diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index e15706108..24021a5e8 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -344,6 +344,155 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, } #endif /* HAVE_ECC */ +#ifdef HAVE_CURVE25519 +int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, + curve25519_key* key) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_CURVE25519_KEYGEN; + cryptoInfo.pk.curve25519kg.rng = rng; + cryptoInfo.pk.curve25519kg.size = keySize; + cryptoInfo.pk.curve25519kg.key = key; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Curve25519(curve25519_key* private_key, + curve25519_key* public_key, byte* out, word32* outlen, int endian) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (private_key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(private_key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_CURVE25519; + cryptoInfo.pk.curve25519.private_key = private_key; + cryptoInfo.pk.curve25519.public_key = public_key; + cryptoInfo.pk.curve25519.out = out; + cryptoInfo.pk.curve25519.outlen = outlen; + cryptoInfo.pk.curve25519.endian = endian; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* HAVE_CURVE25519 */ + +#ifdef HAVE_ED25519 +int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize, + ed25519_key* key) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ED25519_KEYGEN; + cryptoInfo.pk.ed25519kg.rng = rng; + cryptoInfo.pk.ed25519kg.size = keySize; + cryptoInfo.pk.ed25519kg.key = key; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key, byte type, + const byte* context, byte contextLen) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ED25519_SIGN; + cryptoInfo.pk.ed25519sign.in = in; + cryptoInfo.pk.ed25519sign.inLen = inLen; + cryptoInfo.pk.ed25519sign.out = out; + cryptoInfo.pk.ed25519sign.outLen = outLen; + cryptoInfo.pk.ed25519sign.key = key; + cryptoInfo.pk.ed25519sign.type = type; + cryptoInfo.pk.ed25519sign.context = context; + cryptoInfo.pk.ed25519sign.contextLen = contextLen; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, + const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type, + const byte* context, byte contextLen) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ED25519_VERIFY; + cryptoInfo.pk.ed25519verify.sig = sig; + cryptoInfo.pk.ed25519verify.sigLen = sigLen; + cryptoInfo.pk.ed25519verify.msg = msg; + cryptoInfo.pk.ed25519verify.msgLen = msgLen; + cryptoInfo.pk.ed25519verify.res = res; + cryptoInfo.pk.ed25519verify.key = key; + cryptoInfo.pk.ed25519verify.type = type; + cryptoInfo.pk.ed25519verify.context = context; + cryptoInfo.pk.ed25519verify.contextLen = contextLen; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* HAVE_ED25519 */ + #ifndef NO_AES #ifdef HAVE_AESGCM int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out, @@ -628,6 +777,72 @@ int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in, } #endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 +int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in, + word32 inSz, byte* digest) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + /* locate registered callback */ + if (sha384) { + dev = wc_CryptoCb_FindDevice(sha384->devId); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = WC_HASH_TYPE_SHA384; + cryptoInfo.hash.sha384 = sha384; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA512 +int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in, + word32 inSz, byte* digest) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + /* locate registered callback */ + if (sha512) { + dev = wc_CryptoCb_FindDevice(sha512->devId); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = WC_HASH_TYPE_SHA512; + cryptoInfo.hash.sha512 = sha512; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SHA512 */ + #ifndef NO_HMAC int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest) diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 265aea482..07f1696b2 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -44,6 +44,10 @@ #include #endif +#ifdef WOLF_CRYPTO_CB + #include +#endif + const curve25519_set_type curve25519_sets[] = { { CURVE25519_KEYSIZE, @@ -190,6 +194,15 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) if (key == NULL || rng == NULL) return BAD_FUNC_ARG; +#ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Curve25519Gen(rng, keysize, key); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + ret = wc_curve25519_make_priv(rng, keysize, key->k.point); if (ret < 0) return ret; @@ -211,22 +224,34 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen, int endian) { - #ifdef FREESCALE_LTC_ECC - ECPoint o = {{0}}; - #else - unsigned char o[CURVE25519_KEYSIZE]; - #endif +#ifdef FREESCALE_LTC_ECC + ECPoint o = {{0}}; +#else + unsigned char o[CURVE25519_KEYSIZE]; +#endif int ret = 0; /* sanity check */ if (private_key == NULL || public_key == NULL || - out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) + out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) { return BAD_FUNC_ARG; + } /* avoid implementation fingerprinting */ if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F) return ECC_BAD_ARG_E; + +#ifdef WOLF_CRYPTO_CB + if (private_key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Curve25519(private_key, public_key, out, outlen, + endian); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + #ifdef FREESCALE_LTC_ECC /* input point P on Curve25519 */ ret = nxp_ltc_curve25519(&o, private_key->k.point, &public_key->p, @@ -576,8 +601,7 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ - -int wc_curve25519_init(curve25519_key* key) +int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { if (key == NULL) return BAD_FUNC_ARG; @@ -587,6 +611,13 @@ int wc_curve25519_init(curve25519_key* key) /* currently the format for curve25519 */ key->dp = &curve25519_sets[0]; +#ifdef WOLF_CRYPTO_CB + key->devId = devId; +#else + (void)devId; +#endif + (void)heap; /* if needed for XMALLOC/XFREE in future */ + #ifndef FREESCALE_LTC_ECC fe_init(); #endif @@ -594,6 +625,10 @@ int wc_curve25519_init(curve25519_key* key) return 0; } +int wc_curve25519_init(curve25519_key* key) +{ + return wc_curve25519_init_ex(key, NULL, INVALID_DEVID); +} /* Clean the memory of a key */ void wc_curve25519_free(curve25519_key* key) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index f8928871f..817bc9d29 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -45,6 +45,10 @@ #include #endif +#ifdef WOLF_CRYPTO_CB + #include +#endif + #if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_VERIFY) #define ED25519CTX_SIZE 32 @@ -52,6 +56,32 @@ static const byte ed25519Ctx[ED25519CTX_SIZE+1] = "SigEd25519 no Ed25519 collisions"; #endif +static int ed25519_hash(ed25519_key* key, const byte* in, word32 inLen, + byte* hash) +{ + int ret; + wc_Sha512 sha; + int devId = INVALID_DEVID; + + if (key == NULL || (in == NULL && inLen > 0) || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLF_CRYPTO_CB + devId = key->devId; +#endif + + ret = wc_InitSha512_ex(&sha, NULL, devId); + if (ret == 0) { + ret = wc_Sha512Update(&sha, in, inLen); + if (ret == 0) + ret = wc_Sha512Final(&sha, hash); + wc_Sha512Free(&sha); + } + + return ret; +} + int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, word32 pubKeySz) { @@ -65,7 +95,7 @@ int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, ret = BAD_FUNC_ARG; if (ret == 0) - ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az); if (ret == 0) { /* apply clamp */ az[0] &= 248; @@ -102,6 +132,15 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) if (keySz != ED25519_KEY_SIZE) return BAD_FUNC_ARG; +#ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Ed25519Gen(rng, keySz, key); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + ret = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE); if (ret != 0) return ret; @@ -134,12 +173,13 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) contextLen length of extra signing data return 0 on success */ -static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, +int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context, byte contextLen) { #ifdef FREESCALE_LTC_ECC byte tempBuf[ED25519_PRV_KEY_SIZE]; + ltc_pkha_ecc_point_t ltcPoint = {0}; #else ge_p3 R; #endif @@ -148,12 +188,25 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, byte az[ED25519_PRV_KEY_SIZE]; wc_Sha512 sha; int ret; + int devId = INVALID_DEVID; /* sanity check on arguments */ if (in == NULL || out == NULL || outLen == NULL || key == NULL || (context == NULL && contextLen != 0)) { return BAD_FUNC_ARG; } + +#ifdef WOLF_CRYPTO_CB + devId = key->devId; + if (devId != INVALID_DEVID) { + ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type, + context, contextLen); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + if (!key->pubKeySet) return BAD_FUNC_ARG; @@ -166,7 +219,7 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, /* step 1: create nonce to use where nonce is r in r = H(h_b, ... ,h_2b-1,M) */ - ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az); if (ret != 0) return ret; @@ -175,7 +228,7 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ az[31] |= 64; - ret = wc_InitSha512(&sha); + ret = wc_InitSha512_ex(&sha, NULL, devId); if (ret != 0) return ret; if (type == Ed25519ctx || type == Ed25519ph) { @@ -198,7 +251,6 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, return ret; #ifdef FREESCALE_LTC_ECC - ltc_pkha_ecc_point_t ltcPoint = {0}; ltcPoint.X = &tempBuf[0]; ltcPoint.Y = &tempBuf[32]; LTC_PKHA_sc_reduce(nonce); @@ -216,7 +268,7 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, /* step 3: hash R + public key + message getting H(R,A,M) then creating S = (r + H(R,A,M)a) mod l */ - ret = wc_InitSha512(&sha); + ret = wc_InitSha512_ex(&sha, NULL, devId); if (ret != 0) return ret; if (type == Ed25519ctx || type == Ed25519ph) { @@ -263,7 +315,8 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, int wc_ed25519_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key) { - return ed25519_sign_msg(in, inLen, out, outLen, key, (byte)Ed25519, NULL, 0); + return wc_ed25519_sign_msg_ex(in, inLen, out, outLen, key, (byte)Ed25519, + NULL, 0); } /* @@ -281,8 +334,8 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_sign_msg(in, inLen, out, outLen, key, Ed25519ctx, context, - contextLen); + return wc_ed25519_sign_msg_ex(in, inLen, out, outLen, key, Ed25519ctx, + context, contextLen); } /* @@ -300,8 +353,8 @@ int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out, word32 *outLen, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_sign_msg(hash, hashLen, out, outLen, key, Ed25519ph, context, - contextLen); + return wc_ed25519_sign_msg_ex(hash, hashLen, out, outLen, key, Ed25519ph, + context, contextLen); } /* @@ -322,12 +375,12 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, int ret; byte hash[WC_SHA512_DIGEST_SIZE]; - ret = wc_Sha512Hash(in, inLen, hash); + ret = ed25519_hash(key, in, inLen, hash); if (ret != 0) return ret; - return wc_ed25519ph_sign_hash(hash, sizeof(hash), out, outLen, key, context, - contextLen); + return wc_ed25519_sign_msg_ex(hash, sizeof(hash), out, outLen, key, + Ed25519ph, context, contextLen); } #endif /* HAVE_ED25519_SIGN */ @@ -342,7 +395,7 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, key Ed25519 public key return 0 and res of 1 on success */ -static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, +int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type, const byte* context, byte contextLen) { @@ -353,6 +406,7 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, ge_p2 R; #endif int ret; + int devId = INVALID_DEVID; wc_Sha512 sha; /* sanity check on arguments */ @@ -368,6 +422,17 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, if (sigLen != ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224)) return BAD_FUNC_ARG; +#ifdef WOLF_CRYPTO_CB + devId = key->devId; + if (devId != INVALID_DEVID) { + ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key, + type, context, contextLen); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + /* uncompress A (public key), test if valid, and negate it */ #ifndef FREESCALE_LTC_ECC if (ge_frombytes_negate_vartime(&A, key->p) != 0) @@ -375,7 +440,7 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, #endif /* find H(R,A,M) and store it as h */ - ret = wc_InitSha512(&sha); + ret = wc_InitSha512_ex(&sha, NULL, devId); if (ret != 0) return ret; if (type == Ed25519ctx || type == Ed25519ph) { @@ -439,8 +504,8 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, ed25519_key* key) { - return ed25519_verify_msg(sig, sigLen, msg, msgLen, res, key, (byte)Ed25519, - NULL, 0); + return wc_ed25519_verify_msg_ex(sig, sigLen, msg, msgLen, res, key, + (byte)Ed25519, NULL, 0); } /* @@ -458,8 +523,8 @@ int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_verify_msg(sig, sigLen, msg, msgLen, res, key, Ed25519ctx, - context, contextLen); + return wc_ed25519_verify_msg_ex(sig, sigLen, msg, msgLen, res, key, + Ed25519ctx, context, contextLen); } /* @@ -477,8 +542,8 @@ int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash, word32 hashLen, int* res, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_verify_msg(sig, sigLen, hash, hashLen, res, key, Ed25519ph, - context, contextLen); + return wc_ed25519_verify_msg_ex(sig, sigLen, hash, hashLen, res, key, + Ed25519ph, context, contextLen); } /* @@ -499,23 +564,29 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, int ret; byte hash[WC_SHA512_DIGEST_SIZE]; - ret = wc_Sha512Hash(msg, msgLen, hash); + ret = ed25519_hash(key, msg, msgLen, hash); if (ret != 0) return ret; - return wc_ed25519ph_verify_hash(sig, sigLen, hash, sizeof(hash), res, key, - context, contextLen); + return wc_ed25519_verify_msg_ex(sig, sigLen, hash, sizeof(hash), res, key, + Ed25519ph, context, contextLen); } #endif /* HAVE_ED25519_VERIFY */ /* initialize information and memory for key */ -int wc_ed25519_init(ed25519_key* key) +int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) { if (key == NULL) return BAD_FUNC_ARG; XMEMSET(key, 0, sizeof(ed25519_key)); +#ifdef WOLF_CRYPTO_CB + key->devId = devId; +#else + (void)devId; +#endif + (void)heap; /* if needed for XMALLOC/XFREE in future */ #ifndef FREESCALE_LTC_ECC fe_init(); @@ -524,6 +595,10 @@ int wc_ed25519_init(ed25519_key* key) return 0; } +int wc_ed25519_init(ed25519_key* key) +{ + return wc_ed25519_init_ex(key, NULL, INVALID_DEVID); +} /* clear memory of key */ void wc_ed25519_free(ed25519_key* key) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 48744e661..0ee9e52f6 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -45,6 +45,10 @@ #include #include +#ifdef WOLF_CRYPTO_CB + #include +#endif + /* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */ #if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512) #define USE_SLOW_SHA512 @@ -238,7 +242,8 @@ static int InitSha512(wc_Sha512* sha512) #endif /* WOLFSSL_SHA512 */ /* Hardware Acceleration */ -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) #ifdef WOLFSSL_SHA512 @@ -429,12 +434,17 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) #ifdef WOLFSSL_SMALL_STACK_CACHE sha512->W = NULL; #endif +#ifdef WOLF_CRYPTO_CB + sha512->devId = devId; + sha512->devCtx = NULL; +#endif ret = InitSha512(sha512); if (ret != 0) return ret; -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) Sha512_SetTransform(); #endif @@ -623,7 +633,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) { #if defined(LITTLE_ENDIAN_ORDER) - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif { @@ -653,7 +664,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le } } -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (Transform_Sha512_Len_p != NULL) { word32 blocksLen = len & ~(WC_SHA512_BLOCK_SIZE-1); @@ -667,7 +679,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le } else #endif -#if !defined(LITTLE_ENDIAN_ORDER) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))) { while (len >= WC_SHA512_BLOCK_SIZE) { XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE); @@ -675,7 +688,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le data += WC_SHA512_BLOCK_SIZE; len -= WC_SHA512_BLOCK_SIZE; - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) { ByteReverseWords64(sha512->buffer, sha512->buffer, @@ -734,6 +748,14 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (sha512->devId != INVALID_DEVID) { + int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { #if defined(HAVE_INTEL_QA) @@ -765,7 +787,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen); sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen; #if defined(LITTLE_ENDIAN_ORDER) - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif { @@ -803,7 +826,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) /* store lengths */ #if defined(LITTLE_ENDIAN_ORDER) - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ @@ -819,7 +843,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen; #endif -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags)) ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), @@ -877,7 +902,14 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash) if (sha512 == NULL || hash == NULL) { return BAD_FUNC_ARG; } - +#ifdef WOLF_CRYPTO_CB + if (sha512->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { #if defined(HAVE_INTEL_QA) @@ -943,19 +975,21 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #endif return BAD_FUNC_ARG; } -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) Sha512_SetTransform(); #endif #if defined(LITTLE_ENDIAN_ORDER) -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif { ByteReverseWords64((word64*)data, (word64*)data, WC_SHA512_BLOCK_SIZE); } -#endif +#endif /* !LITTLE_ENDIAN_ORDER */ XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE); XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE); @@ -968,7 +1002,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #endif return ret; } -#endif +#endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_SHA512 */ /* -------------------------------------------------------------------------- */ @@ -1032,6 +1066,14 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (sha384->devId != INVALID_DEVID) { + int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { #if defined(HAVE_INTEL_QA) @@ -1073,6 +1115,14 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (sha384->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { #if defined(HAVE_INTEL_QA) @@ -1103,12 +1153,17 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) #ifdef WOLFSSL_SMALL_STACK_CACHE sha384->W = NULL; #endif +#ifdef WOLF_CRYPTO_CB + sha384->devId = devId; + sha384->devCtx = NULL; +#endif ret = InitSha384(sha384); if (ret != 0) return ret; -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) Sha512_SetTransform(); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 511e66fae..5deaf426d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -24290,29 +24290,35 @@ static int curve25519_overflow_test(void) #endif }; + int ret = 0; int i; word32 y; byte shared[32]; curve25519_key userA; - wc_curve25519_init(&userA); + wc_curve25519_init_ex(&userA, HEAP_HINT, devId); for (i = 0; i < X25519_TEST_CNT; i++) { if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i], - sizeof(pb[i]), &userA) != 0) - return -10500 - i; + sizeof(pb[i]), &userA) != 0) { + ret = -10500 - i; break; + } /* test against known test vector */ XMEMSET(shared, 0, sizeof(shared)); y = sizeof(shared); - if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) - return -10510 - i; + if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) { + ret = -10510 - i; break; + } - if (XMEMCMP(ss[i], shared, y)) - return -10520 - i; + if (XMEMCMP(ss[i], shared, y)) { + ret = -10520 - i; break; + } } - return 0; + wc_curve25519_free(&userA); + + return ret; } /* Test the wc_curve25519_check_public API. @@ -24504,9 +24510,9 @@ WOLFSSL_TEST_SUBROUTINE int curve25519_test(void) if (ret != 0) return -10700; - wc_curve25519_init(&userA); - wc_curve25519_init(&userB); - wc_curve25519_init(&pubKey); + wc_curve25519_init_ex(&userA, HEAP_HINT, devId); + wc_curve25519_init_ex(&userB, HEAP_HINT, devId); + wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId); /* make curve25519 keys */ if (wc_curve25519_make_key(&rng, 32, &userA) != 0) @@ -24805,10 +24811,11 @@ done: defined(HAVE_ED25519_KEY_IMPORT) static int ed25519ctx_test(void) { + int ret; byte out[ED25519_SIG_SIZE]; word32 outlen; #ifdef HAVE_ED25519_VERIFY - int verify; + int verify = 0; #endif /* HAVE_ED25519_VERIFY */ ed25519_key key; @@ -24860,50 +24867,55 @@ static int ed25519ctx_test(void) outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, - sizeof(pKeyCtx), &key) != 0) - return -10800; + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return 10800; - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, - contextCtx, sizeof(contextCtx)) != 0) - return -10801; - - if (XMEMCMP(out, sigCtx1, 64)) - return -10802; + ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, + sizeof(pKeyCtx), &key); + if (ret == 0) + ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + contextCtx, sizeof(contextCtx)); + if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0) + ret = -10801; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, contextCtx, sizeof(contextCtx)) != 0 || - verify != 1) - return -10803; + if (ret == 0) + ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), + &verify, &key, contextCtx, sizeof(contextCtx)); + if (ret == 0 && verify != 1) + ret = -10802; #endif - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL, - 0) != 0) - return -10804; + if (ret == 0) + ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + NULL, 0); - if (XMEMCMP(out, sigCtx2, 64)) - return -10805; + if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0) + ret = -10803; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, NULL, 0) != 0 || verify != 1) - return -10806; + if (ret == 0) + ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = -10804; #endif wc_ed25519_free(&key); - return 0; + return ret; } static int ed25519ph_test(void) { + int ret = 0; byte out[ED25519_SIG_SIZE]; word32 outlen; #ifdef HAVE_ED25519_VERIFY - int verify; + int verify = 0; #endif /* HAVE_ED25519_VERIFY */ ed25519_key key; @@ -24966,80 +24978,76 @@ static int ed25519ph_test(void) outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, - sizeof(pKeyPh), &key) != 0) { + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) return -10900; - } - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10901; - } + ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, + sizeof(pKeyPh), &key); + if (ret == 0) + ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + NULL, 0); - if (XMEMCMP(out, sigPh1, 64)) - return -10902; + if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0) + ret = -10901; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10903; - } + if (ret == 0) + ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = -10902; #endif - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10904; - } + if (ret == 0) + ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); - if (XMEMCMP(out, sigPh2, 64)) - return -10905; + if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0) + ret = -10903; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10906; - } + if (ret == 0) + ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, + &key, contextPh2, sizeof(contextPh2)); + if (ret == 0 && verify != 1) + ret = -10904; #endif - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10907; - } + if (ret == 0) + ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + NULL, 0); - if (XMEMCMP(out, sigPh1, 64)) - return -10908; + if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0) + ret = -10905; #if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10909; - } + if (ret == 0) + ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = -10906; #endif - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10910; - } - - if (XMEMCMP(out, sigPh2, 64)) - return -10911; + if (ret == 0) + ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); + if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0) + ret = -10907; #if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10912; - } + if (ret == 0) + ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, contextPh2, sizeof(contextPh2)); + if (ret == 0 && verify != 1) + ret = -10908; #endif wc_ed25519_free(&key); - return 0; + return ret; } #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ @@ -25428,10 +25436,10 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void) if (ret != 0) return -11000; - wc_ed25519_init(&key); - wc_ed25519_init(&key2); + wc_ed25519_init_ex(&key, HEAP_HINT, devId); + wc_ed25519_init_ex(&key2, HEAP_HINT, devId); #ifndef NO_ASN - wc_ed25519_init(&key3); + wc_ed25519_init_ex(&key3, HEAP_HINT, devId); #endif wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); @@ -36882,6 +36890,69 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->pk.ecdh.private_key->devId = devIdArg; } #endif /* HAVE_ECC */ + #ifdef HAVE_CURVE25519 + if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.curve25519kg.key->devId = INVALID_DEVID; + + ret = wc_curve25519_make_key(info->pk.curve25519kg.rng, + info->pk.curve25519kg.size, info->pk.curve25519kg.key); + + /* reset devId */ + info->pk.curve25519kg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_CURVE25519) { + /* set devId to invalid, so software is used */ + info->pk.curve25519.private_key->devId = INVALID_DEVID; + + ret = wc_curve25519_shared_secret_ex( + info->pk.curve25519.private_key, info->pk.curve25519.public_key, + info->pk.curve25519.out, info->pk.curve25519.outlen, + info->pk.curve25519.endian); + + /* reset devId */ + info->pk.curve25519.private_key->devId = devIdArg; + } + #endif /* HAVE_CURVE25519 */ + #ifdef HAVE_ED25519 + if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.ed25519kg.key->devId = INVALID_DEVID; + + ret = wc_ed25519_make_key(info->pk.ed25519kg.rng, + info->pk.ed25519kg.size, info->pk.ed25519kg.key); + + /* reset devId */ + info->pk.ed25519kg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.ed25519sign.key->devId = INVALID_DEVID; + + ret = wc_ed25519_sign_msg_ex( + info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, + info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, + info->pk.ed25519sign.key, info->pk.ed25519sign.type, + info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen); + + /* reset devId */ + info->pk.ed25519sign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.ed25519verify.key->devId = INVALID_DEVID; + + ret = wc_ed25519_verify_msg_ex( + info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen, + info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen, + info->pk.ed25519verify.res, info->pk.ed25519verify.key, + info->pk.ed25519verify.type, info->pk.ed25519verify.context, + info->pk.ed25519verify.contextLen); + + /* reset devId */ + info->pk.ed25519verify.key->devId = devIdArg; + } + #endif /* HAVE_ED25519 */ } else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #if !defined(NO_AES) || !defined(NO_DES3) @@ -36989,7 +37060,8 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif /* !NO_DES3 */ #endif /* !NO_AES || !NO_DES3 */ } -#if !defined(NO_SHA) || !defined(NO_SHA256) +#if !defined(NO_SHA) || !defined(NO_SHA256) || \ + defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) else if (info->algo_type == WC_ALGO_TYPE_HASH) { #if !defined(NO_SHA) if (info->hash.type == WC_HASH_TYPE_SHA) { @@ -37040,6 +37112,56 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->hash.sha256->devId = devIdArg; } else + #endif + #ifdef WOLFSSL_SHA384 + if (info->hash.type == WC_HASH_TYPE_SHA384) { + if (info->hash.sha384 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha384->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha384Update( + info->hash.sha384, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha384Final( + info->hash.sha384, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha384->devId = devIdArg; + } + else + #endif + #ifdef WOLFSSL_SHA512 + if (info->hash.type == WC_HASH_TYPE_SHA512) { + if (info->hash.sha512 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha512->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha512Update( + info->hash.sha512, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha512Final( + info->hash.sha512, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha512->devId = devIdArg; + } + else #endif { } @@ -37100,6 +37222,14 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) if (ret == 0) ret = ecc_test(); #endif +#ifdef HAVE_ED25519 + if (ret == 0) + ret = ed25519_test(); +#endif +#ifdef HAVE_CURVE25519 + if (ret == 0) + ret = curve25519_test(); +#endif #ifndef NO_AES #ifdef HAVE_AESGCM if (ret == 0) @@ -37114,15 +37244,21 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) if (ret == 0) ret = des3_test(); #endif /* !NO_DES3 */ -#if !defined(NO_SHA) || !defined(NO_SHA256) - #ifndef NO_SHA +#ifndef NO_SHA if (ret == 0) ret = sha_test(); - #endif - #ifndef NO_SHA256 +#endif +#ifndef NO_SHA256 if (ret == 0) ret = sha256_test(); - #endif +#endif +#ifdef WOLFSSL_SHA384 + if (ret == 0) + ret = sha384_test(); +#endif +#ifdef WOLFSSL_SHA512 + if (ret == 0) + ret = sha512_test(); #endif #ifndef NO_HMAC #ifndef NO_SHA diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 15c7f876e..7b1753381 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -62,7 +62,15 @@ #ifdef WOLFSSL_CMAC #include #endif - +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_CURVE25519 + #include +#endif +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + #include +#endif /* Crypto Information Structure for callbacks */ typedef struct wc_CryptoInfo { @@ -130,6 +138,50 @@ typedef struct wc_CryptoInfo { word32 pubKeySz; } ecc_check; #endif + #ifdef HAVE_CURVE25519 + struct { + WC_RNG* rng; + int size; + curve25519_key* key; + int curveId; + } curve25519kg; + struct { + curve25519_key* private_key; + curve25519_key* public_key; + byte* out; + word32* outlen; + int endian; + } curve25519; + #endif + #ifdef HAVE_ED25519 + struct { + WC_RNG* rng; + int size; + ed25519_key* key; + int curveId; + } ed25519kg; + struct { + const byte* in; + word32 inLen; + byte* out; + word32* outLen; + ed25519_key* key; + byte type; + const byte* context; + byte contextLen; + } ed25519sign; + struct { + const byte* sig; + word32 sigLen; + const byte* msg; + word32 msgLen; + int* res; + ed25519_key* key; + byte type; + const byte* context; + byte contextLen; + } ed25519verify; + #endif }; } pk; #endif /* !NO_RSA || HAVE_ECC */ @@ -183,7 +235,8 @@ typedef struct wc_CryptoInfo { }; } cipher; #endif /* !NO_AES || !NO_DES3 */ -#if !defined(NO_SHA) || !defined(NO_SHA256) +#if !defined(NO_SHA) || !defined(NO_SHA256) || \ + defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) struct { int type; /* enum wc_HashType */ const byte* in; @@ -196,6 +249,12 @@ typedef struct wc_CryptoInfo { #ifndef NO_SHA256 wc_Sha256* sha256; #endif + #ifdef WOLFSSL_SHA384 + wc_Sha384* sha384; + #endif + #ifdef WOLFSSL_SHA512 + wc_Sha512* sha512; + #endif }; } hash; #endif /* !NO_SHA || !NO_SHA256 */ @@ -278,6 +337,25 @@ WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, word32 pubKeySz); #endif /* HAVE_ECC */ +#ifdef HAVE_CURVE25519 +WOLFSSL_LOCAL int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, + curve25519_key* key); + +WOLFSSL_LOCAL int wc_CryptoCb_Curve25519(curve25519_key* private_key, + curve25519_key* public_key, byte* out, word32* outlen, int endian); +#endif /* HAVE_CURVE25519 */ + +#ifdef HAVE_ED25519 +WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize, + ed25519_key* key); +WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, + byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context, + byte contextLen); +WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, + const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type, + const byte* context, byte contextLen); +#endif /* HAVE_ED25519 */ + #ifndef NO_AES #ifdef HAVE_AESGCM WOLFSSL_LOCAL int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out, @@ -313,6 +391,15 @@ WOLFSSL_LOCAL int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in, WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in, word32 inSz, byte* digest); #endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 +WOLFSSL_LOCAL int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in, + word32 inSz, byte* digest); +#endif +#ifdef WOLFSSL_SHA512 +WOLFSSL_LOCAL int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in, + word32 inSz, byte* digest); +#endif + #ifndef NO_HMAC WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest); diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 8abffa2e8..3646667e0 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -79,6 +79,9 @@ typedef struct curve25519_key { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif +#if defined(WOLF_CRYPTO_CB) + int devId; +#endif } curve25519_key; enum { @@ -113,6 +116,8 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, WOLFSSL_API int wc_curve25519_init(curve25519_key* key); +WOLFSSL_API +int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); WOLFSSL_API void wc_curve25519_free(curve25519_key* key); diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 2efe4eed2..728992363 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -87,6 +87,9 @@ struct ed25519_key { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif +#if defined(WOLF_CRYPTO_CB) + int devId; +#endif }; @@ -111,6 +114,10 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, const byte* context, byte contextLen); WOLFSSL_API +int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key, byte type, + const byte* context, byte contextLen); +WOLFSSL_API int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* stat, ed25519_key* key); WOLFSSL_API @@ -126,8 +133,15 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* stat, ed25519_key* key, const byte* context, byte contextLen); WOLFSSL_API +int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* res, ed25519_key* key, + byte type, const byte* context, byte contextLen); + +WOLFSSL_API int wc_ed25519_init(ed25519_key* key); WOLFSSL_API +int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); +WOLFSSL_API void wc_ed25519_free(ed25519_key* key); WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 620643b3d..81da52ebb 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -152,7 +152,10 @@ struct wc_Sha512 { #if defined(WOLFSSL_SILABS_SE_ACCEL) wc_silabs_sha_t silabsCtx; #endif - +#ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; /* generic crypto callback context */ +#endif #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) word32 flags; /* enum wc_HashFlags in hash.h */ #endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index d52f5c498..8265b62c6 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -899,7 +899,7 @@ decouple library dependencies with standard string, memory and so on. WC_PK_TYPE_ECDH = 3, WC_PK_TYPE_ECDSA_SIGN = 4, WC_PK_TYPE_ECDSA_VERIFY = 5, - WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_ED25519_SIGN = 6, WC_PK_TYPE_CURVE25519 = 7, WC_PK_TYPE_RSA_KEYGEN = 8, WC_PK_TYPE_EC_KEYGEN = 9, @@ -907,7 +907,10 @@ decouple library dependencies with standard string, memory and so on. WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11, WC_PK_TYPE_ED448 = 12, WC_PK_TYPE_CURVE448 = 13, - WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE448 + WC_PK_TYPE_ED25519_VERIFY = 14, + WC_PK_TYPE_ED25519_KEYGEN = 15, + WC_PK_TYPE_CURVE25519_KEYGEN = 16, + WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519_KEYGEN };