yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Adapt ssl_client2 to restartable EC

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-05-16 08:50:24 +02:00
parent 171a481b96
commit b3c8307960
1 changed files with 35 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
programs/ssl/ssl_client2.c
View file

@ -79,6 +79,7 @@ int main( void )
#define DFL_PSK "" #define DFL_PSK ""
#define DFL_PSK_IDENTITY "Client_identity" #define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL #define DFL_ECJPAKE_PW NULL
#define DFL_EC_MAX_OPS -1
#define DFL_FORCE_CIPHER 0 #define DFL_FORCE_CIPHER 0
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY -2 #define DFL_ALLOW_LEGACY -2
@ -235,6 +236,13 @@ int main( void )
#define USAGE_ECJPAKE "" #define USAGE_ECJPAKE ""
#endif #endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
#define USAGE_ECRESTART \
" ec_max_ops=%%s default: library default (restart disabled)\n"
#else
#define USAGE_ECRESTART ""
#endif
#define USAGE \ #define USAGE \
"\n usage: ssl_client2 param=<>...\n" \ "\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
@ -258,6 +266,7 @@ int main( void )
"\n" \ "\n" \
USAGE_PSK \ USAGE_PSK \
USAGE_ECJPAKE \ USAGE_ECJPAKE \
USAGE_ECRESTART \
"\n" \ "\n" \
" allow_legacy=%%d default: (library default: no)\n" \ " allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \ USAGE_RENEGO \
@ -310,6 +319,7 @@ struct options
const char *psk; /* the pre-shared key */ const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */ const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */ const char *ecjpake_pw; /* the EC J-PAKE password */
int ec_max_ops; /* EC consecutive operations limit */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
int renegotiation; /* enable / disable renegotiation */ int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */ int allow_legacy; /* allow legacy renegotiation */
@ -527,6 +537,7 @@ int main( int argc, char *argv[] )
opt.psk = DFL_PSK; opt.psk = DFL_PSK;
opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_identity = DFL_PSK_IDENTITY;
opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
opt.renegotiation = DFL_RENEGOTIATION; opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY; opt.allow_legacy = DFL_ALLOW_LEGACY;
@ -619,6 +630,8 @@ int main( int argc, char *argv[] )
opt.psk_identity = q; opt.psk_identity = q;
else if( strcmp( p, "ecjpake_pw" ) == 0 ) else if( strcmp( p, "ecjpake_pw" ) == 0 )
opt.ecjpake_pw = q; opt.ecjpake_pw = q;
else if( strcmp( p, "ec_max_ops" ) == 0 )
opt.ec_max_ops = atoi( q );
else if( strcmp( p, "force_ciphersuite" ) == 0 ) else if( strcmp( p, "force_ciphersuite" ) == 0 )
{ {
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q ); opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
@ -1374,6 +1387,11 @@ int main( int argc, char *argv[] )
mbedtls_timing_get_delay ); mbedtls_timing_get_delay );
#endif #endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( opt.ec_max_ops != DFL_EC_MAX_OPS )
mbedtls_ecp_set_max_ops( opt.ec_max_ops );
#endif
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* /*
@ -1384,7 +1402,9 @@ int main( int argc, char *argv[] )
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret );
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
@ -1476,7 +1496,8 @@ int main( int argc, char *argv[] )
while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE ) ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
goto exit; goto exit;
@ -1528,7 +1549,8 @@ send_request:
<= 0 ) <= 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE ) ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret );
goto exit; goto exit;
@ -1540,7 +1562,8 @@ send_request:
{ {
do ret = mbedtls_ssl_write( &ssl, buf, len ); do ret = mbedtls_ssl_write( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ || while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE ); ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
if( ret < 0 ) if( ret < 0 )
{ {
@ -1573,7 +1596,8 @@ send_request:
ret = mbedtls_ssl_read( &ssl, buf, len ); ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == MBEDTLS_ERR_SSL_WANT_READ || if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE ) ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
continue; continue;
if( ret <= 0 ) if( ret <= 0 )
@ -1618,7 +1642,8 @@ send_request:
do ret = mbedtls_ssl_read( &ssl, buf, len ); do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ || while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE ); ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
if( ret <= 0 ) if( ret <= 0 )
{ {
@ -1666,7 +1691,8 @@ send_request:
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE ) ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
goto exit; goto exit;
@ -1749,7 +1775,8 @@ reconnect:
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE ) ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
goto exit; goto exit;