diff --git a/configure.ac b/configure.ac index 668dd2f31..72e394fec 100644 --- a/configure.ac +++ b/configure.ac @@ -2075,19 +2075,21 @@ then AS_IF([test "$enable_kcapi_hash" != "no"], [ENABLED_KCAPI_HASH=yes]) AS_IF([test "$enable_kcapi_hmac" != "no"], [ENABLED_KCAPI_HMAC=yes]) AS_IF([test "$enable_kcapi_aes" != "no"], [ENABLED_KCAPI_AES=yes]) -# currently the PK alg KCAPI options run into build failures, so disabling here for now. -# AS_IF([test "$enable_kcapi_rsa" != "no"], [ENABLED_KCAPI_RSA=yes]) -# AS_IF([test "$enable_kcapi_dh" != "no"], [ENABLED_KCAPI_DH=yes]) -# AS_IF([test "$enable_kcapi_ecc" != "no"], [ENABLED_KCAPI_ECC=yes]) + AS_IF([test "$enable_kcapi_rsa" != "no"], [ENABLED_KCAPI_RSA=yes]) + AS_IF([test "$enable_kcapi_dh" != "no"], [ENABLED_KCAPI_DH=yes]) + AS_IF([test "$enable_kcapi_ecc" != "no"], [ENABLED_KCAPI_ECC=yes]) fi -AS_IF([test "$ENABLED_KCAPI_HASH" != "no" || - test "$ENABLED_KCAPI_HMAC" != "no" || - test "$ENABLED_KCAPI_AES" != "no" || - test "$ENABLED_KCAPI_RSA" != "no" || - test "$ENABLED_KCAPI_DH" != "no" || - test "$ENABLED_KCAPI_ECC" != "no"], - [LIBS="$LIBS -lkcapi"]) +if test "$ENABLED_KCAPI_HASH" != "no" || + test "$ENABLED_KCAPI_HMAC" != "no" || + test "$ENABLED_KCAPI_AES" != "no" || + test "$ENABLED_KCAPI_RSA" != "no" || + test "$ENABLED_KCAPI_DH" != "no" || + test "$ENABLED_KCAPI_ECC" != "no" +then + LIBS="$LIBS -lkcapi" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI" +fi if test "$ENABLED_KCAPI_HASH" = "yes" then @@ -3594,16 +3596,10 @@ AS_CASE([$FIPS_VERSION], -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ -DHAVE_ECC_CDH \ -DWC_RSA_NO_PADDING \ - -DWOLFSSL_ECDSA_SET_K \ -DWOLFSSL_VALIDATE_ECC_IMPORT \ -DECC_USER_CURVES \ - -DHAVE_ECC192 \ - -DHAVE_ECC224 \ - -DHAVE_ECC256 \ -DHAVE_ECC384 \ -DHAVE_ECC521 \ - -DWOLFSSL_ECDSA_SET_K \ - -DWC_RNG_SEED_CB \ -DWOLFSSL_VALIDATE_FFC_IMPORT \ -DHAVE_FFDHE_Q \ -DHAVE_FFDHE_3072 \ @@ -3611,6 +3607,15 @@ AS_CASE([$FIPS_VERSION], -DHAVE_FFDHE_6144 \ -DHAVE_FFDHE_8192" + # KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback + AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"], + [AM_CFLAGS="$AM_CFLAGS \ + -DWC_RNG_SEED_CB \ + -DWOLFSSL_ECDSA_SET_K \ + -DHAVE_ECC192 \ + -DHAVE_ECC224 \ + -DHAVE_ECC256"]) + DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192 # force various features to FIPS 140-3 defaults, unless overridden with v5-dev: diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4cbab9b33..31d59a835 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1120,13 +1120,15 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ return err_sys("AES-GCM test failed!\n", ret); #endif #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ - !(defined(WOLF_CRYPTO_CB) && \ + !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \ (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) if ((ret = aesgcm_default_test()) != 0) { return err_sys("AES-GCM test failed!\n", ret); } #endif - TEST_PASS("AES-GCM test passed!\n"); + if (ret == 0) { + TEST_PASS("AES-GCM test passed!\n"); + } #endif #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) @@ -21039,7 +21041,8 @@ done: #endif -#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) +#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \ + !defined(WOLFSSL_KCAPI_ECC) static int ecc_test_sign_vectors(WC_RNG* rng) { int ret; @@ -24118,7 +24121,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) #endif #endif -#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) +#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \ + !defined(WOLFSSL_KCAPI_ECC) ret = ecc_test_sign_vectors(&rng); if (ret != 0) { printf("ecc_test_sign_vectors failed! %d\n", ret); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 6484387f1..22c09269e 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1627,9 +1627,12 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_AES_GCM_FIXED_IV_AAD #endif #ifdef WOLFSSL_KCAPI_ECC + #undef ECC_USER_CURVES #define ECC_USER_CURVES #undef NO_ECC256 + #undef HAVE_ECC384 #define HAVE_ECC384 + #undef HAVE_ECC521 #define HAVE_ECC521 #endif