feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5070 from miyazakh/crypto_only_flwup

Browse Source
This commit is contained in:
Chris Conlon
2022-05-20 17:08:29 -06:00
committed by GitHub
parent d80b282fdd 5de9c45161
commit ec39ee2cb6
3 changed files with 222 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
src/pk.c
View File

@ -8398,7 +8398,7 @@ WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
return p;
}
#ifndef WOLFSSL_SP_MATH
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
/* return code compliant with OpenSSL :
* 1 if success, 0 if error
*/
@ -8535,7 +8535,8 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH)
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_EC_POINT *p1,
const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx)
@ -9027,13 +9028,16 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
if (setupPoint(point) != WOLFSSL_SUCCESS) {
return WOLFSSL_FAILURE;
}
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
if (ret < 0) {
WOLFSSL_MSG("ecc_point_is_at_infinity failure");
return WOLFSSL_FAILURE;
}
#else
WOLFSSL_MSG("ecc_point_is_at_infinitiy compiled out");
return WOLFSSL_FAILURE;
#endif
return ret;
}
@ -9260,6 +9264,13 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
{
int check_sign = 0;
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
byte signature[ECC_MAX_SIG_SIZE];
word32 signaturelen = (word32)sizeof(signature);
char* r;
char* s;
int ret = 0;
#endif
WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
@ -9279,6 +9290,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
}
}
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
(mp_int*)sig->s->internal, d, dlen, &check_sign,
(ecc_key *)key->internal) != MP_OKAY) {
@ -9289,6 +9301,36 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
return WOLFSSL_FAILURE;
}
#else
/* convert big number to hex */
r = wolfSSL_BN_bn2hex(sig->r);
s = wolfSSL_BN_bn2hex(sig->s);
/* get DER-encoded ECDSA signature */
ret = wc_ecc_rs_to_sig((const char*)r, (const char*)s,
signature, &signaturelen);
/* free r and s */
if (r)
XFREE(r, NULL, DYNAMIC_TYPE_OPENSSL);
if (s)
XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
if (ret != MP_OKAY) {
WOLFSSL_MSG("wc_ecc_verify_hash failed");
return WOLFSSL_FATAL_ERROR;
}
/* verify hash. expects to call wc_CryptoCb_EccVerify internally */
ret = wc_ecc_verify_hash(signature, signaturelen, d, dlen, &check_sign,
(ecc_key*)key->internal);
if (ret != MP_OKAY) {
WOLFSSL_MSG("wc_ecc_verify_hash failed");
return WOLFSSL_FATAL_ERROR;
}
else if (check_sign == 0) {
WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
return WOLFSSL_FAILURE;
}
#endif
return WOLFSSL_SUCCESS;
}
@ -9357,6 +9399,7 @@ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
}
/* End ECDSA_SIG */
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
/* Start ECDH */
/* return code compliant with OpenSSL :
* length of computed key if success, -1 if error
@ -9427,6 +9470,7 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
return len;
}
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
/* End ECDH */
#if !defined(NO_FILESYSTEM)

2
wolfcrypt/src/evp.c
View File

@ -1612,7 +1612,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
*keylen = (size_t)len;
break;
#endif
#ifdef HAVE_ECC
#if defined(HAVE_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
case EVP_PKEY_EC:
/* Use ECDH */
if (!ctx->pkey->ecc || !ctx->peerKey->ecc) {

175
wolfcrypt/test/test.c
View File

@ -1238,11 +1238,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
else
TEST_PASS("OPENSSL (PKEY1) passed!\n");
#if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
if ( (ret = openssl_evpSig_test()) != 0)
return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
else
TEST_PASS("OPENSSL (EVP Sign/Verify) passed!\n");
#endif
#endif
#if defined(HAVE_ECC)
@ -39420,12 +39421,59 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx)
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte* out = (byte*)XMALLOC(sizeof(byte),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef OPENSSL_EXTRA
byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
ecc_key key[1];
ecc_key pub[1];
byte out[256];
#ifdef OPENSSL_EXTRA
unsigned char check[256];
#endif
#endif
#ifdef OPENSSL_EXTRA
EVP_PKEY* privKey = NULL;
EVP_PKEY* pubKey = NULL;
ecc_key* pkey;
EVP_MD_CTX mdCtx;
const char testData[] = "Hi There";
size_t checkSz = -1;
const unsigned char* cp;
const unsigned char* p;
const unsigned char check_v[256] = {
0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09,
0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34,
0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff,
0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5,
0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08,
0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3,
0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b,
0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca,
0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5,
0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76,
0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7,
0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1,
0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d,
0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49,
0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80,
0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42,
0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82,
0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47,
0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8,
0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0,
0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f,
0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b,
0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2,
0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4,
0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
0xef,0x8c,0x94,0x6f,0xdd,0x62,
};
#endif
WC_RNG rng;
EncryptedInfo encInfo;
int keyFormat = 0;
@ -39523,16 +39571,128 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx)
ret = wc_ecc_shared_secret(key, pub, out, &outLen);
}
if (ret != NO_VALID_DEVID) {
ERROR_OUT(-8016, exit_onlycb);
ERROR_OUT(-8018, exit_onlycb);
}
else
ret = 0;
#ifdef OPENSSL_EXTRA
(void)pkey;
cp = ecc_clikey_der_256;
privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
sizeof_ecc_clikey_der_256);
if (privKey == NULL) {
ERROR_OUT(-8019, exit_onlycb);
}
pkey = (ecc_key*)privKey->ecc->internal;
pkey->devId = devId;
p = ecc_clikeypub_der_256;
pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256);
if (pubKey == NULL) {
ERROR_OUT(-8020, exit_onlycb);
}
pkey = (ecc_key*)pubKey->ecc->internal;
pkey->devId = devId;
/* sign */
EVP_MD_CTX_init(&mdCtx);
ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(-8021, exit_onlycb);
}
ret = EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData));
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(-8022, exit_onlycb);
}
ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz);
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(-8023, exit_onlycb);
}
ctx->exampleVar = 99;
ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
/* just called crypt callback as dummy
* EVP_DigestSignFinal returns 0 internally.
*/
if (ret != 0) {
ERROR_OUT(-8024, exit_onlycb);
}
ctx->exampleVar = 1;
ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
/* just called crypt callback as dummy
* EVP_DigestSignFinal returns 0 internally.
*/
if (ret != 0) {
ERROR_OUT(-8025, exit_onlycb);
}
/* restore checkSz for verify */
checkSz = 71;
ret = EVP_MD_CTX_cleanup(&mdCtx);
if (ret != SSL_SUCCESS) {
ERROR_OUT(-8026, exit_onlycb);
}
/* verify */
EVP_MD_CTX_init(&mdCtx);
if (ret == SSL_SUCCESS) {
ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
}
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(-8027, exit_onlycb);
}
if (ret == WOLFSSL_SUCCESS) {
ret = EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData));
}
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(-8028, exit_onlycb);
}
ctx->exampleVar = 99;
ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
/* just called crypt callback as dummy
* EVP_DigestSignFinal returns 0 internally.
*/
if (ret != 0) {
ERROR_OUT(-8029, exit_onlycb);
}
ctx->exampleVar = 1;
ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
/* just called crypt callback as dummy
* EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID.
*/
if (ret != -1) {
ERROR_OUT(-8030, exit_onlycb);
}
ret = EVP_MD_CTX_cleanup(&mdCtx);
if (ret != SSL_SUCCESS) {
ERROR_OUT(-8031, exit_onlycb);
} else
ret = 0;
#endif
#else
(void)verify;
(void)outLen;
(void)inLen;
(void)out;
(void)pub;
#ifdef OPENSSL_EXTRA
(void)privKey;
(void)pubKey;
(void)mdCtx;
(void)check;
(void)checkSz;
(void)p;
#endif
#endif
(void)keyFormat;
(void)encInfo;
@ -39549,8 +39709,19 @@ exit_onlycb:
if (out != NULL) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#ifdef OPENSSL_EXTRA
if (check) {
FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#else
wc_ecc_free(key);
#ifdef OPENSSL_EXTRA
if (privKey)
EVP_PKEY_free(privKey);
if (pubKey)
EVP_PKEY_free(pubKey);
#endif
#endif
#endif /* HAVE_ECC */