wolfSSL
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎configure.ac‎
Lines changed: 27 additions & 0 deletions b/‎configure.ac‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎scripts/sniffer-gen.sh‎
Lines changed: 68 additions & 73 deletions b/‎scripts/sniffer-gen.sh‎
Lines changed: 68 additions & 73 deletions
diff --git a/‎src/include.am‎
Lines changed: 5 additions & 0 deletions b/‎src/include.am‎
Lines changed: 5 additions & 0 deletions
@@ -419,3 +419,6 @@ user_settings_asm.h
 
 # auto-created CMake backups
 **/CMakeLists.txt.old
+
+# MagicCrypto (ARIA Cipher)
+MagicCrypto
@@ -2520,6 +2520,31 @@ fi
 ]
 )
 
+AC_ARG_ENABLE([aria],
+    [AS_HELP_STRING([--enable-aria],[Enable wolfSSL support for ARIA (default: disabled)])],
+    [ ENABLED_ARIA=$enableval ],
+    [ ENABLED_ARIA=no ]
+    )
+if test "$ENABLED_ARIA" = "yes"
+then
+    ARIA_DIR=MagicCrypto
+    # Enable dependency
+    ENABLED_OPENSSLEXTRA="yes"
+    CFLAGS="$CFLAGS -I$ARIA_DIR/include"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_ARIA -DOPENSSL_EXTRA"
+    AM_LDFLAGS="$AM_LDFLAGS -L$ARIA_DIR/lib -lMagicCrypto"
+    build_pwd="$(pwd)"
+    headers="mcapi_error.h mcapi_type.h mcapi.h"
+    for header in $headers
+    do
+        AC_CHECK_HEADER([$header], [], [
+                AC_MSG_ERROR([Error including $header. Please put the MagicCrypto library in $build_pwd.])
+            ], [
+            extern int dummy_int_to_make_compiler_happy;
+        ])
+    done
+fi
+
 AC_ARG_ENABLE([caam],
     [AS_HELP_STRING([--enable-caam],[Enable wolfSSL support for CAAM (default: disabled)])],
     [ ENABLED_CAAM=$enableval ],
@@ -8830,6 +8855,7 @@ AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
 AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
+AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
 
 if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
    (test "$ax_enable_debug" = "yes" ||
@@ -9146,6 +9172,7 @@ echo "   * AES-CTR:                    $ENABLED_AESCTR"
 echo "   * AES-CFB:                    $ENABLED_AESCFB"
 echo "   * AES-OFB:                    $ENABLED_AESOFB"
 echo "   * AES-SIV:                    $ENABLED_AESSIV"
+echo "   * ARIA:                       $ENABLED_ARIA"
 echo "   * DES3:                       $ENABLED_DES3"
 echo "   * Camellia:                   $ENABLED_CAMELLIA"
 echo "   * SM4-ECB:                    $ENABLED_SM4_ECB"
 
@@ -1,98 +1,93 @@
 #!/bin/bash
+#set -x
 
 # Run this script from the wolfSSL root
 if [ ! -f wolfssl/ssl.h ]; then
     echo "Run from the wolfssl root"
     exit 1
 fi
 
-run_sequence() {
-    if [ "$1" == "dh" ] || [ "$1" == "ecc" ]; then
-        # TLS v1.3
-        ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256
-
-        ./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384
-
-        ./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256
-    fi
-    if [ "$1" == "dh-resume" ] || [ "$1" == "ecc-resume" ]; then
-        # TLS v1.3 Resumption
-        ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r
+server_pid=0
+tcpdump_pid=0
 
-        ./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r
-
-        ./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r
-    fi
-
-    if [ "$1" == "x25519" ]; then
-        # TLS v1.3
-        ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
+cleanup() {
+    if [ "$server_pid" -ne 0 ]; then kill $server_pid; server_pid=0; fi
+    if [ "$tcpdump_pid" -ne 0 ]; then sleep 1; kill -15 $tcpdump_pid; tcpdump_pid=0; fi
+}
+trap cleanup EXIT INT TERM HUP
 
-        ./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
+set -o pipefail
+prepend() { # Usage: cmd 2>&1 | prepend "sometext "
+    while read line; do echo "${1}${line}"; done
+}
 
-        ./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
+run_test() { # Usage: run_test <cipher> [serverArgs [clientArgs]]
+    echo "Running test $1"
+    CIPHER=$1
+    if [ "$CIPHER" != "" ]; then
+        CIPHER="-l $CIPHER"
     fi
-    # Run: with x25519_resume
-    if [ "$1" == "x25519-resume" ]; then
-        # TLS v1.3 Resumption
-        ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
-
-        ./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
-
-        ./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
-        sleep 0.1
-        ./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
+    stdbuf -oL -eL ./examples/server/server -i -x $CIPHER $2 2>&1 | prepend "[server] " &
+    server_pid=$!
+    ((server_pid--)) # Get the first PID in the pipe
+    sleep 0.1
+    stdbuf -oL -eL ./examples/client/client $CIPHER $3 2>&1 | prepend "[client] "
+    RET=$?
+    if [ "$RET" != 0 ]; then
+        echo "Error in test: $RET"
+        exit $RET
     fi
+    kill $server_pid; server_pid=0
+    echo "Test passed: $1"
+}
 
-    # TLS v1.3 Hello Retry Request
-    if [ "$1" == "hrr" ]; then
-        # TLS v1.3 Hello Retry Request
-        ./examples/server/server -v 4 -i -x -g &
-        server_pid=$!
-        sleep 0.1
-        ./examples/client/client -v 4 -J
-        kill $server_pid
+run_sequence() {
+    if [ "$1" == "tls13-dh" ] || [ "$1" == "tls13-ecc" ]; then # TLS v1.3
+        run_test "TLS13-AES128-GCM-SHA256" "-v 4" "-v 4"
+        run_test "TLS13-AES256-GCM-SHA384" "-v 4" "-v 4"
+        run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4" "-v 4"
+    elif [ "$1" == "tls12" ]; then # TLS v1.2
+        run_test "ECDHE-ECDSA-AES128-GCM-SHA256" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
+        run_test "ECDHE-ECDSA-AES256-GCM-SHA384" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
+    elif [ "$1" == "tls13-dh-resume" ] || [ "$1" == "tls13-ecc-resume" ]; then # TLS v1.3 Resumption
+        run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r" "-v 4 -r"
+        run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r" "-v 4 -r"
+        run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r" "-v 4 -r"
+    elif [ "$1" == "tls13-x25519" ]; then # TLS v1.3
+        run_test "TLS13-AES128-GCM-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
+        run_test "TLS13-AES256-GCM-SHA384" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
+        run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
+    elif [ "$1" == "tls13-x25519-resume" ]; then # TLS v1.3 x25519 Resumption
+        run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
+        run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
+        run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
+    elif [ "$1" == "tls13-hrr" ]; then # TLS v1.3 Hello Retry Request
+        run_test "" "-v 4 -g" "-v 4 -J"
+    else
+        echo "Invalid test"
+        exit -1
     fi
-    sleep 1
 }
 
 run_capture(){
-    echo -e "\nconfiguring and building wolfssl..."
+    echo -e "\nconfiguring and building wolfssl ($1)..."
     ./configure --enable-sniffer $2 1>/dev/null || exit $?
     make 1>/dev/null || exit $?
     echo "starting capture"
-    tcpdump -i lo0 -nn port 11111 -w ./scripts/sniffer-tls13-$1.pcap &
+    tcpdump -i lo -n port 11111 -w ./scripts/sniffer-${1}.pcap -U &
     tcpdump_pid=$!
     run_sequence $1
-    kill $tcpdump_pid
+    sleep 1
+    kill -15 $tcpdump_pid; tcpdump_pid=0
 }
 
-run_capture "ecc"           ""
-run_capture "ecc-resume"    "--enable-session-ticket"
-run_capture "dh"            "--disable-ecc"
-run_capture "dh-resume"     "--disable-ecc --enable-session-ticket"
-run_capture "x25519"        "--enable-curve25519 --disable-dh --disable-ecc"
-run_capture "x25519-resume" "--enable-curve25519 --disable-dh --disable-ecc --enable-session-ticket"
-run_capture "hrr"           "--disable-dh CFLAGS=-DWOLFSSL_SNIFFER_WATCH"
+run_capture "tls12"               ""
+run_capture "tls13-ecc"           ""
+run_capture "tls13-ecc-resume"    "--enable-session-ticket"
+run_capture "tls13-dh"            "--disable-ecc"
+run_capture "tls13-dh-resume"     "--disable-ecc --enable-session-ticket"
+run_capture "tls13-x25519"        "--enable-curve25519 --disable-dh --disable-ecc"
+run_capture "tls13-x25519-resume" "--enable-curve25519 --disable-dh --disable-ecc --enable-session-ticket"
+run_capture "tls13-hrr"           "--disable-dh CFLAGS=-DWOLFSSL_SNIFFER_WATCH"
+
+echo "Tests passed in $SECONDS seconds"
@@ -791,3 +791,8 @@ endif !BUILD_CRYPTONLY
 
 
 endif !BUILD_FIPS_RAND
+
+if BUILD_ARIA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c
+endif