mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC

This commit is contained in:
Hideki Miyazaki 2022-03-10 18:21:07 +09:00
parent b45cd921b6
commit d3a379adac
No known key found for this signature in database
GPG Key ID: 7EB19ED9B9D5AC28
8 changed files with 584 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tests/suites.c
View File

@ -778,7 +778,8 @@ static void test_harness(void* vargs)
int SuiteTest(int argc, char** argv)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
func_args args;
char argv0[3][80];
char* myArgv[3];

6
testsuite/testsuite.c
View File

@ -97,7 +97,8 @@ static void *echoclient_test_wrapper(void* args) {
int testsuite_test(int argc, char** argv)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))
func_args server_args;
tcp_ready ready;
@ -242,7 +243,8 @@ int testsuite_test(int argc, char** argv)
return EXIT_SUCCESS;
}
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))
/* Perform a basic TLS handshake.
*
* First connection to echo a file.

102
wolfcrypt/src/ecc.c
View File

@ -212,7 +212,8 @@ ECC Curve Sizes:
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_ECC) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(NO_ECC_MAKE_PUB)
!defined(WOLFSSL_CRYPTOCELL) && !defined(NO_ECC_MAKE_PUB) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
#undef HAVE_ECC_MAKE_PUB
#define HAVE_ECC_MAKE_PUB
#endif
@ -1258,7 +1259,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
#if !defined(WOLFSSL_SP_MATH) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050)
!defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order);
#endif
@ -1649,7 +1650,7 @@ static void alt_fp_init(mp_int* a)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL)
@ -4192,6 +4193,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
word32* outlen)
{
int err;
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
CRYS_ECDH_TempData_t tempBuff;
@ -4204,12 +4206,22 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
#ifdef WOLF_CRYPTO_CB
if (private_key->devId != INVALID_DEVID) {
err = wc_CryptoCb_Ecdh(private_key, public_key, out, outlen);
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
if (err != CRYPTOCB_UNAVAILABLE)
return err;
/* fall-through when unavailable */
#else
return err;
#endif
}
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
else {
return NO_VALID_DEVID;
}
#endif
#endif
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
/* type valid? */
if (private_key->type != ECC_PRIVATEKEY &&
private_key->type != ECC_PRIVATEKEY_ONLY) {
@ -4260,11 +4272,13 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
#endif /* WOLFSSL_ATECC508A */
return err;
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
byte* out, word32* outlen)
@ -4544,6 +4558,7 @@ int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point,
return err;
}
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
/**
Create an ECC shared secret between private key and public point
private_key The private ECC key (heap hint based on private key)
@ -4628,6 +4643,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
return err;
}
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
#elif defined(WOLFSSL_KCAPI_ECC)
int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen)
@ -4711,7 +4727,7 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
#endif /* USE_ECC_B_PARAM */
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* return 1 if point is at infinity, 0 if not, < 0 on error */
int wc_ecc_point_is_at_infinity(ecc_point* p)
{
@ -5037,12 +5053,22 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
err = wc_CryptoCb_MakeEccKey(rng, keysize, key, curve_id);
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
if (err != CRYPTOCB_UNAVAILABLE)
return err;
/* fall-through when unavailable */
#else
return err;
#endif
}
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
else {
return NO_VALID_DEVID;
}
#endif
#endif
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM
@ -5234,6 +5260,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
#endif /* HAVE_ECC_MAKE_PUB */
return err;
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
}
@ -5751,6 +5778,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
WC_RNG* rng, ecc_key* key)
{
int err;
#if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(WC_ASYNC_ENABLE_ECC)
#ifdef WOLFSSL_SMALL_STACK
mp_int *r = NULL, *s = NULL;
@ -5766,12 +5794,22 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
err = wc_CryptoCb_EccSign(in, inlen, out, outlen, rng, key);
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
if (err != CRYPTOCB_UNAVAILABLE)
return err;
/* fall-through when unavailable */
#else
return err;
#endif
}
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
else {
return NO_VALID_DEVID;
}
#endif
#endif
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
if (rng == NULL) {
WOLFSSL_MSG("ECC sign RNG missing");
return ECC_BAD_ARG_E;
@ -5836,6 +5874,13 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
#endif /* WOLFSSL_ASYNC_CRYPT */
return err;
#else
(void)rng;
(void)inlen;
(void)s;
(void)r;
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
}
#endif /* !NO_ASN */
@ -6854,7 +6899,8 @@ int wc_ecc_free(ecc_key* key)
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* Handles add failure cases:
*
* Before add:
@ -6966,7 +7012,7 @@ int ecc_projective_dbl_point_safe(ecc_point *P, ecc_point *R, mp_int* a,
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL) && \
!defined(WOLFSSL_KCAPI_ECC)
!defined(WOLFSSL_KCAPI_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef ECC_SHAMIR
/** Computes kA*A + kB*B = C using Shamir's Trick
@ -7321,6 +7367,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
word32 hashlen, int* res, ecc_key* key)
{
int err;
mp_int *r = NULL, *s = NULL;
#if (!defined(WOLFSSL_ASYNC_CRYPT) || !defined(WC_ASYNC_ENABLE_ECC)) && \
!defined(WOLFSSL_SMALL_STACK)
@ -7337,12 +7384,23 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
err = wc_CryptoCb_EccVerify(sig, siglen, hash, hashlen, res, key);
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
if (err != CRYPTOCB_UNAVAILABLE)
return err;
/* fall-through when unavailable */
#else
return err;
#endif
}
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
else {
return NO_VALID_DEVID;
}
#endif
#endif
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
err = wc_ecc_alloc_async(key);
if (err != 0)
@ -7444,10 +7502,22 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
wc_ecc_reset(key);
return err;
#else
(void)siglen;
(void)hashlen;
#ifndef WOLFSSL_SMALL_STACK
(void)s_lcl;
(void)r_lcl;
#endif
(void)s;
(void)r;
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
}
#endif /* !NO_ASN */
#if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO)
#if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s)
{
int err = MP_OKAY;
@ -7489,7 +7559,7 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s)
key The corresponding public ECC key
return MP_OKAY if successful (even if the signature is not valid)
*/
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* res, ecc_key* key)
#if defined(WOLFSSL_STM32_PKA)
@ -8035,6 +8105,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
return err;
}
#endif /* WOLFSSL_STM32_PKA */
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
#endif /* HAVE_ECC_VERIFY */
#ifdef HAVE_ECC_KEY_IMPORT
@ -8552,7 +8623,8 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* is ecc point on curve described by dp ? */
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@ -9035,7 +9107,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#ifndef WOLFSSL_SP_MATH
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050)
!defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
mp_int* b = NULL;
#ifdef USE_ECC_B_PARAM
DECLARE_CURVE_SPECS(4);
@ -9084,10 +9157,13 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#ifndef WOLFSSL_SP_MATH
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(WOLFSSL_SE050)
defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* consider key check success on HW crypto
* ex: ATECC508/608A, CryptoCell and Silabs */
* ex: ATECC508/608A, CryptoCell and Silabs
*
* consider key check success on Crypt Cb
*/
err = MP_OKAY;
#else

4
wolfcrypt/src/error.c
View File

@ -563,6 +563,10 @@ const char* wc_GetErrorString(int error)
case PROTOCOLCB_UNAVAILABLE:
return "Protocol callback unavailable";
case NO_VALID_DEVID:
return "No valid device ID set";
default:
return "unknown error number";

30
wolfcrypt/src/rsa.c
View File

@ -2259,6 +2259,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
return ret;
}
#else
#ifndef WOLF_CRYPTO_CB_ONLY_RSA
static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
@ -2611,6 +2612,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
return ret;
#endif /* WOLFSSL_SP_MATH */
}
#endif /* WOLF_CRYPTO_CB_ONLY_RSA */
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA)
@ -2896,13 +2898,23 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng);
#ifndef WOLF_CRYPTO_CB_ONLY_RSA
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
#else
return ret;
#endif
}
#ifdef WOLF_CRYPTO_CB_ONLY_RSA
else {
return NO_VALID_DEVID;
}
#endif
#endif
#ifndef WOLF_CRYPTO_CB_ONLY_RSA
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#ifndef WOLFSSL_RSA_VERIFY_ONLY
@ -2994,8 +3006,10 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
key->state = RSA_STATE_NONE;
wc_RsaCleanup(key);
}
return ret;
#else
(void)rng;
#endif /* WOLF_CRYPTO_CB_ONLY_RSA */
}
@ -4441,12 +4455,23 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
err = wc_CryptoCb_MakeRsaKey(key, size, e, rng);
#ifndef WOLF_CRYPTO_CB_ONLY_RSA
if (err != CRYPTOCB_UNAVAILABLE)
goto out;
/* fall-through when unavailable */
#else
goto out;
#endif
}
#ifdef WOLF_CRYPTO_CB_ONLY_RSA
else {
err = NO_VALID_DEVID;
goto out;
}
#endif
#endif
#ifndef WOLF_CRYPTO_CB_ONLY_RSA
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(WC_ASYNC_ENABLE_RSA_KEYGEN)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
@ -4703,7 +4728,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#endif
err = 0;
#endif /* WOLF_CRYPTO_CB_ONLY_RSA */
out:
#ifdef WOLFSSL_SMALL_STACK
@ -4720,6 +4745,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#endif
return err;
#else
return NOT_COMPILED_IN;
#endif

499
wolfcrypt/test/test.c
View File

@ -36,7 +36,7 @@
#define HAVE_WOLFCRYPT_TEST_OPTIONS
#endif
#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
#if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
#include <wolfssl/ssl.h>
#define err_sys err_sys_remap /* remap err_sys */
#include <wolfssl/test.h>
@ -467,7 +467,8 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* skip for ATECC508/608A, cannot import private key buffers */
WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void);
#endif
@ -1158,7 +1159,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
TEST_PASS("CAMELLIA test passed!\n");
#endif
#ifndef NO_RSA
#if !defined(NO_RSA)
#ifdef WC_RSA_NO_PADDING
if ( (ret = rsa_no_pad_test()) != 0)
return err_sys("RSA NOPAD test failed!\n", ret);
@ -1229,7 +1230,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
#endif
#ifdef HAVE_ECC
#if defined(HAVE_ECC)
PRIVATE_KEY_UNLOCK();
if ( (ret = ecc_test()) != 0)
return err_sys("ECC test failed!\n", ret);
@ -1245,7 +1246,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* skip for ATECC508/608A, cannot import private key buffers */
if ( (ret = ecc_test_buffers()) != 0)
return err_sys("ECC buffer test failed!\n", ret);
@ -1581,8 +1583,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
/* helper to save DER, convert to PEM and save PEM */
#if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
(!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))))
(!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) \
&& !defined(WOLF_CRYPTO_CB_ONLY_ECC)
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB)
#else
@ -11829,11 +11832,13 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
#endif
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
#if defined(HAVE_PKCS8) && !defined(WC_NO_RNG)
#if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
#endif
#endif /* HAVE_ECC_KEY_EXPORT */
@ -12691,7 +12696,11 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
if (ret != 0)
#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
/* async may not require RNG */
#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
if (ret != NO_VALID_DEVID)
#else
if (ret != 0 && ret != MISSING_RNG_E)
#endif
#elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
/* FIPS140 implementation does not do blinding */
if (ret != 0)
@ -12740,7 +12749,9 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
if (ret != SIG_TYPE_E)
return -7666;
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
return 0;
#endif
/* Use APIs. */
ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
if (ret != modLen)
@ -13184,7 +13195,8 @@ done:
#if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
/* Need to create known good signatures to test with this. */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLF_CRYPTO_CB_ONLY_RSA)
static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
{
byte digest[WC_MAX_DIGEST_SIZE];
@ -14579,7 +14591,8 @@ exit_rsa:
#if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
!defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
&& !defined(WOLF_CRYPTO_CB_ONLY_RSA)
static int rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
{
int ret = 0;
@ -15099,7 +15112,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WC_NO_RNG)
!defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
@ -15217,7 +15230,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
defined(WOLFSSL_PUBLIC_MP))
defined(WOLFSSL_PUBLIC_MP)) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
idx = (word32)ret;
XMEMSET(plain, 0, plainSz);
do {
@ -15265,7 +15278,8 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
#if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
&& !defined(WOLF_CRYPTO_CB_ONLY_RSA)
ret = rsa_oaep_padding_test(key, &rng);
if (ret != 0)
return ret;
@ -15514,7 +15528,8 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
/* Need to create known good signatures to test with this. */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLF_CRYPTO_CB_ONLY_RSA)
ret = rsa_pss_test(&rng, key);
if (ret != 0)
goto exit_rsa;
@ -20449,6 +20464,7 @@ typedef struct eccVector {
#endif
} eccVector;
#if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_test_vector_item(const eccVector* vector)
{
int ret = 0, verify = 0;
@ -20797,6 +20813,7 @@ static int ecc_test_vector(int keySize)
return 0;
}
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
static int ecc_test_deterministic_k(WC_RNG* rng)
@ -21255,7 +21272,8 @@ static int ecc_test_make_pub(WC_RNG* rng)
byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key[1];
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ecc_key pub[1];
#endif
byte exportBuf[ECC_BUFSIZE];
@ -21386,7 +21404,8 @@ static int ecc_test_make_pub(WC_RNG* rng)
#endif
#if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
(defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
(defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
tmpSz = ECC_BUFSIZE;
ret = 0;
do {
@ -21460,6 +21479,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
}
#endif /* WOLFSSL_QNX_CAAM */
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
/* make public key for shared secret */
wc_ecc_init_ex(pub, HEAP_HINT, devId);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
@ -21497,7 +21517,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
}
TEST_SLEEP();
#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
ret = 0;
done:
@ -21524,7 +21544,8 @@ done:
return ret;
}
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
!defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_test_key_decode(WC_RNG* rng, int keySize)
{
int ret;
@ -21605,7 +21626,8 @@ static int ecc_test_key_decode(WC_RNG* rng, int keySize)
#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
#endif /* HAVE_ECC_KEY_IMPORT */
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
!defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_test_key_gen(WC_RNG* rng, int keySize)
{
int ret = 0;
@ -21800,6 +21822,12 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
if (ret == NO_VALID_DEVID) {
ret = 0;
goto done; /* no software case */
}
#endif
if (ret == ECC_CURVE_OID_E)
goto done; /* catch case, where curve is not supported */
@ -22158,6 +22186,7 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
return ret;
}
}
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
#ifdef HAVE_ECC_VECTOR_TEST
ret = ecc_test_vector(keySize);
@ -22193,14 +22222,14 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
}
}
#endif
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
return 0;
}
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_NO_MALLOC)
!defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_point_test(void)
{
int ret;
@ -22443,7 +22472,7 @@ done:
}
#endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
#ifndef NO_SIG_WRAPPER
#if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
{
int ret;
@ -22495,7 +22524,8 @@ static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
}
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_exp_imp_test(ecc_key* key)
{
@ -22626,7 +22656,7 @@ done:
#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
!defined(WOLFSSL_CRYPTOCELL)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_mulmod_test(ecc_key* key1)
{
int ret;
@ -22690,7 +22720,8 @@ done:
}
#endif
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
{
int ret;
@ -22769,7 +22800,7 @@ static int ecc_def_curve_test(WC_RNG *rng)
ret = -10091;
goto done;
}
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
#ifndef WC_NO_RNG
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
#if defined(WOLFSSL_ASYNC_CRYPT)
@ -22786,7 +22817,8 @@ static int ecc_def_curve_test(WC_RNG *rng)
#endif
TEST_SLEEP();
#if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL)
#if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
@ -22832,7 +22864,10 @@ static int ecc_def_curve_test(WC_RNG *rng)
goto done;
#endif
#endif
#else
(void)rng;
(void)idx;
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
done:
wc_ecc_free(key);
@ -23398,7 +23433,8 @@ exit:
}
#endif /* WOLFSSL_CERT_GEN */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
static int ecc_test_allocator(WC_RNG* rng)
{
@ -24064,7 +24100,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_NO_MALLOC)
!defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
ret = ecc_point_test();
if (ret < 0) {
goto done;
@ -24147,7 +24183,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
}
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL)
!defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ret = ecc_test_make_pub(&rng);
if (ret != 0) {
printf("ecc_test_make_pub failed!: %d\n", ret);
@ -24163,7 +24200,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
goto done;
}
#endif
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ret = ecc_test_allocator(&rng);
if (ret != 0) {
printf("ecc_test_allocator failed!: %d\n", ret);
@ -24807,7 +24845,8 @@ done:
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
{
size_t bytes;
@ -38332,9 +38371,321 @@ WOLFSSL_TEST_SUBROUTINE int blob_test(void)
/* Example custom context for crypto callback */
typedef struct {
int exampleVar; /* example, not used */
int exampleVar; /* flag for testing if only crypt is enabled. */
} myCryptoDevCtx;
#ifdef WOLF_CRYPTO_CB_ONLY_RSA
/* Testing rsa cb when CB_ONLY_RSA is enabled
* When CB_ONLY_RSA is enabled, software imple. is not available.
*
* ctx callback ctx
* returen 0 on success, otherwise return -8000 - -8007
*/
static int rsa_onlycb_test(myCryptoDevCtx *ctx)
{
int ret = 0;
#if !defined(NO_RSA)
#ifdef WOLFSSL_SMALL_STACK
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
RsaKey key[1];
#endif
size_t bytes;
const word32 inLen = (word32)TEST_STRING_SZ;
word32 idx = 0;
word32 sigSz;
WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
byte out[RSA_TEST_BYTES];
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
!defined(NO_FILESYSTEM)
XFILE file;
#endif
#ifdef USE_CERT_BUFFERS_1024
bytes = (size_t)sizeof_client_key_der_1024;
if (bytes < (size_t)sizeof_client_cert_der_1024)
bytes = (size_t)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
bytes = (size_t)sizeof_client_key_der_2048;
if (bytes < (size_t)sizeof_client_cert_der_2048)
bytes = (size_t)sizeof_client_cert_der_2048;
#elif defined(USE_CERT_BUFFERS_3072)
bytes = (size_t)sizeof_client_key_der_3072;
if (bytes < (size_t)sizeof_client_cert_der_3072)
bytes = (size_t)sizeof_client_cert_der_3072;
#elif defined(USE_CERT_BUFFERS_4096)
bytes = (size_t)sizeof_client_key_der_4096;
if (bytes < (size_t)sizeof_client_cert_der_4096)
bytes = (size_t)sizeof_client_cert_der_4096;
#else
bytes = FOURK_BUF;
#endif
#ifdef WOLFSSL_SMALL_STACK
byte* tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
ERROR_OUT(-8000, exit_onlycb);
#else
byte tmp[bytes];
#endif
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (!file) {
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", -40);
ERROR_OUT(-8001, exit_onlycb);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
#endif
#ifdef WOLFSSL_KEY_GEN
WC_RNG rng;
/* wc_CryptoCb_MakeRsaKey cb test, no actual making key
* wc_MakeRsaKey() -> rsa cb ->
* myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID)
* wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success)
*/
ctx->exampleVar = 99;
ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
if (ret != 0) {
ERROR_OUT(-8002, exit_onlycb);
}
/* wc_MakeRsaKey() -> rsa cb ->
* myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID)
* wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure)
*/
ctx->exampleVar = 1;
ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
if (ret != NO_VALID_DEVID) {
ERROR_OUT(-8003, exit_onlycb);
} else
/* reset return code */
ret = 0;
#endif
ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
if (ret != 0) {
ERROR_OUT(-8004, exit_onlycb);
}
ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
if (ret != 0) {
ERROR_OUT(-8005, exit_onlycb);
}
sigSz = (word32)wc_RsaEncryptSize(key);
/* wc_CryptoCb_Rsa cb test, no actual rsa operation */
if (ret == 0) {
/* wc_SignatureGenerate() -> rsa cb ->
* myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID)
* wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success)
*/
ctx->exampleVar = 99;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, &sigSz, key, sizeof(*key), NULL);
if (ret != 0) {
ERROR_OUT(-8006, exit_onlycb);
}
}
if (ret == 0) {
/* wc_SignatureGenerate() -> rsa cb ->
* myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID)
* wc_SignatureGenerate(INVALID_DEVID) expects to
* return NO_VALID_DEVID(failure)
*/
ctx->exampleVar = 1;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, &sigSz, key, sizeof(*key), NULL);
if (ret != NO_VALID_DEVID) {
ERROR_OUT(-8007, exit_onlycb);
} else
/* reset return code */
ret = 0;
}
exit_onlycb:
#ifdef WOLFSSL_SMALL_STACK
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
wc_FreeRsaKey(key);
#endif
#endif
return ret;
}
#endif
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
/* Testing rsa cb when CB_ONLY_ECC is enabled
* When CB_ONLY_ECC is enabled, software imple. is not available.
*
* ctx callback ctx
* returen 0 on success, otherwise return -8008 - -8018
*/
static int ecc_onlycb_test(myCryptoDevCtx *ctx)
{
int ret = 0;
#if defined(HAVE_ECC)
#ifdef WOLFSSL_SMALL_STACK
ecc_key* key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte* out = (byte*)XMALLOC(sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key[1];
ecc_key pub[1];
byte out[256];
#endif
WC_RNG rng;
EncryptedInfo encInfo;
int keyFormat = 0;
word32 keyIdx = 0;
byte in[] = "Everyone gets Friday off. ecc p";
word32 inLen = (word32)XSTRLEN((char*)in);
word32 outLen;
int verify;
#ifdef WOLFSSL_SMALL_STACK
if (key == NULL || pub == NULL) {
ERROR_OUT(-8008, exit_onlycb);
}
#endif
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0) {
ERROR_OUT(-8009, exit_onlycb);
}
/* wc_CryptoCb_MakeEccKey cb test, , no actual testing */
ctx->exampleVar = 99;
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
if (ret != 0) {
ERROR_OUT(-8010, exit_onlycb);
}
ctx->exampleVar = 1;
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
if (ret != NO_VALID_DEVID) {
ERROR_OUT(-8011, exit_onlycb);
} else
/* reset return code */
ret = 0;
#ifdef USE_CERT_BUFFERS_256
if (ret == 0) {
/* load ECC private key and perform private transform */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx,
key, sizeof_ecc_key_der_256);
}
if (ret != 0) {
ERROR_OUT(-8012, exit_onlycb);
}
/* wc_CryptoCb_EccSign cb test, no actual testing */
ctx->exampleVar = 99;
if (ret == 0) {
ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
}
if (ret != 0) {
ERROR_OUT(-8013, exit_onlycb);
}
ctx->exampleVar = 1;
if (ret == 0) {
ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
}
if (ret != NO_VALID_DEVID) {
ERROR_OUT(-8014, exit_onlycb);
}
else
ret = 0;
/* wc_CryptoCb_EccVerify cb test, no actual testing */
ctx->exampleVar = 99;
if (ret == 0) {
ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
}
if (ret != 0) {
ERROR_OUT(-8015, exit_onlycb);
}
ctx->exampleVar = 1;
if (ret == 0) {
ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
}
if (ret != NO_VALID_DEVID) {
ERROR_OUT(-8016, exit_onlycb);
}
else
ret = 0;
/* wc_CryptoCb_Ecdh cb test, no actual testing */
/* make public key for shared secret */
wc_ecc_init_ex(pub, HEAP_HINT, devId);
ctx->exampleVar = 99;
if (ret == 0) {
ret = wc_ecc_shared_secret(key, pub, out, &outLen);
}
if (ret != 0) {
ERROR_OUT(-8017, exit_onlycb);
}
ctx->exampleVar = 1;
if (ret == 0) {
ret = wc_ecc_shared_secret(key, pub, out, &outLen);
}
if (ret != NO_VALID_DEVID) {
ERROR_OUT(-8016, exit_onlycb);
}
else
ret = 0;
#else
(void)verify;
(void)outLen;
(void)inLen;
(void)out;
(void)pub;
#endif
(void)keyFormat;
(void)encInfo;
exit_onlycb:
#if defined(WOLFSSL_SMALL_STACK)
if (key != NULL) {
wc_ecc_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (pub != NULL) {
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (out != NULL) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(key);
#endif
#endif /* HAVE_ECC */
return ret;
}
#endif
/* Example crypto dev callback function that calls software version */
static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
@ -38390,7 +38741,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->pk.type == WC_PK_TYPE_RSA) {
/* set devId to invalid, so software is used */
info->pk.rsa.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.rsa.key->devId = devIdArg;
return 0;
}
#endif
switch (info->pk.rsa.type) {
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
@ -38416,7 +38775,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef WOLFSSL_KEY_GEN
else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
info->pk.rsakg.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.rsakg.key->devId = devIdArg;
return 0;
}
#endif
#ifdef HAVE_FIPS
for (;;) {
#endif
@ -38438,7 +38805,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
/* set devId to invalid, so software is used */
info->pk.eckg.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.eckg.key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
info->pk.eckg.key, info->pk.eckg.curveId);
@ -38448,7 +38823,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
/* set devId to invalid, so software is used */
info->pk.eccsign.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.eccsign.key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_sign_hash(
info->pk.eccsign.in, info->pk.eccsign.inlen,
info->pk.eccsign.out, info->pk.eccsign.outlen,
@ -38460,7 +38843,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
/* set devId to invalid, so software is used */
info->pk.eccverify.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.eccverify.key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_verify_hash(
info->pk.eccverify.sig, info->pk.eccverify.siglen,
info->pk.eccverify.hash, info->pk.eccverify.hashlen,
@ -38472,7 +38863,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
else if (info->pk.type == WC_PK_TYPE_ECDH) {
/* set devId to invalid, so software is used */
info->pk.ecdh.private_key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.ecdh.private_key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_shared_secret(
info->pk.ecdh.private_key, info->pk.ecdh.public_key,
info->pk.ecdh.out, info->pk.ecdh.outlen);
@ -38859,18 +39258,30 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
if (ret == 0)
ret = random_test();
#endif /* WC_NO_RNG */
#ifndef NO_RSA
#if !defined(NO_RSA)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = rsa_test();
PRIVATE_KEY_LOCK();
#endif
#ifdef HAVE_ECC
#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = rsa_onlycb_test(&myCtx);
PRIVATE_KEY_LOCK();
#endif
#if defined(HAVE_ECC)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = ecc_test();
PRIVATE_KEY_LOCK();
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = ecc_onlycb_test(&myCtx);
PRIVATE_KEY_LOCK();
#endif
#ifdef HAVE_ED25519
if (ret == 0)
ret = ed25519_test();

3
wolfssl/wolfcrypt/error-crypt.h
View File

@ -248,8 +248,9 @@ enum {
FIPS_PRIVATE_KEY_LOCKED_E = -287, /* Cannot export private key. */
PROTOCOLCB_UNAVAILABLE = -288, /* Protocol callback unavailable */
AES_SIV_AUTH_E = -289, /* AES-SIV authentication failed */
NO_VALID_DEVID = -290, /* no valid device ID */
WC_LAST_E = -289, /* Update this to indicate last error */
WC_LAST_E = -290, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes

1
wolfssl/wolfcrypt/types.h
View File

@ -1080,7 +1080,6 @@ decouple library dependencies with standard string, memory and so on.
/* invalid device id */
#define INVALID_DEVID (-2)
/* AESNI requires alignment and ARMASM gains some performance from it
* Xilinx RSA operations require alignment */
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \