feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4133 from dgarske/crypto_cb_25519

Browse Source 
Adds crypto callback support for Ed/Curve25519 and SHA2-512/384
This commit is contained in:
Sean Parkinson
2021-06-18 09:47:30 +10:00
committed by GitHub
parent 18fc1b7e63 5440b6c63c
commit 2fb80ceb59
10 changed files with 775 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

215
wolfcrypt/src/cryptocb.c
View File

@@ -344,6 +344,155 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
}
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519
int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize,
curve25519_key* key)
{
int ret = CRYPTOCB_UNAVAILABLE;
CryptoCb* dev;
if (key == NULL)
return ret;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId);
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_CURVE25519_KEYGEN;
cryptoInfo.pk.curve25519kg.rng = rng;
cryptoInfo.pk.curve25519kg.size = keySize;
cryptoInfo.pk.curve25519kg.key = key;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
int wc_CryptoCb_Curve25519(curve25519_key* private_key,
curve25519_key* public_key, byte* out, word32* outlen, int endian)
{
int ret = CRYPTOCB_UNAVAILABLE;
CryptoCb* dev;
if (private_key == NULL)
return ret;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(private_key->devId);
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_CURVE25519;
cryptoInfo.pk.curve25519.private_key = private_key;
cryptoInfo.pk.curve25519.public_key = public_key;
cryptoInfo.pk.curve25519.out = out;
cryptoInfo.pk.curve25519.outlen = outlen;
cryptoInfo.pk.curve25519.endian = endian;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* HAVE_CURVE25519 */
#ifdef HAVE_ED25519
int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize,
ed25519_key* key)
{
int ret = CRYPTOCB_UNAVAILABLE;
CryptoCb* dev;
if (key == NULL)
return ret;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId);
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_ED25519_KEYGEN;
cryptoInfo.pk.ed25519kg.rng = rng;
cryptoInfo.pk.ed25519kg.size = keySize;
cryptoInfo.pk.ed25519kg.key = key;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed25519_key* key, byte type,
const byte* context, byte contextLen)
{
int ret = CRYPTOCB_UNAVAILABLE;
CryptoCb* dev;
if (key == NULL)
return ret;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId);
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_ED25519_SIGN;
cryptoInfo.pk.ed25519sign.in = in;
cryptoInfo.pk.ed25519sign.inLen = inLen;
cryptoInfo.pk.ed25519sign.out = out;
cryptoInfo.pk.ed25519sign.outLen = outLen;
cryptoInfo.pk.ed25519sign.key = key;
cryptoInfo.pk.ed25519sign.type = type;
cryptoInfo.pk.ed25519sign.context = context;
cryptoInfo.pk.ed25519sign.contextLen = contextLen;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type,
const byte* context, byte contextLen)
{
int ret = CRYPTOCB_UNAVAILABLE;
CryptoCb* dev;
if (key == NULL)
return ret;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId);
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_ED25519_VERIFY;
cryptoInfo.pk.ed25519verify.sig = sig;
cryptoInfo.pk.ed25519verify.sigLen = sigLen;
cryptoInfo.pk.ed25519verify.msg = msg;
cryptoInfo.pk.ed25519verify.msgLen = msgLen;
cryptoInfo.pk.ed25519verify.res = res;
cryptoInfo.pk.ed25519verify.key = key;
cryptoInfo.pk.ed25519verify.type = type;
cryptoInfo.pk.ed25519verify.context = context;
cryptoInfo.pk.ed25519verify.contextLen = contextLen;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* HAVE_ED25519 */
#ifndef NO_AES
#ifdef HAVE_AESGCM
int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
@@ -628,6 +777,72 @@ int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
}
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
word32 inSz, byte* digest)
{
int ret = CRYPTOCB_UNAVAILABLE;
CryptoCb* dev;
/* locate registered callback */
if (sha384) {
dev = wc_CryptoCb_FindDevice(sha384->devId);
}
else {
/* locate first callback and try using it */
dev = wc_CryptoCb_FindDeviceByIndex(0);
}
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_HASH;
cryptoInfo.hash.type = WC_HASH_TYPE_SHA384;
cryptoInfo.hash.sha384 = sha384;
cryptoInfo.hash.in = in;
cryptoInfo.hash.inSz = inSz;
cryptoInfo.hash.digest = digest;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
word32 inSz, byte* digest)
{
int ret = CRYPTOCB_UNAVAILABLE;
CryptoCb* dev;
/* locate registered callback */
if (sha512) {
dev = wc_CryptoCb_FindDevice(sha512->devId);
}
else {
/* locate first callback and try using it */
dev = wc_CryptoCb_FindDeviceByIndex(0);
}
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_HASH;
cryptoInfo.hash.type = WC_HASH_TYPE_SHA512;
cryptoInfo.hash.sha512 = sha512;
cryptoInfo.hash.in = in;
cryptoInfo.hash.inSz = inSz;
cryptoInfo.hash.digest = digest;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* WOLFSSL_SHA512 */
#ifndef NO_HMAC
int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz,
byte* digest)

51
wolfcrypt/src/curve25519.c
View File

@@ -44,6 +44,10 @@
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
const curve25519_set_type curve25519_sets[] = {
{
CURVE25519_KEYSIZE,
@@ -190,6 +194,15 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
if (key == NULL || rng == NULL)
return BAD_FUNC_ARG;
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Curve25519Gen(rng, keysize, key);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
ret = wc_curve25519_make_priv(rng, keysize, key->k.point);
if (ret < 0)
return ret;
@@ -211,22 +224,34 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
curve25519_key* public_key,
byte* out, word32* outlen, int endian)
{
#ifdef FREESCALE_LTC_ECC
ECPoint o = {{0}};
#else
unsigned char o[CURVE25519_KEYSIZE];
#endif
#ifdef FREESCALE_LTC_ECC
ECPoint o = {{0}};
#else
unsigned char o[CURVE25519_KEYSIZE];
#endif
int ret = 0;
/* sanity check */
if (private_key == NULL || public_key == NULL ||
out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE)
out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) {
return BAD_FUNC_ARG;
}
/* avoid implementation fingerprinting */
if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F)
return ECC_BAD_ARG_E;
#ifdef WOLF_CRYPTO_CB
if (private_key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Curve25519(private_key, public_key, out, outlen,
endian);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
#ifdef FREESCALE_LTC_ECC
/* input point P on Curve25519 */
ret = nxp_ltc_curve25519(&o, private_key->k.point, &public_key->p,
@@ -576,8 +601,7 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
#endif /* HAVE_CURVE25519_KEY_IMPORT */
int wc_curve25519_init(curve25519_key* key)
int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId)
{
if (key == NULL)
return BAD_FUNC_ARG;
@@ -587,6 +611,13 @@ int wc_curve25519_init(curve25519_key* key)
/* currently the format for curve25519 */
key->dp = &curve25519_sets[0];
#ifdef WOLF_CRYPTO_CB
key->devId = devId;
#else
(void)devId;
#endif
(void)heap; /* if needed for XMALLOC/XFREE in future */
#ifndef FREESCALE_LTC_ECC
fe_init();
#endif
@@ -594,6 +625,10 @@ int wc_curve25519_init(curve25519_key* key)
return 0;
}
int wc_curve25519_init(curve25519_key* key)
{
return wc_curve25519_init_ex(key, NULL, INVALID_DEVID);
}
/* Clean the memory of a key */
void wc_curve25519_free(curve25519_key* key)

127
wolfcrypt/src/ed25519.c
View File

@@ -45,6 +45,10 @@
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_VERIFY)
#define ED25519CTX_SIZE 32
@@ -52,6 +56,32 @@ static const byte ed25519Ctx[ED25519CTX_SIZE+1] =
"SigEd25519 no Ed25519 collisions";
#endif
static int ed25519_hash(ed25519_key* key, const byte* in, word32 inLen,
byte* hash)
{
int ret;
wc_Sha512 sha;
int devId = INVALID_DEVID;
if (key == NULL || (in == NULL && inLen > 0) || hash == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
devId = key->devId;
#endif
ret = wc_InitSha512_ex(&sha, NULL, devId);
if (ret == 0) {
ret = wc_Sha512Update(&sha, in, inLen);
if (ret == 0)
ret = wc_Sha512Final(&sha, hash);
wc_Sha512Free(&sha);
}
return ret;
}
int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
word32 pubKeySz)
{
@@ -65,7 +95,7 @@ int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
ret = BAD_FUNC_ARG;
if (ret == 0)
ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az);
if (ret == 0) {
/* apply clamp */
az[0] &= 248;
@@ -102,6 +132,15 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key)
if (keySz != ED25519_KEY_SIZE)
return BAD_FUNC_ARG;
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Ed25519Gen(rng, keySz, key);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
ret = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE);
if (ret != 0)
return ret;
@@ -134,12 +173,13 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key)
contextLen length of extra signing data
return 0 on success
*/
static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed25519_key* key, byte type,
const byte* context, byte contextLen)
{
#ifdef FREESCALE_LTC_ECC
byte tempBuf[ED25519_PRV_KEY_SIZE];
ltc_pkha_ecc_point_t ltcPoint = {0};
#else
ge_p3 R;
#endif
@@ -148,12 +188,25 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
byte az[ED25519_PRV_KEY_SIZE];
wc_Sha512 sha;
int ret;
int devId = INVALID_DEVID;
/* sanity check on arguments */
if (in == NULL || out == NULL || outLen == NULL || key == NULL ||
(context == NULL && contextLen != 0)) {
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
devId = key->devId;
if (devId != INVALID_DEVID) {
ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type,
context, contextLen);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
if (!key->pubKeySet)
return BAD_FUNC_ARG;
@@ -166,7 +219,7 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
/* step 1: create nonce to use where nonce is r in
r = H(h_b, ... ,h_2b-1,M) */
ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az);
if (ret != 0)
return ret;
@@ -175,7 +228,7 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
az[31] |= 64;
ret = wc_InitSha512(&sha);
ret = wc_InitSha512_ex(&sha, NULL, devId);
if (ret != 0)
return ret;
if (type == Ed25519ctx || type == Ed25519ph) {
@@ -198,7 +251,6 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
return ret;
#ifdef FREESCALE_LTC_ECC
ltc_pkha_ecc_point_t ltcPoint = {0};
ltcPoint.X = &tempBuf[0];
ltcPoint.Y = &tempBuf[32];
LTC_PKHA_sc_reduce(nonce);
@@ -216,7 +268,7 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
/* step 3: hash R + public key + message getting H(R,A,M) then
creating S = (r + H(R,A,M)a) mod l */
ret = wc_InitSha512(&sha);
ret = wc_InitSha512_ex(&sha, NULL, devId);
if (ret != 0)
return ret;
if (type == Ed25519ctx || type == Ed25519ph) {
@@ -263,7 +315,8 @@ static int ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
int wc_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed25519_key* key)
{
return ed25519_sign_msg(in, inLen, out, outLen, key, (byte)Ed25519, NULL, 0);
return wc_ed25519_sign_msg_ex(in, inLen, out, outLen, key, (byte)Ed25519,
NULL, 0);
}
/*
@@ -281,8 +334,8 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed25519_key* key,
const byte* context, byte contextLen)
{
return ed25519_sign_msg(in, inLen, out, outLen, key, Ed25519ctx, context,
contextLen);
return wc_ed25519_sign_msg_ex(in, inLen, out, outLen, key, Ed25519ctx,
context, contextLen);
}
/*
@@ -300,8 +353,8 @@ int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
word32 *outLen, ed25519_key* key,
const byte* context, byte contextLen)
{
return ed25519_sign_msg(hash, hashLen, out, outLen, key, Ed25519ph, context,
contextLen);
return wc_ed25519_sign_msg_ex(hash, hashLen, out, outLen, key, Ed25519ph,
context, contextLen);
}
/*
@@ -322,12 +375,12 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out,
int ret;
byte hash[WC_SHA512_DIGEST_SIZE];
ret = wc_Sha512Hash(in, inLen, hash);
ret = ed25519_hash(key, in, inLen, hash);
if (ret != 0)
return ret;
return wc_ed25519ph_sign_hash(hash, sizeof(hash), out, outLen, key, context,
contextLen);
return wc_ed25519_sign_msg_ex(hash, sizeof(hash), out, outLen, key,
Ed25519ph, context, contextLen);
}
#endif /* HAVE_ED25519_SIGN */
@@ -342,7 +395,7 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out,
key Ed25519 public key
return 0 and res of 1 on success
*/
static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, ed25519_key* key,
byte type, const byte* context, byte contextLen)
{
@@ -353,6 +406,7 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
ge_p2 R;
#endif
int ret;
int devId = INVALID_DEVID;
wc_Sha512 sha;
/* sanity check on arguments */
@@ -368,6 +422,17 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
if (sigLen != ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
return BAD_FUNC_ARG;
#ifdef WOLF_CRYPTO_CB
devId = key->devId;
if (devId != INVALID_DEVID) {
ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key,
type, context, contextLen);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
/* uncompress A (public key), test if valid, and negate it */
#ifndef FREESCALE_LTC_ECC
if (ge_frombytes_negate_vartime(&A, key->p) != 0)
@@ -375,7 +440,7 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
#endif
/* find H(R,A,M) and store it as h */
ret = wc_InitSha512(&sha);
ret = wc_InitSha512_ex(&sha, NULL, devId);
if (ret != 0)
return ret;
if (type == Ed25519ctx || type == Ed25519ph) {
@@ -439,8 +504,8 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, ed25519_key* key)
{
return ed25519_verify_msg(sig, sigLen, msg, msgLen, res, key, (byte)Ed25519,
NULL, 0);
return wc_ed25519_verify_msg_ex(sig, sigLen, msg, msgLen, res, key,
(byte)Ed25519, NULL, 0);
}
/*
@@ -458,8 +523,8 @@ int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, ed25519_key* key,
const byte* context, byte contextLen)
{
return ed25519_verify_msg(sig, sigLen, msg, msgLen, res, key, Ed25519ctx,
context, contextLen);
return wc_ed25519_verify_msg_ex(sig, sigLen, msg, msgLen, res, key,
Ed25519ctx, context, contextLen);
}
/*
@@ -477,8 +542,8 @@ int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash,
word32 hashLen, int* res, ed25519_key* key,
const byte* context, byte contextLen)
{
return ed25519_verify_msg(sig, sigLen, hash, hashLen, res, key, Ed25519ph,
context, contextLen);
return wc_ed25519_verify_msg_ex(sig, sigLen, hash, hashLen, res, key,
Ed25519ph, context, contextLen);
}
/*
@@ -499,23 +564,29 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
int ret;
byte hash[WC_SHA512_DIGEST_SIZE];
ret = wc_Sha512Hash(msg, msgLen, hash);
ret = ed25519_hash(key, msg, msgLen, hash);
if (ret != 0)
return ret;
return wc_ed25519ph_verify_hash(sig, sigLen, hash, sizeof(hash), res, key,
context, contextLen);
return wc_ed25519_verify_msg_ex(sig, sigLen, hash, sizeof(hash), res, key,
Ed25519ph, context, contextLen);
}
#endif /* HAVE_ED25519_VERIFY */
/* initialize information and memory for key */
int wc_ed25519_init(ed25519_key* key)
int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId)
{
if (key == NULL)
return BAD_FUNC_ARG;
XMEMSET(key, 0, sizeof(ed25519_key));
#ifdef WOLF_CRYPTO_CB
key->devId = devId;
#else
(void)devId;
#endif
(void)heap; /* if needed for XMALLOC/XFREE in future */
#ifndef FREESCALE_LTC_ECC
fe_init();
@@ -524,6 +595,10 @@ int wc_ed25519_init(ed25519_key* key)
return 0;
}
int wc_ed25519_init(ed25519_key* key)
{
return wc_ed25519_init_ex(key, NULL, INVALID_DEVID);
}
/* clear memory of key */
void wc_ed25519_free(ed25519_key* key)

85
wolfcrypt/src/sha512.c
View File

@@ -45,6 +45,10 @@
#include <wolfssl/wolfcrypt/cpuid.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
/* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */
#if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512)
#define USE_SLOW_SHA512
@@ -238,7 +242,8 @@ static int InitSha512(wc_Sha512* sha512)
#endif /* WOLFSSL_SHA512 */
/* Hardware Acceleration */
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
#ifdef WOLFSSL_SHA512
@@ -429,12 +434,17 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha512->W = NULL;
#endif
#ifdef WOLF_CRYPTO_CB
sha512->devId = devId;
sha512->devCtx = NULL;
#endif
ret = InitSha512(sha512);
if (ret != 0)
return ret;
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
Sha512_SetTransform();
#endif
@@ -623,7 +633,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
#endif
{
@@ -653,7 +664,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
}
}
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
if (Transform_Sha512_Len_p != NULL) {
word32 blocksLen = len & ~(WC_SHA512_BLOCK_SIZE-1);
@@ -667,7 +679,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
}
else
#endif
#if !defined(LITTLE_ENDIAN_ORDER) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
{
while (len >= WC_SHA512_BLOCK_SIZE) {
XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
@@ -675,7 +688,8 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
data += WC_SHA512_BLOCK_SIZE;
len -= WC_SHA512_BLOCK_SIZE;
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
{
ByteReverseWords64(sha512->buffer, sha512->buffer,
@@ -734,6 +748,14 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (sha512->devId != INVALID_DEVID) {
int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
#if defined(HAVE_INTEL_QA)
@@ -765,7 +787,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen;
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
#endif
{
@@ -803,7 +826,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
/* store lengths */
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
#endif
#if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
@@ -819,7 +843,8 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
#endif
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
@@ -877,7 +902,14 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
if (sha512 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (sha512->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
#if defined(HAVE_INTEL_QA)
@@ -943,19 +975,21 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
#endif
return BAD_FUNC_ARG;
}
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
Sha512_SetTransform();
#endif
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
#endif
{
ByteReverseWords64((word64*)data, (word64*)data,
WC_SHA512_BLOCK_SIZE);
}
#endif
#endif /* !LITTLE_ENDIAN_ORDER */
XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE);
XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE);
@@ -968,7 +1002,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
#endif
return ret;
}
#endif
#endif /* OPENSSL_EXTRA */
#endif /* WOLFSSL_SHA512 */
/* -------------------------------------------------------------------------- */
@@ -1032,6 +1066,14 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (sha384->devId != INVALID_DEVID) {
int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
#if defined(HAVE_INTEL_QA)
@@ -1073,6 +1115,14 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (sha384->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
#if defined(HAVE_INTEL_QA)
@@ -1103,12 +1153,17 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha384->W = NULL;
#endif
#ifdef WOLF_CRYPTO_CB
sha384->devId = devId;
sha384->devCtx = NULL;
#endif
ret = InitSha384(sha384);
if (ret != 0)
return ret;
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
#if defined(USE_INTEL_SPEEDUP) && \
(defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
Sha512_SetTransform();
#endif

322
wolfcrypt/test/test.c
View File

@@ -24290,29 +24290,35 @@ static int curve25519_overflow_test(void)
#endif
};
int ret = 0;
int i;
word32 y;
byte shared[32];
curve25519_key userA;
wc_curve25519_init(&userA);
wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
for (i = 0; i < X25519_TEST_CNT; i++) {
if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
sizeof(pb[i]), &userA) != 0)
return -10500 - i;
sizeof(pb[i]), &userA) != 0) {
ret = -10500 - i; break;
}
/* test against known test vector */
XMEMSET(shared, 0, sizeof(shared));
y = sizeof(shared);
if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0)
return -10510 - i;
if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) {
ret = -10510 - i; break;
}
if (XMEMCMP(ss[i], shared, y))
return -10520 - i;
if (XMEMCMP(ss[i], shared, y)) {
ret = -10520 - i; break;
}
}
return 0;
wc_curve25519_free(&userA);
return ret;
}
/* Test the wc_curve25519_check_public API.
@@ -24504,9 +24510,9 @@ WOLFSSL_TEST_SUBROUTINE int curve25519_test(void)
if (ret != 0)
return -10700;
wc_curve25519_init(&userA);
wc_curve25519_init(&userB);
wc_curve25519_init(&pubKey);
wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
/* make curve25519 keys */
if (wc_curve25519_make_key(&rng, 32, &userA) != 0)
@@ -24805,10 +24811,11 @@ done:
defined(HAVE_ED25519_KEY_IMPORT)
static int ed25519ctx_test(void)
{
int ret;
byte out[ED25519_SIG_SIZE];
word32 outlen;
#ifdef HAVE_ED25519_VERIFY
int verify;
int verify = 0;
#endif /* HAVE_ED25519_VERIFY */
ed25519_key key;
@@ -24860,50 +24867,55 @@ static int ed25519ctx_test(void)
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
sizeof(pKeyCtx), &key) != 0)
return -10800;
ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
return 10800;
if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
contextCtx, sizeof(contextCtx)) != 0)
return -10801;
if (XMEMCMP(out, sigCtx1, 64))
return -10802;
ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
sizeof(pKeyCtx), &key);
if (ret == 0)
ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
contextCtx, sizeof(contextCtx));
if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0)
ret = -10801;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify,
&key, contextCtx, sizeof(contextCtx)) != 0 ||
verify != 1)
return -10803;
if (ret == 0)
ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
&verify, &key, contextCtx, sizeof(contextCtx));
if (ret == 0 && verify != 1)
ret = -10802;
#endif
if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL,
0) != 0)
return -10804;
if (ret == 0)
ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
NULL, 0);
if (XMEMCMP(out, sigCtx2, 64))
return -10805;
if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0)
ret = -10803;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify,
&key, NULL, 0) != 0 || verify != 1)
return -10806;
if (ret == 0)
ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
&verify, &key, NULL, 0);
if (ret == 0 && verify != 1)
ret = -10804;
#endif
wc_ed25519_free(&key);
return 0;
return ret;
}
static int ed25519ph_test(void)
{
int ret = 0;
byte out[ED25519_SIG_SIZE];
word32 outlen;
#ifdef HAVE_ED25519_VERIFY
int verify;
int verify = 0;
#endif /* HAVE_ED25519_VERIFY */
ed25519_key key;
@@ -24966,80 +24978,76 @@ static int ed25519ph_test(void)
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
sizeof(pKeyPh), &key) != 0) {
ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
return -10900;
}
if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
0) != 0) {
return -10901;
}
ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
sizeof(pKeyPh), &key);
if (ret == 0)
ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
NULL, 0);
if (XMEMCMP(out, sigPh1, 64))
return -10902;
if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
ret = -10901;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
&key, NULL, 0) != 0 ||
verify != 1) {
return -10903;
}
if (ret == 0)
ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh),
&verify, &key, NULL, 0);
if (ret == 0 && verify != 1)
ret = -10902;
#endif
if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2)) != 0) {
return -10904;
}
if (ret == 0)
ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2));
if (XMEMCMP(out, sigPh2, 64))
return -10905;
if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
ret = -10903;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
&key, contextPh2, sizeof(contextPh2)) != 0 ||
verify != 1) {
return -10906;
}
if (ret == 0)
ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
&key, contextPh2, sizeof(contextPh2));
if (ret == 0 && verify != 1)
ret = -10904;
#endif
if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
0) != 0) {
return -10907;
}
if (ret == 0)
ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
NULL, 0);
if (XMEMCMP(out, sigPh1, 64))
return -10908;
if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
ret = -10905;
#if defined(HAVE_ED25519_VERIFY)
if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
&key, NULL, 0) != 0 ||
verify != 1) {
return -10909;
}
if (ret == 0)
ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh),
&verify, &key, NULL, 0);
if (ret == 0 && verify != 1)
ret = -10906;
#endif
if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2)) != 0) {
return -10910;
}
if (XMEMCMP(out, sigPh2, 64))
return -10911;
if (ret == 0)
ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2));
if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
ret = -10907;
#if defined(HAVE_ED25519_VERIFY)
if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
&key, contextPh2, sizeof(contextPh2)) != 0 ||
verify != 1) {
return -10912;
}
if (ret == 0)
ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
&key, contextPh2, sizeof(contextPh2));
if (ret == 0 && verify != 1)
ret = -10908;
#endif
wc_ed25519_free(&key);
return 0;
return ret;
}
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
@@ -25428,10 +25436,10 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
if (ret != 0)
return -11000;
wc_ed25519_init(&key);
wc_ed25519_init(&key2);
wc_ed25519_init_ex(&key, HEAP_HINT, devId);
wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
#ifndef NO_ASN
wc_ed25519_init(&key3);
wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
#endif
wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
@@ -36882,6 +36890,69 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->pk.ecdh.private_key->devId = devIdArg;
}
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519
if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) {
/* set devId to invalid, so software is used */
info->pk.curve25519kg.key->devId = INVALID_DEVID;
ret = wc_curve25519_make_key(info->pk.curve25519kg.rng,
info->pk.curve25519kg.size, info->pk.curve25519kg.key);
/* reset devId */
info->pk.curve25519kg.key->devId = devIdArg;
}
else if (info->pk.type == WC_PK_TYPE_CURVE25519) {
/* set devId to invalid, so software is used */
info->pk.curve25519.private_key->devId = INVALID_DEVID;
ret = wc_curve25519_shared_secret_ex(
info->pk.curve25519.private_key, info->pk.curve25519.public_key,
info->pk.curve25519.out, info->pk.curve25519.outlen,
info->pk.curve25519.endian);
/* reset devId */
info->pk.curve25519.private_key->devId = devIdArg;
}
#endif /* HAVE_CURVE25519 */
#ifdef HAVE_ED25519
if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) {
/* set devId to invalid, so software is used */
info->pk.ed25519kg.key->devId = INVALID_DEVID;
ret = wc_ed25519_make_key(info->pk.ed25519kg.rng,
info->pk.ed25519kg.size, info->pk.ed25519kg.key);
/* reset devId */
info->pk.ed25519kg.key->devId = devIdArg;
}
else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
/* set devId to invalid, so software is used */
info->pk.ed25519sign.key->devId = INVALID_DEVID;
ret = wc_ed25519_sign_msg_ex(
info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
info->pk.ed25519sign.key, info->pk.ed25519sign.type,
info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen);
/* reset devId */
info->pk.ed25519sign.key->devId = devIdArg;
}
else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) {
/* set devId to invalid, so software is used */
info->pk.ed25519verify.key->devId = INVALID_DEVID;
ret = wc_ed25519_verify_msg_ex(
info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen,
info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen,
info->pk.ed25519verify.res, info->pk.ed25519verify.key,
info->pk.ed25519verify.type, info->pk.ed25519verify.context,
info->pk.ed25519verify.contextLen);
/* reset devId */
info->pk.ed25519verify.key->devId = devIdArg;
}
#endif /* HAVE_ED25519 */
}
else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
@@ -36989,7 +37060,8 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#endif /* !NO_DES3 */
#endif /* !NO_AES || !NO_DES3 */
}
#if !defined(NO_SHA) || !defined(NO_SHA256)
#if !defined(NO_SHA) || !defined(NO_SHA256) || \
defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
else if (info->algo_type == WC_ALGO_TYPE_HASH) {
#if !defined(NO_SHA)
if (info->hash.type == WC_HASH_TYPE_SHA) {
@@ -37040,6 +37112,56 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->hash.sha256->devId = devIdArg;
}
else
#endif
#ifdef WOLFSSL_SHA384
if (info->hash.type == WC_HASH_TYPE_SHA384) {
if (info->hash.sha384 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha384->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Sha384Update(
info->hash.sha384,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha384Final(
info->hash.sha384,
info->hash.digest);
}
/* reset devId */
info->hash.sha384->devId = devIdArg;
}
else
#endif
#ifdef WOLFSSL_SHA512
if (info->hash.type == WC_HASH_TYPE_SHA512) {
if (info->hash.sha512 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha512->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Sha512Update(
info->hash.sha512,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha512Final(
info->hash.sha512,
info->hash.digest);
}
/* reset devId */
info->hash.sha512->devId = devIdArg;
}
else
#endif
{
}
@@ -37100,6 +37222,14 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
if (ret == 0)
ret = ecc_test();
#endif
#ifdef HAVE_ED25519
if (ret == 0)
ret = ed25519_test();
#endif
#ifdef HAVE_CURVE25519
if (ret == 0)
ret = curve25519_test();
#endif
#ifndef NO_AES
#ifdef HAVE_AESGCM
if (ret == 0)
@@ -37114,15 +37244,21 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
if (ret == 0)
ret = des3_test();
#endif /* !NO_DES3 */
#if !defined(NO_SHA) || !defined(NO_SHA256)
#ifndef NO_SHA
#ifndef NO_SHA
if (ret == 0)
ret = sha_test();
#endif
#ifndef NO_SHA256
#endif
#ifndef NO_SHA256
if (ret == 0)
ret = sha256_test();
#endif
#endif
#ifdef WOLFSSL_SHA384
if (ret == 0)
ret = sha384_test();
#endif
#ifdef WOLFSSL_SHA512
if (ret == 0)
ret = sha512_test();
#endif
#ifndef NO_HMAC
#ifndef NO_SHA

91
wolfssl/wolfcrypt/cryptocb.h
View File

@@ -62,7 +62,15 @@
#ifdef WOLFSSL_CMAC
#include <wolfssl/wolfcrypt/cmac.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_CURVE25519
#include <wolfssl/wolfcrypt/curve25519.h>
#endif
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#include <wolfssl/wolfcrypt/sha512.h>
#endif
/* Crypto Information Structure for callbacks */
typedef struct wc_CryptoInfo {
@@ -130,6 +138,50 @@ typedef struct wc_CryptoInfo {
word32 pubKeySz;
} ecc_check;
#endif
#ifdef HAVE_CURVE25519
struct {
WC_RNG* rng;
int size;
curve25519_key* key;
int curveId;
} curve25519kg;
struct {
curve25519_key* private_key;
curve25519_key* public_key;
byte* out;
word32* outlen;
int endian;
} curve25519;
#endif
#ifdef HAVE_ED25519
struct {
WC_RNG* rng;
int size;
ed25519_key* key;
int curveId;
} ed25519kg;
struct {
const byte* in;
word32 inLen;
byte* out;
word32* outLen;
ed25519_key* key;
byte type;
const byte* context;
byte contextLen;
} ed25519sign;
struct {
const byte* sig;
word32 sigLen;
const byte* msg;
word32 msgLen;
int* res;
ed25519_key* key;
byte type;
const byte* context;
byte contextLen;
} ed25519verify;
#endif
};
} pk;
#endif /* !NO_RSA || HAVE_ECC */
@@ -183,7 +235,8 @@ typedef struct wc_CryptoInfo {
};
} cipher;
#endif /* !NO_AES || !NO_DES3 */
#if !defined(NO_SHA) || !defined(NO_SHA256)
#if !defined(NO_SHA) || !defined(NO_SHA256) || \
defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
struct {
int type; /* enum wc_HashType */
const byte* in;
@@ -196,6 +249,12 @@ typedef struct wc_CryptoInfo {
#ifndef NO_SHA256
wc_Sha256* sha256;
#endif
#ifdef WOLFSSL_SHA384
wc_Sha384* sha384;
#endif
#ifdef WOLFSSL_SHA512
wc_Sha512* sha512;
#endif
};
} hash;
#endif /* !NO_SHA || !NO_SHA256 */
@@ -278,6 +337,25 @@ WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
word32 pubKeySz);
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519
WOLFSSL_LOCAL int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize,
curve25519_key* key);
WOLFSSL_LOCAL int wc_CryptoCb_Curve25519(curve25519_key* private_key,
curve25519_key* public_key, byte* out, word32* outlen, int endian);
#endif /* HAVE_CURVE25519 */
#ifdef HAVE_ED25519
WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize,
ed25519_key* key);
WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen,
byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context,
byte contextLen);
WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type,
const byte* context, byte contextLen);
#endif /* HAVE_ED25519 */
#ifndef NO_AES
#ifdef HAVE_AESGCM
WOLFSSL_LOCAL int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
@@ -313,6 +391,15 @@ WOLFSSL_LOCAL int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in,
WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
word32 inSz, byte* digest);
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
WOLFSSL_LOCAL int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
word32 inSz, byte* digest);
#endif
#ifdef WOLFSSL_SHA512
WOLFSSL_LOCAL int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
word32 inSz, byte* digest);
#endif
#ifndef NO_HMAC
WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in,
word32 inSz, byte* digest);

5
wolfssl/wolfcrypt/curve25519.h
View File

@@ -79,6 +79,9 @@ typedef struct curve25519_key {
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif
#if defined(WOLF_CRYPTO_CB)
int devId;
#endif
} curve25519_key;
enum {
@@ -113,6 +116,8 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
WOLFSSL_API
int wc_curve25519_init(curve25519_key* key);
WOLFSSL_API
int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId);
WOLFSSL_API
void wc_curve25519_free(curve25519_key* key);

14
wolfssl/wolfcrypt/ed25519.h
View File

@@ -87,6 +87,9 @@ struct ed25519_key {
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif
#if defined(WOLF_CRYPTO_CB)
int devId;
#endif
};
@@ -111,6 +114,10 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed25519_key* key, const byte* context,
byte contextLen);
WOLFSSL_API
int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed25519_key* key, byte type,
const byte* context, byte contextLen);
WOLFSSL_API
int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* stat, ed25519_key* key);
WOLFSSL_API
@@ -126,8 +133,15 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* stat, ed25519_key* key,
const byte* context, byte contextLen);
WOLFSSL_API
int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, ed25519_key* key,
byte type, const byte* context, byte contextLen);
WOLFSSL_API
int wc_ed25519_init(ed25519_key* key);
WOLFSSL_API
int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId);
WOLFSSL_API
void wc_ed25519_free(ed25519_key* key);
WOLFSSL_API
int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);

5
wolfssl/wolfcrypt/sha512.h
View File

@@ -152,7 +152,10 @@ struct wc_Sha512 {
#if defined(WOLFSSL_SILABS_SE_ACCEL)
wc_silabs_sha_t silabsCtx;
#endif
#ifdef WOLF_CRYPTO_CB
int devId;
void* devCtx; /* generic crypto callback context */
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
word32 flags; /* enum wc_HashFlags in hash.h */
#endif

7
wolfssl/wolfcrypt/types.h
View File

@@ -899,7 +899,7 @@ decouple library dependencies with standard string, memory and so on.
WC_PK_TYPE_ECDH = 3,
WC_PK_TYPE_ECDSA_SIGN = 4,
WC_PK_TYPE_ECDSA_VERIFY = 5,
WC_PK_TYPE_ED25519 = 6,
WC_PK_TYPE_ED25519_SIGN = 6,
WC_PK_TYPE_CURVE25519 = 7,
WC_PK_TYPE_RSA_KEYGEN = 8,
WC_PK_TYPE_EC_KEYGEN = 9,
@@ -907,7 +907,10 @@ decouple library dependencies with standard string, memory and so on.
WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11,
WC_PK_TYPE_ED448 = 12,
WC_PK_TYPE_CURVE448 = 13,
WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE448
WC_PK_TYPE_ED25519_VERIFY = 14,
WC_PK_TYPE_ED25519_KEYGEN = 15,
WC_PK_TYPE_CURVE25519_KEYGEN = 16,
WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519_KEYGEN
};