Fix CMake SHE deps, const-correctness in CryptoCb uid, stale comment, XSTRLEN double call, configure.ac AES-CBC guard, and add LoadKey/LoadKey_Verify test coverage

This commit is contained in:
night1rider
2026-04-09 13:28:50 -06:00
parent 92bd03a8a2
commit 1078e797f8
8 changed files with 194 additions and 19 deletions
+2
View File
@@ -1652,6 +1652,8 @@ if(WOLFSSL_SHE STREQUAL "standard" OR WOLFSSL_SHE STREQUAL "extended")
else()
list(APPEND WOLFSSL_DEFINITIONS
"-DWOLFSSL_SHE")
override_cache(WOLFSSL_CMAC "yes")
override_cache(WOLFSSL_AESCBC "yes")
endif()
endif()
+4
View File
@@ -5957,6 +5957,10 @@ AC_ARG_ENABLE([she],
if test "x$ENABLED_SHE" = "xstandard" || test "x$ENABLED_SHE" = "xextended"
then
if test "$ENABLED_AESCBC" = "no"
then
AC_MSG_ERROR([SHE requires AES-CBC. Cannot use --disable-aescbc with --enable-she.])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHE -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"
ENABLED_CMAC=yes
ENABLED_AESCBC=yes
+142 -12
View File
@@ -499,18 +499,32 @@ static int test_she_crypto_cb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->she.op.generateM1M2M3.m3Sz);
break;
case WC_SHE_GENERATE_M4M5:
ret = wc_SHE_GenerateM4M5(she,
info->she.op.generateM4M5.uid,
info->she.op.generateM4M5.uidSz,
info->she.op.generateM4M5.authKeyId,
info->she.op.generateM4M5.targetKeyId,
info->she.op.generateM4M5.newKey,
info->she.op.generateM4M5.newKeySz,
info->she.op.generateM4M5.counter,
info->she.op.generateM4M5.m4,
info->she.op.generateM4M5.m4Sz,
info->she.op.generateM4M5.m5,
info->she.op.generateM4M5.m5Sz);
if (info->she.op.generateM4M5.uid == NULL &&
she->generated) {
/* LoadKey flow: M1/M2/M3 already imported, simulate HSM
* returning M4/M5 from known test vectors. */
if (info->she.op.generateM4M5.m4 != NULL)
XMEMCPY(info->she.op.generateM4M5.m4,
sheTestExpM4, WC_SHE_M4_SZ);
if (info->she.op.generateM4M5.m5 != NULL)
XMEMCPY(info->she.op.generateM4M5.m5,
sheTestExpM5, WC_SHE_M5_SZ);
ret = 0;
}
else {
ret = wc_SHE_GenerateM4M5(she,
info->she.op.generateM4M5.uid,
info->she.op.generateM4M5.uidSz,
info->she.op.generateM4M5.authKeyId,
info->she.op.generateM4M5.targetKeyId,
info->she.op.generateM4M5.newKey,
info->she.op.generateM4M5.newKeySz,
info->she.op.generateM4M5.counter,
info->she.op.generateM4M5.m4,
info->she.op.generateM4M5.m4Sz,
info->she.op.generateM4M5.m5,
info->she.op.generateM4M5.m5Sz);
}
break;
case WC_SHE_EXPORT_KEY:
/* Simulate hardware export -- fill with test pattern */
@@ -635,4 +649,120 @@ int test_wc_SHE_CryptoCb(void)
return EXPECT_RESULT();
}
#ifndef NO_WC_SHE_LOADKEY
int test_wc_SHE_LoadKey(void)
{
EXPECT_DECLS;
int sheTestDevId = 54322;
byte m1[WC_SHE_M1_SZ];
byte m2[WC_SHE_M2_SZ];
byte m3[WC_SHE_M3_SZ];
byte m4[WC_SHE_M4_SZ];
byte m5[WC_SHE_M5_SZ];
ExpectIntEQ(wc_CryptoCb_RegisterDevice(sheTestDevId,
test_she_crypto_cb, NULL), 0);
/* Generate valid M1/M2/M3 from test vectors */
{
wc_SHE she;
ExpectIntEQ(wc_SHE_Init(&she, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_SHE_GenerateM1M2M3(&she,
sheTestUid, sizeof(sheTestUid),
WC_SHE_MASTER_ECU_KEY_ID,
sheTestAuthKey, sizeof(sheTestAuthKey),
4, sheTestNewKey, sizeof(sheTestNewKey), 1, 0,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ,
m3, WC_SHE_M3_SZ), 0);
wc_SHE_Free(&she);
}
/* Basic: LoadKey should import M1/M2/M3 and produce M4/M5 via callback */
ExpectIntEQ(wc_SHE_LoadKey(NULL, sheTestDevId,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ, m3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ), 0);
ExpectIntEQ(XMEMCMP(m4, sheTestExpM4, WC_SHE_M4_SZ), 0);
ExpectIntEQ(XMEMCMP(m5, sheTestExpM5, WC_SHE_M5_SZ), 0);
/* Bad args: NULL m1 */
ExpectIntEQ(wc_SHE_LoadKey(NULL, sheTestDevId,
NULL, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ, m3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Bad args: NULL m4 output */
ExpectIntEQ(wc_SHE_LoadKey(NULL, sheTestDevId,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ, m3, WC_SHE_M3_SZ,
NULL, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Bad args: INVALID_DEVID */
ExpectIntEQ(wc_SHE_LoadKey(NULL, INVALID_DEVID,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ, m3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Bad args: wrong M1 size */
ExpectIntEQ(wc_SHE_LoadKey(NULL, sheTestDevId,
m1, WC_SHE_M1_SZ - 1, m2, WC_SHE_M2_SZ,
m3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_CryptoCb_UnRegisterDevice(sheTestDevId);
return EXPECT_RESULT();
}
int test_wc_SHE_LoadKey_Verify(void)
{
EXPECT_DECLS;
int sheTestDevId = 54323;
byte m1[WC_SHE_M1_SZ];
byte m2[WC_SHE_M2_SZ];
byte m3[WC_SHE_M3_SZ];
byte m4[WC_SHE_M4_SZ];
byte m5[WC_SHE_M5_SZ];
byte badM4[WC_SHE_M4_SZ];
ExpectIntEQ(wc_CryptoCb_RegisterDevice(sheTestDevId,
test_she_crypto_cb, NULL), 0);
/* Generate valid M1/M2/M3 from test vectors */
{
wc_SHE she;
ExpectIntEQ(wc_SHE_Init(&she, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_SHE_GenerateM1M2M3(&she,
sheTestUid, sizeof(sheTestUid),
WC_SHE_MASTER_ECU_KEY_ID,
sheTestAuthKey, sizeof(sheTestAuthKey),
4, sheTestNewKey, sizeof(sheTestNewKey), 1, 0,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ,
m3, WC_SHE_M3_SZ), 0);
wc_SHE_Free(&she);
}
/* Matching: expected M4/M5 match what the callback produces */
ExpectIntEQ(wc_SHE_LoadKey_Verify(NULL, sheTestDevId,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ, m3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ,
sheTestExpM4, WC_SHE_M4_SZ,
sheTestExpM5, WC_SHE_M5_SZ), 0);
/* Mismatch: wrong expected M4 should fail with SIG_VERIFY_E */
XMEMCPY(badM4, sheTestExpM4, WC_SHE_M4_SZ);
badM4[0] ^= 0xFF;
ExpectIntEQ(wc_SHE_LoadKey_Verify(NULL, sheTestDevId,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ, m3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ,
badM4, WC_SHE_M4_SZ,
sheTestExpM5, WC_SHE_M5_SZ),
WC_NO_ERR_TRACE(SIG_VERIFY_E));
wc_CryptoCb_UnRegisterDevice(sheTestDevId);
return EXPECT_RESULT();
}
#endif /* !NO_WC_SHE_LOADKEY */
#endif /* WOLF_CRYPTO_CB && WOLFSSL_SHE && !NO_AES */
+11
View File
@@ -38,6 +38,10 @@ int test_wc_SHE_SetM2M4Header(void);
#endif
#if defined(WOLF_CRYPTO_CB) && defined(WOLFSSL_SHE)
int test_wc_SHE_CryptoCb(void);
#ifndef NO_WC_SHE_LOADKEY
int test_wc_SHE_LoadKey(void);
int test_wc_SHE_LoadKey_Verify(void);
#endif
#endif
#define TEST_SHE_DECLS \
@@ -59,8 +63,15 @@ int test_wc_SHE_CryptoCb(void);
#endif
#if defined(WOLF_CRYPTO_CB) && defined(WOLFSSL_SHE)
#if !defined(NO_WC_SHE_LOADKEY)
#define TEST_SHE_CB_DECLS \
TEST_DECL_GROUP("she", test_wc_SHE_CryptoCb), \
TEST_DECL_GROUP("she", test_wc_SHE_LoadKey), \
TEST_DECL_GROUP("she", test_wc_SHE_LoadKey_Verify)
#else
#define TEST_SHE_CB_DECLS \
TEST_DECL_GROUP("she", test_wc_SHE_CryptoCb)
#endif
#else
#define TEST_SHE_CB_DECLS
#endif
+1 -1
View File
@@ -2121,7 +2121,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
#endif /* WOLFSSL_CMAC */
#ifdef WOLFSSL_SHE
int wc_CryptoCb_SheGetUid(wc_SHE* she, const byte* uid, word32 uidSz,
int wc_CryptoCb_SheGetUid(wc_SHE* she, byte* uid, word32 uidSz,
const void* ctx)
{
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+3 -4
View File
@@ -359,9 +359,6 @@ int wc_SHE_SetKdfConstants(wc_SHE* she,
#endif /* WOLFSSL_SHE_EXTENDED */
/* -------------------------------------------------------------------------- */
/* GetUID */
#if defined(WOLF_CRYPTO_CB) || !defined(NO_WC_SHE_IMPORT_M123)
/* -------------------------------------------------------------------------- */
/* Import M1/M2/M3 */
@@ -933,6 +930,7 @@ int wc_SHE_LoadKey_Label(
byte* m5, word32 m5Sz)
{
int ret;
word32 labelLen;
WC_DECLARE_VAR(she, wc_SHE, 1, heap);
if (label == NULL || m1 == NULL || m2 == NULL || m3 == NULL ||
@@ -944,7 +942,8 @@ int wc_SHE_LoadKey_Label(
return BAD_FUNC_ARG;
}
if (XSTRLEN(label) == 0 || XSTRLEN(label) > WC_SHE_MAX_LABEL_LEN) {
labelLen = (word32)XSTRLEN(label);
if (labelLen == 0 || labelLen > WC_SHE_MAX_LABEL_LEN) {
return BAD_FUNC_ARG;
}
+29
View File
@@ -57061,6 +57061,35 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t she_test(void)
goto exit_SHE_Test;
}
#if !defined(NO_WC_SHE_LOADKEY) && \
(defined(WOLF_CRYPTO_CB) || !defined(NO_WC_SHE_IMPORT_M123))
/* ---- LoadKey_Verify ---- */
XMEMSET(m4, 0, WC_SHE_M4_SZ);
XMEMSET(m5, 0, WC_SHE_M5_SZ);
ret = wc_SHE_LoadKey_Verify(HEAP_HINT, devId,
expM1, WC_SHE_M1_SZ, expM2, WC_SHE_M2_SZ,
expM3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ,
expM4, WC_SHE_M4_SZ, expM5, WC_SHE_M5_SZ);
if (devId == INVALID_DEVID) {
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto exit_SHE_Test;
}
}
else {
if (ret != 0) {
goto exit_SHE_Test;
}
if (XMEMCMP(m4, expM4, WC_SHE_M4_SZ) != 0 ||
XMEMCMP(m5, expM5, WC_SHE_M5_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
}
ret = 0;
#endif /* !NO_WC_SHE_LOADKEY */
#if defined(WC_SHE_SW_DEFAULT) && defined(WOLF_CRYPTO_CB) && \
!defined(NO_WC_SHE_GETUID) && !defined(NO_WC_SHE_GETCOUNTER)
ret = she_sw_default_test();
+2 -2
View File
@@ -488,7 +488,7 @@ typedef struct wc_CryptoInfo {
const void* ctx; /* read-only caller context */
union {
struct {
const byte* uid;
byte* uid;
word32 uidSz;
} getUid;
struct {
@@ -862,7 +862,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
#endif
#ifdef WOLFSSL_SHE
WOLFSSL_LOCAL int wc_CryptoCb_SheGetUid(wc_SHE* she, const byte* uid,
WOLFSSL_LOCAL int wc_CryptoCb_SheGetUid(wc_SHE* she, byte* uid,
word32 uidSz, const void* ctx);
WOLFSSL_LOCAL int wc_CryptoCb_SheGetCounter(wc_SHE* she, word32* counter,
const void* ctx);