Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-09 07:59:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Moved all examples programs to use the new entropy and CTR_DRBG

Browse source
This commit is contained in:
Paul Bakker 2011-12-04 17:09:26 +00:00
parent 4dc6457274
commit 508ad5ab6d
15 changed files with 343 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

43
programs/ssl/ssl_client1.c
View file

@ -34,7 +34,8 @@
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/havege.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/error.h"
#define SERVER_PORT 4433
@ -52,17 +53,19 @@ void my_debug( void *ctx, int level, const char *str )
}
}
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C)
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@ -70,7 +73,10 @@ int main( int argc, char *argv[] )
{
int ret, len, server_fd;
unsigned char buf[1024];
havege_state hs;
char *pers = "ssl_client1";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
@ -80,15 +86,27 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
havege_init( &hs );
memset( &ssn, 0, sizeof( ssl_session ) );
memset( &ssl, 0, sizeof( ssl_context ) );
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(unsigned char *) pers, strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 1. Start the connection
*/
printf( "\n . Connecting to tcp/%s/%4d...", SERVER_NAME,
SERVER_PORT );
printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
@ -117,7 +135,7 @@ int main( int argc, char *argv[] )
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
@ -205,5 +223,6 @@ exit:
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C */
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
POLARSSL_CTR_DRBG_C */

42
programs/ssl/ssl_client2.c
View file

@ -35,7 +35,8 @@
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/havege.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
#include "polarssl/x509.h"
#include "polarssl/error.h"
@ -96,17 +97,19 @@ void my_debug( void *ctx, int level, const char *str )
" force_ciphersuite=<name> default: all enabled\n"\
" acceptable ciphersuite names:\n"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C)
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@ -114,7 +117,10 @@ int main( int argc, char *argv[] )
{
int ret = 0, len, server_fd;
unsigned char buf[1024];
havege_state hs;
char *pers = "ssl_client2";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert cacert;
@ -214,12 +220,23 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
havege_init( &hs );
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(unsigned char *) pers, strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 1.1. Load the trusted CA
*/
printf( "\n . Loading the CA root certificate ..." );
printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@ -316,8 +333,6 @@ int main( int argc, char *argv[] )
printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
havege_init( &hs );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
@ -329,7 +344,7 @@ int main( int argc, char *argv[] )
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
@ -478,5 +493,6 @@ exit:
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C */
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
POLARSSL_CTR_DRBG_C */

58
programs/ssl/ssl_fork_server.c
View file

@ -39,7 +39,8 @@
#include "polarssl/config.h"
#include "polarssl/havege.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
#include "polarssl/x509.h"
#include "polarssl/ssl.h"
@ -52,17 +53,18 @@
"<p>Successful connection using: %s</p>\r\n"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C)
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_HAVEGE_C "
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#elif defined(_WIN32)
@ -204,8 +206,10 @@ int main( int argc, char *argv[] )
int listen_fd;
int client_fd;
unsigned char buf[1024];
char *pers = "ssl_fork_server";
havege_state hs;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
@ -216,10 +220,26 @@ int main( int argc, char *argv[] )
signal( SIGCHLD, SIG_IGN );
/*
* 0. Initial seeding of the RNG
*/
printf( "\n . Initial seeding of the random generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(unsigned char *) pers, strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 1. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
printf( " . Loading the server cert. and key..." );
fflush( stdout );
memset( &srvcert, 0, sizeof( x509_cert ) );
@ -308,6 +328,13 @@ int main( int argc, char *argv[] )
if( pid != 0 )
{
if( ( ret = ctr_drbg_reseed( &ctr_drbg,
(unsigned char* ) "parent", 6 ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
close( client_fd );
continue;
}
@ -317,11 +344,16 @@ int main( int argc, char *argv[] )
/*
* 4. Setup stuff
*/
printf( " . Setting up the RNG and SSL data...." );
printf( " . Setting up the SSL data...." );
fflush( stdout );
havege_init( &hs );
if( ( ret = ctr_drbg_reseed( &ctr_drbg,
(unsigned char *) "child", 5 ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
@ -333,7 +365,7 @@ int main( int argc, char *argv[] )
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
@ -466,6 +498,6 @@ exit:
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_HAVEGE_C &&
#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
POLARSSL_RSA_C */
POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */

42
programs/ssl/ssl_mail_client.c
View file

@ -50,7 +50,8 @@
#include "polarssl/error.h"
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/havege.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
#include "polarssl/x509.h"
@ -100,17 +101,19 @@ void my_debug( void *ctx, int level, const char *str )
}
}
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C)
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@ -340,7 +343,10 @@ int main( int argc, char *argv[] )
unsigned char base[1024];
#endif
char hostname[32];
havege_state hs;
char *pers = "ssl_mail_client";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert cacert;
@ -466,12 +472,23 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
havege_init( &hs );
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(unsigned char *) pers, strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 1.1. Load the trusted CA
*/
printf( "\n . Loading the CA root certificate ..." );
printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@ -568,8 +585,6 @@ int main( int argc, char *argv[] )
printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
havege_init( &hs );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
@ -581,7 +596,7 @@ int main( int argc, char *argv[] )
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
@ -799,5 +814,6 @@ exit:
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C */
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C **
POLARSSL_CTR_DRBG_C */

42
programs/ssl/ssl_server.c
View file

@ -37,7 +37,8 @@
#include "polarssl/config.h"
#include "polarssl/havege.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
#include "polarssl/x509.h"
#include "polarssl/ssl.h"
@ -172,17 +173,18 @@ static int my_set_session( ssl_context *ssl )
}
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C)
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_HAVEGE_C "
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@ -192,8 +194,10 @@ int main( int argc, char *argv[] )
int listen_fd;
int client_fd = -1;
unsigned char buf[1024];
char *pers = "ssl_server";
havege_state hs;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
@ -257,12 +261,26 @@ int main( int argc, char *argv[] )
printf( " ok\n" );
/*
* 4. Setup stuff
* 3. Seed the RNG
*/
printf( " . Setting up the RNG and SSL data...." );
printf( " . Seeding the random number generator..." );
fflush( stdout );
havege_init( &hs );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(unsigned char *) pers, strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 4. Setup stuff
*/
printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
@ -273,7 +291,7 @@ int main( int argc, char *argv[] )
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_scb( &ssl, my_get_session,
@ -468,6 +486,6 @@ exit:
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_HAVEGE_C &&
#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
POLARSSL_RSA_C */
POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */