mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 12:12:15 +02:00
Code
e9dc75ec90
openvpn3/test/ssl
History
Antonio Quartulli 9814079944
tls-crypt-v2: implement abstract metadata parser 
The metadata that may be possibly be contained in the WKc has to be
verified by means of a user implemented behaviour.

Implement an abstract class that exports a verify() method to be
used for this purpose.

Users can extend this class and override the verify() method with
their own.

A basic implementation is also provided: it will just ignore the
metadata (if any) and report success to the core.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-12-06 09:19:22 +10:00
..
.gitignore Updated Windows client for VS 2015. 2015-06-09 11:21:41 -06:00
ca.crt mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (functional) 2017-03-18 12:24:54 -06:00
client.crt mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (functional) 2017-03-18 12:24:54 -06:00
client.key mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (functional) 2017-03-18 12:24:54 -06:00
dh.pem mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (functional) 2017-03-18 12:24:54 -06:00
go Added i/o abstraction layer. 2017-03-30 15:48:14 -06:00
proto.cpp tls-crypt-v2: implement abstract metadata parser 2018-12-06 09:19:22 +10:00
protowin.h Ported minicrypto lib to OS X for PolarSSL optimization. 2014-03-04 17:42:00 -07:00
README.txt mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (symbol renames) 2017-03-18 12:24:54 -06:00
server.crt mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (functional) 2017-03-18 12:24:54 -06:00
server.key mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (functional) 2017-03-18 12:24:54 -06:00
tls-auth.key Updated proto unit test with fresh certs/keys. 2013-01-30 21:08:55 +00:00
tls-crypt-v2-client.key tls-crypt-v2: implement abstract metadata parser 2018-12-06 09:19:22 +10:00
tls-crypt-v2-server.key tls-crypt-v2: implement abstract metadata parser 2018-12-06 09:19:22 +10:00

README.txt 

Building proto.cpp sample:

On Mac

  Build with MbedTLS client and server (no minicrypto ASM algs for MbedTLS):

    MTLS=1 build proto

  Build with MbedTLS client and server using 4 concurrent threads (no minicrypto ASM algs for MbedTLS):

    -DN_THREADS=4" MTLS=1 build proto

  Build with MbedTLS client and OpenSSL server (no minicrypto ASM algs for MbedTLS):

    MTLS=1 OSSL=1 OPENSSL_SYS=1 build proto

  Build with OpenSSL client and server:

    OSSL=1 OPENSSL_SYS=1 build proto

  Build with AppleSSL client and OpenSSL server:

    SSL_BOTH=1 OPENSSL_SYS=1 build proto

  Build with MbedTLS client and server + minicrypto lib:

    MTLS=1 MINI=1 build proto

  Build with MbedTLS client and server (no minicrypto ASM algs for MbedTLS),
  except substitute AppleSSL crypto algs for the client side:

    HYBRID=1 build proto

On Linux:

  Build with MbedTLS client and server (no ASM crypto algs):

    MTLS=1 NOSSL=1 build proto

  Build with OpenSSL client and server:

    OSSL=1 build proto

  Build with MbedTLS client and OpenSSL server:

    MTLS=1 OSSL=1 build proto

  Build with MbedTLS client and server (no ASM crypto algs)
  using Profile-Guided Optimization:

    PGEN=1 MTLS=1 NOSSL=1 build proto && ./proto && PUSE=1 MTLS=1 NOSSL=1 build proto

Variations:

  To simulate less data-channel activity and more SSL renegotiations
  (RENEG default is 900):

  GCC_EXTRA="-DRENEG=90" build proto

  For verbose output, lower the number of xmit/recv iterations by defining
  ITER to be 10000 or less, e.g.

    GCC_EXTRA="-DITER=1000" build proto

  Crypto self-test (MbedTLS must be built with DEBUG_BUILD=1 or SELF_TEST=1):

    ./proto test

Caveats:

 When using MbedTLS as both client and server, make sure to build
 MbedTLS on Mac OS X with OSX_SERVER=1.

Typical output:

  $ time ./proto
  *** app bytes=73301015 net_bytes=146383320 data_bytes=36327640 prog=0000218807/0000218806 D=12600/600/12600/800 N=1982/1982 SH=17800/17800 HE=3/6
  real	0m11.003s
  user	0m10.981s
  sys	0m0.004s