific SSL error code.
+ */
+int ssl_send_alert_message( ssl_context *ssl,
+ unsigned char level,
+ unsigned char message );
+/**
+ * \brief Notify the peer that the connection is being closed
+ *
+ * \param ssl SSL context
+ */
+int ssl_close_notify( ssl_context *ssl );
+
+/**
+ * \brief Free referenced items in an SSL context and clear memory
+ *
+ * \param ssl SSL context
+ */
+void ssl_free( ssl_context *ssl );
+
+/**
+ * \brief Free referenced items in an SSL session including the
+ * peer certificate and clear memory
+ *
+ * \param session SSL session
+ */
+void ssl_session_free( ssl_session *session );
+
+/**
+ * \brief Free referenced items in an SSL transform context and clear
+ * memory
+ *
+ * \param transform SSL transform context
+ */
+void ssl_transform_free( ssl_transform *transform );
+
+/**
+ * \brief Free referenced items in an SSL handshake context and clear
+ * memory
+ *
+ * \param handshake SSL handshake context
+ */
+void ssl_handshake_free( ssl_handshake_params *handshake );
+
+/*
+ * Internal functions (do not call directly)
+ */
+int ssl_handshake_client_step( ssl_context *ssl );
+int ssl_handshake_server_step( ssl_context *ssl );
+void ssl_handshake_wrapup( ssl_context *ssl );
+
+int ssl_send_fatal_handshake_failure( ssl_context *ssl );
+
+int ssl_derive_keys( ssl_context *ssl );
+
+int ssl_read_record( ssl_context *ssl );
+/**
+ * \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or
+ * another negative error code.
+ */
+int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
+
+int ssl_write_record( ssl_context *ssl );
+int ssl_flush_output( ssl_context *ssl );
+
+int ssl_parse_certificate( ssl_context *ssl );
+int ssl_write_certificate( ssl_context *ssl );
+
+int ssl_parse_change_cipher_spec( ssl_context *ssl );
+int ssl_write_change_cipher_spec( ssl_context *ssl );
+
+int ssl_parse_finished( ssl_context *ssl );
+int ssl_write_finished( ssl_context *ssl );
+
+void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
+#endif
+
+#if defined(POLARSSL_PK_C)
+unsigned char ssl_sig_from_pk( pk_context *pk );
+pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
+#endif
+
+md_type_t ssl_md_alg_from_hash( unsigned char hash );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+static inline pk_context *ssl_own_key( ssl_context *ssl )
+{
+ return( ssl->handshake->key_cert == NULL ? NULL
+ : ssl->handshake->key_cert->key );
+}
+
+static inline x509_crt *ssl_own_cert( ssl_context *ssl )
+{
+ return( ssl->handshake->key_cert == NULL ? NULL
+ : ssl->handshake->key_cert->cert );
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+/* constant-time buffer comparison */
+static inline int safer_memcmp( const void *a, const void *b, size_t n )
+{
+ size_t i;
+ const unsigned char *A = (const unsigned char *) a;
+ const unsigned char *B = (const unsigned char *) b;
+ unsigned char diff = 0;
+
+ for( i = 0; i < n; i++ )
+ diff |= A[i] ^ B[i];
+
+ return( diff );
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl.h */
--- /dev/null
+/**
+ * \file ssl_cache.h
+ *
+ * \brief SSL session cache implementation
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_SSL_CACHE_H
+#define POLARSSL_SSL_CACHE_H
+
+#include "ssl.h"
+
+#if defined(POLARSSL_THREADING_C)
+#include "threading.h"
+#endif
+
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
+#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct _ssl_cache_context ssl_cache_context;
+typedef struct _ssl_cache_entry ssl_cache_entry;
+
+/**
+ * \brief This structure is used for storing cache entries
+ */
+struct _ssl_cache_entry
+{
+#if defined(POLARSSL_HAVE_TIME)
+ time_t timestamp; /*!< entry timestamp */
+#endif
+ ssl_session session; /*!< entry session */
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_buf peer_cert; /*!< entry peer_cert */
+#endif
+ ssl_cache_entry *next; /*!< chain pointer */
+};
+
+/**
+ * \brief Cache context
+ */
+struct _ssl_cache_context
+{
+ ssl_cache_entry *chain; /*!< start of the chain */
+ int timeout; /*!< cache entry timeout */
+ int max_entries; /*!< maximum entries */
+#if defined(POLARSSL_THREADING_C)
+ threading_mutex_t mutex; /*!< mutex */
+#endif
+};
+
+/**
+ * \brief Initialize an SSL cache context
+ *
+ * \param cache SSL cache context
+ */
+void ssl_cache_init( ssl_cache_context *cache );
+
+/**
+ * \brief Cache get callback implementation
+ * (Thread-safe if POLARSSL_THREADING_C is enabled)
+ *
+ * \param data SSL cache context
+ * \param session session to retrieve entry for
+ */
+int ssl_cache_get( void *data, ssl_session *session );
+
+/**
+ * \brief Cache set callback implementation
+ * (Thread-safe if POLARSSL_THREADING_C is enabled)
+ *
+ * \param data SSL cache context
+ * \param session session to store entry for
+ */
+int ssl_cache_set( void *data, const ssl_session *session );
+
+#if defined(POLARSSL_HAVE_TIME)
+/**
+ * \brief Set the cache timeout
+ * (Default: SSL_CACHE_DEFAULT_TIMEOUT (1 day))
+ *
+ * A timeout of 0 indicates no timeout.
+ *
+ * \param cache SSL cache context
+ * \param timeout cache entry timeout
+ */
+void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout );
+#endif /* POLARSSL_HAVE_TIME */
+
+/**
+ * \brief Set the cache timeout
+ * (Default: SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
+ *
+ * \param cache SSL cache context
+ * \param max cache entry maximum
+ */
+void ssl_cache_set_max_entries( ssl_cache_context *cache, int max );
+
+/**
+ * \brief Free referenced items in a cache context and clear memory
+ *
+ * \param cache SSL cache context
+ */
+void ssl_cache_free( ssl_cache_context *cache );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_cache.h */
--- /dev/null
+/**
+ * \file ssl_ciphersuites.h
+ *
+ * \brief SSL Ciphersuites for PolarSSL
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_SSL_CIPHERSUITES_H
+#define POLARSSL_SSL_CIPHERSUITES_H
+
+#include "pk.h"
+#include "cipher.h"
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Supported ciphersuites (Official IANA names)
+ */
+#define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
+#define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
+
+#define TLS_RSA_WITH_RC4_128_MD5 0x04
+#define TLS_RSA_WITH_RC4_128_SHA 0x05
+#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
+
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
+
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
+
+#define TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
+#define TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
+#define TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */
+#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
+
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
+#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
+
+#define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
+
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
+
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
+
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
+
+#define TLS_PSK_WITH_RC4_128_SHA 0x8A
+#define TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
+#define TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
+#define TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
+
+#define TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
+#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
+
+#define TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
+#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
+
+#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */
+
+#define TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
+#define TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */
+
+#define TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE /**< TLS 1.2 */
+#define TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF /**< TLS 1.2 */
+#define TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! TLS 1.2 */
+#define TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! TLS 1.2 */
+
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! TLS 1.2 */
+#define TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! TLS 1.2 */
+
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! TLS 1.2 */
+#define TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! TLS 1.2 */
+
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
+
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
+
+#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
+#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
+#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
+
+#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
+#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
+#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */
+
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
+
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
+
+#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
+
+#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
+
+#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
+#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< TLS 1.2 */
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< TLS 1.2 */
+#define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
+#define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! TLS 1.2 */
+#define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! TLS 1.2 */
+
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
+
+#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
+#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
+
+#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08D /**< TLS 1.2 */
+#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */
+
+#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */
+#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */
+
+typedef enum {
+ POLARSSL_KEY_EXCHANGE_NONE = 0,
+ POLARSSL_KEY_EXCHANGE_RSA,
+ POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ POLARSSL_KEY_EXCHANGE_PSK,
+ POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+} key_exchange_type_t;
+
+typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
+
+#define POLARSSL_CIPHERSUITE_WEAK 0x01 /*<! Weak ciphersuite flag */
+
+/**
+ * \brief This structure is used for storing ciphersuite information
+ */
+struct _ssl_ciphersuite_t
+{
+ int id;
+ const char * name;
+
+ cipher_type_t cipher;
+ md_type_t mac;
+ key_exchange_type_t key_exchange;
+
+ int min_major_ver;
+ int min_minor_ver;
+ int max_major_ver;
+ int max_minor_ver;
+
+ unsigned char flags;
+};
+
+const int *ssl_list_ciphersuites( void );
+
+const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
+const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
+
+#if defined(POLARSSL_PK_C)
+pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
+#endif
+
+int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
+int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_ciphersuites.h */
--- /dev/null
+/**
+ * \file threading.h
+ *
+ * \brief Threading abstraction layer
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_THREADING_H
+#define POLARSSL_THREADING_H
+
+#include "config.h"
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */
+#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */
+#define POLARSSL_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */
+
+#if defined(POLARSSL_THREADING_DUMMY)
+typedef void threading_mutex_t;
+#endif
+
+#if defined(POLARSSL_THREADING_PTHREAD)
+#include <pthread.h>
+typedef pthread_mutex_t threading_mutex_t;
+#endif
+
+#if defined(POLARSSL_THREADING_ALT)
+/* You should define the threading_mutex_t type in your header */
+#include "threading_alt.h"
+
+/**
+ * \brief Set your alternate threading implementation function
+ * pointers
+ *
+ * \param mutex_init the init function implementation
+ * \param mutex_free the free function implementation
+ * \param mutex_lock the lock function implementation
+ * \param mutex_unlock the unlock function implementation
+ *
+ * \return 0 if successful
+ */
+int threading_set_alt( int (*mutex_init)( threading_mutex_t * ),
+ int (*mutex_free)( threading_mutex_t * ),
+ int (*mutex_lock)( threading_mutex_t * ),
+ int (*mutex_unlock)( threading_mutex_t * ) );
+#endif /* POLARSSL_THREADING_ALT_C */
+
+/*
+ * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
+ *
+ * All these functions are expected to work or the result will be undefined.
+ */
+extern int (*polarssl_mutex_init)( threading_mutex_t *mutex );
+extern int (*polarssl_mutex_free)( threading_mutex_t *mutex );
+extern int (*polarssl_mutex_lock)( threading_mutex_t *mutex );
+extern int (*polarssl_mutex_unlock)( threading_mutex_t *mutex );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* threading.h */
*
* \brief Portable interface to the CPU cycle counter
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_TIMING_H
#define POLARSSL_TIMING_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief timer structure
*/
unsigned char opaque[32];
};
-#ifdef __cplusplus
-extern "C" {
-#endif
-
extern volatile int alarmed;
/**
*
* \brief Run-time version information
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* Major, Minor, Patchlevel
*/
#define POLARSSL_VERSION_MAJOR 1
-#define POLARSSL_VERSION_MINOR 1
+#define POLARSSL_VERSION_MINOR 3
#define POLARSSL_VERSION_PATCH 2
/**
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define POLARSSL_VERSION_NUMBER 0x01010200
-#define POLARSSL_VERSION_STRING "1.1.2"
-#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.1.2"
+#define POLARSSL_VERSION_NUMBER 0x01030200
+#define POLARSSL_VERSION_STRING "1.3.2"
+#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.2"
#if defined(POLARSSL_VERSION_C)
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* Get the version number.
*
*/
void version_get_string_full( char *string );
+#ifdef __cplusplus
+}
+#endif
+
#endif /* POLARSSL_VERSION_C */
#endif /* version.h */
--- /dev/null
+/**
+ * \file x509.h
+ *
+ * \brief X.509 generic defines and structures
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_X509_H
+#define POLARSSL_X509_H
+
+#include "config.h"
+
+#include "asn1.h"
+#include "pk.h"
+
+#if defined(POLARSSL_RSA_C)
+#include "rsa.h"
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+/**
+ * \name X509 Error codes
+ * \{
+ */
+#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
+#define POLARSSL_ERR_X509_UNKNOWN_OID -0x2100 /**< Requested OID is unknown. */
+#define POLARSSL_ERR_X509_INVALID_FORMAT -0x2180 /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */
+#define POLARSSL_ERR_X509_INVALID_VERSION -0x2200 /**< The CRT/CRL/CSR version element is invalid. */
+#define POLARSSL_ERR_X509_INVALID_SERIAL -0x2280 /**< The serial tag or value is invalid. */
+#define POLARSSL_ERR_X509_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */
+#define POLARSSL_ERR_X509_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */
+#define POLARSSL_ERR_X509_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */
+#define POLARSSL_ERR_X509_INVALID_SIGNATURE -0x2480 /**< The signature tag or value invalid. */
+#define POLARSSL_ERR_X509_INVALID_EXTENSIONS -0x2500 /**< The extension tag or value is invalid. */
+#define POLARSSL_ERR_X509_UNKNOWN_VERSION -0x2580 /**< CRT/CRL/CSR has an unsupported version number. */
+#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG -0x2600 /**< Signature algorithm (oid) is unsupported. */
+#define POLARSSL_ERR_X509_SIG_MISMATCH -0x2680 /**< Signature algorithms do not match. (see \c ::x509_crt sig_oid) */
+#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /**< Format not recognized as DER or PEM. */
+#define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */
+#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
+#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
+/* \} name */
+
+/**
+ * \name X509 Verify codes
+ * \{
+ */
+#define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
+#define BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
+#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
+#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
+#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
+#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
+#define BADCERT_MISSING 0x40 /**< Certificate was missing. */
+#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
+#define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
+/* \} name */
+/* \} addtogroup x509_module */
+
+/*
+ * X.509 v3 Key Usage Extension flags
+ */
+#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
+#define KU_NON_REPUDIATION (0x40) /* bit 1 */
+#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
+#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
+#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
+#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
+#define KU_CRL_SIGN (0x02) /* bit 6 */
+
+/*
+ * Netscape certificate types
+ * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
+ */
+
+#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
+#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
+#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
+#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
+#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
+#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
+#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
+#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
+
+/*
+ * X.509 extension types
+ */
+#define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
+#define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
+#define EXT_KEY_USAGE (1 << 2)
+#define EXT_CERTIFICATE_POLICIES (1 << 3)
+#define EXT_POLICY_MAPPINGS (1 << 4)
+#define EXT_SUBJECT_ALT_NAME (1 << 5)
+#define EXT_ISSUER_ALT_NAME (1 << 6)
+#define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
+#define EXT_BASIC_CONSTRAINTS (1 << 8)
+#define EXT_NAME_CONSTRAINTS (1 << 9)
+#define EXT_POLICY_CONSTRAINTS (1 << 10)
+#define EXT_EXTENDED_KEY_USAGE (1 << 11)
+#define EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
+#define EXT_INIHIBIT_ANYPOLICY (1 << 13)
+#define EXT_FRESHEST_CRL (1 << 14)
+
+#define EXT_NS_CERT_TYPE (1 << 16)
+
+/*
+ * Storage format identifiers
+ * Recognized formats: PEM and DER
+ */
+#define X509_FORMAT_DER 1
+#define X509_FORMAT_PEM 2
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures for parsing X.509 certificates, CRLs and CSRs
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef asn1_buf x509_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef asn1_bitstring x509_bitstring;
+
+/**
+ * Container for ASN1 named information objects.
+ * It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).
+ */
+typedef asn1_named_data x509_name;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef asn1_sequence x509_sequence;
+
+/** Container for date and time (precision in seconds). */
+typedef struct _x509_time
+{
+ int year, mon, day; /**< Date. */
+ int hour, min, sec; /**< Time. */
+}
+x509_time;
+
+/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
+/** \} addtogroup x509_module */
+
+/**
+ * \brief Store the certificate DN in printable form into buf;
+ * no more than size characters will be written.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param dn The X509 name to represent
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_dn_gets( char *buf, size_t size, const x509_name *dn );
+
+/**
+ * \brief Store the certificate serial in printable form into buf;
+ * no more than size characters will be written.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param serial The X509 serial to represent
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_serial_gets( char *buf, size_t size, const x509_buf *serial );
+
+/**
+ * \brief Give an known OID, return its descriptive string.
+ *
+ * \param oid buffer containing the oid
+ *
+ * \return Return a string if the OID is known,
+ * or NULL otherwise.
+ */
+const char *x509_oid_get_description( x509_buf *oid );
+
+/**
+ * \brief Give an OID, return a string version of its OID number.
+ * (Deprecated. Use oid_get_numeric_string() instead)
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param oid Buffer containing the OID
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
+
+/**
+ * \brief Check a given x509_time against the system time and check
+ * if it is valid.
+ *
+ * \param time x509_time to check
+ *
+ * \return Return 0 if the x509_time is still valid,
+ * or 1 otherwise.
+ */
+int x509_time_expired( const x509_time *time );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int x509_self_test( int verbose );
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+int x509_get_name( unsigned char **p, const unsigned char *end,
+ x509_name *cur );
+int x509_get_alg_null( unsigned char **p, const unsigned char *end,
+ x509_buf *alg );
+int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
+int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
+ pk_type_t *pk_alg );
+int x509_get_time( unsigned char **p, const unsigned char *end,
+ x509_time *time );
+int x509_get_serial( unsigned char **p, const unsigned char *end,
+ x509_buf *serial );
+int x509_get_ext( unsigned char **p, const unsigned char *end,
+ x509_buf *ext, int tag );
+int x509_load_file( const char *path, unsigned char **buf, size_t *n );
+int x509_key_size_helper( char *buf, size_t size, const char *name );
+int x509_string_to_names( asn1_named_data **head, const char *name );
+int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len );
+int x509_write_extensions( unsigned char **p, unsigned char *start,
+ asn1_named_data *first );
+int x509_write_names( unsigned char **p, unsigned char *start,
+ asn1_named_data *first );
+int x509_write_sig( unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ unsigned char *sig, size_t size );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x509.h */
--- /dev/null
+/**
+ * \file x509_crl.h
+ *
+ * \brief X.509 certificate revocation list parsing
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_X509_CRL_H
+#define POLARSSL_X509_CRL_H
+
+#include "config.h"
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for parsing CRLs
+ * \{
+ */
+
+/**
+ * Certificate revocation list entry.
+ * Contains the CA-specific serial numbers and revocation dates.
+ */
+typedef struct _x509_crl_entry
+{
+ x509_buf raw;
+
+ x509_buf serial;
+
+ x509_time revocation_date;
+
+ x509_buf entry_ext;
+
+ struct _x509_crl_entry *next;
+}
+x509_crl_entry;
+
+/**
+ * Certificate revocation list structure.
+ * Every CRL may have multiple entries.
+ */
+typedef struct _x509_crl
+{
+ x509_buf raw; /**< The raw certificate data (DER). */
+ x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+ int version;
+ x509_buf sig_oid1;
+
+ x509_buf issuer_raw; /**< The raw issuer data (DER). */
+
+ x509_name issuer; /**< The parsed issuer data (named information object). */
+
+ x509_time this_update;
+ x509_time next_update;
+
+ x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
+
+ x509_buf crl_ext;
+
+ x509_buf sig_oid2;
+ x509_buf sig;
+ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
+ pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
+
+ struct _x509_crl *next;
+}
+x509_crl;
+
+/**
+ * \brief Parse one or more CRLs and add them
+ * to the chained list
+ *
+ * \param chain points to the start of the chain
+ * \param buf buffer holding the CRL data
+ * \param buflen size of the buffer
+ *
+ * \return 0 if successful, or a specific X509 or PEM error code
+ */
+int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(POLARSSL_FS_IO)
+/**
+ * \brief Load one or more CRLs and add them
+ * to the chained list
+ *
+ * \param chain points to the start of the chain
+ * \param path filename to read the CRLs from
+ *
+ * \return 0 if successful, or a specific X509 or PEM error code
+ */
+int x509_crl_parse_file( x509_crl *chain, const char *path );
+#endif /* POLARSSL_FS_IO */
+
+/**
+ * \brief Returns an informational string about the CRL.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param prefix A line prefix
+ * \param crl The X509 CRL to represent
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_crl_info( char *buf, size_t size, const char *prefix,
+ const x509_crl *crl );
+
+/**
+ * \brief Initialize a CRL (chain)
+ *
+ * \param crl CRL chain to initialize
+ */
+void x509_crl_init( x509_crl *crl );
+
+/**
+ * \brief Unallocate all CRL data
+ *
+ * \param crl CRL chain to free
+ */
+void x509_crl_free( x509_crl *crl );
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x509_crl.h */
--- /dev/null
+/**
+ * \file x509_crt.h
+ *
+ * \brief X.509 certificate parsing and writing
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_X509_CRT_H
+#define POLARSSL_X509_CRT_H
+
+#include "config.h"
+
+#include "x509.h"
+
+#include "x509_crl.h"
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Structures and functions for parsing and writing X.509 certificates
+ * \{
+ */
+
+/**
+ * Container for an X.509 certificate. The certificate may be chained.
+ */
+typedef struct _x509_crt
+{
+ x509_buf raw; /**< The raw certificate data (DER). */
+ x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+ int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
+ x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
+ x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
+
+ x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
+ x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
+
+ x509_name issuer; /**< The parsed issuer data (named information object). */
+ x509_name subject; /**< The parsed subject data (named information object). */
+
+ x509_time valid_from; /**< Start time of certificate validity. */
+ x509_time valid_to; /**< End time of certificate validity. */
+
+ pk_context pk; /**< Container for the public key context. */
+
+ x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
+ x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
+ x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
+ x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */
+
+ int ext_types; /**< Bit string containing detected and parsed extensions */
+ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+ int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+
+ unsigned char key_usage; /**< Optional key usage extension value: See the values below */
+
+ x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+
+ unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values below */
+
+ x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
+ x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
+ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
+ pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
+
+ struct _x509_crt *next; /**< Next certificate in the CA-chain. */
+}
+x509_crt;
+
+#define X509_CRT_VERSION_1 0
+#define X509_CRT_VERSION_2 1
+#define X509_CRT_VERSION_3 2
+
+#define X509_RFC5280_MAX_SERIAL_LEN 32
+#define X509_RFC5280_UTC_TIME_LEN 15
+
+/**
+ * Container for writing a certificate (CRT)
+ */
+typedef struct _x509write_cert
+{
+ int version;
+ mpi serial;
+ pk_context *subject_key;
+ pk_context *issuer_key;
+ asn1_named_data *subject;
+ asn1_named_data *issuer;
+ md_type_t md_alg;
+ char not_before[X509_RFC5280_UTC_TIME_LEN + 1];
+ char not_after[X509_RFC5280_UTC_TIME_LEN + 1];
+ asn1_named_data *extensions;
+}
+x509write_cert;
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/**
+ * \brief Parse a single DER formatted certificate and add it
+ * to the chained list.
+ *
+ * \param chain points to the start of the chain
+ * \param buf buffer holding the certificate DER data
+ * \param buflen size of the buffer
+ *
+ * \return 0 if successful, or a specific X509 or PEM error code
+ */
+int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf,
+ size_t buflen );
+
+/**
+ * \brief Parse one or more certificates and add them
+ * to the chained list. Parses permissively. If some
+ * certificates can be parsed, the result is the number
+ * of failed certificates it encountered. If none complete
+ * correctly, the first error is returned.
+ *
+ * \param chain points to the start of the chain
+ * \param buf buffer holding the certificate data
+ * \param buflen size of the buffer
+ *
+ * \return 0 if all certificates parsed successfully, a positive number
+ * if partly successful or a specific X509 or PEM error code
+ */
+int x509_crt_parse( x509_crt *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(POLARSSL_FS_IO)
+/**
+ * \brief Load one or more certificates and add them
+ * to the chained list. Parses permissively. If some
+ * certificates can be parsed, the result is the number
+ * of failed certificates it encountered. If none complete
+ * correctly, the first error is returned.
+ *
+ * \param chain points to the start of the chain
+ * \param path filename to read the certificates from
+ *
+ * \return 0 if all certificates parsed successfully, a positive number
+ * if partly successful or a specific X509 or PEM error code
+ */
+int x509_crt_parse_file( x509_crt *chain, const char *path );
+
+/**
+ * \brief Load one or more certificate files from a path and add them
+ * to the chained list. Parses permissively. If some
+ * certificates can be parsed, the result is the number
+ * of failed certificates it encountered. If none complete
+ * correctly, the first error is returned.
+ *
+ * \param chain points to the start of the chain
+ * \param path directory / folder to read the certificate files from
+ *
+ * \return 0 if all certificates parsed successfully, a positive number
+ * if partly successful or a specific X509 or PEM error code
+ */
+int x509_crt_parse_path( x509_crt *chain, const char *path );
+#endif /* POLARSSL_FS_IO */
+
+/**
+ * \brief Returns an informational string about the
+ * certificate.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param prefix A line prefix
+ * \param crt The X509 certificate to represent
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_crt_info( char *buf, size_t size, const char *prefix,
+ const x509_crt *crt );
+
+/**
+ * \brief Verify the certificate signature
+ *
+ * The verify callback is a user-supplied callback that
+ * can clear / modify / add flags for a certificate. If set,
+ * the verification callback is called for each
+ * certificate in the chain (from the trust-ca down to the
+ * presented crt). The parameters for the callback are:
+ * (void *parameter, x509_crt *crt, int certificate_depth,
+ * int *flags). With the flags representing current flags for
+ * that specific certificate and the certificate depth from
+ * the bottom (Peer cert depth = 0).
+ *
+ * All flags left after returning from the callback
+ * are also returned to the application. The function should
+ * return 0 for anything but a fatal error.
+ *
+ * \param crt a certificate to be verified
+ * \param trust_ca the trusted CA chain
+ * \param ca_crl the CRL chain for trusted CA's
+ * \param cn expected Common Name (can be set to
+ * NULL if the CN must not be verified)
+ * \param flags result of the verification
+ * \param f_vrfy verification function
+ * \param p_vrfy verification parameter
+ *
+ * \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
+ * in which case *flags will have one or more of
+ * the following values set:
+ * BADCERT_EXPIRED --
+ * BADCERT_REVOKED --
+ * BADCERT_CN_MISMATCH --
+ * BADCERT_NOT_TRUSTED
+ * or another error in case of a fatal error encountered
+ * during the verification process.
+ */
+int x509_crt_verify( x509_crt *crt,
+ x509_crt *trust_ca,
+ x509_crl *ca_crl,
+ const char *cn, int *flags,
+ int (*f_vrfy)(void *, x509_crt *, int, int *),
+ void *p_vrfy );
+
+#if defined(POLARSSL_X509_CRL_PARSE_C)
+/**
+ * \brief Verify the certificate revocation status
+ *
+ * \param crt a certificate to be verified
+ * \param crl the CRL to verify against
+ *
+ * \return 1 if the certificate is revoked, 0 otherwise
+ *
+ */
+int x509_crt_revoked( const x509_crt *crt, const x509_crl *crl );
+#endif /* POLARSSL_X509_CRL_PARSE_C */
+
+/**
+ * \brief Initialize a certificate (chain)
+ *
+ * \param crt Certificate chain to initialize
+ */
+void x509_crt_init( x509_crt *crt );
+
+/**
+ * \brief Unallocate all certificate data
+ *
+ * \param crt Certificate chain to free
+ */
+void x509_crt_free( x509_crt *crt );
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(POLARSSL_X509_CRT_WRITE_C)
+/**
+ * \brief Initialize a CRT writing context
+ *
+ * \param ctx CRT context to initialize
+ */
+void x509write_crt_init( x509write_cert *ctx );
+
+/**
+ * \brief Set the verion for a Certificate
+ * Default: X509_CRT_VERSION_3
+ *
+ * \param ctx CRT context to use
+ * \param version version to set (X509_CRT_VERSION_1, X509_CRT_VERSION_2 or
+ * X509_CRT_VERSION_3)
+ */
+void x509write_crt_set_version( x509write_cert *ctx, int version );
+
+/**
+ * \brief Set the serial number for a Certificate.
+ *
+ * \param ctx CRT context to use
+ * \param serial serial number to set
+ *
+ * \return 0 if successful
+ */
+int x509write_crt_set_serial( x509write_cert *ctx, const mpi *serial );
+
+/**
+ * \brief Set the validity period for a Certificate
+ * Timestamps should be in string format for UTC timezone
+ * i.e. "YYYYMMDDhhmmss"
+ * e.g. "20131231235959" for December 31st 2013
+ * at 23:59:59
+ *
+ * \param ctx CRT context to use
+ * \param not_before not_before timestamp
+ * \param not_after not_after timestamp
+ *
+ * \return 0 if timestamp was parsed successfully, or
+ * a specific error code
+ */
+int x509write_crt_set_validity( x509write_cert *ctx, const char *not_before,
+ const char *not_after );
+
+/**
+ * \brief Set the issuer name for a Certificate
+ * Issuer names should contain a comma-separated list
+ * of OID types and values:
+ * e.g. "C=NL,O=Offspark,CN=PolarSSL CA"
+ *
+ * \param ctx CRT context to use
+ * \param issuer_name issuer name to set
+ *
+ * \return 0 if issuer name was parsed successfully, or
+ * a specific error code
+ */
+int x509write_crt_set_issuer_name( x509write_cert *ctx,
+ const char *issuer_name );
+
+/**
+ * \brief Set the subject name for a Certificate
+ * Subject names should contain a comma-separated list
+ * of OID types and values:
+ * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
+ *
+ * \param ctx CRT context to use
+ * \param subject_name subject name to set
+ *
+ * \return 0 if subject name was parsed successfully, or
+ * a specific error code
+ */
+int x509write_crt_set_subject_name( x509write_cert *ctx,
+ const char *subject_name );
+
+/**
+ * \brief Set the subject public key for the certificate
+ *
+ * \param ctx CRT context to use
+ * \param key public key to include
+ */
+void x509write_crt_set_subject_key( x509write_cert *ctx, pk_context *key );
+
+/**
+ * \brief Set the issuer key used for signing the certificate
+ *
+ * \param ctx CRT context to use
+ * \param key private key to sign with
+ */
+void x509write_crt_set_issuer_key( x509write_cert *ctx, pk_context *key );
+
+/**
+ * \brief Set the MD algorithm to use for the signature
+ * (e.g. POLARSSL_MD_SHA1)
+ *
+ * \param ctx CRT context to use
+ * \param md_ald MD algorithm to use
+ */
+void x509write_crt_set_md_alg( x509write_cert *ctx, md_type_t md_alg );
+
+/**
+ * \brief Generic function to add to or replace an extension in the
+ * CRT
+ *
+ * \param ctx CRT context to use
+ * \param oid OID of the extension
+ * \param oid_len length of the OID
+ * \param critical if the extension is critical (per the RFC's definition)
+ * \param val value of the extension OCTET STRING
+ * \param val_len length of the value data
+ *
+ * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_extension( x509write_cert *ctx,
+ const char *oid, size_t oid_len,
+ int critical,
+ const unsigned char *val, size_t val_len );
+
+/**
+ * \brief Set the basicConstraints extension for a CRT
+ *
+ * \param ctx CRT context to use
+ * \param is_ca is this a CA certificate
+ * \param max_pathlen maximum length of certificate chains below this
+ * certificate (only for CA certificates, -1 is
+ * inlimited)
+ *
+ * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_basic_constraints( x509write_cert *ctx,
+ int is_ca, int max_pathlen );
+
+#if defined(POLARSSL_SHA1_C)
+/**
+ * \brief Set the subjectKeyIdentifier extension for a CRT
+ * Requires that x509write_crt_set_subject_key() has been
+ * called before
+ *
+ * \param ctx CRT context to use
+ *
+ * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_subject_key_identifier( x509write_cert *ctx );
+
+/**
+ * \brief Set the authorityKeyIdentifier extension for a CRT
+ * Requires that x509write_crt_set_issuer_key() has been
+ * called before
+ *
+ * \param ctx CRT context to use
+ *
+ * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_authority_key_identifier( x509write_cert *ctx );
+#endif /* POLARSSL_SHA1_C */
+
+/**
+ * \brief Set the Key Usage Extension flags
+ * (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
+ *
+ * \param ctx CRT context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_key_usage( x509write_cert *ctx, unsigned char key_usage );
+
+/**
+ * \brief Set the Netscape Cert Type flags
+ * (e.g. NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx CRT context to use
+ * \param ns_cert_type Netscape Cert Type flags to set
+ *
+ * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_ns_cert_type( x509write_cert *ctx,
+ unsigned char ns_cert_type );
+
+/**
+ * \brief Free the contents of a CRT write context
+ *
+ * \param ctx CRT context to free
+ */
+void x509write_crt_free( x509write_cert *ctx );
+
+/**
+ * \brief Write a built up certificate to a X509 DER structure
+ * Note: data is written at the end of the buffer! Use the
+ * return value to determine where you should start
+ * using the buffer
+ *
+ * \param crt certificate to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ * \param f_rng RNG function (for signature, see note)
+ * \param p_rng RNG parameter
+ *
+ * \return length of data written if successful, or a specific
+ * error code
+ *
+ * \note f_rng may be NULL if RSA is used for signature and the
+ * signature is made offline (otherwise f_rng is desirable
+ * for countermeasures against timing attacks).
+ * ECDSA signatures always require a non-NULL f_rng.
+ */
+int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+#if defined(POLARSSL_PEM_WRITE_C)
+/**
+ * \brief Write a built up certificate to a X509 PEM string
+ *
+ * \param crt certificate to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ * \param f_rng RNG function (for signature, see note)
+ * \param p_rng RNG parameter
+ *
+ * \return 0 successful, or a specific error code
+ *
+ * \note f_rng may be NULL if RSA is used for signature and the
+ * signature is made offline (otherwise f_rng is desirable
+ * for countermeasures against timing attacks).
+ * ECDSA signatures always require a non-NULL f_rng.
+ */
+int x509write_crt_pem( x509write_cert *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+#endif /* POLARSSL_PEM_WRITE_C */
+#endif /* POLARSSL_X509_CRT_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x509_crt.h */
--- /dev/null
+/**
+ * \file x509_csr.h
+ *
+ * \brief X.509 certificate signing request parsing and writing
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_X509_CSR_H
+#define POLARSSL_X509_CSR_H
+
+#include "config.h"
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
+ * \{
+ */
+
+/**
+ * Certificate Signing Request (CSR) structure.
+ */
+typedef struct _x509_csr
+{
+ x509_buf raw; /**< The raw CSR data (DER). */
+ x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
+
+ int version;
+
+ x509_buf subject_raw; /**< The raw subject data (DER). */
+ x509_name subject; /**< The parsed subject data (named information object). */
+
+ pk_context pk; /**< Container for the public key context. */
+
+ x509_buf sig_oid;
+ x509_buf sig;
+ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
+ pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
+}
+x509_csr;
+
+/**
+ * Container for writing a CSR
+ */
+typedef struct _x509write_csr
+{
+ pk_context *key;
+ asn1_named_data *subject;
+ md_type_t md_alg;
+ asn1_named_data *extensions;
+}
+x509write_csr;
+
+#if defined(POLARSSL_X509_CSR_PARSE_C)
+/**
+ * \brief Load a Certificate Signing Request (CSR)
+ *
+ * \param csr CSR context to fill
+ * \param buf buffer holding the CRL data
+ * \param buflen size of the buffer
+ *
+ * \return 0 if successful, or a specific X509 or PEM error code
+ */
+int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen );
+
+#if defined(POLARSSL_FS_IO)
+/**
+ * \brief Load a Certificate Signing Request (CSR)
+ *
+ * \param csr CSR context to fill
+ * \param path filename to read the CSR from
+ *
+ * \return 0 if successful, or a specific X509 or PEM error code
+ */
+int x509_csr_parse_file( x509_csr *csr, const char *path );
+#endif /* POLARSSL_FS_IO */
+
+/**
+ * \brief Returns an informational string about the
+ * CSR.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param prefix A line prefix
+ * \param csr The X509 CSR to represent
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_csr_info( char *buf, size_t size, const char *prefix,
+ const x509_csr *csr );
+
+/**
+ * \brief Initialize a CSR
+ *
+ * \param csr CSR to initialize
+ */
+void x509_csr_init( x509_csr *csr );
+
+/**
+ * \brief Unallocate all CSR data
+ *
+ * \param csr CSR to free
+ */
+void x509_csr_free( x509_csr *csr );
+#endif /* POLARSSL_X509_CSR_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(POLARSSL_X509_CSR_WRITE_C)
+/**
+ * \brief Initialize a CSR context
+ *
+ * \param ctx CSR context to initialize
+ */
+void x509write_csr_init( x509write_csr *ctx );
+
+/**
+ * \brief Set the subject name for a CSR
+ * Subject names should contain a comma-separated list
+ * of OID types and values:
+ * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
+ *
+ * \param ctx CSR context to use
+ * \param subject_name subject name to set
+ *
+ * \return 0 if subject name was parsed successfully, or
+ * a specific error code
+ */
+int x509write_csr_set_subject_name( x509write_csr *ctx,
+ const char *subject_name );
+
+/**
+ * \brief Set the key for a CSR (public key will be included,
+ * private key used to sign the CSR when writing it)
+ *
+ * \param ctx CSR context to use
+ * \param key Asymetric key to include
+ */
+void x509write_csr_set_key( x509write_csr *ctx, pk_context *key );
+
+/**
+ * \brief Set the MD algorithm to use for the signature
+ * (e.g. POLARSSL_MD_SHA1)
+ *
+ * \param ctx CSR context to use
+ * \param md_alg MD algorithm to use
+ */
+void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg );
+
+/**
+ * \brief Set the Key Usage Extension flags
+ * (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
+ *
+ * \param ctx CSR context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_csr_set_key_usage( x509write_csr *ctx, unsigned char key_usage );
+
+/**
+ * \brief Set the Netscape Cert Type flags
+ * (e.g. NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx CSR context to use
+ * \param ns_cert_type Netscape Cert Type flags to set
+ *
+ * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_csr_set_ns_cert_type( x509write_csr *ctx,
+ unsigned char ns_cert_type );
+
+/**
+ * \brief Generic function to add to or replace an extension in the CSR
+ *
+ * \param ctx CSR context to use
+ * \param oid OID of the extension
+ * \param oid_len length of the OID
+ * \param val value of the extension OCTET STRING
+ * \param val_len length of the value data
+ *
+ * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_csr_set_extension( x509write_csr *ctx,
+ const char *oid, size_t oid_len,
+ const unsigned char *val, size_t val_len );
+
+/**
+ * \brief Free the contents of a CSR context
+ *
+ * \param ctx CSR context to free
+ */
+void x509write_csr_free( x509write_csr *ctx );
+
+/**
+ * \brief Write a CSR (Certificate Signing Request) to a
+ * DER structure
+ * Note: data is written at the end of the buffer! Use the
+ * return value to determine where you should start
+ * using the buffer
+ *
+ * \param ctx CSR to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ * \param f_rng RNG function (for signature, see note)
+ * \param p_rng RNG parameter
+ *
+ * \return length of data written if successful, or a specific
+ * error code
+ *
+ * \note f_rng may be NULL if RSA is used for signature and the
+ * signature is made offline (otherwise f_rng is desirable
+ * for countermeasures against timing attacks).
+ * ECDSA signatures always require a non-NULL f_rng.
+ */
+int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+#if defined(POLARSSL_PEM_WRITE_C)
+/**
+ * \brief Write a CSR (Certificate Signing Request) to a
+ * PEM string
+ *
+ * \param ctx CSR to write away
+ * \param buf buffer to write to
+ * \param size size of the buffer
+ * \param f_rng RNG function (for signature, see note)
+ * \param p_rng RNG parameter
+ *
+ * \return 0 successful, or a specific error code
+ *
+ * \note f_rng may be NULL if RSA is used for signature and the
+ * signature is made offline (otherwise f_rng is desirable
+ * for couermeasures against timing attacks).
+ * ECDSA signatures always require a non-NULL f_rng.
+ */
+int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+#endif /* POLARSSL_PEM_WRITE_C */
+#endif /* POLARSSL_X509_CSR_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x509_csr.h */
*
* \brief XTEA block cipher (32-bit)
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#ifndef POLARSSL_XTEA_H
#define POLARSSL_XTEA_H
+#include "config.h"
+
#include <string.h>
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
+#if !defined(POLARSSL_XTEA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief XTEA context structure
*/
}
xtea_context;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief XTEA key schedule
*
* \param ctx XTEA context to be initialized
* \param key the secret key
*/
-void xtea_setup( xtea_context *ctx, unsigned char key[16] );
+void xtea_setup( xtea_context *ctx, const unsigned char key[16] );
/**
* \brief XTEA cipher function
*/
int xtea_crypt_ecb( xtea_context *ctx,
int mode,
- unsigned char input[8],
+ const unsigned char input[8],
unsigned char output[8] );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/**
* \brief XTEA CBC cipher function
*
int mode,
size_t length,
unsigned char iv[8],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output);
+#endif /* POLARSSL_CIPHER_MODE_CBC */
-/*
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_XTEA_ALT */
+#include "xtea_alt.h"
+#endif /* POLARSSL_XTEA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
--- /dev/null
+*.o
+libpolarssl*
aes.c
arc4.c
asn1parse.c
+ asn1write.c
base64.c
bignum.c
+ blowfish.c
camellia.c
certs.c
cipher.c
debug.c
des.c
dhm.c
+ ecp.c
+ ecdh.c
+ ecdsa.c
entropy.c
entropy_poll.c
error.c
+ gcm.c
havege.c
md.c
md_wrap.c
md2.c
md4.c
md5.c
+ memory.c
+ memory_buffer_alloc.c
net.c
+ oid.c
padlock.c
+ pbkdf2.c
pem.c
+ pkcs5.c
pkcs11.c
+ pkcs12.c
+ pk.c
+ pk_wrap.c
+ pkparse.c
+ pkwrite.c
rsa.c
sha1.c
- sha2.c
- sha4.c
- ssl_cli.c
- ssl_srv.c
+ sha256.c
+ sha512.c
+ ssl_cache.c
+ ssl_ciphersuites.c
+ ssl_cli.c
+ ssl_srv.c
ssl_tls.c
+ threading.c
timing.c
version.c
- x509parse.c
+ x509.c
+ x509_crt.c
+ x509_crl.c
+ x509_csr.c
+ x509_create.c
+ x509write_crt.c
+ x509write_csr.c
xtea.c
)
+if(WIN32)
+set(libs ws2_32)
+endif(WIN32)
+
if(NOT USE_SHARED_POLARSSL_LIBRARY)
add_library(polarssl STATIC ${src})
else(NOT USE_SHARED_POLARSSL_LIBRARY)
add_library(polarssl SHARED ${src})
-set_target_properties(polarssl PROPERTIES VERSION 1.1.1 SOVERSION 1)
+set_target_properties(polarssl PROPERTIES VERSION 1.3.2 SOVERSION 5)
endif(NOT USE_SHARED_POLARSSL_LIBRARY)
+target_link_libraries(polarssl ${libs})
+
install(TARGETS polarssl
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
--- /dev/null
+
+# Also see "include/polarssl/config.h"
+
+# To compile on MinGW: add "-lws2_32" to LDFLAGS or define WINDOWS in your
+# environment
+#
+CFLAGS += -I../include -D_FILE_OFFSET_BITS=64 -Wall -W -Wdeclaration-after-statement
+OFLAGS = -O2
+
+ifdef DEBUG
+CFLAGS += -g3
+endif
+
+# MicroBlaze specific options:
+# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift
+
+# To compile on Plan9:
+# CFLAGS += -D_BSD_EXTENSION
+
+# To compile as a shared library:
+ifdef SHARED
+CFLAGS += -fPIC
+endif
+
+SONAME=libpolarssl.so.5
+
+DLEXT=so.5
+# OSX shared library extension:
+# DLEXT=dylib
+
+# Windows shared library extension:
+ifdef WINDOWS
+DLEXT=dll
+LDFLAGS += -lws2_32
+endif
+
+OBJS= aes.o arc4.o asn1parse.o \
+ asn1write.o base64.o bignum.o \
+ blowfish.o camellia.o \
+ certs.o cipher.o cipher_wrap.o \
+ ctr_drbg.o debug.o des.o \
+ dhm.o ecdh.o ecdsa.o \
+ ecp.o \
+ entropy.o entropy_poll.o \
+ error.o gcm.o havege.o \
+ md.o md_wrap.o md2.o \
+ md4.o md5.o memory.o \
+ memory_buffer_alloc.o net.o \
+ oid.o \
+ padlock.o pbkdf2.o pem.o \
+ pkcs5.o pkcs11.o pkcs12.o \
+ pk.o pk_wrap.o pkparse.o \
+ pkwrite.o \
+ rsa.o sha1.o sha256.o \
+ sha512.o ssl_cache.o ssl_cli.o \
+ ssl_srv.o ssl_ciphersuites.o \
+ ssl_tls.o threading.o timing.o \
+ version.o \
+ x509.o x509_create.o \
+ x509_crl.o x509_crt.o x509_csr.o \
+ x509write_crt.o x509write_csr.o \
+ xtea.o
+
+.SILENT:
+
+ifndef SHARED
+all: static
+else
+all: shared
+endif
+
+static: libpolarssl.a
+
+shared: libpolarssl.$(DLEXT) libpolarssl.so
+
+libpolarssl.a: $(OBJS)
+ echo " AR $@"
+ $(AR) r $@ $(OBJS)
+ echo " RL $@"
+ $(AR) s $@
+
+libpolarssl.${DLEXT}: libpolarssl.a
+ echo " LD $@"
+ $(CC) ${LDFLAGS} -shared -Wl,-soname,$(SONAME) -o $@ $(OBJS)
+
+libpolarssl.so: libpolarssl.${DLEXT}
+ echo " LN $@ -> libpolarssl.${DLEXT}"
+ ln -sf libpolarssl.${DLEXT} $@
+
+libpolarssl.dylib: libpolarssl.a
+ echo " LD $@"
+ $(CC) ${LDFLAGS} -dynamiclib -o $@ $(OBJS)
+
+libpolarssl.dll: libpolarssl.a
+ echo " LD $@"
+ $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS) -lws2_32 -lwinmm -lgdi32
+
+.c.o:
+ echo " CC $<"
+ $(CC) $(CFLAGS) $(OFLAGS) -c $<
+
+clean:
+ifndef WINDOWS
+ rm -f *.o libpolarssl.*
+endif
+ifdef WINDOWS
+ del /Q /F *.o libpolarssl.*
+endif
/*
* FIPS-197 compliant AES implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#if defined(POLARSSL_AES_C)
#include "polarssl/aes.h"
+#if defined(POLARSSL_PADLOCK_C)
#include "polarssl/padlock.h"
+#endif
+
+#if !defined(POLARSSL_AES_ALT)
/*
* 32-bit integer manipulation macros (little endian)
*/
-#ifndef GET_ULONG_LE
-#define GET_ULONG_LE(n,b,i) \
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] ) \
- | ( (unsigned long) (b)[(i) + 1] << 8 ) \
- | ( (unsigned long) (b)[(i) + 2] << 16 ) \
- | ( (unsigned long) (b)[(i) + 3] << 24 ); \
+ (n) = ( (uint32_t) (b)[(i) ] ) \
+ | ( (uint32_t) (b)[(i) + 1] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
-#ifndef PUT_ULONG_LE
-#define PUT_ULONG_LE(n,b,i) \
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
}
#endif
+#if defined(POLARSSL_PADLOCK_C) && \
+ ( defined(POLARSSL_HAVE_X86) || defined(PADLOCK_ALIGN16) )
+static int aes_padlock_ace = -1;
+#endif
+
#if defined(POLARSSL_AES_ROM_TABLES)
/*
* Forward S-box
V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
#define V(a,b,c,d) 0x##a##b##c##d
-static const unsigned long FT0[256] = { FT };
+static const uint32_t FT0[256] = { FT };
#undef V
#define V(a,b,c,d) 0x##b##c##d##a
-static const unsigned long FT1[256] = { FT };
+static const uint32_t FT1[256] = { FT };
#undef V
#define V(a,b,c,d) 0x##c##d##a##b
-static const unsigned long FT2[256] = { FT };
+static const uint32_t FT2[256] = { FT };
#undef V
#define V(a,b,c,d) 0x##d##a##b##c
-static const unsigned long FT3[256] = { FT };
+static const uint32_t FT3[256] = { FT };
#undef V
#undef FT
V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
#define V(a,b,c,d) 0x##a##b##c##d
-static const unsigned long RT0[256] = { RT };
+static const uint32_t RT0[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##b##c##d##a
-static const unsigned long RT1[256] = { RT };
+static const uint32_t RT1[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##c##d##a##b
-static const unsigned long RT2[256] = { RT };
+static const uint32_t RT2[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##d##a##b##c
-static const unsigned long RT3[256] = { RT };
+static const uint32_t RT3[256] = { RT };
#undef V
#undef RT
/*
* Round constants
*/
-static const unsigned long RCON[10] =
+static const uint32_t RCON[10] =
{
0x00000001, 0x00000002, 0x00000004, 0x00000008,
0x00000010, 0x00000020, 0x00000040, 0x00000080,
* Forward S-box & tables
*/
static unsigned char FSb[256];
-static unsigned long FT0[256];
-static unsigned long FT1[256];
-static unsigned long FT2[256];
-static unsigned long FT3[256];
+static uint32_t FT0[256];
+static uint32_t FT1[256];
+static uint32_t FT2[256];
+static uint32_t FT3[256];
/*
* Reverse S-box & tables
*/
static unsigned char RSb[256];
-static unsigned long RT0[256];
-static unsigned long RT1[256];
-static unsigned long RT2[256];
-static unsigned long RT3[256];
+static uint32_t RT0[256];
+static uint32_t RT1[256];
+static uint32_t RT2[256];
+static uint32_t RT3[256];
/*
* Round constants
*/
-static unsigned long RCON[10];
+static uint32_t RCON[10];
/*
* Tables generation code
*/
for( i = 0, x = 1; i < 10; i++ )
{
- RCON[i] = (unsigned long) x;
+ RCON[i] = (uint32_t) x;
x = XTIME( x ) & 0xFF;
}
y = XTIME( x ) & 0xFF;
z = ( y ^ x ) & 0xFF;
- FT0[i] = ( (unsigned long) y ) ^
- ( (unsigned long) x << 8 ) ^
- ( (unsigned long) x << 16 ) ^
- ( (unsigned long) z << 24 );
+ FT0[i] = ( (uint32_t) y ) ^
+ ( (uint32_t) x << 8 ) ^
+ ( (uint32_t) x << 16 ) ^
+ ( (uint32_t) z << 24 );
FT1[i] = ROTL8( FT0[i] );
FT2[i] = ROTL8( FT1[i] );
x = RSb[i];
- RT0[i] = ( (unsigned long) MUL( 0x0E, x ) ) ^
- ( (unsigned long) MUL( 0x09, x ) << 8 ) ^
- ( (unsigned long) MUL( 0x0D, x ) << 16 ) ^
- ( (unsigned long) MUL( 0x0B, x ) << 24 );
+ RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
+ ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
+ ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
+ ( (uint32_t) MUL( 0x0B, x ) << 24 );
RT1[i] = ROTL8( RT0[i] );
RT2[i] = ROTL8( RT1[i] );
int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize )
{
unsigned int i;
- unsigned long *RK;
+ uint32_t *RK;
#if !defined(POLARSSL_AES_ROM_TABLES)
if( aes_init_done == 0 )
{
aes_gen_tables();
aes_init_done = 1;
+
}
#endif
default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
}
-#if defined(PADLOCK_ALIGN16)
- ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
-#else
- ctx->rk = RK = ctx->buf;
+#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
+ if( aes_padlock_ace == -1 )
+ aes_padlock_ace = padlock_supports( PADLOCK_ACE );
+
+ if( aes_padlock_ace )
+ ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
+ else
#endif
+ ctx->rk = RK = ctx->buf;
for( i = 0; i < (keysize >> 5); i++ )
{
- GET_ULONG_LE( RK[i], key, i << 2 );
+ GET_UINT32_LE( RK[i], key, i << 2 );
}
switch( ctx->nr )
for( i = 0; i < 10; i++, RK += 4 )
{
RK[4] = RK[0] ^ RCON[i] ^
- ( (unsigned long) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( RK[3] ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
RK[5] = RK[1] ^ RK[4];
RK[6] = RK[2] ^ RK[5];
for( i = 0; i < 8; i++, RK += 6 )
{
RK[6] = RK[0] ^ RCON[i] ^
- ( (unsigned long) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( RK[5] ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
RK[7] = RK[1] ^ RK[6];
RK[8] = RK[2] ^ RK[7];
for( i = 0; i < 7; i++, RK += 8 )
{
RK[8] = RK[0] ^ RCON[i] ^
- ( (unsigned long) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( RK[7] ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
RK[9] = RK[1] ^ RK[8];
RK[10] = RK[2] ^ RK[9];
RK[11] = RK[3] ^ RK[10];
RK[12] = RK[4] ^
- ( (unsigned long) FSb[ ( RK[11] ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
RK[13] = RK[5] ^ RK[12];
RK[14] = RK[6] ^ RK[13];
{
int i, j;
aes_context cty;
- unsigned long *RK;
- unsigned long *SK;
+ uint32_t *RK;
+ uint32_t *SK;
int ret;
switch( keysize )
default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
}
-#if defined(PADLOCK_ALIGN16)
- ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
-#else
- ctx->rk = RK = ctx->buf;
+#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
+ if( aes_padlock_ace == -1 )
+ aes_padlock_ace = padlock_supports( PADLOCK_ACE );
+
+ if( aes_padlock_ace )
+ ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
+ else
#endif
+ ctx->rk = RK = ctx->buf;
ret = aes_setkey_enc( &cty, key, keysize );
if( ret != 0 )
unsigned char output[16] )
{
int i;
- unsigned long *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
+ uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
#if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
- if( padlock_supports( PADLOCK_ACE ) )
+ if( aes_padlock_ace )
{
if( padlock_xcryptecb( ctx, mode, input, output ) == 0 )
return( 0 );
RK = ctx->rk;
- GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++;
- GET_ULONG_LE( X1, input, 4 ); X1 ^= *RK++;
- GET_ULONG_LE( X2, input, 8 ); X2 ^= *RK++;
- GET_ULONG_LE( X3, input, 12 ); X3 ^= *RK++;
+ GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
+ GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
+ GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
+ GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
if( mode == AES_DECRYPT )
{
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
X0 = *RK++ ^ \
- ( (unsigned long) RSb[ ( Y0 ) & 0xFF ] ) ^
- ( (unsigned long) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
X1 = *RK++ ^ \
- ( (unsigned long) RSb[ ( Y1 ) & 0xFF ] ) ^
- ( (unsigned long) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
X2 = *RK++ ^ \
- ( (unsigned long) RSb[ ( Y2 ) & 0xFF ] ) ^
- ( (unsigned long) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
X3 = *RK++ ^ \
- ( (unsigned long) RSb[ ( Y3 ) & 0xFF ] ) ^
- ( (unsigned long) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
}
else /* AES_ENCRYPT */
{
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
X0 = *RK++ ^ \
- ( (unsigned long) FSb[ ( Y0 ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
X1 = *RK++ ^ \
- ( (unsigned long) FSb[ ( Y1 ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
X2 = *RK++ ^ \
- ( (unsigned long) FSb[ ( Y2 ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
X3 = *RK++ ^ \
- ( (unsigned long) FSb[ ( Y3 ) & 0xFF ] ) ^
- ( (unsigned long) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
- ( (unsigned long) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
- ( (unsigned long) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+ ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
}
- PUT_ULONG_LE( X0, output, 0 );
- PUT_ULONG_LE( X1, output, 4 );
- PUT_ULONG_LE( X2, output, 8 );
- PUT_ULONG_LE( X3, output, 12 );
+ PUT_UINT32_LE( X0, output, 0 );
+ PUT_UINT32_LE( X1, output, 4 );
+ PUT_UINT32_LE( X2, output, 8 );
+ PUT_UINT32_LE( X3, output, 12 );
return( 0 );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* AES-CBC buffer encryption/decryption
*/
return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH );
#if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
- if( padlock_supports( PADLOCK_ACE ) )
+ if( aes_padlock_ace )
{
if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
return( 0 );
return( 0 );
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/*
const unsigned char *input,
unsigned char *output )
{
- int c, i, cb;
+ int c, i;
size_t n = *nc_off;
while( length-- )
if( n == 0 ) {
aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block );
- i = 15;
- do {
- nonce_counter[i]++;
- cb = nonce_counter[i] == 0;
- } while( i-- && cb );
-
+ for( i = 16; i > 0; i-- )
+ if( ++nonce_counter[i - 1] != 0 )
+ break;
}
c = *input++;
*output++ = (unsigned char)( c ^ stream_block[n] );
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* !POLARSSL_AES_ALT */
#if defined(POLARSSL_SELF_TEST)
0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
};
+#if defined(POLARSSL_CIPHER_MODE_CBC)
static const unsigned char aes_test_cbc_dec[3][16] =
{
{ 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
{ 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/*
int i, j, u, v;
unsigned char key[32];
unsigned char buf[64];
- unsigned char prv[16];
unsigned char iv[16];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ unsigned char prv[16];
+#endif
#if defined(POLARSSL_CIPHER_MODE_CTR) || defined(POLARSSL_CIPHER_MODE_CFB)
size_t offset;
#endif
if( verbose != 0 )
printf( "\n" );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* CBC mode
*/
if( verbose != 0 )
printf( "\n" );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/*
/*
* An implementation of the ARCFOUR algorithm
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/arc4.h"
+#if !defined(POLARSSL_ARC4_ALT)
+
/*
* ARC4 key schedule
*/
return( 0 );
}
+#endif /* !POLARSSL_ARC4_ALT */
+
#if defined(POLARSSL_SELF_TEST)
#include <string.h>
memcpy( ibuf, arc4_test_pt[i], 8 );
- arc4_setup( &ctx, (unsigned char *) arc4_test_key[i], 8 );
+ arc4_setup( &ctx, arc4_test_key[i], 8 );
arc4_crypt( &ctx, 8, ibuf, obuf );
if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
/*
* Generic ASN.1 parsing
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/bignum.h"
#endif
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
#include <string.h>
#include <stdlib.h>
-#include <time.h>
/*
* ASN.1 DER decoding routines
return 0;
}
+/*
+ * Get a bit string without unused bits
+ */
+int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+ size_t *len )
+{
+ int ret;
+
+ if( ( ret = asn1_get_tag( p, end, len, ASN1_BIT_STRING ) ) != 0 )
+ return( ret );
+
+ if( (*len)-- < 2 || *(*p)++ != 0 )
+ return( POLARSSL_ERR_ASN1_INVALID_DATA );
+
+ return( 0 );
+}
+
+
/*
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
/* Allocate and assign next pointer */
if (*p < end)
{
- cur->next = (asn1_sequence *) malloc(
+ cur->next = (asn1_sequence *) polarssl_malloc(
sizeof( asn1_sequence ) );
if( cur->next == NULL )
return( 0 );
}
+int asn1_get_alg( unsigned char **p,
+ const unsigned char *end,
+ asn1_buf *alg, asn1_buf *params )
+{
+ int ret;
+ size_t len;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( ret );
+
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ alg->tag = **p;
+ end = *p + len;
+
+ if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
+ return( ret );
+
+ alg->p = *p;
+ *p += alg->len;
+
+ if( *p == end )
+ {
+ memset( params, 0, sizeof(asn1_buf) );
+ return( 0 );
+ }
+
+ params->tag = **p;
+ (*p)++;
+
+ if( ( ret = asn1_get_len( p, end, ¶ms->len ) ) != 0 )
+ return( ret );
+
+ params->p = *p;
+ *p += params->len;
+
+ if( *p != end )
+ return( POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+int asn1_get_alg_null( unsigned char **p,
+ const unsigned char *end,
+ asn1_buf *alg )
+{
+ int ret;
+ asn1_buf params;
+
+ memset( ¶ms, 0, sizeof(asn1_buf) );
+
+ if( ( ret = asn1_get_alg( p, end, alg, ¶ms ) ) != 0 )
+ return( ret );
+
+ if( ( params.tag != ASN1_NULL && params.tag != 0 ) || params.len != 0 )
+ return( POLARSSL_ERR_ASN1_INVALID_DATA );
+
+ return( 0 );
+}
+
+void asn1_free_named_data( asn1_named_data *cur )
+{
+ if( cur == NULL )
+ return;
+
+ polarssl_free( cur->oid.p );
+ polarssl_free( cur->val.p );
+
+ memset( cur, 0, sizeof( asn1_named_data ) );
+}
+
+void asn1_free_named_data_list( asn1_named_data **head )
+{
+ asn1_named_data *cur;
+
+ while( ( cur = *head ) != NULL )
+ {
+ *head = cur->next;
+ asn1_free_named_data( cur );
+ polarssl_free( cur );
+ }
+}
+
+asn1_named_data *asn1_find_named_data( asn1_named_data *list,
+ const char *oid, size_t len )
+{
+ while( list != NULL )
+ {
+ if( list->oid.len == len &&
+ memcmp( list->oid.p, oid, len ) == 0 )
+ {
+ break;
+ }
+
+ list = list->next;
+ }
+
+ return( list );
+}
+
#endif
--- /dev/null
+/*
+ * ASN.1 buffer writing functionality
+ *
+ * Copyright (C) 2006-2012, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_ASN1_WRITE_C)
+
+#include "polarssl/asn1write.h"
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#include <stdlib.h>
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+int asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
+{
+ if( len < 0x80 )
+ {
+ if( *p - start < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = (unsigned char) len;
+ return( 1 );
+ }
+
+ if( len <= 0xFF )
+ {
+ if( *p - start < 2 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = (unsigned char) len;
+ *--(*p) = 0x81;
+ return( 2 );
+ }
+
+ if( *p - start < 3 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ // We assume we never have lengths larger than 65535 bytes
+ //
+ *--(*p) = len % 256;
+ *--(*p) = ( len / 256 ) % 256;
+ *--(*p) = 0x82;
+
+ return( 3 );
+}
+
+int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
+{
+ if( *p - start < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = tag;
+
+ return( 1 );
+}
+
+int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size )
+{
+ size_t len = 0;
+
+ if( *p - start < (int) size )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ len = size;
+ (*p) -= len;
+ memcpy( *p, buf, len );
+
+ return( (int) len );
+}
+
+#if defined(POLARSSL_BIGNUM_C)
+int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
+{
+ int ret;
+ size_t len = 0;
+
+ // Write the MPI
+ //
+ len = mpi_size( X );
+
+ if( *p - start < (int) len )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ (*p) -= len;
+ mpi_write_binary( X, *p, len );
+
+ // DER format assumes 2s complement for numbers, so the leftmost bit
+ // should be 0 for positive numbers and 1 for negative numbers.
+ //
+ if ( X->s ==1 && **p & 0x80 )
+ {
+ if( *p - start < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = 0x00;
+ len += 1;
+ }
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_INTEGER ) );
+
+ return( (int) len );
+}
+#endif /* POLARSSL_BIGNUM_C */
+
+int asn1_write_null( unsigned char **p, unsigned char *start )
+{
+ int ret;
+ size_t len = 0;
+
+ // Write NULL
+ //
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, 0) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_NULL ) );
+
+ return( (int) len );
+}
+
+int asn1_write_oid( unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len )
+{
+ int ret;
+ size_t len = 0;
+
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+ (const unsigned char *) oid, oid_len ) );
+ ASN1_CHK_ADD( len , asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len , asn1_write_tag( p, start, ASN1_OID ) );
+
+ return( (int) len );
+}
+
+int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len )
+{
+ int ret;
+ size_t len = 0;
+
+ if( par_len == 0 )
+ ASN1_CHK_ADD( len, asn1_write_null( p, start ) );
+ else
+ len += par_len;
+
+ ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return( (int) len );
+}
+
+int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
+{
+ int ret;
+ size_t len = 0;
+
+ if( *p - start < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = (boolean) ? 1 : 0;
+ len++;
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BOOLEAN ) );
+
+ return( (int) len );
+}
+
+int asn1_write_int( unsigned char **p, unsigned char *start, int val )
+{
+ int ret;
+ size_t len = 0;
+
+ // TODO negative values and values larger than 128
+ // DER format assumes 2s complement for numbers, so the leftmost bit
+ // should be 0 for positive numbers and 1 for negative numbers.
+ //
+ if( *p - start < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ len += 1;
+ *--(*p) = val;
+
+ if ( val > 0 && **p & 0x80 )
+ {
+ if( *p - start < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = 0x00;
+ len += 1;
+ }
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_INTEGER ) );
+
+ return( (int) len );
+}
+
+int asn1_write_printable_string( unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len )
+{
+ int ret;
+ size_t len = 0;
+
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+ (const unsigned char *) text, text_len ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_PRINTABLE_STRING ) );
+
+ return( (int) len );
+}
+
+int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len )
+{
+ int ret;
+ size_t len = 0;
+
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+ (const unsigned char *) text, text_len ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_IA5_STRING ) );
+
+ return( (int) len );
+}
+
+int asn1_write_bitstring( unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t bits )
+{
+ int ret;
+ size_t len = 0, size;
+
+ size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
+
+ // Calculate byte length
+ //
+ if( *p - start < (int) size + 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ len = size + 1;
+ (*p) -= size;
+ memcpy( *p, buf, size );
+
+ // Write unused bits
+ //
+ *--(*p) = (unsigned char) (size * 8 - bits);
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
+
+ return( (int) len );
+}
+
+int asn1_write_octet_string( unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size )
+{
+ int ret;
+ size_t len = 0;
+
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, buf, size ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OCTET_STRING ) );
+
+ return( (int) len );
+}
+
+asn1_named_data *asn1_store_named_data( asn1_named_data **head,
+ const char *oid, size_t oid_len,
+ const unsigned char *val,
+ size_t val_len )
+{
+ asn1_named_data *cur;
+
+ if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+ {
+ // Add new entry if not present yet based on OID
+ //
+ if( ( cur = polarssl_malloc( sizeof(asn1_named_data) ) ) == NULL )
+ return( NULL );
+
+ memset( cur, 0, sizeof(asn1_named_data) );
+
+ cur->oid.len = oid_len;
+ cur->oid.p = polarssl_malloc( oid_len );
+ if( cur->oid.p == NULL )
+ {
+ polarssl_free( cur );
+ return( NULL );
+ }
+
+ cur->val.len = val_len;
+ cur->val.p = polarssl_malloc( val_len );
+ if( cur->val.p == NULL )
+ {
+ polarssl_free( cur->oid.p );
+ polarssl_free( cur );
+ return( NULL );
+ }
+
+ memcpy( cur->oid.p, oid, oid_len );
+
+ cur->next = *head;
+ *head = cur;
+ }
+ else if( cur->val.len < val_len )
+ {
+ // Enlarge existing value buffer if needed
+ //
+ polarssl_free( cur->val.p );
+ cur->val.p = NULL;
+
+ cur->val.len = val_len;
+ cur->val.p = polarssl_malloc( val_len );
+ if( cur->val.p == NULL )
+ {
+ polarssl_free( cur->oid.p );
+ polarssl_free( cur );
+ return( NULL );
+ }
+ }
+
+ if( val != NULL )
+ memcpy( cur->val.p, val, val_len );
+
+ return( cur );
+}
+#endif
/*
* RFC 1521 base64 encoding/decoding
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/base64.h"
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
static const unsigned char base64_enc_map[64] =
{
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
int base64_decode( unsigned char *dst, size_t *dlen,
const unsigned char *src, size_t slen )
{
- size_t i, j, n;
- unsigned long x;
+ size_t i, n;
+ uint32_t j, x;
unsigned char *p;
- for( i = j = n = 0; i < slen; i++ )
+ for( i = n = j = 0; i < slen; i++ )
{
if( ( slen - i ) >= 2 &&
src[i] == '\r' && src[i + 1] == '\n' )
n = ((n * 6) + 7) >> 3;
- if( *dlen < n )
+ if( dst == NULL || *dlen < n )
{
*dlen = n;
return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
int base64_self_test( int verbose )
{
size_t len;
- unsigned char *src, buffer[128];
+ const unsigned char *src;
+ unsigned char buffer[128];
if( verbose != 0 )
printf( " Base64 encoding test: " );
len = sizeof( buffer );
- src = (unsigned char *) base64_test_dec;
+ src = base64_test_dec;
if( base64_encode( buffer, &len, src, 64 ) != 0 ||
- memcmp( base64_test_enc, buffer, 88 ) != 0 )
+ memcmp( base64_test_enc, buffer, 88 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
printf( "passed\n Base64 decoding test: " );
len = sizeof( buffer );
- src = (unsigned char *) base64_test_enc;
+ src = base64_test_enc;
if( base64_decode( buffer, &len, src, 88 ) != 0 ||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
#include "polarssl/bignum.h"
#include "polarssl/bn_mul.h"
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
#include <stdlib.h>
#define ciL (sizeof(t_uint)) /* chars in limb */
if( X->p != NULL )
{
memset( X->p, 0, X->n * ciL );
- free( X->p );
+ polarssl_free( X->p );
}
X->s = 1;
if( X->n < nblimbs )
{
- if( ( p = (t_uint *) malloc( nblimbs * ciL ) ) == NULL )
+ if( ( p = (t_uint *) polarssl_malloc( nblimbs * ciL ) ) == NULL )
return( POLARSSL_ERR_MPI_MALLOC_FAILED );
memset( p, 0, nblimbs * ciL );
{
memcpy( p, X->p, X->n * ciL );
memset( X->p, 0, X->n * ciL );
- free( X->p );
+ polarssl_free( X->p );
}
X->n = nblimbs;
if( X == Y )
return( 0 );
+ if( Y->p == NULL )
+ {
+ mpi_free( X );
+ return( 0 );
+ }
+
for( i = Y->n - 1; i > 0; i-- )
if( Y->p[i] != 0 )
break;
/*
* Get a specific bit
*/
-int mpi_get_bit( mpi *X, size_t pos )
+int mpi_get_bit( const mpi *X, size_t pos )
{
if( X->n * biL <= pos )
return( 0 );
if( c == 0 && k == 0 && ( i + j + 3 ) != 0 )
continue;
- p += sprintf( p, "%02X", c );
+ *(p++) = "0123456789ABCDEF" [c / 16];
+ *(p++) = "0123456789ABCDEF" [c % 16];
k = 1;
}
}
* Buffer should have space for (short) label and decimal formatted MPI,
* newline characters and '\0'
*/
- char s[ POLARSSL_MPI_READ_BUFFER_SIZE ];
+ char s[ POLARSSL_MPI_RW_BUFFER_SIZE ];
memset( s, 0, sizeof( s ) );
if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
int ret;
size_t n, slen, plen;
/*
- * Buffer should have space for minus sign, hexified MPI and '\0'
+ * Buffer should have space for (short) label and decimal formatted MPI,
+ * newline characters and '\0'
*/
- char s[ 2 * POLARSSL_MPI_MAX_SIZE + 2 ];
+ char s[ POLARSSL_MPI_RW_BUFFER_SIZE ];
n = sizeof( s );
memset( s, 0, n );
v0 = count / biL;
v1 = count & (biL - 1);
+ if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
+ return mpi_lset( X, 0 );
+
/*
* shift by count / limb_size
*/
p = X->p + i;
}
- *p += c; c = ( *p < c ); i++;
+ *p += c; c = ( *p < c ); i++; p++;
}
cleanup:
}
/*
- * Helper for mpi substraction
+ * Helper for mpi subtraction
*/
static void mpi_sub_hlp( size_t n, t_uint *s, t_uint *d )
{
}
/*
- * Unsigned substraction: X = |A| - |B| (HAC 14.9)
+ * Unsigned subtraction: X = |A| - |B| (HAC 14.9)
*/
int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B )
{
MPI_CHK( mpi_copy( X, A ) );
/*
- * X should always be positive as a result of unsigned substractions.
+ * X should always be positive as a result of unsigned subtractions.
*/
X->s = 1;
}
/*
- * Signed substraction: X = A - B
+ * Signed subtraction: X = A - B
*/
int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B )
{
}
/*
- * Signed substraction: X = A - b
+ * Signed subtraction: X = A - b
*/
int mpi_sub_int( mpi *X, const mpi *A, t_sint b )
{
/*
* Helper for mpi multiplication
- */
-static void mpi_mul_hlp( size_t i, t_uint *s, t_uint *d, t_uint b )
+ */
+static
+#if defined(__APPLE__) && defined(__arm__)
+/*
+ * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
+ * appears to need this to prevent bad ARM code generation at -O3.
+ */
+__attribute__ ((noinline))
+#endif
+void mpi_mul_hlp( size_t i, t_uint *s, t_uint *d, t_uint b )
{
t_uint c = 0, t = 0;
n = X.n - 1;
t = Y.n - 1;
- mpi_shift_l( &Y, biL * (n - t) );
+ MPI_CHK( mpi_shift_l( &Y, biL * (n - t) ) );
while( mpi_cmp_mpi( &X, &Y ) >= 0 )
{
Z.p[i - t - 1] = ~0;
else
{
-#if defined(POLARSSL_HAVE_LONGLONG)
+#if defined(POLARSSL_HAVE_UDBL)
t_udbl r;
r = (t_udbl) X.p[i] << biL;
if( R != NULL )
{
mpi_shift_r( &X, k );
+ X.s = A->s;
mpi_copy( R, &X );
- R->s = A->s;
if( mpi_cmp_int( R, 0 ) == 0 )
R->s = 1;
}
/*
* Division by int: A = Q * b + R
- *
- * Returns 0 if successful
- * 1 if memory allocation failed
- * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
*/
int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b )
{
t_uint z = 1;
mpi U;
- U.n = U.s = z;
+ U.n = U.s = (int) z;
U.p = &z;
mpi_montmul( A, &U, N, mm, T );
size_t i, j, nblimbs;
size_t bufsize, nbits;
t_uint ei, mm, state;
- mpi RR, T, W[ 2 << POLARSSL_MPI_WINDOW_SIZE ];
+ mpi RR, T, W[ 2 << POLARSSL_MPI_WINDOW_SIZE ], Apos;
+ int neg;
if( mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
+ if( mpi_cmp_int( E, 0 ) < 0 )
+ return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
+
/*
* Init temps and window size
*/
MPI_CHK( mpi_grow( &W[1], j ) );
MPI_CHK( mpi_grow( &T, j * 2 ) );
+ /*
+ * Compensate for negative A (and correct at the end)
+ */
+ neg = ( A->s == -1 );
+
+ mpi_init( &Apos );
+ if( neg )
+ {
+ MPI_CHK( mpi_copy( &Apos, A ) );
+ Apos.s = 1;
+ A = &Apos;
+ }
+
/*
* If 1st call, pre-compute R^2 mod N
*/
for( i = 0; i < wsize - 1; i++ )
mpi_montmul( &W[j], &W[j], N, mm, &T );
-
+
/*
* W[i] = W[i - 1] * W[1]
*/
{
if( bufsize == 0 )
{
- if( nblimbs-- == 0 )
+ if( nblimbs == 0 )
break;
+ nblimbs--;
+
bufsize = sizeof( t_uint ) << 3;
}
*/
mpi_montred( X, N, mm, &T );
+ if( neg )
+ {
+ X->s = -1;
+ mpi_add_mpi( X, N, X );
+ }
+
cleanup:
for( i = (one << (wsize - 1)); i < (one << wsize); i++ )
mpi_free( &W[i] );
- mpi_free( &W[1] ); mpi_free( &T );
+ mpi_free( &W[1] ); mpi_free( &T ); mpi_free( &Apos );
if( _RR == NULL )
mpi_free( &RR );
MPI_CHK( mpi_lset( X, 0 ) );
MPI_CHK( f_rng( p_rng, (unsigned char *) X->p, size ) );
+
cleanup:
return( ret );
}
-#if defined(POLARSSL_GENPRIME)
-
/*
* Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
*/
return( ret );
}
+#if defined(POLARSSL_GENPRIME)
+
static const int small_prime[] =
{
3, 5, 7, 11, 13, 17, 19, 23,
return( ret );
}
-#endif
+#endif /* POLARSSL_GENPRIME */
#if defined(POLARSSL_SELF_TEST)
if( verbose != 0 )
printf( "passed\n" );
-#if defined(POLARSSL_GENPRIME)
MPI_CHK( mpi_inv_mod( &X, &A, &N ) );
MPI_CHK( mpi_read_string( &U, 16,
if( verbose != 0 )
printf( "passed\n" );
-#endif
if( verbose != 0 )
printf( " MPI test #5 (simple gcd): " );
--- /dev/null
+/*
+ * Blowfish implementation
+ *
+ * Copyright (C) 2012-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The Blowfish block cipher was designed by Bruce Schneier in 1993.
+ * http://www.schneier.com/blowfish.html
+ * http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
+ *
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_BLOWFISH_C)
+
+#include "polarssl/blowfish.h"
+
+#if !defined(POLARSSL_BLOWFISH_ALT)
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
+{ \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
+ (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
+ (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
+ (b)[(i) + 3] = (unsigned char) ( (n) ); \
+}
+#endif
+
+static const uint32_t P[BLOWFISH_ROUNDS + 2] = {
+ 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
+ 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
+ 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
+ 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
+ 0x9216D5D9L, 0x8979FB1BL
+};
+
+/* declarations of data at the end of this file */
+static const uint32_t S[4][256];
+
+static uint32_t F(blowfish_context *ctx, uint32_t x)
+{
+ unsigned short a, b, c, d;
+ uint32_t y;
+
+ d = (unsigned short)(x & 0xFF);
+ x >>= 8;
+ c = (unsigned short)(x & 0xFF);
+ x >>= 8;
+ b = (unsigned short)(x & 0xFF);
+ x >>= 8;
+ a = (unsigned short)(x & 0xFF);
+ y = ctx->S[0][a] + ctx->S[1][b];
+ y = y ^ ctx->S[2][c];
+ y = y + ctx->S[3][d];
+
+ return y;
+}
+
+static void blowfish_enc(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
+{
+ uint32_t Xl, Xr, temp;
+ short i;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ for (i = 0; i < BLOWFISH_ROUNDS; ++i)
+ {
+ Xl = Xl ^ ctx->P[i];
+ Xr = F(ctx, Xl) ^ Xr;
+
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+ }
+
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+
+ Xr = Xr ^ ctx->P[BLOWFISH_ROUNDS];
+ Xl = Xl ^ ctx->P[BLOWFISH_ROUNDS + 1];
+
+ *xl = Xl;
+ *xr = Xr;
+}
+
+static void blowfish_dec(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
+{
+ uint32_t Xl, Xr, temp;
+ short i;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ for (i = BLOWFISH_ROUNDS + 1; i > 1; --i)
+ {
+ Xl = Xl ^ ctx->P[i];
+ Xr = F(ctx, Xl) ^ Xr;
+
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+ }
+
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+
+ Xr = Xr ^ ctx->P[1];
+ Xl = Xl ^ ctx->P[0];
+
+ *xl = Xl;
+ *xr = Xr;
+}
+
+/*
+ * Blowfish key schedule
+ */
+int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsigned int keysize )
+{
+ unsigned int i, j, k;
+ uint32_t data, datal, datar;
+
+ if( keysize < BLOWFISH_MIN_KEY || keysize > BLOWFISH_MAX_KEY ||
+ ( keysize % 8 ) )
+ {
+ return POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH;
+ }
+
+ keysize >>= 3;
+
+ for( i = 0; i < 4; i++ )
+ {
+ for( j = 0; j < 256; j++ )
+ ctx->S[i][j] = S[i][j];
+ }
+
+ j = 0;
+ for( i = 0; i < BLOWFISH_ROUNDS + 2; ++i )
+ {
+ data = 0x00000000;
+ for( k = 0; k < 4; ++k )
+ {
+ data = ( data << 8 ) | key[j++];
+ if( j >= keysize )
+ j = 0;
+ }
+ ctx->P[i] = P[i] ^ data;
+ }
+
+ datal = 0x00000000;
+ datar = 0x00000000;
+
+ for( i = 0; i < BLOWFISH_ROUNDS + 2; i += 2 )
+ {
+ blowfish_enc( ctx, &datal, &datar );
+ ctx->P[i] = datal;
+ ctx->P[i + 1] = datar;
+ }
+
+ for( i = 0; i < 4; i++ )
+ {
+ for( j = 0; j < 256; j += 2 )
+ {
+ blowfish_enc( ctx, &datal, &datar );
+ ctx->S[i][j] = datal;
+ ctx->S[i][j + 1] = datar;
+ }
+ }
+ return( 0 );
+}
+
+/*
+ * Blowfish-ECB block encryption/decryption
+ */
+int blowfish_crypt_ecb( blowfish_context *ctx,
+ int mode,
+ const unsigned char input[BLOWFISH_BLOCKSIZE],
+ unsigned char output[BLOWFISH_BLOCKSIZE] )
+{
+ uint32_t X0, X1;
+
+ GET_UINT32_BE( X0, input, 0 );
+ GET_UINT32_BE( X1, input, 4 );
+
+ if( mode == BLOWFISH_DECRYPT )
+ {
+ blowfish_dec(ctx, &X0, &X1);
+ }
+ else /* BLOWFISH_ENCRYPT */
+ {
+ blowfish_enc(ctx, &X0, &X1);
+ }
+
+ PUT_UINT32_BE( X0, output, 0 );
+ PUT_UINT32_BE( X1, output, 4 );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/*
+ * Blowfish-CBC buffer encryption/decryption
+ */
+int blowfish_crypt_cbc( blowfish_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int i;
+ unsigned char temp[BLOWFISH_BLOCKSIZE];
+
+ if( length % BLOWFISH_BLOCKSIZE )
+ return( POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
+
+ if( mode == BLOWFISH_DECRYPT )
+ {
+ while( length > 0 )
+ {
+ memcpy( temp, input, BLOWFISH_BLOCKSIZE );
+ blowfish_crypt_ecb( ctx, mode, input, output );
+
+ for( i = 0; i < BLOWFISH_BLOCKSIZE;i++ )
+ output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+ memcpy( iv, temp, BLOWFISH_BLOCKSIZE );
+
+ input += BLOWFISH_BLOCKSIZE;
+ output += BLOWFISH_BLOCKSIZE;
+ length -= BLOWFISH_BLOCKSIZE;
+ }
+ }
+ else
+ {
+ while( length > 0 )
+ {
+ for( i = 0; i < BLOWFISH_BLOCKSIZE; i++ )
+ output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+ blowfish_crypt_ecb( ctx, mode, output, output );
+ memcpy( iv, output, BLOWFISH_BLOCKSIZE );
+
+ input += BLOWFISH_BLOCKSIZE;
+ output += BLOWFISH_BLOCKSIZE;
+ length -= BLOWFISH_BLOCKSIZE;
+ }
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+/*
+ * Blowfish CFB buffer encryption/decryption
+ */
+int blowfish_crypt_cfb64( blowfish_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int c;
+ size_t n = *iv_off;
+
+ if( mode == BLOWFISH_DECRYPT )
+ {
+ while( length-- )
+ {
+ if( n == 0 )
+ blowfish_crypt_ecb( ctx, BLOWFISH_ENCRYPT, iv, iv );
+
+ c = *input++;
+ *output++ = (unsigned char)( c ^ iv[n] );
+ iv[n] = (unsigned char) c;
+
+ n = (n + 1) % BLOWFISH_BLOCKSIZE;
+ }
+ }
+ else
+ {
+ while( length-- )
+ {
+ if( n == 0 )
+ blowfish_crypt_ecb( ctx, BLOWFISH_ENCRYPT, iv, iv );
+
+ iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+ n = (n + 1) % BLOWFISH_BLOCKSIZE;
+ }
+ }
+
+ *iv_off = n;
+
+ return( 0 );
+}
+#endif /*POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+/*
+ * Blowfish CTR buffer encryption/decryption
+ */
+int blowfish_crypt_ctr( blowfish_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[BLOWFISH_BLOCKSIZE],
+ unsigned char stream_block[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int c, i;
+ size_t n = *nc_off;
+
+ while( length-- )
+ {
+ if( n == 0 ) {
+ blowfish_crypt_ecb( ctx, BLOWFISH_ENCRYPT, nonce_counter, stream_block );
+
+ for( i = BLOWFISH_BLOCKSIZE; i > 0; i-- )
+ if( ++nonce_counter[i - 1] != 0 )
+ break;
+ }
+ c = *input++;
+ *output++ = (unsigned char)( c ^ stream_block[n] );
+
+ n = (n + 1) % BLOWFISH_BLOCKSIZE;
+ }
+
+ *nc_off = n;
+
+ return( 0 );
+}
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+static const uint32_t S[4][256] = {
+ { 0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
+ 0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L,
+ 0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L,
+ 0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL,
+ 0x0D95748FL, 0x728EB658L, 0x718BCD58L, 0x82154AEEL,
+ 0x7B54A41DL, 0xC25A59B5L, 0x9C30D539L, 0x2AF26013L,
+ 0xC5D1B023L, 0x286085F0L, 0xCA417918L, 0xB8DB38EFL,
+ 0x8E79DCB0L, 0x603A180EL, 0x6C9E0E8BL, 0xB01E8A3EL,
+ 0xD71577C1L, 0xBD314B27L, 0x78AF2FDAL, 0x55605C60L,
+ 0xE65525F3L, 0xAA55AB94L, 0x57489862L, 0x63E81440L,
+ 0x55CA396AL, 0x2AAB10B6L, 0xB4CC5C34L, 0x1141E8CEL,
+ 0xA15486AFL, 0x7C72E993L, 0xB3EE1411L, 0x636FBC2AL,
+ 0x2BA9C55DL, 0x741831F6L, 0xCE5C3E16L, 0x9B87931EL,
+ 0xAFD6BA33L, 0x6C24CF5CL, 0x7A325381L, 0x28958677L,
+ 0x3B8F4898L, 0x6B4BB9AFL, 0xC4BFE81BL, 0x66282193L,
+ 0x61D809CCL, 0xFB21A991L, 0x487CAC60L, 0x5DEC8032L,
+ 0xEF845D5DL, 0xE98575B1L, 0xDC262302L, 0xEB651B88L,
+ 0x23893E81L, 0xD396ACC5L, 0x0F6D6FF3L, 0x83F44239L,
+ 0x2E0B4482L, 0xA4842004L, 0x69C8F04AL, 0x9E1F9B5EL,
+ 0x21C66842L, 0xF6E96C9AL, 0x670C9C61L, 0xABD388F0L,
+ 0x6A51A0D2L, 0xD8542F68L, 0x960FA728L, 0xAB5133A3L,
+ 0x6EEF0B6CL, 0x137A3BE4L, 0xBA3BF050L, 0x7EFB2A98L,
+ 0xA1F1651DL, 0x39AF0176L, 0x66CA593EL, 0x82430E88L,
+ 0x8CEE8619L, 0x456F9FB4L, 0x7D84A5C3L, 0x3B8B5EBEL,
+ 0xE06F75D8L, 0x85C12073L, 0x401A449FL, 0x56C16AA6L,
+ 0x4ED3AA62L, 0x363F7706L, 0x1BFEDF72L, 0x429B023DL,
+ 0x37D0D724L, 0xD00A1248L, 0xDB0FEAD3L, 0x49F1C09BL,
+ 0x075372C9L, 0x80991B7BL, 0x25D479D8L, 0xF6E8DEF7L,
+ 0xE3FE501AL, 0xB6794C3BL, 0x976CE0BDL, 0x04C006BAL,
+ 0xC1A94FB6L, 0x409F60C4L, 0x5E5C9EC2L, 0x196A2463L,
+ 0x68FB6FAFL, 0x3E6C53B5L, 0x1339B2EBL, 0x3B52EC6FL,
+ 0x6DFC511FL, 0x9B30952CL, 0xCC814544L, 0xAF5EBD09L,
+ 0xBEE3D004L, 0xDE334AFDL, 0x660F2807L, 0x192E4BB3L,
+ 0xC0CBA857L, 0x45C8740FL, 0xD20B5F39L, 0xB9D3FBDBL,
+ 0x5579C0BDL, 0x1A60320AL, 0xD6A100C6L, 0x402C7279L,
+ 0x679F25FEL, 0xFB1FA3CCL, 0x8EA5E9F8L, 0xDB3222F8L,
+ 0x3C7516DFL, 0xFD616B15L, 0x2F501EC8L, 0xAD0552ABL,
+ 0x323DB5FAL, 0xFD238760L, 0x53317B48L, 0x3E00DF82L,
+ 0x9E5C57BBL, 0xCA6F8CA0L, 0x1A87562EL, 0xDF1769DBL,
+ 0xD542A8F6L, 0x287EFFC3L, 0xAC6732C6L, 0x8C4F5573L,
+ 0x695B27B0L, 0xBBCA58C8L, 0xE1FFA35DL, 0xB8F011A0L,
+ 0x10FA3D98L, 0xFD2183B8L, 0x4AFCB56CL, 0x2DD1D35BL,
+ 0x9A53E479L, 0xB6F84565L, 0xD28E49BCL, 0x4BFB9790L,
+ 0xE1DDF2DAL, 0xA4CB7E33L, 0x62FB1341L, 0xCEE4C6E8L,
+ 0xEF20CADAL, 0x36774C01L, 0xD07E9EFEL, 0x2BF11FB4L,
+ 0x95DBDA4DL, 0xAE909198L, 0xEAAD8E71L, 0x6B93D5A0L,
+ 0xD08ED1D0L, 0xAFC725E0L, 0x8E3C5B2FL, 0x8E7594B7L,
+ 0x8FF6E2FBL, 0xF2122B64L, 0x8888B812L, 0x900DF01CL,
+ 0x4FAD5EA0L, 0x688FC31CL, 0xD1CFF191L, 0xB3A8C1ADL,
+ 0x2F2F2218L, 0xBE0E1777L, 0xEA752DFEL, 0x8B021FA1L,
+ 0xE5A0CC0FL, 0xB56F74E8L, 0x18ACF3D6L, 0xCE89E299L,
+ 0xB4A84FE0L, 0xFD13E0B7L, 0x7CC43B81L, 0xD2ADA8D9L,
+ 0x165FA266L, 0x80957705L, 0x93CC7314L, 0x211A1477L,
+ 0xE6AD2065L, 0x77B5FA86L, 0xC75442F5L, 0xFB9D35CFL,
+ 0xEBCDAF0CL, 0x7B3E89A0L, 0xD6411BD3L, 0xAE1E7E49L,
+ 0x00250E2DL, 0x2071B35EL, 0x226800BBL, 0x57B8E0AFL,
+ 0x2464369BL, 0xF009B91EL, 0x5563911DL, 0x59DFA6AAL,
+ 0x78C14389L, 0xD95A537FL, 0x207D5BA2L, 0x02E5B9C5L,
+ 0x83260376L, 0x6295CFA9L, 0x11C81968L, 0x4E734A41L,
+ 0xB3472DCAL, 0x7B14A94AL, 0x1B510052L, 0x9A532915L,
+ 0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L,
+ 0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L,
+ 0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L,
+ 0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL },
+ { 0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
+ 0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L,
+ 0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L,
+ 0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL,
+ 0x3F54989AL, 0x5B429D65L, 0x6B8FE4D6L, 0x99F73FD6L,
+ 0xA1D29C07L, 0xEFE830F5L, 0x4D2D38E6L, 0xF0255DC1L,
+ 0x4CDD2086L, 0x8470EB26L, 0x6382E9C6L, 0x021ECC5EL,
+ 0x09686B3FL, 0x3EBAEFC9L, 0x3C971814L, 0x6B6A70A1L,
+ 0x687F3584L, 0x52A0E286L, 0xB79C5305L, 0xAA500737L,
+ 0x3E07841CL, 0x7FDEAE5CL, 0x8E7D44ECL, 0x5716F2B8L,
+ 0xB03ADA37L, 0xF0500C0DL, 0xF01C1F04L, 0x0200B3FFL,
+ 0xAE0CF51AL, 0x3CB574B2L, 0x25837A58L, 0xDC0921BDL,
+ 0xD19113F9L, 0x7CA92FF6L, 0x94324773L, 0x22F54701L,
+ 0x3AE5E581L, 0x37C2DADCL, 0xC8B57634L, 0x9AF3DDA7L,
+ 0xA9446146L, 0x0FD0030EL, 0xECC8C73EL, 0xA4751E41L,
+ 0xE238CD99L, 0x3BEA0E2FL, 0x3280BBA1L, 0x183EB331L,
+ 0x4E548B38L, 0x4F6DB908L, 0x6F420D03L, 0xF60A04BFL,
+ 0x2CB81290L, 0x24977C79L, 0x5679B072L, 0xBCAF89AFL,
+ 0xDE9A771FL, 0xD9930810L, 0xB38BAE12L, 0xDCCF3F2EL,
+ 0x5512721FL, 0x2E6B7124L, 0x501ADDE6L, 0x9F84CD87L,
+ 0x7A584718L, 0x7408DA17L, 0xBC9F9ABCL, 0xE94B7D8CL,
+ 0xEC7AEC3AL, 0xDB851DFAL, 0x63094366L, 0xC464C3D2L,
+ 0xEF1C1847L, 0x3215D908L, 0xDD433B37L, 0x24C2BA16L,
+ 0x12A14D43L, 0x2A65C451L, 0x50940002L, 0x133AE4DDL,
+ 0x71DFF89EL, 0x10314E55L, 0x81AC77D6L, 0x5F11199BL,
+ 0x043556F1L, 0xD7A3C76BL, 0x3C11183BL, 0x5924A509L,
+ 0xF28FE6EDL, 0x97F1FBFAL, 0x9EBABF2CL, 0x1E153C6EL,
+ 0x86E34570L, 0xEAE96FB1L, 0x860E5E0AL, 0x5A3E2AB3L,
+ 0x771FE71CL, 0x4E3D06FAL, 0x2965DCB9L, 0x99E71D0FL,
+ 0x803E89D6L, 0x5266C825L, 0x2E4CC978L, 0x9C10B36AL,
+ 0xC6150EBAL, 0x94E2EA78L, 0xA5FC3C53L, 0x1E0A2DF4L,
+ 0xF2F74EA7L, 0x361D2B3DL, 0x1939260FL, 0x19C27960L,
+ 0x5223A708L, 0xF71312B6L, 0xEBADFE6EL, 0xEAC31F66L,
+ 0xE3BC4595L, 0xA67BC883L, 0xB17F37D1L, 0x018CFF28L,
+ 0xC332DDEFL, 0xBE6C5AA5L, 0x65582185L, 0x68AB9802L,
+ 0xEECEA50FL, 0xDB2F953BL, 0x2AEF7DADL, 0x5B6E2F84L,
+ 0x1521B628L, 0x29076170L, 0xECDD4775L, 0x619F1510L,
+ 0x13CCA830L, 0xEB61BD96L, 0x0334FE1EL, 0xAA0363CFL,
+ 0xB5735C90L, 0x4C70A239L, 0xD59E9E0BL, 0xCBAADE14L,
+ 0xEECC86BCL, 0x60622CA7L, 0x9CAB5CABL, 0xB2F3846EL,
+ 0x648B1EAFL, 0x19BDF0CAL, 0xA02369B9L, 0x655ABB50L,
+ 0x40685A32L, 0x3C2AB4B3L, 0x319EE9D5L, 0xC021B8F7L,
+ 0x9B540B19L, 0x875FA099L, 0x95F7997EL, 0x623D7DA8L,
+ 0xF837889AL, 0x97E32D77L, 0x11ED935FL, 0x16681281L,
+ 0x0E358829L, 0xC7E61FD6L, 0x96DEDFA1L, 0x7858BA99L,
+ 0x57F584A5L, 0x1B227263L, 0x9B83C3FFL, 0x1AC24696L,
+ 0xCDB30AEBL, 0x532E3054L, 0x8FD948E4L, 0x6DBC3128L,
+ 0x58EBF2EFL, 0x34C6FFEAL, 0xFE28ED61L, 0xEE7C3C73L,
+ 0x5D4A14D9L, 0xE864B7E3L, 0x42105D14L, 0x203E13E0L,
+ 0x45EEE2B6L, 0xA3AAABEAL, 0xDB6C4F15L, 0xFACB4FD0L,
+ 0xC742F442L, 0xEF6ABBB5L, 0x654F3B1DL, 0x41CD2105L,
+ 0xD81E799EL, 0x86854DC7L, 0xE44B476AL, 0x3D816250L,
+ 0xCF62A1F2L, 0x5B8D2646L, 0xFC8883A0L, 0xC1C7B6A3L,
+ 0x7F1524C3L, 0x69CB7492L, 0x47848A0BL, 0x5692B285L,
+ 0x095BBF00L, 0xAD19489DL, 0x1462B174L, 0x23820E00L,
+ 0x58428D2AL, 0x0C55F5EAL, 0x1DADF43EL, 0x233F7061L,
+ 0x3372F092L, 0x8D937E41L, 0xD65FECF1L, 0x6C223BDBL,
+ 0x7CDE3759L, 0xCBEE7460L, 0x4085F2A7L, 0xCE77326EL,
+ 0xA6078084L, 0x19F8509EL, 0xE8EFD855L, 0x61D99735L,
+ 0xA969A7AAL, 0xC50C06C2L, 0x5A04ABFCL, 0x800BCADCL,
+ 0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L,
+ 0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L,
+ 0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L,
+ 0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L },
+ { 0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
+ 0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L,
+ 0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL,
+ 0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L,
+ 0x4D95FC1DL, 0x96B591AFL, 0x70F4DDD3L, 0x66A02F45L,
+ 0xBFBC09ECL, 0x03BD9785L, 0x7FAC6DD0L, 0x31CB8504L,
+ 0x96EB27B3L, 0x55FD3941L, 0xDA2547E6L, 0xABCA0A9AL,
+ 0x28507825L, 0x530429F4L, 0x0A2C86DAL, 0xE9B66DFBL,
+ 0x68DC1462L, 0xD7486900L, 0x680EC0A4L, 0x27A18DEEL,
+ 0x4F3FFEA2L, 0xE887AD8CL, 0xB58CE006L, 0x7AF4D6B6L,
+ 0xAACE1E7CL, 0xD3375FECL, 0xCE78A399L, 0x406B2A42L,
+ 0x20FE9E35L, 0xD9F385B9L, 0xEE39D7ABL, 0x3B124E8BL,
+ 0x1DC9FAF7L, 0x4B6D1856L, 0x26A36631L, 0xEAE397B2L,
+ 0x3A6EFA74L, 0xDD5B4332L, 0x6841E7F7L, 0xCA7820FBL,
+ 0xFB0AF54EL, 0xD8FEB397L, 0x454056ACL, 0xBA489527L,
+ 0x55533A3AL, 0x20838D87L, 0xFE6BA9B7L, 0xD096954BL,
+ 0x55A867BCL, 0xA1159A58L, 0xCCA92963L, 0x99E1DB33L,
+ 0xA62A4A56L, 0x3F3125F9L, 0x5EF47E1CL, 0x9029317CL,
+ 0xFDF8E802L, 0x04272F70L, 0x80BB155CL, 0x05282CE3L,
+ 0x95C11548L, 0xE4C66D22L, 0x48C1133FL, 0xC70F86DCL,
+ 0x07F9C9EEL, 0x41041F0FL, 0x404779A4L, 0x5D886E17L,
+ 0x325F51EBL, 0xD59BC0D1L, 0xF2BCC18FL, 0x41113564L,
+ 0x257B7834L, 0x602A9C60L, 0xDFF8E8A3L, 0x1F636C1BL,
+ 0x0E12B4C2L, 0x02E1329EL, 0xAF664FD1L, 0xCAD18115L,
+ 0x6B2395E0L, 0x333E92E1L, 0x3B240B62L, 0xEEBEB922L,
+ 0x85B2A20EL, 0xE6BA0D99L, 0xDE720C8CL, 0x2DA2F728L,
+ 0xD0127845L, 0x95B794FDL, 0x647D0862L, 0xE7CCF5F0L,
+ 0x5449A36FL, 0x877D48FAL, 0xC39DFD27L, 0xF33E8D1EL,
+ 0x0A476341L, 0x992EFF74L, 0x3A6F6EABL, 0xF4F8FD37L,
+ 0xA812DC60L, 0xA1EBDDF8L, 0x991BE14CL, 0xDB6E6B0DL,
+ 0xC67B5510L, 0x6D672C37L, 0x2765D43BL, 0xDCD0E804L,
+ 0xF1290DC7L, 0xCC00FFA3L, 0xB5390F92L, 0x690FED0BL,
+ 0x667B9FFBL, 0xCEDB7D9CL, 0xA091CF0BL, 0xD9155EA3L,
+ 0xBB132F88L, 0x515BAD24L, 0x7B9479BFL, 0x763BD6EBL,
+ 0x37392EB3L, 0xCC115979L, 0x8026E297L, 0xF42E312DL,
+ 0x6842ADA7L, 0xC66A2B3BL, 0x12754CCCL, 0x782EF11CL,
+ 0x6A124237L, 0xB79251E7L, 0x06A1BBE6L, 0x4BFB6350L,
+ 0x1A6B1018L, 0x11CAEDFAL, 0x3D25BDD8L, 0xE2E1C3C9L,
+ 0x44421659L, 0x0A121386L, 0xD90CEC6EL, 0xD5ABEA2AL,
+ 0x64AF674EL, 0xDA86A85FL, 0xBEBFE988L, 0x64E4C3FEL,
+ 0x9DBC8057L, 0xF0F7C086L, 0x60787BF8L, 0x6003604DL,
+ 0xD1FD8346L, 0xF6381FB0L, 0x7745AE04L, 0xD736FCCCL,
+ 0x83426B33L, 0xF01EAB71L, 0xB0804187L, 0x3C005E5FL,
+ 0x77A057BEL, 0xBDE8AE24L, 0x55464299L, 0xBF582E61L,
+ 0x4E58F48FL, 0xF2DDFDA2L, 0xF474EF38L, 0x8789BDC2L,
+ 0x5366F9C3L, 0xC8B38E74L, 0xB475F255L, 0x46FCD9B9L,
+ 0x7AEB2661L, 0x8B1DDF84L, 0x846A0E79L, 0x915F95E2L,
+ 0x466E598EL, 0x20B45770L, 0x8CD55591L, 0xC902DE4CL,
+ 0xB90BACE1L, 0xBB8205D0L, 0x11A86248L, 0x7574A99EL,
+ 0xB77F19B6L, 0xE0A9DC09L, 0x662D09A1L, 0xC4324633L,
+ 0xE85A1F02L, 0x09F0BE8CL, 0x4A99A025L, 0x1D6EFE10L,
+ 0x1AB93D1DL, 0x0BA5A4DFL, 0xA186F20FL, 0x2868F169L,
+ 0xDCB7DA83L, 0x573906FEL, 0xA1E2CE9BL, 0x4FCD7F52L,
+ 0x50115E01L, 0xA70683FAL, 0xA002B5C4L, 0x0DE6D027L,
+ 0x9AF88C27L, 0x773F8641L, 0xC3604C06L, 0x61A806B5L,
+ 0xF0177A28L, 0xC0F586E0L, 0x006058AAL, 0x30DC7D62L,
+ 0x11E69ED7L, 0x2338EA63L, 0x53C2DD94L, 0xC2C21634L,
+ 0xBBCBEE56L, 0x90BCB6DEL, 0xEBFC7DA1L, 0xCE591D76L,
+ 0x6F05E409L, 0x4B7C0188L, 0x39720A3DL, 0x7C927C24L,
+ 0x86E3725FL, 0x724D9DB9L, 0x1AC15BB4L, 0xD39EB8FCL,
+ 0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L,
+ 0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL,
+ 0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L,
+ 0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L },
+ { 0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
+ 0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL,
+ 0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL,
+ 0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L,
+ 0x5748AB2FL, 0xBC946E79L, 0xC6A376D2L, 0x6549C2C8L,
+ 0x530FF8EEL, 0x468DDE7DL, 0xD5730A1DL, 0x4CD04DC6L,
+ 0x2939BBDBL, 0xA9BA4650L, 0xAC9526E8L, 0xBE5EE304L,
+ 0xA1FAD5F0L, 0x6A2D519AL, 0x63EF8CE2L, 0x9A86EE22L,
+ 0xC089C2B8L, 0x43242EF6L, 0xA51E03AAL, 0x9CF2D0A4L,
+ 0x83C061BAL, 0x9BE96A4DL, 0x8FE51550L, 0xBA645BD6L,
+ 0x2826A2F9L, 0xA73A3AE1L, 0x4BA99586L, 0xEF5562E9L,
+ 0xC72FEFD3L, 0xF752F7DAL, 0x3F046F69L, 0x77FA0A59L,
+ 0x80E4A915L, 0x87B08601L, 0x9B09E6ADL, 0x3B3EE593L,
+ 0xE990FD5AL, 0x9E34D797L, 0x2CF0B7D9L, 0x022B8B51L,
+ 0x96D5AC3AL, 0x017DA67DL, 0xD1CF3ED6L, 0x7C7D2D28L,
+ 0x1F9F25CFL, 0xADF2B89BL, 0x5AD6B472L, 0x5A88F54CL,
+ 0xE029AC71L, 0xE019A5E6L, 0x47B0ACFDL, 0xED93FA9BL,
+ 0xE8D3C48DL, 0x283B57CCL, 0xF8D56629L, 0x79132E28L,
+ 0x785F0191L, 0xED756055L, 0xF7960E44L, 0xE3D35E8CL,
+ 0x15056DD4L, 0x88F46DBAL, 0x03A16125L, 0x0564F0BDL,
+ 0xC3EB9E15L, 0x3C9057A2L, 0x97271AECL, 0xA93A072AL,
+ 0x1B3F6D9BL, 0x1E6321F5L, 0xF59C66FBL, 0x26DCF319L,
+ 0x7533D928L, 0xB155FDF5L, 0x03563482L, 0x8ABA3CBBL,
+ 0x28517711L, 0xC20AD9F8L, 0xABCC5167L, 0xCCAD925FL,
+ 0x4DE81751L, 0x3830DC8EL, 0x379D5862L, 0x9320F991L,
+ 0xEA7A90C2L, 0xFB3E7BCEL, 0x5121CE64L, 0x774FBE32L,
+ 0xA8B6E37EL, 0xC3293D46L, 0x48DE5369L, 0x6413E680L,
+ 0xA2AE0810L, 0xDD6DB224L, 0x69852DFDL, 0x09072166L,
+ 0xB39A460AL, 0x6445C0DDL, 0x586CDECFL, 0x1C20C8AEL,
+ 0x5BBEF7DDL, 0x1B588D40L, 0xCCD2017FL, 0x6BB4E3BBL,
+ 0xDDA26A7EL, 0x3A59FF45L, 0x3E350A44L, 0xBCB4CDD5L,
+ 0x72EACEA8L, 0xFA6484BBL, 0x8D6612AEL, 0xBF3C6F47L,
+ 0xD29BE463L, 0x542F5D9EL, 0xAEC2771BL, 0xF64E6370L,
+ 0x740E0D8DL, 0xE75B1357L, 0xF8721671L, 0xAF537D5DL,
+ 0x4040CB08L, 0x4EB4E2CCL, 0x34D2466AL, 0x0115AF84L,
+ 0xE1B00428L, 0x95983A1DL, 0x06B89FB4L, 0xCE6EA048L,
+ 0x6F3F3B82L, 0x3520AB82L, 0x011A1D4BL, 0x277227F8L,
+ 0x611560B1L, 0xE7933FDCL, 0xBB3A792BL, 0x344525BDL,
+ 0xA08839E1L, 0x51CE794BL, 0x2F32C9B7L, 0xA01FBAC9L,
+ 0xE01CC87EL, 0xBCC7D1F6L, 0xCF0111C3L, 0xA1E8AAC7L,
+ 0x1A908749L, 0xD44FBD9AL, 0xD0DADECBL, 0xD50ADA38L,
+ 0x0339C32AL, 0xC6913667L, 0x8DF9317CL, 0xE0B12B4FL,
+ 0xF79E59B7L, 0x43F5BB3AL, 0xF2D519FFL, 0x27D9459CL,
+ 0xBF97222CL, 0x15E6FC2AL, 0x0F91FC71L, 0x9B941525L,
+ 0xFAE59361L, 0xCEB69CEBL, 0xC2A86459L, 0x12BAA8D1L,
+ 0xB6C1075EL, 0xE3056A0CL, 0x10D25065L, 0xCB03A442L,
+ 0xE0EC6E0EL, 0x1698DB3BL, 0x4C98A0BEL, 0x3278E964L,
+ 0x9F1F9532L, 0xE0D392DFL, 0xD3A0342BL, 0x8971F21EL,
+ 0x1B0A7441L, 0x4BA3348CL, 0xC5BE7120L, 0xC37632D8L,
+ 0xDF359F8DL, 0x9B992F2EL, 0xE60B6F47L, 0x0FE3F11DL,
+ 0xE54CDA54L, 0x1EDAD891L, 0xCE6279CFL, 0xCD3E7E6FL,
+ 0x1618B166L, 0xFD2C1D05L, 0x848FD2C5L, 0xF6FB2299L,
+ 0xF523F357L, 0xA6327623L, 0x93A83531L, 0x56CCCD02L,
+ 0xACF08162L, 0x5A75EBB5L, 0x6E163697L, 0x88D273CCL,
+ 0xDE966292L, 0x81B949D0L, 0x4C50901BL, 0x71C65614L,
+ 0xE6C6C7BDL, 0x327A140AL, 0x45E1D006L, 0xC3F27B9AL,
+ 0xC9AA53FDL, 0x62A80F00L, 0xBB25BFE2L, 0x35BDD2F6L,
+ 0x71126905L, 0xB2040222L, 0xB6CBCF7CL, 0xCD769C2BL,
+ 0x53113EC0L, 0x1640E3D3L, 0x38ABBD60L, 0x2547ADF0L,
+ 0xBA38209CL, 0xF746CE76L, 0x77AFA1C5L, 0x20756060L,
+ 0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL,
+ 0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L,
+ 0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL,
+ 0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L }
+};
+
+#endif /* !POLARSSL_BLOWFISH_ALT */
+#endif /* POLARSSL_BLOWFISH_C */
/*
* Camellia implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/camellia.h"
+#if !defined(POLARSSL_CAMELLIA_ALT)
+
/*
* 32-bit integer manipulation macros (big endian)
*/
-#ifndef GET_ULONG_BE
-#define GET_ULONG_BE(n,b,i) \
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
- | ( (unsigned long) (b)[(i) + 1] << 16 ) \
- | ( (unsigned long) (b)[(i) + 2] << 8 ) \
- | ( (unsigned long) (b)[(i) + 3] ); \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
-#ifndef PUT_ULONG_BE
-#define PUT_ULONG_BE(n,b,i) \
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
* Prepare SIGMA values
*/
for (i = 0; i < 6; i++) {
- GET_ULONG_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
- GET_ULONG_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
+ GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
+ GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
}
/*
/* Store KL, KR */
for (i = 0; i < 8; i++)
- GET_ULONG_BE(KC[i], t, i * 4);
+ GET_UINT32_BE(KC[i], t, i * 4);
/* Generate KA */
for( i = 0; i < 4; ++i)
NR = ctx->nr;
RK = ctx->rk;
- GET_ULONG_BE( X[0], input, 0 );
- GET_ULONG_BE( X[1], input, 4 );
- GET_ULONG_BE( X[2], input, 8 );
- GET_ULONG_BE( X[3], input, 12 );
+ GET_UINT32_BE( X[0], input, 0 );
+ GET_UINT32_BE( X[1], input, 4 );
+ GET_UINT32_BE( X[2], input, 8 );
+ GET_UINT32_BE( X[3], input, 12 );
X[0] ^= *RK++;
X[1] ^= *RK++;
X[0] ^= *RK++;
X[1] ^= *RK++;
- PUT_ULONG_BE( X[2], output, 0 );
- PUT_ULONG_BE( X[3], output, 4 );
- PUT_ULONG_BE( X[0], output, 8 );
- PUT_ULONG_BE( X[1], output, 12 );
+ PUT_UINT32_BE( X[2], output, 0 );
+ PUT_UINT32_BE( X[3], output, 4 );
+ PUT_UINT32_BE( X[0], output, 8 );
+ PUT_UINT32_BE( X[1], output, 12 );
return( 0 );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* Camellia-CBC buffer encryption/decryption
*/
return( 0 );
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/*
const unsigned char *input,
unsigned char *output )
{
- int c, i, cb;
+ int c, i;
size_t n = *nc_off;
while( length-- )
if( n == 0 ) {
camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter, stream_block );
- i = 15;
- do {
- nonce_counter[i]++;
- cb = nonce_counter[i] == 0;
- } while( i-- && cb );
-
+ for( i = 16; i > 0; i-- )
+ if( ++nonce_counter[i - 1] != 0 )
+ break;
}
c = *input++;
*output++ = (unsigned char)( c ^ stream_block[n] );
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* !POLARSSL_CAMELLIA_ALT */
#if defined(POLARSSL_SELF_TEST)
}
};
+#if defined(POLARSSL_CIPHER_MODE_CBC)
#define CAMELLIA_TESTS_CBC 3
static const unsigned char camellia_test_cbc_key[3][32] =
0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
}
};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CTR)
/*
unsigned char buf[64];
unsigned char src[16];
unsigned char dst[16];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
unsigned char iv[16];
+#endif
#if defined(POLARSSL_CIPHER_MODE_CTR)
size_t offset, len;
unsigned char nonce_counter[16];
if( verbose != 0 )
printf( "\n" );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* CBC mode
*/
if( verbose != 0 )
printf( "passed\n" );
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
if( verbose != 0 )
printf( "\n" );
#if defined(POLARSSL_CERTS_C)
-const char test_ca_crt[] =
+#if defined(POLARSSL_ECDSA_C)
+#define TEST_CA_CRT_EC \
+"-----BEGIN CERTIFICATE-----\r\n" \
+"MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT\r\n" \
+"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n" \
+"QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT\r\n" \
+"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n" \
+"QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu\r\n" \
+"ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy\r\n" \
+"aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g\r\n" \
+"JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7\r\n" \
+"NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE\r\n" \
+"AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w\r\n" \
+"CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56\r\n" \
+"t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv\r\n" \
+"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n" \
+"-----END CERTIFICATE-----\r\n"
+const char test_ca_crt_ec[] = TEST_CA_CRT_EC;
+
+const char test_ca_key_ec[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"Proc-Type: 4,ENCRYPTED\r\n"
+"DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n"
+"\r\n"
+"IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n"
+"ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n"
+"UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
+"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+const char test_ca_pwd_ec[] = "PolarSSLTest";
+
+const char test_srv_crt_ec[] =
"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n"
-"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n"
-"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n"
-"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n"
-"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n"
-"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n"
-"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n"
-"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n"
-"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n"
-"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n"
-"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n"
-"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n"
-"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n"
-"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n"
-"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n"
-"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n"
+"MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
+"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n"
+"CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n"
+"2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n"
+"BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n"
+"PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n"
+"clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n"
+"CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n"
+"C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
+"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
"-----END CERTIFICATE-----\r\n";
-const char test_ca_key[] =
+const char test_srv_key_ec[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n"
+"AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
+"6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+const char test_cli_crt_ec[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIICLDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
+"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjBBMQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxHzAdBgNVBAMTFlBvbGFyU1NMIFRlc3QgQ2xpZW50IDIw\r\n"
+"WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX5a6xc9/TrLuTuIH/Eq7u5lOszlVT\r\n"
+"9jQOzC7jYyUL35ji81xgNpbA1RgUcOV/n9VLRRjlsGzVXPiWj4dwo+THo4GdMIGa\r\n"
+"MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMG4GA1Ud\r\n"
+"IwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDER\r\n"
+"MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC\r\n"
+"CQDBQ+J+YkPM6DAKBggqhkjOPQQDAgNoADBlAjBKZQ17IIOimbmoD/yN7o89u3BM\r\n"
+"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
+"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char test_cli_key_ec[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n"
+"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
+"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+#else
+#define TEST_CA_CRT_EC
+#endif /* POLARSSL_ECDSA_C */
+
+#if defined(POLARSSL_RSA_C)
+#define TEST_CA_CRT_RSA \
+"-----BEGIN CERTIFICATE-----\r\n" \
+"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
+"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
+"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
+"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
+"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
+"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
+"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
+"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \
+"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \
+"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \
+"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \
+"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \
+"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \
+"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \
+"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \
+"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \
+"-----END CERTIFICATE-----\r\n"
+const char test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
+
+const char test_ca_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n"
"Proc-Type: 4,ENCRYPTED\r\n"
"DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n"
"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
-const char test_ca_pwd[] = "PolarSSLTest";
+const char test_ca_pwd_rsa[] = "PolarSSLTest";
-const char test_srv_crt[] =
+const char test_srv_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
"/WzRyYRBRjAI49mzHX6raleqnw==\r\n"
"-----END CERTIFICATE-----\r\n";
-const char test_srv_key[] =
+const char test_srv_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n"
"MIIEogIBAAKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhFkNvuiBZS0/FDUEeW\r\n"
"Ellkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185fAkER4KwVzlw7aPs\r\n"
"mKsIVRBq4IfwiwyMNG2BYZQAwbSDjjPtn/kPBduPzPj7eriByhI=\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
-const char test_cli_crt[] =
+const char test_cli_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
"D+stpAKiQLAWaAusIWKYEyw9MQ==\r\n"
"-----END CERTIFICATE-----\r\n";
-const char test_cli_key[] =
+const char test_cli_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n"
"MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n"
"B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n"
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
+#else
+#define TEST_CA_CRT_RSA
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_DHM_C)
const char test_dhm_params[] =
"-----BEGIN DH PARAMETERS-----\r\n"
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
"-----END DH PARAMETERS-----\r\n";
+#endif
+
+/* Concatenation of all available CA certificates */
+const char test_ca_list[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
+#if defined(POLARSSL_RSA_C)
+const char *test_ca_crt = test_ca_crt_rsa;
+const char *test_ca_key = test_ca_key_rsa;
+const char *test_ca_pwd = test_ca_pwd_rsa;
+const char *test_srv_crt = test_srv_crt_rsa;
+const char *test_srv_key = test_srv_key_rsa;
+const char *test_cli_crt = test_cli_crt_rsa;
+const char *test_cli_key = test_cli_key_rsa;
+#else /* ! POLARSSL_RSA_C, so POLARSSL_ECDSA_C */
+const char *test_ca_crt = test_ca_crt_ec;
+const char *test_ca_key = test_ca_key_ec;
+const char *test_ca_pwd = test_ca_pwd_ec;
+const char *test_srv_crt = test_srv_crt_ec;
+const char *test_srv_key = test_srv_key_ec;
+const char *test_cli_crt = test_cli_crt_ec;
+const char *test_cli_key = test_cli_key_ec;
#endif
+
+#endif /* POLARSSL_CERTS_C */
--- /dev/null
+/**
+ * \file cipher.c
+ *
+ * \brief Generic cipher wrapper for PolarSSL
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_CIPHER_C)
+
+#include "polarssl/cipher.h"
+#include "polarssl/cipher_wrap.h"
+
+#if defined(POLARSSL_GCM_C)
+#include "polarssl/gcm.h"
+#endif
+
+#include <stdlib.h>
+
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
+#define POLARSSL_CIPHER_MODE_STREAM
+#endif
+
+#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
+ !defined(EFI32)
+#define strcasecmp _stricmp
+#endif
+
+static int supported_init = 0;
+
+const int *cipher_list( void )
+{
+ const cipher_definition_t *def;
+ int *type;
+
+ if( ! supported_init )
+ {
+ def = cipher_definitions;
+ type = supported_ciphers;
+
+ while( def->type != 0 )
+ *type++ = (*def++).type;
+
+ *type = 0;
+
+ supported_init = 1;
+ }
+
+ return supported_ciphers;
+}
+
+const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
+{
+ const cipher_definition_t *def;
+
+ for( def = cipher_definitions; def->info != NULL; def++ )
+ if( def->type == cipher_type )
+ return( def->info );
+
+ return NULL;
+}
+
+const cipher_info_t *cipher_info_from_string( const char *cipher_name )
+{
+ const cipher_definition_t *def;
+
+ if( NULL == cipher_name )
+ return NULL;
+
+ for( def = cipher_definitions; def->info != NULL; def++ )
+ if( ! strcasecmp( def->info->name, cipher_name ) )
+ return( def->info );
+
+ return NULL;
+}
+
+const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
+ int key_length,
+ const cipher_mode_t mode )
+{
+ const cipher_definition_t *def;
+
+ for( def = cipher_definitions; def->info != NULL; def++ )
+ if( def->info->base->cipher == cipher_id &&
+ def->info->key_length == (unsigned) key_length &&
+ def->info->mode == mode )
+ return( def->info );
+
+ return NULL;
+}
+
+int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
+{
+ if( NULL == cipher_info || NULL == ctx )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ memset( ctx, 0, sizeof( cipher_context_t ) );
+
+ if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
+ return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
+
+ ctx->cipher_info = cipher_info;
+
+#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
+ /*
+ * Ignore possible errors caused by a cipher mode that doesn't use padding
+ */
+#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
+ (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
+#else
+ (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
+#endif
+#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
+
+ return 0;
+}
+
+int cipher_free_ctx( cipher_context_t *ctx )
+{
+ if( ctx == NULL || ctx->cipher_info == NULL )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
+
+ return 0;
+}
+
+int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
+ int key_length, const operation_t operation )
+{
+ if( NULL == ctx || NULL == ctx->cipher_info )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ if( (int) ctx->cipher_info->key_length != key_length )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ ctx->key_length = key_length;
+ ctx->operation = operation;
+
+ /*
+ * For CFB and CTR mode always use the encryption key schedule
+ */
+ if( POLARSSL_ENCRYPT == operation ||
+ POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
+ POLARSSL_MODE_CTR == ctx->cipher_info->mode )
+ {
+ return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
+ ctx->key_length );
+ }
+
+ if( POLARSSL_DECRYPT == operation )
+ return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
+ ctx->key_length );
+
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+}
+
+int cipher_set_iv( cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len )
+{
+ size_t actual_iv_size;
+
+ if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ /* avoid buffer overflow in ctx->iv */
+ if( iv_len > POLARSSL_MAX_IV_LENGTH )
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+
+ if( ctx->cipher_info->accepts_variable_iv_size )
+ actual_iv_size = iv_len;
+ else
+ {
+ actual_iv_size = ctx->cipher_info->iv_size;
+
+ /* avoid reading past the end of input buffer */
+ if( actual_iv_size > iv_len )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+
+ memcpy( ctx->iv, iv, actual_iv_size );
+ ctx->iv_size = actual_iv_size;
+
+ return 0;
+}
+
+int cipher_reset( cipher_context_t *ctx )
+{
+ if( NULL == ctx || NULL == ctx->cipher_info )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ ctx->unprocessed_len = 0;
+
+ return 0;
+}
+
+#if defined(POLARSSL_CIPHER_MODE_AEAD)
+int cipher_update_ad( cipher_context_t *ctx,
+ const unsigned char *ad, size_t ad_len )
+{
+ if( NULL == ctx || NULL == ctx->cipher_info )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+#if defined(POLARSSL_GCM_C)
+ if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
+ {
+ return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
+ ctx->iv, ctx->iv_size, ad, ad_len );
+ }
+#endif
+
+ return 0;
+}
+#endif /* POLARSSL_CIPHER_MODE_AEAD */
+
+int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen )
+{
+ int ret;
+
+ *olen = 0;
+
+ if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
+ {
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+
+ if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
+ {
+ if( ilen != cipher_get_block_size( ctx ) )
+ return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+
+ *olen = ilen;
+
+ if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
+ ctx->operation, input, output ) ) )
+ {
+ return ret;
+ }
+
+ return 0;
+ }
+
+#if defined(POLARSSL_GCM_C)
+ if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
+ {
+ *olen = ilen;
+ return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
+ output );
+ }
+#endif
+
+ if( input == output &&
+ ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
+ {
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
+ {
+ size_t copy_len = 0;
+
+ /*
+ * If there is not enough data for a full block, cache it.
+ */
+ if( ( ctx->operation == POLARSSL_DECRYPT &&
+ ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
+ ( ctx->operation == POLARSSL_ENCRYPT &&
+ ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
+ {
+ memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
+ ilen );
+
+ ctx->unprocessed_len += ilen;
+ return 0;
+ }
+
+ /*
+ * Process cached data first
+ */
+ if( ctx->unprocessed_len != 0 )
+ {
+ copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
+
+ memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
+ copy_len );
+
+ if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
+ ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
+ ctx->unprocessed_data, output ) ) )
+ {
+ return ret;
+ }
+
+ *olen += cipher_get_block_size( ctx );
+ output += cipher_get_block_size( ctx );
+ ctx->unprocessed_len = 0;
+
+ input += copy_len;
+ ilen -= copy_len;
+ }
+
+ /*
+ * Cache final, incomplete block
+ */
+ if( 0 != ilen )
+ {
+ copy_len = ilen % cipher_get_block_size( ctx );
+ if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
+ copy_len = cipher_get_block_size(ctx);
+
+ memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
+ copy_len );
+
+ ctx->unprocessed_len += copy_len;
+ ilen -= copy_len;
+ }
+
+ /*
+ * Process remaining full blocks
+ */
+ if( ilen )
+ {
+ if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
+ ctx->operation, ilen, ctx->iv, input, output ) ) )
+ {
+ return ret;
+ }
+
+ *olen += ilen;
+ }
+
+ return 0;
+ }
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
+ {
+ if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
+ ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
+ input, output ) ) )
+ {
+ return ret;
+ }
+
+ *olen = ilen;
+
+ return 0;
+ }
+#endif
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
+ {
+ if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
+ ilen, &ctx->unprocessed_len, ctx->iv,
+ ctx->unprocessed_data, input, output ) ) )
+ {
+ return ret;
+ }
+
+ *olen = ilen;
+
+ return 0;
+ }
+#endif
+
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
+ if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
+ {
+ if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
+ ilen, input, output ) ) )
+ {
+ return ret;
+ }
+
+ *olen = ilen;
+
+ return 0;
+ }
+#endif
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+}
+
+#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
+#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
+/*
+ * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
+ */
+static void add_pkcs_padding( unsigned char *output, size_t output_len,
+ size_t data_len )
+{
+ size_t padding_len = output_len - data_len;
+ unsigned char i;
+
+ for( i = 0; i < padding_len; i++ )
+ output[data_len + i] = (unsigned char) padding_len;
+}
+
+static int get_pkcs_padding( unsigned char *input, size_t input_len,
+ size_t *data_len )
+{
+ size_t i, pad_idx;
+ unsigned char padding_len, bad = 0;
+
+ if( NULL == input || NULL == data_len )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ padding_len = input[input_len - 1];
+ *data_len = input_len - padding_len;
+
+ /* Avoid logical || since it results in a branch */
+ bad |= padding_len > input_len;
+ bad |= padding_len == 0;
+
+ /* The number of bytes checked must be independent of padding_len,
+ * so pick input_len, which is usually 8 or 16 (one block) */
+ pad_idx = input_len - padding_len;
+ for( i = 0; i < input_len; i++ )
+ bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
+
+ return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
+}
+#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
+
+#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
+/*
+ * One and zeros padding: fill with 80 00 ... 00
+ */
+static void add_one_and_zeros_padding( unsigned char *output,
+ size_t output_len, size_t data_len )
+{
+ size_t padding_len = output_len - data_len;
+ unsigned char i = 0;
+
+ output[data_len] = 0x80;
+ for( i = 1; i < padding_len; i++ )
+ output[data_len + i] = 0x00;
+}
+
+static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
+ size_t *data_len )
+{
+ size_t i;
+ unsigned char done = 0, prev_done, bad;
+
+ if( NULL == input || NULL == data_len )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ bad = 0xFF;
+ *data_len = 0;
+ for( i = input_len; i > 0; i-- )
+ {
+ prev_done = done;
+ done |= ( input[i-1] != 0 );
+ *data_len |= ( i - 1 ) * ( done != prev_done );
+ bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
+ }
+
+ return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
+
+}
+#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
+
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
+/*
+ * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
+ */
+static void add_zeros_and_len_padding( unsigned char *output,
+ size_t output_len, size_t data_len )
+{
+ size_t padding_len = output_len - data_len;
+ unsigned char i = 0;
+
+ for( i = 1; i < padding_len; i++ )
+ output[data_len + i - 1] = 0x00;
+ output[output_len - 1] = (unsigned char) padding_len;
+}
+
+static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
+ size_t *data_len )
+{
+ size_t i, pad_idx;
+ unsigned char padding_len, bad = 0;
+
+ if( NULL == input || NULL == data_len )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ padding_len = input[input_len - 1];
+ *data_len = input_len - padding_len;
+
+ /* Avoid logical || since it results in a branch */
+ bad |= padding_len > input_len;
+ bad |= padding_len == 0;
+
+ /* The number of bytes checked must be independent of padding_len */
+ pad_idx = input_len - padding_len;
+ for( i = 0; i < input_len - 1; i++ )
+ bad |= input[i] * ( i >= pad_idx );
+
+ return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
+}
+#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
+
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
+/*
+ * Zero padding: fill with 00 ... 00
+ */
+static void add_zeros_padding( unsigned char *output,
+ size_t output_len, size_t data_len )
+{
+ size_t i;
+
+ for( i = data_len; i < output_len; i++ )
+ output[i] = 0x00;
+}
+
+static int get_zeros_padding( unsigned char *input, size_t input_len,
+ size_t *data_len )
+{
+ size_t i;
+ unsigned char done = 0, prev_done;
+
+ if( NULL == input || NULL == data_len )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ *data_len = 0;
+ for( i = input_len; i > 0; i-- )
+ {
+ prev_done = done;
+ done |= ( input[i-1] != 0 );
+ *data_len |= i * ( done != prev_done );
+ }
+
+ return 0;
+}
+#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
+
+/*
+ * No padding: don't pad :)
+ *
+ * There is no add_padding function (check for NULL in cipher_finish)
+ * but a trivial get_padding function
+ */
+static int get_no_padding( unsigned char *input, size_t input_len,
+ size_t *data_len )
+{
+ if( NULL == input || NULL == data_len )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ *data_len = input_len;
+
+ return 0;
+}
+#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
+
+int cipher_finish( cipher_context_t *ctx,
+ unsigned char *output, size_t *olen )
+{
+ if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ *olen = 0;
+
+ if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
+ POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
+ POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
+ POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
+ {
+ return 0;
+ }
+
+ if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
+ {
+ if( ctx->unprocessed_len != 0 )
+ return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+
+ return 0;
+ }
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
+ {
+ int ret = 0;
+
+ if( POLARSSL_ENCRYPT == ctx->operation )
+ {
+ /* check for 'no padding' mode */
+ if( NULL == ctx->add_padding )
+ {
+ if( 0 != ctx->unprocessed_len )
+ return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+
+ return 0;
+ }
+
+ ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
+ ctx->unprocessed_len );
+ }
+ else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
+ {
+ /*
+ * For decrypt operations, expect a full block,
+ * or an empty block if no padding
+ */
+ if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
+ return 0;
+
+ return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+ }
+
+ /* cipher block */
+ if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
+ ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
+ ctx->unprocessed_data, output ) ) )
+ {
+ return ret;
+ }
+
+ /* Set output size for decryption */
+ if( POLARSSL_DECRYPT == ctx->operation )
+ return ctx->get_padding( output, cipher_get_block_size( ctx ),
+ olen );
+
+ /* Set output size for encryption */
+ *olen = cipher_get_block_size( ctx );
+ return 0;
+ }
+#else
+ ((void) output);
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+}
+
+#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
+int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
+{
+ if( NULL == ctx ||
+ POLARSSL_MODE_CBC != ctx->cipher_info->mode )
+ {
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+
+ switch( mode )
+ {
+#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
+ case POLARSSL_PADDING_PKCS7:
+ ctx->add_padding = add_pkcs_padding;
+ ctx->get_padding = get_pkcs_padding;
+ break;
+#endif
+#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
+ case POLARSSL_PADDING_ONE_AND_ZEROS:
+ ctx->add_padding = add_one_and_zeros_padding;
+ ctx->get_padding = get_one_and_zeros_padding;
+ break;
+#endif
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
+ case POLARSSL_PADDING_ZEROS_AND_LEN:
+ ctx->add_padding = add_zeros_and_len_padding;
+ ctx->get_padding = get_zeros_and_len_padding;
+ break;
+#endif
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
+ case POLARSSL_PADDING_ZEROS:
+ ctx->add_padding = add_zeros_padding;
+ ctx->get_padding = get_zeros_padding;
+ break;
+#endif
+ case POLARSSL_PADDING_NONE:
+ ctx->add_padding = NULL;
+ ctx->get_padding = get_no_padding;
+ break;
+
+ default:
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
+
+ return 0;
+}
+#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
+
+#if defined(POLARSSL_CIPHER_MODE_AEAD)
+int cipher_write_tag( cipher_context_t *ctx,
+ unsigned char *tag, size_t tag_len )
+{
+ if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ if( POLARSSL_ENCRYPT != ctx->operation )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+#if defined(POLARSSL_GCM_C)
+ if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
+ return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
+#endif
+
+ return 0;
+}
+
+int cipher_check_tag( cipher_context_t *ctx,
+ const unsigned char *tag, size_t tag_len )
+{
+ int ret;
+
+ if( NULL == ctx || NULL == ctx->cipher_info ||
+ POLARSSL_DECRYPT != ctx->operation )
+ {
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+
+#if defined(POLARSSL_GCM_C)
+ if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
+ {
+ unsigned char check_tag[16];
+ size_t i;
+ int diff;
+
+ if( tag_len > sizeof( check_tag ) )
+ return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+
+ if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
+ check_tag, tag_len ) ) )
+ {
+ return( ret );
+ }
+
+ /* Check the tag in "constant-time" */
+ for( diff = 0, i = 0; i < tag_len; i++ )
+ diff |= tag[i] ^ check_tag[i];
+
+ if( diff != 0 )
+ return( POLARSSL_ERR_CIPHER_AUTH_FAILED );
+
+ return( 0 );
+ }
+#endif
+
+ return( 0 );
+}
+#endif /* POLARSSL_CIPHER_MODE_AEAD */
+
+#if defined(POLARSSL_SELF_TEST)
+
+#include <stdio.h>
+
+#define ASSERT(x) if (!(x)) { \
+ printf( "failed with %i at %s\n", value, (#x) ); \
+ return( 1 ); \
+}
+/*
+ * Checkup routine
+ */
+
+int cipher_self_test( int verbose )
+{
+ ((void) verbose);
+
+ return( 0 );
+}
+
+#endif
+
+#endif
--- /dev/null
+/**
+ * \file cipher_wrap.c
+ *
+ * \brief Generic cipher wrapper for PolarSSL
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_CIPHER_C)
+
+#include "polarssl/cipher_wrap.h"
+
+#if defined(POLARSSL_AES_C)
+#include "polarssl/aes.h"
+#endif
+
+#if defined(POLARSSL_ARC4_C)
+#include "polarssl/arc4.h"
+#endif
+
+#if defined(POLARSSL_CAMELLIA_C)
+#include "polarssl/camellia.h"
+#endif
+
+#if defined(POLARSSL_DES_C)
+#include "polarssl/des.h"
+#endif
+
+#if defined(POLARSSL_BLOWFISH_C)
+#include "polarssl/blowfish.h"
+#endif
+
+#if defined(POLARSSL_GCM_C)
+#include "polarssl/gcm.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <stdlib.h>
+
+#if defined(POLARSSL_GCM_C)
+/* shared by all GCM ciphers */
+static void *gcm_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( gcm_context ) );
+}
+
+static void gcm_ctx_free( void *ctx )
+{
+ gcm_free( ctx );
+ polarssl_free( ctx );
+}
+#endif
+
+#if defined(POLARSSL_AES_C)
+
+static int aes_crypt_ecb_wrap( void *ctx, operation_t operation,
+ const unsigned char *input, unsigned char *output )
+{
+ return aes_crypt_ecb( (aes_context *) ctx, operation, input, output );
+}
+
+static int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+}
+
+static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
+ size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ return aes_crypt_cfb128( (aes_context *) ctx, operation, length, iv_off, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv_off);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static int aes_crypt_ctr_wrap( void *ctx, size_t length,
+ size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ return aes_crypt_ctr( (aes_context *) ctx, length, nc_off, nonce_counter,
+ stream_block, input, output );
+#else
+ ((void) ctx);
+ ((void) length);
+ ((void) nc_off);
+ ((void) nonce_counter);
+ ((void) stream_block);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return aes_setkey_dec( (aes_context *) ctx, key, key_length );
+}
+
+static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return aes_setkey_enc( (aes_context *) ctx, key, key_length );
+}
+
+static void * aes_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( aes_context ) );
+}
+
+static void aes_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+const cipher_base_t aes_info = {
+ POLARSSL_CIPHER_ID_AES,
+ aes_crypt_ecb_wrap,
+ aes_crypt_cbc_wrap,
+ aes_crypt_cfb128_wrap,
+ aes_crypt_ctr_wrap,
+ NULL,
+ aes_setkey_enc_wrap,
+ aes_setkey_dec_wrap,
+ aes_ctx_alloc,
+ aes_ctx_free
+};
+
+const cipher_info_t aes_128_ecb_info = {
+ POLARSSL_CIPHER_AES_128_ECB,
+ POLARSSL_MODE_ECB,
+ 128,
+ "AES-128-ECB",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_192_ecb_info = {
+ POLARSSL_CIPHER_AES_192_ECB,
+ POLARSSL_MODE_ECB,
+ 192,
+ "AES-192-ECB",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_256_ecb_info = {
+ POLARSSL_CIPHER_AES_256_ECB,
+ POLARSSL_MODE_ECB,
+ 256,
+ "AES-256-ECB",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+const cipher_info_t aes_128_cbc_info = {
+ POLARSSL_CIPHER_AES_128_CBC,
+ POLARSSL_MODE_CBC,
+ 128,
+ "AES-128-CBC",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_192_cbc_info = {
+ POLARSSL_CIPHER_AES_192_CBC,
+ POLARSSL_MODE_CBC,
+ 192,
+ "AES-192-CBC",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_256_cbc_info = {
+ POLARSSL_CIPHER_AES_256_CBC,
+ POLARSSL_MODE_CBC,
+ 256,
+ "AES-256-CBC",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+const cipher_info_t aes_128_cfb128_info = {
+ POLARSSL_CIPHER_AES_128_CFB128,
+ POLARSSL_MODE_CFB,
+ 128,
+ "AES-128-CFB128",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_192_cfb128_info = {
+ POLARSSL_CIPHER_AES_192_CFB128,
+ POLARSSL_MODE_CFB,
+ 192,
+ "AES-192-CFB128",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_256_cfb128_info = {
+ POLARSSL_CIPHER_AES_256_CFB128,
+ POLARSSL_MODE_CFB,
+ 256,
+ "AES-256-CFB128",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+const cipher_info_t aes_128_ctr_info = {
+ POLARSSL_CIPHER_AES_128_CTR,
+ POLARSSL_MODE_CTR,
+ 128,
+ "AES-128-CTR",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_192_ctr_info = {
+ POLARSSL_CIPHER_AES_192_CTR,
+ POLARSSL_MODE_CTR,
+ 192,
+ "AES-192-CTR",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+
+const cipher_info_t aes_256_ctr_info = {
+ POLARSSL_CIPHER_AES_256_CTR,
+ POLARSSL_MODE_CTR,
+ 256,
+ "AES-256-CTR",
+ 16,
+ 0,
+ 16,
+ &aes_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+#if defined(POLARSSL_GCM_C)
+static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return gcm_init( (gcm_context *) ctx, POLARSSL_CIPHER_ID_AES,
+ key, key_length );
+}
+
+const cipher_base_t gcm_aes_info = {
+ POLARSSL_CIPHER_ID_AES,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ gcm_aes_setkey_wrap,
+ gcm_aes_setkey_wrap,
+ gcm_ctx_alloc,
+ gcm_ctx_free,
+};
+
+const cipher_info_t aes_128_gcm_info = {
+ POLARSSL_CIPHER_AES_128_GCM,
+ POLARSSL_MODE_GCM,
+ 128,
+ "AES-128-GCM",
+ 12,
+ 1,
+ 16,
+ &gcm_aes_info
+};
+
+const cipher_info_t aes_192_gcm_info = {
+ POLARSSL_CIPHER_AES_192_GCM,
+ POLARSSL_MODE_GCM,
+ 192,
+ "AES-192-GCM",
+ 12,
+ 1,
+ 16,
+ &gcm_aes_info
+};
+
+const cipher_info_t aes_256_gcm_info = {
+ POLARSSL_CIPHER_AES_256_GCM,
+ POLARSSL_MODE_GCM,
+ 256,
+ "AES-256-GCM",
+ 12,
+ 1,
+ 16,
+ &gcm_aes_info
+};
+#endif /* POLARSSL_GCM_C */
+
+#endif
+
+#if defined(POLARSSL_CAMELLIA_C)
+
+static int camellia_crypt_ecb_wrap( void *ctx, operation_t operation,
+ const unsigned char *input, unsigned char *output )
+{
+ return camellia_crypt_ecb( (camellia_context *) ctx, operation, input, output );
+}
+
+static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+}
+
+static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
+ size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ return camellia_crypt_cfb128( (camellia_context *) ctx, operation, length, iv_off, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv_off);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static int camellia_crypt_ctr_wrap( void *ctx, size_t length,
+ size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ return camellia_crypt_ctr( (camellia_context *) ctx, length, nc_off, nonce_counter,
+ stream_block, input, output );
+#else
+ ((void) ctx);
+ ((void) length);
+ ((void) nc_off);
+ ((void) nonce_counter);
+ ((void) stream_block);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return camellia_setkey_dec( (camellia_context *) ctx, key, key_length );
+}
+
+static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return camellia_setkey_enc( (camellia_context *) ctx, key, key_length );
+}
+
+static void * camellia_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( camellia_context ) );
+}
+
+static void camellia_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+const cipher_base_t camellia_info = {
+ POLARSSL_CIPHER_ID_CAMELLIA,
+ camellia_crypt_ecb_wrap,
+ camellia_crypt_cbc_wrap,
+ camellia_crypt_cfb128_wrap,
+ camellia_crypt_ctr_wrap,
+ NULL,
+ camellia_setkey_enc_wrap,
+ camellia_setkey_dec_wrap,
+ camellia_ctx_alloc,
+ camellia_ctx_free
+};
+
+const cipher_info_t camellia_128_ecb_info = {
+ POLARSSL_CIPHER_CAMELLIA_128_ECB,
+ POLARSSL_MODE_ECB,
+ 128,
+ "CAMELLIA-128-ECB",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_192_ecb_info = {
+ POLARSSL_CIPHER_CAMELLIA_192_ECB,
+ POLARSSL_MODE_ECB,
+ 192,
+ "CAMELLIA-192-ECB",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_256_ecb_info = {
+ POLARSSL_CIPHER_CAMELLIA_256_ECB,
+ POLARSSL_MODE_ECB,
+ 256,
+ "CAMELLIA-256-ECB",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+const cipher_info_t camellia_128_cbc_info = {
+ POLARSSL_CIPHER_CAMELLIA_128_CBC,
+ POLARSSL_MODE_CBC,
+ 128,
+ "CAMELLIA-128-CBC",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_192_cbc_info = {
+ POLARSSL_CIPHER_CAMELLIA_192_CBC,
+ POLARSSL_MODE_CBC,
+ 192,
+ "CAMELLIA-192-CBC",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_256_cbc_info = {
+ POLARSSL_CIPHER_CAMELLIA_256_CBC,
+ POLARSSL_MODE_CBC,
+ 256,
+ "CAMELLIA-256-CBC",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+const cipher_info_t camellia_128_cfb128_info = {
+ POLARSSL_CIPHER_CAMELLIA_128_CFB128,
+ POLARSSL_MODE_CFB,
+ 128,
+ "CAMELLIA-128-CFB128",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_192_cfb128_info = {
+ POLARSSL_CIPHER_CAMELLIA_192_CFB128,
+ POLARSSL_MODE_CFB,
+ 192,
+ "CAMELLIA-192-CFB128",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_256_cfb128_info = {
+ POLARSSL_CIPHER_CAMELLIA_256_CFB128,
+ POLARSSL_MODE_CFB,
+ 256,
+ "CAMELLIA-256-CFB128",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+const cipher_info_t camellia_128_ctr_info = {
+ POLARSSL_CIPHER_CAMELLIA_128_CTR,
+ POLARSSL_MODE_CTR,
+ 128,
+ "CAMELLIA-128-CTR",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_192_ctr_info = {
+ POLARSSL_CIPHER_CAMELLIA_192_CTR,
+ POLARSSL_MODE_CTR,
+ 192,
+ "CAMELLIA-192-CTR",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+
+const cipher_info_t camellia_256_ctr_info = {
+ POLARSSL_CIPHER_CAMELLIA_256_CTR,
+ POLARSSL_MODE_CTR,
+ 256,
+ "CAMELLIA-256-CTR",
+ 16,
+ 0,
+ 16,
+ &camellia_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+#if defined(POLARSSL_GCM_C)
+static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return gcm_init( (gcm_context *) ctx, POLARSSL_CIPHER_ID_CAMELLIA,
+ key, key_length );
+}
+
+const cipher_base_t gcm_camellia_info = {
+ POLARSSL_CIPHER_ID_CAMELLIA,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ gcm_camellia_setkey_wrap,
+ gcm_camellia_setkey_wrap,
+ gcm_ctx_alloc,
+ gcm_ctx_free,
+};
+
+const cipher_info_t camellia_128_gcm_info = {
+ POLARSSL_CIPHER_CAMELLIA_128_GCM,
+ POLARSSL_MODE_GCM,
+ 128,
+ "CAMELLIA-128-GCM",
+ 12,
+ 1,
+ 16,
+ &gcm_camellia_info
+};
+
+const cipher_info_t camellia_192_gcm_info = {
+ POLARSSL_CIPHER_CAMELLIA_192_GCM,
+ POLARSSL_MODE_GCM,
+ 192,
+ "CAMELLIA-192-GCM",
+ 12,
+ 1,
+ 16,
+ &gcm_camellia_info
+};
+
+const cipher_info_t camellia_256_gcm_info = {
+ POLARSSL_CIPHER_CAMELLIA_256_GCM,
+ POLARSSL_MODE_GCM,
+ 256,
+ "CAMELLIA-256-GCM",
+ 12,
+ 1,
+ 16,
+ &gcm_camellia_info
+};
+#endif /* POLARSSL_GCM_C */
+
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+
+static int des_crypt_ecb_wrap( void *ctx, operation_t operation,
+ const unsigned char *input, unsigned char *output )
+{
+ ((void) operation);
+ return des_crypt_ecb( (des_context *) ctx, input, output );
+}
+
+static int des3_crypt_ecb_wrap( void *ctx, operation_t operation,
+ const unsigned char *input, unsigned char *output )
+{
+ ((void) operation);
+ return des3_crypt_ecb( (des3_context *) ctx, input, output );
+}
+
+static int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+}
+
+static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+}
+
+static int des_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
+ size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv_off);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+}
+
+static int des_crypt_ctr_wrap( void *ctx, size_t length,
+ size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output )
+{
+ ((void) ctx);
+ ((void) length);
+ ((void) nc_off);
+ ((void) nonce_counter);
+ ((void) stream_block);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+}
+
+static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ ((void) key_length);
+
+ return des_setkey_dec( (des_context *) ctx, key );
+}
+
+static int des_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ ((void) key_length);
+
+ return des_setkey_enc( (des_context *) ctx, key );
+}
+
+static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ ((void) key_length);
+
+ return des3_set2key_dec( (des3_context *) ctx, key );
+}
+
+static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ ((void) key_length);
+
+ return des3_set2key_enc( (des3_context *) ctx, key );
+}
+
+static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ ((void) key_length);
+
+ return des3_set3key_dec( (des3_context *) ctx, key );
+}
+
+static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ ((void) key_length);
+
+ return des3_set3key_enc( (des3_context *) ctx, key );
+}
+
+static void * des_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( des_context ) );
+}
+
+static void * des3_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( des3_context ) );
+}
+
+static void des_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+const cipher_base_t des_info = {
+ POLARSSL_CIPHER_ID_DES,
+ des_crypt_ecb_wrap,
+ des_crypt_cbc_wrap,
+ des_crypt_cfb128_wrap,
+ des_crypt_ctr_wrap,
+ NULL,
+ des_setkey_enc_wrap,
+ des_setkey_dec_wrap,
+ des_ctx_alloc,
+ des_ctx_free
+};
+
+const cipher_info_t des_ecb_info = {
+ POLARSSL_CIPHER_DES_ECB,
+ POLARSSL_MODE_ECB,
+ POLARSSL_KEY_LENGTH_DES,
+ "DES-ECB",
+ 8,
+ 0,
+ 8,
+ &des_info
+};
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+const cipher_info_t des_cbc_info = {
+ POLARSSL_CIPHER_DES_CBC,
+ POLARSSL_MODE_CBC,
+ POLARSSL_KEY_LENGTH_DES,
+ "DES-CBC",
+ 8,
+ 0,
+ 8,
+ &des_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+const cipher_base_t des_ede_info = {
+ POLARSSL_CIPHER_ID_DES,
+ des3_crypt_ecb_wrap,
+ des3_crypt_cbc_wrap,
+ des_crypt_cfb128_wrap,
+ des_crypt_ctr_wrap,
+ NULL,
+ des3_set2key_enc_wrap,
+ des3_set2key_dec_wrap,
+ des3_ctx_alloc,
+ des_ctx_free
+};
+
+const cipher_info_t des_ede_ecb_info = {
+ POLARSSL_CIPHER_DES_EDE_ECB,
+ POLARSSL_MODE_ECB,
+ POLARSSL_KEY_LENGTH_DES_EDE,
+ "DES-EDE-ECB",
+ 8,
+ 0,
+ 8,
+ &des_ede_info
+};
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+const cipher_info_t des_ede_cbc_info = {
+ POLARSSL_CIPHER_DES_EDE_CBC,
+ POLARSSL_MODE_CBC,
+ POLARSSL_KEY_LENGTH_DES_EDE,
+ "DES-EDE-CBC",
+ 8,
+ 0,
+ 8,
+ &des_ede_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+const cipher_base_t des_ede3_info = {
+ POLARSSL_CIPHER_ID_DES,
+ des3_crypt_ecb_wrap,
+ des3_crypt_cbc_wrap,
+ des_crypt_cfb128_wrap,
+ des_crypt_ctr_wrap,
+ NULL,
+ des3_set3key_enc_wrap,
+ des3_set3key_dec_wrap,
+ des3_ctx_alloc,
+ des_ctx_free
+};
+
+const cipher_info_t des_ede3_ecb_info = {
+ POLARSSL_CIPHER_DES_EDE3_ECB,
+ POLARSSL_MODE_ECB,
+ POLARSSL_KEY_LENGTH_DES_EDE3,
+ "DES-EDE3-ECB",
+ 8,
+ 0,
+ 8,
+ &des_ede3_info
+};
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+const cipher_info_t des_ede3_cbc_info = {
+ POLARSSL_CIPHER_DES_EDE3_CBC,
+ POLARSSL_MODE_CBC,
+ POLARSSL_KEY_LENGTH_DES_EDE3,
+ "DES-EDE3-CBC",
+ 8,
+ 0,
+ 8,
+ &des_ede3_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif
+
+#if defined(POLARSSL_BLOWFISH_C)
+
+static int blowfish_crypt_ecb_wrap( void *ctx, operation_t operation,
+ const unsigned char *input, unsigned char *output )
+{
+ return blowfish_crypt_ecb( (blowfish_context *) ctx, operation, input, output );
+}
+
+static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ return blowfish_crypt_cbc( (blowfish_context *) ctx, operation, length, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+}
+
+static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation, size_t length,
+ size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ return blowfish_crypt_cfb64( (blowfish_context *) ctx, operation, length, iv_off, iv, input, output );
+#else
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv_off);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static int blowfish_crypt_ctr_wrap( void *ctx, size_t length,
+ size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output )
+{
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ return blowfish_crypt_ctr( (blowfish_context *) ctx, length, nc_off, nonce_counter,
+ stream_block, input, output );
+#else
+ ((void) ctx);
+ ((void) length);
+ ((void) nc_off);
+ ((void) nonce_counter);
+ ((void) stream_block);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return blowfish_setkey( (blowfish_context *) ctx, key, key_length );
+}
+
+static void * blowfish_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( blowfish_context ) );
+}
+
+static void blowfish_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+const cipher_base_t blowfish_info = {
+ POLARSSL_CIPHER_ID_BLOWFISH,
+ blowfish_crypt_ecb_wrap,
+ blowfish_crypt_cbc_wrap,
+ blowfish_crypt_cfb64_wrap,
+ blowfish_crypt_ctr_wrap,
+ NULL,
+ blowfish_setkey_wrap,
+ blowfish_setkey_wrap,
+ blowfish_ctx_alloc,
+ blowfish_ctx_free
+};
+
+const cipher_info_t blowfish_ecb_info = {
+ POLARSSL_CIPHER_BLOWFISH_ECB,
+ POLARSSL_MODE_ECB,
+ 128,
+ "BLOWFISH-ECB",
+ 8,
+ 0,
+ 8,
+ &blowfish_info
+};
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+const cipher_info_t blowfish_cbc_info = {
+ POLARSSL_CIPHER_BLOWFISH_CBC,
+ POLARSSL_MODE_CBC,
+ 128,
+ "BLOWFISH-CBC",
+ 8,
+ 0,
+ 8,
+ &blowfish_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+const cipher_info_t blowfish_cfb64_info = {
+ POLARSSL_CIPHER_BLOWFISH_CFB64,
+ POLARSSL_MODE_CFB,
+ 128,
+ "BLOWFISH-CFB64",
+ 8,
+ 0,
+ 8,
+ &blowfish_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+const cipher_info_t blowfish_ctr_info = {
+ POLARSSL_CIPHER_BLOWFISH_CTR,
+ POLARSSL_MODE_CTR,
+ 128,
+ "BLOWFISH-CTR",
+ 8,
+ 0,
+ 8,
+ &blowfish_info
+};
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* POLARSSL_BLOWFISH_C */
+
+#if defined(POLARSSL_ARC4_C)
+static int arc4_crypt_stream_wrap( void *ctx, size_t length,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ return( arc4_crypt( (arc4_context *) ctx, length, input, output ) );
+}
+
+static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
+ unsigned int key_length )
+{
+ /* we get key_length in bits, arc4 expects it in bytes */
+ if( key_length % 8 != 0)
+ return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
+
+ arc4_setup( (arc4_context *) ctx, key, key_length / 8 );
+ return( 0 );
+}
+
+static void * arc4_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( arc4_context ) );
+}
+
+static void arc4_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+const cipher_base_t arc4_base_info = {
+ POLARSSL_CIPHER_ID_ARC4,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ arc4_crypt_stream_wrap,
+ arc4_setkey_wrap,
+ arc4_setkey_wrap,
+ arc4_ctx_alloc,
+ arc4_ctx_free
+};
+
+const cipher_info_t arc4_128_info = {
+ POLARSSL_CIPHER_ARC4_128,
+ POLARSSL_MODE_STREAM,
+ 128,
+ "ARC4-128",
+ 0,
+ 0,
+ 1,
+ &arc4_base_info
+};
+#endif /* POLARSSL_ARC4_C */
+
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+static int null_crypt_stream( void *ctx, size_t length,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ ((void) ctx);
+ memmove( output, input, length );
+ return( 0 );
+}
+
+static int null_setkey( void *ctx, const unsigned char *key,
+ unsigned int key_length )
+{
+ ((void) ctx);
+ ((void) key);
+ ((void) key_length);
+
+ return( 0 );
+}
+
+static void * null_ctx_alloc( void )
+{
+ return (void *) 1;
+}
+
+static void null_ctx_free( void *ctx )
+{
+ ((void) ctx);
+}
+
+const cipher_base_t null_base_info = {
+ POLARSSL_CIPHER_ID_NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ null_crypt_stream,
+ null_setkey,
+ null_setkey,
+ null_ctx_alloc,
+ null_ctx_free
+};
+
+const cipher_info_t null_cipher_info = {
+ POLARSSL_CIPHER_NULL,
+ POLARSSL_MODE_STREAM,
+ 0,
+ "NULL",
+ 0,
+ 0,
+ 1,
+ &null_base_info
+};
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
+const cipher_definition_t cipher_definitions[] =
+{
+#if defined(POLARSSL_AES_C)
+ { POLARSSL_CIPHER_AES_128_ECB, &aes_128_ecb_info },
+ { POLARSSL_CIPHER_AES_192_ECB, &aes_192_ecb_info },
+ { POLARSSL_CIPHER_AES_256_ECB, &aes_256_ecb_info },
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { POLARSSL_CIPHER_AES_128_CBC, &aes_128_cbc_info },
+ { POLARSSL_CIPHER_AES_192_CBC, &aes_192_cbc_info },
+ { POLARSSL_CIPHER_AES_256_CBC, &aes_256_cbc_info },
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ { POLARSSL_CIPHER_AES_128_CFB128, &aes_128_cfb128_info },
+ { POLARSSL_CIPHER_AES_192_CFB128, &aes_192_cfb128_info },
+ { POLARSSL_CIPHER_AES_256_CFB128, &aes_256_cfb128_info },
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ { POLARSSL_CIPHER_AES_128_CTR, &aes_128_ctr_info },
+ { POLARSSL_CIPHER_AES_192_CTR, &aes_192_ctr_info },
+ { POLARSSL_CIPHER_AES_256_CTR, &aes_256_ctr_info },
+#endif
+#if defined(POLARSSL_GCM_C)
+ { POLARSSL_CIPHER_AES_128_GCM, &aes_128_gcm_info },
+ { POLARSSL_CIPHER_AES_192_GCM, &aes_192_gcm_info },
+ { POLARSSL_CIPHER_AES_256_GCM, &aes_256_gcm_info },
+#endif
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_ARC4_C)
+ { POLARSSL_CIPHER_ARC4_128, &arc4_128_info },
+#endif
+
+#if defined(POLARSSL_BLOWFISH_C)
+ { POLARSSL_CIPHER_BLOWFISH_ECB, &blowfish_ecb_info },
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { POLARSSL_CIPHER_BLOWFISH_CBC, &blowfish_cbc_info },
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ { POLARSSL_CIPHER_BLOWFISH_CFB64, &blowfish_cfb64_info },
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ { POLARSSL_CIPHER_BLOWFISH_CTR, &blowfish_ctr_info },
+#endif
+#endif /* POLARSSL_BLOWFISH_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+ { POLARSSL_CIPHER_CAMELLIA_128_ECB, &camellia_128_ecb_info },
+ { POLARSSL_CIPHER_CAMELLIA_192_ECB, &camellia_192_ecb_info },
+ { POLARSSL_CIPHER_CAMELLIA_256_ECB, &camellia_256_ecb_info },
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { POLARSSL_CIPHER_CAMELLIA_128_CBC, &camellia_128_cbc_info },
+ { POLARSSL_CIPHER_CAMELLIA_192_CBC, &camellia_192_cbc_info },
+ { POLARSSL_CIPHER_CAMELLIA_256_CBC, &camellia_256_cbc_info },
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ { POLARSSL_CIPHER_CAMELLIA_128_CFB128, &camellia_128_cfb128_info },
+ { POLARSSL_CIPHER_CAMELLIA_192_CFB128, &camellia_192_cfb128_info },
+ { POLARSSL_CIPHER_CAMELLIA_256_CFB128, &camellia_256_cfb128_info },
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ { POLARSSL_CIPHER_CAMELLIA_128_CTR, &camellia_128_ctr_info },
+ { POLARSSL_CIPHER_CAMELLIA_192_CTR, &camellia_192_ctr_info },
+ { POLARSSL_CIPHER_CAMELLIA_256_CTR, &camellia_256_ctr_info },
+#endif
+#if defined(POLARSSL_GCM_C)
+ { POLARSSL_CIPHER_CAMELLIA_128_GCM, &camellia_128_gcm_info },
+ { POLARSSL_CIPHER_CAMELLIA_192_GCM, &camellia_192_gcm_info },
+ { POLARSSL_CIPHER_CAMELLIA_256_GCM, &camellia_256_gcm_info },
+#endif
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+ { POLARSSL_CIPHER_DES_ECB, &des_ecb_info },
+ { POLARSSL_CIPHER_DES_EDE_ECB, &des_ede_ecb_info },
+ { POLARSSL_CIPHER_DES_EDE3_ECB, &des_ede3_ecb_info },
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { POLARSSL_CIPHER_DES_CBC, &des_cbc_info },
+ { POLARSSL_CIPHER_DES_EDE_CBC, &des_ede_cbc_info },
+ { POLARSSL_CIPHER_DES_EDE3_CBC, &des_ede3_cbc_info },
+#endif
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+ { POLARSSL_CIPHER_NULL, &null_cipher_info },
+#endif /* POLARSSL_CIPHER_NULL_CIPHER */
+
+ { 0, NULL }
+};
+
+#define NUM_CIPHERS sizeof cipher_definitions / sizeof cipher_definitions[0]
+int supported_ciphers[NUM_CIPHERS];
+
+#endif
/*
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
{
ctx->entropy_len = len;
}
-
+
void ctr_drbg_set_reseed_interval( ctr_drbg_context *ctx, int interval )
{
ctx->reseed_interval = interval;
}
-
-int block_cipher_df( unsigned char *output,
- const unsigned char *data, size_t data_len )
+
+static int block_cipher_df( unsigned char *output,
+ const unsigned char *data, size_t data_len )
{
unsigned char buf[CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16];
unsigned char tmp[CTR_DRBG_SEEDLEN];
unsigned char *p = buf, *iv;
aes_context aes_ctx;
- int i, j, buf_len, use_len;
+ int i, j;
+ size_t buf_len, use_len;
memset( buf, 0, CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16 );
for( i = 0; i < CTR_DRBG_BLOCKSIZE; i++ )
chain[i] ^= p[i];
p += CTR_DRBG_BLOCKSIZE;
- use_len -= CTR_DRBG_BLOCKSIZE;
+ use_len -= ( use_len >= CTR_DRBG_BLOCKSIZE ) ?
+ CTR_DRBG_BLOCKSIZE : use_len;
aes_crypt_ecb( &aes_ctx, AES_ENCRYPT, chain, chain );
}
-
+
memcpy( tmp + j, chain, CTR_DRBG_BLOCKSIZE );
/*
return( 0 );
}
-int ctr_drbg_update_internal( ctr_drbg_context *ctx,
+static int ctr_drbg_update_internal( ctr_drbg_context *ctx,
const unsigned char data[CTR_DRBG_SEEDLEN] )
{
unsigned char tmp[CTR_DRBG_SEEDLEN];
unsigned char *p = tmp;
- int cb, i, j;
+ int i, j;
memset( tmp, 0, CTR_DRBG_SEEDLEN );
/*
* Increase counter
*/
- i = CTR_DRBG_BLOCKSIZE - 1;
- do {
- ctx->counter[i]++;
- cb = ctx->counter[i] == 0;
- } while( i-- && cb );
+ for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
+ if( ++ctx->counter[i - 1] != 0 )
+ break;
/*
* Crypt counter block
memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT );
/*
- * Gather enropy_len bytes of entropy to seed state
+ * Gather entropy_len bytes of entropy to seed state
*/
if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
ctx->entropy_len ) )
unsigned char add_input[CTR_DRBG_SEEDLEN];
unsigned char *p = output;
unsigned char tmp[CTR_DRBG_BLOCKSIZE];
- int cb, i;
+ int i;
size_t use_len;
if( output_len > CTR_DRBG_MAX_REQUEST )
/*
* Increase counter
*/
- i = CTR_DRBG_BLOCKSIZE - 1;
- do {
- ctx->counter[i]++;
- cb = ctx->counter[i] == 0;
- } while( i-- && cb );
+ for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
+ if( ++ctx->counter[i - 1] != 0 )
+ break;
/*
* Crypt counter block
#if defined(POLARSSL_FS_IO)
int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path )
{
- int ret;
+ int ret = POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR;
FILE *f;
unsigned char buf[ CTR_DRBG_MAX_INPUT ];
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
if( ( ret = ctr_drbg_random( ctx, buf, CTR_DRBG_MAX_INPUT ) ) != 0 )
- return( ret );
+ goto exit;
if( fwrite( buf, 1, CTR_DRBG_MAX_INPUT, f ) != CTR_DRBG_MAX_INPUT )
{
- fclose( f );
- return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
+ ret = POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR;
+ goto exit;
}
+ ret = 0;
+
+exit:
fclose( f );
- return( 0 );
+ return( ret );
}
int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path )
fseek( f, 0, SEEK_SET );
if( n > CTR_DRBG_MAX_INPUT )
+ {
+ fclose( f );
return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ }
if( fread( buf, 1, n, f ) != n )
{
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
}
- ctr_drbg_update( ctx, buf, n );
-
fclose( f );
-
+
+ ctr_drbg_update( ctx, buf, n );
+
return( ctr_drbg_write_seed_file( ctx, path ) );
}
#endif /* POLARSSL_FS_IO */
0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
int test_offset;
-int ctr_drbg_self_test_entropy( void *data, unsigned char *buf, size_t len )
+static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
+ size_t len )
{
unsigned char *p = data;
memcpy( buf, p + test_offset, len );
#include <stdarg.h>
#include <stdlib.h>
-#if defined _MSC_VER && !defined snprintf
+#if defined(EFIX64) || defined(EFI32)
+#include <stdio.h>
+#endif
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#if !defined snprintf
#define snprintf _snprintf
#endif
-#if defined _MSC_VER && !defined vsnprintf
+#if !defined vsnprintf
#define vsnprintf _vsnprintf
#endif
+#endif /* _MSC_VER */
char *debug_fmt( const char *format, ... )
{
ssl->f_dbg( ssl->p_dbg, level, "\n" );
}
+#if defined(POLARSSL_ECP_C)
+void debug_print_ecp( const ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const ecp_point *X )
+{
+ char str[512];
+ int maxlen = sizeof( str ) - 1;
+
+ snprintf( str, maxlen, "%s(X)", text );
+ str[maxlen] = '\0';
+ debug_print_mpi( ssl, level, file, line, str, &X->X );
+
+ snprintf( str, maxlen, "%s(Y)", text );
+ str[maxlen] = '\0';
+ debug_print_mpi( ssl, level, file, line, str, &X->Y );
+
+ snprintf( str, maxlen, "%s(Z)", text );
+ str[maxlen] = '\0';
+ debug_print_mpi( ssl, level, file, line, str, &X->Z );
+}
+#endif /* POLARSSL_ECP_C */
+
+#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mpi *X )
if( ( ( X->p[n] >> j ) & 1 ) != 0 )
break;
- snprintf( str, maxlen, "%s(%04d): value of '%s' (%lu bits) is:\n",
+ snprintf( str, maxlen, "%s(%04d): value of '%s' (%d bits) is:\n",
file, line, text,
- (unsigned long) ( ( n * ( sizeof(t_uint) << 3 ) ) + j + 1 ) );
+ (int) ( ( n * ( sizeof(t_uint) << 3 ) ) + j + 1 ) );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->f_dbg( ssl->p_dbg, level, "\n" );
}
+#endif /* POLARSSL_BIGNUM_C */
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+static void debug_print_pk( const ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const pk_context *pk )
+{
+ size_t i;
+ pk_debug_item items[POLARSSL_PK_DEBUG_MAX_ITEMS];
+ char name[16];
+
+ memset( items, 0, sizeof( items ) );
+
+ if( pk_debug( pk, items ) != 0 )
+ {
+ debug_print_msg( ssl, level, file, line, "invalid PK context" );
+ return;
+ }
+
+ for( i = 0; i < sizeof( items ); i++ )
+ {
+ if( items[i].type == POLARSSL_PK_DEBUG_NONE )
+ return;
+
+ snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
+ name[sizeof( name ) - 1] = '\0';
+
+ if( items[i].type == POLARSSL_PK_DEBUG_MPI )
+ debug_print_mpi( ssl, level, file, line, name, items[i].value );
+ else
+#if defined(POLARSSL_ECP_C)
+ if( items[i].type == POLARSSL_PK_DEBUG_ECP )
+ debug_print_ecp( ssl, level, file, line, name, items[i].value );
+ else
+#endif
+ debug_print_msg( ssl, level, file, line, "should not happen" );
+ }
+}
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
- const char *text, const x509_cert *crt )
+ const char *text, const x509_crt *crt )
{
char str[1024], prefix[64];
int i = 0, maxlen = sizeof( prefix ) - 1;
while( crt != NULL )
{
char buf[1024];
- x509parse_cert_info( buf, sizeof( buf ) - 1, prefix, crt );
+ x509_crt_info( buf, sizeof( buf ) - 1, prefix, crt );
snprintf( str, maxlen, "%s(%04d): %s #%d:\n%s",
file, line, text, ++i, buf );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
- debug_print_mpi( ssl, level, file, line,
- "crt->rsa.N", &crt->rsa.N );
-
- debug_print_mpi( ssl, level, file, line,
- "crt->rsa.E", &crt->rsa.E );
+ debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
crt = crt->next;
}
}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
#endif
/*
* FIPS-46-3 compliant Triple-DES implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/des.h"
+#if !defined(POLARSSL_DES_ALT)
+
/*
* 32-bit integer manipulation macros (big endian)
*/
-#ifndef GET_ULONG_BE
-#define GET_ULONG_BE(n,b,i) \
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
- | ( (unsigned long) (b)[(i) + 1] << 16 ) \
- | ( (unsigned long) (b)[(i) + 2] << 8 ) \
- | ( (unsigned long) (b)[(i) + 3] ); \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
-#ifndef PUT_ULONG_BE
-#define PUT_ULONG_BE(n,b,i) \
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
/*
* Expanded DES S-boxes
*/
-static const unsigned long SB1[64] =
+static const uint32_t SB1[64] =
{
0x01010400, 0x00000000, 0x00010000, 0x01010404,
0x01010004, 0x00010404, 0x00000004, 0x00010000,
0x00010004, 0x00010400, 0x00000000, 0x01010004
};
-static const unsigned long SB2[64] =
+static const uint32_t SB2[64] =
{
0x80108020, 0x80008000, 0x00008000, 0x00108020,
0x00100000, 0x00000020, 0x80100020, 0x80008020,
0x80000000, 0x80100020, 0x80108020, 0x00108000
};
-static const unsigned long SB3[64] =
+static const uint32_t SB3[64] =
{
0x00000208, 0x08020200, 0x00000000, 0x08020008,
0x08000200, 0x00000000, 0x00020208, 0x08000200,
0x00020208, 0x00000008, 0x08020008, 0x00020200
};
-static const unsigned long SB4[64] =
+static const uint32_t SB4[64] =
{
0x00802001, 0x00002081, 0x00002081, 0x00000080,
0x00802080, 0x00800081, 0x00800001, 0x00002001,
0x00000080, 0x00800000, 0x00002000, 0x00802080
};
-static const unsigned long SB5[64] =
+static const uint32_t SB5[64] =
{
0x00000100, 0x02080100, 0x02080000, 0x42000100,
0x00080000, 0x00000100, 0x40000000, 0x02080000,
0x00000000, 0x40080000, 0x02080100, 0x40000100
};
-static const unsigned long SB6[64] =
+static const uint32_t SB6[64] =
{
0x20000010, 0x20400000, 0x00004000, 0x20404010,
0x20400000, 0x00000010, 0x20404010, 0x00400000,
0x20404000, 0x20000000, 0x00400010, 0x20004010
};
-static const unsigned long SB7[64] =
+static const uint32_t SB7[64] =
{
0x00200000, 0x04200002, 0x04000802, 0x00000000,
0x00000800, 0x04000802, 0x00200802, 0x04200800,
0x04000002, 0x04000800, 0x00000800, 0x00200002
};
-static const unsigned long SB8[64] =
+static const uint32_t SB8[64] =
{
0x10001040, 0x00001000, 0x00040000, 0x10041040,
0x10000000, 0x10001040, 0x00000040, 0x10000000,
/*
* PC1: left and right halves bit-swap
*/
-static const unsigned long LHs[16] =
+static const uint32_t LHs[16] =
{
0x00000000, 0x00000001, 0x00000100, 0x00000101,
0x00010000, 0x00010001, 0x00010100, 0x00010101,
0x01010000, 0x01010001, 0x01010100, 0x01010101
};
-static const unsigned long RHs[16] =
+static const uint32_t RHs[16] =
{
0x00000000, 0x01000000, 0x00010000, 0x01010000,
0x00000100, 0x01000100, 0x00010100, 0x01010100,
SB1[ (T >> 24) & 0x3F ]; \
}
-#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
+#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
return( 0 );
}
-static void des_setkey( unsigned long SK[32], const unsigned char key[DES_KEY_SIZE] )
+static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
{
int i;
- unsigned long X, Y, T;
+ uint32_t X, Y, T;
- GET_ULONG_BE( X, key, 0 );
- GET_ULONG_BE( Y, key, 4 );
+ GET_UINT32_BE( X, key, 0 );
+ GET_UINT32_BE( Y, key, 4 );
/*
* Permuted Choice 1
return( 0 );
}
-static void des3_set2key( unsigned long esk[96],
- unsigned long dsk[96],
+static void des3_set2key( uint32_t esk[96],
+ uint32_t dsk[96],
const unsigned char key[DES_KEY_SIZE*2] )
{
int i;
*/
int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
{
- unsigned long sk[96];
+ uint32_t sk[96];
des3_set2key( ctx->sk, sk, key );
memset( sk, 0, sizeof( sk ) );
*/
int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
{
- unsigned long sk[96];
+ uint32_t sk[96];
des3_set2key( sk, ctx->sk, key );
memset( sk, 0, sizeof( sk ) );
return( 0 );
}
-static void des3_set3key( unsigned long esk[96],
- unsigned long dsk[96],
+static void des3_set3key( uint32_t esk[96],
+ uint32_t dsk[96],
const unsigned char key[24] )
{
int i;
*/
int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
{
- unsigned long sk[96];
+ uint32_t sk[96];
des3_set3key( ctx->sk, sk, key );
memset( sk, 0, sizeof( sk ) );
*/
int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
{
- unsigned long sk[96];
+ uint32_t sk[96];
des3_set3key( sk, ctx->sk, key );
memset( sk, 0, sizeof( sk ) );
unsigned char output[8] )
{
int i;
- unsigned long X, Y, T, *SK;
+ uint32_t X, Y, T, *SK;
SK = ctx->sk;
- GET_ULONG_BE( X, input, 0 );
- GET_ULONG_BE( Y, input, 4 );
+ GET_UINT32_BE( X, input, 0 );
+ GET_UINT32_BE( Y, input, 4 );
DES_IP( X, Y );
DES_FP( Y, X );
- PUT_ULONG_BE( Y, output, 0 );
- PUT_ULONG_BE( X, output, 4 );
+ PUT_UINT32_BE( Y, output, 0 );
+ PUT_UINT32_BE( X, output, 4 );
return( 0 );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* DES-CBC buffer encryption/decryption
*/
return( 0 );
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
/*
* 3DES-ECB block encryption/decryption
unsigned char output[8] )
{
int i;
- unsigned long X, Y, T, *SK;
+ uint32_t X, Y, T, *SK;
SK = ctx->sk;
- GET_ULONG_BE( X, input, 0 );
- GET_ULONG_BE( Y, input, 4 );
+ GET_UINT32_BE( X, input, 0 );
+ GET_UINT32_BE( Y, input, 4 );
DES_IP( X, Y );
DES_FP( Y, X );
- PUT_ULONG_BE( Y, output, 0 );
- PUT_ULONG_BE( X, output, 4 );
+ PUT_UINT32_BE( Y, output, 0 );
+ PUT_UINT32_BE( X, output, 4 );
return( 0 );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* 3DES-CBC buffer encryption/decryption
*/
return( 0 );
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#endif /* !POLARSSL_DES_ALT */
#if defined(POLARSSL_SELF_TEST)
des3_context ctx3;
unsigned char key[24];
unsigned char buf[8];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
unsigned char prv[8];
unsigned char iv[8];
+#endif
memset( key, 0, 24 );
switch( i )
{
case 0:
- des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
+ des_setkey_dec( &ctx, des3_test_keys );
break;
case 1:
- des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
+ des_setkey_enc( &ctx, des3_test_keys );
break;
case 2:
- des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set2key_dec( &ctx3, des3_test_keys );
break;
case 3:
- des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set2key_enc( &ctx3, des3_test_keys );
break;
case 4:
- des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set3key_dec( &ctx3, des3_test_keys );
break;
case 5:
- des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set3key_enc( &ctx3, des3_test_keys );
break;
default:
if( verbose != 0 )
printf( "\n" );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* CBC mode
*/
switch( i )
{
case 0:
- des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
+ des_setkey_dec( &ctx, des3_test_keys );
break;
case 1:
- des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
+ des_setkey_enc( &ctx, des3_test_keys );
break;
case 2:
- des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set2key_dec( &ctx3, des3_test_keys );
break;
case 3:
- des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set2key_enc( &ctx3, des3_test_keys );
break;
case 4:
- des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set3key_dec( &ctx3, des3_test_keys );
break;
case 5:
- des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
+ des3_set3key_enc( &ctx3, des3_test_keys );
break;
default:
if( verbose != 0 )
printf( "passed\n" );
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
if( verbose != 0 )
printf( "\n" );
#include "polarssl/dhm.h"
+#if defined(POLARSSL_PEM_PARSE_C)
+#include "polarssl/pem.h"
+#endif
+
+#if defined(POLARSSL_ASN1_PARSE_C)
+#include "polarssl/asn1.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#include <stdlib.h>
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
/*
* helper to validate the mpi size and import it
*/
unsigned char **p,
const unsigned char *end )
{
- int ret, n;
+ int ret;
- memset( ctx, 0, sizeof( dhm_context ) );
+ dhm_free( ctx );
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
ctx->len = mpi_size( &ctx->P );
- if( end - *p < 2 )
- return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
-
- n = ( (*p)[0] << 8 ) | (*p)[1];
- (*p) += 2;
-
- if( end != *p + n )
- return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
-
return( 0 );
}
size_t n1, n2, n3;
unsigned char *p;
+ if( mpi_cmp_int( &ctx->P, 0 ) == 0 )
+ return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
+
/*
* Generate X as large as possible ( < P )
*/
if( ctx == NULL || olen < 1 || olen > ctx->len )
return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
+ if( mpi_cmp_int( &ctx->P, 0 ) == 0 )
+ return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
+
/*
* generate X and calculate GX = G^X mod P
*/
return( 0 );
}
+/*
+ * Use the blinding method and optimisation suggested in section 10 of:
+ * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
+ * DSS, and other systems. In : Advances in Cryptology—CRYPTO’96. Springer
+ * Berlin Heidelberg, 1996. p. 104-113.
+ */
+static int dhm_update_blinding( dhm_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret, count;
+
+ /*
+ * Don't use any blinding the first time a particular X is used,
+ * but remember it to use blinding next time.
+ */
+ if( mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
+ {
+ MPI_CHK( mpi_copy( &ctx->pX, &ctx->X ) );
+ MPI_CHK( mpi_lset( &ctx->Vi, 1 ) );
+ MPI_CHK( mpi_lset( &ctx->Vf, 1 ) );
+
+ return( 0 );
+ }
+
+ /*
+ * Ok, we need blinding. Can we re-use existing values?
+ * If yes, just update them by squaring them.
+ */
+ if( mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
+ {
+ MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
+
+ MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+
+ return( 0 );
+ }
+
+ /*
+ * We need to generate blinding values from scratch
+ */
+
+ /* Vi = random( 2, P-1 ) */
+ count = 0;
+ do
+ {
+ mpi_fill_random( &ctx->Vi, mpi_size( &ctx->P ), f_rng, p_rng );
+
+ while( mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
+ mpi_shift_r( &ctx->Vi, 1 );
+
+ if( count++ > 10 )
+ return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
+ }
+ while( mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
+
+ /* Vf = Vi^-X mod P */
+ MPI_CHK( mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
+ MPI_CHK( mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
+
+cleanup:
+ return( ret );
+}
+
/*
* Derive and export the shared secret (G^Y)^X mod P
*/
int dhm_calc_secret( dhm_context *ctx,
- unsigned char *output, size_t *olen )
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
+ mpi GYb;
if( ctx == NULL || *olen < ctx->len )
return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
- MPI_CHK( mpi_exp_mod( &ctx->K, &ctx->GY, &ctx->X,
- &ctx->P, &ctx->RP ) );
-
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
return( ret );
+ mpi_init( &GYb );
+
+ /* Blind peer's value */
+ if( f_rng != NULL )
+ {
+ MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
+ MPI_CHK( mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
+ MPI_CHK( mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
+ }
+ else
+ MPI_CHK( mpi_copy( &GYb, &ctx->GY ) );
+
+ /* Do modular exponentiation */
+ MPI_CHK( mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
+ &ctx->P, &ctx->RP ) );
+
+ /* Unblind secret value */
+ if( f_rng != NULL )
+ {
+ MPI_CHK( mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
+ }
+
*olen = mpi_size( &ctx->K );
MPI_CHK( mpi_write_binary( &ctx->K, output, *olen ) );
cleanup:
+ mpi_free( &GYb );
if( ret != 0 )
return( POLARSSL_ERR_DHM_CALC_SECRET_FAILED + ret );
*/
void dhm_free( dhm_context *ctx )
{
+ mpi_free( &ctx->pX); mpi_free( &ctx->Vf ); mpi_free( &ctx->Vi );
mpi_free( &ctx->RP ); mpi_free( &ctx->K ); mpi_free( &ctx->GY );
mpi_free( &ctx->GX ); mpi_free( &ctx->X ); mpi_free( &ctx->G );
mpi_free( &ctx->P );
+
+ memset( ctx, 0, sizeof( dhm_context ) );
}
+#if defined(POLARSSL_ASN1_PARSE_C)
+/*
+ * Parse DHM parameters
+ */
+int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
+{
+ int ret;
+ size_t len;
+ unsigned char *p, *end;
+#if defined(POLARSSL_PEM_PARSE_C)
+ pem_context pem;
+
+ pem_init( &pem );
+ memset( dhm, 0, sizeof( dhm_context ) );
+
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN DH PARAMETERS-----",
+ "-----END DH PARAMETERS-----",
+ dhmin, NULL, 0, &dhminlen );
+
+ if( ret == 0 )
+ {
+ /*
+ * Was PEM encoded
+ */
+ dhminlen = pem.buflen;
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ goto exit;
+
+ p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
+#else
+ p = (unsigned char *) dhmin;
+#endif
+ end = p + dhminlen;
+
+ /*
+ * DHParams ::= SEQUENCE {
+ * prime INTEGER, -- P
+ * generator INTEGER, -- g
+ * }
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret;
+ goto exit;
+ }
+
+ end = p + len;
+
+ if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
+ {
+ ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret;
+ goto exit;
+ }
+
+ if( p != end )
+ {
+ ret = POLARSSL_ERR_DHM_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
+ goto exit;
+ }
+
+ ret = 0;
+
+exit:
+#if defined(POLARSSL_PEM_PARSE_C)
+ pem_free( &pem );
+#endif
+ if( ret != 0 )
+ dhm_free( dhm );
+
+ return( ret );
+}
+
+#if defined(POLARSSL_FS_IO)
+/*
+ * Load all data from a file into a given buffer.
+ */
+static int load_file( const char *path, unsigned char **buf, size_t *n )
+{
+ FILE *f;
+ long size;
+
+ if( ( f = fopen( path, "rb" ) ) == NULL )
+ return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
+
+ fseek( f, 0, SEEK_END );
+ if( ( size = ftell( f ) ) == -1 )
+ {
+ fclose( f );
+ return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
+ }
+ fseek( f, 0, SEEK_SET );
+
+ *n = (size_t) size;
+
+ if( *n + 1 == 0 ||
+ ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
+ {
+ fclose( f );
+ return( POLARSSL_ERR_DHM_MALLOC_FAILED );
+ }
+
+ if( fread( *buf, 1, *n, f ) != *n )
+ {
+ fclose( f );
+ polarssl_free( *buf );
+ return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
+ }
+
+ fclose( f );
+
+ (*buf)[*n] = '\0';
+
+ return( 0 );
+}
+
+/*
+ * Load and parse DHM parameters
+ */
+int dhm_parse_dhmfile( dhm_context *dhm, const char *path )
+{
+ int ret;
+ size_t n;
+ unsigned char *buf;
+
+ if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
+ return( ret );
+
+ ret = dhm_parse_dhm( dhm, buf, n );
+
+ memset( buf, 0, n + 1 );
+ polarssl_free( buf );
+
+ return( ret );
+}
+#endif /* POLARSSL_FS_IO */
+#endif /* POLARSSL_ASN1_PARSE_C */
+
#if defined(POLARSSL_SELF_TEST)
+#include "polarssl/certs.h"
+
/*
* Checkup routine
*/
int dhm_self_test( int verbose )
{
- return( verbose++ );
+#if defined(POLARSSL_CERTS_C)
+ int ret;
+ dhm_context dhm;
+
+ if( verbose != 0 )
+ printf( " DHM parameter load: " );
+
+ if( ( ret = dhm_parse_dhm( &dhm, (const unsigned char *) test_dhm_params,
+ strlen( test_dhm_params ) ) ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( ret );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n\n" );
+
+ dhm_free( &dhm );
+
+ return( 0 );
+#else
+ ((void) verbose);
+ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+#endif
}
#endif
--- /dev/null
+/*
+ * Elliptic curve Diffie-Hellman
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/*
+ * References:
+ *
+ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * RFC 4492
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_ECDH_C)
+
+#include "polarssl/ecdh.h"
+
+/*
+ * Generate public key: simple wrapper around ecp_gen_keypair
+ */
+int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ return ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
+}
+
+/*
+ * Compute shared secret (SEC1 3.3.1)
+ */
+int ecdh_compute_shared( ecp_group *grp, mpi *z,
+ const ecp_point *Q, const mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ ecp_point P;
+
+ ecp_point_init( &P );
+
+ /*
+ * Make sure Q is a valid pubkey before using it
+ */
+ MPI_CHK( ecp_check_pubkey( grp, Q ) );
+
+ MPI_CHK( ecp_mul( grp, &P, d, Q, f_rng, p_rng ) );
+
+ if( ecp_is_zero( &P ) )
+ {
+ ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ MPI_CHK( mpi_copy( z, &P.X ) );
+
+cleanup:
+ ecp_point_free( &P );
+
+ return( ret );
+}
+
+/*
+ * Initialize context
+ */
+void ecdh_init( ecdh_context *ctx )
+{
+ memset( ctx, 0, sizeof( ecdh_context ) );
+}
+
+/*
+ * Free context
+ */
+void ecdh_free( ecdh_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ ecp_group_free( &ctx->grp );
+ mpi_free ( &ctx->d );
+ ecp_point_free( &ctx->Q );
+ ecp_point_free( &ctx->Qp );
+ mpi_free ( &ctx->z );
+ ecp_point_free( &ctx->Vi );
+ ecp_point_free( &ctx->Vf );
+ mpi_free ( &ctx->_d );
+}
+
+/*
+ * Setup and write the ServerKeyExhange parameters (RFC 4492)
+ * struct {
+ * ECParameters curve_params;
+ * ECPoint public;
+ * } ServerECDHParams;
+ */
+int ecdh_make_params( ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ size_t grp_len, pt_len;
+
+ if( ctx == NULL || ctx->grp.pbits == 0 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
+ != 0 )
+ return( ret );
+
+ if( ( ret = ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
+ != 0 )
+ return( ret );
+
+ buf += grp_len;
+ blen -= grp_len;
+
+ if( ( ret = ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
+ &pt_len, buf, blen ) ) != 0 )
+ return( ret );
+
+ *olen = grp_len + pt_len;
+ return 0;
+}
+
+/*
+ * Read the ServerKeyExhange parameters (RFC 4492)
+ * struct {
+ * ECParameters curve_params;
+ * ECPoint public;
+ * } ServerECDHParams;
+ */
+int ecdh_read_params( ecdh_context *ctx,
+ const unsigned char **buf, const unsigned char *end )
+{
+ int ret;
+
+ if( ( ret = ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
+ return( ret );
+
+ if( ( ret = ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
+ != 0 )
+ return( ret );
+
+ return 0;
+}
+
+/*
+ * Setup and export the client public value
+ */
+int ecdh_make_public( ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+
+ if( ctx == NULL || ctx->grp.pbits == 0 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
+ != 0 )
+ return( ret );
+
+ return ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
+ olen, buf, blen );
+}
+
+/*
+ * Parse and import the client's public value
+ */
+int ecdh_read_public( ecdh_context *ctx,
+ const unsigned char *buf, size_t blen )
+{
+ if( ctx == NULL )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ return ecp_tls_read_point( &ctx->grp, &ctx->Qp, &buf, blen );
+}
+
+/*
+ * Derive and export the shared secret
+ */
+int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+
+ if( ctx == NULL )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ if( ( ret = ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d,
+ f_rng, p_rng ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( mpi_size( &ctx->z ) > blen )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ *olen = ctx->grp.nbits / 8 + ( ( ctx->grp.nbits % 8 ) != 0 );
+ return mpi_write_binary( &ctx->z, buf, *olen );
+}
+
+
+#if defined(POLARSSL_SELF_TEST)
+
+/*
+ * Checkup routine
+ */
+int ecdh_self_test( int verbose )
+{
+ return( verbose++ );
+}
+
+#endif
+
+#endif /* defined(POLARSSL_ECDH_C) */
--- /dev/null
+/*
+ * Elliptic curve DSA
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/*
+ * References:
+ *
+ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_ECDSA_C)
+
+#include "polarssl/ecdsa.h"
+#include "polarssl/asn1write.h"
+
+/*
+ * Derive a suitable integer for group grp from a buffer of length len
+ * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
+ */
+static int derive_mpi( const ecp_group *grp, mpi *x,
+ const unsigned char *buf, size_t blen )
+{
+ size_t n_size = (grp->nbits + 7) / 8;
+ return( mpi_read_binary( x, buf, blen > n_size ? n_size : blen ) );
+}
+
+/*
+ * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
+ * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
+ */
+int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
+ const mpi *d, const unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret, key_tries, sign_tries;
+ ecp_point R;
+ mpi k, e;
+
+ ecp_point_init( &R );
+ mpi_init( &k );
+ mpi_init( &e );
+
+ sign_tries = 0;
+ do
+ {
+ /*
+ * Steps 1-3: generate a suitable ephemeral keypair
+ * and set r = xR mod n
+ */
+ key_tries = 0;
+ do
+ {
+ MPI_CHK( ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
+ MPI_CHK( mpi_mod_mpi( r, &R.X, &grp->N ) );
+
+ if( key_tries++ > 10 )
+ {
+ ret = POLARSSL_ERR_ECP_RANDOM_FAILED;
+ goto cleanup;
+ }
+ }
+ while( mpi_cmp_int( r, 0 ) == 0 );
+
+ /*
+ * Step 5: derive MPI from hashed message
+ */
+ MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+
+ /*
+ * Step 6: compute s = (e + r * d) / k mod n
+ */
+ MPI_CHK( mpi_mul_mpi( s, r, d ) );
+ MPI_CHK( mpi_add_mpi( &e, &e, s ) );
+ MPI_CHK( mpi_inv_mod( s, &k, &grp->N ) );
+ MPI_CHK( mpi_mul_mpi( s, s, &e ) );
+ MPI_CHK( mpi_mod_mpi( s, s, &grp->N ) );
+
+ if( sign_tries++ > 10 )
+ {
+ ret = POLARSSL_ERR_ECP_RANDOM_FAILED;
+ goto cleanup;
+ }
+ }
+ while( mpi_cmp_int( s, 0 ) == 0 );
+
+cleanup:
+ ecp_point_free( &R );
+ mpi_free( &k );
+ mpi_free( &e );
+
+ return( ret );
+}
+
+/*
+ * Verify ECDSA signature of hashed message (SEC1 4.1.4)
+ * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
+ */
+int ecdsa_verify( ecp_group *grp,
+ const unsigned char *buf, size_t blen,
+ const ecp_point *Q, const mpi *r, const mpi *s)
+{
+ int ret;
+ mpi e, s_inv, u1, u2;
+ ecp_point R, P;
+
+ ecp_point_init( &R ); ecp_point_init( &P );
+ mpi_init( &e ); mpi_init( &s_inv ); mpi_init( &u1 ); mpi_init( &u2 );
+
+ /*
+ * Step 1: make sure r and s are in range 1..n-1
+ */
+ if( mpi_cmp_int( r, 1 ) < 0 || mpi_cmp_mpi( r, &grp->N ) >= 0 ||
+ mpi_cmp_int( s, 1 ) < 0 || mpi_cmp_mpi( s, &grp->N ) >= 0 )
+ {
+ ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+ /*
+ * Additional precaution: make sure Q is valid
+ */
+ MPI_CHK( ecp_check_pubkey( grp, Q ) );
+
+ /*
+ * Step 3: derive MPI from hashed message
+ */
+ MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+
+ /*
+ * Step 4: u1 = e / s mod n, u2 = r / s mod n
+ */
+ MPI_CHK( mpi_inv_mod( &s_inv, s, &grp->N ) );
+
+ MPI_CHK( mpi_mul_mpi( &u1, &e, &s_inv ) );
+ MPI_CHK( mpi_mod_mpi( &u1, &u1, &grp->N ) );
+
+ MPI_CHK( mpi_mul_mpi( &u2, r, &s_inv ) );
+ MPI_CHK( mpi_mod_mpi( &u2, &u2, &grp->N ) );
+
+ /*
+ * Step 5: R = u1 G + u2 Q
+ *
+ * Since we're not using any secret data, no need to pass a RNG to
+ * ecp_mul() for countermesures.
+ */
+ MPI_CHK( ecp_mul( grp, &R, &u1, &grp->G, NULL, NULL ) );
+ MPI_CHK( ecp_mul( grp, &P, &u2, Q, NULL, NULL ) );
+ MPI_CHK( ecp_add( grp, &R, &R, &P ) );
+
+ if( ecp_is_zero( &R ) )
+ {
+ ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+ /*
+ * Step 6: convert xR to an integer (no-op)
+ * Step 7: reduce xR mod n (gives v)
+ */
+ MPI_CHK( mpi_mod_mpi( &R.X, &R.X, &grp->N ) );
+
+ /*
+ * Step 8: check if v (that is, R.X) is equal to r
+ */
+ if( mpi_cmp_mpi( &R.X, r ) != 0 )
+ {
+ ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+cleanup:
+ ecp_point_free( &R ); ecp_point_free( &P );
+ mpi_free( &e ); mpi_free( &s_inv ); mpi_free( &u1 ); mpi_free( &u2 );
+
+ return( ret );
+}
+
+/*
+ * RFC 4492 page 20:
+ *
+ * Ecdsa-Sig-Value ::= SEQUENCE {
+ * r INTEGER,
+ * s INTEGER
+ * }
+ *
+ * Size is at most
+ * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
+ * twice that + 1 (tag) + 2 (len) for the sequence
+ * (assuming ECP_MAX_BYTES is less than 126 for r and s,
+ * and less than 124 (total len <= 255) for the sequence)
+ */
+#if POLARSSL_ECP_MAX_BYTES > 124
+#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
+#endif
+#define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) )
+
+/*
+ * Compute and write signature
+ */
+int ecdsa_write_signature( ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ unsigned char buf[MAX_SIG_LEN];
+ unsigned char *p = buf + sizeof( buf );
+ size_t len = 0;
+
+ if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
+ hash, hlen, f_rng, p_rng ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ ASN1_CHK_ADD( len, asn1_write_mpi( &p, buf, &ctx->s ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &p, buf, &ctx->r ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &p, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &p, buf,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ memcpy( sig, p, len );
+ *slen = len;
+
+ return( 0 );
+}
+
+/*
+ * Read and check signature
+ */
+int ecdsa_read_signature( ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen )
+{
+ int ret;
+ unsigned char *p = (unsigned char *) sig;
+ const unsigned char *end = sig + slen;
+ size_t len;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + ret );
+ }
+
+ if( p + len != end )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ if( ( ret = asn1_get_mpi( &p, end, &ctx->r ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &ctx->s ) ) != 0 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + ret );
+
+ if( p != end )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( ecdsa_verify( &ctx->grp, hash, hlen, &ctx->Q, &ctx->r, &ctx->s ) );
+}
+
+/*
+ * Generate key pair
+ */
+int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ return( ecp_use_known_dp( &ctx->grp, gid ) ||
+ ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+}
+
+/*
+ * Set context from an ecp_keypair
+ */
+int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key )
+{
+ int ret;
+
+ if( ( ret = ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
+ ( ret = mpi_copy( &ctx->d, &key->d ) ) != 0 ||
+ ( ret = ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
+ {
+ ecdsa_free( ctx );
+ }
+
+ return( ret );
+}
+
+/*
+ * Initialize context
+ */
+void ecdsa_init( ecdsa_context *ctx )
+{
+ ecp_group_init( &ctx->grp );
+ mpi_init( &ctx->d );
+ ecp_point_init( &ctx->Q );
+ mpi_init( &ctx->r );
+ mpi_init( &ctx->s );
+}
+
+/*
+ * Free context
+ */
+void ecdsa_free( ecdsa_context *ctx )
+{
+ ecp_group_free( &ctx->grp );
+ mpi_free( &ctx->d );
+ ecp_point_free( &ctx->Q );
+ mpi_free( &ctx->r );
+ mpi_free( &ctx->s );
+}
+
+#if defined(POLARSSL_SELF_TEST)
+
+/*
+ * Checkup routine
+ */
+int ecdsa_self_test( int verbose )
+{
+ return( verbose++ );
+}
+
+#endif
+
+#endif /* defined(POLARSSL_ECDSA_C) */
--- /dev/null
+/*
+ * Elliptic curves over GF(p)
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/*
+ * References:
+ *
+ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
+ * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
+ * RFC 4492 for the related TLS structures and constants
+ *
+ * [1] OKEYA, Katsuyuki and TAKAGI, Tsuyoshi. The width-w NAF method provides
+ * small memory and fast elliptic scalar multiplications secure against
+ * side channel attacks. In : Topics in Cryptology—CT-RSA 2003. Springer
+ * Berlin Heidelberg, 2003. p. 328-343.
+ * <http://rd.springer.com/chapter/10.1007/3-540-36563-X_23>.
+ *
+ * [2] CORON, Jean-Sébastien. Resistance against differential power analysis
+ * for elliptic curve cryptosystems. In : Cryptographic Hardware and
+ * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
+ * <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_ECP_C)
+
+#include "polarssl/ecp.h"
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <limits.h>
+#include <stdlib.h>
+
+#if defined(_MSC_VER) && !defined(inline)
+#define inline _inline
+#else
+#if defined(__ARMCC_VERSION) && !defined(inline)
+#define inline __inline
+#endif /* __ARMCC_VERSION */
+#endif /*_MSC_VER */
+
+#if defined(POLARSSL_SELF_TEST)
+/*
+ * Counts of point addition and doubling operations.
+ * Used to test resistance of point multiplication to simple timing attacks.
+ */
+unsigned long add_count, dbl_count;
+#endif
+
+/*
+ * List of supported curves:
+ * - internal ID
+ * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
+ * - size in bits
+ * - readable name
+ */
+const ecp_curve_info ecp_supported_curves[] =
+{
+#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
+ { POLARSSL_ECP_DP_BP512R1, 28, 512, "brainpool512r1" },
+#endif
+#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
+ { POLARSSL_ECP_DP_BP384R1, 27, 384, "brainpool384r1" },
+#endif
+#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
+ { POLARSSL_ECP_DP_BP256R1, 26, 256, "brainpool256r1" },
+#endif
+#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
+ { POLARSSL_ECP_DP_SECP521R1, 25, 521, "secp521r1" },
+#endif
+#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
+ { POLARSSL_ECP_DP_SECP384R1, 24, 384, "secp384r1" },
+#endif
+#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
+ { POLARSSL_ECP_DP_SECP256R1, 23, 256, "secp256r1" },
+#endif
+#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
+ { POLARSSL_ECP_DP_SECP224R1, 21, 224, "secp224r1" },
+#endif
+#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
+ { POLARSSL_ECP_DP_SECP192R1, 19, 192, "secp192r1" },
+#endif
+ { POLARSSL_ECP_DP_NONE, 0, 0, NULL },
+};
+
+/*
+ * List of supported curves and associated info
+ */
+const ecp_curve_info *ecp_curve_list( void )
+{
+ return ecp_supported_curves;
+}
+
+/*
+ * Get the curve info for the internal identifer
+ */
+const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id )
+{
+ const ecp_curve_info *curve_info;
+
+ for( curve_info = ecp_curve_list();
+ curve_info->grp_id != POLARSSL_ECP_DP_NONE;
+ curve_info++ )
+ {
+ if( curve_info->grp_id == grp_id )
+ return( curve_info );
+ }
+
+ return( NULL );
+}
+
+/*
+ * Get the curve info from the TLS identifier
+ */
+const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id )
+{
+ const ecp_curve_info *curve_info;
+
+ for( curve_info = ecp_curve_list();
+ curve_info->grp_id != POLARSSL_ECP_DP_NONE;
+ curve_info++ )
+ {
+ if( curve_info->tls_id == tls_id )
+ return( curve_info );
+ }
+
+ return( NULL );
+}
+
+/*
+ * Initialize (the components of) a point
+ */
+void ecp_point_init( ecp_point *pt )
+{
+ if( pt == NULL )
+ return;
+
+ mpi_init( &pt->X );
+ mpi_init( &pt->Y );
+ mpi_init( &pt->Z );
+}
+
+/*
+ * Initialize (the components of) a group
+ */
+void ecp_group_init( ecp_group *grp )
+{
+ if( grp == NULL )
+ return;
+
+ memset( grp, 0, sizeof( ecp_group ) );
+}
+
+/*
+ * Initialize (the components of) a key pair
+ */
+void ecp_keypair_init( ecp_keypair *key )
+{
+ if ( key == NULL )
+ return;
+
+ ecp_group_init( &key->grp );
+ mpi_init( &key->d );
+ ecp_point_init( &key->Q );
+}
+
+/*
+ * Unallocate (the components of) a point
+ */
+void ecp_point_free( ecp_point *pt )
+{
+ if( pt == NULL )
+ return;
+
+ mpi_free( &( pt->X ) );
+ mpi_free( &( pt->Y ) );
+ mpi_free( &( pt->Z ) );
+}
+
+/*
+ * Unallocate (the components of) a group
+ */
+void ecp_group_free( ecp_group *grp )
+{
+ size_t i;
+
+ if( grp == NULL )
+ return;
+
+ mpi_free( &grp->P );
+ mpi_free( &grp->A );
+ mpi_free( &grp->B );
+ ecp_point_free( &grp->G );
+ mpi_free( &grp->N );
+
+ if( grp->T != NULL )
+ {
+ for( i = 0; i < grp->T_size; i++ )
+ ecp_point_free( &grp->T[i] );
+ polarssl_free( grp->T );
+ }
+
+ memset( grp, 0, sizeof( ecp_group ) );
+}
+
+/*
+ * Unallocate (the components of) a key pair
+ */
+void ecp_keypair_free( ecp_keypair *key )
+{
+ if ( key == NULL )
+ return;
+
+ ecp_group_free( &key->grp );
+ mpi_free( &key->d );
+ ecp_point_free( &key->Q );
+}
+
+/*
+ * Copy the contents of a point
+ */
+int ecp_copy( ecp_point *P, const ecp_point *Q )
+{
+ int ret;
+
+ MPI_CHK( mpi_copy( &P->X, &Q->X ) );
+ MPI_CHK( mpi_copy( &P->Y, &Q->Y ) );
+ MPI_CHK( mpi_copy( &P->Z, &Q->Z ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Copy the contents of a group object
+ */
+int ecp_group_copy( ecp_group *dst, const ecp_group *src )
+{
+ return ecp_use_known_dp( dst, src->id );
+}
+
+/*
+ * Set point to zero
+ */
+int ecp_set_zero( ecp_point *pt )
+{
+ int ret;
+
+ MPI_CHK( mpi_lset( &pt->X , 1 ) );
+ MPI_CHK( mpi_lset( &pt->Y , 1 ) );
+ MPI_CHK( mpi_lset( &pt->Z , 0 ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Tell if a point is zero
+ */
+int ecp_is_zero( ecp_point *pt )
+{
+ return( mpi_cmp_int( &pt->Z, 0 ) == 0 );
+}
+
+/*
+ * Import a non-zero point from ASCII strings
+ */
+int ecp_point_read_string( ecp_point *P, int radix,
+ const char *x, const char *y )
+{
+ int ret;
+
+ MPI_CHK( mpi_read_string( &P->X, radix, x ) );
+ MPI_CHK( mpi_read_string( &P->Y, radix, y ) );
+ MPI_CHK( mpi_lset( &P->Z, 1 ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Export a point into unsigned binary data (SEC1 2.3.3)
+ */
+int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen )
+{
+ int ret = 0;
+ size_t plen;
+
+ if( format != POLARSSL_ECP_PF_UNCOMPRESSED &&
+ format != POLARSSL_ECP_PF_COMPRESSED )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ /*
+ * Common case: P == 0
+ */
+ if( mpi_cmp_int( &P->Z, 0 ) == 0 )
+ {
+ if( buflen < 1 )
+ return( POLARSSL_ERR_ECP_BUFFER_TOO_SMALL );
+
+ buf[0] = 0x00;
+ *olen = 1;
+
+ return( 0 );
+ }
+
+ plen = mpi_size( &grp->P );
+
+ if( format == POLARSSL_ECP_PF_UNCOMPRESSED )
+ {
+ *olen = 2 * plen + 1;
+
+ if( buflen < *olen )
+ return( POLARSSL_ERR_ECP_BUFFER_TOO_SMALL );
+
+ buf[0] = 0x04;
+ MPI_CHK( mpi_write_binary( &P->X, buf + 1, plen ) );
+ MPI_CHK( mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
+ }
+ else if( format == POLARSSL_ECP_PF_COMPRESSED )
+ {
+ *olen = plen + 1;
+
+ if( buflen < *olen )
+ return( POLARSSL_ERR_ECP_BUFFER_TOO_SMALL );
+
+ buf[0] = 0x02 + mpi_get_bit( &P->Y, 0 );
+ MPI_CHK( mpi_write_binary( &P->X, buf + 1, plen ) );
+ }
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Import a point from unsigned binary data (SEC1 2.3.4)
+ */
+int ecp_point_read_binary( const ecp_group *grp, ecp_point *pt,
+ const unsigned char *buf, size_t ilen ) {
+ int ret;
+ size_t plen;
+
+ if( ilen == 1 && buf[0] == 0x00 )
+ return( ecp_set_zero( pt ) );
+
+ plen = mpi_size( &grp->P );
+
+ if( ilen != 2 * plen + 1 || buf[0] != 0x04 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ MPI_CHK( mpi_read_binary( &pt->X, buf + 1, plen ) );
+ MPI_CHK( mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
+ MPI_CHK( mpi_lset( &pt->Z, 1 ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Import a point from a TLS ECPoint record (RFC 4492)
+ * struct {
+ * opaque point <1..2^8-1>;
+ * } ECPoint;
+ */
+int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
+ const unsigned char **buf, size_t buf_len )
+{
+ unsigned char data_len;
+ const unsigned char *buf_start;
+
+ /*
+ * We must have at least two bytes (1 for length, at least of for data)
+ */
+ if( buf_len < 2 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ data_len = *(*buf)++;
+ if( data_len < 1 || data_len > buf_len - 1 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ /*
+ * Save buffer start for read_binary and update buf
+ */
+ buf_start = *buf;
+ *buf += data_len;
+
+ return ecp_point_read_binary( grp, pt, buf_start, data_len );
+}
+
+/*
+ * Export a point as a TLS ECPoint record (RFC 4492)
+ * struct {
+ * opaque point <1..2^8-1>;
+ * } ECPoint;
+ */
+int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
+ int format, size_t *olen,
+ unsigned char *buf, size_t blen )
+{
+ int ret;
+
+ /*
+ * buffer length must be at least one, for our length byte
+ */
+ if( blen < 1 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ if( ( ret = ecp_point_write_binary( grp, pt, format,
+ olen, buf + 1, blen - 1) ) != 0 )
+ return( ret );
+
+ /*
+ * write length to the first byte and update total length
+ */
+ buf[0] = (unsigned char) *olen;
+ ++*olen;
+
+ return 0;
+}
+
+/*
+ * Import an ECP group from ASCII strings, general case (A used)
+ */
+static int ecp_group_read_string_gen( ecp_group *grp, int radix,
+ const char *p, const char *a, const char *b,
+ const char *gx, const char *gy, const char *n)
+{
+ int ret;
+
+ MPI_CHK( mpi_read_string( &grp->P, radix, p ) );
+ MPI_CHK( mpi_read_string( &grp->A, radix, a ) );
+ MPI_CHK( mpi_read_string( &grp->B, radix, b ) );
+ MPI_CHK( ecp_point_read_string( &grp->G, radix, gx, gy ) );
+ MPI_CHK( mpi_read_string( &grp->N, radix, n ) );
+
+ grp->pbits = mpi_msb( &grp->P );
+ grp->nbits = mpi_msb( &grp->N );
+
+cleanup:
+ if( ret != 0 )
+ ecp_group_free( grp );
+
+ return( ret );
+}
+
+/*
+ * Import an ECP group from ASCII strings, case A == -3
+ */
+int ecp_group_read_string( ecp_group *grp, int radix,
+ const char *p, const char *b,
+ const char *gx, const char *gy, const char *n)
+{
+ int ret;
+
+ MPI_CHK( ecp_group_read_string_gen( grp, radix, p, "00", b, gx, gy, n ) );
+ MPI_CHK( mpi_add_int( &grp->A, &grp->P, -3 ) );
+
+cleanup:
+ if( ret != 0 )
+ ecp_group_free( grp );
+
+ return( ret );
+}
+
+/*
+ * Domain parameters for secp192r1
+ */
+#define SECP192R1_P \
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"
+#define SECP192R1_B \
+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"
+#define SECP192R1_GX \
+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"
+#define SECP192R1_GY \
+ "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"
+#define SECP192R1_N \
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"
+
+/*
+ * Domain parameters for secp224r1
+ */
+#define SECP224R1_P \
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"
+#define SECP224R1_B \
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"
+#define SECP224R1_GX \
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"
+#define SECP224R1_GY \
+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"
+#define SECP224R1_N \
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"
+
+/*
+ * Domain parameters for secp256r1
+ */
+#define SECP256R1_P \
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"
+#define SECP256R1_B \
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"
+#define SECP256R1_GX \
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
+#define SECP256R1_GY \
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"
+#define SECP256R1_N \
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"
+
+/*
+ * Domain parameters for secp384r1
+ */
+#define SECP384R1_P \
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
+ "FFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"
+#define SECP384R1_B \
+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE814112" \
+ "0314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"
+#define SECP384R1_GX \
+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B98" \
+ "59F741E082542A385502F25DBF55296C3A545E3872760AB7"
+#define SECP384R1_GY \
+ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147C" \
+ "E9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"
+#define SECP384R1_N \
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
+ "C7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"
+
+/*
+ * Domain parameters for secp521r1
+ */
+#define SECP521R1_P \
+ "000001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+#define SECP521R1_B \
+ "00000051953EB9618E1C9A1F929A21A0B68540EEA2DA725B" \
+ "99B315F3B8B489918EF109E156193951EC7E937B1652C0BD" \
+ "3BB1BF073573DF883D2C34F1EF451FD46B503F00"
+#define SECP521R1_GX \
+ "000000C6858E06B70404E9CD9E3ECB662395B4429C648139" \
+ "053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127" \
+ "A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"
+#define SECP521R1_GY \
+ "0000011839296A789A3BC0045C8A5FB42C7D1BD998F54449" \
+ "579B446817AFBD17273E662C97EE72995EF42640C550B901" \
+ "3FAD0761353C7086A272C24088BE94769FD16650"
+#define SECP521R1_N \
+ "000001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
+ "FFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148" \
+ "F709A5D03BB5C9B8899C47AEBB6FB71E91386409"
+
+/*
+ * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
+ */
+#define BP256R1_P \
+ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377"
+#define BP256R1_A \
+ "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9"
+#define BP256R1_B \
+ "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6"
+#define BP256R1_GX \
+ "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262"
+#define BP256R1_GY \
+ "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997"
+#define BP256R1_N \
+ "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"
+
+/*
+ * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
+ */
+#define BP384R1_P \
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB711" \
+ "23ACD3A729901D1A71874700133107EC53"
+#define BP384R1_A \
+ "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F9" \
+ "0F8AA5814A503AD4EB04A8C7DD22CE2826"
+#define BP384R1_B \
+ "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62" \
+ "D57CB4390295DBC9943AB78696FA504C11"
+#define BP384R1_GX \
+ "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10" \
+ "E8E826E03436D646AAEF87B2E247D4AF1E"
+#define BP384R1_GY \
+ "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129" \
+ "280E4646217791811142820341263C5315"
+#define BP384R1_N \
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425" \
+ "A7CF3AB6AF6B7FC3103B883202E9046565"
+
+/*
+ * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
+ */
+#define BP512R1_P \
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308" \
+ "717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3"
+#define BP512R1_A \
+ "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863" \
+ "BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA"
+#define BP512R1_B \
+ "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117" \
+ "A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723"
+#define BP512R1_GX \
+ "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009" \
+ "8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822"
+#define BP512R1_GY \
+ "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81" \
+ "11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892"
+#define BP512R1_N \
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308" \
+ "70553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"
+
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+/* Forward declarations */
+static int ecp_mod_p192( mpi * );
+static int ecp_mod_p224( mpi * );
+static int ecp_mod_p256( mpi * );
+static int ecp_mod_p384( mpi * );
+static int ecp_mod_p521( mpi * );
+#endif
+
+/*
+ * Set a group using well-known domain parameters
+ */
+int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
+{
+ grp->id = id;
+
+ switch( id )
+ {
+#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
+ case POLARSSL_ECP_DP_SECP192R1:
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+ grp->modp = ecp_mod_p192;
+#endif
+ return( ecp_group_read_string( grp, 16,
+ SECP192R1_P, SECP192R1_B,
+ SECP192R1_GX, SECP192R1_GY, SECP192R1_N ) );
+#endif /* POLARSSL_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
+ case POLARSSL_ECP_DP_SECP224R1:
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+ grp->modp = ecp_mod_p224;
+#endif
+ return( ecp_group_read_string( grp, 16,
+ SECP224R1_P, SECP224R1_B,
+ SECP224R1_GX, SECP224R1_GY, SECP224R1_N ) );
+#endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
+ case POLARSSL_ECP_DP_SECP256R1:
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+ grp->modp = ecp_mod_p256;
+#endif
+ return( ecp_group_read_string( grp, 16,
+ SECP256R1_P, SECP256R1_B,
+ SECP256R1_GX, SECP256R1_GY, SECP256R1_N ) );
+#endif /* POLARSSL_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
+ case POLARSSL_ECP_DP_SECP384R1:
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+ grp->modp = ecp_mod_p384;
+#endif
+ return( ecp_group_read_string( grp, 16,
+ SECP384R1_P, SECP384R1_B,
+ SECP384R1_GX, SECP384R1_GY, SECP384R1_N ) );
+#endif /* POLARSSL_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
+ case POLARSSL_ECP_DP_SECP521R1:
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+ grp->modp = ecp_mod_p521;
+#endif
+ return( ecp_group_read_string( grp, 16,
+ SECP521R1_P, SECP521R1_B,
+ SECP521R1_GX, SECP521R1_GY, SECP521R1_N ) );
+#endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
+ case POLARSSL_ECP_DP_BP256R1:
+ return( ecp_group_read_string_gen( grp, 16,
+ BP256R1_P, BP256R1_A, BP256R1_B,
+ BP256R1_GX, BP256R1_GY, BP256R1_N ) );
+#endif /* POLARSSL_ECP_DP_BP256R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
+ case POLARSSL_ECP_DP_BP384R1:
+ return( ecp_group_read_string_gen( grp, 16,
+ BP384R1_P, BP384R1_A, BP384R1_B,
+ BP384R1_GX, BP384R1_GY, BP384R1_N ) );
+#endif /* POLARSSL_ECP_DP_BP384R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
+ case POLARSSL_ECP_DP_BP512R1:
+ return( ecp_group_read_string_gen( grp, 16,
+ BP512R1_P, BP512R1_A, BP512R1_B,
+ BP512R1_GX, BP512R1_GY, BP512R1_N ) );
+#endif /* POLARSSL_ECP_DP_BP512R1_ENABLED */
+
+ default:
+ ecp_group_free( grp );
+ return( POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE );
+ }
+}
+
+/*
+ * Set a group from an ECParameters record (RFC 4492)
+ */
+int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len )
+{
+ uint16_t tls_id;
+ const ecp_curve_info *curve_info;
+
+ /*
+ * We expect at least three bytes (see below)
+ */
+ if( len < 3 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ /*
+ * First byte is curve_type; only named_curve is handled
+ */
+ if( *(*buf)++ != POLARSSL_ECP_TLS_NAMED_CURVE )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ /*
+ * Next two bytes are the namedcurve value
+ */
+ tls_id = *(*buf)++;
+ tls_id <<= 8;
+ tls_id |= *(*buf)++;
+
+ if( ( curve_info = ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
+ return( POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE );
+
+ return ecp_use_known_dp( grp, curve_info->grp_id );
+}
+
+/*
+ * Write the ECParameters record corresponding to a group (RFC 4492)
+ */
+int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
+ unsigned char *buf, size_t blen )
+{
+ const ecp_curve_info *curve_info;
+
+ if( ( curve_info = ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ /*
+ * We are going to write 3 bytes (see below)
+ */
+ *olen = 3;
+ if( blen < *olen )
+ return( POLARSSL_ERR_ECP_BUFFER_TOO_SMALL );
+
+ /*
+ * First byte is curve_type, always named_curve
+ */
+ *buf++ = POLARSSL_ECP_TLS_NAMED_CURVE;
+
+ /*
+ * Next two bytes are the namedcurve value
+ */
+ buf[0] = curve_info->tls_id >> 8;
+ buf[1] = curve_info->tls_id & 0xFF;
+
+ return 0;
+}
+
+/*
+ * Wrapper around fast quasi-modp functions, with fall-back to mpi_mod_mpi.
+ * See the documentation of struct ecp_group.
+ *
+ * This function is in the critial loop for ecp_mul, so pay attention to perf.
+ */
+static int ecp_modp( mpi *N, const ecp_group *grp )
+{
+ int ret;
+
+ if( grp->modp == NULL )
+ return( mpi_mod_mpi( N, N, &grp->P ) );
+
+ /* N->s < 0 is a much faster test, which fails only if N is 0 */
+ if( ( N->s < 0 && mpi_cmp_int( N, 0 ) != 0 ) ||
+ mpi_msb( N ) > 2 * grp->pbits )
+ {
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+ }
+
+ MPI_CHK( grp->modp( N ) );
+
+ /* N->s < 0 is a much faster test, which fails only if N is 0 */
+ while( N->s < 0 && mpi_cmp_int( N, 0 ) != 0 )
+ MPI_CHK( mpi_add_mpi( N, N, &grp->P ) );
+
+ while( mpi_cmp_mpi( N, &grp->P ) >= 0 )
+ /* we known P, N and the result are positive */
+ MPI_CHK( mpi_sub_abs( N, N, &grp->P ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Fast mod-p functions expect their argument to be in the 0..p^2 range.
+ *
+ * In order to guarantee that, we need to ensure that operands of
+ * mpi_mul_mpi are in the 0..p range. So, after each operation we will
+ * bring the result back to this range.
+ *
+ * The following macros are shortcuts for doing that.
+ */
+
+/*
+ * Reduce a mpi mod p in-place, general case, to use after mpi_mul_mpi
+ */
+#define MOD_MUL( N ) MPI_CHK( ecp_modp( &N, grp ) )
+
+/*
+ * Reduce a mpi mod p in-place, to use after mpi_sub_mpi
+ * N->s < 0 is a very fast test, which fails only if N is 0
+ */
+#define MOD_SUB( N ) \
+ while( N.s < 0 && mpi_cmp_int( &N, 0 ) != 0 ) \
+ MPI_CHK( mpi_add_mpi( &N, &N, &grp->P ) )
+
+/*
+ * Reduce a mpi mod p in-place, to use after mpi_add_mpi and mpi_mul_int.
+ * We known P, N and the result are positive, so sub_abs is correct, and
+ * a bit faster.
+ */
+#define MOD_ADD( N ) \
+ while( mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \
+ MPI_CHK( mpi_sub_abs( &N, &N, &grp->P ) )
+
+/*
+ * Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1)
+ */
+static int ecp_normalize( const ecp_group *grp, ecp_point *pt )
+{
+ int ret;
+ mpi Zi, ZZi;
+
+ if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
+ return( 0 );
+
+ mpi_init( &Zi ); mpi_init( &ZZi );
+
+ /*
+ * X = X / Z^2 mod p
+ */
+ MPI_CHK( mpi_inv_mod( &Zi, &pt->Z, &grp->P ) );
+ MPI_CHK( mpi_mul_mpi( &ZZi, &Zi, &Zi ) ); MOD_MUL( ZZi );
+ MPI_CHK( mpi_mul_mpi( &pt->X, &pt->X, &ZZi ) ); MOD_MUL( pt->X );
+
+ /*
+ * Y = Y / Z^3 mod p
+ */
+ MPI_CHK( mpi_mul_mpi( &pt->Y, &pt->Y, &ZZi ) ); MOD_MUL( pt->Y );
+ MPI_CHK( mpi_mul_mpi( &pt->Y, &pt->Y, &Zi ) ); MOD_MUL( pt->Y );
+
+ /*
+ * Z = 1
+ */
+ MPI_CHK( mpi_lset( &pt->Z, 1 ) );
+
+cleanup:
+
+ mpi_free( &Zi ); mpi_free( &ZZi );
+
+ return( ret );
+}
+
+/*
+ * Normalize jacobian coordinates of an array of points,
+ * using Montgomery's trick to perform only one inversion mod P.
+ * (See for example Cohen's "A Course in Computational Algebraic Number
+ * Theory", Algorithm 10.3.4.)
+ *
+ * Warning: fails (returning an error) if one of the points is zero!
+ * This should never happen, see choice of w in ecp_mul().
+ */
+static int ecp_normalize_many( const ecp_group *grp,
+ ecp_point T[], size_t t_len )
+{
+ int ret;
+ size_t i;
+ mpi *c, u, Zi, ZZi;
+
+ if( t_len < 2 )
+ return( ecp_normalize( grp, T ) );
+
+ if( ( c = (mpi *) polarssl_malloc( t_len * sizeof( mpi ) ) ) == NULL )
+ return( POLARSSL_ERR_ECP_MALLOC_FAILED );
+
+ mpi_init( &u ); mpi_init( &Zi ); mpi_init( &ZZi );
+ for( i = 0; i < t_len; i++ )
+ mpi_init( &c[i] );
+
+ /*
+ * c[i] = Z_0 * ... * Z_i
+ */
+ MPI_CHK( mpi_copy( &c[0], &T[0].Z ) );
+ for( i = 1; i < t_len; i++ )
+ {
+ MPI_CHK( mpi_mul_mpi( &c[i], &c[i-1], &T[i].Z ) );
+ MOD_MUL( c[i] );
+ }
+
+ /*
+ * u = 1 / (Z_0 * ... * Z_n) mod P
+ */
+ MPI_CHK( mpi_inv_mod( &u, &c[t_len-1], &grp->P ) );
+
+ for( i = t_len - 1; ; i-- )
+ {
+ /*
+ * Zi = 1 / Z_i mod p
+ * u = 1 / (Z_0 * ... * Z_i) mod P
+ */
+ if( i == 0 ) {
+ MPI_CHK( mpi_copy( &Zi, &u ) );
+ }
+ else
+ {
+ MPI_CHK( mpi_mul_mpi( &Zi, &u, &c[i-1] ) ); MOD_MUL( Zi );
+ MPI_CHK( mpi_mul_mpi( &u, &u, &T[i].Z ) ); MOD_MUL( u );
+ }
+
+ /*
+ * proceed as in normalize()
+ */
+ MPI_CHK( mpi_mul_mpi( &ZZi, &Zi, &Zi ) ); MOD_MUL( ZZi );
+ MPI_CHK( mpi_mul_mpi( &T[i].X, &T[i].X, &ZZi ) ); MOD_MUL( T[i].X );
+ MPI_CHK( mpi_mul_mpi( &T[i].Y, &T[i].Y, &ZZi ) ); MOD_MUL( T[i].Y );
+ MPI_CHK( mpi_mul_mpi( &T[i].Y, &T[i].Y, &Zi ) ); MOD_MUL( T[i].Y );
+ MPI_CHK( mpi_lset( &T[i].Z, 1 ) );
+
+ if( i == 0 )
+ break;
+ }
+
+cleanup:
+
+ mpi_free( &u ); mpi_free( &Zi ); mpi_free( &ZZi );
+ for( i = 0; i < t_len; i++ )
+ mpi_free( &c[i] );
+ polarssl_free( c );
+
+ return( ret );
+}
+
+/*
+ * Point doubling R = 2 P, Jacobian coordinates
+ *
+ * http://www.hyperelliptic.org/EFD/g1p/auto-code/shortw/jacobian/doubling/dbl-2007-bl.op3
+ * with heavy variable renaming, some reordering and one minor modification
+ * (a = 2 * b, c = d - 2a replaced with c = d, c = c - b, c = c - b)
+ * in order to use a lot less intermediate variables (6 vs 25).
+ */
+static int ecp_double_jac( const ecp_group *grp, ecp_point *R,
+ const ecp_point *P )
+{
+ int ret;
+ mpi T1, T2, T3, X3, Y3, Z3;
+
+#if defined(POLARSSL_SELF_TEST)
+ dbl_count++;
+#endif
+
+ mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 );
+ mpi_init( &X3 ); mpi_init( &Y3 ); mpi_init( &Z3 );
+
+ MPI_CHK( mpi_mul_mpi( &T3, &P->X, &P->X ) ); MOD_MUL( T3 );
+ MPI_CHK( mpi_mul_mpi( &T2, &P->Y, &P->Y ) ); MOD_MUL( T2 );
+ MPI_CHK( mpi_mul_mpi( &Y3, &T2, &T2 ) ); MOD_MUL( Y3 );
+ MPI_CHK( mpi_add_mpi( &X3, &P->X, &T2 ) ); MOD_ADD( X3 );
+ MPI_CHK( mpi_mul_mpi( &X3, &X3, &X3 ) ); MOD_MUL( X3 );
+ MPI_CHK( mpi_sub_mpi( &X3, &X3, &Y3 ) ); MOD_SUB( X3 );
+ MPI_CHK( mpi_sub_mpi( &X3, &X3, &T3 ) ); MOD_SUB( X3 );
+ MPI_CHK( mpi_mul_int( &T1, &X3, 2 ) ); MOD_ADD( T1 );
+ MPI_CHK( mpi_mul_mpi( &Z3, &P->Z, &P->Z ) ); MOD_MUL( Z3 );
+ MPI_CHK( mpi_mul_mpi( &X3, &Z3, &Z3 ) ); MOD_MUL( X3 );
+ MPI_CHK( mpi_mul_int( &T3, &T3, 3 ) ); MOD_ADD( T3 );
+ MPI_CHK( mpi_mul_mpi( &X3, &X3, &grp->A ) ); MOD_MUL( X3 );
+ MPI_CHK( mpi_add_mpi( &T3, &T3, &X3 ) ); MOD_ADD( T3 );
+ MPI_CHK( mpi_mul_mpi( &X3, &T3, &T3 ) ); MOD_MUL( X3 );
+ MPI_CHK( mpi_sub_mpi( &X3, &X3, &T1 ) ); MOD_SUB( X3 );
+ MPI_CHK( mpi_sub_mpi( &X3, &X3, &T1 ) ); MOD_SUB( X3 );
+ MPI_CHK( mpi_sub_mpi( &T1, &T1, &X3 ) ); MOD_SUB( T1 );
+ MPI_CHK( mpi_mul_mpi( &T1, &T3, &T1 ) ); MOD_MUL( T1 );
+ MPI_CHK( mpi_mul_int( &T3, &Y3, 8 ) ); MOD_ADD( T3 );
+ MPI_CHK( mpi_sub_mpi( &Y3, &T1, &T3 ) ); MOD_SUB( Y3 );
+ MPI_CHK( mpi_add_mpi( &T1, &P->Y, &P->Z ) ); MOD_ADD( T1 );
+ MPI_CHK( mpi_mul_mpi( &T1, &T1, &T1 ) ); MOD_MUL( T1 );
+ MPI_CHK( mpi_sub_mpi( &T1, &T1, &T2 ) ); MOD_SUB( T1 );
+ MPI_CHK( mpi_sub_mpi( &Z3, &T1, &Z3 ) ); MOD_SUB( Z3 );
+
+ MPI_CHK( mpi_copy( &R->X, &X3 ) );
+ MPI_CHK( mpi_copy( &R->Y, &Y3 ) );
+ MPI_CHK( mpi_copy( &R->Z, &Z3 ) );
+
+cleanup:
+ mpi_free( &T1 ); mpi_free( &T2 ); mpi_free( &T3 );
+ mpi_free( &X3 ); mpi_free( &Y3 ); mpi_free( &Z3 );
+
+ return( ret );
+}
+
+/*
+ * Addition or subtraction: R = P + Q or R = P - Q,
+ * mixed affine-Jacobian coordinates (GECC 3.22)
+ *
+ * The coordinates of Q must be normalized (= affine),
+ * but those of P don't need to. R is not normalized.
+ *
+ * If sign >= 0, perform addition, otherwise perform subtraction,
+ * taking advantage of the fact that, for Q != 0, we have
+ * -Q = (Q.X, -Q.Y, Q.Z)
+ */
+static int ecp_add_mixed( const ecp_group *grp, ecp_point *R,
+ const ecp_point *P, const ecp_point *Q,
+ signed char sign )
+{
+ int ret;
+ mpi T1, T2, T3, T4, X, Y, Z;
+
+#if defined(POLARSSL_SELF_TEST)
+ add_count++;
+#endif
+
+ /*
+ * Trivial cases: P == 0 or Q == 0
+ * (Check Q first, so that we know Q != 0 when we compute -Q.)
+ */
+ if( mpi_cmp_int( &Q->Z, 0 ) == 0 )
+ return( ecp_copy( R, P ) );
+
+ if( mpi_cmp_int( &P->Z, 0 ) == 0 )
+ {
+ ret = ecp_copy( R, Q );
+
+ /*
+ * -R.Y mod P = P - R.Y unless R.Y == 0
+ */
+ if( ret == 0 && sign < 0)
+ if( mpi_cmp_int( &R->Y, 0 ) != 0 )
+ ret = mpi_sub_mpi( &R->Y, &grp->P, &R->Y );
+
+ return( ret );
+ }
+
+ /*
+ * Make sure Q coordinates are normalized
+ */
+ if( mpi_cmp_int( &Q->Z, 1 ) != 0 )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &T4 );
+ mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z );
+
+ MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 );
+ MPI_CHK( mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 );
+ MPI_CHK( mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 );
+ MPI_CHK( mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 );
+
+ /*
+ * For subtraction, -Q.Y should have been used instead of Q.Y,
+ * so we replace T2 by -T2, which is P - T2 mod P
+ */
+ if( sign < 0 )
+ {
+ MPI_CHK( mpi_sub_mpi( &T2, &grp->P, &T2 ) );
+ MOD_SUB( T2 );
+ }
+
+ MPI_CHK( mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 );
+ MPI_CHK( mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 );
+
+ if( mpi_cmp_int( &T1, 0 ) == 0 )
+ {
+ if( mpi_cmp_int( &T2, 0 ) == 0 )
+ {
+ ret = ecp_double_jac( grp, R, P );
+ goto cleanup;
+ }
+ else
+ {
+ ret = ecp_set_zero( R );
+ goto cleanup;
+ }
+ }
+
+ MPI_CHK( mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z );
+ MPI_CHK( mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 );
+ MPI_CHK( mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 );
+ MPI_CHK( mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 );
+ MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 );
+ MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X );
+ MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X );
+ MPI_CHK( mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X );
+ MPI_CHK( mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 );
+ MPI_CHK( mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 );
+ MPI_CHK( mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 );
+ MPI_CHK( mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y );
+
+ MPI_CHK( mpi_copy( &R->X, &X ) );
+ MPI_CHK( mpi_copy( &R->Y, &Y ) );
+ MPI_CHK( mpi_copy( &R->Z, &Z ) );
+
+cleanup:
+
+ mpi_free( &T1 ); mpi_free( &T2 ); mpi_free( &T3 ); mpi_free( &T4 );
+ mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z );
+
+ return( ret );
+}
+
+/*
+ * Addition: R = P + Q, result's coordinates normalized
+ */
+int ecp_add( const ecp_group *grp, ecp_point *R,
+ const ecp_point *P, const ecp_point *Q )
+{
+ int ret;
+
+ MPI_CHK( ecp_add_mixed( grp, R, P, Q , 1 ) );
+ MPI_CHK( ecp_normalize( grp, R ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Subtraction: R = P - Q, result's coordinates normalized
+ */
+int ecp_sub( const ecp_group *grp, ecp_point *R,
+ const ecp_point *P, const ecp_point *Q )
+{
+ int ret;
+
+ MPI_CHK( ecp_add_mixed( grp, R, P, Q, -1 ) );
+ MPI_CHK( ecp_normalize( grp, R ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Compute a modified width-w non-adjacent form (NAF) of a number,
+ * with a fixed pattern for resistance to simple timing attacks (even SPA),
+ * see [1]. (The resulting multiplication algorithm can also been seen as a
+ * modification of 2^w-ary multiplication, with signed coefficients, all of
+ * them odd.)
+ *
+ * Input:
+ * m must be an odd positive mpi less than w * k bits long
+ * x must be an array of k elements
+ * w must be less than a certain maximum (currently 8)
+ *
+ * The result is a sequence x[0], ..., x[k-1] with x[i] in the range
+ * - 2^(width - 1) .. 2^(width - 1) - 1 such that
+ * m = (2 * x[0] + 1) + 2^width * (2 * x[1] + 1) + ...
+ * + 2^((k-1) * width) * (2 * x[k-1] + 1)
+ *
+ * Compared to "Algorithm SPA-resistant Width-w NAF with Odd Scalar"
+ * p. 335 of the cited reference, here we return only u, not d_w since
+ * it is known that the other d_w[j] will be 0. Moreover, the returned
+ * string doesn't actually store u_i but x_i = u_i / 2 since it is known
+ * that u_i is odd. Also, since we always select a positive value for d
+ * mod 2^w, we don't need to check the sign of u[i-1] when the reference
+ * does. Finally, there is an off-by-one error in the reference: the
+ * last index should be k-1, not k.
+ */
+static int ecp_w_naf_fixed( signed char x[], size_t k,
+ unsigned char w, const mpi *m )
+{
+ int ret;
+ unsigned int i, u, mask, carry;
+ mpi M;
+
+ mpi_init( &M );
+
+ MPI_CHK( mpi_copy( &M, m ) );
+ mask = ( 1 << w ) - 1;
+ carry = 1 << ( w - 1 );
+
+ for( i = 0; i < k; i++ )
+ {
+ u = M.p[0] & mask;
+
+ if( ( u & 1 ) == 0 && i > 0 )
+ x[i - 1] -= carry;
+
+ x[i] = u >> 1;
+ mpi_shift_r( &M, w );
+ }
+
+ /*
+ * We should have consumed all bits, unless the input value was too big
+ */
+ if( mpi_cmp_int( &M, 0 ) != 0 )
+ ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
+
+cleanup:
+
+ mpi_free( &M );
+
+ return( ret );
+}
+
+/*
+ * Precompute odd multiples of P up to (2 * t_len - 1) P.
+ * The table is filled with T[i] = (2 * i + 1) P.
+ */
+static int ecp_precompute( const ecp_group *grp,
+ ecp_point T[], size_t t_len,
+ const ecp_point *P )
+{
+ int ret;
+ size_t i;
+ ecp_point PP;
+
+ ecp_point_init( &PP );
+
+ MPI_CHK( ecp_add( grp, &PP, P, P ) );
+
+ MPI_CHK( ecp_copy( &T[0], P ) );
+
+ for( i = 1; i < t_len; i++ )
+ MPI_CHK( ecp_add_mixed( grp, &T[i], &T[i-1], &PP, +1 ) );
+
+ /*
+ * T[0] = P already has normalized coordinates
+ */
+ MPI_CHK( ecp_normalize_many( grp, T + 1, t_len - 1 ) );
+
+cleanup:
+
+ ecp_point_free( &PP );
+
+ return( ret );
+}
+
+/*
+ * Randomize jacobian coordinates:
+ * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l
+ * This is sort of the reverse operation of ecp_normalize().
+ */
+static int ecp_randomize_coordinates( const ecp_group *grp, ecp_point *pt,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret;
+ mpi l, ll;
+ size_t p_size = (grp->pbits + 7) / 8;
+ int count = 0;
+
+ mpi_init( &l ); mpi_init( &ll );
+
+ /* Generate l such that 1 < l < p */
+ do
+ {
+ mpi_fill_random( &l, p_size, f_rng, p_rng );
+
+ while( mpi_cmp_mpi( &l, &grp->P ) >= 0 )
+ mpi_shift_r( &l, 1 );
+
+ if( count++ > 10 )
+ return( POLARSSL_ERR_ECP_RANDOM_FAILED );
+ }
+ while( mpi_cmp_int( &l, 1 ) <= 0 );
+
+ /* Z = l * Z */
+ MPI_CHK( mpi_mul_mpi( &pt->Z, &pt->Z, &l ) ); MOD_MUL( pt->Z );
+
+ /* X = l^2 * X */
+ MPI_CHK( mpi_mul_mpi( &ll, &l, &l ) ); MOD_MUL( ll );
+ MPI_CHK( mpi_mul_mpi( &pt->X, &pt->X, &ll ) ); MOD_MUL( pt->X );
+
+ /* Y = l^3 * Y */
+ MPI_CHK( mpi_mul_mpi( &ll, &ll, &l ) ); MOD_MUL( ll );
+ MPI_CHK( mpi_mul_mpi( &pt->Y, &pt->Y, &ll ) ); MOD_MUL( pt->Y );
+
+cleanup:
+ mpi_free( &l ); mpi_free( &ll );
+
+ return( ret );
+}
+
+/*
+ * Maximum length of the precomputed table
+ */
+#define MAX_PRE_LEN ( 1 << (POLARSSL_ECP_WINDOW_SIZE - 1) )
+
+/*
+ * Maximum length of the NAF: ceil( grp->nbits + 1 ) / w
+ * (that is: grp->nbits / w + 1)
+ * Allow p_bits + 1 bits in case M = grp->N + 1 is one bit longer than N.
+ */
+#define MAX_NAF_LEN ( POLARSSL_ECP_MAX_BITS / 2 + 1 )
+
+/*
+ * Integer multiplication: R = m * P
+ *
+ * Based on fixed-pattern width-w NAF, see comments of ecp_w_naf_fixed().
+ *
+ * This function executes a fixed number of operations for
+ * random m in the range 0 .. 2^nbits - 1.
+ *
+ * As an additional countermeasure against potential timing attacks,
+ * we randomize coordinates before each addition. This was suggested as a
+ * countermeasure against DPA in 5.3 of [2] (with the obvious adaptation that
+ * we use jacobian coordinates, not standard projective coordinates).
+ */
+int ecp_mul( ecp_group *grp, ecp_point *R,
+ const mpi *m, const ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret;
+ unsigned char w, m_is_odd, p_eq_g;
+ size_t pre_len = 1, naf_len, i, j;
+ signed char naf[ MAX_NAF_LEN ];
+ ecp_point Q, *T = NULL, S[2];
+ mpi M;
+
+ if( mpi_cmp_int( m, 0 ) < 0 || mpi_msb( m ) > grp->nbits )
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+
+ mpi_init( &M );
+ ecp_point_init( &Q );
+ ecp_point_init( &S[0] );
+ ecp_point_init( &S[1] );
+
+ /*
+ * Check if P == G
+ */
+ p_eq_g = ( mpi_cmp_int( &P->Z, 1 ) == 0 &&
+ mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
+ mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
+
+ /*
+ * If P == G, pre-compute a lot of points: this will be re-used later,
+ * otherwise, choose window size depending on curve size
+ */
+ if( p_eq_g )
+ w = POLARSSL_ECP_WINDOW_SIZE;
+ else
+ w = grp->nbits >= 512 ? 6 :
+ grp->nbits >= 224 ? 5 :
+ 4;
+
+ /*
+ * Make sure w is within the limits.
+ * The last test ensures that none of the precomputed points is zero,
+ * which wouldn't be handled correctly by ecp_normalize_many().
+ * It is only useful for very small curves as used in the test suite.
+ */
+ if( w > POLARSSL_ECP_WINDOW_SIZE )
+ w = POLARSSL_ECP_WINDOW_SIZE;
+ if( w < 2 || w >= grp->nbits )
+ w = 2;
+
+ pre_len <<= ( w - 1 );
+ naf_len = grp->nbits / w + 1;
+
+ /*
+ * Prepare precomputed points: if P == G we want to
+ * use grp->T if already initialized, or initiliaze it.
+ */
+ if( ! p_eq_g || grp->T == NULL )
+ {
+ T = (ecp_point *) polarssl_malloc( pre_len * sizeof( ecp_point ) );
+ if( T == NULL )
+ {
+ ret = POLARSSL_ERR_ECP_MALLOC_FAILED;
+ goto cleanup;
+ }
+
+ for( i = 0; i < pre_len; i++ )
+ ecp_point_init( &T[i] );
+
+ MPI_CHK( ecp_precompute( grp, T, pre_len, P ) );
+
+ if( p_eq_g )
+ {
+ grp->T = T;
+ grp->T_size = pre_len;
+ }
+ }
+ else
+ {
+ T = grp->T;
+
+ /* Should never happen, but we want to be extra sure */
+ if( pre_len != grp->T_size )
+ {
+ ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Make sure M is odd (M = m + 1 or M = m + 2)
+ * later we'll get m * P by subtracting P or 2 * P to M * P.
+ */
+ m_is_odd = ( mpi_get_bit( m, 0 ) == 1 );
+
+ MPI_CHK( mpi_copy( &M, m ) );
+ MPI_CHK( mpi_add_int( &M, &M, 1 + m_is_odd ) );
+
+ /*
+ * Compute the fixed-pattern NAF of M
+ */
+ MPI_CHK( ecp_w_naf_fixed( naf, naf_len, w, &M ) );
+
+ /*
+ * Compute M * P, using a variant of left-to-right 2^w-ary multiplication:
+ * at each step we add (2 * naf[i] + 1) P, then multiply by 2^w.
+ *
+ * If naf[i] >= 0, we have (2 * naf[i] + 1) P == T[ naf[i] ]
+ * Otherwise, (2 * naf[i] + 1) P == - ( 2 * ( - naf[i] - 1 ) + 1) P
+ * == T[ - naf[i] - 1 ]
+ */
+ MPI_CHK( ecp_set_zero( &Q ) );
+ i = naf_len - 1;
+ while( 1 )
+ {
+ /* Countermeasure (see comments above) */
+ if( f_rng != NULL )
+ ecp_randomize_coordinates( grp, &Q, f_rng, p_rng );
+
+ if( naf[i] < 0 )
+ {
+ MPI_CHK( ecp_add_mixed( grp, &Q, &Q, &T[ - naf[i] - 1 ], -1 ) );
+ }
+ else
+ {
+ MPI_CHK( ecp_add_mixed( grp, &Q, &Q, &T[ naf[i] ], +1 ) );
+ }
+
+ if( i == 0 )
+ break;
+ i--;
+
+ for( j = 0; j < w; j++ )
+ {
+ MPI_CHK( ecp_double_jac( grp, &Q, &Q ) );
+ }
+ }
+
+ /*
+ * Now get m * P from M * P
+ */
+ MPI_CHK( ecp_copy( &S[0], P ) );
+ MPI_CHK( ecp_add( grp, &S[1], P, P ) );
+ MPI_CHK( ecp_sub( grp, R, &Q, &S[m_is_odd] ) );
+
+
+cleanup:
+
+ if( T != NULL && ! p_eq_g )
+ {
+ for( i = 0; i < pre_len; i++ )
+ ecp_point_free( &T[i] );
+ polarssl_free( T );
+ }
+
+ ecp_point_free( &S[1] );
+ ecp_point_free( &S[0] );
+ ecp_point_free( &Q );
+ mpi_free( &M );
+
+ return( ret );
+}
+
+/*
+ * Check that a point is valid as a public key (SEC1 3.2.3.1)
+ */
+int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
+{
+ int ret;
+ mpi YY, RHS;
+
+ if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
+ return( POLARSSL_ERR_ECP_INVALID_KEY );
+
+ /*
+ * pt coordinates must be normalized for our checks
+ */
+ if( mpi_cmp_int( &pt->Z, 1 ) != 0 )
+ return( POLARSSL_ERR_ECP_INVALID_KEY );
+
+ if( mpi_cmp_int( &pt->X, 0 ) < 0 ||
+ mpi_cmp_int( &pt->Y, 0 ) < 0 ||
+ mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
+ mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
+ return( POLARSSL_ERR_ECP_INVALID_KEY );
+
+ mpi_init( &YY ); mpi_init( &RHS );
+
+ /*
+ * YY = Y^2
+ * RHS = X (X^2 + A) + B = X^3 + A X + B
+ */
+ MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
+ MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
+ MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->A ) ); MOD_ADD( RHS );
+ MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
+ MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
+
+ if( mpi_cmp_mpi( &YY, &RHS ) != 0 )
+ ret = POLARSSL_ERR_ECP_INVALID_KEY;
+
+cleanup:
+
+ mpi_free( &YY ); mpi_free( &RHS );
+
+ return( ret );
+}
+
+/*
+ * Check that an mpi is valid as a private key (SEC1 3.2)
+ */
+int ecp_check_privkey( const ecp_group *grp, const mpi *d )
+{
+ /* We want 1 <= d <= N-1 */
+ if ( mpi_cmp_int( d, 1 ) < 0 || mpi_cmp_mpi( d, &grp->N ) >= 0 )
+ return( POLARSSL_ERR_ECP_INVALID_KEY );
+
+ return( 0 );
+}
+
+/*
+ * Generate a keypair (SEC1 3.2.1)
+ */
+int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int count = 0;
+ size_t n_size = (grp->nbits + 7) / 8;
+
+ /*
+ * Generate d such that 1 <= n < N
+ */
+ do
+ {
+ mpi_fill_random( d, n_size, f_rng, p_rng );
+
+ while( mpi_cmp_mpi( d, &grp->N ) >= 0 )
+ mpi_shift_r( d, 1 );
+
+ if( count++ > 10 )
+ return( POLARSSL_ERR_ECP_RANDOM_FAILED );
+ }
+ while( mpi_cmp_int( d, 1 ) < 0 );
+
+ return( ecp_mul( grp, Q, d, &grp->G, f_rng, p_rng ) );
+}
+
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+/*
+ * Fast reduction modulo the primes used by the NIST curves.
+ *
+ * These functions are: critical for speed, but not need for correct
+ * operations. So, we make the choice to heavily rely on the internals of our
+ * bignum library, which creates a tight coupling between these functions and
+ * our MPI implementation. However, the coupling between the ECP module and
+ * MPI remains loose, since these functions can be deactivated at will.
+ */
+
+#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
+/*
+ * Compared to the way things are presented in FIPS 186-3 D.2,
+ * we proceed in columns, from right (least significant chunk) to left,
+ * adding chunks to N in place, and keeping a carry for the next chunk.
+ * This avoids moving things around in memory, and uselessly adding zeros,
+ * compared to the more straightforward, line-oriented approach.
+ *
+ * For this prime we need to handle data in chunks of 64 bits.
+ * Since this is always a multiple of our basic t_uint, we can
+ * use a t_uint * to designate such a chunk, and small loops to handle it.
+ */
+
+/* Add 64-bit chunks (dst += src) and update carry */
+static inline void add64( t_uint *dst, t_uint *src, t_uint *carry )
+{
+ unsigned char i;
+ t_uint c = 0;
+ for( i = 0; i < 8 / sizeof( t_uint ); i++, dst++, src++ )
+ {
+ *dst += c; c = ( *dst < c );
+ *dst += *src; c += ( *dst < *src );
+ }
+ *carry += c;
+}
+
+/* Add carry to a 64-bit chunk and update carry */
+static inline void carry64( t_uint *dst, t_uint *carry )
+{
+ unsigned char i;
+ for( i = 0; i < 8 / sizeof( t_uint ); i++, dst++ )
+ {
+ *dst += *carry;
+ *carry = ( *dst < *carry );
+ }
+}
+
+#define WIDTH 8 / sizeof( t_uint )
+#define A( i ) N->p + i * WIDTH
+#define ADD( i ) add64( p, A( i ), &c )
+#define NEXT p += WIDTH; carry64( p, &c )
+#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
+
+/*
+ * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
+ */
+static int ecp_mod_p192( mpi *N )
+{
+ int ret;
+ t_uint c = 0;
+ t_uint *p, *end;
+
+ /* Make sure we have enough blocks so that A(5) is legal */
+ MPI_CHK( mpi_grow( N, 6 * WIDTH ) );
+
+ p = N->p;
+ end = p + N->n;
+
+ ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5
+ ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5
+ ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5
+
+cleanup:
+ return( ret );
+}
+
+#undef WIDTH
+#undef A
+#undef ADD
+#undef NEXT
+#undef LAST
+#endif /* POLARSSL_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) || \
+ defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) || \
+ defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
+/*
+ * The reader is advised to first understand ecp_mod_p192() since the same
+ * general structure is used here, but with additional complications:
+ * (1) chunks of 32 bits, and (2) subtractions.
+ */
+
+/*
+ * For these primes, we need to handle data in chunks of 32 bits.
+ * This makes it more complicated if we use 64 bits limbs in MPI,
+ * which prevents us from using a uniform access method as for p192.
+ *
+ * So, we define a mini abstraction layer to access 32 bit chunks,
+ * load them in 'cur' for work, and store them back from 'cur' when done.
+ *
+ * While at it, also define the size of N in terms of 32-bit chunks.
+ */
+#define LOAD32 cur = A( i );
+
+#if defined(POLARSSL_HAVE_INT8) /* 8 bit */
+
+#define MAX32 N->n / 4
+#define A( j ) (uint32_t)( N->p[4*j+0] ) | \
+ ( N->p[4*j+1] << 8 ) | \
+ ( N->p[4*j+2] << 16 ) | \
+ ( N->p[4*j+3] << 24 )
+#define STORE32 N->p[4*i+0] = (uint8_t)( cur ); \
+ N->p[4*i+1] = (uint8_t)( cur >> 8 ); \
+ N->p[4*i+2] = (uint8_t)( cur >> 16 ); \
+ N->p[4*i+3] = (uint8_t)( cur >> 24 );
+
+#elif defined(POLARSSL_HAVE_INT16) /* 16 bit */
+
+#define MAX32 N->n / 2
+#define A( j ) (uint32_t)( N->p[2*j] ) | ( N->p[2*j+1] << 16 )
+#define STORE32 N->p[2*i+0] = (uint16_t)( cur ); \
+ N->p[2*i+1] = (uint16_t)( cur >> 16 );
+
+#elif defined(POLARSSL_HAVE_INT32) /* 32 bit */
+
+#define MAX32 N->n
+#define A( j ) N->p[j]
+#define STORE32 N->p[i] = cur;
+
+#else /* 64-bit */
+
+#define MAX32 N->n * 2
+#define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] )
+#define STORE32 \
+ if( i % 2 ) { \
+ N->p[i/2] &= 0x00000000FFFFFFFF; \
+ N->p[i/2] |= ((uint64_t) cur) << 32; \
+ } else { \
+ N->p[i/2] &= 0xFFFFFFFF00000000; \
+ N->p[i/2] |= (uint64_t) cur; \
+ }
+
+#endif /* sizeof( t_uint ) */
+
+/*
+ * Helpers for addition and subtraction of chunks, with signed carry.
+ */
+static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
+{
+ *dst += src;
+ *carry += ( *dst < src );
+}
+
+static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
+{
+ *carry -= ( *dst < src );
+ *dst -= src;
+}
+
+#define ADD( j ) add32( &cur, A( j ), &c );
+#define SUB( j ) sub32( &cur, A( j ), &c );
+
+/*
+ * Helpers for the main 'loop'
+ * (see fix_negative for the motivation of C)
+ */
+#define INIT( b ) \
+ int ret; \
+ signed char c = 0, cc; \
+ uint32_t cur; \
+ size_t i = 0, bits = b; \
+ mpi C; \
+ t_uint Cp[ b / 8 / sizeof( t_uint) + 1 ]; \
+ \
+ C.s = 1; \
+ C.n = b / 8 / sizeof( t_uint) + 1; \
+ C.p = Cp; \
+ memset( Cp, 0, C.n * sizeof( t_uint ) ); \
+ \
+ MPI_CHK( mpi_grow( N, b * 2 / 8 / sizeof( t_uint ) ) ); \
+ LOAD32;
+
+#define NEXT \
+ STORE32; i++; LOAD32; \
+ cc = c; c = 0; \
+ if( cc < 0 ) \
+ sub32( &cur, -cc, &c ); \
+ else \
+ add32( &cur, cc, &c ); \
+
+#define LAST \
+ STORE32; i++; \
+ cur = c > 0 ? c : 0; STORE32; \
+ cur = 0; while( ++i < MAX32 ) { STORE32; } \
+ if( c < 0 ) fix_negative( N, c, &C, bits );
+
+/*
+ * If the result is negative, we get it in the form
+ * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
+ */
+static inline int fix_negative( mpi *N, signed char c, mpi *C, size_t bits )
+{
+ int ret;
+
+ /* C = - c * 2^(bits + 32) */
+#if !defined(POLARSSL_HAVE_INT64)
+ ((void) bits);
+#else
+ if( bits == 224 )
+ C->p[ C->n - 1 ] = ((t_uint) -c) << 32;
+ else
+#endif
+ C->p[ C->n - 1 ] = (t_uint) -c;
+
+ /* N = - ( C - N ) */
+ MPI_CHK( mpi_sub_abs( N, C, N ) );
+ N->s = -1;
+
+cleanup:
+
+ return( ret );
+}
+
+#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
+ */
+static int ecp_mod_p224( mpi *N )
+{
+ INIT( 224 );
+
+ SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11
+ SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12
+ SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13
+ SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11
+ SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12
+ SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13
+ SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10
+
+cleanup:
+ return( ret );
+}
+#endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
+ */
+static int ecp_mod_p256( mpi *N )
+{
+ INIT( 256 );
+
+ ADD( 8 ); ADD( 9 );
+ SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0
+
+ ADD( 9 ); ADD( 10 );
+ SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1
+
+ ADD( 10 ); ADD( 11 );
+ SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2
+
+ ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
+ SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3
+
+ ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
+ SUB( 9 ); SUB( 10 ); NEXT; // A4
+
+ ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
+ SUB( 10 ); SUB( 11 ); NEXT; // A5
+
+ ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
+ SUB( 8 ); SUB( 9 ); NEXT; // A6
+
+ ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
+ SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7
+
+cleanup:
+ return( ret );
+}
+#endif /* POLARSSL_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
+ */
+static int ecp_mod_p384( mpi *N )
+{
+ INIT( 384 );
+
+ ADD( 12 ); ADD( 21 ); ADD( 20 );
+ SUB( 23 ); NEXT; // A0
+
+ ADD( 13 ); ADD( 22 ); ADD( 23 );
+ SUB( 12 ); SUB( 20 ); NEXT; // A2
+
+ ADD( 14 ); ADD( 23 );
+ SUB( 13 ); SUB( 21 ); NEXT; // A2
+
+ ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
+ SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3
+
+ ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
+ SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4
+
+ ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
+ SUB( 16 ); NEXT; // A5
+
+ ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
+ SUB( 17 ); NEXT; // A6
+
+ ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
+ SUB( 18 ); NEXT; // A7
+
+ ADD( 20 ); ADD( 17 ); ADD( 16 );
+ SUB( 19 ); NEXT; // A8
+
+ ADD( 21 ); ADD( 18 ); ADD( 17 );
+ SUB( 20 ); NEXT; // A9
+
+ ADD( 22 ); ADD( 19 ); ADD( 18 );
+ SUB( 21 ); NEXT; // A10
+
+ ADD( 23 ); ADD( 20 ); ADD( 19 );
+ SUB( 22 ); LAST; // A11
+
+cleanup:
+ return( ret );
+}
+#endif /* POLARSSL_ECP_DP_SECP384R1_ENABLED */
+
+#undef A
+#undef LOAD32
+#undef STORE32
+#undef MAX32
+#undef INIT
+#undef NEXT
+#undef LAST
+
+#endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED ||
+ POLARSSL_ECP_DP_SECP256R1_ENABLED ||
+ POLARSSL_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
+/*
+ * Here we have an actual Mersenne prime, so things are more straightforward.
+ * However, chunks are aligned on a 'weird' boundary (521 bits).
+ */
+
+/* Size of p521 in terms of t_uint */
+#define P521_WIDTH ( 521 / 8 / sizeof( t_uint ) + 1 )
+
+/* Bits to keep in the most significant t_uint */
+#if defined(POLARSSL_HAVE_INT8)
+#define P521_MASK 0x01
+#else
+#define P521_MASK 0x01FF
+#endif
+
+/*
+ * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
+ * Write N as A1 + 2^521 A0, return A0 + A1
+ */
+static int ecp_mod_p521( mpi *N )
+{
+ int ret;
+ size_t i;
+ mpi M;
+ t_uint Mp[P521_WIDTH + 1];
+ /* Worst case for the size of M is when t_uint is 16 bits:
+ * we need to hold bits 513 to 1056, which is 34 limbs, that is
+ * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
+
+ if( N->n < P521_WIDTH )
+ return( 0 );
+
+ /* M = A1 */
+ M.s = 1;
+ M.n = N->n - ( P521_WIDTH - 1 );
+ if( M.n > P521_WIDTH + 1 )
+ M.n = P521_WIDTH + 1;
+ M.p = Mp;
+ memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( t_uint ) );
+ MPI_CHK( mpi_shift_r( &M, 521 % ( 8 * sizeof( t_uint ) ) ) );
+
+ /* N = A0 */
+ N->p[P521_WIDTH - 1] &= P521_MASK;
+ for( i = P521_WIDTH; i < N->n; i++ )
+ N->p[i] = 0;
+
+ /* N = A0 + A1 */
+ MPI_CHK( mpi_add_abs( N, N, &M ) );
+
+cleanup:
+ return( ret );
+}
+
+#undef P521_WIDTH
+#undef P521_MASK
+#endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
+
+#endif /* POLARSSL_ECP_NIST_OPTIM */
+
+#if defined(POLARSSL_SELF_TEST)
+
+/*
+ * Checkup routine
+ */
+int ecp_self_test( int verbose )
+{
+ int ret;
+ size_t i;
+ ecp_group grp;
+ ecp_point R, P;
+ mpi m;
+ unsigned long add_c_prev, dbl_c_prev;
+ /* exponents especially adapted for secp192r1 */
+ const char *exponents[] =
+ {
+ "000000000000000000000000000000000000000000000000", /* zero */
+ "000000000000000000000000000000000000000000000001", /* one */
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", /* N */
+ "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */
+ "400000000000000000000000000000000000000000000000",
+ "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "555555555555555555555555555555555555555555555555",
+ };
+
+ ecp_group_init( &grp );
+ ecp_point_init( &R );
+ ecp_point_init( &P );
+ mpi_init( &m );
+
+ /* Use secp192r1 if available, or any available curve */
+#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
+ MPI_CHK( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_SECP192R1 ) );
+#else
+ MPI_CHK( ecp_use_known_dp( &grp, ecp_curve_list()->grp_id ) );
+#endif
+
+ if( verbose != 0 )
+ printf( " ECP test #1 (constant op_count, base point G): " );
+
+ /* Do a dummy multiplication first to trigger precomputation */
+ MPI_CHK( mpi_lset( &m, 2 ) );
+ MPI_CHK( ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) );
+
+ add_count = 0;
+ dbl_count = 0;
+ MPI_CHK( mpi_read_string( &m, 16, exponents[0] ) );
+ MPI_CHK( ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) );
+
+ for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ )
+ {
+ add_c_prev = add_count;
+ dbl_c_prev = dbl_count;
+ add_count = 0;
+ dbl_count = 0;
+
+ MPI_CHK( mpi_read_string( &m, 16, exponents[i] ) );
+ MPI_CHK( ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) );
+
+ if( add_count != add_c_prev || dbl_count != dbl_c_prev )
+ {
+ if( verbose != 0 )
+ printf( "failed (%zu)\n", i );
+
+ ret = 1;
+ goto cleanup;
+ }
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n" );
+
+ if( verbose != 0 )
+ printf( " ECP test #2 (constant op_count, other point): " );
+ /* We computed P = 2G last time, use it */
+
+ add_count = 0;
+ dbl_count = 0;
+ MPI_CHK( mpi_read_string( &m, 16, exponents[0] ) );
+ MPI_CHK( ecp_mul( &grp, &R, &m, &P, NULL, NULL ) );
+
+ for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ )
+ {
+ add_c_prev = add_count;
+ dbl_c_prev = dbl_count;
+ add_count = 0;
+ dbl_count = 0;
+
+ MPI_CHK( mpi_read_string( &m, 16, exponents[i] ) );
+ MPI_CHK( ecp_mul( &grp, &R, &m, &P, NULL, NULL ) );
+
+ if( add_count != add_c_prev || dbl_count != dbl_c_prev )
+ {
+ if( verbose != 0 )
+ printf( "failed (%zu)\n", i );
+
+ ret = 1;
+ goto cleanup;
+ }
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n" );
+
+cleanup:
+
+ if( ret < 0 && verbose != 0 )
+ printf( "Unexpected error, return code = %08X\n", ret );
+
+ ecp_group_free( &grp );
+ ecp_point_free( &R );
+ ecp_point_free( &P );
+ mpi_free( &m );
+
+ if( verbose != 0 )
+ printf( "\n" );
+
+ return( ret );
+}
+
+#endif
+
+#endif
/*
* Entropy accumulator implementation
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
{
memset( ctx, 0, sizeof(entropy_context) );
- sha4_starts( &ctx->accumulator, 0 );
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_init( &ctx->mutex );
+#endif
+
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
+ sha512_starts( &ctx->accumulator, 0 );
+#else
+ sha256_starts( &ctx->accumulator, 0 );
+#endif
#if defined(POLARSSL_HAVEGE_C)
havege_init( &ctx->havege_data );
#endif
#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
}
+void entropy_free( entropy_context *ctx )
+{
+ ((void) ctx);
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_free( &ctx->mutex );
+#endif
+}
+
int entropy_add_source( entropy_context *ctx,
f_source_ptr f_source, void *p_source,
size_t threshold )
/*
* Entropy accumulator update
*/
-int entropy_update( entropy_context *ctx, unsigned char source_id,
- const unsigned char *data, size_t len )
+static int entropy_update( entropy_context *ctx, unsigned char source_id,
+ const unsigned char *data, size_t len )
{
unsigned char header[2];
unsigned char tmp[ENTROPY_BLOCK_SIZE];
size_t use_len = len;
const unsigned char *p = data;
-
+
if( use_len > ENTROPY_BLOCK_SIZE )
{
- sha4( data, len, tmp, 0 );
-
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
+ sha512( data, len, tmp, 0 );
+#else
+ sha256( data, len, tmp, 0 );
+#endif
p = tmp;
use_len = ENTROPY_BLOCK_SIZE;
}
header[0] = source_id;
header[1] = use_len & 0xFF;
- sha4_update( &ctx->accumulator, header, 2 );
- sha4_update( &ctx->accumulator, p, use_len );
-
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
+ sha512_update( &ctx->accumulator, header, 2 );
+ sha512_update( &ctx->accumulator, p, use_len );
+#else
+ sha256_update( &ctx->accumulator, header, 2 );
+ sha256_update( &ctx->accumulator, p, use_len );
+#endif
+
return( 0 );
}
if( len > ENTROPY_BLOCK_SIZE )
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
+#if defined(POLARSSL_THREADING_C)
+ if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
+ return( ret );
+#endif
+
/*
* Always gather extra entropy before a call
*/
do
{
if( count++ > ENTROPY_MAX_LOOP )
- return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
+ {
+ ret = POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
+ goto exit;
+ }
if( ( ret = entropy_gather( ctx ) ) != 0 )
- return( ret );
+ goto exit;
reached = 0;
memset( buf, 0, ENTROPY_BLOCK_SIZE );
- sha4_finish( &ctx->accumulator, buf );
-
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
+ sha512_finish( &ctx->accumulator, buf );
+
/*
* Perform second SHA-512 on entropy
*/
- sha4( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
+ sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
/*
* Reset accumulator and counters and recycle existing entropy
*/
- memset( &ctx->accumulator, 0, sizeof( sha4_context ) );
- sha4_starts( &ctx->accumulator, 0 );
- sha4_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
+ memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
+ sha512_starts( &ctx->accumulator, 0 );
+ sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
+#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
+ sha256_finish( &ctx->accumulator, buf );
+
+ /*
+ * Perform second SHA-256 on entropy
+ */
+ sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
+
+ /*
+ * Reset accumulator and counters and recycle existing entropy
+ */
+ memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
+ sha256_starts( &ctx->accumulator, 0 );
+ sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
+#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
for( i = 0; i < ctx->source_count; i++ )
ctx->source[i].size = 0;
memcpy( output, buf, len );
- return( 0 );
+ ret = 0;
+
+exit:
+#if defined(POLARSSL_THREADING_C)
+ if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
+ return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+ return( ret );
}
#endif
#endif
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
-#if defined(_WIN32)
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-#include <windows.h>
#if !defined(_WIN32_WINNT)
#define _WIN32_WINNT 0x0400
#endif
+#include <windows.h>
#include <wincrypt.h>
int platform_entropy_poll( void *data, unsigned char *output, size_t len,
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
}
- if( CryptGenRandom( provider, len, output ) == FALSE )
+ if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
CryptReleaseContext( provider, 0 );
/*
* Error message information
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#if defined(POLARSSL_ERROR_C)
+#include "polarssl/error.h"
+
#if defined(POLARSSL_AES_C)
#include "polarssl/aes.h"
#endif
#include "polarssl/bignum.h"
#endif
+#if defined(POLARSSL_BLOWFISH_C)
+#include "polarssl/blowfish.h"
+#endif
+
#if defined(POLARSSL_CAMELLIA_C)
#include "polarssl/camellia.h"
#endif
#include "polarssl/dhm.h"
#endif
+#if defined(POLARSSL_ECP_C)
+#include "polarssl/ecp.h"
+#endif
+
#if defined(POLARSSL_ENTROPY_C)
#include "polarssl/entropy.h"
#endif
+#if defined(POLARSSL_GCM_C)
+#include "polarssl/gcm.h"
+#endif
+
#if defined(POLARSSL_MD_C)
#include "polarssl/md.h"
#endif
#include "polarssl/net.h"
#endif
+#if defined(POLARSSL_OID_C)
+#include "polarssl/oid.h"
+#endif
+
#if defined(POLARSSL_PADLOCK_C)
#include "polarssl/padlock.h"
#endif
-#if defined(POLARSSL_PEM_C)
+#if defined(POLARSSL_PBKDF2_C)
+#include "polarssl/pbkdf2.h"
+#endif
+
+#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
#include "polarssl/pem.h"
#endif
+#if defined(POLARSSL_PK_C)
+#include "polarssl/pk.h"
+#endif
+
+#if defined(POLARSSL_PKCS12_C)
+#include "polarssl/pkcs12.h"
+#endif
+
+#if defined(POLARSSL_PKCS5_C)
+#include "polarssl/pkcs5.h"
+#endif
+
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
#include "polarssl/sha1.h"
#endif
-#if defined(POLARSSL_SHA2_C)
-#include "polarssl/sha2.h"
+#if defined(POLARSSL_SHA256_C)
+#include "polarssl/sha256.h"
#endif
-#if defined(POLARSSL_SHA4_C)
-#include "polarssl/sha4.h"
+#if defined(POLARSSL_SHA512_C)
+#include "polarssl/sha512.h"
#endif
#if defined(POLARSSL_SSL_TLS_C)
#include "polarssl/ssl.h"
#endif
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_THREADING_C)
+#include "polarssl/threading.h"
+#endif
+
+#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
#include "polarssl/x509.h"
#endif
#include <string.h>
-#if defined _MSC_VER && !defined snprintf
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
#define snprintf _snprintf
#endif
-void error_strerror( int ret, char *buf, size_t buflen )
+void polarssl_strerror( int ret, char *buf, size_t buflen )
{
size_t len;
int use_ret;
+ if( buflen == 0 )
+ return;
+
memset( buf, 0x00, buflen );
-
+ /* Reduce buflen to make sure MSVC _snprintf() ends with \0 as well */
+ buflen -= 1;
+
if( ret < 0 )
ret = -ret;
snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" );
if( use_ret == -(POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED) )
snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
+ if( use_ret == -(POLARSSL_ERR_CIPHER_AUTH_FAILED) )
+ snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
#endif /* POLARSSL_CIPHER_C */
#if defined(POLARSSL_DHM_C)
if( use_ret == -(POLARSSL_ERR_DHM_READ_PUBLIC_FAILED) )
snprintf( buf, buflen, "DHM - Reading of the public values failed" );
if( use_ret == -(POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED) )
- snprintf( buf, buflen, "DHM - Makeing of the public value failed" );
+ snprintf( buf, buflen, "DHM - Making of the public value failed" );
if( use_ret == -(POLARSSL_ERR_DHM_CALC_SECRET_FAILED) )
snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" );
+ if( use_ret == -(POLARSSL_ERR_DHM_INVALID_FORMAT) )
+ snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" );
+ if( use_ret == -(POLARSSL_ERR_DHM_MALLOC_FAILED) )
+ snprintf( buf, buflen, "DHM - Allocation of memory failed" );
+ if( use_ret == -(POLARSSL_ERR_DHM_FILE_IO_ERROR) )
+ snprintf( buf, buflen, "DHM - Read/write of file failed" );
#endif /* POLARSSL_DHM_C */
+#if defined(POLARSSL_ECP_C)
+ if( use_ret == -(POLARSSL_ERR_ECP_BAD_INPUT_DATA) )
+ snprintf( buf, buflen, "ECP - Bad input parameters to function" );
+ if( use_ret == -(POLARSSL_ERR_ECP_BUFFER_TOO_SMALL) )
+ snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
+ if( use_ret == -(POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE) )
+ snprintf( buf, buflen, "ECP - Requested curve not available" );
+ if( use_ret == -(POLARSSL_ERR_ECP_VERIFY_FAILED) )
+ snprintf( buf, buflen, "ECP - The signature is not valid" );
+ if( use_ret == -(POLARSSL_ERR_ECP_MALLOC_FAILED) )
+ snprintf( buf, buflen, "ECP - Memory allocation failed" );
+ if( use_ret == -(POLARSSL_ERR_ECP_RANDOM_FAILED) )
+ snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
+ if( use_ret == -(POLARSSL_ERR_ECP_INVALID_KEY) )
+ snprintf( buf, buflen, "ECP - Invalid private or public key" );
+#endif /* POLARSSL_ECP_C */
+
#if defined(POLARSSL_MD_C)
if( use_ret == -(POLARSSL_ERR_MD_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "MD - The selected feature is not available" );
snprintf( buf, buflen, "MD - Opening or reading of file failed" );
#endif /* POLARSSL_MD_C */
-#if defined(POLARSSL_PEM_C)
- if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_PRESENT) )
- snprintf( buf, buflen, "PEM - No PEM header found" );
+#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
+ if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
+ snprintf( buf, buflen, "PEM - No PEM header or footer found" );
if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
snprintf( buf, buflen, "PEM - PEM string is not as expected" );
if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
-#endif /* POLARSSL_PEM_C */
+ if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) )
+ snprintf( buf, buflen, "PEM - Bad input parameters to function" );
+#endif /* POLARSSL_PEM_PARSE_C || POLARSSL_PEM_WRITE_C */
+
+#if defined(POLARSSL_PK_C)
+ if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
+ snprintf( buf, buflen, "PK - Memory alloation failed" );
+ if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
+ snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
+ if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) )
+ snprintf( buf, buflen, "PK - Bad input parameters to function" );
+ if( use_ret == -(POLARSSL_ERR_PK_FILE_IO_ERROR) )
+ snprintf( buf, buflen, "PK - Read/write of file failed" );
+ if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_VERSION) )
+ snprintf( buf, buflen, "PK - Unsupported key version" );
+ if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_FORMAT) )
+ snprintf( buf, buflen, "PK - Invalid key tag or value" );
+ if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_PK_ALG) )
+ snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
+ if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_REQUIRED) )
+ snprintf( buf, buflen, "PK - Private key password can't be empty" );
+ if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_MISMATCH) )
+ snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" );
+ if( use_ret == -(POLARSSL_ERR_PK_INVALID_PUBKEY) )
+ snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
+ if( use_ret == -(POLARSSL_ERR_PK_INVALID_ALG) )
+ snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" );
+ if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE) )
+ snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
+ if( use_ret == -(POLARSSL_ERR_PK_FEATURE_UNAVAILABLE) )
+ snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
+#endif /* POLARSSL_PK_C */
+
+#if defined(POLARSSL_PKCS12_C)
+ if( use_ret == -(POLARSSL_ERR_PKCS12_BAD_INPUT_DATA) )
+ snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" );
+ if( use_ret == -(POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE) )
+ snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
+ if( use_ret == -(POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT) )
+ snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
+ if( use_ret == -(POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH) )
+ snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" );
+#endif /* POLARSSL_PKCS12_C */
+
+#if defined(POLARSSL_PKCS5_C)
+ if( use_ret == -(POLARSSL_ERR_PKCS5_BAD_INPUT_DATA) )
+ snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
+ if( use_ret == -(POLARSSL_ERR_PKCS5_INVALID_FORMAT) )
+ snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" );
+ if( use_ret == -(POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE) )
+ snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" );
+ if( use_ret == -(POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH) )
+ snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" );
+#endif /* POLARSSL_PKCS5_C */
#if defined(POLARSSL_RSA_C)
if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) )
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED) )
snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" );
if( use_ret == -(POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED) )
- snprintf( buf, buflen, "SSL - The own private key is not set, but needed" );
+ snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" );
if( use_ret == -(POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED) )
snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" );
if( use_ret == -(POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE) )
snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" );
if( use_ret == -(POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE) )
+ {
snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" );
+ return;
+ }
if( use_ret == -(POLARSSL_ERR_SSL_PEER_VERIFY_FAILED) )
snprintf( buf, buflen, "SSL - Verification of our peer failed" );
if( use_ret == -(POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) )
snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) )
snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" );
- if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP) )
- snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM Read Public" );
- if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS) )
- snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret" );
+ if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) )
+ snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
+ if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) )
+ snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) )
snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) )
snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_MALLOC_FAILED) )
snprintf( buf, buflen, "SSL - Memory allocation failed" );
+ if( use_ret == -(POLARSSL_ERR_SSL_HW_ACCEL_FAILED) )
+ snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" );
+ if( use_ret == -(POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH) )
+ snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" );
+ if( use_ret == -(POLARSSL_ERR_SSL_COMPRESSION_FAILED) )
+ snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" );
+ if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION) )
+ snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" );
+ if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET) )
+ snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" );
+ if( use_ret == -(POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED) )
+ snprintf( buf, buflen, "SSL - Session ticket has expired" );
+ if( use_ret == -(POLARSSL_ERR_SSL_PK_TYPE_MISMATCH) )
+ snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
+ if( use_ret == -(POLARSSL_ERR_SSL_UNKNOWN_IDENTITY) )
+ snprintf( buf, buflen, "SSL - Unkown identity received (eg, PSK identity)" );
+ if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) )
+ snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
#endif /* POLARSSL_SSL_TLS_C */
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
if( use_ret == -(POLARSSL_ERR_X509_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_PEM) )
- snprintf( buf, buflen, "X509 - The PEM-encoded certificate contains invalid elements, e.g. invalid character" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_FORMAT) )
- snprintf( buf, buflen, "X509 - The certificate format is invalid, e.g. different type expected" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_VERSION) )
- snprintf( buf, buflen, "X509 - The certificate version element is invalid" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_SERIAL) )
+ if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_OID) )
+ snprintf( buf, buflen, "X509 - Requested OID is unknown" );
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_FORMAT) )
+ snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_VERSION) )
+ snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" );
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_SERIAL) )
snprintf( buf, buflen, "X509 - The serial tag or value is invalid" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_ALG) )
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_ALG) )
snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_NAME) )
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_NAME) )
snprintf( buf, buflen, "X509 - The name tag or value is invalid" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_DATE) )
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_DATE) )
snprintf( buf, buflen, "X509 - The date tag or value is invalid" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_PUBKEY) )
- snprintf( buf, buflen, "X509 - The pubkey tag or value is invalid (only RSA is supported)" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE) )
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_SIGNATURE) )
snprintf( buf, buflen, "X509 - The signature tag or value invalid" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS) )
+ if( use_ret == -(POLARSSL_ERR_X509_INVALID_EXTENSIONS) )
snprintf( buf, buflen, "X509 - The extension tag or value is invalid" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION) )
- snprintf( buf, buflen, "X509 - Certificate or CRL has an unsupported version number" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG) )
+ if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_VERSION) )
+ snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" );
+ if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_SIG_ALG) )
snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" );
- if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_PK_ALG) )
- snprintf( buf, buflen, "X509 - Key algorithm is unsupported (only RSA is supported)" );
- if( use_ret == -(POLARSSL_ERR_X509_CERT_SIG_MISMATCH) )
- snprintf( buf, buflen, "X509 - Certificate signature algorithms do not match. (see \\c ::x509_cert sig_oid)" );
+ if( use_ret == -(POLARSSL_ERR_X509_SIG_MISMATCH) )
+ snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::x509_crt sig_oid)" );
if( use_ret == -(POLARSSL_ERR_X509_CERT_VERIFY_FAILED) )
snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
- if( use_ret == -(POLARSSL_ERR_X509_KEY_INVALID_VERSION) )
- snprintf( buf, buflen, "X509 - Unsupported RSA key version" );
- if( use_ret == -(POLARSSL_ERR_X509_KEY_INVALID_FORMAT) )
- snprintf( buf, buflen, "X509 - Invalid RSA key tag or value" );
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) )
snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
- if( use_ret == -(POLARSSL_ERR_X509_INVALID_INPUT) )
+ if( use_ret == -(POLARSSL_ERR_X509_BAD_INPUT_DATA) )
snprintf( buf, buflen, "X509 - Input invalid" );
if( use_ret == -(POLARSSL_ERR_X509_MALLOC_FAILED) )
snprintf( buf, buflen, "X509 - Allocation of memory failed" );
if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
snprintf( buf, buflen, "X509 - Read/write of file failed" );
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_USE,X509_CREATE_C */
if( strlen( buf ) == 0 )
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" );
if( use_ret == -(POLARSSL_ERR_ASN1_MALLOC_FAILED) )
snprintf( buf, buflen, "ASN1 - Memory allocation failed" );
+ if( use_ret == -(POLARSSL_ERR_ASN1_BUF_TOO_SMALL) )
+ snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" );
#endif /* POLARSSL_ASN1_PARSE_C */
#if defined(POLARSSL_BASE64_C)
snprintf( buf, buflen, "BIGNUM - Memory allocation failed" );
#endif /* POLARSSL_BIGNUM_C */
+#if defined(POLARSSL_BLOWFISH_C)
+ if( use_ret == -(POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
+ snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
+ if( use_ret == -(POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
+ snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
+#endif /* POLARSSL_BLOWFISH_C */
+
#if defined(POLARSSL_CAMELLIA_C)
if( use_ret == -(POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
#endif /* POLARSSL_ENTROPY_C */
+#if defined(POLARSSL_GCM_C)
+ if( use_ret == -(POLARSSL_ERR_GCM_AUTH_FAILED) )
+ snprintf( buf, buflen, "GCM - Authenticated decryption failed" );
+ if( use_ret == -(POLARSSL_ERR_GCM_BAD_INPUT) )
+ snprintf( buf, buflen, "GCM - Bad input parameters to function" );
+#endif /* POLARSSL_GCM_C */
+
#if defined(POLARSSL_MD2_C)
if( use_ret == -(POLARSSL_ERR_MD2_FILE_IO_ERROR) )
snprintf( buf, buflen, "MD2 - Read/write error in file" );
snprintf( buf, buflen, "NET - Connection requires a write call" );
#endif /* POLARSSL_NET_C */
+#if defined(POLARSSL_OID_C)
+ if( use_ret == -(POLARSSL_ERR_OID_NOT_FOUND) )
+ snprintf( buf, buflen, "OID - OID is not found" );
+#endif /* POLARSSL_OID_C */
+
#if defined(POLARSSL_PADLOCK_C)
if( use_ret == -(POLARSSL_ERR_PADLOCK_DATA_MISALIGNED) )
snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
#endif /* POLARSSL_PADLOCK_C */
+#if defined(POLARSSL_PBKDF2_C)
+ if( use_ret == -(POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA) )
+ snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
+#endif /* POLARSSL_PBKDF2_C */
+
#if defined(POLARSSL_SHA1_C)
if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) )
snprintf( buf, buflen, "SHA1 - Read/write error in file" );
#endif /* POLARSSL_SHA1_C */
-#if defined(POLARSSL_SHA2_C)
- if( use_ret == -(POLARSSL_ERR_SHA2_FILE_IO_ERROR) )
- snprintf( buf, buflen, "SHA2 - Read/write error in file" );
-#endif /* POLARSSL_SHA2_C */
-
-#if defined(POLARSSL_SHA4_C)
- if( use_ret == -(POLARSSL_ERR_SHA4_FILE_IO_ERROR) )
- snprintf( buf, buflen, "SHA4 - Read/write error in file" );
-#endif /* POLARSSL_SHA4_C */
+#if defined(POLARSSL_SHA256_C)
+ if( use_ret == -(POLARSSL_ERR_SHA256_FILE_IO_ERROR) )
+ snprintf( buf, buflen, "SHA256 - Read/write error in file" );
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ if( use_ret == -(POLARSSL_ERR_SHA512_FILE_IO_ERROR) )
+ snprintf( buf, buflen, "SHA512 - Read/write error in file" );
+#endif /* POLARSSL_SHA512_C */
+
+#if defined(POLARSSL_THREADING_C)
+ if( use_ret == -(POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE) )
+ snprintf( buf, buflen, "THREADING - The selected feature is not available" );
+ if( use_ret == -(POLARSSL_ERR_THREADING_BAD_INPUT_DATA) )
+ snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
+ if( use_ret == -(POLARSSL_ERR_THREADING_MUTEX_ERROR) )
+ snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
+#endif /* POLARSSL_THREADING_C */
#if defined(POLARSSL_XTEA_C)
if( use_ret == -(POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH) )
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
-#endif /* POLARSSL_VERBOSE_ERROR */
+#if defined(POLARSSL_ERROR_STRERROR_BC)
+void error_strerror( int ret, char *buf, size_t buflen )
+{
+ polarssl_strerror( ret, buf, buflen );
+}
+#endif /* POLARSSL_ERROR_STRERROR_BC */
+
+#else /* POLARSSL_ERROR_C */
+
+#if defined(POLARSSL_ERROR_STRERROR_DUMMY)
+
+#include <string.h>
+
+/*
+ * Provide an non-function in case POLARSSL_ERROR_C is not defined
+ */
+void polarssl_strerror( int ret, char *buf, size_t buflen )
+{
+ ((void) ret);
+
+ if( buflen > 0 )
+ buf[0] = '\0';
+}
+
+#if defined(POLARSSL_ERROR_STRERROR_BC)
+void error_strerror( int ret, char *buf, size_t buflen )
+{
+ polarssl_strerror( ret, buf, buflen );
+}
+#endif /* POLARSSL_ERROR_STRERROR_BC */
+#endif /* POLARSSL_ERROR_STRERROR_DUMMY */
+
+#endif /* POLARSSL_ERROR_C */
--- /dev/null
+/*
+ * NIST SP800-38D compliant GCM implementation
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
+ */
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_GCM_C)
+
+#include "polarssl/gcm.h"
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
+{ \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
+ (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
+ (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
+ (b)[(i) + 3] = (unsigned char) ( (n) ); \
+}
+#endif
+
+static int gcm_gen_table( gcm_context *ctx )
+{
+ int ret, i, j;
+ uint64_t hi, lo;
+ uint64_t vl, vh;
+ unsigned char h[16];
+ size_t olen = 0;
+
+ memset( h, 0, 16 );
+ if( ( ret = cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
+ return( ret );
+
+ ctx->HH[0] = 0;
+ ctx->HL[0] = 0;
+
+ GET_UINT32_BE( hi, h, 0 );
+ GET_UINT32_BE( lo, h, 4 );
+ vh = (uint64_t) hi << 32 | lo;
+
+ GET_UINT32_BE( hi, h, 8 );
+ GET_UINT32_BE( lo, h, 12 );
+ vl = (uint64_t) hi << 32 | lo;
+
+ ctx->HL[8] = vl;
+ ctx->HH[8] = vh;
+
+ for( i = 4; i > 0; i >>= 1 )
+ {
+ uint32_t T = ( vl & 1 ) * 0xe1000000U;
+ vl = ( vh << 63 ) | ( vl >> 1 );
+ vh = ( vh >> 1 ) ^ ( (uint64_t) T << 32);
+
+ ctx->HL[i] = vl;
+ ctx->HH[i] = vh;
+ }
+
+ for (i = 2; i < 16; i <<= 1 )
+ {
+ uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
+ vh = *HiH;
+ vl = *HiL;
+ for( j = 1; j < i; j++ )
+ {
+ HiH[j] = vh ^ ctx->HH[j];
+ HiL[j] = vl ^ ctx->HL[j];
+ }
+ }
+
+ return( 0 );
+}
+
+int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
+ unsigned int keysize )
+{
+ int ret;
+ const cipher_info_t *cipher_info;
+
+ memset( ctx, 0, sizeof(gcm_context) );
+
+ cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
+ if( cipher_info == NULL )
+ return( POLARSSL_ERR_GCM_BAD_INPUT );
+
+ if( cipher_info->block_size != 16 )
+ return( POLARSSL_ERR_GCM_BAD_INPUT );
+
+ if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 )
+ return( ret );
+
+ if( ( ret = cipher_setkey( &ctx->cipher_ctx, key, keysize,
+ POLARSSL_ENCRYPT ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = gcm_gen_table( ctx ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+static const uint64_t last4[16] =
+{
+ 0x0000, 0x1c20, 0x3840, 0x2460,
+ 0x7080, 0x6ca0, 0x48c0, 0x54e0,
+ 0xe100, 0xfd20, 0xd940, 0xc560,
+ 0x9180, 0x8da0, 0xa9c0, 0xb5e0
+};
+
+static void gcm_mult( gcm_context *ctx, const unsigned char x[16],
+ unsigned char output[16] )
+{
+ int i = 0;
+ unsigned char z[16];
+ unsigned char lo, hi, rem;
+ uint64_t zh, zl;
+
+ memset( z, 0x00, 16 );
+
+ lo = x[15] & 0xf;
+ hi = x[15] >> 4;
+
+ zh = ctx->HH[lo];
+ zl = ctx->HL[lo];
+
+ for( i = 15; i >= 0; i-- )
+ {
+ lo = x[i] & 0xf;
+ hi = x[i] >> 4;
+
+ if( i != 15 )
+ {
+ rem = (unsigned char) zl & 0xf;
+ zl = ( zh << 60 ) | ( zl >> 4 );
+ zh = ( zh >> 4 );
+ zh ^= (uint64_t) last4[rem] << 48;
+ zh ^= ctx->HH[lo];
+ zl ^= ctx->HL[lo];
+
+ }
+
+ rem = (unsigned char) zl & 0xf;
+ zl = ( zh << 60 ) | ( zl >> 4 );
+ zh = ( zh >> 4 );
+ zh ^= (uint64_t) last4[rem] << 48;
+ zh ^= ctx->HH[hi];
+ zl ^= ctx->HL[hi];
+ }
+
+ PUT_UINT32_BE( zh >> 32, output, 0 );
+ PUT_UINT32_BE( zh, output, 4 );
+ PUT_UINT32_BE( zl >> 32, output, 8 );
+ PUT_UINT32_BE( zl, output, 12 );
+}
+
+int gcm_starts( gcm_context *ctx,
+ int mode,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len )
+{
+ int ret;
+ unsigned char work_buf[16];
+ size_t i;
+ const unsigned char *p;
+ size_t use_len, olen = 0;
+
+ memset( ctx->y, 0x00, sizeof(ctx->y) );
+ memset( ctx->buf, 0x00, sizeof(ctx->buf) );
+
+ ctx->mode = mode;
+ ctx->len = 0;
+ ctx->add_len = 0;
+
+ if( iv_len == 12 )
+ {
+ memcpy( ctx->y, iv, iv_len );
+ ctx->y[15] = 1;
+ }
+ else
+ {
+ memset( work_buf, 0x00, 16 );
+ PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
+
+ p = iv;
+ while( iv_len > 0 )
+ {
+ use_len = ( iv_len < 16 ) ? iv_len : 16;
+
+ for( i = 0; i < use_len; i++ )
+ ctx->y[i] ^= p[i];
+
+ gcm_mult( ctx, ctx->y, ctx->y );
+
+ iv_len -= use_len;
+ p += use_len;
+ }
+
+ for( i = 0; i < 16; i++ )
+ ctx->y[i] ^= work_buf[i];
+
+ gcm_mult( ctx, ctx->y, ctx->y );
+ }
+
+ if( ( ret = cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr,
+ &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ ctx->add_len = add_len;
+ p = add;
+ while( add_len > 0 )
+ {
+ use_len = ( add_len < 16 ) ? add_len : 16;
+
+ for( i = 0; i < use_len; i++ )
+ ctx->buf[i] ^= p[i];
+
+ gcm_mult( ctx, ctx->buf, ctx->buf );
+
+ add_len -= use_len;
+ p += use_len;
+ }
+
+ return( 0 );
+}
+
+int gcm_update( gcm_context *ctx,
+ size_t length,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int ret;
+ unsigned char ectr[16];
+ size_t i;
+ const unsigned char *p;
+ unsigned char *out_p = output;
+ size_t use_len, olen = 0;
+
+ if( output > input && (size_t) ( output - input ) < length )
+ return( POLARSSL_ERR_GCM_BAD_INPUT );
+
+ ctx->len += length;
+
+ p = input;
+ while( length > 0 )
+ {
+ use_len = ( length < 16 ) ? length : 16;
+
+ for( i = 16; i > 12; i-- )
+ if( ++ctx->y[i - 1] != 0 )
+ break;
+
+ if( ( ret = cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
+ &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ for( i = 0; i < use_len; i++ )
+ {
+ if( ctx->mode == GCM_DECRYPT )
+ ctx->buf[i] ^= p[i];
+ out_p[i] = ectr[i] ^ p[i];
+ if( ctx->mode == GCM_ENCRYPT )
+ ctx->buf[i] ^= out_p[i];
+ }
+
+ gcm_mult( ctx, ctx->buf, ctx->buf );
+
+ length -= use_len;
+ p += use_len;
+ out_p += use_len;
+ }
+
+ return( 0 );
+}
+
+int gcm_finish( gcm_context *ctx,
+ unsigned char *tag,
+ size_t tag_len )
+{
+ unsigned char work_buf[16];
+ size_t i;
+ uint64_t orig_len = ctx->len * 8;
+ uint64_t orig_add_len = ctx->add_len * 8;
+
+ if( tag_len > 16 )
+ return( POLARSSL_ERR_GCM_BAD_INPUT );
+
+ if( tag_len != 0 )
+ memcpy( tag, ctx->base_ectr, tag_len );
+
+ if( orig_len || orig_add_len )
+ {
+ memset( work_buf, 0x00, 16 );
+
+ PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
+ PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
+ PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
+ PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
+
+ for( i = 0; i < 16; i++ )
+ ctx->buf[i] ^= work_buf[i];
+
+ gcm_mult( ctx, ctx->buf, ctx->buf );
+
+ for( i = 0; i < tag_len; i++ )
+ tag[i] ^= ctx->buf[i];
+ }
+
+ return( 0 );
+}
+
+int gcm_crypt_and_tag( gcm_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t tag_len,
+ unsigned char *tag )
+{
+ int ret;
+
+ if( ( ret = gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
+ return( ret );
+
+ if( ( ret = gcm_update( ctx, length, input, output ) ) != 0 )
+ return( ret );
+
+ if( ( ret = gcm_finish( ctx, tag, tag_len ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int gcm_auth_decrypt( gcm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *tag,
+ size_t tag_len,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ unsigned char check_tag[16];
+ size_t i;
+ int diff;
+
+ gcm_crypt_and_tag( ctx, GCM_DECRYPT, length, iv, iv_len, add, add_len, input, output, tag_len, check_tag );
+
+ /* Check tag in "constant-time" */
+ for( diff = 0, i = 0; i < tag_len; i++ )
+ diff |= tag[i] ^ check_tag[i];
+
+ if( diff != 0 )
+ {
+ memset( output, 0, length );
+ return( POLARSSL_ERR_GCM_AUTH_FAILED );
+ }
+
+ return( 0 );
+}
+
+void gcm_free( gcm_context *ctx )
+{
+ (void) cipher_free_ctx( &ctx->cipher_ctx );
+ memset( ctx, 0, sizeof( gcm_context ) );
+}
+
+#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
+
+#include <stdio.h>
+
+/*
+ * AES-GCM test vectors from:
+ *
+ * http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
+ */
+#define MAX_TESTS 6
+
+int key_index[MAX_TESTS] =
+ { 0, 0, 1, 1, 1, 1 };
+
+unsigned char key[MAX_TESTS][32] =
+{
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
+};
+
+size_t iv_len[MAX_TESTS] =
+ { 12, 12, 12, 12, 8, 60 };
+
+int iv_index[MAX_TESTS] =
+ { 0, 0, 1, 1, 1, 2 };
+
+unsigned char iv[MAX_TESTS][64] =
+{
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 },
+ { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88 },
+ { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
+ 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
+ 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
+ 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
+ 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
+ 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
+ 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
+ 0xa6, 0x37, 0xb3, 0x9b },
+};
+
+size_t add_len[MAX_TESTS] =
+ { 0, 0, 0, 20, 20, 20 };
+
+int add_index[MAX_TESTS] =
+ { 0, 0, 0, 1, 1, 1 };
+
+unsigned char additional[MAX_TESTS][64] =
+{
+ { 0x00 },
+ { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xab, 0xad, 0xda, 0xd2 },
+};
+
+size_t pt_len[MAX_TESTS] =
+ { 0, 16, 64, 60, 60, 60 };
+
+int pt_index[MAX_TESTS] =
+ { 0, 0, 1, 1, 1, 1 };
+
+unsigned char pt[MAX_TESTS][64] =
+{
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
+};
+
+unsigned char ct[MAX_TESTS * 3][64] =
+{
+ { 0x00 },
+ { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
+ 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
+ { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+ 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+ 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+ 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+ 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+ 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+ 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+ 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
+ { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+ 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+ 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+ 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+ 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+ 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+ 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+ 0x3d, 0x58, 0xe0, 0x91 },
+ { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
+ 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
+ 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
+ 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
+ 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
+ 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
+ 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
+ 0xc2, 0x3f, 0x45, 0x98 },
+ { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
+ 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
+ 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
+ 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
+ 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
+ 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
+ 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
+ 0x4c, 0x34, 0xae, 0xe5 },
+ { 0x00 },
+ { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
+ 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
+ { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+ 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+ 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+ 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+ 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+ 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+ 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+ 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
+ { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+ 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+ 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+ 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+ 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+ 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+ 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+ 0xcc, 0xda, 0x27, 0x10 },
+ { 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
+ 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
+ 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
+ 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
+ 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
+ 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
+ 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
+ 0xa0, 0xf0, 0x62, 0xf7 },
+ { 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
+ 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
+ 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
+ 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
+ 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
+ 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
+ 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
+ 0xe9, 0xb7, 0x37, 0x3b },
+ { 0x00 },
+ { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
+ 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
+ { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+ 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+ 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+ 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+ 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+ 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
+ { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+ 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+ 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+ 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+ 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+ 0xbc, 0xc9, 0xf6, 0x62 },
+ { 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
+ 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
+ 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
+ 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
+ 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
+ 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
+ 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
+ 0xf4, 0x7c, 0x9b, 0x1f },
+ { 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
+ 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
+ 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
+ 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
+ 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
+ 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
+ 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
+ 0x44, 0xae, 0x7e, 0x3f },
+};
+
+unsigned char tag[MAX_TESTS * 3][16] =
+{
+ { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
+ 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
+ { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
+ 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
+ { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
+ 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
+ { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
+ 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
+ { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
+ 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb },
+ { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
+ 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 },
+ { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
+ 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
+ { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
+ 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
+ { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
+ 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
+ { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
+ 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
+ { 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
+ 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 },
+ { 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
+ 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 },
+ { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
+ 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
+ { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
+ 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
+ { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
+ 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
+ { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+ 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
+ { 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
+ 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 },
+ { 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
+ 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
+};
+
+int gcm_self_test( int verbose )
+{
+ gcm_context ctx;
+ unsigned char buf[64];
+ unsigned char tag_buf[16];
+ int i, j, ret;
+ cipher_id_t cipher = POLARSSL_CIPHER_ID_AES;
+
+ for( j = 0; j < 3; j++ )
+ {
+ int key_len = 128 + 64 * j;
+
+ for( i = 0; i < MAX_TESTS; i++ )
+ {
+ if( verbose != 0 )
+ printf( " AES-GCM-%3d #%d (%s): ", key_len, i, "enc" );
+
+ gcm_init( &ctx, cipher, key[key_index[i]], key_len );
+
+ ret = gcm_crypt_and_tag( &ctx, GCM_ENCRYPT,
+ pt_len[i],
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i],
+ pt[pt_index[i]], buf, 16, tag_buf );
+
+ if( ret != 0 ||
+ memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+ memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ gcm_free( &ctx );
+
+ if( verbose != 0 )
+ printf( "passed\n" );
+
+ if( verbose != 0 )
+ printf( " AES-GCM-%3d #%d (%s): ", key_len, i, "dec" );
+
+ gcm_init( &ctx, cipher, key[key_index[i]], key_len );
+
+ ret = gcm_crypt_and_tag( &ctx, GCM_DECRYPT,
+ pt_len[i],
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i],
+ ct[j * 6 + i], buf, 16, tag_buf );
+
+ if( ret != 0 ||
+ memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+ memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ gcm_free( &ctx );
+
+ if( verbose != 0 )
+ printf( "passed\n" );
+
+ if( verbose != 0 )
+ printf( " AES-GCM-%3d #%d split (%s): ", key_len, i, "enc" );
+
+ gcm_init( &ctx, cipher, key[key_index[i]], key_len );
+
+ ret = gcm_starts( &ctx, GCM_ENCRYPT,
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i] );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( pt_len[i] > 32 )
+ {
+ size_t rest_len = pt_len[i] - 32;
+ ret = gcm_update( &ctx, 32, pt[pt_index[i]], buf );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ ret = gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32, buf + 32 );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+ }
+ else
+ {
+ ret = gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+ }
+
+ ret = gcm_finish( &ctx, tag_buf, 16 );
+ if( ret != 0 ||
+ memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+ memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ gcm_free( &ctx );
+
+ if( verbose != 0 )
+ printf( "passed\n" );
+
+ if( verbose != 0 )
+ printf( " AES-GCM-%3d #%d split (%s): ", key_len, i, "dec" );
+
+ gcm_init( &ctx, cipher, key[key_index[i]], key_len );
+
+ ret = gcm_starts( &ctx, GCM_DECRYPT,
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i] );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( pt_len[i] > 32 )
+ {
+ size_t rest_len = pt_len[i] - 32;
+ ret = gcm_update( &ctx, 32, ct[j * 6 + i], buf );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ ret = gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32, buf + 32 );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+ }
+ else
+ {
+ ret = gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+ }
+
+ ret = gcm_finish( &ctx, tag_buf, 16 );
+ if( ret != 0 ||
+ memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+ memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ gcm_free( &ctx );
+
+ if( verbose != 0 )
+ printf( "passed\n" );
+
+ }
+ }
+
+ if( verbose != 0 )
+ printf( "\n" );
+
+ return( 0 );
+}
+
+
+
+#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
+
+#endif
#include "polarssl/timing.h"
#include <string.h>
-#include <time.h>
/* ------------------------------------------------------------------------
* On average, one iteration accesses two 8-word blocks in the havege WALK
#include <stdlib.h>
-#if defined _MSC_VER && !defined strcasecmp
-#define strcasecmp _stricmp
+#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
+ !defined(EFI32)
+#define strcasecmp _stricmp
#endif
static const int supported_digests[] = {
POLARSSL_MD_SHA1,
#endif
-#if defined(POLARSSL_SHA2_C)
+#if defined(POLARSSL_SHA256_C)
POLARSSL_MD_SHA224,
POLARSSL_MD_SHA256,
#endif
-#if defined(POLARSSL_SHA4_C)
+#if defined(POLARSSL_SHA512_C)
POLARSSL_MD_SHA384,
POLARSSL_MD_SHA512,
#endif
if( !strcasecmp( "SHA1", md_name ) || !strcasecmp( "SHA", md_name ) )
return md_info_from_type( POLARSSL_MD_SHA1 );
#endif
-#if defined(POLARSSL_SHA2_C)
+#if defined(POLARSSL_SHA256_C)
if( !strcasecmp( "SHA224", md_name ) )
return md_info_from_type( POLARSSL_MD_SHA224 );
if( !strcasecmp( "SHA256", md_name ) )
return md_info_from_type( POLARSSL_MD_SHA256 );
#endif
-#if defined(POLARSSL_SHA4_C)
+#if defined(POLARSSL_SHA512_C)
if( !strcasecmp( "SHA384", md_name ) )
return md_info_from_type( POLARSSL_MD_SHA384 );
if( !strcasecmp( "SHA512", md_name ) )
case POLARSSL_MD_SHA1:
return &sha1_info;
#endif
-#if defined(POLARSSL_SHA2_C)
+#if defined(POLARSSL_SHA256_C)
case POLARSSL_MD_SHA224:
return &sha224_info;
case POLARSSL_MD_SHA256:
return &sha256_info;
#endif
-#if defined(POLARSSL_SHA4_C)
+#if defined(POLARSSL_SHA512_C)
case POLARSSL_MD_SHA384:
return &sha384_info;
case POLARSSL_MD_SHA512:
return 0;
}
+int md_process( md_context_t *ctx, const unsigned char *data )
+{
+ if( ctx == NULL || ctx->md_info == NULL )
+ return POLARSSL_ERR_MD_BAD_INPUT_DATA;
+
+ ctx->md_info->process_func( ctx->md_ctx, data );
+
+ return 0;
+}
+
#endif
/*
* RFC 1115/1319 compliant MD2 implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include <stdio.h>
#endif
+#if !defined(POLARSSL_MD2_ALT)
+
static const unsigned char PI_SUBST[256] =
{
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
ctx->left = 0;
}
-static void md2_process( md2_context *ctx )
+void md2_process( md2_context *ctx )
{
int i, j;
unsigned char t = 0;
memcpy( output, ctx->state, 16 );
}
+#endif /* !POLARSSL_MD2_ALT */
+
/*
* output = MD2( input buffer )
*/
/*
* RFC 1186/1320 compliant MD4 implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include <stdio.h>
#endif
+#if !defined(POLARSSL_MD4_ALT)
+
/*
* 32-bit integer manipulation macros (little endian)
*/
-#ifndef GET_ULONG_LE
-#define GET_ULONG_LE(n,b,i) \
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] ) \
- | ( (unsigned long) (b)[(i) + 1] << 8 ) \
- | ( (unsigned long) (b)[(i) + 2] << 16 ) \
- | ( (unsigned long) (b)[(i) + 3] << 24 ); \
+ (n) = ( (uint32_t) (b)[(i) ] ) \
+ | ( (uint32_t) (b)[(i) + 1] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
-#ifndef PUT_ULONG_LE
-#define PUT_ULONG_LE(n,b,i) \
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
ctx->state[3] = 0x10325476;
}
-static void md4_process( md4_context *ctx, const unsigned char data[64] )
+void md4_process( md4_context *ctx, const unsigned char data[64] )
{
- unsigned long X[16], A, B, C, D;
-
- GET_ULONG_LE( X[ 0], data, 0 );
- GET_ULONG_LE( X[ 1], data, 4 );
- GET_ULONG_LE( X[ 2], data, 8 );
- GET_ULONG_LE( X[ 3], data, 12 );
- GET_ULONG_LE( X[ 4], data, 16 );
- GET_ULONG_LE( X[ 5], data, 20 );
- GET_ULONG_LE( X[ 6], data, 24 );
- GET_ULONG_LE( X[ 7], data, 28 );
- GET_ULONG_LE( X[ 8], data, 32 );
- GET_ULONG_LE( X[ 9], data, 36 );
- GET_ULONG_LE( X[10], data, 40 );
- GET_ULONG_LE( X[11], data, 44 );
- GET_ULONG_LE( X[12], data, 48 );
- GET_ULONG_LE( X[13], data, 52 );
- GET_ULONG_LE( X[14], data, 56 );
- GET_ULONG_LE( X[15], data, 60 );
+ uint32_t X[16], A, B, C, D;
+
+ GET_UINT32_LE( X[ 0], data, 0 );
+ GET_UINT32_LE( X[ 1], data, 4 );
+ GET_UINT32_LE( X[ 2], data, 8 );
+ GET_UINT32_LE( X[ 3], data, 12 );
+ GET_UINT32_LE( X[ 4], data, 16 );
+ GET_UINT32_LE( X[ 5], data, 20 );
+ GET_UINT32_LE( X[ 6], data, 24 );
+ GET_UINT32_LE( X[ 7], data, 28 );
+ GET_UINT32_LE( X[ 8], data, 32 );
+ GET_UINT32_LE( X[ 9], data, 36 );
+ GET_UINT32_LE( X[10], data, 40 );
+ GET_UINT32_LE( X[11], data, 44 );
+ GET_UINT32_LE( X[12], data, 48 );
+ GET_UINT32_LE( X[13], data, 52 );
+ GET_UINT32_LE( X[14], data, 56 );
+ GET_UINT32_LE( X[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen )
{
size_t fill;
- unsigned long left;
+ uint32_t left;
if( ilen <= 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
- ctx->total[0] += (unsigned long) ilen;
+ ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (unsigned long) ilen )
+ if( ctx->total[0] < (uint32_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
*/
void md4_finish( md4_context *ctx, unsigned char output[16] )
{
- unsigned long last, padn;
- unsigned long high, low;
+ uint32_t last, padn;
+ uint32_t high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_ULONG_LE( low, msglen, 0 );
- PUT_ULONG_LE( high, msglen, 4 );
+ PUT_UINT32_LE( low, msglen, 0 );
+ PUT_UINT32_LE( high, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
md4_update( ctx, (unsigned char *) md4_padding, padn );
md4_update( ctx, msglen, 8 );
- PUT_ULONG_LE( ctx->state[0], output, 0 );
- PUT_ULONG_LE( ctx->state[1], output, 4 );
- PUT_ULONG_LE( ctx->state[2], output, 8 );
- PUT_ULONG_LE( ctx->state[3], output, 12 );
+ PUT_UINT32_LE( ctx->state[0], output, 0 );
+ PUT_UINT32_LE( ctx->state[1], output, 4 );
+ PUT_UINT32_LE( ctx->state[2], output, 8 );
+ PUT_UINT32_LE( ctx->state[3], output, 12 );
}
+#endif /* !POLARSSL_MD4_ALT */
+
/*
* output = MD4( input buffer )
*/
/*
* RFC 1321 compliant MD5 implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include <stdio.h>
#endif
+#if !defined(POLARSSL_MD5_ALT)
+
/*
* 32-bit integer manipulation macros (little endian)
*/
-#ifndef GET_ULONG_LE
-#define GET_ULONG_LE(n,b,i) \
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] ) \
- | ( (unsigned long) (b)[(i) + 1] << 8 ) \
- | ( (unsigned long) (b)[(i) + 2] << 16 ) \
- | ( (unsigned long) (b)[(i) + 3] << 24 ); \
+ (n) = ( (uint32_t) (b)[(i) ] ) \
+ | ( (uint32_t) (b)[(i) + 1] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
-#ifndef PUT_ULONG_LE
-#define PUT_ULONG_LE(n,b,i) \
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
ctx->state[3] = 0x10325476;
}
-static void md5_process( md5_context *ctx, const unsigned char data[64] )
+void md5_process( md5_context *ctx, const unsigned char data[64] )
{
- unsigned long X[16], A, B, C, D;
-
- GET_ULONG_LE( X[ 0], data, 0 );
- GET_ULONG_LE( X[ 1], data, 4 );
- GET_ULONG_LE( X[ 2], data, 8 );
- GET_ULONG_LE( X[ 3], data, 12 );
- GET_ULONG_LE( X[ 4], data, 16 );
- GET_ULONG_LE( X[ 5], data, 20 );
- GET_ULONG_LE( X[ 6], data, 24 );
- GET_ULONG_LE( X[ 7], data, 28 );
- GET_ULONG_LE( X[ 8], data, 32 );
- GET_ULONG_LE( X[ 9], data, 36 );
- GET_ULONG_LE( X[10], data, 40 );
- GET_ULONG_LE( X[11], data, 44 );
- GET_ULONG_LE( X[12], data, 48 );
- GET_ULONG_LE( X[13], data, 52 );
- GET_ULONG_LE( X[14], data, 56 );
- GET_ULONG_LE( X[15], data, 60 );
+ uint32_t X[16], A, B, C, D;
+
+ GET_UINT32_LE( X[ 0], data, 0 );
+ GET_UINT32_LE( X[ 1], data, 4 );
+ GET_UINT32_LE( X[ 2], data, 8 );
+ GET_UINT32_LE( X[ 3], data, 12 );
+ GET_UINT32_LE( X[ 4], data, 16 );
+ GET_UINT32_LE( X[ 5], data, 20 );
+ GET_UINT32_LE( X[ 6], data, 24 );
+ GET_UINT32_LE( X[ 7], data, 28 );
+ GET_UINT32_LE( X[ 8], data, 32 );
+ GET_UINT32_LE( X[ 9], data, 36 );
+ GET_UINT32_LE( X[10], data, 40 );
+ GET_UINT32_LE( X[11], data, 44 );
+ GET_UINT32_LE( X[12], data, 48 );
+ GET_UINT32_LE( X[13], data, 52 );
+ GET_UINT32_LE( X[14], data, 56 );
+ GET_UINT32_LE( X[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen )
{
size_t fill;
- unsigned long left;
+ uint32_t left;
if( ilen <= 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
- ctx->total[0] += (unsigned long) ilen;
+ ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (unsigned long) ilen )
+ if( ctx->total[0] < (uint32_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, fill );
+ memcpy( (void *) (ctx->buffer + left), input, fill );
md5_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
if( ilen > 0 )
{
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, ilen );
+ memcpy( (void *) (ctx->buffer + left), input, ilen );
}
}
*/
void md5_finish( md5_context *ctx, unsigned char output[16] )
{
- unsigned long last, padn;
- unsigned long high, low;
+ uint32_t last, padn;
+ uint32_t high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_ULONG_LE( low, msglen, 0 );
- PUT_ULONG_LE( high, msglen, 4 );
+ PUT_UINT32_LE( low, msglen, 0 );
+ PUT_UINT32_LE( high, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- md5_update( ctx, (unsigned char *) md5_padding, padn );
+ md5_update( ctx, md5_padding, padn );
md5_update( ctx, msglen, 8 );
- PUT_ULONG_LE( ctx->state[0], output, 0 );
- PUT_ULONG_LE( ctx->state[1], output, 4 );
- PUT_ULONG_LE( ctx->state[2], output, 8 );
- PUT_ULONG_LE( ctx->state[3], output, 12 );
+ PUT_UINT32_LE( ctx->state[0], output, 0 );
+ PUT_UINT32_LE( ctx->state[1], output, 4 );
+ PUT_UINT32_LE( ctx->state[2], output, 8 );
+ PUT_UINT32_LE( ctx->state[3], output, 12 );
}
+#endif /* !POLARSSL_MD5_ALT */
+
/*
* output = MD5( input buffer )
*/
--- /dev/null
+/**
+ * \file md_wrap.c
+
+ * \brief Generic message digest wrapper for PolarSSL
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_MD_C)
+
+#include "polarssl/md_wrap.h"
+
+#if defined(POLARSSL_MD2_C)
+#include "polarssl/md2.h"
+#endif
+
+#if defined(POLARSSL_MD4_C)
+#include "polarssl/md4.h"
+#endif
+
+#if defined(POLARSSL_MD5_C)
+#include "polarssl/md5.h"
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+#include "polarssl/sha1.h"
+#endif
+
+#if defined(POLARSSL_SHA256_C)
+#include "polarssl/sha256.h"
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+#include "polarssl/sha512.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <stdlib.h>
+
+#if defined(POLARSSL_MD2_C)
+
+static void md2_starts_wrap( void *ctx )
+{
+ md2_starts( (md2_context *) ctx );
+}
+
+static void md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ md2_update( (md2_context *) ctx, input, ilen );
+}
+
+static void md2_finish_wrap( void *ctx, unsigned char *output )
+{
+ md2_finish( (md2_context *) ctx, output );
+}
+
+static int md2_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return md2_file( path, output );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void md2_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ md2_hmac_starts( (md2_context *) ctx, key, keylen );
+}
+
+static void md2_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ md2_hmac_update( (md2_context *) ctx, input, ilen );
+}
+
+static void md2_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ md2_hmac_finish( (md2_context *) ctx, output );
+}
+
+static void md2_hmac_reset_wrap( void *ctx )
+{
+ md2_hmac_reset( (md2_context *) ctx );
+}
+
+static void * md2_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( md2_context ) );
+}
+
+static void md2_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void md2_process_wrap( void *ctx, const unsigned char *data )
+{
+ ((void) data);
+
+ md2_process( (md2_context *) ctx );
+}
+
+const md_info_t md2_info = {
+ POLARSSL_MD_MD2,
+ "MD2",
+ 16,
+ md2_starts_wrap,
+ md2_update_wrap,
+ md2_finish_wrap,
+ md2,
+ md2_file_wrap,
+ md2_hmac_starts_wrap,
+ md2_hmac_update_wrap,
+ md2_hmac_finish_wrap,
+ md2_hmac_reset_wrap,
+ md2_hmac,
+ md2_ctx_alloc,
+ md2_ctx_free,
+ md2_process_wrap,
+};
+
+#endif
+
+#if defined(POLARSSL_MD4_C)
+
+static void md4_starts_wrap( void *ctx )
+{
+ md4_starts( (md4_context *) ctx );
+}
+
+static void md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ md4_update( (md4_context *) ctx, input, ilen );
+}
+
+static void md4_finish_wrap( void *ctx, unsigned char *output )
+{
+ md4_finish( (md4_context *) ctx, output );
+}
+
+static int md4_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return md4_file( path, output );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void md4_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ md4_hmac_starts( (md4_context *) ctx, key, keylen );
+}
+
+static void md4_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ md4_hmac_update( (md4_context *) ctx, input, ilen );
+}
+
+static void md4_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ md4_hmac_finish( (md4_context *) ctx, output );
+}
+
+static void md4_hmac_reset_wrap( void *ctx )
+{
+ md4_hmac_reset( (md4_context *) ctx );
+}
+
+static void *md4_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( md4_context ) );
+}
+
+static void md4_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void md4_process_wrap( void *ctx, const unsigned char *data )
+{
+ md4_process( (md4_context *) ctx, data );
+}
+
+const md_info_t md4_info = {
+ POLARSSL_MD_MD4,
+ "MD4",
+ 16,
+ md4_starts_wrap,
+ md4_update_wrap,
+ md4_finish_wrap,
+ md4,
+ md4_file_wrap,
+ md4_hmac_starts_wrap,
+ md4_hmac_update_wrap,
+ md4_hmac_finish_wrap,
+ md4_hmac_reset_wrap,
+ md4_hmac,
+ md4_ctx_alloc,
+ md4_ctx_free,
+ md4_process_wrap,
+};
+
+#endif
+
+#if defined(POLARSSL_MD5_C)
+
+static void md5_starts_wrap( void *ctx )
+{
+ md5_starts( (md5_context *) ctx );
+}
+
+static void md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ md5_update( (md5_context *) ctx, input, ilen );
+}
+
+static void md5_finish_wrap( void *ctx, unsigned char *output )
+{
+ md5_finish( (md5_context *) ctx, output );
+}
+
+static int md5_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return md5_file( path, output );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void md5_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ md5_hmac_starts( (md5_context *) ctx, key, keylen );
+}
+
+static void md5_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ md5_hmac_update( (md5_context *) ctx, input, ilen );
+}
+
+static void md5_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ md5_hmac_finish( (md5_context *) ctx, output );
+}
+
+static void md5_hmac_reset_wrap( void *ctx )
+{
+ md5_hmac_reset( (md5_context *) ctx );
+}
+
+static void * md5_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( md5_context ) );
+}
+
+static void md5_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void md5_process_wrap( void *ctx, const unsigned char *data )
+{
+ md5_process( (md5_context *) ctx, data );
+}
+
+const md_info_t md5_info = {
+ POLARSSL_MD_MD5,
+ "MD5",
+ 16,
+ md5_starts_wrap,
+ md5_update_wrap,
+ md5_finish_wrap,
+ md5,
+ md5_file_wrap,
+ md5_hmac_starts_wrap,
+ md5_hmac_update_wrap,
+ md5_hmac_finish_wrap,
+ md5_hmac_reset_wrap,
+ md5_hmac,
+ md5_ctx_alloc,
+ md5_ctx_free,
+ md5_process_wrap,
+};
+
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+
+static void sha1_starts_wrap( void *ctx )
+{
+ sha1_starts( (sha1_context *) ctx );
+}
+
+static void sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha1_update( (sha1_context *) ctx, input, ilen );
+}
+
+static void sha1_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha1_finish( (sha1_context *) ctx, output );
+}
+
+static int sha1_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return sha1_file( path, output );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void sha1_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ sha1_hmac_starts( (sha1_context *) ctx, key, keylen );
+}
+
+static void sha1_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha1_hmac_update( (sha1_context *) ctx, input, ilen );
+}
+
+static void sha1_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha1_hmac_finish( (sha1_context *) ctx, output );
+}
+
+static void sha1_hmac_reset_wrap( void *ctx )
+{
+ sha1_hmac_reset( (sha1_context *) ctx );
+}
+
+static void * sha1_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( sha1_context ) );
+}
+
+static void sha1_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void sha1_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha1_process( (sha1_context *) ctx, data );
+}
+
+const md_info_t sha1_info = {
+ POLARSSL_MD_SHA1,
+ "SHA1",
+ 20,
+ sha1_starts_wrap,
+ sha1_update_wrap,
+ sha1_finish_wrap,
+ sha1,
+ sha1_file_wrap,
+ sha1_hmac_starts_wrap,
+ sha1_hmac_update_wrap,
+ sha1_hmac_finish_wrap,
+ sha1_hmac_reset_wrap,
+ sha1_hmac,
+ sha1_ctx_alloc,
+ sha1_ctx_free,
+ sha1_process_wrap,
+};
+
+#endif
+
+/*
+ * Wrappers for generic message digests
+ */
+#if defined(POLARSSL_SHA256_C)
+
+static void sha224_starts_wrap( void *ctx )
+{
+ sha256_starts( (sha256_context *) ctx, 1 );
+}
+
+static void sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha256_update( (sha256_context *) ctx, input, ilen );
+}
+
+static void sha224_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha256_finish( (sha256_context *) ctx, output );
+}
+
+static void sha224_wrap( const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha256( input, ilen, output, 1 );
+}
+
+static int sha224_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return sha256_file( path, output, 1 );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void sha224_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ sha256_hmac_starts( (sha256_context *) ctx, key, keylen, 1 );
+}
+
+static void sha224_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha256_hmac_update( (sha256_context *) ctx, input, ilen );
+}
+
+static void sha224_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha256_hmac_finish( (sha256_context *) ctx, output );
+}
+
+static void sha224_hmac_reset_wrap( void *ctx )
+{
+ sha256_hmac_reset( (sha256_context *) ctx );
+}
+
+static void sha224_hmac_wrap( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha256_hmac( key, keylen, input, ilen, output, 1 );
+}
+
+static void * sha224_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( sha256_context ) );
+}
+
+static void sha224_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void sha224_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha256_process( (sha256_context *) ctx, data );
+}
+
+const md_info_t sha224_info = {
+ POLARSSL_MD_SHA224,
+ "SHA224",
+ 28,
+ sha224_starts_wrap,
+ sha224_update_wrap,
+ sha224_finish_wrap,
+ sha224_wrap,
+ sha224_file_wrap,
+ sha224_hmac_starts_wrap,
+ sha224_hmac_update_wrap,
+ sha224_hmac_finish_wrap,
+ sha224_hmac_reset_wrap,
+ sha224_hmac_wrap,
+ sha224_ctx_alloc,
+ sha224_ctx_free,
+ sha224_process_wrap,
+};
+
+static void sha256_starts_wrap( void *ctx )
+{
+ sha256_starts( (sha256_context *) ctx, 0 );
+}
+
+static void sha256_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha256_update( (sha256_context *) ctx, input, ilen );
+}
+
+static void sha256_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha256_finish( (sha256_context *) ctx, output );
+}
+
+static void sha256_wrap( const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha256( input, ilen, output, 0 );
+}
+
+static int sha256_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return sha256_file( path, output, 0 );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void sha256_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ sha256_hmac_starts( (sha256_context *) ctx, key, keylen, 0 );
+}
+
+static void sha256_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha256_hmac_update( (sha256_context *) ctx, input, ilen );
+}
+
+static void sha256_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha256_hmac_finish( (sha256_context *) ctx, output );
+}
+
+static void sha256_hmac_reset_wrap( void *ctx )
+{
+ sha256_hmac_reset( (sha256_context *) ctx );
+}
+
+static void sha256_hmac_wrap( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha256_hmac( key, keylen, input, ilen, output, 0 );
+}
+
+static void * sha256_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( sha256_context ) );
+}
+
+static void sha256_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void sha256_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha256_process( (sha256_context *) ctx, data );
+}
+
+const md_info_t sha256_info = {
+ POLARSSL_MD_SHA256,
+ "SHA256",
+ 32,
+ sha256_starts_wrap,
+ sha256_update_wrap,
+ sha256_finish_wrap,
+ sha256_wrap,
+ sha256_file_wrap,
+ sha256_hmac_starts_wrap,
+ sha256_hmac_update_wrap,
+ sha256_hmac_finish_wrap,
+ sha256_hmac_reset_wrap,
+ sha256_hmac_wrap,
+ sha256_ctx_alloc,
+ sha256_ctx_free,
+ sha256_process_wrap,
+};
+
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+
+static void sha384_starts_wrap( void *ctx )
+{
+ sha512_starts( (sha512_context *) ctx, 1 );
+}
+
+static void sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha512_update( (sha512_context *) ctx, input, ilen );
+}
+
+static void sha384_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha512_finish( (sha512_context *) ctx, output );
+}
+
+static void sha384_wrap( const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha512( input, ilen, output, 1 );
+}
+
+static int sha384_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return sha512_file( path, output, 1 );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void sha384_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ sha512_hmac_starts( (sha512_context *) ctx, key, keylen, 1 );
+}
+
+static void sha384_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha512_hmac_update( (sha512_context *) ctx, input, ilen );
+}
+
+static void sha384_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha512_hmac_finish( (sha512_context *) ctx, output );
+}
+
+static void sha384_hmac_reset_wrap( void *ctx )
+{
+ sha512_hmac_reset( (sha512_context *) ctx );
+}
+
+static void sha384_hmac_wrap( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha512_hmac( key, keylen, input, ilen, output, 1 );
+}
+
+static void * sha384_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( sha512_context ) );
+}
+
+static void sha384_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void sha384_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha512_process( (sha512_context *) ctx, data );
+}
+
+const md_info_t sha384_info = {
+ POLARSSL_MD_SHA384,
+ "SHA384",
+ 48,
+ sha384_starts_wrap,
+ sha384_update_wrap,
+ sha384_finish_wrap,
+ sha384_wrap,
+ sha384_file_wrap,
+ sha384_hmac_starts_wrap,
+ sha384_hmac_update_wrap,
+ sha384_hmac_finish_wrap,
+ sha384_hmac_reset_wrap,
+ sha384_hmac_wrap,
+ sha384_ctx_alloc,
+ sha384_ctx_free,
+ sha384_process_wrap,
+};
+
+static void sha512_starts_wrap( void *ctx )
+{
+ sha512_starts( (sha512_context *) ctx, 0 );
+}
+
+static void sha512_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha512_update( (sha512_context *) ctx, input, ilen );
+}
+
+static void sha512_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha512_finish( (sha512_context *) ctx, output );
+}
+
+static void sha512_wrap( const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha512( input, ilen, output, 0 );
+}
+
+static int sha512_file_wrap( const char *path, unsigned char *output )
+{
+#if defined(POLARSSL_FS_IO)
+ return sha512_file( path, output, 0 );
+#else
+ ((void) path);
+ ((void) output);
+ return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
+#endif
+}
+
+static void sha512_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
+{
+ sha512_hmac_starts( (sha512_context *) ctx, key, keylen, 0 );
+}
+
+static void sha512_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
+{
+ sha512_hmac_update( (sha512_context *) ctx, input, ilen );
+}
+
+static void sha512_hmac_finish_wrap( void *ctx, unsigned char *output )
+{
+ sha512_hmac_finish( (sha512_context *) ctx, output );
+}
+
+static void sha512_hmac_reset_wrap( void *ctx )
+{
+ sha512_hmac_reset( (sha512_context *) ctx );
+}
+
+static void sha512_hmac_wrap( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output )
+{
+ sha512_hmac( key, keylen, input, ilen, output, 0 );
+}
+
+static void * sha512_ctx_alloc( void )
+{
+ return polarssl_malloc( sizeof( sha512_context ) );
+}
+
+static void sha512_ctx_free( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+static void sha512_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha512_process( (sha512_context *) ctx, data );
+}
+
+const md_info_t sha512_info = {
+ POLARSSL_MD_SHA512,
+ "SHA512",
+ 64,
+ sha512_starts_wrap,
+ sha512_update_wrap,
+ sha512_finish_wrap,
+ sha512_wrap,
+ sha512_file_wrap,
+ sha512_hmac_starts_wrap,
+ sha512_hmac_update_wrap,
+ sha512_hmac_finish_wrap,
+ sha512_hmac_reset_wrap,
+ sha512_hmac_wrap,
+ sha512_ctx_alloc,
+ sha512_ctx_free,
+ sha512_process_wrap,
+};
+
+#endif
+
+#endif
--- /dev/null
+/*
+ * Memory allocation layer
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_MEMORY_C)
+
+#include "polarssl/memory.h"
+
+#if !defined(POLARSSL_MEMORY_STDMALLOC)
+static void *memory_malloc_uninit( size_t len )
+{
+ ((void) len);
+ return( NULL );
+}
+
+#define POLARSSL_MEMORY_STDMALLOC memory_malloc_uninit
+#endif /* !POLARSSL_MEMORY_STDMALLOC */
+
+#if !defined(POLARSSL_MEMORY_STDFREE)
+static void memory_free_uninit( void *ptr )
+{
+ ((void) ptr);
+}
+
+#define POLARSSL_MEMORY_STDFREE memory_free_uninit
+#endif /* !POLARSSL_MEMORY_STDFREE */
+
+void * (*polarssl_malloc)( size_t ) = POLARSSL_MEMORY_STDMALLOC;
+void (*polarssl_free)( void * ) = POLARSSL_MEMORY_STDFREE;
+
+int memory_set_own( void * (*malloc_func)( size_t ),
+ void (*free_func)( void * ) )
+{
+ polarssl_malloc = malloc_func;
+ polarssl_free = free_func;
+
+ return( 0 );
+}
+
+#endif /* POLARSSL_MEMORY_C */
--- /dev/null
+/*
+ * Buffer-based memory allocator
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_MEMORY_C) && defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+
+#include "polarssl/memory.h"
+
+#include <string.h>
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+#include <stdio.h>
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+#include <execinfo.h>
+#endif
+#endif
+
+#if defined(POLARSSL_THREADING_C)
+#include "polarssl/threading.h"
+#endif
+
+#define MAGIC1 0xFF00AA55
+#define MAGIC2 0xEE119966
+#define MAX_BT 20
+
+typedef struct _memory_header memory_header;
+struct _memory_header
+{
+ size_t magic1;
+ size_t size;
+ size_t alloc;
+ memory_header *prev;
+ memory_header *next;
+ memory_header *prev_free;
+ memory_header *next_free;
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ char **trace;
+ size_t trace_count;
+#endif
+ size_t magic2;
+};
+
+typedef struct
+{
+ unsigned char *buf;
+ size_t len;
+ memory_header *first;
+ memory_header *first_free;
+ size_t current_alloc_size;
+ int verify;
+#if defined(POLARSSL_MEMORY_DEBUG)
+ size_t malloc_count;
+ size_t free_count;
+ size_t total_used;
+ size_t maximum_used;
+ size_t header_count;
+#endif
+#if defined(POLARSSL_THREADING_C)
+ threading_mutex_t mutex;
+#endif
+}
+buffer_alloc_ctx;
+
+static buffer_alloc_ctx heap;
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+static void debug_header( memory_header *hdr )
+{
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ size_t i;
+#endif
+
+ fprintf( stderr, "HDR: PTR(%10u), PREV(%10u), NEXT(%10u), ALLOC(%u), SIZE(%10u)\n",
+ (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
+ hdr->alloc, hdr->size );
+ fprintf( stderr, " FPREV(%10u), FNEXT(%10u)\n",
+ (size_t) hdr->prev_free, (size_t) hdr->next_free );
+
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ fprintf( stderr, "TRACE: \n" );
+ for( i = 0; i < hdr->trace_count; i++ )
+ fprintf( stderr, "%s\n", hdr->trace[i] );
+ fprintf( stderr, "\n" );
+#endif
+}
+
+static void debug_chain()
+{
+ memory_header *cur = heap.first;
+
+ fprintf( stderr, "\nBlock list\n" );
+ while( cur != NULL )
+ {
+ debug_header( cur );
+ cur = cur->next;
+ }
+
+ fprintf( stderr, "Free list\n" );
+ cur = heap.first_free;
+
+ while( cur != NULL )
+ {
+ debug_header( cur );
+ cur = cur->next_free;
+ }
+}
+#endif /* POLARSSL_MEMORY_DEBUG */
+
+static int verify_header( memory_header *hdr )
+{
+ if( hdr->magic1 != MAGIC1 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
+#endif
+ return( 1 );
+ }
+
+ if( hdr->magic2 != MAGIC2 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
+#endif
+ return( 1 );
+ }
+
+ if( hdr->alloc > 1 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: alloc has illegal value\n" );
+#endif
+ return( 1 );
+ }
+
+ if( hdr->prev != NULL && hdr->prev == hdr->next )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: prev == next\n" );
+#endif
+ return( 1 );
+ }
+
+ if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: prev_free == next_free\n" );
+#endif
+ return( 1 );
+ }
+
+ return( 0 );
+}
+
+static int verify_chain()
+{
+ memory_header *prv = heap.first, *cur = heap.first->next;
+
+ if( verify_header( heap.first ) != 0 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: verification of first header failed\n" );
+#endif
+ return( 1 );
+ }
+
+ if( heap.first->prev != NULL )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: verification failed: first->prev != NULL\n" );
+#endif
+ return( 1 );
+ }
+
+ while( cur != NULL )
+ {
+ if( verify_header( cur ) != 0 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: verification of header failed\n" );
+#endif
+ return( 1 );
+ }
+
+ if( cur->prev != prv )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: verification failed: cur->prev != prv\n" );
+#endif
+ return( 1 );
+ }
+
+ prv = cur;
+ cur = cur->next;
+ }
+
+ return( 0 );
+}
+
+static void *buffer_alloc_malloc( size_t len )
+{
+ memory_header *new, *cur = heap.first_free;
+ unsigned char *p;
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ void *trace_buffer[MAX_BT];
+ size_t trace_cnt;
+#endif
+
+ if( heap.buf == NULL || heap.first == NULL )
+ return( NULL );
+
+ if( len % POLARSSL_MEMORY_ALIGN_MULTIPLE )
+ {
+ len -= len % POLARSSL_MEMORY_ALIGN_MULTIPLE;
+ len += POLARSSL_MEMORY_ALIGN_MULTIPLE;
+ }
+
+ // Find block that fits
+ //
+ while( cur != NULL )
+ {
+ if( cur->size >= len )
+ break;
+
+ cur = cur->next_free;
+ }
+
+ if( cur == NULL )
+ return( NULL );
+
+ if( cur->alloc != 0 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: block in free_list but allocated data\n" );
+#endif
+ exit( 1 );
+ }
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+ heap.malloc_count++;
+#endif
+
+ // Found location, split block if > memory_header + 4 room left
+ //
+ if( cur->size - len < sizeof(memory_header) + POLARSSL_MEMORY_ALIGN_MULTIPLE )
+ {
+ cur->alloc = 1;
+
+ // Remove from free_list
+ //
+ if( cur->prev_free != NULL )
+ cur->prev_free->next_free = cur->next_free;
+ else
+ heap.first_free = cur->next_free;
+
+ if( cur->next_free != NULL )
+ cur->next_free->prev_free = cur->prev_free;
+
+ cur->prev_free = NULL;
+ cur->next_free = NULL;
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+ heap.total_used += cur->size;
+ if( heap.total_used > heap.maximum_used)
+ heap.maximum_used = heap.total_used;
+#endif
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ trace_cnt = backtrace( trace_buffer, MAX_BT );
+ cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+ cur->trace_count = trace_cnt;
+#endif
+
+ if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
+ exit( 1 );
+
+ return ( (unsigned char *) cur ) + sizeof(memory_header);
+ }
+
+ p = ( (unsigned char *) cur ) + sizeof(memory_header) + len;
+ new = (memory_header *) p;
+
+ new->size = cur->size - len - sizeof(memory_header);
+ new->alloc = 0;
+ new->prev = cur;
+ new->next = cur->next;
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ new->trace = NULL;
+ new->trace_count = 0;
+#endif
+ new->magic1 = MAGIC1;
+ new->magic2 = MAGIC2;
+
+ if( new->next != NULL )
+ new->next->prev = new;
+
+ // Replace cur with new in free_list
+ //
+ new->prev_free = cur->prev_free;
+ new->next_free = cur->next_free;
+ if( new->prev_free != NULL )
+ new->prev_free->next_free = new;
+ else
+ heap.first_free = new;
+
+ if( new->next_free != NULL )
+ new->next_free->prev_free = new;
+
+ cur->alloc = 1;
+ cur->size = len;
+ cur->next = new;
+ cur->prev_free = NULL;
+ cur->next_free = NULL;
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+ heap.header_count++;
+ heap.total_used += cur->size;
+ if( heap.total_used > heap.maximum_used)
+ heap.maximum_used = heap.total_used;
+#endif
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ trace_cnt = backtrace( trace_buffer, MAX_BT );
+ cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+ cur->trace_count = trace_cnt;
+#endif
+
+ if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
+ exit( 1 );
+
+ return ( (unsigned char *) cur ) + sizeof(memory_header);
+}
+
+static void buffer_alloc_free( void *ptr )
+{
+ memory_header *hdr, *old = NULL;
+ unsigned char *p = (unsigned char *) ptr;
+
+ if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
+ return;
+
+ if( p < heap.buf || p > heap.buf + heap.len )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: polarssl_free() outside of managed space\n" );
+#endif
+ exit( 1 );
+ }
+
+ p -= sizeof(memory_header);
+ hdr = (memory_header *) p;
+
+ if( verify_header( hdr ) != 0 )
+ exit( 1 );
+
+ if( hdr->alloc != 1 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ fprintf( stderr, "FATAL: polarssl_free() on unallocated data\n" );
+#endif
+ exit( 1 );
+ }
+
+ hdr->alloc = 0;
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+ heap.free_count++;
+ heap.total_used -= hdr->size;
+#endif
+
+ // Regroup with block before
+ //
+ if( hdr->prev != NULL && hdr->prev->alloc == 0 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ heap.header_count--;
+#endif
+ hdr->prev->size += sizeof(memory_header) + hdr->size;
+ hdr->prev->next = hdr->next;
+ old = hdr;
+ hdr = hdr->prev;
+
+ if( hdr->next != NULL )
+ hdr->next->prev = hdr;
+
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ free( old->trace );
+#endif
+ memset( old, 0, sizeof(memory_header) );
+ }
+
+ // Regroup with block after
+ //
+ if( hdr->next != NULL && hdr->next->alloc == 0 )
+ {
+#if defined(POLARSSL_MEMORY_DEBUG)
+ heap.header_count--;
+#endif
+ hdr->size += sizeof(memory_header) + hdr->next->size;
+ old = hdr->next;
+ hdr->next = hdr->next->next;
+
+ if( hdr->prev_free != NULL || hdr->next_free != NULL )
+ {
+ if( hdr->prev_free != NULL )
+ hdr->prev_free->next_free = hdr->next_free;
+ else
+ heap.first_free = hdr->next_free;
+
+ if( hdr->next_free != NULL )
+ hdr->next_free->prev_free = hdr->prev_free;
+ }
+
+ hdr->prev_free = old->prev_free;
+ hdr->next_free = old->next_free;
+
+ if( hdr->prev_free != NULL )
+ hdr->prev_free->next_free = hdr;
+ else
+ heap.first_free = hdr;
+
+ if( hdr->next_free != NULL )
+ hdr->next_free->prev_free = hdr;
+
+ if( hdr->next != NULL )
+ hdr->next->prev = hdr;
+
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ free( old->trace );
+#endif
+ memset( old, 0, sizeof(memory_header) );
+ }
+
+ // Prepend to free_list if we have not merged
+ // (Does not have to stay in same order as prev / next list)
+ //
+ if( old == NULL )
+ {
+ hdr->next_free = heap.first_free;
+ heap.first_free->prev_free = hdr;
+ heap.first_free = hdr;
+ }
+
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ hdr->trace = NULL;
+ hdr->trace_count = 0;
+#endif
+
+ if( ( heap.verify & MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
+ exit( 1 );
+}
+
+void memory_buffer_set_verify( int verify )
+{
+ heap.verify = verify;
+}
+
+int memory_buffer_alloc_verify()
+{
+ return verify_chain();
+}
+
+#if defined(POLARSSL_MEMORY_DEBUG)
+void memory_buffer_alloc_status()
+{
+ fprintf( stderr,
+ "Current use: %u blocks / %u bytes, max: %u bytes, malloc / free: %u / %u\n",
+ heap.header_count, heap.total_used, heap.maximum_used,
+ heap.malloc_count, heap.free_count );
+
+ if( heap.first->next == NULL )
+ fprintf( stderr, "All memory de-allocated in stack buffer\n" );
+ else
+ {
+ fprintf( stderr, "Memory currently allocated:\n" );
+ debug_chain();
+ }
+}
+#endif /* POLARSSL_MEMORY_BUFFER_ALLOC_DEBUG */
+
+#if defined(POLARSSL_THREADING_C)
+static void *buffer_alloc_malloc_mutexed( size_t len )
+{
+ void *buf;
+ polarssl_mutex_lock( &heap.mutex );
+ buf = buffer_alloc_malloc( len );
+ polarssl_mutex_unlock( &heap.mutex );
+ return( buf );
+}
+
+static void buffer_alloc_free_mutexed( void *ptr )
+{
+ polarssl_mutex_lock( &heap.mutex );
+ buffer_alloc_free( ptr );
+ polarssl_mutex_unlock( &heap.mutex );
+}
+#endif
+
+int memory_buffer_alloc_init( unsigned char *buf, size_t len )
+{
+ memset( &heap, 0, sizeof(buffer_alloc_ctx) );
+ memset( buf, 0, len );
+
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_init( &heap.mutex );
+ polarssl_malloc = buffer_alloc_malloc_mutexed;
+ polarssl_free = buffer_alloc_free_mutexed;
+#else
+ polarssl_malloc = buffer_alloc_malloc;
+ polarssl_free = buffer_alloc_free;
+#endif
+
+ heap.buf = buf;
+ heap.len = len;
+
+ heap.first = (memory_header *) buf;
+ heap.first->size = len - sizeof(memory_header);
+ heap.first->magic1 = MAGIC1;
+ heap.first->magic2 = MAGIC2;
+ heap.first_free = heap.first;
+ return( 0 );
+}
+
+void memory_buffer_alloc_free()
+{
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_free( &heap.mutex );
+#endif
+ memset( &heap, 0, sizeof(buffer_alloc_ctx) );
+}
+
+#endif /* POLARSSL_MEMORY_C && POLARSSL_MEMORY_BUFFER_ALLOC_C */
/*
* TCP networking functions
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/net.h"
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+ !defined(EFI32)
#include <winsock2.h>
#include <windows.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#if defined(POLARSSL_HAVE_TIME)
#include <sys/time.h>
+#endif
#include <unistd.h>
#include <signal.h>
#include <fcntl.h>
#include <netdb.h>
#include <errno.h>
-#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || \
+ defined(__DragonflyBSD__)
#include <sys/endian.h>
-#elif defined(__APPLE__)
+#elif defined(__APPLE__) || defined(HAVE_MACHINE_ENDIAN_H) || \
+ defined(EFIX64) || defined(EFI32)
#include <machine/endian.h>
-#elif defined (__SVR4) && defined (__sun)
+#elif defined(sun)
#include <sys/isa_defs.h>
+#elif defined(_AIX) || defined(HAVE_ARPA_NAMESER_COMPAT_H)
+#include <arpa/nameser_compat.h>
#else
#include <endian.h>
#endif
#include <stdlib.h>
#include <stdio.h>
+
+#if defined(POLARSSL_HAVE_TIME)
#include <time.h>
+#endif
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
/*
* htons() is not always available.
* By default go for LITTLE_ENDIAN variant. Otherwise hope for _BYTE_ORDER and __BIG_ENDIAN
- * to help determine endianess.
+ * to help determine endianness.
*/
#if defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && __BYTE_ORDER == __BIG_ENDIAN
#define POLARSSL_HTONS(n) (n)
+#define POLARSSL_HTONL(n) (n)
#else
-#define POLARSSL_HTONS(n) (((((unsigned short)(n) & 0xFF)) << 8) | (((unsigned short)(n) & 0xFF00) >> 8))
+#define POLARSSL_HTONS(n) ((((unsigned short)(n) & 0xFF ) << 8 ) | \
+ (((unsigned short)(n) & 0xFF00 ) >> 8 ))
+#define POLARSSL_HTONL(n) ((((unsigned long )(n) & 0xFF ) << 24) | \
+ (((unsigned long )(n) & 0xFF00 ) << 8 ) | \
+ (((unsigned long )(n) & 0xFF0000 ) >> 8 ) | \
+ (((unsigned long )(n) & 0xFF000000) >> 24))
#endif
unsigned short net_htons(unsigned short n);
+unsigned long net_htonl(unsigned long n);
#define net_htons(n) POLARSSL_HTONS(n)
+#define net_htonl(n) POLARSSL_HTONL(n)
/*
* Initiate a TCP connection with host:port
struct sockaddr_in server_addr;
struct hostent *server_host;
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+ !defined(EFI32)
+
WSADATA wsaData;
if( wsa_init_done == 0 )
wsa_init_done = 1;
}
#else
+#if !defined(EFIX64) && !defined(EFI32)
signal( SIGPIPE, SIG_IGN );
+#endif
#endif
if( ( server_host = gethostbyname( host ) ) == NULL )
return( POLARSSL_ERR_NET_UNKNOWN_HOST );
- if( ( *fd = socket( AF_INET, SOCK_STREAM, IPPROTO_IP ) ) < 0 )
+ if( ( *fd = (int) socket( AF_INET, SOCK_STREAM, IPPROTO_IP ) ) < 0 )
return( POLARSSL_ERR_NET_SOCKET_FAILED );
memcpy( (void *) &server_addr.sin_addr,
int n, c[4];
struct sockaddr_in server_addr;
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+ !defined(EFI32)
WSADATA wsaData;
if( wsa_init_done == 0 )
wsa_init_done = 1;
}
#else
+#if !defined(EFIX64) && !defined(EFI32)
signal( SIGPIPE, SIG_IGN );
+#endif
#endif
- if( ( *fd = socket( AF_INET, SOCK_STREAM, IPPROTO_IP ) ) < 0 )
+ if( ( *fd = (int) socket( AF_INET, SOCK_STREAM, IPPROTO_IP ) ) < 0 )
return( POLARSSL_ERR_NET_SOCKET_FAILED );
n = 1;
setsockopt( *fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof( n ) );
- server_addr.sin_addr.s_addr = INADDR_ANY;
+ server_addr.sin_addr.s_addr = net_htonl( INADDR_ANY );
server_addr.sin_family = AF_INET;
server_addr.sin_port = net_htons( port );
break;
if( n == 4 )
- server_addr.sin_addr.s_addr =
- ( (unsigned long) c[0] << 24 ) |
- ( (unsigned long) c[1] << 16 ) |
- ( (unsigned long) c[2] << 8 ) |
- ( (unsigned long) c[3] );
+ server_addr.sin_addr.s_addr = net_htonl(
+ ( (uint32_t) c[0] << 24 ) |
+ ( (uint32_t) c[1] << 16 ) |
+ ( (uint32_t) c[2] << 8 ) |
+ ( (uint32_t) c[3] ) );
}
if( bind( *fd, (struct sockaddr *) &server_addr,
*/
static int net_is_blocking( void )
{
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+ !defined(EFI32)
return( WSAGetLastError() == WSAEWOULDBLOCK );
#else
switch( errno )
int n = (int) sizeof( client_addr );
#endif
- *client_fd = accept( bind_fd, (struct sockaddr *)
- &client_addr, &n );
+ *client_fd = (int) accept( bind_fd, (struct sockaddr *)
+ &client_addr, &n );
if( *client_fd < 0 )
{
*/
int net_set_block( int fd )
{
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+ !defined(EFI32)
u_long n = 0;
return( ioctlsocket( fd, FIONBIO, &n ) );
#else
int net_set_nonblock( int fd )
{
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+ !defined(EFI32)
u_long n = 1;
return( ioctlsocket( fd, FIONBIO, &n ) );
#else
#endif
}
+#if defined(POLARSSL_HAVE_TIME)
/*
* Portable usleep helper
*/
tv.tv_usec = usec;
select( 0, NULL, NULL, NULL, &tv );
}
+#endif /* POLARSSL_HAVE_TIME */
/*
* Read at most 'len' characters
*/
int net_recv( void *ctx, unsigned char *buf, size_t len )
-{
+{
int ret = read( *((int *) ctx), buf, len );
if( ret < 0 )
if( net_is_blocking() != 0 )
return( POLARSSL_ERR_NET_WANT_READ );
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+ !defined(EFI32)
if( WSAGetLastError() == WSAECONNRESET )
return( POLARSSL_ERR_NET_CONN_RESET );
#else
if( net_is_blocking() != 0 )
return( POLARSSL_ERR_NET_WANT_WRITE );
-#if defined(_WIN32) || defined(_WIN32_WCE)
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+ !defined(EFI32)
if( WSAGetLastError() == WSAECONNRESET )
return( POLARSSL_ERR_NET_CONN_RESET );
#else
--- /dev/null
+/**
+ * \file oid.c
+ *
+ * \brief Object Identifier (OID) database
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_OID_C)
+
+#include "polarssl/oid.h"
+#include "polarssl/rsa.h"
+
+#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
+#include "polarssl/x509.h"
+#endif
+
+#include <stdio.h>
+
+/*
+ * Macro to automatically add the size of #define'd OIDs
+ */
+#define ADD_LEN(s) s, OID_SIZE(s)
+
+/*
+ * Macro to generate an internal function for oid_XXX_from_asn1() (used by
+ * the other functions)
+ */
+#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
+static const TYPE_T * oid_ ## NAME ## _from_asn1( const asn1_buf *oid ) \
+{ \
+ const TYPE_T *p = LIST; \
+ const oid_descriptor_t *cur = (const oid_descriptor_t *) p; \
+ if( p == NULL || oid == NULL ) return( NULL ); \
+ while( cur->asn1 != NULL ) { \
+ if( cur->asn1_len == oid->len && \
+ memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
+ return( p ); \
+ } \
+ p++; \
+ cur = (const oid_descriptor_t *) p; \
+ } \
+ return( NULL ); \
+}
+
+/*
+ * Macro to generate a function for retrieving a single attribute from the
+ * descriptor of an oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
+int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
+{ \
+ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
+ if( data == NULL ) return ( POLARSSL_ERR_OID_NOT_FOUND ); \
+ *ATTR1 = data->descriptor.ATTR1; \
+ return( 0 ); \
+}
+
+/*
+ * Macro to generate a function for retrieving a single attribute from an
+ * oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
+int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
+{ \
+ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
+ if( data == NULL ) return ( POLARSSL_ERR_OID_NOT_FOUND ); \
+ *ATTR1 = data->ATTR1; \
+ return( 0 ); \
+}
+
+/*
+ * Macro to generate a function for retrieving two attributes from an
+ * oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
+ ATTR2_TYPE, ATTR2) \
+int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2 ) \
+{ \
+ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
+ if( data == NULL ) return ( POLARSSL_ERR_OID_NOT_FOUND ); \
+ *ATTR1 = data->ATTR1; \
+ *ATTR2 = data->ATTR2; \
+ return( 0 ); \
+}
+
+/*
+ * Macro to generate a function for retrieving the OID based on a single
+ * attribute from a oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
+int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
+{ \
+ const TYPE_T *cur = LIST; \
+ while( cur->descriptor.asn1 != NULL ) { \
+ if( cur->ATTR1 == ATTR1 ) { \
+ *oid = cur->descriptor.asn1; \
+ *olen = cur->descriptor.asn1_len; \
+ return( 0 ); \
+ } \
+ cur++; \
+ } \
+ return( POLARSSL_ERR_OID_NOT_FOUND ); \
+}
+
+/*
+ * Macro to generate a function for retrieving the OID based on two
+ * attributes from a oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
+ ATTR2_TYPE, ATTR2) \
+int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
+ size_t *olen ) \
+{ \
+ const TYPE_T *cur = LIST; \
+ while( cur->descriptor.asn1 != NULL ) { \
+ if( cur->ATTR1 == ATTR1 && cur->ATTR2 == ATTR2 ) { \
+ *oid = cur->descriptor.asn1; \
+ *olen = cur->descriptor.asn1_len; \
+ return( 0 ); \
+ } \
+ cur++; \
+ } \
+ return( POLARSSL_ERR_OID_NOT_FOUND ); \
+}
+
+/*
+ * For X520 attribute types
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ const char *short_name;
+} oid_x520_attr_t;
+
+static const oid_x520_attr_t oid_x520_attr_type[] =
+{
+ {
+ { ADD_LEN( OID_AT_CN ), "id-at-commonName", "Common Name" },
+ "CN",
+ },
+ {
+ { ADD_LEN( OID_AT_COUNTRY ), "id-at-countryName", "Country" },
+ "C",
+ },
+ {
+ { ADD_LEN( OID_AT_LOCALITY ), "id-at-locality", "Locality" },
+ "L",
+ },
+ {
+ { ADD_LEN( OID_AT_STATE ), "id-at-state", "State" },
+ "ST",
+ },
+ {
+ { ADD_LEN( OID_AT_ORGANIZATION ),"id-at-organizationName", "Organization" },
+ "O",
+ },
+ {
+ { ADD_LEN( OID_AT_ORG_UNIT ), "id-at-organizationalUnitName", "Org Unit" },
+ "OU",
+ },
+ {
+ { ADD_LEN( OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" },
+ "emailAddress",
+ },
+ {
+ { ADD_LEN( OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" },
+ "serialNumber",
+ },
+ {
+ { ADD_LEN( OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" },
+ "postalAddress",
+ },
+ {
+ { ADD_LEN( OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" },
+ "postalCode",
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ NULL,
+ }
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type);
+FN_OID_GET_ATTR1(oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name);
+
+#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
+/*
+ * For X509 extensions
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ int ext_type;
+} oid_x509_ext_t;
+
+static const oid_x509_ext_t oid_x509_ext[] =
+{
+ {
+ { ADD_LEN( OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
+ EXT_BASIC_CONSTRAINTS,
+ },
+ {
+ { ADD_LEN( OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
+ EXT_KEY_USAGE,
+ },
+ {
+ { ADD_LEN( OID_EXTENDED_KEY_USAGE ), "id-ce-keyUsage", "Extended Key Usage" },
+ EXT_EXTENDED_KEY_USAGE,
+ },
+ {
+ { ADD_LEN( OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
+ EXT_SUBJECT_ALT_NAME,
+ },
+ {
+ { ADD_LEN( OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
+ EXT_NS_CERT_TYPE,
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ 0,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext);
+FN_OID_GET_ATTR1(oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type);
+
+static const oid_descriptor_t oid_ext_key_usage[] =
+{
+ { ADD_LEN( OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" },
+ { ADD_LEN( OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" },
+ { ADD_LEN( OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" },
+ { ADD_LEN( OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
+ { ADD_LEN( OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" },
+ { ADD_LEN( OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" },
+ { NULL, 0, NULL, NULL },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_descriptor_t, ext_key_usage, oid_ext_key_usage);
+FN_OID_GET_ATTR1(oid_get_extended_key_usage, oid_descriptor_t, ext_key_usage, const char *, description);
+#endif /* POLARSSL_X509_USE_C || POLARSSL_X509_CREATE_C */
+
+#if defined(POLARSSL_MD_C)
+/*
+ * For SignatureAlgorithmIdentifier
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ md_type_t md_alg;
+ pk_type_t pk_alg;
+} oid_sig_alg_t;
+
+static const oid_sig_alg_t oid_sig_alg[] =
+{
+ {
+ { ADD_LEN( OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" },
+ POLARSSL_MD_MD2, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" },
+ POLARSSL_MD_MD4, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" },
+ POLARSSL_MD_MD5, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" },
+ POLARSSL_MD_SHA1, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" },
+ POLARSSL_MD_SHA224, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" },
+ POLARSSL_MD_SHA256, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" },
+ POLARSSL_MD_SHA384, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" },
+ POLARSSL_MD_SHA512, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" },
+ POLARSSL_MD_SHA1, POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" },
+ POLARSSL_MD_SHA1, POLARSSL_PK_ECDSA,
+ },
+ {
+ { ADD_LEN( OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" },
+ POLARSSL_MD_SHA224, POLARSSL_PK_ECDSA,
+ },
+ {
+ { ADD_LEN( OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" },
+ POLARSSL_MD_SHA256, POLARSSL_PK_ECDSA,
+ },
+ {
+ { ADD_LEN( OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" },
+ POLARSSL_MD_SHA384, POLARSSL_PK_ECDSA,
+ },
+ {
+ { ADD_LEN( OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" },
+ POLARSSL_MD_SHA512, POLARSSL_PK_ECDSA,
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ 0, 0,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg);
+FN_OID_GET_DESCRIPTOR_ATTR1(oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description);
+FN_OID_GET_ATTR2(oid_get_sig_alg, oid_sig_alg_t, sig_alg, md_type_t, md_alg, pk_type_t, pk_alg);
+FN_OID_GET_OID_BY_ATTR2(oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, pk_type_t, pk_alg, md_type_t, md_alg);
+#endif /* POLARSSL_MD_C */
+
+/*
+ * For PublicKeyInfo (PKCS1, RFC 5480)
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ pk_type_t pk_alg;
+} oid_pk_alg_t;
+
+static const oid_pk_alg_t oid_pk_alg[] =
+{
+ {
+ { ADD_LEN( OID_PKCS1_RSA ), "rsaEncryption", "RSA" },
+ POLARSSL_PK_RSA,
+ },
+ {
+ { ADD_LEN( OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" },
+ POLARSSL_PK_ECKEY,
+ },
+ {
+ { ADD_LEN( OID_EC_ALG_ECDH ), "id-ecDH", "EC key for ECDH" },
+ POLARSSL_PK_ECKEY_DH,
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ 0,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg);
+FN_OID_GET_ATTR1(oid_get_pk_alg, oid_pk_alg_t, pk_alg, pk_type_t, pk_alg);
+FN_OID_GET_OID_BY_ATTR1(oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, pk_type_t, pk_alg);
+
+#if defined(POLARSSL_ECP_C)
+/*
+ * For namedCurve (RFC 5480)
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ ecp_group_id grp_id;
+} oid_ecp_grp_t;
+
+static const oid_ecp_grp_t oid_ecp_grp[] =
+{
+ {
+ { ADD_LEN( OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" },
+ POLARSSL_ECP_DP_SECP192R1,
+ },
+ {
+ { ADD_LEN( OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" },
+ POLARSSL_ECP_DP_SECP224R1,
+ },
+ {
+ { ADD_LEN( OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" },
+ POLARSSL_ECP_DP_SECP256R1,
+ },
+ {
+ { ADD_LEN( OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" },
+ POLARSSL_ECP_DP_SECP384R1,
+ },
+ {
+ { ADD_LEN( OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" },
+ POLARSSL_ECP_DP_SECP521R1,
+ },
+ {
+ { ADD_LEN( OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" },
+ POLARSSL_ECP_DP_BP256R1,
+ },
+ {
+ { ADD_LEN( OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" },
+ POLARSSL_ECP_DP_BP384R1,
+ },
+ {
+ { ADD_LEN( OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" },
+ POLARSSL_ECP_DP_BP512R1,
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ 0,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp);
+FN_OID_GET_ATTR1(oid_get_ec_grp, oid_ecp_grp_t, grp_id, ecp_group_id, grp_id);
+FN_OID_GET_OID_BY_ATTR1(oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, ecp_group_id, grp_id);
+#endif /* POLARSSL_ECP_C */
+
+#if defined(POLARSSL_CIPHER_C)
+/*
+ * For PKCS#5 PBES2 encryption algorithm
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ cipher_type_t cipher_alg;
+} oid_cipher_alg_t;
+
+static const oid_cipher_alg_t oid_cipher_alg[] =
+{
+ {
+ { ADD_LEN( OID_DES_CBC ), "desCBC", "DES-CBC" },
+ POLARSSL_CIPHER_DES_CBC,
+ },
+ {
+ { ADD_LEN( OID_DES_EDE3_CBC ), "des-ede3-cbc", "DES-EDE3-CBC" },
+ POLARSSL_CIPHER_DES_EDE3_CBC,
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ 0,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg);
+FN_OID_GET_ATTR1(oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, cipher_type_t, cipher_alg);
+#endif /* POLARSSL_CIPHER_C */
+
+#if defined(POLARSSL_MD_C)
+/*
+ * For digestAlgorithm
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ md_type_t md_alg;
+} oid_md_alg_t;
+
+static const oid_md_alg_t oid_md_alg[] =
+{
+ {
+ { ADD_LEN( OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" },
+ POLARSSL_MD_MD2,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" },
+ POLARSSL_MD_MD4,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" },
+ POLARSSL_MD_MD5,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
+ POLARSSL_MD_SHA1,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
+ POLARSSL_MD_SHA1,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
+ POLARSSL_MD_SHA224,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" },
+ POLARSSL_MD_SHA256,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" },
+ POLARSSL_MD_SHA384,
+ },
+ {
+ { ADD_LEN( OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" },
+ POLARSSL_MD_SHA512,
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ 0,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg);
+FN_OID_GET_ATTR1(oid_get_md_alg, oid_md_alg_t, md_alg, md_type_t, md_alg);
+FN_OID_GET_OID_BY_ATTR1(oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, md_type_t, md_alg);
+#endif /* POLARSSL_MD_C */
+
+#if defined(POLARSSL_PKCS12_C)
+/*
+ * For PKCS#12 PBEs
+ */
+typedef struct {
+ oid_descriptor_t descriptor;
+ md_type_t md_alg;
+ cipher_type_t cipher_alg;
+} oid_pkcs12_pbe_alg_t;
+
+static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
+{
+ {
+ { ADD_LEN( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
+ POLARSSL_MD_SHA1, POLARSSL_CIPHER_DES_EDE3_CBC,
+ },
+ {
+ { ADD_LEN( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
+ POLARSSL_MD_SHA1, POLARSSL_CIPHER_DES_EDE_CBC,
+ },
+ {
+ { NULL, 0, NULL, NULL },
+ 0, 0,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg);
+FN_OID_GET_ATTR2(oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, md_type_t, md_alg, cipher_type_t, cipher_alg);
+#endif /* POLARSSL_PKCS12_C */
+
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+#include <stdarg.h>
+
+#if !defined vsnprintf
+#define vsnprintf _vsnprintf
+#endif // vsnprintf
+
+/*
+ * Windows _snprintf and _vsnprintf are not compatible to linux versions.
+ * Result value is not size of buffer needed, but -1 if no fit is possible.
+ *
+ * This fuction tries to 'fix' this by at least suggesting enlarging the
+ * size by 20.
+ */
+static int compat_snprintf(char *str, size_t size, const char *format, ...)
+{
+ va_list ap;
+ int res = -1;
+
+ va_start( ap, format );
+
+ res = vsnprintf( str, size, format, ap );
+
+ va_end( ap );
+
+ // No quick fix possible
+ if ( res < 0 )
+ return( (int) size + 20 );
+
+ return res;
+}
+
+#define snprintf compat_snprintf
+#endif
+
+#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
+
+#define SAFE_SNPRINTF() \
+{ \
+ if( ret == -1 ) \
+ return( -1 ); \
+ \
+ if ( (unsigned int) ret > n ) { \
+ p[n - 1] = '\0'; \
+ return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
+ } \
+ \
+ n -= (unsigned int) ret; \
+ p += (unsigned int) ret; \
+}
+
+/* Return the x.y.z.... style numeric string for the given OID */
+int oid_get_numeric_string( char *buf, size_t size,
+ const asn1_buf *oid )
+{
+ int ret;
+ size_t i, n;
+ unsigned int value;
+ char *p;
+
+ p = buf;
+ n = size;
+
+ /* First byte contains first two dots */
+ if( oid->len > 0 )
+ {
+ ret = snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
+ SAFE_SNPRINTF();
+ }
+
+ value = 0;
+ for( i = 1; i < oid->len; i++ )
+ {
+ /* Prevent overflow in value. */
+ if ( ( ( value << 7 ) >> 7 ) != value )
+ return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
+
+ value <<= 7;
+ value += oid->p[i] & 0x7F;
+
+ if( !( oid->p[i] & 0x80 ) )
+ {
+ /* Last byte */
+ ret = snprintf( p, n, ".%d", value );
+ SAFE_SNPRINTF();
+ value = 0;
+ }
+ }
+
+ return( (int) ( size - n ) );
+}
+
+#endif /* POLARSSL_OID_C */
unsigned char output[16] )
{
int ebx;
- unsigned long *rk;
- unsigned long *blk;
- unsigned long *ctrl;
+ uint32_t *rk;
+ uint32_t *blk;
+ uint32_t *ctrl;
unsigned char buf[256];
rk = ctx->rk;
{
int ebx;
size_t count;
- unsigned long *rk;
- unsigned long *iw;
- unsigned long *ctrl;
+ uint32_t *rk;
+ uint32_t *iw;
+ uint32_t *ctrl;
unsigned char buf[256];
if( ( (long) input & 15 ) != 0 ||
--- /dev/null
+/**
+ * \file pbkdf2.c
+ *
+ * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
+ * DEPRECATED: Use pkcs5.c instead
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ * Copyright (C) 2006-2012, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * PBKDF2 is part of PKCS#5
+ *
+ * http://tools.ietf.org/html/rfc2898 (Specification)
+ * http://tools.ietf.org/html/rfc6070 (Test vectors)
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_PBKDF2_C)
+
+#include "polarssl/pbkdf2.h"
+#include "polarssl/pkcs5.h"
+
+int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen,
+ const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output )
+{
+ return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
+ key_length, output );
+}
+
+#if defined(POLARSSL_SELF_TEST)
+int pbkdf2_self_test( int verbose )
+{
+ return pkcs5_self_test( verbose );
+}
+#endif /* POLARSSL_SELF_TEST */
+
+#endif /* POLARSSL_PBKDF2_C */
/*
* Privacy Enhanced Mail (PEM) decoding
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/config.h"
-#if defined(POLARSSL_PEM_C)
-
+#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
#include "polarssl/pem.h"
#include "polarssl/base64.h"
#include "polarssl/des.h"
#include "polarssl/md5.h"
#include "polarssl/cipher.h"
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
#include <stdlib.h>
+#if defined(POLARSSL_PEM_PARSE_C)
void pem_init( pem_context *ctx )
{
memset( ctx, 0, sizeof( pem_context ) );
}
-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
/*
* Read a 16-byte hex string and convert it to binary
*/
}
#endif /* POLARSSL_AES_C */
-#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+ ( POLARSSL_AES_C || POLARSSL_DES_C ) */
-int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, size_t pwdlen, size_t *use_len )
+int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
+ const unsigned char *data, const unsigned char *pwd,
+ size_t pwdlen, size_t *use_len )
{
int ret, enc;
size_t len;
unsigned char *buf;
- unsigned char *s1, *s2;
-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+ const unsigned char *s1, *s2, *end;
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
unsigned char pem_iv[16];
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
#else
((void) pwd);
((void) pwdlen);
-#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+ ( POLARSSL_AES_C || POLARSSL_DES_C ) */
if( ctx == NULL )
- return( POLARSSL_ERR_PEM_INVALID_DATA );
+ return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
- s1 = (unsigned char *) strstr( (char *) data, header );
+ s1 = (unsigned char *) strstr( (const char *) data, header );
if( s1 == NULL )
- return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
+ return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
- s2 = (unsigned char *) strstr( (char *) data, footer );
+ s2 = (unsigned char *) strstr( (const char *) data, footer );
if( s2 == NULL || s2 <= s1 )
- return( POLARSSL_ERR_PEM_INVALID_DATA );
+ return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
s1 += strlen( header );
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
- else return( POLARSSL_ERR_PEM_INVALID_DATA );
+ else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+
+ end = s2;
+ end += strlen( footer );
+ if( *end == '\r' ) end++;
+ if( *end == '\n' ) end++;
+ *use_len = end - data;
enc = 0;
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
enc++;
s1 += 22;
s1 += 32;
}
#endif /* POLARSSL_AES_C */
-
+
if( enc_alg == POLARSSL_CIPHER_NONE )
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
else return( POLARSSL_ERR_PEM_INVALID_DATA );
#else
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+ ( POLARSSL_AES_C || POLARSSL_DES_C ) */
}
len = 0;
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
- if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
+ if( ( buf = (unsigned char *) polarssl_malloc( len ) ) == NULL )
return( POLARSSL_ERR_PEM_MALLOC_FAILED );
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
{
- free( buf );
+ polarssl_free( buf );
return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
}
-
+
if( enc != 0 )
{
-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
if( pwd == NULL )
{
- free( buf );
+ polarssl_free( buf );
return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
}
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
#endif /* POLARSSL_AES_C */
- if( buf[0] != 0x30 || buf[1] != 0x82 ||
- buf[4] != 0x02 || buf[5] != 0x01 )
+ /*
+ * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
+ * length bytes (allow 4 to be sure) in all known use cases.
+ *
+ * Use that as heurisitic to try detecting password mismatchs.
+ */
+ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
{
- free( buf );
+ polarssl_free( buf );
return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
}
#else
+ polarssl_free( buf );
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+ ( POLARSSL_AES_C || POLARSSL_DES_C ) */
}
ctx->buf = buf;
ctx->buflen = len;
- s2 += strlen( footer );
- if( *s2 == '\r' ) s2++;
- if( *s2 == '\n' ) s2++;
- *use_len = s2 - data;
return( 0 );
}
void pem_free( pem_context *ctx )
{
if( ctx->buf )
- free( ctx->buf );
+ polarssl_free( ctx->buf );
if( ctx->info )
- free( ctx->info );
+ polarssl_free( ctx->info );
memset( ctx, 0, sizeof( pem_context ) );
}
+#endif /* POLARSSL_PEM_PARSE_C */
-#endif
+#if defined(POLARSSL_PEM_WRITE_C)
+int pem_write_buffer( const char *header, const char *footer,
+ const unsigned char *der_data, size_t der_len,
+ unsigned char *buf, size_t buf_len, size_t *olen )
+{
+ int ret;
+ unsigned char *encode_buf, *c, *p = buf;
+ size_t len = 0, use_len = 0;
+ size_t add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
+
+ base64_encode( NULL, &use_len, der_data, der_len );
+ if( use_len + add_len > buf_len )
+ {
+ *olen = use_len + add_len;
+ return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
+ }
+
+ if( ( encode_buf = polarssl_malloc( use_len ) ) == NULL )
+ return( POLARSSL_ERR_PEM_MALLOC_FAILED );
+
+ if( ( ret = base64_encode( encode_buf, &use_len, der_data,
+ der_len ) ) != 0 )
+ {
+ polarssl_free( encode_buf );
+ return( ret );
+ }
+
+ memcpy( p, header, strlen( header ) );
+ p += strlen( header );
+ c = encode_buf;
+
+ while( use_len )
+ {
+ len = ( use_len > 64 ) ? 64 : use_len;
+ memcpy( p, c, len );
+ use_len -= len;
+ p += len;
+ c += len;
+ *p++ = '\n';
+ }
+
+ memcpy( p, footer, strlen( footer ) );
+ p += strlen( footer );
+
+ *p++ = '\0';
+ *olen = p - buf;
+
+ polarssl_free( encode_buf );
+ return( 0 );
+}
+#endif /* POLARSSL_PEM_WRITE_C */
+#endif /* POLARSSL_PEM_PARSE_C || POLARSSL_PEM_WRITE_C */
--- /dev/null
+/*
+ * Public Key abstraction layer
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_PK_C)
+
+#include "polarssl/pk.h"
+#include "polarssl/pk_wrap.h"
+
+#if defined(POLARSSL_RSA_C)
+#include "polarssl/rsa.h"
+#endif
+#if defined(POLARSSL_ECP_C)
+#include "polarssl/ecp.h"
+#endif
+#if defined(POLARSSL_ECDSA_C)
+#include "polarssl/ecdsa.h"
+#endif
+
+/*
+ * Initialise a pk_context
+ */
+void pk_init( pk_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ ctx->pk_info = NULL;
+ ctx->pk_ctx = NULL;
+}
+
+/*
+ * Free (the components of) a pk_context
+ */
+void pk_free( pk_context *ctx )
+{
+ if( ctx == NULL || ctx->pk_info == NULL)
+ return;
+
+ ctx->pk_info->ctx_free_func( ctx->pk_ctx );
+ ctx->pk_ctx = NULL;
+
+ ctx->pk_info = NULL;
+}
+
+/*
+ * Get pk_info structure from type
+ */
+const pk_info_t * pk_info_from_type( pk_type_t pk_type )
+{
+ switch( pk_type ) {
+#if defined(POLARSSL_RSA_C)
+ case POLARSSL_PK_RSA:
+ return &rsa_info;
+#endif
+#if defined(POLARSSL_ECP_C)
+ case POLARSSL_PK_ECKEY:
+ return &eckey_info;
+ case POLARSSL_PK_ECKEY_DH:
+ return &eckeydh_info;
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ case POLARSSL_PK_ECDSA:
+ return &ecdsa_info;
+#endif
+ /* POLARSSL_PK_RSA_ALT ommited on purpose */
+ default:
+ return NULL;
+ }
+}
+
+/*
+ * Initialise context
+ */
+int pk_init_ctx( pk_context *ctx, const pk_info_t *info )
+{
+ if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
+ return( POLARSSL_ERR_PK_MALLOC_FAILED );
+
+ ctx->pk_info = info;
+
+ return( 0 );
+}
+
+/*
+ * Initialize an RSA-alt context
+ */
+int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
+ pk_rsa_alt_decrypt_func decrypt_func,
+ pk_rsa_alt_sign_func sign_func,
+ pk_rsa_alt_key_len_func key_len_func )
+{
+ rsa_alt_context *rsa_alt;
+ const pk_info_t *info = &rsa_alt_info;
+
+ if( ctx == NULL || ctx->pk_info != NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
+ return( POLARSSL_ERR_PK_MALLOC_FAILED );
+
+ ctx->pk_info = info;
+
+ rsa_alt = (rsa_alt_context *) ctx->pk_ctx;
+
+ rsa_alt->key = key;
+ rsa_alt->decrypt_func = decrypt_func;
+ rsa_alt->sign_func = sign_func;
+ rsa_alt->key_len_func = key_len_func;
+
+ return( 0 );
+}
+
+/*
+ * Tell if a PK can do the operations of the given type
+ */
+int pk_can_do( pk_context *ctx, pk_type_t type )
+{
+ /* null or NONE context can't do anything */
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( 0 );
+
+ return( ctx->pk_info->can_do( type ) );
+}
+
+/*
+ * Helper for pk_sign and pk_verify
+ */
+static inline int pk_hashlen_helper( md_type_t md_alg, size_t *hash_len )
+{
+ const md_info_t *md_info;
+
+ if( *hash_len != 0 )
+ return( 0 );
+
+ if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
+ return( -1 );
+
+ *hash_len = md_info->size;
+ return( 0 );
+}
+
+/*
+ * Verify a signature
+ */
+int pk_verify( pk_context *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
+ if( ctx == NULL || ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ctx->pk_info->verify_func == NULL )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
+ sig, sig_len ) );
+}
+
+/*
+ * Make a signature
+ */
+int pk_sign( pk_context *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ if( ctx == NULL || ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ctx->pk_info->sign_func == NULL )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng ) );
+}
+
+/*
+ * Decrypt message
+ */
+int pk_decrypt( pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ctx->pk_info->decrypt_func == NULL )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
+ output, olen, osize, f_rng, p_rng ) );
+}
+
+/*
+ * Encrypt message
+ */
+int pk_encrypt( pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ctx->pk_info->encrypt_func == NULL )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
+ output, olen, osize, f_rng, p_rng ) );
+}
+
+/*
+ * Get key size in bits
+ */
+size_t pk_get_size( const pk_context *ctx )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( 0 );
+
+ return( ctx->pk_info->get_size( ctx->pk_ctx ) );
+}
+
+/*
+ * Export debug information
+ */
+int pk_debug( const pk_context *ctx, pk_debug_item *items )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ ctx->pk_info->debug_func( ctx->pk_ctx, items );
+ return( 0 );
+}
+
+/*
+ * Access the PK type name
+ */
+const char * pk_get_name( const pk_context *ctx )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( "invalid PK" );
+
+ return( ctx->pk_info->name );
+}
+
+/*
+ * Access the PK type
+ */
+pk_type_t pk_get_type( const pk_context *ctx )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( POLARSSL_PK_NONE );
+
+ return( ctx->pk_info->type );
+}
+
+#endif /* POLARSSL_PK_C */
--- /dev/null
+/*
+ * Public Key abstraction layer: wrapper functions
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_PK_C)
+
+#include "polarssl/pk_wrap.h"
+
+/* Even if RSA not activated, for the sake of RSA-alt */
+#include "polarssl/rsa.h"
+
+#if defined(POLARSSL_ECP_C)
+#include "polarssl/ecp.h"
+#endif
+
+#if defined(POLARSSL_ECDSA_C)
+#include "polarssl/ecdsa.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#include <stdlib.h>
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+/* Used by RSA-alt too */
+static int rsa_can_do( pk_type_t type )
+{
+ return( type == POLARSSL_PK_RSA );
+}
+
+#if defined(POLARSSL_RSA_C)
+static size_t rsa_get_size( const void *ctx )
+{
+ return( 8 * ((rsa_context *) ctx)->len );
+}
+
+static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
+ if( sig_len != ((rsa_context *) ctx)->len )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ return( rsa_pkcs1_verify( (rsa_context *) ctx, NULL, NULL,
+ RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, sig ) );
+}
+
+static int rsa_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ *sig_len = ((rsa_context *) ctx)->len;
+
+ return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE,
+ md_alg, (unsigned int) hash_len, hash, sig ) );
+}
+
+static int rsa_decrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ if( ilen != ((rsa_context *) ctx)->len )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ return( rsa_pkcs1_decrypt( (rsa_context *) ctx, f_rng, p_rng,
+ RSA_PRIVATE, olen, input, output, osize ) );
+}
+
+static int rsa_encrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ((void) osize);
+
+ *olen = ((rsa_context *) ctx)->len;
+
+ return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
+ f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
+}
+
+static void *rsa_alloc_wrap( void )
+{
+ void *ctx = polarssl_malloc( sizeof( rsa_context ) );
+
+ if( ctx != NULL )
+ rsa_init( (rsa_context *) ctx, 0, 0 );
+
+ return ctx;
+}
+
+static void rsa_free_wrap( void *ctx )
+{
+ rsa_free( (rsa_context *) ctx );
+ polarssl_free( ctx );
+}
+
+static void rsa_debug( const void *ctx, pk_debug_item *items )
+{
+ items->type = POLARSSL_PK_DEBUG_MPI;
+ items->name = "rsa.N";
+ items->value = &( ((rsa_context *) ctx)->N );
+
+ items++;
+
+ items->type = POLARSSL_PK_DEBUG_MPI;
+ items->name = "rsa.E";
+ items->value = &( ((rsa_context *) ctx)->E );
+}
+
+const pk_info_t rsa_info = {
+ POLARSSL_PK_RSA,
+ "RSA",
+ rsa_get_size,
+ rsa_can_do,
+ rsa_verify_wrap,
+ rsa_sign_wrap,
+ rsa_decrypt_wrap,
+ rsa_encrypt_wrap,
+ rsa_alloc_wrap,
+ rsa_free_wrap,
+ rsa_debug,
+};
+#endif /* POLARSSL_RSA_C */
+
+#if defined(POLARSSL_ECP_C)
+/*
+ * Generic EC key
+ */
+static int eckey_can_do( pk_type_t type )
+{
+ return( type == POLARSSL_PK_ECKEY ||
+ type == POLARSSL_PK_ECKEY_DH ||
+ type == POLARSSL_PK_ECDSA );
+}
+
+static size_t eckey_get_size( const void *ctx )
+{
+ return( ((ecp_keypair *) ctx)->grp.pbits );
+}
+
+#if defined(POLARSSL_ECDSA_C)
+/* Forward declarations */
+static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len );
+
+static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
+ int ret;
+ ecdsa_context ecdsa;
+
+ ecdsa_init( &ecdsa );
+
+ if( ( ret = ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
+ ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
+
+ ecdsa_free( &ecdsa );
+
+ return( ret );
+}
+
+static int eckey_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret;
+ ecdsa_context ecdsa;
+
+ ecdsa_init( &ecdsa );
+
+ if( ( ret = ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
+ ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
+ f_rng, p_rng );
+
+ ecdsa_free( &ecdsa );
+
+ return( ret );
+}
+
+#endif /* POLARSSL_ECDSA_C */
+
+static void *eckey_alloc_wrap( void )
+{
+ void *ctx = polarssl_malloc( sizeof( ecp_keypair ) );
+
+ if( ctx != NULL )
+ ecp_keypair_init( ctx );
+
+ return( ctx );
+}
+
+static void eckey_free_wrap( void *ctx )
+{
+ ecp_keypair_free( (ecp_keypair *) ctx );
+ polarssl_free( ctx );
+}
+
+static void eckey_debug( const void *ctx, pk_debug_item *items )
+{
+ items->type = POLARSSL_PK_DEBUG_ECP;
+ items->name = "eckey.Q";
+ items->value = &( ((ecp_keypair *) ctx)->Q );
+}
+
+const pk_info_t eckey_info = {
+ POLARSSL_PK_ECKEY,
+ "EC",
+ eckey_get_size,
+ eckey_can_do,
+#if defined(POLARSSL_ECDSA_C)
+ eckey_verify_wrap,
+ eckey_sign_wrap,
+#else
+ NULL,
+ NULL,
+#endif
+ NULL,
+ NULL,
+ eckey_alloc_wrap,
+ eckey_free_wrap,
+ eckey_debug,
+};
+
+/*
+ * EC key resticted to ECDH
+ */
+static int eckeydh_can_do( pk_type_t type )
+{
+ return( type == POLARSSL_PK_ECKEY ||
+ type == POLARSSL_PK_ECKEY_DH );
+}
+
+const pk_info_t eckeydh_info = {
+ POLARSSL_PK_ECKEY_DH,
+ "EC_DH",
+ eckey_get_size, /* Same underlying key structure */
+ eckeydh_can_do,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ eckey_alloc_wrap, /* Same underlying key structure */
+ eckey_free_wrap, /* Same underlying key structure */
+ eckey_debug, /* Same underlying key structure */
+};
+#endif /* POLARSSL_ECP_C */
+
+#if defined(POLARSSL_ECDSA_C)
+static int ecdsa_can_do( pk_type_t type )
+{
+ return( type == POLARSSL_PK_ECDSA );
+}
+
+static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
+ ((void) md_alg);
+
+ return( ecdsa_read_signature( (ecdsa_context *) ctx,
+ hash, hash_len, sig, sig_len ) );
+}
+
+static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ((void) md_alg);
+
+ return( ecdsa_write_signature( (ecdsa_context *) ctx,
+ hash, hash_len, sig, sig_len, f_rng, p_rng ) );
+}
+
+static void *ecdsa_alloc_wrap( void )
+{
+ void *ctx = polarssl_malloc( sizeof( ecdsa_context ) );
+
+ if( ctx != NULL )
+ ecdsa_init( (ecdsa_context *) ctx );
+
+ return( ctx );
+}
+
+static void ecdsa_free_wrap( void *ctx )
+{
+ ecdsa_free( (ecdsa_context *) ctx );
+ polarssl_free( ctx );
+}
+
+const pk_info_t ecdsa_info = {
+ POLARSSL_PK_ECDSA,
+ "ECDSA",
+ eckey_get_size, /* Compatible key structures */
+ ecdsa_can_do,
+ ecdsa_verify_wrap,
+ ecdsa_sign_wrap,
+ NULL,
+ NULL,
+ ecdsa_alloc_wrap,
+ ecdsa_free_wrap,
+ eckey_debug, /* Compatible key structures */
+};
+#endif /* POLARSSL_ECDSA_C */
+
+/*
+ * Support for alternative RSA-private implementations
+ */
+
+static size_t rsa_alt_get_size( const void *ctx )
+{
+ rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+
+ return( rsa_alt->key_len_func( rsa_alt->key ) );
+}
+
+static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+
+ *sig_len = rsa_alt->key_len_func( rsa_alt->key );
+
+ return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, RSA_PRIVATE,
+ md_alg, (unsigned int) hash_len, hash, sig ) );
+}
+
+static int rsa_alt_decrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+
+ ((void) f_rng);
+ ((void) p_rng);
+
+ if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ return( rsa_alt->decrypt_func( rsa_alt->key,
+ RSA_PRIVATE, olen, input, output, osize ) );
+}
+
+static void *rsa_alt_alloc_wrap( void )
+{
+ void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) );
+
+ if( ctx != NULL )
+ memset( ctx, 0, sizeof( rsa_alt_context ) );
+
+ return ctx;
+}
+
+static void rsa_alt_free_wrap( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+const pk_info_t rsa_alt_info = {
+ POLARSSL_PK_RSA_ALT,
+ "RSA-alt",
+ rsa_alt_get_size,
+ rsa_can_do,
+ NULL,
+ rsa_alt_sign_wrap,
+ rsa_alt_decrypt_wrap,
+ NULL,
+ rsa_alt_alloc_wrap,
+ rsa_alt_free_wrap,
+ NULL,
+};
+
+#endif /* POLARSSL_PK_C */
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#if defined(POLARSSL_PKCS11_C)
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
#include <stdlib.h>
-int pkcs11_x509_cert_init( x509_cert *cert, pkcs11h_certificate_t pkcs11_cert )
+int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
{
int ret = 1;
unsigned char *cert_blob = NULL;
goto cleanup;
}
- cert_blob = malloc( cert_blob_size );
+ cert_blob = polarssl_malloc( cert_blob_size );
if( NULL == cert_blob )
{
ret = 4;
goto cleanup;
}
- if( 0 != x509parse_crt(cert, cert_blob, cert_blob_size ) )
+ if( 0 != x509_crt_parse(cert, cert_blob, cert_blob_size ) )
{
ret = 6;
goto cleanup;
cleanup:
if( NULL != cert_blob )
- free( cert_blob );
+ polarssl_free( cert_blob );
return ret;
}
pkcs11h_certificate_t pkcs11_cert )
{
int ret = 1;
- x509_cert cert;
+ x509_crt cert;
- memset( &cert, 0, sizeof( cert ) );
+ x509_crt_init( &cert );
if( priv_key == NULL )
goto cleanup;
ret = 0;
cleanup:
- x509_free( &cert );
+ x509_crt_free( &cert );
return ret;
}
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
- unsigned int output_max_len )
+ size_t output_max_len )
{
size_t input_len, output_len;
--- /dev/null
+/*
+ * PKCS#12 Personal Information Exchange Syntax
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The PKCS #12 Personal Information Exchange Syntax Standard v1.1
+ *
+ * http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
+ * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_PKCS12_C)
+
+#include "polarssl/pkcs12.h"
+#include "polarssl/asn1.h"
+#include "polarssl/cipher.h"
+
+#if defined(POLARSSL_ARC4_C)
+#include "polarssl/arc4.h"
+#endif
+
+#if defined(POLARSSL_DES_C)
+#include "polarssl/des.h"
+#endif
+
+static int pkcs12_parse_pbe_params( asn1_buf *params,
+ asn1_buf *salt, int *iterations )
+{
+ int ret;
+ unsigned char **p = ¶ms->p;
+ const unsigned char *end = params->p + params->len;
+
+ /*
+ * pkcs-12PbeParams ::= SEQUENCE {
+ * salt OCTET STRING,
+ * iterations INTEGER
+ * }
+ *
+ */
+ if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
+ return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+
+ if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
+ return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
+
+ salt->p = *p;
+ *p += salt->len;
+
+ if( ( ret = asn1_get_int( p, end, iterations ) ) != 0 )
+ return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
+
+ if( *p != end )
+ return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen )
+{
+ int ret, iterations;
+ asn1_buf salt;
+ size_t i;
+ unsigned char unipwd[258];
+
+ memset(&salt, 0, sizeof(asn1_buf));
+ memset(&unipwd, 0, sizeof(unipwd));
+
+ if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt, &iterations ) ) != 0 )
+ return( ret );
+
+ for(i = 0; i < pwdlen; i++)
+ unipwd[i * 2 + 1] = pwd[i];
+
+ if( ( ret = pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
+ salt.p, salt.len, md_type,
+ PKCS12_DERIVE_KEY, iterations ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( iv == NULL || ivlen == 0 )
+ return( 0 );
+
+ if( ( ret = pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
+ salt.p, salt.len, md_type,
+ PKCS12_DERIVE_IV, iterations ) ) != 0 )
+ {
+ return( ret );
+ }
+ return( 0 );
+}
+
+int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output )
+{
+#if !defined(POLARSSL_ARC4_C)
+ ((void) pbe_params);
+ ((void) mode);
+ ((void) pwd);
+ ((void) pwdlen);
+ ((void) data);
+ ((void) len);
+ ((void) output);
+ return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
+#else
+ int ret;
+ unsigned char key[16];
+ arc4_context ctx;
+ ((void) mode);
+
+ if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, POLARSSL_MD_SHA1,
+ pwd, pwdlen,
+ key, 16, NULL, 0 ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ arc4_setup( &ctx, key, 16 );
+ if( ( ret = arc4_crypt( &ctx, len, data, output ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+#endif /* POLARSSL_ARC4_C */
+}
+
+int pkcs12_pbe( asn1_buf *pbe_params, int mode,
+ cipher_type_t cipher_type, md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output )
+{
+ int ret, keylen = 0;
+ unsigned char key[32];
+ unsigned char iv[16];
+ const cipher_info_t *cipher_info;
+ cipher_context_t cipher_ctx;
+ size_t olen = 0;
+
+ cipher_info = cipher_info_from_type( cipher_type );
+ if( cipher_info == NULL )
+ return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
+
+ keylen = cipher_info->key_length / 8;
+
+ if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
+ key, keylen,
+ iv, cipher_info->iv_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, mode ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_reset( &cipher_ctx ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_update( &cipher_ctx, data, len,
+ output, &olen ) ) != 0 )
+ {
+ goto exit;
+ }
+
+ if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
+ ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH;
+
+exit:
+ cipher_free_ctx( &cipher_ctx );
+
+ return( ret );
+}
+
+static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
+ const unsigned char *filler, size_t fill_len )
+{
+ unsigned char *p = data;
+ size_t use_len;
+
+ while( data_len > 0 )
+ {
+ use_len = ( data_len > fill_len ) ? fill_len : data_len;
+ memcpy( p, filler, use_len );
+ p += use_len;
+ data_len -= use_len;
+ }
+}
+
+int pkcs12_derivation( unsigned char *data, size_t datalen,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *salt, size_t saltlen,
+ md_type_t md_type, int id, int iterations )
+{
+ int ret;
+ unsigned int j;
+
+ unsigned char diversifier[128];
+ unsigned char salt_block[128], pwd_block[128], hash_block[128];
+ unsigned char hash_output[POLARSSL_MD_MAX_SIZE];
+ unsigned char *p;
+ unsigned char c;
+
+ size_t hlen, use_len, v, i;
+
+ const md_info_t *md_info;
+ md_context_t md_ctx;
+
+ // This version only allows max of 64 bytes of password or salt
+ if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
+ return( POLARSSL_ERR_PKCS12_BAD_INPUT_DATA );
+
+ md_info = md_info_from_type( md_type );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
+
+ if ( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ return( ret );
+ hlen = md_get_size( md_info );
+
+ if( hlen <= 32 )
+ v = 64;
+ else
+ v = 128;
+
+ memset( diversifier, (unsigned char) id, v );
+
+ pkcs12_fill_buffer( salt_block, v, salt, saltlen );
+ pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
+
+ p = data;
+ while( datalen > 0 )
+ {
+ // Calculate hash( diversifier || salt_block || pwd_block )
+ if( ( ret = md_starts( &md_ctx ) ) != 0 )
+ goto exit;
+
+ if( ( ret = md_update( &md_ctx, diversifier, v ) ) != 0 )
+ goto exit;
+
+ if( ( ret = md_update( &md_ctx, salt_block, v ) ) != 0 )
+ goto exit;
+
+ if( ( ret = md_update( &md_ctx, pwd_block, v ) ) != 0 )
+ goto exit;
+
+ if( ( ret = md_finish( &md_ctx, hash_output ) ) != 0 )
+ goto exit;
+
+ // Perform remaining ( iterations - 1 ) recursive hash calculations
+ for( i = 1; i < (size_t) iterations; i++ )
+ {
+ if( ( ret = md( md_info, hash_output, hlen, hash_output ) ) != 0 )
+ goto exit;
+ }
+
+ use_len = ( datalen > hlen ) ? hlen : datalen;
+ memcpy( p, hash_output, use_len );
+ datalen -= use_len;
+ p += use_len;
+
+ if( datalen == 0 )
+ break;
+
+ // Concatenating copies of hash_output into hash_block (B)
+ pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
+
+ // B += 1
+ for( i = v; i > 0; i-- )
+ if( ++hash_block[i - 1] != 0 )
+ break;
+
+ // salt_block += B
+ c = 0;
+ for( i = v; i > 0; i-- )
+ {
+ j = salt_block[i - 1] + hash_block[i - 1] + c;
+ c = (unsigned char) (j >> 8);
+ salt_block[i - 1] = j & 0xFF;
+ }
+
+ // pwd_block += B
+ c = 0;
+ for( i = v; i > 0; i-- )
+ {
+ j = pwd_block[i - 1] + hash_block[i - 1] + c;
+ c = (unsigned char) (j >> 8);
+ pwd_block[i - 1] = j & 0xFF;
+ }
+ }
+
+ ret = 0;
+
+exit:
+ md_free_ctx( &md_ctx );
+
+ return( ret );
+}
+
+#endif /* POLARSSL_PKCS12_C */
--- /dev/null
+/**
+ * \file pkcs5.c
+ *
+ * \brief PKCS#5 functions
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * PKCS#5 includes PBKDF2 and more
+ *
+ * http://tools.ietf.org/html/rfc2898 (Specification)
+ * http://tools.ietf.org/html/rfc6070 (Test vectors)
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_PKCS5_C)
+
+#include "polarssl/pkcs5.h"
+#include "polarssl/asn1.h"
+#include "polarssl/cipher.h"
+#include "polarssl/oid.h"
+
+static int pkcs5_parse_pbkdf2_params( asn1_buf *params,
+ asn1_buf *salt, int *iterations,
+ int *keylen, md_type_t *md_type )
+{
+ int ret;
+ asn1_buf prf_alg_oid;
+ unsigned char **p = ¶ms->p;
+ const unsigned char *end = params->p + params->len;
+
+ if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+ /*
+ * PBKDF2-params ::= SEQUENCE {
+ * salt OCTET STRING,
+ * iterationCount INTEGER,
+ * keyLength INTEGER OPTIONAL
+ * prf AlgorithmIdentifier DEFAULT algid-hmacWithSHA1
+ * }
+ *
+ */
+ if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
+
+ salt->p = *p;
+ *p += salt->len;
+
+ if( ( ret = asn1_get_int( p, end, iterations ) ) != 0 )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
+
+ if( *p == end )
+ return( 0 );
+
+ if( ( ret = asn1_get_int( p, end, keylen ) ) != 0 )
+ {
+ if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
+ }
+
+ if( *p == end )
+ return( 0 );
+
+ if( ( ret = asn1_get_alg_null( p, end, &prf_alg_oid ) ) != 0 )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
+
+ if( !OID_CMP( OID_HMAC_SHA1, &prf_alg_oid ) )
+ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+ *md_type = POLARSSL_MD_SHA1;
+
+ if( *p != end )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output )
+{
+ int ret, iterations = 0, keylen = 0;
+ unsigned char *p, *end;
+ asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
+ asn1_buf salt;
+ md_type_t md_type = POLARSSL_MD_SHA1;
+ unsigned char key[32], iv[32];
+ size_t olen = 0;
+ const md_info_t *md_info;
+ const cipher_info_t *cipher_info;
+ md_context_t md_ctx;
+ cipher_type_t cipher_alg;
+ cipher_context_t cipher_ctx;
+
+ p = pbe_params->p;
+ end = p + pbe_params->len;
+
+ memset( &md_ctx, 0, sizeof(md_context_t) );
+ memset( &cipher_ctx, 0, sizeof(cipher_context_t) );
+
+ /*
+ * PBES2-params ::= SEQUENCE {
+ * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+ * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
+ * }
+ */
+ if( pbe_params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+
+ if( ( ret = asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
+
+ // Only PBKDF2 supported at the moment
+ //
+ if( !OID_CMP( OID_PKCS5_PBKDF2, &kdf_alg_oid ) )
+ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+ if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
+ &salt, &iterations, &keylen,
+ &md_type ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ md_info = md_info_from_type( md_type );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+ if( ( ret = asn1_get_alg( &p, end, &enc_scheme_oid, &enc_scheme_params ) ) != 0 )
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
+
+ if ( oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
+ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+ cipher_info = cipher_info_from_type( cipher_alg );
+ if( cipher_info == NULL )
+ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+ keylen = cipher_info->key_length / 8;
+
+ if( enc_scheme_params.tag != ASN1_OCTET_STRING ||
+ enc_scheme_params.len != cipher_info->iv_size )
+ {
+ return( POLARSSL_ERR_PKCS5_INVALID_FORMAT );
+ }
+
+ memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
+
+ if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ goto exit;
+
+ if ( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
+ iterations, keylen, key ) ) != 0 )
+ {
+ goto exit;
+ }
+
+ if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, mode ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_set_iv( &cipher_ctx, iv, enc_scheme_params.len ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_reset( &cipher_ctx ) ) != 0 )
+ goto exit;
+
+ if( ( ret = cipher_update( &cipher_ctx, data, datalen,
+ output, &olen ) ) != 0 )
+ {
+ goto exit;
+ }
+
+ if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
+ ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
+
+exit:
+ md_free_ctx( &md_ctx );
+ cipher_free_ctx( &cipher_ctx );
+
+ return( ret );
+}
+
+int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output )
+{
+ int ret, j;
+ unsigned int i;
+ unsigned char md1[POLARSSL_MD_MAX_SIZE];
+ unsigned char work[POLARSSL_MD_MAX_SIZE];
+ unsigned char md_size = md_get_size( ctx->md_info );
+ size_t use_len;
+ unsigned char *out_p = output;
+ unsigned char counter[4];
+
+ memset( counter, 0, 4 );
+ counter[3] = 1;
+
+ if( iteration_count > 0xFFFFFFFF )
+ return( POLARSSL_ERR_PKCS5_BAD_INPUT_DATA );
+
+ while( key_length )
+ {
+ // U1 ends up in work
+ //
+ if( ( ret = md_hmac_starts( ctx, password, plen ) ) != 0 )
+ return( ret );
+
+ if( ( ret = md_hmac_update( ctx, salt, slen ) ) != 0 )
+ return( ret );
+
+ if( ( ret = md_hmac_update( ctx, counter, 4 ) ) != 0 )
+ return( ret );
+
+ if( ( ret = md_hmac_finish( ctx, work ) ) != 0 )
+ return( ret );
+
+ memcpy( md1, work, md_size );
+
+ for ( i = 1; i < iteration_count; i++ )
+ {
+ // U2 ends up in md1
+ //
+ if( ( ret = md_hmac_starts( ctx, password, plen ) ) != 0 )
+ return( ret );
+
+ if( ( ret = md_hmac_update( ctx, md1, md_size ) ) != 0 )
+ return( ret );
+
+ if( ( ret = md_hmac_finish( ctx, md1 ) ) != 0 )
+ return( ret );
+
+ // U1 xor U2
+ //
+ for( j = 0; j < md_size; j++ )
+ work[j] ^= md1[j];
+ }
+
+ use_len = ( key_length < md_size ) ? key_length : md_size;
+ memcpy( out_p, work, use_len );
+
+ key_length -= (uint32_t) use_len;
+ out_p += use_len;
+
+ for( i = 4; i > 0; i-- )
+ if( ++counter[i - 1] != 0 )
+ break;
+ }
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_SELF_TEST)
+
+#include <stdio.h>
+
+#define MAX_TESTS 6
+
+size_t plen[MAX_TESTS] =
+ { 8, 8, 8, 8, 24, 9 };
+
+unsigned char password[MAX_TESTS][32] =
+{
+ "password",
+ "password",
+ "password",
+ "password",
+ "passwordPASSWORDpassword",
+ "pass\0word",
+};
+
+size_t slen[MAX_TESTS] =
+ { 4, 4, 4, 4, 36, 5 };
+
+unsigned char salt[MAX_TESTS][40] =
+{
+ "salt",
+ "salt",
+ "salt",
+ "salt",
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+ "sa\0lt",
+};
+
+uint32_t it_cnt[MAX_TESTS] =
+ { 1, 2, 4096, 16777216, 4096, 4096 };
+
+uint32_t key_len[MAX_TESTS] =
+ { 20, 20, 20, 20, 25, 16 };
+
+
+unsigned char result_key[MAX_TESTS][32] =
+{
+ { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
+ 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
+ 0x2f, 0xe0, 0x37, 0xa6 },
+ { 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
+ 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
+ 0xd8, 0xde, 0x89, 0x57 },
+ { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
+ 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
+ 0x65, 0xa4, 0x29, 0xc1 },
+ { 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
+ 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
+ 0x26, 0x34, 0xe9, 0x84 },
+ { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
+ 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
+ 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
+ 0x38 },
+ { 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
+ 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 },
+};
+
+int pkcs5_self_test( int verbose )
+{
+ md_context_t sha1_ctx;
+ const md_info_t *info_sha1;
+ int ret, i;
+ unsigned char key[64];
+
+ info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 );
+ if( info_sha1 == NULL )
+ return( 1 );
+
+ if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
+ return( 1 );
+
+ for( i = 0; i < MAX_TESTS; i++ )
+ {
+ printf( " PBKDF2 (SHA1) #%d: ", i );
+
+ ret = pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
+ slen[i], it_cnt[i], key_len[i], key );
+ if( ret != 0 ||
+ memcmp( result_key[i], key, key_len[i] ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n" );
+ }
+
+ printf( "\n" );
+
+ if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 )
+ return( 1 );
+
+ return( 0 );
+}
+
+#endif /* POLARSSL_SELF_TEST */
+
+#endif /* POLARSSL_PKCS5_C */
--- /dev/null
+/*
+ * Public Key layer for parsing key files and structures
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_PK_PARSE_C)
+
+#include "polarssl/pk.h"
+#include "polarssl/asn1.h"
+#include "polarssl/oid.h"
+
+#if defined(POLARSSL_RSA_C)
+#include "polarssl/rsa.h"
+#endif
+#if defined(POLARSSL_ECP_C)
+#include "polarssl/ecp.h"
+#endif
+#if defined(POLARSSL_ECDSA_C)
+#include "polarssl/ecdsa.h"
+#endif
+#if defined(POLARSSL_PEM_PARSE_C)
+#include "polarssl/pem.h"
+#endif
+#if defined(POLARSSL_PKCS5_C)
+#include "polarssl/pkcs5.h"
+#endif
+#if defined(POLARSSL_PKCS12_C)
+#include "polarssl/pkcs12.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#include <stdlib.h>
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#if defined(POLARSSL_FS_IO)
+/*
+ * Load all data from a file into a given buffer.
+ */
+static int load_file( const char *path, unsigned char **buf, size_t *n )
+{
+ FILE *f;
+ long size;
+
+ if( ( f = fopen( path, "rb" ) ) == NULL )
+ return( POLARSSL_ERR_PK_FILE_IO_ERROR );
+
+ fseek( f, 0, SEEK_END );
+ if( ( size = ftell( f ) ) == -1 )
+ {
+ fclose( f );
+ return( POLARSSL_ERR_PK_FILE_IO_ERROR );
+ }
+ fseek( f, 0, SEEK_SET );
+
+ *n = (size_t) size;
+
+ if( *n + 1 == 0 ||
+ ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
+ {
+ fclose( f );
+ return( POLARSSL_ERR_PK_MALLOC_FAILED );
+ }
+
+ if( fread( *buf, 1, *n, f ) != *n )
+ {
+ fclose( f );
+ polarssl_free( *buf );
+ return( POLARSSL_ERR_PK_FILE_IO_ERROR );
+ }
+
+ fclose( f );
+
+ (*buf)[*n] = '\0';
+
+ return( 0 );
+}
+
+/*
+ * Load and parse a private key
+ */
+int pk_parse_keyfile( pk_context *ctx,
+ const char *path, const char *pwd )
+{
+ int ret;
+ size_t n;
+ unsigned char *buf;
+
+ if ( (ret = load_file( path, &buf, &n ) ) != 0 )
+ return( ret );
+
+ if( pwd == NULL )
+ ret = pk_parse_key( ctx, buf, n, NULL, 0 );
+ else
+ ret = pk_parse_key( ctx, buf, n,
+ (const unsigned char *) pwd, strlen( pwd ) );
+
+ memset( buf, 0, n + 1 );
+ polarssl_free( buf );
+
+ return( ret );
+}
+
+/*
+ * Load and parse a public key
+ */
+int pk_parse_public_keyfile( pk_context *ctx, const char *path )
+{
+ int ret;
+ size_t n;
+ unsigned char *buf;
+
+ if ( (ret = load_file( path, &buf, &n ) ) != 0 )
+ return( ret );
+
+ ret = pk_parse_public_key( ctx, buf, n );
+
+ memset( buf, 0, n + 1 );
+ polarssl_free( buf );
+
+ return( ret );
+}
+#endif /* POLARSSL_FS_IO */
+
+#if defined(POLARSSL_ECP_C)
+/* Get an EC group id from an ECParameters buffer
+ *
+ * ECParameters ::= CHOICE {
+ * namedCurve OBJECT IDENTIFIER
+ * -- implicitCurve NULL
+ * -- specifiedCurve SpecifiedECDomain
+ * }
+ */
+static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
+ asn1_buf *params )
+{
+ int ret;
+
+ params->tag = **p;
+
+ if( ( ret = asn1_get_tag( p, end, ¶ms->len, ASN1_OID ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ params->p = *p;
+ *p += params->len;
+
+ if( *p != end )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
+ * Use EC parameters to initialise an EC group
+ */
+static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp )
+{
+ int ret;
+ ecp_group_id grp_id;
+
+ if( oid_get_ec_grp( params, &grp_id ) != 0 )
+ return( POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE );
+
+ /*
+ * grp may already be initilialized; if so, make sure IDs match
+ */
+ if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
+
+ if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+/*
+ * EC public key is an EC point
+ */
+static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
+ ecp_keypair *key )
+{
+ int ret;
+
+ if( ( ret = ecp_point_read_binary( &key->grp, &key->Q,
+ (const unsigned char *) *p, end - *p ) ) != 0 ||
+ ( ret = ecp_check_pubkey( &key->grp, &key->Q ) ) != 0 )
+ {
+ ecp_keypair_free( key );
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY );
+ }
+
+ /*
+ * We know ecp_point_read_binary consumed all bytes
+ */
+ *p = (unsigned char *) end;
+
+ return( 0 );
+}
+#endif /* POLARSSL_ECP_C */
+
+#if defined(POLARSSL_RSA_C)
+/*
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER -- e
+ * }
+ */
+static int pk_get_rsapubkey( unsigned char **p,
+ const unsigned char *end,
+ rsa_context *rsa )
+{
+ int ret;
+ size_t len;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
+
+ if( *p + len != end )
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
+ ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
+
+ if( *p != end )
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY );
+
+ rsa->len = mpi_size( &rsa->N );
+
+ return( 0 );
+}
+#endif /* POLARSSL_RSA_C */
+
+/* Get a PK algorithm identifier
+ *
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL }
+ */
+static int pk_get_pk_alg( unsigned char **p,
+ const unsigned char *end,
+ pk_type_t *pk_alg, asn1_buf *params )
+{
+ int ret;
+ asn1_buf alg_oid;
+
+ memset( params, 0, sizeof(asn1_buf) );
+
+ if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
+ return( POLARSSL_ERR_PK_INVALID_ALG + ret );
+
+ if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ /*
+ * No parameters with RSA (only for EC)
+ */
+ if( *pk_alg == POLARSSL_PK_RSA &&
+ ( ( params->tag != ASN1_NULL && params->tag != 0 ) ||
+ params->len != 0 ) )
+ {
+ return( POLARSSL_ERR_PK_INVALID_ALG );
+ }
+
+ return( 0 );
+}
+
+/*
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ */
+int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+ pk_context *pk )
+{
+ int ret;
+ size_t len;
+ asn1_buf alg_params;
+ pk_type_t pk_alg = POLARSSL_PK_NONE;
+ const pk_info_t *pk_info;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ end = *p + len;
+
+ if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
+ return( ret );
+
+ if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
+
+ if( *p + len != end )
+ return( POLARSSL_ERR_PK_INVALID_PUBKEY +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
+ return( ret );
+
+#if defined(POLARSSL_RSA_C)
+ if( pk_alg == POLARSSL_PK_RSA )
+ {
+ ret = pk_get_rsapubkey( p, end, pk_rsa( *pk ) );
+ } else
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECP_C)
+ if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY )
+ {
+ ret = pk_use_ecparams( &alg_params, &pk_ec( *pk )->grp );
+ if( ret == 0 )
+ ret = pk_get_ecpubkey( p, end, pk_ec( *pk ) );
+ } else
+#endif /* POLARSSL_ECP_C */
+ ret = POLARSSL_ERR_PK_UNKNOWN_PK_ALG;
+
+ if( ret == 0 && *p != end )
+ ret = POLARSSL_ERR_PK_INVALID_PUBKEY
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
+
+ if( ret != 0 )
+ pk_free( pk );
+
+ return( ret );
+}
+
+#if defined(POLARSSL_RSA_C)
+/*
+ * Parse a PKCS#1 encoded private RSA key
+ */
+static int pk_parse_key_pkcs1_der( rsa_context *rsa,
+ const unsigned char *key,
+ size_t keylen )
+{
+ int ret;
+ size_t len;
+ unsigned char *p, *end;
+
+ p = (unsigned char *) key;
+ end = p + keylen;
+
+ /*
+ * This function parses the RSAPrivateKey (PKCS#1)
+ *
+ * RSAPrivateKey ::= SEQUENCE {
+ * version Version,
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER, -- (inverse of q) mod p
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL
+ * }
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ end = p + len;
+
+ if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
+ {
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ if( rsa->ver != 0 )
+ {
+ return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
+ }
+
+ if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
+ ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
+ {
+ rsa_free( rsa );
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ rsa->len = mpi_size( &rsa->N );
+
+ if( p != end )
+ {
+ rsa_free( rsa );
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
+ {
+ rsa_free( rsa );
+ return( ret );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_RSA_C */
+
+#if defined(POLARSSL_ECP_C)
+/*
+ * Parse a SEC1 encoded private EC key
+ */
+static int pk_parse_key_sec1_der( ecp_keypair *eck,
+ const unsigned char *key,
+ size_t keylen )
+{
+ int ret;
+ int version;
+ size_t len;
+ asn1_buf params;
+ unsigned char *p = (unsigned char *) key;
+ unsigned char *end = p + keylen;
+ unsigned char *end2;
+
+ /*
+ * RFC 5915, or SEC1 Appendix C.4
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ end = p + len;
+
+ if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( version != 1 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
+
+ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 )
+ {
+ ecp_keypair_free( eck );
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ p += len;
+
+ /*
+ * Is 'parameters' present?
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
+ {
+ if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
+ ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
+ {
+ ecp_keypair_free( eck );
+ return( ret );
+ }
+ }
+ else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ {
+ ecp_keypair_free( eck );
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ /*
+ * Is 'publickey' present? If not, create it from the private key.
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
+ {
+ end2 = p + len;
+
+ if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( p + len != end2 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) != 0 )
+ return( ret );
+ }
+ else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ {
+ ecp_keypair_free( eck );
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+ else if( ( ret = ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
+ NULL, NULL ) ) != 0 )
+ {
+ ecp_keypair_free( eck );
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
+ {
+ ecp_keypair_free( eck );
+ return( ret );
+ }
+
+ return 0;
+}
+#endif /* POLARSSL_ECP_C */
+
+/*
+ * Parse an unencrypted PKCS#8 encoded private key
+ */
+static int pk_parse_key_pkcs8_unencrypted_der(
+ pk_context *pk,
+ const unsigned char* key,
+ size_t keylen )
+{
+ int ret, version;
+ size_t len;
+ asn1_buf params;
+ unsigned char *p = (unsigned char *) key;
+ unsigned char *end = p + keylen;
+ pk_type_t pk_alg = POLARSSL_PK_NONE;
+ const pk_info_t *pk_info;
+
+ /*
+ * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
+ *
+ * PrivateKeyInfo ::= SEQUENCE {
+ * version Version,
+ * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ * privateKey PrivateKey,
+ * attributes [0] IMPLICIT Attributes OPTIONAL }
+ *
+ * Version ::= INTEGER
+ * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+ * PrivateKey ::= OCTET STRING
+ *
+ * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
+ */
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ end = p + len;
+
+ if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( version != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret );
+
+ if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( len < 1 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
+ return( ret );
+
+#if defined(POLARSSL_RSA_C)
+ if( pk_alg == POLARSSL_PK_RSA )
+ {
+ if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 )
+ {
+ pk_free( pk );
+ return( ret );
+ }
+ } else
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECP_C)
+ if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH )
+ {
+ if( ( ret = pk_use_ecparams( ¶ms, &pk_ec( *pk )->grp ) ) != 0 ||
+ ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 )
+ {
+ pk_free( pk );
+ return( ret );
+ }
+ } else
+#endif /* POLARSSL_ECP_C */
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ return 0;
+}
+
+/*
+ * Parse an encrypted PKCS#8 encoded private key
+ */
+static int pk_parse_key_pkcs8_encrypted_der(
+ pk_context *pk,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen )
+{
+ int ret;
+ size_t len;
+ unsigned char buf[2048];
+ unsigned char *p, *end;
+ asn1_buf pbe_alg_oid, pbe_params;
+#if defined(POLARSSL_PKCS12_C)
+ cipher_type_t cipher_alg;
+ md_type_t md_alg;
+#endif
+
+ memset( buf, 0, sizeof( buf ) );
+
+ p = (unsigned char *) key;
+ end = p + keylen;
+
+ if( pwdlen == 0 )
+ return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
+
+ /*
+ * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
+ *
+ * EncryptedPrivateKeyInfo ::= SEQUENCE {
+ * encryptionAlgorithm EncryptionAlgorithmIdentifier,
+ * encryptedData EncryptedData
+ * }
+ *
+ * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * EncryptedData ::= OCTET STRING
+ *
+ * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ end = p + len;
+
+ if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( len > sizeof( buf ) )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ /*
+ * Decrypt EncryptedData with appropriate PDE
+ */
+#if defined(POLARSSL_PKCS12_C)
+ if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
+ {
+ if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
+ cipher_alg, md_alg,
+ pwd, pwdlen, p, len, buf ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
+ return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
+
+ return( ret );
+ }
+ }
+ else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
+ {
+ if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
+ PKCS12_PBE_DECRYPT,
+ pwd, pwdlen,
+ p, len, buf ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ // Best guess for password mismatch when using RC4. If first tag is
+ // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
+ //
+ if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
+ return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
+ }
+ else
+#endif /* POLARSSL_PKCS12_C */
+#if defined(POLARSSL_PKCS5_C)
+ if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
+ {
+ if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
+ p, len, buf ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH )
+ return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
+
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_PKCS5_C */
+ {
+ ((void) pwd);
+ return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+ }
+
+ return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
+}
+
+/*
+ * Parse a private key
+ */
+int pk_parse_key( pk_context *pk,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen )
+{
+ int ret;
+ const pk_info_t *pk_info;
+
+#if defined(POLARSSL_PEM_PARSE_C)
+ size_t len;
+ pem_context pem;
+
+ pem_init( &pem );
+
+#if defined(POLARSSL_RSA_C)
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN RSA PRIVATE KEY-----",
+ "-----END RSA PRIVATE KEY-----",
+ key, pwd, pwdlen, &len );
+ if( ret == 0 )
+ {
+ if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
+ ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ),
+ pem.buf, pem.buflen ) ) != 0 )
+ {
+ pk_free( pk );
+ }
+
+ pem_free( &pem );
+ return( ret );
+ }
+ else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
+ return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
+ else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
+ return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ return( ret );
+#endif /* POLARSSL_RSA_C */
+
+#if defined(POLARSSL_ECP_C)
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN EC PRIVATE KEY-----",
+ "-----END EC PRIVATE KEY-----",
+ key, pwd, pwdlen, &len );
+ if( ret == 0 )
+ {
+ if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
+ ( ret = pk_parse_key_sec1_der( pk_ec( *pk ),
+ pem.buf, pem.buflen ) ) != 0 )
+ {
+ pk_free( pk );
+ }
+
+ pem_free( &pem );
+ return( ret );
+ }
+ else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
+ return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
+ else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
+ return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ return( ret );
+#endif /* POLARSSL_ECP_C */
+
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN PRIVATE KEY-----",
+ "-----END PRIVATE KEY-----",
+ key, NULL, 0, &len );
+ if( ret == 0 )
+ {
+ if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
+ pem.buf, pem.buflen ) ) != 0 )
+ {
+ pk_free( pk );
+ }
+
+ pem_free( &pem );
+ return( ret );
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ return( ret );
+
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+ "-----END ENCRYPTED PRIVATE KEY-----",
+ key, NULL, 0, &len );
+ if( ret == 0 )
+ {
+ if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
+ pem.buf, pem.buflen,
+ pwd, pwdlen ) ) != 0 )
+ {
+ pk_free( pk );
+ }
+
+ pem_free( &pem );
+ return( ret );
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ return( ret );
+#else
+ ((void) pwd);
+ ((void) pwdlen);
+#endif /* POLARSSL_PEM_PARSE_C */
+
+ /*
+ * At this point we only know it's not a PEM formatted key. Could be any
+ * of the known DER encoded private key formats
+ *
+ * We try the different DER format parsers to see if one passes without
+ * error
+ */
+ if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
+ pwd, pwdlen ) ) == 0 )
+ {
+ return( 0 );
+ }
+
+ pk_free( pk );
+
+ if( ret == POLARSSL_ERR_PK_PASSWORD_MISMATCH )
+ {
+ return( ret );
+ }
+
+ if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
+ return( 0 );
+
+ pk_free( pk );
+
+#if defined(POLARSSL_RSA_C)
+ if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
+ ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 )
+ {
+ return( 0 );
+ }
+
+ pk_free( pk );
+#endif /* POLARSSL_RSA_C */
+
+#if defined(POLARSSL_ECP_C)
+ if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
+ return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
+
+ if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
+ ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 )
+ {
+ return( 0 );
+ }
+
+ pk_free( pk );
+#endif /* POLARSSL_ECP_C */
+
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
+}
+
+/*
+ * Parse a public key
+ */
+int pk_parse_public_key( pk_context *ctx,
+ const unsigned char *key, size_t keylen )
+{
+ int ret;
+ unsigned char *p;
+#if defined(POLARSSL_PEM_PARSE_C)
+ size_t len;
+ pem_context pem;
+
+ pem_init( &pem );
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN PUBLIC KEY-----",
+ "-----END PUBLIC KEY-----",
+ key, NULL, 0, &len );
+
+ if( ret == 0 )
+ {
+ /*
+ * Was PEM encoded
+ */
+ key = pem.buf;
+ keylen = pem.buflen;
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ {
+ pem_free( &pem );
+ return( ret );
+ }
+#endif
+ p = (unsigned char *) key;
+
+ ret = pk_parse_subpubkey( &p, p + keylen, ctx );
+
+#if defined(POLARSSL_PEM_PARSE_C)
+ pem_free( &pem );
+#endif
+
+ return( ret );
+}
+
+#endif /* POLARSSL_PK_PARSE_C */
--- /dev/null
+/*
+ * Public Key layer for writing key files and structures
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_PK_WRITE_C)
+
+#include "polarssl/pk.h"
+#include "polarssl/asn1write.h"
+#include "polarssl/oid.h"
+
+#if defined(POLARSSL_RSA_C)
+#include "polarssl/rsa.h"
+#endif
+#if defined(POLARSSL_ECP_C)
+#include "polarssl/ecp.h"
+#endif
+#if defined(POLARSSL_ECDSA_C)
+#include "polarssl/ecdsa.h"
+#endif
+#if defined(POLARSSL_PEM_WRITE_C)
+#include "polarssl/pem.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#include <stdlib.h>
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#if defined(POLARSSL_RSA_C)
+/*
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER -- e
+ * }
+ */
+static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
+ rsa_context *rsa )
+{
+ int ret;
+ size_t len = 0;
+
+ ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->E ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->N ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return( (int) len );
+}
+#endif /* POLARSSL_RSA_C */
+
+#if defined(POLARSSL_ECP_C)
+/*
+ * EC public key is an EC point
+ */
+static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
+ ecp_keypair *ec )
+{
+ int ret;
+ size_t len = 0;
+ unsigned char buf[POLARSSL_ECP_MAX_PT_LEN];
+
+ if( ( ret = ecp_point_write_binary( &ec->grp, &ec->Q,
+ POLARSSL_ECP_PF_UNCOMPRESSED,
+ &len, buf, sizeof( buf ) ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( *p - start < (int) len )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ *p -= len;
+ memcpy( *p, buf, len );
+
+ return( (int) len );
+}
+
+/*
+ * ECParameters ::= CHOICE {
+ * namedCurve OBJECT IDENTIFIER
+ * }
+ */
+static int pk_write_ec_param( unsigned char **p, unsigned char *start,
+ ecp_keypair *ec )
+{
+ int ret;
+ size_t len = 0;
+ const char *oid;
+ size_t oid_len;
+
+ if( ( ret = oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
+ return( ret );
+
+ ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) );
+
+ return( (int) len );
+}
+#endif /* POLARSSL_ECP_C */
+
+int pk_write_pubkey( unsigned char **p, unsigned char *start,
+ const pk_context *key )
+{
+ int ret;
+ size_t len = 0;
+
+#if defined(POLARSSL_RSA_C)
+ if( pk_get_type( key ) == POLARSSL_PK_RSA )
+ ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, pk_rsa( *key ) ) );
+ else
+#endif
+#if defined(POLARSSL_ECP_C)
+ if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
+ ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, pk_ec( *key ) ) );
+ else
+#endif
+ return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+
+ return( (int) len );
+}
+
+int pk_write_pubkey_der( pk_context *key, unsigned char *buf, size_t size )
+{
+ int ret;
+ unsigned char *c;
+ size_t len = 0, par_len = 0, oid_len;
+ const char *oid;
+
+ c = buf + size;
+
+ ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, key ) );
+
+ if( c - buf < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ /*
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ */
+ *--c = 0;
+ len += 1;
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
+
+ if( ( ret = oid_get_oid_by_pk_alg( pk_get_type( key ),
+ &oid, &oid_len ) ) != 0 )
+ {
+ return( ret );
+ }
+
+#if defined(POLARSSL_ECP_C)
+ if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
+ {
+ ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, pk_ec( *key ) ) );
+ }
+#endif
+
+ ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
+ par_len ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return( (int) len );
+}
+
+int pk_write_key_der( pk_context *key, unsigned char *buf, size_t size )
+{
+ int ret;
+ unsigned char *c = buf + size;
+ size_t len = 0;
+
+#if defined(POLARSSL_RSA_C)
+ if( pk_get_type( key ) == POLARSSL_PK_RSA )
+ {
+ rsa_context *rsa = pk_rsa( *key );
+
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
+ ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ }
+ else
+#endif
+#if defined(POLARSSL_ECP_C)
+ if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
+ {
+ ecp_keypair *ec = pk_ec( *key );
+ size_t pub_len = 0, par_len = 0;
+
+ /*
+ * RFC 5915, or SEC1 Appendix C.4
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ */
+
+ /* publicKey */
+ ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
+
+ if( c - buf < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+ *--c = 0;
+ pub_len += 1;
+
+ ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) );
+ ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
+
+ ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) );
+ ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) );
+ len += pub_len;
+
+ /* parameters */
+ ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
+
+ ASN1_CHK_ADD( par_len, asn1_write_len( &c, buf, par_len ) );
+ ASN1_CHK_ADD( par_len, asn1_write_tag( &c, buf,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) );
+ len += par_len;
+
+ /* privateKey: write as MPI then fix tag */
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &ec->d ) );
+ *c = ASN1_OCTET_STRING;
+
+ /* version */
+ ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 1 ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ }
+ else
+#endif
+ return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+
+ return( (int) len );
+}
+
+#if defined(POLARSSL_PEM_WRITE_C)
+
+#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
+#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
+
+#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
+#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
+
+int pk_write_pubkey_pem( pk_context *key, unsigned char *buf, size_t size )
+{
+ int ret;
+ unsigned char output_buf[4096];
+ size_t olen = 0;
+
+ if( ( ret = pk_write_pubkey_der( key, output_buf,
+ sizeof(output_buf) ) ) < 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
+ output_buf + sizeof(output_buf) - ret,
+ ret, buf, size, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+int pk_write_key_pem( pk_context *key, unsigned char *buf, size_t size )
+{
+ int ret;
+ unsigned char output_buf[4096];
+ const char *begin, *end;
+ size_t olen = 0;
+
+ if( ( ret = pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
+ return( ret );
+
+#if defined(POLARSSL_RSA_C)
+ if( pk_get_type( key ) == POLARSSL_PK_RSA )
+ {
+ begin = PEM_BEGIN_PRIVATE_KEY_RSA;
+ end = PEM_END_PRIVATE_KEY_RSA;
+ }
+ else
+#endif
+#if defined(POLARSSL_ECP_C)
+ if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
+ {
+ begin = PEM_BEGIN_PRIVATE_KEY_EC;
+ end = PEM_END_PRIVATE_KEY_EC;
+ }
+ else
+#endif
+ return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+
+ if( ( ret = pem_write_buffer( begin, end,
+ output_buf + sizeof(output_buf) - ret,
+ ret, buf, size, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_PEM_WRITE_C */
+
+#endif /* POLARSSL_PK_WRITE_C */
--- /dev/null
+/*
+ * The RSA public-key cryptosystem
+ *
+ * Copyright (C) 2006-2011, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * RSA was designed by Ron Rivest, Adi Shamir and Len Adleman.
+ *
+ * http://theory.lcs.mit.edu/~rivest/rsapaper.pdf
+ * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_RSA_C)
+
+#include "polarssl/rsa.h"
+#include "polarssl/oid.h"
+
+#if defined(POLARSSL_PKCS1_V21)
+#include "polarssl/md.h"
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/*
+ * Initialize an RSA context
+ */
+void rsa_init( rsa_context *ctx,
+ int padding,
+ int hash_id )
+{
+ memset( ctx, 0, sizeof( rsa_context ) );
+
+ ctx->padding = padding;
+ ctx->hash_id = hash_id;
+
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_init( &ctx->mutex );
+#endif
+}
+
+#if defined(POLARSSL_GENPRIME)
+
+/*
+ * Generate an RSA keypair
+ */
+int rsa_gen_key( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ unsigned int nbits, int exponent )
+{
+ int ret;
+ mpi P1, Q1, H, G;
+
+ if( f_rng == NULL || nbits < 128 || exponent < 3 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
+
+ /*
+ * find primes P and Q with Q < P so that:
+ * GCD( E, (P-1)*(Q-1) ) == 1
+ */
+ MPI_CHK( mpi_lset( &ctx->E, exponent ) );
+
+ do
+ {
+ MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
+ f_rng, p_rng ) );
+
+ MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
+ f_rng, p_rng ) );
+
+ if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
+ mpi_swap( &ctx->P, &ctx->Q );
+
+ if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
+ continue;
+
+ MPI_CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
+ if( mpi_msb( &ctx->N ) != nbits )
+ continue;
+
+ MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
+ MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+ MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
+ MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
+ }
+ while( mpi_cmp_int( &G, 1 ) != 0 );
+
+ /*
+ * D = E^-1 mod ((P-1)*(Q-1))
+ * DP = D mod (P - 1)
+ * DQ = D mod (Q - 1)
+ * QP = Q^-1 mod P
+ */
+ MPI_CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
+ MPI_CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
+
+ ctx->len = ( mpi_msb( &ctx->N ) + 7 ) >> 3;
+
+cleanup:
+
+ mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
+
+ if( ret != 0 )
+ {
+ rsa_free( ctx );
+ return( POLARSSL_ERR_RSA_KEY_GEN_FAILED + ret );
+ }
+
+ return( 0 );
+}
+
+#endif
+
+/*
+ * Check a public RSA key
+ */
+int rsa_check_pubkey( const rsa_context *ctx )
+{
+ if( !ctx->N.p || !ctx->E.p )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
+ if( ( ctx->N.p[0] & 1 ) == 0 ||
+ ( ctx->E.p[0] & 1 ) == 0 )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
+ if( mpi_msb( &ctx->N ) < 128 ||
+ mpi_msb( &ctx->N ) > POLARSSL_MPI_MAX_BITS )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
+ if( mpi_msb( &ctx->E ) < 2 ||
+ mpi_msb( &ctx->E ) > 64 )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
+ return( 0 );
+}
+
+/*
+ * Check a private RSA key
+ */
+int rsa_check_privkey( const rsa_context *ctx )
+{
+ int ret;
+ mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
+
+ if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
+ return( ret );
+
+ if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
+ mpi_init( &PQ ); mpi_init( &DE ); mpi_init( &P1 ); mpi_init( &Q1 );
+ mpi_init( &H ); mpi_init( &I ); mpi_init( &G ); mpi_init( &G2 );
+ mpi_init( &L1 ); mpi_init( &L2 ); mpi_init( &DP ); mpi_init( &DQ );
+ mpi_init( &QP );
+
+ MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
+ MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
+ MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
+ MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+ MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
+ MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
+
+ MPI_CHK( mpi_gcd( &G2, &P1, &Q1 ) );
+ MPI_CHK( mpi_div_mpi( &L1, &L2, &H, &G2 ) );
+ MPI_CHK( mpi_mod_mpi( &I, &DE, &L1 ) );
+
+ MPI_CHK( mpi_mod_mpi( &DP, &ctx->D, &P1 ) );
+ MPI_CHK( mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) );
+ MPI_CHK( mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) );
+ /*
+ * Check for a valid PKCS1v2 private key
+ */
+ if( mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
+ mpi_cmp_mpi( &DP, &ctx->DP ) != 0 ||
+ mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 ||
+ mpi_cmp_mpi( &QP, &ctx->QP ) != 0 ||
+ mpi_cmp_int( &L2, 0 ) != 0 ||
+ mpi_cmp_int( &I, 1 ) != 0 ||
+ mpi_cmp_int( &G, 1 ) != 0 )
+ {
+ ret = POLARSSL_ERR_RSA_KEY_CHECK_FAILED;
+ }
+
+cleanup:
+ mpi_free( &PQ ); mpi_free( &DE ); mpi_free( &P1 ); mpi_free( &Q1 );
+ mpi_free( &H ); mpi_free( &I ); mpi_free( &G ); mpi_free( &G2 );
+ mpi_free( &L1 ); mpi_free( &L2 ); mpi_free( &DP ); mpi_free( &DQ );
+ mpi_free( &QP );
+
+ if( ret == POLARSSL_ERR_RSA_KEY_CHECK_FAILED )
+ return( ret );
+
+ if( ret != 0 )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED + ret );
+
+ return( 0 );
+}
+
+/*
+ * Do an RSA public key operation
+ */
+int rsa_public( rsa_context *ctx,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int ret;
+ size_t olen;
+ mpi T;
+
+ mpi_init( &T );
+
+ MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
+
+ if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
+ {
+ mpi_free( &T );
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ }
+
+ olen = ctx->len;
+ MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
+ MPI_CHK( mpi_write_binary( &T, output, olen ) );
+
+cleanup:
+
+ mpi_free( &T );
+
+ if( ret != 0 )
+ return( POLARSSL_ERR_RSA_PUBLIC_FAILED + ret );
+
+ return( 0 );
+}
+
+#if !defined(POLARSSL_RSA_NO_CRT)
+/*
+ * Generate or update blinding values, see section 10 of:
+ * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
+ * DSS, and other systems. In : Advances in Cryptology—CRYPTO’96. Springer
+ * Berlin Heidelberg, 1996. p. 104-113.
+ */
+static int rsa_prepare_blinding( rsa_context *ctx, mpi *Vi, mpi *Vf,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret, count = 0;
+
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_lock( &ctx->mutex );
+#endif
+
+ if( ctx->Vf.p != NULL )
+ {
+ /* We already have blinding values, just update them by squaring */
+ MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+ MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
+
+ goto done;
+ }
+
+ /* Unblinding value: Vf = random number, invertible mod N */
+ do {
+ if( count++ > 10 )
+ return( POLARSSL_ERR_RSA_RNG_FAILED );
+
+ MPI_CHK( mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
+ MPI_CHK( mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) );
+ } while( mpi_cmp_int( &ctx->Vi, 1 ) != 0 );
+
+ /* Blinding value: Vi = Vf^(-e) mod N */
+ MPI_CHK( mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
+ MPI_CHK( mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
+
+done:
+ if( Vi != &ctx->Vi )
+ {
+ MPI_CHK( mpi_copy( Vi, &ctx->Vi ) );
+ MPI_CHK( mpi_copy( Vf, &ctx->Vf ) );
+ }
+
+cleanup:
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_unlock( &ctx->mutex );
+#endif
+
+ return( ret );
+}
+#endif
+
+/*
+ * Do an RSA private key operation
+ */
+int rsa_private( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int ret;
+ size_t olen;
+ mpi T, T1, T2;
+#if !defined(POLARSSL_RSA_NO_CRT)
+ mpi *Vi, *Vf;
+
+ /*
+ * When using the Chinese Remainder Theorem, we use blinding values.
+ * Without threading, we just read them directly from the context,
+ * otherwise we make a local copy in order to reduce locking contention.
+ */
+#if defined(POLARSSL_THREADING_C)
+ mpi Vi_copy, Vf_copy;
+
+ mpi_init( &Vi_copy ); mpi_init( &Vf_copy );
+ Vi = &Vi_copy;
+ Vf = &Vf_copy;
+#else
+ Vi = &ctx->Vi;
+ Vf = &ctx->Vf;
+#endif
+#endif
+
+ mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
+
+ MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
+ if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
+ {
+ mpi_free( &T );
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ }
+
+#if defined(POLARSSL_RSA_NO_CRT)
+ ((void) f_rng);
+ ((void) p_rng);
+ MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
+#else
+ if( f_rng != NULL )
+ {
+ /*
+ * Blinding
+ * T = T * Vi mod N
+ */
+ MPI_CHK( rsa_prepare_blinding( ctx, Vi, Vf, f_rng, p_rng ) );
+ MPI_CHK( mpi_mul_mpi( &T, &T, Vi ) );
+ MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
+ }
+
+ /*
+ * faster decryption using the CRT
+ *
+ * T1 = input ^ dP mod P
+ * T2 = input ^ dQ mod Q
+ */
+ MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
+ MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
+
+ /*
+ * T = (T1 - T2) * (Q^-1 mod P) mod P
+ */
+ MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
+ MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
+ MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
+
+ /*
+ * T = T2 + T * Q
+ */
+ MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
+ MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
+
+ if( f_rng != NULL )
+ {
+ /*
+ * Unblind
+ * T = T * Vf mod N
+ */
+ MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) );
+ MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
+ }
+#endif
+
+ olen = ctx->len;
+ MPI_CHK( mpi_write_binary( &T, output, olen ) );
+
+cleanup:
+ mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
+#if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C)
+ mpi_free( &Vi_copy ); mpi_free( &Vf_copy );
+#endif
+
+ if( ret != 0 )
+ return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_PKCS1_V21)
+/**
+ * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
+ *
+ * \param dst buffer to mask
+ * \param dlen length of destination buffer
+ * \param src source of the mask generation
+ * \param slen length of the source buffer
+ * \param md_ctx message digest context to use
+ */
+static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
+ size_t slen, md_context_t *md_ctx )
+{
+ unsigned char mask[POLARSSL_MD_MAX_SIZE];
+ unsigned char counter[4];
+ unsigned char *p;
+ unsigned int hlen;
+ size_t i, use_len;
+
+ memset( mask, 0, POLARSSL_MD_MAX_SIZE );
+ memset( counter, 0, 4 );
+
+ hlen = md_ctx->md_info->size;
+
+ // Generate and apply dbMask
+ //
+ p = dst;
+
+ while( dlen > 0 )
+ {
+ use_len = hlen;
+ if( dlen < hlen )
+ use_len = dlen;
+
+ md_starts( md_ctx );
+ md_update( md_ctx, src, slen );
+ md_update( md_ctx, counter, 4 );
+ md_finish( md_ctx, mask );
+
+ for( i = 0; i < use_len; ++i )
+ *p++ ^= mask[i];
+
+ counter[3]++;
+
+ dlen -= use_len;
+ }
+}
+#endif
+
+#if defined(POLARSSL_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
+ */
+int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ size_t olen;
+ int ret;
+ unsigned char *p = output;
+ unsigned int hlen;
+ const md_info_t *md_info;
+ md_context_t md_ctx;
+
+ if( ctx->padding != RSA_PKCS_V21 || f_rng == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ md_info = md_info_from_type( ctx->hash_id );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ olen = ctx->len;
+ hlen = md_get_size( md_info );
+
+ if( olen < ilen + 2 * hlen + 2 || f_rng == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ memset( output, 0, olen );
+
+ *p++ = 0;
+
+ // Generate a random octet string seed
+ //
+ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
+ return( POLARSSL_ERR_RSA_RNG_FAILED + ret );
+
+ p += hlen;
+
+ // Construct DB
+ //
+ md( md_info, label, label_len, p );
+ p += hlen;
+ p += olen - 2 * hlen - 2 - ilen;
+ *p++ = 1;
+ memcpy( p, input, ilen );
+
+ md_init_ctx( &md_ctx, md_info );
+
+ // maskedDB: Apply dbMask to DB
+ //
+ mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
+ &md_ctx );
+
+ // maskedSeed: Apply seedMask to seed
+ //
+ mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
+ &md_ctx );
+
+ md_free_ctx( &md_ctx );
+
+ return( ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, output, output )
+ : rsa_private( ctx, f_rng, p_rng, output, output ) );
+}
+#endif /* POLARSSL_PKCS1_V21 */
+
+#if defined(POLARSSL_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
+ */
+int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ size_t nb_pad, olen;
+ int ret;
+ unsigned char *p = output;
+
+ if( ctx->padding != RSA_PKCS_V15 || f_rng == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ olen = ctx->len;
+
+ if( olen < ilen + 11 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ nb_pad = olen - 3 - ilen;
+
+ *p++ = 0;
+ if( mode == RSA_PUBLIC )
+ {
+ *p++ = RSA_CRYPT;
+
+ while( nb_pad-- > 0 )
+ {
+ int rng_dl = 100;
+
+ do {
+ ret = f_rng( p_rng, p, 1 );
+ } while( *p == 0 && --rng_dl && ret == 0 );
+
+ // Check if RNG failed to generate data
+ //
+ if( rng_dl == 0 || ret != 0)
+ return POLARSSL_ERR_RSA_RNG_FAILED + ret;
+
+ p++;
+ }
+ }
+ else
+ {
+ *p++ = RSA_SIGN;
+
+ while( nb_pad-- > 0 )
+ *p++ = 0xFF;
+ }
+
+ *p++ = 0;
+ memcpy( p, input, ilen );
+
+ return( ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, output, output )
+ : rsa_private( ctx, f_rng, p_rng, output, output ) );
+}
+#endif /* POLARSSL_PKCS1_V15 */
+
+/*
+ * Add the message padding, then do an RSA operation
+ */
+int rsa_pkcs1_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ switch( ctx->padding )
+ {
+#if defined(POLARSSL_PKCS1_V15)
+ case RSA_PKCS_V15:
+ return rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
+ input, output );
+#endif
+
+#if defined(POLARSSL_PKCS1_V21)
+ case RSA_PKCS_V21:
+ return rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+ ilen, input, output );
+#endif
+
+ default:
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ }
+}
+
+#if defined(POLARSSL_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
+ */
+int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len )
+{
+ int ret;
+ size_t ilen;
+ unsigned char *p;
+ unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+ unsigned char lhash[POLARSSL_MD_MAX_SIZE];
+ unsigned int hlen;
+ const md_info_t *md_info;
+ md_context_t md_ctx;
+
+ if( ctx->padding != RSA_PKCS_V21 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ ilen = ctx->len;
+
+ if( ilen < 16 || ilen > sizeof( buf ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ ret = ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, input, buf )
+ : rsa_private( ctx, f_rng, p_rng, input, buf );
+
+ if( ret != 0 )
+ return( ret );
+
+ p = buf;
+
+ if( *p++ != 0 )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+
+ md_info = md_info_from_type( ctx->hash_id );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ hlen = md_get_size( md_info );
+
+ md_init_ctx( &md_ctx, md_info );
+
+ // Generate lHash
+ //
+ md( md_info, label, label_len, lhash );
+
+ // seed: Apply seedMask to maskedSeed
+ //
+ mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
+ &md_ctx );
+
+ // DB: Apply dbMask to maskedDB
+ //
+ mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
+ &md_ctx );
+
+ p += hlen;
+ md_free_ctx( &md_ctx );
+
+ // Check validity
+ //
+ if( memcmp( lhash, p, hlen ) != 0 )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+
+ p += hlen;
+
+ while( *p == 0 && p < buf + ilen )
+ p++;
+
+ if( p == buf + ilen )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+
+ if( *p++ != 0x01 )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+
+ if (ilen - (p - buf) > output_max_len)
+ return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
+
+ *olen = ilen - (p - buf);
+ memcpy( output, p, *olen );
+
+ return( 0 );
+}
+#endif /* POLARSSL_PKCS1_V21 */
+
+#if defined(POLARSSL_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
+ */
+int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len)
+{
+ int ret, correct = 1;
+ size_t ilen, pad_count = 0;
+ unsigned char *p, *q;
+ unsigned char bt;
+ unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+
+ if( ctx->padding != RSA_PKCS_V15 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ ilen = ctx->len;
+
+ if( ilen < 16 || ilen > sizeof( buf ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ ret = ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, input, buf )
+ : rsa_private( ctx, f_rng, p_rng, input, buf );
+
+ if( ret != 0 )
+ return( ret );
+
+ p = buf;
+
+ if( *p++ != 0 )
+ correct = 0;
+
+ bt = *p++;
+ if( ( bt != RSA_CRYPT && mode == RSA_PRIVATE ) ||
+ ( bt != RSA_SIGN && mode == RSA_PUBLIC ) )
+ {
+ correct = 0;
+ }
+
+ if( bt == RSA_CRYPT )
+ {
+ while( *p != 0 && p < buf + ilen - 1 )
+ pad_count += ( *p++ != 0 );
+
+ correct &= ( *p == 0 && p < buf + ilen - 1 );
+
+ q = p;
+
+ // Also pass over all other bytes to reduce timing differences
+ //
+ while ( q < buf + ilen - 1 )
+ pad_count += ( *q++ != 0 );
+
+ // Prevent compiler optimization of pad_count
+ //
+ correct |= pad_count & 0x100000; /* Always 0 unless 1M bit keys */
+ p++;
+ }
+ else
+ {
+ while( *p == 0xFF && p < buf + ilen - 1 )
+ pad_count += ( *p++ == 0xFF );
+
+ correct &= ( *p == 0 && p < buf + ilen - 1 );
+
+ q = p;
+
+ // Also pass over all other bytes to reduce timing differences
+ //
+ while ( q < buf + ilen - 1 )
+ pad_count += ( *q++ != 0 );
+
+ // Prevent compiler optimization of pad_count
+ //
+ correct |= pad_count & 0x100000; /* Always 0 unless 1M bit keys */
+ p++;
+ }
+
+ if( correct == 0 )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+
+ if (ilen - (p - buf) > output_max_len)
+ return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
+
+ *olen = ilen - (p - buf);
+ memcpy( output, p, *olen );
+
+ return( 0 );
+}
+#endif /* POLARSSL_PKCS1_V15 */
+
+/*
+ * Do an RSA operation, then remove the message padding
+ */
+int rsa_pkcs1_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len)
+{
+ switch( ctx->padding )
+ {
+#if defined(POLARSSL_PKCS1_V15)
+ case RSA_PKCS_V15:
+ return rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
+ input, output, output_max_len );
+#endif
+
+#if defined(POLARSSL_PKCS1_V21)
+ case RSA_PKCS_V21:
+ return rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+ olen, input, output,
+ output_max_len );
+#endif
+
+ default:
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ }
+}
+
+#if defined(POLARSSL_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
+ */
+int rsa_rsassa_pss_sign( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig )
+{
+ size_t olen;
+ unsigned char *p = sig;
+ unsigned char salt[POLARSSL_MD_MAX_SIZE];
+ unsigned int slen, hlen, offset = 0;
+ int ret;
+ size_t msb;
+ const md_info_t *md_info;
+ md_context_t md_ctx;
+
+ if( ctx->padding != RSA_PKCS_V21 || f_rng == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ olen = ctx->len;
+
+ if( md_alg != POLARSSL_MD_NONE )
+ {
+ // Gather length of hash to sign
+ //
+ md_info = md_info_from_type( md_alg );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ hashlen = md_get_size( md_info );
+ }
+
+ md_info = md_info_from_type( ctx->hash_id );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ hlen = md_get_size( md_info );
+ slen = hlen;
+
+ if( olen < hlen + slen + 2 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ memset( sig, 0, olen );
+
+ msb = mpi_msb( &ctx->N ) - 1;
+
+ // Generate salt of length slen
+ //
+ if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
+ return( POLARSSL_ERR_RSA_RNG_FAILED + ret );
+
+ // Note: EMSA-PSS encoding is over the length of N - 1 bits
+ //
+ msb = mpi_msb( &ctx->N ) - 1;
+ p += olen - hlen * 2 - 2;
+ *p++ = 0x01;
+ memcpy( p, salt, slen );
+ p += slen;
+
+ md_init_ctx( &md_ctx, md_info );
+
+ // Generate H = Hash( M' )
+ //
+ md_starts( &md_ctx );
+ md_update( &md_ctx, p, 8 );
+ md_update( &md_ctx, hash, hashlen );
+ md_update( &md_ctx, salt, slen );
+ md_finish( &md_ctx, p );
+
+ // Compensate for boundary condition when applying mask
+ //
+ if( msb % 8 == 0 )
+ offset = 1;
+
+ // maskedDB: Apply dbMask to DB
+ //
+ mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
+
+ md_free_ctx( &md_ctx );
+
+ msb = mpi_msb( &ctx->N ) - 1;
+ sig[0] &= 0xFF >> ( olen * 8 - msb );
+
+ p += hlen;
+ *p++ = 0xBC;
+
+ return( ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, sig, sig )
+ : rsa_private( ctx, f_rng, p_rng, sig, sig ) );
+}
+#endif /* POLARSSL_PKCS1_V21 */
+
+#if defined(POLARSSL_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function
+ */
+/*
+ * Do an RSA operation to sign the message digest
+ */
+int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig )
+{
+ size_t nb_pad, olen, oid_size = 0;
+ unsigned char *p = sig;
+ const char *oid;
+
+ if( ctx->padding != RSA_PKCS_V15 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ olen = ctx->len;
+ nb_pad = olen - 3;
+
+ if( md_alg != POLARSSL_MD_NONE )
+ {
+ const md_info_t *md_info = md_info_from_type( md_alg );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ if( oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ nb_pad -= 10 + oid_size;
+
+ hashlen = md_get_size( md_info );
+ }
+
+ nb_pad -= hashlen;
+
+ if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ *p++ = 0;
+ *p++ = RSA_SIGN;
+ memset( p, 0xFF, nb_pad );
+ p += nb_pad;
+ *p++ = 0;
+
+ if( md_alg == POLARSSL_MD_NONE )
+ {
+ memcpy( p, hash, hashlen );
+ }
+ else
+ {
+ /*
+ * DigestInfo ::= SEQUENCE {
+ * digestAlgorithm DigestAlgorithmIdentifier,
+ * digest Digest }
+ *
+ * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * Digest ::= OCTET STRING
+ */
+ *p++ = ASN1_SEQUENCE | ASN1_CONSTRUCTED;
+ *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
+ *p++ = ASN1_SEQUENCE | ASN1_CONSTRUCTED;
+ *p++ = (unsigned char) ( 0x04 + oid_size );
+ *p++ = ASN1_OID;
+ *p++ = oid_size & 0xFF;
+ memcpy( p, oid, oid_size );
+ p += oid_size;
+ *p++ = ASN1_NULL;
+ *p++ = 0x00;
+ *p++ = ASN1_OCTET_STRING;
+ *p++ = hashlen;
+ memcpy( p, hash, hashlen );
+ }
+
+ return( ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, sig, sig )
+ : rsa_private( ctx, f_rng, p_rng, sig, sig ) );
+}
+#endif /* POLARSSL_PKCS1_V15 */
+
+/*
+ * Do an RSA operation to sign the message digest
+ */
+int rsa_pkcs1_sign( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig )
+{
+ switch( ctx->padding )
+ {
+#if defined(POLARSSL_PKCS1_V15)
+ case RSA_PKCS_V15:
+ return rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig );
+#endif
+
+#if defined(POLARSSL_PKCS1_V21)
+ case RSA_PKCS_V21:
+ return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig );
+#endif
+
+ default:
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ }
+}
+
+#if defined(POLARSSL_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
+ */
+int rsa_rsassa_pss_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig )
+{
+ int ret;
+ size_t siglen;
+ unsigned char *p;
+ unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+ unsigned char result[POLARSSL_MD_MAX_SIZE];
+ unsigned char zeros[8];
+ unsigned int hlen;
+ size_t slen, msb;
+ const md_info_t *md_info;
+ md_context_t md_ctx;
+
+ if( ctx->padding != RSA_PKCS_V21 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ siglen = ctx->len;
+
+ if( siglen < 16 || siglen > sizeof( buf ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ ret = ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, sig, buf )
+ : rsa_private( ctx, f_rng, p_rng, sig, buf );
+
+ if( ret != 0 )
+ return( ret );
+
+ p = buf;
+
+ if( buf[siglen - 1] != 0xBC )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+
+ if( md_alg != POLARSSL_MD_NONE )
+ {
+ // Gather length of hash to sign
+ //
+ md_info = md_info_from_type( md_alg );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ hashlen = md_get_size( md_info );
+ }
+
+ md_info = md_info_from_type( ctx->hash_id );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ hlen = md_get_size( md_info );
+ slen = siglen - hlen - 1;
+
+ memset( zeros, 0, 8 );
+
+ // Note: EMSA-PSS verification is over the length of N - 1 bits
+ //
+ msb = mpi_msb( &ctx->N ) - 1;
+
+ // Compensate for boundary condition when applying mask
+ //
+ if( msb % 8 == 0 )
+ {
+ p++;
+ siglen -= 1;
+ }
+ if( buf[0] >> ( 8 - siglen * 8 + msb ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ md_init_ctx( &md_ctx, md_info );
+
+ mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
+
+ buf[0] &= 0xFF >> ( siglen * 8 - msb );
+
+ while( *p == 0 && p < buf + siglen )
+ p++;
+
+ if( p == buf + siglen ||
+ *p++ != 0x01 )
+ {
+ md_free_ctx( &md_ctx );
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ }
+
+ slen -= p - buf;
+
+ // Generate H = Hash( M' )
+ //
+ md_starts( &md_ctx );
+ md_update( &md_ctx, zeros, 8 );
+ md_update( &md_ctx, hash, hashlen );
+ md_update( &md_ctx, p, slen );
+ md_finish( &md_ctx, result );
+
+ md_free_ctx( &md_ctx );
+
+ if( memcmp( p + slen, result, hlen ) == 0 )
+ return( 0 );
+ else
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+}
+#endif /* POLARSSL_PKCS1_V21 */
+
+#if defined(POLARSSL_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
+ */
+int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig )
+{
+ int ret;
+ size_t len, siglen, asn1_len;
+ unsigned char *p, *end;
+ unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+ md_type_t msg_md_alg;
+ const md_info_t *md_info;
+ asn1_buf oid;
+
+ if( ctx->padding != RSA_PKCS_V15 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ siglen = ctx->len;
+
+ if( siglen < 16 || siglen > sizeof( buf ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ ret = ( mode == RSA_PUBLIC )
+ ? rsa_public( ctx, sig, buf )
+ : rsa_private( ctx, f_rng, p_rng, sig, buf );
+
+ if( ret != 0 )
+ return( ret );
+
+ p = buf;
+
+ if( *p++ != 0 || *p++ != RSA_SIGN )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+
+ while( *p != 0 )
+ {
+ if( p >= buf + siglen - 1 || *p != 0xFF )
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ p++;
+ }
+ p++;
+
+ len = siglen - ( p - buf );
+
+ if( len == hashlen && md_alg == POLARSSL_MD_NONE )
+ {
+ if( memcmp( p, hash, hashlen ) == 0 )
+ return( 0 );
+ else
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+ }
+
+ md_info = md_info_from_type( md_alg );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ hashlen = md_get_size( md_info );
+
+ end = p + len;
+
+ // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
+ //
+ if( ( ret = asn1_get_tag( &p, end, &asn1_len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( asn1_len + 2 != len )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( ( ret = asn1_get_tag( &p, end, &asn1_len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( asn1_len + 6 + hashlen != len )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( ( ret = asn1_get_tag( &p, end, &oid.len, ASN1_OID ) ) != 0 )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ oid.p = p;
+ p += oid.len;
+
+ if( oid_get_md_alg( &oid, &msg_md_alg ) != 0 )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( md_alg != msg_md_alg )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ /*
+ * assume the algorithm parameters must be NULL
+ */
+ if( ( ret = asn1_get_tag( &p, end, &asn1_len, ASN1_NULL ) ) != 0 )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( ( ret = asn1_get_tag( &p, end, &asn1_len, ASN1_OCTET_STRING ) ) != 0 )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( asn1_len != hashlen )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ if( memcmp( p, hash, hashlen ) != 0 )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ p += hashlen;
+
+ if( p != end )
+ return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+ return( 0 );
+}
+#endif /* POLARSSL_PKCS1_V15 */
+
+/*
+ * Do an RSA operation and check the message digest
+ */
+int rsa_pkcs1_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig )
+{
+ switch( ctx->padding )
+ {
+#if defined(POLARSSL_PKCS1_V15)
+ case RSA_PKCS_V15:
+ return rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig );
+#endif
+
+#if defined(POLARSSL_PKCS1_V21)
+ case RSA_PKCS_V21:
+ return rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig );
+#endif
+
+ default:
+ return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ }
+}
+
+/*
+ * Copy the components of an RSA key
+ */
+int rsa_copy( rsa_context *dst, const rsa_context *src )
+{
+ int ret;
+
+ dst->ver = src->ver;
+ dst->len = src->len;
+
+ MPI_CHK( mpi_copy( &dst->N, &src->N ) );
+ MPI_CHK( mpi_copy( &dst->E, &src->E ) );
+
+ MPI_CHK( mpi_copy( &dst->D, &src->D ) );
+ MPI_CHK( mpi_copy( &dst->P, &src->P ) );
+ MPI_CHK( mpi_copy( &dst->Q, &src->Q ) );
+ MPI_CHK( mpi_copy( &dst->DP, &src->DP ) );
+ MPI_CHK( mpi_copy( &dst->DQ, &src->DQ ) );
+ MPI_CHK( mpi_copy( &dst->QP, &src->QP ) );
+
+ MPI_CHK( mpi_copy( &dst->RN, &src->RN ) );
+ MPI_CHK( mpi_copy( &dst->RP, &src->RP ) );
+ MPI_CHK( mpi_copy( &dst->RQ, &src->RQ ) );
+
+#if !defined(POLARSSL_RSA_NO_CRT)
+ MPI_CHK( mpi_copy( &dst->Vi, &src->Vi ) );
+ MPI_CHK( mpi_copy( &dst->Vf, &src->Vf ) );
+#endif
+
+ dst->padding = src->padding;
+ dst->hash_id = src->padding;
+
+cleanup:
+ if( ret != 0 )
+ rsa_free( dst );
+
+ return( ret );
+}
+
+/*
+ * Free the components of an RSA key
+ */
+void rsa_free( rsa_context *ctx )
+{
+#if !defined(POLARSSL_RSA_NO_CRT)
+ mpi_free( &ctx->Vi ); mpi_free( &ctx->Vf );
+#endif
+ mpi_free( &ctx->RQ ); mpi_free( &ctx->RP ); mpi_free( &ctx->RN );
+ mpi_free( &ctx->QP ); mpi_free( &ctx->DQ ); mpi_free( &ctx->DP );
+ mpi_free( &ctx->Q ); mpi_free( &ctx->P ); mpi_free( &ctx->D );
+ mpi_free( &ctx->E ); mpi_free( &ctx->N );
+
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_free( &ctx->mutex );
+#endif
+}
+
+#if defined(POLARSSL_SELF_TEST)
+
+#include "polarssl/sha1.h"
+
+/*
+ * Example RSA-1024 keypair, for test purposes
+ */
+#define KEY_LEN 128
+
+#define RSA_N "9292758453063D803DD603D5E777D788" \
+ "8ED1D5BF35786190FA2F23EBC0848AEA" \
+ "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
+ "7130B9CED7ACDF54CFC7555AC14EEBAB" \
+ "93A89813FBF3C4F8066D2D800F7C38A8" \
+ "1AE31942917403FF4946B0A83D3D3E05" \
+ "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
+ "5E94BB77B07507233A0BC7BAC8F90F79"
+
+#define RSA_E "10001"
+
+#define RSA_D "24BF6185468786FDD303083D25E64EFC" \
+ "66CA472BC44D253102F8B4A9D3BFA750" \
+ "91386C0077937FE33FA3252D28855837" \
+ "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
+ "DF79C5CE07EE72C7F123142198164234" \
+ "CABB724CF78B8173B9F880FC86322407" \
+ "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
+ "071513A1E85B5DFA031F21ECAE91A34D"
+
+#define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
+ "2C01CAD19EA484A87EA4377637E75500" \
+ "FCB2005C5C7DD6EC4AC023CDA285D796" \
+ "C3D9E75E1EFC42488BB4F1D13AC30A57"
+
+#define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
+ "E211C2B9E5DB1ED0BF61D0D9899620F4" \
+ "910E4168387E3C30AA1E00C339A79508" \
+ "8452DD96A9A5EA5D9DCA68DA636032AF"
+
+#define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \
+ "3C94D22288ACD763FD8E5600ED4A702D" \
+ "F84198A5F06C2E72236AE490C93F07F8" \
+ "3CC559CD27BC2D1CA488811730BB5725"
+
+#define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \
+ "D8AAEA56749EA28623272E4F7D0592AF" \
+ "7C1F1313CAC9471B5C523BFE592F517B" \
+ "407A1BD76C164B93DA2D32A383E58357"
+
+#define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \
+ "F38D18D2B2F0E2DD275AA977E2BF4411" \
+ "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
+ "A74206CEC169D74BF5A8C50D6F48EA08"
+
+#define PT_LEN 24
+#define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
+ "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
+
+#if defined(POLARSSL_PCKS1_V15)
+static int myrand( void *rng_state, unsigned char *output, size_t len )
+{
+ size_t i;
+
+ if( rng_state != NULL )
+ rng_state = NULL;
+
+ for( i = 0; i < len; ++i )
+ output[i] = rand();
+
+ return( 0 );
+}
+#endif
+
+/*
+ * Checkup routine
+ */
+int rsa_self_test( int verbose )
+{
+#if defined(POLARSSL_PCKS1_V15)
+ size_t len;
+ rsa_context rsa;
+ unsigned char rsa_plaintext[PT_LEN];
+ unsigned char rsa_decrypted[PT_LEN];
+ unsigned char rsa_ciphertext[KEY_LEN];
+#if defined(POLARSSL_SHA1_C)
+ unsigned char sha1sum[20];
+#endif
+
+ rsa_init( &rsa, RSA_PKCS_V15, 0 );
+
+ rsa.len = KEY_LEN;
+ mpi_read_string( &rsa.N , 16, RSA_N );
+ mpi_read_string( &rsa.E , 16, RSA_E );
+ mpi_read_string( &rsa.D , 16, RSA_D );
+ mpi_read_string( &rsa.P , 16, RSA_P );
+ mpi_read_string( &rsa.Q , 16, RSA_Q );
+ mpi_read_string( &rsa.DP, 16, RSA_DP );
+ mpi_read_string( &rsa.DQ, 16, RSA_DQ );
+ mpi_read_string( &rsa.QP, 16, RSA_QP );
+
+ if( verbose != 0 )
+ printf( " RSA key validation: " );
+
+ if( rsa_check_pubkey( &rsa ) != 0 ||
+ rsa_check_privkey( &rsa ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n PKCS#1 encryption : " );
+
+ memcpy( rsa_plaintext, RSA_PT, PT_LEN );
+
+ if( rsa_pkcs1_encrypt( &rsa, myrand, NULL, RSA_PUBLIC, PT_LEN,
+ rsa_plaintext, rsa_ciphertext ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n PKCS#1 decryption : " );
+
+ if( rsa_pkcs1_decrypt( &rsa, myrand, NULL, RSA_PRIVATE, &len,
+ rsa_ciphertext, rsa_decrypted,
+ sizeof(rsa_decrypted) ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+#if defined(POLARSSL_SHA1_C)
+ if( verbose != 0 )
+ printf( "passed\n PKCS#1 data sign : " );
+
+ sha1( rsa_plaintext, PT_LEN, sha1sum );
+
+ if( rsa_pkcs1_sign( &rsa, myrand, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1, 0,
+ sha1sum, rsa_ciphertext ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n PKCS#1 sig. verify: " );
+
+ if( rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, POLARSSL_MD_SHA1, 0,
+ sha1sum, rsa_ciphertext ) != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n\n" );
+#endif /* POLARSSL_SHA1_C */
+
+ rsa_free( &rsa );
+#else /* POLARSSL_PKCS1_V15 */
+ ((void) verbose);
+#endif /* POLARSSL_PKCS1_V15 */
+ return( 0 );
+}
+
+#endif
+
+#endif
/*
* FIPS-180-1 compliant SHA-1 implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include <stdio.h>
#endif
+#if !defined(POLARSSL_SHA1_ALT)
+
/*
* 32-bit integer manipulation macros (big endian)
*/
-#ifndef GET_ULONG_BE
-#define GET_ULONG_BE(n,b,i) \
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
- | ( (unsigned long) (b)[(i) + 1] << 16 ) \
- | ( (unsigned long) (b)[(i) + 2] << 8 ) \
- | ( (unsigned long) (b)[(i) + 3] ); \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
-#ifndef PUT_ULONG_BE
-#define PUT_ULONG_BE(n,b,i) \
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
ctx->state[4] = 0xC3D2E1F0;
}
-static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
+void sha1_process( sha1_context *ctx, const unsigned char data[64] )
{
- unsigned long temp, W[16], A, B, C, D, E;
-
- GET_ULONG_BE( W[ 0], data, 0 );
- GET_ULONG_BE( W[ 1], data, 4 );
- GET_ULONG_BE( W[ 2], data, 8 );
- GET_ULONG_BE( W[ 3], data, 12 );
- GET_ULONG_BE( W[ 4], data, 16 );
- GET_ULONG_BE( W[ 5], data, 20 );
- GET_ULONG_BE( W[ 6], data, 24 );
- GET_ULONG_BE( W[ 7], data, 28 );
- GET_ULONG_BE( W[ 8], data, 32 );
- GET_ULONG_BE( W[ 9], data, 36 );
- GET_ULONG_BE( W[10], data, 40 );
- GET_ULONG_BE( W[11], data, 44 );
- GET_ULONG_BE( W[12], data, 48 );
- GET_ULONG_BE( W[13], data, 52 );
- GET_ULONG_BE( W[14], data, 56 );
- GET_ULONG_BE( W[15], data, 60 );
+ uint32_t temp, W[16], A, B, C, D, E;
+
+ GET_UINT32_BE( W[ 0], data, 0 );
+ GET_UINT32_BE( W[ 1], data, 4 );
+ GET_UINT32_BE( W[ 2], data, 8 );
+ GET_UINT32_BE( W[ 3], data, 12 );
+ GET_UINT32_BE( W[ 4], data, 16 );
+ GET_UINT32_BE( W[ 5], data, 20 );
+ GET_UINT32_BE( W[ 6], data, 24 );
+ GET_UINT32_BE( W[ 7], data, 28 );
+ GET_UINT32_BE( W[ 8], data, 32 );
+ GET_UINT32_BE( W[ 9], data, 36 );
+ GET_UINT32_BE( W[10], data, 40 );
+ GET_UINT32_BE( W[11], data, 44 );
+ GET_UINT32_BE( W[12], data, 48 );
+ GET_UINT32_BE( W[13], data, 52 );
+ GET_UINT32_BE( W[14], data, 56 );
+ GET_UINT32_BE( W[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
{
size_t fill;
- unsigned long left;
+ uint32_t left;
if( ilen <= 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
- ctx->total[0] += (unsigned long) ilen;
+ ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (unsigned long) ilen )
+ if( ctx->total[0] < (uint32_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, fill );
+ memcpy( (void *) (ctx->buffer + left), input, fill );
sha1_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
}
if( ilen > 0 )
- {
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, ilen );
- }
+ memcpy( (void *) (ctx->buffer + left), input, ilen );
}
static const unsigned char sha1_padding[64] =
*/
void sha1_finish( sha1_context *ctx, unsigned char output[20] )
{
- unsigned long last, padn;
- unsigned long high, low;
+ uint32_t last, padn;
+ uint32_t high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_ULONG_BE( high, msglen, 0 );
- PUT_ULONG_BE( low, msglen, 4 );
+ PUT_UINT32_BE( high, msglen, 0 );
+ PUT_UINT32_BE( low, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- sha1_update( ctx, (unsigned char *) sha1_padding, padn );
+ sha1_update( ctx, sha1_padding, padn );
sha1_update( ctx, msglen, 8 );
- PUT_ULONG_BE( ctx->state[0], output, 0 );
- PUT_ULONG_BE( ctx->state[1], output, 4 );
- PUT_ULONG_BE( ctx->state[2], output, 8 );
- PUT_ULONG_BE( ctx->state[3], output, 12 );
- PUT_ULONG_BE( ctx->state[4], output, 16 );
+ PUT_UINT32_BE( ctx->state[0], output, 0 );
+ PUT_UINT32_BE( ctx->state[1], output, 4 );
+ PUT_UINT32_BE( ctx->state[2], output, 8 );
+ PUT_UINT32_BE( ctx->state[3], output, 12 );
+ PUT_UINT32_BE( ctx->state[4], output, 16 );
}
+#endif /* !POLARSSL_SHA1_ALT */
+
/*
* output = SHA-1( input buffer )
*/
/*
* FIPS-180-2 compliant SHA-256 implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/config.h"
-#if defined(POLARSSL_SHA2_C)
+#if defined(POLARSSL_SHA256_C)
-#include "polarssl/sha2.h"
+#include "polarssl/sha256.h"
#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
#include <stdio.h>
#endif
+#if !defined(POLARSSL_SHA256_ALT)
+
/*
* 32-bit integer manipulation macros (big endian)
*/
-#ifndef GET_ULONG_BE
-#define GET_ULONG_BE(n,b,i) \
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
- | ( (unsigned long) (b)[(i) + 1] << 16 ) \
- | ( (unsigned long) (b)[(i) + 2] << 8 ) \
- | ( (unsigned long) (b)[(i) + 3] ); \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
-#ifndef PUT_ULONG_BE
-#define PUT_ULONG_BE(n,b,i) \
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
/*
* SHA-256 context setup
*/
-void sha2_starts( sha2_context *ctx, int is224 )
+void sha256_starts( sha256_context *ctx, int is224 )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
ctx->is224 = is224;
}
-static void sha2_process( sha2_context *ctx, const unsigned char data[64] )
+void sha256_process( sha256_context *ctx, const unsigned char data[64] )
{
- unsigned long temp1, temp2, W[64];
- unsigned long A, B, C, D, E, F, G, H;
-
- GET_ULONG_BE( W[ 0], data, 0 );
- GET_ULONG_BE( W[ 1], data, 4 );
- GET_ULONG_BE( W[ 2], data, 8 );
- GET_ULONG_BE( W[ 3], data, 12 );
- GET_ULONG_BE( W[ 4], data, 16 );
- GET_ULONG_BE( W[ 5], data, 20 );
- GET_ULONG_BE( W[ 6], data, 24 );
- GET_ULONG_BE( W[ 7], data, 28 );
- GET_ULONG_BE( W[ 8], data, 32 );
- GET_ULONG_BE( W[ 9], data, 36 );
- GET_ULONG_BE( W[10], data, 40 );
- GET_ULONG_BE( W[11], data, 44 );
- GET_ULONG_BE( W[12], data, 48 );
- GET_ULONG_BE( W[13], data, 52 );
- GET_ULONG_BE( W[14], data, 56 );
- GET_ULONG_BE( W[15], data, 60 );
+ uint32_t temp1, temp2, W[64];
+ uint32_t A, B, C, D, E, F, G, H;
+
+ GET_UINT32_BE( W[ 0], data, 0 );
+ GET_UINT32_BE( W[ 1], data, 4 );
+ GET_UINT32_BE( W[ 2], data, 8 );
+ GET_UINT32_BE( W[ 3], data, 12 );
+ GET_UINT32_BE( W[ 4], data, 16 );
+ GET_UINT32_BE( W[ 5], data, 20 );
+ GET_UINT32_BE( W[ 6], data, 24 );
+ GET_UINT32_BE( W[ 7], data, 28 );
+ GET_UINT32_BE( W[ 8], data, 32 );
+ GET_UINT32_BE( W[ 9], data, 36 );
+ GET_UINT32_BE( W[10], data, 40 );
+ GET_UINT32_BE( W[11], data, 44 );
+ GET_UINT32_BE( W[12], data, 48 );
+ GET_UINT32_BE( W[13], data, 52 );
+ GET_UINT32_BE( W[14], data, 56 );
+ GET_UINT32_BE( W[15], data, 60 );
#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
/*
* SHA-256 process buffer
*/
-void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen )
+void sha256_update( sha256_context *ctx, const unsigned char *input, size_t ilen )
{
size_t fill;
- unsigned long left;
+ uint32_t left;
if( ilen <= 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
- ctx->total[0] += (unsigned long) ilen;
+ ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (unsigned long) ilen )
+ if( ctx->total[0] < (uint32_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, fill );
- sha2_process( ctx, ctx->buffer );
+ memcpy( (void *) (ctx->buffer + left), input, fill );
+ sha256_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
while( ilen >= 64 )
{
- sha2_process( ctx, input );
+ sha256_process( ctx, input );
input += 64;
ilen -= 64;
}
if( ilen > 0 )
- {
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, ilen );
- }
+ memcpy( (void *) (ctx->buffer + left), input, ilen );
}
-static const unsigned char sha2_padding[64] =
+static const unsigned char sha256_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
/*
* SHA-256 final digest
*/
-void sha2_finish( sha2_context *ctx, unsigned char output[32] )
+void sha256_finish( sha256_context *ctx, unsigned char output[32] )
{
- unsigned long last, padn;
- unsigned long high, low;
+ uint32_t last, padn;
+ uint32_t high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_ULONG_BE( high, msglen, 0 );
- PUT_ULONG_BE( low, msglen, 4 );
+ PUT_UINT32_BE( high, msglen, 0 );
+ PUT_UINT32_BE( low, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- sha2_update( ctx, (unsigned char *) sha2_padding, padn );
- sha2_update( ctx, msglen, 8 );
+ sha256_update( ctx, sha256_padding, padn );
+ sha256_update( ctx, msglen, 8 );
- PUT_ULONG_BE( ctx->state[0], output, 0 );
- PUT_ULONG_BE( ctx->state[1], output, 4 );
- PUT_ULONG_BE( ctx->state[2], output, 8 );
- PUT_ULONG_BE( ctx->state[3], output, 12 );
- PUT_ULONG_BE( ctx->state[4], output, 16 );
- PUT_ULONG_BE( ctx->state[5], output, 20 );
- PUT_ULONG_BE( ctx->state[6], output, 24 );
+ PUT_UINT32_BE( ctx->state[0], output, 0 );
+ PUT_UINT32_BE( ctx->state[1], output, 4 );
+ PUT_UINT32_BE( ctx->state[2], output, 8 );
+ PUT_UINT32_BE( ctx->state[3], output, 12 );
+ PUT_UINT32_BE( ctx->state[4], output, 16 );
+ PUT_UINT32_BE( ctx->state[5], output, 20 );
+ PUT_UINT32_BE( ctx->state[6], output, 24 );
if( ctx->is224 == 0 )
- PUT_ULONG_BE( ctx->state[7], output, 28 );
+ PUT_UINT32_BE( ctx->state[7], output, 28 );
}
+#endif /* !POLARSSL_SHA256_ALT */
+
/*
* output = SHA-256( input buffer )
*/
-void sha2( const unsigned char *input, size_t ilen,
- unsigned char output[32], int is224 )
+void sha256( const unsigned char *input, size_t ilen,
+ unsigned char output[32], int is224 )
{
- sha2_context ctx;
+ sha256_context ctx;
- sha2_starts( &ctx, is224 );
- sha2_update( &ctx, input, ilen );
- sha2_finish( &ctx, output );
+ sha256_starts( &ctx, is224 );
+ sha256_update( &ctx, input, ilen );
+ sha256_finish( &ctx, output );
- memset( &ctx, 0, sizeof( sha2_context ) );
+ memset( &ctx, 0, sizeof( sha256_context ) );
}
#if defined(POLARSSL_FS_IO)
/*
* output = SHA-256( file contents )
*/
-int sha2_file( const char *path, unsigned char output[32], int is224 )
+int sha256_file( const char *path, unsigned char output[32], int is224 )
{
FILE *f;
size_t n;
- sha2_context ctx;
+ sha256_context ctx;
unsigned char buf[1024];
if( ( f = fopen( path, "rb" ) ) == NULL )
- return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
+ return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
- sha2_starts( &ctx, is224 );
+ sha256_starts( &ctx, is224 );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
- sha2_update( &ctx, buf, n );
+ sha256_update( &ctx, buf, n );
- sha2_finish( &ctx, output );
+ sha256_finish( &ctx, output );
- memset( &ctx, 0, sizeof( sha2_context ) );
+ memset( &ctx, 0, sizeof( sha256_context ) );
if( ferror( f ) != 0 )
{
fclose( f );
- return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
+ return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
}
fclose( f );
/*
* SHA-256 HMAC context setup
*/
-void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, size_t keylen,
- int is224 )
+void sha256_hmac_starts( sha256_context *ctx, const unsigned char *key,
+ size_t keylen, int is224 )
{
size_t i;
unsigned char sum[32];
if( keylen > 64 )
{
- sha2( key, keylen, sum, is224 );
+ sha256( key, keylen, sum, is224 );
keylen = ( is224 ) ? 28 : 32;
key = sum;
}
ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
}
- sha2_starts( ctx, is224 );
- sha2_update( ctx, ctx->ipad, 64 );
+ sha256_starts( ctx, is224 );
+ sha256_update( ctx, ctx->ipad, 64 );
memset( sum, 0, sizeof( sum ) );
}
/*
* SHA-256 HMAC process buffer
*/
-void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, size_t ilen )
+void sha256_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen )
{
- sha2_update( ctx, input, ilen );
+ sha256_update( ctx, input, ilen );
}
/*
* SHA-256 HMAC final digest
*/
-void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] )
+void sha256_hmac_finish( sha256_context *ctx, unsigned char output[32] )
{
int is224, hlen;
unsigned char tmpbuf[32];
is224 = ctx->is224;
hlen = ( is224 == 0 ) ? 32 : 28;
- sha2_finish( ctx, tmpbuf );
- sha2_starts( ctx, is224 );
- sha2_update( ctx, ctx->opad, 64 );
- sha2_update( ctx, tmpbuf, hlen );
- sha2_finish( ctx, output );
+ sha256_finish( ctx, tmpbuf );
+ sha256_starts( ctx, is224 );
+ sha256_update( ctx, ctx->opad, 64 );
+ sha256_update( ctx, tmpbuf, hlen );
+ sha256_finish( ctx, output );
memset( tmpbuf, 0, sizeof( tmpbuf ) );
}
/*
* SHA-256 HMAC context reset
*/
-void sha2_hmac_reset( sha2_context *ctx )
+void sha256_hmac_reset( sha256_context *ctx )
{
- sha2_starts( ctx, ctx->is224 );
- sha2_update( ctx, ctx->ipad, 64 );
+ sha256_starts( ctx, ctx->is224 );
+ sha256_update( ctx, ctx->ipad, 64 );
}
/*
* output = HMAC-SHA-256( hmac key, input buffer )
*/
-void sha2_hmac( const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char output[32], int is224 )
+void sha256_hmac( const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char output[32], int is224 )
{
- sha2_context ctx;
+ sha256_context ctx;
- sha2_hmac_starts( &ctx, key, keylen, is224 );
- sha2_hmac_update( &ctx, input, ilen );
- sha2_hmac_finish( &ctx, output );
+ sha256_hmac_starts( &ctx, key, keylen, is224 );
+ sha256_hmac_update( &ctx, input, ilen );
+ sha256_hmac_finish( &ctx, output );
- memset( &ctx, 0, sizeof( sha2_context ) );
+ memset( &ctx, 0, sizeof( sha256_context ) );
}
#if defined(POLARSSL_SELF_TEST)
/*
* FIPS-180-2 test vectors
*/
-static unsigned char sha2_test_buf[3][57] =
+static unsigned char sha256_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
{ "" }
};
-static const int sha2_test_buflen[3] =
+static const int sha256_test_buflen[3] =
{
3, 56, 1000
};
-static const unsigned char sha2_test_sum[6][32] =
+static const unsigned char sha256_test_sum[6][32] =
{
/*
* SHA-224 test vectors
/*
* RFC 4231 test vectors
*/
-static unsigned char sha2_hmac_test_key[7][26] =
+static unsigned char sha256_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
{ "" }
};
-static const int sha2_hmac_test_keylen[7] =
+static const int sha256_hmac_test_keylen[7] =
{
20, 4, 20, 25, 20, 131, 131
};
-static unsigned char sha2_hmac_test_buf[7][153] =
+static unsigned char sha256_hmac_test_buf[7][153] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
"be hashed before being used by the HMAC algorithm." }
};
-static const int sha2_hmac_test_buflen[7] =
+static const int sha256_hmac_test_buflen[7] =
{
8, 28, 50, 50, 20, 54, 152
};
-static const unsigned char sha2_hmac_test_sum[14][32] =
+static const unsigned char sha256_hmac_test_sum[14][32] =
{
/*
* HMAC-SHA-224 test vectors
/*
* Checkup routine
*/
-int sha2_self_test( int verbose )
+int sha256_self_test( int verbose )
{
int i, j, k, buflen;
unsigned char buf[1024];
- unsigned char sha2sum[32];
- sha2_context ctx;
+ unsigned char sha256sum[32];
+ sha256_context ctx;
for( i = 0; i < 6; i++ )
{
if( verbose != 0 )
printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
- sha2_starts( &ctx, k );
+ sha256_starts( &ctx, k );
if( j == 2 )
{
memset( buf, 'a', buflen = 1000 );
for( j = 0; j < 1000; j++ )
- sha2_update( &ctx, buf, buflen );
+ sha256_update( &ctx, buf, buflen );
}
else
- sha2_update( &ctx, sha2_test_buf[j],
- sha2_test_buflen[j] );
+ sha256_update( &ctx, sha256_test_buf[j],
+ sha256_test_buflen[j] );
- sha2_finish( &ctx, sha2sum );
+ sha256_finish( &ctx, sha256sum );
- if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
+ if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
if( j == 5 || j == 6 )
{
memset( buf, '\xAA', buflen = 131 );
- sha2_hmac_starts( &ctx, buf, buflen, k );
+ sha256_hmac_starts( &ctx, buf, buflen, k );
}
else
- sha2_hmac_starts( &ctx, sha2_hmac_test_key[j],
- sha2_hmac_test_keylen[j], k );
+ sha256_hmac_starts( &ctx, sha256_hmac_test_key[j],
+ sha256_hmac_test_keylen[j], k );
- sha2_hmac_update( &ctx, sha2_hmac_test_buf[j],
- sha2_hmac_test_buflen[j] );
+ sha256_hmac_update( &ctx, sha256_hmac_test_buf[j],
+ sha256_hmac_test_buflen[j] );
- sha2_hmac_finish( &ctx, sha2sum );
+ sha256_hmac_finish( &ctx, sha256sum );
buflen = ( j == 4 ) ? 16 : 32 - k * 4;
- if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 )
+ if( memcmp( sha256sum, sha256_hmac_test_sum[i], buflen ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
/*
* FIPS-180-2 compliant SHA-384/512 implementation
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/config.h"
-#if defined(POLARSSL_SHA4_C)
+#if defined(POLARSSL_SHA512_C)
-#include "polarssl/sha4.h"
+#include "polarssl/sha512.h"
#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
#include <stdio.h>
#endif
+#if !defined(POLARSSL_SHA512_ALT)
+
/*
* 64-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT64_BE
#define GET_UINT64_BE(n,b,i) \
{ \
- (n) = ( (unsigned long64) (b)[(i) ] << 56 ) \
- | ( (unsigned long64) (b)[(i) + 1] << 48 ) \
- | ( (unsigned long64) (b)[(i) + 2] << 40 ) \
- | ( (unsigned long64) (b)[(i) + 3] << 32 ) \
- | ( (unsigned long64) (b)[(i) + 4] << 24 ) \
- | ( (unsigned long64) (b)[(i) + 5] << 16 ) \
- | ( (unsigned long64) (b)[(i) + 6] << 8 ) \
- | ( (unsigned long64) (b)[(i) + 7] ); \
+ (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
+ | ( (uint64_t) (b)[(i) + 1] << 48 ) \
+ | ( (uint64_t) (b)[(i) + 2] << 40 ) \
+ | ( (uint64_t) (b)[(i) + 3] << 32 ) \
+ | ( (uint64_t) (b)[(i) + 4] << 24 ) \
+ | ( (uint64_t) (b)[(i) + 5] << 16 ) \
+ | ( (uint64_t) (b)[(i) + 6] << 8 ) \
+ | ( (uint64_t) (b)[(i) + 7] ); \
}
#endif
/*
* Round constants
*/
-static const unsigned long64 K[80] =
+static const uint64_t K[80] =
{
UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
/*
* SHA-512 context setup
*/
-void sha4_starts( sha4_context *ctx, int is384 )
+void sha512_starts( sha512_context *ctx, int is384 )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
ctx->is384 = is384;
}
-static void sha4_process( sha4_context *ctx, const unsigned char data[128] )
+void sha512_process( sha512_context *ctx, const unsigned char data[128] )
{
int i;
- unsigned long64 temp1, temp2, W[80];
- unsigned long64 A, B, C, D, E, F, G, H;
+ uint64_t temp1, temp2, W[80];
+ uint64_t A, B, C, D, E, F, G, H;
#define SHR(x,n) (x >> n)
#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
/*
* SHA-512 process buffer
*/
-void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen )
+void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen )
{
size_t fill;
unsigned int left;
left = (unsigned int) (ctx->total[0] & 0x7F);
fill = 128 - left;
- ctx->total[0] += (unsigned long64) ilen;
+ ctx->total[0] += (uint64_t) ilen;
- if( ctx->total[0] < (unsigned long64) ilen )
+ if( ctx->total[0] < (uint64_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, fill );
- sha4_process( ctx, ctx->buffer );
+ memcpy( (void *) (ctx->buffer + left), input, fill );
+ sha512_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
while( ilen >= 128 )
{
- sha4_process( ctx, input );
+ sha512_process( ctx, input );
input += 128;
ilen -= 128;
}
if( ilen > 0 )
- {
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, ilen );
- }
+ memcpy( (void *) (ctx->buffer + left), input, ilen );
}
-static const unsigned char sha4_padding[128] =
+static const unsigned char sha512_padding[128] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
/*
* SHA-512 final digest
*/
-void sha4_finish( sha4_context *ctx, unsigned char output[64] )
+void sha512_finish( sha512_context *ctx, unsigned char output[64] )
{
size_t last, padn;
- unsigned long64 high, low;
+ uint64_t high, low;
unsigned char msglen[16];
high = ( ctx->total[0] >> 61 )
last = (size_t)( ctx->total[0] & 0x7F );
padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
- sha4_update( ctx, (unsigned char *) sha4_padding, padn );
- sha4_update( ctx, msglen, 16 );
+ sha512_update( ctx, sha512_padding, padn );
+ sha512_update( ctx, msglen, 16 );
PUT_UINT64_BE( ctx->state[0], output, 0 );
PUT_UINT64_BE( ctx->state[1], output, 8 );
}
}
+#endif /* !POLARSSL_SHA512_ALT */
+
/*
* output = SHA-512( input buffer )
*/
-void sha4( const unsigned char *input, size_t ilen,
- unsigned char output[64], int is384 )
+void sha512( const unsigned char *input, size_t ilen,
+ unsigned char output[64], int is384 )
{
- sha4_context ctx;
+ sha512_context ctx;
- sha4_starts( &ctx, is384 );
- sha4_update( &ctx, input, ilen );
- sha4_finish( &ctx, output );
+ sha512_starts( &ctx, is384 );
+ sha512_update( &ctx, input, ilen );
+ sha512_finish( &ctx, output );
- memset( &ctx, 0, sizeof( sha4_context ) );
+ memset( &ctx, 0, sizeof( sha512_context ) );
}
#if defined(POLARSSL_FS_IO)
/*
* output = SHA-512( file contents )
*/
-int sha4_file( const char *path, unsigned char output[64], int is384 )
+int sha512_file( const char *path, unsigned char output[64], int is384 )
{
FILE *f;
size_t n;
- sha4_context ctx;
+ sha512_context ctx;
unsigned char buf[1024];
if( ( f = fopen( path, "rb" ) ) == NULL )
- return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
+ return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
- sha4_starts( &ctx, is384 );
+ sha512_starts( &ctx, is384 );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
- sha4_update( &ctx, buf, n );
+ sha512_update( &ctx, buf, n );
- sha4_finish( &ctx, output );
+ sha512_finish( &ctx, output );
- memset( &ctx, 0, sizeof( sha4_context ) );
+ memset( &ctx, 0, sizeof( sha512_context ) );
if( ferror( f ) != 0 )
{
fclose( f );
- return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
+ return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
}
fclose( f );
/*
* SHA-512 HMAC context setup
*/
-void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keylen,
- int is384 )
+void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
+ size_t keylen, int is384 )
{
size_t i;
unsigned char sum[64];
if( keylen > 128 )
{
- sha4( key, keylen, sum, is384 );
+ sha512( key, keylen, sum, is384 );
keylen = ( is384 ) ? 48 : 64;
key = sum;
}
ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
}
- sha4_starts( ctx, is384 );
- sha4_update( ctx, ctx->ipad, 128 );
+ sha512_starts( ctx, is384 );
+ sha512_update( ctx, ctx->ipad, 128 );
memset( sum, 0, sizeof( sum ) );
}
/*
* SHA-512 HMAC process buffer
*/
-void sha4_hmac_update( sha4_context *ctx,
- const unsigned char *input, size_t ilen )
+void sha512_hmac_update( sha512_context *ctx,
+ const unsigned char *input, size_t ilen )
{
- sha4_update( ctx, input, ilen );
+ sha512_update( ctx, input, ilen );
}
/*
* SHA-512 HMAC final digest
*/
-void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] )
+void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] )
{
int is384, hlen;
unsigned char tmpbuf[64];
is384 = ctx->is384;
hlen = ( is384 == 0 ) ? 64 : 48;
- sha4_finish( ctx, tmpbuf );
- sha4_starts( ctx, is384 );
- sha4_update( ctx, ctx->opad, 128 );
- sha4_update( ctx, tmpbuf, hlen );
- sha4_finish( ctx, output );
+ sha512_finish( ctx, tmpbuf );
+ sha512_starts( ctx, is384 );
+ sha512_update( ctx, ctx->opad, 128 );
+ sha512_update( ctx, tmpbuf, hlen );
+ sha512_finish( ctx, output );
memset( tmpbuf, 0, sizeof( tmpbuf ) );
}
/*
* SHA-512 HMAC context reset
*/
-void sha4_hmac_reset( sha4_context *ctx )
+void sha512_hmac_reset( sha512_context *ctx )
{
- sha4_starts( ctx, ctx->is384 );
- sha4_update( ctx, ctx->ipad, 128 );
+ sha512_starts( ctx, ctx->is384 );
+ sha512_update( ctx, ctx->ipad, 128 );
}
/*
* output = HMAC-SHA-512( hmac key, input buffer )
*/
-void sha4_hmac( const unsigned char *key, size_t keylen,
+void sha512_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char output[64], int is384 )
{
- sha4_context ctx;
+ sha512_context ctx;
- sha4_hmac_starts( &ctx, key, keylen, is384 );
- sha4_hmac_update( &ctx, input, ilen );
- sha4_hmac_finish( &ctx, output );
+ sha512_hmac_starts( &ctx, key, keylen, is384 );
+ sha512_hmac_update( &ctx, input, ilen );
+ sha512_hmac_finish( &ctx, output );
- memset( &ctx, 0, sizeof( sha4_context ) );
+ memset( &ctx, 0, sizeof( sha512_context ) );
}
#if defined(POLARSSL_SELF_TEST)
/*
* FIPS-180-2 test vectors
*/
-static unsigned char sha4_test_buf[3][113] =
+static unsigned char sha512_test_buf[3][113] =
{
{ "abc" },
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
{ "" }
};
-static const int sha4_test_buflen[3] =
+static const int sha512_test_buflen[3] =
{
3, 112, 1000
};
-static const unsigned char sha4_test_sum[6][64] =
+static const unsigned char sha512_test_sum[6][64] =
{
/*
* SHA-384 test vectors
/*
* RFC 4231 test vectors
*/
-static unsigned char sha4_hmac_test_key[7][26] =
+static unsigned char sha512_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
{ "" }
};
-static const int sha4_hmac_test_keylen[7] =
+static const int sha512_hmac_test_keylen[7] =
{
20, 4, 20, 25, 20, 131, 131
};
-static unsigned char sha4_hmac_test_buf[7][153] =
+static unsigned char sha512_hmac_test_buf[7][153] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
"be hashed before being used by the HMAC algorithm." }
};
-static const int sha4_hmac_test_buflen[7] =
+static const int sha512_hmac_test_buflen[7] =
{
8, 28, 50, 50, 20, 54, 152
};
-static const unsigned char sha4_hmac_test_sum[14][64] =
+static const unsigned char sha512_hmac_test_sum[14][64] =
{
/*
* HMAC-SHA-384 test vectors
/*
* Checkup routine
*/
-int sha4_self_test( int verbose )
+int sha512_self_test( int verbose )
{
int i, j, k, buflen;
unsigned char buf[1024];
- unsigned char sha4sum[64];
- sha4_context ctx;
+ unsigned char sha512sum[64];
+ sha512_context ctx;
for( i = 0; i < 6; i++ )
{
if( verbose != 0 )
printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
- sha4_starts( &ctx, k );
+ sha512_starts( &ctx, k );
if( j == 2 )
{
memset( buf, 'a', buflen = 1000 );
for( j = 0; j < 1000; j++ )
- sha4_update( &ctx, buf, buflen );
+ sha512_update( &ctx, buf, buflen );
}
else
- sha4_update( &ctx, sha4_test_buf[j],
- sha4_test_buflen[j] );
+ sha512_update( &ctx, sha512_test_buf[j],
+ sha512_test_buflen[j] );
- sha4_finish( &ctx, sha4sum );
+ sha512_finish( &ctx, sha512sum );
- if( memcmp( sha4sum, sha4_test_sum[i], 64 - k * 16 ) != 0 )
+ if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
if( j == 5 || j == 6 )
{
memset( buf, '\xAA', buflen = 131 );
- sha4_hmac_starts( &ctx, buf, buflen, k );
+ sha512_hmac_starts( &ctx, buf, buflen, k );
}
else
- sha4_hmac_starts( &ctx, sha4_hmac_test_key[j],
- sha4_hmac_test_keylen[j], k );
+ sha512_hmac_starts( &ctx, sha512_hmac_test_key[j],
+ sha512_hmac_test_keylen[j], k );
- sha4_hmac_update( &ctx, sha4_hmac_test_buf[j],
- sha4_hmac_test_buflen[j] );
+ sha512_hmac_update( &ctx, sha512_hmac_test_buf[j],
+ sha512_hmac_test_buflen[j] );
- sha4_hmac_finish( &ctx, sha4sum );
+ sha512_hmac_finish( &ctx, sha512sum );
buflen = ( j == 4 ) ? 16 : 64 - k * 16;
- if( memcmp( sha4sum, sha4_hmac_test_sum[i], buflen ) != 0 )
+ if( memcmp( sha512sum, sha512_hmac_test_sum[i], buflen ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
--- /dev/null
+/*
+ * SSL session cache implementation
+ *
+ * Copyright (C) 2006-2012, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * These session callbacks use a simple chained list
+ * to store and retrieve the session information.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_SSL_CACHE_C)
+
+#include "polarssl/ssl_cache.h"
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <stdlib.h>
+
+void ssl_cache_init( ssl_cache_context *cache )
+{
+ memset( cache, 0, sizeof( ssl_cache_context ) );
+
+ cache->timeout = SSL_CACHE_DEFAULT_TIMEOUT;
+ cache->max_entries = SSL_CACHE_DEFAULT_MAX_ENTRIES;
+
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_init( &cache->mutex );
+#endif
+}
+
+int ssl_cache_get( void *data, ssl_session *session )
+{
+ int ret = 1;
+#if defined(POLARSSL_HAVE_TIME)
+ time_t t = time( NULL );
+#endif
+ ssl_cache_context *cache = (ssl_cache_context *) data;
+ ssl_cache_entry *cur, *entry;
+
+#if defined(POLARSSL_THREADING_C)
+ if( polarssl_mutex_lock( &cache->mutex ) != 0 )
+ return( 1 );
+#endif
+
+ cur = cache->chain;
+ entry = NULL;
+
+ while( cur != NULL )
+ {
+ entry = cur;
+ cur = cur->next;
+
+#if defined(POLARSSL_HAVE_TIME)
+ if( cache->timeout != 0 &&
+ (int) ( t - entry->timestamp ) > cache->timeout )
+ continue;
+#endif
+
+ if( session->ciphersuite != entry->session.ciphersuite ||
+ session->compression != entry->session.compression ||
+ session->length != entry->session.length )
+ continue;
+
+ if( memcmp( session->id, entry->session.id,
+ entry->session.length ) != 0 )
+ continue;
+
+ memcpy( session->master, entry->session.master, 48 );
+
+ session->verify_result = entry->session.verify_result;
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ /*
+ * Restore peer certificate (without rest of the original chain)
+ */
+ if( entry->peer_cert.p != NULL )
+ {
+ session->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
+ if( session->peer_cert == NULL )
+ {
+ ret = 1;
+ goto exit;
+ }
+
+ x509_crt_init( session->peer_cert );
+ if( x509_crt_parse( session->peer_cert, entry->peer_cert.p,
+ entry->peer_cert.len ) != 0 )
+ {
+ polarssl_free( session->peer_cert );
+ session->peer_cert = NULL;
+ ret = 1;
+ goto exit;
+ }
+ }
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ ret = 0;
+ goto exit;
+ }
+
+exit:
+#if defined(POLARSSL_THREADING_C)
+ if( polarssl_mutex_unlock( &cache->mutex ) != 0 )
+ ret = 1;
+#endif
+
+ return( ret );
+}
+
+int ssl_cache_set( void *data, const ssl_session *session )
+{
+ int ret = 1;
+#if defined(POLARSSL_HAVE_TIME)
+ time_t t = time( NULL ), oldest = 0;
+ ssl_cache_entry *old = NULL;
+#endif
+ ssl_cache_context *cache = (ssl_cache_context *) data;
+ ssl_cache_entry *cur, *prv;
+ int count = 0;
+
+#if defined(POLARSSL_THREADING_C)
+ if( ( ret = polarssl_mutex_lock( &cache->mutex ) ) != 0 )
+ return( ret );
+#endif
+
+ cur = cache->chain;
+ prv = NULL;
+
+ while( cur != NULL )
+ {
+ count++;
+
+#if defined(POLARSSL_HAVE_TIME)
+ if( cache->timeout != 0 &&
+ (int) ( t - cur->timestamp ) > cache->timeout )
+ {
+ cur->timestamp = t;
+ break; /* expired, reuse this slot, update timestamp */
+ }
+#endif
+
+ if( memcmp( session->id, cur->session.id, cur->session.length ) == 0 )
+ break; /* client reconnected, keep timestamp for session id */
+
+#if defined(POLARSSL_HAVE_TIME)
+ if( oldest == 0 || cur->timestamp < oldest )
+ {
+ oldest = cur->timestamp;
+ old = cur;
+ }
+#endif
+
+ prv = cur;
+ cur = cur->next;
+ }
+
+ if( cur == NULL )
+ {
+#if defined(POLARSSL_HAVE_TIME)
+ /*
+ * Reuse oldest entry if max_entries reached
+ */
+ if( old != NULL && count >= cache->max_entries )
+ {
+ cur = old;
+ memset( &cur->session, 0, sizeof(ssl_session) );
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( cur->peer_cert.p != NULL )
+ {
+ polarssl_free( cur->peer_cert.p );
+ memset( &cur->peer_cert, 0, sizeof(x509_buf) );
+ }
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+ }
+#else /* POLARSSL_HAVE_TIME */
+ /*
+ * Reuse first entry in chain if max_entries reached,
+ * but move to last place
+ */
+ if( count >= cache->max_entries )
+ {
+ if( cache->chain == NULL )
+ {
+ ret = 1;
+ goto exit;
+ }
+
+ cur = cache->chain;
+ cache->chain = cur->next;
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( cur->peer_cert.p != NULL )
+ {
+ polarssl_free( cur->peer_cert.p );
+ memset( &cur->peer_cert, 0, sizeof(x509_buf) );
+ }
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ memset( cur, 0, sizeof(ssl_cache_entry) );
+ prv->next = cur;
+ }
+#endif /* POLARSSL_HAVE_TIME */
+ else
+ {
+ cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
+ if( cur == NULL )
+ {
+ ret = 1;
+ goto exit;
+ }
+
+ memset( cur, 0, sizeof(ssl_cache_entry) );
+
+ if( prv == NULL )
+ cache->chain = cur;
+ else
+ prv->next = cur;
+ }
+
+#if defined(POLARSSL_HAVE_TIME)
+ cur->timestamp = t;
+#endif
+ }
+
+ memcpy( &cur->session, session, sizeof( ssl_session ) );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ /*
+ * Store peer certificate
+ */
+ if( session->peer_cert != NULL )
+ {
+ cur->peer_cert.p = (unsigned char *) polarssl_malloc( session->peer_cert->raw.len );
+ if( cur->peer_cert.p == NULL )
+ {
+ ret = 1;
+ goto exit;
+ }
+
+ memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
+ session->peer_cert->raw.len );
+ cur->peer_cert.len = session->peer_cert->raw.len;
+
+ cur->session.peer_cert = NULL;
+ }
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ ret = 0;
+
+exit:
+#if defined(POLARSSL_THREADING_C)
+ if( polarssl_mutex_unlock( &cache->mutex ) != 0 )
+ ret = 1;
+#endif
+
+ return( ret );
+}
+
+#if defined(POLARSSL_HAVE_TIME)
+void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout )
+{
+ if( timeout < 0 ) timeout = 0;
+
+ cache->timeout = timeout;
+}
+#endif /* POLARSSL_HAVE_TIME */
+
+void ssl_cache_set_max_entries( ssl_cache_context *cache, int max )
+{
+ if( max < 0 ) max = 0;
+
+ cache->max_entries = max;
+}
+
+void ssl_cache_free( ssl_cache_context *cache )
+{
+ ssl_cache_entry *cur, *prv;
+
+ cur = cache->chain;
+
+ while( cur != NULL )
+ {
+ prv = cur;
+ cur = cur->next;
+
+ ssl_session_free( &prv->session );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( prv->peer_cert.p != NULL )
+ polarssl_free( prv->peer_cert.p );
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ polarssl_free( prv );
+ }
+
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_free( &cache->mutex );
+#endif
+}
+
+#endif /* POLARSSL_SSL_CACHE_C */
--- /dev/null
+/**
+ * \file ssl_ciphersuites.c
+ *
+ * \brief SSL ciphersuites for PolarSSL
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_SSL_TLS_C)
+
+#include "polarssl/ssl_ciphersuites.h"
+#include "polarssl/ssl.h"
+
+#include <stdlib.h>
+
+#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
+ !defined(EFI32)
+#define strcasecmp _stricmp
+#endif
+
+/*
+ * Ordered from most preferred to least preferred in terms of security.
+ *
+ * Current rule (except weak and null which come last):
+ * 1. By key exchange:
+ * Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
+ * 2. By key length and cipher:
+ * AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES > RC4
+ * 3. By cipher mode when relevant GCM > CBC
+ * 4. By hash function used
+ * 5. By key exchange/auth again: EC > non-EC
+ */
+static const int ciphersuite_preference[] =
+{
+ /* All AES-256 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+
+ /* All CAMELLIA-256 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+
+ /* All AES-128 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+
+ /* All CAMELLIA-128 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+
+ /* All remaining >= 128-bit ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+
+ /* The PSK ephemeral suites */
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+
+ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_PSK_WITH_RC4_128_SHA,
+ TLS_DHE_PSK_WITH_RC4_128_SHA,
+
+ /* All AES-256 suites */
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+
+ /* All CAMELLIA-256 suites */
+ TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+
+ /* All AES-128 suites */
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+
+ /* All CAMELLIA-128 suites */
+ TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+
+ /* All remaining >= 128-bit suites */
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_RC4_128_SHA,
+ TLS_RSA_WITH_RC4_128_MD5,
+
+ /* The RSA PSK suites */
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+
+ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_PSK_WITH_RC4_128_SHA,
+
+ /* The PSK suites */
+ TLS_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_PSK_WITH_AES_256_CBC_SHA384,
+ TLS_PSK_WITH_AES_256_CBC_SHA,
+ TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+
+ TLS_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_PSK_WITH_AES_128_CBC_SHA256,
+ TLS_PSK_WITH_AES_128_CBC_SHA,
+ TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+
+ TLS_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS_PSK_WITH_RC4_128_SHA,
+
+ /* Weak suites */
+ TLS_DHE_RSA_WITH_DES_CBC_SHA,
+ TLS_RSA_WITH_DES_CBC_SHA,
+
+ /* NULL suites */
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS_ECDHE_RSA_WITH_NULL_SHA,
+ TLS_ECDHE_PSK_WITH_NULL_SHA384,
+ TLS_ECDHE_PSK_WITH_NULL_SHA256,
+ TLS_ECDHE_PSK_WITH_NULL_SHA,
+ TLS_DHE_PSK_WITH_NULL_SHA384,
+ TLS_DHE_PSK_WITH_NULL_SHA256,
+ TLS_DHE_PSK_WITH_NULL_SHA,
+
+ TLS_RSA_WITH_NULL_SHA256,
+ TLS_RSA_WITH_NULL_SHA,
+ TLS_RSA_WITH_NULL_MD5,
+ TLS_RSA_PSK_WITH_NULL_SHA384,
+ TLS_RSA_PSK_WITH_NULL_SHA256,
+ TLS_RSA_PSK_WITH_NULL_SHA,
+ TLS_PSK_WITH_NULL_SHA384,
+ TLS_PSK_WITH_NULL_SHA256,
+ TLS_PSK_WITH_NULL_SHA,
+
+ 0
+};
+
+#define MAX_CIPHERSUITES 128
+static int supported_ciphersuites[MAX_CIPHERSUITES];
+static int supported_init = 0;
+
+static const ssl_ciphersuite_t ciphersuite_definitions[] =
+{
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA1_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_SHA1_C */
+#if defined(POLARSSL_SHA256_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_GCM_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_GCM_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_ARC4_C */
+
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_NULL_CIPHER */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA1_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_SHA1_C */
+#if defined(POLARSSL_SHA256_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_GCM_C)
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_GCM_C)
+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_ARC4_C */
+
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_NULL_CIPHER */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
+
+#if defined(POLARSSL_SHA256_C)
+#if defined(POLARSSL_GCM_C)
+ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_GCM_C */
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
+ { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
+
+#if defined(POLARSSL_SHA256_C)
+#if defined(POLARSSL_GCM_C)
+ { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_GCM_C */
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA1_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+#if defined(POLARSSL_MD5_C)
+ { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#endif /* POLARSSL_ARC4_C */
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_ARC4_C */
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_ARC4_C */
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(POLARSSL_AES_C)
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_ARC4_C */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+
+ { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_GCM_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_ARC4_C */
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(POLARSSL_MD5_C)
+ { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+
+#if defined(POLARSSL_SHA256_C)
+ { TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+
+#if defined(POLARSSL_SHA256_C)
+ { TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+
+#if defined(POLARSSL_SHA256_C)
+ { TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+ { TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#endif /* POLARSSL_CIPHER_NULL_CIPHER */
+
+#if defined(POLARSSL_DES_C)
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+ POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(POLARSSL_SHA1_C)
+ { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
+ POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_SHA1_C */
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* POLARSSL_DES_C */
+#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
+
+ { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
+};
+
+const int *ssl_list_ciphersuites( void )
+{
+ /*
+ * On initial call filter out all ciphersuites not supported by current
+ * build based on presence in the ciphersuite_definitions.
+ */
+ if( supported_init == 0 )
+ {
+ const int *p = ciphersuite_preference;
+ int *q = supported_ciphersuites;
+ size_t i;
+ size_t max = sizeof(supported_ciphersuites) / sizeof(int);
+
+ for( i = 0; i < max - 1 && p[i] != 0; i++ )
+ {
+ if( ssl_ciphersuite_from_id( p[i] ) != NULL )
+ *(q++) = p[i];
+ }
+ *q = 0;
+
+ supported_init = 1;
+ }
+
+ return supported_ciphersuites;
+};
+
+const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
+{
+ const ssl_ciphersuite_t *cur = ciphersuite_definitions;
+
+ if( NULL == ciphersuite_name )
+ return( NULL );
+
+ while( cur->id != 0 )
+ {
+ if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
+ return( cur );
+
+ cur++;
+ }
+
+ return( NULL );
+}
+
+const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
+{
+ const ssl_ciphersuite_t *cur = ciphersuite_definitions;
+
+ while( cur->id != 0 )
+ {
+ if( cur->id == ciphersuite )
+ return( cur );
+
+ cur++;
+ }
+
+ return( NULL );
+}
+
+const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
+{
+ const ssl_ciphersuite_t *cur;
+
+ cur = ssl_ciphersuite_from_id( ciphersuite_id );
+
+ if( cur == NULL )
+ return( "unknown" );
+
+ return( cur->name );
+}
+
+int ssl_get_ciphersuite_id( const char *ciphersuite_name )
+{
+ const ssl_ciphersuite_t *cur;
+
+ cur = ssl_ciphersuite_from_string( ciphersuite_name );
+
+ if( cur == NULL )
+ return( 0 );
+
+ return( cur->id );
+}
+
+#if defined(POLARSSL_PK_C)
+pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case POLARSSL_KEY_EXCHANGE_RSA:
+ case POLARSSL_KEY_EXCHANGE_DHE_RSA:
+ case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
+ case POLARSSL_KEY_EXCHANGE_RSA_PSK:
+ return( POLARSSL_PK_RSA );
+
+ case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
+ return( POLARSSL_PK_ECDSA );
+
+ default:
+ return( POLARSSL_PK_NONE );
+ }
+}
+#endif
+
+int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
+ case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
+ case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+
+int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case POLARSSL_KEY_EXCHANGE_PSK:
+ case POLARSSL_KEY_EXCHANGE_RSA_PSK:
+ case POLARSSL_KEY_EXCHANGE_DHE_PSK:
+ case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+
+#endif
--- /dev/null
+/*
+ * SSLv3/TLSv1 client-side functions
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_SSL_CLI_C)
+
+#include "polarssl/debug.h"
+#include "polarssl/ssl.h"
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#if defined(POLARSSL_HAVE_TIME)
+#include <time.h>
+#endif
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+static void ssl_write_hostname_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ *olen = 0;
+
+ if ( ssl->hostname == NULL )
+ return;
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
+ ssl->hostname ) );
+
+ /*
+ * struct {
+ * NameType name_type;
+ * select (name_type) {
+ * case host_name: HostName;
+ * } name;
+ * } ServerName;
+ *
+ * enum {
+ * host_name(0), (255)
+ * } NameType;
+ *
+ * opaque HostName<1..2^16-1>;
+ *
+ * struct {
+ * ServerName server_name_list<1..2^16-1>
+ * } ServerNameList;
+ */
+ *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME ) & 0xFF );
+
+ *p++ = (unsigned char)( ( (ssl->hostname_len + 5) >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( (ssl->hostname_len + 5) ) & 0xFF );
+
+ *p++ = (unsigned char)( ( (ssl->hostname_len + 3) >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( (ssl->hostname_len + 3) ) & 0xFF );
+
+ *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
+ *p++ = (unsigned char)( ( ssl->hostname_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ssl->hostname_len ) & 0xFF );
+
+ memcpy( p, ssl->hostname, ssl->hostname_len );
+
+ *olen = ssl->hostname_len + 9;
+}
+#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
+
+static void ssl_write_renegotiation_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ *olen = 0;
+
+ if( ssl->renegotiation != SSL_RENEGOTIATION )
+ return;
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+
+ /*
+ * Secure renegotiation
+ */
+ *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
+ *p++ = ssl->verify_data_len & 0xFF;
+
+ memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+
+ *olen = 5 + ssl->verify_data_len;
+}
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ unsigned char *sig_alg_list = buf + 6;
+ size_t sig_alg_len = 0;
+
+ *olen = 0;
+
+ if( ssl->max_minor_ver != SSL_MINOR_VERSION_3 )
+ return;
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
+
+ /*
+ * Prepare signature_algorithms extension (TLS 1.2)
+ */
+#if defined(POLARSSL_RSA_C)
+#if defined(POLARSSL_SHA512_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
+#endif
+#if defined(POLARSSL_SHA256_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
+#endif
+#if defined(POLARSSL_SHA1_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
+#endif
+#if defined(POLARSSL_MD5_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
+#endif
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+#if defined(POLARSSL_SHA512_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA256_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA1_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_MD5_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#endif /* POLARSSL_ECDSA_C */
+
+ /*
+ * enum {
+ * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
+ * sha512(6), (255)
+ * } HashAlgorithm;
+ *
+ * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
+ * SignatureAlgorithm;
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * SignatureAndHashAlgorithm
+ * supported_signature_algorithms<2..2^16-2>;
+ */
+ *p++ = (unsigned char)( ( TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SIG_ALG ) & 0xFF );
+
+ *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF );
+
+ *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
+
+ *olen = 6 + sig_alg_len;
+}
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ unsigned char elliptic_curve_list[20];
+ size_t elliptic_curve_len = 0;
+ const ecp_curve_info *curve;
+ ((void) ssl);
+
+ *olen = 0;
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
+
+ for( curve = ecp_curve_list();
+ curve->grp_id != POLARSSL_ECP_DP_NONE;
+ curve++ )
+ {
+ elliptic_curve_list[elliptic_curve_len++] = curve->tls_id >> 8;
+ elliptic_curve_list[elliptic_curve_len++] = curve->tls_id & 0xFF;
+ }
+
+ if( elliptic_curve_len == 0 )
+ return;
+
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
+
+ *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
+
+ *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
+
+ memcpy( p, elliptic_curve_list, elliptic_curve_len );
+
+ *olen = 6 + elliptic_curve_len;
+}
+
+static void ssl_write_supported_point_formats_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ ((void) ssl);
+
+ *olen = 0;
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 2;
+
+ *p++ = 1;
+ *p++ = POLARSSL_ECP_PF_UNCOMPRESSED;
+
+ *olen = 6;
+}
+#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->mfl_code == SSL_MAX_FRAG_LEN_NONE ) {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 1;
+
+ *p++ = ssl->mfl_code;
+
+ *olen = 5;
+}
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
+ unsigned char *buf, size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->trunc_hmac == SSL_TRUNC_HMAC_DISABLED )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 0x00;
+
+ *olen = 4;
+}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+static void ssl_write_session_ticket_ext( ssl_context *ssl,
+ unsigned char *buf, size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t tlen = ssl->session_negotiate->ticket_len;
+
+ if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET ) & 0xFF );
+
+ *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( tlen ) & 0xFF );
+
+ *olen = 4;
+
+ if( ssl->session_negotiate->ticket == NULL ||
+ ssl->session_negotiate->ticket_len == 0 )
+ {
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) );
+
+ memcpy( p, ssl->session_negotiate->ticket, tlen );
+
+ *olen += tlen;
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+static int ssl_write_client_hello( ssl_context *ssl )
+{
+ int ret;
+ size_t i, n, olen, ext_len = 0;
+ unsigned char *buf;
+ unsigned char *p, *q;
+#if defined(POLARSSL_HAVE_TIME)
+ time_t t;
+#endif
+ const int *ciphersuites;
+ const ssl_ciphersuite_t *ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ {
+ ssl->major_ver = ssl->min_major_ver;
+ ssl->minor_ver = ssl->min_minor_ver;
+ }
+
+ if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
+ {
+ ssl->max_major_ver = SSL_MAX_MAJOR_VERSION;
+ ssl->max_minor_ver = SSL_MAX_MINOR_VERSION;
+ }
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 5 highest version supported
+ * 6 . 9 current UNIX time
+ * 10 . 37 random bytes
+ */
+ buf = ssl->out_msg;
+ p = buf + 4;
+
+ *p++ = (unsigned char) ssl->max_major_ver;
+ *p++ = (unsigned char) ssl->max_minor_ver;
+
+ SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
+ buf[4], buf[5] ) );
+
+#if defined(POLARSSL_HAVE_TIME)
+ t = time( NULL );
+ *p++ = (unsigned char)( t >> 24 );
+ *p++ = (unsigned char)( t >> 16 );
+ *p++ = (unsigned char)( t >> 8 );
+ *p++ = (unsigned char)( t );
+
+ SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
+#else
+ if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 )
+ return( ret );
+
+ p += 4;
+#endif
+
+ if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
+ return( ret );
+
+ p += 28;
+
+ memcpy( ssl->handshake->randbytes, buf + 6, 32 );
+
+ SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 6, 32 );
+
+ /*
+ * 38 . 38 session id length
+ * 39 . 39+n session id
+ * 40+n . 41+n ciphersuitelist length
+ * 42+n . .. ciphersuitelist
+ * .. . .. compression methods length
+ * .. . .. compression methods
+ * .. . .. extensions length
+ * .. . .. extensions
+ */
+ n = ssl->session_negotiate->length;
+
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE || n < 16 || n > 32 ||
+ ssl->handshake->resume == 0 )
+ {
+ n = 0;
+ }
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ /*
+ * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
+ * generate and include a Session ID in the TLS ClientHello."
+ */
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
+ ssl->session_negotiate->ticket != NULL &&
+ ssl->session_negotiate->ticket_len != 0 )
+ {
+ ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 );
+
+ if( ret != 0 )
+ return( ret );
+
+ ssl->session_negotiate->length = n = 32;
+ }
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+ *p++ = (unsigned char) n;
+
+ for( i = 0; i < n; i++ )
+ *p++ = ssl->session_negotiate->id[i];
+
+ SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
+ SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
+
+ ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ n = 0;
+ q = p;
+
+ // Skip writing ciphersuite length for now
+ p += 2;
+
+ /*
+ * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ */
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ {
+ *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
+ *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
+ n++;
+ }
+
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ {
+ ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
+
+ if( ciphersuite_info == NULL )
+ continue;
+
+ if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
+ ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
+ continue;
+
+ SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
+ ciphersuites[i] ) );
+
+ n++;
+ *p++ = (unsigned char)( ciphersuites[i] >> 8 );
+ *p++ = (unsigned char)( ciphersuites[i] );
+ }
+
+ *q++ = (unsigned char)( n >> 7 );
+ *q++ = (unsigned char)( n << 1 );
+
+ SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
+
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
+ SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
+ SSL_COMPRESS_DEFLATE, SSL_COMPRESS_NULL ) );
+
+ *p++ = 2;
+ *p++ = SSL_COMPRESS_DEFLATE;
+ *p++ = SSL_COMPRESS_NULL;
+#else
+ SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
+ SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", SSL_COMPRESS_NULL ) );
+
+ *p++ = 1;
+ *p++ = SSL_COMPRESS_NULL;
+#endif
+
+ // First write extensions, then the total length
+ //
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+ ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+
+ ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+ SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
+ ext_len ) );
+
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+ p += ext_len;
+
+ ssl->out_msglen = p - buf;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_CLIENT_HELLO;
+
+ ssl->state++;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+
+ return( 0 );
+}
+
+static int ssl_parse_renegotiation_info( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ int ret;
+
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ {
+ if( len != 1 || buf[0] != 0x0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "non-zero length renegotiated connection field" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
+ }
+ else
+ {
+ /* Check verify-data in constant-time. The length OTOH is no secret */
+ if( len != 1 + ssl->verify_data_len * 2 ||
+ buf[0] != ssl->verify_data_len * 2 ||
+ safer_memcmp( buf + 1,
+ ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
+ safer_memcmp( buf + 1 + ssl->verify_data_len,
+ ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+ }
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ /*
+ * server should use the extension only if we did,
+ * and if so the server's value should match ours (and len is always 1)
+ */
+ if( ssl->mfl_code == SSL_MAX_FRAG_LEN_NONE ||
+ len != 1 ||
+ buf[0] != ssl->mfl_code )
+ {
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( ssl->trunc_hmac == SSL_TRUNC_HMAC_DISABLED ||
+ len != 0 )
+ {
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ((void) buf);
+
+ ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+static int ssl_parse_session_ticket_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED ||
+ len != 0 )
+ {
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ((void) buf);
+
+ ssl->handshake->new_session_ticket = 1;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+static int ssl_parse_supported_point_formats_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t list_size;
+ const unsigned char *p;
+
+ list_size = buf[0];
+ if( list_size + 1 != len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ p = buf + 2;
+ while( list_size > 0 )
+ {
+ if( p[0] == POLARSSL_ECP_PF_UNCOMPRESSED ||
+ p[0] == POLARSSL_ECP_PF_COMPRESSED )
+ {
+ ssl->handshake->ecdh_ctx.point_format = p[0];
+ SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
+ return( 0 );
+ }
+
+ list_size--;
+ p++;
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
+
+static int ssl_parse_server_hello( ssl_context *ssl )
+{
+ int ret, i, comp;
+ size_t n;
+ size_t ext_len = 0;
+ unsigned char *buf, *ext;
+ int renegotiation_info_seen = 0;
+ int handshake_failure = 0;
+#if defined(POLARSSL_DEBUG_C)
+ uint32_t t;
+#endif
+
+ SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 5 protocol version
+ * 6 . 9 UNIX time()
+ * 10 . 37 random bytes
+ */
+ buf = ssl->in_msg;
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
+ buf[4], buf[5] ) );
+
+ if( ssl->in_hslen < 42 ||
+ buf[0] != SSL_HS_SERVER_HELLO ||
+ buf[4] != SSL_MAJOR_VERSION_3 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ if( buf[5] > ssl->max_minor_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ssl->minor_ver = buf[5];
+
+ if( ssl->minor_ver < ssl->min_minor_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "server only supports ssl smaller than minimum"
+ " [%d:%d] < [%d:%d]", ssl->major_ver, ssl->minor_ver,
+ buf[4], buf[5] ) );
+
+ ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_PROTOCOL_VERSION );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+ }
+
+#if defined(POLARSSL_DEBUG_C)
+ t = ( (uint32_t) buf[6] << 24 )
+ | ( (uint32_t) buf[7] << 16 )
+ | ( (uint32_t) buf[8] << 8 )
+ | ( (uint32_t) buf[9] );
+ SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
+#endif
+
+ memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
+
+ n = buf[38];
+
+ SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
+
+ if( n > 32 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ /*
+ * 38 . 38 session id length
+ * 39 . 38+n session id
+ * 39+n . 40+n chosen ciphersuite
+ * 41+n . 41+n chosen compression alg.
+ * 42+n . 43+n extensions length
+ * 44+n . 44+n+m extensions
+ */
+ if( ssl->in_hslen > 42 + n )
+ {
+ ext_len = ( ( buf[42 + n] << 8 )
+ | ( buf[43 + n] ) );
+
+ if( ( ext_len > 0 && ext_len < 4 ) ||
+ ssl->in_hslen != 44 + n + ext_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+ }
+
+ i = ( buf[39 + n] << 8 ) | buf[40 + n];
+ comp = buf[41 + n];
+
+ /*
+ * Initialize update checksum functions
+ */
+ ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i );
+ ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+
+ if( ssl->transform_negotiate->ciphersuite_info == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
+ ssl->ciphersuite_list[ssl->minor_ver][i] ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+ SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
+
+ /*
+ * Check if the session can be resumed
+ */
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
+ ssl->handshake->resume == 0 || n == 0 ||
+ ssl->session_negotiate->ciphersuite != i ||
+ ssl->session_negotiate->compression != comp ||
+ ssl->session_negotiate->length != n ||
+ memcmp( ssl->session_negotiate->id, buf + 39, n ) != 0 )
+ {
+ ssl->state++;
+ ssl->handshake->resume = 0;
+#if defined(POLARSSL_HAVE_TIME)
+ ssl->session_negotiate->start = time( NULL );
+#endif
+ ssl->session_negotiate->ciphersuite = i;
+ ssl->session_negotiate->compression = comp;
+ ssl->session_negotiate->length = n;
+ memcpy( ssl->session_negotiate->id, buf + 39, n );
+ }
+ else
+ {
+ ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
+
+ if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+ return( ret );
+ }
+ }
+
+ SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
+ ssl->handshake->resume ? "a" : "no" ) );
+
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
+ SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
+
+ i = 0;
+ while( 1 )
+ {
+ if( ssl->ciphersuite_list[ssl->minor_ver][i] == 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ if( ssl->ciphersuite_list[ssl->minor_ver][i++] ==
+ ssl->session_negotiate->ciphersuite )
+ {
+ break;
+ }
+ }
+
+ if( comp != SSL_COMPRESS_NULL
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ && comp != SSL_COMPRESS_DEFLATE
+#endif
+ )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+ ssl->session_negotiate->compression = comp;
+
+ ext = buf + 44 + n;
+
+ SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) );
+
+ while( ext_len )
+ {
+ unsigned int ext_id = ( ( ext[0] << 8 )
+ | ( ext[1] ) );
+ unsigned int ext_size = ( ( ext[2] << 8 )
+ | ( ext[3] ) );
+
+ if( ext_size + 4 > ext_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ switch( ext_id )
+ {
+ case TLS_EXT_RENEGOTIATION_INFO:
+ SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+ renegotiation_info_seen = 1;
+
+ if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ) ) != 0 )
+ return( ret );
+
+ break;
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ case TLS_EXT_MAX_FRAGMENT_LENGTH:
+ SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) );
+
+ if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
+ ext + 4, ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ case TLS_EXT_TRUNCATED_HMAC:
+ SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
+
+ if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
+ ext + 4, ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ case TLS_EXT_SESSION_TICKET:
+ SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
+
+ if( ( ret = ssl_parse_session_ticket_ext( ssl,
+ ext + 4, ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ case TLS_EXT_SUPPORTED_POINT_FORMATS:
+ SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
+
+ if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
+ ext + 4, ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
+
+ default:
+ SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
+ ext_id ) );
+ }
+
+ ext_len -= 4 + ext_size;
+ ext += 4 + ext_size;
+
+ if( ext_len > 0 && ext_len < 4 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+ }
+
+ /*
+ * Renegotiation security checks
+ */
+ if( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ ssl->allow_legacy_renegotiation == SSL_LEGACY_BREAK_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+ handshake_failure = 1;
+ }
+ else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+ ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
+ renegotiation_info_seen == 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+ handshake_failure = 1;
+ }
+ else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+ ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION )
+ {
+ SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+ handshake_failure = 1;
+ }
+ else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+ ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ renegotiation_info_seen == 1 )
+ {
+ SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+ handshake_failure = 1;
+ }
+
+ if( handshake_failure == 1 )
+ {
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
+ unsigned char *end )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+
+ /*
+ * Ephemeral DH parameters:
+ *
+ * struct {
+ * opaque dh_p<1..2^16-1>;
+ * opaque dh_g<1..2^16-1>;
+ * opaque dh_Ys<1..2^16-1>;
+ * } ServerDHParams;
+ */
+ if( ( ret = dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 2, ( "dhm_read_params" ), ret );
+ return( ret );
+ }
+
+ if( ssl->handshake->dhm_ctx.len < 64 ||
+ ssl->handshake->dhm_ctx.len > 512 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message (DHM length)" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
+ SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
+ SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+
+ return( ret );
+}
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+static int ssl_parse_server_ecdh_params( ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+
+ /*
+ * Ephemeral ECDH parameters:
+ *
+ * struct {
+ * ECParameters curve_params;
+ * ECPoint public;
+ * } ServerECDHParams;
+ */
+ if( ( ret = ecdh_read_params( &ssl->handshake->ecdh_ctx,
+ (const unsigned char **) p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ecdh_read_params" ), ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
+ (int) ssl->handshake->ecdh_ctx.grp.nbits ) );
+
+ if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
+ ssl->handshake->ecdh_ctx.grp.nbits > 521 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDH length)" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
+
+ return( ret );
+}
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+static int ssl_parse_server_psk_hint( ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t len;
+ ((void) ssl);
+
+ /*
+ * PSK parameters:
+ *
+ * opaque psk_identity_hint<0..2^16-1>;
+ */
+ len = (*p)[0] << 8 | (*p)[1];
+ *p += 2;
+
+ if( (*p) + len > end )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message (psk_identity_hint length)" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ // TODO: Retrieve PSK identity hint and callback to app
+ //
+ *p += len;
+ ret = 0;
+
+ return( ret );
+}
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+/*
+ * Generate a pre-master secret and encrypt it with the server's RSA key
+ */
+static int ssl_write_encrypted_pms( ssl_context *ssl,
+ size_t offset, size_t *olen,
+ size_t pms_offset )
+{
+ int ret;
+ size_t len_bytes = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 0 : 2;
+ unsigned char *p = ssl->handshake->premaster + pms_offset;
+
+ /*
+ * Generate (part of) the pre-master as
+ * struct {
+ * ProtocolVersion client_version;
+ * opaque random[46];
+ * } PreMasterSecret;
+ */
+ p[0] = (unsigned char) ssl->max_major_ver;
+ p[1] = (unsigned char) ssl->max_minor_ver;
+
+ if( ( ret = ssl->f_rng( ssl->p_rng, p + 2, 46 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "f_rng", ret );
+ return( ret );
+ }
+
+ ssl->handshake->pmslen = 48;
+
+ /*
+ * Now write it out, encrypted
+ */
+ if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
+ POLARSSL_PK_RSA ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
+ return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
+ }
+
+ if( ( ret = pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
+ p, ssl->handshake->pmslen,
+ ssl->out_msg + offset + len_bytes, olen,
+ SSL_MAX_CONTENT_LEN - offset - len_bytes,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret );
+ return( ret );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( len_bytes == 2 )
+ {
+ ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
+ ssl->out_msg[offset+1] = (unsigned char)( *olen );
+ *olen += 2;
+ }
+#endif
+
+ return( 0 );
+}
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_parse_signature_algorithm( ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end,
+ md_type_t *md_alg,
+ pk_type_t *pk_alg )
+{
+ ((void) ssl);
+ *md_alg = POLARSSL_MD_NONE;
+ *pk_alg = POLARSSL_PK_NONE;
+
+ /* Only in TLS 1.2 */
+ if( ssl->minor_ver != SSL_MINOR_VERSION_3 )
+ {
+ return( 0 );
+ }
+
+ if( (*p) + 2 > end )
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+ /*
+ * Get hash algorithm
+ */
+ if( ( *md_alg = ssl_md_alg_from_hash( (*p)[0] ) ) == POLARSSL_MD_NONE )
+ {
+ SSL_DEBUG_MSG( 2, ( "Server used unsupported "
+ "HashAlgorithm %d", *(p)[0] ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ /*
+ * Get signature algorithm
+ */
+ if( ( *pk_alg = ssl_pk_alg_from_sig( (*p)[1] ) ) == POLARSSL_PK_NONE )
+ {
+ SSL_DEBUG_MSG( 2, ( "server used unsupported "
+ "SignatureAlgorithm %d", (*p)[1] ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
+ SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) );
+ *p += 2;
+
+ return( 0 );
+}
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+static int ssl_parse_server_key_exchange( ssl_context *ssl )
+{
+ int ret;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ unsigned char *p, *end;
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ size_t sig_len, params_len;
+ unsigned char hash[64];
+ md_type_t md_alg = POLARSSL_MD_NONE;
+ size_t hashlen;
+ pk_type_t pk_alg = POLARSSL_PK_NONE;
+#endif
+
+ SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+ ssl->state++;
+ return( 0 );
+ }
+ ((void) p);
+ ((void) end);
+#endif
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ /*
+ * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
+ * doesn't use a psk_identity_hint
+ */
+ if( ssl->in_msg[0] != SSL_HS_SERVER_KEY_EXCHANGE )
+ {
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
+ {
+ ssl->record_read = 1;
+ goto exit;
+ }
+
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ p = ssl->in_msg + 4;
+ end = ssl->in_msg + ssl->in_hslen;
+ SSL_DEBUG_BUF( 3, "server key exchange", p, ssl->in_hslen - 4 );
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+ } /* FALLTROUGH */
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
+ ; /* nothing more to do */
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ params_len = p - ( ssl->in_msg + 4 );
+
+ /*
+ * Handle the digitally-signed structure
+ */
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ if( ssl_parse_signature_algorithm( ssl, &p, end,
+ &md_alg, &pk_alg ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ if( pk_alg != ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
+ {
+ pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+
+ /* Default hash for ECDSA is SHA-1 */
+ if( pk_alg == POLARSSL_PK_ECDSA && md_alg == POLARSSL_MD_NONE )
+ md_alg = POLARSSL_MD_SHA1;
+ }
+ else
+#endif
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ /*
+ * Read signature
+ */
+ sig_len = ( p[0] << 8 ) | p[1];
+ p += 2;
+
+ if( end != p + sig_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ SSL_DEBUG_BUF( 3, "signature", p, sig_len );
+
+ /*
+ * Compute the hash that has been signed
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( md_alg == POLARSSL_MD_NONE )
+ {
+ md5_context md5;
+ sha1_context sha1;
+
+ hashlen = 36;
+
+ /*
+ * digitally-signed struct {
+ * opaque md5_hash[16];
+ * opaque sha_hash[20];
+ * };
+ *
+ * md5_hash
+ * MD5(ClientHello.random + ServerHello.random
+ * + ServerParams);
+ * sha_hash
+ * SHA(ClientHello.random + ServerHello.random
+ * + ServerParams);
+ */
+ md5_starts( &md5 );
+ md5_update( &md5, ssl->handshake->randbytes, 64 );
+ md5_update( &md5, ssl->in_msg + 4, params_len );
+ md5_finish( &md5, hash );
+
+ sha1_starts( &sha1 );
+ sha1_update( &sha1, ssl->handshake->randbytes, 64 );
+ sha1_update( &sha1, ssl->in_msg + 4, params_len );
+ sha1_finish( &sha1, hash + 16 );
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
+ POLARSSL_SSL_PROTO_TLS1_1 */
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( md_alg != POLARSSL_MD_NONE )
+ {
+ md_context_t ctx;
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+
+ /*
+ * digitally-signed struct {
+ * opaque client_random[32];
+ * opaque server_random[32];
+ * ServerDHParams params;
+ * };
+ */
+ if( ( ret = md_init_ctx( &ctx, md_info_from_type( md_alg ) ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+ return( ret );
+ }
+
+ md_starts( &ctx );
+ md_update( &ctx, ssl->handshake->randbytes, 64 );
+ md_update( &ctx, ssl->in_msg + 4, params_len );
+ md_finish( &ctx, hash );
+ md_free_ctx( &ctx );
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
+ POLARSSL_SSL_PROTO_TLS1_2 */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
+ (unsigned int) ( md_info_from_type( md_alg ) )->size );
+
+ /*
+ * Verify signature
+ */
+ if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
+ }
+
+ if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk,
+ md_alg, hash, hashlen, p, sig_len ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "pk_verify", ret );
+ return( ret );
+ }
+ }
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+exit:
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
+
+ return( 0 );
+}
+
+static int ssl_parse_certificate_request( ssl_context *ssl )
+{
+ int ret;
+ unsigned char *buf, *p;
+ size_t n = 0, m = 0;
+ size_t cert_type_len = 0, dn_len = 0;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 4 cert type count
+ * 5 .. m-1 cert types
+ * m .. m+1 sig alg length (TLS 1.2 only)
+ * m+1 .. n-1 SignatureAndHashAlgorithms (TLS 1.2 only)
+ * n .. n+1 length of all DNs
+ * n+2 .. n+3 length of DN 1
+ * n+4 .. ... Distinguished Name #1
+ * ... .. ... length of DN 2, etc.
+ */
+ if( ssl->record_read == 0 )
+ {
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ ssl->record_read = 1;
+ }
+
+ ssl->client_auth = 0;
+ ssl->state++;
+
+ if( ssl->in_msg[0] == SSL_HS_CERTIFICATE_REQUEST )
+ ssl->client_auth++;
+
+ SSL_DEBUG_MSG( 3, ( "got %s certificate request",
+ ssl->client_auth ? "a" : "no" ) );
+
+ if( ssl->client_auth == 0 )
+ goto exit;
+
+ ssl->record_read = 0;
+
+ // TODO: handshake_failure alert for an anonymous server to request
+ // client authentication
+
+ buf = ssl->in_msg;
+
+ // Retrieve cert types
+ //
+ cert_type_len = buf[4];
+ n = cert_type_len;
+
+ if( ssl->in_hslen < 6 + n )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ }
+
+ p = buf + 5;
+ while( cert_type_len > 0 )
+ {
+#if defined(POLARSSL_RSA_C)
+ if( *p == SSL_CERT_TYPE_RSA_SIGN &&
+ pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_RSA ) )
+ {
+ ssl->handshake->cert_type = SSL_CERT_TYPE_RSA_SIGN;
+ break;
+ }
+ else
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ if( *p == SSL_CERT_TYPE_ECDSA_SIGN &&
+ pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_ECDSA ) )
+ {
+ ssl->handshake->cert_type = SSL_CERT_TYPE_ECDSA_SIGN;
+ break;
+ }
+ else
+#endif
+ {
+ ; /* Unsupported cert type, ignore */
+ }
+
+ cert_type_len--;
+ p++;
+ }
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ /* Ignored, see comments about hash in write_certificate_verify */
+ // TODO: should check the signature part against our pk_key though
+ size_t sig_alg_len = ( ( buf[5 + n] << 8 )
+ | ( buf[6 + n] ) );
+
+ p = buf + 7 + n;
+ m += 2;
+ n += sig_alg_len;
+
+ if( ssl->in_hslen < 6 + n )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ }
+ }
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+ /* Ignore certificate_authorities, we only have one cert anyway */
+ // TODO: should not send cert if no CA matches
+ dn_len = ( ( buf[5 + m + n] << 8 )
+ | ( buf[6 + m + n] ) );
+
+ n += dn_len;
+ if( ssl->in_hslen != 7 + m + n )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ }
+
+exit:
+ SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
+
+ return( 0 );
+}
+
+static int ssl_parse_server_hello_done( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
+
+ if( ssl->record_read == 0 )
+ {
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+ }
+ ssl->record_read = 0;
+
+ if( ssl->in_hslen != 4 ||
+ ssl->in_msg[0] != SSL_HS_SERVER_HELLO_DONE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE );
+ }
+
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) );
+
+ return( 0 );
+}
+
+static int ssl_write_client_key_exchange( ssl_context *ssl )
+{
+ int ret;
+ size_t i, n;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA )
+ {
+ /*
+ * DHM key exchange -- send G^X mod P
+ */
+ n = ssl->handshake->dhm_ctx.len;
+
+ ssl->out_msg[4] = (unsigned char)( n >> 8 );
+ ssl->out_msg[5] = (unsigned char)( n );
+ i = 6;
+
+ ret = dhm_make_public( &ssl->handshake->dhm_ctx,
+ (int) mpi_size( &ssl->handshake->dhm_ctx.P ),
+ &ssl->out_msg[i], n,
+ ssl->f_rng, ssl->p_rng );
+ if( ret != 0 )
+ {
+ SSL_DEBUG_RET( 1, "dhm_make_public", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
+ SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+
+ ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
+
+ if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
+ ssl->handshake->premaster,
+ &ssl->handshake->pmslen,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ /*
+ * ECDH key exchange -- send client public value
+ */
+ i = 4;
+
+ ret = ecdh_make_public( &ssl->handshake->ecdh_ctx,
+ &n,
+ &ssl->out_msg[i], 1000,
+ ssl->f_rng, ssl->p_rng );
+ if( ret != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_make_public", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+
+ if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
+ &ssl->handshake->pmslen,
+ ssl->handshake->premaster,
+ POLARSSL_MPI_MAX_SIZE,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_calc_secret", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ /*
+ * opaque psk_identity<0..2^16-1>;
+ */
+ if( ssl->psk == NULL || ssl->psk_identity == NULL )
+ return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
+
+ i = 4;
+ n = ssl->psk_identity_len;
+ ssl->out_msg[i++] = (unsigned char)( n >> 8 );
+ ssl->out_msg[i++] = (unsigned char)( n );
+
+ memcpy( ssl->out_msg + i, ssl->psk_identity, ssl->psk_identity_len );
+ i += ssl->psk_identity_len;
+
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
+ {
+ n = 0;
+ }
+ else
+#endif
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
+ {
+ if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
+ return( ret );
+ }
+ else
+#endif
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ /*
+ * ClientDiffieHellmanPublic public (DHM send G^X mod P)
+ */
+ n = ssl->handshake->dhm_ctx.len;
+ ssl->out_msg[i++] = (unsigned char)( n >> 8 );
+ ssl->out_msg[i++] = (unsigned char)( n );
+
+ ret = dhm_make_public( &ssl->handshake->dhm_ctx,
+ (int) mpi_size( &ssl->handshake->dhm_ctx.P ),
+ &ssl->out_msg[i], n,
+ ssl->f_rng, ssl->p_rng );
+ if( ret != 0 )
+ {
+ SSL_DEBUG_RET( 1, "dhm_make_public", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ /*
+ * ClientECDiffieHellmanPublic public;
+ */
+ ret = ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
+ &ssl->out_msg[i], SSL_MAX_CONTENT_LEN - i,
+ ssl->f_rng, ssl->p_rng );
+ if( ret != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_make_public", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( ( ret = ssl_psk_derive_premaster( ssl,
+ ciphersuite_info->key_exchange ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
+ {
+ i = 4;
+ if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
+ return( ret );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
+ {
+ ((void) ciphersuite_info);
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+ return( ret );
+ }
+
+ ssl->out_msglen = i + n;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_CLIENT_KEY_EXCHANGE;
+
+ ssl->state++;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
+
+ return( 0 );
+}
+
+#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_write_certificate_verify( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ SSL_DEBUG_MSG( 1, ( "should not happen" ) );
+ return( ret );
+}
+#else
+static int ssl_write_certificate_verify( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ size_t n = 0, offset = 0;
+ unsigned char hash[48];
+ unsigned char *hash_start = hash;
+ md_type_t md_alg = POLARSSL_MD_NONE;
+ unsigned int hashlen;
+
+ SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ if( ssl->client_auth == 0 || ssl_own_cert( ssl ) == NULL )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ if( ssl_own_key( ssl ) == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "got no private key" ) );
+ return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
+
+ /*
+ * Make an RSA signature of the handshake digests
+ */
+ ssl->handshake->calc_verify( ssl, hash );
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( ssl->minor_ver != SSL_MINOR_VERSION_3 )
+ {
+ /*
+ * digitally-signed struct {
+ * opaque md5_hash[16];
+ * opaque sha_hash[20];
+ * };
+ *
+ * md5_hash
+ * MD5(handshake_messages);
+ *
+ * sha_hash
+ * SHA(handshake_messages);
+ */
+ hashlen = 36;
+ md_alg = POLARSSL_MD_NONE;
+
+ /*
+ * For ECDSA, default hash is SHA-1 only
+ */
+ if( pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_ECDSA ) )
+ {
+ hash_start += 16;
+ hashlen -= 16;
+ md_alg = POLARSSL_MD_SHA1;
+ }
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
+ POLARSSL_SSL_PROTO_TLS1_1 */
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ /*
+ * digitally-signed struct {
+ * opaque handshake_messages[handshake_messages_length];
+ * };
+ *
+ * Taking shortcut here. We assume that the server always allows the
+ * PRF Hash function and has sent it in the allowed signature
+ * algorithms list received in the Certificate Request message.
+ *
+ * Until we encounter a server that does not, we will take this
+ * shortcut.
+ *
+ * Reason: Otherwise we should have running hashes for SHA512 and SHA224
+ * in order to satisfy 'weird' needs from the server side.
+ */
+ if( ssl->transform_negotiate->ciphersuite_info->mac ==
+ POLARSSL_MD_SHA384 )
+ {
+ md_alg = POLARSSL_MD_SHA384;
+ ssl->out_msg[4] = SSL_HASH_SHA384;
+ }
+ else
+ {
+ md_alg = POLARSSL_MD_SHA256;
+ ssl->out_msg[4] = SSL_HASH_SHA256;
+ }
+ ssl->out_msg[5] = ssl_sig_from_pk( ssl_own_key( ssl ) );
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+ offset = 2;
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( ( ret = pk_sign( ssl_own_key( ssl ), md_alg, hash_start, hashlen,
+ ssl->out_msg + 6 + offset, &n,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "pk_sign", ret );
+ return( ret );
+ }
+
+ ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
+ ssl->out_msg[5 + offset] = (unsigned char)( n );
+
+ ssl->out_msglen = 6 + n + offset;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_CERTIFICATE_VERIFY;
+
+ ssl->state++;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
+
+ return( ret );
+}
+#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+static int ssl_parse_new_session_ticket( ssl_context *ssl )
+{
+ int ret;
+ uint32_t lifetime;
+ size_t ticket_len;
+ unsigned char *ticket;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ /*
+ * struct {
+ * uint32 ticket_lifetime_hint;
+ * opaque ticket<0..2^16-1>;
+ * } NewSessionTicket;
+ *
+ * 0 . 0 handshake message type
+ * 1 . 3 handshake message length
+ * 4 . 7 ticket_lifetime_hint
+ * 8 . 9 ticket_len (n)
+ * 10 . 9+n ticket content
+ */
+ if( ssl->in_msg[0] != SSL_HS_NEW_SESSION_TICKET ||
+ ssl->in_hslen < 10 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
+ }
+
+ lifetime = ( ssl->in_msg[4] << 24 ) | ( ssl->in_msg[5] << 16 ) |
+ ( ssl->in_msg[6] << 8 ) | ( ssl->in_msg[7] );
+
+ ticket_len = ( ssl->in_msg[8] << 8 ) | ( ssl->in_msg[9] );
+
+ if( ticket_len + 10 != ssl->in_hslen )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
+ }
+
+ SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
+
+ /* We're not waiting for a NewSessionTicket message any more */
+ ssl->handshake->new_session_ticket = 0;
+
+ /*
+ * Zero-length ticket means the server changed his mind and doesn't want
+ * to send a ticket after all, so just forget it
+ */
+ if( ticket_len == 0)
+ return( 0 );
+
+ polarssl_free( ssl->session_negotiate->ticket );
+ ssl->session_negotiate->ticket = NULL;
+ ssl->session_negotiate->ticket_len = 0;
+
+ if( ( ticket = polarssl_malloc( ticket_len ) ) == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "ticket malloc failed" ) );
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+
+ memcpy( ticket, ssl->in_msg + 10, ticket_len );
+
+ ssl->session_negotiate->ticket = ticket;
+ ssl->session_negotiate->ticket_len = ticket_len;
+ ssl->session_negotiate->ticket_lifetime = lifetime;
+
+ /*
+ * RFC 5077 section 3.4:
+ * "If the client receives a session ticket from the server, then it
+ * discards any Session ID that was sent in the ServerHello."
+ */
+ SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) );
+ ssl->session_negotiate->length = 0;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+/*
+ * SSL handshake -- client side -- single step
+ */
+int ssl_handshake_client_step( ssl_context *ssl )
+{
+ int ret = 0;
+
+ if( ssl->state == SSL_HANDSHAKE_OVER )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
+
+ if( ( ret = ssl_flush_output( ssl ) ) != 0 )
+ return( ret );
+
+ switch( ssl->state )
+ {
+ case SSL_HELLO_REQUEST:
+ ssl->state = SSL_CLIENT_HELLO;
+ break;
+
+ /*
+ * ==> ClientHello
+ */
+ case SSL_CLIENT_HELLO:
+ ret = ssl_write_client_hello( ssl );
+ break;
+
+ /*
+ * <== ServerHello
+ * Certificate
+ * ( ServerKeyExchange )
+ * ( CertificateRequest )
+ * ServerHelloDone
+ */
+ case SSL_SERVER_HELLO:
+ ret = ssl_parse_server_hello( ssl );
+ break;
+
+ case SSL_SERVER_CERTIFICATE:
+ ret = ssl_parse_certificate( ssl );
+ break;
+
+ case SSL_SERVER_KEY_EXCHANGE:
+ ret = ssl_parse_server_key_exchange( ssl );
+ break;
+
+ case SSL_CERTIFICATE_REQUEST:
+ ret = ssl_parse_certificate_request( ssl );
+ break;
+
+ case SSL_SERVER_HELLO_DONE:
+ ret = ssl_parse_server_hello_done( ssl );
+ break;
+
+ /*
+ * ==> ( Certificate/Alert )
+ * ClientKeyExchange
+ * ( CertificateVerify )
+ * ChangeCipherSpec
+ * Finished
+ */
+ case SSL_CLIENT_CERTIFICATE:
+ ret = ssl_write_certificate( ssl );
+ break;
+
+ case SSL_CLIENT_KEY_EXCHANGE:
+ ret = ssl_write_client_key_exchange( ssl );
+ break;
+
+ case SSL_CERTIFICATE_VERIFY:
+ ret = ssl_write_certificate_verify( ssl );
+ break;
+
+ case SSL_CLIENT_CHANGE_CIPHER_SPEC:
+ ret = ssl_write_change_cipher_spec( ssl );
+ break;
+
+ case SSL_CLIENT_FINISHED:
+ ret = ssl_write_finished( ssl );
+ break;
+
+ /*
+ * <== ( NewSessionTicket )
+ * ChangeCipherSpec
+ * Finished
+ */
+ case SSL_SERVER_CHANGE_CIPHER_SPEC:
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ if( ssl->handshake->new_session_ticket != 0 )
+ ret = ssl_parse_new_session_ticket( ssl );
+ else
+#endif
+ ret = ssl_parse_change_cipher_spec( ssl );
+ break;
+
+ case SSL_SERVER_FINISHED:
+ ret = ssl_parse_finished( ssl );
+ break;
+
+ case SSL_FLUSH_BUFFERS:
+ SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
+ ssl->state = SSL_HANDSHAKE_WRAPUP;
+ break;
+
+ case SSL_HANDSHAKE_WRAPUP:
+ ssl_handshake_wrapup( ssl );
+ break;
+
+ default:
+ SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ return( ret );
+}
+#endif
--- /dev/null
+/*
+ * SSLv3/TLSv1 server-side functions
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_SSL_SRV_C)
+
+#include "polarssl/debug.h"
+#include "polarssl/ssl.h"
+#if defined(POLARSSL_ECP_C)
+#include "polarssl/ecp.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#if defined(POLARSSL_HAVE_TIME)
+#include <time.h>
+#endif
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+/*
+ * Serialize a session in the following format:
+ * 0 . n-1 session structure, n = sizeof(ssl_session)
+ * n . n+2 peer_cert length = m (0 if no certificate)
+ * n+3 . n+2+m peer cert ASN.1
+ *
+ * Assumes ticket is NULL (always true on server side).
+ */
+static int ssl_save_session( const ssl_session *session,
+ unsigned char *buf, size_t buf_len,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t left = buf_len;
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ size_t cert_len;
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ if( left < sizeof( ssl_session ) )
+ return( -1 );
+
+ memcpy( p, session, sizeof( ssl_session ) );
+ p += sizeof( ssl_session );
+ left -= sizeof( ssl_session );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( session->peer_cert == NULL )
+ cert_len = 0;
+ else
+ cert_len = session->peer_cert->raw.len;
+
+ if( left < 3 + cert_len )
+ return( -1 );
+
+ *p++ = (unsigned char)( cert_len >> 16 & 0xFF );
+ *p++ = (unsigned char)( cert_len >> 8 & 0xFF );
+ *p++ = (unsigned char)( cert_len & 0xFF );
+
+ if( session->peer_cert != NULL )
+ memcpy( p, session->peer_cert->raw.p, cert_len );
+
+ p += cert_len;
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ *olen = p - buf;
+
+ return( 0 );
+}
+
+/*
+ * Unserialise session, see ssl_save_session()
+ */
+static int ssl_load_session( ssl_session *session,
+ const unsigned char *buf, size_t len )
+{
+ const unsigned char *p = buf;
+ const unsigned char * const end = buf + len;
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ size_t cert_len;
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ if( p + sizeof( ssl_session ) > end )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ memcpy( session, p, sizeof( ssl_session ) );
+ p += sizeof( ssl_session );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( p + 3 > end )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+ p += 3;
+
+ if( cert_len == 0 )
+ {
+ session->peer_cert = NULL;
+ }
+ else
+ {
+ int ret;
+
+ if( p + cert_len > end )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ session->peer_cert = polarssl_malloc( sizeof( x509_crt ) );
+
+ if( session->peer_cert == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ x509_crt_init( session->peer_cert );
+
+ if( ( ret = x509_crt_parse( session->peer_cert, p, cert_len ) ) != 0 )
+ {
+ x509_crt_free( session->peer_cert );
+ polarssl_free( session->peer_cert );
+ session->peer_cert = NULL;
+ return( ret );
+ }
+
+ p += cert_len;
+ }
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ if( p != end )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ return( 0 );
+}
+
+/*
+ * Create session ticket, secured as recommended in RFC 5077 section 4:
+ *
+ * struct {
+ * opaque key_name[16];
+ * opaque iv[16];
+ * opaque encrypted_state<0..2^16-1>;
+ * opaque mac[32];
+ * } ticket;
+ *
+ * (the internal state structure differs, however).
+ */
+static int ssl_write_ticket( ssl_context *ssl, size_t *tlen )
+{
+ int ret;
+ unsigned char * const start = ssl->out_msg + 10;
+ unsigned char *p = start;
+ unsigned char *state;
+ unsigned char iv[16];
+ size_t clear_len, enc_len, pad_len, i;
+
+ *tlen = 0;
+
+ if( ssl->ticket_keys == NULL )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ /* Write key name */
+ memcpy( p, ssl->ticket_keys->key_name, 16 );
+ p += 16;
+
+ /* Generate and write IV (with a copy for aes_crypt) */
+ if( ( ret = ssl->f_rng( ssl->p_rng, p, 16 ) ) != 0 )
+ return( ret );
+ memcpy( iv, p, 16 );
+ p += 16;
+
+ /*
+ * Dump session state
+ *
+ * After the session state itself, we still need room for 16 bytes of
+ * padding and 32 bytes of MAC, so there's only so much room left
+ */
+ state = p + 2;
+ if( ssl_save_session( ssl->session_negotiate, state,
+ SSL_MAX_CONTENT_LEN - (state - ssl->out_ctr) - 48,
+ &clear_len ) != 0 )
+ {
+ return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
+ }
+ SSL_DEBUG_BUF( 3, "session ticket cleartext", state, clear_len );
+
+ /* Apply PKCS padding */
+ pad_len = 16 - clear_len % 16;
+ enc_len = clear_len + pad_len;
+ for( i = clear_len; i < enc_len; i++ )
+ state[i] = (unsigned char) pad_len;
+
+ /* Encrypt */
+ if( ( ret = aes_crypt_cbc( &ssl->ticket_keys->enc, AES_ENCRYPT,
+ enc_len, iv, state, state ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ /* Write length */
+ *p++ = (unsigned char)( ( enc_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( enc_len ) & 0xFF );
+ p = state + enc_len;
+
+ /* Compute and write MAC( key_name + iv + enc_state_len + enc_state ) */
+ sha256_hmac( ssl->ticket_keys->mac_key, 16, start, p - start, p, 0 );
+ p += 32;
+
+ *tlen = p - start;
+
+ SSL_DEBUG_BUF( 3, "session ticket structure", start, *tlen );
+
+ return( 0 );
+}
+
+/*
+ * Load session ticket (see ssl_write_ticket for structure)
+ */
+static int ssl_parse_ticket( ssl_context *ssl,
+ unsigned char *buf,
+ size_t len )
+{
+ int ret;
+ ssl_session session;
+ unsigned char *key_name = buf;
+ unsigned char *iv = buf + 16;
+ unsigned char *enc_len_p = iv + 16;
+ unsigned char *ticket = enc_len_p + 2;
+ unsigned char *mac;
+ unsigned char computed_mac[32];
+ size_t enc_len, clear_len, i;
+ unsigned char pad_len, diff;
+
+ SSL_DEBUG_BUF( 3, "session ticket structure", buf, len );
+
+ if( len < 34 || ssl->ticket_keys == NULL )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
+ mac = ticket + enc_len;
+
+ if( len != enc_len + 66 )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ /* Check name, in constant time though it's not a big secret */
+ diff = 0;
+ for( i = 0; i < 16; i++ )
+ diff |= key_name[i] ^ ssl->ticket_keys->key_name[i];
+ /* don't return yet, check the MAC anyway */
+
+ /* Check mac, with constant-time buffer comparison */
+ sha256_hmac( ssl->ticket_keys->mac_key, 16, buf, len - 32,
+ computed_mac, 0 );
+
+ for( i = 0; i < 32; i++ )
+ diff |= mac[i] ^ computed_mac[i];
+
+ /* Now return if ticket is not authentic, since we want to avoid
+ * decrypting arbitrary attacker-chosen data */
+ if( diff != 0 )
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+
+ /* Decrypt */
+ if( ( ret = aes_crypt_cbc( &ssl->ticket_keys->dec, AES_DECRYPT,
+ enc_len, iv, ticket, ticket ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ /* Check PKCS padding */
+ pad_len = ticket[enc_len - 1];
+
+ ret = 0;
+ for( i = 2; i < pad_len; i++ )
+ if( ticket[enc_len - i] != pad_len )
+ ret = POLARSSL_ERR_SSL_BAD_INPUT_DATA;
+ if( ret != 0 )
+ return( ret );
+
+ clear_len = enc_len - pad_len;
+
+ SSL_DEBUG_BUF( 3, "session ticket cleartext", ticket, clear_len );
+
+ /* Actually load session */
+ if( ( ret = ssl_load_session( &session, ticket, clear_len ) ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "failed to parse ticket content" ) );
+ memset( &session, 0, sizeof( ssl_session ) );
+ return( ret );
+ }
+
+#if defined(POLARSSL_HAVE_TIME)
+ /* Check if still valid */
+ if( (int) ( time( NULL) - session.start ) > ssl->ticket_lifetime )
+ {
+ SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
+ memset( &session, 0, sizeof( ssl_session ) );
+ return( POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED );
+ }
+#endif
+
+ /*
+ * Keep the session ID sent by the client, since we MUST send it back to
+ * inform him we're accepting the ticket (RFC 5077 section 3.4)
+ */
+ session.length = ssl->session_negotiate->length;
+ memcpy( &session.id, ssl->session_negotiate->id, session.length );
+
+ ssl_session_free( ssl->session_negotiate );
+ memcpy( ssl->session_negotiate, &session, sizeof( ssl_session ) );
+ memset( &session, 0, sizeof( ssl_session ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+/*
+ * Wrapper around f_sni, allowing use of ssl_set_own_cert() but
+ * making it act on ssl->hanshake->sni_key_cert instead.
+ */
+static int ssl_sni_wrapper( ssl_context *ssl,
+ const unsigned char* name, size_t len )
+{
+ int ret;
+ ssl_key_cert *key_cert_ori = ssl->key_cert;
+
+ ssl->key_cert = NULL;
+ ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
+ ssl->handshake->sni_key_cert = ssl->key_cert;
+
+ ssl->key_cert = key_cert_ori;
+
+ return( ret );
+}
+
+static int ssl_parse_servername_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ int ret;
+ size_t servername_list_size, hostname_len;
+ const unsigned char *p;
+
+ servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
+ if( servername_list_size + 2 != len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ p = buf + 2;
+ while( servername_list_size > 0 )
+ {
+ hostname_len = ( ( p[1] << 8 ) | p[2] );
+ if( hostname_len + 3 > servername_list_size )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ if( p[0] == TLS_EXT_SERVERNAME_HOSTNAME )
+ {
+ ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
+ if( ret != 0 )
+ {
+ ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_UNRECOGNIZED_NAME );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ return( 0 );
+ }
+
+ servername_list_size -= hostname_len + 3;
+ p += hostname_len + 3;
+ }
+
+ if( servername_list_size != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
+
+static int ssl_parse_renegotiation_info( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ int ret;
+
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ {
+ if( len != 1 || buf[0] != 0x0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "non-zero length renegotiated connection field" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
+ }
+ else
+ {
+ /* Check verify-data in constant-time. The length OTOH is no secret */
+ if( len != 1 + ssl->verify_data_len ||
+ buf[0] != ssl->verify_data_len ||
+ safer_memcmp( buf + 1, ssl->peer_verify_data,
+ ssl->verify_data_len ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ }
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t sig_alg_list_size;
+ const unsigned char *p;
+
+ sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
+ if( sig_alg_list_size + 2 != len ||
+ sig_alg_list_size %2 != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ p = buf + 2;
+ while( sig_alg_list_size > 0 )
+ {
+ /*
+ * For now, just ignore signature algorithm and rely on offered
+ * ciphersuites only. To be fixed later.
+ */
+#if defined(POLARSSL_SHA512_C)
+ if( p[0] == SSL_HASH_SHA512 )
+ {
+ ssl->handshake->sig_alg = SSL_HASH_SHA512;
+ break;
+ }
+ if( p[0] == SSL_HASH_SHA384 )
+ {
+ ssl->handshake->sig_alg = SSL_HASH_SHA384;
+ break;
+ }
+#endif
+#if defined(POLARSSL_SHA256_C)
+ if( p[0] == SSL_HASH_SHA256 )
+ {
+ ssl->handshake->sig_alg = SSL_HASH_SHA256;
+ break;
+ }
+ if( p[0] == SSL_HASH_SHA224 )
+ {
+ ssl->handshake->sig_alg = SSL_HASH_SHA224;
+ break;
+ }
+#endif
+ if( p[0] == SSL_HASH_SHA1 )
+ {
+ ssl->handshake->sig_alg = SSL_HASH_SHA1;
+ break;
+ }
+ if( p[0] == SSL_HASH_MD5 )
+ {
+ ssl->handshake->sig_alg = SSL_HASH_MD5;
+ break;
+ }
+
+ sig_alg_list_size -= 2;
+ p += 2;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
+ ssl->handshake->sig_alg ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t list_size, our_size;
+ const unsigned char *p;
+ const ecp_curve_info *curve_info, **curves;
+
+ list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
+ if( list_size + 2 != len ||
+ list_size % 2 != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /* Don't allow our peer to make use allocated too much memory,
+ * and leave room for a final 0 */
+ our_size = list_size / 2 + 1;
+ if( our_size > POLARSSL_ECP_DP_MAX )
+ our_size = POLARSSL_ECP_DP_MAX;
+
+ if( ( curves = polarssl_malloc( our_size * sizeof( *curves ) ) ) == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ /* explicit void pointer cast for buggy MS compiler */
+ memset( (void *) curves, 0, our_size * sizeof( *curves ) );
+ ssl->handshake->curves = curves;
+
+ p = buf + 2;
+ while( list_size > 0 && our_size > 1 )
+ {
+ curve_info = ecp_curve_info_from_tls_id( ( p[0] << 8 ) | p[1] );
+
+ if( curve_info != NULL )
+ {
+ *curves++ = curve_info;
+ our_size--;
+ }
+
+ list_size -= 2;
+ p += 2;
+ }
+
+ return( 0 );
+}
+
+static int ssl_parse_supported_point_formats( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t list_size;
+ const unsigned char *p;
+
+ list_size = buf[0];
+ if( list_size + 1 != len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ p = buf + 2;
+ while( list_size > 0 )
+ {
+ if( p[0] == POLARSSL_ECP_PF_UNCOMPRESSED ||
+ p[0] == POLARSSL_ECP_PF_COMPRESSED )
+ {
+ ssl->handshake->ecdh_ctx.point_format = p[0];
+ SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
+ return( 0 );
+ }
+
+ list_size--;
+ p++;
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( len != 1 || buf[0] >= SSL_MAX_FRAG_LEN_INVALID )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->session_negotiate->mfl_code = buf[0];
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( len != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ((void) buf);
+
+ ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+static int ssl_parse_session_ticket_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t len )
+{
+ int ret;
+
+ if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED )
+ return( 0 );
+
+ /* Remember the client asked us to send a new ticket */
+ ssl->handshake->new_session_ticket = 1;
+
+ SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
+
+ if( len == 0 )
+ return( 0 );
+
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
+ return( 0 );
+ }
+
+ /*
+ * Failures are ok: just ignore the ticket and proceed.
+ */
+ if( ( ret = ssl_parse_ticket( ssl, buf, len ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_parse_ticket", ret );
+ return( 0 );
+ }
+
+ SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
+
+ ssl->handshake->resume = 1;
+
+ /* Don't send a new ticket after all, this one is OK */
+ ssl->handshake->new_session_ticket = 0;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+static int ssl_parse_client_hello_v2( ssl_context *ssl )
+{
+ int ret;
+ unsigned int i, j;
+ size_t n;
+ unsigned int ciph_len, sess_len, chal_len;
+ unsigned char *buf, *p;
+ const int *ciphersuites;
+ const ssl_ciphersuite_t *ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
+
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ buf = ssl->in_hdr;
+
+ SSL_DEBUG_BUF( 4, "record header", buf, 5 );
+
+ SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d",
+ buf[2] ) );
+ SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d",
+ ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
+ SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]",
+ buf[3], buf[4] ) );
+
+ /*
+ * SSLv2 Client Hello
+ *
+ * Record layer:
+ * 0 . 1 message length
+ *
+ * SSL layer:
+ * 2 . 2 message type
+ * 3 . 4 protocol version
+ */
+ if( buf[2] != SSL_HS_CLIENT_HELLO ||
+ buf[3] != SSL_MAJOR_VERSION_3 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
+
+ if( n < 17 || n > 512 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->major_ver = SSL_MAJOR_VERSION_3;
+ ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
+ ? buf[4] : ssl->max_minor_ver;
+
+ if( ssl->minor_ver < ssl->min_minor_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
+ " [%d:%d] < [%d:%d]", ssl->major_ver, ssl->minor_ver,
+ ssl->min_major_ver, ssl->min_minor_ver ) );
+
+ ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_PROTOCOL_VERSION );
+ return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+ }
+
+ ssl->handshake->max_major_ver = buf[3];
+ ssl->handshake->max_minor_ver = buf[4];
+
+ if( ( ret = ssl_fetch_input( ssl, 2 + n ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
+ return( ret );
+ }
+
+ ssl->handshake->update_checksum( ssl, buf + 2, n );
+
+ buf = ssl->in_msg;
+ n = ssl->in_left - 5;
+
+ /*
+ * 0 . 1 ciphersuitelist length
+ * 2 . 3 session id length
+ * 4 . 5 challenge length
+ * 6 . .. ciphersuitelist
+ * .. . .. session id
+ * .. . .. challenge
+ */
+ SSL_DEBUG_BUF( 4, "record contents", buf, n );
+
+ ciph_len = ( buf[0] << 8 ) | buf[1];
+ sess_len = ( buf[2] << 8 ) | buf[3];
+ chal_len = ( buf[4] << 8 ) | buf[5];
+
+ SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
+ ciph_len, sess_len, chal_len ) );
+
+ /*
+ * Make sure each parameter length is valid
+ */
+ if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ if( sess_len > 32 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ if( chal_len < 8 || chal_len > 32 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ if( n != 6 + ciph_len + sess_len + chal_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
+ buf + 6, ciph_len );
+ SSL_DEBUG_BUF( 3, "client hello, session id",
+ buf + 6 + ciph_len, sess_len );
+ SSL_DEBUG_BUF( 3, "client hello, challenge",
+ buf + 6 + ciph_len + sess_len, chal_len );
+
+ p = buf + 6 + ciph_len;
+ ssl->session_negotiate->length = sess_len;
+ memset( ssl->session_negotiate->id, 0, sizeof( ssl->session_negotiate->id ) );
+ memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->length );
+
+ p += sess_len;
+ memset( ssl->handshake->randbytes, 0, 64 );
+ memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
+
+ /*
+ * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ */
+ for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
+ {
+ if( p[0] == 0 && p[1] == 0 && p[2] == SSL_EMPTY_RENEGOTIATION_INFO )
+ {
+ SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+ if( ssl->renegotiation == SSL_RENEGOTIATION )
+ {
+ SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
+ break;
+ }
+ }
+
+ ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ {
+ for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
+ {
+ // Only allow non-ECC ciphersuites as we do not have extensions
+ //
+ if( p[0] == 0 && p[1] == 0 &&
+ ( ( ciphersuites[i] >> 8 ) & 0xFF ) == 0 &&
+ p[2] == ( ciphersuites[i] & 0xFF ) )
+ {
+ ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
+
+ if( ciphersuite_info == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
+ ciphersuites[i] ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
+ ciphersuite_info->max_minor_ver < ssl->minor_ver )
+ continue;
+
+ goto have_ciphersuite_v2;
+ }
+ }
+ }
+
+ SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+
+ return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+
+have_ciphersuite_v2:
+ ssl->session_negotiate->ciphersuite = ciphersuites[i];
+ ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+ ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+
+ /*
+ * SSLv2 Client Hello relevant renegotiation security checks
+ */
+ if( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ ssl->allow_legacy_renegotiation == SSL_LEGACY_BREAK_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->in_left = 0;
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse client hello v2" ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+#if defined(POLARSSL_ECDSA_C)
+static int ssl_key_matches_curves( pk_context *pk,
+ const ecp_curve_info **curves )
+{
+ const ecp_curve_info **crv = curves;
+ ecp_group_id grp_id = pk_ec( *pk )->grp.id;
+
+ while( *crv != NULL )
+ {
+ if( (*crv)->grp_id == grp_id )
+ return( 1 );
+ crv++;
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_ECDSA_C */
+
+/*
+ * Try picking a certificate for this ciphersuite,
+ * return 0 on success and -1 on failure.
+ */
+static int ssl_pick_cert( ssl_context *ssl,
+ const ssl_ciphersuite_t * ciphersuite_info )
+{
+ ssl_key_cert *cur, *list;
+ pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ if( ssl->handshake->sni_key_cert != NULL )
+ list = ssl->handshake->sni_key_cert;
+ else
+#endif
+ list = ssl->handshake->key_cert;
+
+ if( pk_alg == POLARSSL_PK_NONE )
+ return( 0 );
+
+ for( cur = list; cur != NULL; cur = cur->next )
+ {
+ if( ! pk_can_do( cur->key, pk_alg ) )
+ continue;
+
+#if defined(POLARSSL_ECDSA_C)
+ if( pk_alg == POLARSSL_PK_ECDSA )
+ {
+ if( ssl_key_matches_curves( cur->key, ssl->handshake->curves ) )
+ break;
+ }
+ else
+#endif
+ break;
+ }
+
+ if( cur == NULL )
+ return( -1 );
+
+ ssl->handshake->key_cert = cur;
+ return( 0 );
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+static int ssl_parse_client_hello( ssl_context *ssl )
+{
+ int ret;
+ unsigned int i, j;
+ size_t n;
+ unsigned int ciph_len, sess_len;
+ unsigned int comp_len;
+ unsigned int ext_len = 0;
+ unsigned char *buf, *p, *ext;
+ int renegotiation_info_seen = 0;
+ int handshake_failure = 0;
+ const int *ciphersuites;
+ const ssl_ciphersuite_t *ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
+ ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
+ return( ret );
+ }
+
+ buf = ssl->in_hdr;
+
+#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+ if( ( buf[0] & 0x80 ) != 0 )
+ return ssl_parse_client_hello_v2( ssl );
+#endif
+
+ SSL_DEBUG_BUF( 4, "record header", buf, 5 );
+
+ SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d",
+ buf[0] ) );
+ SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d",
+ ( buf[3] << 8 ) | buf[4] ) );
+ SSL_DEBUG_MSG( 3, ( "client hello v3, protocol ver: [%d:%d]",
+ buf[1], buf[2] ) );
+
+ /*
+ * SSLv3 Client Hello
+ *
+ * Record layer:
+ * 0 . 0 message type
+ * 1 . 2 protocol version
+ * 3 . 4 message length
+ */
+ if( buf[0] != SSL_MSG_HANDSHAKE ||
+ buf[1] != SSL_MAJOR_VERSION_3 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ n = ( buf[3] << 8 ) | buf[4];
+
+ if( n < 45 || n > 2048 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
+ ( ret = ssl_fetch_input( ssl, 5 + n ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
+ return( ret );
+ }
+
+ buf = ssl->in_msg;
+ if( !ssl->renegotiation )
+ n = ssl->in_left - 5;
+ else
+ n = ssl->in_msglen;
+
+ ssl->handshake->update_checksum( ssl, buf, n );
+
+ /*
+ * SSL layer:
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 5 protocol version
+ * 6 . 9 UNIX time()
+ * 10 . 37 random bytes
+ * 38 . 38 session id length
+ * 39 . 38+x session id
+ * 39+x . 40+x ciphersuitelist length
+ * 41+x . .. ciphersuitelist
+ * .. . .. compression alg.
+ * .. . .. extensions
+ */
+ SSL_DEBUG_BUF( 4, "record contents", buf, n );
+
+ SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d",
+ buf[0] ) );
+ SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
+ ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
+ SSL_DEBUG_MSG( 3, ( "client hello v3, max. version: [%d:%d]",
+ buf[4], buf[5] ) );
+
+ /*
+ * Check the handshake type and protocol version
+ */
+ if( buf[0] != SSL_HS_CLIENT_HELLO ||
+ buf[4] != SSL_MAJOR_VERSION_3 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->major_ver = SSL_MAJOR_VERSION_3;
+ ssl->minor_ver = ( buf[5] <= ssl->max_minor_ver )
+ ? buf[5] : ssl->max_minor_ver;
+
+ if( ssl->minor_ver < ssl->min_minor_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
+ " [%d:%d] < [%d:%d]", ssl->major_ver, ssl->minor_ver,
+ ssl->min_major_ver, ssl->min_minor_ver ) );
+
+ ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_PROTOCOL_VERSION );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+ }
+
+ ssl->handshake->max_major_ver = buf[4];
+ ssl->handshake->max_minor_ver = buf[5];
+
+ memcpy( ssl->handshake->randbytes, buf + 6, 32 );
+
+ /*
+ * Check the handshake message length
+ */
+ if( buf[1] != 0 || n != (unsigned int) 4 + ( ( buf[2] << 8 ) | buf[3] ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /*
+ * Check the session length
+ */
+ sess_len = buf[38];
+
+ if( sess_len > 32 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->session_negotiate->length = sess_len;
+ memset( ssl->session_negotiate->id, 0,
+ sizeof( ssl->session_negotiate->id ) );
+ memcpy( ssl->session_negotiate->id, buf + 39,
+ ssl->session_negotiate->length );
+
+ /*
+ * Check the ciphersuitelist length
+ */
+ ciph_len = ( buf[39 + sess_len] << 8 )
+ | ( buf[40 + sess_len] );
+
+ if( ciph_len < 2 || ciph_len > 256 || ( ciph_len % 2 ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /*
+ * Check the compression algorithms length
+ */
+ comp_len = buf[41 + sess_len + ciph_len];
+
+ if( comp_len < 1 || comp_len > 16 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /*
+ * Check the extension length
+ */
+ if( n > 42 + sess_len + ciph_len + comp_len )
+ {
+ ext_len = ( buf[42 + sess_len + ciph_len + comp_len] << 8 )
+ | ( buf[43 + sess_len + ciph_len + comp_len] );
+
+ if( ( ext_len > 0 && ext_len < 4 ) ||
+ n != 44 + sess_len + ciph_len + comp_len + ext_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ SSL_DEBUG_BUF( 3, "Ext", buf + 44 + sess_len + ciph_len + comp_len, ext_len);
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ }
+
+ ssl->session_negotiate->compression = SSL_COMPRESS_NULL;
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ for( i = 0; i < comp_len; ++i )
+ {
+ if( buf[42 + sess_len + ciph_len + i] == SSL_COMPRESS_DEFLATE )
+ {
+ ssl->session_negotiate->compression = SSL_COMPRESS_DEFLATE;
+ break;
+ }
+ }
+#endif
+
+ SSL_DEBUG_BUF( 3, "client hello, random bytes",
+ buf + 6, 32 );
+ SSL_DEBUG_BUF( 3, "client hello, session id",
+ buf + 38, sess_len );
+ SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
+ buf + 41 + sess_len, ciph_len );
+ SSL_DEBUG_BUF( 3, "client hello, compression",
+ buf + 42 + sess_len + ciph_len, comp_len );
+
+ /*
+ * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ */
+ for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
+ {
+ if( p[0] == 0 && p[1] == SSL_EMPTY_RENEGOTIATION_INFO )
+ {
+ SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+ if( ssl->renegotiation == SSL_RENEGOTIATION )
+ {
+ SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
+ break;
+ }
+ }
+
+ ext = buf + 44 + sess_len + ciph_len + comp_len;
+
+ while( ext_len )
+ {
+ unsigned int ext_id = ( ( ext[0] << 8 )
+ | ( ext[1] ) );
+ unsigned int ext_size = ( ( ext[2] << 8 )
+ | ( ext[3] ) );
+
+ if( ext_size + 4 > ext_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ switch( ext_id )
+ {
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ case TLS_EXT_SERVERNAME:
+ SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
+ if( ssl->f_sni == NULL )
+ break;
+
+ ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
+
+ case TLS_EXT_RENEGOTIATION_INFO:
+ SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+ renegotiation_info_seen = 1;
+
+ ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ case TLS_EXT_SIG_ALG:
+ SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+ if( ssl->renegotiation == SSL_RENEGOTIATION )
+ break;
+
+ ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
+ SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
+
+ ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+
+ case TLS_EXT_SUPPORTED_POINT_FORMATS:
+ SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
+ ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
+
+ ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ case TLS_EXT_MAX_FRAGMENT_LENGTH:
+ SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
+
+ ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ case TLS_EXT_TRUNCATED_HMAC:
+ SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
+
+ ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ case TLS_EXT_SESSION_TICKET:
+ SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
+
+ ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+ default:
+ SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
+ ext_id ) );
+ }
+
+ ext_len -= 4 + ext_size;
+ ext += 4 + ext_size;
+
+ if( ext_len > 0 && ext_len < 4 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ }
+
+ /*
+ * Renegotiation security checks
+ */
+ if( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ ssl->allow_legacy_renegotiation == SSL_LEGACY_BREAK_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+ handshake_failure = 1;
+ }
+ else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+ ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
+ renegotiation_info_seen == 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+ handshake_failure = 1;
+ }
+ else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+ ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION )
+ {
+ SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+ handshake_failure = 1;
+ }
+ else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+ ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ renegotiation_info_seen == 1 )
+ {
+ SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+ handshake_failure = 1;
+ }
+
+ if( handshake_failure == 1 )
+ {
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /*
+ * Search for a matching ciphersuite
+ * (At the end because we need information from the EC-based extensions
+ * and certificate from the SNI callback triggered by the SNI extension.)
+ */
+ ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ {
+ for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
+ j += 2, p += 2 )
+ {
+ if( p[0] == ( ( ciphersuites[i] >> 8 ) & 0xFF ) &&
+ p[1] == ( ( ciphersuites[i] ) & 0xFF ) )
+ {
+ ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
+
+ if( ciphersuite_info == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found",
+ ciphersuites[i] ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
+ ciphersuite_info->max_minor_ver < ssl->minor_ver )
+ continue;
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ if( ssl_ciphersuite_uses_ec( ciphersuite_info ) &&
+ ( ssl->handshake->curves == NULL ||
+ ssl->handshake->curves[0] == NULL ) )
+ continue;
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ /* If the ciphersuite requires a pre-shared key and we don't
+ * have one, skip it now rather than failing later */
+ if( ssl_ciphersuite_uses_psk( ciphersuite_info ) &&
+ ssl->f_psk == NULL &&
+ ( ssl->psk == NULL || ssl->psk_identity == NULL ||
+ ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+ continue;
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ /*
+ * Final check: if ciphersuite requires us to have a
+ * certificate/key of a particular type:
+ * - select the appropriate certificate if we have one, or
+ * - try the next ciphersuite if we don't
+ * This must be done last since we modify the key_cert list.
+ */
+ if( ssl_pick_cert( ssl, ciphersuite_info ) != 0 )
+ continue;
+#endif
+
+ goto have_ciphersuite;
+ }
+ }
+ }
+
+ SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+
+have_ciphersuite:
+ ssl->session_negotiate->ciphersuite = ciphersuites[i];
+ ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+ ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+
+ ssl->in_left = 0;
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->session_negotiate->trunc_hmac == SSL_TRUNC_HMAC_DISABLED )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 0x00;
+
+ *olen = 4;
+}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+static void ssl_write_session_ticket_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->handshake->new_session_ticket == 0 )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 0x00;
+
+ *olen = 4;
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+static void ssl_write_renegotiation_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->secure_renegotiation != SSL_SECURE_RENEGOTIATION )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
+ *p++ = ssl->verify_data_len * 2 & 0xFF;
+
+ memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
+ p += ssl->verify_data_len;
+ memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+ p += ssl->verify_data_len;
+
+ *olen = 5 + ssl->verify_data_len * 2;
+}
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->session_negotiate->mfl_code == SSL_MAX_FRAG_LEN_NONE )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 1;
+
+ *p++ = ssl->session_negotiate->mfl_code;
+
+ *olen = 5;
+}
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+static void ssl_write_supported_point_formats_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ ((void) ssl);
+
+ if( ( ssl->handshake->cli_exts &
+ TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 2;
+
+ *p++ = 1;
+ *p++ = POLARSSL_ECP_PF_UNCOMPRESSED;
+
+ *olen = 6;
+}
+#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
+
+static int ssl_write_server_hello( ssl_context *ssl )
+{
+#if defined(POLARSSL_HAVE_TIME)
+ time_t t;
+#endif
+ int ret;
+ size_t olen, ext_len = 0, n;
+ unsigned char *buf, *p;
+
+ SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 5 protocol version
+ * 6 . 9 UNIX time()
+ * 10 . 37 random bytes
+ */
+ buf = ssl->out_msg;
+ p = buf + 4;
+
+ *p++ = (unsigned char) ssl->major_ver;
+ *p++ = (unsigned char) ssl->minor_ver;
+
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
+ buf[4], buf[5] ) );
+
+#if defined(POLARSSL_HAVE_TIME)
+ t = time( NULL );
+ *p++ = (unsigned char)( t >> 24 );
+ *p++ = (unsigned char)( t >> 16 );
+ *p++ = (unsigned char)( t >> 8 );
+ *p++ = (unsigned char)( t );
+
+ SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
+#else
+ if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 )
+ return( ret );
+
+ p += 4;
+#endif
+
+ if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
+ return( ret );
+
+ p += 28;
+
+ memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
+
+ SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
+
+ /*
+ * Resume is 0 by default, see ssl_handshake_init().
+ * It may be already set to 1 by ssl_parse_session_ticket_ext().
+ * If not, try looking up session ID in our cache.
+ */
+ if( ssl->handshake->resume == 0 &&
+ ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
+ ssl->session_negotiate->length != 0 &&
+ ssl->f_get_cache != NULL &&
+ ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 )
+ {
+ ssl->handshake->resume = 1;
+ }
+
+ if( ssl->handshake->resume == 0 )
+ {
+ /*
+ * New session, create a new session id,
+ * unless we're about to issue a session ticket
+ */
+ ssl->state++;
+
+#if defined(POLARSSL_HAVE_TIME)
+ ssl->session_negotiate->start = time( NULL );
+#endif
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ if( ssl->handshake->new_session_ticket != 0 )
+ {
+ ssl->session_negotiate->length = n = 0;
+ memset( ssl->session_negotiate->id, 0, 32 );
+ }
+ else
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+ {
+ ssl->session_negotiate->length = n = 32;
+ if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id,
+ n ) ) != 0 )
+ return( ret );
+ }
+ }
+ else
+ {
+ /*
+ * Resuming a session
+ */
+ n = ssl->session_negotiate->length;
+ ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
+
+ if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+ return( ret );
+ }
+ }
+
+ /*
+ * 38 . 38 session id length
+ * 39 . 38+n session id
+ * 39+n . 40+n chosen ciphersuite
+ * 41+n . 41+n chosen compression alg.
+ * 42+n . 43+n extensions length
+ * 44+n . 43+n+m extensions
+ */
+ *p++ = (unsigned char) ssl->session_negotiate->length;
+ memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->length );
+ p += ssl->session_negotiate->length;
+
+ SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+ SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
+ SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
+ ssl->handshake->resume ? "a" : "no" ) );
+
+ *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
+ *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
+ *p++ = (unsigned char)( ssl->session_negotiate->compression );
+
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
+ ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
+ SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
+ ssl->session_negotiate->compression ) );
+
+ /*
+ * First write extensions, then the total length
+ */
+ ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+ SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
+
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+ p += ext_len;
+
+ ssl->out_msglen = p - buf;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_SERVER_HELLO;
+
+ ret = ssl_write_record( ssl );
+
+ SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+
+ return( ret );
+}
+
+#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_write_certificate_request( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ SSL_DEBUG_MSG( 1, ( "should not happen" ) );
+ return( ret );
+}
+#else
+static int ssl_write_certificate_request( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ size_t dn_size, total_dn_size; /* excluding length bytes */
+ size_t ct_len, sa_len; /* including length bytes */
+ unsigned char *buf, *p;
+ const x509_crt *crt;
+
+ SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+
+ ssl->state++;
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
+ ssl->authmode == SSL_VERIFY_NONE )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+ return( 0 );
+ }
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 4 cert type count
+ * 5 .. m-1 cert types
+ * m .. m+1 sig alg length (TLS 1.2 only)
+ * m+1 .. n-1 SignatureAndHashAlgorithms (TLS 1.2 only)
+ * n .. n+1 length of all DNs
+ * n+2 .. n+3 length of DN 1
+ * n+4 .. ... Distinguished Name #1
+ * ... .. ... length of DN 2, etc.
+ */
+ buf = ssl->out_msg;
+ p = buf + 4;
+
+ /*
+ * Supported certificate types
+ *
+ * ClientCertificateType certificate_types<1..2^8-1>;
+ * enum { (255) } ClientCertificateType;
+ */
+ ct_len = 0;
+
+#if defined(POLARSSL_RSA_C)
+ p[1 + ct_len++] = SSL_CERT_TYPE_RSA_SIGN;
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ p[1 + ct_len++] = SSL_CERT_TYPE_ECDSA_SIGN;
+#endif
+
+ p[0] = (unsigned char) ct_len++;
+ p += ct_len;
+
+ sa_len = 0;
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ /*
+ * Add signature_algorithms for verify (TLS 1.2)
+ *
+ * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>;
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * enum { (255) } HashAlgorithm;
+ * enum { (255) } SignatureAlgorithm;
+ */
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ /*
+ * Only use current running hash algorithm that is already required
+ * for requested ciphersuite.
+ */
+ ssl->handshake->verify_sig_alg = SSL_HASH_SHA256;
+
+ if( ssl->transform_negotiate->ciphersuite_info->mac ==
+ POLARSSL_MD_SHA384 )
+ {
+ ssl->handshake->verify_sig_alg = SSL_HASH_SHA384;
+ }
+
+ /*
+ * Supported signature algorithms
+ */
+#if defined(POLARSSL_RSA_C)
+ p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
+ p[2 + sa_len++] = SSL_SIG_RSA;
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
+ p[2 + sa_len++] = SSL_SIG_ECDSA;
+#endif
+
+ p[0] = (unsigned char)( sa_len >> 8 );
+ p[1] = (unsigned char)( sa_len );
+ sa_len += 2;
+ p += sa_len;
+ }
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+ /*
+ * DistinguishedName certificate_authorities<0..2^16-1>;
+ * opaque DistinguishedName<1..2^16-1>;
+ */
+ p += 2;
+ crt = ssl->ca_chain;
+
+ total_dn_size = 0;
+ while( crt != NULL )
+ {
+ if( p - buf > 4096 )
+ break;
+
+ dn_size = crt->subject_raw.len;
+ *p++ = (unsigned char)( dn_size >> 8 );
+ *p++ = (unsigned char)( dn_size );
+ memcpy( p, crt->subject_raw.p, dn_size );
+ p += dn_size;
+
+ SSL_DEBUG_BUF( 3, "requested DN", p, dn_size );
+
+ total_dn_size += 2 + dn_size;
+ crt = crt->next;
+ }
+
+ ssl->out_msglen = p - buf;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_CERTIFICATE_REQUEST;
+ ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 );
+ ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
+
+ ret = ssl_write_record( ssl );
+
+ SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
+
+ return( ret );
+}
+#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+static int ssl_write_server_key_exchange( ssl_context *ssl )
+{
+ int ret;
+ size_t n = 0;
+ const ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ unsigned char *p = ssl->out_msg + 4;
+ unsigned char *dig_signed = p;
+ size_t dig_signed_len = 0, len;
+ ((void) dig_signed);
+ ((void) dig_signed_len);
+#endif
+
+ SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ /* TODO: Support identity hints */
+ *(p++) = 0x00;
+ *(p++) = 0x00;
+
+ n += 2;
+ }
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ /*
+ * Ephemeral DH parameters:
+ *
+ * struct {
+ * opaque dh_p<1..2^16-1>;
+ * opaque dh_g<1..2^16-1>;
+ * opaque dh_Ys<1..2^16-1>;
+ * } ServerDHParams;
+ */
+ if( ( ret = mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->dhm_P ) ) != 0 ||
+ ( ret = mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->dhm_G ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "mpi_copy", ret );
+ return( ret );
+ }
+
+ if( ( ret = dhm_make_params( &ssl->handshake->dhm_ctx,
+ (int) mpi_size( &ssl->handshake->dhm_ctx.P ),
+ p,
+ &len, ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "dhm_make_params", ret );
+ return( ret );
+ }
+
+ dig_signed = p;
+ dig_signed_len = len;
+
+ p += len;
+ n += len;
+
+ SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
+ SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
+ SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
+ SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+ }
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ /*
+ * Ephemeral ECDH parameters:
+ *
+ * struct {
+ * ECParameters curve_params;
+ * ECPoint public;
+ * } ServerECDHParams;
+ */
+ if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp,
+ ssl->handshake->curves[0]->grp_id ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecp_use_known_dp", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
+ (int) ssl->handshake->ecdh_ctx.grp.nbits ) );
+
+ if( ( ret = ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
+ p, SSL_MAX_CONTENT_LEN - n,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_make_params", ret );
+ return( ret );
+ }
+
+ dig_signed = p;
+ dig_signed_len = len;
+
+ p += len;
+ n += len;
+
+ SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
+ }
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ size_t signature_len = 0;
+ unsigned int hashlen = 0;
+ unsigned char hash[64];
+ md_type_t md_alg = POLARSSL_MD_NONE;
+
+ /*
+ * Choose hash algorithm. NONE means MD5 + SHA1 here.
+ */
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg );
+
+ if( md_alg == POLARSSL_MD_NONE )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if ( ciphersuite_info->key_exchange ==
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ md_alg = POLARSSL_MD_SHA1;
+ }
+ else
+#endif
+ {
+ md_alg = POLARSSL_MD_NONE;
+ }
+
+ /*
+ * Compute the hash to be signed
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( md_alg == POLARSSL_MD_NONE )
+ {
+ md5_context md5;
+ sha1_context sha1;
+
+ /*
+ * digitally-signed struct {
+ * opaque md5_hash[16];
+ * opaque sha_hash[20];
+ * };
+ *
+ * md5_hash
+ * MD5(ClientHello.random + ServerHello.random
+ * + ServerParams);
+ * sha_hash
+ * SHA(ClientHello.random + ServerHello.random
+ * + ServerParams);
+ */
+ md5_starts( &md5 );
+ md5_update( &md5, ssl->handshake->randbytes, 64 );
+ md5_update( &md5, dig_signed, dig_signed_len );
+ md5_finish( &md5, hash );
+
+ sha1_starts( &sha1 );
+ sha1_update( &sha1, ssl->handshake->randbytes, 64 );
+ sha1_update( &sha1, dig_signed, dig_signed_len );
+ sha1_finish( &sha1, hash + 16 );
+
+ hashlen = 36;
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
+ POLARSSL_SSL_PROTO_TLS1_1 */
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( md_alg != POLARSSL_MD_NONE )
+ {
+ md_context_t ctx;
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+
+ /*
+ * digitally-signed struct {
+ * opaque client_random[32];
+ * opaque server_random[32];
+ * ServerDHParams params;
+ * };
+ */
+ if( ( ret = md_init_ctx( &ctx, md_info_from_type(md_alg) ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+ return( ret );
+ }
+
+ md_starts( &ctx );
+ md_update( &ctx, ssl->handshake->randbytes, 64 );
+ md_update( &ctx, dig_signed, dig_signed_len );
+ md_finish( &ctx, hash );
+
+ if( ( ret = md_free_ctx( &ctx ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "md_free_ctx", ret );
+ return( ret );
+ }
+
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
+ POLARSSL_SSL_PROTO_TLS1_2 */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
+ (unsigned int) ( md_info_from_type( md_alg ) )->size );
+
+ /*
+ * Make the signature
+ */
+ if( ssl_own_key( ssl ) == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "got no private key" ) );
+ return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ *(p++) = ssl->handshake->sig_alg;
+ *(p++) = ssl_sig_from_pk( ssl_own_key( ssl ) );
+
+ n += 2;
+ }
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+ if( ( ret = pk_sign( ssl_own_key( ssl ), md_alg, hash, hashlen,
+ p + 2 , &signature_len,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "pk_sign", ret );
+ return( ret );
+ }
+
+ *(p++) = (unsigned char)( signature_len >> 8 );
+ *(p++) = (unsigned char)( signature_len );
+ n += 2;
+
+ SSL_DEBUG_BUF( 3, "my signature", p, signature_len );
+
+ p += signature_len;
+ n += signature_len;
+ }
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+ ssl->out_msglen = 4 + n;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_SERVER_KEY_EXCHANGE;
+
+ ssl->state++;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) );
+
+ return( 0 );
+}
+
+static int ssl_write_server_hello_done( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) );
+
+ ssl->out_msglen = 4;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_SERVER_HELLO_DONE;
+
+ ssl->state++;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+static int ssl_parse_client_dh_public( ssl_context *ssl, unsigned char **p,
+ const unsigned char *end )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t n;
+
+ /*
+ * Receive G^Y mod P, premaster = (G^Y)^X mod P
+ */
+ if( *p + 2 > end )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+ n = ( (*p)[0] << 8 ) | (*p)[1];
+ *p += 2;
+
+ if( n < 1 || n > ssl->handshake->dhm_ctx.len || *p + n > end )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+ if( ( ret = dhm_read_public( &ssl->handshake->dhm_ctx,
+ *p, n ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "dhm_read_public", ret );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+ }
+
+ SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+
+ return( ret );
+}
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+static int ssl_parse_encrypted_pms( ssl_context *ssl,
+ const unsigned char *p,
+ const unsigned char *end,
+ size_t pms_offset )
+{
+ int ret;
+ size_t len = pk_get_len( ssl_own_key( ssl ) );
+ unsigned char *pms = ssl->handshake->premaster + pms_offset;
+
+ if( ! pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_RSA ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
+ return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
+
+ /*
+ * Decrypt the premaster using own private RSA key
+ */
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
+ {
+ if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
+ *p++ != ( ( len ) & 0xFF ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+ }
+#endif
+
+ if( p + len != end )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+ ret = pk_decrypt( ssl_own_key( ssl ), p, len,
+ pms, &ssl->handshake->pmslen,
+ sizeof(ssl->handshake->premaster),
+ ssl->f_rng, ssl->p_rng );
+
+ if( ret != 0 || ssl->handshake->pmslen != 48 ||
+ pms[0] != ssl->handshake->max_major_ver ||
+ pms[1] != ssl->handshake->max_minor_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+
+ /*
+ * Protection against Bleichenbacher's attack:
+ * invalid PKCS#1 v1.5 padding must not cause
+ * the connection to end immediately; instead,
+ * send a bad_record_mac later in the handshake.
+ */
+ ssl->handshake->pmslen = 48;
+
+ ret = ssl->f_rng( ssl->p_rng, pms, ssl->handshake->pmslen );
+ if( ret != 0 )
+ return( ret );
+ }
+
+ return( ret );
+}
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+static int ssl_parse_client_psk_identity( ssl_context *ssl, unsigned char **p,
+ const unsigned char *end )
+{
+ int ret = 0;
+ size_t n;
+
+ if( ssl->f_psk == NULL &&
+ ( ssl->psk == NULL || ssl->psk_identity == NULL ||
+ ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
+ return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
+
+ /*
+ * Receive client pre-shared key identity name
+ */
+ if( *p + 2 > end )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+ n = ( (*p)[0] << 8 ) | (*p)[1];
+ *p += 2;
+
+ if( n < 1 || n > 65535 || *p + n > end )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+ if( ssl->f_psk != NULL )
+ {
+ if( ( ret != ssl->f_psk( ssl->p_psk, ssl, *p, n ) ) != 0 )
+ ret = POLARSSL_ERR_SSL_UNKNOWN_IDENTITY;
+ }
+
+ if( ret == 0 )
+ {
+ /* Identity is not a big secret since clients send it in the clear,
+ * but treat it carefully anyway, just in case */
+ if( n != ssl->psk_identity_len ||
+ safer_memcmp( ssl->psk_identity, *p, n ) != 0 )
+ {
+ ret = POLARSSL_ERR_SSL_UNKNOWN_IDENTITY;
+ }
+ }
+
+ if( ret == POLARSSL_ERR_SSL_UNKNOWN_IDENTITY )
+ {
+ SSL_DEBUG_BUF( 3, "Unknown PSK identity", *p, n );
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( POLARSSL_ERR_SSL_UNKNOWN_IDENTITY );
+ }
+
+ *p += n;
+ ret = 0;
+
+ return( ret );
+}
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+static int ssl_parse_client_key_exchange( ssl_context *ssl )
+{
+ int ret;
+ const ssl_ciphersuite_t *ciphersuite_info;
+
+ ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+ if( ssl->in_msg[0] != SSL_HS_CLIENT_KEY_EXCHANGE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA )
+ {
+ unsigned char *p = ssl->in_msg + 4;
+ unsigned char *end = ssl->in_msg + ssl->in_msglen;
+
+ if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
+ return( ret );
+ }
+
+ ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
+
+ if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
+ ssl->handshake->premaster,
+ &ssl->handshake->pmslen,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
+ }
+
+ SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ size_t n = ssl->in_msg[3];
+
+ if( n < 1 || n > mpi_size( &ssl->handshake->ecdh_ctx.grp.P ) * 2 + 2 ||
+ n + 4 != ssl->in_hslen )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
+
+ if( ( ret = ecdh_read_public( &ssl->handshake->ecdh_ctx,
+ ssl->in_msg + 4, n ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_read_public", ret );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+ }
+
+ SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+
+ if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
+ &ssl->handshake->pmslen,
+ ssl->handshake->premaster,
+ POLARSSL_MPI_MAX_SIZE,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_calc_secret", ret );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
+ }
+
+ SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
+ {
+ unsigned char *p = ssl->in_msg + 4;
+ unsigned char *end = ssl->in_msg + ssl->in_msglen;
+
+ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+ return( ret );
+ }
+
+ if( ( ret = ssl_psk_derive_premaster( ssl,
+ ciphersuite_info->key_exchange ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
+ {
+ unsigned char *p = ssl->in_msg + 4;
+ unsigned char *end = ssl->in_msg + ssl->in_msglen;
+
+ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+ return( ret );
+ }
+
+ if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret );
+ return( ret );
+ }
+
+ if( ( ret = ssl_psk_derive_premaster( ssl,
+ ciphersuite_info->key_exchange ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ unsigned char *p = ssl->in_msg + 4;
+ unsigned char *end = ssl->in_msg + ssl->in_msglen;
+
+ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+ return( ret );
+ }
+ if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
+ return( ret );
+ }
+
+ if( ( ret = ssl_psk_derive_premaster( ssl,
+ ciphersuite_info->key_exchange ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ unsigned char *p = ssl->in_msg + 4;
+ unsigned char *end = ssl->in_msg + ssl->in_msglen;
+
+ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+ return( ret );
+ }
+
+ if( ( ret = ecdh_read_public( &ssl->handshake->ecdh_ctx,
+ p, end - p ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_read_public", ret );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+ }
+
+ SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+
+ if( ( ret = ssl_psk_derive_premaster( ssl,
+ ciphersuite_info->key_exchange ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
+ {
+ if( ( ret = ssl_parse_encrypted_pms( ssl,
+ ssl->in_msg + 4,
+ ssl->in_msg + ssl->in_msglen,
+ 0 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, ( "ssl_parse_parse_ecrypted_pms_secret" ), ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+ return( ret );
+ }
+
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) );
+
+ return( 0 );
+}
+
+#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_parse_certificate_verify( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ SSL_DEBUG_MSG( 1, ( "should not happen" ) );
+ return( ret );
+}
+#else
+static int ssl_parse_certificate_verify( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t sa_len, sig_len;
+ unsigned char hash[48];
+ unsigned char *hash_start = hash;
+ size_t hashlen;
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ pk_type_t pk_alg;
+#endif
+ md_type_t md_alg;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ if( ssl->session_negotiate->peer_cert == NULL )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ ssl->handshake->calc_verify( ssl, hash );
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ ssl->state++;
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+
+ if( ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 5 sig alg (TLS 1.2 only)
+ * 4+n . 5+n signature length (n = sa_len)
+ * 6+n . 6+n+m signature (m = sig_len)
+ */
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( ssl->minor_ver != SSL_MINOR_VERSION_3 )
+ {
+ sa_len = 0;
+
+ md_alg = POLARSSL_MD_NONE;
+ hashlen = 36;
+
+ /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
+ if( pk_can_do( &ssl->session_negotiate->peer_cert->pk,
+ POLARSSL_PK_ECDSA ) )
+ {
+ hash_start += 16;
+ hashlen -= 16;
+ md_alg = POLARSSL_MD_SHA1;
+ }
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ sa_len = 2;
+
+ /*
+ * Hash
+ */
+ if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg )
+ {
+ SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+
+ md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+
+ /*
+ * Signature
+ */
+ if( ( pk_alg = ssl_pk_alg_from_sig( ssl->in_msg[5] ) )
+ == POLARSSL_PK_NONE )
+ {
+ SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+
+ /*
+ * Check the certificate's key type matches the signature alg
+ */
+ if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ sig_len = ( ssl->in_msg[4 + sa_len] << 8 ) | ssl->in_msg[5 + sa_len];
+
+ if( sa_len + sig_len + 6 != ssl->in_hslen )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+
+ if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk,
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + 6 + sa_len, sig_len ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "pk_verify", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+
+ return( ret );
+}
+#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+static int ssl_write_new_session_ticket( ssl_context *ssl )
+{
+ int ret;
+ size_t tlen;
+ uint32_t lifetime = (uint32_t) ssl->ticket_lifetime;
+
+ SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
+
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_NEW_SESSION_TICKET;
+
+ /*
+ * struct {
+ * uint32 ticket_lifetime_hint;
+ * opaque ticket<0..2^16-1>;
+ * } NewSessionTicket;
+ *
+ * 4 . 7 ticket_lifetime_hint (0 = unspecified)
+ * 8 . 9 ticket_len (n)
+ * 10 . 9+n ticket content
+ */
+
+ ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF;
+ ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF;
+ ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF;
+ ssl->out_msg[7] = ( lifetime ) & 0xFF;
+
+ if( ( ret = ssl_write_ticket( ssl, &tlen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_ticket", ret );
+ tlen = 0;
+ }
+
+ ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
+ ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF );
+
+ ssl->out_msglen = 10 + tlen;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ /* No need to remember writing a NewSessionTicket any more */
+ ssl->handshake->new_session_ticket = 0;
+
+ SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+/*
+ * SSL handshake -- server side -- single step
+ */
+int ssl_handshake_server_step( ssl_context *ssl )
+{
+ int ret = 0;
+
+ if( ssl->state == SSL_HANDSHAKE_OVER )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
+
+ if( ( ret = ssl_flush_output( ssl ) ) != 0 )
+ return( ret );
+
+ switch( ssl->state )
+ {
+ case SSL_HELLO_REQUEST:
+ ssl->state = SSL_CLIENT_HELLO;
+ break;
+
+ /*
+ * <== ClientHello
+ */
+ case SSL_CLIENT_HELLO:
+ ret = ssl_parse_client_hello( ssl );
+ break;
+
+ /*
+ * ==> ServerHello
+ * Certificate
+ * ( ServerKeyExchange )
+ * ( CertificateRequest )
+ * ServerHelloDone
+ */
+ case SSL_SERVER_HELLO:
+ ret = ssl_write_server_hello( ssl );
+ break;
+
+ case SSL_SERVER_CERTIFICATE:
+ ret = ssl_write_certificate( ssl );
+ break;
+
+ case SSL_SERVER_KEY_EXCHANGE:
+ ret = ssl_write_server_key_exchange( ssl );
+ break;
+
+ case SSL_CERTIFICATE_REQUEST:
+ ret = ssl_write_certificate_request( ssl );
+ break;
+
+ case SSL_SERVER_HELLO_DONE:
+ ret = ssl_write_server_hello_done( ssl );
+ break;
+
+ /*
+ * <== ( Certificate/Alert )
+ * ClientKeyExchange
+ * ( CertificateVerify )
+ * ChangeCipherSpec
+ * Finished
+ */
+ case SSL_CLIENT_CERTIFICATE:
+ ret = ssl_parse_certificate( ssl );
+ break;
+
+ case SSL_CLIENT_KEY_EXCHANGE:
+ ret = ssl_parse_client_key_exchange( ssl );
+ break;
+
+ case SSL_CERTIFICATE_VERIFY:
+ ret = ssl_parse_certificate_verify( ssl );
+ break;
+
+ case SSL_CLIENT_CHANGE_CIPHER_SPEC:
+ ret = ssl_parse_change_cipher_spec( ssl );
+ break;
+
+ case SSL_CLIENT_FINISHED:
+ ret = ssl_parse_finished( ssl );
+ break;
+
+ /*
+ * ==> ( NewSessionTicket )
+ * ChangeCipherSpec
+ * Finished
+ */
+ case SSL_SERVER_CHANGE_CIPHER_SPEC:
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ if( ssl->handshake->new_session_ticket != 0 )
+ ret = ssl_write_new_session_ticket( ssl );
+ else
+#endif
+ ret = ssl_write_change_cipher_spec( ssl );
+ break;
+
+ case SSL_SERVER_FINISHED:
+ ret = ssl_write_finished( ssl );
+ break;
+
+ case SSL_FLUSH_BUFFERS:
+ SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
+ ssl->state = SSL_HANDSHAKE_WRAPUP;
+ break;
+
+ case SSL_HANDSHAKE_WRAPUP:
+ ssl_handshake_wrapup( ssl );
+ break;
+
+ default:
+ SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ return( ret );
+}
+#endif
--- /dev/null
+/*
+ * SSLv3/TLSv1 shared functions
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The SSL 3.0 specification was drafted by Netscape in 1996,
+ * and became an IETF standard in 1999.
+ *
+ * http://wp.netscape.com/eng/ssl3/
+ * http://www.ietf.org/rfc/rfc2246.txt
+ * http://www.ietf.org/rfc/rfc4346.txt
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_SSL_TLS_C)
+
+#include "polarssl/debug.h"
+#include "polarssl/ssl.h"
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <stdlib.h>
+
+#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
+ !defined(EFI32)
+#define strcasecmp _stricmp
+#endif
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+/*
+ * Convert max_fragment_length codes to length.
+ * RFC 6066 says:
+ * enum{
+ * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255)
+ * } MaxFragmentLength;
+ * and we add 0 -> extension unused
+ */
+static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
+{
+ SSL_MAX_CONTENT_LEN, /* SSL_MAX_FRAG_LEN_NONE */
+ 512, /* SSL_MAX_FRAG_LEN_512 */
+ 1024, /* SSL_MAX_FRAG_LEN_1024 */
+ 2048, /* SSL_MAX_FRAG_LEN_2048 */
+ 4096, /* SSL_MAX_FRAG_LEN_4096 */
+};
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
+{
+ ssl_session_free( dst );
+ memcpy( dst, src, sizeof( ssl_session ) );
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( src->peer_cert != NULL )
+ {
+ int ret;
+
+ dst->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
+ if( dst->peer_cert == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ x509_crt_init( dst->peer_cert );
+
+ if( ( ret = x509_crt_parse( dst->peer_cert, src->peer_cert->raw.p,
+ src->peer_cert->raw.len ) != 0 ) )
+ {
+ polarssl_free( dst->peer_cert );
+ dst->peer_cert = NULL;
+ return( ret );
+ }
+ }
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ if( src->ticket != NULL )
+ {
+ dst->ticket = (unsigned char *) polarssl_malloc( src->ticket_len );
+ if( dst->ticket == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ memcpy( dst->ticket, src->ticket, src->ticket_len );
+ }
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+int (*ssl_hw_record_init)(ssl_context *ssl,
+ const unsigned char *key_enc, const unsigned char *key_dec,
+ size_t keylen,
+ const unsigned char *iv_enc, const unsigned char *iv_dec,
+ size_t ivlen,
+ const unsigned char *mac_enc, const unsigned char *mac_dec,
+ size_t maclen) = NULL;
+int (*ssl_hw_record_activate)(ssl_context *ssl, int direction) = NULL;
+int (*ssl_hw_record_reset)(ssl_context *ssl) = NULL;
+int (*ssl_hw_record_write)(ssl_context *ssl) = NULL;
+int (*ssl_hw_record_read)(ssl_context *ssl) = NULL;
+int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL;
+#endif
+
+/*
+ * Key material generation
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+static int ssl3_prf( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ size_t i;
+ md5_context md5;
+ sha1_context sha1;
+ unsigned char padding[16];
+ unsigned char sha1sum[20];
+ ((void)label);
+
+ /*
+ * SSLv3:
+ * block =
+ * MD5( secret + SHA1( 'A' + secret + random ) ) +
+ * MD5( secret + SHA1( 'BB' + secret + random ) ) +
+ * MD5( secret + SHA1( 'CCC' + secret + random ) ) +
+ * ...
+ */
+ for( i = 0; i < dlen / 16; i++ )
+ {
+ memset( padding, (unsigned char) ('A' + i), 1 + i );
+
+ sha1_starts( &sha1 );
+ sha1_update( &sha1, padding, 1 + i );
+ sha1_update( &sha1, secret, slen );
+ sha1_update( &sha1, random, rlen );
+ sha1_finish( &sha1, sha1sum );
+
+ md5_starts( &md5 );
+ md5_update( &md5, secret, slen );
+ md5_update( &md5, sha1sum, 20 );
+ md5_finish( &md5, dstbuf + i * 16 );
+ }
+
+ memset( &md5, 0, sizeof( md5 ) );
+ memset( &sha1, 0, sizeof( sha1 ) );
+
+ memset( padding, 0, sizeof( padding ) );
+ memset( sha1sum, 0, sizeof( sha1sum ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
+static int tls1_prf( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ size_t nb, hs;
+ size_t i, j, k;
+ const unsigned char *S1, *S2;
+ unsigned char tmp[128];
+ unsigned char h_i[20];
+
+ if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ hs = ( slen + 1 ) / 2;
+ S1 = secret;
+ S2 = secret + slen - hs;
+
+ nb = strlen( label );
+ memcpy( tmp + 20, label, nb );
+ memcpy( tmp + 20 + nb, random, rlen );
+ nb += rlen;
+
+ /*
+ * First compute P_md5(secret,label+random)[0..dlen]
+ */
+ md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
+
+ for( i = 0; i < dlen; i += 16 )
+ {
+ md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
+ md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
+
+ k = ( i + 16 > dlen ) ? dlen % 16 : 16;
+
+ for( j = 0; j < k; j++ )
+ dstbuf[i + j] = h_i[j];
+ }
+
+ /*
+ * XOR out with P_sha1(secret,label+random)[0..dlen]
+ */
+ sha1_hmac( S2, hs, tmp + 20, nb, tmp );
+
+ for( i = 0; i < dlen; i += 20 )
+ {
+ sha1_hmac( S2, hs, tmp, 20 + nb, h_i );
+ sha1_hmac( S2, hs, tmp, 20, tmp );
+
+ k = ( i + 20 > dlen ) ? dlen % 20 : 20;
+
+ for( j = 0; j < k; j++ )
+ dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
+ }
+
+ memset( tmp, 0, sizeof( tmp ) );
+ memset( h_i, 0, sizeof( h_i ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_PROTO_TLS1) || POLARSSL_SSL_PROTO_TLS1_1 */
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+static int tls_prf_sha256( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ size_t nb;
+ size_t i, j, k;
+ unsigned char tmp[128];
+ unsigned char h_i[32];
+
+ if( sizeof( tmp ) < 32 + strlen( label ) + rlen )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ nb = strlen( label );
+ memcpy( tmp + 32, label, nb );
+ memcpy( tmp + 32 + nb, random, rlen );
+ nb += rlen;
+
+ /*
+ * Compute P_<hash>(secret, label + random)[0..dlen]
+ */
+ sha256_hmac( secret, slen, tmp + 32, nb, tmp, 0 );
+
+ for( i = 0; i < dlen; i += 32 )
+ {
+ sha256_hmac( secret, slen, tmp, 32 + nb, h_i, 0 );
+ sha256_hmac( secret, slen, tmp, 32, tmp, 0 );
+
+ k = ( i + 32 > dlen ) ? dlen % 32 : 32;
+
+ for( j = 0; j < k; j++ )
+ dstbuf[i + j] = h_i[j];
+ }
+
+ memset( tmp, 0, sizeof( tmp ) );
+ memset( h_i, 0, sizeof( h_i ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+static int tls_prf_sha384( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ size_t nb;
+ size_t i, j, k;
+ unsigned char tmp[128];
+ unsigned char h_i[48];
+
+ if( sizeof( tmp ) < 48 + strlen( label ) + rlen )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ nb = strlen( label );
+ memcpy( tmp + 48, label, nb );
+ memcpy( tmp + 48 + nb, random, rlen );
+ nb += rlen;
+
+ /*
+ * Compute P_<hash>(secret, label + random)[0..dlen]
+ */
+ sha512_hmac( secret, slen, tmp + 48, nb, tmp, 1 );
+
+ for( i = 0; i < dlen; i += 48 )
+ {
+ sha512_hmac( secret, slen, tmp, 48 + nb, h_i, 1 );
+ sha512_hmac( secret, slen, tmp, 48, tmp, 1 );
+
+ k = ( i + 48 > dlen ) ? dlen % 48 : 48;
+
+ for( j = 0; j < k; j++ )
+ dstbuf[i + j] = h_i[j];
+ }
+
+ memset( tmp, 0, sizeof( tmp ) );
+ memset( h_i, 0, sizeof( h_i ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+static void ssl_update_checksum_start(ssl_context *, const unsigned char *, size_t);
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+static void ssl_update_checksum_md5sha1(ssl_context *, const unsigned char *, size_t);
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+static void ssl_calc_verify_ssl(ssl_context *,unsigned char *);
+static void ssl_calc_finished_ssl(ssl_context *,unsigned char *,int);
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
+static void ssl_calc_verify_tls(ssl_context *,unsigned char *);
+static void ssl_calc_finished_tls(ssl_context *,unsigned char *,int);
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+static void ssl_update_checksum_sha256(ssl_context *, const unsigned char *, size_t);
+static void ssl_calc_verify_tls_sha256(ssl_context *,unsigned char *);
+static void ssl_calc_finished_tls_sha256(ssl_context *,unsigned char *,int);
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+static void ssl_update_checksum_sha384(ssl_context *, const unsigned char *, size_t);
+static void ssl_calc_verify_tls_sha384(ssl_context *,unsigned char *);
+static void ssl_calc_finished_tls_sha384(ssl_context *,unsigned char *,int);
+#endif
+#endif
+
+int ssl_derive_keys( ssl_context *ssl )
+{
+ int ret = 0;
+ unsigned char tmp[64];
+ unsigned char keyblk[256];
+ unsigned char *key1;
+ unsigned char *key2;
+ unsigned char *mac_enc;
+ unsigned char *mac_dec;
+ size_t iv_copy_len;
+ const cipher_info_t *cipher_info;
+ const md_info_t *md_info;
+
+ ssl_session *session = ssl->session_negotiate;
+ ssl_transform *transform = ssl->transform_negotiate;
+ ssl_handshake_params *handshake = ssl->handshake;
+
+ SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
+
+ cipher_info = cipher_info_from_type( transform->ciphersuite_info->cipher );
+ if( cipher_info == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
+ transform->ciphersuite_info->cipher ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ md_info = md_info_from_type( transform->ciphersuite_info->mac );
+ if( md_info == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "md info for %d not found",
+ transform->ciphersuite_info->mac ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ /*
+ * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ handshake->tls_prf = ssl3_prf;
+ handshake->calc_verify = ssl_calc_verify_ssl;
+ handshake->calc_finished = ssl_calc_finished_ssl;
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
+ {
+ handshake->tls_prf = tls1_prf;
+ handshake->calc_verify = ssl_calc_verify_tls;
+ handshake->calc_finished = ssl_calc_finished_tls;
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA512_C)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 &&
+ transform->ciphersuite_info->mac == POLARSSL_MD_SHA384 )
+ {
+ handshake->tls_prf = tls_prf_sha384;
+ handshake->calc_verify = ssl_calc_verify_tls_sha384;
+ handshake->calc_finished = ssl_calc_finished_tls_sha384;
+ }
+ else
+#endif
+#if defined(POLARSSL_SHA256_C)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ handshake->tls_prf = tls_prf_sha256;
+ handshake->calc_verify = ssl_calc_verify_tls_sha256;
+ handshake->calc_finished = ssl_calc_finished_tls_sha256;
+ }
+ else
+#endif
+#endif
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ /*
+ * SSLv3:
+ * master =
+ * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) +
+ * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) +
+ * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
+ *
+ * TLSv1+:
+ * master = PRF( premaster, "master secret", randbytes )[0..47]
+ */
+ if( handshake->resume == 0 )
+ {
+ SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
+ handshake->pmslen );
+
+ handshake->tls_prf( handshake->premaster, handshake->pmslen,
+ "master secret",
+ handshake->randbytes, 64, session->master, 48 );
+
+ memset( handshake->premaster, 0, sizeof( handshake->premaster ) );
+ }
+ else
+ SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
+
+ /*
+ * Swap the client and server random values.
+ */
+ memcpy( tmp, handshake->randbytes, 64 );
+ memcpy( handshake->randbytes, tmp + 32, 32 );
+ memcpy( handshake->randbytes + 32, tmp, 32 );
+ memset( tmp, 0, sizeof( tmp ) );
+
+ /*
+ * SSLv3:
+ * key block =
+ * MD5( master + SHA1( 'A' + master + randbytes ) ) +
+ * MD5( master + SHA1( 'BB' + master + randbytes ) ) +
+ * MD5( master + SHA1( 'CCC' + master + randbytes ) ) +
+ * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
+ * ...
+ *
+ * TLSv1:
+ * key block = PRF( master, "key expansion", randbytes )
+ */
+ handshake->tls_prf( session->master, 48, "key expansion",
+ handshake->randbytes, 64, keyblk, 256 );
+
+ SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
+ ssl_get_ciphersuite_name( session->ciphersuite ) ) );
+ SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
+ SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
+ SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
+
+ memset( handshake->randbytes, 0, sizeof( handshake->randbytes ) );
+
+ /*
+ * Determine the appropriate key, IV and MAC length.
+ */
+
+ if( cipher_info->mode == POLARSSL_MODE_GCM )
+ {
+ transform->keylen = cipher_info->key_length;
+ transform->keylen /= 8;
+ transform->minlen = 1;
+ transform->ivlen = 12;
+ transform->fixed_ivlen = 4;
+ transform->maclen = 0;
+ }
+ else
+ {
+ if( md_info->type != POLARSSL_MD_NONE )
+ {
+ int ret;
+
+ if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+ return( ret );
+ }
+
+ if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+ return( ret );
+ }
+
+ transform->maclen = md_get_size( md_info );
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ /*
+ * If HMAC is to be truncated, we shall keep the leftmost bytes,
+ * (rfc 6066 page 13 or rfc 2104 section 4),
+ * so we only need to adjust the length here.
+ */
+ if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
+ transform->maclen = SSL_TRUNCATED_HMAC_LEN;
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+ }
+
+ transform->keylen = cipher_info->key_length;
+ transform->keylen /= 8;
+ transform->ivlen = cipher_info->iv_size;
+
+ transform->minlen = transform->keylen;
+ if( transform->minlen < transform->maclen )
+ {
+ if( cipher_info->mode == POLARSSL_MODE_STREAM )
+ transform->minlen = transform->maclen;
+ else
+ transform->minlen += transform->keylen;
+ }
+ }
+
+ SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
+ transform->keylen, transform->minlen, transform->ivlen,
+ transform->maclen ) );
+
+ /*
+ * Finally setup the cipher contexts, IVs and MAC secrets.
+ */
+ if( ssl->endpoint == SSL_IS_CLIENT )
+ {
+ key1 = keyblk + transform->maclen * 2;
+ key2 = keyblk + transform->maclen * 2 + transform->keylen;
+
+ mac_enc = keyblk;
+ mac_dec = keyblk + transform->maclen;
+
+ /*
+ * This is not used in TLS v1.1.
+ */
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
+ memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
+ iv_copy_len );
+ }
+ else
+ {
+ key1 = keyblk + transform->maclen * 2 + transform->keylen;
+ key2 = keyblk + transform->maclen * 2;
+
+ mac_enc = keyblk + transform->maclen;
+ mac_dec = keyblk;
+
+ /*
+ * This is not used in TLS v1.1.
+ */
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
+ memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
+ iv_copy_len );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ memcpy( transform->mac_enc, mac_enc, transform->maclen );
+ memcpy( transform->mac_dec, mac_dec, transform->maclen );
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
+ {
+ md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
+ md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );
+ }
+ else
+#endif
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ if( ssl_hw_record_init != NULL)
+ {
+ int ret = 0;
+
+ SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_init()" ) );
+
+ if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->keylen,
+ transform->iv_enc, transform->iv_dec,
+ iv_copy_len,
+ mac_enc, mac_dec,
+ transform->maclen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret );
+ return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
+ }
+ }
+#endif
+
+ if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
+ cipher_info ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_init_ctx", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_init_ctx( &transform->cipher_ctx_dec,
+ cipher_info ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_init_ctx", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_setkey( &transform->cipher_ctx_enc, key1,
+ cipher_info->key_length,
+ POLARSSL_ENCRYPT ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_setkey", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_setkey( &transform->cipher_ctx_dec, key2,
+ cipher_info->key_length,
+ POLARSSL_DECRYPT ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_setkey", ret );
+ return( ret );
+ }
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ if( cipher_info->mode == POLARSSL_MODE_CBC )
+ {
+ if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc,
+ POLARSSL_PADDING_NONE ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_dec,
+ POLARSSL_PADDING_NONE ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret );
+ return( ret );
+ }
+ }
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+ memset( keyblk, 0, sizeof( keyblk ) );
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ // Initialize compression
+ //
+ if( session->compression == SSL_COMPRESS_DEFLATE )
+ {
+ if( ssl->compress_buf == NULL )
+ {
+ SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
+ ssl->compress_buf = polarssl_malloc( SSL_BUFFER_LEN );
+ if( ssl->compress_buf == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
+ SSL_BUFFER_LEN ) );
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+ }
+
+ SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
+
+ memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
+ memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
+
+ if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK ||
+ inflateInit( &transform->ctx_inflate ) != Z_OK )
+ {
+ SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
+ return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
+ }
+ }
+#endif /* POLARSSL_ZLIB_SUPPORT */
+
+ SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+void ssl_calc_verify_ssl( ssl_context *ssl, unsigned char hash[36] )
+{
+ md5_context md5;
+ sha1_context sha1;
+ unsigned char pad_1[48];
+ unsigned char pad_2[48];
+
+ SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
+
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
+
+ memset( pad_1, 0x36, 48 );
+ memset( pad_2, 0x5C, 48 );
+
+ md5_update( &md5, ssl->session_negotiate->master, 48 );
+ md5_update( &md5, pad_1, 48 );
+ md5_finish( &md5, hash );
+
+ md5_starts( &md5 );
+ md5_update( &md5, ssl->session_negotiate->master, 48 );
+ md5_update( &md5, pad_2, 48 );
+ md5_update( &md5, hash, 16 );
+ md5_finish( &md5, hash );
+
+ sha1_update( &sha1, ssl->session_negotiate->master, 48 );
+ sha1_update( &sha1, pad_1, 40 );
+ sha1_finish( &sha1, hash + 16 );
+
+ sha1_starts( &sha1 );
+ sha1_update( &sha1, ssl->session_negotiate->master, 48 );
+ sha1_update( &sha1, pad_2, 40 );
+ sha1_update( &sha1, hash + 16, 20 );
+ sha1_finish( &sha1, hash + 16 );
+
+ SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
+ SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+ return;
+}
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
+void ssl_calc_verify_tls( ssl_context *ssl, unsigned char hash[36] )
+{
+ md5_context md5;
+ sha1_context sha1;
+
+ SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
+
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
+
+ md5_finish( &md5, hash );
+ sha1_finish( &sha1, hash + 16 );
+
+ SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
+ SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+ return;
+}
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 */
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+void ssl_calc_verify_tls_sha256( ssl_context *ssl, unsigned char hash[32] )
+{
+ sha256_context sha256;
+
+ SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
+
+ memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) );
+ sha256_finish( &sha256, hash );
+
+ SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
+ SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+ return;
+}
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] )
+{
+ sha512_context sha512;
+
+ SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
+
+ memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) );
+ sha512_finish( &sha512, hash );
+
+ SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
+ SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+ return;
+}
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
+{
+ unsigned char *p = ssl->handshake->premaster;
+ unsigned char *end = p + sizeof( ssl->handshake->premaster );
+
+ /*
+ * PMS = struct {
+ * opaque other_secret<0..2^16-1>;
+ * opaque psk<0..2^16-1>;
+ * };
+ * with "other_secret" depending on the particular key exchange
+ */
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+ if( key_ex == POLARSSL_KEY_EXCHANGE_PSK )
+ {
+ if( end - p < 2 + (int) ssl->psk_len )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ *(p++) = (unsigned char)( ssl->psk_len >> 8 );
+ *(p++) = (unsigned char)( ssl->psk_len );
+ p += ssl->psk_len;
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( key_ex == POLARSSL_KEY_EXCHANGE_RSA_PSK )
+ {
+ /*
+ * other_secret already set by the ClientKeyExchange message,
+ * and is 48 bytes long
+ */
+ *p++ = 0;
+ *p++ = 48;
+ p += 48;
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_PKS_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( key_ex == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ {
+ int ret;
+ size_t len = ssl->handshake->dhm_ctx.len;
+
+ if( end - p < 2 + (int) len )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ *(p++) = (unsigned char)( len >> 8 );
+ *(p++) = (unsigned char)( len );
+ if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
+ p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
+ return( ret );
+ }
+ p += len;
+
+ SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( key_ex == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ int ret;
+ size_t zlen;
+
+ if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
+ p + 2, end - (p + 2),
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ecdh_calc_secret", ret );
+ return( ret );
+ }
+
+ *(p++) = (unsigned char)( zlen >> 8 );
+ *(p++) = (unsigned char)( zlen );
+ p += zlen;
+
+ SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+ }
+ else
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ /* opaque psk<0..2^16-1>; */
+ *(p++) = (unsigned char)( ssl->psk_len >> 8 );
+ *(p++) = (unsigned char)( ssl->psk_len );
+ memcpy( p, ssl->psk, ssl->psk_len );
+ p += ssl->psk_len;
+
+ ssl->handshake->pmslen = p - ssl->handshake->premaster;
+
+ return( 0 );
+}
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+/*
+ * SSLv3.0 MAC functions
+ */
+static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
+ unsigned char *buf, size_t len,
+ unsigned char *ctr, int type )
+{
+ unsigned char header[11];
+ unsigned char padding[48];
+ int padlen = 0;
+ int md_size = md_get_size( md_ctx->md_info );
+ int md_type = md_get_type( md_ctx->md_info );
+
+ if( md_type == POLARSSL_MD_MD5 )
+ padlen = 48;
+ else if( md_type == POLARSSL_MD_SHA1 )
+ padlen = 40;
+ else if( md_type == POLARSSL_MD_SHA256 )
+ padlen = 32;
+
+ memcpy( header, ctr, 8 );
+ header[ 8] = (unsigned char) type;
+ header[ 9] = (unsigned char)( len >> 8 );
+ header[10] = (unsigned char)( len );
+
+ memset( padding, 0x36, padlen );
+ md_starts( md_ctx );
+ md_update( md_ctx, secret, md_size );
+ md_update( md_ctx, padding, padlen );
+ md_update( md_ctx, header, 11 );
+ md_update( md_ctx, buf, len );
+ md_finish( md_ctx, buf + len );
+
+ memset( padding, 0x5C, padlen );
+ md_starts( md_ctx );
+ md_update( md_ctx, secret, md_size );
+ md_update( md_ctx, padding, padlen );
+ md_update( md_ctx, buf + len, md_size );
+ md_finish( md_ctx, buf + len );
+}
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+
+/*
+ * Encryption/decryption functions
+ */
+static int ssl_encrypt_buf( ssl_context *ssl )
+{
+ size_t i;
+
+ SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
+
+ /*
+ * Add MAC before encrypt, except for GCM
+ */
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
+ ( defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
+ if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode !=
+ POLARSSL_MODE_GCM )
+ {
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ ssl_mac( &ssl->transform_out->md_ctx_enc,
+ ssl->transform_out->mac_enc,
+ ssl->out_msg, ssl->out_msglen,
+ ssl->out_ctr, ssl->out_msgtype );
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
+ {
+ md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 13 );
+ md_hmac_update( &ssl->transform_out->md_ctx_enc,
+ ssl->out_msg, ssl->out_msglen );
+ md_hmac_finish( &ssl->transform_out->md_ctx_enc,
+ ssl->out_msg + ssl->out_msglen );
+ md_hmac_reset( &ssl->transform_out->md_ctx_enc );
+ }
+ else
+#endif
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ SSL_DEBUG_BUF( 4, "computed mac",
+ ssl->out_msg + ssl->out_msglen,
+ ssl->transform_out->maclen );
+
+ ssl->out_msglen += ssl->transform_out->maclen;
+ }
+#endif /* GCM not the only option */
+
+ /*
+ * Encrypt
+ */
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
+ if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
+ POLARSSL_MODE_STREAM )
+ {
+ int ret;
+ size_t olen = 0;
+
+ SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+ "including %d bytes of padding",
+ ssl->out_msglen, 0 ) );
+
+ SSL_DEBUG_BUF( 4, "before encrypt: output payload",
+ ssl->out_msg, ssl->out_msglen );
+
+ if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_reset", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
+ ssl->transform_out->iv_enc,
+ ssl->transform_out->ivlen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
+ ssl->out_msg, ssl->out_msglen, ssl->out_msg,
+ &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_update", ret );
+ return( ret );
+ }
+
+ if( ssl->out_msglen != olen )
+ {
+ SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
+ ssl->out_msglen, olen ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
+ ssl->out_msg + olen, &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_finish", ret );
+ return( ret );
+ }
+
+ if( 0 != olen )
+ {
+ SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
+ 0, olen ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+ }
+ else
+#endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */
+#if defined(POLARSSL_GCM_C)
+ if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
+ POLARSSL_MODE_GCM )
+ {
+ size_t enc_msglen, olen, totlen;
+ unsigned char *enc_msg;
+ unsigned char add_data[13];
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+
+ enc_msglen = ssl->out_msglen;
+
+ memcpy( add_data, ssl->out_ctr, 8 );
+ add_data[8] = ssl->out_msgtype;
+ add_data[9] = ssl->major_ver;
+ add_data[10] = ssl->minor_ver;
+ add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
+ add_data[12] = ssl->out_msglen & 0xFF;
+
+ SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+ add_data, 13 );
+
+ /*
+ * Generate IV
+ */
+ ret = ssl->f_rng( ssl->p_rng,
+ ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+ ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+ if( ret != 0 )
+ return( ret );
+
+ memcpy( ssl->out_iv,
+ ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+ ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+
+ SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
+ ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+
+ /*
+ * Fix pointer positions and message length with added IV
+ */
+ enc_msg = ssl->out_msg;
+ enc_msglen = ssl->out_msglen;
+ ssl->out_msglen += ssl->transform_out->ivlen -
+ ssl->transform_out->fixed_ivlen;
+
+ SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+ "including %d bytes of padding",
+ ssl->out_msglen, 0 ) );
+
+ SSL_DEBUG_BUF( 4, "before encrypt: output payload",
+ ssl->out_msg, ssl->out_msglen );
+
+ /*
+ * Encrypt
+ */
+ if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
+ ssl->transform_out->iv_enc,
+ ssl->transform_out->ivlen ) ) != 0 ||
+ ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = cipher_update_ad( &ssl->transform_out->cipher_ctx_enc,
+ add_data, 13 ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
+ enc_msg, enc_msglen,
+ enc_msg, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+ totlen = olen;
+
+ if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
+ enc_msg + olen, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+ totlen += olen;
+
+ if( totlen != enc_msglen )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( -1 );
+ }
+
+ /*
+ * Authenticate
+ */
+ ssl->out_msglen += 16;
+
+ if( ( ret = cipher_write_tag( &ssl->transform_out->cipher_ctx_enc,
+ enc_msg + enc_msglen, 16 ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, 16 );
+ }
+ else
+#endif /* POLARSSL_GCM_C */
+#if defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
+ if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
+ POLARSSL_MODE_CBC )
+ {
+ int ret;
+ unsigned char *enc_msg;
+ size_t enc_msglen, padlen, olen = 0;
+
+ padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
+ ssl->transform_out->ivlen;
+ if( padlen == ssl->transform_out->ivlen )
+ padlen = 0;
+
+ for( i = 0; i <= padlen; i++ )
+ ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
+
+ ssl->out_msglen += padlen + 1;
+
+ enc_msglen = ssl->out_msglen;
+ enc_msg = ssl->out_msg;
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
+ /*
+ * Prepend per-record IV for block cipher in TLS v1.1 and up as per
+ * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
+ */
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
+ {
+ /*
+ * Generate IV
+ */
+ int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc,
+ ssl->transform_out->ivlen );
+ if( ret != 0 )
+ return( ret );
+
+ memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
+ ssl->transform_out->ivlen );
+
+ /*
+ * Fix pointer positions and message length with added IV
+ */
+ enc_msg = ssl->out_msg;
+ enc_msglen = ssl->out_msglen;
+ ssl->out_msglen += ssl->transform_out->ivlen;
+ }
+#endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */
+
+ SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+ "including %d bytes of IV and %d bytes of padding",
+ ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) );
+
+ SSL_DEBUG_BUF( 4, "before encrypt: output payload",
+ ssl->out_iv, ssl->out_msglen );
+
+ if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_reset", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
+ ssl->transform_out->iv_enc,
+ ssl->transform_out->ivlen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
+ enc_msg, enc_msglen, enc_msg,
+ &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_update", ret );
+ return( ret );
+ }
+
+ enc_msglen -= olen;
+
+ if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
+ enc_msg + olen, &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_finish", ret );
+ return( ret );
+ }
+
+ if( enc_msglen != olen )
+ {
+ SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
+ enc_msglen, olen ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
+ if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
+ {
+ /*
+ * Save IV in SSL3 and TLS1
+ */
+ memcpy( ssl->transform_out->iv_enc,
+ ssl->transform_out->cipher_ctx_enc.iv,
+ ssl->transform_out->ivlen );
+ }
+#endif
+ }
+ else
+#endif /* POLARSSL_CIPHER_MODE_CBC &&
+ ( POLARSSL_AES_C || POLARSSL_CAMELLIA_C ) */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ for( i = 8; i > 0; i-- )
+ if( ++ssl->out_ctr[i - 1] != 0 )
+ break;
+
+ SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
+
+ return( 0 );
+}
+
+#define POLARSSL_SSL_MAX_MAC_SIZE 48
+
+static int ssl_decrypt_buf( ssl_context *ssl )
+{
+ size_t i, padlen = 0, correct = 1;
+ unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
+
+ SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
+
+ if( ssl->in_msglen < ssl->transform_in->minlen )
+ {
+ SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
+ ssl->in_msglen, ssl->transform_in->minlen ) );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
+ if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
+ POLARSSL_MODE_STREAM )
+ {
+ int ret;
+ size_t olen = 0;
+
+ padlen = 0;
+
+ if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_reset", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
+ ssl->transform_in->iv_dec,
+ ssl->transform_in->ivlen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
+ ssl->in_msg, ssl->in_msglen, ssl->in_msg,
+ &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_update", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msglen != olen )
+ {
+ SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
+ ssl->in_msg + olen, &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_finish", ret );
+ return( ret );
+ }
+
+ if( 0 != olen )
+ {
+ SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+ }
+ else
+#endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */
+#if defined(POLARSSL_GCM_C)
+ if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
+ POLARSSL_MODE_GCM )
+ {
+ unsigned char *dec_msg;
+ unsigned char *dec_msg_result;
+ size_t dec_msglen, olen, totlen;
+ unsigned char add_data[13];
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+
+ padlen = 0;
+
+ dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
+ ssl->transform_in->fixed_ivlen );
+ dec_msglen -= 16;
+ dec_msg = ssl->in_msg;
+ dec_msg_result = ssl->in_msg;
+ ssl->in_msglen = dec_msglen;
+
+ memcpy( add_data, ssl->in_ctr, 8 );
+ add_data[8] = ssl->in_msgtype;
+ add_data[9] = ssl->major_ver;
+ add_data[10] = ssl->minor_ver;
+ add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
+ add_data[12] = ssl->in_msglen & 0xFF;
+
+ SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+ add_data, 13 );
+
+ memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
+ ssl->in_iv,
+ ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
+
+ SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
+ ssl->transform_in->ivlen );
+ SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
+
+ /*
+ * Decrypt
+ */
+ if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
+ ssl->transform_in->iv_dec,
+ ssl->transform_in->ivlen ) ) != 0 ||
+ ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = cipher_update_ad( &ssl->transform_in->cipher_ctx_dec,
+ add_data, 13 ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
+ dec_msg, dec_msglen,
+ dec_msg_result, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+ totlen = olen;
+
+ if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
+ dec_msg_result + olen, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+ totlen += olen;
+
+ if( totlen != dec_msglen )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( -1 );
+ }
+
+ /*
+ * Authenticate
+ */
+ if( ( ret = cipher_check_tag( &ssl->transform_in->cipher_ctx_dec,
+ dec_msg + dec_msglen, 16 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_check_tag", ret );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+
+ }
+ else
+#endif /* POLARSSL_GCM_C */
+#if defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
+ if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
+ POLARSSL_MODE_CBC )
+ {
+ /*
+ * Decrypt and check the padding
+ */
+ int ret;
+ unsigned char *dec_msg;
+ unsigned char *dec_msg_result;
+ size_t dec_msglen;
+ size_t minlen = 0;
+ size_t olen = 0;
+
+ /*
+ * Check immediate ciphertext sanity
+ */
+ if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
+ ssl->in_msglen, ssl->transform_in->ivlen ) );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
+ minlen += ssl->transform_in->ivlen;
+#endif
+
+ if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
+ ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
+ {
+ SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )",
+ ssl->in_msglen, ssl->transform_in->ivlen, ssl->transform_in->maclen ) );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+
+ dec_msglen = ssl->in_msglen;
+ dec_msg = ssl->in_msg;
+ dec_msg_result = ssl->in_msg;
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
+ /*
+ * Initialize for prepended IV for block cipher in TLS v1.1 and up
+ */
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
+ {
+ dec_msglen -= ssl->transform_in->ivlen;
+ ssl->in_msglen -= ssl->transform_in->ivlen;
+
+ for( i = 0; i < ssl->transform_in->ivlen; i++ )
+ ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
+ }
+#endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */
+
+ if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_reset", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
+ ssl->transform_in->iv_dec,
+ ssl->transform_in->ivlen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
+ return( ret );
+ }
+
+ if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
+ dec_msg, dec_msglen, dec_msg_result,
+ &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_update", ret );
+ return( ret );
+ }
+
+ dec_msglen -= olen;
+ if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
+ dec_msg_result + olen, &olen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "cipher_finish", ret );
+ return( ret );
+ }
+
+ if( dec_msglen != olen )
+ {
+ SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
+ if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
+ {
+ /*
+ * Save IV in SSL3 and TLS1
+ */
+ memcpy( ssl->transform_in->iv_dec,
+ ssl->transform_in->cipher_ctx_dec.iv,
+ ssl->transform_in->ivlen );
+ }
+#endif
+
+ padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
+
+ if( ssl->in_msglen < ssl->transform_in->maclen + padlen )
+ {
+#if defined(POLARSSL_SSL_DEBUG_ALL)
+ SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+ ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
+#endif
+ padlen = 0;
+ correct = 0;
+ }
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ if( padlen > ssl->transform_in->ivlen )
+ {
+#if defined(POLARSSL_SSL_DEBUG_ALL)
+ SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
+ "should be no more than %d",
+ padlen, ssl->transform_in->ivlen ) );
+#endif
+ correct = 0;
+ }
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver > SSL_MINOR_VERSION_0 )
+ {
+ /*
+ * TLSv1+: always check the padding up to the first failure
+ * and fake check up to 256 bytes of padding
+ */
+ size_t pad_count = 0, real_count = 1;
+ size_t padding_idx = ssl->in_msglen - padlen - 1;
+
+ for( i = 1; i <= 256; i++ )
+ {
+ real_count &= ( i <= padlen );
+ pad_count += real_count *
+ ( ssl->in_msg[padding_idx + i] == padlen - 1 );
+ }
+
+ correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
+
+#if defined(POLARSSL_SSL_DEBUG_ALL)
+ if( padlen > 0 && correct == 0)
+ SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
+#endif
+ padlen &= correct * 0x1FF;
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
+ POLARSSL_SSL_PROTO_TLS1_2 */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+ }
+ else
+#endif /* POLARSSL_CIPHER_MODE_CBC &&
+ ( POLARSSL_AES_C || POLARSSL_CAMELLIA_C ) */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ SSL_DEBUG_BUF( 4, "raw buffer after decryption",
+ ssl->in_msg, ssl->in_msglen );
+
+ /*
+ * Always compute the MAC (RFC4346, CBCTIME), except for GCM of course
+ */
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
+ ( defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
+ if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode !=
+ POLARSSL_MODE_GCM )
+ {
+ ssl->in_msglen -= ( ssl->transform_in->maclen + padlen );
+
+ ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
+ ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
+
+ memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen );
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ ssl_mac( &ssl->transform_in->md_ctx_dec,
+ ssl->transform_in->mac_dec,
+ ssl->in_msg, ssl->in_msglen,
+ ssl->in_ctr, ssl->in_msgtype );
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver > SSL_MINOR_VERSION_0 )
+ {
+ /*
+ * Process MAC and always update for padlen afterwards to make
+ * total time independent of padlen
+ *
+ * extra_run compensates MAC check for padlen
+ *
+ * Known timing attacks:
+ * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
+ *
+ * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
+ * correctly. (We round down instead of up, so -56 is the correct
+ * value for our calculations instead of -55)
+ */
+ size_t j, extra_run = 0;
+ extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
+ ( 13 + ssl->in_msglen + 8 ) / 64;
+
+ extra_run &= correct * 0xFF;
+
+ md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 13 );
+ md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
+ ssl->in_msglen );
+ md_hmac_finish( &ssl->transform_in->md_ctx_dec,
+ ssl->in_msg + ssl->in_msglen );
+ for( j = 0; j < extra_run; j++ )
+ md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
+
+ md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
+ POLARSSL_SSL_PROTO_TLS1_2 */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen );
+ SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
+ ssl->transform_in->maclen );
+
+ if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
+ ssl->transform_in->maclen ) != 0 )
+ {
+#if defined(POLARSSL_SSL_DEBUG_ALL)
+ SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+#endif
+ correct = 0;
+ }
+
+ /*
+ * Finally check the correct flag
+ */
+ if( correct == 0 )
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+#endif /* GCM not the only option */
+
+ if( ssl->in_msglen == 0 )
+ {
+ ssl->nb_zero++;
+
+ /*
+ * Three or more empty messages may be a DoS attack
+ * (excessive CPU consumption).
+ */
+ if( ssl->nb_zero > 3 )
+ {
+ SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
+ "messages, possible DoS attack" ) );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+ }
+ else
+ ssl->nb_zero = 0;
+
+ for( i = 8; i > 0; i-- )
+ if( ++ssl->in_ctr[i - 1] != 0 )
+ break;
+
+ SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+/*
+ * Compression/decompression functions
+ */
+static int ssl_compress_buf( ssl_context *ssl )
+{
+ int ret;
+ unsigned char *msg_post = ssl->out_msg;
+ size_t len_pre = ssl->out_msglen;
+ unsigned char *msg_pre = ssl->compress_buf;
+
+ SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
+
+ if( len_pre == 0 )
+ return( 0 );
+
+ memcpy( msg_pre, ssl->out_msg, len_pre );
+
+ SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
+ ssl->out_msglen ) );
+
+ SSL_DEBUG_BUF( 4, "before compression: output payload",
+ ssl->out_msg, ssl->out_msglen );
+
+ ssl->transform_out->ctx_deflate.next_in = msg_pre;
+ ssl->transform_out->ctx_deflate.avail_in = len_pre;
+ ssl->transform_out->ctx_deflate.next_out = msg_post;
+ ssl->transform_out->ctx_deflate.avail_out = SSL_BUFFER_LEN;
+
+ ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
+ if( ret != Z_OK )
+ {
+ SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
+ return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
+ }
+
+ ssl->out_msglen = SSL_BUFFER_LEN - ssl->transform_out->ctx_deflate.avail_out;
+
+ SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
+ ssl->out_msglen ) );
+
+ SSL_DEBUG_BUF( 4, "after compression: output payload",
+ ssl->out_msg, ssl->out_msglen );
+
+ SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
+
+ return( 0 );
+}
+
+static int ssl_decompress_buf( ssl_context *ssl )
+{
+ int ret;
+ unsigned char *msg_post = ssl->in_msg;
+ size_t len_pre = ssl->in_msglen;
+ unsigned char *msg_pre = ssl->compress_buf;
+
+ SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
+
+ if( len_pre == 0 )
+ return( 0 );
+
+ memcpy( msg_pre, ssl->in_msg, len_pre );
+
+ SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
+ ssl->in_msglen ) );
+
+ SSL_DEBUG_BUF( 4, "before decompression: input payload",
+ ssl->in_msg, ssl->in_msglen );
+
+ ssl->transform_in->ctx_inflate.next_in = msg_pre;
+ ssl->transform_in->ctx_inflate.avail_in = len_pre;
+ ssl->transform_in->ctx_inflate.next_out = msg_post;
+ ssl->transform_in->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN;
+
+ ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
+ if( ret != Z_OK )
+ {
+ SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
+ return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
+ }
+
+ ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->transform_in->ctx_inflate.avail_out;
+
+ SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
+ ssl->in_msglen ) );
+
+ SSL_DEBUG_BUF( 4, "after decompression: input payload",
+ ssl->in_msg, ssl->in_msglen );
+
+ SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_ZLIB_SUPPORT */
+
+/*
+ * Fill the input message buffer
+ */
+int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
+{
+ int ret;
+ size_t len;
+
+ SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
+
+ while( ssl->in_left < nb_want )
+ {
+ len = nb_want - ssl->in_left;
+ ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len );
+
+ SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+ ssl->in_left, nb_want ) );
+ SSL_DEBUG_RET( 2, "ssl->f_recv", ret );
+
+ if( ret == 0 )
+ return( POLARSSL_ERR_SSL_CONN_EOF );
+
+ if( ret < 0 )
+ return( ret );
+
+ ssl->in_left += ret;
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
+
+ return( 0 );
+}
+
+/*
+ * Flush any data not yet written
+ */
+int ssl_flush_output( ssl_context *ssl )
+{
+ int ret;
+ unsigned char *buf;
+
+ SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
+
+ while( ssl->out_left > 0 )
+ {
+ SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
+ 5 + ssl->out_msglen, ssl->out_left ) );
+
+ buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left;
+ ret = ssl->f_send( ssl->p_send, buf, ssl->out_left );
+
+ SSL_DEBUG_RET( 2, "ssl->f_send", ret );
+
+ if( ret <= 0 )
+ return( ret );
+
+ ssl->out_left -= ret;
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
+
+ return( 0 );
+}
+
+/*
+ * Record layer functions
+ */
+int ssl_write_record( ssl_context *ssl )
+{
+ int ret, done = 0;
+ size_t len = ssl->out_msglen;
+
+ SSL_DEBUG_MSG( 2, ( "=> write record" ) );
+
+ if( ssl->out_msgtype == SSL_MSG_HANDSHAKE )
+ {
+ ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
+ ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
+ ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
+
+ if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
+ ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
+ }
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ if( ssl->transform_out != NULL &&
+ ssl->session_out->compression == SSL_COMPRESS_DEFLATE )
+ {
+ if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
+ return( ret );
+ }
+
+ len = ssl->out_msglen;
+ }
+#endif /*POLARSSL_ZLIB_SUPPORT */
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ if( ssl_hw_record_write != NULL)
+ {
+ SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_write()" ) );
+
+ ret = ssl_hw_record_write( ssl );
+ if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH )
+ {
+ SSL_DEBUG_RET( 1, "ssl_hw_record_write", ret );
+ return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
+ }
+
+ if( ret == 0 )
+ done = 1;
+ }
+#endif
+ if( !done )
+ {
+ ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
+ ssl->out_hdr[1] = (unsigned char) ssl->major_ver;
+ ssl->out_hdr[2] = (unsigned char) ssl->minor_ver;
+ ssl->out_hdr[3] = (unsigned char)( len >> 8 );
+ ssl->out_hdr[4] = (unsigned char)( len );
+
+ if( ssl->transform_out != NULL )
+ {
+ if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
+ return( ret );
+ }
+
+ len = ssl->out_msglen;
+ ssl->out_hdr[3] = (unsigned char)( len >> 8 );
+ ssl->out_hdr[4] = (unsigned char)( len );
+ }
+
+ ssl->out_left = 5 + ssl->out_msglen;
+
+ SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
+ "version = [%d:%d], msglen = %d",
+ ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
+ ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) );
+
+ SSL_DEBUG_BUF( 4, "output record sent to network",
+ ssl->out_hdr, 5 + ssl->out_msglen );
+ }
+
+ if( ( ret = ssl_flush_output( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write record" ) );
+
+ return( 0 );
+}
+
+int ssl_read_record( ssl_context *ssl )
+{
+ int ret, done = 0;
+
+ SSL_DEBUG_MSG( 2, ( "=> read record" ) );
+
+ SSL_DEBUG_BUF( 4, "input record from network",
+ ssl->in_hdr, 5 + ssl->in_msglen );
+
+ if( ssl->in_hslen != 0 &&
+ ssl->in_hslen < ssl->in_msglen )
+ {
+ /*
+ * Get next Handshake message in the current record
+ */
+ ssl->in_msglen -= ssl->in_hslen;
+
+ memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
+ ssl->in_msglen );
+
+ ssl->in_hslen = 4;
+ ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
+
+ SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
+ " %d, type = %d, hslen = %d",
+ ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
+
+ if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+ if( ssl->in_msglen < ssl->in_hslen )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+ ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+
+ return( 0 );
+ }
+
+ ssl->in_hslen = 0;
+
+ /*
+ * Read the record header and validate it
+ */
+ if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
+ return( ret );
+ }
+
+ ssl->in_msgtype = ssl->in_hdr[0];
+ ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4];
+
+ SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
+ "version = [%d:%d], msglen = %d",
+ ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2],
+ ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) );
+
+ if( ssl->in_hdr[1] != ssl->major_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+ if( ssl->in_hdr[2] > ssl->max_minor_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+ /*
+ * Make sure the message length is acceptable
+ */
+ if( ssl->transform_in == NULL )
+ {
+ if( ssl->in_msglen < 1 ||
+ ssl->in_msglen > SSL_MAX_CONTENT_LEN )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+ }
+ else
+ {
+ if( ssl->in_msglen < ssl->transform_in->minlen )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
+ ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ /*
+ * TLS encrypted messages can have up to 256 bytes of padding
+ */
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_1 &&
+ ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN + 256 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+#endif
+ }
+
+ /*
+ * Read and optionally decrypt the message contents
+ */
+ if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_BUF( 4, "input record from network",
+ ssl->in_hdr, 5 + ssl->in_msglen );
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ if( ssl_hw_record_read != NULL)
+ {
+ SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_read()" ) );
+
+ ret = ssl_hw_record_read( ssl );
+ if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH )
+ {
+ SSL_DEBUG_RET( 1, "ssl_hw_record_read", ret );
+ return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
+ }
+
+ if( ret == 0 )
+ done = 1;
+ }
+#endif
+ if( !done && ssl->transform_in != NULL )
+ {
+ if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
+ {
+#if defined(POLARSSL_SSL_ALERT_MESSAGES)
+ if( ret == POLARSSL_ERR_SSL_INVALID_MAC )
+ {
+ ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_BAD_RECORD_MAC );
+ }
+#endif
+ SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_BUF( 4, "input payload after decrypt",
+ ssl->in_msg, ssl->in_msglen );
+
+ if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+ }
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ if( ssl->transform_in != NULL &&
+ ssl->session_in->compression == SSL_COMPRESS_DEFLATE )
+ {
+ if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
+ return( ret );
+ }
+
+ ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
+ ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
+ }
+#endif /* POLARSSL_ZLIB_SUPPORT */
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
+ ssl->in_msgtype != SSL_MSG_ALERT &&
+ ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
+ ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+ {
+ SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
+
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+ if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
+ {
+ ssl->in_hslen = 4;
+ ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
+
+ SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
+ " %d, type = %d, hslen = %d",
+ ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
+
+ /*
+ * Additional checks to validate the handshake header
+ */
+ if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+ if( ssl->in_msglen < ssl->in_hslen )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+ }
+
+ if( ssl->in_msgtype == SSL_MSG_ALERT )
+ {
+ SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
+ ssl->in_msg[0], ssl->in_msg[1] ) );
+
+ /*
+ * Ignore non-fatal alerts, except close_notify
+ */
+ if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
+ {
+ SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
+ ssl->in_msg[1] ) );
+ /**
+ * Subtract from error code as ssl->in_msg[1] is 7-bit positive
+ * error identifier.
+ */
+ return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE );
+ }
+
+ if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
+ ssl->in_msg[1] == SSL_ALERT_MSG_CLOSE_NOTIFY )
+ {
+ SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
+ return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
+ }
+ }
+
+ ssl->in_left = 0;
+
+ SSL_DEBUG_MSG( 2, ( "<= read record" ) );
+
+ return( 0 );
+}
+
+int ssl_send_fatal_handshake_failure( ssl_context *ssl )
+{
+ int ret;
+
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+int ssl_send_alert_message( ssl_context *ssl,
+ unsigned char level,
+ unsigned char message )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
+
+ ssl->out_msgtype = SSL_MSG_ALERT;
+ ssl->out_msglen = 2;
+ ssl->out_msg[0] = level;
+ ssl->out_msg[1] = message;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
+
+ return( 0 );
+}
+
+/*
+ * Handshake functions
+ */
+#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+int ssl_write_certificate( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ SSL_DEBUG_MSG( 1, ( "should not happen" ) );
+ return( ret );
+}
+
+int ssl_parse_certificate( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ SSL_DEBUG_MSG( 1, ( "should not happen" ) );
+ return( ret );
+}
+#else
+int ssl_write_certificate( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t i, n;
+ const x509_crt *crt;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ if( ssl->endpoint == SSL_IS_CLIENT )
+ {
+ if( ssl->client_auth == 0 )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ /*
+ * If using SSLv3 and got no cert, send an Alert message
+ * (otherwise an empty Certificate message will be sent).
+ */
+ if( ssl_own_cert( ssl ) == NULL &&
+ ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ ssl->out_msglen = 2;
+ ssl->out_msgtype = SSL_MSG_ALERT;
+ ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING;
+ ssl->out_msg[1] = SSL_ALERT_MSG_NO_CERT;
+
+ SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
+ goto write_msg;
+ }
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+ }
+ else /* SSL_IS_SERVER */
+ {
+ if( ssl_own_cert( ssl ) == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
+ return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
+ }
+ }
+
+ SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 6 length of all certs
+ * 7 . 9 length of cert. 1
+ * 10 . n-1 peer certificate
+ * n . n+2 length of cert. 2
+ * n+3 . ... upper level cert, etc.
+ */
+ i = 7;
+ crt = ssl_own_cert( ssl );
+
+ while( crt != NULL )
+ {
+ n = crt->raw.len;
+ if( i + 3 + n > SSL_MAX_CONTENT_LEN )
+ {
+ SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
+ i + 3 + n, SSL_MAX_CONTENT_LEN ) );
+ return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
+ }
+
+ ssl->out_msg[i ] = (unsigned char)( n >> 16 );
+ ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
+ ssl->out_msg[i + 2] = (unsigned char)( n );
+
+ i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
+ i += n; crt = crt->next;
+ }
+
+ ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
+ ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
+ ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
+
+ ssl->out_msglen = i;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_CERTIFICATE;
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+write_msg:
+#endif
+
+ ssl->state++;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
+
+ return( ret );
+}
+
+int ssl_parse_certificate( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t i, n;
+ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ if( ssl->endpoint == SSL_IS_SERVER &&
+ ssl->authmode == SSL_VERIFY_NONE )
+ {
+ ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY;
+ SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ ssl->state++;
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ /*
+ * Check if the client sent an empty certificate
+ */
+ if( ssl->endpoint == SSL_IS_SERVER &&
+ ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ if( ssl->in_msglen == 2 &&
+ ssl->in_msgtype == SSL_MSG_ALERT &&
+ ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
+ ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT )
+ {
+ SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
+
+ ssl->session_negotiate->verify_result = BADCERT_MISSING;
+ if( ssl->authmode == SSL_VERIFY_OPTIONAL )
+ return( 0 );
+ else
+ return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
+ }
+ }
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->endpoint == SSL_IS_SERVER &&
+ ssl->minor_ver != SSL_MINOR_VERSION_0 )
+ {
+ if( ssl->in_hslen == 7 &&
+ ssl->in_msgtype == SSL_MSG_HANDSHAKE &&
+ ssl->in_msg[0] == SSL_HS_CERTIFICATE &&
+ memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
+
+ ssl->session_negotiate->verify_result = BADCERT_MISSING;
+ if( ssl->authmode == SSL_VERIFY_REQUIRED )
+ return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
+ else
+ return( 0 );
+ }
+ }
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
+ POLARSSL_SSL_PROTO_TLS1_2 */
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
+
+ /*
+ * Same message structure as in ssl_write_certificate()
+ */
+ n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6];
+
+ if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
+
+ /* In case we tried to reuse a session but it failed */
+ if( ssl->session_negotiate->peer_cert != NULL )
+ {
+ x509_crt_free( ssl->session_negotiate->peer_cert );
+ polarssl_free( ssl->session_negotiate->peer_cert );
+ }
+
+ if( ( ssl->session_negotiate->peer_cert = (x509_crt *) polarssl_malloc(
+ sizeof( x509_crt ) ) ) == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
+ sizeof( x509_crt ) ) );
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+
+ x509_crt_init( ssl->session_negotiate->peer_cert );
+
+ i = 7;
+
+ while( i < ssl->in_hslen )
+ {
+ if( ssl->in_msg[i] != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
+
+ n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
+ | (unsigned int) ssl->in_msg[i + 2];
+ i += 3;
+
+ if( n < 128 || i + n > ssl->in_hslen )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
+
+ ret = x509_crt_parse_der( ssl->session_negotiate->peer_cert,
+ ssl->in_msg + i, n );
+ if( ret != 0 )
+ {
+ SSL_DEBUG_RET( 1, " x509_crt_parse_der", ret );
+ return( ret );
+ }
+
+ i += n;
+ }
+
+ SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
+
+ if( ssl->authmode != SSL_VERIFY_NONE )
+ {
+ if( ssl->ca_chain == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+ return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED );
+ }
+
+ ret = x509_crt_verify( ssl->session_negotiate->peer_cert,
+ ssl->ca_chain, ssl->ca_crl, ssl->peer_cn,
+ &ssl->session_negotiate->verify_result,
+ ssl->f_vrfy, ssl->p_vrfy );
+
+ if( ret != 0 )
+ SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+
+ if( ssl->authmode != SSL_VERIFY_REQUIRED )
+ ret = 0;
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+
+ return( ret );
+}
+#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+ !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+int ssl_write_change_cipher_spec( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
+
+ ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC;
+ ssl->out_msglen = 1;
+ ssl->out_msg[0] = 1;
+
+ ssl->state++;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
+
+ return( 0 );
+}
+
+int ssl_parse_change_cipher_spec( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
+ }
+
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
+
+ return( 0 );
+}
+
+void ssl_optimize_checksum( ssl_context *ssl,
+ const ssl_ciphersuite_t *ciphersuite_info )
+{
+ ((void) ciphersuite_info);
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
+ ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA512_C)
+ if( ciphersuite_info->mac == POLARSSL_MD_SHA384 )
+ ssl->handshake->update_checksum = ssl_update_checksum_sha384;
+ else
+#endif
+#if defined(POLARSSL_SHA256_C)
+ if( ciphersuite_info->mac != POLARSSL_MD_SHA384 )
+ ssl->handshake->update_checksum = ssl_update_checksum_sha256;
+ else
+#endif
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ /* Should never happen */
+ return;
+}
+
+static void ssl_update_checksum_start( ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ md5_update( &ssl->handshake->fin_md5 , buf, len );
+ sha1_update( &ssl->handshake->fin_sha1, buf, len );
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+ sha256_update( &ssl->handshake->fin_sha256, buf, len );
+#endif
+#if defined(POLARSSL_SHA512_C)
+ sha512_update( &ssl->handshake->fin_sha512, buf, len );
+#endif
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+}
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+static void ssl_update_checksum_md5sha1( ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+ md5_update( &ssl->handshake->fin_md5 , buf, len );
+ sha1_update( &ssl->handshake->fin_sha1, buf, len );
+}
+#endif
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+static void ssl_update_checksum_sha256( ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+ sha256_update( &ssl->handshake->fin_sha256, buf, len );
+}
+#endif
+
+#if defined(POLARSSL_SHA512_C)
+static void ssl_update_checksum_sha384( ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+ sha512_update( &ssl->handshake->fin_sha512, buf, len );
+}
+#endif
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+static void ssl_calc_finished_ssl(
+ ssl_context *ssl, unsigned char *buf, int from )
+{
+ const char *sender;
+ md5_context md5;
+ sha1_context sha1;
+
+ unsigned char padbuf[48];
+ unsigned char md5sum[16];
+ unsigned char sha1sum[20];
+
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
+ SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
+
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
+
+ /*
+ * SSLv3:
+ * hash =
+ * MD5( master + pad2 +
+ * MD5( handshake + sender + master + pad1 ) )
+ * + SHA1( master + pad2 +
+ * SHA1( handshake + sender + master + pad1 ) )
+ */
+
+#if !defined(POLARSSL_MD5_ALT)
+ SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
+ md5.state, sizeof( md5.state ) );
+#endif
+
+#if !defined(POLARSSL_SHA1_ALT)
+ SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
+ sha1.state, sizeof( sha1.state ) );
+#endif
+
+ sender = ( from == SSL_IS_CLIENT ) ? "CLNT"
+ : "SRVR";
+
+ memset( padbuf, 0x36, 48 );
+
+ md5_update( &md5, (const unsigned char *) sender, 4 );
+ md5_update( &md5, session->master, 48 );
+ md5_update( &md5, padbuf, 48 );
+ md5_finish( &md5, md5sum );
+
+ sha1_update( &sha1, (const unsigned char *) sender, 4 );
+ sha1_update( &sha1, session->master, 48 );
+ sha1_update( &sha1, padbuf, 40 );
+ sha1_finish( &sha1, sha1sum );
+
+ memset( padbuf, 0x5C, 48 );
+
+ md5_starts( &md5 );
+ md5_update( &md5, session->master, 48 );
+ md5_update( &md5, padbuf, 48 );
+ md5_update( &md5, md5sum, 16 );
+ md5_finish( &md5, buf );
+
+ sha1_starts( &sha1 );
+ sha1_update( &sha1, session->master, 48 );
+ sha1_update( &sha1, padbuf , 40 );
+ sha1_update( &sha1, sha1sum, 20 );
+ sha1_finish( &sha1, buf + 16 );
+
+ SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
+
+ memset( &md5, 0, sizeof( md5_context ) );
+ memset( &sha1, 0, sizeof( sha1_context ) );
+
+ memset( padbuf, 0, sizeof( padbuf ) );
+ memset( md5sum, 0, sizeof( md5sum ) );
+ memset( sha1sum, 0, sizeof( sha1sum ) );
+
+ SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+}
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
+static void ssl_calc_finished_tls(
+ ssl_context *ssl, unsigned char *buf, int from )
+{
+ int len = 12;
+ const char *sender;
+ md5_context md5;
+ sha1_context sha1;
+ unsigned char padbuf[36];
+
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
+ SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
+
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
+
+ /*
+ * TLSv1:
+ * hash = PRF( master, finished_label,
+ * MD5( handshake ) + SHA1( handshake ) )[0..11]
+ */
+
+#if !defined(POLARSSL_MD5_ALT)
+ SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
+ md5.state, sizeof( md5.state ) );
+#endif
+
+#if !defined(POLARSSL_SHA1_ALT)
+ SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
+ sha1.state, sizeof( sha1.state ) );
+#endif
+
+ sender = ( from == SSL_IS_CLIENT )
+ ? "client finished"
+ : "server finished";
+
+ md5_finish( &md5, padbuf );
+ sha1_finish( &sha1, padbuf + 16 );
+
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 36, buf, len );
+
+ SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+ memset( &md5, 0, sizeof( md5_context ) );
+ memset( &sha1, 0, sizeof( sha1_context ) );
+
+ memset( padbuf, 0, sizeof( padbuf ) );
+
+ SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+}
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 */
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+static void ssl_calc_finished_tls_sha256(
+ ssl_context *ssl, unsigned char *buf, int from )
+{
+ int len = 12;
+ const char *sender;
+ sha256_context sha256;
+ unsigned char padbuf[32];
+
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
+ SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
+
+ memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) );
+
+ /*
+ * TLSv1.2:
+ * hash = PRF( master, finished_label,
+ * Hash( handshake ) )[0.11]
+ */
+
+#if !defined(POLARSSL_SHA256_ALT)
+ SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
+ sha256.state, sizeof( sha256.state ) );
+#endif
+
+ sender = ( from == SSL_IS_CLIENT )
+ ? "client finished"
+ : "server finished";
+
+ sha256_finish( &sha256, padbuf );
+
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 32, buf, len );
+
+ SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+ memset( &sha256, 0, sizeof( sha256_context ) );
+
+ memset( padbuf, 0, sizeof( padbuf ) );
+
+ SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+}
+#endif /* POLARSSL_SHA256_C */
+
+#if defined(POLARSSL_SHA512_C)
+static void ssl_calc_finished_tls_sha384(
+ ssl_context *ssl, unsigned char *buf, int from )
+{
+ int len = 12;
+ const char *sender;
+ sha512_context sha512;
+ unsigned char padbuf[48];
+
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
+ SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
+
+ memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) );
+
+ /*
+ * TLSv1.2:
+ * hash = PRF( master, finished_label,
+ * Hash( handshake ) )[0.11]
+ */
+
+#if !defined(POLARSSL_SHA512_ALT)
+ SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
+ sha512.state, sizeof( sha512.state ) );
+#endif
+
+ sender = ( from == SSL_IS_CLIENT )
+ ? "client finished"
+ : "server finished";
+
+ sha512_finish( &sha512, padbuf );
+
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 48, buf, len );
+
+ SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+ memset( &sha512, 0, sizeof( sha512_context ) );
+
+ memset( padbuf, 0, sizeof( padbuf ) );
+
+ SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+}
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+void ssl_handshake_wrapup( ssl_context *ssl )
+{
+ int resume = ssl->handshake->resume;
+
+ SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+
+ /*
+ * Free our handshake params
+ */
+ ssl_handshake_free( ssl->handshake );
+ polarssl_free( ssl->handshake );
+ ssl->handshake = NULL;
+
+ if( ssl->renegotiation == SSL_RENEGOTIATION )
+ ssl->renegotiation = SSL_RENEGOTIATION_DONE;
+
+ /*
+ * Switch in our now active transform context
+ */
+ if( ssl->transform )
+ {
+ ssl_transform_free( ssl->transform );
+ polarssl_free( ssl->transform );
+ }
+ ssl->transform = ssl->transform_negotiate;
+ ssl->transform_negotiate = NULL;
+
+ if( ssl->session )
+ {
+ ssl_session_free( ssl->session );
+ polarssl_free( ssl->session );
+ }
+ ssl->session = ssl->session_negotiate;
+ ssl->session_negotiate = NULL;
+
+ /*
+ * Add cache entry
+ */
+ if( ssl->f_set_cache != NULL &&
+ ssl->session->length != 0 &&
+ resume == 0 )
+ {
+ if( ssl->f_set_cache( ssl->p_set_cache, ssl->session ) != 0 )
+ SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
+ }
+
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+}
+
+int ssl_write_finished( ssl_context *ssl )
+{
+ int ret, hash_len;
+
+ SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+
+ /*
+ * Set the out_msg pointer to the correct location based on IV length
+ */
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
+ {
+ ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
+ ssl->transform_negotiate->fixed_ivlen;
+ }
+ else
+ ssl->out_msg = ssl->out_iv;
+
+ ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint );
+
+ // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
+ hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
+
+ ssl->verify_data_len = hash_len;
+ memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
+
+ ssl->out_msglen = 4 + hash_len;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_FINISHED;
+
+ /*
+ * In case of session resuming, invert the client and server
+ * ChangeCipherSpec messages order.
+ */
+ if( ssl->handshake->resume != 0 )
+ {
+ if( ssl->endpoint == SSL_IS_CLIENT )
+ ssl->state = SSL_HANDSHAKE_WRAPUP;
+ else
+ ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
+ }
+ else
+ ssl->state++;
+
+ /*
+ * Switch to our negotiated transform and session parameters for outbound data.
+ */
+ SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
+ ssl->transform_out = ssl->transform_negotiate;
+ ssl->session_out = ssl->session_negotiate;
+ memset( ssl->out_ctr, 0, 8 );
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ if( ssl_hw_record_activate != NULL)
+ {
+ if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
+ return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
+ }
+ }
+#endif
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+
+ return( 0 );
+}
+
+int ssl_parse_finished( ssl_context *ssl )
+{
+ int ret;
+ unsigned int hash_len;
+ unsigned char buf[36];
+
+ SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
+
+ ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
+
+ /*
+ * Switch to our negotiated transform and session parameters for inbound data.
+ */
+ SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
+ ssl->transform_in = ssl->transform_negotiate;
+ ssl->session_in = ssl->session_negotiate;
+ memset( ssl->in_ctr, 0, 8 );
+
+ /*
+ * Set the in_msg pointer to the correct location based on IV length
+ */
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
+ {
+ ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
+ ssl->transform_negotiate->fixed_ivlen;
+ }
+ else
+ ssl->in_msg = ssl->in_iv;
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ if( ssl_hw_record_activate != NULL)
+ {
+ if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
+ return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
+ }
+ }
+#endif
+
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
+ hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
+
+ if( ssl->in_msg[0] != SSL_HS_FINISHED ||
+ ssl->in_hslen != 4 + hash_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
+ }
+
+ if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
+ }
+
+ ssl->verify_data_len = hash_len;
+ memcpy( ssl->peer_verify_data, buf, hash_len );
+
+ if( ssl->handshake->resume != 0 )
+ {
+ if( ssl->endpoint == SSL_IS_CLIENT )
+ ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
+
+ if( ssl->endpoint == SSL_IS_SERVER )
+ ssl->state = SSL_HANDSHAKE_WRAPUP;
+ }
+ else
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
+
+ return( 0 );
+}
+
+static int ssl_handshake_init( ssl_context *ssl )
+{
+ if( ssl->transform_negotiate )
+ ssl_transform_free( ssl->transform_negotiate );
+ else
+ {
+ ssl->transform_negotiate =
+ (ssl_transform *) polarssl_malloc( sizeof(ssl_transform) );
+ }
+
+ if( ssl->session_negotiate )
+ ssl_session_free( ssl->session_negotiate );
+ else
+ {
+ ssl->session_negotiate =
+ (ssl_session *) polarssl_malloc( sizeof(ssl_session) );
+ }
+
+ if( ssl->handshake )
+ ssl_handshake_free( ssl->handshake );
+ else
+ {
+ ssl->handshake = (ssl_handshake_params *)
+ polarssl_malloc( sizeof(ssl_handshake_params) );
+ }
+
+ if( ssl->handshake == NULL ||
+ ssl->transform_negotiate == NULL ||
+ ssl->session_negotiate == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) );
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+
+ memset( ssl->handshake, 0, sizeof(ssl_handshake_params) );
+ memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) );
+ memset( ssl->session_negotiate, 0, sizeof(ssl_session) );
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ md5_starts( &ssl->handshake->fin_md5 );
+ sha1_starts( &ssl->handshake->fin_sha1 );
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+ sha256_starts( &ssl->handshake->fin_sha256, 0 );
+#endif
+#if defined(POLARSSL_SHA512_C)
+ sha512_starts( &ssl->handshake->fin_sha512, 1 );
+#endif
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+ ssl->handshake->update_checksum = ssl_update_checksum_start;
+ ssl->handshake->sig_alg = SSL_HASH_SHA1;
+
+#if defined(POLARSSL_ECDH_C)
+ ecdh_init( &ssl->handshake->ecdh_ctx );
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ ssl->handshake->key_cert = ssl->key_cert;
+#endif
+
+ return( 0 );
+}
+
+/*
+ * Initialize an SSL context
+ */
+int ssl_init( ssl_context *ssl )
+{
+ int ret;
+ int len = SSL_BUFFER_LEN;
+
+ memset( ssl, 0, sizeof( ssl_context ) );
+
+ /*
+ * Sane defaults
+ */
+ ssl->min_major_ver = SSL_MIN_MAJOR_VERSION;
+ ssl->min_minor_ver = SSL_MIN_MINOR_VERSION;
+ ssl->max_major_ver = SSL_MAX_MAJOR_VERSION;
+ ssl->max_minor_ver = SSL_MAX_MINOR_VERSION;
+
+ ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
+
+#if defined(POLARSSL_DHM_C)
+ if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
+ POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
+ ( ret = mpi_read_string( &ssl->dhm_G, 16,
+ POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "mpi_read_string", ret );
+ return( ret );
+ }
+#endif
+
+ /*
+ * Prepare base structures
+ */
+ ssl->in_ctr = (unsigned char *) polarssl_malloc( len );
+ ssl->in_hdr = ssl->in_ctr + 8;
+ ssl->in_iv = ssl->in_ctr + 13;
+ ssl->in_msg = ssl->in_ctr + 13;
+
+ if( ssl->in_ctr == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+
+ ssl->out_ctr = (unsigned char *) polarssl_malloc( len );
+ ssl->out_hdr = ssl->out_ctr + 8;
+ ssl->out_iv = ssl->out_ctr + 13;
+ ssl->out_msg = ssl->out_ctr + 13;
+
+ if( ssl->out_ctr == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
+ polarssl_free( ssl-> in_ctr );
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+
+ memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
+ memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
+#endif
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+/*
+ * Reset an initialized and used SSL context for re-use while retaining
+ * all application-set variables, function pointers and data.
+ */
+int ssl_session_reset( ssl_context *ssl )
+{
+ int ret;
+
+ ssl->state = SSL_HELLO_REQUEST;
+ ssl->renegotiation = SSL_INITIAL_HANDSHAKE;
+ ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;
+
+ ssl->verify_data_len = 0;
+ memset( ssl->own_verify_data, 0, 36 );
+ memset( ssl->peer_verify_data, 0, 36 );
+
+ ssl->in_offt = NULL;
+
+ ssl->in_msg = ssl->in_ctr + 13;
+ ssl->in_msgtype = 0;
+ ssl->in_msglen = 0;
+ ssl->in_left = 0;
+
+ ssl->in_hslen = 0;
+ ssl->nb_zero = 0;
+ ssl->record_read = 0;
+
+ ssl->out_msg = ssl->out_ctr + 13;
+ ssl->out_msgtype = 0;
+ ssl->out_msglen = 0;
+ ssl->out_left = 0;
+
+ ssl->transform_in = NULL;
+ ssl->transform_out = NULL;
+
+ memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
+ memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ if( ssl_hw_record_reset != NULL)
+ {
+ SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) );
+ if( ( ret = ssl_hw_record_reset( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_hw_record_reset", ret );
+ return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
+ }
+ }
+#endif
+
+ if( ssl->transform )
+ {
+ ssl_transform_free( ssl->transform );
+ polarssl_free( ssl->transform );
+ ssl->transform = NULL;
+ }
+
+ if( ssl->session )
+ {
+ ssl_session_free( ssl->session );
+ polarssl_free( ssl->session );
+ ssl->session = NULL;
+ }
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+/*
+ * Allocate and initialize ticket keys
+ */
+static int ssl_ticket_keys_init( ssl_context *ssl )
+{
+ int ret;
+ ssl_ticket_keys *tkeys;
+ unsigned char buf[16];
+
+ if( ssl->ticket_keys != NULL )
+ return( 0 );
+
+ tkeys = (ssl_ticket_keys *) polarssl_malloc( sizeof(ssl_ticket_keys) );
+ if( tkeys == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 )
+ return( ret );
+
+ if( ( ret = ssl->f_rng( ssl->p_rng, buf, 16 ) ) != 0 ||
+ ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
+ ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
+ return( ret );
+
+ ssl->ticket_keys = tkeys;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+/*
+ * SSL set accessors
+ */
+void ssl_set_endpoint( ssl_context *ssl, int endpoint )
+{
+ ssl->endpoint = endpoint;
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ if( endpoint == SSL_IS_CLIENT )
+ ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
+#endif
+}
+
+void ssl_set_authmode( ssl_context *ssl, int authmode )
+{
+ ssl->authmode = authmode;
+}
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+void ssl_set_verify( ssl_context *ssl,
+ int (*f_vrfy)(void *, x509_crt *, int, int *),
+ void *p_vrfy )
+{
+ ssl->f_vrfy = f_vrfy;
+ ssl->p_vrfy = p_vrfy;
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+void ssl_set_rng( ssl_context *ssl,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ ssl->f_rng = f_rng;
+ ssl->p_rng = p_rng;
+}
+
+void ssl_set_dbg( ssl_context *ssl,
+ void (*f_dbg)(void *, int, const char *),
+ void *p_dbg )
+{
+ ssl->f_dbg = f_dbg;
+ ssl->p_dbg = p_dbg;
+}
+
+void ssl_set_bio( ssl_context *ssl,
+ int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
+ int (*f_send)(void *, const unsigned char *, size_t), void *p_send )
+{
+ ssl->f_recv = f_recv;
+ ssl->f_send = f_send;
+ ssl->p_recv = p_recv;
+ ssl->p_send = p_send;
+}
+
+void ssl_set_session_cache( ssl_context *ssl,
+ int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
+ int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
+{
+ ssl->f_get_cache = f_get_cache;
+ ssl->p_get_cache = p_get_cache;
+ ssl->f_set_cache = f_set_cache;
+ ssl->p_set_cache = p_set_cache;
+}
+
+int ssl_set_session( ssl_context *ssl, const ssl_session *session )
+{
+ int ret;
+
+ if( ssl == NULL ||
+ session == NULL ||
+ ssl->session_negotiate == NULL ||
+ ssl->endpoint != SSL_IS_CLIENT )
+ {
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
+ return( ret );
+
+ ssl->handshake->resume = 1;
+
+ return( 0 );
+}
+
+void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
+{
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_0] = ciphersuites;
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_1] = ciphersuites;
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_2] = ciphersuites;
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_3] = ciphersuites;
+}
+
+void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites,
+ int major, int minor )
+{
+ if( major != SSL_MAJOR_VERSION_3 )
+ return;
+
+ if( minor < SSL_MINOR_VERSION_0 || minor > SSL_MINOR_VERSION_3 )
+ return;
+
+ ssl->ciphersuite_list[minor] = ciphersuites;
+}
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/* Add a new (empty) key_cert entry an return a pointer to it */
+static ssl_key_cert *ssl_add_key_cert( ssl_context *ssl )
+{
+ ssl_key_cert *key_cert, *last;
+
+ key_cert = (ssl_key_cert *) polarssl_malloc( sizeof(ssl_key_cert) );
+ if( key_cert == NULL )
+ return( NULL );
+
+ memset( key_cert, 0, sizeof( ssl_key_cert ) );
+
+ /* Append the new key_cert to the (possibly empty) current list */
+ if( ssl->key_cert == NULL )
+ {
+ ssl->key_cert = key_cert;
+ ssl->handshake->key_cert = key_cert;
+ }
+ else
+ {
+ last = ssl->key_cert;
+ while( last->next != NULL )
+ last = last->next;
+ last->next = key_cert;
+ }
+
+ return key_cert;
+}
+
+void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
+ x509_crl *ca_crl, const char *peer_cn )
+{
+ ssl->ca_chain = ca_chain;
+ ssl->ca_crl = ca_crl;
+ ssl->peer_cn = peer_cn;
+}
+
+int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
+ pk_context *pk_key )
+{
+ ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
+
+ if( key_cert == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ key_cert->cert = own_cert;
+ key_cert->key = pk_key;
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_RSA_C)
+int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
+ rsa_context *rsa_key )
+{
+ int ret;
+ ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
+
+ if( key_cert == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
+ if( key_cert->key == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ pk_init( key_cert->key );
+
+ ret = pk_init_ctx( key_cert->key, pk_info_from_type( POLARSSL_PK_RSA ) );
+ if( ret != 0 )
+ return( ret );
+
+ if( ( ret = rsa_copy( pk_rsa( *key_cert->key ), rsa_key ) ) != 0 )
+ return( ret );
+
+ key_cert->cert = own_cert;
+ key_cert->key_own_alloc = 1;
+
+ return( 0 );
+}
+#endif /* POLARSSL_RSA_C */
+
+int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
+ void *rsa_key,
+ rsa_decrypt_func rsa_decrypt,
+ rsa_sign_func rsa_sign,
+ rsa_key_len_func rsa_key_len )
+{
+ int ret;
+ ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
+
+ if( key_cert == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
+ if( key_cert->key == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ pk_init( key_cert->key );
+
+ if( ( ret = pk_init_ctx_rsa_alt( key_cert->key, rsa_key,
+ rsa_decrypt, rsa_sign, rsa_key_len ) ) != 0 )
+ return( ret );
+
+ key_cert->cert = own_cert;
+ key_cert->key_own_alloc = 1;
+
+ return( 0 );
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
+ const unsigned char *psk_identity, size_t psk_identity_len )
+{
+ if( psk == NULL || psk_identity == NULL )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ if( ssl->psk != NULL )
+ {
+ polarssl_free( ssl->psk );
+ polarssl_free( ssl->psk_identity );
+ }
+
+ ssl->psk_len = psk_len;
+ ssl->psk_identity_len = psk_identity_len;
+
+ ssl->psk = (unsigned char *) polarssl_malloc( ssl->psk_len );
+ ssl->psk_identity = (unsigned char *) polarssl_malloc( ssl->psk_identity_len );
+
+ if( ssl->psk == NULL || ssl->psk_identity == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ memcpy( ssl->psk, psk, ssl->psk_len );
+ memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len );
+
+ return( 0 );
+}
+
+void ssl_set_psk_cb( ssl_context *ssl,
+ int (*f_psk)(void *, ssl_context *, const unsigned char *,
+ size_t),
+ void *p_psk )
+{
+ ssl->f_psk = f_psk;
+ ssl->p_psk = p_psk;
+}
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(POLARSSL_DHM_C)
+int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
+{
+ int ret;
+
+ if( ( ret = mpi_read_string( &ssl->dhm_P, 16, dhm_P ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "mpi_read_string", ret );
+ return( ret );
+ }
+
+ if( ( ret = mpi_read_string( &ssl->dhm_G, 16, dhm_G ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "mpi_read_string", ret );
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx )
+{
+ int ret;
+
+ if( ( ret = mpi_copy(&ssl->dhm_P, &dhm_ctx->P) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "mpi_copy", ret );
+ return( ret );
+ }
+
+ if( ( ret = mpi_copy(&ssl->dhm_G, &dhm_ctx->G) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "mpi_copy", ret );
+ return( ret );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_DHM_C */
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+int ssl_set_hostname( ssl_context *ssl, const char *hostname )
+{
+ if( hostname == NULL )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->hostname_len = strlen( hostname );
+
+ if( ssl->hostname_len + 1 == 0 )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 );
+
+ if( ssl->hostname == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ memcpy( ssl->hostname, (const unsigned char *) hostname,
+ ssl->hostname_len );
+
+ ssl->hostname[ssl->hostname_len] = '\0';
+
+ return( 0 );
+}
+
+void ssl_set_sni( ssl_context *ssl,
+ int (*f_sni)(void *, ssl_context *,
+ const unsigned char *, size_t),
+ void *p_sni )
+{
+ ssl->f_sni = f_sni;
+ ssl->p_sni = p_sni;
+}
+#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
+
+void ssl_set_max_version( ssl_context *ssl, int major, int minor )
+{
+ if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
+ minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
+ {
+ ssl->max_major_ver = major;
+ ssl->max_minor_ver = minor;
+ }
+}
+
+void ssl_set_min_version( ssl_context *ssl, int major, int minor )
+{
+ if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
+ minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
+ {
+ ssl->min_major_ver = major;
+ ssl->min_minor_ver = minor;
+ }
+}
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
+{
+ if( mfl_code >= sizeof( mfl_code_to_length ) ||
+ mfl_code_to_length[mfl_code] > SSL_MAX_CONTENT_LEN )
+ {
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ ssl->mfl_code = mfl_code;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
+{
+ if( ssl->endpoint != SSL_IS_CLIENT )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->trunc_hmac = truncate;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
+{
+ ssl->disable_renegotiation = renegotiation;
+}
+
+void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
+{
+ ssl->allow_legacy_renegotiation = allow_legacy;
+}
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
+{
+ ssl->session_tickets = use_tickets;
+
+ if( ssl->endpoint == SSL_IS_CLIENT )
+ return( 0 );
+
+ if( ssl->f_rng == NULL )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ return( ssl_ticket_keys_init( ssl ) );
+}
+
+void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime )
+{
+ ssl->ticket_lifetime = lifetime;
+}
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+/*
+ * SSL get accessors
+ */
+size_t ssl_get_bytes_avail( const ssl_context *ssl )
+{
+ return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
+}
+
+int ssl_get_verify_result( const ssl_context *ssl )
+{
+ return( ssl->session->verify_result );
+}
+
+const char *ssl_get_ciphersuite( const ssl_context *ssl )
+{
+ if( ssl == NULL || ssl->session == NULL )
+ return NULL;
+
+ return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
+}
+
+const char *ssl_get_version( const ssl_context *ssl )
+{
+ switch( ssl->minor_ver )
+ {
+ case SSL_MINOR_VERSION_0:
+ return( "SSLv3.0" );
+
+ case SSL_MINOR_VERSION_1:
+ return( "TLSv1.0" );
+
+ case SSL_MINOR_VERSION_2:
+ return( "TLSv1.1" );
+
+ case SSL_MINOR_VERSION_3:
+ return( "TLSv1.2" );
+
+ default:
+ break;
+ }
+ return( "unknown" );
+}
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
+{
+ if( ssl == NULL || ssl->session == NULL )
+ return NULL;
+
+ return ssl->session->peer_cert;
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
+{
+ if( ssl == NULL ||
+ dst == NULL ||
+ ssl->session == NULL ||
+ ssl->endpoint != SSL_IS_CLIENT )
+ {
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ return( ssl_session_copy( dst, ssl->session ) );
+}
+
+/*
+ * Perform a single step of the SSL handshake
+ */
+int ssl_handshake_step( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+
+#if defined(POLARSSL_SSL_CLI_C)
+ if( ssl->endpoint == SSL_IS_CLIENT )
+ ret = ssl_handshake_client_step( ssl );
+#endif
+
+#if defined(POLARSSL_SSL_SRV_C)
+ if( ssl->endpoint == SSL_IS_SERVER )
+ ret = ssl_handshake_server_step( ssl );
+#endif
+
+ return( ret );
+}
+
+/*
+ * Perform the SSL handshake
+ */
+int ssl_handshake( ssl_context *ssl )
+{
+ int ret = 0;
+
+ SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
+
+ while( ssl->state != SSL_HANDSHAKE_OVER )
+ {
+ ret = ssl_handshake_step( ssl );
+
+ if( ret != 0 )
+ break;
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
+
+ return( ret );
+}
+
+#if defined(POLARSSL_SSL_SRV_C)
+/*
+ * Write HelloRequest to request renegotiation on server
+ */
+static int ssl_write_hello_request( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+
+ ssl->out_msglen = 4;
+ ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = SSL_HS_HELLO_REQUEST;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
+
+ SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_SRV_C */
+
+/*
+ * Actually renegotiate current connection, triggered by either:
+ * - calling ssl_renegotiate() on client,
+ * - receiving a HelloRequest on client during ssl_read(),
+ * - receiving any handshake message on server during ssl_read() after the
+ * initial handshake is completed
+ * If the handshake doesn't complete due to waiting for I/O, it will continue
+ * during the next calls to ssl_renegotiate() or ssl_read() respectively.
+ */
+static int ssl_start_renegotiation( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
+
+ ssl->state = SSL_HELLO_REQUEST;
+ ssl->renegotiation = SSL_RENEGOTIATION;
+
+ if( ( ret = ssl_handshake( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_handshake", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
+
+ return( 0 );
+}
+
+/*
+ * Renegotiate current connection on client,
+ * or request renegotiation on server
+ */
+int ssl_renegotiate( ssl_context *ssl )
+{
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+
+#if defined(POLARSSL_SSL_SRV_C)
+ /* On server, just send the request */
+ if( ssl->endpoint == SSL_IS_SERVER )
+ {
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ return( ssl_write_hello_request( ssl ) );
+ }
+#endif /* POLARSSL_SSL_SRV_C */
+
+#if defined(POLARSSL_SSL_CLI_C)
+ /*
+ * On client, either start the renegotiation process or,
+ * if already in progress, continue the handshake
+ */
+ if( ssl->renegotiation != SSL_RENEGOTIATION )
+ {
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
+ return( ret );
+ }
+ }
+ else
+ {
+ if( ( ret = ssl_handshake( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_handshake", ret );
+ return( ret );
+ }
+ }
+#endif /* POLARSSL_SSL_CLI_C */
+
+ return( ret );
+}
+
+/*
+ * Receive application data decrypted from the SSL layer
+ */
+int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
+{
+ int ret;
+ size_t n;
+
+ SSL_DEBUG_MSG( 2, ( "=> read" ) );
+
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ {
+ if( ( ret = ssl_handshake( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_handshake", ret );
+ return( ret );
+ }
+ }
+
+ if( ssl->in_offt == NULL )
+ {
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_SSL_CONN_EOF )
+ return( 0 );
+
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+
+ if( ssl->in_msglen == 0 &&
+ ssl->in_msgtype == SSL_MSG_APPLICATION_DATA )
+ {
+ /*
+ * OpenSSL sends empty messages to randomize the IV
+ */
+ if( ( ret = ssl_read_record( ssl ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_SSL_CONN_EOF )
+ return( 0 );
+
+ SSL_DEBUG_RET( 1, "ssl_read_record", ret );
+ return( ret );
+ }
+ }
+
+ if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
+
+ if( ssl->endpoint == SSL_IS_CLIENT &&
+ ( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
+ ssl->in_hslen != 4 ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
+ ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION ) )
+ {
+ SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) );
+
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ /*
+ * SSLv3 does not have a "no_renegotiation" alert
+ */
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+ }
+ else
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
+ {
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_WARNING,
+ SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
+ {
+ return( ret );
+ }
+ }
+ else
+#endif
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+ }
+ else
+ {
+ if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
+ return( ret );
+ }
+
+ return( POLARSSL_ERR_NET_WANT_READ );
+ }
+ }
+ else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+ {
+ SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
+ "but not honored by client" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+ else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ ssl->in_offt = ssl->in_msg;
+ }
+
+ n = ( len < ssl->in_msglen )
+ ? len : ssl->in_msglen;
+
+ memcpy( buf, ssl->in_offt, n );
+ ssl->in_msglen -= n;
+
+ if( ssl->in_msglen == 0 )
+ /* all bytes consumed */
+ ssl->in_offt = NULL;
+ else
+ /* more data available */
+ ssl->in_offt += n;
+
+ SSL_DEBUG_MSG( 2, ( "<= read" ) );
+
+ return( (int) n );
+}
+
+/*
+ * Send application data to be encrypted by the SSL layer
+ */
+int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
+{
+ int ret;
+ size_t n;
+ unsigned int max_len = SSL_MAX_CONTENT_LEN;
+
+ SSL_DEBUG_MSG( 2, ( "=> write" ) );
+
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ {
+ if( ( ret = ssl_handshake( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_handshake", ret );
+ return( ret );
+ }
+ }
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ /*
+ * Assume mfl_code is correct since it was checked when set
+ */
+ max_len = mfl_code_to_length[ssl->mfl_code];
+
+ /*
+ * Check if a smaller max length was negotiated
+ */
+ if( ssl->session_out != NULL &&
+ mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
+ {
+ max_len = mfl_code_to_length[ssl->session_out->mfl_code];
+ }
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+ n = ( len < max_len) ? len : max_len;
+
+ if( ssl->out_left != 0 )
+ {
+ if( ( ret = ssl_flush_output( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
+ return( ret );
+ }
+ }
+ else
+ {
+ ssl->out_msglen = n;
+ ssl->out_msgtype = SSL_MSG_APPLICATION_DATA;
+ memcpy( ssl->out_msg, buf, n );
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write" ) );
+
+ return( (int) n );
+}
+
+/*
+ * Notify the peer that the connection is being closed
+ */
+int ssl_close_notify( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
+
+ if( ( ret = ssl_flush_output( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
+ return( ret );
+ }
+
+ if( ssl->state == SSL_HANDSHAKE_OVER )
+ {
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_WARNING,
+ SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
+ {
+ return( ret );
+ }
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
+
+ return( ret );
+}
+
+void ssl_transform_free( ssl_transform *transform )
+{
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ deflateEnd( &transform->ctx_deflate );
+ inflateEnd( &transform->ctx_inflate );
+#endif
+
+ cipher_free_ctx( &transform->cipher_ctx_enc );
+ cipher_free_ctx( &transform->cipher_ctx_dec );
+
+ md_free_ctx( &transform->md_ctx_enc );
+ md_free_ctx( &transform->md_ctx_dec );
+
+ memset( transform, 0, sizeof( ssl_transform ) );
+}
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+static void ssl_key_cert_free( ssl_key_cert *key_cert )
+{
+ ssl_key_cert *cur = key_cert, *next;
+
+ while( cur != NULL )
+ {
+ next = cur->next;
+
+ if( cur->key_own_alloc )
+ {
+ pk_free( cur->key );
+ polarssl_free( cur->key );
+ }
+ polarssl_free( cur );
+
+ cur = next;
+ }
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+void ssl_handshake_free( ssl_handshake_params *handshake )
+{
+#if defined(POLARSSL_DHM_C)
+ dhm_free( &handshake->dhm_ctx );
+#endif
+#if defined(POLARSSL_ECDH_C)
+ ecdh_free( &handshake->ecdh_ctx );
+#endif
+
+#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ /* explicit void pointer cast for buggy MS compiler */
+ polarssl_free( (void *) handshake->curves );
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C) && \
+ defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ /*
+ * Free only the linked list wrapper, not the keys themselves
+ * since the belong to the SNI callback
+ */
+ if( handshake->sni_key_cert != NULL )
+ {
+ ssl_key_cert *cur = handshake->sni_key_cert, *next;
+
+ while( cur != NULL )
+ {
+ next = cur->next;
+ polarssl_free( cur );
+ cur = next;
+ }
+ }
+#endif
+
+ memset( handshake, 0, sizeof( ssl_handshake_params ) );
+}
+
+void ssl_session_free( ssl_session *session )
+{
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( session->peer_cert != NULL )
+ {
+ x509_crt_free( session->peer_cert );
+ polarssl_free( session->peer_cert );
+ }
+#endif
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ polarssl_free( session->ticket );
+#endif
+
+ memset( session, 0, sizeof( ssl_session ) );
+}
+
+/*
+ * Free an SSL context
+ */
+void ssl_free( ssl_context *ssl )
+{
+ SSL_DEBUG_MSG( 2, ( "=> free" ) );
+
+ if( ssl->out_ctr != NULL )
+ {
+ memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
+ polarssl_free( ssl->out_ctr );
+ }
+
+ if( ssl->in_ctr != NULL )
+ {
+ memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
+ polarssl_free( ssl->in_ctr );
+ }
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ if( ssl->compress_buf != NULL )
+ {
+ memset( ssl->compress_buf, 0, SSL_BUFFER_LEN );
+ polarssl_free( ssl->compress_buf );
+ }
+#endif
+
+#if defined(POLARSSL_DHM_C)
+ mpi_free( &ssl->dhm_P );
+ mpi_free( &ssl->dhm_G );
+#endif
+
+ if( ssl->transform )
+ {
+ ssl_transform_free( ssl->transform );
+ polarssl_free( ssl->transform );
+ }
+
+ if( ssl->handshake )
+ {
+ ssl_handshake_free( ssl->handshake );
+ ssl_transform_free( ssl->transform_negotiate );
+ ssl_session_free( ssl->session_negotiate );
+
+ polarssl_free( ssl->handshake );
+ polarssl_free( ssl->transform_negotiate );
+ polarssl_free( ssl->session_negotiate );
+ }
+
+ if( ssl->session )
+ {
+ ssl_session_free( ssl->session );
+ polarssl_free( ssl->session );
+ }
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ polarssl_free( ssl->ticket_keys );
+#endif
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ if ( ssl->hostname != NULL )
+ {
+ memset( ssl->hostname, 0, ssl->hostname_len );
+ polarssl_free( ssl->hostname );
+ ssl->hostname_len = 0;
+ }
+#endif
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( ssl->psk != NULL )
+ {
+ memset( ssl->psk, 0, ssl->psk_len );
+ memset( ssl->psk_identity, 0, ssl->psk_identity_len );
+ polarssl_free( ssl->psk );
+ polarssl_free( ssl->psk_identity );
+ ssl->psk_len = 0;
+ ssl->psk_identity_len = 0;
+ }
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ ssl_key_cert_free( ssl->key_cert );
+#endif
+
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ if( ssl_hw_record_finish != NULL )
+ {
+ SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_finish()" ) );
+ ssl_hw_record_finish( ssl );
+ }
+#endif
+
+ SSL_DEBUG_MSG( 2, ( "<= free" ) );
+
+ /* Actually clear after last debug message */
+ memset( ssl, 0, sizeof( ssl_context ) );
+}
+
+#if defined(POLARSSL_PK_C)
+/*
+ * Convert between POLARSSL_PK_XXX and SSL_SIG_XXX
+ */
+unsigned char ssl_sig_from_pk( pk_context *pk )
+{
+#if defined(POLARSSL_RSA_C)
+ if( pk_can_do( pk, POLARSSL_PK_RSA ) )
+ return( SSL_SIG_RSA );
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ if( pk_can_do( pk, POLARSSL_PK_ECDSA ) )
+ return( SSL_SIG_ECDSA );
+#endif
+ return( SSL_SIG_ANON );
+}
+
+pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
+{
+ switch( sig )
+ {
+#if defined(POLARSSL_RSA_C)
+ case SSL_SIG_RSA:
+ return( POLARSSL_PK_RSA );
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ case SSL_SIG_ECDSA:
+ return( POLARSSL_PK_ECDSA );
+#endif
+ default:
+ return( POLARSSL_PK_NONE );
+ }
+}
+#endif
+
+/*
+ * Convert between SSL_HASH_XXX and POLARSSL_MD_XXX
+ */
+md_type_t ssl_md_alg_from_hash( unsigned char hash )
+{
+ switch( hash )
+ {
+#if defined(POLARSSL_MD5_C)
+ case SSL_HASH_MD5:
+ return( POLARSSL_MD_MD5 );
+#endif
+#if defined(POLARSSL_SHA1_C)
+ case SSL_HASH_SHA1:
+ return( POLARSSL_MD_SHA1 );
+#endif
+#if defined(POLARSSL_SHA256_C)
+ case SSL_HASH_SHA224:
+ return( POLARSSL_MD_SHA224 );
+ case SSL_HASH_SHA256:
+ return( POLARSSL_MD_SHA256 );
+#endif
+#if defined(POLARSSL_SHA512_C)
+ case SSL_HASH_SHA384:
+ return( POLARSSL_MD_SHA384 );
+ case SSL_HASH_SHA512:
+ return( POLARSSL_MD_SHA512 );
+#endif
+ default:
+ return( POLARSSL_MD_NONE );
+ }
+}
+
+#endif
--- /dev/null
+/*
+ * Threading abstraction layer
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_THREADING_C)
+
+#include "polarssl/threading.h"
+
+#if defined(POLARSSL_THREADING_DUMMY)
+static int threading_mutex_init_dummy( threading_mutex_t *mutex )
+{
+ ((void) mutex );
+ return( 0 );
+}
+
+static int threading_mutex_free_dummy( threading_mutex_t *mutex )
+{
+ ((void) mutex );
+ return( 0 );
+}
+
+static int threading_mutex_lock_dummy( threading_mutex_t *mutex )
+{
+ ((void) mutex );
+ return( 0 );
+}
+
+static int threading_mutex_unlock_dummy( threading_mutex_t *mutex )
+{
+ ((void) mutex );
+ return( 0 );
+}
+
+int (*polarssl_mutex_init)( threading_mutex_t * ) = threading_mutex_init_dummy;
+int (*polarssl_mutex_free)( threading_mutex_t * ) = threading_mutex_free_dummy;
+int (*polarssl_mutex_lock)( threading_mutex_t * ) = threading_mutex_lock_dummy;
+int (*polarssl_mutex_unlock)( threading_mutex_t * ) = threading_mutex_unlock_dummy;
+#endif /* POLARSSL_THREADING_DUMMY */
+
+#if defined(POLARSSL_THREADING_PTHREAD)
+static int threading_mutex_init_pthread( threading_mutex_t *mutex )
+{
+ if( mutex == NULL )
+ return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+ if( pthread_mutex_init( mutex, NULL ) != 0 )
+ return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+ return( 0 );
+}
+
+static int threading_mutex_free_pthread( threading_mutex_t *mutex )
+{
+ if( mutex == NULL )
+ return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+ if( pthread_mutex_destroy( mutex ) != 0 )
+ return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+ return( 0 );
+}
+
+static int threading_mutex_lock_pthread( threading_mutex_t *mutex )
+{
+ if( mutex == NULL )
+ return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+ if( pthread_mutex_lock( mutex ) != 0 )
+ return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+ return( 0 );
+}
+
+static int threading_mutex_unlock_pthread( threading_mutex_t *mutex )
+{
+ if( mutex == NULL )
+ return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+ if( pthread_mutex_unlock( mutex ) != 0 )
+ return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+ return( 0 );
+}
+
+int (*polarssl_mutex_init)( threading_mutex_t * ) = threading_mutex_init_pthread;
+int (*polarssl_mutex_free)( threading_mutex_t * ) = threading_mutex_free_pthread;
+int (*polarssl_mutex_lock)( threading_mutex_t * ) = threading_mutex_lock_pthread;
+int (*polarssl_mutex_unlock)( threading_mutex_t * ) = threading_mutex_unlock_pthread;
+#endif /* POLARSSL_THREADING_PTHREAD */
+
+#if defined(POLARSSL_THREADING_ALT)
+int (*polarssl_mutex_init)( threading_mutex_t * ) = NULL;
+int (*polarssl_mutex_free)( threading_mutex_t * ) = NULL;
+int (*polarssl_mutex_lock)( threading_mutex_t * ) = NULL;
+int (*polarssl_mutex_unlock)( threading_mutex_t * ) = NULL;
+
+int threading_set_alt( int (*mutex_init)( threading_mutex_t * ),
+ int (*mutex_free)( threading_mutex_t * ),
+ int (*mutex_lock)( threading_mutex_t * ),
+ int (*mutex_unlock)( threading_mutex_t * ) )
+{
+ polarssl_mutex_init = mutex_init;
+ polarssl_mutex_free = mutex_free;
+ polarssl_mutex_lock = mutex_lock;
+ polarssl_mutex_unlock = mutex_unlock;
+
+ return( 0 );
+}
+#endif /* POLARSSL_THREADING_ALT_C */
+
+#endif /* POLARSSL_THREADING_C */
#include "polarssl/timing.h"
-#if defined(_WIN32)
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#include <winbase.h>
#endif
-#if defined(POLARSSL_HAVE_ASM) && \
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
(defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
+#define POLARSSL_HAVE_HARDCLOCK
+
unsigned long hardclock( void )
{
unsigned long tsc;
__asm mov [tsc], eax
return( tsc );
}
+#endif
-#else
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__)
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__i386__)
+
+#define POLARSSL_HAVE_HARDCLOCK
unsigned long hardclock( void )
{
asm( "rdtsc" : "=a" (lo), "=d" (hi) );
return( lo );
}
+#endif
-#else
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && \
- (defined(__amd64__) || defined(__x86_64__))
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
+ defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__))
+
+#define POLARSSL_HAVE_HARDCLOCK
unsigned long hardclock( void )
{
asm( "rdtsc" : "=a" (lo), "=d" (hi) );
return( lo | (hi << 32) );
}
+#endif
-#else
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && \
- (defined(__powerpc__) || defined(__ppc__))
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
+ defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__))
+
+#define POLARSSL_HAVE_HARDCLOCK
unsigned long hardclock( void )
{
return( tbl );
}
+#endif
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__sparc64__)
+
+#if defined(__OpenBSD__)
+#warning OpenBSD does not allow access to tick register using software version instead
#else
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__sparc__)
+#define POLARSSL_HAVE_HARDCLOCK
+
+unsigned long hardclock( void )
+{
+ unsigned long tick;
+ asm( "rdpr %%tick, %0;" : "=&r" (tick) );
+ return( tick );
+}
+#endif
+#endif
+
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__)
+
+#define POLARSSL_HAVE_HARDCLOCK
unsigned long hardclock( void )
{
asm( "mov %%g1, %0" : "=r" (tick) );
return( tick );
}
+#endif
-#else
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__alpha__)
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__alpha__)
+
+#define POLARSSL_HAVE_HARDCLOCK
unsigned long hardclock( void )
{
asm( "rpcc %0" : "=r" (cc) );
return( cc & 0xFFFFFFFF );
}
+#endif
-#else
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__ia64__)
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__ia64__)
+
+#define POLARSSL_HAVE_HARDCLOCK
unsigned long hardclock( void )
{
asm( "mov %0 = ar.itc" : "=r" (itc) );
return( itc );
}
+#endif
-#else
-#if defined(_MSC_VER)
+#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(_MSC_VER) && \
+ !defined(EFIX64) && !defined(EFI32)
+
+#define POLARSSL_HAVE_HARDCLOCK
unsigned long hardclock( void )
{
LARGE_INTEGER offset;
-
+
QueryPerformanceCounter( &offset );
return (unsigned long)( offset.QuadPart );
}
+#endif
-#else
+#if !defined(POLARSSL_HAVE_HARDCLOCK)
+
+#define POLARSSL_HAVE_HARDCLOCK
static int hardclock_init = 0;
static struct timeval tv_init;
return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000
+ ( tv_cur.tv_usec - tv_init.tv_usec ) );
}
-
-#endif /* generic */
-#endif /* WIN32 */
-#endif /* IA-64 */
-#endif /* Alpha */
-#endif /* SPARC8 */
-#endif /* PowerPC */
-#endif /* AMD64 */
-#endif /* i586+ */
+#endif
volatile int alarmed = 0;
-#if defined(_WIN32)
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
unsigned long get_timer( struct hr_time *val, int reset )
{
return( delta );
}
+#if defined(INTEGRITY)
+void m_sleep( int milliseconds )
+{
+ usleep( milliseconds * 1000 );
+}
+
+#else
+
static void sighandler( int signum )
{
alarmed = 1;
select( 0, NULL, NULL, NULL, &tv );
}
+#endif /* INTEGRITY */
#endif
--- /dev/null
+/*
+ * X.509 certificate and private key decoding
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ * http://www.ietf.org/rfc/rfc3279.txt
+ * http://www.ietf.org/rfc/rfc3280.txt
+ *
+ * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_X509_USE_C)
+
+#include "polarssl/x509.h"
+#include "polarssl/asn1.h"
+#include "polarssl/oid.h"
+#if defined(POLARSSL_PEM_PARSE_C)
+#include "polarssl/pem.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#include <windows.h>
+#else
+#include <time.h>
+#endif
+
+#if defined(EFIX64) || defined(EFI32)
+#include <stdio.h>
+#endif
+
+#if defined(POLARSSL_FS_IO)
+#include <stdio.h>
+#if !defined(_WIN32)
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#endif
+#endif
+
+/*
+ * CertificateSerialNumber ::= INTEGER
+ */
+int x509_get_serial( unsigned char **p, const unsigned char *end,
+ x509_buf *serial )
+{
+ int ret;
+
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_X509_INVALID_SERIAL +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
+ **p != ASN1_INTEGER )
+ return( POLARSSL_ERR_X509_INVALID_SERIAL +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+
+ serial->tag = *(*p)++;
+
+ if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
+
+ serial->p = *p;
+ *p += serial->len;
+
+ return( 0 );
+}
+
+/* Get an algorithm identifier without parameters (eg for signatures)
+ *
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL }
+ */
+int x509_get_alg_null( unsigned char **p, const unsigned char *end,
+ x509_buf *alg )
+{
+ int ret;
+
+ if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+
+ return( 0 );
+}
+
+/*
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue }
+ *
+ * AttributeType ::= OBJECT IDENTIFIER
+ *
+ * AttributeValue ::= ANY DEFINED BY AttributeType
+ */
+static int x509_get_attr_type_value( unsigned char **p,
+ const unsigned char *end,
+ x509_name *cur )
+{
+ int ret;
+ size_t len;
+ x509_buf *oid;
+ x509_buf *val;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_X509_INVALID_NAME +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ oid = &cur->oid;
+ oid->tag = **p;
+
+ if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+
+ oid->p = *p;
+ *p += oid->len;
+
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_X509_INVALID_NAME +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
+ **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
+ **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
+ return( POLARSSL_ERR_X509_INVALID_NAME +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+
+ val = &cur->val;
+ val->tag = *(*p)++;
+
+ if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+
+ val->p = *p;
+ *p += val->len;
+
+ cur->next = NULL;
+
+ return( 0 );
+}
+
+/*
+ * RelativeDistinguishedName ::=
+ * SET OF AttributeTypeAndValue
+ *
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue }
+ *
+ * AttributeType ::= OBJECT IDENTIFIER
+ *
+ * AttributeValue ::= ANY DEFINED BY AttributeType
+ */
+int x509_get_name( unsigned char **p, const unsigned char *end,
+ x509_name *cur )
+{
+ int ret;
+ size_t len;
+ const unsigned char *end2;
+ x509_name *use;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+
+ end2 = end;
+ end = *p + len;
+ use = cur;
+
+ do
+ {
+ if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
+ return( ret );
+
+ if( *p != end )
+ {
+ use->next = (x509_name *) polarssl_malloc(
+ sizeof( x509_name ) );
+
+ if( use->next == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ memset( use->next, 0, sizeof( x509_name ) );
+
+ use = use->next;
+ }
+ }
+ while( *p != end );
+
+ /*
+ * recurse until end of SEQUENCE is reached
+ */
+ if( *p == end2 )
+ return( 0 );
+
+ cur->next = (x509_name *) polarssl_malloc(
+ sizeof( x509_name ) );
+
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ memset( cur->next, 0, sizeof( x509_name ) );
+
+ return( x509_get_name( p, end2, cur->next ) );
+}
+
+/*
+ * Time ::= CHOICE {
+ * utcTime UTCTime,
+ * generalTime GeneralizedTime }
+ */
+int x509_get_time( unsigned char **p, const unsigned char *end,
+ x509_time *time )
+{
+ int ret;
+ size_t len;
+ char date[64];
+ unsigned char tag;
+
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_X509_INVALID_DATE +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ tag = **p;
+
+ if ( tag == ASN1_UTC_TIME )
+ {
+ (*p)++;
+ ret = asn1_get_len( p, end, &len );
+
+ if( ret != 0 )
+ return( POLARSSL_ERR_X509_INVALID_DATE + ret );
+
+ memset( date, 0, sizeof( date ) );
+ memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
+ len : sizeof( date ) - 1 );
+
+ if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
+ &time->year, &time->mon, &time->day,
+ &time->hour, &time->min, &time->sec ) < 5 )
+ return( POLARSSL_ERR_X509_INVALID_DATE );
+
+ time->year += 100 * ( time->year < 50 );
+ time->year += 1900;
+
+ *p += len;
+
+ return( 0 );
+ }
+ else if ( tag == ASN1_GENERALIZED_TIME )
+ {
+ (*p)++;
+ ret = asn1_get_len( p, end, &len );
+
+ if( ret != 0 )
+ return( POLARSSL_ERR_X509_INVALID_DATE + ret );
+
+ memset( date, 0, sizeof( date ) );
+ memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
+ len : sizeof( date ) - 1 );
+
+ if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
+ &time->year, &time->mon, &time->day,
+ &time->hour, &time->min, &time->sec ) < 5 )
+ return( POLARSSL_ERR_X509_INVALID_DATE );
+
+ *p += len;
+
+ return( 0 );
+ }
+ else
+ return( POLARSSL_ERR_X509_INVALID_DATE +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+}
+
+int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
+{
+ int ret;
+ size_t len;
+
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ sig->tag = **p;
+
+ if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
+
+ sig->len = len;
+ sig->p = *p;
+
+ *p += len;
+
+ return( 0 );
+}
+
+int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
+ pk_type_t *pk_alg )
+{
+ int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg );
+
+ if( ret != 0 )
+ return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
+
+ return( 0 );
+}
+
+/*
+ * X.509 Extensions (No parsing of extensions, pointer should
+ * be either manually updated or extensions should be parsed!
+ */
+int x509_get_ext( unsigned char **p, const unsigned char *end,
+ x509_buf *ext, int tag )
+{
+ int ret;
+ size_t len;
+
+ if( *p == end )
+ return( 0 );
+
+ ext->tag = **p;
+
+ if( ( ret = asn1_get_tag( p, end, &ext->len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
+ return( ret );
+
+ ext->p = *p;
+ end = *p + ext->len;
+
+ /*
+ * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+ *
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING }
+ */
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( end != *p + len )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_FS_IO)
+/*
+ * Load all data from a file into a given buffer.
+ */
+int x509_load_file( const char *path, unsigned char **buf, size_t *n )
+{
+ FILE *f;
+ long size;
+
+ if( ( f = fopen( path, "rb" ) ) == NULL )
+ return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+
+ fseek( f, 0, SEEK_END );
+ if( ( size = ftell( f ) ) == -1 )
+ {
+ fclose( f );
+ return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+ }
+ fseek( f, 0, SEEK_SET );
+
+ *n = (size_t) size;
+
+ if( *n + 1 == 0 ||
+ ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
+ {
+ fclose( f );
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+ }
+
+ if( fread( *buf, 1, *n, f ) != *n )
+ {
+ fclose( f );
+ polarssl_free( *buf );
+ return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+ }
+
+ fclose( f );
+
+ (*buf)[*n] = '\0';
+
+ return( 0 );
+}
+#endif /* POLARSSL_FS_IO */
+
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+#include <stdarg.h>
+
+#if !defined vsnprintf
+#define vsnprintf _vsnprintf
+#endif // vsnprintf
+
+/*
+ * Windows _snprintf and _vsnprintf are not compatible to linux versions.
+ * Result value is not size of buffer needed, but -1 if no fit is possible.
+ *
+ * This fuction tries to 'fix' this by at least suggesting enlarging the
+ * size by 20.
+ */
+static int compat_snprintf(char *str, size_t size, const char *format, ...)
+{
+ va_list ap;
+ int res = -1;
+
+ va_start( ap, format );
+
+ res = vsnprintf( str, size, format, ap );
+
+ va_end( ap );
+
+ // No quick fix possible
+ if ( res < 0 )
+ return( (int) size + 20 );
+
+ return res;
+}
+
+#define snprintf compat_snprintf
+#endif
+
+#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
+
+#define SAFE_SNPRINTF() \
+{ \
+ if( ret == -1 ) \
+ return( -1 ); \
+ \
+ if ( (unsigned int) ret > n ) { \
+ p[n - 1] = '\0'; \
+ return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
+ } \
+ \
+ n -= (unsigned int) ret; \
+ p += (unsigned int) ret; \
+}
+
+/*
+ * Store the name in printable form into buf; no more
+ * than size characters will be written
+ */
+int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
+{
+ int ret;
+ size_t i, n;
+ unsigned char c;
+ const x509_name *name;
+ const char *short_name = NULL;
+ char s[128], *p;
+
+ memset( s, 0, sizeof( s ) );
+
+ name = dn;
+ p = buf;
+ n = size;
+
+ while( name != NULL )
+ {
+ if( !name->oid.p )
+ {
+ name = name->next;
+ continue;
+ }
+
+ if( name != dn )
+ {
+ ret = snprintf( p, n, ", " );
+ SAFE_SNPRINTF();
+ }
+
+ ret = oid_get_attr_short_name( &name->oid, &short_name );
+
+ if( ret == 0 )
+ ret = snprintf( p, n, "%s=", short_name );
+ else
+ ret = snprintf( p, n, "\?\?=" );
+ SAFE_SNPRINTF();
+
+ for( i = 0; i < name->val.len; i++ )
+ {
+ if( i >= sizeof( s ) - 1 )
+ break;
+
+ c = name->val.p[i];
+ if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
+ s[i] = '?';
+ else s[i] = c;
+ }
+ s[i] = '\0';
+ ret = snprintf( p, n, "%s", s );
+ SAFE_SNPRINTF();
+ name = name->next;
+ }
+
+ return( (int) ( size - n ) );
+}
+
+/*
+ * Store the serial in printable form into buf; no more
+ * than size characters will be written
+ */
+int x509_serial_gets( char *buf, size_t size, const x509_buf *serial )
+{
+ int ret;
+ size_t i, n, nr;
+ char *p;
+
+ p = buf;
+ n = size;
+
+ nr = ( serial->len <= 32 )
+ ? serial->len : 28;
+
+ for( i = 0; i < nr; i++ )
+ {
+ if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
+ continue;
+
+ ret = snprintf( p, n, "%02X%s",
+ serial->p[i], ( i < nr - 1 ) ? ":" : "" );
+ SAFE_SNPRINTF();
+ }
+
+ if( nr != serial->len )
+ {
+ ret = snprintf( p, n, "...." );
+ SAFE_SNPRINTF();
+ }
+
+ return( (int) ( size - n ) );
+}
+
+/*
+ * Helper for writing "RSA key size", "EC key size", etc
+ */
+int x509_key_size_helper( char *buf, size_t size, const char *name )
+{
+ char *p = buf;
+ size_t n = size;
+ int ret;
+
+ if( strlen( name ) + sizeof( " key size" ) > size )
+ return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
+
+ ret = snprintf( p, n, "%s key size", name );
+ SAFE_SNPRINTF();
+
+ return( 0 );
+}
+
+/*
+ * Return an informational string describing the given OID
+ */
+const char *x509_oid_get_description( x509_buf *oid )
+{
+ const char *desc = NULL;
+ int ret;
+
+ ret = oid_get_extended_key_usage( oid, &desc );
+
+ if( ret != 0 )
+ return( NULL );
+
+ return( desc );
+}
+
+/* Return the x.y.z.... style numeric string for the given OID */
+int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
+{
+ return oid_get_numeric_string( buf, size, oid );
+}
+
+/*
+ * Return 0 if the x509_time is still valid, or 1 otherwise.
+ */
+#if defined(POLARSSL_HAVE_TIME)
+int x509_time_expired( const x509_time *to )
+{
+ int year, mon, day;
+ int hour, min, sec;
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+ SYSTEMTIME st;
+
+ GetLocalTime(&st);
+
+ year = st.wYear;
+ mon = st.wMonth;
+ day = st.wDay;
+ hour = st.wHour;
+ min = st.wMinute;
+ sec = st.wSecond;
+#else
+ struct tm *lt;
+ time_t tt;
+
+ tt = time( NULL );
+ lt = localtime( &tt );
+
+ year = lt->tm_year + 1900;
+ mon = lt->tm_mon + 1;
+ day = lt->tm_mday;
+ hour = lt->tm_hour;
+ min = lt->tm_min;
+ sec = lt->tm_sec;
+#endif
+
+ if( year > to->year )
+ return( 1 );
+
+ if( year == to->year &&
+ mon > to->mon )
+ return( 1 );
+
+ if( year == to->year &&
+ mon == to->mon &&
+ day > to->day )
+ return( 1 );
+
+ if( year == to->year &&
+ mon == to->mon &&
+ day == to->day &&
+ hour > to->hour )
+ return( 1 );
+
+ if( year == to->year &&
+ mon == to->mon &&
+ day == to->day &&
+ hour == to->hour &&
+ min > to->min )
+ return( 1 );
+
+ if( year == to->year &&
+ mon == to->mon &&
+ day == to->day &&
+ hour == to->hour &&
+ min == to->min &&
+ sec > to->sec )
+ return( 1 );
+
+ return( 0 );
+}
+#else /* POLARSSL_HAVE_TIME */
+int x509_time_expired( const x509_time *to )
+{
+ ((void) to);
+ return( 0 );
+}
+#endif /* POLARSSL_HAVE_TIME */
+
+#if defined(POLARSSL_SELF_TEST)
+
+#include "polarssl/x509_crt.h"
+#include "polarssl/certs.h"
+
+/*
+ * Checkup routine
+ */
+int x509_self_test( int verbose )
+{
+#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
+ int ret;
+ int flags;
+ x509_crt cacert;
+ x509_crt clicert;
+
+ if( verbose != 0 )
+ printf( " X.509 certificate load: " );
+
+ x509_crt_init( &clicert );
+
+ ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
+ strlen( test_cli_crt ) );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( ret );
+ }
+
+ x509_crt_init( &cacert );
+
+ ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
+ strlen( test_ca_crt ) );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ return( ret );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n X.509 signature verify: ");
+
+ ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ printf( "failed\n" );
+
+ printf("ret = %d, &flags = %04x\n", ret, flags);
+
+ return( ret );
+ }
+
+ if( verbose != 0 )
+ printf( "passed\n\n");
+
+ x509_crt_free( &cacert );
+ x509_crt_free( &clicert );
+
+ return( 0 );
+#else
+ ((void) verbose);
+ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+#endif
+}
+
+#endif
+
+#endif /* POLARSSL_X509_USE_C */
--- /dev/null
+/*
+ * X.509 base functions for creating certificates / CSRs
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_X509_CREATE_C)
+
+#include "polarssl/x509.h"
+#include "polarssl/asn1write.h"
+#include "polarssl/oid.h"
+
+#if defined(_MSC_VER) && !defined strncasecmp && !defined(EFIX64) && \
+ !defined(EFI32)
+#define strncasecmp _strnicmp
+#endif
+
+int x509_string_to_names( asn1_named_data **head, const char *name )
+{
+ int ret = 0;
+ const char *s = name, *c = s;
+ const char *end = s + strlen( s );
+ const char *oid = NULL;
+ int in_tag = 1;
+ asn1_named_data *cur;
+
+ /* Clear existing chain if present */
+ asn1_free_named_data_list( head );
+
+ while( c <= end )
+ {
+ if( in_tag && *c == '=' )
+ {
+ if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 )
+ oid = OID_AT_CN;
+ else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 )
+ oid = OID_AT_COUNTRY;
+ else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 )
+ oid = OID_AT_ORGANIZATION;
+ else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 )
+ oid = OID_AT_LOCALITY;
+ else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 )
+ oid = OID_PKCS9_EMAIL;
+ else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 )
+ oid = OID_AT_ORG_UNIT;
+ else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 )
+ oid = OID_AT_STATE;
+ else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 )
+ oid = OID_AT_SERIAL_NUMBER;
+ else if( c - s == 13 && strncasecmp( s, "postalAddress", 13 ) == 0 )
+ oid = OID_AT_POSTAL_ADDRESS;
+ else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 )
+ oid = OID_AT_POSTAL_CODE;
+ else
+ {
+ ret = POLARSSL_ERR_X509_UNKNOWN_OID;
+ goto exit;
+ }
+
+ s = c + 1;
+ in_tag = 0;
+ }
+
+ if( !in_tag && ( *c == ',' || c == end ) )
+ {
+ if( ( cur = asn1_store_named_data( head, oid, strlen( oid ),
+ (unsigned char *) s,
+ c - s ) ) == NULL )
+ {
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+ }
+
+ while( c < end && *(c + 1) == ' ' )
+ c++;
+
+ s = c + 1;
+ in_tag = 1;
+ }
+ c++;
+ }
+
+exit:
+
+ return( ret );
+}
+
+/* The first byte of the value in the asn1_named_data structure is reserved
+ * to store the critical boolean for us
+ */
+int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len,
+ int critical, const unsigned char *val, size_t val_len )
+{
+ asn1_named_data *cur;
+
+ if( ( cur = asn1_store_named_data( head, oid, oid_len,
+ NULL, val_len + 1 ) ) == NULL )
+ {
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+ }
+
+ cur->val.p[0] = critical;
+ memcpy( cur->val.p + 1, val, val_len );
+
+ return( 0 );
+}
+
+/*
+ * RelativeDistinguishedName ::=
+ * SET OF AttributeTypeAndValue
+ *
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue }
+ *
+ * AttributeType ::= OBJECT IDENTIFIER
+ *
+ * AttributeValue ::= ANY DEFINED BY AttributeType
+ */
+static int x509_write_name( unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ const unsigned char *name, size_t name_len )
+{
+ int ret;
+ size_t len = 0;
+
+ // Write PrintableString for all except OID_PKCS9_EMAIL
+ //
+ if( OID_SIZE( OID_PKCS9_EMAIL ) == oid_len &&
+ memcmp( oid, OID_PKCS9_EMAIL, oid_len ) == 0 )
+ {
+ ASN1_CHK_ADD( len, asn1_write_ia5_string( p, start,
+ (const char *) name,
+ name_len ) );
+ }
+ else
+ {
+ ASN1_CHK_ADD( len, asn1_write_printable_string( p, start,
+ (const char *) name,
+ name_len ) );
+ }
+
+ // Write OID
+ //
+ ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) );
+
+ return( (int) len );
+}
+
+int x509_write_names( unsigned char **p, unsigned char *start,
+ asn1_named_data *first )
+{
+ int ret;
+ size_t len = 0;
+ asn1_named_data *cur = first;
+
+ while( cur != NULL )
+ {
+ ASN1_CHK_ADD( len, x509_write_name( p, start, (char *) cur->oid.p,
+ cur->oid.len,
+ cur->val.p, cur->val.len ) );
+ cur = cur->next;
+ }
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return( (int) len );
+}
+
+int x509_write_sig( unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ unsigned char *sig, size_t size )
+{
+ int ret;
+ size_t len = 0;
+
+ if( *p - start < (int) size + 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+ len = size;
+ (*p) -= len;
+ memcpy( *p, sig, len );
+
+ *--(*p) = 0;
+ len += 1;
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
+
+ // Write OID
+ //
+ ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid,
+ oid_len, 0 ) );
+
+ return( (int) len );
+}
+
+static int x509_write_extension( unsigned char **p, unsigned char *start,
+ asn1_named_data *ext )
+{
+ int ret;
+ size_t len = 0;
+
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->val.p + 1,
+ ext->val.len - 1 ) );
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->val.len - 1 ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OCTET_STRING ) );
+
+ if( ext->val.p[0] != 0 )
+ {
+ ASN1_CHK_ADD( len, asn1_write_bool( p, start, 1 ) );
+ }
+
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->oid.p,
+ ext->oid.len ) );
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->oid.len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OID ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return( (int) len );
+}
+
+/*
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING
+ * -- contains the DER encoding of an ASN.1 value
+ * -- corresponding to the extension type identified
+ * -- by extnID
+ * }
+ */
+int x509_write_extensions( unsigned char **p, unsigned char *start,
+ asn1_named_data *first )
+{
+ int ret;
+ size_t len = 0;
+ asn1_named_data *cur_ext = first;
+
+ while( cur_ext != NULL )
+ {
+ ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
+ cur_ext = cur_ext->next;
+ }
+
+ return( (int) len );
+}
+
+#endif /* POLARSSL_X509_CREATE_C */
--- /dev/null
+/*
+ * X.509 certificate and private key decoding
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ * http://www.ietf.org/rfc/rfc3279.txt
+ * http://www.ietf.org/rfc/rfc3280.txt
+ *
+ * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_X509_CRL_PARSE_C)
+
+#include "polarssl/x509_crl.h"
+#include "polarssl/oid.h"
+#if defined(POLARSSL_PEM_PARSE_C)
+#include "polarssl/pem.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+#include <windows.h>
+#else
+#include <time.h>
+#endif
+
+#if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
+#include <stdio.h>
+#endif
+
+/*
+ * Version ::= INTEGER { v1(0), v2(1) }
+ */
+static int x509_crl_get_version( unsigned char **p,
+ const unsigned char *end,
+ int *ver )
+{
+ int ret;
+
+ if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ {
+ *ver = 0;
+ return( 0 );
+ }
+
+ return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
+ }
+
+ return( 0 );
+}
+
+/*
+ * X.509 CRL v2 extensions (no extensions parsed yet.)
+ */
+static int x509_get_crl_ext( unsigned char **p,
+ const unsigned char *end,
+ x509_buf *ext )
+{
+ int ret;
+ size_t len = 0;
+
+ /* Get explicit tag */
+ if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ return( 0 );
+
+ return( ret );
+ }
+
+ while( *p < end )
+ {
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ *p += len;
+ }
+
+ if( *p != end )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
+ * X.509 CRL v2 entry extensions (no extensions parsed yet.)
+ */
+static int x509_get_crl_entry_ext( unsigned char **p,
+ const unsigned char *end,
+ x509_buf *ext )
+{
+ int ret;
+ size_t len = 0;
+
+ /* OPTIONAL */
+ if (end <= *p)
+ return( 0 );
+
+ ext->tag = **p;
+ ext->p = *p;
+
+ /*
+ * Get CRL-entry extension sequence header
+ * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
+ */
+ if( ( ret = asn1_get_tag( p, end, &ext->len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ {
+ ext->p = NULL;
+ return( 0 );
+ }
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+ }
+
+ end = *p + ext->len;
+
+ if( end != *p + ext->len )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ while( *p < end )
+ {
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ *p += len;
+ }
+
+ if( *p != end )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
+ * X.509 CRL Entries
+ */
+static int x509_get_entries( unsigned char **p,
+ const unsigned char *end,
+ x509_crl_entry *entry )
+{
+ int ret;
+ size_t entry_len;
+ x509_crl_entry *cur_entry = entry;
+
+ if( *p == end )
+ return( 0 );
+
+ if( ( ret = asn1_get_tag( p, end, &entry_len,
+ ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ return( 0 );
+
+ return( ret );
+ }
+
+ end = *p + entry_len;
+
+ while( *p < end )
+ {
+ size_t len2;
+ const unsigned char *end2;
+
+ if( ( ret = asn1_get_tag( p, end, &len2,
+ ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ cur_entry->raw.tag = **p;
+ cur_entry->raw.p = *p;
+ cur_entry->raw.len = len2;
+ end2 = *p + len2;
+
+ if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
+ return( ret );
+
+ if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
+ return( ret );
+
+ if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
+ return( ret );
+
+ if ( *p < end )
+ {
+ cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) );
+
+ if( cur_entry->next == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ cur_entry = cur_entry->next;
+ memset( cur_entry, 0, sizeof( x509_crl_entry ) );
+ }
+ }
+
+ return( 0 );
+}
+
+/*
+ * Parse one or more CRLs and add them to the chained list
+ */
+int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
+{
+ int ret;
+ size_t len;
+ unsigned char *p, *end;
+ x509_crl *crl;
+#if defined(POLARSSL_PEM_PARSE_C)
+ size_t use_len;
+ pem_context pem;
+#endif
+
+ crl = chain;
+
+ /*
+ * Check for valid input
+ */
+ if( crl == NULL || buf == NULL )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ while( crl->version != 0 && crl->next != NULL )
+ crl = crl->next;
+
+ /*
+ * Add new CRL on the end of the chain if needed.
+ */
+ if ( crl->version != 0 && crl->next == NULL)
+ {
+ crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
+
+ if( crl->next == NULL )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+ }
+
+ crl = crl->next;
+ x509_crl_init( crl );
+ }
+
+#if defined(POLARSSL_PEM_PARSE_C)
+ pem_init( &pem );
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN X509 CRL-----",
+ "-----END X509 CRL-----",
+ buf, NULL, 0, &use_len );
+
+ if( ret == 0 )
+ {
+ /*
+ * Was PEM encoded
+ */
+ buflen -= use_len;
+ buf += use_len;
+
+ /*
+ * Steal PEM buffer
+ */
+ p = pem.buf;
+ pem.buf = NULL;
+ len = pem.buflen;
+ pem_free( &pem );
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ {
+ pem_free( &pem );
+ return( ret );
+ }
+ else
+#endif
+ {
+ /*
+ * nope, copy the raw DER data
+ */
+ p = (unsigned char *) polarssl_malloc( len = buflen );
+
+ if( p == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ memcpy( p, buf, buflen );
+
+ buflen = 0;
+ }
+
+ crl->raw.p = p;
+ crl->raw.len = len;
+ end = p + len;
+
+ /*
+ * CertificateList ::= SEQUENCE {
+ * tbsCertList TBSCertList,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING }
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT );
+ }
+
+ if( len != (size_t) ( end - p ) )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ /*
+ * TBSCertList ::= SEQUENCE {
+ */
+ crl->tbs.p = p;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+
+ end = p + len;
+ crl->tbs.len = end - crl->tbs.p;
+
+ /*
+ * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
+ * -- if present, MUST be v2
+ *
+ * signature AlgorithmIdentifier
+ */
+ if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
+ ( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+
+ crl->version++;
+
+ if( crl->version > 2 )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
+ }
+
+ if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
+ &crl->sig_pk ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
+ }
+
+ /*
+ * issuer Name
+ */
+ crl->issuer_raw.p = p;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+
+ if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+
+ crl->issuer_raw.len = p - crl->issuer_raw.p;
+
+ /*
+ * thisUpdate Time
+ * nextUpdate Time OPTIONAL
+ */
+ if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+
+ if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
+ {
+ if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
+ ret != ( POLARSSL_ERR_X509_INVALID_DATE +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+ }
+
+ /*
+ * revokedCertificates SEQUENCE OF SEQUENCE {
+ * userCertificate CertificateSerialNumber,
+ * revocationDate Time,
+ * crlEntryExtensions Extensions OPTIONAL
+ * -- if present, MUST be v2
+ * } OPTIONAL
+ */
+ if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+
+ /*
+ * crlExtensions EXPLICIT Extensions OPTIONAL
+ * -- if present, MUST be v2
+ */
+ if( crl->version == 2 )
+ {
+ ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
+
+ if( ret != 0 )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+ }
+
+ if( p != end )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ end = crl->raw.p + crl->raw.len;
+
+ /*
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING
+ */
+ if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+
+ if( crl->sig_oid1.len != crl->sig_oid2.len ||
+ memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_SIG_MISMATCH );
+ }
+
+ if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
+ {
+ x509_crl_free( crl );
+ return( ret );
+ }
+
+ if( p != end )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ if( buflen > 0 )
+ {
+ crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
+
+ if( crl->next == NULL )
+ {
+ x509_crl_free( crl );
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+ }
+
+ crl = crl->next;
+ x509_crl_init( crl );
+
+ return( x509_crl_parse( crl, buf, buflen ) );
+ }
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_FS_IO)
+/*
+ * Load one or more CRLs and add them to the chained list
+ */
+int x509_crl_parse_file( x509_crl *chain, const char *path )
+{
+ int ret;
+ size_t n;
+ unsigned char *buf;
+
+ if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
+ return( ret );
+
+ ret = x509_crl_parse( chain, buf, n );
+
+ memset( buf, 0, n + 1 );
+ polarssl_free( buf );
+
+ return( ret );
+}
+#endif /* POLARSSL_FS_IO */
+
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+#include <stdarg.h>
+
+#if !defined vsnprintf
+#define vsnprintf _vsnprintf
+#endif // vsnprintf
+
+/*
+ * Windows _snprintf and _vsnprintf are not compatible to linux versions.
+ * Result value is not size of buffer needed, but -1 if no fit is possible.
+ *
+ * This fuction tries to 'fix' this by at least suggesting enlarging the
+ * size by 20.
+ */
+static int compat_snprintf(char *str, size_t size, const char *format, ...)
+{
+ va_list ap;
+ int res = -1;
+
+ va_start( ap, format );
+
+ res = vsnprintf( str, size, format, ap );
+
+ va_end( ap );
+
+ // No quick fix possible
+ if ( res < 0 )
+ return( (int) size + 20 );
+
+ return res;
+}
+
+#define snprintf compat_snprintf
+#endif
+
+#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
+
+#define SAFE_SNPRINTF() \
+{ \
+ if( ret == -1 ) \
+ return( -1 ); \
+ \
+ if ( (unsigned int) ret > n ) { \
+ p[n - 1] = '\0'; \
+ return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
+ } \
+ \
+ n -= (unsigned int) ret; \
+ p += (unsigned int) ret; \
+}
+
+/*
+ * Return an informational string about the certificate.
+ */
+#define BEFORE_COLON 14
+#define BC "14"
+/*
+ * Return an informational string about the CRL.
+ */
+int x509_crl_info( char *buf, size_t size, const char *prefix,
+ const x509_crl *crl )
+{
+ int ret;
+ size_t n;
+ char *p;
+ const char *desc;
+ const x509_crl_entry *entry;
+
+ p = buf;
+ n = size;
+
+ ret = snprintf( p, n, "%sCRL version : %d",
+ prefix, crl->version );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%sissuer name : ", prefix );
+ SAFE_SNPRINTF();
+ ret = x509_dn_gets( p, n, &crl->issuer );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%sthis update : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crl->this_update.year, crl->this_update.mon,
+ crl->this_update.day, crl->this_update.hour,
+ crl->this_update.min, crl->this_update.sec );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%snext update : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crl->next_update.year, crl->next_update.mon,
+ crl->next_update.day, crl->next_update.hour,
+ crl->next_update.min, crl->next_update.sec );
+ SAFE_SNPRINTF();
+
+ entry = &crl->entry;
+
+ ret = snprintf( p, n, "\n%sRevoked certificates:",
+ prefix );
+ SAFE_SNPRINTF();
+
+ while( entry != NULL && entry->raw.len != 0 )
+ {
+ ret = snprintf( p, n, "\n%sserial number: ",
+ prefix );
+ SAFE_SNPRINTF();
+
+ ret = x509_serial_gets( p, n, &entry->serial);
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, " revocation date: " \
+ "%04d-%02d-%02d %02d:%02d:%02d",
+ entry->revocation_date.year, entry->revocation_date.mon,
+ entry->revocation_date.day, entry->revocation_date.hour,
+ entry->revocation_date.min, entry->revocation_date.sec );
+ SAFE_SNPRINTF();
+
+ entry = entry->next;
+ }
+
+ ret = snprintf( p, n, "\n%ssigned using : ", prefix );
+ SAFE_SNPRINTF();
+
+ ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc );
+ if( ret != 0 )
+ ret = snprintf( p, n, "???" );
+ else
+ ret = snprintf( p, n, "%s", desc );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n" );
+ SAFE_SNPRINTF();
+
+ return( (int) ( size - n ) );
+}
+
+/*
+ * Initialize a CRL chain
+ */
+void x509_crl_init( x509_crl *crl )
+{
+ memset( crl, 0, sizeof(x509_crl) );
+}
+
+/*
+ * Unallocate all CRL data
+ */
+void x509_crl_free( x509_crl *crl )
+{
+ x509_crl *crl_cur = crl;
+ x509_crl *crl_prv;
+ x509_name *name_cur;
+ x509_name *name_prv;
+ x509_crl_entry *entry_cur;
+ x509_crl_entry *entry_prv;
+
+ if( crl == NULL )
+ return;
+
+ do
+ {
+ name_cur = crl_cur->issuer.next;
+ while( name_cur != NULL )
+ {
+ name_prv = name_cur;
+ name_cur = name_cur->next;
+ memset( name_prv, 0, sizeof( x509_name ) );
+ polarssl_free( name_prv );
+ }
+
+ entry_cur = crl_cur->entry.next;
+ while( entry_cur != NULL )
+ {
+ entry_prv = entry_cur;
+ entry_cur = entry_cur->next;
+ memset( entry_prv, 0, sizeof( x509_crl_entry ) );
+ polarssl_free( entry_prv );
+ }
+
+ if( crl_cur->raw.p != NULL )
+ {
+ memset( crl_cur->raw.p, 0, crl_cur->raw.len );
+ polarssl_free( crl_cur->raw.p );
+ }
+
+ crl_cur = crl_cur->next;
+ }
+ while( crl_cur != NULL );
+
+ crl_cur = crl;
+ do
+ {
+ crl_prv = crl_cur;
+ crl_cur = crl_cur->next;
+
+ memset( crl_prv, 0, sizeof( x509_crl ) );
+ if( crl_prv != crl )
+ polarssl_free( crl_prv );
+ }
+ while( crl_cur != NULL );
+}
+
+#endif
--- /dev/null
+/*
+ * X.509 certificate and private key decoding
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ * http://www.ietf.org/rfc/rfc3279.txt
+ * http://www.ietf.org/rfc/rfc3280.txt
+ *
+ * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+
+#include "polarssl/x509_crt.h"
+#include "polarssl/oid.h"
+#if defined(POLARSSL_PEM_PARSE_C)
+#include "polarssl/pem.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#include <windows.h>
+#else
+#include <time.h>
+#endif
+
+#if defined(EFIX64) || defined(EFI32)
+#include <stdio.h>
+#endif
+
+#if defined(POLARSSL_FS_IO)
+#include <stdio.h>
+#if !defined(_WIN32)
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#endif
+#endif
+
+/*
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ */
+static int x509_get_version( unsigned char **p,
+ const unsigned char *end,
+ int *ver )
+{
+ int ret;
+ size_t len;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ {
+ *ver = 0;
+ return( 0 );
+ }
+
+ return( ret );
+ }
+
+ end = *p + len;
+
+ if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
+
+ if( *p != end )
+ return( POLARSSL_ERR_X509_INVALID_VERSION +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ */
+static int x509_get_dates( unsigned char **p,
+ const unsigned char *end,
+ x509_time *from,
+ x509_time *to )
+{
+ int ret;
+ size_t len;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_DATE + ret );
+
+ end = *p + len;
+
+ if( ( ret = x509_get_time( p, end, from ) ) != 0 )
+ return( ret );
+
+ if( ( ret = x509_get_time( p, end, to ) ) != 0 )
+ return( ret );
+
+ if( *p != end )
+ return( POLARSSL_ERR_X509_INVALID_DATE +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
+ * X.509 v2/v3 unique identifier (not parsed)
+ */
+static int x509_get_uid( unsigned char **p,
+ const unsigned char *end,
+ x509_buf *uid, int n )
+{
+ int ret;
+
+ if( *p == end )
+ return( 0 );
+
+ uid->tag = **p;
+
+ if( ( ret = asn1_get_tag( p, end, &uid->len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ return( 0 );
+
+ return( ret );
+ }
+
+ uid->p = *p;
+ *p += uid->len;
+
+ return( 0 );
+}
+
+static int x509_get_basic_constraints( unsigned char **p,
+ const unsigned char *end,
+ int *ca_istrue,
+ int *max_pathlen )
+{
+ int ret;
+ size_t len;
+
+ /*
+ * BasicConstraints ::= SEQUENCE {
+ * cA BOOLEAN DEFAULT FALSE,
+ * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+ */
+ *ca_istrue = 0; /* DEFAULT FALSE */
+ *max_pathlen = 0; /* endless */
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( *p == end )
+ return 0;
+
+ if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ ret = asn1_get_int( p, end, ca_istrue );
+
+ if( ret != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( *ca_istrue != 0 )
+ *ca_istrue = 1;
+ }
+
+ if( *p == end )
+ return 0;
+
+ if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( *p != end )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ (*max_pathlen)++;
+
+ return 0;
+}
+
+static int x509_get_ns_cert_type( unsigned char **p,
+ const unsigned char *end,
+ unsigned char *ns_cert_type)
+{
+ int ret;
+ x509_bitstring bs = { 0, 0, NULL };
+
+ if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( bs.len != 1 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_INVALID_LENGTH );
+
+ /* Get actual bitstring */
+ *ns_cert_type = *bs.p;
+ return 0;
+}
+
+static int x509_get_key_usage( unsigned char **p,
+ const unsigned char *end,
+ unsigned char *key_usage)
+{
+ int ret;
+ x509_bitstring bs = { 0, 0, NULL };
+
+ if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( bs.len < 1 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_INVALID_LENGTH );
+
+ /* Get actual bitstring */
+ *key_usage = *bs.p;
+ return 0;
+}
+
+/*
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ */
+static int x509_get_ext_key_usage( unsigned char **p,
+ const unsigned char *end,
+ x509_sequence *ext_key_usage)
+{
+ int ret;
+
+ if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ /* Sequence length must be >= 1 */
+ if( ext_key_usage->buf.p == NULL )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_INVALID_LENGTH );
+
+ return 0;
+}
+
+/*
+ * SubjectAltName ::= GeneralNames
+ *
+ * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+ *
+ * GeneralName ::= CHOICE {
+ * otherName [0] OtherName,
+ * rfc822Name [1] IA5String,
+ * dNSName [2] IA5String,
+ * x400Address [3] ORAddress,
+ * directoryName [4] Name,
+ * ediPartyName [5] EDIPartyName,
+ * uniformResourceIdentifier [6] IA5String,
+ * iPAddress [7] OCTET STRING,
+ * registeredID [8] OBJECT IDENTIFIER }
+ *
+ * OtherName ::= SEQUENCE {
+ * type-id OBJECT IDENTIFIER,
+ * value [0] EXPLICIT ANY DEFINED BY type-id }
+ *
+ * EDIPartyName ::= SEQUENCE {
+ * nameAssigner [0] DirectoryString OPTIONAL,
+ * partyName [1] DirectoryString }
+ *
+ * NOTE: PolarSSL only parses and uses dNSName at this point.
+ */
+static int x509_get_subject_alt_name( unsigned char **p,
+ const unsigned char *end,
+ x509_sequence *subject_alt_name )
+{
+ int ret;
+ size_t len, tag_len;
+ asn1_buf *buf;
+ unsigned char tag;
+ asn1_sequence *cur = subject_alt_name;
+
+ /* Get main sequence tag */
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( *p + len != end )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ while( *p < end )
+ {
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ tag = **p;
+ (*p)++;
+ if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+
+ if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
+ {
+ *p += tag_len;
+ continue;
+ }
+
+ buf = &(cur->buf);
+ buf->tag = tag;
+ buf->p = *p;
+ buf->len = tag_len;
+ *p += buf->len;
+
+ /* Allocate and assign next pointer */
+ if (*p < end)
+ {
+ cur->next = (asn1_sequence *) polarssl_malloc(
+ sizeof( asn1_sequence ) );
+
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
+ memset( cur->next, 0, sizeof( asn1_sequence ) );
+ cur = cur->next;
+ }
+ }
+
+ /* Set final sequence entry's next pointer to NULL */
+ cur->next = NULL;
+
+ if( *p != end )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
+ * X.509 v3 extensions
+ *
+ * TODO: Perform all of the basic constraints tests required by the RFC
+ * TODO: Set values for undetected extensions to a sane default?
+ *
+ */
+static int x509_get_crt_ext( unsigned char **p,
+ const unsigned char *end,
+ x509_crt *crt )
+{
+ int ret;
+ size_t len;
+ unsigned char *end_ext_data, *end_ext_octet;
+
+ if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ return( 0 );
+
+ return( ret );
+ }
+
+ while( *p < end )
+ {
+ /*
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING }
+ */
+ x509_buf extn_oid = {0, 0, NULL};
+ int is_critical = 0; /* DEFAULT FALSE */
+ int ext_type = 0;
+
+ if( ( ret = asn1_get_tag( p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ end_ext_data = *p + len;
+
+ /* Get extension ID */
+ extn_oid.tag = **p;
+
+ if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ extn_oid.p = *p;
+ *p += extn_oid.len;
+
+ if( ( end - *p ) < 1 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ /* Get optional critical */
+ if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
+ ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ /* Data should be octet string type */
+ if( ( ret = asn1_get_tag( p, end_ext_data, &len,
+ ASN1_OCTET_STRING ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ end_ext_octet = *p + len;
+
+ if( end_ext_octet != end_ext_data )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ /*
+ * Detect supported extensions
+ */
+ ret = oid_get_x509_ext_type( &extn_oid, &ext_type );
+
+ if( ret != 0 )
+ {
+ /* No parser found, skip extension */
+ *p = end_ext_octet;
+
+#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+ if( is_critical )
+ {
+ /* Data is marked as critical: fail */
+ return ( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+ }
+#endif
+ continue;
+ }
+
+ crt->ext_types |= ext_type;
+
+ switch( ext_type )
+ {
+ case EXT_BASIC_CONSTRAINTS:
+ /* Parse basic constraints */
+ if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
+ &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
+ return ( ret );
+ break;
+
+ case EXT_KEY_USAGE:
+ /* Parse key usage */
+ if( ( ret = x509_get_key_usage( p, end_ext_octet,
+ &crt->key_usage ) ) != 0 )
+ return ( ret );
+ break;
+
+ case EXT_EXTENDED_KEY_USAGE:
+ /* Parse extended key usage */
+ if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
+ &crt->ext_key_usage ) ) != 0 )
+ return ( ret );
+ break;
+
+ case EXT_SUBJECT_ALT_NAME:
+ /* Parse subject alt name */
+ if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
+ &crt->subject_alt_names ) ) != 0 )
+ return ( ret );
+ break;
+
+ case EXT_NS_CERT_TYPE:
+ /* Parse netscape certificate type */
+ if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
+ &crt->ns_cert_type ) ) != 0 )
+ return ( ret );
+ break;
+
+ default:
+ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+ }
+ }
+
+ if( *p != end )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
+ * Parse and fill a single X.509 certificate in DER format
+ */
+static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
+ size_t buflen )
+{
+ int ret;
+ size_t len;
+ unsigned char *p, *end, *crt_end;
+
+ /*
+ * Check for valid input
+ */
+ if( crt == NULL || buf == NULL )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ p = (unsigned char *) polarssl_malloc( len = buflen );
+
+ if( p == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ memcpy( p, buf, buflen );
+
+ buflen = 0;
+
+ crt->raw.p = p;
+ crt->raw.len = len;
+ end = p + len;
+
+ /*
+ * Certificate ::= SEQUENCE {
+ * tbsCertificate TBSCertificate,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING }
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT );
+ }
+
+ if( len > (size_t) ( end - p ) )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+ crt_end = p + len;
+
+ /*
+ * TBSCertificate ::= SEQUENCE {
+ */
+ crt->tbs.p = p;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+
+ end = p + len;
+ crt->tbs.len = end - crt->tbs.p;
+
+ /*
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ *
+ * CertificateSerialNumber ::= INTEGER
+ *
+ * signature AlgorithmIdentifier
+ */
+ if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
+ ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
+ ( ret = x509_get_alg_null( &p, end, &crt->sig_oid1 ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ crt->version++;
+
+ if( crt->version > 3 )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
+ }
+
+ if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_md,
+ &crt->sig_pk ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ /*
+ * issuer Name
+ */
+ crt->issuer_raw.p = p;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+
+ if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ crt->issuer_raw.len = p - crt->issuer_raw.p;
+
+ /*
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ *
+ */
+ if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
+ &crt->valid_to ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ /*
+ * subject Name
+ */
+ crt->subject_raw.p = p;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+
+ if( len && ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ crt->subject_raw.len = p - crt->subject_raw.p;
+
+ /*
+ * SubjectPublicKeyInfo
+ */
+ if( ( ret = pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ /*
+ * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version shall be v2 or v3
+ * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version shall be v2 or v3
+ * extensions [3] EXPLICIT Extensions OPTIONAL
+ * -- If present, version shall be v3
+ */
+ if( crt->version == 2 || crt->version == 3 )
+ {
+ ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
+ if( ret != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+ }
+
+ if( crt->version == 2 || crt->version == 3 )
+ {
+ ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
+ if( ret != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+ }
+
+#if !defined(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
+ if( crt->version == 3 )
+ {
+#endif
+ ret = x509_get_crt_ext( &p, end, crt);
+ if( ret != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+#if !defined(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
+ }
+#endif
+
+ if( p != end )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ end = crt_end;
+
+ /*
+ * }
+ * -- end of TBSCertificate
+ *
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING
+ */
+ if( ( ret = x509_get_alg_null( &p, end, &crt->sig_oid2 ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ if( crt->sig_oid1.len != crt->sig_oid2.len ||
+ memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_SIG_MISMATCH );
+ }
+
+ if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
+ {
+ x509_crt_free( crt );
+ return( ret );
+ }
+
+ if( p != end )
+ {
+ x509_crt_free( crt );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Parse one X.509 certificate in DER format from a buffer and add them to a
+ * chained list
+ */
+int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf,
+ size_t buflen )
+{
+ int ret;
+ x509_crt *crt = chain, *prev = NULL;
+
+ /*
+ * Check for valid input
+ */
+ if( crt == NULL || buf == NULL )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ while( crt->version != 0 && crt->next != NULL )
+ {
+ prev = crt;
+ crt = crt->next;
+ }
+
+ /*
+ * Add new certificate on the end of the chain if needed.
+ */
+ if ( crt->version != 0 && crt->next == NULL)
+ {
+ crt->next = (x509_crt *) polarssl_malloc( sizeof( x509_crt ) );
+
+ if( crt->next == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ prev = crt;
+ crt = crt->next;
+ x509_crt_init( crt );
+ }
+
+ if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
+ {
+ if( prev )
+ prev->next = NULL;
+
+ if( crt != chain )
+ polarssl_free( crt );
+
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Parse one or more PEM certificates from a buffer and add them to the chained list
+ */
+int x509_crt_parse( x509_crt *chain, const unsigned char *buf, size_t buflen )
+{
+ int success = 0, first_error = 0, total_failed = 0;
+ int buf_format = X509_FORMAT_DER;
+
+ /*
+ * Check for valid input
+ */
+ if( chain == NULL || buf == NULL )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ /*
+ * Determine buffer content. Buffer contains either one DER certificate or
+ * one or more PEM certificates.
+ */
+#if defined(POLARSSL_PEM_PARSE_C)
+ if( strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
+ buf_format = X509_FORMAT_PEM;
+#endif
+
+ if( buf_format == X509_FORMAT_DER )
+ return x509_crt_parse_der( chain, buf, buflen );
+
+#if defined(POLARSSL_PEM_PARSE_C)
+ if( buf_format == X509_FORMAT_PEM )
+ {
+ int ret;
+ pem_context pem;
+
+ while( buflen > 0 )
+ {
+ size_t use_len;
+ pem_init( &pem );
+
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN CERTIFICATE-----",
+ "-----END CERTIFICATE-----",
+ buf, NULL, 0, &use_len );
+
+ if( ret == 0 )
+ {
+ /*
+ * Was PEM encoded
+ */
+ buflen -= use_len;
+ buf += use_len;
+ }
+ else if( ret == POLARSSL_ERR_PEM_BAD_INPUT_DATA )
+ {
+ return( ret );
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ {
+ pem_free( &pem );
+
+ /*
+ * PEM header and footer were found
+ */
+ buflen -= use_len;
+ buf += use_len;
+
+ if( first_error == 0 )
+ first_error = ret;
+
+ continue;
+ }
+ else
+ break;
+
+ ret = x509_crt_parse_der( chain, pem.buf, pem.buflen );
+
+ pem_free( &pem );
+
+ if( ret != 0 )
+ {
+ /*
+ * Quit parsing on a memory error
+ */
+ if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
+ return( ret );
+
+ if( first_error == 0 )
+ first_error = ret;
+
+ total_failed++;
+ continue;
+ }
+
+ success = 1;
+ }
+ }
+#endif
+
+ if( success )
+ return( total_failed );
+ else if( first_error )
+ return( first_error );
+ else
+ return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
+}
+
+#if defined(POLARSSL_FS_IO)
+/*
+ * Load one or more certificates and add them to the chained list
+ */
+int x509_crt_parse_file( x509_crt *chain, const char *path )
+{
+ int ret;
+ size_t n;
+ unsigned char *buf;
+
+ if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
+ return( ret );
+
+ ret = x509_crt_parse( chain, buf, n );
+
+ memset( buf, 0, n + 1 );
+ polarssl_free( buf );
+
+ return( ret );
+}
+
+int x509_crt_parse_path( x509_crt *chain, const char *path )
+{
+ int ret = 0;
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+ int w_ret;
+ WCHAR szDir[MAX_PATH];
+ char filename[MAX_PATH];
+ char *p;
+ int len = (int) strlen( path );
+
+ WIN32_FIND_DATAW file_data;
+ HANDLE hFind;
+
+ if( len > MAX_PATH - 3 )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ memset( szDir, 0, sizeof(szDir) );
+ memset( filename, 0, MAX_PATH );
+ memcpy( filename, path, len );
+ filename[len++] = '\\';
+ p = filename + len;
+ filename[len++] = '*';
+
+ w_ret = MultiByteToWideChar( CP_ACP, 0, path, len, szDir, MAX_PATH - 3 );
+
+ hFind = FindFirstFileW( szDir, &file_data );
+ if (hFind == INVALID_HANDLE_VALUE)
+ return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+
+ len = MAX_PATH - len;
+ do
+ {
+ memset( p, 0, len );
+
+ if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
+ continue;
+
+ w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
+ lstrlenW(file_data.cFileName),
+ p, len - 1,
+ NULL, NULL );
+
+ w_ret = x509_crt_parse_file( chain, filename );
+ if( w_ret < 0 )
+ ret++;
+ else
+ ret += w_ret;
+ }
+ while( FindNextFileW( hFind, &file_data ) != 0 );
+
+ if (GetLastError() != ERROR_NO_MORE_FILES)
+ ret = POLARSSL_ERR_X509_FILE_IO_ERROR;
+
+ FindClose( hFind );
+#else /* _WIN32 */
+#if defined(POLARSSL_HAVE_READDIR_R)
+ int t_ret, i;
+ struct stat sb;
+ struct dirent entry, *result = NULL;
+ char entry_name[255];
+ DIR *dir = opendir( path );
+
+ if( dir == NULL)
+ return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+
+ while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
+ {
+ if( result == NULL )
+ break;
+
+ snprintf( entry_name, sizeof(entry_name), "%s/%s", path, entry.d_name );
+
+ i = stat( entry_name, &sb );
+
+ if( i == -1 )
+ {
+ closedir( dir );
+ return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+ }
+
+ if( !S_ISREG( sb.st_mode ) )
+ continue;
+
+ // Ignore parse errors
+ //
+ t_ret = x509_crt_parse_file( chain, entry_name );
+ if( t_ret < 0 )
+ ret++;
+ else
+ ret += t_ret;
+ }
+ closedir( dir );
+#else /* POLARSSL_HAVE_READDIR_R */
+ ((void) chain);
+ ((void) path);
+ ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_HAVE_READDIR_R */
+#endif /* _WIN32 */
+
+ return( ret );
+}
+#endif /* POLARSSL_FS_IO */
+
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+#include <stdarg.h>
+
+#if !defined vsnprintf
+#define vsnprintf _vsnprintf
+#endif // vsnprintf
+
+/*
+ * Windows _snprintf and _vsnprintf are not compatible to linux versions.
+ * Result value is not size of buffer needed, but -1 if no fit is possible.
+ *
+ * This fuction tries to 'fix' this by at least suggesting enlarging the
+ * size by 20.
+ */
+static int compat_snprintf(char *str, size_t size, const char *format, ...)
+{
+ va_list ap;
+ int res = -1;
+
+ va_start( ap, format );
+
+ res = vsnprintf( str, size, format, ap );
+
+ va_end( ap );
+
+ // No quick fix possible
+ if ( res < 0 )
+ return( (int) size + 20 );
+
+ return res;
+}
+
+#define snprintf compat_snprintf
+#endif
+
+#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
+
+#define SAFE_SNPRINTF() \
+{ \
+ if( ret == -1 ) \
+ return( -1 ); \
+ \
+ if ( (unsigned int) ret > n ) { \
+ p[n - 1] = '\0'; \
+ return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
+ } \
+ \
+ n -= (unsigned int) ret; \
+ p += (unsigned int) ret; \
+}
+
+/*
+ * Return an informational string about the certificate.
+ */
+#define BEFORE_COLON 14
+#define BC "14"
+int x509_crt_info( char *buf, size_t size, const char *prefix,
+ const x509_crt *crt )
+{
+ int ret;
+ size_t n;
+ char *p;
+ const char *desc = NULL;
+ char key_size_str[BEFORE_COLON];
+
+ p = buf;
+ n = size;
+
+ ret = snprintf( p, n, "%scert. version : %d\n",
+ prefix, crt->version );
+ SAFE_SNPRINTF();
+ ret = snprintf( p, n, "%sserial number : ",
+ prefix );
+ SAFE_SNPRINTF();
+
+ ret = x509_serial_gets( p, n, &crt->serial);
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%sissuer name : ", prefix );
+ SAFE_SNPRINTF();
+ ret = x509_dn_gets( p, n, &crt->issuer );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%ssubject name : ", prefix );
+ SAFE_SNPRINTF();
+ ret = x509_dn_gets( p, n, &crt->subject );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%sissued on : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crt->valid_from.year, crt->valid_from.mon,
+ crt->valid_from.day, crt->valid_from.hour,
+ crt->valid_from.min, crt->valid_from.sec );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%sexpires on : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crt->valid_to.year, crt->valid_to.mon,
+ crt->valid_to.day, crt->valid_to.hour,
+ crt->valid_to.min, crt->valid_to.sec );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%ssigned using : ", prefix );
+ SAFE_SNPRINTF();
+
+ ret = oid_get_sig_alg_desc( &crt->sig_oid1, &desc );
+ if( ret != 0 )
+ ret = snprintf( p, n, "???" );
+ else
+ ret = snprintf( p, n, "%s", desc );
+ SAFE_SNPRINTF();
+
+ if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
+ pk_get_name( &crt->pk ) ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
+ (int) pk_get_size( &crt->pk ) );
+ SAFE_SNPRINTF();
+
+ return( (int) ( size - n ) );
+}
+
+#if defined(POLARSSL_X509_CRL_PARSE_C)
+/*
+ * Return 1 if the certificate is revoked, or 0 otherwise.
+ */
+int x509_crt_revoked( const x509_crt *crt, const x509_crl *crl )
+{
+ const x509_crl_entry *cur = &crl->entry;
+
+ while( cur != NULL && cur->serial.len != 0 )
+ {
+ if( crt->serial.len == cur->serial.len &&
+ memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
+ {
+ if( x509_time_expired( &cur->revocation_date ) )
+ return( 1 );
+ }
+
+ cur = cur->next;
+ }
+
+ return( 0 );
+}
+
+/*
+ * Check that the given certificate is valid according to the CRL.
+ */
+static int x509_crt_verifycrl( x509_crt *crt, x509_crt *ca,
+ x509_crl *crl_list)
+{
+ int flags = 0;
+ unsigned char hash[POLARSSL_MD_MAX_SIZE];
+ const md_info_t *md_info;
+
+ if( ca == NULL )
+ return( flags );
+
+ /*
+ * TODO: What happens if no CRL is present?
+ * Suggestion: Revocation state should be unknown if no CRL is present.
+ * For backwards compatibility this is not yet implemented.
+ */
+
+ while( crl_list != NULL )
+ {
+ if( crl_list->version == 0 ||
+ crl_list->issuer_raw.len != ca->subject_raw.len ||
+ memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
+ crl_list->issuer_raw.len ) != 0 )
+ {
+ crl_list = crl_list->next;
+ continue;
+ }
+
+ /*
+ * Check if CRL is correctly signed by the trusted CA
+ */
+ md_info = md_info_from_type( crl_list->sig_md );
+ if( md_info == NULL )
+ {
+ /*
+ * Cannot check 'unknown' hash
+ */
+ flags |= BADCRL_NOT_TRUSTED;
+ break;
+ }
+
+ md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
+
+ if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 ||
+ pk_verify( &ca->pk, crl_list->sig_md, hash, md_info->size,
+ crl_list->sig.p, crl_list->sig.len ) != 0 )
+ {
+ flags |= BADCRL_NOT_TRUSTED;
+ break;
+ }
+
+ /*
+ * Check for validity of CRL (Do not drop out)
+ */
+ if( x509_time_expired( &crl_list->next_update ) )
+ flags |= BADCRL_EXPIRED;
+
+ /*
+ * Check if certificate is revoked
+ */
+ if( x509_crt_revoked(crt, crl_list) )
+ {
+ flags |= BADCERT_REVOKED;
+ break;
+ }
+
+ crl_list = crl_list->next;
+ }
+ return flags;
+}
+#endif /* POLARSSL_X509_CRL_PARSE_C */
+
+// Equal == 0, inequal == 1
+static int x509_name_cmp( const void *s1, const void *s2, size_t len )
+{
+ size_t i;
+ unsigned char diff;
+ const unsigned char *n1 = s1, *n2 = s2;
+
+ for( i = 0; i < len; i++ )
+ {
+ diff = n1[i] ^ n2[i];
+
+ if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
+ continue;
+
+ if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
+ continue;
+
+ return( 1 );
+ }
+
+ return( 0 );
+}
+
+static int x509_wildcard_verify( const char *cn, x509_buf *name )
+{
+ size_t i;
+ size_t cn_idx = 0;
+
+ if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
+ return( 0 );
+
+ for( i = 0; i < strlen( cn ); ++i )
+ {
+ if( cn[i] == '.' )
+ {
+ cn_idx = i;
+ break;
+ }
+ }
+
+ if( cn_idx == 0 )
+ return( 0 );
+
+ if( strlen( cn ) - cn_idx == name->len - 1 &&
+ x509_name_cmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
+ {
+ return( 1 );
+ }
+
+ return( 0 );
+}
+
+static int x509_crt_verify_top(
+ x509_crt *child, x509_crt *trust_ca,
+ x509_crl *ca_crl, int path_cnt, int *flags,
+ int (*f_vrfy)(void *, x509_crt *, int, int *),
+ void *p_vrfy )
+{
+ int ret;
+ int ca_flags = 0, check_path_cnt = path_cnt + 1;
+ unsigned char hash[POLARSSL_MD_MAX_SIZE];
+ const md_info_t *md_info;
+
+ if( x509_time_expired( &child->valid_to ) )
+ *flags |= BADCERT_EXPIRED;
+
+ /*
+ * Child is the top of the chain. Check against the trust_ca list.
+ */
+ *flags |= BADCERT_NOT_TRUSTED;
+
+ md_info = md_info_from_type( child->sig_md );
+ if( md_info == NULL )
+ {
+ /*
+ * Cannot check 'unknown', no need to try any CA
+ */
+ trust_ca = NULL;
+ }
+ else
+ md( md_info, child->tbs.p, child->tbs.len, hash );
+
+ while( trust_ca != NULL )
+ {
+ if( trust_ca->version == 0 ||
+ child->issuer_raw.len != trust_ca->subject_raw.len ||
+ memcmp( child->issuer_raw.p, trust_ca->subject_raw.p,
+ child->issuer_raw.len ) != 0 )
+ {
+ trust_ca = trust_ca->next;
+ continue;
+ }
+
+ /*
+ * Reduce path_len to check against if top of the chain is
+ * the same as the trusted CA
+ */
+ if( child->subject_raw.len == trust_ca->subject_raw.len &&
+ memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
+ child->issuer_raw.len ) == 0 )
+ {
+ check_path_cnt--;
+ }
+
+ if( trust_ca->max_pathlen > 0 &&
+ trust_ca->max_pathlen < check_path_cnt )
+ {
+ trust_ca = trust_ca->next;
+ continue;
+ }
+
+ if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 ||
+ pk_verify( &trust_ca->pk, child->sig_md, hash, md_info->size,
+ child->sig.p, child->sig.len ) != 0 )
+ {
+ trust_ca = trust_ca->next;
+ continue;
+ }
+
+ /*
+ * Top of chain is signed by a trusted CA
+ */
+ *flags &= ~BADCERT_NOT_TRUSTED;
+ break;
+ }
+
+ /*
+ * If top of chain is not the same as the trusted CA send a verify request
+ * to the callback for any issues with validity and CRL presence for the
+ * trusted CA certificate.
+ */
+ if( trust_ca != NULL &&
+ ( child->subject_raw.len != trust_ca->subject_raw.len ||
+ memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
+ child->issuer_raw.len ) != 0 ) )
+ {
+#if defined(POLARSSL_X509_CRL_PARSE_C)
+ /* Check trusted CA's CRL for the chain's top crt */
+ *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl );
+#else
+ ((void) ca_crl);
+#endif
+
+ if( x509_time_expired( &trust_ca->valid_to ) )
+ ca_flags |= BADCERT_EXPIRED;
+
+ if( NULL != f_vrfy )
+ {
+ if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
+ return( ret );
+ }
+ }
+
+ /* Call callback on top cert */
+ if( NULL != f_vrfy )
+ {
+ if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
+ return( ret );
+ }
+
+ *flags |= ca_flags;
+
+ return( 0 );
+}
+
+static int x509_crt_verify_child(
+ x509_crt *child, x509_crt *parent, x509_crt *trust_ca,
+ x509_crl *ca_crl, int path_cnt, int *flags,
+ int (*f_vrfy)(void *, x509_crt *, int, int *),
+ void *p_vrfy )
+{
+ int ret;
+ int parent_flags = 0;
+ unsigned char hash[POLARSSL_MD_MAX_SIZE];
+ x509_crt *grandparent;
+ const md_info_t *md_info;
+
+ if( x509_time_expired( &child->valid_to ) )
+ *flags |= BADCERT_EXPIRED;
+
+ md_info = md_info_from_type( child->sig_md );
+ if( md_info == NULL )
+ {
+ /*
+ * Cannot check 'unknown' hash
+ */
+ *flags |= BADCERT_NOT_TRUSTED;
+ }
+ else
+ {
+ md( md_info, child->tbs.p, child->tbs.len, hash );
+
+ if( pk_can_do( &parent->pk, child->sig_pk ) == 0 ||
+ pk_verify( &parent->pk, child->sig_md, hash, md_info->size,
+ child->sig.p, child->sig.len ) != 0 )
+ {
+ *flags |= BADCERT_NOT_TRUSTED;
+ }
+ }
+
+#if defined(POLARSSL_X509_CRL_PARSE_C)
+ /* Check trusted CA's CRL for the given crt */
+ *flags |= x509_crt_verifycrl(child, parent, ca_crl);
+#endif
+
+ grandparent = parent->next;
+
+ while( grandparent != NULL )
+ {
+ if( grandparent->version == 0 ||
+ grandparent->ca_istrue == 0 ||
+ parent->issuer_raw.len != grandparent->subject_raw.len ||
+ memcmp( parent->issuer_raw.p, grandparent->subject_raw.p,
+ parent->issuer_raw.len ) != 0 )
+ {
+ grandparent = grandparent->next;
+ continue;
+ }
+ break;
+ }
+
+ if( grandparent != NULL )
+ {
+ /*
+ * Part of the chain
+ */
+ ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
+ if( ret != 0 )
+ return( ret );
+ }
+ else
+ {
+ ret = x509_crt_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
+ if( ret != 0 )
+ return( ret );
+ }
+
+ /* child is verified to be a child of the parent, call verify callback */
+ if( NULL != f_vrfy )
+ if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
+ return( ret );
+
+ *flags |= parent_flags;
+
+ return( 0 );
+}
+
+/*
+ * Verify the certificate validity
+ */
+int x509_crt_verify( x509_crt *crt,
+ x509_crt *trust_ca,
+ x509_crl *ca_crl,
+ const char *cn, int *flags,
+ int (*f_vrfy)(void *, x509_crt *, int, int *),
+ void *p_vrfy )
+{
+ size_t cn_len;
+ int ret;
+ int pathlen = 0;
+ x509_crt *parent;
+ x509_name *name;
+ x509_sequence *cur = NULL;
+
+ *flags = 0;
+
+ if( cn != NULL )
+ {
+ name = &crt->subject;
+ cn_len = strlen( cn );
+
+ if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
+ {
+ cur = &crt->subject_alt_names;
+
+ while( cur != NULL )
+ {
+ if( cur->buf.len == cn_len &&
+ x509_name_cmp( cn, cur->buf.p, cn_len ) == 0 )
+ break;
+
+ if( cur->buf.len > 2 &&
+ memcmp( cur->buf.p, "*.", 2 ) == 0 &&
+ x509_wildcard_verify( cn, &cur->buf ) )
+ break;
+
+ cur = cur->next;
+ }
+
+ if( cur == NULL )
+ *flags |= BADCERT_CN_MISMATCH;
+ }
+ else
+ {
+ while( name != NULL )
+ {
+ if( OID_CMP( OID_AT_CN, &name->oid ) )
+ {
+ if( name->val.len == cn_len &&
+ x509_name_cmp( name->val.p, cn, cn_len ) == 0 )
+ break;
+
+ if( name->val.len > 2 &&
+ memcmp( name->val.p, "*.", 2 ) == 0 &&
+ x509_wildcard_verify( cn, &name->val ) )
+ break;
+ }
+
+ name = name->next;
+ }
+
+ if( name == NULL )
+ *flags |= BADCERT_CN_MISMATCH;
+ }
+ }
+
+ /*
+ * Iterate upwards in the given cert chain, to find our crt parent.
+ * Ignore any upper cert with CA != TRUE.
+ */
+ parent = crt->next;
+
+ while( parent != NULL && parent->version != 0 )
+ {
+ if( parent->ca_istrue == 0 ||
+ crt->issuer_raw.len != parent->subject_raw.len ||
+ memcmp( crt->issuer_raw.p, parent->subject_raw.p,
+ crt->issuer_raw.len ) != 0 )
+ {
+ parent = parent->next;
+ continue;
+ }
+ break;
+ }
+
+ if( parent != NULL )
+ {
+ /*
+ * Part of the chain
+ */
+ ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
+ if( ret != 0 )
+ return( ret );
+ }
+ else
+ {
+ ret = x509_crt_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
+ if( ret != 0 )
+ return( ret );
+ }
+
+ if( *flags != 0 )
+ return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
+
+ return( 0 );
+}
+
+/*
+ * Initialize a certificate chain
+ */
+void x509_crt_init( x509_crt *crt )
+{
+ memset( crt, 0, sizeof(x509_crt) );
+}
+
+/*
+ * Unallocate all certificate data
+ */
+void x509_crt_free( x509_crt *crt )
+{
+ x509_crt *cert_cur = crt;
+ x509_crt *cert_prv;
+ x509_name *name_cur;
+ x509_name *name_prv;
+ x509_sequence *seq_cur;
+ x509_sequence *seq_prv;
+
+ if( crt == NULL )
+ return;
+
+ do
+ {
+ pk_free( &cert_cur->pk );
+
+ name_cur = cert_cur->issuer.next;
+ while( name_cur != NULL )
+ {
+ name_prv = name_cur;
+ name_cur = name_cur->next;
+ memset( name_prv, 0, sizeof( x509_name ) );
+ polarssl_free( name_prv );
+ }
+
+ name_cur = cert_cur->subject.next;
+ while( name_cur != NULL )
+ {
+ name_prv = name_cur;
+ name_cur = name_cur->next;
+ memset( name_prv, 0, sizeof( x509_name ) );
+ polarssl_free( name_prv );
+ }
+
+ seq_cur = cert_cur->ext_key_usage.next;
+ while( seq_cur != NULL )
+ {
+ seq_prv = seq_cur;
+ seq_cur = seq_cur->next;
+ memset( seq_prv, 0, sizeof( x509_sequence ) );
+ polarssl_free( seq_prv );
+ }
+
+ seq_cur = cert_cur->subject_alt_names.next;
+ while( seq_cur != NULL )
+ {
+ seq_prv = seq_cur;
+ seq_cur = seq_cur->next;
+ memset( seq_prv, 0, sizeof( x509_sequence ) );
+ polarssl_free( seq_prv );
+ }
+
+ if( cert_cur->raw.p != NULL )
+ {
+ memset( cert_cur->raw.p, 0, cert_cur->raw.len );
+ polarssl_free( cert_cur->raw.p );
+ }
+
+ cert_cur = cert_cur->next;
+ }
+ while( cert_cur != NULL );
+
+ cert_cur = crt;
+ do
+ {
+ cert_prv = cert_cur;
+ cert_cur = cert_cur->next;
+
+ memset( cert_prv, 0, sizeof( x509_crt ) );
+ if( cert_prv != crt )
+ polarssl_free( cert_prv );
+ }
+ while( cert_cur != NULL );
+}
+
+#endif
--- /dev/null
+/*
+ * X.509 Certificate Signing Request (CSR) parsing
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ * http://www.ietf.org/rfc/rfc3279.txt
+ * http://www.ietf.org/rfc/rfc3280.txt
+ *
+ * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_X509_CSR_PARSE_C)
+
+#include "polarssl/x509_csr.h"
+#include "polarssl/oid.h"
+#if defined(POLARSSL_PEM_PARSE_C)
+#include "polarssl/pem.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#define polarssl_malloc malloc
+#define polarssl_free free
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+
+#if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
+#include <stdio.h>
+#endif
+
+/*
+ * Version ::= INTEGER { v1(0) }
+ */
+static int x509_csr_get_version( unsigned char **p,
+ const unsigned char *end,
+ int *ver )
+{
+ int ret;
+
+ if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ {
+ *ver = 0;
+ return( 0 );
+ }
+
+ return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Parse a CSR
+ */
+int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
+{
+ int ret;
+ size_t len;
+ unsigned char *p, *end;
+#if defined(POLARSSL_PEM_PARSE_C)
+ size_t use_len;
+ pem_context pem;
+#endif
+
+ /*
+ * Check for valid input
+ */
+ if( csr == NULL || buf == NULL )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ x509_csr_init( csr );
+
+#if defined(POLARSSL_PEM_PARSE_C)
+ pem_init( &pem );
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN CERTIFICATE REQUEST-----",
+ "-----END CERTIFICATE REQUEST-----",
+ buf, NULL, 0, &use_len );
+
+ if( ret == 0 )
+ {
+ /*
+ * Was PEM encoded
+ */
+ buflen -= use_len;
+ buf += use_len;
+
+ /*
+ * Steal PEM buffer
+ */
+ p = pem.buf;
+ pem.buf = NULL;
+ len = pem.buflen;
+ pem_free( &pem );
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ {
+ pem_free( &pem );
+ return( ret );
+ }
+ else
+#endif
+ {
+ /*
+ * nope, copy the raw DER data
+ */
+ p = (unsigned char *) polarssl_malloc( len = buflen );
+
+ if( p == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ memcpy( p, buf, buflen );
+
+ buflen = 0;
+ }
+
+ csr->raw.p = p;
+ csr->raw.len = len;
+ end = p + len;
+
+ /*
+ * CertificationRequest ::= SEQUENCE {
+ * certificationRequestInfo CertificationRequestInfo,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signature BIT STRING
+ * }
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT );
+ }
+
+ if( len != (size_t) ( end - p ) )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ /*
+ * CertificationRequestInfo ::= SEQUENCE {
+ */
+ csr->cri.p = p;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+
+ end = p + len;
+ csr->cri.len = end - csr->cri.p;
+
+ /*
+ * Version ::= INTEGER { v1(0) }
+ */
+ if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( ret );
+ }
+
+ csr->version++;
+
+ if( csr->version != 1 )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
+ }
+
+ /*
+ * subject Name
+ */
+ csr->subject_raw.p = p;
+
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+
+ if( ( ret = x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( ret );
+ }
+
+ csr->subject_raw.len = p - csr->subject_raw.p;
+
+ /*
+ * subjectPKInfo SubjectPublicKeyInfo
+ */
+ if( ( ret = pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( ret );
+ }
+
+ /*
+ * attributes [0] Attributes
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
+ }
+ // TODO Parse Attributes / extension requests
+
+ p += len;
+
+ end = csr->raw.p + csr->raw.len;
+
+ /*
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signature BIT STRING
+ */
+ if( ( ret = x509_get_alg_null( &p, end, &csr->sig_oid ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( ret );
+ }
+
+ if( ( ret = x509_get_sig_alg( &csr->sig_oid, &csr->sig_md,
+ &csr->sig_pk ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
+ }
+
+ if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 )
+ {
+ x509_csr_free( csr );
+ return( ret );
+ }
+
+ if( p != end )
+ {
+ x509_csr_free( csr );
+ return( POLARSSL_ERR_X509_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_FS_IO)
+/*
+ * Load a CSR into the structure
+ */
+int x509_csr_parse_file( x509_csr *csr, const char *path )
+{
+ int ret;
+ size_t n;
+ unsigned char *buf;
+
+ if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
+ return( ret );
+
+ ret = x509_csr_parse( csr, buf, n );
+
+ memset( buf, 0, n + 1 );
+ polarssl_free( buf );
+
+ return( ret );
+}
+#endif /* POLARSSL_FS_IO */
+
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+#include <stdarg.h>
+
+#if !defined vsnprintf
+#define vsnprintf _vsnprintf
+#endif // vsnprintf
+
+/*
+ * Windows _snprintf and _vsnprintf are not compatible to linux versions.
+ * Result value is not size of buffer needed, but -1 if no fit is possible.
+ *
+ * This fuction tries to 'fix' this by at least suggesting enlarging the
+ * size by 20.
+ */
+static int compat_snprintf(char *str, size_t size, const char *format, ...)
+{
+ va_list ap;
+ int res = -1;
+
+ va_start( ap, format );
+
+ res = vsnprintf( str, size, format, ap );
+
+ va_end( ap );
+
+ // No quick fix possible
+ if ( res < 0 )
+ return( (int) size + 20 );
+
+ return res;
+}
+
+#define snprintf compat_snprintf
+#endif
+
+#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
+
+#define SAFE_SNPRINTF() \
+{ \
+ if( ret == -1 ) \
+ return( -1 ); \
+ \
+ if ( (unsigned int) ret > n ) { \
+ p[n - 1] = '\0'; \
+ return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
+ } \
+ \
+ n -= (unsigned int) ret; \
+ p += (unsigned int) ret; \
+}
+
+#define BEFORE_COLON 14
+#define BC "14"
+/*
+ * Return an informational string about the CSR.
+ */
+int x509_csr_info( char *buf, size_t size, const char *prefix,
+ const x509_csr *csr )
+{
+ int ret;
+ size_t n;
+ char *p;
+ const char *desc;
+ char key_size_str[BEFORE_COLON];
+
+ p = buf;
+ n = size;
+
+ ret = snprintf( p, n, "%sCSR version : %d",
+ prefix, csr->version );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%ssubject name : ", prefix );
+ SAFE_SNPRINTF();
+ ret = x509_dn_gets( p, n, &csr->subject );
+ SAFE_SNPRINTF();
+
+ ret = snprintf( p, n, "\n%ssigned using : ", prefix );
+ SAFE_SNPRINTF();
+
+ ret = oid_get_sig_alg_desc( &csr->sig_oid, &desc );
+ if( ret != 0 )
+ ret = snprintf( p, n, "???" );
+ else
+ ret = snprintf( p, n, "%s", desc );
+ SAFE_SNPRINTF();
+
+ if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
+ pk_get_name( &csr->pk ) ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
+ (int) pk_get_size( &csr->pk ) );
+ SAFE_SNPRINTF();
+
+ return( (int) ( size - n ) );
+}
+
+/*
+ * Initialize a CSR
+ */
+void x509_csr_init( x509_csr *csr )
+{
+ memset( csr, 0, sizeof(x509_csr) );
+}
+
+/*
+ * Unallocate all CSR data
+ */
+void x509_csr_free( x509_csr *csr )
+{
+ x509_name *name_cur;
+ x509_name *name_prv;
+
+ if( csr == NULL )
+ return;
+
+ pk_free( &csr->pk );
+
+ name_cur = csr->subject.next;
+ while( name_cur != NULL )
+ {
+ name_prv = name_cur;
+ name_cur = name_cur->next;
+ memset( name_prv, 0, sizeof( x509_name ) );
+ polarssl_free( name_prv );
+ }
+
+ if( csr->raw.p != NULL )
+ {
+ memset( csr->raw.p, 0, csr->raw.len );
+ polarssl_free( csr->raw.p );
+ }
+
+ memset( csr, 0, sizeof( x509_csr ) );
+}
+
+#endif /* POLARSSL_X509_CSR_PARSE_C */
--- /dev/null
+/*
+ * X.509 certificate writing
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * References:
+ * - certificates: RFC 5280, updated by RFC 6818
+ * - CSRs: PKCS#10 v1.7 aka RFC 2986
+ * - attributes: PKCS#9 v2.0 aka RFC 2985
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_X509_CRT_WRITE_C)
+
+#include "polarssl/x509_crt.h"
+#include "polarssl/oid.h"
+#include "polarssl/asn1write.h"
+#include "polarssl/sha1.h"
+
+#if defined(POLARSSL_PEM_WRITE_C)
+#include "polarssl/pem.h"
+#endif /* POLARSSL_PEM_WRITE_C */
+
+void x509write_crt_init( x509write_cert *ctx )
+{
+ memset( ctx, 0, sizeof(x509write_cert) );
+
+ mpi_init( &ctx->serial );
+ ctx->version = X509_CRT_VERSION_3;
+}
+
+void x509write_crt_free( x509write_cert *ctx )
+{
+ mpi_free( &ctx->serial );
+
+ asn1_free_named_data_list( &ctx->subject );
+ asn1_free_named_data_list( &ctx->issuer );
+ asn1_free_named_data_list( &ctx->extensions );
+
+ memset( ctx, 0, sizeof(x509write_cert) );
+}
+
+void x509write_crt_set_version( x509write_cert *ctx, int version )
+{
+ ctx->version = version;
+}
+
+void x509write_crt_set_md_alg( x509write_cert *ctx, md_type_t md_alg )
+{
+ ctx->md_alg = md_alg;
+}
+
+void x509write_crt_set_subject_key( x509write_cert *ctx, pk_context *key )
+{
+ ctx->subject_key = key;
+}
+
+void x509write_crt_set_issuer_key( x509write_cert *ctx, pk_context *key )
+{
+ ctx->issuer_key = key;
+}
+
+int x509write_crt_set_subject_name( x509write_cert *ctx,
+ const char *subject_name )
+{
+ return x509_string_to_names( &ctx->subject, subject_name );
+}
+
+int x509write_crt_set_issuer_name( x509write_cert *ctx,
+ const char *issuer_name )
+{
+ return x509_string_to_names( &ctx->issuer, issuer_name );
+}
+
+int x509write_crt_set_serial( x509write_cert *ctx, const mpi *serial )
+{
+ int ret;
+
+ if( ( ret = mpi_copy( &ctx->serial, serial ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int x509write_crt_set_validity( x509write_cert *ctx, const char *not_before,
+ const char *not_after )
+{
+ if( strlen(not_before) != X509_RFC5280_UTC_TIME_LEN - 1 ||
+ strlen(not_after) != X509_RFC5280_UTC_TIME_LEN - 1 )
+ {
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+ }
+ strncpy( ctx->not_before, not_before, X509_RFC5280_UTC_TIME_LEN );
+ strncpy( ctx->not_after , not_after , X509_RFC5280_UTC_TIME_LEN );
+ ctx->not_before[X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
+ ctx->not_after[X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
+
+ return( 0 );
+}
+
+int x509write_crt_set_extension( x509write_cert *ctx,
+ const char *oid, size_t oid_len,
+ int critical,
+ const unsigned char *val, size_t val_len )
+{
+ return x509_set_extension( &ctx->extensions, oid, oid_len,
+ critical, val, val_len );
+}
+
+int x509write_crt_set_basic_constraints( x509write_cert *ctx,
+ int is_ca, int max_pathlen )
+{
+ int ret;
+ unsigned char buf[9];
+ unsigned char *c = buf + sizeof(buf);
+ size_t len = 0;
+
+ memset( buf, 0, sizeof(buf) );
+
+ if( is_ca && max_pathlen > 127 )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ if( is_ca )
+ {
+ if( max_pathlen >= 0 )
+ {
+ ASN1_CHK_ADD( len, asn1_write_int( &c, buf, max_pathlen ) );
+ }
+ ASN1_CHK_ADD( len, asn1_write_bool( &c, buf, 1 ) );
+ }
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS,
+ OID_SIZE( OID_BASIC_CONSTRAINTS ),
+ 0, buf + sizeof(buf) - len, len );
+}
+
+#if defined(POLARSSL_SHA1_C)
+int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
+{
+ int ret;
+ unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
+ unsigned char *c = buf + sizeof(buf);
+ size_t len = 0;
+
+ memset( buf, 0, sizeof(buf));
+ ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->subject_key ) );
+
+ sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
+ c = buf + sizeof(buf) - 20;
+ len = 20;
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_OCTET_STRING ) );
+
+ return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER,
+ OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ),
+ 0, buf + sizeof(buf) - len, len );
+}
+
+int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
+{
+ int ret;
+ unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
+ unsigned char *c = buf + sizeof(buf);
+ size_t len = 0;
+
+ memset( buf, 0, sizeof(buf));
+ ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->issuer_key ) );
+
+ sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
+ c = buf + sizeof(buf) - 20;
+ len = 20;
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONTEXT_SPECIFIC | 0 ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER,
+ OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ),
+ 0, buf + sizeof(buf) - len, len );
+}
+#endif /* POLARSSL_SHA1_C */
+
+int x509write_crt_set_key_usage( x509write_cert *ctx, unsigned char key_usage )
+{
+ unsigned char buf[4];
+ unsigned char *c;
+ int ret;
+
+ c = buf + 4;
+
+ if( ( ret = asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
+ return( ret );
+
+ ret = x509write_crt_set_extension( ctx, OID_KEY_USAGE,
+ OID_SIZE( OID_KEY_USAGE ),
+ 1, buf, 4 );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int x509write_crt_set_ns_cert_type( x509write_cert *ctx,
+ unsigned char ns_cert_type )
+{
+ unsigned char buf[4];
+ unsigned char *c;
+ int ret;
+
+ c = buf + 4;
+
+ if( ( ret = asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+ return( ret );
+
+ ret = x509write_crt_set_extension( ctx, OID_NS_CERT_TYPE,
+ OID_SIZE( OID_NS_CERT_TYPE ),
+ 0, buf, 4 );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+static int x509_write_time( unsigned char **p, unsigned char *start,
+ const char *time, size_t size )
+{
+ int ret;
+ size_t len = 0;
+
+ /*
+ * write ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
+ */
+ if( time[0] == '2' && time[1] == '0' && time [2] < '5' )
+ {
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+ (const unsigned char *) time + 2,
+ size - 2 ) );
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_UTC_TIME ) );
+ }
+ else
+ {
+ ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+ (const unsigned char *) time,
+ size ) );
+ ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_GENERALIZED_TIME ) );
+ }
+
+ return( (int) len );
+}
+
+int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ const char *sig_oid;
+ size_t sig_oid_len = 0;
+ unsigned char *c, *c2;
+ unsigned char hash[64];
+ unsigned char sig[POLARSSL_MPI_MAX_SIZE];
+ unsigned char tmp_buf[2048];
+ size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
+ size_t len = 0;
+ pk_type_t pk_alg;
+
+ /*
+ * Prepare data to be signed in tmp_buf
+ */
+ c = tmp_buf + sizeof( tmp_buf );
+
+ /* Signature algorithm needed in TBS, and later for actual signature */
+ pk_alg = pk_get_type( ctx->issuer_key );
+ if( pk_alg == POLARSSL_PK_ECKEY )
+ pk_alg = POLARSSL_PK_ECDSA;
+
+ if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
+ &sig_oid, &sig_oid_len ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ /*
+ * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+ */
+ ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) );
+
+ /*
+ * SubjectPublicKeyInfo
+ */
+ ASN1_CHK_ADD( pub_len, pk_write_pubkey_der( ctx->subject_key,
+ tmp_buf, c - tmp_buf ) );
+ c -= pub_len;
+ len += pub_len;
+
+ /*
+ * Subject ::= Name
+ */
+ ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) );
+
+ /*
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ */
+ sub_len = 0;
+
+ ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
+ X509_RFC5280_UTC_TIME_LEN ) );
+
+ ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
+ X509_RFC5280_UTC_TIME_LEN ) );
+
+ len += sub_len;
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ /*
+ * Issuer ::= Name
+ */
+ ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->issuer ) );
+
+ /*
+ * Signature ::= AlgorithmIdentifier
+ */
+ ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, tmp_buf,
+ sig_oid, strlen( sig_oid ), 0 ) );
+
+ /*
+ * Serial ::= INTEGER
+ */
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
+
+ /*
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ */
+ sub_len = 0;
+ ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
+ len += sub_len;
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ /*
+ * Make signature
+ */
+ md( md_info_from_type( ctx->md_alg ), c, len, hash );
+
+ if( ( ret = pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
+ f_rng, p_rng ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ /*
+ * Write data to output buffer
+ */
+ c2 = buf + size;
+ ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf,
+ sig_oid, sig_oid_len, sig, sig_len ) );
+
+ c2 -= len;
+ memcpy( c2, c, len );
+
+ len += sig_and_oid_len;
+ ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return( (int) len );
+}
+
+#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"
+#define PEM_END_CRT "-----END CERTIFICATE-----\n"
+
+#if defined(POLARSSL_PEM_WRITE_C)
+int x509write_crt_pem( x509write_cert *crt, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ unsigned char output_buf[4096];
+ size_t olen = 0;
+
+ if( ( ret = x509write_crt_der( crt, output_buf, sizeof(output_buf),
+ f_rng, p_rng ) ) < 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
+ output_buf + sizeof(output_buf) - ret,
+ ret, buf, size, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_PEM_WRITE_C */
+
+#endif /* POLARSSL_X509_CRT_WRITE_C */
--- /dev/null
+/*
+ * X.509 Certificate Signing Request writing
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * References:
+ * - CSRs: PKCS#10 v1.7 aka RFC 2986
+ * - attributes: PKCS#9 v2.0 aka RFC 2985
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_X509_CSR_WRITE_C)
+
+#include "polarssl/x509_csr.h"
+#include "polarssl/oid.h"
+#include "polarssl/asn1write.h"
+
+#if defined(POLARSSL_PEM_WRITE_C)
+#include "polarssl/pem.h"
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+
+void x509write_csr_init( x509write_csr *ctx )
+{
+ memset( ctx, 0, sizeof(x509write_csr) );
+}
+
+void x509write_csr_free( x509write_csr *ctx )
+{
+ asn1_free_named_data_list( &ctx->subject );
+ asn1_free_named_data_list( &ctx->extensions );
+
+ memset( ctx, 0, sizeof(x509write_csr) );
+}
+
+void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg )
+{
+ ctx->md_alg = md_alg;
+}
+
+void x509write_csr_set_key( x509write_csr *ctx, pk_context *key )
+{
+ ctx->key = key;
+}
+
+int x509write_csr_set_subject_name( x509write_csr *ctx,
+ const char *subject_name )
+{
+ return x509_string_to_names( &ctx->subject, subject_name );
+}
+
+int x509write_csr_set_extension( x509write_csr *ctx,
+ const char *oid, size_t oid_len,
+ const unsigned char *val, size_t val_len )
+{
+ return x509_set_extension( &ctx->extensions, oid, oid_len,
+ 0, val, val_len );
+}
+
+int x509write_csr_set_key_usage( x509write_csr *ctx, unsigned char key_usage )
+{
+ unsigned char buf[4];
+ unsigned char *c;
+ int ret;
+
+ c = buf + 4;
+
+ if( ( ret = asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
+ return( ret );
+
+ ret = x509write_csr_set_extension( ctx, OID_KEY_USAGE,
+ OID_SIZE( OID_KEY_USAGE ),
+ buf, 4 );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int x509write_csr_set_ns_cert_type( x509write_csr *ctx,
+ unsigned char ns_cert_type )
+{
+ unsigned char buf[4];
+ unsigned char *c;
+ int ret;
+
+ c = buf + 4;
+
+ if( ( ret = asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+ return( ret );
+
+ ret = x509write_csr_set_extension( ctx, OID_NS_CERT_TYPE,
+ OID_SIZE( OID_NS_CERT_TYPE ),
+ buf, 4 );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ const char *sig_oid;
+ size_t sig_oid_len = 0;
+ unsigned char *c, *c2;
+ unsigned char hash[64];
+ unsigned char sig[POLARSSL_MPI_MAX_SIZE];
+ unsigned char tmp_buf[2048];
+ size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
+ size_t len = 0;
+ pk_type_t pk_alg;
+
+ /*
+ * Prepare data to be signed in tmp_buf
+ */
+ c = tmp_buf + sizeof( tmp_buf );
+
+ ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
+
+ if( len )
+ {
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SET ) );
+
+ ASN1_CHK_ADD( len, asn1_write_oid( &c, tmp_buf, OID_PKCS9_CSR_EXT_REQ,
+ OID_SIZE( OID_PKCS9_CSR_EXT_REQ ) ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ }
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );
+
+ ASN1_CHK_ADD( pub_len, pk_write_pubkey_der( ctx->key,
+ tmp_buf, c - tmp_buf ) );
+ c -= pub_len;
+ len += pub_len;
+
+ /*
+ * Subject ::= Name
+ */
+ ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) );
+
+ /*
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ */
+ ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ /*
+ * Prepare signature
+ */
+ md( md_info_from_type( ctx->md_alg ), c, len, hash );
+
+ pk_alg = pk_get_type( ctx->key );
+ if( pk_alg == POLARSSL_PK_ECKEY )
+ pk_alg = POLARSSL_PK_ECDSA;
+
+ if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
+ f_rng, p_rng ) ) != 0 ||
+ ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
+ &sig_oid, &sig_oid_len ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ /*
+ * Write data to output buffer
+ */
+ c2 = buf + size;
+ ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf,
+ sig_oid, sig_oid_len, sig, sig_len ) );
+
+ c2 -= len;
+ memcpy( c2, c, len );
+
+ len += sig_and_oid_len;
+ ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+ return( (int) len );
+}
+
+#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
+#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
+
+#if defined(POLARSSL_PEM_WRITE_C)
+int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ unsigned char output_buf[4096];
+ size_t olen = 0;
+
+ if( ( ret = x509write_csr_der( ctx, output_buf, sizeof(output_buf),
+ f_rng, p_rng ) ) < 0 )
+ {
+ return( ret );
+ }
+
+ if( ( ret = pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR,
+ output_buf + sizeof(output_buf) - ret,
+ ret, buf, size, &olen ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_PEM_WRITE_C */
+
+#endif /* POLARSSL_X509_CSR_WRITE_C */
/*
* An 32-bit implementation of the XTEA algorithm
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
#include "polarssl/xtea.h"
+#if !defined(POLARSSL_XTEA_ALT)
+
/*
* 32-bit integer manipulation macros (big endian)
*/
-#ifndef GET_ULONG_BE
-#define GET_ULONG_BE(n,b,i) \
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
{ \
- (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
- | ( (unsigned long) (b)[(i) + 1] << 16 ) \
- | ( (unsigned long) (b)[(i) + 2] << 8 ) \
- | ( (unsigned long) (b)[(i) + 3] ); \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
-#ifndef PUT_ULONG_BE
-#define PUT_ULONG_BE(n,b,i) \
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
/*
* XTEA key schedule
*/
-void xtea_setup( xtea_context *ctx, unsigned char key[16] )
+void xtea_setup( xtea_context *ctx, const unsigned char key[16] )
{
int i;
for( i = 0; i < 4; i++ )
{
- GET_ULONG_BE( ctx->k[i], key, i << 2 );
+ GET_UINT32_BE( ctx->k[i], key, i << 2 );
}
}
/*
* XTEA encrypt function
*/
-int xtea_crypt_ecb( xtea_context *ctx, int mode, unsigned char input[8],
- unsigned char output[8])
+int xtea_crypt_ecb( xtea_context *ctx, int mode,
+ const unsigned char input[8], unsigned char output[8])
{
uint32_t *k, v0, v1, i;
k = ctx->k;
-
- GET_ULONG_BE( v0, input, 0 );
- GET_ULONG_BE( v1, input, 4 );
+
+ GET_UINT32_BE( v0, input, 0 );
+ GET_UINT32_BE( v1, input, 4 );
if( mode == XTEA_ENCRYPT )
{
}
}
- PUT_ULONG_BE( v0, output, 0 );
- PUT_ULONG_BE( v1, output, 4 );
+ PUT_UINT32_BE( v0, output, 0 );
+ PUT_UINT32_BE( v1, output, 4 );
return( 0 );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
* XTEA-CBC buffer encryption/decryption
*/
-int xtea_crypt_cbc( xtea_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- unsigned char *input,
+int xtea_crypt_cbc( xtea_context *ctx, int mode, size_t length,
+ unsigned char iv[8], const unsigned char *input,
unsigned char *output)
{
int i;
unsigned char temp[8];
- if(length % 8)
+ if( length % 8 )
return( POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH );
- if( mode == XTEA_DECRYPT )
+ if( mode == XTEA_DECRYPT )
{
while( length > 0 )
{
memcpy( temp, input, 8 );
xtea_crypt_ecb( ctx, mode, input, output );
- for(i = 0; i < 8; i++)
+ for(i = 0; i < 8; i++)
output[i] = (unsigned char)( output[i] ^ iv[i] );
memcpy( iv, temp, 8 );
output += 8;
length -= 8;
}
- }
- else
+ }
+ else
{
while( length > 0 )
{
xtea_crypt_ecb( ctx, mode, output, output );
memcpy( iv, output, 8 );
-
+
input += 8;
output += 8;
length -= 8;
return( 0 );
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* !POLARSSL_XTEA_ALT */
#if defined(POLARSSL_SELF_TEST)
memcpy( buf, xtea_test_pt[i], 8 );
- xtea_setup( &ctx, (unsigned char *) xtea_test_key[i] );
+ xtea_setup( &ctx, xtea_test_key[i] );
xtea_crypt_ecb( &ctx, XTEA_ENCRYPT, buf, buf );
if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
projects / pdns / commitdiff