static void test_rsa_sign(void) { ptls_openssl_sign_certificate_t *sc = (ptls_openssl_sign_certificate_t *)ctx->sign_certificate; const void *message = "hello world"; ptls_buffer_t sigbuf; uint8_t sigbuf_small[1024]; ptls_buffer_init(&sigbuf, sigbuf_small, sizeof(sigbuf_small)); ok(do_sign(sc->key, &sigbuf, ptls_iovec_init(message, strlen(message)), EVP_sha256()) == 0); EVP_PKEY_up_ref(sc->key); ok(verify_sign(sc->key, ptls_iovec_init(message, strlen(message)), ptls_iovec_init(sigbuf.base, sigbuf.off)) == 0); ptls_buffer_dispose(&sigbuf); }
int main(int argc, char **argv) { ptls_openssl_sign_certificate_t openssl_sign_certificate; ptls_openssl_verify_certificate_t openssl_verify_certificate; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); #if !defined(OPENSSL_NO_ENGINE) /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); ENGINE_register_all_ciphers(); ENGINE_register_all_digests(); #endif ptls_iovec_t cert; setup_certificate(&cert); setup_sign_certificate(&openssl_sign_certificate); ptls_openssl_init_verify_certificate(&openssl_verify_certificate, NULL); ptls_context_t openssl_ctx = { ptls_openssl_random_bytes, ptls_openssl_key_exchanges, ptls_openssl_cipher_suites, {&cert, 1}, NULL, NULL, &openssl_sign_certificate.super, &openssl_verify_certificate.super}; ctx = ctx_peer = &openssl_ctx; subtest("ecdh-key-exchange", test_ecdh_key_exchange); subtest("rsa-sign", test_rsa_sign); subtest("ecdsa-sign", test_ecdsa_sign); subtest("picotls", test_picotls); ptls_minicrypto_secp256r1sha256_sign_certificate_t minicrypto_sign_certificate; ptls_iovec_t minicrypto_certificate = ptls_iovec_init(SECP256R1_CERTIFICATE, sizeof(SECP256R1_CERTIFICATE) - 1); ptls_minicrypto_init_secp256r1sha256_sign_certificate( &minicrypto_sign_certificate, ptls_iovec_init(SECP256R1_PRIVATE_KEY, sizeof(SECP256R1_PRIVATE_KEY) - 1)); ptls_context_t minicrypto_ctx = {ptls_minicrypto_random_bytes, ptls_minicrypto_key_exchanges, ptls_minicrypto_cipher_suites, {&minicrypto_certificate, 1}, NULL, NULL, &minicrypto_sign_certificate.super}; ctx_peer = &minicrypto_ctx; subtest("vs. minicrypto", test_picotls); ctx = &minicrypto_ctx; ctx_peer = &openssl_ctx; subtest("minicrypto vs.", test_picotls); return done_testing(); }
static int x25519_key_exchange(ptls_iovec_t *pubkey, ptls_iovec_t *secret, ptls_iovec_t peerkey) { uint8_t priv[X25519_KEY_SIZE], *pub = NULL; int ret; if (peerkey.len != X25519_KEY_SIZE) { ret = PTLS_ALERT_DECRYPT_ERROR; goto Exit; } if ((pub = malloc(X25519_KEY_SIZE)) == NULL) { ret = PTLS_ERROR_NO_MEMORY; goto Exit; } x25519_create_keypair(priv, pub); if ((ret = x25519_derive_secret(secret, NULL, peerkey.base, priv, pub)) != 0) goto Exit; *pubkey = ptls_iovec_init(pub, X25519_KEY_SIZE); ret = 0; Exit: ptls_clear_memory(priv, sizeof(priv)); if (pub != NULL && ret != 0) ptls_clear_memory(pub, X25519_KEY_SIZE); return ret; }
static int x25519_create_key_exchange(ptls_key_exchange_context_t **_ctx, ptls_iovec_t *pubkey) { struct st_x25519_key_exchange_t *ctx; if ((ctx = (struct st_x25519_key_exchange_t *)malloc(sizeof(*ctx))) == NULL) return PTLS_ERROR_NO_MEMORY; ctx->super = (ptls_key_exchange_context_t){x25519_on_exchange}; x25519_create_keypair(ctx->priv, ctx->pub); *_ctx = &ctx->super; *pubkey = ptls_iovec_init(ctx->pub, sizeof(ctx->pub)); return 0; }
static void test_ecdsa_sign(void) { EVP_PKEY *pkey; { /* create pkey */ EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY_generate_key(eckey); pkey = EVP_PKEY_new(); EVP_PKEY_set1_EC_KEY(pkey, eckey); EC_KEY_free(eckey); } const char *message = "hello world"; ptls_buffer_t sigbuf; uint8_t sigbuf_small[1024]; ptls_buffer_init(&sigbuf, sigbuf_small, sizeof(sigbuf_small)); ok(do_sign(pkey, &sigbuf, ptls_iovec_init(message, strlen(message)), EVP_sha256()) == 0); EVP_PKEY_up_ref(pkey); ok(verify_sign(pkey, ptls_iovec_init(message, strlen(message)), ptls_iovec_init(sigbuf.base, sigbuf.off)) == 0); ptls_buffer_dispose(&sigbuf); EVP_PKEY_free(pkey); }
int extract_1rtt_secret( ptls_t *tls, const char *label, ptls_cipher_suite_t ** cipher, uint8_t * secret, size_t secret_max) { int ret = 0; *cipher = ptls_get_cipher(tls); if (*cipher == NULL) { ret = -1; } else if ((*cipher)->hash->digest_size > secret_max) { ret = -1; } else { ret = ptls_export_secret(tls, secret, (*cipher)->hash->digest_size, label, ptls_iovec_init(NULL, 0)); } return 0; }