mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:40:49 +02:00
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
This commit is contained in:
@@ -29,9 +29,8 @@ jobs:
|
||||
- name: RSA
|
||||
cppflags: -DWOLF_CRYPTO_CB_ONLY_RSA
|
||||
# WOLF_CRYPTO_CB_ONLY_SHA256: strips software SHA-256; swdev provides
|
||||
# the software path via cryptocb. SHA-224 not yet supported.
|
||||
# the software path via cryptocb.
|
||||
- name: SHA256
|
||||
extra_config: --disable-sha224
|
||||
cppflags: -DWOLF_CRYPTO_CB_ONLY_SHA256
|
||||
# WOLF_CRYPTO_CB_ONLY_AES: strips software AES; swdev provides the
|
||||
# software path via cryptocb.
|
||||
@@ -49,7 +48,6 @@ jobs:
|
||||
# algorithm call that a single-strip entry would still resolve via
|
||||
# the remaining software paths.
|
||||
- name: ALL
|
||||
extra_config: --disable-sha224
|
||||
cppflags: >-
|
||||
-DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA
|
||||
-DWOLF_CRYPTO_CB_ONLY_SHA256 -DWOLF_CRYPTO_CB_ONLY_AES
|
||||
|
||||
@@ -119,8 +119,7 @@ struct layouts, so flipping them between the two compiles is safe.
|
||||
CPPFLAGS="-DWOLF_CRYPTO_CB_ONLY_ECC \
|
||||
-DWOLF_CRYPTO_CB_ONLY_RSA \
|
||||
-DWOLF_CRYPTO_CB_ONLY_SHA256 \
|
||||
-DWOLF_CRYPTO_CB_ONLY_AES" \
|
||||
--disable-sha224
|
||||
-DWOLF_CRYPTO_CB_ONLY_AES"
|
||||
make
|
||||
make check
|
||||
```
|
||||
@@ -135,8 +134,6 @@ Notes:
|
||||
Out-of-tree (VPATH) builds fail at configure time. swdev is built
|
||||
from `wolfcrypt/test/include.am` and inherits `PARENT_SRCS`,
|
||||
`PARENT_BUILD_CFLAGS`, etc., from the parent build.
|
||||
- `--disable-sha224` is required when `WOLF_CRYPTO_CB_ONLY_SHA256` is
|
||||
set: SHA-224 is unsupported for now.
|
||||
|
||||
For the full CI matrix that exercises each `_ONLY_*` macro, see
|
||||
`.github/workflows/cryptocb-only.yml`.
|
||||
|
||||
@@ -209,6 +209,44 @@ out:
|
||||
wc_Sha256Free(&shadow);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SHA224
|
||||
/* SHA-224 is SHA-256 with a different IV/truncation; wc_Sha224 is a typedef
|
||||
* of wc_Sha256, so the same shadow/copy-state dance applies. */
|
||||
static int swdev_sha224(wc_CryptoInfo* info)
|
||||
{
|
||||
wc_Sha224* sha224 = info->hash.sha224;
|
||||
wc_Sha224 shadow;
|
||||
int ret;
|
||||
|
||||
if (sha224 == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ret = wc_InitSha224(&shadow);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
swdev_sha256_copy_state((wc_Sha256*)&shadow, (const wc_Sha256*)sha224);
|
||||
|
||||
if (info->hash.in != NULL) {
|
||||
ret = wc_Sha224Update(&shadow, info->hash.in, info->hash.inSz);
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (info->hash.digest != NULL) {
|
||||
ret = wc_Sha224Final(&shadow, info->hash.digest);
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
}
|
||||
|
||||
swdev_sha256_copy_state((wc_Sha256*)sha224, (const wc_Sha256*)&shadow);
|
||||
|
||||
out:
|
||||
wc_Sha224Free(&shadow);
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_SHA224 */
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifndef NO_AES
|
||||
@@ -513,6 +551,10 @@ WC_SWDEV_EXPORT int wc_SwDev_Callback(int devId, wc_CryptoInfo* info,
|
||||
switch (info->hash.type) {
|
||||
case WC_HASH_TYPE_SHA256:
|
||||
return swdev_sha256(info);
|
||||
#ifdef WOLFSSL_SHA224
|
||||
case WC_HASH_TYPE_SHA224:
|
||||
return swdev_sha224(info);
|
||||
#endif
|
||||
default:
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
}
|
||||
|
||||
+73
-4
@@ -60,10 +60,6 @@ on the specific device platform.
|
||||
|
||||
#if !defined(NO_SHA256) && !defined(WOLFSSL_RISCV_ASM)
|
||||
|
||||
#if defined(WOLF_CRYPTO_CB_ONLY_SHA256) && defined(WOLFSSL_SHA224)
|
||||
#error "WOLF_CRYPTO_CB_ONLY_SHA256 is incompatible with WOLFSSL_SHA224"
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
|
||||
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
|
||||
#define FIPS_NO_WRAPPERS
|
||||
@@ -2148,6 +2144,35 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
|
||||
#elif defined(PSOC6_HASH_SHA2)
|
||||
/* Implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
|
||||
|
||||
#elif defined(WOLF_CRYPTO_CB_ONLY_SHA256)
|
||||
int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
|
||||
{
|
||||
int ret;
|
||||
if (sha224 == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
ret = InitSha256((wc_Sha256*)sha224);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
sha224->digest[0] = 0xc1059ed8;
|
||||
sha224->digest[1] = 0x367cd507;
|
||||
sha224->digest[2] = 0x3070dd17;
|
||||
sha224->digest[3] = 0xf70e5939;
|
||||
sha224->digest[4] = 0xffc00b31;
|
||||
sha224->digest[5] = 0x68581511;
|
||||
sha224->digest[6] = 0x64f98fa7;
|
||||
sha224->digest[7] = 0xbefa4fa4;
|
||||
sha224->heap = heap;
|
||||
sha224->devId = devId;
|
||||
sha224->devCtx = NULL;
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
sha224->W = NULL;
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
XMEMSET(&sha224->asyncDev, 0, sizeof(sha224->asyncDev));
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#define NEED_SOFT_SHA224
|
||||
@@ -2369,6 +2394,50 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
|
||||
}
|
||||
#endif /* end of SHA224 software implementation */
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB_ONLY_SHA256
|
||||
|
||||
int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len)
|
||||
{
|
||||
if (sha224 == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
if (data == NULL && len == 0)
|
||||
return 0;
|
||||
if (data == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifndef WOLF_CRYPTO_CB_FIND
|
||||
if (sha224->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
int ret = wc_CryptoCb_Sha224Hash(sha224, data, len, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
}
|
||||
|
||||
return NO_VALID_DEVID;
|
||||
}
|
||||
|
||||
int wc_Sha224Final(wc_Sha224* sha224, byte* hash)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (sha224 == NULL || hash == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifndef WOLF_CRYPTO_CB_FIND
|
||||
if (sha224->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_Sha224Hash(sha224, NULL, 0, hash);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
}
|
||||
|
||||
return NO_VALID_DEVID;
|
||||
}
|
||||
|
||||
#endif /* WOLF_CRYPTO_CB_ONLY_SHA256 */
|
||||
|
||||
int wc_InitSha224(wc_Sha224* sha224)
|
||||
{
|
||||
int devId = INVALID_DEVID;
|
||||
|
||||
@@ -72301,6 +72301,40 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA224
|
||||
if (info->hash.type == WC_HASH_TYPE_SHA224) {
|
||||
if (info->hash.sha224 == NULL)
|
||||
return NOT_COMPILED_IN;
|
||||
|
||||
/* set devId to invalid, so software is used */
|
||||
info->hash.sha224->devId = INVALID_DEVID;
|
||||
#if defined(WOLF_CRYPTO_CB_ONLY_SHA256)
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
|
||||
#endif
|
||||
if (myCtx->exampleVar == 99) {
|
||||
info->hash.sha224->devId = devIdArg;
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (info->hash.in != NULL) {
|
||||
ret = wc_Sha224Update(
|
||||
info->hash.sha224,
|
||||
info->hash.in,
|
||||
info->hash.inSz);
|
||||
}
|
||||
if (info->hash.digest != NULL) {
|
||||
ret = wc_Sha224Final(
|
||||
info->hash.sha224,
|
||||
info->hash.digest);
|
||||
}
|
||||
|
||||
/* reset devId */
|
||||
info->hash.sha224->devId = devIdArg;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
if (info->hash.type == WC_HASH_TYPE_SHA384) {
|
||||
if (info->hash.sha384 == NULL)
|
||||
|
||||
Reference in New Issue
Block a user