Merge changes to config examples and configuration issues

This commit is contained in:
Paul Bakker 2014-06-25 11:27:00 +02:00
commit 2a45d1c8bb
19 changed files with 290 additions and 117 deletions

View File

@ -16,6 +16,8 @@ Features
* Support for parsing and verifying RSASSA-PSS signatures in the X.509
modules (certificates, CRLs and CSRs).
* Blowfish in the cipher layer now supports variable length keys.
* Add example config.h for PSK with CCM, optimized for low RAM usage.
* Optimize for RAM usage in example config.h for NSA Suite B profile.
Changes
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is

View File

@ -0,0 +1,55 @@
/*
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
* Distinguishing features:
* - no bignum, no PK, no X509
* - fully modern and secure (provided the pre-shared keys have high entropy)
* - very low record overhead if using the CCM-8 suites
* - optimized for low RAM usage
*
* See README.txt for usage instructions.
*/
#ifndef POLARSSL_CONFIG_H
#define POLARSSL_CONFIG_H
/* System support */
//#define POLARSSL_HAVE_IPV6 /* Optional */
//#define POLARSSL_HAVE_TIME /* Optionnaly used in Hello messages */
/* Other POLARSSL_HAVE_XXX flags irrelevant for this configuration */
/* PolarSSL feature support */
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
#define POLARSSL_SSL_PROTO_TLS1_2
/* PolarSSL modules */
#define POLARSSL_AES_C
#define POLARSSL_CCM_C
#define POLARSSL_CIPHER_C
#define POLARSSL_CTR_DRBG_C
#define POLARSSL_ENTROPY_C
#define POLARSSL_MD_C
#define POLARSSL_NET_C
#define POLARSSL_SHA256_C
#define POLARSSL_SSL_CLI_C
#define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C
/* Save RAM at the expense of ROM */
#define POLARSSL_AES_ROM_TABLES
/*
* You should adjust this to the exact number of sources you're using: default
* is the "platform_entropy_poll" source, but you may want to add other ones
* Minimum is 2 for the entropy test suite.
*/
#define ENTROPY_MAX_SOURCES 2
/*
* Save RAM at the expense of interoperability: do this only if you control
* both ends of the connection! (See coments in "polarssl/ssl.h".)
* The optimal size here depends on the typical size of records.
*/
#define SSL_MAX_CONTENT_LEN 512
#include "check_config.h"
#endif /* POLARSSL_CONFIG_H */

53
configs/config-picocoin.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Reduced configuration used by Picocoin.
*
* See README.txt for usage instructions.
*
* Distinguishing features:
* - no SSL/TLS;
* - no X.509;
* - ECDSA/PK and some other chosen crypto bits.
*/
#ifndef POLARSSL_CONFIG_H
#define POLARSSL_CONFIG_H
/* System support */
#define POLARSSL_HAVE_LONGLONG
#define POLARSSL_HAVE_ASM
#define POLARSSL_HAVE_TIME
#define POLARSSL_HAVE_IPV6
/* PolarSSL feature support */
#define POLARSSL_CIPHER_MODE_CBC
#define POLARSSL_CIPHER_PADDING_PKCS7
#define POLARSSL_ECP_DP_SECP256K1_ENABLED
#define POLARSSL_ECDSA_DETERMINISTIC
#define POLARSSL_PK_PARSE_EC_EXTENDED
#define POLARSSL_ERROR_STRERROR_DUMMY
#define POLARSSL_FS_IO
/* PolarSSL modules */
#define POLARSSL_AESNI_C
#define POLARSSL_AES_C
#define POLARSSL_ASN1_PARSE_C
#define POLARSSL_ASN1_WRITE_C
#define POLARSSL_BASE64_C
#define POLARSSL_BIGNUM_C
#define POLARSSL_ECDSA_C
#define POLARSSL_ECP_C
#define POLARSSL_ENTROPY_C
#define POLARSSL_HMAC_DRBG_C
#define POLARSSL_MD_C
#define POLARSSL_OID_C
#define POLARSSL_PADLOCK_C
#define POLARSSL_PK_C
#define POLARSSL_PK_PARSE_C
#define POLARSSL_PK_WRITE_C
#define POLARSSL_RIPEMD160_C
#define POLARSSL_SHA1_C
#define POLARSSL_SHA256_C
#include "check_config.h"
#endif /* POLARSSL_CONFIG_H */

View File

@ -2,15 +2,19 @@
* Custom compact configuration for TLS 1.0 with PSK and RC4
* Distinguishing features: no bignum, no PK, no X509.
*
* WARNING: RC4 is in the process of being deprecated!
* This configuration is kept for testing purposes only, DO NOT USE it!
* For a safe and lean PSK-based configuration, see config-ccm-psk-tls1_2.h
*
* See README.txt for usage instructions.
*/
#ifndef POLARSSL_CONFIG_H
#define POLARSSL_CONFIG_H
/* System support */
#define POLARSSL_HAVE_TIME
#define POLARSSL_HAVE_IPV6
//#define POLARSSL_HAVE_IPV6 /* Optional */
//#define POLARSSL_HAVE_TIME /* Optionnaly used in Hello messages */
/* Other POLARSSL_HAVE_XXX flags irrelevant for this configuration */
/* PolarSSL feature support */
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
@ -19,15 +23,12 @@
/* PolarSSL modules */
#define POLARSSL_AES_C
#define POLARSSL_ARC4_C
#define POLARSSL_ASN1_PARSE_C
#define POLARSSL_ASN1_WRITE_C
#define POLARSSL_CIPHER_C
#define POLARSSL_CTR_DRBG_C
#define POLARSSL_ENTROPY_C
#define POLARSSL_MD_C
#define POLARSSL_MD5_C
#define POLARSSL_NET_C
#define POLARSSL_OID_C
#define POLARSSL_SHA1_C
#define POLARSSL_SHA256_C
#define POLARSSL_SSL_CLI_C

View File

@ -1,6 +1,14 @@
/*
* Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
*
* Distinguishing features:
* - no RSA or classic DH, fully based on ECC
* - optimized for low RAM usage
*
* Possible improvements:
* - if 128-bit security is enough, disable secp384r1 and SHA-512
* - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
*
* See README.txt for usage instructions.
*/
@ -48,8 +56,34 @@
#define POLARSSL_CERTS_C
#define POLARSSL_PEM_PARSE_C
/* For testing with compat.sh */
#define POLARSSL_FS_IO
/* Save RAM at the expense of ROM */
#define POLARSSL_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
#define POLARSSL_ECP_MAX_BITS 384
#define POLARSSL_MPI_MAX_SIZE 48 // 384 bits is 48 bytes
/* Save RAM at the expense of speed, see ecp.h */
#define POLARSSL_ECP_WINDOW_SIZE 2
#define POLARSSL_ECP_FIXED_POINT_OPTIM 0
/* Uncomment for a significant speed benefit at the expense of some ROM */
//#define POLARSSL_ECP_NIST_OPTIM
/*
* You should adjust this to the exact number of sources you're using: default
* is the "platform_entropy_poll" source, but you may want to add other ones.
* Minimum is 2 for the entropy test suite.
*/
#define ENTROPY_MAX_SOURCES 2
/*
* Save RAM at the expense of interoperability: do this only if you control
* both ends of the connection! (See coments in "polarssl/ssl.h".)
* The minimum size here depends on the certificate chain used as well as the
* typical size of records.
*/
#define SSL_MAX_CONTENT_LEN 1024
#include "polarssl/check_config.h"

View File

@ -36,7 +36,7 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_GCM_C)
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
#define POLARSSL_CIPHER_MODE_AEAD
#endif
@ -534,25 +534,21 @@ int cipher_set_iv( cipher_context_t *ctx,
*/
int cipher_reset( cipher_context_t *ctx );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
/**
* \brief Add additional data (for AEAD ciphers).
* This function has no effect for non-AEAD ciphers.
* For AEAD ciphers, it may or may not be called
* repeatedly, and/or interleaved with calls to
* cipher_udpate(), depending on the cipher.
* E.g. for GCM is must be called exactly once, right
* after cipher_reset().
* Currently only supported with GCM.
* Must be called exactly once, after cipher_reset().
*
* \param ctx generic cipher context
* \param ad Additional data to use.
* \param ad_len Length of ad.
*
* \returns 0 on success, or a specific error code.
* \return 0 on success, or a specific error code.
*/
int cipher_update_ad( cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
/**
* \brief Generic cipher update function. Encrypts/decrypts
@ -606,10 +602,10 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input,
int cipher_finish( cipher_context_t *ctx,
unsigned char *output, size_t *olen );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
/**
* \brief Write tag for AEAD ciphers.
* No effect for other ciphers.
* Currently only supported with GCM.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
@ -623,9 +619,8 @@ int cipher_write_tag( cipher_context_t *ctx,
/**
* \brief Check tag for AEAD ciphers.
* No effect for other ciphers.
* Calling time depends on the cipher:
* for GCM, must be called after cipher_finish().
* Currently only supported with GCM.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
* \param tag Buffer holding the tag
@ -635,7 +630,7 @@ int cipher_write_tag( cipher_context_t *ctx,
*/
int cipher_check_tag( cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
/**
* \brief Generic all-in-one encryption/decryption

View File

@ -234,24 +234,22 @@ int cipher_reset( cipher_context_t *ctx )
return( 0 );
}
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
int cipher_update_ad( cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
if( NULL == ctx || NULL == ctx->cipher_info )
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
ctx->iv, ctx->iv_size, ad, ad_len );
}
#endif
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
int cipher_update( cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen )
@ -724,7 +722,7 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
}
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
int cipher_write_tag( cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
@ -734,10 +732,8 @@ int cipher_write_tag( cipher_context_t *ctx,
if( POLARSSL_ENCRYPT != ctx->operation )
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
#endif
return( 0 );
}
@ -753,7 +749,6 @@ int cipher_check_tag( cipher_context_t *ctx,
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
unsigned char check_tag[16];
@ -778,11 +773,10 @@ int cipher_check_tag( cipher_context_t *ctx,
return( 0 );
}
#endif /* POLARSSL_GCM_C */
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
/*
* Packet-oriented wrapper for non-AEAD modes

View File

@ -62,12 +62,12 @@
#define polarssl_free free
#endif
#if defined(POLARSSL_FS_IO)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if defined(POLARSSL_FS_IO)
/*
* Load all data from a file into a given buffer.
*/

View File

@ -1105,23 +1105,23 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CCM_C)
{ TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
{ TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
{ TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
{ TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
{ TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
{ TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
@ -1241,23 +1241,23 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CCM_C)
{ TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
{ TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
{ TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
{ TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
{ TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
{ TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },

View File

@ -148,8 +148,10 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
size_t *olen )
{
unsigned char *p = buf;
unsigned char *sig_alg_list = buf + 6;
size_t sig_alg_len = 0;
#if defined(POLARSSL_RSA_C) || defined(POLARSSL_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
#endif
*olen = 0;

View File

@ -63,8 +63,13 @@ int main( int argc, char *argv[] )
#define DFL_FILENAME "keyfile.key"
#define DFL_DEBUG_LEVEL 0
#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
#if defined(POLARSSL_PEM_WRITE_C)
#define DFL_OUTPUT_FILENAME "keyfile.pem"
#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
#else
#define DFL_OUTPUT_FILENAME "keyfile.der"
#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER
#endif
/*
* global options
@ -88,6 +93,7 @@ static int write_public_key( pk_context *key, const char *output_file )
memset(output_buf, 0, 16000);
#if defined(POLARSSL_PEM_WRITE_C)
if( opt.output_format == OUTPUT_FORMAT_PEM )
{
if( ( ret = pk_write_pubkey_pem( key, output_buf, 16000 ) ) != 0 )
@ -96,6 +102,7 @@ static int write_public_key( pk_context *key, const char *output_file )
len = strlen( (char *) output_buf );
}
else
#endif
{
if( ( ret = pk_write_pubkey_der( key, output_buf, 16000 ) ) < 0 )
return( ret );
@ -127,6 +134,8 @@ static int write_private_key( pk_context *key, const char *output_file )
size_t len = 0;
memset(output_buf, 0, 16000);
#if defined(POLARSSL_PEM_WRITE_C)
if( opt.output_format == OUTPUT_FORMAT_PEM )
{
if( ( ret = pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
@ -135,6 +144,7 @@ static int write_private_key( pk_context *key, const char *output_file )
len = strlen( (char *) output_buf );
}
else
#endif
{
if( ( ret = pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
return( ret );
@ -157,14 +167,23 @@ static int write_private_key( pk_context *key, const char *output_file )
return( 0 );
}
#if defined(POLARSSL_PEM_WRITE_C)
#define USAGE_OUT \
" output_file=%%s default: keyfile.pem\n" \
" output_format=pem|der default: pem\n"
#else
#define USAGE_OUT \
" output_file=%%s default: keyfile.der\n" \
" output_format=der default: der\n"
#endif
#define USAGE \
"\n usage: key_app param=<>...\n" \
"\n acceptable parameters:\n" \
" mode=private|public default: none\n" \
" filename=%%s default: keyfile.key\n" \
" output_mode=private|public default: none\n" \
" output_file=%%s default: keyfile.pem\n" \
" output_format=pem|der default: pem\n" \
USAGE_OUT \
"\n"
int main( int argc, char *argv[] )
@ -222,9 +241,12 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "output_format" ) == 0 )
{
#if defined(POLARSSL_PEM_WRITE_C)
if( strcmp( q, "pem" ) == 0 )
opt.output_format = OUTPUT_FORMAT_PEM;
else if( strcmp( q, "der" ) == 0 )
else
#endif
if( strcmp( q, "der" ) == 0 )
opt.output_format = OUTPUT_FORMAT_DER;
else
goto usage;

View File

@ -29,6 +29,22 @@
#include POLARSSL_CONFIG_FILE
#endif
#if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
#include <stdio.h>
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
@ -304,20 +320,6 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
" force_ciphersuite=<name> default: all enabled\n"\
" acceptable ciphersuite names:\n"
#if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
int main( int argc, char *argv[] )
{
int ret = 0, len, server_fd, i, written, frags;

View File

@ -29,6 +29,22 @@
#include POLARSSL_CONFIG_FILE
#endif
#if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
#include <stdio.h>
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && defined(POLARSSL_FS_IO)
#define POLARSSL_SNI
#endif
@ -312,21 +328,6 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
" force_ciphersuite=<name> default: all enabled\n" \
" acceptable ciphersuite names:\n"
#if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
/*
* Used by sni_parse and psk_parse to handle coma-separated lists
*/

View File

@ -16,7 +16,11 @@ my %configs = (
'config-mini-tls1_1.h'
=> '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
'config-suite-b.h'
=> "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM'",
=> "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p PolarSSL",
'config-picocoin.h'
=> 0,
'config-ccm-psk-tls1_2.h'
=> '-m tls1_2 -f \'TLS-PSK.*AES.*CCM\'',
);
# If no config-name is provided, use all known configs.
@ -59,10 +63,18 @@ while( my ($conf, $args) = each %configs ) {
system( "make" ) and abort "Failed to build: $conf\n";
system( "make $test" ) and abort "Failed test suite: $conf\n";
if( $args )
{
print "\nrunning compat.sh $args\n";
system( "cd tests && ./compat.sh $args" )
and abort "Failed compat.sh: $conf\n";
}
else
{
print "\nskipping compat.sh\n";
}
}
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
system( "make clean" );

View File

@ -60,7 +60,7 @@ void cipher_null_args( )
TEST_ASSERT( cipher_reset( NULL ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
TEST_ASSERT( cipher_reset( &ctx ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( cipher_update_ad( NULL, buf, 0 )
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
TEST_ASSERT( cipher_update_ad( &ctx, buf, 0 )
@ -77,7 +77,7 @@ void cipher_null_args( )
TEST_ASSERT( cipher_finish( &ctx, buf, &olen )
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( cipher_write_tag( NULL, buf, olen )
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
TEST_ASSERT( cipher_write_tag( &ctx, buf, olen )
@ -157,10 +157,10 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* encode length number of bytes from inbuf */
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
@ -174,9 +174,9 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
TEST_ASSERT( 0 == cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
total_len += outlen;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
TEST_ASSERT( total_len == length ||
( total_len % cipher_get_block_size( &ctx_enc ) == 0 &&
@ -195,9 +195,9 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
TEST_ASSERT( 0 == cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
total_len += outlen;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* check result */
TEST_ASSERT( total_len == length );
@ -250,9 +250,9 @@ void enc_fail( int cipher_id, int pad_mode, int key_len,
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, 16 ) );
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx, NULL, 0 ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* encode length number of bytes from inbuf */
TEST_ASSERT( 0 == cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
@ -297,9 +297,9 @@ void dec_empty_buf()
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* decode 0-byte string */
TEST_ASSERT( 0 == cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
@ -359,10 +359,10 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, NULL, 0 ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* encode length number of bytes from inbuf */
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
@ -416,7 +416,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
unsigned char ad[200];
unsigned char tag[20];
size_t key_len, iv_len, cipher_len, clear_len;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
size_t ad_len, tag_len;
#endif
cipher_context_t ctx;
@ -435,7 +435,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
iv_len = unhexify( iv, hex_iv );
cipher_len = unhexify( cipher, hex_cipher );
clear_len = unhexify( clear, hex_clear );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
ad_len = unhexify( ad, hex_ad );
tag_len = unhexify( tag, hex_tag );
#else
@ -455,9 +455,9 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, iv_len ) );
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx, ad, ad_len ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* decode buffer and check tag */
total_len = 0;
@ -466,9 +466,9 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
TEST_ASSERT( finish_result == cipher_finish( &ctx, output + outlen,
&outlen ) );
total_len += outlen;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( tag_result == cipher_check_tag( &ctx, tag, tag_len ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* check plaintext only if everything went fine */
if( 0 == finish_result && 0 == tag_result )

View File

@ -23,7 +23,7 @@ depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
ecdsa_prim_test_vectors:POLARSSL_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315"
ECDSA primitive rfc 4754 p384
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED
ecdsa_prim_test_vectors:POLARSSL_ECP_DP_SECP384R1:"0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F"
ECDSA primitive rfc 4754 p521

View File

@ -269,7 +269,7 @@ depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
ecp_tls_read_group:"030017":0:256
ECP tls read group #5 (OK, buffer continues)
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED
ecp_tls_read_group:"0300180000":0:384
ECP tls write-read group #1

View File

@ -9,7 +9,7 @@
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
void pk_write_pubkey_check( char *key_file )
{
pk_context key;
@ -40,7 +40,7 @@ void pk_write_pubkey_check( char *key_file )
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
void pk_write_key_check( char *key_file )
{
pk_context key;

View File

@ -142,7 +142,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */
void x509_dn_gets( char *crt_file, char *entity, char *result_str )
{
x509_crt crt;
@ -169,7 +169,7 @@ void x509_dn_gets( char *crt_file, char *entity, char *result_str )
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */
void x509_time_expired( char *crt_file, char *entity, int result )
{
x509_crt crt;
@ -189,7 +189,7 @@ void x509_time_expired( char *crt_file, char *entity, int result )
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */
void x509_time_future( char *crt_file, char *entity, int result )
{
x509_crt crt;
@ -316,7 +316,7 @@ void x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */
void x509_oid_desc( char *oid_str, char *ref_desc )
{
x509_buf oid;
@ -341,7 +341,7 @@ void x509_oid_desc( char *oid_str, char *ref_desc )
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */
void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
{
x509_buf oid;