From 9db0257e2e28fc5bbf64f2bd8aba3d654cf94584 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 25 Feb 2021 19:16:13 +0700 Subject: [PATCH] changes after initial review --- IDE/QNX/example-client/client-tls.c | 7 ++- IDE/QNX/example-cmac/cmac-test.c | 2 +- IDE/QNX/example-server/server-tls.c | 22 ++++---- wolfcrypt/src/cmac.c | 80 +++++++++++++++++------------ wolfssl/wolfcrypt/cmac.h | 6 +++ 5 files changed, 71 insertions(+), 46 deletions(-) diff --git a/IDE/QNX/example-client/client-tls.c b/IDE/QNX/example-client/client-tls.c index 09d4a48b3..8b351440a 100644 --- a/IDE/QNX/example-client/client-tls.c +++ b/IDE/QNX/example-client/client-tls.c @@ -139,7 +139,7 @@ int main(int argc, char** argv) } /* Create and initialize WOLFSSL_CTX */ - if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) { fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; goto socket_cleanup; @@ -190,6 +190,11 @@ int main(int argc, char** argv) pemSz = ftell(f); rewind(f); pem = malloc(pemSz); + if (pem == NULL) { + fclose(f); + ret = -1; + goto socket_cleanup; + } pemSz = fread(pem, 1, pemSz, f); fclose(f); diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c index 23cf8428e..7b781e8c1 100644 --- a/IDE/QNX/example-cmac/cmac-test.c +++ b/IDE/QNX/example-cmac/cmac-test.c @@ -28,7 +28,7 @@ #include #include -const byte k256[] = +static const byte k256[] = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, diff --git a/IDE/QNX/example-server/server-tls.c b/IDE/QNX/example-server/server-tls.c index e1884283e..6e8cb612e 100644 --- a/IDE/QNX/example-server/server-tls.c +++ b/IDE/QNX/example-server/server-tls.c @@ -36,6 +36,7 @@ #include /* functions for blob/cover*/ #define DEFAULT_PORT 11111 +#define ECC_KEY_SIZE 32 #undef USE_CERT_BUFFERS_256 #define USE_CERT_BUFFERS_256 @@ -49,8 +50,8 @@ static int test_blob(byte* key, int keySz) int outSz; int keyOutSz; - byte keymod[16]; - int keymodSz = 16; + byte keymod[WC_CAAM_BLACK_KEYMOD_SZ]; + int keymodSz = WC_CAAM_BLACK_KEYMOD_SZ; /* using a key mod of all 1's */ XMEMSET(keymod, 1, keymodSz); @@ -94,16 +95,15 @@ int cover(ecc_key* keyOut, const byte* der, word32 derSz) word32 idx = 0; /* format bit plus public key x and y parameter */ - byte x963[65]; - word32 x963Sz = 65; + byte x963[(ECC_KEY_SIZE*2) + 1]; + word32 x963Sz = (ECC_KEY_SIZE*2) + 1; /* uncovered private key */ - byte d[32]; - word32 dSz = 32; + byte d[ECC_KEY_SIZE]; + word32 dSz = ECC_KEY_SIZE; - byte blackKey[48]; /* 16 bytes larger than key size to account for MAC and - * potential padding */ - word32 blackKeySz = 48; + byte blackKey[ECC_KEY_SIZE + WC_CAAM_MAC_SZ]; + word32 blackKeySz = ECC_KEY_SIZE + WC_CAAM_MAC_SZ; /* The DER buffer for test case does not contain a black key, here we will @@ -151,7 +151,7 @@ int cover(ecc_key* keyOut, const byte* der, word32 derSz) goto done; } - if (test_blob(blackKey, blackKeySz - 16) != 0) {/*-16 byte for MAC padding*/ + if (test_blob(blackKey, blackKeySz - WC_CAAM_MAC_SZ) != 0) { printf("test blob failed\n"); ret = -1; goto done; @@ -191,7 +191,7 @@ static int TLS_ECC_Sign_callback(WOLFSSL* ssl, const unsigned char* in, printf("Using ECC sign callback\n"); if (ctx == NULL) { - printf("Was expecting a black key passed along with WOLFSSH\n"); + printf("Was expecting a black key passed along with WOLFSSL\n"); return -1; } blackKey = (ecc_key*)ctx; diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 88d7214ba..2ee7b498e 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -79,29 +79,30 @@ static void ShiftAndXorRb(byte* out, byte* in) } -int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, - int type, void* unused) + +/* returns 0 on success */ +int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused, void* heap, int devId) { int ret; (void)unused; + (void)heap; if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES) return BAD_FUNC_ARG; XMEMSET(cmac, 0, sizeof(Cmac)); - #ifdef WOLFSSL_QNX_CAAM - cmac->devId = WOLFSSL_CAAM_DEVID; - #endif #ifdef WOLF_CRYPTO_CB - if (cmac->devId != INVALID_DEVID) { - ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL, - type, unused); - if (ret != CRYPTOCB_UNAVAILABLE) - return ret; - /* fall-through when unavailable */ - } + if (devId != INVALID_DEVID) { + cmac->devId = devId; + ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL, + type, unused); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } #endif if (key == NULL) @@ -121,24 +122,37 @@ int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, } +int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused) +{ +#ifdef WOLFSSL_QNX_CAAM + return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, + WOLFSSL_CAAM_DEVID); +#else + return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, INVALID_DEVID); +#endif +} + + + int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) { - #ifdef WOLF_CRYPTO_CB +#ifdef WOLF_CRYPTO_CB int ret; - #endif +#endif if ((cmac == NULL) || (in == NULL && inSz != 0)) return BAD_FUNC_ARG; - #ifdef WOLF_CRYPTO_CB - if (cmac->devId != INVALID_DEVID) { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, - NULL, NULL, 0, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) - return ret; - /* fall-through when unavailable */ - } - #endif +#ifdef WOLF_CRYPTO_CB + if (cmac->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, + NULL, NULL, 0, NULL); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif while (inSz != 0) { word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); @@ -164,9 +178,9 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { - #ifdef WOLF_CRYPTO_CB +#ifdef WOLF_CRYPTO_CB int ret; - #endif +#endif const byte* subKey; if (cmac == NULL || out == NULL || outSz == NULL) @@ -175,14 +189,14 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ) return BUFFER_E; - #ifdef WOLF_CRYPTO_CB - if (cmac->devId != INVALID_DEVID) { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) - return ret; - /* fall-through when unavailable */ - } - #endif +#ifdef WOLF_CRYPTO_CB + if (cmac->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + } +#endif if (cmac->bufferSz == AES_BLOCK_SIZE) { subKey = cmac->k1; diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index de94ce32d..69a14de32 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -77,6 +77,12 @@ WOLFSSL_API int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, int type, void* unused); + +WOLFSSL_API +int wc_InitCmac_ex(Cmac* cmac, + const byte* key, word32 keySz, + int type, void* unused, void* heap, int devId); + WOLFSSL_API int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz);