diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index dc4ccaddb..f22b61691 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -47,6 +47,124 @@ typedef struct CryptoCb { } CryptoCb; static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS]; + +#ifdef DEBUG_CRYPTOCB +static const char* GetAlgoTypeStr(int algo) +{ + switch (algo) { /* enum wc_AlgoType */ + case WC_ALGO_TYPE_HASH: return "Hash"; + case WC_ALGO_TYPE_CIPHER: return "Cipher"; + case WC_ALGO_TYPE_PK: return "PK"; + case WC_ALGO_TYPE_RNG: return "RNG"; + case WC_ALGO_TYPE_SEED: return "Seed"; + case WC_ALGO_TYPE_HMAC: return "HMAC"; + } + return NULL; +} +static const char* GetPkTypeStr(int pk) +{ + switch (pk) { + case WC_PK_TYPE_RSA: return "RSA"; + case WC_PK_TYPE_DH: return "DH"; + case WC_PK_TYPE_ECDH: return "ECDH"; + case WC_PK_TYPE_ECDSA_SIGN: return "ECDSA-Sign"; + case WC_PK_TYPE_ECDSA_VERIFY: return "ECDSA-Verify"; + case WC_PK_TYPE_ED25519_SIGN: return "ED25519-Sign"; + case WC_PK_TYPE_ED25519_VERIFY: return "ED25519-Verify"; + case WC_PK_TYPE_CURVE25519: return "CURVE25519"; + case WC_PK_TYPE_RSA_KEYGEN: return "RSA KeyGen"; + case WC_PK_TYPE_EC_KEYGEN: return "ECC KeyGen"; + } + return NULL; +} +static const char* GetCipherTypeStr(int cipher) +{ + switch (cipher) { + case WC_CIPHER_AES: return "AES ECB"; + case WC_CIPHER_AES_CBC: return "AES CBC"; + case WC_CIPHER_AES_GCM: return "AES GCM"; + case WC_CIPHER_AES_CTR: return "AES CTR"; + case WC_CIPHER_AES_XTS: return "AES XTS"; + case WC_CIPHER_AES_CFB: return "AES CFB"; + case WC_CIPHER_DES3: return "DES3"; + case WC_CIPHER_DES: return "DES"; + case WC_CIPHER_CHACHA: return "ChaCha20"; + } + return NULL; +} +static const char* GetHashTypeStr(int hash) +{ + switch (hash) { + case WC_HASH_TYPE_MD2: return "MD2"; + case WC_HASH_TYPE_MD4: return "MD4"; + case WC_HASH_TYPE_MD5: return "MD5"; + case WC_HASH_TYPE_SHA: return "SHA-1"; + case WC_HASH_TYPE_SHA224: return "SHA-224"; + case WC_HASH_TYPE_SHA256: return "SHA-256"; + case WC_HASH_TYPE_SHA384: return "SHA-384"; + case WC_HASH_TYPE_SHA512: return "SHA-512"; + case WC_HASH_TYPE_MD5_SHA: return "MD5-SHA1"; + case WC_HASH_TYPE_SHA3_224: return "SHA3-224"; + case WC_HASH_TYPE_SHA3_256: return "SHA3-256"; + case WC_HASH_TYPE_SHA3_384: return "SHA3-384"; + case WC_HASH_TYPE_SHA3_512: return "SHA3-512"; + case WC_HASH_TYPE_BLAKE2B: return "Blake2B"; + case WC_HASH_TYPE_BLAKE2S: return "Blake2S"; + } + return NULL; +} + +#ifndef NO_RSA +static const char* GetRsaType(int type) +{ + switch (type) { + case RSA_PUBLIC_ENCRYPT: return "Public Encrypt"; + case RSA_PUBLIC_DECRYPT: return "Public Decrypt"; + case RSA_PRIVATE_ENCRYPT: return "Private Encrypt"; + case RSA_PRIVATE_DECRYPT: return "Private Decrypt"; + } + return NULL; +} +#endif + +WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) +{ + if (info == NULL) + return; + + if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + printf("Crypto CB: %s %s (%d), %s, Len %d\n", + GetAlgoTypeStr(info->algo_type), + GetPkTypeStr(info->pk.type), info->pk.type, + GetRsaType(info->pk.rsa.type), info->pk.rsa.inLen); + } + else + #endif + { + printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), + GetPkTypeStr(info->pk.type), info->pk.type); + } + } + else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { + printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), + GetCipherTypeStr(info->cipher.type), info->cipher.type); + } + else if (info->algo_type == WC_ALGO_TYPE_HASH) { + printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), + GetHashTypeStr(info->hash.type), info->hash.type); + } + else if (info->algo_type == WC_ALGO_TYPE_HMAC) { + printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), + GetHashTypeStr(info->hmac.macType), info->hmac.macType); + } + else { + printf("CryptoCb: %s \n", GetAlgoTypeStr(info->algo_type)); + } +} +#endif /* DEBUG_CRYPTOCB */ + static CryptoCb* wc_CryptoCb_FindDevice(int devId) { int i; @@ -1130,4 +1248,5 @@ int wc_CryptoCb_DefaultDevID() return ret; } + #endif /* WOLF_CRYPTO_CB */ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 82c12c30d..dcd32a2ac 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1762,30 +1762,38 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) idx = 0; ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, pkcs7->privateKeySz); + /* If not using old FIPS or CAVP selftest, or not using FAST, + * or USER RSA, able to check RSA key. */ + if (ret == 0) { + #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \ + !defined(HAVE_USER_RSA) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA) + + #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_RSA_KEY_CHECK) + /* verify imported private key is a valid key before using it */ + ret = wc_CheckRsaKey(privKey); + if (ret != 0) { + WOLFSSL_MSG("Invalid RSA private key, check " + "pkcs7->privateKey"); + } + #endif + #endif + } + #ifdef WOLF_CRYPTO_CB + else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) { + /* if using crypto callbacks, try public key decode */ + idx = 0; + ret = wc_RsaPublicKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + #endif } else if (pkcs7->devId == INVALID_DEVID) { ret = BAD_FUNC_ARG; } } - /* If not using old FIPS or CAVP selftest, or not using FAST, - or USER RSA, able to check RSA key. */ -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \ - !defined(HAVE_USER_RSA) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA) - - #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_RSA_KEY_CHECK) - /* verify imported private key is a valid key before using it */ - if (ret == 0) { - ret = wc_CheckRsaKey(privKey); - if (ret != 0) { - WOLFSSL_MSG("Invalid RSA private key, check pkcs7->privateKey"); - } - } - #endif -#endif - if (ret == 0) { #ifdef WOLFSSL_ASYNC_CRYPT do { @@ -1844,20 +1852,28 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) idx = 0; ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, pkcs7->privateKeySz); + /* verify imported private key is a valid key before using it */ + if (ret == 0) { + ret = wc_ecc_check_key(privKey); + if (ret != 0) { + WOLFSSL_MSG("Invalid ECC private key, check " + "pkcs7->privateKey"); + } + } + #ifdef WOLF_CRYPTO_CB + else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) { + /* if using crypto callbacks, try public key decode */ + idx = 0; + ret = wc_EccPublicKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + #endif } else if (pkcs7->devId == INVALID_DEVID) { ret = BAD_FUNC_ARG; } } - /* verify imported private key is a valid key before using it */ - if (ret == 0) { - ret = wc_ecc_check_key(privKey); - if (ret != 0) { - WOLFSSL_MSG("Invalid ECC private key, check pkcs7->privateKey"); - } - } - if (ret == 0) { outSz = sizeof(esd->encContentDigest); #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 6b20e72e2..7f2b00297 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -358,6 +358,10 @@ WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId); WOLFSSL_API int wc_CryptoCb_DefaultDevID(void); +#ifdef DEBUG_CRYPTOCB +WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info); +#endif + /* old function names */ #define wc_CryptoDev_RegisterDevice wc_CryptoCb_RegisterDevice #define wc_CryptoDev_UnRegisterDevice wc_CryptoCb_UnRegisterDevice