arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

dir changes - things are broken at the moment

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@116 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-08-29 09:15:39 +00:00
parent a1bfbe6b07
commit f9ee197cff
40 changed files with 432 additions and 901 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -33,6 +33,7 @@ RELEASE=axTLS-$(VERSION)
# standard version # standard version
target: target:
$(MAKE) -C crypto
$(MAKE) -C ssl $(MAKE) -C ssl
ifdef CONFIG_AXHTTPD ifdef CONFIG_AXHTTPD
$(MAKE) -C httpd $(MAKE) -C httpd
@ -100,6 +101,7 @@ test:
# tidy up things # tidy up things
clean:: clean::
@cd crypto; $(MAKE) clean
@cd ssl; $(MAKE) clean @cd ssl; $(MAKE) clean
@cd httpd; $(MAKE) clean @cd httpd; $(MAKE) clean
@cd samples; $(MAKE) clean @cd samples; $(MAKE) clean

8
bindings/csharp/axTLS.cs
View File

@ -95,9 +95,10 @@ namespace axTLS
*/ */
public byte[] GetSessionId() public byte[] GetSessionId()
{ {
byte[] result = new byte[axtls.SSL_SESSION_ID_SIZE];
IntPtr ptr = axtls.ssl_get_session_id(m_ssl); IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE); byte sess_id_size = axtls.ssl_get_session_id_size(m_ssl);
byte[] result = new byte[sess_id_size];
Marshal.Copy(ptr, result, 0, sess_id_size);
return result; return result;
} }
@ -470,7 +471,8 @@ namespace axTLS
public SSL Connect(Socket s, byte[] session_id) public SSL Connect(Socket s, byte[] session_id)
{ {
int client_fd = s.Handle.ToInt32(); int client_fd = s.Handle.ToInt32();
return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id)); return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id,
session_id ? null : session_id.Length));
} }
} }
} }

33
bindings/java/Makefile
View File

@ -16,18 +16,20 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
include ../../config/.config AXTLS_HOME=../..
include ../../config/makefile.conf
include ../../config/makefile.java.conf include $(AXTLS_HOME)/config/.config
include $(AXTLS_HOME)/config/makefile.conf
include $(AXTLS_HOME)/config/makefile.java.conf
all: lib jar all: lib jar
JAR=../../$(STAGE)/axtls.jar JAR=$(AXTLS_HOME)/$(STAGE)/axtls.jar
ifdef CONFIG_PLATFORM_WIN32 ifdef CONFIG_PLATFORM_WIN32
TARGET=../../$(STAGE)/axtlsj.dll TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsj.dll
else else
TARGET=../../$(STAGE)/libaxtlsj.so TARGET=$(AXTLS_HOME)/$(STAGE)/libaxtlsj.so
endif endif
lib: $(TARGET) lib: $(TARGET)
@ -46,32 +48,19 @@ JAVA_FILES= \
OBJ=axTLSj_wrap.o OBJ=axTLSj_wrap.o
AXTLS_HOME=../..
SSL_HOME=$(AXTLS_HOME)/ssl
CONFIG_HOME=$(AXTLS_HOME)/config
JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class) JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
ifdef CONFIG_PLATFORM_WIN32 ifdef CONFIG_PLATFORM_WIN32
CFLAGS += /I"$(shell cygpath -w $(SSL_HOME))" LDFLAGS += axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
CFLAGS += /I"$(shell cygpath -w $(CONFIG_HOME))"
LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
include ../../config/makefile.post include $(AXTLS_HOME)/config/makefile.post
$(TARGET) : $(OBJ) $(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ) $(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
else # Not Win32 else # Not Win32
ifdef CONFIG_PLATFORM_CYGWIN
SSL_HOME:=$(shell cygpath -u $(SSL_HOME))
CONFIG_HOME:=$(shell cygpath -u $(CONFIG_HOME))
endif
CFLAGS += -I$(SSL_HOME)
CFLAGS += -I$(CONFIG_HOME)
$(TARGET) : $(OBJ) $(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) -L ../../$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls $(LD) $(LDFLAGS) -L $(AXTLS_HOME)/$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls
endif endif
jar: $(OBJ) $(JAR) jar: $(OBJ) $(JAR)

24
bindings/lua/Makefile
View File

@ -16,36 +16,36 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
include ../../config/.config AXTLS_HOME=../..
include ../../config/makefile.conf
include $(AXTLS_HOME)/config/.config
include $(AXTLS_HOME)/config/makefile.conf
all: lib all: lib
ifdef CONFIG_PLATFORM_WIN32 ifdef CONFIG_PLATFORM_WIN32
TARGET=../../$(STAGE)/axtlsl.dll TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.dll
else else
TARGET=../../$(STAGE)/axtlsl.so TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.so
endif endif
ifneq ($(MAKECMDGOALS), clean) ifneq ($(MAKECMDGOALS), clean)
lib: $(TARGET) lib: $(TARGET)
AXTLS_HOME=../..
SSL_HOME=$(AXTLS_HOME)/ssl
CONFIG_HOME=$(AXTLS_HOME)/config
OBJ:=axTLSl_wrap.o OBJ:=axTLSl_wrap.o
include ../../config/makefile.post include $(AXTLS_HOME)/config/makefile.post
# there are a few static functions that aren't used # there are a few static functions that aren't used
CFLAGS += -funit-at-a-time CFLAGS += -funit-at-a-time
$(TARGET) : $(OBJ) $(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $^ -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua $(LD) $(LDFLAGS) $(LDSHARED) -o $@ $^ -L$(AXTLS_HOME)/$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include CFLAGS += -I $(CONFIG_LUA_CORE)/include
else else
CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`" /I"`cygpath -w $(CONFIG_LUA_CORE)/include`" CFLAGS += /I"`cygpath -w $(CONFIG_LUA_CORE)/include`"
LDFLAGS += axtls.lib /libpath:"../../$(STAGE)" LDFLAGS += axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
$(TARGET) : $(OBJ) $(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ) $(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)

30
bindings/perl/Makefile
View File

@ -16,15 +16,17 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
include ../../config/.config AXTLS_HOME=../..
include ../../config/makefile.conf
include $(AXTLS_HOME)/config/.config
include $(AXTLS_HOME)/config/makefile.conf
all: lib all: lib
ifdef CONFIG_PLATFORM_WIN32 ifdef CONFIG_PLATFORM_WIN32
TARGET=../../$(STAGE)/axtlsp.dll TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsp.dll
else else
TARGET=../../$(STAGE)/libaxtlsp.so TARGET=$(AXTLS_HOME)/$(STAGE)/libaxtlsp.so
endif endif
ifneq ($(MAKECMDGOALS), clean) ifneq ($(MAKECMDGOALS), clean)
@ -46,11 +48,8 @@ test_perl:
endif endif
lib: $(TARGET) lib: $(TARGET)
AXTLS_HOME=../..
SSL_HOME=$(AXTLS_HOME)/ssl
CONFIG_HOME=$(AXTLS_HOME)/config
OBJ:=axTLSp_wrap.o OBJ:=axTLSp_wrap.o
include ../../config/makefile.post include $(AXTLS_HOME)/config/makefile.post
ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin
@ -60,22 +59,21 @@ ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin
# work. # work.
# #
$(TARGET) : $(OBJ) $(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) -L ../../$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl $(LD) $(LDFLAGS) -L$(AXTLS_HOME)/$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
ifdef CONFIG_PLATFORM_CYGWIN ifdef CONFIG_PLATFORM_CYGWIN
cd ../../$(STAGE); ln -sf $(notdir $@) axtlsp.dll cd $(AXTLS_HOME)/$(STAGE); ln -sf $(notdir $@) axtlsp.dll
endif endif
@install axtlsp.pm ../../$(STAGE) @install axtlsp.pm $(AXTLS_HOME)/$(STAGE)
CFLAGS += -D_GNU_SOURCE -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE) CFLAGS += -D_GNU_SOURCE -I$(PERL5_CORE)
else else
CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
CFLAGS += /I"$(PERL5_CORE)" CFLAGS += /I"$(PERL5_CORE)"
LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../$(STAGE)" LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
$(TARGET) : $(OBJ) $(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ) $(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
install axtlsp.pm ../../$(STAGE) install axtlsp.pm $(AXTLS_HOME)/$(STAGE)
endif # WIN32 endif # WIN32
clean:: clean::
@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../$(STAGE)/axtlsp.pm @rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend $(AXTLS_HOME)/$(STAGE)/axtlsp.pm

12
bindings/vbnet/axTLSvb.vb
View File

@ -46,9 +46,11 @@ Namespace axTLSvb
End Function End Function
Public Function GetSessionId() As Byte() Public Function GetSessionId() As Byte()
Dim result(axtls.SSL_SESSION_ID_SIZE) As Byte
Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl) Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl)
Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE) Dim sess_id_size As Integer = axtls.ssl_get_session_id_size(m_ssl)
Dim result(sess_id_size) As Byte
Marshal.Copy(ptr, result, 0, sess_id_size)
Return result Return result
End Function End Function
@ -170,9 +172,11 @@ Namespace axTLSvb
End Sub End Sub
Public Function Connect(ByVal s As Socket, _ Public Function Connect(ByVal s As Socket, _
ByVal session_id As Byte()) As SSL ByVal session_id As Byte(), _
ByVal sess_id_size As Integer) As SSL
Dim client_fd As Integer = s.Handle.ToInt32() Dim client_fd As Integer = s.Handle.ToInt32()
Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id)) Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id, _
sess_id_size))
End Function End Function
End Class End Class

2
config/makefile.conf
View File

@ -71,7 +71,7 @@ else # Not Win32
-include .depend -include .depend
CFLAGS += -I../config CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
LD=$(CC) LD=$(CC)
# Solaris # Solaris

33
crypto/Makefile Normal file
View File

@ -0,0 +1,33 @@
#
# Copyright(C) 2007 Cameron Rich
#
# This library is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../config/.config
include ../config/makefile.conf
AXTLS_HOME=..
OBJ=\
aes.o \
hmac.o \
md5.o \
rc4.o \
sha1.o
all: $(OBJ)
include ../config/makefile.post

0
ssl/aes.c → crypto/aes.c
View File

129
crypto/crypto.h Normal file
View File

@ -0,0 +1,129 @@
/*
* Copyright(C) 2006 Cameron Rich
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file crypto.h
*/
#ifndef HEADER_CRYPTO_H
#define HEADER_CRYPTO_H
#ifdef __cplusplus
extern "C" {
#endif
#include "os_port.h"
/**************************************************************************
* AES declarations
**************************************************************************/
#define AES_MAXROUNDS 14
#define AES_BLOCKSIZE 16
#define AES_IV_SIZE 16
typedef struct aes_key_st
{
uint16_t rounds;
uint16_t key_size;
uint32_t ks[(AES_MAXROUNDS+1)*8];
uint8_t iv[AES_IV_SIZE];
} AES_CTX;
typedef enum
{
AES_MODE_128,
AES_MODE_256
} AES_MODE;
void AES_set_key(AES_CTX *ctx, const uint8_t *key,
const uint8_t *iv, AES_MODE mode);
void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
uint8_t *out, int length);
void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
void AES_convert_key(AES_CTX *ctx);
/**************************************************************************
* RC4 declarations
**************************************************************************/
typedef struct
{
uint8_t x, y, m[256];
} RC4_CTX;
void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
/**************************************************************************
* SHA1 declarations
**************************************************************************/
#define SHA1_SIZE 20
/*
* This structure will hold context information for the SHA-1
* hashing operation
*/
typedef struct
{
uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
uint32_t Length_Low; /* Message length in bits */
uint32_t Length_High; /* Message length in bits */
uint16_t Message_Block_Index; /* Index into message block array */
uint8_t Message_Block[64]; /* 512-bit message blocks */
} SHA1_CTX;
void SHA1_Init(SHA1_CTX *);
void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
void SHA1_Final(uint8_t *digest, SHA1_CTX *);
/**************************************************************************
* MD5 declarations
**************************************************************************/
/* MD5 context. */
#define MD5_SIZE 16
typedef struct
{
uint32_t state[4]; /* state (ABCD) */
uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
uint8_t buffer[64]; /* input buffer */
} MD5_CTX;
EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
/**************************************************************************
* HMAC declarations
**************************************************************************/
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif

32
ssl/hmac.c → crypto/hmac.c
View File

@ -45,14 +45,14 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
k_opad[i] ^= 0x5c; k_opad[i] ^= 0x5c;
} }
MD5Init(&context); MD5_Init(&context);
MD5Update(&context, k_ipad, 64); MD5_Update(&context, k_ipad, 64);
MD5Update(&context, msg, length); MD5_Update(&context, msg, length);
MD5Final(&context, digest); MD5_Final(digest, &context);
MD5Init(&context); MD5_Init(&context);
MD5Update(&context, k_opad, 64); MD5_Update(&context, k_opad, 64);
MD5Update(&context, digest, MD5_SIZE); MD5_Update(&context, digest, MD5_SIZE);
MD5Final(&context, digest); MD5_Final(digest, &context);
} }
/** /**
@ -77,12 +77,12 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
k_opad[i] ^= 0x5c; k_opad[i] ^= 0x5c;
} }
SHA1Init(&context); SHA1_Init(&context);
SHA1Update(&context, k_ipad, 64); SHA1_Update(&context, k_ipad, 64);
SHA1Update(&context, msg, length); SHA1_Update(&context, msg, length);
SHA1Final(&context, digest); SHA1_Final(digest, &context);
SHA1Init(&context); SHA1_Init(&context);
SHA1Update(&context, k_opad, 64); SHA1_Update(&context, k_opad, 64);
SHA1Update(&context, digest, SHA1_SIZE); SHA1_Update(&context, digest, SHA1_SIZE);
SHA1Final(&context, digest); SHA1_Final(digest, &context);
} }

10
ssl/md5.c → crypto/md5.c
View File

@ -90,7 +90,7 @@ static const uint8_t PADDING[64] =
/** /**
* MD5 initialization - begins an MD5 operation, writing a new ctx. * MD5 initialization - begins an MD5 operation, writing a new ctx.
*/ */
EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx) EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx)
{ {
ctx->count[0] = ctx->count[1] = 0; ctx->count[0] = ctx->count[1] = 0;
@ -105,7 +105,7 @@ EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
/** /**
* Accepts an array of octets as the next portion of the message. * Accepts an array of octets as the next portion of the message.
*/ */
EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len) EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len)
{ {
uint32_t x; uint32_t x;
int i, partLen; int i, partLen;
@ -141,7 +141,7 @@ EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
/** /**
* Return the 128-bit message digest into the user's array * Return the 128-bit message digest into the user's array
*/ */
EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest) EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
{ {
uint8_t bits[8]; uint8_t bits[8];
uint32_t x, padLen; uint32_t x, padLen;
@ -153,10 +153,10 @@ EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
*/ */
x = (uint32_t)((ctx->count[0] >> 3) & 0x3f); x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
padLen = (x < 56) ? (56 - x) : (120 - x); padLen = (x < 56) ? (56 - x) : (120 - x);
MD5Update(ctx, PADDING, padLen); MD5_Update(ctx, PADDING, padLen);
/* Append length (before padding) */ /* Append length (before padding) */
MD5Update(ctx, bits, 8); MD5_Update(ctx, bits, 8);
/* Store state in digest */ /* Store state in digest */
Encode(digest, ctx->state, MD5_SIZE); Encode(digest, ctx->state, MD5_SIZE);

0
ssl/rc4.c → crypto/rc4.c
View File

6
ssl/sha1.c → crypto/sha1.c
View File

@ -37,7 +37,7 @@ static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
/** /**
* Initialize the SHA1 context * Initialize the SHA1 context
*/ */
void SHA1Init(SHA1_CTX *ctx) void SHA1_Init(SHA1_CTX *ctx)
{ {
ctx->Length_Low = 0; ctx->Length_Low = 0;
ctx->Length_High = 0; ctx->Length_High = 0;
@ -52,7 +52,7 @@ void SHA1Init(SHA1_CTX *ctx)
/** /**
* Accepts an array of octets as the next portion of the message. * Accepts an array of octets as the next portion of the message.
*/ */
void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len) void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
{ {
while (len--) while (len--)
{ {
@ -72,7 +72,7 @@ void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
/** /**
* Return the 160-bit message digest into the user's array * Return the 160-bit message digest into the user's array
*/ */
void SHA1Final(SHA1_CTX *ctx, uint8_t *digest) void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
{ {
int i; int i;

2
docsrc/axTLS.dox
View File

@ -1005,7 +1005,7 @@ INCLUDE_FILE_PATTERNS =
# undefined via #undef or recursively expanded use the := operator # undefined via #undef or recursively expanded use the := operator
# instead of the = operator. # instead of the = operator.
PREDEFINED = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT EXP_FUNC="" STDCALL="" PREDEFINED = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT CONFIG_BIGINT_CRT EXP_FUNC="" STDCALL=""
# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
# this tag can be used to specify a list of macro names that should be expanded. # this tag can be used to specify a list of macro names that should be expanded.

2
httpd/Makefile
View File

@ -37,7 +37,7 @@ else
LIBS=-L../$(STAGE) -laxtls LIBS=-L../$(STAGE) -laxtls
endif endif
CFLAGS += -I../ssl AXTLS_HOME=..
ifdef CONFIG_HTTP_BUILD_LUA ifdef CONFIG_HTTP_BUILD_LUA
lua: kepler-1.1 lua: kepler-1.1

8
httpd/htpasswd.c
View File

@ -112,10 +112,10 @@ int main(int argc, char *argv[])
RNG_terminate(); RNG_terminate();
base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt)); base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
MD5Init(&ctx); MD5_Init(&ctx);
MD5Update(&ctx, md5_salt, MD5_SIZE); MD5_Update(&ctx, md5_salt, MD5_SIZE);
MD5Update(&ctx, (uint8_t *)pw, strlen(pw)); MD5_Update(&ctx, (uint8_t *)pw, strlen(pw));
MD5Final(&ctx, md5_pass); MD5_Final(md5_pass, &ctx);
base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass)); base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass));
printf("Add the following to your '.htpasswd' file\n"); printf("Add the following to your '.htpasswd' file\n");

8
httpd/proc.c
View File

@ -903,10 +903,10 @@ static int check_digest(char *salt, const char *msg_passwd)
return -1; return -1;
/* very simple MD5 crypt algorithm, but then the salt we use is large */ /* very simple MD5 crypt algorithm, but then the salt we use is large */
MD5Init(&ctx); MD5_Init(&ctx);
MD5Update(&ctx, b256_salt, salt_size); /* process the salt */ MD5_Update(&ctx, b256_salt, salt_size); /* process the salt */
MD5Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd)); MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd));
MD5Final(&ctx, md5_result); MD5_Final(md5_result, &ctx);
return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */ return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
} }

2
samples/c/Makefile
View File

@ -30,7 +30,7 @@ TARGET=../../$(STAGE)/axssl
endif # cygwin endif # cygwin
LIBS=../../$(STAGE) LIBS=../../$(STAGE)
CFLAGS += -I../../ssl -I../../config CFLAGS += -I../../crypto -I../../ssl -I../../config
else else
TARGET=../../$(STAGE)/axssl.exe TARGET=../../$(STAGE)/axssl.exe
CFLAGS += /I"..\..\ssl" /I"..\..\config" CFLAGS += /I"..\..\ssl" /I"..\..\config"

8
samples/c/axssl.c
View File

@ -607,7 +607,8 @@ static void do_client(int argc, char *argv[])
{ {
while (reconnect--) while (reconnect--)
{ {
ssl = ssl_client_new(ssl_ctx, client_fd, session_id); ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
sizeof(session_id));
if ((res = ssl_handshake_status(ssl)) != SSL_OK) if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{ {
if (!quiet) if (!quiet)
@ -635,7 +636,7 @@ static void do_client(int argc, char *argv[])
} }
else else
{ {
ssl = ssl_client_new(ssl_ctx, client_fd, NULL); ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0);
} }
/* check the return status */ /* check the return status */
@ -854,9 +855,10 @@ static void display_session_id(SSL *ssl)
{ {
int i; int i;
const uint8_t *session_id = ssl_get_session_id(ssl); const uint8_t *session_id = ssl_get_session_id(ssl);
int sess_id_size = ssl_get_session_id_size(ssl);
printf("-----BEGIN SSL SESSION PARAMETERS-----\n"); printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
for (i = 0; i < SSL_SESSION_ID_SIZE; i++) for (i = 0; i < sess_id_size; i++)
{ {
printf("%02x", session_id[i]); printf("%02x", session_id[i]);
} }

3
samples/csharp/axssl.cs
View File

@ -508,7 +508,8 @@ public class axssl
{ {
while (reconnect-- > 0) while (reconnect-- > 0)
{ {
ssl = ssl_ctx.Connect(client_sock, session_id); ssl = ssl_ctx.Connect(client_sock, session_id,
axtls.SSL_SESSION_ID_SIZE);
if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK) if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
{ {

7
samples/lua/axssl.lua
View File

@ -429,10 +429,12 @@ function do_client(build_mode)
-- Try session resumption? -- Try session resumption?
if reconnect ~= 0 then if reconnect ~= 0 then
local session_id = nil local session_id = nil
local sess_id_size = 0
while reconnect > 0 do while reconnect > 0 do
reconnect = reconnect - 1 reconnect = reconnect - 1
ssl = axtlsl.ssl_client_new(ssl_ctx, ssl = axtlsl.ssl_client_new(ssl_ctx,
client_sock:getfd(), session_id) client_sock:getfd(), session_id, sess_id_size)
res = axtlsl.ssl_handshake_status(ssl) res = axtlsl.ssl_handshake_status(ssl)
if res ~= axtlsl.SSL_OK then if res ~= axtlsl.SSL_OK then
@ -443,6 +445,7 @@ function do_client(build_mode)
display_session_id(ssl) display_session_id(ssl)
session_id = axtlsl.ssl_get_session_id(ssl) session_id = axtlsl.ssl_get_session_id(ssl)
sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
if reconnect > 0 then if reconnect > 0 then
axtlsl.ssl_free(ssl) axtlsl.ssl_free(ssl)
@ -452,7 +455,7 @@ function do_client(build_mode)
end end
else else
ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil) ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
end end
-- check the return status -- check the return status

7
samples/perl/axssl.pl
View File

@ -411,9 +411,12 @@ sub do_client
if ($reconnect) if ($reconnect)
{ {
my $session_id = undef; my $session_id = undef;
my $sess_id_size = 0;
while ($reconnect--) while ($reconnect--)
{ {
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, $session_id); $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock,
$session_id, $sess_id_size);
$res = axtlsp::ssl_handshake_status($ssl); $res = axtlsp::ssl_handshake_status($ssl);
if ($res != $axtlsp::SSL_OK) if ($res != $axtlsp::SSL_OK)
@ -439,7 +442,7 @@ sub do_client
} }
else else
{ {
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef); $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
} }
# check the return status # check the return status

13
ssl/Makefile
View File

@ -48,20 +48,23 @@ endif
libs: $(TARGET1) $(TARGET2) libs: $(TARGET1) $(TARGET2)
AXTLS_HOME=..
OBJ=\ OBJ=\
aes.o \ ../crypto/aes.o \
asn1.o \ asn1.o \
x509.o \
bigint.o \ bigint.o \
crypto_misc.o \ crypto_misc.o \
hmac.o \ ../crypto/hmac.o \
os_port.o \ os_port.o \
loader.o \ loader.o \
md5.o \ ../crypto/md5.o \
openssl.o \ openssl.o \
p12.o \ p12.o \
rsa.o \ rsa.o \
rc4.o \ ../crypto/rc4.o \
sha1.o \ ../crypto/sha1.o \
tls1.o \ tls1.o \
tls1_svr.o \ tls1_svr.o \
tls1_clnt.o tls1_clnt.o

425
ssl/asn1.c
View File

@ -19,22 +19,19 @@
/** /**
* @file asn1.c * @file asn1.c
* *
* Some primitive asn methods for extraction rsa modulus information. It also * Some primitive asn methods for extraction ASN.1 data.
* is used for retrieving information from X.509 certificates.
*/ */
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
#include "os_port.h"
#include "crypto.h" #include "crypto.h"
#include "crypto_misc.h"
#define SIG_OID_PREFIX_SIZE 8 #define SIG_OID_PREFIX_SIZE 8
#define SIG_TYPE_MD2 0x02
#define SIG_TYPE_MD5 0x04
#define SIG_TYPE_SHA1 0x05
/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */ /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
{ {
@ -44,7 +41,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
/* CN, O, OU */ /* CN, O, OU */
static const uint8_t g_dn_types[] = { 3, 10, 11 }; static const uint8_t g_dn_types[] = { 3, 10, 11 };
static int get_asn1_length(const uint8_t *buf, int *offset) int get_asn1_length(const uint8_t *buf, int *offset)
{ {
int len, i; int len, i;
@ -209,7 +206,7 @@ end_utc_time:
/** /**
* Get the version type of a certificate (which we don't actually care about) * Get the version type of a certificate (which we don't actually care about)
*/ */
static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{ {
int ret = X509_NOT_OK; int ret = X509_NOT_OK;
@ -225,7 +222,7 @@ end_version:
/** /**
* Retrieve the notbefore and notafter certificate times. * Retrieve the notbefore and notafter certificate times.
*/ */
static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{ {
return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 || return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
asn1_get_utc_time(cert, offset, &x509_ctx->not_before) || asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
@ -281,7 +278,7 @@ end_pnt_str:
/** /**
* Get the subject name (or the issuer) of a certificate. * Get the subject name (or the issuer) of a certificate.
*/ */
static int asn1_name(const uint8_t *cert, int *offset, char *dn[]) int asn1_name(const uint8_t *cert, int *offset, char *dn[])
{ {
int ret = X509_NOT_OK; int ret = X509_NOT_OK;
int dn_type; int dn_type;
@ -332,7 +329,7 @@ end_name:
/** /**
* Read the modulus and public exponent of a certificate. * Read the modulus and public exponent of a certificate.
*/ */
static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{ {
int ret = X509_NOT_OK, mod_len, pub_len; int ret = X509_NOT_OK, mod_len, pub_len;
uint8_t *modulus, *pub_exp; uint8_t *modulus, *pub_exp;
@ -364,7 +361,7 @@ end_pub_key:
/** /**
* Read the signature of the certificate. * Read the signature of the certificate.
*/ */
static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{ {
int ret = X509_NOT_OK; int ret = X509_NOT_OK;
@ -417,7 +414,7 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
* Compare 2 distinguished names for equality * Compare 2 distinguished names for equality
* @return 0 if a match * @return 0 if a match
*/ */
static int asn1_compare_dn(char * const dn1[], char * const dn2[]) int asn1_compare_dn(char * const dn1[], char * const dn2[])
{ {
int i; int i;
@ -432,34 +429,13 @@ static int asn1_compare_dn(char * const dn1[], char * const dn2[])
return 0; /* all good */ return 0; /* all good */
} }
/**
* Retrieve the signature from a certificate.
*/
const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
{
int offset = 0;
const uint8_t *ptr = NULL;
if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
goto end_get_sig;
if (asn1_sig[offset++] != ASN1_OCTET_STRING)
goto end_get_sig;
*len = get_asn1_length(asn1_sig, &offset);
ptr = &asn1_sig[offset]; /* all ok */
end_get_sig:
return ptr;
}
#endif #endif
/** /**
* Read the signature type of the certificate. We only support RSA-MD5 and * Read the signature type of the certificate. We only support RSA-MD5 and
* RSA-SHA1 signature types. * RSA-SHA1 signature types.
*/ */
static int asn1_signature_type(const uint8_t *cert, int asn1_signature_type(const uint8_t *cert,
int *offset, X509_CTX *x509_ctx) int *offset, X509_CTX *x509_ctx)
{ {
int ret = X509_NOT_OK, len; int ret = X509_NOT_OK, len;
@ -482,382 +458,3 @@ end_check_sig:
return ret; return ret;
} }
/**
* Construct a new x509 object.
* @return 0 if ok. < 0 if there was a problem.
*/
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
{
int begin_tbs, end_tbs;
int ret = X509_NOT_OK, offset = 0, cert_size = 0;
X509_CTX *x509_ctx;
BI_CTX *bi_ctx;
*ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
x509_ctx = *ctx;
/* get the certificate size */
asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE);
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert;
begin_tbs = offset; /* start of the tbs */
end_tbs = begin_tbs; /* work out the end of the tbs */
asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert;
if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */
{
if (asn1_version(cert, &offset, x509_ctx))
goto end_cert;
}
if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert;
/* make sure the signature is ok */
if (asn1_signature_type(cert, &offset, x509_ctx))
{
ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
goto end_cert;
}
if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) ||
asn1_validity(cert, &offset, x509_ctx) ||
asn1_name(cert, &offset, x509_ctx->cert_dn) ||
asn1_public_key(cert, &offset, x509_ctx))
goto end_cert;
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
/* use the appropriate signature algorithm (either SHA1 or MD5) */
if (x509_ctx->sig_type == SIG_TYPE_MD5)
{
MD5_CTX md5_ctx;
uint8_t md5_dgst[MD5_SIZE];
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
MD5Final(&md5_ctx, md5_dgst);
x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
}
else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
{
SHA1_CTX sha_ctx;
uint8_t sha_dgst[SHA1_SIZE];
SHA1Init(&sha_ctx);
SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA1Final(&sha_ctx, sha_dgst);
x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
}
offset = end_tbs; /* skip the v3 data */
if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
asn1_signature(cert, &offset, x509_ctx))
goto end_cert;
#endif
if (len)
{
*len = cert_size;
}
ret = X509_OK;
end_cert:
#ifdef CONFIG_SSL_FULL_MODE
if (ret)
{
printf("Error: Invalid X509 ASN.1 file\n");
}
#endif
return ret;
}
/**
* Free an X.509 object's resources.
*/
void x509_free(X509_CTX *x509_ctx)
{
X509_CTX *next;
int i;
if (x509_ctx == NULL) /* if already null, then don't bother */
return;
for (i = 0; i < X509_NUM_DN_TYPES; i++)
{
free(x509_ctx->ca_cert_dn[i]);
free(x509_ctx->cert_dn[i]);
}
free(x509_ctx->signature);
#ifdef CONFIG_SSL_CERT_VERIFICATION
if (x509_ctx->digest)
{
bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
}
#endif
RSA_free(x509_ctx->rsa_ctx);
next = x509_ctx->next;
free(x509_ctx);
x509_free(next); /* clear the chain */
}
#ifdef CONFIG_SSL_CERT_VERIFICATION
/**
* Do some basic checks on the certificate chain.
*
* Certificate verification consists of a number of checks:
* - A root certificate exists in the certificate store.
* - The date of the certificate is after the start date.
* - The date of the certificate is before the finish date.
* - The certificate chain is valid.
* - That the certificate(s) are not self-signed.
* - The signature of the certificate is valid.
*/
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
{
int ret = X509_OK, i = 0;
bigint *cert_sig;
X509_CTX *next_cert = NULL;
BI_CTX *ctx;
bigint *mod, *expn;
struct timeval tv;
int match_ca_cert = 0;
if (cert == NULL || ca_cert_ctx == NULL)
{
ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
goto end_verify;
}
/* last cert in the chain - look for a trusted cert */
if (cert->next == NULL)
{
while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
{
if (asn1_compare_dn(cert->ca_cert_dn,
ca_cert_ctx->cert[i]->cert_dn) == 0)
{
match_ca_cert = 1;
break;
}
i++;
}
if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
{
next_cert = ca_cert_ctx->cert[i];
}
else /* trusted cert not found */
{
ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
goto end_verify;
}
}
else
{
next_cert = cert->next;
}
gettimeofday(&tv, NULL);
/* check the not before date */
if (tv.tv_sec < cert->not_before)
{
ret = X509_VFY_ERROR_NOT_YET_VALID;
goto end_verify;
}
/* check the not after date */
if (tv.tv_sec > cert->not_after)
{
ret = X509_VFY_ERROR_EXPIRED;
goto end_verify;
}
/* check the chain integrity */
if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
{
ret = X509_VFY_ERROR_INVALID_CHAIN;
goto end_verify;
}
/* check for self-signing */
if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
{
ret = X509_VFY_ERROR_SELF_SIGNED;
goto end_verify;
}
/* check the signature */
ctx = cert->rsa_ctx->bi_ctx;
mod = next_cert->rsa_ctx->m;
expn = next_cert->rsa_ctx->e;
cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len,
bi_clone(ctx, mod), bi_clone(ctx, expn));
if (cert_sig)
{
ret = cert->digest ? /* check the signature */
bi_compare(cert_sig, cert->digest) :
X509_VFY_ERROR_UNSUPPORTED_DIGEST;
bi_free(ctx, cert_sig);
if (ret)
goto end_verify;
}
else
{
ret = X509_VFY_ERROR_BAD_SIGNATURE;
goto end_verify;
}
/* go down the certificate chain using recursion. */
if (ret == 0 && cert->next)
{
ret = x509_verify(ca_cert_ctx, next_cert);
}
end_verify:
return ret;
}
#endif
#if defined (CONFIG_SSL_FULL_MODE)
/**
* Used for diagnostics.
*/
void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
{
if (cert == NULL)
return;
printf("---------------- CERT DEBUG ----------------\n");
printf("* CA Cert Distinguished Name\n");
if (cert->ca_cert_dn[X509_COMMON_NAME])
{
printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
}
if (cert->ca_cert_dn[X509_ORGANIZATION])
{
printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
}
if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
{
printf("Organizational Unit (OU): %s\n",
cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
}
printf("* Cert Distinguished Name\n");
if (cert->cert_dn[X509_COMMON_NAME])
{
printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
}
if (cert->cert_dn[X509_ORGANIZATION])
{
printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
}
if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
{
printf("Organizational Unit (OU): %s\n",
cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
}
printf("Not Before:\t\t%s", ctime(&cert->not_before));
printf("Not After:\t\t%s", ctime(&cert->not_after));
printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
printf("Sig Type:\t\t");
switch (cert->sig_type)
{
case SIG_TYPE_MD5:
printf("MD5\n");
break;
case SIG_TYPE_SHA1:
printf("SHA1\n");
break;
case SIG_TYPE_MD2:
printf("MD2\n");
break;
default:
printf("Unrecognized: %d\n", cert->sig_type);
break;
}
printf("Verify:\t\t\t");
if (ca_cert_ctx)
{
x509_display_error(x509_verify(ca_cert_ctx, cert));
}
printf("\n");
#if 0
print_blob("Signature", cert->signature, cert->sig_len);
bi_print("Modulus", cert->rsa_ctx->m);
bi_print("Pub Exp", cert->rsa_ctx->e);
#endif
if (ca_cert_ctx)
{
x509_print(ca_cert_ctx, cert->next);
}
}
void x509_display_error(int error)
{
switch (error)
{
case X509_NOT_OK:
printf("X509 not ok");
break;
case X509_VFY_ERROR_NO_TRUSTED_CERT:
printf("No trusted cert is available");
break;
case X509_VFY_ERROR_BAD_SIGNATURE:
printf("Bad signature");
break;
case X509_VFY_ERROR_NOT_YET_VALID:
printf("Cert is not yet valid");
break;
case X509_VFY_ERROR_EXPIRED:
printf("Cert has expired");
break;
case X509_VFY_ERROR_SELF_SIGNED:
printf("Cert is self-signed");
break;
case X509_VFY_ERROR_INVALID_CHAIN:
printf("Chain is invalid (check order of certs)");
break;
case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
printf("Unsupported digest");
break;
case X509_INVALID_PRIV_KEY:
printf("Invalid private key");
break;
}
}
#endif /* CONFIG_SSL_FULL_MODE */

44
ssl/bigint.c
View File

@ -54,7 +54,6 @@
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include "bigint.h" #include "bigint.h"
#include "crypto.h"
static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i); static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom); static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
@ -1366,6 +1365,7 @@ static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
* @param ctx [in] The bigint session context. * @param ctx [in] The bigint session context.
* @param bi [in] The bigint on which to perform the mod power operation. * @param bi [in] The bigint on which to perform the mod power operation.
* @param biexp [in] The bigint exponent. * @param biexp [in] The bigint exponent.
* @return The result of the mod exponentiation operation
* @see bi_set_mod(). * @see bi_set_mod().
*/ */
bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp) bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
@ -1467,6 +1467,7 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
* @param bi [in] The bigint to perform the exp/mod. * @param bi [in] The bigint to perform the exp/mod.
* @param bim [in] The temporary modulus. * @param bim [in] The temporary modulus.
* @param biexp [in] The bigint exponent. * @param biexp [in] The bigint exponent.
* @return The result of the mod exponentiation operation
* @see bi_set_mod(). * @see bi_set_mod().
*/ */
bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp) bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
@ -1493,4 +1494,45 @@ bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
return biR; return biR;
} }
#endif #endif
#ifdef CONFIG_BIGINT_CRT
/**
* @Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
*
* @param ctx [in] The bigint session context.
* @param bi [in] The bigint to perform the exp/mod.
* @param dP [in] CRT's dP bigint
* @param dQ [in] CRT's dQ bigint
* @param p [in] CRT's p bigint
* @param q [in] CRT's q bigint
* @param qInv [in] CRT's qInv bigint
* @return The result of the CRT operation
*/
bigint *bi_crt(BI_CTX *ctx, bigint *bi,
bigint *dP, bigint *dQ,
bigint *p, bigint *q, bigint *qInv)
{
bigint *m1, *m2, *h;
/* Montgomery has a condition the 0 < x, y < m and these products violate
* that condition. So disable Montgomery when using CRT */
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 1;
#endif
ctx->mod_offset = BIGINT_P_OFFSET;
m1 = bi_mod_power(ctx, bi_copy(bi), dP);
ctx->mod_offset = BIGINT_Q_OFFSET;
m2 = bi_mod_power(ctx, bi, dQ);
h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL);
h = bi_multiply(ctx, h, qInv);
ctx->mod_offset = BIGINT_P_OFFSET;
h = bi_residue(ctx, h);
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 0; /* reset for any further operation */
#endif
return bi_add(ctx, m2, bi_multiply(ctx, q, h));
}
#endif
/** @} */ /** @} */

7
ssl/bigint.h
View File

@ -90,4 +90,11 @@ bigint *bi_square(BI_CTX *ctx, bigint *bi);
#define bi_square(A, B) bi_multiply(A, bi_copy(B), B) #define bi_square(A, B) bi_multiply(A, bi_copy(B), B)
#endif #endif
#ifdef CONFIG_BIGINT_CRT
bigint *bi_crt(BI_CTX *ctx, bigint *bi,
bigint *dP, bigint *dQ,
bigint *p, bigint *q,
bigint *qInv);
#endif
#endif #endif

285
ssl/crypto.h
View File

@ -1,285 +0,0 @@
/*
* Copyright(C) 2006 Cameron Rich
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file crypto.h
*/
#ifndef HEADER_CRYPTO_H
#define HEADER_CRYPTO_H
#ifdef __cplusplus
extern "C" {
#endif
#include "bigint.h"
/**************************************************************************
* AES declarations
**************************************************************************/
#define AES_MAXROUNDS 14
#define AES_BLOCKSIZE 16
#define AES_IV_SIZE 16
typedef struct aes_key_st
{
uint16_t rounds;
uint16_t key_size;
uint32_t ks[(AES_MAXROUNDS+1)*8];
uint8_t iv[AES_IV_SIZE];
} AES_CTX;
typedef enum
{
AES_MODE_128,
AES_MODE_256
} AES_MODE;
void AES_set_key(AES_CTX *ctx, const uint8_t *key,
const uint8_t *iv, AES_MODE mode);
void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
uint8_t *out, int length);
void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
void AES_convert_key(AES_CTX *ctx);
/**************************************************************************
* RC4 declarations
**************************************************************************/
typedef struct
{
uint8_t x, y, m[256];
} RC4_CTX;
void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
/**************************************************************************
* SHA1 declarations
**************************************************************************/
#define SHA1_SIZE 20
/*
* This structure will hold context information for the SHA-1
* hashing operation
*/
typedef struct
{
uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
uint32_t Length_Low; /* Message length in bits */
uint32_t Length_High; /* Message length in bits */
uint16_t Message_Block_Index; /* Index into message block array */
uint8_t Message_Block[64]; /* 512-bit message blocks */
} SHA1_CTX;
void SHA1Init(SHA1_CTX *);
void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
void SHA1Final(SHA1_CTX *, uint8_t *digest);
/**************************************************************************
* MD5 declarations
**************************************************************************/
/* MD5 context. */
#define MD5_SIZE 16
typedef struct
{
uint32_t state[4]; /* state (ABCD) */
uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
uint8_t buffer[64]; /* input buffer */
} MD5_CTX;
EXP_FUNC void STDCALL MD5Init(MD5_CTX *);
EXP_FUNC void STDCALL MD5Update(MD5_CTX *, const uint8_t *msg, int len);
EXP_FUNC void STDCALL MD5Final(MD5_CTX *, uint8_t *digest);
/**************************************************************************
* HMAC declarations
**************************************************************************/
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
/**************************************************************************
* RNG declarations
**************************************************************************/
EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
EXP_FUNC void STDCALL RNG_terminate(void);
EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
/**************************************************************************
* RSA declarations
**************************************************************************/
typedef struct
{
bigint *m; /* modulus */
bigint *e; /* public exponent */
bigint *d; /* private exponent */
#ifdef CONFIG_BIGINT_CRT
bigint *p; /* p as in m = pq */
bigint *q; /* q as in m = pq */
bigint *dP; /* d mod (p-1) */
bigint *dQ; /* d mod (q-1) */
bigint *qInv; /* q^-1 mod p */
#endif
int num_octets;
BI_CTX *bi_ctx;
} RSA_CTX;
void RSA_priv_key_new(RSA_CTX **rsa_ctx,
const uint8_t *modulus, int mod_len,
const uint8_t *pub_exp, int pub_len,
const uint8_t *priv_exp, int priv_len
#ifdef CONFIG_BIGINT_CRT
, const uint8_t *p, int p_len,
const uint8_t *q, int q_len,
const uint8_t *dP, int dP_len,
const uint8_t *dQ, int dQ_len,
const uint8_t *qInv, int qInv_len
#endif
);
void RSA_pub_key_new(RSA_CTX **rsa_ctx,
const uint8_t *modulus, int mod_len,
const uint8_t *pub_exp, int pub_len);
void RSA_free(RSA_CTX *ctx);
int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
int is_decryption);
bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
#ifdef CONFIG_SSL_CERT_VERIFICATION
bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
bigint *modulus, bigint *pub_exp);
bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
uint8_t *out_data, int is_signing);
void RSA_print(const RSA_CTX *ctx);
#endif
/**************************************************************************
* ASN1 declarations
**************************************************************************/
#define X509_OK 0
#define X509_NOT_OK -1
#define X509_VFY_ERROR_NO_TRUSTED_CERT -2
#define X509_VFY_ERROR_BAD_SIGNATURE -3
#define X509_VFY_ERROR_NOT_YET_VALID -4
#define X509_VFY_ERROR_EXPIRED -5
#define X509_VFY_ERROR_SELF_SIGNED -6
#define X509_VFY_ERROR_INVALID_CHAIN -7
#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
#define X509_INVALID_PRIV_KEY -9
/*
* The Distinguished Name
*/
#define X509_NUM_DN_TYPES 3
#define X509_COMMON_NAME 0
#define X509_ORGANIZATION 1
#define X509_ORGANIZATIONAL_TYPE 2
#define ASN1_INTEGER 0x02
#define ASN1_BIT_STRING 0x03
#define ASN1_OCTET_STRING 0x04
#define ASN1_NULL 0x05
#define ASN1_OID 0x06
#define ASN1_PRINTABLE_STR 0x13
#define ASN1_TELETEX_STR 0x14
#define ASN1_IA5_STR 0x16
#define ASN1_UTC_TIME 0x17
#define ASN1_SEQUENCE 0x30
#define ASN1_SET 0x31
#define ASN1_IMPLICIT_TAG 0x80
#define ASN1_EXPLICIT_TAG 0xa0
#define SALT_SIZE 8
struct _x509_ctx
{
char *ca_cert_dn[X509_NUM_DN_TYPES];
char *cert_dn[X509_NUM_DN_TYPES];
#if defined(_WIN32_WCE)
long not_before;
long not_after;
#else
time_t not_before;
time_t not_after;
#endif
uint8_t *signature;
uint16_t sig_len;
uint8_t sig_type;
RSA_CTX *rsa_ctx;
bigint *digest;
struct _x509_ctx *next;
};
typedef struct _x509_ctx X509_CTX;
#ifdef CONFIG_SSL_CERT_VERIFICATION
typedef struct
{
X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
} CA_CERT_CTX;
#endif
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
void x509_free(X509_CTX *x509_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
#endif
#ifdef CONFIG_SSL_FULL_MODE
void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
void x509_display_error(int error);
#endif
/**************************************************************************
* MISC declarations
**************************************************************************/
extern const char * const unsupported_str;
typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
int get_file(const char *filename, uint8_t **buf);
#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
#else
#define print_blob(...)
#endif
EXP_FUNC int STDCALL base64_decode(const char *in, int len,
uint8_t *out, int *outlen);
#ifdef __cplusplus
}
#endif
#endif

2
ssl/crypto_misc.c
View File

@ -24,7 +24,7 @@
#include <string.h> #include <string.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <stdio.h>
#include "crypto.h" #include "crypto_misc.h"
#ifdef CONFIG_WIN32_USE_CRYPTO_LIB #ifdef CONFIG_WIN32_USE_CRYPTO_LIB
#include "wincrypt.h" #include "wincrypt.h"
#endif #endif

18
ssl/loader.c
View File

@ -250,18 +250,18 @@ static int pem_decrypt(const char *where, const char *end,
goto error; goto error;
/* work out the key */ /* work out the key */
MD5Init(&md5_ctx); MD5_Init(&md5_ctx);
MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password)); MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
MD5Update(&md5_ctx, iv, SALT_SIZE); MD5_Update(&md5_ctx, iv, SALT_SIZE);
MD5Final(&md5_ctx, key); MD5_Final(key, &md5_ctx);
if (is_aes_256) if (is_aes_256)
{ {
MD5Init(&md5_ctx); MD5_Init(&md5_ctx);
MD5Update(&md5_ctx, key, MD5_SIZE); MD5_Update(&md5_ctx, key, MD5_SIZE);
MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password)); MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
MD5Update(&md5_ctx, iv, SALT_SIZE); MD5_Update(&md5_ctx, iv, SALT_SIZE);
MD5Final(&md5_ctx, &key[MD5_SIZE]); MD5_Final(&key[MD5_SIZE], &md5_ctx);
} }
/* decrypt using the key/iv */ /* decrypt using the key/iv */

14
ssl/p12.c
View File

@ -190,16 +190,16 @@ static int p8_decrypt(const char *uni_pass, int uni_pass_len,
} }
/* get the key - no IV since we are using RC4 */ /* get the key - no IV since we are using RC4 */
SHA1Init(&sha_ctx); SHA1_Init(&sha_ctx);
SHA1Update(&sha_ctx, d, sizeof(d)); SHA1_Update(&sha_ctx, d, sizeof(d));
SHA1Update(&sha_ctx, p, sizeof(p)); SHA1_Update(&sha_ctx, p, sizeof(p));
SHA1Final(&sha_ctx, Ai); SHA1_Final(Ai, &sha_ctx);
for (i = 1; i < iter; i++) for (i = 1; i < iter; i++)
{ {
SHA1Init(&sha_ctx); SHA1_Init(&sha_ctx);
SHA1Update(&sha_ctx, Ai, SHA1_SIZE); SHA1_Update(&sha_ctx, Ai, SHA1_SIZE);
SHA1Final(&sha_ctx, Ai); SHA1_Final(Ai, &sha_ctx);
} }
/* do the decryption */ /* do the decryption */

42
ssl/rsa.c
View File

@ -25,11 +25,7 @@
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
#include <stdlib.h> #include <stdlib.h>
#include "crypto.h" #include "crypto_misc.h"
#ifdef CONFIG_BIGINT_CRT
static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi);
#endif
void RSA_priv_key_new(RSA_CTX **ctx, void RSA_priv_key_new(RSA_CTX **ctx,
const uint8_t *modulus, int mod_len, const uint8_t *modulus, int mod_len,
@ -180,7 +176,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg) bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
{ {
#ifdef CONFIG_BIGINT_CRT #ifdef CONFIG_BIGINT_CRT
return bi_crt(c, bi_msg); return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
#else #else
BI_CTX *ctx = c->bi_ctx; BI_CTX *ctx = c->bi_ctx;
ctx->mod_offset = BIGINT_M_OFFSET; ctx->mod_offset = BIGINT_M_OFFSET;
@ -188,39 +184,6 @@ bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
#endif #endif
} }
#ifdef CONFIG_BIGINT_CRT
/**
* Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
* This should really be in bigint.c (and was at one stage), but needs
* access to the RSA_CTX context...
*/
static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi)
{
BI_CTX *ctx = rsa->bi_ctx;
bigint *m1, *m2, *h;
/* Montgomery has a condition the 0 < x, y < m and these products violate
* that condition. So disable Montgomery when using CRT */
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 1;
#endif
ctx->mod_offset = BIGINT_P_OFFSET;
m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP);
ctx->mod_offset = BIGINT_Q_OFFSET;
m2 = bi_mod_power(ctx, bi, rsa->dQ);
h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL);
h = bi_multiply(ctx, h, rsa->qInv);
ctx->mod_offset = BIGINT_P_OFFSET;
h = bi_residue(ctx, h);
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 0; /* reset for any further operation */
#endif
return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h));
}
#endif
#ifdef CONFIG_SSL_FULL_MODE #ifdef CONFIG_SSL_FULL_MODE
/** /**
* Used for diagnostics. * Used for diagnostics.
@ -294,7 +257,6 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
int i, size; int i, size;
bigint *decrypted_bi, *dat_bi; bigint *decrypted_bi, *dat_bi;
bigint *bir = NULL; bigint *bir = NULL;
block = (uint8_t *)malloc(sig_len); block = (uint8_t *)malloc(sig_len);
/* decrypt */ /* decrypt */

14
ssl/ssl.h
View File

@ -56,7 +56,7 @@ extern "C" {
#endif #endif
#include <time.h> #include <time.h>
#include "crypto.h" //#include "crypto.h"
/* need to predefine before ssl_lib.h gets to it */ /* need to predefine before ssl_lib.h gets to it */
#define SSL_SESSION_ID_SIZE 32 #define SSL_SESSION_ID_SIZE 32
@ -221,10 +221,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
* @param session_id [in] A 32 byte session id for session resumption. This * @param session_id [in] A 32 byte session id for session resumption. This
* can be null if no session resumption is being used or required. This option * can be null if no session resumption is being used or required. This option
* is not used in skeleton mode. * is not used in skeleton mode.
* @param sess_id_size The size of the session id (max 32)
* @return An SSL object reference. Use ssl_handshake_status() to check * @return An SSL object reference. Use ssl_handshake_status() to check
* if a handshake succeeded. * if a handshake succeeded.
*/ */
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id); EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
/** /**
* @brief Free any used resources on this connection. * @brief Free any used resources on this connection.
@ -286,6 +287,15 @@ EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
*/ */
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl); EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
/**
* @brief Get the session id size for a handshake.
*
* This will be 32 for a ssl server and may be something else for a ssl client.
* @param ssl [in] An SSL object reference.
* @return The number of valid bytes in a handshaking sequence
*/
EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
/** /**
* @brief Return the cipher id (in the SSL form). * @brief Return the cipher id (in the SSL form).
* @param ssl [in] An SSL object reference. * @param ssl [in] An SSL object reference.

2
ssl/test/Makefile
View File

@ -33,7 +33,7 @@ ifndef CONFIG_PLATFORM_WIN32
performance: ../../$(STAGE)/perf_bigint performance: ../../$(STAGE)/perf_bigint
ssltesting: ../../$(STAGE)/ssltest ssltesting: ../../$(STAGE)/ssltest
LIBS=../../$(STAGE) LIBS=../../$(STAGE)
CFLAGS += -I../../ssl -I../../config CFLAGS += -I../../ssl -I../../config -I../../crypto
../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a ../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls $(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls

30
ssl/test/ssltest.c
View File

@ -250,9 +250,9 @@ static int SHA1_test(BI_CTX *bi_ctx)
"A9993E364706816ABA3E25717850C26C9CD0D89D"); "A9993E364706816ABA3E25717850C26C9CD0D89D");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
SHA1Init(&ctx); SHA1_Init(&ctx);
SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA1Final(&ctx, digest); SHA1_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct))) if (memcmp(digest, ct, sizeof(ct)))
{ {
@ -268,9 +268,9 @@ static int SHA1_test(BI_CTX *bi_ctx)
"84983E441C3BD26EBAAE4AA1F95129E5E54670F1"); "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
SHA1Init(&ctx); SHA1_Init(&ctx);
SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA1Final(&ctx, digest); SHA1_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct))) if (memcmp(digest, ct, sizeof(ct)))
{ {
@ -304,9 +304,9 @@ static int MD5_test(BI_CTX *bi_ctx)
"900150983CD24FB0D6963F7D28E17F72"); "900150983CD24FB0D6963F7D28E17F72");
bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
MD5Init(&ctx); MD5_Init(&ctx);
MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
MD5Final(&ctx, digest); MD5_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct))) if (memcmp(digest, ct, sizeof(ct)))
{ {
@ -322,9 +322,9 @@ static int MD5_test(BI_CTX *bi_ctx)
bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F"); bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
MD5Init(&ctx); MD5_Init(&ctx);
MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
MD5Final(&ctx, digest); MD5_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct))) if (memcmp(digest, ct, sizeof(ct)))
{ {
@ -1250,7 +1250,7 @@ static int SSL_client_test(
goto client_test_exit; goto client_test_exit;
} }
ssl = ssl_client_new(*ssl_ctx, client_fd, session_id); ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
/* check the return status */ /* check the return status */
if ((ret = ssl_handshake_status(ssl))) if ((ret = ssl_handshake_status(ssl)))
@ -1469,7 +1469,7 @@ static void do_basic(void)
"../ssl/test/axTLS.ca_x509.cer", NULL)) "../ssl/test/axTLS.ca_x509.cer", NULL))
goto error; goto error;
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL); ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
/* check the return status */ /* check the return status */
if (ssl_handshake_status(ssl_clnt)) if (ssl_handshake_status(ssl_clnt))
@ -1588,7 +1588,7 @@ void do_multi_clnt(multi_t *multi_data)
goto client_test_exit; goto client_test_exit;
sleep(1); sleep(1);
ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL); ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
if ((res = ssl_handshake_status(ssl))) if ((res = ssl_handshake_status(ssl)))
{ {

24
ssl/tls1.c
View File

@ -834,14 +834,14 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
q += strlen(label); q += strlen(label);
} }
MD5Init(&md5_ctx); MD5_Init(&md5_ctx);
MD5Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len); MD5_Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
MD5Final(&md5_ctx, q); MD5_Final(q, &md5_ctx);
q += MD5_SIZE; q += MD5_SIZE;
SHA1Init(&sha1_ctx); SHA1_Init(&sha1_ctx);
SHA1Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len); SHA1_Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
SHA1Final(&sha1_ctx, q); SHA1_Final(q, &sha1_ctx);
q += SHA1_SIZE; q += SHA1_SIZE;
if (label) if (label)
@ -1532,8 +1532,8 @@ int send_certificate(SSL *ssl)
* Find if an existing session has the same session id. If so, use the * Find if an existing session has the same session id. If so, use the
* master secret from this session for session resumption. * master secret from this session for session resumption.
*/ */
SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
SSL_SESS *ssl_sessions[], SSL *ssl, const uint8_t *session_id) SSL *ssl, const uint8_t *session_id)
{ {
time_t tm = time(NULL); time_t tm = time(NULL);
time_t oldest_sess_time = tm; time_t oldest_sess_time = tm;
@ -1641,6 +1641,14 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
return ssl->session_id; return ssl->session_id;
} }
/*
* Get the session id size for a handshake.
*/
EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
{
return ssl->sess_id_size;
}
/* /*
* Return the cipher id (in the SSL form). * Return the cipher id (in the SSL form).
*/ */

3
ssl/tls1.h
View File

@ -29,6 +29,8 @@ extern "C" {
#endif #endif
#include "version.h" #include "version.h"
#include "crypto.h"
#include "crypto_misc.h"
/* Mutexing definitions */ /* Mutexing definitions */
#if defined(CONFIG_SSL_CTX_MUTEXING) #if defined(CONFIG_SSL_CTX_MUTEXING)
@ -156,6 +158,7 @@ struct _SSL
uint8_t record_type; uint8_t record_type;
uint8_t chain_length; uint8_t chain_length;
uint8_t cipher; uint8_t cipher;
uint8_t sess_id_size;
int16_t next_state; int16_t next_state;
int16_t hs_status; int16_t hs_status;
uint8_t *all_pkts; uint8_t *all_pkts;

38
ssl/tls1_clnt.c
View File

@ -35,7 +35,8 @@ static int send_cert_verify(SSL *ssl);
/* /*
* Establish a new SSL connection to an SSL server. * Establish a new SSL connection to an SSL server.
*/ */
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id) EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
uint8_t *session_id, uint8_t sess_id_size)
{ {
SSL *ssl; SSL *ssl;
int ret; int ret;
@ -45,7 +46,14 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uin
if (session_id && ssl_ctx->num_sessions) if (session_id && ssl_ctx->num_sessions)
{ {
memcpy(ssl->session_id, session_id, SSL_SESSION_ID_SIZE); if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
{
ssl_free(ssl);
return NULL;
}
memcpy(ssl->session_id, session_id, sess_id_size);
ssl->sess_id_size = sess_id_size;
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */ SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
} }
@ -176,11 +184,11 @@ static int send_client_hello(SSL *ssl)
offset = 6 + SSL_RANDOM_SIZE; offset = 6 + SSL_RANDOM_SIZE;
/* give session resumption a go */ /* give session resumption a go */
if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially bu user */ if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially by user */
{ {
buf[offset++] = SSL_SESSION_ID_SIZE; buf[offset++] = ssl->sess_id_size;
memcpy(&buf[offset], ssl->session_id, SSL_SESSION_ID_SIZE); memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
offset += SSL_SESSION_ID_SIZE; offset += ssl->sess_id_size;
CLR_SSL_FLAG(SSL_SESSION_RESUME); /* clear so we can set later */ CLR_SSL_FLAG(SSL_SESSION_RESUME); /* clear so we can set later */
} }
else else
@ -216,7 +224,7 @@ static int process_server_hello(SSL *ssl)
int offset; int offset;
int version = (buf[4] << 4) + buf[5]; int version = (buf[4] << 4) + buf[5];
int num_sessions = ssl->ssl_ctx->num_sessions; int num_sessions = ssl->ssl_ctx->num_sessions;
uint8_t session_id_length; uint8_t sess_id_size;
int ret = SSL_OK; int ret = SSL_OK;
/* check that we are talking to a TLSv1 server */ /* check that we are talking to a TLSv1 server */
@ -226,17 +234,25 @@ static int process_server_hello(SSL *ssl)
/* get the server random value */ /* get the server random value */
memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE); memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */ offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
session_id_length = buf[offset++]; sess_id_size = buf[offset++];
if (num_sessions) if (num_sessions)
{ {
ssl->session = ssl_session_update(num_sessions, ssl->session = ssl_session_update(num_sessions,
ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]); ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
memcpy(ssl->session->session_id, &buf[offset], session_id_length); memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
/* pad the rest with 0's */
if (sess_id_size < SSL_SESSION_ID_SIZE)
{
memset(&ssl->session->session_id[sess_id_size], 0,
SSL_SESSION_ID_SIZE-sess_id_size);
}
} }
memcpy(ssl->session_id, &buf[offset], session_id_length); memcpy(ssl->session_id, &buf[offset], sess_id_size);
offset += session_id_length; ssl->sess_id_size = sess_id_size;
offset += sess_id_size;
/* get the real cipher we are using */ /* get the real cipher we are using */
ssl->cipher = buf[++offset]; ssl->cipher = buf[++offset];

2
ssl/tls1_svr.c
View File

@ -311,12 +311,14 @@ static int send_server_hello(SSL *ssl)
/* retrieve id from session cache */ /* retrieve id from session cache */
memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE); memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE); memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
ssl->sess_id_size = SSL_SESSION_ID_SIZE;
} }
else /* generate our own session id */ else /* generate our own session id */
#endif #endif
{ {
get_random(SSL_SESSION_ID_SIZE, &buf[offset]); get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE); memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
ssl->sess_id_size = SSL_SESSION_ID_SIZE;
#ifndef CONFIG_SSL_SKELETON_MODE #ifndef CONFIG_SSL_SKELETON_MODE
/* store id in session cache */ /* store id in session cache */

2
www/index.html
View File

File diff suppressed because one or more lines are too long