adds curve

This commit is contained in:
Henry Case 2019-07-29 13:03:43 +01:00
parent 43ed9c9c3f
commit b4a1417ab2
3 changed files with 33 additions and 23 deletions

View File

@ -4,7 +4,7 @@ BORINGSSL_LIB=$(BORINGSSL_DIR)/build.64bitRel/
CC = clang CC = clang
SRCDIR = src SRCDIR = src
OBJDIR = obj OBJDIR = obj
DBG ?= 1 DBG ?= 0
ifeq ($(DBG),1) ifeq ($(DBG),1)
DEBUG = -DDEBUG -g -O0 DEBUG = -DDEBUG -g -O0

View File

@ -7,21 +7,21 @@
// Buffer used for read/write tests // Buffer used for read/write tests
unsigned char rw_buf[BUFFER_SIZE]; unsigned char rw_buf[BUFFER_SIZE];
static const int Curves[1] = {NID_X25519}; static const char* DefaultCurves = "CECPQ2b:CECPQ2:X25519";
static const uint16_t TLS_PROT_VERSION = TLS1_3_VERSION; static const uint16_t TLS_PROT_VERSION = TLS1_3_VERSION;
SSL_CTX *setup_client_ctx(void) SSL_CTX *setup_client_ctx(const char* curves)
{ {
SSL_CTX* ctx = NULL; SSL_CTX* ctx = NULL;
ctx = SSL_CTX_new(TLS_method()); ctx = SSL_CTX_new(TLS_method());
assert(ctx != NULL); assert(ctx != NULL);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
if( SSL_CTX_load_verify_locations(ctx, CACERT, NULL) != 1) { if( SSL_CTX_load_verify_locations(ctx, CACERT, NULL) != 1) {
ERR("Error loading CA DIR"); ERR("Error loading CA DIR");
} }
if (SSL_CTX_set1_curves(ctx, Curves, 1) != 1) { if (SSL_CTX_set1_curves_list(ctx, curves)!=1) {
ERR("Can't set SIDH group"); ERR("Can't set SIDH group");
} }
@ -52,44 +52,47 @@ int do_client_loop(SSL* ssl)
return 1; return 1;
} }
void test_Handshake(const char* IP, size_t handshake_nb) { void test_Handshake(const char* IP, const char* curves, size_t handshake_nb) {
SSL* ssl; SSL* ssl;
SSL_CTX* ctx; SSL_CTX* ctx;
int err; int err;
init(); init();
ctx = setup_client_ctx(); ctx = setup_client_ctx(curves);
DBG("Trying to connect"); DBG("Trying to connect");
int fd = connect_once(IP);
for (size_t i=0; i<handshake_nb; i++) { for (size_t i=0; i<handshake_nb; i++) {
const int fd = connect_once(IP);
DBG("SSL ctx setup"); DBG("SSL ctx setup");
if (!(ssl = SSL_new(ctx))) { if (!(ssl = SSL_new(ctx))) {
ERR("Error creating an SSL context"); ERR("Error creating an SSL context");
} }
SSL_set_fd(ssl, fd); SSL_set_fd(ssl, fd);
DBG("SSL handshake"); DBG("SSL handshake");
// OZAPTF: do handshake thing
err = SSL_connect(ssl); err = SSL_connect(ssl);
if (err<=0) { if (err<=0) {
ERR("Error connecting SSL err=%d", err); ERR("Error connecting SSL err=%d", err);
} }
assert(!SSL_session_reused(ssl)); assert(!SSL_session_reused(ssl));
assert(SSL_shutdown(ssl) == 0);
assert(SSL_shutdown(ssl) == 1);
SSL_free(ssl); SSL_free(ssl);
close(fd);
} }
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
close(fd);
} }
void test_Read(const char* IP) { void test_Read(const char* IP, const char* curves) {
int err, nread=0; int err, nread=0;
SSL* ssl; SSL* ssl;
SSL_CTX* ctx; SSL_CTX* ctx;
init(); init();
ctx = setup_client_ctx(); ctx = setup_client_ctx(curves);
DBG("Trying to connect"); DBG("Trying to connect");
int fd = connect_once(IP); int fd = connect_once(IP);
@ -136,13 +139,13 @@ void test_Read(const char* IP) {
close(fd); close(fd);
} }
void test_Write(const char* IP) { void test_Write(const char* IP, const char* curves) {
SSL* ssl; SSL* ssl;
SSL_CTX* ctx; SSL_CTX* ctx;
int err,nread=0; int err,nread=0;
init(); init();
ctx = setup_client_ctx(); ctx = setup_client_ctx(curves);
DBG("Trying to connect"); DBG("Trying to connect");
int fd = connect_once(IP); int fd = connect_once(IP);
@ -186,12 +189,19 @@ int main(int argc, char* argv[]) {
goto usage; goto usage;
} }
if (!strncmp("test_Handshake", argv[2], strlen("test_Handshake"))) { const char *curves = NULL;
test_Handshake(argv[1], HANDHAKE_REPS); if (argc==4) {
curves = argv[3];
} else {
curves = DefaultCurves;
}
if (!strncmp("test_Handshake", argv[2], strlen("test_Handshake"))) {
test_Handshake(argv[1], curves, HANDHAKE_REPS);
} else if (!strncmp("test_Read", argv[2], strlen("test_Read"))) { } else if (!strncmp("test_Read", argv[2], strlen("test_Read"))) {
test_Read(argv[1]); test_Read(argv[1], curves);
} else if (!strncmp("test_Write", argv[2], strlen("test_Write"))) { } else if (!strncmp("test_Write", argv[2], strlen("test_Write"))) {
test_Write(argv[1]); test_Write(argv[1], curves);
} else { } else {
printf("Unknown test"); printf("Unknown test");
goto usage; goto usage;
@ -202,7 +212,7 @@ exit:
return 0; return 0;
usage: usage:
ERR("\n\nUsage: %s <host_ip> test_name\nOptions for 'test_name':\n\t" ERR("\n\nUsage: %s host_ip test_name [groups]\nOptions for 'test_name':\n\t"
"test_Handshake\n\ttest_Write\n\ttest_Read\n", argv[0]); "test_Handshake\n\ttest_Write\n\ttest_Read\n", argv[0]);
goto exit; goto exit;
} }

View File

@ -56,8 +56,8 @@ void cleanup(void);
void fill_buffer_from_file(unsigned char *b, size_t sz); void fill_buffer_from_file(unsigned char *b, size_t sz);
// Available tests // Available tests
void test_Write(const char*); void test_Write(const char*, const char*);
void test_Read(const char*); void test_Read(const char*, const char*);
void test_Handshake(const char*, size_t); void test_Handshake(const char*, const char*, size_t);
#endif // __COMMON_H__ #endif // __COMMON_H__