From 9c24731e3c9034496127146924b10057d736cba4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 15 Jun 2021 16:07:23 -0700 Subject: [PATCH 1/5] Added SHA2-384/512 crypto callback support. --- wolfcrypt/src/cryptocb.c | 66 ++++++++++++++++++++++++++++++++++ wolfcrypt/src/sha512.c | 45 ++++++++++++++++++++++- wolfcrypt/test/test.c | 69 ++++++++++++++++++++++++++++++++---- wolfssl/wolfcrypt/cryptocb.h | 38 ++++++++++++++++++-- wolfssl/wolfcrypt/sha512.h | 5 ++- 5 files changed, 213 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index e15706108..0cc8537e5 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -628,6 +628,72 @@ int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in, } #endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 +int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in, + word32 inSz, byte* digest) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + /* locate registered callback */ + if (sha384) { + dev = wc_CryptoCb_FindDevice(sha384->devId); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = WC_HASH_TYPE_SHA384; + cryptoInfo.hash.sha384 = sha384; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA512 +int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in, + word32 inSz, byte* digest) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + /* locate registered callback */ + if (sha512) { + dev = wc_CryptoCb_FindDevice(sha512->devId); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = WC_HASH_TYPE_SHA512; + cryptoInfo.hash.sha512 = sha512; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SHA512 */ + #ifndef NO_HMAC int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 48744e661..3615f2309 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -45,6 +45,10 @@ #include #include +#ifdef WOLF_CRYPTO_CB + #include +#endif + /* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */ #if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512) #define USE_SLOW_SHA512 @@ -429,6 +433,10 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) #ifdef WOLFSSL_SMALL_STACK_CACHE sha512->W = NULL; #endif +#ifdef WOLF_CRYPTO_CB + sha512->devId = devId; + sha512->devCtx = NULL; +#endif ret = InitSha512(sha512); if (ret != 0) @@ -734,6 +742,14 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (sha512->devId != INVALID_DEVID) { + int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { #if defined(HAVE_INTEL_QA) @@ -877,7 +893,14 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash) if (sha512 == NULL || hash == NULL) { return BAD_FUNC_ARG; } - +#ifdef WOLF_CRYPTO_CB + if (sha512->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { #if defined(HAVE_INTEL_QA) @@ -1032,6 +1055,14 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (sha384->devId != INVALID_DEVID) { + int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { #if defined(HAVE_INTEL_QA) @@ -1073,6 +1104,14 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (sha384->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { #if defined(HAVE_INTEL_QA) @@ -1103,6 +1142,10 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) #ifdef WOLFSSL_SMALL_STACK_CACHE sha384->W = NULL; #endif +#ifdef WOLF_CRYPTO_CB + sha384->devId = devId; + sha384->devCtx = NULL; +#endif ret = InitSha384(sha384); if (ret != 0) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 515c33a35..fd6dd0701 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -36960,7 +36960,8 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif /* !NO_DES3 */ #endif /* !NO_AES || !NO_DES3 */ } -#if !defined(NO_SHA) || !defined(NO_SHA256) +#if !defined(NO_SHA) || !defined(NO_SHA256) || \ + defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) else if (info->algo_type == WC_ALGO_TYPE_HASH) { #if !defined(NO_SHA) if (info->hash.type == WC_HASH_TYPE_SHA) { @@ -37011,6 +37012,56 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->hash.sha256->devId = devIdArg; } else + #endif + #ifdef WOLFSSL_SHA384 + if (info->hash.type == WC_HASH_TYPE_SHA384) { + if (info->hash.sha384 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha384->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha384Update( + info->hash.sha384, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha384Final( + info->hash.sha384, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha384->devId = devIdArg; + } + else + #endif + #ifdef WOLFSSL_SHA512 + if (info->hash.type == WC_HASH_TYPE_SHA512) { + if (info->hash.sha512 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha512->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha512Update( + info->hash.sha512, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha512Final( + info->hash.sha512, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha512->devId = devIdArg; + } + else #endif { } @@ -37085,15 +37136,21 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) if (ret == 0) ret = des3_test(); #endif /* !NO_DES3 */ -#if !defined(NO_SHA) || !defined(NO_SHA256) - #ifndef NO_SHA +#ifndef NO_SHA if (ret == 0) ret = sha_test(); - #endif - #ifndef NO_SHA256 +#endif +#ifndef NO_SHA256 if (ret == 0) ret = sha256_test(); - #endif +#endif +#ifdef WOLFSSL_SHA384 + if (ret == 0) + ret = sha384_test(); +#endif +#ifdef WOLFSSL_SHA512 + if (ret == 0) + ret = sha512_test(); #endif #ifndef NO_HMAC #ifndef NO_SHA diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 15c7f876e..57dc5b8bb 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -62,7 +62,15 @@ #ifdef WOLFSSL_CMAC #include #endif - +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_CURVE25519 + #include +#endif +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + #include +#endif /* Crypto Information Structure for callbacks */ typedef struct wc_CryptoInfo { @@ -130,6 +138,16 @@ typedef struct wc_CryptoInfo { word32 pubKeySz; } ecc_check; #endif + #ifdef HAVE_CURVE25519 + struct { + curve25519_key* key; + } curve25519; + #endif + #ifdef HAVE_ED25519 + struct { + ed25519_key* key; + } ed25519; + #endif }; } pk; #endif /* !NO_RSA || HAVE_ECC */ @@ -183,7 +201,8 @@ typedef struct wc_CryptoInfo { }; } cipher; #endif /* !NO_AES || !NO_DES3 */ -#if !defined(NO_SHA) || !defined(NO_SHA256) +#if !defined(NO_SHA) || !defined(NO_SHA256) || \ + defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) struct { int type; /* enum wc_HashType */ const byte* in; @@ -196,6 +215,12 @@ typedef struct wc_CryptoInfo { #ifndef NO_SHA256 wc_Sha256* sha256; #endif + #ifdef WOLFSSL_SHA384 + wc_Sha384* sha384; + #endif + #ifdef WOLFSSL_SHA512 + wc_Sha512* sha512; + #endif }; } hash; #endif /* !NO_SHA || !NO_SHA256 */ @@ -313,6 +338,15 @@ WOLFSSL_LOCAL int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in, WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in, word32 inSz, byte* digest); #endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 +WOLFSSL_LOCAL int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in, + word32 inSz, byte* digest); +#endif +#ifdef WOLFSSL_SHA512 +WOLFSSL_LOCAL int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in, + word32 inSz, byte* digest); +#endif + #ifndef NO_HMAC WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest); diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 620643b3d..81da52ebb 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -152,7 +152,10 @@ struct wc_Sha512 { #if defined(WOLFSSL_SILABS_SE_ACCEL) wc_silabs_sha_t silabsCtx; #endif - +#ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; /* generic crypto callback context */ +#endif #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) word32 flags; /* enum wc_HashFlags in hash.h */ #endif From 15d761a0c28e876ca49d270241a40ceb5d280c4d Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 16 Jun 2021 10:16:04 -0700 Subject: [PATCH 2/5] Added ED25519 and Curve25519 crypto callback support. --- wolfcrypt/src/cryptocb.c | 149 +++++++++++++++++++++++++++++++++ wolfcrypt/src/curve25519.c | 51 +++++++++-- wolfcrypt/src/ed25519.c | 81 ++++++++++++++---- wolfcrypt/test/test.c | 71 ++++++++++++++++ wolfssl/wolfcrypt/cryptocb.h | 55 +++++++++++- wolfssl/wolfcrypt/curve25519.h | 5 ++ wolfssl/wolfcrypt/ed25519.h | 14 ++++ wolfssl/wolfcrypt/types.h | 7 +- 8 files changed, 404 insertions(+), 29 deletions(-) diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 0cc8537e5..24021a5e8 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -344,6 +344,155 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, } #endif /* HAVE_ECC */ +#ifdef HAVE_CURVE25519 +int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, + curve25519_key* key) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_CURVE25519_KEYGEN; + cryptoInfo.pk.curve25519kg.rng = rng; + cryptoInfo.pk.curve25519kg.size = keySize; + cryptoInfo.pk.curve25519kg.key = key; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Curve25519(curve25519_key* private_key, + curve25519_key* public_key, byte* out, word32* outlen, int endian) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (private_key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(private_key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_CURVE25519; + cryptoInfo.pk.curve25519.private_key = private_key; + cryptoInfo.pk.curve25519.public_key = public_key; + cryptoInfo.pk.curve25519.out = out; + cryptoInfo.pk.curve25519.outlen = outlen; + cryptoInfo.pk.curve25519.endian = endian; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* HAVE_CURVE25519 */ + +#ifdef HAVE_ED25519 +int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize, + ed25519_key* key) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ED25519_KEYGEN; + cryptoInfo.pk.ed25519kg.rng = rng; + cryptoInfo.pk.ed25519kg.size = keySize; + cryptoInfo.pk.ed25519kg.key = key; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key, byte type, + const byte* context, byte contextLen) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ED25519_SIGN; + cryptoInfo.pk.ed25519sign.in = in; + cryptoInfo.pk.ed25519sign.inLen = inLen; + cryptoInfo.pk.ed25519sign.out = out; + cryptoInfo.pk.ed25519sign.outLen = outLen; + cryptoInfo.pk.ed25519sign.key = key; + cryptoInfo.pk.ed25519sign.type = type; + cryptoInfo.pk.ed25519sign.context = context; + cryptoInfo.pk.ed25519sign.contextLen = contextLen; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, + const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type, + const byte* context, byte contextLen) +{ + int ret = CRYPTOCB_UNAVAILABLE; + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ED25519_VERIFY; + cryptoInfo.pk.ed25519verify.sig = sig; + cryptoInfo.pk.ed25519verify.sigLen = sigLen; + cryptoInfo.pk.ed25519verify.msg = msg; + cryptoInfo.pk.ed25519verify.msgLen = msgLen; + cryptoInfo.pk.ed25519verify.res = res; + cryptoInfo.pk.ed25519verify.key = key; + cryptoInfo.pk.ed25519verify.type = type; + cryptoInfo.pk.ed25519verify.context = context; + cryptoInfo.pk.ed25519verify.contextLen = contextLen; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* HAVE_ED25519 */ + #ifndef NO_AES #ifdef HAVE_AESGCM int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out, diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 265aea482..07f1696b2 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -44,6 +44,10 @@ #include #endif +#ifdef WOLF_CRYPTO_CB + #include +#endif + const curve25519_set_type curve25519_sets[] = { { CURVE25519_KEYSIZE, @@ -190,6 +194,15 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) if (key == NULL || rng == NULL) return BAD_FUNC_ARG; +#ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Curve25519Gen(rng, keysize, key); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + ret = wc_curve25519_make_priv(rng, keysize, key->k.point); if (ret < 0) return ret; @@ -211,22 +224,34 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen, int endian) { - #ifdef FREESCALE_LTC_ECC - ECPoint o = {{0}}; - #else - unsigned char o[CURVE25519_KEYSIZE]; - #endif +#ifdef FREESCALE_LTC_ECC + ECPoint o = {{0}}; +#else + unsigned char o[CURVE25519_KEYSIZE]; +#endif int ret = 0; /* sanity check */ if (private_key == NULL || public_key == NULL || - out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) + out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) { return BAD_FUNC_ARG; + } /* avoid implementation fingerprinting */ if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F) return ECC_BAD_ARG_E; + +#ifdef WOLF_CRYPTO_CB + if (private_key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Curve25519(private_key, public_key, out, outlen, + endian); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + #ifdef FREESCALE_LTC_ECC /* input point P on Curve25519 */ ret = nxp_ltc_curve25519(&o, private_key->k.point, &public_key->p, @@ -576,8 +601,7 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ - -int wc_curve25519_init(curve25519_key* key) +int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { if (key == NULL) return BAD_FUNC_ARG; @@ -587,6 +611,13 @@ int wc_curve25519_init(curve25519_key* key) /* currently the format for curve25519 */ key->dp = &curve25519_sets[0]; +#ifdef WOLF_CRYPTO_CB + key->devId = devId; +#else + (void)devId; +#endif + (void)heap; /* if needed for XMALLOC/XFREE in future */ + #ifndef FREESCALE_LTC_ECC fe_init(); #endif @@ -594,6 +625,10 @@ int wc_curve25519_init(curve25519_key* key) return 0; } +int wc_curve25519_init(curve25519_key* key) +{ + return wc_curve25519_init_ex(key, NULL, INVALID_DEVID); +} /* Clean the memory of a key */ void wc_curve25519_free(curve25519_key* key) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index f8928871f..cc5ef2c60 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -45,6 +45,10 @@ #include #endif +#ifdef WOLF_CRYPTO_CB + #include +#endif + #if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_VERIFY) #define ED25519CTX_SIZE 32 @@ -102,6 +106,15 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) if (keySz != ED25519_KEY_SIZE) return BAD_FUNC_ARG; +#ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Ed25519Gen(rng, keySz, key); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + ret = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE); if (ret != 0) return ret; @@ -134,7 +147,7 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) contextLen length of extra signing data return 0 on success */ -static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, +int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context, byte contextLen) { @@ -154,6 +167,17 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, (context == NULL && contextLen != 0)) { return BAD_FUNC_ARG; } + +#ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type, + context, contextLen); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + if (!key->pubKeySet) return BAD_FUNC_ARG; @@ -263,7 +287,8 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out, int wc_ed25519_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key) { - return ed25519_sign_msg(in, inLen, out, outLen, key, (byte)Ed25519, NULL, 0); + return wc_ed25519_sign_msg_ex(in, inLen, out, outLen, key, (byte)Ed25519, + NULL, 0); } /* @@ -281,8 +306,8 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_sign_msg(in, inLen, out, outLen, key, Ed25519ctx, context, - contextLen); + return wc_ed25519_sign_msg_ex(in, inLen, out, outLen, key, Ed25519ctx, + context, contextLen); } /* @@ -300,8 +325,8 @@ int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out, word32 *outLen, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_sign_msg(hash, hashLen, out, outLen, key, Ed25519ph, context, - contextLen); + return wc_ed25519_sign_msg_ex(hash, hashLen, out, outLen, key, Ed25519ph, + context, contextLen); } /* @@ -326,8 +351,8 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, if (ret != 0) return ret; - return wc_ed25519ph_sign_hash(hash, sizeof(hash), out, outLen, key, context, - contextLen); + return wc_ed25519_sign_msg_ex(hash, sizeof(hash), out, outLen, key, + Ed25519ph, context, contextLen); } #endif /* HAVE_ED25519_SIGN */ @@ -342,7 +367,7 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, key Ed25519 public key return 0 and res of 1 on success */ -static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, +int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type, const byte* context, byte contextLen) { @@ -368,6 +393,16 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, if (sigLen != ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224)) return BAD_FUNC_ARG; +#ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key, + type, context, contextLen); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif + /* uncompress A (public key), test if valid, and negate it */ #ifndef FREESCALE_LTC_ECC if (ge_frombytes_negate_vartime(&A, key->p) != 0) @@ -439,8 +474,8 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, ed25519_key* key) { - return ed25519_verify_msg(sig, sigLen, msg, msgLen, res, key, (byte)Ed25519, - NULL, 0); + return wc_ed25519_verify_msg_ex(sig, sigLen, msg, msgLen, res, key, + (byte)Ed25519, NULL, 0); } /* @@ -458,8 +493,8 @@ int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_verify_msg(sig, sigLen, msg, msgLen, res, key, Ed25519ctx, - context, contextLen); + return wc_ed25519_verify_msg_ex(sig, sigLen, msg, msgLen, res, key, + Ed25519ctx, context, contextLen); } /* @@ -477,8 +512,8 @@ int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash, word32 hashLen, int* res, ed25519_key* key, const byte* context, byte contextLen) { - return ed25519_verify_msg(sig, sigLen, hash, hashLen, res, key, Ed25519ph, - context, contextLen); + return wc_ed25519_verify_msg_ex(sig, sigLen, hash, hashLen, res, key, + Ed25519ph, context, contextLen); } /* @@ -503,19 +538,25 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, if (ret != 0) return ret; - return wc_ed25519ph_verify_hash(sig, sigLen, hash, sizeof(hash), res, key, - context, contextLen); + return wc_ed25519_verify_msg_ex(sig, sigLen, hash, sizeof(hash), res, key, + Ed25519ph, context, contextLen); } #endif /* HAVE_ED25519_VERIFY */ /* initialize information and memory for key */ -int wc_ed25519_init(ed25519_key* key) +int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) { if (key == NULL) return BAD_FUNC_ARG; XMEMSET(key, 0, sizeof(ed25519_key)); +#ifdef WOLF_CRYPTO_CB + key->devId = devId; +#else + (void)devId; +#endif + (void)heap; /* if needed for XMALLOC/XFREE in future */ #ifndef FREESCALE_LTC_ECC fe_init(); @@ -524,6 +565,10 @@ int wc_ed25519_init(ed25519_key* key) return 0; } +int wc_ed25519_init(ed25519_key* key) +{ + return wc_ed25519_init_ex(key, NULL, INVALID_DEVID); +} /* clear memory of key */ void wc_ed25519_free(ed25519_key* key) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index fd6dd0701..f3f3325c4 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -36853,6 +36853,69 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->pk.ecdh.private_key->devId = devIdArg; } #endif /* HAVE_ECC */ + #ifdef HAVE_CURVE25519 + if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.curve25519kg.key->devId = INVALID_DEVID; + + ret = wc_curve25519_make_key(info->pk.curve25519kg.rng, + info->pk.curve25519kg.size, info->pk.curve25519kg.key); + + /* reset devId */ + info->pk.curve25519kg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_CURVE25519) { + /* set devId to invalid, so software is used */ + info->pk.curve25519.private_key->devId = INVALID_DEVID; + + ret = wc_curve25519_shared_secret_ex( + info->pk.curve25519.private_key, info->pk.curve25519.public_key, + info->pk.curve25519.out, info->pk.curve25519.outlen, + info->pk.curve25519.endian); + + /* reset devId */ + info->pk.curve25519.private_key->devId = devIdArg; + } + #endif /* HAVE_CURVE25519 */ + #ifdef HAVE_ED25519 + if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.ed25519kg.key->devId = INVALID_DEVID; + + ret = wc_ed25519_make_key(info->pk.ed25519kg.rng, + info->pk.ed25519kg.size, info->pk.ed25519kg.key); + + /* reset devId */ + info->pk.ed25519kg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.ed25519sign.key->devId = INVALID_DEVID; + + ret = wc_ed25519_sign_msg_ex( + info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, + info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, + info->pk.ed25519sign.key, info->pk.ed25519sign.type, + info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen); + + /* reset devId */ + info->pk.ed25519sign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.ed25519verify.key->devId = INVALID_DEVID; + + ret = wc_ed25519_verify_msg_ex( + info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen, + info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen, + info->pk.ed25519verify.res, info->pk.ed25519verify.key, + info->pk.ed25519verify.type, info->pk.ed25519verify.context, + info->pk.ed25519verify.contextLen); + + /* reset devId */ + info->pk.ed25519verify.key->devId = devIdArg; + } + #endif /* HAVE_ED25519 */ } else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #if !defined(NO_AES) || !defined(NO_DES3) @@ -37122,6 +37185,14 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) if (ret == 0) ret = ecc_test(); #endif +#ifdef HAVE_ED25519 + if (ret == 0) + ret = ed25519_test(); +#endif +#ifdef HAVE_CURVE25519 + if (ret == 0) + ret = curve25519_test(); +#endif #ifndef NO_AES #ifdef HAVE_AESGCM if (ret == 0) diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 57dc5b8bb..7b1753381 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -140,13 +140,47 @@ typedef struct wc_CryptoInfo { #endif #ifdef HAVE_CURVE25519 struct { + WC_RNG* rng; + int size; curve25519_key* key; + int curveId; + } curve25519kg; + struct { + curve25519_key* private_key; + curve25519_key* public_key; + byte* out; + word32* outlen; + int endian; } curve25519; #endif #ifdef HAVE_ED25519 struct { + WC_RNG* rng; + int size; ed25519_key* key; - } ed25519; + int curveId; + } ed25519kg; + struct { + const byte* in; + word32 inLen; + byte* out; + word32* outLen; + ed25519_key* key; + byte type; + const byte* context; + byte contextLen; + } ed25519sign; + struct { + const byte* sig; + word32 sigLen; + const byte* msg; + word32 msgLen; + int* res; + ed25519_key* key; + byte type; + const byte* context; + byte contextLen; + } ed25519verify; #endif }; } pk; @@ -303,6 +337,25 @@ WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, word32 pubKeySz); #endif /* HAVE_ECC */ +#ifdef HAVE_CURVE25519 +WOLFSSL_LOCAL int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, + curve25519_key* key); + +WOLFSSL_LOCAL int wc_CryptoCb_Curve25519(curve25519_key* private_key, + curve25519_key* public_key, byte* out, word32* outlen, int endian); +#endif /* HAVE_CURVE25519 */ + +#ifdef HAVE_ED25519 +WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize, + ed25519_key* key); +WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, + byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context, + byte contextLen); +WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, + const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type, + const byte* context, byte contextLen); +#endif /* HAVE_ED25519 */ + #ifndef NO_AES #ifdef HAVE_AESGCM WOLFSSL_LOCAL int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out, diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 8abffa2e8..3646667e0 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -79,6 +79,9 @@ typedef struct curve25519_key { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif +#if defined(WOLF_CRYPTO_CB) + int devId; +#endif } curve25519_key; enum { @@ -113,6 +116,8 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, WOLFSSL_API int wc_curve25519_init(curve25519_key* key); +WOLFSSL_API +int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); WOLFSSL_API void wc_curve25519_free(curve25519_key* key); diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 2efe4eed2..728992363 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -87,6 +87,9 @@ struct ed25519_key { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif +#if defined(WOLF_CRYPTO_CB) + int devId; +#endif }; @@ -111,6 +114,10 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, const byte* context, byte contextLen); WOLFSSL_API +int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key, byte type, + const byte* context, byte contextLen); +WOLFSSL_API int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* stat, ed25519_key* key); WOLFSSL_API @@ -126,8 +133,15 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* stat, ed25519_key* key, const byte* context, byte contextLen); WOLFSSL_API +int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* res, ed25519_key* key, + byte type, const byte* context, byte contextLen); + +WOLFSSL_API int wc_ed25519_init(ed25519_key* key); WOLFSSL_API +int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); +WOLFSSL_API void wc_ed25519_free(ed25519_key* key); WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 827a8bd60..de5c0e186 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -883,7 +883,7 @@ decouple library dependencies with standard string, memory and so on. WC_PK_TYPE_ECDH = 3, WC_PK_TYPE_ECDSA_SIGN = 4, WC_PK_TYPE_ECDSA_VERIFY = 5, - WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_ED25519_SIGN = 6, WC_PK_TYPE_CURVE25519 = 7, WC_PK_TYPE_RSA_KEYGEN = 8, WC_PK_TYPE_EC_KEYGEN = 9, @@ -891,7 +891,10 @@ decouple library dependencies with standard string, memory and so on. WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11, WC_PK_TYPE_ED448 = 12, WC_PK_TYPE_CURVE448 = 13, - WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE448 + WC_PK_TYPE_ED25519_VERIFY = 14, + WC_PK_TYPE_ED25519_KEYGEN = 15, + WC_PK_TYPE_CURVE25519_KEYGEN = 16, + WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519_KEYGEN }; From 0fc9c33f840411e1c1204e7a06186af58c26b013 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 16 Jun 2021 13:15:06 -0700 Subject: [PATCH 3/5] Wire up Ed25519 SHA512 to use devId. --- wolfcrypt/src/ed25519.c | 50 ++++++++++++++++++++++++++++++++--------- 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index cc5ef2c60..817bc9d29 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -56,6 +56,32 @@ static const byte ed25519Ctx[ED25519CTX_SIZE+1] = "SigEd25519 no Ed25519 collisions"; #endif +static int ed25519_hash(ed25519_key* key, const byte* in, word32 inLen, + byte* hash) +{ + int ret; + wc_Sha512 sha; + int devId = INVALID_DEVID; + + if (key == NULL || (in == NULL && inLen > 0) || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLF_CRYPTO_CB + devId = key->devId; +#endif + + ret = wc_InitSha512_ex(&sha, NULL, devId); + if (ret == 0) { + ret = wc_Sha512Update(&sha, in, inLen); + if (ret == 0) + ret = wc_Sha512Final(&sha, hash); + wc_Sha512Free(&sha); + } + + return ret; +} + int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, word32 pubKeySz) { @@ -69,7 +95,7 @@ int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, ret = BAD_FUNC_ARG; if (ret == 0) - ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az); if (ret == 0) { /* apply clamp */ az[0] &= 248; @@ -153,6 +179,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, { #ifdef FREESCALE_LTC_ECC byte tempBuf[ED25519_PRV_KEY_SIZE]; + ltc_pkha_ecc_point_t ltcPoint = {0}; #else ge_p3 R; #endif @@ -161,6 +188,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, byte az[ED25519_PRV_KEY_SIZE]; wc_Sha512 sha; int ret; + int devId = INVALID_DEVID; /* sanity check on arguments */ if (in == NULL || out == NULL || outLen == NULL || key == NULL || @@ -169,7 +197,8 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, } #ifdef WOLF_CRYPTO_CB - if (key->devId != INVALID_DEVID) { + devId = key->devId; + if (devId != INVALID_DEVID) { ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type, context, contextLen); if (ret != CRYPTOCB_UNAVAILABLE) @@ -190,7 +219,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, /* step 1: create nonce to use where nonce is r in r = H(h_b, ... ,h_2b-1,M) */ - ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az); if (ret != 0) return ret; @@ -199,7 +228,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ az[31] |= 64; - ret = wc_InitSha512(&sha); + ret = wc_InitSha512_ex(&sha, NULL, devId); if (ret != 0) return ret; if (type == Ed25519ctx || type == Ed25519ph) { @@ -222,7 +251,6 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, return ret; #ifdef FREESCALE_LTC_ECC - ltc_pkha_ecc_point_t ltcPoint = {0}; ltcPoint.X = &tempBuf[0]; ltcPoint.Y = &tempBuf[32]; LTC_PKHA_sc_reduce(nonce); @@ -240,7 +268,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, /* step 3: hash R + public key + message getting H(R,A,M) then creating S = (r + H(R,A,M)a) mod l */ - ret = wc_InitSha512(&sha); + ret = wc_InitSha512_ex(&sha, NULL, devId); if (ret != 0) return ret; if (type == Ed25519ctx || type == Ed25519ph) { @@ -347,7 +375,7 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, int ret; byte hash[WC_SHA512_DIGEST_SIZE]; - ret = wc_Sha512Hash(in, inLen, hash); + ret = ed25519_hash(key, in, inLen, hash); if (ret != 0) return ret; @@ -378,6 +406,7 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, ge_p2 R; #endif int ret; + int devId = INVALID_DEVID; wc_Sha512 sha; /* sanity check on arguments */ @@ -394,7 +423,8 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, return BAD_FUNC_ARG; #ifdef WOLF_CRYPTO_CB - if (key->devId != INVALID_DEVID) { + devId = key->devId; + if (devId != INVALID_DEVID) { ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key, type, context, contextLen); if (ret != CRYPTOCB_UNAVAILABLE) @@ -410,7 +440,7 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, #endif /* find H(R,A,M) and store it as h */ - ret = wc_InitSha512(&sha); + ret = wc_InitSha512_ex(&sha, NULL, devId); if (ret != 0) return ret; if (type == Ed25519ctx || type == Ed25519ph) { @@ -534,7 +564,7 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, int ret; byte hash[WC_SHA512_DIGEST_SIZE]; - ret = wc_Sha512Hash(msg, msgLen, hash); + ret = ed25519_hash(key, msg, msgLen, hash); if (ret != 0) return ret; From 98147de422beff33ad3e84994fabf5750ac9c96d Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 16 Jun 2021 16:44:28 -0700 Subject: [PATCH 4/5] Fix for wolfCrypt test not calling init for ed25519 tests. --- wolfcrypt/test/test.c | 180 ++++++++++++++++++++++-------------------- 1 file changed, 94 insertions(+), 86 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f3f3325c4..a339c5488 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -24284,29 +24284,35 @@ static int curve25519_overflow_test(void) #endif }; + int ret = 0; int i; word32 y; byte shared[32]; curve25519_key userA; - wc_curve25519_init(&userA); + wc_curve25519_init_ex(&userA, HEAP_HINT, devId); for (i = 0; i < X25519_TEST_CNT; i++) { if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i], - sizeof(pb[i]), &userA) != 0) - return -10500 - i; + sizeof(pb[i]), &userA) != 0) { + ret = -10500 - i; break; + } /* test against known test vector */ XMEMSET(shared, 0, sizeof(shared)); y = sizeof(shared); - if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) - return -10510 - i; + if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) { + ret = -10510 - i; break; + } - if (XMEMCMP(ss[i], shared, y)) - return -10520 - i; + if (XMEMCMP(ss[i], shared, y)) { + ret = -10520 - i; break; + } } - return 0; + wc_curve25519_free(&userA); + + return ret; } /* Test the wc_curve25519_check_public API. @@ -24498,9 +24504,9 @@ WOLFSSL_TEST_SUBROUTINE int curve25519_test(void) if (ret != 0) return -10700; - wc_curve25519_init(&userA); - wc_curve25519_init(&userB); - wc_curve25519_init(&pubKey); + wc_curve25519_init_ex(&userA, HEAP_HINT, devId); + wc_curve25519_init_ex(&userB, HEAP_HINT, devId); + wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId); /* make curve25519 keys */ if (wc_curve25519_make_key(&rng, 32, &userA) != 0) @@ -24799,10 +24805,11 @@ done: defined(HAVE_ED25519_KEY_IMPORT) static int ed25519ctx_test(void) { + int ret; byte out[ED25519_SIG_SIZE]; word32 outlen; #ifdef HAVE_ED25519_VERIFY - int verify; + int verify = 0; #endif /* HAVE_ED25519_VERIFY */ ed25519_key key; @@ -24854,50 +24861,55 @@ static int ed25519ctx_test(void) outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, - sizeof(pKeyCtx), &key) != 0) - return -10800; + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return 10800; - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, - contextCtx, sizeof(contextCtx)) != 0) - return -10801; - - if (XMEMCMP(out, sigCtx1, 64)) - return -10802; + ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, + sizeof(pKeyCtx), &key); + if (ret == 0) + ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + contextCtx, sizeof(contextCtx)); + if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0) + ret = -10801; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, contextCtx, sizeof(contextCtx)) != 0 || - verify != 1) - return -10803; + if (ret == 0) + ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), + &verify, &key, contextCtx, sizeof(contextCtx)); + if (ret == 0 && verify != 1) + ret = -10802; #endif - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL, - 0) != 0) - return -10804; + if (ret == 0) + ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + NULL, 0); - if (XMEMCMP(out, sigCtx2, 64)) - return -10805; + if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0) + ret = -10803; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, NULL, 0) != 0 || verify != 1) - return -10806; + if (ret == 0) + ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = -10804; #endif wc_ed25519_free(&key); - return 0; + return ret; } static int ed25519ph_test(void) { + int ret; byte out[ED25519_SIG_SIZE]; word32 outlen; #ifdef HAVE_ED25519_VERIFY - int verify; + int verify = 0; #endif /* HAVE_ED25519_VERIFY */ ed25519_key key; @@ -24960,75 +24972,71 @@ static int ed25519ph_test(void) outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, - sizeof(pKeyPh), &key) != 0) { + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) return -10900; - } - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10901; - } + ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, + sizeof(pKeyPh), &key); + if (ret == 0) + ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + NULL, 0); - if (XMEMCMP(out, sigPh1, 64)) - return -10902; + if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0) + ret = -10901; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10903; - } + if (ret == 0) + ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = -10902; #endif - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10904; - } + if (ret == 0) + ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); - if (XMEMCMP(out, sigPh2, 64)) - return -10905; + if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0) + ret = -10903; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10906; - } + if (ret == 0) + ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, + &key, contextPh2, sizeof(contextPh2)); + if (ret == 0 && verify != 1) + ret = -10904; #endif - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10907; - } + if (ret == 0) + ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + NULL, 0); - if (XMEMCMP(out, sigPh1, 64)) - return -10908; + if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0) + ret = -10905; #if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10909; - } + if (ret == 0) + ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = -10906; #endif - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10910; - } - - if (XMEMCMP(out, sigPh2, 64)) - return -10911; + if (ret == 0) + ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); + if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0) + ret = -10907; #if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10912; - } + if (ret == 0) + ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, contextPh2, sizeof(contextPh2)); + if (ret == 0 && verify != 1) + ret = -10908; #endif wc_ed25519_free(&key); @@ -25422,10 +25430,10 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void) if (ret != 0) return -11000; - wc_ed25519_init(&key); - wc_ed25519_init(&key2); + wc_ed25519_init_ex(&key, HEAP_HINT, devId); + wc_ed25519_init_ex(&key2, HEAP_HINT, devId); #ifndef NO_ASN - wc_ed25519_init(&key3); + wc_ed25519_init_ex(&key3, HEAP_HINT, devId); #endif wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); From 5440b6c63cb0a73126f3d4719c37a3d831ab7069 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 17 Jun 2021 08:25:50 -0700 Subject: [PATCH 5/5] Fix for intel asm SHA512 where `HAVE_INTEL_AVX1` or `HAVE_INTEL_AVX2` is defined, but `USE_INTEL_SPEEDUP` is not. Fix for scan-build error with test.c ret not used. --- wolfcrypt/src/sha512.c | 40 ++++++++++++++++++++++++++-------------- wolfcrypt/test/test.c | 4 ++-- 2 files changed, 28 insertions(+), 16 deletions(-) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 3615f2309..0ee9e52f6 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -242,7 +242,8 @@ static int InitSha512(wc_Sha512* sha512) #endif /* WOLFSSL_SHA512 */ /* Hardware Acceleration */ -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) #ifdef WOLFSSL_SHA512 @@ -442,7 +443,8 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) if (ret != 0) return ret; -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) Sha512_SetTransform(); #endif @@ -631,7 +633,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) { #if defined(LITTLE_ENDIAN_ORDER) - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif { @@ -661,7 +664,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le } } -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (Transform_Sha512_Len_p != NULL) { word32 blocksLen = len & ~(WC_SHA512_BLOCK_SIZE-1); @@ -675,7 +679,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le } else #endif -#if !defined(LITTLE_ENDIAN_ORDER) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))) { while (len >= WC_SHA512_BLOCK_SIZE) { XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE); @@ -683,7 +688,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le data += WC_SHA512_BLOCK_SIZE; len -= WC_SHA512_BLOCK_SIZE; - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) { ByteReverseWords64(sha512->buffer, sha512->buffer, @@ -781,7 +787,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen); sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen; #if defined(LITTLE_ENDIAN_ORDER) - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif { @@ -819,7 +826,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) /* store lengths */ #if defined(LITTLE_ENDIAN_ORDER) - #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) + #if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ @@ -835,7 +843,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen; #endif -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags)) ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), @@ -966,19 +975,21 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #endif return BAD_FUNC_ARG; } -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) Sha512_SetTransform(); #endif #if defined(LITTLE_ENDIAN_ORDER) -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) #endif { ByteReverseWords64((word64*)data, (word64*)data, WC_SHA512_BLOCK_SIZE); } -#endif +#endif /* !LITTLE_ENDIAN_ORDER */ XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE); XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE); @@ -991,7 +1002,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #endif return ret; } -#endif +#endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_SHA512 */ /* -------------------------------------------------------------------------- */ @@ -1151,7 +1162,8 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) if (ret != 0) return ret; -#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) +#if defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) Sha512_SetTransform(); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a339c5488..65428e25c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -24905,7 +24905,7 @@ static int ed25519ctx_test(void) static int ed25519ph_test(void) { - int ret; + int ret = 0; byte out[ED25519_SIG_SIZE]; word32 outlen; #ifdef HAVE_ED25519_VERIFY @@ -25041,7 +25041,7 @@ static int ed25519ph_test(void) wc_ed25519_free(&key); - return 0; + return ret; } #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */