feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

linuxkm: register dh and ffdhe.

Browse Source
This commit is contained in:
jordan
2025-04-25 21:21:26 -05:00
parent b077c81eb6
commit f6f3b0a1ee
7 changed files with 3063 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -9441,6 +9441,7 @@ then
'ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDH" ;;
'rsa') test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA -DWC_RSA_NO_PADDING" ;;
'dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_DH -DWOLFSSL_DH_EXTRA -DWOLFSSL_DH_GEN_PUB" ;;
# disable options
'-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
'-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;;
@ -9460,6 +9461,7 @@ then
'-ecdsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDSA" ;;
'-ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDH" ;;
'-rsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_RSA" ;;
'-dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_DH" ;;
*) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;;
esac
done

1
linuxkm/include.am
View File

@ -17,6 +17,7 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
linuxkm/lkcapi_glue.c \
linuxkm/lkcapi_aes_glue.c \
linuxkm/lkcapi_sha_glue.c \
linuxkm/lkcapi_dh_glue.c \
linuxkm/lkcapi_ecdsa_glue.c \
linuxkm/lkcapi_ecdh_glue.c \
linuxkm/lkcapi_rsa_glue.c

2913
linuxkm/lkcapi_dh_glue.c Normal file
View File

File diff suppressed because it is too large Load Diff

75
linuxkm/lkcapi_glue.c
View File

@ -293,6 +293,27 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#endif /* linux >= 6.13.0 */
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_DH)) && \
!defined(LINUXKM_LKCAPI_REGISTER_DH)
#define LINUXKM_LKCAPI_REGISTER_DH
#define LINUXKM_DH
#endif
#if defined (LINUXKM_LKCAPI_REGISTER_DH) && !defined(WOLFSSL_DH_EXTRA) || \
!defined(WOLFSSL_DH_GEN_PUB)
/* not supported without WOLFSSL_DH_EXTRA && WOLFSSL_DH_GEN_PUB */
#undef LINUXKM_LKCAPI_REGISTER_DH
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#if defined (LINUXKM_LKCAPI_REGISTER_DH) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER)
/**
* note: normal dh not fips_allowed in in kernel crypto/testmgr.c,
* and will not pass the tests.
* */
#undef LINUXKM_DH
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#include "linuxkm/lkcapi_ecdsa_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
@ -305,6 +326,10 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
#include "linuxkm/lkcapi_rsa_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#if defined (LINUXKM_LKCAPI_REGISTER_DH)
#include "linuxkm/lkcapi_dh_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
static int linuxkm_lkcapi_register(void)
{
int ret = 0;
@ -491,6 +516,31 @@ static int linuxkm_lkcapi_register(void)
#endif /* WOLFSSL_SHA512 */
#endif
#ifdef LINUXKM_LKCAPI_REGISTER_DH
#ifdef LINUXKM_DH
REGISTER_ALG(dh, crypto_register_kpp, linuxkm_test_dh);
#endif /* LINUXKM_DH */
#ifdef HAVE_FFDHE_2048
REGISTER_ALG(ffdhe2048, crypto_register_kpp, linuxkm_test_ffdhe2048);
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
REGISTER_ALG(ffdhe3072, crypto_register_kpp, linuxkm_test_ffdhe3072);
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
REGISTER_ALG(ffdhe4096, crypto_register_kpp, linuxkm_test_ffdhe4096);
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
REGISTER_ALG(ffdhe6144, crypto_register_kpp, linuxkm_test_ffdhe6144);
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
REGISTER_ALG(ffdhe8192, crypto_register_kpp, linuxkm_test_ffdhe8192);
#endif /* HAVE_FFDHE_8192 */
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#undef REGISTER_ALG
out:
@ -629,5 +679,30 @@ static void linuxkm_lkcapi_unregister(void)
#endif /* WOLFSSL_SHA512 */
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#ifdef LINUXKM_LKCAPI_REGISTER_DH
#ifdef LINUXKM_DH
UNREGISTER_ALG(dh, crypto_unregister_kpp);
#endif /* LINUXKM_DH */
#ifdef HAVE_FFDHE_2048
UNREGISTER_ALG(ffdhe2048, crypto_unregister_kpp);
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
UNREGISTER_ALG(ffdhe3072, crypto_unregister_kpp);
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
UNREGISTER_ALG(ffdhe4096, crypto_unregister_kpp);
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
UNREGISTER_ALG(ffdhe6144, crypto_unregister_kpp);
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
UNREGISTER_ALG(ffdhe8192, crypto_unregister_kpp);
#endif /* HAVE_FFDHE_8192 */
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#undef UNREGISTER_ALG
}

36
wolfcrypt/src/dh.c
View File

@ -1373,6 +1373,38 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
return ret;
}
#if defined(WOLFSSL_DH_GEN_PUB)
/**
* Given a DhKey with set params and a priv key, generate the corresponding
* public key. If fips, does pub key validation.
* */
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
byte* pub, word32* pubSz)
{
int ret = 0;
if (key == NULL || priv == NULL || privSz == 0 ||
pub == NULL || pubSz == NULL) {
return BAD_FUNC_ARG;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = GeneratePublicDh(key, priv, privSz, pub, pubSz);
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
if (ret == 0)
ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
if (ret == 0)
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz);
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif /* WOLFSSL_DH_GEN_PUB */
static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
byte* priv, word32* privSz, byte* pub, word32* pubSz)
{
@ -2501,8 +2533,8 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
#endif /* WOLFSSL_DH_EXTRA */
static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
word32 gSz, const byte* q, word32 qSz, int trusted,
WC_RNG* rng)
word32 gSz, const byte* q, word32 qSz, int trusted,
WC_RNG* rng)
{
int ret = 0;
mp_int* keyP = NULL;

34
wolfcrypt/test/test.c
View File

@ -23348,6 +23348,40 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#if defined(WOLFSSL_DH_GEN_PUB) && defined(WOLFSSL_DH_EXTRA)
/* additional test for wc_DhGeneratePublic:
* 1. reset key2.
* 2. using priv from dh key 1, generate pub2 with
* wc_DhGeneratePublic.
* 3. test equality pub2 == pub1. */
wc_FreeDhKey(key2);
pubSz2 = MAX_DH_KEY_SZ;
XMEMSET(pub2, 0, pubSz2);
ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_PUBLIC_FFDHE
ret = wc_DhSetKey_ex(key2, params->p, params->p_len, params->g,
params->g_len, NULL /* q */, 0 /* qSz */);
#else
ret = wc_DhSetNamedKey(key2, name);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* using key 1 private, generate key2 public and test equality. */
ret = wc_DhGeneratePublic(key2, priv, privSz, pub2, &pubSz2);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
if (pubSz != pubSz2 || XMEMCMP(pub, pub2, pubSz)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* WOLFSSL_DH_GEN_PUB && WOLFSSL_DH_EXTRA */
#if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
!defined(HAVE_INTEL_QA)
/* Make p even */

4
wolfssl/wolfcrypt/dh.h
View File

@ -145,6 +145,10 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
WOLFSSL_API int wc_InitDhKey(DhKey* key);
WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
WOLFSSL_API int wc_FreeDhKey(DhKey* key);
#if defined(WOLFSSL_DH_GEN_PUB)
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
byte* pub, word32* pubSz);
#endif /* WOLFSSL_DH_GEN_PUB */
WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
word32* privSz, byte* pub, word32* pubSz);