From 186ff2b365663539e7222c3193715df63e48c678 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 16 Jul 2021 23:07:28 -0500 Subject: [PATCH] make -DNO_ED25519_KEY_{IMPORT,EXPORT} buildable, and fix api.c and suites.c so that -DNO_ED*_KEY_{IMPORT,EXPORT} pass make check. --- src/internal.c | 13 +++++-- src/ssl.c | 31 ++++++++++----- tests/api.c | 70 +++++++++++++++++----------------- tests/suites.c | 6 ++- wolfcrypt/src/asn.c | 31 ++++++++------- wolfssl/test.h | 18 ++++----- wolfssl/wolfcrypt/asn_public.h | 9 ++++- wolfssl/wolfcrypt/ed25519.h | 5 +++ 8 files changed, 109 insertions(+), 74 deletions(-) diff --git a/src/internal.c b/src/internal.c index 3bd73b9f2..404d112e7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4728,6 +4728,10 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer) */ int Ed25519CheckPubKey(WOLFSSL* ssl) { +#ifndef HAVE_ED25519_KEY_IMPORT + (void)ssl; + return NOT_COMPILED_IN; +#else /* HAVE_ED25519_KEY_IMPORT */ ed25519_key* key = (ed25519_key*)ssl->hsKey; int ret = 0; @@ -4754,6 +4758,7 @@ int Ed25519CheckPubKey(WOLFSSL* ssl) } return ret; +#endif /* HAVE_ED25519_KEY_IMPORT */ } /* Sign the data using EdDSA and key using Ed25519. @@ -12631,7 +12636,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) case ED25519k: { int keyRet = 0; @@ -12684,7 +12689,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->ecdhCurveOID = ECC_X25519_OID; break; } - #endif /* HAVE_ED25519 */ + #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) case ED448k: { @@ -21720,7 +21725,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) } } #endif -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) #if !defined(NO_RSA) || defined(HAVE_ECC) FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); #endif @@ -21761,7 +21766,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) goto exit_dpk; } } -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) #if !defined(NO_RSA) || defined(HAVE_ECC) FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); diff --git a/src/ssl.c b/src/ssl.c index d4b01dcf3..386271e81 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5325,7 +5325,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der #endif } #endif /* HAVE_ECC */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED25519k)) { /* make sure Ed25519 key can be used */ #ifdef WOLFSSL_SMALL_STACK @@ -5378,7 +5378,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der XFREE(key, heap, DYNAMIC_TYPE_ED25519); #endif } -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED448k)) { /* make sure Ed448 key can be used */ @@ -47135,7 +47135,14 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, (void) pub; (void) pubSz; return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN */ +#elif !defined(HAVE_ED25519_KEY_EXPORT) + WOLFSSL_MSG("No ED25519 key export built in"); + (void) priv; + (void) privSz; + (void) pub; + (void) pubSz; + return WOLFSSL_FAILURE; +#else /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */ int ret = WOLFSSL_FAILURE; int initTmpRng = 0; WC_RNG *rng = NULL; @@ -47194,7 +47201,7 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, #endif return ret; -#endif /* WOLFSSL_KEY_GEN */ +#endif /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */ } /* return 1 if success, 0 if error @@ -47205,11 +47212,13 @@ int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, const unsigned char *priv, unsigned int privSz, unsigned char *sig, unsigned int *sigSz) { -#if !defined(HAVE_ED25519_SIGN) || !defined(WOLFSSL_KEY_GEN) +#if !defined(HAVE_ED25519_SIGN) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED25519_KEY_IMPORT) #if !defined(HAVE_ED25519_SIGN) WOLFSSL_MSG("No ED25519 sign built in"); #elif !defined(WOLFSSL_KEY_GEN) WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED25519_KEY_IMPORT) + WOLFSSL_MSG("No ED25519 Key import built in"); #endif (void) msg; (void) msgSz; @@ -47218,7 +47227,7 @@ int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, (void) sig; (void) sigSz; return WOLFSSL_FAILURE; -#else /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN */ +#else /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ ed25519_key key; int ret = WOLFSSL_FAILURE; @@ -47251,7 +47260,7 @@ int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, wc_ed25519_free(&key); return ret; -#endif /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN */ +#endif /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ } /* return 1 if success, 0 if error @@ -47262,11 +47271,13 @@ int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, const unsigned char *pub, unsigned int pubSz, const unsigned char *sig, unsigned int sigSz) { -#if !defined(HAVE_ED25519_VERIFY) || !defined(WOLFSSL_KEY_GEN) +#if !defined(HAVE_ED25519_VERIFY) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED25519_KEY_IMPORT) #if !defined(HAVE_ED25519_VERIFY) WOLFSSL_MSG("No ED25519 verify built in"); #elif !defined(WOLFSSL_KEY_GEN) WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED25519_KEY_IMPORT) + WOLFSSL_MSG("No ED25519 Key import built in"); #endif (void) msg; (void) msgSz; @@ -47275,7 +47286,7 @@ int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, (void) sig; (void) sigSz; return WOLFSSL_FAILURE; -#else /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN */ +#else /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ ed25519_key key; int ret = WOLFSSL_FAILURE, check = 0; @@ -47310,7 +47321,7 @@ int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, wc_ed25519_free(&key); return ret; -#endif /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN */ +#endif /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ } #endif /* OPENSSL_EXTRA && HAVE_ED25519 */ diff --git a/tests/api.c b/tests/api.c index 441d50fdf..5538e0fd7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2603,24 +2603,25 @@ static void test_ECDSA_size_sign(void) static void test_ED25519(void) { -#if defined(HAVE_ED25519) && defined(WOLFSSL_KEY_GEN) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(WOLFSSL_KEY_GEN) byte priv[ED25519_PRV_KEY_SIZE]; unsigned int privSz = (unsigned int)sizeof(priv); byte pub[ED25519_PUB_KEY_SIZE]; unsigned int pubSz = (unsigned int)sizeof(pub); -#ifdef HAVE_ED25519_SIGN +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) const char* msg = TEST_STRING; unsigned int msglen = (unsigned int)TEST_STRING_SZ; byte sig[ED25519_SIG_SIZE]; unsigned int sigSz = (unsigned int)sizeof(sig); -#endif /* HAVE_ED25519_SIGN */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), WOLFSSL_SUCCESS); AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE); AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE); -#ifdef HAVE_ED25519_SIGN +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, &sigSz), WOLFSSL_SUCCESS); AssertIntEQ(sigSz, ED25519_SIG_SIZE); @@ -2629,30 +2630,31 @@ static void test_ED25519(void) AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, sigSz), WOLFSSL_SUCCESS); #endif /* HAVE_ED25519_VERIFY */ -#endif /* HAVE_ED25519_SIGN */ -#endif /* HAVE_ED25519 && WOLFSSL_KEY_GEN */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */ } static void test_ED448(void) { -#if defined(HAVE_ED448) && defined(WOLFSSL_KEY_GEN) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + defined(WOLFSSL_KEY_GEN) byte priv[ED448_PRV_KEY_SIZE]; unsigned int privSz = (unsigned int)sizeof(priv); byte pub[ED448_PUB_KEY_SIZE]; unsigned int pubSz = (unsigned int)sizeof(pub); -#ifdef HAVE_ED448_SIGN +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) const char* msg = TEST_STRING; unsigned int msglen = (unsigned int)TEST_STRING_SZ; byte sig[ED448_SIG_SIZE]; unsigned int sigSz = (unsigned int)sizeof(sig); -#endif /* HAVE_ED448_SIGN */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), WOLFSSL_SUCCESS); AssertIntEQ(privSz, ED448_PRV_KEY_SIZE); AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE); -#ifdef HAVE_ED448_SIGN +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, &sigSz), WOLFSSL_SUCCESS); AssertIntEQ(sigSz, ED448_SIG_SIZE); @@ -2661,8 +2663,8 @@ static void test_ED448(void) AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, sigSz), WOLFSSL_SUCCESS); #endif /* HAVE_ED448_VERIFY */ -#endif /* HAVE_ED448_SIGN */ -#endif /* HAVE_ED448 && WOLFSSL_KEY_GEN */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */ } #endif /* OPENSSL_EXTRA */ @@ -6941,7 +6943,8 @@ static void test_wolfSSL_PKCS8(void) static void test_wolfSSL_PKCS8_ED25519(void) { #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ - defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) + defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \ + defined(HAVE_ED25519_KEY_IMPORT) const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n" @@ -6972,7 +6975,8 @@ static void test_wolfSSL_PKCS8_ED25519(void) static void test_wolfSSL_PKCS8_ED448(void) { #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ - defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) + defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \ + defined(HAVE_ED448_KEY_IMPORT) const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n" @@ -18916,8 +18920,10 @@ static int test_wc_ed25519_import_private_key (void) const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n"; word32 privKeySz = sizeof(privKey); word32 pubKeySz = sizeof(pubKey); +#ifdef HAVE_ED25519_KEY_EXPORT byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; word32 bothKeysSz = sizeof(bothKeys); +#endif ret = wc_InitRng(&rng); if (ret != 0) { @@ -19286,8 +19292,8 @@ static int test_wc_Ed25519PublicKeyToDer (void) { int ret = 0; -#if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) int tmp; ed25519_key key; byte derBuf[1024]; @@ -24048,8 +24054,8 @@ static int test_wc_DhPublicKeyDecode(void) static int test_wc_Ed25519KeyToDer (void) { int ret = 0; -#if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed25519_key ed25519Key; @@ -24113,8 +24119,8 @@ static int test_wc_Ed25519KeyToDer (void) static int test_wc_Ed25519PrivateKeyToDer (void) { int ret = 0; -#if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed25519_key ed25519PrivKey; @@ -24361,7 +24367,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) WC_RNG rng; Cert cert; -#if defined(HAVE_ED25519) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) ed25519_key ed25519Key; #endif #if !defined(NO_RSA) && defined(HAVE_RSA) @@ -24371,7 +24377,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) #if defined(HAVE_ECC) ecc_key eccKey; #endif -#if defined(HAVE_ED448) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) ed448_key ed448Key; #endif @@ -24384,7 +24390,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) #endif wc_InitCert(&cert); -#if defined(HAVE_ED25519) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { @@ -24421,9 +24427,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) wc_ecc_free(&eccKey); } #endif -#if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) - +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { @@ -24452,7 +24456,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) WC_RNG rng; Cert cert; -#if defined(HAVE_ED25519) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) ed25519_key ed25519Key; #endif #if !defined(NO_RSA) && defined(HAVE_RSA) @@ -24462,7 +24466,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) #if defined(HAVE_ECC) ecc_key eccKey; #endif -#if defined(HAVE_ED448) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) ed448_key ed448Key; #endif @@ -24475,7 +24479,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) #endif wc_InitCert(&cert); -#if defined(HAVE_ED25519) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { @@ -24512,9 +24516,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) wc_ecc_free(&eccKey); } #endif -#if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) - +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { @@ -28163,7 +28165,7 @@ static void test_wolfSSL_private_keys(void) SSL_CTX_free(ctx); #endif /* end of ECC private key match tests */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else @@ -28189,7 +28191,7 @@ static void test_wolfSSL_private_keys(void) SSL_CTX_free(ctx); #endif /* end of Ed25519 private key match tests */ -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else diff --git a/tests/suites.c b/tests/suites.c index f827cd00a..88ef27291 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -888,7 +888,8 @@ int SuiteTest(int argc, char** argv) #endif #endif #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \ - defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) + defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \ + defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT) /* add ED25519 certificate cipher suite tests */ strcpy(argv0[1], "tests/test-ed25519.conf"); printf("starting ED25519 extra cipher suite tests\n"); @@ -900,7 +901,8 @@ int SuiteTest(int argc, char** argv) } #endif #if defined(HAVE_CURVE448) && defined(HAVE_ED448) && \ - defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_VERIFY) + defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_VERIFY) && \ + defined(HAVE_ED448_KEY_IMPORT) && defined(HAVE_ED448_KEY_EXPORT) /* add ED448 certificate cipher suite tests */ strcpy(argv0[1], "tests/test-ed448.conf"); printf("starting ED448 extra cipher suite tests\n"); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 93b9dc77d..f4df1d63f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3255,7 +3255,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, else #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ - #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) && !defined(NO_ASN_CRYPT) if (ks == ED25519k) { #ifdef WOLFSSL_SMALL_STACK ed25519_key* key_pair; @@ -3296,7 +3296,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, #endif } else - #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ + #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT && !NO_ASN_CRYPT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) && !defined(NO_ASN_CRYPT) if (ks == ED448k) { @@ -3339,7 +3339,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, #endif } else - #endif /* HAVE_ED448 && !NO_ASN_CRYPT */ + #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */ { ret = 0; } @@ -3534,7 +3534,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_ECC && !NO_ASN_CRYPT */ -#if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) && !defined(NO_ASN_CRYPT) if (*algoID != RSAk && *algoID != ECDSAk) { ed25519_key *ed25519 = (ed25519_key *)XMALLOC(sizeof *ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER); if (ed25519 == NULL) @@ -3555,7 +3555,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, } XFREE(ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER); } -#endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT && !NO_ASN_CRYPT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) && !defined(NO_ASN_CRYPT) if (*algoID != RSAk && *algoID != ECDSAk && *algoID != ED25519k) { ed448_key *ed448 = (ed448_key *)XMALLOC(sizeof *ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -7762,7 +7762,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) case ED25519k: { sigCtx->verify = 0; @@ -12607,8 +12607,8 @@ int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve) #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */ -#if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) /* Write a public ECC key to output */ static int SetEd25519PublicKey(byte* output, ed25519_key* key, int with_header) @@ -12710,7 +12710,7 @@ int wc_Ed25519PublicKeyToDer(ed25519_key* key, byte* output, word32 inLen, return SetEd25519PublicKey(output, key, withAlg); } -#endif /* HAVE_ED25519 && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */ +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) @@ -13895,7 +13895,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, } #endif -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (cert->keyType == ED25519_KEY) { if (ed25519Key == NULL) return PUBLIC_KEY_E; @@ -14652,7 +14652,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, } #endif -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (cert->keyType == ED25519_KEY) { if (ed25519Key == NULL) return PUBLIC_KEY_E; @@ -15116,7 +15116,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, #else (void)ntruKeySz; #endif -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) /* ED25519 public key */ if (ed25519Key != NULL) bufferSz = SetEd25519PublicKey(buf, ed25519Key, 0); @@ -17139,6 +17139,8 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, #ifdef HAVE_ED25519 +#ifdef HAVE_ED25519_KEY_IMPORT + int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx, ed25519_key* key, word32 inSz) { @@ -17239,8 +17241,9 @@ int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx, return 0; } +#endif /* HAVE_ED25519_KEY_IMPORT */ -#ifdef WOLFSSL_KEY_GEN +#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ED25519_KEY_EXPORT) /* build DER formatted ED25519 key, * return length on success, negative on error */ @@ -17312,7 +17315,7 @@ int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen) return wc_BuildEd25519KeyDer(key, output, inLen, 0); } -#endif /* WOLFSSL_KEY_GEN */ +#endif /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */ #endif /* HAVE_ED25519 */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 95dfdb574..7d72319ad 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -3697,7 +3697,7 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, #endif /* HAVE_ECC */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) #ifdef HAVE_ED25519_SIGN static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) @@ -3766,7 +3766,7 @@ static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz return ret; } #endif /* HAVE_ED25519_VERIFY */ -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ #ifdef HAVE_CURVE25519 static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key, @@ -3861,8 +3861,8 @@ static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey } #endif /* HAVE_CURVE25519 */ -#ifdef HAVE_ED448 -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) +#ifdef HAVE_ED448_SIGN static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) { @@ -3899,10 +3899,10 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, return ret; } -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ +#endif /* HAVE_ED448_SIGN */ -#if defined(HAVE_ED448_VERIFY) && defined(HAVE_ED448_KEY_IMPORT) +#ifdef HAVE_ED448_VERIFY static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, const byte* msg, word32 msgSz, const byte* key, word32 keySz, int* result, void* ctx) @@ -3931,8 +3931,8 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, return ret; } -#endif /* HAVE_ED448_VERIFY && HAVE_ED448_KEY_IMPORT */ -#endif /* HAVE_ED448 */ +#endif /* HAVE_ED448_VERIFY */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ #ifdef HAVE_CURVE448 static WC_INLINE int myX448KeyGen(WOLFSSL* ssl, curve448_key* key, @@ -4443,7 +4443,7 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx) #ifndef NO_DH wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback); #endif - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) #ifdef HAVE_ED25519_SIGN wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign); #endif diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 647796e65..c07c22880 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -562,17 +562,24 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); #ifdef HAVE_ED25519 /* private key helpers */ +#ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, ed25519_key*, word32); +#endif + +#ifdef HAVE_ED25519_KEY_EXPORT WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen); +#endif /* public key helper */ WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*, ed25519_key*, word32); - #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) && \ + defined(HAVE_ED25519_KEY_EXPORT) + WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output, word32 inLen, int with_AlgCurve); #endif diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index f944d8fec..e1b090f79 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -167,6 +167,7 @@ WOLFSSL_API int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); WOLFSSL_API void wc_ed25519_free(ed25519_key* key); +#ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); WOLFSSL_API @@ -175,6 +176,9 @@ int wc_ed25519_import_private_only(const byte* priv, word32 privSz, WOLFSSL_API int wc_ed25519_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ed25519_key* key); +#endif /* HAVE_ED25519_KEY_IMPORT */ + +#ifdef HAVE_ED25519_KEY_EXPORT WOLFSSL_API int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen); WOLFSSL_API @@ -185,6 +189,7 @@ WOLFSSL_API int wc_ed25519_export_key(ed25519_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); +#endif /* HAVE_ED25519_KEY_EXPORT */ WOLFSSL_API int wc_ed25519_check_key(ed25519_key* key);