wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 17:32:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add several library configurations from os-check.yml to the Rust wrapper CI build

Browse Source
This commit is contained in:
Josh Holtrop
2025-12-01 10:25:18 -05:00
parent bc615a26e9
commit 08f2b36678
11 changed files with 124 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
.github/workflows/rust-wrapper.yml vendored
View File

@@ -24,10 +24,55 @@ jobs:
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
configure: ${{ matrix.config }}
- name: Build Rust Wrapper
working-directory: wolfssl
run: make -C wrapper/rust
- name: Run Rust Wrapper Tests
working-directory: wolfssl
run: make -C wrapper/rust test
strategy:
matrix:
config: [
# Add new configs here
'',
'--enable-all --enable-asn=template',
'--enable-all --enable-asn=original',
'--enable-all --enable-asn=template CPPFLAGS=-DWOLFSSL_OLD_OID_SUM',
'--enable-all --enable-asn=original CPPFLAGS=-DWOLFSSL_OLD_OID_SUM',
'--enable-harden-tls',
'--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
'--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
--enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu',
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
--enable-psk --enable-aesccm --enable-nullcipher
CPPFLAGS=-DWOLFSSL_STATIC_RSA',
'--enable-ascon --enable-experimental',
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
'--enable-sniffer --enable-curve25519 --enable-curve448 --enable-enckeys
CPPFLAGS=-DWOLFSSL_DH_EXTRA',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu CPPFLAGS=-DWOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS',
'--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ',
'--enable-opensslextra=x509small',
'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
'--enable-lms=small,verify-only --enable-xmss=small,verify-only',
'--disable-sys-ca-certs',
'--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',
'--enable-coding=no',
'--enable-dtls --enable-dtls13 --enable-ocspstapling --enable-ocspstapling2
--enable-cert-setup-cb --enable-sessioncerts',
'--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info',
'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY',
]

4
wolfssl/wolfcrypt/rsa.h
View File

@@ -330,6 +330,7 @@ WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng);
#ifdef WC_RSA_PSS
WOLFSSL_API int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, enum wc_HashType hash, int mgf,
RsaKey* key, WC_RNG* rng);
@@ -337,6 +338,7 @@ WOLFSSL_API int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, enum wc_HashType hash,
int mgf, int saltLen, RsaKey* key,
WC_RNG* rng);
#endif
WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
RsaKey* key);
WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
@@ -346,6 +348,7 @@ WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,
WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, int pad_type,
enum wc_HashType hash);
#ifdef WC_RSA_PSS
WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
enum wc_HashType hash, int mgf,
RsaKey* key);
@@ -378,6 +381,7 @@ WOLFSSL_API int wc_RsaPSS_VerifyCheck(const byte* in, word32 inLen,
const byte* digest, word32 digestLen,
enum wc_HashType hash, int mgf,
RsaKey* key);
#endif
WOLFSSL_API int wc_RsaEncryptSize(const RsaKey* key);

9
wrapper/rust/wolfssl/build.rs
View File

@@ -125,6 +125,11 @@ fn scan_cfg() -> Result<()> {
/* dh */
check_cfg(&binding, "wc_InitDhKey", "dh");
check_cfg(&binding, "wc_DhGenerateParams", "dh_keygen");
check_cfg(&binding, "wc_Dh_ffdhe2048_Get", "dh_ffdhe_2048");
check_cfg(&binding, "wc_Dh_ffdhe3072_Get", "dh_ffdhe_3072");
check_cfg(&binding, "wc_Dh_ffdhe4096_Get", "dh_ffdhe_4096");
check_cfg(&binding, "wc_Dh_ffdhe6144_Get", "dh_ffdhe_6144");
check_cfg(&binding, "wc_Dh_ffdhe8192_Get", "dh_ffdhe_8192");
/* ecc */
check_cfg(&binding, "wc_ecc_init", "ecc");
@@ -155,6 +160,9 @@ fn scan_cfg() -> Result<()> {
check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify");
check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify");
/* hkdf */
check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf");
/* kdf */
check_cfg(&binding, "wc_PBKDF2", "kdf_pbkdf2");
check_cfg(&binding, "wc_PKCS12_PBKDF_ex", "kdf_pkcs12");
@@ -169,6 +177,7 @@ fn scan_cfg() -> Result<()> {
check_cfg(&binding, "wc_InitRsaKey", "rsa");
check_cfg(&binding, "wc_RsaDirect", "rsa_direct");
check_cfg(&binding, "wc_MakeRsaKey", "rsa_keygen");
check_cfg(&binding, "wc_RsaPSS_Sign", "rsa_pss");
/* sha */
check_cfg(&binding, "wc_InitSha", "sha");

38
wrapper/rust/wolfssl/src/wolfcrypt/dh.rs
View File

@@ -38,14 +38,19 @@ pub struct DH {
impl DH {
/// ffdhe2048 named parameter group.
#[cfg(dh_ffdhe_2048)]
pub const FFDHE_2048: i32 = sys::WC_FFDHE_2048 as i32;
/// ffdhe3072 named parameter group.
#[cfg(dh_ffdhe_3072)]
pub const FFDHE_3072: i32 = sys::WC_FFDHE_3072 as i32;
/// ffdhe4096 named parameter group.
#[cfg(dh_ffdhe_4096)]
pub const FFDHE_4096: i32 = sys::WC_FFDHE_4096 as i32;
/// ffdhe6144 named parameter group.
#[cfg(dh_ffdhe_6144)]
pub const FFDHE_6144: i32 = sys::WC_FFDHE_6144 as i32;
/// ffdhe8192 named parameter group.
#[cfg(dh_ffdhe_8192)]
pub const FFDHE_8192: i32 = sys::WC_FFDHE_8192 as i32;
/// Perform quick validity check of public key value against prime.
@@ -68,6 +73,8 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut rng = RNG::new().expect("Failed to create RNG");
@@ -87,6 +94,7 @@ impl DH {
/// dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()");
/// let p = &p[0..(p_size as usize)];
/// DH::check_pub_value(p, public).expect("Error with check_pub_value()");
/// }
/// ```
pub fn check_pub_value(prime: &[u8], public: &[u8]) -> Result<(), i32> {
let prime_size = prime.len() as u32;
@@ -117,6 +125,8 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()");
@@ -130,6 +140,7 @@ impl DH {
/// let p = &p[0..(p_size as usize)];
/// let g = &g[0..(g_size as usize)];
/// assert!(DH::compare_named_key(DH::FFDHE_2048, p, g, None));
/// }
/// ```
pub fn compare_named_key(name: i32, p: &[u8], g: &[u8], q: Option<&[u8]>) -> bool {
let p_size = p.len() as u32;
@@ -244,10 +255,13 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let min_key_size = DH::get_min_key_size_for_named_parameters(DH::FFDHE_2048);
/// assert_eq!(min_key_size, 29);
/// }
/// ```
pub fn get_min_key_size_for_named_parameters(name: i32) -> u32 {
unsafe { sys::wc_DhGetNamedKeyMinSize(name) }
@@ -265,12 +279,15 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut p_size = 0u32;
/// let mut g_size = 0u32;
/// let mut q_size = 0u32;
/// DH::get_named_parameter_sizes(DH::FFDHE_2048, &mut p_size, &mut g_size, &mut q_size);
/// }
/// ```
pub fn get_named_parameter_sizes(name: i32, p_size: &mut u32, g_size: &mut u32, q_size: &mut u32) {
unsafe {
@@ -292,9 +309,12 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()");
/// }
/// ```
pub fn new_named(name: i32) -> Result<Self, i32> {
Self::new_named_ex(name, None, None)
@@ -317,9 +337,12 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut dh = DH::new_named_ex(DH::FFDHE_2048, None, None).expect("Error with new_named_ex()");
/// }
/// ```
pub fn new_named_ex(name: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
let mut wc_dhkey: MaybeUninit<sys::DhKey> = MaybeUninit::uninit();
@@ -1023,6 +1046,8 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1035,6 +1060,7 @@ impl DH {
/// let private = &private[0..(private_size as usize)];
/// let public = &public[0..(public_size as usize)];
/// dh.check_key_pair(public, private).expect("Error with check_key_pair()");
/// }
/// ```
pub fn check_key_pair(&mut self, public: &[u8], private: &[u8]) -> Result<(), i32> {
let public_size = public.len() as u32;
@@ -1066,6 +1092,8 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1077,6 +1105,7 @@ impl DH {
/// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()");
/// let private = &private[0..(private_size as usize)];
/// dh.check_priv_key(private).expect("Error with check_priv_key()");
/// }
/// ```
pub fn check_priv_key(&mut self, private: &[u8]) -> Result<(), i32> {
let private_size = private.len() as u32;
@@ -1230,6 +1259,8 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1241,6 +1272,7 @@ impl DH {
/// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()");
/// let public = &public[0..(public_size as usize)];
/// dh.check_pub_key(public).expect("Error with check_pub_key()");
/// }
/// ```
pub fn check_pub_key(&mut self, public: &[u8]) -> Result<(), i32> {
let public_size = public.len() as u32;
@@ -1429,6 +1461,8 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut rng = RNG::new().expect("Failed to create RNG");
@@ -1438,6 +1472,7 @@ impl DH {
/// let mut public = [0u8; 256];
/// let mut public_size = 0u32;
/// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()");
/// }
/// ```
pub fn generate_key_pair(&mut self, rng: &mut RNG,
private: &mut [u8], private_size: &mut u32,
@@ -1471,6 +1506,8 @@ impl DH {
/// # Example
///
/// ```rust
/// #[cfg(dh_ffdhe_2048)]
/// {
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::dh::DH;
/// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1488,6 +1525,7 @@ impl DH {
/// let mut ss0 = [0u8; 256];
/// let ss0_size = dh.shared_secret(&mut ss0, &private0, &public1).expect("Error with shared_secret()");
/// let ss0 = &ss0[0..ss0_size];
/// }
/// ```
pub fn shared_secret(&mut self, dout: &mut [u8], private: &[u8], other_pub: &[u8]) -> Result<usize, i32> {
let mut dout_size = dout.len() as u32;

2
wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs
View File

@@ -23,6 +23,8 @@ This module provides a Rust wrapper for the wolfCrypt library's HMAC Key
Derivation Function (HKDF) functionality.
*/
#![cfg(hkdf)]
use crate::sys;
use crate::wolfcrypt::hmac::HMAC;

1
wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs
View File

@@ -24,6 +24,7 @@ Function (KDF) functionality.
*/
use crate::sys;
#[cfg(kdf_tls13)]
use crate::wolfcrypt::hmac::HMAC;
#[cfg(kdf_srtp)]

16
wrapper/rust/wolfssl/src/wolfcrypt/rsa.rs
View File

@@ -754,6 +754,8 @@ impl RSA {
/// # Example
///
/// ```rust
/// #[cfg(rsa_pss)]
/// {
/// use std::fs;
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::rsa::RSA;
@@ -780,7 +782,9 @@ impl RSA {
///
/// let mut verify_out: [u8; 512] = [0; 512];
/// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()");
/// }
/// ```
#[cfg(rsa_pss)]
pub fn pss_sign(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32, rng: &mut RNG) -> Result<usize, i32> {
let din_size = din.len() as u32;
let dout_size = dout.len() as u32;
@@ -813,6 +817,8 @@ impl RSA {
/// # Example
///
/// ```rust
/// #[cfg(rsa_pss)]
/// {
/// use std::fs;
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::rsa::RSA;
@@ -839,7 +845,9 @@ impl RSA {
///
/// let mut verify_out: [u8; 512] = [0; 512];
/// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()");
/// }
/// ```
#[cfg(rsa_pss)]
pub fn pss_check_padding(&mut self, din: &[u8], sig: &[u8], hash_algo: u32) -> Result<(), i32> {
let din_size = din.len() as u32;
let sig_size = sig.len() as u32;
@@ -875,6 +883,8 @@ impl RSA {
/// # Example
///
/// ```rust
/// #[cfg(rsa_pss)]
/// {
/// use std::fs;
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::rsa::RSA;
@@ -901,7 +911,9 @@ impl RSA {
///
/// let mut verify_out: [u8; 512] = [0; 512];
/// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()");
/// }
/// ```
#[cfg(rsa_pss)]
pub fn pss_verify(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32) -> Result<usize, i32> {
let din_size = din.len() as u32;
let dout_size = dout.len() as u32;
@@ -942,6 +954,8 @@ impl RSA {
/// # Example
///
/// ```rust
/// #[cfg(rsa_pss)]
/// {
/// use std::fs;
/// use wolfssl::wolfcrypt::random::RNG;
/// use wolfssl::wolfcrypt::rsa::RSA;
@@ -968,7 +982,9 @@ impl RSA {
///
/// let mut verify_out: [u8; 512] = [0; 512];
/// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()");
/// }
/// ```
#[cfg(rsa_pss)]
pub fn pss_verify_check(&mut self, din: &[u8], dout: &mut [u8], digest: &[u8], hash_algo: u32, mgf: i32) -> Result<usize, i32> {
let din_size = din.len() as u32;
let dout_size = dout.len() as u32;

5
wrapper/rust/wolfssl/tests/test_dh.rs
View File

@@ -4,7 +4,7 @@ use wolfssl::wolfcrypt::dh::DH;
use wolfssl::wolfcrypt::random::RNG;
#[test]
#[cfg(dh_keygen)]
#[cfg(all(dh_keygen, dh_ffdhe_2048))]
fn test_dh_named_parameters() {
assert_eq!(DH::get_min_key_size_for_named_parameters(DH::FFDHE_2048), 29);
@@ -40,7 +40,7 @@ fn test_generate_params() {
}
#[test]
#[cfg(dh_keygen)]
#[cfg(all(dh_keygen, dh_ffdhe_2048))]
fn test_generate_key_pair() {
let mut rng = RNG::new().expect("Error with RNG::new()");
let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()");
@@ -171,6 +171,7 @@ fn test_dh_checks() {
}
#[test]
#[cfg(dh_ffdhe_2048)]
fn test_dh_shared_secret() {
let mut rng = RNG::new().expect("Error with RNG::new()");
let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()");

2
wrapper/rust/wolfssl/tests/test_hkdf.rs
View File

@@ -1,3 +1,5 @@
#![cfg(hkdf)]
use wolfssl::wolfcrypt::hkdf::*;
use wolfssl::wolfcrypt::hmac::HMAC;
use wolfssl::wolfcrypt::sha::SHA256;

2
wrapper/rust/wolfssl/tests/test_kdf.rs
View File

@@ -1,5 +1,7 @@
#[cfg(any(kdf_pbkdf2, kdf_tls13))]
use wolfssl::wolfcrypt::hmac::HMAC;
use wolfssl::wolfcrypt::kdf::*;
#[cfg(kdf_tls13)]
use wolfssl::wolfcrypt::sha::SHA256;
#[test]

2
wrapper/rust/wolfssl/tests/test_rsa.rs
View File

@@ -71,7 +71,7 @@ fn test_rsa_encrypt_decrypt() {
}
#[test]
#[cfg(sha256)]
#[cfg(all(sha256, rsa_pss))]
fn test_rsa_pss() {
let mut rng = RNG::new().expect("Error creating RNG");