feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

set dev ID with signature check (#6318)

Browse Source 
* set dev ID with signature check

* refactor devId use and add API to set devId in WOLFSSL_CERT_MANAGER structure

* add api.c call to set devid with WOLFSSL_CERT_MANAGER

* resolving devID CRL issue and CM pointer

* add device find callback

* add simple test case
This commit is contained in:
JacobBarthelmeh
2023-04-26 12:19:00 -06:00
committed by GitHub
parent 3556b7adb7
commit ccb9bdd903
6 changed files with 135 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl.c
View File

@ -7590,7 +7590,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#endif #endif
WOLFSSL_MSG("Checking cert signature type"); WOLFSSL_MSG("Checking cert signature type");
InitDecodedCert(cert, der->buffer, der->length, heap); InitDecodedCert_ex(cert, der->buffer, der->length, heap, devId);
if (DecodeToKey(cert, 0) < 0) { if (DecodeToKey(cert, 0) < 0) {
WOLFSSL_MSG("Decode to key failed"); WOLFSSL_MSG("Decode to key failed");
@ -9831,7 +9831,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
size = cert->length; size = cert->length;
buff = cert->buffer; buff = cert->buffer;
InitDecodedCert(der, buff, size, heap); InitDecodedCert_ex(der, buff, size, heap, devId);
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) { if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
FreeDecodedCert(der); FreeDecodedCert(der);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -20619,7 +20619,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ret = wolfSSL_X509_dup(&ssl->peerCert); ret = wolfSSL_X509_dup(&ssl->peerCert);
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
else if (ssl->session->chain.count > 0) { else if (ssl->session->chain.count > 0) {
if (DecodeToX509(&ssl->peerCert, ssl->session->chain.certs[0].buffer, if (DecodeToX509(&ssl->peerCert,
ssl->session->chain.certs[0].buffer,
ssl->session->chain.certs[0].length) == 0) { ssl->session->chain.certs[0].length) == 0) {
ret = wolfSSL_X509_dup(&ssl->peerCert); ret = wolfSSL_X509_dup(&ssl->peerCert);
} }

59
wolfcrypt/src/asn.c
View File

@ -11117,6 +11117,21 @@ int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen)
*/ */
void InitDecodedCert(DecodedCert* cert, void InitDecodedCert(DecodedCert* cert,
const byte* source, word32 inSz, void* heap) const byte* source, word32 inSz, void* heap)
{
InitDecodedCert_ex(cert, source, inSz, heap, INVALID_DEVID);
}
/* Initialize decoded certificate object with buffer of DER encoding.
*
* @param [in, out] cert Decoded certificate object.
* @param [in] source Buffer containing DER encoded certificate.
* @param [in] inSz Size of DER data in buffer in bytes.
* @param [in] heap Dynamic memory hint.
* @param [in] devId Crypto callback ID to use.
*/
void InitDecodedCert_ex(DecodedCert* cert,
const byte* source, word32 inSz, void* heap, int devId)
{ {
if (cert != NULL) { if (cert != NULL) {
XMEMSET(cert, 0, sizeof(DecodedCert)); XMEMSET(cert, 0, sizeof(DecodedCert));
@ -11152,7 +11167,7 @@ void InitDecodedCert(DecodedCert* cert,
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
#ifndef NO_CERTS #ifndef NO_CERTS
InitSignatureCtx(&cert->sigCtx, heap, INVALID_DEVID); InitSignatureCtx(&cert->sigCtx, heap, devId);
#endif #endif
} }
} }
@ -20958,6 +20973,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
if (sigCtx == NULL) if (sigCtx == NULL)
return MEMORY_E; return MEMORY_E;
#endif #endif
InitSignatureCtx(sigCtx, heap, INVALID_DEVID); InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
/* Certificate SEQUENCE */ /* Certificate SEQUENCE */
@ -24653,7 +24669,8 @@ void wc_SetCert_Free(Cert* cert)
} }
} }
static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz) static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
int devId)
{ {
int ret; int ret;
@ -24671,8 +24688,8 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz)
else { else {
XMEMSET(cert->decodedCert, 0, sizeof(DecodedCert)); XMEMSET(cert->decodedCert, 0, sizeof(DecodedCert));
InitDecodedCert((DecodedCert*)cert->decodedCert, der, derSz, InitDecodedCert_ex((DecodedCert*)cert->decodedCert, der, derSz,
cert->heap); cert->heap, devId);
ret = ParseCertRelative((DecodedCert*)cert->decodedCert, ret = ParseCertRelative((DecodedCert*)cert->decodedCert,
CERT_TYPE, 0, NULL); CERT_TYPE, 0, NULL);
if (ret >= 0) { if (ret >= 0) {
@ -30226,7 +30243,7 @@ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz)
/* Check if decodedCert is cached */ /* Check if decodedCert is cached */
if (cert->der != der) { if (cert->der != der) {
/* Allocate cache for the decoded cert */ /* Allocate cache for the decoded cert */
ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
} }
if (ret >= 0) { if (ret >= 0) {
@ -30467,7 +30484,8 @@ static int SetAltNamesFromDcert(Cert* cert, DecodedCert* decoded)
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
/* Set Alt Names from der cert, return 0 on success */ /* Set Alt Names from der cert, return 0 on success */
static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz,
int devId)
{ {
int ret; int ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -30486,7 +30504,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
return MEMORY_E; return MEMORY_E;
#endif #endif
InitDecodedCert(decoded, der, (word32)derSz, NULL); InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
@ -30666,7 +30684,7 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded)
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
/* Set cn name from der buffer, return 0 on success */ /* Set cn name from der buffer, return 0 on success */
static int SetNameFromCert(CertName* cn, const byte* der, int derSz) static int SetNameFromCert(CertName* cn, const byte* der, int derSz, int devId)
{ {
int ret; int ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -30685,7 +30703,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
return MEMORY_E; return MEMORY_E;
#endif #endif
InitDecodedCert(decoded, der, (word32)derSz, NULL); InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
@ -30717,7 +30735,8 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile)
ret = wc_PemCertToDer_ex(issuerFile, &der); ret = wc_PemCertToDer_ex(issuerFile, &der);
if (ret == 0) { if (ret == 0) {
cert->selfSigned = 0; cert->selfSigned = 0;
ret = SetNameFromCert(&cert->issuer, der->buffer, (int)der->length); ret = SetNameFromCert(&cert->issuer, der->buffer, (int)der->length,
INVALID_DEVID);
FreeDer(&der); FreeDer(&der);
} }
@ -30738,7 +30757,8 @@ int wc_SetSubject(Cert* cert, const char* subjectFile)
ret = wc_PemCertToDer_ex(subjectFile, &der); ret = wc_PemCertToDer_ex(subjectFile, &der);
if (ret == 0) { if (ret == 0) {
ret = SetNameFromCert(&cert->subject, der->buffer, (int)der->length); ret = SetNameFromCert(&cert->subject, der->buffer, (int)der->length,
INVALID_DEVID);
FreeDer(&der); FreeDer(&der);
} }
@ -30761,7 +30781,8 @@ int wc_SetAltNames(Cert* cert, const char* file)
ret = wc_PemCertToDer_ex(file, &der); ret = wc_PemCertToDer_ex(file, &der);
if (ret == 0) { if (ret == 0) {
ret = SetAltNamesFromCert(cert, der->buffer, (int)der->length); ret = SetAltNamesFromCert(cert, der->buffer, (int)der->length,
INVALID_DEVID);
FreeDer(&der); FreeDer(&der);
} }
@ -30788,7 +30809,7 @@ int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz)
/* Check if decodedCert is cached */ /* Check if decodedCert is cached */
if (cert->der != der) { if (cert->der != der) {
/* Allocate cache for the decoded cert */ /* Allocate cache for the decoded cert */
ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
} }
if (ret >= 0) { if (ret >= 0) {
@ -30815,7 +30836,7 @@ int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
/* Check if decodedCert is cached */ /* Check if decodedCert is cached */
if (cert->der != der) { if (cert->der != der) {
/* Allocate cache for the decoded cert */ /* Allocate cache for the decoded cert */
ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
} }
if (ret >= 0) { if (ret >= 0) {
@ -30842,7 +30863,7 @@ int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz)
/* Check if decodedCert is cached */ /* Check if decodedCert is cached */
if (cert->der != der) { if (cert->der != der) {
/* Allocate cache for the decoded cert */ /* Allocate cache for the decoded cert */
ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
} }
if (ret >= 0) { if (ret >= 0) {
@ -30876,7 +30897,7 @@ int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz)
/* Check if decodedCert is cached */ /* Check if decodedCert is cached */
if (cert->der != der) { if (cert->der != der) {
/* Allocate cache for the decoded cert */ /* Allocate cache for the decoded cert */
ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
} }
if (ret >= 0) { if (ret >= 0) {
@ -30913,7 +30934,7 @@ int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
/* Check if decodedCert is cached */ /* Check if decodedCert is cached */
if (cert->der != der) { if (cert->der != der) {
/* Allocate cache for the decoded cert */ /* Allocate cache for the decoded cert */
ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
} }
if (ret >= 0) { if (ret >= 0) {
@ -30940,7 +30961,7 @@ int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz)
/* Check if decodedCert is cached */ /* Check if decodedCert is cached */
if (cert->der != der) { if (cert->der != der) {
/* Allocate cache for the decoded cert */ /* Allocate cache for the decoded cert */
ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
} }
if (ret >= 0) { if (ret >= 0) {
@ -34440,7 +34461,6 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
int sigLength; int sigLength;
const byte* sigParams = NULL; const byte* sigParams = NULL;
word32 sigParamsSz = 0; word32 sigParamsSz = 0;
WOLFSSL_ENTER("DecodeBasicOcspResponse"); WOLFSSL_ENTER("DecodeBasicOcspResponse");
(void)heap; (void)heap;
@ -34708,6 +34728,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
#endif #endif
if (ca) { if (ca) {
SignatureCtx sigCtx; SignatureCtx sigCtx;
/* Initialize he signature context. */ /* Initialize he signature context. */
InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);

105
wolfcrypt/src/cryptocb.c
View File

@ -34,6 +34,9 @@
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLFSSL_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
/* TODO: Consider linked list with mutex */ /* TODO: Consider linked list with mutex */
#ifndef MAX_CRYPTO_DEVID_CALLBACKS #ifndef MAX_CRYPTO_DEVID_CALLBACKS
@ -46,6 +49,7 @@ typedef struct CryptoCb {
void* ctx; void* ctx;
} CryptoCb; } CryptoCb;
static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS]; static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
static CryptoDevCallbackFind CryptoCb_FindCb = NULL;
#ifdef DEBUG_CRYPTOCB #ifdef DEBUG_CRYPTOCB
@ -165,15 +169,32 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
} }
#endif /* DEBUG_CRYPTOCB */ #endif /* DEBUG_CRYPTOCB */
static CryptoCb* wc_CryptoCb_FindDevice(int devId) /* Search through listed devices and return the first matching device ID
* found. */
static CryptoCb* wc_CryptoCb_GetDevice(int devId)
{ {
int i; int i;
for (i=0; i<MAX_CRYPTO_DEVID_CALLBACKS; i++) { for (i = 0; i < MAX_CRYPTO_DEVID_CALLBACKS; i++) {
if (gCryptoDev[i].devId == devId) if (gCryptoDev[i].devId == devId)
return &gCryptoDev[i]; return &gCryptoDev[i];
} }
return NULL; return NULL;
} }
/* Filters through find callback set when trying to get the device,
* returns the device found on success and null if not found. */
static CryptoCb* wc_CryptoCb_FindDevice(int devId, int algoType)
{
int localDevId = devId;
if (CryptoCb_FindCb != NULL) {
localDevId = CryptoCb_FindCb(devId, algoType);
}
return wc_CryptoCb_GetDevice(localDevId);
}
static CryptoCb* wc_CryptoCb_FindDeviceByIndex(int startIdx) static CryptoCb* wc_CryptoCb_FindDeviceByIndex(int startIdx)
{ {
int i; int i;
@ -211,12 +232,22 @@ int wc_CryptoCb_GetDevIdAtIndex(int startIdx)
return devId; return devId;
} }
/* Used to register a find device function. Useful for cases where the
* device ID in the struct may not have been set but still wanting to use
* a specifice crypto callback device ID. The find callback is global and
* not thread safe. */
void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb)
{
CryptoCb_FindCb = cb;
}
int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx) int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx)
{ {
/* find existing or new */ /* find existing or new */
CryptoCb* dev = wc_CryptoCb_FindDevice(devId); CryptoCb* dev = wc_CryptoCb_GetDevice(devId);
if (dev == NULL) if (dev == NULL)
dev = wc_CryptoCb_FindDevice(INVALID_DEVID); dev = wc_CryptoCb_GetDevice(INVALID_DEVID);
if (dev == NULL) if (dev == NULL)
return BUFFER_E; /* out of devices */ return BUFFER_E; /* out of devices */
@ -230,7 +261,7 @@ int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx)
void wc_CryptoCb_UnRegisterDevice(int devId) void wc_CryptoCb_UnRegisterDevice(int devId)
{ {
CryptoCb* dev = wc_CryptoCb_FindDevice(devId); CryptoCb* dev = wc_CryptoCb_GetDevice(devId);
if (dev) { if (dev) {
XMEMSET(dev, 0, sizeof(*dev)); XMEMSET(dev, 0, sizeof(*dev));
dev->devId = INVALID_DEVID; dev->devId = INVALID_DEVID;
@ -248,7 +279,7 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -278,7 +309,7 @@ int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -306,7 +337,7 @@ int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -333,7 +364,7 @@ int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId)
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -360,7 +391,7 @@ int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(private_key->devId); dev = wc_CryptoCb_FindDevice(private_key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -387,7 +418,7 @@ int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -416,7 +447,7 @@ int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -445,7 +476,7 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -473,7 +504,7 @@ int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -499,7 +530,7 @@ int wc_CryptoCb_Curve25519(curve25519_key* private_key,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(private_key->devId); dev = wc_CryptoCb_FindDevice(private_key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -529,7 +560,7 @@ int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -556,7 +587,7 @@ int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, byte* out,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -588,7 +619,7 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -624,7 +655,7 @@ int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -665,7 +696,7 @@ int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -708,7 +739,7 @@ int wc_CryptoCb_AesCcmEncrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -749,7 +780,7 @@ int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -789,7 +820,7 @@ int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -821,7 +852,7 @@ int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -854,7 +885,7 @@ int wc_CryptoCb_AesCtrEncrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -887,7 +918,7 @@ int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -919,7 +950,7 @@ int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
/* locate registered callback */ /* locate registered callback */
if (aes) { if (aes) {
dev = wc_CryptoCb_FindDevice(aes->devId); dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -954,7 +985,7 @@ int wc_CryptoCb_Des3Encrypt(Des3* des3, byte* out,
/* locate registered callback */ /* locate registered callback */
if (des3) { if (des3) {
dev = wc_CryptoCb_FindDevice(des3->devId); dev = wc_CryptoCb_FindDevice(des3->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -986,7 +1017,7 @@ int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out,
/* locate registered callback */ /* locate registered callback */
if (des3) { if (des3) {
dev = wc_CryptoCb_FindDevice(des3->devId); dev = wc_CryptoCb_FindDevice(des3->devId, WC_ALGO_TYPE_CIPHER);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -1020,7 +1051,7 @@ int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in,
/* locate registered callback */ /* locate registered callback */
if (sha) { if (sha) {
dev = wc_CryptoCb_FindDevice(sha->devId); dev = wc_CryptoCb_FindDevice(sha->devId, WC_ALGO_TYPE_HASH);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -1053,7 +1084,7 @@ int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
/* locate registered callback */ /* locate registered callback */
if (sha256) { if (sha256) {
dev = wc_CryptoCb_FindDevice(sha256->devId); dev = wc_CryptoCb_FindDevice(sha256->devId, WC_ALGO_TYPE_HASH);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -1087,7 +1118,7 @@ int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
/* locate registered callback */ /* locate registered callback */
#ifndef NO_SHA2_CRYPTO_CB #ifndef NO_SHA2_CRYPTO_CB
if (sha384) { if (sha384) {
dev = wc_CryptoCb_FindDevice(sha384->devId); dev = wc_CryptoCb_FindDevice(sha384->devId, WC_ALGO_TYPE_HASH);
} }
else else
#endif #endif
@ -1123,7 +1154,7 @@ int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
/* locate registered callback */ /* locate registered callback */
#ifndef NO_SHA2_CRYPTO_CB #ifndef NO_SHA2_CRYPTO_CB
if (sha512) { if (sha512) {
dev = wc_CryptoCb_FindDevice(sha512->devId); dev = wc_CryptoCb_FindDevice(sha512->devId, WC_ALGO_TYPE_HASH);
} }
else else
#endif #endif
@ -1160,7 +1191,7 @@ int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz,
return ret; return ret;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(hmac->devId); dev = wc_CryptoCb_FindDevice(hmac->devId, WC_ALGO_TYPE_HMAC);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -1186,7 +1217,7 @@ int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz)
/* locate registered callback */ /* locate registered callback */
if (rng) { if (rng) {
dev = wc_CryptoCb_FindDevice(rng->devId); dev = wc_CryptoCb_FindDevice(rng->devId, WC_ALGO_TYPE_RNG);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */
@ -1213,7 +1244,7 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
CryptoCb* dev; CryptoCb* dev;
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(os->devId); dev = wc_CryptoCb_FindDevice(os->devId, WC_ALGO_TYPE_SEED);
if (dev && dev->cb) { if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo; wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@ -1238,7 +1269,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
/* locate registered callback */ /* locate registered callback */
if (cmac) { if (cmac) {
dev = wc_CryptoCb_FindDevice(cmac->devId); dev = wc_CryptoCb_FindDevice(cmac->devId, WC_ALGO_TYPE_CMAC);
} }
else { else {
/* locate first callback and try using it */ /* locate first callback and try using it */

19
wolfcrypt/test/test.c
View File

@ -45138,6 +45138,23 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
return ret; return ret;
} }
static int myCryptoCbFind(int currentId, int algoType)
{
/* can have algo specific overrides here
switch (algoType) {
}
*/
(void)algoType;
if (currentId == INVALID_DEVID) {
return 1; /* override invalid devid found with 1 */
}
return currentId;
}
WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
{ {
int ret = 0; int ret = 0;
@ -45149,7 +45166,7 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
/* set devId to something other than INVALID_DEVID */ /* set devId to something other than INVALID_DEVID */
devId = 1; devId = 1;
ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx); ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
wc_CryptoCb_SetDeviceFindCb(myCryptoCbFind);
#ifndef WC_NO_RNG #ifndef WC_NO_RNG
if (ret == 0) if (ret == 0)
ret = random_test(); ret = random_test();

2
wolfssl/wolfcrypt/asn.h
View File

@ -2023,6 +2023,8 @@ WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap);
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
WOLFSSL_ASN_API void InitDecodedCert(DecodedCert* cert, const byte* source, WOLFSSL_ASN_API void InitDecodedCert(DecodedCert* cert, const byte* source,
word32 inSz, void* heap); word32 inSz, void* heap);
WOLFSSL_LOCAL void InitDecodedCert_ex(DecodedCert* cert, const byte* source,
word32 inSz, void* heap, int devId);
WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert); WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert);
WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify, WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify,
void* cm); void* cm);

3
wolfssl/wolfcrypt/cryptocb.h
View File

@ -366,6 +366,9 @@ WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb,
WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId); WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId);
WOLFSSL_API int wc_CryptoCb_DefaultDevID(void); WOLFSSL_API int wc_CryptoCb_DefaultDevID(void);
typedef int (*CryptoDevCallbackFind)(int devId, int algoType);
WOLFSSL_API void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb);
#ifdef DEBUG_CRYPTOCB #ifdef DEBUG_CRYPTOCB
WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info); WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
#endif #endif