wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix header definitions when running CAVP self test

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-01-14 21:13:52 +01:00
parent 50f8fb1475
commit 59b001c484
5 changed files with 64 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
wolfcrypt/src/asn.c
View File

@@ -82,9 +82,6 @@ ASN Options:
#include <wolfcrypt/src/misc.c> #include <wolfcrypt/src/misc.c>
#endif #endif
#ifndef NO_PWDBASED
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifndef NO_RC4 #ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h> #include <wolfssl/wolfcrypt/arc4.h>
#endif #endif
@@ -132,7 +129,9 @@ extern int wc_InitRsaHw(RsaKey* key);
#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
#ifdef HAVE_SELFTEST #ifdef HAVE_SELFTEST
#include <wolfssl/internal.h>
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM
enum Asn_Misc { enum Asn_Misc {
AES_IV_SIZE = 16, AES_IV_SIZE = 16,
AES_128_KEY_SIZE = 16, AES_128_KEY_SIZE = 16,
@@ -8788,20 +8787,6 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
return ret; return ret;
} }
/* from SSL proper, for locking can't do find here anymore */
#ifdef __cplusplus
extern "C" {
#endif
Signer* GetCA(void* signers, byte* hash);
#ifndef NO_SKID
Signer* GetCAByName(void* signers, byte* hash);
#endif
#ifdef __cplusplus
}
#endif
#if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS) #if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS)
/* dummy functions, not using wolfSSL so don't need actual ones */ /* dummy functions, not using wolfSSL so don't need actual ones */
@@ -12976,36 +12961,36 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* write DER encoded cert to buffer, size already checked */ /* write DER encoded cert to buffer, size already checked */
static int WriteCertBody(DerCert* der, byte* buffer) static int WriteCertBody(DerCert* der, byte* buf)
{ {
int idx; int idx;
/* signed part header */ /* signed part header */
idx = SetSequence(der->total, buffer); idx = SetSequence(der->total, buf);
/* version */ /* version */
XMEMCPY(buffer + idx, der->version, der->versionSz); XMEMCPY(buf + idx, der->version, der->versionSz);
idx += der->versionSz; idx += der->versionSz;
/* serial */ /* serial */
XMEMCPY(buffer + idx, der->serial, der->serialSz); XMEMCPY(buf + idx, der->serial, der->serialSz);
idx += der->serialSz; idx += der->serialSz;
/* sig algo */ /* sig algo */
XMEMCPY(buffer + idx, der->sigAlgo, der->sigAlgoSz); XMEMCPY(buf + idx, der->sigAlgo, der->sigAlgoSz);
idx += der->sigAlgoSz; idx += der->sigAlgoSz;
/* issuer */ /* issuer */
XMEMCPY(buffer + idx, der->issuer, der->issuerSz); XMEMCPY(buf + idx, der->issuer, der->issuerSz);
idx += der->issuerSz; idx += der->issuerSz;
/* validity */ /* validity */
XMEMCPY(buffer + idx, der->validity, der->validitySz); XMEMCPY(buf + idx, der->validity, der->validitySz);
idx += der->validitySz; idx += der->validitySz;
/* subject */ /* subject */
XMEMCPY(buffer + idx, der->subject, der->subjectSz); XMEMCPY(buf + idx, der->subject, der->subjectSz);
idx += der->subjectSz; idx += der->subjectSz;
/* public key */ /* public key */
XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); XMEMCPY(buf + idx, der->publicKey, der->publicKeySz);
idx += der->publicKeySz; idx += der->publicKeySz;
if (der->extensionsSz) { if (der->extensionsSz) {
/* extensions */ /* extensions */
XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz, XMEMCPY(buf + idx, der->extensions, min(der->extensionsSz,
(int)sizeof(der->extensions))); (int)sizeof(der->extensions)));
idx += der->extensionsSz; idx += der->extensionsSz;
} }
@@ -13015,7 +13000,7 @@ static int WriteCertBody(DerCert* der, byte* buffer)
/* Make RSA signature from buffer (sz), write to sig (sigSz) */ /* Make RSA signature from buffer (sz), write to sig (sigSz) */
static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz, static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz,
byte* sig, int sigSz, RsaKey* rsaKey, ecc_key* eccKey, byte* sig, int sigSz, RsaKey* rsaKey, ecc_key* eccKey,
ed25519_key* ed25519Key, WC_RNG* rng, int sigAlgoType, void* heap) ed25519_key* ed25519Key, WC_RNG* rng, int sigAlgoType, void* heap)
{ {
@@ -13023,7 +13008,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz,
(void)digestSz; (void)digestSz;
(void)typeH; (void)typeH;
(void)buffer; (void)buf;
(void)sz; (void)sz;
(void)sig; (void)sig;
(void)sigSz; (void)sigSz;
@@ -13044,7 +13029,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz,
ret = MEMORY_E; goto exit_ms; ret = MEMORY_E; goto exit_ms;
} }
ret = HashForSignature(buffer, sz, sigAlgoType, certSignCtx->digest, ret = HashForSignature(buf, sz, sigAlgoType, certSignCtx->digest,
&typeH, &digestSz, 0); &typeH, &digestSz, 0);
/* set next state, since WC_PENDING_E rentry for these are not "call again" */ /* set next state, since WC_PENDING_E rentry for these are not "call again" */
certSignCtx->state = CERTSIGN_STATE_ENCODE; certSignCtx->state = CERTSIGN_STATE_ENCODE;
@@ -13096,7 +13081,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz,
if (!rsaKey && !eccKey && ed25519Key) { if (!rsaKey && !eccKey && ed25519Key) {
word32 outSz = sigSz; word32 outSz = sigSz;
ret = wc_ed25519_sign_msg(buffer, sz, sig, &outSz, ed25519Key); ret = wc_ed25519_sign_msg(buf, sz, sig, &outSz, ed25519Key);
if (ret == 0) if (ret == 0)
ret = outSz; ret = outSz;
} }
@@ -13130,26 +13115,26 @@ exit_ms:
/* add signature to end of buffer, size of buffer assumed checked, return /* add signature to end of buffer, size of buffer assumed checked, return
new length */ new length */
static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz, static int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
int sigAlgoType) int sigAlgoType)
{ {
byte seq[MAX_SEQ_SZ]; byte seq[MAX_SEQ_SZ];
int idx = bodySz, seqSz; int idx = bodySz, seqSz;
/* algo */ /* algo */
idx += SetAlgoID(sigAlgoType, buffer ? buffer + idx : NULL, oidSigType, 0); idx += SetAlgoID(sigAlgoType, buf ? buf + idx : NULL, oidSigType, 0);
/* bit string */ /* bit string */
idx += SetBitString(sigSz, 0, buffer ? buffer + idx : NULL); idx += SetBitString(sigSz, 0, buf ? buf + idx : NULL);
/* signature */ /* signature */
if (buffer) if (buf)
XMEMCPY(buffer + idx, sig, sigSz); XMEMCPY(buf + idx, sig, sigSz);
idx += sigSz; idx += sigSz;
/* make room for overall header */ /* make room for overall header */
seqSz = SetSequence(idx, seq); seqSz = SetSequence(idx, seq);
if (buffer) { if (buf) {
XMEMMOVE(buffer + seqSz, buffer, idx); XMEMMOVE(buf + seqSz, buf, idx);
XMEMCPY(buffer, seq, seqSz); XMEMCPY(buf, seq, seqSz);
} }
return idx + seqSz; return idx + seqSz;
@@ -13495,32 +13480,32 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
/* write DER encoded cert req to buffer, size already checked */ /* write DER encoded cert req to buffer, size already checked */
static int WriteCertReqBody(DerCert* der, byte* buffer) static int WriteCertReqBody(DerCert* der, byte* buf)
{ {
int idx; int idx;
/* signed part header */ /* signed part header */
idx = SetSequence(der->total, buffer); idx = SetSequence(der->total, buf);
/* version */ /* version */
if (buffer) if (buf)
XMEMCPY(buffer + idx, der->version, der->versionSz); XMEMCPY(buf + idx, der->version, der->versionSz);
idx += der->versionSz; idx += der->versionSz;
/* subject */ /* subject */
if (buffer) if (buf)
XMEMCPY(buffer + idx, der->subject, der->subjectSz); XMEMCPY(buf + idx, der->subject, der->subjectSz);
idx += der->subjectSz; idx += der->subjectSz;
/* public key */ /* public key */
if (buffer) if (buf)
XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); XMEMCPY(buf + idx, der->publicKey, der->publicKeySz);
idx += der->publicKeySz; idx += der->publicKeySz;
/* attributes */ /* attributes */
if (buffer) if (buf)
XMEMCPY(buffer + idx, der->attrib, der->attribSz); XMEMCPY(buf + idx, der->attrib, der->attribSz);
idx += der->attribSz; idx += der->attribSz;
/* extensions */ /* extensions */
if (der->extensionsSz) { if (der->extensionsSz) {
if (buffer) if (buf)
XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz, XMEMCPY(buf + idx, der->extensions, min(der->extensionsSz,
(int)sizeof(der->extensions))); (int)sizeof(der->extensions)));
idx += der->extensionsSz; idx += der->extensionsSz;
} }
@@ -13589,7 +13574,7 @@ int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
#endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_REQ */
static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key,
WC_RNG* rng) WC_RNG* rng)
{ {
@@ -13643,7 +13628,7 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
return MEMORY_E; return MEMORY_E;
} }
sigSz = MakeSignature(certSignCtx, buffer, requestSz, certSignCtx->sig, sigSz = MakeSignature(certSignCtx, buf, requestSz, certSignCtx->sig,
MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap); MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (sigSz == WC_PENDING_E) { if (sigSz == WC_PENDING_E) {
@@ -13657,7 +13642,7 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
sigSz = BUFFER_E; sigSz = BUFFER_E;
else else
sigSz = AddSignature(buffer, requestSz, certSignCtx->sig, sigSz, sigSz = AddSignature(buf, requestSz, certSignCtx->sig, sigSz,
sType); sType);
} }
@@ -13667,7 +13652,7 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
return sigSz; return sigSz;
} }
int wc_SignCert_ex(int requestSz, int sType, byte* buffer, word32 buffSz, int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
int keyType, void* key, WC_RNG* rng) int keyType, void* key, WC_RNG* rng)
{ {
RsaKey* rsaKey = NULL; RsaKey* rsaKey = NULL;
@@ -13681,28 +13666,28 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buffer, word32 buffSz,
else if (keyType == ED25519_TYPE) else if (keyType == ED25519_TYPE)
ed25519Key = (ed25519_key*)key; ed25519Key = (ed25519_key*)key;
return SignCert(requestSz, sType, buffer, buffSz, rsaKey, eccKey, return SignCert(requestSz, sType, buf, buffSz, rsaKey, eccKey,
ed25519Key, rng); ed25519Key, rng);
} }
int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng)
{ {
return SignCert(requestSz, sType, buffer, buffSz, rsaKey, eccKey, NULL, return SignCert(requestSz, sType, buf, buffSz, rsaKey, eccKey, NULL,
rng); rng);
} }
int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
RsaKey* key, WC_RNG* rng) RsaKey* key, WC_RNG* rng)
{ {
int ret; int ret;
ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng); ret = wc_MakeCert(cert, buf, buffSz, key, NULL, rng);
if (ret < 0) if (ret < 0)
return ret; return ret;
return wc_SignCert(cert->bodySz, cert->sigType, return wc_SignCert(cert->bodySz, cert->sigType,
buffer, buffSz, key, NULL, rng); buf, buffSz, key, NULL, rng);
} }
@@ -13725,7 +13710,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
byte *ntruKey, word16 ntruKeySz, byte *ntruKey, word16 ntruKeySz,
ed25519_key* ed25519Key, int kid_type) ed25519_key* ed25519Key, int kid_type)
{ {
byte *buffer; byte *buf;
int bufferSz, ret; int bufferSz, ret;
if (cert == NULL || if (cert == NULL ||
@@ -13734,9 +13719,9 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
(kid_type != SKID_TYPE && kid_type != AKID_TYPE)) (kid_type != SKID_TYPE && kid_type != AKID_TYPE))
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
buffer = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, buf = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL) if (buf == NULL)
return MEMORY_E; return MEMORY_E;
/* Public Key */ /* Public Key */
@@ -13744,19 +13729,19 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
#ifndef NO_RSA #ifndef NO_RSA
/* RSA public key */ /* RSA public key */
if (rsakey != NULL) if (rsakey != NULL)
bufferSz = SetRsaPublicKey(buffer, rsakey, MAX_PUBLIC_KEY_SZ, 0); bufferSz = SetRsaPublicKey(buf, rsakey, MAX_PUBLIC_KEY_SZ, 0);
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
/* ECC public key */ /* ECC public key */
if (eckey != NULL) if (eckey != NULL)
bufferSz = SetEccPublicKey(buffer, eckey, 0); bufferSz = SetEccPublicKey(buf, eckey, 0);
#endif #endif
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
/* NTRU public key */ /* NTRU public key */
if (ntruKey != NULL) { if (ntruKey != NULL) {
bufferSz = MAX_PUBLIC_KEY_SZ; bufferSz = MAX_PUBLIC_KEY_SZ;
ret = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ret = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
ntruKeySz, ntruKey, (word16 *)(&bufferSz), buffer); ntruKeySz, ntruKey, (word16 *)(&bufferSz), buf);
if (ret != NTRU_OK) if (ret != NTRU_OK)
bufferSz = -1; bufferSz = -1;
} }
@@ -13766,27 +13751,27 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
/* ED25519 public key */ /* ED25519 public key */
if (ed25519Key != NULL) if (ed25519Key != NULL)
bufferSz = SetEd25519PublicKey(buffer, ed25519Key, 0); bufferSz = SetEd25519PublicKey(buf, ed25519Key, 0);
#endif #endif
if (bufferSz <= 0) { if (bufferSz <= 0) {
XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return PUBLIC_KEY_E; return PUBLIC_KEY_E;
} }
/* Compute SKID by hashing public key */ /* Compute SKID by hashing public key */
if (kid_type == SKID_TYPE) { if (kid_type == SKID_TYPE) {
ret = CalcHashId(buffer, bufferSz, cert->skid); ret = CalcHashId(buf, bufferSz, cert->skid);
cert->skidSz = KEYID_SIZE; cert->skidSz = KEYID_SIZE;
} }
else if (kid_type == AKID_TYPE) { else if (kid_type == AKID_TYPE) {
ret = CalcHashId(buffer, bufferSz, cert->akid); ret = CalcHashId(buf, bufferSz, cert->akid);
cert->akidSz = KEYID_SIZE; cert->akidSz = KEYID_SIZE;
} }
else else
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret; return ret;
} }

2
wolfssl/internal.h
View File

@@ -1329,11 +1329,13 @@ enum Misc {
#endif #endif
#ifdef HAVE_SELFTEST #ifdef HAVE_SELFTEST
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM #define WOLFSSL_AES_KEY_SIZE_ENUM
AES_IV_SIZE = 16, AES_IV_SIZE = 16,
AES_128_KEY_SIZE = 16, AES_128_KEY_SIZE = 16,
AES_192_KEY_SIZE = 24, AES_192_KEY_SIZE = 24,
AES_256_KEY_SIZE = 32, AES_256_KEY_SIZE = 32,
#endif
#endif #endif
MAX_IV_SZ = AES_BLOCK_SIZE, MAX_IV_SZ = AES_BLOCK_SIZE,

4
wolfssl/wolfcrypt/aes.h
View File

@@ -94,6 +94,8 @@
extern "C" { extern "C" {
#endif #endif
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM
/* these are required for FIPS and non-FIPS */ /* these are required for FIPS and non-FIPS */
enum { enum {
AES_128_KEY_SIZE = 16, /* for 128 bit */ AES_128_KEY_SIZE = 16, /* for 128 bit */
@@ -102,7 +104,7 @@ enum {
AES_IV_SIZE = 16, /* always block size */ AES_IV_SIZE = 16, /* always block size */
}; };
#endif
/* avoid redefinition of structs */ /* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || \ #if !defined(HAVE_FIPS) || \

2
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -154,7 +154,7 @@ enum Pkcs7_Misc {
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)) || defined(HAVE_SELFTEST) (HAVE_FIPS_VERSION >= 2))
/* In the event of fips cert 3389 or CAVP selftest build, these enums are /* In the event of fips cert 3389 or CAVP selftest build, these enums are
* not in aes.h for use with pkcs7 so enumerate it here outside the fips * not in aes.h for use with pkcs7 so enumerate it here outside the fips
* boundary */ * boundary */

2
wolfssl/wolfcrypt/sha3.h
View File

@@ -58,7 +58,7 @@ enum {
WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_DIGEST_SIZE = 64,
WC_SHA3_512_COUNT = 9, WC_SHA3_512_COUNT = 9,
#ifndef HAVE_SELFTEST #ifdef HAVE_SELFTEST
/* These values are used for HMAC, not SHA-3 directly. /* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */ * They come from from FIPS PUB 202. */
WC_SHA3_224_BLOCK_SIZE = 144, WC_SHA3_224_BLOCK_SIZE = 144,