Fixes and improvements for building with low footprint. Fix for ASN template with RSA verify only (was missing mp_leading_bit). Fix to allow disabling DRBG with crypto callbacks enabled. Updated the wolfTPM user_settings.h template with low resource option.

2023-05-02 12:35:14 -07:00 · 2023-05-02 12:35:14 -07:00 · 61dfbf5ef2
commit 61dfbf5ef2
parent 58b996353b
8 changed files with 181 additions and 52 deletions
--- a/IDE/NETOS/user_settings.h
+++ b/IDE/NETOS/user_settings.h
@ -458,7 +458,6 @@ extern "C" {
 /* RNG */
 /* ------------------------------------------------------------------------- */

-/* Seed Source */
 /* Seed Source */
 #if 1
    extern int my_rng_generate_seed(unsigned char* output, int sz);
--- a/configure.ac
+++ b/configure.ac
@ -1838,10 +1838,13 @@ AC_ARG_ENABLE([lowresource],
 if test "$ENABLED_LOWRESOURCE" = "yes"
 then
    # low memory / flash flags
-    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO"
+    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO"

    # low flash flags
    AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
+
+    # AES small
+    AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL -DWOLFSSL_AES_NO_UNROLL -DWOLFSSL_AES_SMALL_TABLES"
 fi


--- a/examples/configs/user_settings_wolftpm.h
+++ b/examples/configs/user_settings_wolftpm.h
@ -20,16 +20,44 @@
 */


-/* should be renamed to user_settings.h for customer use
- * generated from configure and wolfssl/options.h using:
- * ./configure --enable-wolftpm --disable-dh --disable-oldtls \
- *    --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \
- *    --disable-pkcs12 --disable-chacha --disable-poly1305 \
- *    --disable-sys-ca-certs --disable-examples
- *
- * Cleaned up by David Garske
+/* To use the rename file to user_settings.h and define WOLFSSL_USER_SETTINGS */
+
+/* Test using:
+cp ./examples/configs/user_settings_wolftpm.h user_settings.h
+./configure --enable-usersettings --disable-examples CFLAGS="-Os"
+make
+*/
+
+/* Options generated from configure and wolfssl/options.h using:
+./configure --enable-wolftpm --disable-dh --disable-oldtls \
+  --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \
+  --disable-pkcs12 --disable-chacha --disable-poly1305 \
+  --disable-sys-ca-certs --disable-examples
+*/
+
+/* Options for USE_LOW_RESOURCE generated with configure and wolfssl/options.h
+ * using:
+./configure --enable-lowresource --enable-cryptonly --enable-aescfb \
+  --enable-hmac --enable-cryptocb --enable-singlethreaded \
+  --enable-sp=smallrsa2048 --enable-sp-math --disable-sp-asm \
+  --disable-filesystem --disable-asm --disable-pkcs8 --disable-pkcs12 \
+  --disable-ecc --disable-dh \
+  --disable-sha224 --disable-sha384 --disable-sha512 \
+  --disable-md5 --disable-sha3 \
+  --disable-aescbc --disable-aesgcm --disable-aesccm \
+  --disable-poly1305 --disable-chacha \
+  --disable-hashdrbg \
+  --disable-sys-ca-certs --disable-error-queue-per-thread \
+  --disable-oldtls --disable-errorstrings --disable-memory --disable-coding \
+  --disable-examples --disable-optflags \
+  CFLAGS="-Os -DNO_SIG_WRAPPER -DNO_AES_192 -DNO_AES_256 \
+  -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_INLINE -DNO_CHECK_PRIVATE_KEY"
 */

+/* For the wolfTPM build:
+./configure --enable-swtpm CFLAGS="-Os" && make
+*/
+

 #ifndef WOLF_USER_SETTINGS_TPM_H
 #define WOLF_USER_SETTINGS_TPM_H
@ -38,7 +66,15 @@
 extern "C" {
 #endif

-#if 1
+/* enable for low resource options */
+#if 0
+    #define USE_LOW_RESOURCE
+#endif
+
+#ifdef USE_LOW_RESOURCE
+    /* wolfCrypt only (no SSL/TLS) */
+    #define WOLFCRYPT_ONLY
+#else
    /* wolfTPM with TLS example (v1.3 only) */
    #define WOLFSSL_TLS13
    #define WOLFSSL_NO_TLS12
@ -52,78 +88,136 @@ extern "C" {
    #define HAVE_HKDF
    #define WC_RSA_PSS
    #define WOLFSSL_PSS_LONG_SALT
-#else
-    /* wolfCrypt only (no SSL/TLS) */
-    #define WOLFCRYPT_ONLY
 #endif

 /* No threading or file system */
 #define SINGLE_THREADED
-/* File system disable */
-#if 0
-    #define NO_FILESYSTEM
-#endif

 /* Enable crypto callbacks */
 #define WOLF_CRYPTO_CB

-/* Enable PRNG (SHA2-256) */
-#define HAVE_HASHDRBG
-
-/* Enable SP math all (sp_int.c) with multi-precision support */
-#define WOLFSSL_SP_MATH_ALL
+#ifdef USE_LOW_RESOURCE
+    /* Single Precision math for RSA 2048 only (small) */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_SP_MATH
+    #define WOLFSSL_SP_SMALL
+    #define WOLFSSL_SP_NO_3072 /* 2048-only */
+#else
+    /* Enable SP math all (sp_int.c) with multi-precision support */
+    #define WOLFSSL_SP_MATH_ALL
+#endif

 /* Enable hardening (timing resistance) */
 #define TFM_TIMING_RESISTANT
 #define ECC_TIMING_RESISTANT
 #define WC_RSA_BLINDING

+/* Enable PRNG (SHA2-256) */
+#ifdef USE_LOW_RESOURCE
+    /* use TPM TRNG */
+    #define WC_NO_HASHDRBG
+#else
+    #define HAVE_HASHDRBG
+#endif
+
 /* Asymmetric */
-#define HAVE_ECC
-#undef NO_RSA
-#define NO_DH
-#ifndef NO_DH
+#if 1 /* RSA - needed to encrypt salt */
+    #undef  NO_RSA
+    #ifdef USE_LOW_RESOURCE
+        #define WOLFSSL_RSA_PUBLIC_ONLY
+        #define WOLFSSL_RSA_VERIFY_INLINE
+        #define NO_CHECK_PRIVATE_KEY
+    #endif
+#else
+    #define NO_RSA
+#endif
+#ifndef USE_LOW_RESOURCE /* ECC */
+    #define HAVE_ECC
+    #define ECC_USER_CURVES /* default to only SECP256R1 */
+#endif
+#ifndef USE_LOW_RESOURCE /* DH */
+    #undef  NO_DH
    #define HAVE_FFDHE_2048
    #define HAVE_DH_DEFAULT_PARAMS
+#else
+    #define NO_DH
 #endif

 /* Symmetric Hash */
 #undef NO_SHA
 #undef NO_SHA256
-#define WOLFSSL_SHA512
-#define WOLFSSL_SHA384
+#ifndef USE_LOW_RESOURCE
+    #define WOLFSSL_SHA512
+    #define WOLFSSL_SHA384
+#endif

 /* Symmetric Cipher */
-#define HAVE_AES_KEYWRAP
-#define WOLFSSL_AES_DIRECT
 #define WOLFSSL_AES_CFB
-#define HAVE_AESGCM
-#define GCM_TABLE_4BIT
+#define HAVE_AES_DECRYPT
+#ifndef USE_LOW_RESOURCE
+    #define HAVE_AES_KEYWRAP
+    #define WOLFSSL_AES_DIRECT
+    #define HAVE_AESGCM
+    #define GCM_TABLE_4BIT
+#else
+    #define NO_AES_CBC
+#endif

-#if 0
+#if 0 /* ChaCha20 / Poly1305 */
    #define HAVE_POLY1305
    #define HAVE_CHACHA
 #endif

 /* Features */
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_EXT
-
-#define HAVE_PKCS7
-#define HAVE_X963_KDF
-#define WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_USER_IO /* user recv/send callbacks for network IO */
+#ifndef USE_LOW_RESOURCE
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_EXT

+    #define HAVE_PKCS7
+    #define HAVE_X963_KDF
+    #define WOLFSSL_BASE64_ENCODE
+#endif

 /* Disables */
+#define NO_PKCS8
+#define NO_PKCS12
+#define NO_PWDBASED
 #define NO_DSA
 #define NO_DES3
 #define NO_RC4
 #define NO_PSK
 #define NO_MD4
+#define NO_MD5
 #define WOLFSSL_NO_SHAKE128
 #define WOLFSSL_NO_SHAKE256
+#define NO_WRITEV

+/* Low Resource Options */
+#ifdef USE_LOW_RESOURCE
+    #define NO_FILESYSTEM /* File system disable */
+    #define NO_ERROR_STRINGS
+    #define WOLFSSL_NO_ASM
+    #define TFM_NO_ASM
+    #define NO_WOLFSSL_MEMORY
+    #define NO_SESSION_CACHE
+    #define RSA_LOW_MEM
+    #define WOLFSSL_AES_SMALL_TABLES
+    #define WOLFSSL_AES_NO_UNROLL
+    #define GCM_SMALL
+    #undef  GCM_TABLE_4BIT
+    #define NO_AES_192
+    #define NO_AES_256
+    #define USE_SLOW_SHA
+    #define USE_SLOW_SHA256
+    #define USE_SLOW_SHA512
+    #define NO_SIG_WRAPPER
+    #define NO_ASN_TIME
+    #define NO_CODING
+    #define NO_BIG_INT
+#endif

 #ifdef __cplusplus
 }
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@ -6516,7 +6516,7 @@ exit_rsa_pub:
                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
                                          1, &times, ntimes, &pending)) {
                        ret = wc_RsaSSL_Sign(message, len, enc[i],
-                                                rsaKeySz/8, &rsaKey[i], &gRng);
+                                            rsaKeySz/8, &rsaKey[i], GLOBAL_RNG);
                        if (!bench_async_handle(&ret,
                                           BENCH_ASYNC_GET_DEV(&rsaKey[i]),
                                           1, &times, &pending)) {
@ -7371,7 +7371,7 @@ exit_ecdhe:
                    }

                    ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i],
-                                           &x[i], &gRng, &genKey[i]);
+                                           &x[i], GLOBAL_RNG, &genKey[i]);

                    if (!bench_async_handle(&ret,
                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@ -235,7 +235,7 @@ int wc_CryptoCb_GetDevIdAtIndex(int startIdx)

 /* Used to register a find device function. Useful for cases where the
 * device ID in the struct may not have been set but still wanting to use
- * a specifice crypto callback device ID. The find callback is global and
+ * a specific crypto callback device ID. The find callback is global and
 * not thread safe. */
 void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb)
 {
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@ -5605,7 +5605,7 @@ int sp_cnt_lsb(const sp_int* a)
 }
 #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */

-#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
+#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_ASN_TEMPLATE) || \
    (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_ASN))
 /* Determine if the most significant byte of the encoded multi-precision number
 * has the top bit set.
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -758,6 +758,22 @@ static int wolfssl_pb_print(const char* msg, ...)
 }
 #endif /* WOLFSSL_PB */

+
+#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
+    !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+/* Enable support for RNG with crypto callback */
+static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
+{
+    int rc = CRYPTOCB_UNAVAILABLE;
+    if (info->algo_type == WC_ALGO_TYPE_RNG) {
+        rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
+    }
+    (void)ctx;
+    (void)thisDevId;
+    return rc;
+}
+#endif
+
 /* optional macro to add sleep between tests */
 #ifndef TEST_SLEEP
 #define TEST_SLEEP()
@ -925,6 +941,16 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 #endif

+#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
+    !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+    if (devId == INVALID_DEVID) {
+        /* for testing RNG with crypto callback register function */
+        devId = 100; /* any value beside -2 (INVALID_DEVID) */
+        wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL);
+    }
+#endif
+
+
 #ifdef HAVE_SELFTEST
    if ( (ret = wolfCrypt_SelfTest()) != 0)
        TEST_FAIL("CAVP selftest failed!\n", ret);
@ -8561,6 +8587,7 @@ EVP_TEST_END:
        }
        #endif
    #endif
+#endif /* WOLFSSL_AES_256 */

  out:

@ -8580,7 +8607,6 @@ EVP_TEST_END:
 #endif
 #endif

-#endif /* WOLFSSL_AES_256 */
        return ret;
    }

@ -8776,6 +8802,7 @@ EVP_TEST_END:
            goto out;
        }
    #endif
+#endif /* WOLFSSL_AES_256 */

      out:

@ -8795,8 +8822,6 @@ EVP_TEST_END:
 #endif
 #endif

-#endif /* WOLFSSL_AES_256 */
-
        return ret;
    }
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
@ -13244,7 +13269,6 @@ exit:
    return ret;
 }

-
 static int random_rng_test(void)
 {
    WC_RNG localRng;
@ -13277,6 +13301,7 @@ static int random_rng_test(void)
        if (rng == NULL)
            return WC_TEST_RET_ENC_ERRNO;

+        rng->devId = devId;
        ret = _rng_test(rng, WC_TEST_RET_ENC_NC);

        wc_rng_free(rng);
@ -44565,7 +44590,12 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 #endif

    if (info->algo_type == WC_ALGO_TYPE_RNG) {
-    #ifndef WC_NO_RNG
+    #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
+        !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+        /* if RNG only supports crypto callback, just use seed */
+        ret = wc_GenerateSeed(&info->rng.rng->seed,
+            info->rng.out, info->rng.sz);
+    #elif !defined(WC_NO_RNG)
        /* set devId to invalid, so software is used */
        info->rng.rng->devId = INVALID_DEVID;

@ -45172,6 +45202,7 @@ static int myCryptoCbFind(int currentId, int algoType)
 WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
 {
    int ret = 0;
+    int origDevId = devId;
    myCryptoDevCtx myCtx;

    /* example data for callback */
@ -45272,8 +45303,8 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
        ret = cmac_test();
 #endif

-    /* reset devId */
-    devId = INVALID_DEVID;
+    /* restore devId */
+    devId = origDevId;

    return ret;
 }
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@ -113,6 +113,8 @@
     /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
 #elif defined(HAVE_INTEL_RDRAND)
    /* Intel RDRAND or RDSEED */
+#elif defined(WOLF_CRYPTO_CB)
+    /* Requires registered Crypto Callback to service RNG, with devId set */
 #elif !defined(WC_NO_RNG)
    #error No RNG source defined!
 #endif