wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

ECIES: add support for other KDFs

Browse Source
This commit is contained in:
Sean Parkinson
2023-08-30 10:22:41 +10:00
parent 70c362f680
commit 41d6afcfa1
3 changed files with 72 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
wolfcrypt/src/ecc.c
View File

@ -13843,7 +13843,9 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret + pubKeySz, ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret + pubKeySz,
&sharedSz); &sharedSz);
#endif #endif
} while (ret == WC_PENDING_E); }
while (ret == WC_PENDING_E);
if (ret == 0) { if (ret == 0) {
#ifdef WOLFSSL_ECIES_ISO18033 #ifdef WOLFSSL_ECIES_ISO18033
/* KDF data is encoded public key and secret. */ /* KDF data is encoded public key and secret. */
@ -13855,6 +13857,30 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz, ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
keys, (word32)keysLen); keys, (word32)keysLen);
break; break;
case ecHKDF_SHA1 :
ret = wc_HKDF(WC_SHA, sharedSecret, sharedSz, ctx->kdfSalt,
ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
keys, (word32)keysLen);
break;
#if defined(HAVE_X963_KDF) && !defined(NO_HASH_WRAPPER)
case ecKDF_X963_SHA1 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA, sharedSecret, sharedSz,
ctx->kdfInfo, ctx->kdfInfoSz, keys, (word32)keysLen);
break;
case ecKDF_X963_SHA256 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, sharedSecret, sharedSz,
ctx->kdfInfo, ctx->kdfInfoSz, keys, (word32)keysLen);
break;
case ecKDF_SHA1 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA, sharedSecret, sharedSz,
NULL, 0, keys, (word32)keysLen);
break;
case ecKDF_SHA256 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, sharedSecret, sharedSz,
NULL, 0, keys, (word32)keysLen);
break;
#endif
default: default:
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
@ -14250,6 +14276,29 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz, ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
keys, (word32)keysLen); keys, (word32)keysLen);
break; break;
case ecHKDF_SHA1 :
ret = wc_HKDF(WC_SHA, sharedSecret, sharedSz, ctx->kdfSalt,
ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz,
keys, (word32)keysLen);
break;
#if defined(HAVE_X963_KDF) && !defined(NO_HASH_WRAPPER)
case ecKDF_X963_SHA1 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA, sharedSecret, sharedSz,
ctx->kdfInfo, ctx->kdfInfoSz, keys, (word32)keysLen);
break;
case ecKDF_X963_SHA256 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, sharedSecret, sharedSz,
ctx->kdfInfo, ctx->kdfInfoSz, keys, (word32)keysLen);
break;
case ecKDF_SHA1 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA, sharedSecret, sharedSz,
NULL, 0, keys, (word32)keysLen);
break;
case ecKDF_SHA256 :
ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, sharedSecret, sharedSz,
NULL, 0, keys, (word32)keysLen);
break;
#endif
default: default:
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;

16
wolfcrypt/test/test.c
View File

@ -29437,6 +29437,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n"); printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n");
} }
} }
#ifdef HAVE_X963_KDF
if (ret == 0) {
ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
ecKDF_X963_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_128_CBC, KDF_X963_SHA256, HMAC_SHA256\n");
}
}
if (ret == 0) {
ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
ecKDF_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_128_CBC, KDF_SHA256, HMAC_SHA256\n");
}
}
#endif
#endif #endif
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
if (ret == 0) { if (ret == 0) {

8
wolfssl/wolfcrypt/ecc.h
View File

@ -895,8 +895,12 @@ enum ecEncAlgo {
}; };
enum ecKdfAlgo { enum ecKdfAlgo {
ecHKDF_SHA256 = 1, /* default */ ecHKDF_SHA256 = 1, /* default */
ecHKDF_SHA1 = 2 ecHKDF_SHA1 = 2,
ecKDF_X963_SHA1 = 3,
ecKDF_X963_SHA256 = 4,
ecKDF_SHA1 = 5,
ecKDF_SHA256 = 6
}; };
enum ecMacAlgo { enum ecMacAlgo {