feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2916 from dgarske/testfixes

Browse Source 
Improvements to ECC key decode and tests
This commit is contained in:
toddouska
2020-04-28 09:57:44 -07:00
committed by GitHub
parent a585e4115e 6185e0f477
commit f770d28ff0
10 changed files with 221 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
IDE/Renesas/e2studio/RA6M3G/client-wolfssl/wolfssl_thread_entry.h Executable file → Normal file
View File

0
IDE/Renesas/e2studio/RA6M3G/common/ra6m3g/README.md Executable file → Normal file
View File

0
IDE/Renesas/e2studio/RA6M3G/server-wolfssl/wolfssl_thread_entry.h Executable file → Normal file
View File

0
src/ssl.c Executable file → Normal file
View File

0
wolfcrypt/benchmark/benchmark.c Executable file → Normal file
View File

59
wolfcrypt/src/asn.c
View File

@@ -9798,9 +9798,8 @@ void wc_FreeDer(DerBuffer** pDer)
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
/* Max X509 header length indicates the max length + 2 ('\n', '\0') */
#define MAX_X509_HEADER_SZ (37 + 2)
/* Note: If items added make sure MAX_X509_HEADER_SZ is
updated to reflect maximum length */
wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
wcchar END_CERT = "-----END CERTIFICATE-----";
#ifdef WOLFSSL_CERT_REQ
@@ -15369,11 +15368,11 @@ static int EccKeyParamCopy(char** dst, char* src)
int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
ecc_key* key, word32 inSz)
{
int length;
int ret;
int version, length;
int curve_id = ECC_CURVE_DEF;
word32 oidSum, localIdx;
byte tag;
byte tag, isPrivFormat = 0;
if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
return BAD_FUNC_ARG;
@@ -15381,12 +15380,44 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
/* Check if ECC private key is being used and skip private portion */
if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) {
isPrivFormat = 1;
/* Type private key */
if (*inOutIdx >= inSz)
return ASN_PARSE_E;
tag = input[*inOutIdx];
*inOutIdx += 1;
if (tag != 4 && tag != 6 && tag != 7)
return ASN_PARSE_E;
/* Skip Private Key */
if (GetLength(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (length > ECC_MAXSIZE)
return BUFFER_E;
*inOutIdx += length;
/* Private Curve Header */
if (*inOutIdx >= inSz)
return ASN_PARSE_E;
tag = input[*inOutIdx];
*inOutIdx += 1;
if (tag != ECC_PREFIX_0)
return ASN_ECC_KEY_E;
if (GetLength(input, inOutIdx, &length, inSz) <= 0)
return ASN_PARSE_E;
}
/* Standard ECC public key */
else {
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
ret = SkipObjectId(input, inOutIdx, inSz);
if (ret != 0)
return ret;
}
if (*inOutIdx >= inSz) {
return BUFFER_E;
@@ -15541,9 +15572,23 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
return ret;
/* get curve id */
curve_id = wc_ecc_get_oid(oidSum, NULL, 0);
if (curve_id < 0)
if ((ret = CheckCurve(oidSum)) < 0)
return ECC_CURVE_OID_E;
else {
curve_id = ret;
}
}
if (isPrivFormat) {
/* Public Curve Header - skip */
if (*inOutIdx >= inSz)
return ASN_PARSE_E;
tag = input[*inOutIdx];
*inOutIdx += 1;
if (tag != ECC_PREFIX_1)
return ASN_ECC_KEY_E;
if (GetLength(input, inOutIdx, &length, inSz) <= 0)
return ASN_PARSE_E;
}
/* key header */

21
wolfcrypt/src/coding.c
View File

@@ -31,17 +31,26 @@
#include <wolfssl/wolfcrypt/coding.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifndef NO_ASN
#include <wolfssl/wolfcrypt/asn.h> /* For PEM_LINE_SZ */
#endif
enum {
BAD = 0xFF, /* invalid encoding */
PAD = '=',
PEM_LINE_SZ = 64,
BASE64_MIN = 0x2B,
BASE16_MIN = 0x30,
};
#ifndef BASE64_LINE_SZ
#ifdef NO_ASN
#define BASE64_LINE_SZ 64
#else
#define BASE64_LINE_SZ PEM_LINE_SZ
#endif
#endif
#ifdef WOLFSSL_BASE64_DECODE
static
@@ -91,7 +100,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
{
word32 i = 0;
word32 j = 0;
word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ );
int ret;
const byte maxIdx = (byte)sizeof(base64Decode) + BASE64_MIN - 1;
@@ -291,7 +300,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
int getSzOnly = (out == NULL);
word32 outSz = (inLen + 3 - 1) / 3 * 4;
word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */
word32 addSz = (outSz + BASE64_LINE_SZ - 1) / BASE64_LINE_SZ; /* new lines */
if (escaped == WC_ESC_NL_ENC)
addSz *= 3; /* instead of just \n, we're doing %0A triplet */
@@ -328,8 +337,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
inLen -= 3;
/* Insert newline after PEM_LINE_SZ, unless no \n requested */
if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen) {
/* Insert newline after BASE64_LINE_SZ, unless no \n requested */
if (escaped != WC_NO_NL_ENC && (++n % (BASE64_LINE_SZ/4)) == 0 && inLen) {
ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly);
if (ret != 0) break;
}

298
wolfcrypt/test/test.c
View File

@@ -120,11 +120,7 @@
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER)
#include <wolfssl/wolfcrypt/asn.h>
#else
#include <wolfssl/wolfcrypt/asn_public.h>
#endif
#include <wolfssl/wolfcrypt/md2.h>
#include <wolfssl/wolfcrypt/md5.h>
#include <wolfssl/wolfcrypt/md4.h>
@@ -1286,18 +1282,17 @@ initDefaultName();
#endif /* NO_MAIN_DRIVER */
/* helper to save DER, convert to PEM and save PEM */
#if !defined(NO_ASN) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
(defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
#if !defined(NO_ASN) && (defined(HAVE_ECC) || \
(!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))))
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB)
#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB)
#else
#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, NULL, NULL, pT, eB)
#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB)
#endif
static int _SaveDerAndPem(const byte* der, int derSz,
byte* pem, int pemSz, const char* fileDer,
const char* filePem, int pemType, int errBase)
const char* fileDer, const char* filePem, int pemType, int errBase)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
int ret;
@@ -1314,32 +1309,53 @@ static int _SaveDerAndPem(const byte* der, int derSz,
}
#endif
if (pem && filePem) {
#ifdef WOLFSSL_DER_TO_PEM
if (filePem) {
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
XFILE pemFile;
#endif
#ifdef WOLFSSL_DER_TO_PEM
byte* pem;
int pemSz;
/* calculate PEM size */
pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType);
if (pemSz < 0) {
return pemSz;
}
pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
return MEMORY_E;
}
/* Convert to PEM */
pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
if (pemSz < 0) {
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return errBase + 2;
}
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
pemFile = XFOPEN(filePem, "wb");
if (!pemFile) {
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return errBase + 3;
}
ret = (int)XFWRITE(pem, 1, pemSz, pemFile);
XFCLOSE(pemFile);
if (ret != pemSz) {
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return errBase + 4;
}
#endif
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* WOLFSSL_DER_TO_PEM */
/* suppress unused variable warnings */
(void)der;
(void)derSz;
(void)filePem;
(void)fileDer;
(void)pemType;
(void)errBase;
return 0;
}
@@ -10357,12 +10373,10 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem";
static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der";
#endif
#ifdef WOLFSSL_KEY_GEN
static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem";
static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der";
static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der";
static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der";
#endif
#if defined(WOLFSSL_CERT_GEN) || \
(defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
static const char* certEccDerFile = CERT_PREFIX "certecc.der";
@@ -12229,7 +12243,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
{
RsaKey caKey;
byte* der;
byte* pem = NULL;
int ret;
Cert* myCert = NULL;
int certSz;
@@ -12255,10 +12268,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
if (der == NULL) {
ERROR_OUT(-7619, exit_rsa);
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
ERROR_OUT(-7620, exit_rsa);
}
myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (myCert == NULL) {
ERROR_OUT(-7621, exit_rsa);
@@ -12337,8 +12346,8 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
FreeDecodedCert(&decode);
#endif
ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile,
certPemFile, CERT_TYPE, -5578);
ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
CERT_TYPE, -5578);
if (ret != 0) {
goto exit_rsa;
}
@@ -12500,8 +12509,8 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
FreeDecodedCert(&decode);
#endif
ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile,
otherCertPemFile, CERT_TYPE, -5598);
ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
CERT_TYPE, -5598);
if (ret != 0) {
goto exit_rsa;
}
@@ -12510,7 +12519,6 @@ exit_rsa:
wc_FreeRsaKey(&caKey);
XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
@@ -12525,7 +12533,6 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
ecc_key caEccKey;
ecc_key caEccKeyPub;
byte* der;
byte* pem = NULL;
Cert* myCert = NULL;
int certSz;
size_t bytes3;
@@ -12547,10 +12554,6 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
if (der == NULL) {
ERROR_OUT(-7645, exit_rsa);
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
ERROR_OUT(-7646, exit_rsa);
}
myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (myCert == NULL) {
ERROR_OUT(-7647, exit_rsa);
@@ -12697,8 +12700,8 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
FreeDecodedCert(&decode);
#endif
ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile,
certEccRsaPemFile, CERT_TYPE, -5616);
ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
CERT_TYPE, -5616);
if (ret != 0) {
goto exit_rsa;
}
@@ -12710,8 +12713,6 @@ exit_rsa:
XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
myCert = NULL;
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
pem = NULL;
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
@@ -12727,7 +12728,6 @@ static int rsa_keygen_test(WC_RNG* rng)
RsaKey genKey;
int ret;
byte* der = NULL;
byte* pem = NULL;
word32 idx = 0;
int derSz = 0;
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
@@ -12766,17 +12766,13 @@ static int rsa_keygen_test(WC_RNG* rng)
if (der == NULL) {
ERROR_OUT(-7665, exit_rsa);
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
ERROR_OUT(-7666, exit_rsa);
}
derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
if (derSz < 0) {
ERROR_OUT(-7667, exit_rsa);
}
ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile,
ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
PRIVATEKEY_TYPE, -5555);
if (ret != 0) {
goto exit_rsa;
@@ -12798,10 +12794,6 @@ static int rsa_keygen_test(WC_RNG* rng)
exit_rsa:
wc_FreeRsaKey(&genKey);
if (pem != NULL) {
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
pem = NULL;
}
if (der != NULL) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
@@ -12816,7 +12808,6 @@ int rsa_test(void)
int ret;
byte* tmp;
byte* der = NULL;
byte* pem = NULL;
size_t bytes;
WC_RNG rng;
RsaKey key;
@@ -13698,10 +13689,6 @@ int rsa_test(void)
if (der == NULL) {
ERROR_OUT(-7758, exit_rsa);
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
ERROR_OUT(-7759, exit_rsa);
}
certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key,
public_key_len, &rng);
@@ -13735,8 +13722,8 @@ int rsa_test(void)
FreeDecodedCert(&decode);
#endif
ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, "./ntru-cert.der",
"./ntru-cert.pem", CERT_TYPE, -5637);
ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem",
CERT_TYPE, -5637);
if (ret != 0) {
goto exit_rsa;
}
@@ -13753,8 +13740,6 @@ int rsa_test(void)
}
#endif
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
pem = NULL;
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
}
@@ -13768,10 +13753,6 @@ int rsa_test(void)
if (der == NULL) {
ERROR_OUT(-7765, exit_rsa);
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
ERROR_OUT(-7766, exit_rsa);
}
if (wc_InitCert(&req)) {
ERROR_OUT(-7767, exit_rsa);
@@ -13846,8 +13827,8 @@ int rsa_test(void)
}
derSz = ret;
ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, certReqDerFile,
certReqPemFile, CERTREQ_TYPE, -5650);
ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
CERTREQ_TYPE, -5650);
if (ret != 0) {
goto exit_rsa;
}
@@ -13857,8 +13838,6 @@ int rsa_test(void)
ERROR_OUT(-7776, exit_rsa);
}
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
pem = NULL;
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
}
@@ -13878,7 +13857,6 @@ exit_rsa:
wc_FreeRsaKey(&caKey);
#endif
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
@@ -14606,7 +14584,6 @@ int dsa_test(void)
#ifdef WOLFSSL_KEY_GEN
{
byte* der;
byte* pem;
int derSz = 0;
DsaKey derIn;
DsaKey genKey;
@@ -14631,25 +14608,17 @@ int dsa_test(void)
wc_FreeDsaKey(&genKey);
return -8011;
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDsaKey(&genKey);
return -8012;
}
derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF);
if (derSz < 0) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -8013;
}
ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile,
keyPemFile, DSA_PRIVATEKEY_TYPE, -5814);
ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
DSA_PRIVATEKEY_TYPE, -5814);
if (ret != 0) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDsaKey(&genKey);
return ret;
}
@@ -14657,7 +14626,6 @@ int dsa_test(void)
ret = wc_InitDsaKey(&derIn);
if (ret != 0) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDsaKey(&genKey);
return -8014;
}
@@ -14666,7 +14634,6 @@ int dsa_test(void)
ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz);
if (ret != 0) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDsaKey(&derIn);
wc_FreeDsaKey(&genKey);
return -8015;
@@ -14674,7 +14641,6 @@ int dsa_test(void)
wc_FreeDsaKey(&derIn);
wc_FreeDsaKey(&genKey);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* WOLFSSL_KEY_GEN */
@@ -17714,6 +17680,10 @@ int x963kdf_test(void)
#ifdef HAVE_ECC
#ifndef ECC_KEYGEN_SIZE
/* size to use for ECC key gen tests */
#define ECC_KEYGEN_SIZE 32
#endif
#ifdef BENCH_EMBEDDED
#define ECC_SHARED_SIZE 128
#else
@@ -18212,9 +18182,9 @@ done:
static int ecc_test_make_pub(WC_RNG* rng)
{
ecc_key key;
unsigned char* exportBuf;
unsigned char* tmp;
unsigned char msg[] = "test wolfSSL ECC public gen";
byte exportBuf[ECC_BUFSIZE];
byte tmp[ECC_BUFSIZE];
const byte* msg = (const byte*)"test wolfSSL ECC public gen";
word32 x, tmpSz;
int ret = 0;
ecc_point* pubPoint = NULL;
@@ -18231,33 +18201,15 @@ static int ecc_test_make_pub(WC_RNG* rng)
wc_ecc_init_ex(&key, HEAP_HINT, devId);
#ifdef USE_CERT_BUFFERS_256
tmp = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
return -9613;
}
exportBuf = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (exportBuf == NULL) {
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -9614;
}
XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
tmpSz = (size_t)sizeof_ecc_key_der_256;
#else
tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
return -9615;
}
exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (exportBuf == NULL) {
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -9616;
}
file = XFOPEN(eccKeyDerFile, "rb");
if (!file) {
ERROR_OUT(-9617, done);
}
tmpSz = (word32)XFREAD(tmp, 1, FOURK_BUF, file);
tmpSz = (word32)XFREAD(tmp, 1, sizeof(tmp), file);
XFCLOSE(file);
#endif /* USE_CERT_BUFFERS_256 */
@@ -18279,7 +18231,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
}
#ifdef HAVE_ECC_KEY_EXPORT
x = FOURK_BUF;
x = sizeof(exportBuf);
ret = wc_ecc_export_private_only(&key, exportBuf, &x);
if (ret != 0) {
ERROR_OUT(-9621, done);
@@ -18293,7 +18245,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
ERROR_OUT(-9622, done);
}
x = FOURK_BUF;
x = sizeof(exportBuf);
ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
if (ret == 0) {
ERROR_OUT(-9623, done);
@@ -18321,7 +18273,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
#ifdef HAVE_ECC_KEY_EXPORT
/* export should still fail, is private only key */
x = FOURK_BUF;
x = sizeof(exportBuf);
ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
if (ret == 0) {
ERROR_OUT(-9627, done);
@@ -18329,13 +18281,13 @@ static int ecc_test_make_pub(WC_RNG* rng)
#endif /* HAVE_ECC_KEY_EXPORT */
#if defined(WOLFSSL_CRYPTOCELL)
/* create a new key since building private key from public key is unsupported */
ret = wc_ecc_make_key(rng, 32, &key);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key);
if (ret == 0) {
ERROR_OUT(-9628, done);
}
#endif
#ifdef HAVE_ECC_SIGN
tmpSz = FOURK_BUF;
tmpSz = sizeof(tmp);
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
@@ -18369,7 +18321,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
TEST_SLEEP();
#ifdef HAVE_ECC_KEY_EXPORT
/* exporting the public part should now work */
x = FOURK_BUF;
x = sizeof(exportBuf);
ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
if (ret != 0) {
ERROR_OUT(-9632, done);
@@ -18381,7 +18333,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
/* now test private only key with creating a shared secret */
x = FOURK_BUF;
x = sizeof(exportBuf);
ret = wc_ecc_export_private_only(&key, exportBuf, &x);
if (ret != 0) {
ERROR_OUT(-9633, done);
@@ -18396,7 +18348,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
}
/* check that public export fails with private only key */
x = FOURK_BUF;
x = sizeof(exportBuf);
ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
if (ret == 0) {
ERROR_OUT(-9635, done);
@@ -18404,7 +18356,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
/* make public key for shared secret */
wc_ecc_init_ex(&pub, HEAP_HINT, devId);
ret = wc_ecc_make_key(rng, 32, &pub);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &pub);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
@@ -18413,7 +18365,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
}
TEST_SLEEP();
x = FOURK_BUF;
x = sizeof(exportBuf);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
@@ -18433,18 +18385,62 @@ static int ecc_test_make_pub(WC_RNG* rng)
done:
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_ecc_del_point_h(pubPoint, HEAP_HINT);
wc_ecc_free(&key);
return ret;
}
static int ecc_test_key_decode(WC_RNG* rng, int keySize)
{
int ret;
ecc_key eccKey;
byte tmpBuf[ECC_BUFSIZE];
word32 tmpSz;
word32 idx;
ret = wc_ecc_init(&eccKey);
if (ret != 0) {
return ret;
}
ret = wc_ecc_make_key(rng, keySize, &eccKey);
if (ret != 0) {
wc_ecc_free(&eccKey);
return ret;
}
tmpSz = sizeof(tmpBuf);
ret = wc_EccKeyToDer(&eccKey, tmpBuf, tmpSz);
wc_ecc_free(&eccKey);
if (ret < 0) {
return ret;
}
tmpSz = ret;
ret = wc_ecc_init(&eccKey);
if (ret != 0) {
return ret;
}
idx = 0;
ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, &eccKey, tmpSz);
wc_ecc_free(&eccKey);
if (ret != 0) {
return ret;
}
ret = wc_ecc_init(&eccKey);
if (ret != 0) {
return 0;
}
idx = 0;
ret = wc_EccPublicKeyDecode(tmpBuf, &idx, &eccKey, tmpSz);
wc_ecc_free(&eccKey);
return ret;
}
#endif /* HAVE_ECC_KEY_IMPORT */
#ifdef WOLFSSL_KEY_GEN
static int ecc_test_key_gen(WC_RNG* rng, int keySize)
{
int ret = 0;
@@ -18452,20 +18448,9 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
#ifdef HAVE_PKCS8
word32 pkcs8Sz;
#endif
byte* der;
byte* pem;
byte der[ECC_BUFSIZE];
ecc_key userA;
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
return -9638;
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -9639;
}
ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
if (ret != 0)
goto done;
@@ -18483,19 +18468,19 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
goto done;
TEST_SLEEP();
derSz = wc_EccKeyToDer(&userA, der, FOURK_BUF);
derSz = wc_EccKeyToDer(&userA, der, sizeof(der));
if (derSz < 0) {
ERROR_OUT(derSz, done);
}
ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, eccCaKeyTempFile,
eccCaKeyPemFile, ECC_PRIVATEKEY_TYPE, -8347);
ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
ECC_PRIVATEKEY_TYPE, -8347);
if (ret != 0) {
goto done;
}
/* test export of public key */
derSz = wc_EccPublicKeyToDer(&userA, der, FOURK_BUF, 1);
derSz = wc_EccPublicKeyToDer(&userA, der, sizeof(der), 1);
if (derSz < 0) {
ERROR_OUT(derSz, done);
}
@@ -18503,8 +18488,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
ERROR_OUT(-9640, done);
}
ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile,
NULL, 0, -8348);
ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348);
if (ret != 0) {
goto done;
}
@@ -18521,8 +18505,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
ERROR_OUT(-9641, done);
}
ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile,
NULL, 0, -8349);
ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349);
if (ret != 0) {
goto done;
}
@@ -18530,13 +18513,10 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
done:
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_ecc_free(&userA);
return ret;
}
#endif /* WOLFSSL_KEY_GEN */
static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
int curve_id, const ecc_set_type* dp)
@@ -18911,7 +18891,17 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
}
#endif
#ifdef WOLFSSL_KEY_GEN
ret = ecc_test_key_decode(rng, keySize);
if (ret < 0) {
if (ret == ECC_CURVE_OID_E) {
/* ignore error for curves not found */
}
else {
printf("ecc_test_key_decode %d failed!: %d\n", keySize, ret);
return ret;
}
}
ret = ecc_test_key_gen(rng, keySize);
if (ret < 0) {
if (ret == ECC_CURVE_OID_E) {
@@ -18922,7 +18912,6 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
return ret;
}
}
#endif
return 0;
}
@@ -19432,7 +19421,7 @@ static int ecc_def_curve_test(WC_RNG *rng)
goto done;
}
ret = wc_ecc_make_key(rng, 32, &key);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
@@ -19754,22 +19743,23 @@ static int ecc_test_cert_gen(WC_RNG* rng)
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode;
#endif
byte* der;
byte* pem = NULL;
#ifdef WOLFSSL_SMALL_STACK
byte* der = NULL;
#else
byte der[FOURK_BUF];
#endif
ecc_key caEccKey;
ecc_key certPubKey;
XMEMSET(&caEccKey, 0, sizeof(caEccKey));
XMEMSET(&certPubKey, 0, sizeof(certPubKey));
#ifdef WOLFSSL_SMALL_STACK
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ERROR_OUT(-9817, exit);
}
pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
ERROR_OUT(-9818, exit);
}
#endif
/* Get cert private key */
#ifdef ENABLE_ECC384_CERT_GEN_TEST
@@ -19820,7 +19810,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
ERROR_OUT(-9823, exit);
}
ret = wc_ecc_make_key(rng, 32, &certPubKey);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &certPubKey);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
@@ -19920,19 +19910,19 @@ static int ecc_test_cert_gen(WC_RNG* rng)
FreeDecodedCert(&decode);
#endif
ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccDerFile,
certEccPemFile, CERT_TYPE, -6735);
ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
CERT_TYPE, -6735);
if (ret != 0) {
goto exit;
}
exit:
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
wc_ecc_free(&certPubKey);
wc_ecc_free(&caEccKey);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* WOLFSSL_CERT_GEN */
@@ -19949,7 +19939,7 @@ static int ecc_test_allocator(WC_RNG* rng)
ERROR_OUT(-9833, exit);
}
ret = wc_ecc_make_key(rng, 32, key);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
if (ret != 0) {
ERROR_OUT(-9834, exit);
}
@@ -20149,7 +20139,7 @@ int ecc_encrypt_test(void)
if (ret != 0)
goto done;
ret = wc_ecc_make_key(&rng, 32, &userA);
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userA);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
@@ -20157,7 +20147,7 @@ int ecc_encrypt_test(void)
ret = -10001; goto done;
}
ret = wc_ecc_make_key(&rng, 32, &userB);
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userB);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE);
#endif

5
wolfssl/wolfcrypt/asn.h
View File

@@ -326,6 +326,8 @@ enum Misc_ASN {
/* Maximum DER digest size */
MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
/* Maximum DER digest ASN header size */
/* Max X509 header length indicates the max length + 2 ('\n', '\0') */
MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */
#ifdef WOLFSSL_CERT_GEN
#ifdef WOLFSSL_CERT_REQ
/* Max encoded cert req attributes length */
@@ -377,7 +379,8 @@ enum Misc_ASN {
PKCS5_SALT_SZ = 8,
PEM_LINE_LEN = 80, /* PEM line max + fudge */
PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */
PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */
};

0
wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs Executable file → Normal file
View File