mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 07:30:50 +02:00
Merge master into harden-chain-depth-and-parser-bounds
Master's test reorg (c674cec4a) moved test_dtls13_oversized_cert_chain into
the new tests/api/test_dtls13.c. This branch removes that test, so resolve by
taking master's test_dtls.{c,h} and re-applying the removal in test_dtls13.{c,h}.
This commit is contained in:
@@ -7,6 +7,7 @@
|
||||
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
@@ -14,9 +15,10 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-min-ecc",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
@@ -24,9 +26,10 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-tls12",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
@@ -34,9 +37,185 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-baremetal",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m0plus",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m0plus",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m3",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m3",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m7",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m7",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-tls13",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-tls13",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-dtls13",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-dtls13",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_dtls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_dtls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-pq",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-pq",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-rsa-only",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-rsa-only",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_rsa_only.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_rsa_only.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-pkcs7",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-pkcs7",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_pkcs7.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pkcs7.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-openssl-compat",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-openssl-compat",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_openssl_compat.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_openssl_compat.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define SMALL_SESSION_CACHE\\n#undef HAVE_OCSP\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define USER_TICKS\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-sp-math",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-sp-math",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#define WOLFSSL_SP_MATH\\n#define WOLFSSL_SP_NO_ASM\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m4-crypto-only",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-crypto-only",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "mkdir -p IDE/GCC-ARM/Header-gen && printf '#ifndef WOLFSSL_USER_SETTINGS_H\\n#define WOLFSSL_USER_SETTINGS_H\\n#define WOLFCRYPT_ONLY\\n#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define HAVE_AESGCM\\n#define HAVE_AES_DECRYPT\\n#define HAVE_ECC\\n#define HAVE_CHACHA\\n#define HAVE_POLY1305\\n#define WOLFSSL_SHA512\\n#define WOLFSSL_SHA384\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#endif\\n' > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m7-tls13",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m7-tls13",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "gcc-arm-cortex-m7-pq",
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m7-pq",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "stm32-sim-stm32h753",
|
||||
"port": "stm32-sim",
|
||||
"board": "stm32h753",
|
||||
"apt_packages": "build-essential ca-certificates cmake ninja-build python3 git gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib wget unzip",
|
||||
"build_cmd": "if [ ! -d simulators ]; then git clone --depth 1 https://github.com/wolfSSL/simulators simulators; fi && sudo mkdir -p /opt && if [ ! -d /opt/cmsis-device-h7 ]; then sudo git clone --depth 1 https://github.com/STMicroelectronics/cmsis-device-h7.git /opt/cmsis-device-h7; fi && if [ ! -d /opt/CMSIS_5 ]; then sudo git clone --depth 1 https://github.com/ARM-software/CMSIS_5.git /opt/CMSIS_5; fi && if [ ! -d /opt/STM32CubeH7 ]; then (sudo git clone --depth 1 --branch v1.11.2 --recurse-submodules https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 || (sudo git clone --depth 1 --branch v1.11.2 https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 && cd /opt/STM32CubeH7 && sudo git submodule update --init --recursive --depth 1)); fi && sudo rm -rf /opt/firmware-stm32sim-h7 /opt/wolfssl-stm32sim && sudo mkdir -p /opt/firmware-stm32sim-h7 && sudo cp -r simulators/STM32Sim/firmware/wolfcrypt-test-h7/. /opt/firmware-stm32sim-h7/ && sudo cp /opt/firmware-stm32sim-h7/stm32h7xx_hal_conf.h /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/ && sudo cp -r . /opt/wolfssl-stm32sim && sudo rm -f /opt/wolfssl-stm32sim/config.h && cd /opt/firmware-stm32sim-h7 && sudo cmake -G Ninja -DWOLFSSL_USER_SETTINGS=ON -DUSER_SETTINGS_FILE=/opt/firmware-stm32sim-h7/user_settings.h -DCMAKE_TOOLCHAIN_FILE=/opt/firmware-stm32sim-h7/toolchain-arm-none-eabi.cmake -DCMAKE_BUILD_TYPE=Release -DWOLFSSL_CRYPT_TESTS=OFF -DWOLFSSL_EXAMPLES=OFF -DWOLFSSL_ROOT=/opt/wolfssl-stm32sim -B /opt/firmware-stm32sim-h7/build -S /opt/firmware-stm32sim-h7 && sudo cmake --build /opt/firmware-stm32sim-h7/build && sudo cp /opt/firmware-stm32sim-h7/build/wolfcrypt_test.elf $GITHUB_WORKSPACE/wolfcrypt_test.elf",
|
||||
"elf": "wolfcrypt_test.elf",
|
||||
"ld": "simulators/STM32Sim/firmware/wolfcrypt-test-h7/stm32h753.ld",
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "linuxkm-standard",
|
||||
"port": "linuxkm",
|
||||
"board": "linux-kernel-module-standard",
|
||||
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
|
||||
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
|
||||
"elf": "linuxkm/libwolfssl.ko",
|
||||
"ld": "linuxkm/wolfcrypt.lds",
|
||||
"linker_vars": "",
|
||||
"apt_cache": "false"
|
||||
},
|
||||
{
|
||||
"target_name": "linuxkm-pie",
|
||||
"port": "linuxkm",
|
||||
"board": "linux-kernel-module-pie",
|
||||
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
|
||||
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
|
||||
"elf": "linuxkm/libwolfssl.ko",
|
||||
"ld": "linuxkm/wolfcrypt.lds",
|
||||
"linker_vars": "",
|
||||
"apt_cache": "false"
|
||||
}
|
||||
]
|
||||
|
||||
@@ -112,6 +112,9 @@ LOG_DIR="${SCRIPT_DIR}/logs"
|
||||
mkdir -p "${LOG_DIR}"
|
||||
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
|
||||
LOG_FILE="${LOG_DIR}/${BOARD_SLUG}_${TIMESTAMP}.log"
|
||||
ARTIFACTS_DIR="${SCRIPT_DIR}/artifacts/${BOARD_SLUG}-${SAMPLE_NAME}"
|
||||
mkdir -p "${ARTIFACTS_DIR}"
|
||||
chmod 0755 "${ARTIFACTS_DIR}"
|
||||
|
||||
echo "==> wolfSSL repo: ${WOLFSSL_REPO}"
|
||||
echo "==> wolfSSL branch: ${WOLFSSL_BRANCH}"
|
||||
@@ -256,6 +259,23 @@ else
|
||||
echo ""
|
||||
echo "==> [container] Build succeeded!"
|
||||
|
||||
# Stage Membrowse-relevant artifacts on the host-mounted volume.
|
||||
# /artifacts is bind-mounted by the host wrapper; if it isn't writable
|
||||
# (e.g. interactive runs without the mount), skip silently.
|
||||
if [[ -d /artifacts && -w /artifacts ]]; then
|
||||
BUILD_OUT="${WORKDIR}/zephyrproject/build/zephyr"
|
||||
if [[ -f "${BUILD_OUT}/zephyr.elf" ]]; then
|
||||
cp "${BUILD_OUT}/zephyr.elf" /artifacts/zephyr.elf
|
||||
fi
|
||||
if [[ -f "${BUILD_OUT}/linker.cmd" ]]; then
|
||||
cp "${BUILD_OUT}/linker.cmd" /artifacts/linker.cmd
|
||||
fi
|
||||
# Map file enables Membrowse library/object attribution
|
||||
if [[ -f "${BUILD_OUT}/zephyr.map" ]]; then
|
||||
cp "${BUILD_OUT}/zephyr.map" /artifacts/zephyr.map
|
||||
fi
|
||||
fi
|
||||
|
||||
# Run the app for emulator targets and watch for completion
|
||||
case "${BOARD_TARGET}" in
|
||||
native_sim*|qemu_*)
|
||||
@@ -342,6 +362,7 @@ docker rm -f "${CONTAINER_NAME}" 2>/dev/null || true
|
||||
DOCKER_ARGS=(
|
||||
--name "${CONTAINER_NAME}"
|
||||
--rm
|
||||
-v "${ARTIFACTS_DIR}:/artifacts"
|
||||
)
|
||||
|
||||
if [[ "$INTERACTIVE" == "1" ]]; then
|
||||
|
||||
@@ -19,7 +19,8 @@ jobs:
|
||||
matrix:
|
||||
config: [
|
||||
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
|
||||
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384'
|
||||
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
|
||||
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-tls13 --enable-dtls --enable-dtls13'
|
||||
]
|
||||
name: build module
|
||||
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
||||
@@ -55,3 +56,15 @@ jobs:
|
||||
make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11)
|
||||
ls -l linuxkm/libwolfssl.ko || $(exit 12)
|
||||
echo "Successful linuxkm build."
|
||||
|
||||
- name: Verify DTLS 1.3 symbols are exported (when WOLFSSL_DTLS13 is configured)
|
||||
run: |
|
||||
if grep -q '^#define WOLFSSL_DTLS13' wolfssl/options.h; then
|
||||
echo "WOLFSSL_DTLS13 defined; checking GPL exports in libwolfssl.ko..."
|
||||
objdump -t linuxkm/libwolfssl.ko \
|
||||
| grep -qE '__ksymtab_wolfDTLSv1_3_(client|server)_method$' \
|
||||
|| { echo "::error::DTLS 1.3 entry points not exported from libwolfssl.ko"; exit 13; }
|
||||
echo "DTLS 1.3 export check: PASS"
|
||||
else
|
||||
echo "WOLFSSL_DTLS13 not defined for this matrix entry; skipping symbol check."
|
||||
fi
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
name: Membrowse Comment
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: [Membrowse Memory Report]
|
||||
types:
|
||||
- completed
|
||||
|
||||
jobs:
|
||||
post-comment:
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 10
|
||||
# Run the comment job even if some of the builds fail
|
||||
if: >
|
||||
github.event.workflow_run.event == 'pull_request' &&
|
||||
github.event.workflow_run.conclusion != 'cancelled'
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Post Membrowse PR comment
|
||||
if: ${{ env.MEMBROWSE_API_KEY != '' }}
|
||||
uses: membrowse/membrowse-action/comment-action@v1
|
||||
with:
|
||||
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
|
||||
commit: ${{ github.event.workflow_run.head_sha }}
|
||||
env:
|
||||
MEMBROWSE_API_KEY: ${{ secrets.MEMBROWSE_API_KEY }}
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -11,6 +11,9 @@ on:
|
||||
|
||||
jobs:
|
||||
load-targets:
|
||||
# Only run from the wolfssl org to avoid burning forks' CI minutes
|
||||
# and reporting fork builds to the membrowse backend.
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 10
|
||||
outputs:
|
||||
@@ -25,12 +28,13 @@ jobs:
|
||||
|
||||
onboard:
|
||||
needs: load-targets
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 10
|
||||
timeout-minutes: 30
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include: ${{ fromJson(needs.load-targets.outputs.matrix) }}
|
||||
include: ${{ fromJson(needs.load-targets.outputs.matrix || '[]') }}
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@@ -43,6 +47,7 @@ jobs:
|
||||
uses: ./.github/actions/install-apt-deps
|
||||
with:
|
||||
packages: ${{ matrix.apt_packages }}
|
||||
cache: ${{ matrix.apt_cache || 'true' }}
|
||||
|
||||
- name: Run Membrowse Onboard Action
|
||||
uses: membrowse/membrowse-action/onboard-action@v1
|
||||
|
||||
@@ -1,20 +1,21 @@
|
||||
name: Membrowse Memory Report
|
||||
|
||||
# Runs nightly instead of per-PR - the report is for trend tracking, not
|
||||
# gating individual PRs, and the build matrix is too heavy to run on every
|
||||
# push. Use workflow_dispatch to trigger an ad-hoc run.
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 4 * * *' # daily at 04:00 UTC
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened, ready_for_review]
|
||||
push:
|
||||
branches: [master]
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}
|
||||
cancel-in-progress: false
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
|
||||
|
||||
jobs:
|
||||
load-targets:
|
||||
# Only run from the wolfssl org to avoid burning forks' CI minutes
|
||||
# and reporting fork builds to the membrowse backend.
|
||||
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || github.event.pull_request.draft == false)
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 10
|
||||
outputs:
|
||||
@@ -27,28 +28,68 @@ jobs:
|
||||
id: set-matrix
|
||||
run: echo "matrix=$(jq -c '.' .github/membrowse-targets.json)" >> $GITHUB_OUTPUT
|
||||
|
||||
analyze:
|
||||
needs: load-targets
|
||||
check-changes:
|
||||
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || github.event.pull_request.draft == false)
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 10
|
||||
timeout-minutes: 5
|
||||
outputs:
|
||||
needs_build: ${{ steps.filter.outputs.code == 'true' || github.event_name == 'workflow_dispatch' }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Detect binary-affecting changes
|
||||
id: filter
|
||||
if: github.event_name == 'pull_request' || github.event_name == 'push'
|
||||
uses: dorny/paths-filter@v4
|
||||
with:
|
||||
predicate-quantifier: every
|
||||
filters: |
|
||||
code:
|
||||
- '!**.md'
|
||||
- '!**/README*'
|
||||
- '!doc/**'
|
||||
- '!AUTHORS'
|
||||
- '!COPYING*'
|
||||
- '!LICENSE*'
|
||||
- '!LICENSING'
|
||||
- '!INSTALL'
|
||||
- '!ChangeLog*'
|
||||
- '!SCRIPTS-LIST'
|
||||
- '!.gitignore'
|
||||
- '!.editorconfig'
|
||||
- '!.codespellexcludelines'
|
||||
- '!.cyignore'
|
||||
- '!.wolfssl_known_macro_extras'
|
||||
- '!.github/ISSUE_TEMPLATE/**'
|
||||
- '!.github/PULL_REQUEST_TEMPLATE.md'
|
||||
|
||||
analyze:
|
||||
needs: [load-targets, check-changes]
|
||||
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || needs.check-changes.outputs.needs_build == 'true')
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 30
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include: ${{ fromJson(needs.load-targets.outputs.matrix) }}
|
||||
include: ${{ fromJson(needs.load-targets.outputs.matrix || '[]') }}
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0
|
||||
submodules: recursive
|
||||
fetch-depth: 2
|
||||
submodules: ${{ needs.check-changes.outputs.needs_build == 'true' && 'recursive' || 'false' }}
|
||||
|
||||
- name: Install packages
|
||||
if: needs.check-changes.outputs.needs_build == 'true'
|
||||
uses: ./.github/actions/install-apt-deps
|
||||
with:
|
||||
packages: ${{ matrix.apt_packages }}
|
||||
cache: ${{ matrix.apt_cache || 'true' }}
|
||||
|
||||
- name: Build firmware
|
||||
if: needs.check-changes.outputs.needs_build == 'true'
|
||||
run: ${{ matrix.build_cmd }}
|
||||
|
||||
- name: Run Membrowse PR Action
|
||||
@@ -56,9 +97,11 @@ jobs:
|
||||
uses: membrowse/membrowse-action@v1
|
||||
with:
|
||||
target_name: ${{ matrix.target_name }}
|
||||
elf: ${{ matrix.elf }}
|
||||
ld: ${{ matrix.ld }}
|
||||
elf: ${{ needs.check-changes.outputs.needs_build == 'true' && matrix.elf || '' }}
|
||||
ld: ${{ needs.check-changes.outputs.needs_build == 'true' && matrix.ld || '' }}
|
||||
map_file: ${{ needs.check-changes.outputs.needs_build == 'true' && matrix.map_file || '' }}
|
||||
linker_vars: ${{ matrix.linker_vars }}
|
||||
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
|
||||
api_url: ${{ vars.MEMBROWSE_API_URL }}
|
||||
identical: ${{ needs.check-changes.outputs.needs_build != 'true' }}
|
||||
verbose: INFO
|
||||
|
||||
@@ -0,0 +1,115 @@
|
||||
name: Membrowse Zephyr Report
|
||||
|
||||
# Triggered after the heavy Zephyr 4.x test workflow completes. Pulls the
|
||||
# pre-built zephyr.elf, zephyr.map and linker.cmd artifacts staged by
|
||||
# zephyr-test.sh and feeds them to the Membrowse memory-tracking service.
|
||||
# This avoids duplicating the (slow) Zephyr build inside the Membrowse
|
||||
# matrix.
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: [Zephyr 4.x tests]
|
||||
types:
|
||||
- completed
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_sha }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 10
|
||||
# Only run from the wolfssl org to avoid burning forks' CI minutes
|
||||
# and reporting fork builds to the membrowse backend.
|
||||
if: >
|
||||
github.event.workflow_run.conclusion == 'success' &&
|
||||
github.repository_owner == 'wolfssl'
|
||||
permissions:
|
||||
contents: read
|
||||
actions: read
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- target_name: zephyr-native_sim
|
||||
artifact: membrowse-zephyr-native_sim
|
||||
- target_name: zephyr-frdm_rw612
|
||||
artifact: membrowse-zephyr-frdm_rw612
|
||||
steps:
|
||||
# Check out the commit the Zephyr workflow actually built so Membrowse
|
||||
# attributes the report to the right commit. Only the last 2 commits
|
||||
# are needed (current + parent) to resolve the base for comparison.
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
ref: ${{ github.event.workflow_run.head_sha }}
|
||||
fetch-depth: 2
|
||||
|
||||
- name: Download Zephyr build artifact
|
||||
id: download
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.artifact }}
|
||||
path: zephyr-artifacts/${{ matrix.target_name }}
|
||||
run-id: ${{ github.event.workflow_run.id }}
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
continue-on-error: true
|
||||
|
||||
- name: Verify artifact present
|
||||
id: verify
|
||||
run: |
|
||||
ELF="zephyr-artifacts/${{ matrix.target_name }}/zephyr.elf"
|
||||
LD="zephyr-artifacts/${{ matrix.target_name }}/linker.cmd"
|
||||
MAP="zephyr-artifacts/${{ matrix.target_name }}/zephyr.map"
|
||||
if [[ -f "$ELF" && -f "$LD" ]]; then
|
||||
echo "have_artifacts=true" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "have_artifacts=false" >> "$GITHUB_OUTPUT"
|
||||
echo "::warning::Membrowse artifact for ${{ matrix.target_name }} not found; the matching cell of zephyr-4.x.yml may have been skipped or excluded."
|
||||
fi
|
||||
# The map file is optional; it enables library/object attribution.
|
||||
if [[ -f "$MAP" ]]; then
|
||||
echo "map_file=$MAP" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "map_file=" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Run Membrowse PR Action
|
||||
if: steps.verify.outputs.have_artifacts == 'true'
|
||||
uses: membrowse/membrowse-action@v1
|
||||
with:
|
||||
target_name: ${{ matrix.target_name }}
|
||||
elf: zephyr-artifacts/${{ matrix.target_name }}/zephyr.elf
|
||||
ld: zephyr-artifacts/${{ matrix.target_name }}/linker.cmd
|
||||
map_file: ${{ steps.verify.outputs.map_file }}
|
||||
linker_vars: ""
|
||||
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
|
||||
api_url: ${{ vars.MEMBROWSE_API_URL }}
|
||||
verbose: INFO
|
||||
|
||||
# Refresh the consolidated Membrowse PR comment after the Zephyr targets
|
||||
# have been submitted, mirroring membrowse-comment.yml.
|
||||
post-comment:
|
||||
needs: analyze
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 10
|
||||
if: >
|
||||
github.event.workflow_run.event == 'pull_request' &&
|
||||
github.repository_owner == 'wolfssl'
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Post Membrowse PR comment
|
||||
if: ${{ env.MEMBROWSE_API_KEY != '' }}
|
||||
uses: membrowse/membrowse-action/comment-action@v1
|
||||
with:
|
||||
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
|
||||
commit: ${{ github.event.workflow_run.head_sha }}
|
||||
env:
|
||||
MEMBROWSE_API_KEY: ${{ secrets.MEMBROWSE_API_KEY }}
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -117,14 +117,14 @@ jobs:
|
||||
# variants of mod_exp_<words>_nb / RSA / DH wrappers.
|
||||
'--enable-curve25519=nonblock --enable-ecc=nonblock --enable-rsa=nonblock --enable-dh=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK -DRSA_LOW_MEM -DSP_WORD_SIZE=32"',
|
||||
'--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"',
|
||||
# Minimal DTLS 1.3 client-only build. The SHA-224/384/512/3
|
||||
# disables are deliberately omitted: --disable-sha384 alone
|
||||
# trips a pre-existing wolfSSL bug in
|
||||
# test_tls13_duplicate_extension (reproducible on clean master).
|
||||
# Minimal DTLS 1.3 client-only build with the SHA-224/384/512/3
|
||||
# hash families disabled. SHA-256 (used by TLS_AES_128_GCM_SHA256)
|
||||
# and SHA-1 remain enabled.
|
||||
'--enable-dtls13 --disable-tlsv12 --disable-oldtls --disable-rsa --disable-dh
|
||||
--disable-aescbc --disable-aesecb --disable-md5 --disable-chacha
|
||||
--disable-poly1305 --disable-errorstrings --disable-asn-print
|
||||
--disable-eccshamir --disable-base64encode --disable-coding --disable-sni
|
||||
--disable-sha224 --disable-sha384 --disable-sha512 --disable-sha3
|
||||
--enable-aesgcm=small --enable-sp-math --enable-sp=smallec256 --disable-sp-asm
|
||||
CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_TLS12 -DNO_SESSION_CACHE
|
||||
-DWOLFSSL_AES_NO_UNROLL -DUSE_SLOW_SHA256 -DWOLFSSL_NO_ASYNC_IO
|
||||
|
||||
@@ -0,0 +1,86 @@
|
||||
name: PIC32MZ simulator test
|
||||
|
||||
# START OF COMMON SECTION
|
||||
on:
|
||||
push:
|
||||
branches: [ 'master', 'main', 'release/**' ]
|
||||
pull_request:
|
||||
branches: [ '*' ]
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
# END OF COMMON SECTION
|
||||
|
||||
# Build the PIC32MZ software simulator (https://github.com/wolfSSL/simulators,
|
||||
# PIC32MZSim/ subdirectory) and run the wolfCrypt test suite on emulated
|
||||
# PIC32MZ EC (no FPU, CE ignores OUT_SWAP) and EF (FPU + OUT_SWAP) parts,
|
||||
# through both the direct-register PIC32 port and the MPLAB Harmony 3 driver
|
||||
# port.
|
||||
#
|
||||
# Like stm32-sim.yml, the Dockerfiles read wolfSSL from /opt/wolfssl at
|
||||
# runtime via a bind mount, so no Dockerfile patching is required - the PR
|
||||
# checkout is mounted directly.
|
||||
|
||||
jobs:
|
||||
pic32mz_sim:
|
||||
name: wolfCrypt on PIC32MZ ${{ matrix.chip_label }} (${{ matrix.port_label }})
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 30
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- port_label: direct
|
||||
chip_label: EC
|
||||
dockerfile: Dockerfile.wolfcrypt-direct
|
||||
image_tag: pic32mz-wolfcrypt-direct:ci
|
||||
script: run-wolfcrypt-direct-ec.sh
|
||||
cache_scope: pic32mz-direct
|
||||
- port_label: direct
|
||||
chip_label: EF
|
||||
dockerfile: Dockerfile.wolfcrypt-direct
|
||||
image_tag: pic32mz-wolfcrypt-direct:ci
|
||||
script: run-wolfcrypt-direct-ef.sh
|
||||
cache_scope: pic32mz-direct
|
||||
- port_label: harmony
|
||||
chip_label: EC
|
||||
dockerfile: Dockerfile.wolfcrypt-harmony
|
||||
image_tag: pic32mz-wolfcrypt-harmony:ci
|
||||
script: run-wolfcrypt-harmony-ec.sh
|
||||
cache_scope: pic32mz-harmony
|
||||
- port_label: harmony
|
||||
chip_label: EF
|
||||
dockerfile: Dockerfile.wolfcrypt-harmony
|
||||
image_tag: pic32mz-wolfcrypt-harmony:ci
|
||||
script: run-wolfcrypt-harmony-ef.sh
|
||||
cache_scope: pic32mz-harmony
|
||||
steps:
|
||||
- name: Checkout wolfSSL (PR source)
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: wolfssl
|
||||
|
||||
- name: Clone PIC32MZ simulator
|
||||
run: git clone --depth 1 https://github.com/wolfSSL/simulators simulators
|
||||
|
||||
- uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Build ${{ matrix.image_tag }} image
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: simulators/PIC32MZSim
|
||||
file: simulators/PIC32MZSim/${{ matrix.dockerfile }}
|
||||
push: false
|
||||
load: true
|
||||
tags: ${{ matrix.image_tag }}
|
||||
cache-from: type=gha,scope=${{ matrix.cache_scope }}
|
||||
cache-to: type=gha,mode=max,scope=${{ matrix.cache_scope }}
|
||||
|
||||
- name: Run wolfCrypt tests on PIC32MZ ${{ matrix.chip_label }} (${{ matrix.port_label }})
|
||||
run: |
|
||||
docker run --rm \
|
||||
-v "${{ github.workspace }}/wolfssl:/opt/wolfssl:ro" \
|
||||
${{ matrix.image_tag }} \
|
||||
/app/scripts/${{ matrix.script }}
|
||||
@@ -79,3 +79,22 @@ jobs:
|
||||
path: .github/scripts/zephyr-4.x/logs/
|
||||
retention-days: 5
|
||||
if-no-files-found: ignore
|
||||
|
||||
# Stage Membrowse artifacts only for the cells we want to track on the
|
||||
# Membrowse dashboard. Keep this tight to avoid duplicate target_name
|
||||
# entries on the dashboard and unnecessary artifact uploads.
|
||||
- name: Upload Membrowse artifacts (selected cells only)
|
||||
if: >
|
||||
success() &&
|
||||
matrix.zephyr-ref == 'v4.3.0' &&
|
||||
matrix.sample == 'wolfssl_test' &&
|
||||
matrix.extra-conf == ''
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: membrowse-zephyr-${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612' }}
|
||||
path: |
|
||||
.github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/zephyr.elf
|
||||
.github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/linker.cmd
|
||||
.github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/zephyr.map
|
||||
if-no-files-found: warn
|
||||
retention-days: 1
|
||||
|
||||
@@ -741,10 +741,10 @@ WOLFSSL_CONTIKI
|
||||
WOLFSSL_CRL_ALLOW_MISSING_CDP
|
||||
WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
|
||||
WOLFSSL_DRBG_SHA256
|
||||
WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
|
||||
WOLFSSL_DTLS_DISALLOW_FUTURE
|
||||
WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS
|
||||
WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
|
||||
WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
|
||||
WOLFSSL_DUMP_MEMIO_STREAM
|
||||
WOLFSSL_DUP_CERTPOL
|
||||
WOLFSSL_EARLY_DATA_NO_ANTI_REPLAY
|
||||
@@ -869,6 +869,7 @@ WOLFSSL_PASSTHRU_ERR
|
||||
WOLFSSL_PB
|
||||
WOLFSSL_PEER_ADDRESS_CHANGES
|
||||
WOLFSSL_PKCS11_RW_TOKENS
|
||||
WOLFSSL_PPC64_ASM_AES_NO_HARDEN
|
||||
WOLFSSL_PRCONNECT_PRO
|
||||
WOLFSSL_PREFIX
|
||||
WOLFSSL_PSA_NO_AES
|
||||
@@ -888,6 +889,7 @@ WOLFSSL_RENESAS_RZN2L
|
||||
WOLFSSL_RENESAS_TLS
|
||||
WOLFSSL_RENESAS_TSIP_IAREWRX
|
||||
WOLFSSL_REQUIRE_TCA
|
||||
WOLFSSL_RISCV_ASM_NO_UNALIGNED
|
||||
WOLFSSL_RNG_USE_FULL_SEED
|
||||
WOLFSSL_RSA_CHECK_D_ON_DECRYPT
|
||||
WOLFSSL_RSA_DECRYPT_TO_0_LEN
|
||||
@@ -976,6 +978,7 @@ XSECURE_CACHE_DISABLE
|
||||
_ABI64
|
||||
_ABIO64
|
||||
_ARCH_PPC64
|
||||
_ARCH_PWR8
|
||||
_COMPILER_VERSION
|
||||
_INTPTR_T_DECLARED
|
||||
_LINUX_REFCOUNT_H
|
||||
@@ -1004,6 +1007,7 @@ __32MZ2048ECM144__
|
||||
__32MZ2048EFM144__
|
||||
__ANDROID__
|
||||
__APPLE__
|
||||
__ARCH_PWR8
|
||||
__ARCH_STRCASECMP_NO_REDIRECT
|
||||
__ARCH_STRCMP_NO_REDIRECT
|
||||
__ARCH_STRNCASECMP_NO_REDIRECT
|
||||
|
||||
@@ -2942,11 +2942,14 @@ if(WOLFSSL_EXAMPLES)
|
||||
tests/api/test_mldsa_legacy.c
|
||||
tests/api/test_slhdsa.c
|
||||
tests/api/test_signature.c
|
||||
tests/api/test_lms_xmss.c
|
||||
tests/api/test_dtls.c
|
||||
tests/api/test_dtls13.c
|
||||
tests/api/test_ocsp.c
|
||||
tests/api/test_evp.c
|
||||
tests/api/test_tls_ext.c
|
||||
tests/api/test_tls.c
|
||||
tests/api/test_session.c
|
||||
tests/api/test_x509.c
|
||||
tests/api/test_asn.c
|
||||
tests/api/test_pkcs7.c
|
||||
|
||||
@@ -469,10 +469,10 @@ extern "C" {
|
||||
/* Override Current Time */
|
||||
/* Allows custom "custom_time()" function to be used for benchmark */
|
||||
#define WOLFSSL_USER_CURRTIME
|
||||
#define WOLFSSL_GMTIME
|
||||
#define TIME_OVERRIDES
|
||||
#define USER_TICKS
|
||||
extern unsigned long my_time(unsigned long* timer);
|
||||
#define XTIME my_time
|
||||
#define XGMTIME my_gmtime
|
||||
|
||||
|
||||
/* ------------------------------------------------------------------------- */
|
||||
@@ -656,4 +656,3 @@ extern unsigned int my_rng_seed_gen(void);
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_USER_SETTINGS_H */
|
||||
|
||||
|
||||
@@ -89,6 +89,8 @@ SRC_C += ../../src/sniffer.c
|
||||
SRC_C += ../../src/ssl.c
|
||||
SRC_C += ../../src/tls.c
|
||||
SRC_C += ../../src/tls13.c
|
||||
SRC_C += ../../src/dtls.c
|
||||
SRC_C += ../../src/dtls13.c
|
||||
SRC_C += ../../src/wolfio.c
|
||||
|
||||
# wolfCrypt Core (FIPS)
|
||||
@@ -185,6 +187,9 @@ SRC_C += ../../wolfcrypt/src/dsa.c
|
||||
SRC_C += ../../wolfcrypt/src/md2.c
|
||||
SRC_C += ../../wolfcrypt/src/md4.c
|
||||
SRC_C += ../../wolfcrypt/src/ripemd.c
|
||||
SRC_C += ../../wolfcrypt/src/wc_mldsa.c
|
||||
SRC_C += ../../wolfcrypt/src/wc_mlkem.c
|
||||
SRC_C += ../../wolfcrypt/src/wc_mlkem_poly.c
|
||||
|
||||
|
||||
FILENAMES_C = $(notdir $(SRC_C))
|
||||
|
||||
@@ -27,6 +27,9 @@
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#ifdef NO_ASN_TIME
|
||||
#include <time.h>
|
||||
#endif
|
||||
|
||||
|
||||
/* TIME CODE */
|
||||
@@ -37,21 +40,103 @@ static int hw_get_time_sec(void)
|
||||
{
|
||||
#warning Must implement your own time source if validating certificates
|
||||
|
||||
return ++gTimeMs;
|
||||
return ++gTimeMs;
|
||||
}
|
||||
|
||||
static int IsLeapYear(int year)
|
||||
{
|
||||
return ((year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0));
|
||||
}
|
||||
|
||||
/* This is used by wolfCrypt asn.c for cert time checking */
|
||||
unsigned long my_time(unsigned long* timer)
|
||||
time_t my_time(time_t* timer)
|
||||
{
|
||||
(void)timer;
|
||||
return hw_get_time_sec();
|
||||
time_t curTime = (time_t)hw_get_time_sec();
|
||||
|
||||
if (timer != NULL) {
|
||||
*timer = curTime;
|
||||
}
|
||||
|
||||
return curTime;
|
||||
}
|
||||
|
||||
struct tm* my_gmtime(const time_t* timer, struct tm* tmp)
|
||||
{
|
||||
static struct tm staticTime;
|
||||
static const unsigned char daysPerMonth[] =
|
||||
{ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
|
||||
time_t curTime;
|
||||
long days;
|
||||
long rem;
|
||||
int year;
|
||||
int yearDays;
|
||||
int month;
|
||||
int monthDays;
|
||||
|
||||
if (tmp == NULL) {
|
||||
tmp = &staticTime;
|
||||
}
|
||||
|
||||
curTime = (timer != NULL) ? *timer : my_time(NULL);
|
||||
if (curTime < 0) {
|
||||
curTime = 0;
|
||||
}
|
||||
|
||||
days = (long)(curTime / 86400);
|
||||
rem = (long)(curTime % 86400);
|
||||
|
||||
tmp->tm_hour = (int)(rem / 3600);
|
||||
rem %= 3600;
|
||||
tmp->tm_min = (int)(rem / 60);
|
||||
tmp->tm_sec = (int)(rem % 60);
|
||||
tmp->tm_wday = (int)((days + 4) % 7);
|
||||
|
||||
year = 1970;
|
||||
while (1) {
|
||||
yearDays = IsLeapYear(year) ? 366 : 365;
|
||||
if (days < yearDays) {
|
||||
break;
|
||||
}
|
||||
days -= yearDays;
|
||||
year++;
|
||||
}
|
||||
|
||||
tmp->tm_year = year - 1900;
|
||||
tmp->tm_yday = (int)days;
|
||||
|
||||
for (month = 0; month < 12; month++) {
|
||||
monthDays = daysPerMonth[month];
|
||||
if (month == 1 && IsLeapYear(year)) {
|
||||
monthDays++;
|
||||
}
|
||||
if (days < monthDays) {
|
||||
break;
|
||||
}
|
||||
days -= monthDays;
|
||||
}
|
||||
|
||||
tmp->tm_mon = month;
|
||||
tmp->tm_mday = (int)days + 1;
|
||||
tmp->tm_isdst = 0;
|
||||
|
||||
return tmp;
|
||||
}
|
||||
|
||||
#ifndef WOLFCRYPT_ONLY
|
||||
/* This is used by TLS only */
|
||||
unsigned int LowResTimer(void)
|
||||
word32 LowResTimer(void)
|
||||
{
|
||||
return hw_get_time_sec();
|
||||
return (word32)hw_get_time_sec();
|
||||
}
|
||||
|
||||
/* This is used by TLS 1.3 ticket and PSK timeouts. */
|
||||
#ifdef WOLFSSL_32BIT_MILLI_TIME
|
||||
word32 TimeNowInMilliseconds(void)
|
||||
#else
|
||||
sword64 TimeNowInMilliseconds(void)
|
||||
#endif
|
||||
{
|
||||
return (sword64)my_time(NULL) * 1000;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c
|
||||
EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c
|
||||
EXTRA_DIST+= IDE/GCC-ARM/Source/tls_server.c
|
||||
EXTRA_DIST+= IDE/GCC-ARM/linker.ld
|
||||
EXTRA_DIST+= IDE/GCC-ARM/linker_large.ld
|
||||
EXTRA_DIST+= IDE/GCC-ARM/linker_fips.ld
|
||||
EXTRA_DIST+= IDE/GCC-ARM/Makefile
|
||||
EXTRA_DIST+= IDE/GCC-ARM/Makefile.bench
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
MEMORY
|
||||
{
|
||||
FLASH (wx) : ORIGIN = 0x00000000, LENGTH = 1024K
|
||||
RAM (wx) : ORIGIN = 0x20000000, LENGTH = 256K
|
||||
}
|
||||
|
||||
SECTIONS
|
||||
{
|
||||
__vectors_start__ = .;
|
||||
.vectors : { *(.vectors) } > FLASH
|
||||
__vectors_end__ = __vectors_start__ + 0x400;
|
||||
.sys : { *(.sys*) } > FLASH
|
||||
.text : { *(.text*) } > FLASH
|
||||
.rodata : { *(.rodata*) } > FLASH
|
||||
|
||||
__data_load_start__ = .;
|
||||
__data_start__ = .;
|
||||
.data : { *(.data*) } > RAM
|
||||
__data_end__ = __data_start__ + SIZEOF(.data);
|
||||
|
||||
__bss_start__ = .;
|
||||
.bss : { *(.bss*) } > RAM
|
||||
__bss_end__ = __bss_start__ + SIZEOF(.bss);
|
||||
|
||||
__heap_start__ = .;
|
||||
.heap : { *(.heap*) } > RAM
|
||||
__heap_end__ = __heap_start__ + SIZEOF(.heap);
|
||||
|
||||
end = .;
|
||||
}
|
||||
@@ -85,6 +85,8 @@ The wolfssl Project Summary is listed below and is relevant for every project.
|
||||
+ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties
|
||||
+ Add Ethernet Driver by clicking `Add Ethernet Driver` element and select `New` -> `Ethernet(r_ether)`
|
||||
+ Increase Heap size of `RA Common`. Go to `BSP` tab and inclease `RA Common` -> `Heap size (bytes)` to 0x2000
|
||||
|
||||
|
||||
|Property|Value|
|
||||
|:--|:--|
|
||||
|Network Events call vApplicationIPNetworkEventHook|Disable|
|
||||
@@ -130,7 +132,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
|
||||
SEGGER_RTT_printf.c
|
||||
|
||||
+ To connect RTT block, you can configure RTT viewer configuration based on where RTT block is in a map file.
|
||||
+ To place RTT block specific area, you can add the following line to `fsp.ld`:
|
||||
+ To place RTT block specific area, you can add the following line to `fsp_gen.ld`:
|
||||
|
||||
```
|
||||
__ram_from_flash$$ :
|
||||
@@ -161,9 +163,9 @@ SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".txt.rtt_block")));
|
||||
0x20000000 0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o
|
||||
0x20000000 _SEGGER_RTT
|
||||
````
|
||||
you can specify "RTT control block" to 0x20023648 by Address
|
||||
you can specify "RTT control block" to 0x20000000 by Address
|
||||
OR
|
||||
you can specify "RTT control block" to 0x20023000 0x1000 by Search Range
|
||||
you can specify "RTT control block" to 0x20000000 0x1000 by Search Range
|
||||
|
||||
## Run Client
|
||||
1.) Enable TLS_CLIENT definition in wolfssl_demo.h of test_RA6M4 project
|
||||
@@ -174,7 +176,7 @@ SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".txt.rtt_block")));
|
||||
```
|
||||
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
|
||||
```
|
||||
+ Client IP address can be changed by the following line in wolf_client.c.
|
||||
+ Server IP address can be changed by the following line in wolfssl_demo.h.
|
||||
```
|
||||
#define SERVER_IP "192.168.11.40"
|
||||
```
|
||||
|
||||
@@ -115,5 +115,4 @@
|
||||
#endif
|
||||
|
||||
#define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock
|
||||
/* use original asn parsing */
|
||||
#define WOLFSSL_ASN_ORIGINAL
|
||||
|
||||
|
||||
@@ -72,32 +72,32 @@ const st_user_key_block_data_t g_key_block_data =
|
||||
* This is used for Root Certificate verify by SCE */
|
||||
const unsigned char ca_cert_der_sign[] =
|
||||
{
|
||||
0xAF, 0x76, 0x00, 0x5E, 0x2C, 0x9C, 0xCB, 0xAF, 0x96, 0x9F,
|
||||
0x7A, 0x0E, 0xA1, 0x41, 0x36, 0xBE, 0x72, 0x8C, 0xED, 0x86,
|
||||
0x31, 0xEF, 0x03, 0x19, 0x2D, 0x68, 0xB0, 0x17, 0xD2, 0x3F,
|
||||
0x15, 0xAC, 0x51, 0x00, 0x98, 0xE9, 0xE0, 0x07, 0x39, 0x00,
|
||||
0x83, 0x63, 0xE3, 0x0F, 0xCA, 0xD5, 0x8A, 0xBD, 0xBB, 0xC5,
|
||||
0x5C, 0xC7, 0xE4, 0xE0, 0xCB, 0x2F, 0x9F, 0x4E, 0xE8, 0xB0,
|
||||
0xBF, 0xA6, 0x12, 0x95, 0xFF, 0x5C, 0xA8, 0xF7, 0x89, 0xD4,
|
||||
0xA0, 0x84, 0x74, 0x50, 0x91, 0x11, 0x16, 0xEA, 0xEC, 0x59,
|
||||
0x03, 0x63, 0x2C, 0xBC, 0x7B, 0x16, 0xD5, 0xAB, 0x2F, 0x7A,
|
||||
0xF8, 0xC0, 0x51, 0xC2, 0x58, 0x9C, 0x2C, 0x89, 0xFB, 0x26,
|
||||
0x88, 0x13, 0x3F, 0x77, 0xD8, 0x2F, 0x3F, 0x52, 0x5C, 0x65,
|
||||
0x0F, 0x04, 0xF8, 0xAC, 0x54, 0x4F, 0x9C, 0x36, 0x80, 0x4A,
|
||||
0xE7, 0x54, 0x5A, 0x86, 0x6E, 0xD5, 0x34, 0xC9, 0x31, 0x12,
|
||||
0x9D, 0x64, 0x8F, 0x3D, 0xA3, 0x9D, 0x07, 0x87, 0xF5, 0xD7,
|
||||
0x54, 0x6E, 0xFA, 0x53, 0xF0, 0x09, 0xCE, 0x0A, 0xD3, 0xCA,
|
||||
0x63, 0x23, 0x0A, 0x07, 0xF5, 0xA2, 0x28, 0x67, 0xCD, 0xC7,
|
||||
0x1E, 0x0C, 0x4F, 0x15, 0x6B, 0xBA, 0x50, 0xDE, 0x08, 0x7B,
|
||||
0x56, 0x18, 0x8C, 0xA2, 0xE0, 0x9C, 0x5A, 0x31, 0xBA, 0xAC,
|
||||
0xD3, 0x8B, 0xFC, 0x7F, 0xE1, 0x60, 0x26, 0x93, 0x47, 0xA6,
|
||||
0x42, 0x67, 0x50, 0x0F, 0x0B, 0x90, 0x27, 0xE3, 0x53, 0x35,
|
||||
0xFD, 0x20, 0x2A, 0xEF, 0xB1, 0x68, 0x81, 0xF8, 0x05, 0x19,
|
||||
0xB2, 0x37, 0x57, 0xE8, 0x14, 0x5E, 0xD0, 0xC8, 0x10, 0xB0,
|
||||
0xAA, 0x15, 0x27, 0xA3, 0xBF, 0x09, 0xC1, 0xC4, 0xAC, 0x5B,
|
||||
0xB4, 0xE4, 0x9A, 0xD3, 0x3A, 0x59, 0xF0, 0x2A, 0x05, 0xFE,
|
||||
0xA6, 0xA6, 0x86, 0x96, 0x9C, 0xF7, 0x6C, 0xA3, 0x3B, 0x3A,
|
||||
0x54, 0xA0, 0x38, 0x6D, 0x84, 0x73
|
||||
0x4D, 0x7E, 0xE5, 0x34, 0x04, 0x8F, 0xA6, 0x81, 0x22, 0x8E,
|
||||
0x2A, 0x9E, 0xEA, 0xBE, 0x1D, 0x0A, 0x1C, 0xC3, 0xEC, 0xCD,
|
||||
0x99, 0x1D, 0xE0, 0x2E, 0x79, 0x42, 0x8F, 0xEA, 0x79, 0x47,
|
||||
0x13, 0xC3, 0x40, 0x47, 0x83, 0xF6, 0xFE, 0x32, 0x42, 0x52,
|
||||
0x26, 0xED, 0xC4, 0xCF, 0x2E, 0x86, 0xF4, 0xEC, 0xFE, 0x8F,
|
||||
0x6B, 0xF4, 0x3F, 0x0F, 0xA7, 0x1E, 0x9F, 0x09, 0x37, 0xAE,
|
||||
0x5E, 0x35, 0x39, 0xCD, 0x35, 0xAC, 0x6F, 0x37, 0x98, 0x01,
|
||||
0x6C, 0x8B, 0x01, 0x8A, 0xAE, 0xCC, 0xAF, 0x05, 0x6E, 0x05,
|
||||
0x3A, 0x0A, 0x03, 0xA2, 0xEB, 0xD4, 0x4A, 0x63, 0x64, 0x68,
|
||||
0xB6, 0xE4, 0xFC, 0xDE, 0xA5, 0x6B, 0xC4, 0x3C, 0x8F, 0xCF,
|
||||
0xC2, 0x5A, 0x2F, 0xBB, 0xBE, 0x70, 0xDC, 0x19, 0x07, 0x4D,
|
||||
0xC3, 0x5F, 0x3E, 0xD9, 0x1A, 0x8E, 0xB9, 0x36, 0x74, 0xF6,
|
||||
0x38, 0xA6, 0x62, 0x7A, 0xBD, 0x53, 0xF5, 0x91, 0xCF, 0xFD,
|
||||
0xD2, 0xCA, 0x4A, 0x20, 0x47, 0xD3, 0x78, 0x15, 0x82, 0x75,
|
||||
0xDC, 0x3F, 0x2D, 0xAE, 0x18, 0xFE, 0x9F, 0x22, 0x99, 0x12,
|
||||
0x4D, 0xF3, 0x3E, 0xE3, 0x47, 0x33, 0xED, 0x06, 0x79, 0x42,
|
||||
0x12, 0xBD, 0x07, 0x39, 0x3F, 0x0D, 0x8A, 0x64, 0xA9, 0xDC,
|
||||
0xF0, 0xCF, 0x87, 0x85, 0x4F, 0x09, 0x31, 0x26, 0x6D, 0x05,
|
||||
0x2B, 0xBD, 0x52, 0xFB, 0x03, 0xD9, 0xD8, 0x0E, 0x34, 0x33,
|
||||
0x72, 0xC0, 0x32, 0x69, 0x6F, 0x23, 0x2A, 0xF9, 0xD3, 0xBB,
|
||||
0x55, 0xD4, 0xF8, 0x85, 0xF5, 0xF8, 0x5E, 0xAB, 0x57, 0x35,
|
||||
0xAC, 0x3A, 0x33, 0x1F, 0xB8, 0x29, 0x1E, 0xFA, 0x30, 0xC1,
|
||||
0x32, 0xEB, 0xAB, 0xD3, 0x51, 0x15, 0x6A, 0xAE, 0xE6, 0xD1,
|
||||
0x42, 0x6C, 0x93, 0x3C, 0x48, 0xE1, 0xF8, 0xBC, 0x03, 0xFB,
|
||||
0x38, 0x25, 0x18, 0x8F, 0x5B, 0x60, 0xE2, 0x86, 0x15, 0x88,
|
||||
0xA3, 0x09, 0xFD, 0x29, 0xB7, 0xF5
|
||||
};
|
||||
|
||||
const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
|
||||
@@ -108,32 +108,32 @@ const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
|
||||
*/
|
||||
const unsigned char ca_ecc_cert_der_sign[] =
|
||||
{
|
||||
0x5A, 0x12, 0x05, 0x7F, 0x18, 0x16, 0x41, 0x18, 0x37, 0x11,
|
||||
0x67, 0x22, 0xCE, 0x03, 0x92, 0xDB, 0xCB, 0xE2, 0xD2, 0x5B,
|
||||
0x35, 0x3A, 0x2E, 0x35, 0xE8, 0x86, 0x6F, 0xB6, 0x3F, 0x86,
|
||||
0x99, 0xFB, 0xB7, 0x7A, 0xB1, 0x38, 0xAE, 0x79, 0x7D, 0x98,
|
||||
0x2D, 0x81, 0xBD, 0x74, 0xB1, 0x7D, 0xAD, 0xCE, 0x4F, 0x63,
|
||||
0xD2, 0xB3, 0x06, 0xDF, 0x00, 0x91, 0x12, 0x21, 0x53, 0xAE,
|
||||
0xEB, 0x0E, 0x4E, 0xDA, 0xF1, 0xD7, 0x29, 0x2E, 0xC8, 0xF2,
|
||||
0x42, 0xEB, 0x90, 0xDE, 0xE3, 0xF2, 0x4B, 0x9A, 0xC0, 0x16,
|
||||
0x51, 0x4C, 0xE3, 0x54, 0xCD, 0xE7, 0x33, 0xE6, 0x0A, 0xD4,
|
||||
0x0F, 0x51, 0x6D, 0xA5, 0x69, 0x5E, 0xD7, 0xDD, 0x5A, 0xF9,
|
||||
0x95, 0xE7, 0x89, 0x71, 0x56, 0x22, 0x37, 0x24, 0x2D, 0x39,
|
||||
0x21, 0xE4, 0xC9, 0x4F, 0x22, 0x2E, 0x01, 0xA0, 0xA1, 0x2F,
|
||||
0xDC, 0x75, 0xD9, 0xED, 0x25, 0x37, 0xB6, 0x7E, 0xAB, 0xF7,
|
||||
0xFA, 0xCD, 0x68, 0x9B, 0x89, 0x1F, 0x21, 0x43, 0x8C, 0xAC,
|
||||
0xE6, 0x55, 0xC2, 0xDE, 0xF5, 0xCE, 0xA9, 0x1B, 0x6D, 0x7E,
|
||||
0x64, 0x3D, 0x91, 0x5A, 0x8D, 0x55, 0x8D, 0x32, 0x56, 0x0D,
|
||||
0xE2, 0x65, 0x73, 0xBE, 0x21, 0x2E, 0x7D, 0xFF, 0x2C, 0xA4,
|
||||
0x28, 0x0F, 0x37, 0x0F, 0xEA, 0xE7, 0xC4, 0xAC, 0x73, 0x7E,
|
||||
0x5F, 0x35, 0x35, 0xD2, 0xE1, 0x76, 0x5B, 0xB3, 0x44, 0xA2,
|
||||
0xD7, 0x8E, 0x99, 0xE5, 0x7E, 0xD1, 0x61, 0xAB, 0x78, 0xFC,
|
||||
0x70, 0x61, 0x34, 0x99, 0x41, 0x1F, 0x83, 0xFF, 0x71, 0x8D,
|
||||
0x83, 0xC5, 0x03, 0x3A, 0x64, 0x54, 0xD0, 0x68, 0x83, 0xC7,
|
||||
0x3B, 0x75, 0x62, 0x86, 0x7B, 0xF3, 0x4B, 0xFE, 0xAC, 0x4B,
|
||||
0x6F, 0x45, 0x70, 0xC4, 0x71, 0x03, 0x9F, 0x90, 0x32, 0x35,
|
||||
0xA8, 0x44, 0x63, 0x2B, 0x89, 0xF4, 0xCE, 0x38, 0x40, 0x61,
|
||||
0xC4, 0x9A, 0x2E, 0x84, 0xD5, 0x08
|
||||
0x10, 0xDC, 0xA3, 0x0E, 0xD9, 0xA7, 0x3C, 0xBE, 0x37, 0x6E,
|
||||
0x34, 0xC1, 0xDB, 0x4E, 0x90, 0x42, 0x05, 0xCC, 0x94, 0x2B,
|
||||
0xAF, 0x0D, 0xE0, 0xC9, 0xE3, 0x91, 0x5F, 0x57, 0x58, 0x48,
|
||||
0x44, 0x69, 0x96, 0x4A, 0x94, 0x24, 0x17, 0xE6, 0xDC, 0x1F,
|
||||
0x6B, 0xCA, 0xC5, 0xD2, 0x66, 0x25, 0xF7, 0x6F, 0x1E, 0x67,
|
||||
0xC0, 0x16, 0x7D, 0x59, 0x43, 0x55, 0x52, 0x6F, 0x1C, 0x23,
|
||||
0x55, 0xAC, 0x5E, 0x2C, 0x1A, 0x33, 0x9A, 0x3F, 0x8D, 0x2E,
|
||||
0xA9, 0x2B, 0x2A, 0x57, 0x90, 0xA9, 0x4B, 0x5F, 0x30, 0xD1,
|
||||
0xB5, 0x76, 0x10, 0xAB, 0xDA, 0x0C, 0x6A, 0x0A, 0x42, 0xEF,
|
||||
0x5C, 0x4C, 0xFD, 0x4E, 0x5B, 0x4B, 0x68, 0x30, 0x23, 0x11,
|
||||
0x53, 0xA8, 0xBE, 0x01, 0x2E, 0x6F, 0xEB, 0x40, 0x60, 0x1D,
|
||||
0xBC, 0xE7, 0xCC, 0xCC, 0x89, 0xA0, 0xD1, 0x2E, 0x08, 0x0F,
|
||||
0xE5, 0x81, 0xB1, 0xCF, 0x32, 0x95, 0xA0, 0xF6, 0x0E, 0x59,
|
||||
0x88, 0x10, 0x2F, 0xB2, 0x60, 0x59, 0xA4, 0x08, 0xBA, 0x81,
|
||||
0x1A, 0x6C, 0x24, 0xB8, 0xBE, 0x2B, 0x4A, 0x64, 0x3E, 0x14,
|
||||
0x88, 0x46, 0x22, 0xEC, 0xAA, 0x24, 0x6E, 0x1D, 0x5F, 0xA1,
|
||||
0x89, 0xA3, 0xD0, 0x5B, 0x26, 0xC1, 0x63, 0xF4, 0xDC, 0x32,
|
||||
0x7F, 0xED, 0xDB, 0x0F, 0xE9, 0x0D, 0xBB, 0x24, 0xB9, 0x25,
|
||||
0x87, 0x11, 0xE4, 0x90, 0xE3, 0xAE, 0x4B, 0xEE, 0x3C, 0xFB,
|
||||
0x49, 0xDD, 0x5E, 0xB0, 0xF3, 0xC9, 0x13, 0xA9, 0x73, 0x78,
|
||||
0x23, 0xBB, 0x66, 0x29, 0x53, 0xF2, 0xBF, 0xC6, 0x92, 0xDB,
|
||||
0x09, 0x21, 0x18, 0xAF, 0x76, 0x43, 0x4C, 0x7E, 0xD7, 0x4D,
|
||||
0xCA, 0xB7, 0xAA, 0x90, 0xEF, 0x6E, 0xF5, 0x3F, 0x66, 0xCA,
|
||||
0x40, 0x1A, 0xCE, 0x87, 0x20, 0x9F, 0x39, 0x36, 0x03, 0x53,
|
||||
0x8E, 0x2C, 0xFD, 0x31, 0x14, 0xB8, 0x7E, 0x81, 0xC7, 0x84,
|
||||
0x69, 0x1B, 0xBD, 0x1A, 0x0F, 0x3A
|
||||
};
|
||||
static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
|
||||
#endif /* USE_CERT_BUFFERS_256 */
|
||||
|
||||
@@ -170,39 +170,31 @@ int client_loop(const char *peer_ip, const char *peer_name,
|
||||
char randombytes[16] = {0};
|
||||
|
||||
/* Construct HTTP POST */
|
||||
|
||||
/* Header */
|
||||
strcat(buff, "POST /iot/device HTTP/1.1\r\n");
|
||||
strcat(buff, "Content-Type: application/json\r\n");
|
||||
strcat(buff, "Content-Length: 1000\r\n");
|
||||
strcat(buff, "Accept: */*\r\n");
|
||||
strcat(buff, "Host: ");
|
||||
strcat(buff, peer_name);
|
||||
strcat(buff, ":");
|
||||
strcat(buff, peer_port);
|
||||
strcat(buff, "\r\n");
|
||||
|
||||
/* Delimiter */
|
||||
strcat(buff, "\r\n");
|
||||
|
||||
/* Body */
|
||||
srand(time(NULL));
|
||||
int devid = rand() % 100;
|
||||
char snum[5] = {0};
|
||||
snprintf(snum, sizeof(snum), "%d", devid);
|
||||
int devid = rand() % 100;
|
||||
|
||||
strcat(buff, "{");
|
||||
strcat(buff, "\"deviceId\": \"");
|
||||
strcat(buff, snum);
|
||||
strcat(buff, "\",");
|
||||
strcat(buff, "\"sensorType\": \"Temperature\",");
|
||||
strcat(buff, "\"sensorValue\": \"");
|
||||
strcat(buff, temperature);
|
||||
strcat(buff, "\",");
|
||||
strcat(buff, "\"sensorUnit\": \"Celsius\",");
|
||||
strcat(buff, "\"sensorTime\": 1582181510");
|
||||
strcat(buff, "}");
|
||||
strcat(buff, "\r\n");
|
||||
int n = snprintf(buff, sizeof(buff),
|
||||
"POST /iot/device HTTP/1.1\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Content-Length: 1000\r\n"
|
||||
"Accept: */*\r\n"
|
||||
"Host: %s:%s\r\n"
|
||||
"\r\n"
|
||||
"{"
|
||||
"\"deviceId\": \"%d\","
|
||||
"\"sensorType\": \"Temperature\","
|
||||
"\"sensorValue\": \"%s\","
|
||||
"\"sensorUnit\": \"Celsius\","
|
||||
"\"sensorTime\": 1582181510"
|
||||
"}"
|
||||
"\r\n",
|
||||
peer_name, peer_port, devid, temperature);
|
||||
|
||||
if (n < 0 || n >= (int)sizeof(buff)) {
|
||||
fprintf(stderr, "ERROR: HTTP request too large for buffer\n");
|
||||
ret = -1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf("\n\nPOST REQUEST\n\n%s\n\n", buff);
|
||||
|
||||
|
||||
@@ -203,27 +203,27 @@ int main(int argc, char** argv)
|
||||
|
||||
if (argc == 11)
|
||||
{
|
||||
if (strcmp(argv[1], "-ip") == 0)
|
||||
strcpy((char*)&ip, argv[2]);
|
||||
if (strcmp(argv[1], "-ip") == 0 && strlen(argv[2]) < sizeof(ip))
|
||||
strcpy((char*)&ip, argv[2]);
|
||||
else
|
||||
show_usage(argv[0]);
|
||||
|
||||
if (strcmp(argv[3], "-h") == 0)
|
||||
if (strcmp(argv[3], "-h") == 0 && strlen(argv[4]) < sizeof(name))
|
||||
strcpy((char*)&name, argv[4]);
|
||||
else
|
||||
show_usage(argv[0]);
|
||||
|
||||
if (strcmp(argv[5], "-p") == 0)
|
||||
if (strcmp(argv[5], "-p") == 0 && strlen(argv[6]) < sizeof(port))
|
||||
strcpy((char*)&port, argv[6]);
|
||||
else
|
||||
show_usage(argv[0]);
|
||||
|
||||
if (strcmp(argv[7], "-t") == 0)
|
||||
if (strcmp(argv[7], "-t") == 0 && strlen(argv[8]) < sizeof(temperature))
|
||||
strcpy((char*)&temperature, argv[8]);
|
||||
else
|
||||
show_usage(argv[0]);
|
||||
|
||||
if (strcmp(argv[9], "-d") == 0)
|
||||
if (strcmp(argv[9], "-d") == 0 && strlen(argv[10]) < sizeof(device))
|
||||
strcpy((char*)&device, argv[10]);
|
||||
else
|
||||
show_usage(argv[0]);
|
||||
|
||||
@@ -36,6 +36,7 @@
|
||||
#ifndef CHAR_BIT
|
||||
#include <sys/limits.h>
|
||||
#endif /* !CHAR_BIT*/
|
||||
#include <sys/proc.h>
|
||||
|
||||
#define NO_THREAD_LS
|
||||
#define NO_ATTRIBUTE_CONSTRUCTOR
|
||||
@@ -80,20 +81,22 @@ extern struct malloc_type M_WOLFSSL[1];
|
||||
#if defined(WOLFSSL_BSDKM_MEMORY_DEBUG)
|
||||
#define XMALLOC(s, h, t) ({ \
|
||||
(void)(h); (void)(t); \
|
||||
void * _ptr = malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO); \
|
||||
int _wait_flag = curthread->td_critnest == 0 ? M_WAITOK : M_NOWAIT; \
|
||||
void * _ptr = malloc((s), M_WOLFSSL, _wait_flag | M_ZERO); \
|
||||
printf("info: malloc: %p, M_WOLFSSL, %zu\n", _ptr, (size_t) s); \
|
||||
(void *)_ptr; \
|
||||
})
|
||||
|
||||
#define XFREE(p, h, t) ({ \
|
||||
void* _xp; (void)(h); (void)(t); _xp = (p); \
|
||||
printf("info: free: %p, M_WOLFSSL\n", p); \
|
||||
printf("info: free: %p, M_WOLFSSL\n", _xp); \
|
||||
if(_xp) free(_xp, M_WOLFSSL); \
|
||||
})
|
||||
#else
|
||||
#define XMALLOC(s, h, t) ({ \
|
||||
(void)(h); (void)(t); \
|
||||
void * _ptr = malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO); \
|
||||
int _wait_flag = curthread->td_critnest == 0 ? M_WAITOK : M_NOWAIT; \
|
||||
void * _ptr = malloc((s), M_WOLFSSL, _wait_flag | M_ZERO); \
|
||||
(void *)_ptr; \
|
||||
})
|
||||
|
||||
|
||||
+15
-10
@@ -249,15 +249,14 @@ static int wolfkmod_load(void)
|
||||
|
||||
error = wolfkmod_init();
|
||||
if (error != 0) {
|
||||
return (ECANCELED);
|
||||
goto wolfkmod_load_out;
|
||||
}
|
||||
|
||||
#ifndef NO_CRYPT_TEST
|
||||
error = wolfcrypt_test(NULL);
|
||||
if (error != 0) {
|
||||
printf("error: wolfcrypt test failed: %d\n", error);
|
||||
(void)wolfkmod_cleanup();
|
||||
return (ECANCELED);
|
||||
goto wolfkmod_load_out;
|
||||
}
|
||||
printf("info: wolfCrypt self-test passed.\n");
|
||||
#endif /* NO_CRYPT_TEST */
|
||||
@@ -266,15 +265,19 @@ static int wolfkmod_load(void)
|
||||
error = benchmark_test(NULL);
|
||||
if (error != 0) {
|
||||
printf("error: wolfcrypt benchmark failed: %d\n", error);
|
||||
(void)wolfkmod_cleanup();
|
||||
return (ECANCELED);
|
||||
goto wolfkmod_load_out;
|
||||
}
|
||||
printf("info: wolfCrypt benchmark passed.\n");
|
||||
#endif /* WOLFSSL_KERNEL_BENCHMARKS */
|
||||
|
||||
printf("info: libwolfssl loaded\n");
|
||||
|
||||
return (0);
|
||||
wolfkmod_load_out:
|
||||
if (error != 0) {
|
||||
(void)wolfkmod_cleanup();
|
||||
error = ECANCELED;
|
||||
}
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
static int wolfkmod_unload(void)
|
||||
@@ -435,7 +438,8 @@ static int wolfkdriv_attach(device_t dev)
|
||||
|
||||
ret = wolfkmod_init();
|
||||
if (ret != 0) {
|
||||
return (ECANCELED);
|
||||
error = ECANCELED;
|
||||
goto attach_out;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -452,7 +456,8 @@ static int wolfkdriv_attach(device_t dev)
|
||||
if (softc->crid < 0) {
|
||||
device_printf(dev, "error: crypto_get_driverid failed: %d\n",
|
||||
softc->crid);
|
||||
return (ENXIO);
|
||||
error = ENXIO;
|
||||
goto attach_out;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -487,7 +492,7 @@ static int wolfkdriv_attach(device_t dev)
|
||||
attach_out:
|
||||
if (error) {
|
||||
wolfkdriv_unregister(softc);
|
||||
error = ENXIO;
|
||||
(void)wolfkmod_cleanup();
|
||||
}
|
||||
|
||||
return (error);
|
||||
|
||||
+3
-3
@@ -29,13 +29,13 @@
|
||||
#include <machine/pcb.h>
|
||||
|
||||
struct wolfkmod_fpu_state_t {
|
||||
volatile lwpid_t td_tid;
|
||||
volatile u_int nest;
|
||||
volatile lwpid_t td_tid; /* the thread currently using fpu. */
|
||||
volatile u_int nest; /* the fpu nesting level. */
|
||||
};
|
||||
|
||||
typedef struct wolfkmod_fpu_state_t wolfkmod_fpu_state_t;
|
||||
|
||||
/* fpu_states array tracks thread id and nesting level of save/restore
|
||||
/* The fpu_states array tracks thread id and nesting level of save/restore
|
||||
* and push/pop vector registers macro calls. It is indexed by raw cpu id,
|
||||
* and only accessed after the thread calls fpu_kern_enter(), and before
|
||||
* calling fpu_kern_leave(), and only indexed by the thread's PCPU_GET(cpuid).
|
||||
|
||||
+83
-13
@@ -1432,6 +1432,11 @@ then
|
||||
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-ppc32-asm])
|
||||
fi
|
||||
|
||||
if test "$enable_ppc64_asm" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-ppc64-asm])
|
||||
fi
|
||||
|
||||
case "$host_cpu" in
|
||||
*x86_64*|*amd64*)
|
||||
if test "$enable_intelasm" = ""
|
||||
@@ -1462,6 +1467,10 @@ then
|
||||
fi
|
||||
;;
|
||||
*powerpc64*)
|
||||
if test "$enable_ppc64_asm" = ""
|
||||
then
|
||||
enable_ppc64_asm=yes
|
||||
fi
|
||||
;;
|
||||
*powerpc*)
|
||||
if test "$enable_ppc32_asm" = ""
|
||||
@@ -1513,6 +1522,7 @@ then
|
||||
test "$enable_hkdf" = "" && enable_hkdf=yes
|
||||
test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
|
||||
test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
|
||||
test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
|
||||
test "$enable_psk" = "" && enable_psk=yes
|
||||
test "$enable_cmac" = "" && enable_cmac=yes
|
||||
test "$enable_cmac_kdf" = "" && enable_cmac_kdf=yes
|
||||
@@ -1580,13 +1590,12 @@ then
|
||||
test "$enable_aessiv" = "" && enable_aessiv=yes
|
||||
# AFALG lacks AES-EAX
|
||||
test "$enable_aeseax" = "" && test "$enable_afalg" != "yes" && enable_aeseax=yes
|
||||
test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
|
||||
|
||||
if test "$KERNEL_MODE_DEFAULTS" != "yes"
|
||||
then
|
||||
test "$enable_cryptocb" = "" && enable_cryptocb=yes
|
||||
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
|
||||
test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
|
||||
test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -3859,7 +3868,7 @@ do
|
||||
# FSL, FSR, FSRI, CMOV, CMIX - QEMU doesn't know about these instructions
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION_TERNARY"
|
||||
;;
|
||||
zkn|zkned)
|
||||
zkned)
|
||||
# AES encrypt/decrpyt, SHA-2
|
||||
ENABLED_RISCV_ASM=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_SCALAR_CRYPTO_ASM"
|
||||
@@ -3934,21 +3943,70 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM"
|
||||
AC_MSG_NOTICE([32-bit PowerPC assembly for SHA-256])
|
||||
ENABLED_PPC32_ASM=yes
|
||||
|
||||
if test "$ENABLED_PPC32_ASM_INLINE" = "yes" || test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_INLINE"
|
||||
else
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM"
|
||||
fi
|
||||
if test "$ENABLED_PPC32_ASM_SMALL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
|
||||
fi
|
||||
if test "$ENABLED_PPC32_ASM_SPE" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SPE"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SPE"
|
||||
fi
|
||||
fi
|
||||
if test "$ENABLED_PPC32_ASM_INLINE" = "yes" || test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_INLINE"
|
||||
|
||||
# PPC64 Assembly
|
||||
AC_ARG_ENABLE([ppc64-asm],
|
||||
[AS_HELP_STRING([--enable-ppc64-asm],[Enable wolfSSL PowerPC 64-bit ASM support (default: disabled).])],
|
||||
[ ENABLED_PPC64_ASM=$enableval ],
|
||||
[ ENABLED_PPC64_ASM=no ]
|
||||
)
|
||||
|
||||
|
||||
if test "$ENABLED_PPC64_ASM" != "no" && test "$ENABLED_ASM" = "yes"
|
||||
then
|
||||
ENABLED_PPC64_ASM_OPTS=$ENABLED_PPC64_ASM
|
||||
for v in `echo $ENABLED_PPC64_ASM_OPTS | tr "," " "`
|
||||
do
|
||||
case $v in
|
||||
yes)
|
||||
;;
|
||||
inline)
|
||||
ENABLED_PPC64_ASM_INLINE=yes
|
||||
;;
|
||||
inline-reg)
|
||||
ENABLED_PPC64_ASM_INLINE_REG=yes
|
||||
;;
|
||||
small)
|
||||
ENABLED_PPC64_ASM_SMALL=yes
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([Invalid RISC-V option [yes,inline,small]: $ENABLED_PPC64_ASM.])
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC64_ASM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
|
||||
AC_MSG_NOTICE([64-bit PowerPC assembly for AES])
|
||||
ENABLED_PPC64_ASM=yes
|
||||
fi
|
||||
if test "$ENABLED_PPC64_ASM_INLINE" = "yes" || test "$ENABLED_PPC64_ASM_INLINE_REG" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC64_ASM_INLINE"
|
||||
else
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC64_ASM"
|
||||
fi
|
||||
if test "$ENABLED_PPC32_ASM_SMALL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
|
||||
fi
|
||||
if test "$ENABLED_PPC32_ASM_SPE" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SPE"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SPE"
|
||||
if test "$ENABLED_PPC64_ASM_SMALL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC64_ASM_SMALL"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC64_ASM_SMALL"
|
||||
fi
|
||||
|
||||
|
||||
# Xilinx hardened crypto
|
||||
AC_ARG_ENABLE([xilinx],
|
||||
[AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
|
||||
@@ -12219,6 +12277,9 @@ AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_PPC32_ASM],[test "x$ENABLED_PPC32_ASM" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE],[test "x$ENABLED_PPC32_ASM_INLINE" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE_REG],[test "x$ENABLED_PPC32_ASM_INLINE_REG" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_PPC64_ASM],[test "x$ENABLED_PPC64_ASM" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_PPC64_ASM_INLINE],[test "x$ENABLED_PPC64_ASM_INLINE" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_PPC64_ASM_INLINE_REG],[test "x$ENABLED_PPC64_ASM_INLINE_REG" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
|
||||
@@ -12925,6 +12986,15 @@ then
|
||||
ENABLED_PPC32_ASM="inline C Reg"
|
||||
fi
|
||||
echo " * PPC32 ASM $ENABLED_PPC32_ASM"
|
||||
if test "$ENABLED_PPC64_ASM_INLINE" = "yes"
|
||||
then
|
||||
ENABLED_PPC64_ASM="inline C"
|
||||
fi
|
||||
if test "$ENABLED_PPC64_ASM_INLINE_REG" = "yes"
|
||||
then
|
||||
ENABLED_PPC64_ASM="inline C Reg"
|
||||
fi
|
||||
echo " * PPC64 ASM $ENABLED_PPC64_ASM"
|
||||
echo " * Write duplicate: $ENABLED_WRITEDUP"
|
||||
echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
|
||||
echo " * C89: $ENABLED_C89"
|
||||
|
||||
@@ -51,6 +51,23 @@ extern "C" {
|
||||
#define HAVE_WOLFSSL_SSL_H
|
||||
#define OPENSSL_COMPATIBLE_DEFAULTS
|
||||
|
||||
/* No-socket embedded builds still compile IP SAN helpers through OPENSSL_ALL.
|
||||
* Provide local address-conversion stubs when the platform has no socket API. */
|
||||
#ifdef WOLFSSL_NO_SOCK
|
||||
#ifndef WOLFSSL_IP4
|
||||
#define WOLFSSL_IP4 2
|
||||
#endif
|
||||
#ifndef WOLFSSL_IP6
|
||||
#define WOLFSSL_IP6 10
|
||||
#endif
|
||||
#ifndef XINET_PTON
|
||||
#define XINET_PTON(a,b,c) 0
|
||||
#endif
|
||||
#ifndef XINET_NTOP
|
||||
#define XINET_NTOP(a,b,c,d) NULL
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Avoid old name conflicts */
|
||||
#define NO_OLD_RNGNAME
|
||||
#define NO_OLD_WC_NAMES
|
||||
|
||||
@@ -57,6 +57,24 @@ $ sudo modprobe libwolfssl
|
||||
| `--enable-intelasm` | x86/amd64 crypto acceleration |
|
||||
| `--enable-cryptonly` | Omit TLS/DTLS implementation (normally recommended) |
|
||||
|
||||
### Enabling DTLS 1.3 in the kernel module
|
||||
|
||||
`--enable-linuxkm` does not implicitly enable TLS 1.3 or DTLS, so the DTLS 1.3
|
||||
configure check (`configure.ac:5634-5636`) requires all three flags to be
|
||||
passed explicitly:
|
||||
|
||||
```sh
|
||||
./configure --enable-linuxkm \
|
||||
--enable-tls13 --enable-dtls --enable-dtls13 \
|
||||
--with-linux-source=/lib/modules/$(uname -r)/build
|
||||
make -j$(nproc) module
|
||||
```
|
||||
|
||||
The resulting `linuxkm/libwolfssl.ko` exports the DTLS 1.3 entry points
|
||||
(`wolfDTLSv1_3_client_method`, `wolfDTLSv1_3_server_method`, etc.) as GPL
|
||||
kernel symbols, available to other in-kernel consumers via
|
||||
`EXPORT_SYMBOL_GPL`.
|
||||
|
||||
### Additional configuration options for verification, performance evaluation, and troubleshooting
|
||||
|
||||
| option | description |
|
||||
|
||||
+14
-11
@@ -167,13 +167,14 @@
|
||||
#ifndef WC_LINUXKM_INTR_SIGNALS
|
||||
#define WC_LINUXKM_INTR_SIGNALS { SIGKILL, SIGABRT, SIGHUP, SIGINT }
|
||||
#endif
|
||||
extern int wc_linuxkm_sig_ignore_begin(void);
|
||||
extern int wc_linuxkm_sig_ignore_end(void);
|
||||
extern int wc_linuxkm_check_for_intr_signals(void);
|
||||
WOLFSSL_API int wc_linuxkm_can_block(void);
|
||||
WOLFSSL_API int wc_linuxkm_sig_ignore_begin(void);
|
||||
WOLFSSL_API int wc_linuxkm_sig_ignore_end(void);
|
||||
WOLFSSL_API int wc_linuxkm_check_for_intr_signals(void);
|
||||
#ifndef WC_LINUXKM_MAX_NS_WITHOUT_YIELD
|
||||
#define WC_LINUXKM_MAX_NS_WITHOUT_YIELD 1000000000
|
||||
#endif
|
||||
extern void wc_linuxkm_relax_long_loop(void);
|
||||
WOLFSSL_API void wc_linuxkm_relax_long_loop(void);
|
||||
|
||||
#ifndef WC_SIG_IGNORE_BEGIN
|
||||
#define WC_SIG_IGNORE_BEGIN() wc_linuxkm_sig_ignore_begin()
|
||||
@@ -1221,6 +1222,7 @@
|
||||
typeof(wc_lkm_LockMutex) *wc_lkm_LockMutex;
|
||||
#endif
|
||||
|
||||
typeof(wc_linuxkm_can_block) *wc_linuxkm_can_block;
|
||||
typeof(wc_linuxkm_sig_ignore_begin) *wc_linuxkm_sig_ignore_begin;
|
||||
typeof(wc_linuxkm_sig_ignore_end) *wc_linuxkm_sig_ignore_end;
|
||||
typeof(wc_linuxkm_check_for_intr_signals) *wc_linuxkm_check_for_intr_signals;
|
||||
@@ -1521,8 +1523,9 @@
|
||||
wolfssl_spin_unlock_irqrestore_rt((lock), (flags))
|
||||
#endif
|
||||
|
||||
#define wc_linuxkm_sig_ignore_begin WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_begin);
|
||||
#define wc_linuxkm_sig_ignore_end WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_end);
|
||||
#define wc_linuxkm_can_block WC_PIE_INDIRECT_SYM(wc_linuxkm_can_block)
|
||||
#define wc_linuxkm_sig_ignore_begin WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_begin)
|
||||
#define wc_linuxkm_sig_ignore_end WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_end)
|
||||
#define wc_linuxkm_check_for_intr_signals WC_PIE_INDIRECT_SYM(wc_linuxkm_check_for_intr_signals)
|
||||
#define wc_linuxkm_relax_long_loop WC_PIE_INDIRECT_SYM(wc_linuxkm_relax_long_loop)
|
||||
|
||||
@@ -1905,21 +1908,21 @@
|
||||
#endif
|
||||
#else /* !WC_LINUXKM_USE_HEAP_WRAPPERS */
|
||||
#ifdef USE_KVMALLOC
|
||||
#define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
|
||||
#define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(7, 2, 0)
|
||||
#define free(ptr) (preempt_count() == 0 ? kvfree(ptr) : kvfree_atomic(ptr))
|
||||
#define free(ptr) (wc_linuxkm_can_block() ? kvfree(ptr) : kvfree_atomic(ptr))
|
||||
#else
|
||||
#define free(ptr) kvfree(ptr)
|
||||
#endif
|
||||
#ifdef USE_KVREALLOC
|
||||
#define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
|
||||
#define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC))
|
||||
#else
|
||||
#define realloc(ptr, newsize) ((void)(ptr), (void)(newsize), NULL)
|
||||
#endif
|
||||
#else
|
||||
#define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
|
||||
#define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC))
|
||||
#define free(ptr) kfree(ptr)
|
||||
#define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
|
||||
#define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC))
|
||||
#endif
|
||||
#endif /* !WC_LINUXKM_USE_HEAP_WRAPPERS */
|
||||
|
||||
|
||||
+15
-12
@@ -89,37 +89,40 @@
|
||||
#include <crypto/dh.h>
|
||||
|
||||
#define WOLFKM_DH_NAME ("dh")
|
||||
#define WOLFKM_DH_DRIVER ("dh" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
|
||||
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
|
||||
#define WOLFKM_DH_DRIVER_ISA_EXT "-avx2"
|
||||
#else
|
||||
#define WOLFKM_DH_DRIVER_ISA_EXT ""
|
||||
#endif
|
||||
#define WOLFKM_DH_DRIVER_SUFFIX WOLFKM_DH_DRIVER_ISA_EXT \
|
||||
WOLFKM_DRIVER_SUFFIX_BASE
|
||||
|
||||
#define WOLFKM_DH_DRIVER ("dh" WOLFKM_DH_DRIVER_SUFFIX)
|
||||
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
#define WOLFKM_FFDHE2048_NAME ("ffdhe2048(dh)")
|
||||
#define WOLFKM_FFDHE2048_DRIVER ("ffdhe2048" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_FFDHE2048_DRIVER ("ffdhe2048" WOLFKM_DH_DRIVER_SUFFIX)
|
||||
#endif /* HAVE_FFDHE_2048 */
|
||||
|
||||
#ifdef HAVE_FFDHE_3072
|
||||
#define WOLFKM_FFDHE3072_NAME ("ffdhe3072(dh)")
|
||||
#define WOLFKM_FFDHE3072_DRIVER ("ffdhe3072" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_FFDHE3072_DRIVER ("ffdhe3072" WOLFKM_DH_DRIVER_SUFFIX)
|
||||
#endif /* HAVE_FFDHE_3072 */
|
||||
|
||||
#ifdef HAVE_FFDHE_4096
|
||||
#define WOLFKM_FFDHE4096_NAME ("ffdhe4096(dh)")
|
||||
#define WOLFKM_FFDHE4096_DRIVER ("ffdhe4096" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_FFDHE4096_DRIVER ("ffdhe4096" WOLFKM_DH_DRIVER_SUFFIX)
|
||||
#endif /* HAVE_FFDHE_4096 */
|
||||
|
||||
#ifdef HAVE_FFDHE_6144
|
||||
#define WOLFKM_FFDHE6144_NAME ("ffdhe6144(dh)")
|
||||
#define WOLFKM_FFDHE6144_DRIVER ("ffdhe6144" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_FFDHE6144_DRIVER ("ffdhe6144" WOLFKM_DH_DRIVER_SUFFIX)
|
||||
#endif /* HAVE_FFDHE_6144 */
|
||||
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
#define WOLFKM_FFDHE8192_NAME ("ffdhe8192(dh)")
|
||||
#define WOLFKM_FFDHE8192_DRIVER ("ffdhe8192" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_FFDHE8192_DRIVER ("ffdhe8192" WOLFKM_DH_DRIVER_SUFFIX)
|
||||
#endif /* HAVE_FFDHE_8192 */
|
||||
|
||||
static int linuxkm_test_kpp_driver(const char * driver,
|
||||
|
||||
@@ -63,19 +63,24 @@
|
||||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
#include <crypto/ecdh.h>
|
||||
|
||||
#define WOLFKM_ECDH_DRIVER ("ecdh-wolfcrypt")
|
||||
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
|
||||
#define WOLFKM_ECDH_DRIVER_ISA_EXT "-avx2"
|
||||
#else
|
||||
#define WOLFKM_ECDH_DRIVER_ISA_EXT ""
|
||||
#endif
|
||||
#define WOLFKM_ECDH_DRIVER_SUFFIX WOLFKM_ECDH_DRIVER_ISA_EXT \
|
||||
WOLFKM_DRIVER_SUFFIX_BASE
|
||||
|
||||
#define WOLFKM_ECDH_DRIVER ("ecdh" WOLFKM_ECDH_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_ECDH_P192_NAME ("ecdh-nist-p192")
|
||||
#define WOLFKM_ECDH_P192_DRIVER ("ecdh-nist-p192" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_ECDH_P192_DRIVER ("ecdh-nist-p192" WOLFKM_ECDH_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_ECDH_P256_NAME ("ecdh-nist-p256")
|
||||
#define WOLFKM_ECDH_P256_DRIVER ("ecdh-nist-p256" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_ECDH_P256_DRIVER ("ecdh-nist-p256" WOLFKM_ECDH_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_ECDH_P384_NAME ("ecdh-nist-p384")
|
||||
#define WOLFKM_ECDH_P384_DRIVER ("ecdh-nist-p384" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_ECDH_P384_DRIVER ("ecdh-nist-p384" WOLFKM_ECDH_DRIVER_SUFFIX)
|
||||
|
||||
static int linuxkm_test_ecdh_nist_driver(const char * driver,
|
||||
const byte * b_pub,
|
||||
|
||||
@@ -82,23 +82,27 @@
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
|
||||
#define WOLFKM_ECDSA_DRIVER ("ecdsa-wolfcrypt")
|
||||
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
|
||||
#define WOLFKM_ECDSA_DRIVER_ISA_EXT "-avx2"
|
||||
#else
|
||||
#define WOLFKM_ECDSA_DRIVER_ISA_EXT ""
|
||||
#endif
|
||||
#define WOLFKM_ECDSA_DRIVER_SUFFIX WOLFKM_ECDSA_DRIVER_ISA_EXT \
|
||||
WOLFKM_DRIVER_SUFFIX_BASE
|
||||
|
||||
#define WOLFKM_ECDSA_DRIVER ("ecdsa" WOLFKM_ECDSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_ECDSA_P192_NAME ("ecdsa-nist-p192")
|
||||
#define WOLFKM_ECDSA_P192_DRIVER ("ecdsa-nist-p192" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_ECDSA_P192_DRIVER ("ecdsa-nist-p192" WOLFKM_ECDSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_ECDSA_P256_NAME ("ecdsa-nist-p256")
|
||||
#define WOLFKM_ECDSA_P256_DRIVER ("ecdsa-nist-p256" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_ECDSA_P256_DRIVER ("ecdsa-nist-p256" WOLFKM_ECDSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_ECDSA_P384_NAME ("ecdsa-nist-p384")
|
||||
#define WOLFKM_ECDSA_P384_DRIVER ("ecdsa-nist-p384" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_ECDSA_P384_DRIVER ("ecdsa-nist-p384" WOLFKM_ECDSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_ECDSA_P521_NAME ("ecdsa-nist-p521")
|
||||
#define WOLFKM_ECDSA_P521_DRIVER ("ecdsa-nist-p521" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt")
|
||||
#define WOLFKM_ECDSA_P521_DRIVER ("ecdsa-nist-p521" WOLFKM_ECDSA_DRIVER_SUFFIX)
|
||||
|
||||
|
||||
static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
|
||||
+19
-18
@@ -99,45 +99,46 @@
|
||||
#include <wolfssl/wolfcrypt/rsa.h>
|
||||
|
||||
#define WOLFKM_RSA_NAME ("rsa")
|
||||
#define WOLFKM_RSA_DRIVER ("rsa" WOLFKM_DRIVER_FIPS "-wolfcrypt")
|
||||
|
||||
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
|
||||
#define WOLFKM_RSA_DRIVER_ISA_EXT "-avx2"
|
||||
#else
|
||||
#define WOLFKM_RSA_DRIVER_ISA_EXT ""
|
||||
#endif
|
||||
#define WOLFKM_RSA_DRIVER_SUFFIX WOLFKM_RSA_DRIVER_ISA_EXT \
|
||||
WOLFKM_DRIVER_SUFFIX_BASE
|
||||
|
||||
#define WOLFKM_RSA_DRIVER ("rsa" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#if defined(LINUXKM_AKCIPHER_NO_SIGNVERIFY)
|
||||
/* the akcipher alg */
|
||||
#define WOLFKM_PKCS1PAD_NAME ("pkcs1pad(rsa)")
|
||||
#define WOLFKM_PKCS1PAD_DRIVER ("pkcs1pad(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt)")
|
||||
#define WOLFKM_PKCS1PAD_NAME "pkcs1pad(rsa)"
|
||||
#define WOLFKM_PKCS1PAD_DRIVER "pkcs1pad-rsa" WOLFKM_RSA_DRIVER_SUFFIX
|
||||
#endif /* LINUXKM_AKCIPHER_NO_SIGNVERIFY */
|
||||
|
||||
/*
|
||||
* pkcs1 sign verify alg names
|
||||
* */
|
||||
#define WOLFKM_PKCS1_SHA224_NAME (PKCS1_NAME "(rsa,sha224)")
|
||||
#define WOLFKM_PKCS1_SHA224_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt,sha224)")
|
||||
#define WOLFKM_PKCS1_SHA224_DRIVER ("pkcs1pad-rsa-sha224" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_PKCS1_SHA256_NAME (PKCS1_NAME "(rsa,sha256)")
|
||||
#define WOLFKM_PKCS1_SHA256_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt,sha256)")
|
||||
#define WOLFKM_PKCS1_SHA256_DRIVER ("pkcs1pad-rsa-sha256" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_PKCS1_SHA384_NAME (PKCS1_NAME "(rsa,sha384)")
|
||||
#define WOLFKM_PKCS1_SHA384_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt,sha384)")
|
||||
#define WOLFKM_PKCS1_SHA384_DRIVER ("pkcs1pad-rsa-sha384" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_PKCS1_SHA512_NAME (PKCS1_NAME "(rsa,sha512)")
|
||||
#define WOLFKM_PKCS1_SHA512_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt,sha512)")
|
||||
#define WOLFKM_PKCS1_SHA512_DRIVER ("pkcs1pad-rsa-sha512" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_PKCS1_SHA3_256_NAME (PKCS1_NAME "(rsa,sha3-256)")
|
||||
#define WOLFKM_PKCS1_SHA3_256_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt,sha3-256)")
|
||||
#define WOLFKM_PKCS1_SHA3_256_DRIVER ("pkcs1pad-rsa-sha3-256" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_PKCS1_SHA3_384_NAME (PKCS1_NAME "(rsa,sha3-384)")
|
||||
#define WOLFKM_PKCS1_SHA3_384_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt,sha3-384)")
|
||||
#define WOLFKM_PKCS1_SHA3_384_DRIVER ("pkcs1pad-rsa-sha3-384" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_PKCS1_SHA3_512_NAME (PKCS1_NAME "(rsa,sha3-512)")
|
||||
#define WOLFKM_PKCS1_SHA3_512_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
|
||||
"-wolfcrypt,sha3-512)")
|
||||
#define WOLFKM_PKCS1_SHA3_512_DRIVER ("pkcs1pad-rsa-sha3-512" WOLFKM_RSA_DRIVER_SUFFIX)
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN)
|
||||
#if defined(LINUXKM_DIRECT_RSA)
|
||||
|
||||
@@ -1009,7 +1009,7 @@ static volatile int wc_linuxkm_rng_initing_default_bank_flag = 0;
|
||||
|
||||
static int linuxkm_affinity_lock(void *arg) {
|
||||
(void)arg;
|
||||
if (preempt_count() != 0)
|
||||
if (! wc_linuxkm_can_block())
|
||||
return ALREADY_E;
|
||||
#if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
|
||||
migrate_disable(); /* this actually makes irq_count() nonzero, so that
|
||||
@@ -1118,7 +1118,7 @@ static struct wc_rng_bank_inst *linuxkm_get_drbg(struct wc_rng_bank *ctx) {
|
||||
WC_RNG_BANK_FLAG_CAN_WAIT |
|
||||
WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST;
|
||||
|
||||
if (preempt_count() == 0)
|
||||
if (wc_linuxkm_can_block())
|
||||
flags |= WC_RNG_BANK_FLAG_AFFINITY_LOCK;
|
||||
else
|
||||
flags |= WC_RNG_BANK_FLAG_NO_VECTOR_OPS;
|
||||
@@ -1487,7 +1487,7 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
|
||||
struct wc_rng_bank *ctx;
|
||||
size_t i;
|
||||
int n;
|
||||
int can_sleep = (preempt_count() == 0);
|
||||
int can_sleep = wc_linuxkm_can_block();
|
||||
|
||||
if (len == 0)
|
||||
return 0;
|
||||
@@ -1545,7 +1545,7 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
|
||||
|
||||
static int wc_crng_reseed(void) {
|
||||
struct wc_rng_bank *ctx;
|
||||
int can_sleep = (preempt_count() == 0);
|
||||
int can_sleep = wc_linuxkm_can_block();
|
||||
int ret = wc_rng_bank_default_checkout(&ctx);
|
||||
|
||||
if (ret) {
|
||||
|
||||
@@ -91,6 +91,12 @@
|
||||
#ifdef HAVE_ECC
|
||||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
#endif
|
||||
#ifdef WOLFCRYPT_HAVE_ECCSI
|
||||
#include <wolfssl/wolfcrypt/eccsi.h>
|
||||
#endif
|
||||
#ifdef WOLFCRYPT_HAVE_SAKKE
|
||||
#include <wolfssl/wolfcrypt/sakke.h>
|
||||
#endif
|
||||
#ifdef HAVE_HPKE
|
||||
#include <wolfssl/wolfcrypt/hpke.h>
|
||||
#endif
|
||||
|
||||
+48
-6
@@ -316,6 +316,13 @@ MODULE_PARM_DESC(rodata_dump_path,
|
||||
#include "linuxkm/lkcapi_glue.c"
|
||||
#endif
|
||||
|
||||
int wc_linuxkm_can_block(void) {
|
||||
/* We can't use preemptible() for this, because we need an accurate test
|
||||
* even in !CONFIG_PREEMPT_COUNT configs where preemptible() is always 0.
|
||||
*/
|
||||
return (preempt_count() == 0) && (! irqs_disabled());
|
||||
}
|
||||
|
||||
/* for simplicity, we use a global count to suspend signal processing while any
|
||||
* thread is running fipsEntry(), wolfCrypt_IntegrityTest_fips(),
|
||||
* linuxkm_lkcapi_register(), or linuxkm_lkcapi_unregister(). This only affects
|
||||
@@ -336,7 +343,7 @@ int wc_linuxkm_sig_ignore_end(void) {
|
||||
|
||||
int wc_linuxkm_check_for_intr_signals(void) {
|
||||
static const int intr_signals[] = WC_LINUXKM_INTR_SIGNALS;
|
||||
if (preempt_count() != 0)
|
||||
if (! wc_linuxkm_can_block())
|
||||
return 0;
|
||||
if (signal_pending(current)) {
|
||||
int i;
|
||||
@@ -365,7 +372,7 @@ int wc_linuxkm_check_for_intr_signals(void) {
|
||||
|
||||
void wc_linuxkm_relax_long_loop(void) {
|
||||
#if WC_LINUXKM_MAX_NS_WITHOUT_YIELD >= 0
|
||||
if (preempt_count() == 0) {
|
||||
if (wc_linuxkm_can_block()) {
|
||||
#if (WC_LINUXKM_MAX_NS_WITHOUT_YIELD == 0) || !defined(CONFIG_SCHED_INFO)
|
||||
cond_resched();
|
||||
#else
|
||||
@@ -662,6 +669,11 @@ static int wolfssl_init(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WC_LINUXKM_USE_HEAP_WRAPPERS) && defined(CONFIG_HAVE_KPROBES)
|
||||
/* cache the function pointer to find_vm_area(). */
|
||||
(void)wc_linuxkm_malloc_usable_size(NULL);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
if (THIS_MODULE->sig_ok == false) {
|
||||
@@ -1283,13 +1295,13 @@ static const struct wc_reloc_table_segments seg_map = {
|
||||
|
||||
void *wc_linuxkm_malloc(size_t size)
|
||||
{
|
||||
return kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE);
|
||||
return kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE);
|
||||
}
|
||||
|
||||
void wc_linuxkm_free(void *ptr)
|
||||
{
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(7, 2, 0)
|
||||
if (preempt_count() == 0)
|
||||
if (wc_linuxkm_can_block())
|
||||
kvfree(ptr);
|
||||
else
|
||||
kvfree_atomic(ptr);
|
||||
@@ -1300,12 +1312,41 @@ void wc_linuxkm_free(void *ptr)
|
||||
|
||||
void *wc_linuxkm_realloc(void *ptr, size_t newsize)
|
||||
{
|
||||
return kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC));
|
||||
return kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC));
|
||||
}
|
||||
|
||||
#ifdef CONFIG_HAVE_KPROBES
|
||||
#include <linux/vmalloc.h>
|
||||
#endif
|
||||
|
||||
size_t wc_linuxkm_malloc_usable_size(void *ptr)
|
||||
{
|
||||
return ksize(ptr);
|
||||
if ((ptr == NULL) || is_vmalloc_addr(ptr)) {
|
||||
#ifdef CONFIG_HAVE_KPROBES
|
||||
static typeof(find_vm_area) *find_vm_area_ptr = NULL;
|
||||
if (find_vm_area_ptr == NULL) {
|
||||
if (! wc_linuxkm_can_block())
|
||||
return 0;
|
||||
find_vm_area_ptr = my_kallsyms_lookup_name("find_vm_area");
|
||||
}
|
||||
if (find_vm_area_ptr == NULL)
|
||||
return 0;
|
||||
else if (ptr == NULL)
|
||||
return 0;
|
||||
else {
|
||||
struct vm_struct *vm = find_vm_area_ptr(ptr);
|
||||
if (vm)
|
||||
return get_vm_area_size(vm);
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
return ksize(ptr);
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* WC_LINUXKM_USE_HEAP_WRAPPERS */
|
||||
@@ -1678,6 +1719,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
|
||||
#endif
|
||||
#endif
|
||||
|
||||
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_can_block = wc_linuxkm_can_block;
|
||||
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_sig_ignore_begin = wc_linuxkm_sig_ignore_begin;
|
||||
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_sig_ignore_end = wc_linuxkm_sig_ignore_end;
|
||||
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_check_for_intr_signals = wc_linuxkm_check_for_intr_signals;
|
||||
|
||||
@@ -247,6 +247,14 @@ endif !BUILD_ARMASM_INLINE
|
||||
endif BUILD_ARMASM
|
||||
endif !BUILD_ARMASM_NEON
|
||||
|
||||
if BUILD_PPC64_ASM
|
||||
if BUILD_PPC64_ASM_INLINE
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm_c.c
|
||||
else
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm.S
|
||||
endif !BUILD_PPC64_ASM_INLINE
|
||||
endif BUILD_PPC64_ASM
|
||||
|
||||
if BUILD_AESNI
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
|
||||
if BUILD_X86_ASM
|
||||
@@ -512,6 +520,14 @@ endif BUILD_ARMASM
|
||||
endif !BUILD_ARMASM_NEON
|
||||
endif BUILD_AES
|
||||
|
||||
if BUILD_PPC64_ASM
|
||||
if BUILD_PPC64_ASM_INLINE
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm_c.c
|
||||
else
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm.S
|
||||
endif !BUILD_PPC64_ASM_INLINE
|
||||
endif BUILD_PPC64_ASM
|
||||
|
||||
if BUILD_AESNI
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
|
||||
if BUILD_X86_ASM
|
||||
@@ -1390,6 +1406,14 @@ endif !BUILD_ARMASM_INLINE
|
||||
endif BUILD_ARMASM
|
||||
endif !BUILD_ARMASM_NEON
|
||||
|
||||
if BUILD_PPC64_ASM
|
||||
if BUILD_PPC64_ASM_INLINE
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm_c.c
|
||||
else
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm.S
|
||||
endif !BUILD_PPC64_ASM_INLINE
|
||||
endif BUILD_PPC64_ASM
|
||||
|
||||
if BUILD_AFALG
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_aes.c
|
||||
endif BUILD_AFALG
|
||||
|
||||
+34
-4
@@ -1423,7 +1423,9 @@ static int ExportOptions(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
|
||||
exp[idx++] = options->acceptState;
|
||||
exp[idx++] = options->asyncState;
|
||||
|
||||
if (type == WOLFSSL_EXPORT_TLS) {
|
||||
/* Encrypt-Then-MAC state. Historically only serialized for TLS; export
|
||||
* version 6 and later also serialize it for DTLS. */
|
||||
if (type == WOLFSSL_EXPORT_TLS || ver > WOLFSSL_EXPORT_VERSION_5) {
|
||||
#ifdef HAVE_ENCRYPT_THEN_MAC
|
||||
exp[idx++] = options->disallowEncThenMac;
|
||||
exp[idx++] = options->encThenMac;
|
||||
@@ -1502,6 +1504,13 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
|
||||
}
|
||||
break;
|
||||
|
||||
case WOLFSSL_EXPORT_VERSION_5:
|
||||
if (len < DTLS_EXPORT_OPT_SZ_5) {
|
||||
WOLFSSL_MSG("Sanity check on buffer size failed");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
break;
|
||||
|
||||
case WOLFSSL_EXPORT_VERSION_4:
|
||||
if (len < DTLS_EXPORT_OPT_SZ_4) {
|
||||
WOLFSSL_MSG("Sanity check on buffer size failed");
|
||||
@@ -1628,7 +1637,9 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
|
||||
options->acceptState = exp[idx++];
|
||||
options->asyncState = exp[idx++];
|
||||
|
||||
if (type == WOLFSSL_EXPORT_TLS) {
|
||||
/* Encrypt-Then-MAC state. Historically only serialized for TLS; export
|
||||
* version 6 and later also serialize it for DTLS. */
|
||||
if (type == WOLFSSL_EXPORT_TLS || ver > WOLFSSL_EXPORT_VERSION_5) {
|
||||
#ifdef HAVE_ENCRYPT_THEN_MAC
|
||||
options->disallowEncThenMac = exp[idx++];
|
||||
options->encThenMac = exp[idx++];
|
||||
@@ -1723,8 +1734,8 @@ static int ImportPeerInfo(WOLFSSL* ssl, const byte* buf, word32 len, byte ver)
|
||||
word16 port;
|
||||
char ip[MAX_EXPORT_IP];
|
||||
|
||||
if (ver != WOLFSSL_EXPORT_VERSION && ver != WOLFSSL_EXPORT_VERSION_4 &&
|
||||
ver != WOLFSSL_EXPORT_VERSION_3) {
|
||||
if (ver != WOLFSSL_EXPORT_VERSION && ver != WOLFSSL_EXPORT_VERSION_5 &&
|
||||
ver != WOLFSSL_EXPORT_VERSION_4 && ver != WOLFSSL_EXPORT_VERSION_3) {
|
||||
WOLFSSL_MSG("Export version not supported");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -1982,6 +1993,15 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
|
||||
}
|
||||
break;
|
||||
|
||||
case WOLFSSL_EXPORT_VERSION_5:
|
||||
if (type == WOLFSSL_EXPORT_DTLS) {
|
||||
optSz = DTLS_EXPORT_OPT_SZ_5;
|
||||
}
|
||||
else {
|
||||
optSz = TLS_EXPORT_OPT_SZ_5;
|
||||
}
|
||||
break;
|
||||
|
||||
case WOLFSSL_EXPORT_VERSION_4:
|
||||
if (type == WOLFSSL_EXPORT_DTLS) {
|
||||
optSz = DTLS_EXPORT_OPT_SZ_4;
|
||||
@@ -13696,6 +13716,16 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
|
||||
continue;
|
||||
}
|
||||
|
||||
/* RFC 9525 Sec. 6.3: a DNS-ID reference identifier is matched only
|
||||
* against dNSName SAN entries, never uniformResourceIdentifier
|
||||
* (even when the URI value resembles a ostname). URI-ID matching
|
||||
* requires scheme and host parsing (RFC 9525 Sec. 6.5, Sec. 7.2). */
|
||||
if (!isIP && altName->type == ASN_URI_TYPE) {
|
||||
WOLFSSL_MSG("\tAltName is uniformResourceIdentifier, "
|
||||
"skipping for DNS hostname");
|
||||
continue;
|
||||
}
|
||||
|
||||
if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) {
|
||||
match = 1;
|
||||
if (checkCN != NULL) {
|
||||
|
||||
+22
-19
@@ -776,7 +776,8 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
|
||||
single = bs->single;
|
||||
while (single != NULL) {
|
||||
if (single->status != NULL && id->status != NULL &&
|
||||
(XMEMCMP(single->status->serial, id->status->serial,
|
||||
(single->status->serialSz == id->status->serialSz)
|
||||
&& (XMEMCMP(single->status->serial, id->status->serial,
|
||||
(size_t)single->status->serialSz) == 0)
|
||||
&& (XMEMCMP(single->issuerHash, id->issuerHash, OCSP_DIGEST_SIZE) == 0)
|
||||
&& (XMEMCMP(single->issuerKeyHash, id->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) {
|
||||
@@ -1270,7 +1271,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
int length = 0;
|
||||
int ret;
|
||||
|
||||
if (data == NULL)
|
||||
if (data == NULL || *data == NULL || len <= 0)
|
||||
return NULL;
|
||||
|
||||
if (response != NULL)
|
||||
@@ -1283,30 +1284,27 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
XMEMSET(resp, 0, sizeof(OcspResponse));
|
||||
}
|
||||
|
||||
if (resp->source != NULL)
|
||||
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
resp->source = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (resp->source == NULL) {
|
||||
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
return NULL;
|
||||
if (resp->source == NULL)
|
||||
goto error;
|
||||
|
||||
if (resp->single != NULL) {
|
||||
FreeOcspEntry(resp->single, NULL);
|
||||
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
|
||||
}
|
||||
resp->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
|
||||
DYNAMIC_TYPE_OCSP_ENTRY);
|
||||
if (resp->single == NULL) {
|
||||
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
return NULL;
|
||||
}
|
||||
if (resp->single == NULL)
|
||||
goto error;
|
||||
XMEMSET(resp->single, 0, sizeof(OcspEntry));
|
||||
resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
|
||||
DYNAMIC_TYPE_OCSP_STATUS);
|
||||
if (resp->single->status == NULL)
|
||||
goto error;
|
||||
resp->single->ownStatus = 1;
|
||||
if (resp->single->status == NULL) {
|
||||
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
|
||||
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
return NULL;
|
||||
}
|
||||
XMEMSET(resp->single->status, 0, sizeof(CertStatus));
|
||||
|
||||
XMEMCPY(resp->source, *data, (size_t)len);
|
||||
resp->maxIdx = (word32)len;
|
||||
|
||||
@@ -1314,8 +1312,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
if (ret != 0 && ret != WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E)) {
|
||||
/* for just converting from a DER to an internal structure the CA may
|
||||
* not yet be known to this function for signature verification */
|
||||
wolfSSL_OCSP_RESPONSE_free(resp);
|
||||
return NULL;
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (GetSequence(*data, &idx, &length, (word32)len) >= 0)
|
||||
@@ -1325,6 +1322,12 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
*response = resp;
|
||||
|
||||
return resp;
|
||||
|
||||
error:
|
||||
wolfSSL_OCSP_RESPONSE_free(resp);
|
||||
if (response != NULL && *response == resp)
|
||||
*response = NULL;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
|
||||
|
||||
@@ -292,11 +292,10 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && \
|
||||
((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
|
||||
(!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
|
||||
(defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN)))
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
#if !defined(NO_FILESYSTEM) && \
|
||||
((defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN) && \
|
||||
!defined(NO_PWDBASED)) || \
|
||||
defined(WOLFSSL_DH_EXTRA))
|
||||
/* Write the DER data as PEM into file pointer.
|
||||
*
|
||||
* @param [in] der Buffer containing DER data.
|
||||
@@ -326,8 +325,9 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
|
||||
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
#endif /* !NO_FILESYSTEM &&
|
||||
* ((OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED) ||
|
||||
* WOLFSSL_DH_EXTRA) */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
|
||||
defined(WOLFSSL_PEM_TO_DER)
|
||||
@@ -6282,6 +6282,166 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
|
||||
}
|
||||
#endif /* !NO_BIO */
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
|
||||
!defined(NO_ASN) && !defined(NO_PWDBASED)
|
||||
/* Writes a public key to a file pointer encoded in PEM format.
|
||||
*
|
||||
* @param [in] fp File pointer to write to.
|
||||
* @param [in] key Public key to write in PEM format.
|
||||
* @return 1 on success.
|
||||
* @return 0 on failure.
|
||||
*/
|
||||
int wolfSSL_PEM_write_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY* key)
|
||||
{
|
||||
int err = 0;
|
||||
unsigned char* derBuf = NULL;
|
||||
int derSz = 0;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PEM_write_PUBKEY");
|
||||
|
||||
if ((fp == XBADFILE) || (key == NULL)) {
|
||||
WOLFSSL_MSG("Bad Function Arguments");
|
||||
err = 1;
|
||||
}
|
||||
|
||||
if (!err) {
|
||||
derSz = wolfSSL_i2d_PUBKEY(key, NULL);
|
||||
if (derSz <= 0) {
|
||||
WOLFSSL_MSG("Failed to get DER size for key");
|
||||
err = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (!err) {
|
||||
unsigned char* tmp;
|
||||
derBuf = (unsigned char*)XMALLOC((size_t)derSz, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (derBuf == NULL) {
|
||||
WOLFSSL_MSG("Failed to allocate DER buffer");
|
||||
err = 1;
|
||||
}
|
||||
else {
|
||||
tmp = derBuf;
|
||||
if (wolfSSL_i2d_PUBKEY(key, &tmp) <= 0) {
|
||||
WOLFSSL_MSG("Failed to convert key to DER");
|
||||
err = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Write DER buffer to file as PEM. */
|
||||
if ((!err) && (der_write_to_file_as_pem(derBuf, derSz, fp,
|
||||
PUBLICKEY_TYPE, NULL) != 1)) {
|
||||
WOLFSSL_MSG("Failed to write DER to file as PEM");
|
||||
err = 1;
|
||||
}
|
||||
|
||||
/* Dispose of the DER encoding. */
|
||||
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_PEM_write_PUBKEY", err);
|
||||
return !err;
|
||||
}
|
||||
|
||||
/* Writes a private key to a file pointer encoded in PEM format.
|
||||
*
|
||||
* @param [in] fp File pointer to write to.
|
||||
* @param [in] key Private key to write in PEM format.
|
||||
* @param [in] cipher Encryption cipher to use. May be NULL.
|
||||
* @param [in] passwd Password to use when encrypting. May be NULL.
|
||||
* @param [in] len Length of password.
|
||||
* @param [in] cb Password callback.
|
||||
* @param [in] arg Password callback argument.
|
||||
* @return 1 on success.
|
||||
* @return 0 on failure.
|
||||
*/
|
||||
int wolfSSL_PEM_write_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY* key,
|
||||
const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len,
|
||||
wc_pem_password_cb* cb, void* arg)
|
||||
{
|
||||
int err = 0;
|
||||
int type = 0;
|
||||
unsigned char* derBuf = NULL;
|
||||
int derSz = 0;
|
||||
|
||||
(void)cipher;
|
||||
(void)passwd;
|
||||
(void)len;
|
||||
(void)cb;
|
||||
(void)arg;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PEM_write_PrivateKey");
|
||||
|
||||
/* Validate parameters. */
|
||||
if ((fp == XBADFILE) || (key == NULL)) {
|
||||
WOLFSSL_MSG("Bad Function Arguments");
|
||||
err = 1;
|
||||
}
|
||||
|
||||
/* Determine PEM type from key type, mirroring wolfSSL_PEM_read_PrivateKey's
|
||||
* keyFormat switch. */
|
||||
if (!err) {
|
||||
switch (key->type) {
|
||||
case WC_EVP_PKEY_RSA:
|
||||
type = PRIVATEKEY_TYPE;
|
||||
break;
|
||||
case WC_EVP_PKEY_DSA:
|
||||
type = DSA_PRIVATEKEY_TYPE;
|
||||
break;
|
||||
case WC_EVP_PKEY_EC:
|
||||
type = ECC_PRIVATEKEY_TYPE;
|
||||
break;
|
||||
case WC_EVP_PKEY_DH:
|
||||
type = DH_PRIVATEKEY_TYPE;
|
||||
break;
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown key type");
|
||||
err = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!err) {
|
||||
derSz = wolfSSL_i2d_PrivateKey(key, NULL);
|
||||
if (derSz <= 0) {
|
||||
WOLFSSL_MSG("Failed to get DER size for private key");
|
||||
err = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (!err) {
|
||||
unsigned char* tmp;
|
||||
derBuf = (unsigned char*)XMALLOC((size_t)derSz, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (derBuf == NULL) {
|
||||
WOLFSSL_MSG("Failed to allocate DER buffer");
|
||||
err = 1;
|
||||
}
|
||||
else {
|
||||
tmp = derBuf;
|
||||
if (wolfSSL_i2d_PrivateKey(key, &tmp) <= 0) {
|
||||
WOLFSSL_MSG("Error encoding private key as DER");
|
||||
err = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Write DER buffer to file as PEM. */
|
||||
if ((!err) && (der_write_to_file_as_pem(derBuf, derSz, fp, type,
|
||||
NULL) != 1)) {
|
||||
WOLFSSL_MSG("Error writing DER to file as PEM");
|
||||
err = 1;
|
||||
}
|
||||
|
||||
/* Dispose of the DER encoding. */
|
||||
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_PEM_write_PrivateKey", err);
|
||||
return !err;
|
||||
}
|
||||
#endif /* !NO_FILESYSTEM && !NO_CERTS && OPENSSL_EXTRA && !NO_ASN &&
|
||||
* !NO_PWDBASED */
|
||||
|
||||
#ifndef NO_BIO
|
||||
/* Create a private key object from the data in the BIO.
|
||||
*
|
||||
|
||||
@@ -12978,44 +12978,62 @@ int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode)
|
||||
size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count)
|
||||
{
|
||||
byte len = 0;
|
||||
byte const * src;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_get_finished");
|
||||
|
||||
if (!ssl || !buf || count < TLS_FINISHED_SZ) {
|
||||
if (!ssl || !buf) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
src = ssl->serverFinished;
|
||||
len = ssl->serverFinished_len;
|
||||
XMEMCPY(buf, ssl->serverFinished, len);
|
||||
}
|
||||
else {
|
||||
src = ssl->clientFinished;
|
||||
len = ssl->clientFinished_len;
|
||||
XMEMCPY(buf, ssl->clientFinished, len);
|
||||
}
|
||||
|
||||
if (count < len) {
|
||||
WOLFSSL_MSG("Buffer too small");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
XMEMCPY(buf, src, len);
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count)
|
||||
{
|
||||
byte len = 0;
|
||||
byte const * src;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_get_peer_finished");
|
||||
|
||||
if (!ssl || !buf || count < TLS_FINISHED_SZ) {
|
||||
if (!ssl || !buf) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
src = ssl->serverFinished;
|
||||
len = ssl->serverFinished_len;
|
||||
XMEMCPY(buf, ssl->serverFinished, len);
|
||||
}
|
||||
else {
|
||||
src = ssl->clientFinished;
|
||||
len = ssl->clientFinished_len;
|
||||
XMEMCPY(buf, ssl->clientFinished, len);
|
||||
}
|
||||
|
||||
if (count < len) {
|
||||
WOLFSSL_MSG("Buffer too small");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
XMEMCPY(buf, src, len);
|
||||
|
||||
return len;
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
|
||||
|
||||
+201
-124
@@ -945,10 +945,20 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
|
||||
WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT);
|
||||
return NULL;
|
||||
}
|
||||
a->length = (int)x509->pathLength;
|
||||
/* RFC 5280 4.2.1.9: only populate pathLen when the
|
||||
* pathLenConstraint field was actually present. When it is
|
||||
* absent no limit is imposed, and pathlen must remain NULL so
|
||||
* it is distinguishable from a pathLenConstraint of 0. */
|
||||
if (x509->basicConstPlSet) {
|
||||
a->length = (int)x509->pathLength;
|
||||
|
||||
/* Save ASN1_INTEGER in x509 extension */
|
||||
ext->obj->pathlen = a;
|
||||
/* Save ASN1_INTEGER in x509 extension */
|
||||
ext->obj->pathlen = a;
|
||||
}
|
||||
else {
|
||||
wolfSSL_ASN1_INTEGER_free(a);
|
||||
ext->obj->pathlen = NULL;
|
||||
}
|
||||
|
||||
ext->obj->ca = x509->isCa;
|
||||
break;
|
||||
@@ -1234,6 +1244,136 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
/* Handle WC_NID_subject_alt_name for wolfSSL_X509_add_ext: iterate the
|
||||
* GENERAL_NAME stack on the extension and add each entry to x509->altNames.
|
||||
* Only types whose union member is WOLFSSL_ASN1_STRING* (DNS/RFC822/URI/IP/
|
||||
* IA5) are read via gn->d.ia5; ASN_OTHER_TYPE is handled via SetOthername.
|
||||
* Other types (DIRNAME/RID/X400/EDIPARTY) are rejected to avoid the
|
||||
* type-confused union access that would XMEMCPY from a wild pointer in
|
||||
* wolfSSL_X509_add_altname_ex. */
|
||||
static int wolfssl_x509_add_subj_alt_name_ext(WOLFSSL_X509 *x509,
|
||||
WOLFSSL_X509_EXTENSION *ext)
|
||||
{
|
||||
WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
|
||||
while (gns) {
|
||||
WOLFSSL_GENERAL_NAME* gn = gns->data.gn;
|
||||
if ((gn != NULL) && (gn->type == ASN_OTHER_TYPE)) {
|
||||
char *buf = NULL;
|
||||
int ret = 0;
|
||||
word32 len = 0;
|
||||
|
||||
len = SetOthername(gn->d.otherName, NULL);
|
||||
if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
buf = (char*)XMALLOC(len, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
if (buf == NULL) {
|
||||
WOLFSSL_MSG("Couldn't allocate memory for othername");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* SetOthername() cannot fail; already passed above. */
|
||||
SetOthername(gn->d.otherName, (byte*)buf);
|
||||
|
||||
ret = wolfSSL_X509_add_altname_ex(x509, buf, len,
|
||||
ASN_OTHER_TYPE);
|
||||
XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
|
||||
WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
}
|
||||
/* Only types whose union member are WOLFSSL_ASN1_STRING. */
|
||||
else if (gn == NULL) {
|
||||
WOLFSSL_MSG("Subject alternative name missing");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
else {
|
||||
if ((gn->type != ASN_RFC822_TYPE && gn->type != ASN_DNS_TYPE &&
|
||||
gn->type != ASN_URI_TYPE && gn->type != ASN_IP_TYPE &&
|
||||
gn->type != WOLFSSL_GEN_IA5) || (gn->d.ia5 == NULL)) {
|
||||
WOLFSSL_MSG("Subject alternative name unsupported "
|
||||
"GeneralName type or missing name");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
if (wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data,
|
||||
gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("Failed to add subject alternative name");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
}
|
||||
gns = gns->next;
|
||||
}
|
||||
x509->subjAltNameSet = 1;
|
||||
x509->subjAltNameCrit = (byte)ext->crit;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_CUSTOM_OID
|
||||
/* Handle the default (unrecognized NID) case of wolfSSL_X509_add_ext when
|
||||
* custom-OID extensions are enabled: copy the extension OID text and value
|
||||
* into the next free slot in x509->custom_exts, taking ownership of the
|
||||
* allocations on success. */
|
||||
static int wolfssl_x509_add_custom_ext(WOLFSSL_X509 *x509,
|
||||
WOLFSSL_X509_EXTENSION *ext)
|
||||
{
|
||||
char *oid = NULL;
|
||||
byte *val = NULL;
|
||||
int err = 0;
|
||||
|
||||
if ((ext->obj == NULL) || (ext->value.length == 0) ||
|
||||
(ext->value.data == NULL)) {
|
||||
WOLFSSL_MSG("Extension has insufficient information.");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if ((x509->customExtCount < 0) ||
|
||||
(x509->customExtCount >= NUM_CUSTOM_EXT)) {
|
||||
WOLFSSL_MSG("Bad value for customExtCount.");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* This is a viable custom extension. */
|
||||
oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
val = (byte*)XMALLOC(ext->value.length, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
if ((oid == NULL) || (val == NULL)) {
|
||||
WOLFSSL_MSG("Memory allocation failure.\n");
|
||||
err = 1;
|
||||
}
|
||||
|
||||
if (err == 0) {
|
||||
XMEMCPY(val, ext->value.data, ext->value.length);
|
||||
if (wolfSSL_OBJ_obj2txt(oid, MAX_OID_STRING_SZ, ext->obj, 1) < 0) {
|
||||
err = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (err == 1) {
|
||||
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* ext->crit is WOLFSSL_ASN1_BOOLEAN */
|
||||
if (ext->crit != 0 && ext->crit != -1) {
|
||||
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* x509->custom_exts now owns the buffers and they must be managed. */
|
||||
x509->custom_exts[x509->customExtCount].oid = oid;
|
||||
x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit;
|
||||
x509->custom_exts[x509->customExtCount].val = val;
|
||||
x509->custom_exts[x509->customExtCount].valSz = ext->value.length;
|
||||
x509->customExtCount++;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* WOLFSSL_CUSTOM_OID */
|
||||
|
||||
int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
|
||||
int loc)
|
||||
{
|
||||
@@ -1272,49 +1412,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
|
||||
x509->subjKeyIdCrit = (byte)ext->crit;
|
||||
break;
|
||||
case WC_NID_subject_alt_name:
|
||||
{
|
||||
WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
|
||||
while (gns) {
|
||||
WOLFSSL_GENERAL_NAME* gn = gns->data.gn;
|
||||
if ((gn != NULL) && (gn->type == ASN_OTHER_TYPE)) {
|
||||
char *buf = NULL;
|
||||
int ret = 0;
|
||||
word32 len = 0;
|
||||
|
||||
len = SetOthername(gn->d.otherName, NULL);
|
||||
if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
buf = (char*)XMALLOC(len, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
if (buf == NULL) {
|
||||
WOLFSSL_MSG("Couldn't allocate memory for othername");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* SetOthername() cannot fail; already passed above. */
|
||||
SetOthername(gn->d.otherName, (byte*)buf);
|
||||
|
||||
ret = wolfSSL_X509_add_altname_ex(x509, buf, len,
|
||||
ASN_OTHER_TYPE);
|
||||
XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
|
||||
WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
}
|
||||
else if (!gn || !gn->d.ia5 ||
|
||||
wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data,
|
||||
gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("Subject alternative name missing extension");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
gns = gns->next;
|
||||
if (wolfssl_x509_add_subj_alt_name_ext(x509, ext) != WOLFSSL_SUCCESS) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
x509->subjAltNameSet = 1;
|
||||
x509->subjAltNameCrit = (byte)ext->crit;
|
||||
break;
|
||||
}
|
||||
case WC_NID_key_usage:
|
||||
if (ext && ext->value.data) {
|
||||
if (ext->value.length == sizeof(word16)) {
|
||||
@@ -1376,60 +1477,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
|
||||
break;
|
||||
default:
|
||||
#ifdef WOLFSSL_CUSTOM_OID
|
||||
{
|
||||
char *oid = NULL;
|
||||
byte *val = NULL;
|
||||
int err = 0;
|
||||
|
||||
if ((ext->obj == NULL) || (ext->value.length == 0)) {
|
||||
WOLFSSL_MSG("Extension has insufficient information.");
|
||||
if (wolfssl_x509_add_custom_ext(x509, ext) != WOLFSSL_SUCCESS) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if ((x509->customExtCount < 0) ||
|
||||
(x509->customExtCount >= NUM_CUSTOM_EXT)) {
|
||||
WOLFSSL_MSG("Bad value for customExtCount.");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* This is a viable custom extension. */
|
||||
oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
val = (byte*)XMALLOC(ext->value.length, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
if ((oid == NULL) || (val == NULL)) {
|
||||
WOLFSSL_MSG("Memory allocation failure.\n");
|
||||
err = 1;
|
||||
}
|
||||
|
||||
if (err == 0) {
|
||||
XMEMCPY(val, ext->value.data, ext->value.length);
|
||||
if (wolfSSL_OBJ_obj2txt(oid, MAX_OID_STRING_SZ, ext->obj, 1) < 0) {
|
||||
err = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (err == 1) {
|
||||
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* ext->crit is WOLFSSL_ASN1_BOOLEAN */
|
||||
if (ext->crit != 0 && ext->crit != -1) {
|
||||
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* x509->custom_exts now owns the buffers and they must be managed. */
|
||||
x509->custom_exts[x509->customExtCount].oid = oid;
|
||||
x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit;
|
||||
x509->custom_exts[x509->customExtCount].val = val;
|
||||
x509->custom_exts[x509->customExtCount].valSz = ext->value.length;
|
||||
x509->customExtCount++;
|
||||
break;
|
||||
}
|
||||
#else
|
||||
WOLFSSL_MSG("Unsupported extension to add");
|
||||
return WOLFSSL_FAILURE;
|
||||
@@ -1529,9 +1580,9 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
|
||||
WOLFSSL_MSG("Memory error");
|
||||
return rc;
|
||||
}
|
||||
valLen = XSNPRINTF(val, (size_t)len, "%*s%s", indent, "",
|
||||
str->strData);
|
||||
if ((valLen < 0) || (valLen >= len)
|
||||
valLen = XSNPRINTF(val, (size_t)len + indent,
|
||||
"%*s%.*s", indent, "", str->length, str->data);
|
||||
if ((valLen < 0) || (valLen >= len + indent)
|
||||
|| ((tmpLen + valLen) >= tmpSz)) {
|
||||
XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return rc;
|
||||
@@ -1549,6 +1600,10 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
|
||||
{
|
||||
char* asn1str;
|
||||
asn1str = wolfSSL_i2s_ASN1_STRING(NULL, str);
|
||||
if (asn1str == NULL) {
|
||||
WOLFSSL_MSG("wolfSSL_i2s_ASN1_STRING returned NULL");
|
||||
return rc;
|
||||
}
|
||||
tmpLen = XSNPRINTF(tmp, tmpSz, "%*s%s", indent, "", asn1str);
|
||||
XFREE(asn1str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmpLen >= tmpSz)
|
||||
@@ -1961,7 +2016,13 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
|
||||
}
|
||||
/* Copy pathlen and CA into BASIC_CONSTRAINTS from object */
|
||||
bc->ca = object->ca;
|
||||
if (object->pathlen != NULL && object->pathlen->length > 0) {
|
||||
/* RFC 5280 4.2.1.9:
|
||||
* "A pathLenConstraint of zero indicates that no non-self-issued
|
||||
* intermediate CA certificates may follow in a valid
|
||||
* certification path."
|
||||
* Check for length of 0 or greater.
|
||||
*/
|
||||
if ((object->pathlen != NULL) && (object->pathlen->length >= 0)) {
|
||||
bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen);
|
||||
if (bc->pathlen == NULL) {
|
||||
WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
|
||||
@@ -2433,27 +2494,31 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
|
||||
switch (nid) {
|
||||
case BASIC_CA_OID:
|
||||
if (x509->basicConstSet) {
|
||||
WOLFSSL_ASN1_INTEGER* a;
|
||||
|
||||
bc = wolfSSL_BASIC_CONSTRAINTS_new();
|
||||
if (!bc) {
|
||||
WOLFSSL_MSG("wolfSSL_BASIC_CONSTRAINTS_new error");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
a = wolfSSL_ASN1_INTEGER_new();
|
||||
if (!a) {
|
||||
WOLFSSL_MSG("wolfSSL_ASN1_INTEGER_new error");
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
return NULL;
|
||||
}
|
||||
a->length = (int)x509->pathLength;
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
|
||||
defined(WOLFSSL_APACHE_HTTPD)
|
||||
bc->ca = x509->isCa;
|
||||
#endif
|
||||
bc->pathlen = a;
|
||||
/* RFC 5280 4.2.1.9: only populate pathLen when the
|
||||
* pathLenConstraint field was present. When absent, no limit
|
||||
* is imposed and pathlen must remain NULL so it is
|
||||
* distinguishable from a pathLenConstraint of 0. */
|
||||
if (x509->basicConstPlSet) {
|
||||
WOLFSSL_ASN1_INTEGER* a = wolfSSL_ASN1_INTEGER_new();
|
||||
if (a == NULL) {
|
||||
WOLFSSL_MSG("wolfSSL_ASN1_INTEGER_new error");
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
return NULL;
|
||||
}
|
||||
a->length = (int)x509->pathLength;
|
||||
bc->pathlen = a;
|
||||
}
|
||||
|
||||
if (c != NULL) {
|
||||
*c = x509->basicConstCrit;
|
||||
}
|
||||
@@ -2648,14 +2713,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
|
||||
WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
|
||||
goto err;
|
||||
}
|
||||
/* gn now owned by stack. */
|
||||
gn = NULL;
|
||||
|
||||
/* push DIST_POINT onto stack */
|
||||
if (wolfSSL_sk_DIST_POINT_push(sk, dp) <= 0) {
|
||||
WOLFSSL_MSG("Error pushing DIST_POINT onto stack");
|
||||
goto err;
|
||||
}
|
||||
|
||||
gn = NULL;
|
||||
/* dp now owned by stack. */
|
||||
dp = NULL;
|
||||
|
||||
}
|
||||
@@ -5871,8 +5937,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
|
||||
case GEN_EMAIL:
|
||||
ret = wolfSSL_BIO_printf(out, "email:");
|
||||
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
if (ret == WOLFSSL_SUCCESS)
|
||||
{
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
ret = wolfSSL_ASN1_STRING_print(out, gen->d.rfc822Name);
|
||||
}
|
||||
break;
|
||||
@@ -5881,8 +5946,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
|
||||
ret = wolfSSL_BIO_printf(out, "DNS:");
|
||||
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
ret = wolfSSL_BIO_printf(out, "%s", gen->d.dNSName->strData);
|
||||
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
ret = wolfSSL_ASN1_STRING_print(out, gen->d.dNSName);
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -5893,6 +5957,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
|
||||
|
||||
case GEN_DIRNAME:
|
||||
ret = wolfSSL_BIO_printf(out, "DirName:");
|
||||
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
ret = wolfSSL_X509_NAME_print_ex(out, gen->d.directoryName, 0,
|
||||
XN_FLAG_ONELINE);
|
||||
@@ -7094,7 +7159,8 @@ static int X509PrintExtendedKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
||||
EXTKEYUSE_EMAILPROT,
|
||||
EXTKEYUSE_CODESIGN,
|
||||
EXTKEYUSE_CLIENT_AUTH,
|
||||
EXTKEYUSE_SERVER_AUTH
|
||||
EXTKEYUSE_SERVER_AUTH,
|
||||
EXTKEYUSE_ANY
|
||||
};
|
||||
const char* usageStrs[] = {
|
||||
"OCSP Signing",
|
||||
@@ -7102,7 +7168,8 @@ static int X509PrintExtendedKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
||||
"E-mail Protection",
|
||||
"Code Signing",
|
||||
"TLS Web Client Authentication",
|
||||
"TLS Web Server Authentication"
|
||||
"TLS Web Server Authentication",
|
||||
"Any Extended Key Usage"
|
||||
};
|
||||
|
||||
if (bio == NULL || x509 == NULL) {
|
||||
@@ -7483,12 +7550,22 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
||||
ret = WOLFSSL_FAILURE;
|
||||
break;
|
||||
}
|
||||
if ((scratchLen = XSNPRINTF(
|
||||
scratch, scratchSz,
|
||||
"%*sCA:%s\n",
|
||||
indent + 8, "", (x509->isCa)? "TRUE": "FALSE"))
|
||||
>= scratchSz)
|
||||
{
|
||||
/* Match OpenSSL output: print "CA:TRUE"/"CA:FALSE" and append
|
||||
* ", pathlen:N" only when a pathLenConstraint is present
|
||||
* (RFC 5280 4.2.1.9). An absent constraint imposes no limit
|
||||
* and must not be shown as pathlen:0. */
|
||||
if (x509->basicConstPlSet) {
|
||||
scratchLen = XSNPRINTF(scratch, scratchSz,
|
||||
"%*sCA:%s, pathlen:%u\n",
|
||||
indent + 8, "", (x509->isCa) ? "TRUE" : "FALSE",
|
||||
(unsigned int)x509->pathLength);
|
||||
}
|
||||
else {
|
||||
scratchLen = XSNPRINTF(scratch, scratchSz,
|
||||
"%*sCA:%s\n",
|
||||
indent + 8, "", (x509->isCa) ? "TRUE" : "FALSE");
|
||||
}
|
||||
if (scratchLen >= scratchSz) {
|
||||
ret = WOLFSSL_FAILURE;
|
||||
break;
|
||||
}
|
||||
|
||||
+435
-6345
File diff suppressed because it is too large
Load Diff
@@ -51,13 +51,16 @@ tests_unit_test_SOURCES += tests/api/test_mldsa.c
|
||||
tests_unit_test_SOURCES += tests/api/test_mldsa_legacy.c
|
||||
tests_unit_test_SOURCES += tests/api/test_slhdsa.c
|
||||
tests_unit_test_SOURCES += tests/api/test_signature.c
|
||||
tests_unit_test_SOURCES += tests/api/test_lms_xmss.c
|
||||
# TLS Protocol
|
||||
tests_unit_test_SOURCES += tests/api/test_dtls.c
|
||||
tests_unit_test_SOURCES += tests/api/test_dtls13.c
|
||||
# TLS Feature
|
||||
tests_unit_test_SOURCES += tests/api/test_ocsp.c
|
||||
tests_unit_test_SOURCES += tests/api/test_evp.c
|
||||
tests_unit_test_SOURCES += tests/api/test_tls_ext.c
|
||||
tests_unit_test_SOURCES += tests/api/test_tls.c
|
||||
tests_unit_test_SOURCES += tests/api/test_session.c
|
||||
# Certs
|
||||
tests_unit_test_SOURCES += tests/api/test_x509.c
|
||||
# ASN
|
||||
@@ -157,13 +160,16 @@ EXTRA_DIST += tests/api/test_mlkem.h
|
||||
EXTRA_DIST += tests/api/test_mldsa.h
|
||||
EXTRA_DIST += tests/api/test_slhdsa.h
|
||||
EXTRA_DIST += tests/api/test_signature.h
|
||||
EXTRA_DIST += tests/api/test_lms_xmss.h
|
||||
EXTRA_DIST += tests/api/test_dtls.h
|
||||
EXTRA_DIST += tests/api/test_dtls13.h
|
||||
EXTRA_DIST += tests/api/test_ocsp.h
|
||||
EXTRA_DIST += tests/api/test_ocsp_test_blobs.h
|
||||
EXTRA_DIST += tests/api/create_ocsp_test_blobs.py
|
||||
EXTRA_DIST += tests/api/test_evp.h
|
||||
EXTRA_DIST += tests/api/test_tls_ext.h
|
||||
EXTRA_DIST += tests/api/test_tls.h
|
||||
EXTRA_DIST += tests/api/test_session.h
|
||||
EXTRA_DIST += tests/api/test_x509.h
|
||||
EXTRA_DIST += tests/api/test_asn.h
|
||||
EXTRA_DIST += tests/api/test_pkcs7.h
|
||||
|
||||
@@ -31,6 +31,12 @@
|
||||
#ifdef HAVE_ED25519
|
||||
#include <wolfssl/wolfcrypt/ed25519.h>
|
||||
#endif
|
||||
#ifdef HAVE_ED448
|
||||
#include <wolfssl/wolfcrypt/ed448.h>
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#endif
|
||||
|
||||
#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && defined(HAVE_ED25519)
|
||||
static int test_SetAsymKeyDer_once(byte* privKey, word32 privKeySz, byte* pubKey,
|
||||
@@ -843,6 +849,19 @@ int test_wolfssl_local_MatchBaseName(void)
|
||||
"sub.domain.com", 14, ".domain.com", 11), 1);
|
||||
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
|
||||
"a.b.domain.com", 14, ".domain.com", 11), 1);
|
||||
/* Trailing-dot normalization: absolute DNS form is equivalent. */
|
||||
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
|
||||
"domain.com.", (int)XSTRLEN("domain.com."),
|
||||
"domain.com", (int)XSTRLEN("domain.com")), 1);
|
||||
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
|
||||
"domain.com", (int)XSTRLEN("domain.com"),
|
||||
"domain.com.", (int)XSTRLEN("domain.com.")), 1);
|
||||
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
|
||||
"domain.com.", (int)XSTRLEN("domain.com."),
|
||||
"domain.com.", (int)XSTRLEN("domain.com.")), 1);
|
||||
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
|
||||
"sub.domain.com.", (int)XSTRLEN("sub.domain.com."),
|
||||
".domain.com.", (int)XSTRLEN(".domain.com.")), 1);
|
||||
|
||||
/* Negative tests - should NOT match */
|
||||
/* Bug #3: fakedomain.com should NOT match domain.com (no dot boundary) */
|
||||
@@ -864,6 +883,10 @@ int test_wolfssl_local_MatchBaseName(void)
|
||||
/* Name starting with dot */
|
||||
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
|
||||
".domain.com", 11, "domain.com", 10), 0);
|
||||
/* More than one trailing dot leaves an empty label after normalization. */
|
||||
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
|
||||
"domain.com..", (int)XSTRLEN("domain.com.."),
|
||||
"domain.com", (int)XSTRLEN("domain.com")), 0);
|
||||
|
||||
/*
|
||||
* Tests for email type (ASN_RFC822_TYPE = 0x01)
|
||||
@@ -963,6 +986,210 @@ int test_wolfssl_local_MatchBaseName(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(IGNORE_NAME_CONSTRAINTS)
|
||||
/* Convenience wrappers so the cases below read as (name, base) pairs and the
|
||||
* string lengths can't drift out of sync with the literals. */
|
||||
static int dnsWildPermitted(const char* name, const char* base)
|
||||
{
|
||||
return wolfssl_local_MatchDnsConstraintWildcard(name, (int)XSTRLEN(name),
|
||||
base, (int)XSTRLEN(base), 1);
|
||||
}
|
||||
static int dnsWildExcluded(const char* name, const char* base)
|
||||
{
|
||||
return wolfssl_local_MatchDnsConstraintWildcard(name, (int)XSTRLEN(name),
|
||||
base, (int)XSTRLEN(base), 0);
|
||||
}
|
||||
static int uriNC(const char* uri, const char* base)
|
||||
{
|
||||
return wolfssl_local_MatchUriNameConstraint(uri, (int)XSTRLEN(uri), base,
|
||||
(int)XSTRLEN(base));
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Tests label-aware matching of a wildcard DNS SAN against a name-constraint
|
||||
* subtree. The permitted variant must prove containment (every expansion of
|
||||
* the wildcard stays inside the subtree); the excluded variant must detect
|
||||
* intersection (some expansion falls inside the subtree). A '*' never crosses
|
||||
* a label boundary, so the comparison is by label from the right.
|
||||
*/
|
||||
int test_wolfssl_local_MatchDnsConstraintWildcard(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(IGNORE_NAME_CONSTRAINTS)
|
||||
/*
|
||||
* PERMITTED subtree -- containment. Accept only when EVERY expansion of
|
||||
* the wildcard is inside the base subtree.
|
||||
*/
|
||||
|
||||
/* Wildcard is an extra label to the left of the base: always contained. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", "example.com"), 1);
|
||||
ExpectIntEQ(dnsWildPermitted("*.sub.example.com", "example.com"), 1);
|
||||
ExpectIntEQ(dnsWildPermitted("foo*.example.com", "example.com"), 1);
|
||||
ExpectIntEQ(dnsWildPermitted("a*b.example.com", "example.com"), 1);
|
||||
/* Case-insensitive on the literal tail labels. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.EXAMPLE.CoM", "example.com"), 1);
|
||||
/* Single-label base; the matched tail "com" is literal. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", "com"), 1);
|
||||
/* Leading-dot base requires at least one label before it -- the wildcard
|
||||
* label satisfies that. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", ".example.com"), 1);
|
||||
ExpectIntEQ(dnsWildPermitted("*.sub.example.com", ".example.com"), 1);
|
||||
/* Trailing-dot normalization: absolute DNS form is equivalent. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com.", "example.com"), 1);
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", "example.com."), 1);
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com.", "example.com."), 1);
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com.", ".example.com."), 1);
|
||||
|
||||
/* Wildcard lands on a label that must equal the base: NOT provably
|
||||
* contained, because the label can expand to something else. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", "foo.example.com"), 0);
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com.", "foo.example.com"), 0);
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", "foo.example.com."), 0);
|
||||
ExpectIntEQ(dnsWildPermitted("ex*.com", "example.com"), 0);
|
||||
ExpectIntEQ(dnsWildPermitted("foo.exa*ple.com", "example.com"), 0);
|
||||
/* Tail labels do not match the base at all. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", "example.org"), 0);
|
||||
ExpectIntEQ(dnsWildPermitted("*.evil.com", "example.com"), 0);
|
||||
/* Leading-dot base, but wildcard would have to equal an interior base
|
||||
* label. */
|
||||
ExpectIntEQ(dnsWildPermitted("*.example.com", ".sub.example.com"), 0);
|
||||
/* A bare '*' cannot be proven inside any multi-label-or-single subtree. */
|
||||
ExpectIntEQ(dnsWildPermitted("*", "com"), 0);
|
||||
|
||||
/*
|
||||
* EXCLUDED subtree -- intersection. Reject when SOME expansion of the
|
||||
* wildcard falls inside the base subtree. A wildcard label is
|
||||
* conservatively treated as able to match any single base label.
|
||||
*/
|
||||
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", "foo.example.com"), 1);
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com.", "foo.example.com"), 1);
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", "foo.example.com."), 1);
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com.", "foo.example.com."), 1);
|
||||
/* Wildcard adds a label on top of the excluded subtree. */
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", "example.com"), 1);
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", "com"), 1);
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", ".example.com"), 1);
|
||||
/* Wildcard in a non-left label still intersects. */
|
||||
ExpectIntEQ(dnsWildExcluded("foo.*.example.com", "bar.example.com"), 1);
|
||||
/* Partial-label wildcard: conservatively excluded even though "ex*"
|
||||
* cannot actually expand to "foo" (over-rejection, safe). */
|
||||
ExpectIntEQ(dnsWildExcluded("ex*.example.com", "foo.example.com"), 1);
|
||||
/* A bare '*' can expand to the apex label of a single-label subtree. */
|
||||
ExpectIntEQ(dnsWildExcluded("*", "com"), 1);
|
||||
|
||||
/* No intersection: literal tail labels differ from the base. */
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", "foo.other.com"), 0);
|
||||
ExpectIntEQ(dnsWildExcluded("*.other.com", "example.com"), 0);
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", "example.org"), 0);
|
||||
/* Leading-dot excluded base needs a label before it; the wildcard SAN has
|
||||
* no room for one, so no expansion reaches the proper subtree. */
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", ".foo.example.com"), 0);
|
||||
/* Same arity: '*' can expand to the apex label of the base, so the
|
||||
* wildcard intersects (*.com can be example.com, which is excluded). */
|
||||
ExpectIntEQ(dnsWildExcluded("*.com", "example.com"), 1);
|
||||
/* But a base with MORE labels than the name cannot be reached. */
|
||||
ExpectIntEQ(dnsWildExcluded("*.com", "a.example.com"), 0);
|
||||
|
||||
/*
|
||||
* Error / degenerate inputs (both flags reject).
|
||||
*/
|
||||
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard(NULL, 5,
|
||||
"com", 3, 1), 0);
|
||||
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard("*.com", 5,
|
||||
NULL, 3, 1), 0);
|
||||
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard("*.com", 0,
|
||||
"com", 3, 1), 0);
|
||||
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard("*.com", 5,
|
||||
"com", 0, 1), 0);
|
||||
/* Name beginning with a dot is invalid. */
|
||||
ExpectIntEQ(dnsWildPermitted(".x.com", "com"), 0);
|
||||
ExpectIntEQ(dnsWildExcluded(".x.com", "com"), 0);
|
||||
/* Base that is only dots collapses to nothing. */
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", "."), 0);
|
||||
ExpectIntEQ(dnsWildExcluded("*.example.com", ".."), 0);
|
||||
/* SAN has an empty interior label ("*..com"), but only the right-most
|
||||
* "com" label overlaps the base "com" -- the empty label sits outside the
|
||||
* compared suffix, and '*' can expand to any label, so the matcher
|
||||
* conservatively reports intersection. */
|
||||
ExpectIntEQ(dnsWildExcluded("*..com", "com"), 1);
|
||||
|
||||
#endif /* !NO_CERTS && !NO_ASN && !IGNORE_NAME_CONSTRAINTS */
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/*
|
||||
* Tests URI name-constraint matching (RFC 5280 4.2.1.10): the constraint
|
||||
* applies to the host portion of the URI. A constraint that does NOT begin
|
||||
* with a dot is an exact host match; one that begins with a dot matches any
|
||||
* host with one or more additional leading labels (the bare host is excluded).
|
||||
*/
|
||||
int test_wolfssl_local_MatchUriNameConstraint(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(IGNORE_NAME_CONSTRAINTS)
|
||||
/*
|
||||
* Exact host match (no leading dot in the constraint).
|
||||
*/
|
||||
ExpectIntEQ(uriNC("https://host.com/path", "host.com"), 1);
|
||||
ExpectIntEQ(uriNC("https://host.com", "host.com"), 1);
|
||||
ExpectIntEQ(uriNC("https://host.com:8443/x", "host.com"), 1);
|
||||
ExpectIntEQ(uriNC("ftp://user@host.com/x", "host.com"), 1);
|
||||
ExpectIntEQ(uriNC("https://HOST.COM", "host.com"), 1);
|
||||
ExpectIntEQ(uriNC("https://host.com?q=1", "host.com"), 1);
|
||||
ExpectIntEQ(uriNC("https://host.com#frag", "host.com"), 1);
|
||||
|
||||
/* The bug this fix closes: an exact-host constraint must NOT subtree-match
|
||||
* a sub-host. */
|
||||
ExpectIntEQ(uriNC("https://www.host.com/", "host.com"), 0);
|
||||
ExpectIntEQ(uriNC("https://a.b.host.com", "host.com"), 0);
|
||||
/* Suffix that does not respect a label boundary. */
|
||||
ExpectIntEQ(uriNC("https://xhost.com", "host.com"), 0);
|
||||
/* host.com is a prefix of the URI host but not the whole host. */
|
||||
ExpectIntEQ(uriNC("https://host.com.evil.com", "host.com"), 0);
|
||||
ExpectIntEQ(uriNC("https://other.com", "host.com"), 0);
|
||||
|
||||
/*
|
||||
* Leading-dot constraint: proper subtree of hosts (apex excluded).
|
||||
*/
|
||||
ExpectIntEQ(uriNC("https://www.host.com/", ".host.com"), 1);
|
||||
ExpectIntEQ(uriNC("https://a.b.host.com", ".host.com"), 1);
|
||||
ExpectIntEQ(uriNC("https://www.host.com:443", ".host.com"), 1);
|
||||
/* The bare host is NOT in the leading-dot subtree. */
|
||||
ExpectIntEQ(uriNC("https://host.com", ".host.com"), 0);
|
||||
ExpectIntEQ(uriNC("https://evilhost.com", ".host.com"), 0);
|
||||
|
||||
/*
|
||||
* IPv6 literal host extraction ([..]) then exact match.
|
||||
*/
|
||||
ExpectIntEQ(uriNC("https://[2001:db8::1]:443/x", "2001:db8::1"), 1);
|
||||
ExpectIntEQ(uriNC("https://[2001:db8::1]", "2001:db8::2"), 0);
|
||||
|
||||
/*
|
||||
* Malformed / degenerate URIs and inputs (reject).
|
||||
*/
|
||||
ExpectIntEQ(uriNC("no-scheme-host.com", "host.com"), 0);
|
||||
ExpectIntEQ(uriNC("https://", "host.com"), 0);
|
||||
/* double literal to abide source-check thinking it's a c++ comment */
|
||||
ExpectIntEQ(uriNC("https://" "/path", "host.com"), 0);
|
||||
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint(NULL, 10,
|
||||
"host.com", 8), 0);
|
||||
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint("https://host.com", 16,
|
||||
NULL, 8), 0);
|
||||
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint("https://host.com", 0,
|
||||
"host.com", 8), 0);
|
||||
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint("https://host.com", 16,
|
||||
"host.com", 0), 0);
|
||||
|
||||
#endif /* !NO_CERTS && !NO_ASN && !IGNORE_NAME_CONSTRAINTS */
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/*
|
||||
* Testing wc_DecodeRsaPssParams with known DER byte arrays.
|
||||
* Exercises both WOLFSSL_ASN_TEMPLATE and non-template paths.
|
||||
@@ -1363,3 +1590,440 @@ int test_wc_DecodeObjectId(void)
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#if defined(HAVE_PKCS8) && !defined(NO_ASN) && \
|
||||
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN)) && \
|
||||
(defined(HAVE_ED25519) || \
|
||||
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
|
||||
defined(WOLFSSL_KEY_GEN)) || \
|
||||
(defined(HAVE_DILITHIUM) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1)))
|
||||
/* Run ToTraditional_ex() on a copy of der and assert the algId, returned
|
||||
* length, and the inner OCTET STRING tag/length at the start of the
|
||||
* (in-place rewritten) buffer. */
|
||||
static int test_ToTraditional_ex_once(const byte* der, word32 derSz,
|
||||
word32 expectAlgId, word32 expectPrivKeySz)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
byte* copy = NULL;
|
||||
word32 algId = 0;
|
||||
int ret;
|
||||
|
||||
copy = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ExpectNotNull(copy);
|
||||
if (copy != NULL) {
|
||||
XMEMCPY(copy, der, derSz);
|
||||
ret = ToTraditional_ex(copy, derSz, &algId);
|
||||
ExpectIntGT(ret, 0);
|
||||
ExpectIntEQ(algId, expectAlgId);
|
||||
if (ret > 0) {
|
||||
/* wolfSSL writes nested OCTET STRING, but accept raw bytes
|
||||
* too per RFC 5958. */
|
||||
if (copy[0] == ASN_OCTET_STRING) {
|
||||
if (expectPrivKeySz < 0x80) {
|
||||
ExpectIntEQ(copy[1], (byte)expectPrivKeySz);
|
||||
}
|
||||
else if (expectPrivKeySz < 0x100) {
|
||||
ExpectIntEQ(copy[1], 0x81);
|
||||
ExpectIntEQ(copy[2], (byte)expectPrivKeySz);
|
||||
}
|
||||
else {
|
||||
ExpectIntEQ(copy[1], 0x82);
|
||||
ExpectIntEQ(((word32)copy[2] << 8) | copy[3],
|
||||
expectPrivKeySz);
|
||||
}
|
||||
}
|
||||
else {
|
||||
ExpectIntEQ(ret, (int)expectPrivKeySz);
|
||||
}
|
||||
}
|
||||
}
|
||||
XFREE(copy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Hand crafted PKCS#8 v0 and v1 Ed25519 buffers to test parser directly. */
|
||||
int test_ToTraditional_ex_handcrafted(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS8) && defined(HAVE_ED25519) && \
|
||||
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
|
||||
/* Ed25519 algorithm OID body (1.3.101.112). */
|
||||
static const byte algId[] = { 43, 101, 112 };
|
||||
const word32 privKeySz = ED25519_KEY_SIZE;
|
||||
const word32 pubKeySz = ED25519_PUB_KEY_SIZE;
|
||||
byte der[128];
|
||||
word32 sz;
|
||||
word32 outerLenIdx;
|
||||
/* Filler bytes for the dummy private/public key bodies */
|
||||
const byte keyPat = 0xCC;
|
||||
const byte pubPat = 0xDD;
|
||||
|
||||
/* v0: SEQ { INTEGER 0, SEQ { OID }, OCTET STRING { OCTET STRING priv } } */
|
||||
sz = 0;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
outerLenIdx = sz;
|
||||
der[sz++] = 0; /* outer length, filled in below */
|
||||
der[sz++] = ASN_INTEGER;
|
||||
der[sz++] = 1;
|
||||
der[sz++] = 0x00;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
der[sz++] = (byte)(sizeof(algId) + 2);
|
||||
der[sz++] = ASN_OBJECT_ID;
|
||||
der[sz++] = (byte)sizeof(algId);
|
||||
XMEMCPY(der + sz, algId, sizeof(algId)); sz += sizeof(algId);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)(privKeySz + 2);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)privKeySz;
|
||||
XMEMSET(der + sz, keyPat, privKeySz); sz += privKeySz;
|
||||
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
|
||||
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, sz, ED25519k, privKeySz));
|
||||
|
||||
/* v1: same plus [1] publicKey trailer. */
|
||||
sz = 0;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
outerLenIdx = sz;
|
||||
der[sz++] = 0;
|
||||
der[sz++] = ASN_INTEGER;
|
||||
der[sz++] = 1;
|
||||
der[sz++] = 0x01;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
der[sz++] = (byte)(sizeof(algId) + 2);
|
||||
der[sz++] = ASN_OBJECT_ID;
|
||||
der[sz++] = (byte)sizeof(algId);
|
||||
XMEMCPY(der + sz, algId, sizeof(algId)); sz += sizeof(algId);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)(privKeySz + 2);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)privKeySz;
|
||||
XMEMSET(der + sz, keyPat, privKeySz); sz += privKeySz;
|
||||
/* [1] publicKey trailer */
|
||||
der[sz++] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY;
|
||||
der[sz++] = (byte)pubKeySz;
|
||||
XMEMSET(der + sz, pubPat, pubKeySz); sz += pubKeySz;
|
||||
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
|
||||
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, sz, ED25519k, privKeySz));
|
||||
|
||||
/* v1 without publicKey: should still accept per RFC 5958. */
|
||||
sz = 0;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
outerLenIdx = sz;
|
||||
der[sz++] = 0;
|
||||
der[sz++] = ASN_INTEGER;
|
||||
der[sz++] = 1;
|
||||
der[sz++] = 0x01;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
der[sz++] = (byte)(sizeof(algId) + 2);
|
||||
der[sz++] = ASN_OBJECT_ID;
|
||||
der[sz++] = (byte)sizeof(algId);
|
||||
XMEMCPY(der + sz, algId, sizeof(algId)); sz += sizeof(algId);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)(privKeySz + 2);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)privKeySz;
|
||||
XMEMSET(der + sz, keyPat, privKeySz); sz += privKeySz;
|
||||
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
|
||||
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, sz, ED25519k, privKeySz));
|
||||
#endif /* HAVE_PKCS8 && HAVE_ED25519 */
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* Encoder/parser round trip: ToTraditional_ex() must accept both forms created
|
||||
* by SetAsymKeyDer() (v0 with PrivateKeyToDer, v1 with KeyToDer). */
|
||||
int test_ToTraditional_ex_roundtrip(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS8) && \
|
||||
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
|
||||
|
||||
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
|
||||
defined(WOLFSSL_KEY_GEN)
|
||||
{
|
||||
ed25519_key key;
|
||||
WC_RNG rng;
|
||||
byte der[256];
|
||||
int derSz = 0;
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_ed25519_init(&key), 0);
|
||||
ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
|
||||
|
||||
if (EXPECT_SUCCESS()) {
|
||||
ExpectIntGT(derSz = wc_Ed25519KeyToDer(&key, der, sizeof(der)), 0);
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED25519k,
|
||||
ED25519_KEY_SIZE));
|
||||
|
||||
derSz = wc_Ed25519PrivateKeyToDer(&key, der, sizeof(der));
|
||||
ExpectIntGT(derSz, 0);
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED25519k,
|
||||
ED25519_KEY_SIZE));
|
||||
}
|
||||
|
||||
wc_ed25519_free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
}
|
||||
#endif /* HAVE_ED25519 */
|
||||
|
||||
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
|
||||
defined(WOLFSSL_KEY_GEN)
|
||||
{
|
||||
ed448_key key;
|
||||
WC_RNG rng;
|
||||
byte der[256];
|
||||
int derSz = 0;
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_ed448_init(&key), 0);
|
||||
ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
|
||||
|
||||
if (EXPECT_SUCCESS()) {
|
||||
ExpectIntGT(derSz = wc_Ed448KeyToDer(&key, der, sizeof(der)), 0);
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED448k,
|
||||
ED448_KEY_SIZE));
|
||||
|
||||
derSz = wc_Ed448PrivateKeyToDer(&key, der, sizeof(der));
|
||||
ExpectIntGT(derSz, 0);
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED448k,
|
||||
ED448_KEY_SIZE));
|
||||
}
|
||||
|
||||
wc_ed448_free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
}
|
||||
#endif /* HAVE_ED448 */
|
||||
|
||||
#if defined(HAVE_DILITHIUM) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1) && \
|
||||
(!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_65) || \
|
||||
!defined(WOLFSSL_NO_ML_DSA_87))
|
||||
{
|
||||
static const struct {
|
||||
int wcLevel;
|
||||
word32 oidSum;
|
||||
word32 privKeySz;
|
||||
} variants[] = {
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
{ WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_KEY_SIZE },
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
{ WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_KEY_SIZE },
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
{ WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_KEY_SIZE },
|
||||
#endif
|
||||
};
|
||||
|
||||
const word32 derMaxSz = DILITHIUM_MAX_BOTH_KEY_DER_SIZE;
|
||||
byte* der = NULL;
|
||||
WC_RNG rng;
|
||||
size_t i;
|
||||
int derSz;
|
||||
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectNotNull(der = (byte*)XMALLOC(derMaxSz, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
|
||||
for (i = 0; i < sizeof(variants) / sizeof(variants[0]); i++) {
|
||||
dilithium_key key;
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
ExpectIntEQ(wc_dilithium_init(&key), 0);
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, variants[i].wcLevel), 0);
|
||||
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
|
||||
|
||||
if (EXPECT_SUCCESS()) {
|
||||
ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&key, der, derMaxSz),
|
||||
0);
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz,
|
||||
variants[i].oidSum, variants[i].privKeySz));
|
||||
|
||||
derSz = wc_Dilithium_PrivateKeyToDer(&key, der, derMaxSz);
|
||||
ExpectIntGT(derSz, 0);
|
||||
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz,
|
||||
variants[i].oidSum, variants[i].privKeySz));
|
||||
}
|
||||
|
||||
wc_dilithium_free(&key);
|
||||
}
|
||||
|
||||
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_FreeRng(&rng);
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
|
||||
#endif /* HAVE_PKCS8 */
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* Trailing garbage that is neither [0] attributes nor [1] publicKey must
|
||||
* still be rejected. */
|
||||
int test_ToTraditional_ex_negative(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS8) && defined(HAVE_ED25519) && \
|
||||
defined(HAVE_ED25519_KEY_EXPORT) && defined(WOLFSSL_KEY_GEN) && \
|
||||
defined(WOLFSSL_ASN_TEMPLATE) && \
|
||||
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
|
||||
ed25519_key key;
|
||||
WC_RNG rng;
|
||||
byte der[256];
|
||||
byte copy[256];
|
||||
int derSz = 0;
|
||||
word32 algId;
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_ed25519_init(&key), 0);
|
||||
ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
|
||||
ExpectIntGT(derSz = wc_Ed25519PrivateKeyToDer(&key, der, sizeof(der)), 0);
|
||||
|
||||
if (EXPECT_SUCCESS() && (derSz > 0) &&
|
||||
((size_t)derSz + 1 <= sizeof(copy))) {
|
||||
/* Append one byte of trailing data, grow outer SEQ length to cover.
|
||||
* Ed25519 PKCS#8 outer SEQ is under 128 bytes, expect DER short form
|
||||
* so the negative path is always exercised. */
|
||||
XMEMCPY(copy, der, (size_t)derSz);
|
||||
ExpectTrue(copy[1] < 0x80);
|
||||
if (EXPECT_SUCCESS() && copy[1] < 0x80) {
|
||||
copy[1] = (byte)(copy[1] + 1);
|
||||
copy[derSz] = 0x05;
|
||||
algId = 0;
|
||||
ExpectIntLT(ToTraditional_ex(copy, (word32)(derSz + 1), &algId), 0);
|
||||
}
|
||||
}
|
||||
|
||||
/* publicKey trailer is permitted only when version == v1 */
|
||||
if (EXPECT_SUCCESS() && (derSz > 0) &&
|
||||
((size_t)derSz + 2 + ED25519_PUB_KEY_SIZE <= sizeof(copy))) {
|
||||
word32 trailerSz = 2 + ED25519_PUB_KEY_SIZE;
|
||||
XMEMCPY(copy, der, (size_t)derSz);
|
||||
ExpectTrue(copy[1] < (byte)(0x80 - trailerSz));
|
||||
if (EXPECT_SUCCESS() && copy[1] < (byte)(0x80 - trailerSz)) {
|
||||
copy[1] = (byte)(copy[1] + trailerSz);
|
||||
copy[derSz] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY;
|
||||
copy[derSz + 1] = ED25519_PUB_KEY_SIZE;
|
||||
XMEMSET(copy + derSz + 2, 0xDD, ED25519_PUB_KEY_SIZE);
|
||||
algId = 0;
|
||||
ExpectIntLT(ToTraditional_ex(copy,
|
||||
(word32)(derSz + (int)trailerSz), &algId), 0);
|
||||
}
|
||||
}
|
||||
|
||||
/* v1 buffer (with publicKey) plus extra trailing garbage. */
|
||||
ExpectIntGT(derSz = wc_Ed25519KeyToDer(&key, der, sizeof(der)), 0);
|
||||
if (EXPECT_SUCCESS() && (derSz > 0) &&
|
||||
((size_t)derSz + 1 <= sizeof(copy))) {
|
||||
XMEMCPY(copy, der, (size_t)derSz);
|
||||
ExpectTrue(copy[1] < 0x80);
|
||||
if (EXPECT_SUCCESS() && copy[1] < 0x80) {
|
||||
copy[1] = (byte)(copy[1] + 1);
|
||||
copy[derSz] = 0x05;
|
||||
algId = 0;
|
||||
ExpectIntLT(ToTraditional_ex(copy, (word32)(derSz + 1), &algId), 0);
|
||||
}
|
||||
}
|
||||
|
||||
wc_ed25519_free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* ML-DSA AlgorithmIdentifier has no parameters per FIPS 204. Verify
|
||||
* ToTraditional_ex() rejects a PKCS#8 whose algoSeq carries trailing NULL
|
||||
* or OBJECT_ID parameters. Template parser only (legacy is lenient). */
|
||||
int test_ToTraditional_ex_mldsa_bad_params(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS8) && defined(HAVE_DILITHIUM) && \
|
||||
defined(WOLFSSL_ASN_TEMPLATE) && \
|
||||
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
|
||||
/* ML-DSA-65 OID body: 2.16.840.1.101.3.4.3.18 */
|
||||
static const byte mldsaOid[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
|
||||
0x04, 0x03, 0x12 };
|
||||
/* Single-arc OID body, used only to occupy the OBJECT_ID slot. */
|
||||
static const byte extraOid[] = { 0x01 };
|
||||
byte der[64];
|
||||
byte copy[64];
|
||||
word32 sz;
|
||||
word32 outerLenIdx;
|
||||
word32 algId;
|
||||
const word32 privKeySz = 4;
|
||||
const byte privBody = 0xAA;
|
||||
|
||||
/* Bad case, algoSeq = { OID, NULL } */
|
||||
sz = 0;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
outerLenIdx = sz;
|
||||
der[sz++] = 0; /* outer length, filled in below */
|
||||
der[sz++] = ASN_INTEGER;
|
||||
der[sz++] = 1;
|
||||
der[sz++] = 0x00;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
der[sz++] = (byte)(sizeof(mldsaOid) + 2 + 2);
|
||||
der[sz++] = ASN_OBJECT_ID;
|
||||
der[sz++] = (byte)sizeof(mldsaOid);
|
||||
XMEMCPY(der + sz, mldsaOid, sizeof(mldsaOid)); sz += sizeof(mldsaOid);
|
||||
/* Disallowed, NULL parameter after the ML-DSA OID. */
|
||||
der[sz++] = ASN_TAG_NULL;
|
||||
der[sz++] = 0;
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)(privKeySz + 2);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)privKeySz;
|
||||
XMEMSET(der + sz, privBody, privKeySz); sz += privKeySz;
|
||||
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
|
||||
|
||||
XMEMCPY(copy, der, sz);
|
||||
algId = 0;
|
||||
ExpectIntLT(ToTraditional_ex(copy, sz, &algId), 0);
|
||||
|
||||
/* Bad case, algoSeq = { OID, OBJECT_ID } */
|
||||
sz = 0;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
outerLenIdx = sz;
|
||||
der[sz++] = 0;
|
||||
der[sz++] = ASN_INTEGER;
|
||||
der[sz++] = 1;
|
||||
der[sz++] = 0x00;
|
||||
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
|
||||
der[sz++] = (byte)(sizeof(mldsaOid) + 2 + sizeof(extraOid) + 2);
|
||||
der[sz++] = ASN_OBJECT_ID;
|
||||
der[sz++] = (byte)sizeof(mldsaOid);
|
||||
XMEMCPY(der + sz, mldsaOid, sizeof(mldsaOid)); sz += sizeof(mldsaOid);
|
||||
/* Disallowed, OBJECT_ID parameter after the ML-DSA OID. */
|
||||
der[sz++] = ASN_OBJECT_ID;
|
||||
der[sz++] = (byte)sizeof(extraOid);
|
||||
XMEMCPY(der + sz, extraOid, sizeof(extraOid)); sz += sizeof(extraOid);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)(privKeySz + 2);
|
||||
der[sz++] = ASN_OCTET_STRING;
|
||||
der[sz++] = (byte)privKeySz;
|
||||
XMEMSET(der + sz, privBody, privKeySz); sz += privKeySz;
|
||||
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
|
||||
|
||||
XMEMCPY(copy, der, sz);
|
||||
algId = 0;
|
||||
ExpectIntLT(ToTraditional_ex(copy, sz, &algId), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
+13
-1
@@ -30,10 +30,16 @@ int test_DecodeAsymKey_negative(void);
|
||||
int test_GetSetShortInt(void);
|
||||
int test_wc_IndexSequenceOf(void);
|
||||
int test_wolfssl_local_MatchBaseName(void);
|
||||
int test_wolfssl_local_MatchDnsConstraintWildcard(void);
|
||||
int test_wolfssl_local_MatchUriNameConstraint(void);
|
||||
int test_wc_DecodeRsaPssParams(void);
|
||||
int test_SerialNumber0_RootCA(void);
|
||||
int test_DecodeAltNames_length_underflow(void);
|
||||
int test_wc_DecodeObjectId(void);
|
||||
int test_ToTraditional_ex_handcrafted(void);
|
||||
int test_ToTraditional_ex_roundtrip(void);
|
||||
int test_ToTraditional_ex_negative(void);
|
||||
int test_ToTraditional_ex_mldsa_bad_params(void);
|
||||
|
||||
#define TEST_ASN_DECLS \
|
||||
TEST_DECL_GROUP("asn", test_SetAsymKeyDer), \
|
||||
@@ -42,9 +48,15 @@ int test_wc_DecodeObjectId(void);
|
||||
TEST_DECL_GROUP("asn", test_GetSetShortInt), \
|
||||
TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf), \
|
||||
TEST_DECL_GROUP("asn", test_wolfssl_local_MatchBaseName), \
|
||||
TEST_DECL_GROUP("asn", test_wolfssl_local_MatchDnsConstraintWildcard), \
|
||||
TEST_DECL_GROUP("asn", test_wolfssl_local_MatchUriNameConstraint), \
|
||||
TEST_DECL_GROUP("asn", test_wc_DecodeRsaPssParams), \
|
||||
TEST_DECL_GROUP("asn", test_SerialNumber0_RootCA), \
|
||||
TEST_DECL_GROUP("asn", test_DecodeAltNames_length_underflow), \
|
||||
TEST_DECL_GROUP("asn", test_wc_DecodeObjectId)
|
||||
TEST_DECL_GROUP("asn", test_wc_DecodeObjectId), \
|
||||
TEST_DECL_GROUP("asn", test_ToTraditional_ex_handcrafted), \
|
||||
TEST_DECL_GROUP("asn", test_ToTraditional_ex_roundtrip), \
|
||||
TEST_DECL_GROUP("asn", test_ToTraditional_ex_negative), \
|
||||
TEST_DECL_GROUP("asn", test_ToTraditional_ex_mldsa_bad_params)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_ASN_H */
|
||||
|
||||
@@ -2109,6 +2109,70 @@ int test_wolfSSL_X509_check_host_IP_only_SAN_CN_fallback(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
|
||||
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
|
||||
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
|
||||
!defined(NO_SHA256)
|
||||
/* RFC 6125 Sec. 6.4 / RFC 9525 Sec. 6.3: DNS-ID reference identifiers
|
||||
* must be matched only against dNSName SANs, not uniformResourceIdentifier.
|
||||
* wolfSSL_X509_add_altname() is used to attach a bare-hostname URI SAN
|
||||
* (the misissue shape that can reach altNames when certificate parsing is
|
||||
* built without strict URI checks). URI SAN presence still suppresses CN
|
||||
* fallback per RFC 6125 Sec. 6.4.4. */
|
||||
WOLFSSL_EVP_PKEY *priv = NULL;
|
||||
WOLFSSL_X509_NAME* name = NULL;
|
||||
const char* server_cert = "./certs/test/server-goodcn.pem";
|
||||
const char hostName[] = "cnhost.local";
|
||||
const char uriSan[] = "http://cnhost.local";
|
||||
byte *pt;
|
||||
WOLFSSL_X509 *leafUri = NULL;
|
||||
WOLFSSL_X509 *leafUriDns = NULL;
|
||||
|
||||
pt = (byte*)server_key_der_2048;
|
||||
ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
|
||||
(const unsigned char**)&pt, sizeof_server_key_der_2048));
|
||||
|
||||
ExpectNotNull(leafUri = wolfSSL_X509_load_certificate_file(server_cert,
|
||||
WOLFSSL_FILETYPE_PEM));
|
||||
ExpectNotNull(name = X509_NAME_new());
|
||||
ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
|
||||
(byte*)hostName, (int)XSTRLEN(hostName), -1, 0), SSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_X509_set_subject_name(leafUri, name), WOLFSSL_SUCCESS);
|
||||
X509_NAME_free(name);
|
||||
name = NULL;
|
||||
ExpectIntEQ(wolfSSL_X509_add_altname(leafUri, uriSan, ASN_URI_TYPE),
|
||||
WOLFSSL_SUCCESS);
|
||||
ExpectIntGT(wolfSSL_X509_sign(leafUri, priv, EVP_sha256()), 0);
|
||||
ExpectIntEQ(wolfSSL_X509_check_host(leafUri, hostName, XSTRLEN(hostName),
|
||||
0, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
|
||||
ExpectNotNull(leafUriDns = wolfSSL_X509_load_certificate_file(server_cert,
|
||||
WOLFSSL_FILETYPE_PEM));
|
||||
ExpectNotNull(name = X509_NAME_new());
|
||||
ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
|
||||
(byte*)hostName, (int)XSTRLEN(hostName), -1, 0), SSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_X509_set_subject_name(leafUriDns, name),
|
||||
WOLFSSL_SUCCESS);
|
||||
X509_NAME_free(name);
|
||||
name = NULL;
|
||||
ExpectIntEQ(wolfSSL_X509_add_altname(leafUriDns, uriSan, ASN_URI_TYPE),
|
||||
WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_X509_add_altname(leafUriDns, hostName, ASN_DNS_TYPE),
|
||||
WOLFSSL_SUCCESS);
|
||||
ExpectIntGT(wolfSSL_X509_sign(leafUriDns, priv, EVP_sha256()), 0);
|
||||
ExpectIntEQ(wolfSSL_X509_check_host(leafUriDns, hostName,
|
||||
XSTRLEN(hostName), 0, NULL), WOLFSSL_SUCCESS);
|
||||
|
||||
wolfSSL_X509_free(leafUri);
|
||||
wolfSSL_X509_free(leafUriDns);
|
||||
wolfSSL_EVP_PKEY_free(priv);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_CertManagerCRL(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
@@ -40,6 +40,7 @@ int test_wolfSSL_CertManagerNameConstraint_IP_SAN(void);
|
||||
int test_wolfSSL_CertManagerNameConstraint_RID_SAN(void);
|
||||
int test_wolfSSL_X509_get_ext_d2i_RID_SAN(void);
|
||||
int test_wolfSSL_X509_check_host_IP_only_SAN_CN_fallback(void);
|
||||
int test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match(void);
|
||||
int test_wolfSSL_CertManagerCRL(void);
|
||||
int test_wolfSSL_CRL_reason_extensions_cleanup(void);
|
||||
int test_wolfSSL_CRL_static_revoked_list(void);
|
||||
@@ -70,6 +71,8 @@ int test_wolfSSL_X509_V_ERR_strings(void);
|
||||
TEST_DECL_GROUP("certman", test_wolfSSL_X509_get_ext_d2i_RID_SAN), \
|
||||
TEST_DECL_GROUP("certman", \
|
||||
test_wolfSSL_X509_check_host_IP_only_SAN_CN_fallback), \
|
||||
TEST_DECL_GROUP("certman", \
|
||||
test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match), \
|
||||
TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerCRL), \
|
||||
TEST_DECL_GROUP("certman", test_wolfSSL_CRL_reason_extensions_cleanup), \
|
||||
TEST_DECL_GROUP("certman", test_wolfSSL_CRL_static_revoked_list), \
|
||||
|
||||
@@ -398,6 +398,99 @@ int test_wc_curve25519_shared_secret_zero_check(void)
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_wc_curve25519_shared_secret_zero_check */
|
||||
|
||||
/*
|
||||
* Known-answer tests for wc_curve25519_shared_secret_ex.
|
||||
*
|
||||
* Both vectors share one private scalar and produce a shared secret that is a
|
||||
* small canonical value (9 and 16, little-endian). Because the result is close
|
||||
* to a multiple of the field prime, these exercise the final modular reduction
|
||||
* of the X25519 computation: a result that was only reduced mod 2^256 (or left
|
||||
* in [p, 2^255)) instead of fully reduced mod 2^255-19 would not match.
|
||||
* All values are 32-byte little-endian encodings per RFC 7748.
|
||||
*/
|
||||
int test_wc_curve25519_shared_secret_ex_kat(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)
|
||||
/* Private scalar shared by both vectors. */
|
||||
static const byte kPriv[CURVE25519_KEYSIZE] = {
|
||||
0x60, 0xa3, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b,
|
||||
0xe4, 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84,
|
||||
0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9,
|
||||
0xcc, 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0x7f
|
||||
};
|
||||
/* Vector 1 public value, expected shared secret == 9. */
|
||||
static const byte kPub1[CURVE25519_KEYSIZE] = {
|
||||
0x3b, 0x18, 0xdf, 0x1e, 0x50, 0xb8, 0x99, 0xeb,
|
||||
0xd5, 0x88, 0xc3, 0x16, 0x1c, 0xbd, 0x3b, 0xf9,
|
||||
0x8e, 0xbc, 0xc2, 0xc1, 0xf7, 0xdf, 0x53, 0xb8,
|
||||
0x11, 0xbd, 0x0e, 0x91, 0xb4, 0xd5, 0x15, 0x3d
|
||||
};
|
||||
static const byte kExpected1[CURVE25519_KEYSIZE] = {
|
||||
0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
};
|
||||
/* Vector 2 public value, expected shared secret == 16. */
|
||||
static const byte kPub2[CURVE25519_KEYSIZE] = {
|
||||
0xca, 0xb6, 0xf9, 0xe7, 0xd8, 0xce, 0x00, 0xdf,
|
||||
0xce, 0xa9, 0xbb, 0xd8, 0xf0, 0x69, 0xef, 0x7f,
|
||||
0xb2, 0xac, 0x50, 0x4a, 0xbf, 0x83, 0xb8, 0x7d,
|
||||
0xb6, 0x01, 0xb5, 0xae, 0x0a, 0x7f, 0x76, 0x15
|
||||
};
|
||||
static const byte kExpected2[CURVE25519_KEYSIZE] = {
|
||||
0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
};
|
||||
/* Table-driven so both vectors run through the identical code path. */
|
||||
struct {
|
||||
const byte* pub;
|
||||
const byte* expected;
|
||||
} vec[2];
|
||||
curve25519_key private_key;
|
||||
curve25519_key public_key;
|
||||
WC_RNG rng;
|
||||
byte out[CURVE25519_KEYSIZE];
|
||||
word32 outLen;
|
||||
int i;
|
||||
|
||||
vec[0].pub = kPub1; vec[0].expected = kExpected1;
|
||||
vec[1].pub = kPub2; vec[1].expected = kExpected2;
|
||||
|
||||
XMEMSET(&rng, 0, sizeof(WC_RNG));
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
for (i = 0; i < 2; i++) {
|
||||
XMEMSET(&private_key, 0, sizeof(private_key));
|
||||
XMEMSET(&public_key, 0, sizeof(public_key));
|
||||
ExpectIntEQ(wc_curve25519_init(&private_key), 0);
|
||||
ExpectIntEQ(wc_curve25519_init(&public_key), 0);
|
||||
#ifdef WOLFSSL_CURVE25519_BLINDING
|
||||
ExpectIntEQ(wc_curve25519_set_rng(&private_key, &rng), 0);
|
||||
#endif
|
||||
ExpectIntEQ(wc_curve25519_import_private_ex(kPriv, sizeof(kPriv),
|
||||
&private_key, EC25519_LITTLE_ENDIAN), 0);
|
||||
ExpectIntEQ(wc_curve25519_import_public_ex(vec[i].pub,
|
||||
CURVE25519_KEYSIZE, &public_key, EC25519_LITTLE_ENDIAN), 0);
|
||||
|
||||
outLen = sizeof(out);
|
||||
ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key,
|
||||
out, &outLen, EC25519_LITTLE_ENDIAN), 0);
|
||||
ExpectIntEQ(outLen, CURVE25519_KEYSIZE);
|
||||
ExpectIntEQ(XMEMCMP(out, vec[i].expected, CURVE25519_KEYSIZE), 0);
|
||||
|
||||
wc_curve25519_free(&private_key);
|
||||
wc_curve25519_free(&public_key);
|
||||
}
|
||||
|
||||
DoExpectIntEQ(wc_FreeRng(&rng), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_wc_curve25519_shared_secret_ex_kat */
|
||||
|
||||
/*
|
||||
* Testing wc_curve25519_make_pub
|
||||
*/
|
||||
|
||||
@@ -31,6 +31,7 @@ int test_wc_curve25519_export_key_raw_ex(void);
|
||||
int test_wc_curve25519_make_key(void);
|
||||
int test_wc_curve25519_shared_secret_ex(void);
|
||||
int test_wc_curve25519_shared_secret_zero_check(void);
|
||||
int test_wc_curve25519_shared_secret_ex_kat(void);
|
||||
int test_wc_curve25519_make_pub(void);
|
||||
int test_wc_curve25519_export_public_ex(void);
|
||||
int test_wc_curve25519_export_private_raw_ex(void);
|
||||
@@ -47,6 +48,7 @@ int test_wc_Curve25519KeyToDer_oneasymkey_version(void);
|
||||
TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_key), \
|
||||
TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_ex), \
|
||||
TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_zero_check),\
|
||||
TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_ex_kat), \
|
||||
TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_pub), \
|
||||
TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_public_ex), \
|
||||
TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_private_raw_ex), \
|
||||
|
||||
+3311
-1072
File diff suppressed because it is too large
Load Diff
+68
-26
@@ -23,15 +23,8 @@
|
||||
#define TESTS_API_DTLS_H
|
||||
|
||||
int test_dtls12_basic_connection_id(void);
|
||||
int test_dtls13_basic_connection_id(void);
|
||||
int test_dtls13_hrr_want_write(void);
|
||||
int test_dtls13_every_write_want_write(void);
|
||||
int test_wolfSSL_dtls_cid_parse(void);
|
||||
int test_wolfSSL_dtls_set_pending_peer(void);
|
||||
int test_dtls13_epochs(void);
|
||||
int test_dtls13_ack_order(void);
|
||||
int test_dtls13_ack_overflow(void);
|
||||
int test_dtls13_ack_dup_write_counter(void);
|
||||
int test_dtls_version_checking(void);
|
||||
int test_dtls_short_ciphertext(void);
|
||||
int test_dtls12_record_length_mismatch(void);
|
||||
@@ -41,34 +34,56 @@ int test_dtls13_short_read(void);
|
||||
int test_records_span_network_boundaries(void);
|
||||
int test_dtls_record_cross_boundaries(void);
|
||||
int test_dtls_rtx_across_epoch_change(void);
|
||||
int test_dtls13_ch2_rtx_no_ch1(void);
|
||||
int test_dtls13_frag_ch2_with_ch1_rtx(void);
|
||||
int test_dtls_drop_client_ack(void);
|
||||
int test_dtls_bogus_finished_epoch_zero(void);
|
||||
int test_dtls_replay(void);
|
||||
int test_dtls_srtp(void);
|
||||
int test_dtls_timeout(void);
|
||||
int test_dtls_certreq_order(void);
|
||||
int test_dtls_memio_wolfio(void);
|
||||
int test_dtls_memio_wolfio_stateless(void);
|
||||
int test_dtls_mtu_fragment_headroom(void);
|
||||
int test_dtls_mtu_split_messages(void);
|
||||
int test_dtls13_min_rtx_interval(void);
|
||||
int test_dtls13_no_session_id_echo(void);
|
||||
int test_dtls13_5_9_0_compat(void);
|
||||
int test_dtls_set_session_min_downgrade(void);
|
||||
int test_dtls12_export_import_etm(void);
|
||||
|
||||
/* DTLS tests moved out of tests/api.c. */
|
||||
int test_dtls_msg_from_other_peer(void);
|
||||
int test_dtls_ipv6_check(void);
|
||||
int test_dtls_no_extensions(void);
|
||||
int test_dtls_1_0_hvr_downgrade(void);
|
||||
int test_dtls_downgrade_scr_server(void);
|
||||
int test_dtls_downgrade_scr(void);
|
||||
int test_dtls_client_hello_timeout_downgrade(void);
|
||||
int test_dtls_client_hello_timeout(void);
|
||||
int test_dtls_dropped_ccs(void);
|
||||
int test_dtls_seq_num_downgrade(void);
|
||||
int test_dtls_old_seq_number(void);
|
||||
int test_dtls12_missing_finished(void);
|
||||
int test_wolfSSL_dtls_export(void);
|
||||
int test_wolfSSL_dtls_export_peers(void);
|
||||
int test_wolfSSL_dtls_import_state_extra_window_words(void);
|
||||
int test_wolfSSL_DTLS_either_side(void);
|
||||
int test_generate_cookie(void);
|
||||
int test_wolfSSL_dtls_set_mtu(void);
|
||||
int test_wolfSSL_dtls_plaintext(void);
|
||||
int test_wolfSSL_dtls_fragments(void);
|
||||
int test_wolfSSL_ignore_alert_before_cookie(void);
|
||||
int test_wolfSSL_dtls_bad_record(void);
|
||||
int test_wolfSSL_dtls_AEAD_limit(void);
|
||||
int test_wolfSSL_dtls_stateless(void);
|
||||
int test_wolfSSL_dtls_stateless_hrr_group(void);
|
||||
int test_wolfSSL_DtlsUpdateWindow(void);
|
||||
int test_wolfSSL_DTLS_fragment_buckets(void);
|
||||
int test_wolfSSL_dtls_stateless2(void);
|
||||
int test_wolfSSL_dtls_stateless_maxfrag(void);
|
||||
int test_wolfSSL_dtls_stateless_resume(void);
|
||||
int test_wolfSSL_dtls_stateless_downgrade(void);
|
||||
int test_WOLFSSL_dtls_version_alert(void);
|
||||
|
||||
#define TEST_DTLS_DECLS \
|
||||
TEST_DECL_GROUP("dtls", test_dtls12_basic_connection_id), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_basic_connection_id), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_hrr_want_write), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_every_write_want_write), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_cid_parse), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_set_pending_peer), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_epochs), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_ack_order), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_ack_overflow), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_ack_dup_write_counter), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_version_checking), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_short_ciphertext), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls12_record_length_mismatch), \
|
||||
@@ -78,20 +93,47 @@ int test_dtls_set_session_min_downgrade(void);
|
||||
TEST_DECL_GROUP("dtls", test_records_span_network_boundaries), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_record_cross_boundaries), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_rtx_across_epoch_change), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_ch2_rtx_no_ch1), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_frag_ch2_with_ch1_rtx), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_drop_client_ack), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_bogus_finished_epoch_zero), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_replay), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_srtp), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_certreq_order), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_timeout), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_mtu_fragment_headroom), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_mtu_split_messages), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio_stateless), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_min_rtx_interval), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_no_session_id_echo), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_set_session_min_downgrade), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls13_5_9_0_compat)
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_export), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_export_peers), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_import_state_extra_window_words), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_DTLS_either_side), \
|
||||
TEST_DECL_GROUP("dtls", test_generate_cookie), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_set_mtu), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_plaintext), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_fragments), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_ignore_alert_before_cookie), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_bad_record), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_AEAD_limit), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_hrr_group), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_DtlsUpdateWindow), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_DTLS_fragment_buckets), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless2), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_maxfrag), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_resume), \
|
||||
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_downgrade), \
|
||||
TEST_DECL_GROUP("dtls", test_WOLFSSL_dtls_version_alert), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_msg_from_other_peer), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_ipv6_check), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_no_extensions), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_1_0_hvr_downgrade), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_downgrade_scr_server), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_downgrade_scr), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_client_hello_timeout_downgrade), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_client_hello_timeout), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_dropped_ccs), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_seq_num_downgrade), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls_old_seq_number), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls12_missing_finished), \
|
||||
TEST_DECL_GROUP("dtls", test_dtls12_export_import_etm)
|
||||
#endif /* TESTS_API_DTLS_H */
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,79 @@
|
||||
/* test_dtls13.h
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef TESTS_API_DTLS13_H
|
||||
#define TESTS_API_DTLS13_H
|
||||
|
||||
#include <tests/api/api_decl.h>
|
||||
|
||||
/* DTLSv1.3-only tests. None share helpers with DTLS<=1.2 tests, so they
|
||||
* live in their own translation unit and register under the "dtls13"
|
||||
* group. Each function is defined unconditionally with the body (or the
|
||||
* whole function via #else stub) guarded by WOLFSSL_DTLS13. */
|
||||
int test_dtls13_bad_epoch_ch(void);
|
||||
int test_wolfSSL_dtls13_null_cipher(void);
|
||||
int test_dtls13_frag_ch_pq(void);
|
||||
int test_dtls_frag_ch(void);
|
||||
int test_dtls_empty_keyshare_with_cookie(void);
|
||||
int test_dtls13_missing_finished_client(void);
|
||||
int test_dtls13_missing_finished_server(void);
|
||||
int test_dtls13_finished_send_error_propagation(void);
|
||||
|
||||
/* DTLSv1.3-only tests moved from test_dtls.c (isolated from DTLS<=1.2 code,
|
||||
* none share helpers with non-DTLS13 tests). */
|
||||
int test_dtls13_basic_connection_id(void);
|
||||
int test_dtls13_hrr_want_write(void);
|
||||
int test_dtls13_every_write_want_write(void);
|
||||
int test_dtls13_epochs(void);
|
||||
int test_dtls13_ack_order(void);
|
||||
int test_dtls13_ack_overflow(void);
|
||||
int test_dtls13_ack_dup_write_counter(void);
|
||||
int test_dtls13_ch2_rtx_no_ch1(void);
|
||||
int test_dtls13_frag_ch2_with_ch1_rtx(void);
|
||||
int test_dtls_srtp(void);
|
||||
int test_dtls13_min_rtx_interval(void);
|
||||
int test_dtls13_no_session_id_echo(void);
|
||||
int test_dtls13_5_9_0_compat(void);
|
||||
|
||||
#define TEST_DTLS13_DECLS \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_bad_epoch_ch), \
|
||||
TEST_DECL_GROUP("dtls13", test_wolfSSL_dtls13_null_cipher), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_frag_ch_pq), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls_frag_ch), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls_empty_keyshare_with_cookie), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_missing_finished_client), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_missing_finished_server), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_finished_send_error_propagation), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_basic_connection_id), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_hrr_want_write), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_every_write_want_write), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_epochs), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_ack_order), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_ack_overflow), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_ack_dup_write_counter), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_ch2_rtx_no_ch1), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_frag_ch2_with_ch1_rtx), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls_srtp), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_min_rtx_interval), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_no_session_id_echo), \
|
||||
TEST_DECL_GROUP("dtls13", test_dtls13_5_9_0_compat)
|
||||
|
||||
#endif /* TESTS_API_DTLS13_H */
|
||||
@@ -725,3 +725,184 @@ int test_wc_Ed25519KeyToDer_oneasymkey_version(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* Ed25519 identity and small-order public keys must be rejected. When
|
||||
* the public key is the identity point (or any small-order point), any
|
||||
* signature of the form (R = [S]B, S) verifies for arbitrary messages
|
||||
* because h*A is the neutral element. Gated on FIPS_VERSION3_GE(7,0,0)
|
||||
* because older FIPS-certified modules do not have this check in their
|
||||
* frozen copy of ed25519.c and would fail this test. */
|
||||
int test_wc_ed25519_reject_small_order_keys(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
|
||||
defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
|
||||
/* Each entry holds an encoded small-order Ed25519 public key. The
|
||||
* sign-bit variants of each y-coordinate are listed explicitly so
|
||||
* the test catches both possible encodings of each y. */
|
||||
static const byte small_order_keys[][ED25519_PUB_KEY_SIZE] = {
|
||||
/* identity (y = 1) */
|
||||
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
|
||||
/* identity with x-sign bit set */
|
||||
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80},
|
||||
/* order 2: y = p - 1 */
|
||||
{0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
|
||||
/* order 2: y = p - 1 with x-sign bit set */
|
||||
{0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
|
||||
/* non-canonical y = p (decodes to y = 0) */
|
||||
{0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
|
||||
/* non-canonical y = p with x-sign bit set */
|
||||
{0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
|
||||
/* non-canonical y = p + 1 (decodes to y = 1) */
|
||||
{0xee,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
|
||||
/* non-canonical y = p + 1 with x-sign bit set */
|
||||
{0xee,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
|
||||
/* order 4: y = 0 */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
|
||||
/* order 4 with x-sign bit set */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80},
|
||||
/* order 8 */
|
||||
{0x26,0xe8,0x95,0x8f,0xc2,0xb2,0x27,0xb0,
|
||||
0x45,0xc3,0xf4,0x89,0xf2,0xef,0x98,0xf0,
|
||||
0xd5,0xdf,0xac,0x05,0xd3,0xc6,0x33,0x39,
|
||||
0xb1,0x38,0x02,0x88,0x6d,0x53,0xfc,0x05},
|
||||
/* order 8 with x-sign bit set */
|
||||
{0x26,0xe8,0x95,0x8f,0xc2,0xb2,0x27,0xb0,
|
||||
0x45,0xc3,0xf4,0x89,0xf2,0xef,0x98,0xf0,
|
||||
0xd5,0xdf,0xac,0x05,0xd3,0xc6,0x33,0x39,
|
||||
0xb1,0x38,0x02,0x88,0x6d,0x53,0xfc,0x85},
|
||||
/* order 8 (other y) */
|
||||
{0xc7,0x17,0x6a,0x70,0x3d,0x4d,0xd8,0x4f,
|
||||
0xba,0x3c,0x0b,0x76,0x0d,0x10,0x67,0x0f,
|
||||
0x2a,0x20,0x53,0xfa,0x2c,0x39,0xcc,0xc6,
|
||||
0x4e,0xc7,0xfd,0x77,0x92,0xac,0x03,0x7a},
|
||||
/* order 8 (other y) with x-sign bit set */
|
||||
{0xc7,0x17,0x6a,0x70,0x3d,0x4d,0xd8,0x4f,
|
||||
0xba,0x3c,0x0b,0x76,0x0d,0x10,0x67,0x0f,
|
||||
0x2a,0x20,0x53,0xfa,0x2c,0x39,0xcc,0xc6,
|
||||
0x4e,0xc7,0xfd,0x77,0x92,0xac,0x03,0xfa},
|
||||
};
|
||||
/* Forged signature: R = B (base point), S = 1.
|
||||
* With public key A = identity, S*B - h*A = B = R for any message. */
|
||||
static const byte forged_sig[ED25519_SIG_SIZE] = {
|
||||
0x58,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
|
||||
0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
|
||||
0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
|
||||
0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
|
||||
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
|
||||
};
|
||||
ed25519_key key;
|
||||
word32 i;
|
||||
word32 num_keys = (word32)(sizeof(small_order_keys) / ED25519_PUB_KEY_SIZE);
|
||||
|
||||
/* (1) Untrusted wc_ed25519_import_public must reject every small-order
|
||||
* encoding (it runs wc_ed25519_check_key as part of the import). */
|
||||
for (i = 0; i < num_keys; i++) {
|
||||
int rc;
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
ExpectIntEQ(wc_ed25519_init(&key), 0);
|
||||
rc = wc_ed25519_import_public(small_order_keys[i],
|
||||
ED25519_PUB_KEY_SIZE, &key);
|
||||
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
|
||||
fprintf(stderr, "small_order_keys[%u]: import_public returned %d, "
|
||||
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
|
||||
}
|
||||
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
|
||||
wc_ed25519_free(&key);
|
||||
}
|
||||
|
||||
/* (2) wc_ed25519_check_key called directly must also reject. Guards
|
||||
* against a refactor that moves the small-order check out of
|
||||
* check_key and into the import path: (1) would still pass, but the
|
||||
* documented check_key contract would silently regress. */
|
||||
for (i = 0; i < num_keys; i++) {
|
||||
int rc;
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
ExpectIntEQ(wc_ed25519_init(&key), 0);
|
||||
/* trusted = 1 bypasses the import-time check_key call so the
|
||||
* direct check_key below is what's under test. */
|
||||
ExpectIntEQ(wc_ed25519_import_public_ex(small_order_keys[i],
|
||||
ED25519_PUB_KEY_SIZE, &key, 1), 0);
|
||||
rc = wc_ed25519_check_key(&key);
|
||||
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
|
||||
fprintf(stderr, "small_order_keys[%u]: check_key returned %d, "
|
||||
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
|
||||
}
|
||||
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
|
||||
wc_ed25519_free(&key);
|
||||
}
|
||||
|
||||
/* (3) Even a "trusted" import (which bypasses wc_ed25519_check_key)
|
||||
* must not let wc_ed25519_verify_msg accept a forged signature against
|
||||
* an identity public key. Test both the canonical encoding (y = 1,
|
||||
* small_order_keys[0]) and the non-canonical encoding (y = p + 1,
|
||||
* small_order_keys[6]) so the verify-side check is exercised against
|
||||
* the canonical-form bypass route, not just the byte-for-byte
|
||||
* identity. The forged sig (R = B, S = 1) verifies for an identity
|
||||
* public key only - other small-order points would reject it on the
|
||||
* math alone, so they aren't useful here. */
|
||||
{
|
||||
static const word32 identity_indices[] = { 0, 6 };
|
||||
const char* msg = "forged message";
|
||||
word32 j;
|
||||
|
||||
for (j = 0;
|
||||
j < sizeof(identity_indices)/sizeof(identity_indices[0]);
|
||||
j++) {
|
||||
word32 idx = identity_indices[j];
|
||||
int verify_result = 1;
|
||||
int rc;
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
ExpectIntEQ(wc_ed25519_init(&key), 0);
|
||||
ExpectIntEQ(wc_ed25519_import_public_ex(small_order_keys[idx],
|
||||
ED25519_PUB_KEY_SIZE, &key, 1), 0);
|
||||
rc = wc_ed25519_verify_msg(forged_sig, sizeof(forged_sig),
|
||||
(const byte*)msg, (word32)XSTRLEN(msg), &verify_result, &key);
|
||||
if (rc != WC_NO_ERR_TRACE(BAD_FUNC_ARG) || verify_result != 0) {
|
||||
fprintf(stderr, "verify_msg with identity-equiv "
|
||||
"small_order_keys[%u]: rc=%d verify_result=%d "
|
||||
"(expected BAD_FUNC_ARG and 0)\n",
|
||||
(unsigned)idx, rc, verify_result);
|
||||
}
|
||||
ExpectIntEQ(rc, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(verify_result, 0);
|
||||
wc_ed25519_free(&key);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
|
||||
@@ -37,6 +37,7 @@ int test_wc_Ed25519PublicKeyToDer(void);
|
||||
int test_wc_Ed25519KeyToDer(void);
|
||||
int test_wc_Ed25519PrivateKeyToDer(void);
|
||||
int test_wc_Ed25519KeyToDer_oneasymkey_version(void);
|
||||
int test_wc_ed25519_reject_small_order_keys(void);
|
||||
|
||||
#define TEST_ED25519_DECLS \
|
||||
TEST_DECL_GROUP("ed25519", test_wc_ed25519_make_key), \
|
||||
@@ -51,6 +52,7 @@ int test_wc_Ed25519KeyToDer_oneasymkey_version(void);
|
||||
TEST_DECL_GROUP("ed25519", test_wc_Ed25519PublicKeyToDer), \
|
||||
TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer), \
|
||||
TEST_DECL_GROUP("ed25519", test_wc_Ed25519PrivateKeyToDer), \
|
||||
TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer_oneasymkey_version)
|
||||
TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer_oneasymkey_version), \
|
||||
TEST_DECL_GROUP("ed25519", test_wc_ed25519_reject_small_order_keys)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_ED25519_H */
|
||||
|
||||
@@ -649,3 +649,224 @@ int test_wc_Ed448KeyToDer_oneasymkey_version(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* Ed448 identity and small-order public keys must be rejected.
|
||||
* Edwards448 has cofactor 4, so the small-order subgroup contains the
|
||||
* identity, an order-2 point, and two order-4 points. With any of these
|
||||
* as the public key, h*A is the neutral element and forged signatures
|
||||
* verify for arbitrary messages. Gated on FIPS_VERSION3_GE(7,0,0)
|
||||
* because older FIPS-certified modules do not have this check in their
|
||||
* frozen copy of ed448.c. */
|
||||
int test_wc_ed448_reject_small_order_keys(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
|
||||
defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
|
||||
/* Two regressions are guarded here. Both sign-bit variants of each
|
||||
* y are listed so weakening the "clear all of byte 56" mask in
|
||||
* ed448_is_small_order() would be caught. The non-canonical rows
|
||||
* (y = p, y = p + 1) guard against dropping the canonical-form
|
||||
* coverage: fe448_from_bytes reads bytes 0-55 modulo p with no
|
||||
* canonical-form check, so y = p decodes to 0 and y = p + 1
|
||||
* decodes to 1, both of which are small order. */
|
||||
static const byte small_order_keys[][ED448_PUB_KEY_SIZE] = {
|
||||
/* identity (y = 1), sign 0 */
|
||||
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00},
|
||||
/* identity (y = 1), sign bit set */
|
||||
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x80},
|
||||
/* order 4: y = 0, x-sign 0 */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00},
|
||||
/* order 4: y = 0, x-sign 1 */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x80},
|
||||
/* order 2: y = p - 1, x = 0, sign 0 */
|
||||
{0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x00},
|
||||
/* order 2: y = p - 1, sign bit set */
|
||||
{0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x80},
|
||||
/* non-canonical y = p (decodes to y = 0), sign 0 */
|
||||
{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x00},
|
||||
/* non-canonical y = p, sign bit set */
|
||||
{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x80},
|
||||
/* non-canonical y = p + 1 (decodes to y = 1), sign 0 */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x00},
|
||||
/* non-canonical y = p + 1, sign bit set */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x80},
|
||||
};
|
||||
/* Arbitrary signature bytes: S = 1 (must be below the Ed448 group
|
||||
* order or wc_ed448_verify_msg() returns BAD_FUNC_ARG before the
|
||||
* small-order check has a chance to fire). The R bytes do not need
|
||||
* to encode a valid curve point for this test - the small-order
|
||||
* defence in ed448_verify_msg_final_with_sha() rejects the public
|
||||
* key before the R/S verification math runs. */
|
||||
static const byte forged_sig[ED448_SIG_SIZE] = {
|
||||
/* R: 57 bytes of arbitrary data (last byte 0 to satisfy the
|
||||
* spec-mandated zero of byte 56 bits 0-6; sign bit doesn't
|
||||
* matter here). */
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,
|
||||
/* S = 1 */
|
||||
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00
|
||||
};
|
||||
ed448_key key;
|
||||
word32 i;
|
||||
word32 num_keys = (word32)(sizeof(small_order_keys) / ED448_PUB_KEY_SIZE);
|
||||
|
||||
/* (1) Untrusted wc_ed448_import_public must reject every small-order
|
||||
* encoding (it runs wc_ed448_check_key as part of the import). */
|
||||
for (i = 0; i < num_keys; i++) {
|
||||
int rc;
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
ExpectIntEQ(wc_ed448_init(&key), 0);
|
||||
rc = wc_ed448_import_public(small_order_keys[i],
|
||||
ED448_PUB_KEY_SIZE, &key);
|
||||
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
|
||||
fprintf(stderr, "small_order_keys[%u]: import_public returned %d, "
|
||||
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
|
||||
}
|
||||
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
|
||||
wc_ed448_free(&key);
|
||||
}
|
||||
|
||||
/* (2) wc_ed448_check_key called directly must also reject. Guards
|
||||
* against a refactor that moves the small-order check out of
|
||||
* check_key and into the import path: (1) would still pass, but the
|
||||
* documented check_key contract would silently regress. */
|
||||
for (i = 0; i < num_keys; i++) {
|
||||
int rc;
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
ExpectIntEQ(wc_ed448_init(&key), 0);
|
||||
/* trusted = 1 bypasses the import-time check_key call so the
|
||||
* direct check_key below is what's under test. */
|
||||
ExpectIntEQ(wc_ed448_import_public_ex(small_order_keys[i],
|
||||
ED448_PUB_KEY_SIZE, &key, 1), 0);
|
||||
rc = wc_ed448_check_key(&key);
|
||||
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
|
||||
fprintf(stderr, "small_order_keys[%u]: check_key returned %d, "
|
||||
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
|
||||
}
|
||||
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
|
||||
wc_ed448_free(&key);
|
||||
}
|
||||
|
||||
/* (3) Even a "trusted" import (which bypasses wc_ed448_check_key)
|
||||
* must not let wc_ed448_verify_msg accept a forged signature against
|
||||
* an identity public key. Test both the canonical encoding (y = 1,
|
||||
* small_order_keys[0]) and the non-canonical encoding (y = p + 1,
|
||||
* small_order_keys[8]) so the verify-side check is exercised against
|
||||
* the canonical-form bypass route, not just the byte-for-byte
|
||||
* identity. */
|
||||
{
|
||||
static const word32 identity_indices[] = { 0, 8 };
|
||||
const char* msg = "forged message";
|
||||
word32 j;
|
||||
|
||||
for (j = 0;
|
||||
j < sizeof(identity_indices)/sizeof(identity_indices[0]);
|
||||
j++) {
|
||||
word32 idx = identity_indices[j];
|
||||
int verify_result = 1;
|
||||
int rc;
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
ExpectIntEQ(wc_ed448_init(&key), 0);
|
||||
ExpectIntEQ(wc_ed448_import_public_ex(small_order_keys[idx],
|
||||
ED448_PUB_KEY_SIZE, &key, 1), 0);
|
||||
rc = wc_ed448_verify_msg(forged_sig, sizeof(forged_sig),
|
||||
(const byte*)msg, (word32)XSTRLEN(msg), &verify_result,
|
||||
&key, NULL, 0);
|
||||
if (rc != WC_NO_ERR_TRACE(BAD_FUNC_ARG) || verify_result != 0) {
|
||||
fprintf(stderr, "verify_msg with identity-equiv "
|
||||
"small_order_keys[%u]: rc=%d verify_result=%d "
|
||||
"(expected BAD_FUNC_ARG and 0)\n",
|
||||
(unsigned)idx, rc, verify_result);
|
||||
}
|
||||
ExpectIntEQ(rc, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(verify_result, 0);
|
||||
wc_ed448_free(&key);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
|
||||
@@ -37,6 +37,7 @@ int test_wc_Ed448PublicKeyToDer(void);
|
||||
int test_wc_Ed448KeyToDer(void);
|
||||
int test_wc_Ed448PrivateKeyToDer(void);
|
||||
int test_wc_Ed448KeyToDer_oneasymkey_version(void);
|
||||
int test_wc_ed448_reject_small_order_keys(void);
|
||||
|
||||
#define TEST_ED448_DECLS \
|
||||
TEST_DECL_GROUP("ed448", test_wc_ed448_make_key), \
|
||||
@@ -51,6 +52,7 @@ int test_wc_Ed448KeyToDer_oneasymkey_version(void);
|
||||
TEST_DECL_GROUP("ed448", test_wc_Ed448PublicKeyToDer), \
|
||||
TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer), \
|
||||
TEST_DECL_GROUP("ed448", test_wc_Ed448PrivateKeyToDer), \
|
||||
TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer_oneasymkey_version)
|
||||
TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer_oneasymkey_version), \
|
||||
TEST_DECL_GROUP("ed448", test_wc_ed448_reject_small_order_keys)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_ED448_H */
|
||||
|
||||
@@ -2702,3 +2702,162 @@ int test_wolfSSL_EVP_PKEY_ed448(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_EVP_PKEY_x25519(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
|
||||
EVP_PKEY* pkey = NULL;
|
||||
EVP_PKEY* peer = NULL;
|
||||
EVP_PKEY_CTX* genCtx = NULL;
|
||||
EVP_PKEY_CTX* ctx = NULL;
|
||||
unsigned char rawPriv[32];
|
||||
unsigned char rawPub[32];
|
||||
unsigned char secretA[32];
|
||||
unsigned char secretB[32];
|
||||
size_t secretLen;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 32; i++) {
|
||||
rawPriv[i] = (unsigned char)i;
|
||||
rawPub[i] = (unsigned char)(0x40 + i);
|
||||
}
|
||||
|
||||
/* Raw import with the correct length reports the X25519 type. */
|
||||
ExpectNotNull(pkey = EVP_PKEY_new_raw_public_key(
|
||||
EVP_PKEY_X25519, NULL, rawPub, sizeof(rawPub)));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X25519);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
|
||||
ExpectNotNull(pkey = EVP_PKEY_new_raw_private_key(
|
||||
EVP_PKEY_X25519, NULL, rawPriv, sizeof(rawPriv)));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X25519);
|
||||
|
||||
/* X25519 is key-agreement only: signing must be rejected. */
|
||||
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
|
||||
ExpectIntNE(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
|
||||
/* Wrong raw lengths are rejected. */
|
||||
ExpectNull(EVP_PKEY_new_raw_public_key(
|
||||
EVP_PKEY_X25519, NULL, rawPub, 16));
|
||||
ExpectNull(EVP_PKEY_new_raw_private_key(
|
||||
EVP_PKEY_X25519, NULL, rawPriv, 16));
|
||||
|
||||
/* Generate two key pairs and confirm ECDH agreement is symmetric. This
|
||||
* also exercises the little-endian convention used on import/derive. */
|
||||
ExpectNotNull(genCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_keygen_init(genCtx), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &pkey), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &peer), WOLFSSL_SUCCESS);
|
||||
EVP_PKEY_CTX_free(genCtx);
|
||||
genCtx = NULL;
|
||||
|
||||
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peer), WOLFSSL_SUCCESS);
|
||||
secretLen = sizeof(secretA);
|
||||
ExpectIntEQ(EVP_PKEY_derive(ctx, secretA, &secretLen), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ((int)secretLen, 32);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
||||
ExpectNotNull(ctx = EVP_PKEY_CTX_new(peer, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, pkey), WOLFSSL_SUCCESS);
|
||||
secretLen = sizeof(secretB);
|
||||
ExpectIntEQ(EVP_PKEY_derive(ctx, secretB, &secretLen), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ((int)secretLen, 32);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
||||
ExpectIntEQ(XMEMCMP(secretA, secretB, 32), 0);
|
||||
|
||||
EVP_PKEY_free(peer);
|
||||
EVP_PKEY_free(pkey);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_EVP_PKEY_x448(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE448)
|
||||
EVP_PKEY* pkey = NULL;
|
||||
EVP_PKEY* peer = NULL;
|
||||
EVP_PKEY_CTX* genCtx = NULL;
|
||||
EVP_PKEY_CTX* ctx = NULL;
|
||||
unsigned char rawPriv[56];
|
||||
unsigned char rawPub[56];
|
||||
unsigned char secretA[56];
|
||||
unsigned char secretB[56];
|
||||
size_t secretLen;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 56; i++) {
|
||||
rawPriv[i] = (unsigned char)i;
|
||||
rawPub[i] = (unsigned char)(0x40 + i);
|
||||
}
|
||||
|
||||
/* Raw import with the correct length reports the X448 type. */
|
||||
ExpectNotNull(pkey = EVP_PKEY_new_raw_public_key(
|
||||
EVP_PKEY_X448, NULL, rawPub, sizeof(rawPub)));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X448);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
|
||||
ExpectNotNull(pkey = EVP_PKEY_new_raw_private_key(
|
||||
EVP_PKEY_X448, NULL, rawPriv, sizeof(rawPriv)));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X448);
|
||||
|
||||
/* X448 is key-agreement only: signing must be rejected. */
|
||||
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
|
||||
ExpectIntNE(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
|
||||
/* Wrong raw lengths are rejected. */
|
||||
ExpectNull(EVP_PKEY_new_raw_public_key(
|
||||
EVP_PKEY_X448, NULL, rawPub, 16));
|
||||
ExpectNull(EVP_PKEY_new_raw_private_key(
|
||||
EVP_PKEY_X448, NULL, rawPriv, 16));
|
||||
|
||||
/* Generate two key pairs and confirm ECDH agreement is symmetric. */
|
||||
ExpectNotNull(genCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_keygen_init(genCtx), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &pkey), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &peer), WOLFSSL_SUCCESS);
|
||||
EVP_PKEY_CTX_free(genCtx);
|
||||
genCtx = NULL;
|
||||
|
||||
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peer), WOLFSSL_SUCCESS);
|
||||
secretLen = sizeof(secretA);
|
||||
ExpectIntEQ(EVP_PKEY_derive(ctx, secretA, &secretLen), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ((int)secretLen, 56);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
||||
ExpectNotNull(ctx = EVP_PKEY_CTX_new(peer, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, pkey), WOLFSSL_SUCCESS);
|
||||
secretLen = sizeof(secretB);
|
||||
ExpectIntEQ(EVP_PKEY_derive(ctx, secretB, &secretLen), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ((int)secretLen, 56);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
||||
ExpectIntEQ(XMEMCMP(secretA, secretB, 56), 0);
|
||||
|
||||
EVP_PKEY_free(peer);
|
||||
EVP_PKEY_free(pkey);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
|
||||
@@ -66,6 +66,8 @@ int test_wolfSSL_EVP_PKEY_print_public(void);
|
||||
int test_wolfSSL_EVP_PKEY_ed25519(void);
|
||||
int test_wolfSSL_CTX_use_PrivateKey_ed25519(void);
|
||||
int test_wolfSSL_EVP_PKEY_ed448(void);
|
||||
int test_wolfSSL_EVP_PKEY_x25519(void);
|
||||
int test_wolfSSL_EVP_PKEY_x448(void);
|
||||
|
||||
#define TEST_EVP_PKEY_DECLS \
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_CTX_new_id), \
|
||||
@@ -110,6 +112,8 @@ int test_wolfSSL_EVP_PKEY_ed448(void);
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_print_public), \
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed25519), \
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_CTX_use_PrivateKey_ed25519), \
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed448)
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed448), \
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_x25519), \
|
||||
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_x448)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_EVP_PKEY_H */
|
||||
|
||||
@@ -0,0 +1,934 @@
|
||||
/* test_lms_xmss.c
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#include <tests/unit.h>
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
#define WOLFSSL_MISC_INCLUDED
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/ssl.h>
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
#include <tests/api/api.h>
|
||||
#include <tests/utils.h>
|
||||
#include <tests/api/test_lms_xmss.h>
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* LMS tests */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
|
||||
#include <wolfssl/wolfcrypt/wc_lms.h>
|
||||
|
||||
#define LMS_TEST_PRIV_KEY_FILE "/tmp/wolfssl_test_lms.key"
|
||||
|
||||
static int test_lms_write_key(const byte* priv, word32 privSz, void* context)
|
||||
{
|
||||
FILE* f = fopen((const char*)context, "wb");
|
||||
int ret = WC_LMS_RC_SAVED_TO_NV_MEMORY;
|
||||
if (f == NULL)
|
||||
return -1;
|
||||
if (fwrite(priv, 1, privSz, f) != privSz)
|
||||
ret = -1;
|
||||
fclose(f);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int test_lms_read_key(byte* priv, word32 privSz, void* context)
|
||||
{
|
||||
FILE* f = fopen((const char*)context, "rb");
|
||||
if (f == NULL)
|
||||
return -1;
|
||||
if (fread(priv, 1, privSz, f) == 0) {
|
||||
fclose(f);
|
||||
return -1;
|
||||
}
|
||||
fclose(f);
|
||||
return WC_LMS_RC_READ_TO_MEMORY;
|
||||
}
|
||||
|
||||
/* Helper: init an LMS key with callbacks and L1-H10-W8 params */
|
||||
static int test_lms_init_key(LmsKey* key, WC_RNG* rng)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = wc_LmsKey_Init(key, NULL, INVALID_DEVID);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
#if !defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10)
|
||||
ret = wc_LmsKey_SetParameters(key, 1, 10, 8);
|
||||
#else
|
||||
ret = wc_LmsKey_SetParameters(key, 1, 5, 8);
|
||||
#endif
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_LmsKey_SetWriteCb(key, test_lms_write_key);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_LmsKey_SetReadCb(key, test_lms_read_key);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_LmsKey_SetContext(key, (void*)LMS_TEST_PRIV_KEY_FILE);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
(void)rng;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_VERIFY_ONLY */
|
||||
|
||||
/*
|
||||
* Test basic LMS sign/verify with multiple signings.
|
||||
* Uses L1-H10-W8 (1024 total signatures, 32-entry leaf cache).
|
||||
*/
|
||||
int test_wc_LmsKey_sign_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
LmsKey key;
|
||||
WC_RNG rng;
|
||||
byte msg[] = "test message for LMS signing";
|
||||
byte sig[2048];
|
||||
word32 sigSz;
|
||||
int i;
|
||||
int numSigs = 5;
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
for (i = 0; i < numSigs; i++) {
|
||||
sigSz = sizeof(sig);
|
||||
ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0);
|
||||
ExpectIntEQ(wc_LmsKey_Verify(&key, sig, sigSz, msg, sizeof(msg)), 0);
|
||||
}
|
||||
|
||||
wc_LmsKey_Free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/*
|
||||
* Test LMS key reload after advancing past the leaf cache window.
|
||||
*
|
||||
* Reproduces a heap-buffer-overflow bug in wc_lms_treehash_init() where the
|
||||
* leaf cache write uses (i * hash_len) instead of ((i - leaf->idx) * hash_len).
|
||||
* When q > max_cb (default 32), wc_LmsKey_Reload calls wc_hss_init_auth_path
|
||||
* which calls wc_lms_treehash_init with q > 0, causing writes past the end of
|
||||
* the leaf cache buffer.
|
||||
*
|
||||
* Reproduction steps:
|
||||
* 1. Generate L1-H10-W8 key (cacheBits=5, max_cb=32)
|
||||
* 2. Sign 33 times to advance q past the cache window
|
||||
* 3. Free the key and reload from persisted state
|
||||
* 4. Sign and verify after reload
|
||||
*
|
||||
* Without the fix: heap-buffer-overflow at wc_lms_impl.c:1965
|
||||
* With the fix: all operations succeed, signatures verify
|
||||
*/
|
||||
int test_wc_LmsKey_reload_cache(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) && \
|
||||
(!defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10))
|
||||
LmsKey key;
|
||||
LmsKey vkey;
|
||||
WC_RNG rng;
|
||||
byte msg[] = "test message for LMS signing";
|
||||
byte sig[2048];
|
||||
word32 sigSz;
|
||||
byte pub[64];
|
||||
word32 pubSz = sizeof(pub);
|
||||
int i;
|
||||
/* Sign 33 times to advance q past the 32-entry cache window. */
|
||||
int preSigs = 33;
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
/* Phase 1: Generate key and sign past cache window */
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
for (i = 0; i < preSigs; i++) {
|
||||
sigSz = sizeof(sig);
|
||||
ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0);
|
||||
}
|
||||
|
||||
/* Save public key for verification after reload */
|
||||
ExpectIntEQ(wc_LmsKey_ExportPubRaw(&key, pub, &pubSz), 0);
|
||||
|
||||
wc_LmsKey_Free(&key);
|
||||
|
||||
/* Phase 2: Reload key. Triggers wc_lms_treehash_init with q=33 */
|
||||
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_LmsKey_Reload(&key), 0);
|
||||
|
||||
/* Phase 3: Sign after reload and verify with separate verify-only key */
|
||||
sigSz = sizeof(sig);
|
||||
ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0);
|
||||
|
||||
ExpectIntEQ(wc_LmsKey_Init(&vkey, NULL, INVALID_DEVID), 0);
|
||||
#if !defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10)
|
||||
ExpectIntEQ(wc_LmsKey_SetParameters(&vkey, 1, 10, 8), 0);
|
||||
#else
|
||||
ExpectIntEQ(wc_LmsKey_SetParameters(&vkey, 1, 5, 8), 0);
|
||||
#endif
|
||||
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&vkey, pub, pubSz), 0);
|
||||
ExpectIntEQ(wc_LmsKey_Verify(&vkey, sig, sigSz, msg, sizeof(msg)), 0);
|
||||
|
||||
wc_LmsKey_Free(&vkey);
|
||||
wc_LmsKey_Free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* RFC 9802 (HSS/LMS and XMSS/XMSS^MT in X.509) tests */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
|
||||
/* For every committed self-signed test certificate confirm:
|
||||
* - wc_ParseCert succeeds on the RFC 9802 AlgorithmIdentifier encoding
|
||||
* (OID-only SEQUENCE, no NULL parameters)
|
||||
* - keyOID and signatureOID are set to the expected values
|
||||
* - loading as a trust anchor and verifying the same bytes through
|
||||
* wolfSSL_CertManagerVerifyBuffer exercises the ConfirmSignature
|
||||
* path and succeeds on a valid cert
|
||||
* - flipping a byte in the signature AND flipping a byte in the
|
||||
* TBSCertificate both cause verification to fail.
|
||||
*
|
||||
* Test vectors are in certs/lms/ and certs/xmss/, generated with Bouncy
|
||||
* Castle 1.81. BC's default XMSS / XMSS^MT X.509 encoding uses pre-
|
||||
* standard ISARA OIDs and wraps the raw RFC 8391 pub key in an OCTET
|
||||
* STRING, so the fixtures were produced with a small generator that
|
||||
* overrides the AlgorithmIdentifier and SPKI to match RFC 9802. */
|
||||
#if (defined(WOLFSSL_HAVE_LMS) || defined(WOLFSSL_HAVE_XMSS)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
/* Sanity bound on a test fixture cert. The largest BC-generated
|
||||
* fixture we ship (XMSS^MT 40/8) is ~19 KiB; 1 MiB is well above
|
||||
* any realistic RFC 9802 cert and catches a wild XFTELL. Typed as
|
||||
* long to match XFTELL's return so the size comparison below isn't
|
||||
* a mixed long-vs-int compare. */
|
||||
#define RFC9802_TEST_MAX_CERT_SIZE ((long)(1L << 20))
|
||||
|
||||
/* Load a whole file into a freshly-allocated buffer. Caller frees. */
|
||||
static int rfc9802_load_file(const char* path, byte** out, int* outLen)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
XFILE f = XBADFILE;
|
||||
long sz = 0;
|
||||
size_t got = 0;
|
||||
byte* buf = NULL;
|
||||
|
||||
*out = NULL;
|
||||
*outLen = 0;
|
||||
ExpectTrue((f = XFOPEN(path, "rb")) != XBADFILE);
|
||||
if (f == XBADFILE)
|
||||
return TEST_FAIL;
|
||||
if (XFSEEK(f, 0, XSEEK_END) == 0)
|
||||
sz = XFTELL(f);
|
||||
(void)XFSEEK(f, 0, XSEEK_SET);
|
||||
ExpectIntGT(sz, 0);
|
||||
ExpectIntLT(sz, RFC9802_TEST_MAX_CERT_SIZE);
|
||||
/* Hard-fail before XMALLOC if XFSEEK / XFTELL produced an unusable
|
||||
* size: ExpectInt* records the failure but doesn't short-circuit,
|
||||
* so without this guard a -1 from XFTELL would cast to a multi-GiB
|
||||
* (size_t) allocation, and a 0 would request a zero-byte malloc. */
|
||||
if (sz <= 0 || sz >= RFC9802_TEST_MAX_CERT_SIZE) {
|
||||
XFCLOSE(f);
|
||||
return TEST_FAIL;
|
||||
}
|
||||
ExpectNotNull(buf = (byte*)XMALLOC((size_t)sz, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
if (buf != NULL) {
|
||||
got = XFREAD(buf, 1, (size_t)sz, f);
|
||||
ExpectIntEQ(got, (size_t)sz);
|
||||
/* On a short read the caller would otherwise proceed with a
|
||||
* partially-initialized buffer and produce cascading parse
|
||||
* failures driven by the uninitialized tail. Free here so the
|
||||
* caller's `if (buf == NULL) return TEST_FAIL;` short-circuits
|
||||
* cleanly with a single recorded failure. */
|
||||
if (got != (size_t)sz) {
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
buf = NULL;
|
||||
sz = 0;
|
||||
}
|
||||
}
|
||||
XFCLOSE(f);
|
||||
*out = buf;
|
||||
*outLen = (int)sz;
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int rfc9802_verify_one_cert(const char* path, word32 expectedKeyOID,
|
||||
word32 expectedSigOID)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
byte* buf = NULL;
|
||||
byte* tampered = NULL;
|
||||
int bytes = 0;
|
||||
DecodedCert cert;
|
||||
WOLFSSL_CERT_MANAGER* cm = NULL;
|
||||
word32 certBegin = 0;
|
||||
word32 sigIndex = 0;
|
||||
|
||||
ExpectIntEQ(rfc9802_load_file(path, &buf, &bytes), TEST_SUCCESS);
|
||||
if (buf == NULL)
|
||||
return TEST_FAIL;
|
||||
|
||||
/* Parse + check OIDs, capture certBegin and sigIndex for later tamper. */
|
||||
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
|
||||
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), 0);
|
||||
ExpectIntEQ((int)cert.keyOID, (int)expectedKeyOID);
|
||||
ExpectIntEQ((int)cert.signatureOID, (int)expectedSigOID);
|
||||
certBegin = cert.certBegin;
|
||||
sigIndex = cert.sigIndex;
|
||||
wc_FreeDecodedCert(&cert);
|
||||
|
||||
/* Full verify against a self-installed trust anchor. */
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, buf, (long)bytes,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
|
||||
ExpectNotNull(tampered = (byte*)XMALLOC((size_t)bytes, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
|
||||
/* Negative 1: flip a byte inside the signatureValue BIT STRING.
|
||||
* Everything after sigIndex is the signatureAlgorithm + the BIT
|
||||
* STRING payload, so flipping the last byte is always inside the
|
||||
* signature content. */
|
||||
if (tampered != NULL) {
|
||||
XMEMCPY(tampered, buf, (size_t)bytes);
|
||||
tampered[bytes - 1] ^= 0x01;
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, tampered,
|
||||
(long)bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Negative 2: flip a byte at the midpoint of the TBSCertificate. The
|
||||
* TBS is the first element of the outer Certificate SEQUENCE and
|
||||
* its bytes lie between (certBegin + outerSeqHeader) and sigIndex.
|
||||
* Picking the midpoint ensures we're inside TBS regardless of the
|
||||
* fixture's DN / extensions layout. */
|
||||
if (tampered != NULL && sigIndex > certBegin + 8U) {
|
||||
word32 midTbs = certBegin + 8 + ((sigIndex - (certBegin + 8)) / 2);
|
||||
XMEMCPY(tampered, buf, (size_t)bytes);
|
||||
tampered[midTbs] ^= 0x01;
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, tampered,
|
||||
(long)bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* The fixtures MUST carry a KeyUsage extension with at least one of
|
||||
* digitalSignature / nonRepudiation / keyCertSign / cRLSign set per
|
||||
* RFC 9802 sec 3. Re-parse and assert that wolfSSL recorded a non-
|
||||
* empty set of KeyUsage bits from one of those values. */
|
||||
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
|
||||
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), 0);
|
||||
ExpectIntEQ(cert.extKeyUsageSet, 1);
|
||||
ExpectIntNE(cert.extKeyUsage & (KEYUSE_DIGITAL_SIG | KEYUSE_CONTENT_COMMIT |
|
||||
KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN), 0);
|
||||
wc_FreeDecodedCert(&cert);
|
||||
|
||||
XFREE(tampered, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Direct wolfCrypt-level negative tests for the parameter-derivation
|
||||
* helpers used by the RFC 9802 parse path. These exercise failure modes
|
||||
* (unknown algorithm bytes, truncated inputs, mismatches) that a real
|
||||
* cert body wouldn't easily reach. */
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
static int rfc9802_lms_import_negative(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
LmsKey key;
|
||||
/* 60-byte buffer matches HSS_PUBLIC_KEY_LEN(32), just like a valid
|
||||
* SHA-256/M32/H5 key; the algorithm-type bytes are junk so param
|
||||
* derivation must fail cleanly. */
|
||||
byte junk[60];
|
||||
|
||||
XMEMSET(junk, 0, sizeof(junk));
|
||||
/* levels=1, lmsType=0xFFFFFFFF, lmOtsType=0xFFFFFFFF. */
|
||||
junk[3] = 1;
|
||||
XMEMSET(junk + 4, 0xFF, 4);
|
||||
XMEMSET(junk + 8, 0xFF, 4);
|
||||
|
||||
/* Unknown algorithm types must be rejected. */
|
||||
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, junk, sizeof(junk)),
|
||||
WC_NO_ERR_TRACE(NOT_COMPILED_IN));
|
||||
wc_LmsKey_Free(&key);
|
||||
|
||||
/* Too-short buffer: only L + lmsType, no lmOtsType. */
|
||||
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, junk, 8),
|
||||
WC_NO_ERR_TRACE(BUFFER_E));
|
||||
wc_LmsKey_Free(&key);
|
||||
|
||||
#if !defined(WOLFSSL_NO_LMS_SHA256_256)
|
||||
/* The two cases below pin specific SHA-256/M32 parameter codes
|
||||
* (L1_H5_W8, L1_H5_W4, L1_H10_W2). Skip them in builds where the
|
||||
* SHA-256/M32 family is disabled -- the family-agnostic checks
|
||||
* above (junk algorithm types, too-short buffer, GetSigLen on
|
||||
* unconfigured key) still cover the universal invariants. */
|
||||
|
||||
/* Pre-set params that disagree with the raw key's algorithm bytes:
|
||||
* configure H=5/W=8 but feed buffer that claims H=10 / W=2. */
|
||||
XMEMSET(junk, 0, sizeof(junk));
|
||||
junk[3] = 1; /* levels=1 */
|
||||
junk[7] = 6; /* lmsType = LMS_SHA256_M32_H10 = 6 */
|
||||
junk[11] = 2; /* lmOtsType = LMOTS_SHA256_N32_W2 = 2 */
|
||||
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_LmsKey_SetParameters(&key, 1, 5, 8), 0);
|
||||
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, junk, sizeof(junk)),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
wc_LmsKey_Free(&key);
|
||||
#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
|
||||
|
||||
/* GetSigLen on a key with no params set must not NULL-deref the
|
||||
* params pointer; it must return BAD_FUNC_ARG instead. */
|
||||
{
|
||||
word32 sigLen = 0;
|
||||
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_LmsKey_GetSigLen(&key, &sigLen),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
wc_LmsKey_Free(&key);
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_NO_LMS_SHA256_256)
|
||||
/* Partial-write invariant: a length mismatch after a successful
|
||||
* auto-derive must leave key->params NULL. Build a buffer whose
|
||||
* leading u32str(L) || lmsType || lmOtsType identifies a known
|
||||
* parameter set, but truncate to one byte less than the real pub
|
||||
* key length so the post-derive length check fails. */
|
||||
{
|
||||
byte truncated[59]; /* HSS_PUBLIC_KEY_LEN(32) is 60 */
|
||||
XMEMSET(truncated, 0, sizeof(truncated));
|
||||
truncated[3] = 1; /* L = 1 */
|
||||
truncated[7] = 5; /* lmsType = LMS_SHA256_M32_H5 */
|
||||
truncated[11] = 4; /* lmOtsType = LMOTS_SHA256_N32_W4 */
|
||||
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectNull(key.params);
|
||||
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, truncated,
|
||||
sizeof(truncated)), WC_NO_ERR_TRACE(BUFFER_E));
|
||||
ExpectNull(key.params);
|
||||
wc_LmsKey_Free(&key);
|
||||
}
|
||||
#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_HAVE_XMSS)
|
||||
static int rfc9802_xmss_import_negative(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
XmssKey key;
|
||||
byte junk[8];
|
||||
|
||||
XMEMSET(junk, 0, sizeof(junk));
|
||||
|
||||
/* Too-short buffer. */
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, junk, 2, 0),
|
||||
WC_NO_ERR_TRACE(BUFFER_E));
|
||||
wc_XmssKey_Free(&key);
|
||||
|
||||
/* Unknown OID (all-zero) for both XMSS and XMSS^MT. */
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, junk, sizeof(junk), 0),
|
||||
WC_NO_ERR_TRACE(NOT_COMPILED_IN));
|
||||
wc_XmssKey_Free(&key);
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, junk, sizeof(junk), 1),
|
||||
WC_NO_ERR_TRACE(NOT_COMPILED_IN));
|
||||
wc_XmssKey_Free(&key);
|
||||
|
||||
/* NULL key / input. */
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(NULL, junk, sizeof(junk), 0),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, NULL, 8, 0),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
wc_XmssKey_Free(&key);
|
||||
|
||||
/* GetSigLen on a key with no params set must not NULL-deref the
|
||||
* params pointer; it must return BAD_FUNC_ARG instead. */
|
||||
{
|
||||
word32 sigLen = 0;
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_GetSigLen(&key, &sigLen),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
wc_XmssKey_Free(&key);
|
||||
}
|
||||
|
||||
/* Once params have been configured (state != INITED), the OID
|
||||
* prefix in the raw key MUST match key->oid and is_xmssmt MUST
|
||||
* match key->is_xmssmt. Set XMSS-SHA2_10_256 and feed a valid-
|
||||
* sized buffer whose 4-byte OID prefix is bogus -> BAD_FUNC_ARG. */
|
||||
{
|
||||
byte mismatch[XMSS_SHA256_PUBLEN];
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_SetParamStr(&key, "XMSS-SHA2_10_256"), 0);
|
||||
XMEMSET(mismatch, 0, sizeof(mismatch));
|
||||
mismatch[3] = 0x77; /* nonsense OID */
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, mismatch,
|
||||
sizeof(mismatch), 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
/* Same buffer with the correct OID, but is_xmssmt hint
|
||||
* contradicts the configured family -> BAD_FUNC_ARG. */
|
||||
mismatch[3] = 0x01; /* WC_XMSS_OID_SHA2_10_256 */
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, mismatch,
|
||||
sizeof(mismatch), 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
wc_XmssKey_Free(&key);
|
||||
}
|
||||
|
||||
/* Partial-write invariant: a length mismatch after a successful
|
||||
* auto-derive must leave the key in its INITED state, with
|
||||
* key->params NULL. */
|
||||
{
|
||||
byte truncated[XMSS_SHA256_PUBLEN - 1];
|
||||
XMEMSET(truncated, 0, sizeof(truncated));
|
||||
truncated[3] = 0x01;
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectNull(key.params);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, truncated,
|
||||
sizeof(truncated), 0), WC_NO_ERR_TRACE(BUFFER_E));
|
||||
ExpectNull(key.params);
|
||||
wc_XmssKey_Free(&key);
|
||||
}
|
||||
|
||||
/* is_xmssmt disambiguation: XMSS oid=1 and XMSS^MT oid=1 share
|
||||
* the wire-numeric value but resolve to different parameter sets.
|
||||
* Importing the same 68-byte buffer with hint=0 vs hint=1 must
|
||||
* land in different tables and produce distinct is_xmssmt. */
|
||||
{
|
||||
byte buf[XMSS_SHA256_PUBLEN];
|
||||
XMEMSET(buf, 0, sizeof(buf));
|
||||
buf[3] = 0x01;
|
||||
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 0), 0);
|
||||
ExpectIntEQ((int)key.is_xmssmt, 0);
|
||||
wc_XmssKey_Free(&key);
|
||||
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 1), 0);
|
||||
ExpectIntEQ((int)key.is_xmssmt, 1);
|
||||
wc_XmssKey_Free(&key);
|
||||
}
|
||||
|
||||
/* Lenient state: re-importing the same pub key into a VERIFYONLY
|
||||
* key (params set, no private material) succeeds. The second
|
||||
* call exercises the lenient-state branch. */
|
||||
{
|
||||
byte buf[XMSS_SHA256_PUBLEN];
|
||||
XMEMSET(buf, 0, sizeof(buf));
|
||||
buf[3] = 0x01;
|
||||
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 0), 0);
|
||||
ExpectIntEQ((int)key.state, (int)WC_XMSS_STATE_VERIFYONLY);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 0), 0);
|
||||
ExpectIntEQ((int)key.state, (int)WC_XMSS_STATE_VERIFYONLY);
|
||||
wc_XmssKey_Free(&key);
|
||||
}
|
||||
|
||||
/* Strict signature-length check: wc_XmssKey_Verify rejects any
|
||||
* sigLen != key->params->sig_len. This guards every consumer
|
||||
* (RFC 9802 X.509, PKCS#7, CMS, ...) against a longer wrapper that
|
||||
* happens to start with a valid signature. Construct a key in
|
||||
* VERIFYONLY state, then verify with sig_len + 1 and sig_len - 1
|
||||
* byte buffers; both must fail with BUFFER_E before any crypto
|
||||
* runs. The buffer contents are irrelevant since the length check
|
||||
* fires first. */
|
||||
{
|
||||
byte pub[XMSS_SHA256_PUBLEN];
|
||||
byte* sigBuf = NULL;
|
||||
word32 sigLen = 0;
|
||||
const byte msg[1] = { 0 };
|
||||
|
||||
XMEMSET(pub, 0, sizeof(pub));
|
||||
pub[3] = 0x01;
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, pub, sizeof(pub), 0), 0);
|
||||
ExpectIntEQ((int)key.state, (int)WC_XMSS_STATE_VERIFYONLY);
|
||||
ExpectIntEQ(wc_XmssKey_GetSigLen(&key, &sigLen), 0);
|
||||
ExpectIntGT(sigLen, 0);
|
||||
ExpectNotNull(sigBuf = (byte*)XMALLOC((size_t)sigLen + 1, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
if (sigBuf != NULL) {
|
||||
XMEMSET(sigBuf, 0, (size_t)sigLen + 1);
|
||||
ExpectIntEQ(wc_XmssKey_Verify(&key, sigBuf, sigLen + 1,
|
||||
msg, (int)sizeof(msg)), WC_NO_ERR_TRACE(BUFFER_E));
|
||||
ExpectIntEQ(wc_XmssKey_Verify(&key, sigBuf, sigLen - 1,
|
||||
msg, (int)sizeof(msg)), WC_NO_ERR_TRACE(BUFFER_E));
|
||||
XFREE(sigBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
wc_XmssKey_Free(&key);
|
||||
}
|
||||
|
||||
/* BAD_STATE_E branch: WC_XMSS_STATE_OK must be rejected. Reaching
|
||||
* OK normally requires a successful private-key Reload / sign,
|
||||
* which is unavailable in WOLFSSL_XMSS_VERIFY_ONLY builds. Force
|
||||
* the state directly to exercise the rejection without coupling
|
||||
* this helper to the signing test fixture; sk stays NULL so Free
|
||||
* is still safe. */
|
||||
{
|
||||
byte pub[XMSS_SHA256_PUBLEN];
|
||||
|
||||
XMEMSET(pub, 0, sizeof(pub));
|
||||
pub[3] = 0x01;
|
||||
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_XmssKey_SetParamStr(&key, "XMSS-SHA2_10_256"), 0);
|
||||
key.state = WC_XMSS_STATE_OK;
|
||||
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, pub, sizeof(pub), 0),
|
||||
WC_NO_ERR_TRACE(BAD_STATE_E));
|
||||
wc_XmssKey_Free(&key);
|
||||
}
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Walk the AlgorithmIdentifier SEQUENCE that begins at sigIndex and
|
||||
* locate the byte offset of the last byte of its OID content. Handles
|
||||
* both short-form (length < 128) and long-form DER length encodings,
|
||||
* so a future fixture-regenerator that emits longer OIDs / SEQUENCEs
|
||||
* still drives this test rather than tripping the loud-fail branch.
|
||||
*
|
||||
* Returns 0 on success with *oidLastByte set; returns -1 on any DER
|
||||
* shape mismatch. */
|
||||
#if defined(WOLFSSL_HAVE_XMSS) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
static int rfc9802_find_sig_alg_oid_last_byte(const byte* buf, word32 bufLen,
|
||||
word32 sigIndex, word32* oidLastByte)
|
||||
{
|
||||
word32 idx = sigIndex;
|
||||
word32 oidContentLen = 0;
|
||||
|
||||
/* AlgorithmIdentifier ::= SEQUENCE { algorithm OID, ... } */
|
||||
if (idx >= bufLen || buf[idx] != 0x30)
|
||||
return -1;
|
||||
idx++;
|
||||
/* Skip SEQUENCE length (short or long form). */
|
||||
if (idx >= bufLen)
|
||||
return -1;
|
||||
if (buf[idx] < 0x80) {
|
||||
idx++;
|
||||
}
|
||||
else {
|
||||
word32 nbytes = (word32)(buf[idx] & 0x7F);
|
||||
if (nbytes == 0 || nbytes > 4 || idx + 1 + nbytes > bufLen)
|
||||
return -1;
|
||||
idx += 1 + nbytes;
|
||||
}
|
||||
/* algorithm OID tag. */
|
||||
if (idx >= bufLen || buf[idx] != 0x06)
|
||||
return -1;
|
||||
idx++;
|
||||
/* OID length (short or long form). */
|
||||
if (idx >= bufLen)
|
||||
return -1;
|
||||
if (buf[idx] < 0x80) {
|
||||
oidContentLen = buf[idx];
|
||||
idx++;
|
||||
}
|
||||
else {
|
||||
word32 nbytes = (word32)(buf[idx] & 0x7F);
|
||||
word32 i;
|
||||
if (nbytes == 0 || nbytes > 4 || idx + 1 + nbytes > bufLen)
|
||||
return -1;
|
||||
for (i = 0; i < nbytes; i++)
|
||||
oidContentLen = (oidContentLen << 8) | buf[idx + 1 + i];
|
||||
idx += 1 + nbytes;
|
||||
}
|
||||
if (oidContentLen == 0 || idx + oidContentLen > bufLen)
|
||||
return -1;
|
||||
*oidLastByte = idx + oidContentLen - 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Helper: load fixture, locate last byte of outer signatureAlgorithm
|
||||
* OID, patch it from `expected` to `swap`, and assert that verifying
|
||||
* the patched cert against itself as a trust anchor fails. */
|
||||
static int rfc9802_assert_oid_patch_breaks_verify(const char* path,
|
||||
byte expectedLastByte, byte patchedLastByte)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
byte* buf = NULL;
|
||||
int bytes = 0;
|
||||
DecodedCert cert;
|
||||
WOLFSSL_CERT_MANAGER* cm = NULL;
|
||||
word32 sigIndex = 0;
|
||||
word32 lastOidByte = 0;
|
||||
|
||||
ExpectIntEQ(rfc9802_load_file(path, &buf, &bytes), TEST_SUCCESS);
|
||||
if (buf == NULL)
|
||||
return TEST_FAIL;
|
||||
|
||||
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
|
||||
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), 0);
|
||||
sigIndex = cert.sigIndex;
|
||||
wc_FreeDecodedCert(&cert);
|
||||
|
||||
ExpectIntEQ(rfc9802_find_sig_alg_oid_last_byte(buf, (word32)bytes,
|
||||
sigIndex, &lastOidByte), 0);
|
||||
/* Sanity-check the fixture matches the family the caller asserted,
|
||||
* so a future regenerator swapping fixtures fails loudly here
|
||||
* rather than silently testing the wrong direction. */
|
||||
ExpectIntEQ((int)buf[lastOidByte], (int)expectedLastByte);
|
||||
|
||||
if (lastOidByte < (word32)bytes &&
|
||||
buf[lastOidByte] == expectedLastByte) {
|
||||
buf[lastOidByte] = patchedLastByte;
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
/* After the patch the cert's outer signatureAlgorithm and SPKI
|
||||
* disagree. Verification must fail somewhere (at parse, at
|
||||
* load, or at ConfirmSignature). The load is best-effort -
|
||||
* some shape changes get caught there, others only at verify. */
|
||||
(void)wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
|
||||
WOLFSSL_FILETYPE_ASN1);
|
||||
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, buf,
|
||||
(long)bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* X.509-level negative: swap the outer signatureAlgorithm OID byte so
|
||||
* the cert declares XMSS where the SPKI is XMSS^MT, and vice versa.
|
||||
* SigOidMatchesKeyOid must reject both directions before any crypto. */
|
||||
static int rfc9802_xmss_sig_oid_mismatch(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
/* XMSS sigOID ends 0x22; XMSS^MT sigOID ends 0x23. Patch each
|
||||
* direction so the asymmetric-key path is exercised both ways -
|
||||
* a regression that only stripped the check from one branch of
|
||||
* SigOidMatchesKeyOid would otherwise be missed. */
|
||||
ExpectIntEQ(rfc9802_assert_oid_patch_breaks_verify(
|
||||
"./certs/xmss/bc_xmss_sha2_10_256_root.der",
|
||||
/* expected XMSS */ 0x22, /* patched to XMSS^MT */ 0x23),
|
||||
TEST_SUCCESS);
|
||||
ExpectIntEQ(rfc9802_assert_oid_patch_breaks_verify(
|
||||
"./certs/xmss/bc_xmssmt_sha2_20_2_256_root.der",
|
||||
/* expected XMSS^MT */ 0x23, /* patched to XMSS */ 0x22),
|
||||
TEST_SUCCESS);
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Exercise a real CA -> leaf certificate chain, not just self-signed.
|
||||
* Loads the CA as a trust anchor and verifies the leaf against it. */
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
static int rfc9802_lms_chain_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
byte* caBuf = NULL;
|
||||
byte* leafBuf = NULL;
|
||||
int caLen = 0;
|
||||
int leafLen = 0;
|
||||
WOLFSSL_CERT_MANAGER* cm = NULL;
|
||||
|
||||
ExpectIntEQ(rfc9802_load_file("./certs/lms/bc_lms_chain_ca.der",
|
||||
&caBuf, &caLen), TEST_SUCCESS);
|
||||
ExpectIntEQ(rfc9802_load_file("./certs/lms/bc_lms_chain_leaf.der",
|
||||
&leafBuf, &leafLen), TEST_SUCCESS);
|
||||
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
/* Only the CA is a trust anchor; the leaf is verified against it. */
|
||||
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, caBuf, (long)caLen,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
|
||||
/* Without loading the CA the leaf must NOT verify. */
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
|
||||
XFREE(leafBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(caBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Mirror of rfc9802_lms_chain_verify but for an XMSS CA -> leaf pair. */
|
||||
#if defined(WOLFSSL_HAVE_XMSS) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
static int rfc9802_xmss_chain_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
byte* caBuf = NULL;
|
||||
byte* leafBuf = NULL;
|
||||
int caLen = 0;
|
||||
int leafLen = 0;
|
||||
WOLFSSL_CERT_MANAGER* cm = NULL;
|
||||
|
||||
ExpectIntEQ(rfc9802_load_file("./certs/xmss/bc_xmss_chain_ca.der",
|
||||
&caBuf, &caLen), TEST_SUCCESS);
|
||||
ExpectIntEQ(rfc9802_load_file("./certs/xmss/bc_xmss_chain_leaf.der",
|
||||
&leafBuf, &leafLen), TEST_SUCCESS);
|
||||
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, caBuf, (long)caLen,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
ExpectNotNull(cm = wolfSSL_CertManagerNew());
|
||||
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
if (cm != NULL) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
cm = NULL;
|
||||
}
|
||||
|
||||
XFREE(leafBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(caBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
int test_rfc9802_lms_x509_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
|
||||
!defined(WOLFSSL_NO_LMS_SHA256_256)
|
||||
/* Mixed single-level LMS and multi-level HSS fixtures. The HSS
|
||||
* public key carries only the top-level LMS/LM-OTS types, so
|
||||
* wc_LmsKey_ImportPubRaw's auto-derive path searches the map
|
||||
* by (levels, lmsType, lmOtsType). The bc_lms_native_bc_root
|
||||
* fixture is generated through Bouncy Castle's stock
|
||||
* JcaContentSignerBuilder("LMS") + JcaX509v3CertificateBuilder
|
||||
* with no overrides; including it here is the cross-impl interop
|
||||
* gate (BC's native LMS X.509 path is RFC 9802-compliant for HSS/
|
||||
* LMS, so wolfSSL must accept it end-to-end).
|
||||
*
|
||||
* All fixtures use the SHA-256/M32 family, so the whole block
|
||||
* is gated on that family being compiled in. Truncated SHA-256/192
|
||||
* or SHAKE-only builds skip this block. */
|
||||
static const char* const lmsFiles[] = {
|
||||
"./certs/lms/bc_lms_sha256_h5_w4_root.der",
|
||||
#if !defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10)
|
||||
"./certs/lms/bc_lms_sha256_h10_w8_root.der",
|
||||
#endif
|
||||
#if !defined(WOLFSSL_LMS_MAX_LEVELS) || (WOLFSSL_LMS_MAX_LEVELS >= 2)
|
||||
"./certs/lms/bc_hss_L2_H5_W8_root.der",
|
||||
#endif
|
||||
#if !defined(WOLFSSL_LMS_MAX_LEVELS) || (WOLFSSL_LMS_MAX_LEVELS >= 3)
|
||||
"./certs/lms/bc_hss_L3_H5_W4_root.der",
|
||||
#endif
|
||||
"./certs/lms/bc_lms_native_bc_root.der",
|
||||
};
|
||||
size_t i;
|
||||
for (i = 0; i < sizeof(lmsFiles) / sizeof(lmsFiles[0]); i++) {
|
||||
ExpectIntEQ(rfc9802_verify_one_cert(lmsFiles[i],
|
||||
HSS_LMSk, CTC_HSS_LMS), TEST_SUCCESS);
|
||||
}
|
||||
ExpectIntEQ(rfc9802_lms_chain_verify(), TEST_SUCCESS);
|
||||
#endif /* !NO_FILESYSTEM && !NO_CERTS && !WOLFSSL_NO_LMS_SHA256_256 */
|
||||
/* Pure wolfCrypt-level negative tests don't need filesystem or cert
|
||||
* support, so they run for any LMS-enabled build. */
|
||||
ExpectIntEQ(rfc9802_lms_import_negative(), TEST_SUCCESS);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_rfc9802_xmss_x509_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_XMSS)
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
static const char* const xmssFiles[] = {
|
||||
"./certs/xmss/bc_xmss_sha2_10_256_root.der",
|
||||
"./certs/xmss/bc_xmss_sha2_16_256_root.der",
|
||||
};
|
||||
static const char* const xmssmtFiles[] = {
|
||||
"./certs/xmss/bc_xmssmt_sha2_20_2_256_root.der",
|
||||
"./certs/xmss/bc_xmssmt_sha2_20_4_256_root.der",
|
||||
"./certs/xmss/bc_xmssmt_sha2_40_8_256_root.der",
|
||||
};
|
||||
size_t i;
|
||||
for (i = 0; i < sizeof(xmssFiles) / sizeof(xmssFiles[0]); i++) {
|
||||
ExpectIntEQ(rfc9802_verify_one_cert(xmssFiles[i],
|
||||
XMSSk, CTC_XMSS), TEST_SUCCESS);
|
||||
}
|
||||
for (i = 0; i < sizeof(xmssmtFiles) / sizeof(xmssmtFiles[0]); i++) {
|
||||
ExpectIntEQ(rfc9802_verify_one_cert(xmssmtFiles[i],
|
||||
XMSSMTk, CTC_XMSSMT), TEST_SUCCESS);
|
||||
}
|
||||
ExpectIntEQ(rfc9802_xmss_sig_oid_mismatch(), TEST_SUCCESS);
|
||||
ExpectIntEQ(rfc9802_xmss_chain_verify(), TEST_SUCCESS);
|
||||
#endif /* !NO_FILESYSTEM && !NO_CERTS */
|
||||
/* Pure wolfCrypt-level negative tests don't need filesystem or cert
|
||||
* support, so they run for any XMSS-enabled build. */
|
||||
ExpectIntEQ(rfc9802_xmss_import_negative(), TEST_SUCCESS);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
/* test_lms_xmss.h
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef WOLFCRYPT_TEST_LMS_XMSS_H
|
||||
#define WOLFCRYPT_TEST_LMS_XMSS_H
|
||||
|
||||
#include <tests/api/api_decl.h>
|
||||
|
||||
int test_wc_LmsKey_sign_verify(void);
|
||||
int test_wc_LmsKey_reload_cache(void);
|
||||
int test_rfc9802_lms_x509_verify(void);
|
||||
int test_rfc9802_xmss_x509_verify(void);
|
||||
|
||||
/* LMS, and RFC 9802 (HSS/LMS and XMSS/XMSS^MT in X.509). */
|
||||
#define TEST_LMS_XMSS_DECLS \
|
||||
TEST_DECL_GROUP("lms", test_wc_LmsKey_sign_verify), \
|
||||
TEST_DECL_GROUP("lms", test_wc_LmsKey_reload_cache), \
|
||||
TEST_DECL_GROUP("lms", test_rfc9802_lms_x509_verify), \
|
||||
TEST_DECL_GROUP("xmss", test_rfc9802_xmss_x509_verify)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_LMS_XMSS_H */
|
||||
@@ -30508,3 +30508,85 @@ WOLFSSL_MLDSA_API_CHECK_INLINE void wc_mldsa_canonical_api_check(void)
|
||||
PRAGMA_CLANG_DIAG_POP
|
||||
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* ML-DSA / Dilithium negative length-validation tests */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
|
||||
/* ML-DSA HashML-DSA verify must reject hashLen > WC_MAX_DIGEST_SIZE */
|
||||
int test_mldsa_verify_hash(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
wc_MlDsaKey key;
|
||||
WC_RNG rng;
|
||||
int res = 0;
|
||||
byte sig[4000];
|
||||
byte hash[4096]; /* larger than WC_MAX_DIGEST_SIZE */
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
XMEMSET(sig, 0x41, sizeof(sig));
|
||||
XMEMSET(hash, 'A', sizeof(hash));
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
|
||||
#else
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
|
||||
#endif
|
||||
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
/* hashLen=4096 must be rejected, not overflow the stack */
|
||||
ExpectIntEQ(wc_MlDsaKey_VerifyCtxHash(&key, sig, sizeof(sig), NULL, 0,
|
||||
hash, sizeof(hash), WC_HASH_TYPE_SHA256, &res),
|
||||
WC_NO_ERR_TRACE(BAD_LENGTH_E));
|
||||
|
||||
wc_MlDsaKey_Free(&key);
|
||||
DoExpectIntEQ(wc_FreeRng(&rng), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* Dilithium verify_ctx_msg must reject absurdly large msgLen */
|
||||
int test_dilithium_hash(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
wc_MlDsaKey key;
|
||||
WC_RNG rng;
|
||||
int res = 0;
|
||||
byte sig[4000];
|
||||
byte msg[64];
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
XMEMSET(sig, 0, sizeof(sig));
|
||||
XMEMSET(msg, 'A', sizeof(msg));
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
|
||||
#else
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
|
||||
#endif
|
||||
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
ExpectIntEQ(wc_MlDsaKey_VerifyCtx(&key, sig, sizeof(sig), NULL, 0,
|
||||
msg, 0xFFFFFFC0, &res), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
wc_MlDsaKey_Free(&key);
|
||||
DoExpectIntEQ(wc_FreeRng(&rng), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
@@ -51,6 +51,11 @@ int test_mldsa_encode_w1_large_values(void);
|
||||
int test_mldsa_pkcs12(void);
|
||||
int test_mldsa_x509_pubkey_sigtype(void);
|
||||
|
||||
/* Negative length-validation regression tests, also defined in
|
||||
* tests/api/test_mldsa.c. */
|
||||
int test_mldsa_verify_hash(void);
|
||||
int test_dilithium_hash(void);
|
||||
|
||||
/* Legacy-name shim coverage defined in tests/api/test_mldsa_legacy.c.
|
||||
* Single function -- compile-time wc_static_assert checks for every alias
|
||||
* + one runtime smoke test that drives each arg-reordering macro family.
|
||||
@@ -82,6 +87,8 @@ int test_mldsa_legacy_shim(void);
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_encode_w1_large_values), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_x509_pubkey_sigtype), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_verify_hash), \
|
||||
TEST_DECL_GROUP("mldsa", test_dilithium_hash), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_legacy_shim)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_MLDSA_H */
|
||||
|
||||
@@ -247,6 +247,15 @@ int test_ocsp_basic_verify(void)
|
||||
ExpectNull(
|
||||
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad)));
|
||||
|
||||
/* reuse failure must clear caller pointer */
|
||||
ptr = (const unsigned char*)resp;
|
||||
ExpectNotNull(
|
||||
response = wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp)));
|
||||
ptr = (const unsigned char*)resp_bad;
|
||||
ExpectNull(
|
||||
wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp_bad)));
|
||||
ExpectNull(response);
|
||||
|
||||
ptr = (const unsigned char*)resp;
|
||||
ExpectNotNull(
|
||||
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
|
||||
@@ -765,6 +774,63 @@ int test_ocsp_certid_dup(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
int test_ocsp_resp_find_status_serial_prefix(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && !defined(NO_SHA)
|
||||
OcspResponse response;
|
||||
OcspEntry single;
|
||||
CertStatus responseStatus;
|
||||
OcspEntry requestedId;
|
||||
CertStatus requestedStatus;
|
||||
int status;
|
||||
|
||||
XMEMSET(&response, 0, sizeof(response));
|
||||
XMEMSET(&single, 0, sizeof(single));
|
||||
XMEMSET(&responseStatus, 0, sizeof(responseStatus));
|
||||
XMEMSET(&requestedId, 0, sizeof(requestedId));
|
||||
XMEMSET(&requestedStatus, 0, sizeof(requestedStatus));
|
||||
|
||||
single.status = &responseStatus;
|
||||
requestedId.status = &requestedStatus;
|
||||
response.single = &single;
|
||||
|
||||
/* Matching issuer name and key hashes on both sides. */
|
||||
XMEMSET(single.issuerHash, 0x41, OCSP_DIGEST_SIZE);
|
||||
XMEMSET(single.issuerKeyHash, 0x42, OCSP_DIGEST_SIZE);
|
||||
XMEMCPY(requestedId.issuerHash, single.issuerHash, OCSP_DIGEST_SIZE);
|
||||
XMEMCPY(requestedId.issuerKeyHash, single.issuerKeyHash, OCSP_DIGEST_SIZE);
|
||||
|
||||
/* Response carries a CERT_GOOD status for serial 01:02 (2 bytes). */
|
||||
responseStatus.serial[0] = 0x01;
|
||||
responseStatus.serial[1] = 0x02;
|
||||
responseStatus.serialSz = 2;
|
||||
responseStatus.status = CERT_GOOD;
|
||||
|
||||
/* Sanity check: an exact serial match must be found and report CERT_GOOD. */
|
||||
requestedStatus.serial[0] = 0x01;
|
||||
requestedStatus.serial[1] = 0x02;
|
||||
requestedStatus.serialSz = 2;
|
||||
status = -1;
|
||||
ExpectIntEQ(wolfSSL_OCSP_resp_find_status(&response, &requestedId, &status,
|
||||
NULL, NULL, NULL, NULL), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(status, CERT_GOOD);
|
||||
|
||||
/* Request serial 01:02:03 (3 bytes) shares the 01:02 prefix of the
|
||||
* response serial.
|
||||
* The lookup must not bind the good response to this longer and
|
||||
* differing serial. */
|
||||
requestedStatus.serial[0] = 0x01;
|
||||
requestedStatus.serial[1] = 0x02;
|
||||
requestedStatus.serial[2] = 0x03;
|
||||
requestedStatus.serialSz = 3;
|
||||
status = -1;
|
||||
ExpectIntEQ(wolfSSL_OCSP_resp_find_status(&response, &requestedId, &status,
|
||||
NULL, NULL, NULL, NULL), WOLFSSL_FAILURE);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#if defined(HAVE_OCSP) && defined(WOLFSSL_CERT_SETUP_CB) && \
|
||||
defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_RSA) && \
|
||||
(defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
|
||||
int test_ocsp_certid_enc_dec(void);
|
||||
int test_ocsp_certid_dup(void);
|
||||
int test_ocsp_resp_find_status_serial_prefix(void);
|
||||
int test_ocsp_status_callback(void);
|
||||
int test_ocsp_basic_verify(void);
|
||||
int test_ocsp_responder_keyhash_binding(void);
|
||||
|
||||
@@ -755,6 +755,126 @@ int test_wolfSSL_PEM_PrivateKey(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_PEM_write_PrivateKey(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
|
||||
!defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) && \
|
||||
!defined(NO_ASN) && !defined(NO_PWDBASED)
|
||||
const char* privFile = "./test-pem-write-private-key.pem";
|
||||
const unsigned char* serverKey =
|
||||
(const unsigned char*)server_key_der_2048;
|
||||
EVP_PKEY* pkey = NULL;
|
||||
EVP_PKEY* readPriv = NULL;
|
||||
XFILE fp = XBADFILE;
|
||||
|
||||
remove(privFile);
|
||||
|
||||
ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &serverKey,
|
||||
(long)sizeof_server_key_der_2048));
|
||||
|
||||
/* Bad-argument checks. */
|
||||
ExpectIntEQ(PEM_write_PrivateKey(XBADFILE, pkey, NULL, NULL, 0, NULL,
|
||||
NULL), 0);
|
||||
ExpectIntEQ(PEM_write_PrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
|
||||
NULL), 0);
|
||||
|
||||
/* Write private key to file. */
|
||||
ExpectTrue((fp = XFOPEN(privFile, "wb")) != XBADFILE);
|
||||
if (fp != XBADFILE) {
|
||||
ExpectIntEQ(PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL),
|
||||
1);
|
||||
XFCLOSE(fp);
|
||||
fp = XBADFILE;
|
||||
}
|
||||
|
||||
/* Read it back and verify the DER content matches. */
|
||||
ExpectTrue((fp = XFOPEN(privFile, "rb")) != XBADFILE);
|
||||
if (fp != XBADFILE) {
|
||||
ExpectNotNull(readPriv = PEM_read_PrivateKey(fp, NULL, NULL, NULL));
|
||||
XFCLOSE(fp);
|
||||
fp = XBADFILE;
|
||||
}
|
||||
if ((pkey != NULL) && (readPriv != NULL) && (pkey->pkey.ptr != NULL) &&
|
||||
(readPriv->pkey.ptr != NULL)) {
|
||||
ExpectIntEQ(pkey->pkey_sz, readPriv->pkey_sz);
|
||||
ExpectIntEQ(XMEMCMP(pkey->pkey.ptr, readPriv->pkey.ptr,
|
||||
pkey->pkey_sz), 0);
|
||||
}
|
||||
|
||||
EVP_PKEY_free(readPriv);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (fp != XBADFILE) {
|
||||
XFCLOSE(fp);
|
||||
}
|
||||
remove(privFile);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_PEM_write_PUBKEY(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
|
||||
!defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) && \
|
||||
!defined(NO_ASN) && !defined(NO_PWDBASED)
|
||||
const char* pubFile = "./test-pem-write-pubkey.pem";
|
||||
const unsigned char* serverKey =
|
||||
(const unsigned char*)server_key_der_2048;
|
||||
EVP_PKEY* pkey = NULL;
|
||||
EVP_PKEY* readPub = NULL;
|
||||
unsigned char* pubDer = NULL;
|
||||
unsigned char* readPubDer = NULL;
|
||||
XFILE fp = XBADFILE;
|
||||
int pubDerSz = 0;
|
||||
int readPubDerSz = 0;
|
||||
|
||||
remove(pubFile);
|
||||
|
||||
ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &serverKey,
|
||||
(long)sizeof_server_key_der_2048));
|
||||
|
||||
/* Bad-argument checks. */
|
||||
ExpectIntEQ(PEM_write_PUBKEY(XBADFILE, pkey), 0);
|
||||
ExpectIntEQ(PEM_write_PUBKEY(stderr, NULL), 0);
|
||||
|
||||
/* Capture the expected public-key DER for later comparison. */
|
||||
ExpectIntGT(pubDerSz = wolfSSL_i2d_PUBKEY(pkey, &pubDer), 0);
|
||||
|
||||
/* Write public key to file. */
|
||||
ExpectTrue((fp = XFOPEN(pubFile, "wb")) != XBADFILE);
|
||||
if (fp != XBADFILE) {
|
||||
ExpectIntEQ(PEM_write_PUBKEY(fp, pkey), 1);
|
||||
XFCLOSE(fp);
|
||||
fp = XBADFILE;
|
||||
}
|
||||
|
||||
/* Read it back and verify the DER content matches. */
|
||||
ExpectTrue((fp = XFOPEN(pubFile, "rb")) != XBADFILE);
|
||||
if (fp != XBADFILE) {
|
||||
ExpectNotNull(readPub = PEM_read_PUBKEY(fp, NULL, NULL, NULL));
|
||||
XFCLOSE(fp);
|
||||
fp = XBADFILE;
|
||||
}
|
||||
ExpectIntGT(readPubDerSz = wolfSSL_i2d_PUBKEY(readPub, &readPubDer), 0);
|
||||
ExpectIntEQ(pubDerSz, readPubDerSz);
|
||||
if ((pubDer != NULL) && (readPubDer != NULL) && (pubDerSz > 0) &&
|
||||
(pubDerSz == readPubDerSz)) {
|
||||
ExpectIntEQ(XMEMCMP(pubDer, readPubDer, pubDerSz), 0);
|
||||
}
|
||||
|
||||
XFREE(readPubDer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(pubDer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
EVP_PKEY_free(readPub);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (fp != XBADFILE) {
|
||||
XFCLOSE(fp);
|
||||
}
|
||||
remove(pubFile);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_PEM_file_RSAKey(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
@@ -32,6 +32,8 @@ int test_wolfSSL_PEM_PrivateKey_ecc(void);
|
||||
int test_wolfSSL_PEM_PrivateKey_dsa(void);
|
||||
int test_wolfSSL_PEM_PrivateKey_dh(void);
|
||||
int test_wolfSSL_PEM_PrivateKey(void);
|
||||
int test_wolfSSL_PEM_write_PrivateKey(void);
|
||||
int test_wolfSSL_PEM_write_PUBKEY(void);
|
||||
int test_wolfSSL_PEM_file_RSAKey(void);
|
||||
int test_wolfSSL_PEM_file_RSAPrivateKey(void);
|
||||
int test_wolfSSL_PEM_read_RSA_PUBKEY(void);
|
||||
@@ -52,6 +54,8 @@ int test_wolfSSL_PEM_PUBKEY(void);
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dsa), \
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dh), \
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey), \
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_write_PrivateKey), \
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_write_PUBKEY), \
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAKey), \
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAPrivateKey), \
|
||||
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_RSA_PUBKEY), \
|
||||
|
||||
@@ -71,6 +71,114 @@ int test_wolfSSL_X509_check_private_key(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* EVP_PKCS82PKEY() must populate pkey.ptr/pkey_sz for ML-DSA so
|
||||
* X509_check_private_key() (wc_CheckPrivateKey) can redecode the DER, and
|
||||
* d2i_PKCS8_PKEY() must keep the full PKCS#8 wrapper for ML-DSA level recovery
|
||||
* from the AlgorithmIdentifier. */
|
||||
int test_wolfSSL_X509_check_private_key_mldsa(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
|
||||
!defined(NO_BIO) && !defined(NO_CHECK_PRIVATE_KEY) && \
|
||||
defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
|
||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)) && \
|
||||
(!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_65) || \
|
||||
!defined(WOLFSSL_NO_ML_DSA_87))
|
||||
static const struct {
|
||||
const char* keyPath;
|
||||
const char* certPath;
|
||||
const char* mismatchCertPath; /* NULL if no other level available */
|
||||
} cases[] = {
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
{ "./certs/mldsa/mldsa44-key.pem",
|
||||
"./certs/mldsa/mldsa44-cert.der",
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_65)
|
||||
"./certs/mldsa/mldsa65-cert.der"
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_87)
|
||||
"./certs/mldsa/mldsa87-cert.der"
|
||||
#else
|
||||
NULL
|
||||
#endif
|
||||
},
|
||||
#endif
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_65)
|
||||
{ "./certs/mldsa/mldsa65-key.pem",
|
||||
"./certs/mldsa/mldsa65-cert.der",
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_87)
|
||||
"./certs/mldsa/mldsa87-cert.der"
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
"./certs/mldsa/mldsa44-cert.der"
|
||||
#else
|
||||
NULL
|
||||
#endif
|
||||
},
|
||||
#endif
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_87)
|
||||
{ "./certs/mldsa/mldsa87-key.pem",
|
||||
"./certs/mldsa/mldsa87-cert.der",
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
"./certs/mldsa/mldsa44-cert.der"
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_65)
|
||||
"./certs/mldsa/mldsa65-cert.der"
|
||||
#else
|
||||
NULL
|
||||
#endif
|
||||
},
|
||||
#endif
|
||||
};
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
|
||||
PKCS8_PRIV_KEY_INFO* pt = NULL;
|
||||
EVP_PKEY* pkey = NULL;
|
||||
X509* x509 = NULL;
|
||||
X509* mismatchX509 = NULL;
|
||||
BIO* bio = NULL;
|
||||
byte* buf = NULL;
|
||||
size_t sz = 0;
|
||||
|
||||
ExpectIntEQ(load_file(cases[i].keyPath, &buf, &sz), 0);
|
||||
|
||||
ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, (int)sz));
|
||||
ExpectNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
|
||||
|
||||
ExpectNotNull(pkey = EVP_PKCS82PKEY(pt));
|
||||
if (pkey != NULL) {
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
/* pkey.ptr must hold the DER so that X509_check_private_key() to
|
||||
* wc_CheckPrivateKey() can re-decode it. */
|
||||
ExpectNotNull(pkey->pkey.ptr);
|
||||
ExpectIntGT(pkey->pkey_sz, 0);
|
||||
}
|
||||
|
||||
ExpectNotNull(x509 = X509_load_certificate_file(
|
||||
cases[i].certPath, SSL_FILETYPE_ASN1));
|
||||
ExpectIntEQ(X509_check_private_key(x509, pkey), 1);
|
||||
|
||||
if (cases[i].mismatchCertPath != NULL) {
|
||||
ExpectNotNull(mismatchX509 = X509_load_certificate_file(
|
||||
cases[i].mismatchCertPath, SSL_FILETYPE_ASN1));
|
||||
ExpectIntEQ(X509_check_private_key(mismatchX509, pkey), 0);
|
||||
}
|
||||
|
||||
/* Negative check, corrupt the outer SEQ tag so the key DER fails */
|
||||
if (EXPECT_SUCCESS() && (pkey != NULL) && (pkey->pkey.ptr != NULL)) {
|
||||
pkey->pkey.ptr[0] ^= 0xFF;
|
||||
ExpectIntEQ(X509_check_private_key(x509, pkey), 0);
|
||||
}
|
||||
|
||||
X509_free(mismatchX509);
|
||||
X509_free(x509);
|
||||
EVP_PKEY_free(pkey);
|
||||
PKCS8_PRIV_KEY_INFO_free(pt);
|
||||
BIO_free(bio);
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_X509_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <tests/api/api_decl.h>
|
||||
|
||||
int test_wolfSSL_X509_check_private_key(void);
|
||||
int test_wolfSSL_X509_check_private_key_mldsa(void);
|
||||
int test_wolfSSL_X509_verify(void);
|
||||
int test_wolfSSL_X509_sign(void);
|
||||
int test_wolfSSL_X509_sign2(void);
|
||||
@@ -32,6 +33,8 @@ int test_wolfSSL_make_cert(void);
|
||||
|
||||
#define TEST_OSSL_X509_CRYPTO_DECLS \
|
||||
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_check_private_key), \
|
||||
TEST_DECL_GROUP("ossl_x509_crypto", \
|
||||
test_wolfSSL_X509_check_private_key_mldsa), \
|
||||
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_verify), \
|
||||
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign), \
|
||||
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign2), \
|
||||
|
||||
@@ -593,6 +593,70 @@ int test_wolfSSL_X509_add_ext(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_X509_add_ext_dirname_san_rejected(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
|
||||
WOLFSSL_X509* x509 = NULL;
|
||||
WOLFSSL_X509_EXTENSION* ext = NULL;
|
||||
WOLFSSL_ASN1_OBJECT* obj = NULL;
|
||||
WOLFSSL_GENERAL_NAME* gn = NULL;
|
||||
WOLFSSL_X509_NAME* dirName = NULL;
|
||||
WOLFSSL_STACK* sk = NULL;
|
||||
|
||||
ExpectNotNull(x509 = wolfSSL_X509_new());
|
||||
ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
|
||||
|
||||
/* Build a GEN_DIRNAME GENERAL_NAME with a real directoryName so that
|
||||
* gn->d.directoryName aliases an X509_NAME object via the union. */
|
||||
ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
|
||||
ExpectNotNull(dirName = wolfSSL_X509_NAME_new());
|
||||
ExpectIntEQ(wolfSSL_X509_NAME_add_entry_by_NID(dirName, NID_commonName,
|
||||
MBSTRING_UTF8, (unsigned char*)"dirname-san-test", -1, -1, 0), 1);
|
||||
if (gn != NULL) {
|
||||
/* Drop the default IA5 string and install the X509_NAME. */
|
||||
wolfSSL_ASN1_STRING_free(gn->d.ia5);
|
||||
gn->type = GEN_DIRNAME;
|
||||
gn->d.directoryName = dirName;
|
||||
dirName = NULL; /* gn owns the X509_NAME now */
|
||||
}
|
||||
|
||||
/* Build the ext: SAN OID + ext_sk containing the DirName GENERAL_NAME. */
|
||||
ExpectNotNull(sk = wolfSSL_sk_new_null());
|
||||
if (sk != NULL) {
|
||||
sk->type = STACK_TYPE_GEN_NAME;
|
||||
}
|
||||
ExpectIntGT(wolfSSL_sk_GENERAL_NAME_push(sk, gn), 0);
|
||||
gn = NULL; /* sk owns gn now */
|
||||
|
||||
ExpectNotNull(obj = wolfSSL_OBJ_nid2obj(NID_subject_alt_name));
|
||||
if (obj != NULL) {
|
||||
obj->type = NID_subject_alt_name;
|
||||
obj->nid = NID_subject_alt_name;
|
||||
}
|
||||
if ((ext != NULL) && (obj != NULL) && (sk != NULL)) {
|
||||
ext->obj = obj;
|
||||
obj = NULL; /* ext owns obj now */
|
||||
ext->ext_sk = sk;
|
||||
sk = NULL; /* ext owns sk now */
|
||||
}
|
||||
|
||||
/* The unsupported GeneralName type must be rejected safely, NOT crash
|
||||
* or read OOB via a type-confused d.ia5 dereference. */
|
||||
ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1),
|
||||
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
|
||||
/* Cleanup. The success-path owners (set to NULL above) are no-ops. */
|
||||
wolfSSL_ASN1_OBJECT_free(obj);
|
||||
wolfSSL_sk_GENERAL_NAME_pop_free(sk, wolfSSL_GENERAL_NAME_free);
|
||||
wolfSSL_GENERAL_NAME_free(gn);
|
||||
wolfSSL_X509_NAME_free(dirName);
|
||||
wolfSSL_X509_EXTENSION_free(ext);
|
||||
wolfSSL_X509_free(x509);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_X509_get_ext_count(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
@@ -1098,10 +1162,6 @@ int test_wolfSSL_X509V3_EXT_bc(void)
|
||||
|
||||
ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
|
||||
ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
|
||||
ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
|
||||
if (pathLen != NULL) {
|
||||
pathLen->length = 2;
|
||||
}
|
||||
|
||||
if (obj != NULL) {
|
||||
obj->type = NID_basic_constraints;
|
||||
@@ -1109,17 +1169,47 @@ int test_wolfSSL_X509V3_EXT_bc(void)
|
||||
}
|
||||
ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
|
||||
ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
|
||||
/* No pathlen set. */
|
||||
|
||||
/* No pathLenConstraint present. Per RFC 5280 4.2.1.9 no limit is imposed,
|
||||
* so pathlen must be NULL (and distinguishable from a value of 0). */
|
||||
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
|
||||
ExpectNull(bc->pathlen);
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
bc = NULL;
|
||||
|
||||
/* pathLenConstraint of 0 is valid and meaningful (the CA may only issue
|
||||
* end-entity certificates). It must be preserved, not conflated with an
|
||||
* absent constraint. */
|
||||
ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
|
||||
if (pathLen != NULL) {
|
||||
pathLen->length = 0;
|
||||
}
|
||||
if ((ext != NULL) && (ext->obj != NULL)) {
|
||||
ext->obj->pathlen = pathLen;
|
||||
pathLen = NULL;
|
||||
}
|
||||
/* pathlen set. */
|
||||
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
|
||||
ExpectNotNull(bc->pathlen);
|
||||
ExpectIntEQ(bc->pathlen->length, 0);
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
bc = NULL;
|
||||
|
||||
/* A non-zero pathLenConstraint is preserved as-is. */
|
||||
if ((ext != NULL) && (ext->obj != NULL)) {
|
||||
wolfSSL_ASN1_INTEGER_free(ext->obj->pathlen);
|
||||
ext->obj->pathlen = NULL;
|
||||
}
|
||||
ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
|
||||
if (pathLen != NULL) {
|
||||
pathLen->length = 2;
|
||||
}
|
||||
if ((ext != NULL) && (ext->obj != NULL)) {
|
||||
ext->obj->pathlen = pathLen;
|
||||
pathLen = NULL;
|
||||
}
|
||||
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
|
||||
ExpectNotNull(bc->pathlen);
|
||||
ExpectIntEQ(bc->pathlen->length, 2);
|
||||
|
||||
wolfSSL_ASN1_INTEGER_free(pathLen);
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
@@ -1129,6 +1219,72 @@ int test_wolfSSL_X509V3_EXT_bc(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_X509_get_ext_d2i_basic_constraints(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
|
||||
XFILE f = XBADFILE;
|
||||
WOLFSSL_X509* x509 = NULL;
|
||||
WOLFSSL_BASIC_CONSTRAINTS* bc = NULL;
|
||||
int crit = 0;
|
||||
|
||||
/* CA certificate with basicConstraints CA:TRUE and *no* pathLenConstraint.
|
||||
* Per RFC 5280 4.2.1.9 no path length limit is imposed, so the returned
|
||||
* pathlen must be NULL - it must not be reported as a value of 0. */
|
||||
ExpectTrue((f = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE);
|
||||
ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
|
||||
if (f != XBADFILE) {
|
||||
XFCLOSE(f);
|
||||
f = XBADFILE;
|
||||
}
|
||||
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509_get_ext_d2i(
|
||||
x509, NID_basic_constraints, &crit, NULL));
|
||||
ExpectNull(bc->pathlen);
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
bc = NULL;
|
||||
wolfSSL_X509_free(x509);
|
||||
x509 = NULL;
|
||||
|
||||
/* Intermediate CA with basicConstraints CA:TRUE, pathlen:1. */
|
||||
ExpectTrue((f = XFOPEN("./certs/intermediate/ca-int-cert.pem", "rb")) !=
|
||||
XBADFILE);
|
||||
ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
|
||||
if (f != XBADFILE) {
|
||||
XFCLOSE(f);
|
||||
f = XBADFILE;
|
||||
}
|
||||
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509_get_ext_d2i(
|
||||
x509, NID_basic_constraints, &crit, NULL));
|
||||
ExpectNotNull(bc->pathlen);
|
||||
ExpectIntEQ(bc->pathlen->length, 1);
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
bc = NULL;
|
||||
wolfSSL_X509_free(x509);
|
||||
x509 = NULL;
|
||||
|
||||
/* CA with basicConstraints CA:TRUE, pathlen:0. A pathLenConstraint of 0 is
|
||||
* valid and meaningful (the CA may only issue end-entity certificates) and
|
||||
* must be reported (non-NULL pathlen, value 0) - it must not be conflated
|
||||
* with an absent constraint. */
|
||||
ExpectTrue((f = XFOPEN("./certs/test-pathlen/chainG-ICA1-pathlen0.pem",
|
||||
"rb")) != XBADFILE);
|
||||
ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
|
||||
if (f != XBADFILE) {
|
||||
XFCLOSE(f);
|
||||
f = XBADFILE;
|
||||
}
|
||||
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509_get_ext_d2i(
|
||||
x509, NID_basic_constraints, &crit, NULL));
|
||||
ExpectNotNull(bc->pathlen);
|
||||
ExpectIntEQ(bc->pathlen->length, 0);
|
||||
wolfSSL_BASIC_CONSTRAINTS_free(bc);
|
||||
bc = NULL;
|
||||
wolfSSL_X509_free(x509);
|
||||
x509 = NULL;
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_X509V3_EXT_san(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
@@ -30,6 +30,7 @@ int test_wolfSSL_X509_get_ext_by_NID(void);
|
||||
int test_wolfSSL_X509_get_ext_subj_alt_name(void);
|
||||
int test_wolfSSL_X509_set_ext(void);
|
||||
int test_wolfSSL_X509_add_ext(void);
|
||||
int test_wolfSSL_X509_add_ext_dirname_san_rejected(void);
|
||||
int test_wolfSSL_X509_get_ext_count(void);
|
||||
int test_wolfSSL_X509_stack_extensions(void);
|
||||
int test_wolfSSL_X509_EXTENSION_new(void);
|
||||
@@ -42,6 +43,7 @@ int test_wolfSSL_X509V3_set_ctx(void);
|
||||
int test_wolfSSL_X509V3_EXT_get(void);
|
||||
int test_wolfSSL_X509V3_EXT_nconf(void);
|
||||
int test_wolfSSL_X509V3_EXT_bc(void);
|
||||
int test_wolfSSL_X509_get_ext_d2i_basic_constraints(void);
|
||||
int test_wolfSSL_X509V3_EXT_san(void);
|
||||
int test_wolfSSL_X509V3_EXT_aia(void);
|
||||
int test_wolfSSL_X509V3_EXT(void);
|
||||
@@ -62,6 +64,8 @@ int test_wolfSSL_NAME_CONSTRAINTS_excluded(void);
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_subj_alt_name), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_set_ext), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_add_ext), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", \
|
||||
test_wolfSSL_X509_add_ext_dirname_san_rejected), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_count), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_stack_extensions), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_new), \
|
||||
@@ -76,6 +80,8 @@ int test_wolfSSL_NAME_CONSTRAINTS_excluded(void);
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_get), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_nconf), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_bc), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", \
|
||||
test_wolfSSL_X509_get_ext_d2i_basic_constraints), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_san), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_aia), \
|
||||
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT), \
|
||||
|
||||
@@ -648,10 +648,12 @@ int test_wc_PKCS12_PBKDF(void)
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
|
||||
|
||||
/* iterations <= 0 must be rejected */
|
||||
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), BAD_FUNC_ARG);
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), -1, 24, WC_SHA256, 1), BAD_FUNC_ARG);
|
||||
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
@@ -717,12 +719,14 @@ int test_wc_PKCS12_PBKDF_ex(void)
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 3, NULL), 0);
|
||||
|
||||
/* iterations <= 0 must be rejected */
|
||||
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1, NULL),
|
||||
BAD_FUNC_ARG);
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), -1, 24, WC_SHA256, 1, NULL),
|
||||
BAD_FUNC_ARG);
|
||||
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
@@ -29,7 +29,8 @@ int test_wc_PBKDF1_ex_iterations(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PBKDF1) && !defined(NO_PWDBASED) && !defined(NO_SHA) && \
|
||||
!defined(HAVE_SELFTEST)
|
||||
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
|
||||
|
||||
static const byte passwd[] = { 'p', 'a', 's', 's' };
|
||||
static const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
|
||||
0x5d, 0x63, 0xcb, 0x06 };
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,54 @@
|
||||
/* test_session.h
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef WOLFCRYPT_TEST_SESSION_H
|
||||
#define WOLFCRYPT_TEST_SESSION_H
|
||||
|
||||
#include <tests/api/api_decl.h>
|
||||
|
||||
int test_wolfSSL_CTX_add_session(void);
|
||||
int test_wolfSSL_CTX_add_session_ext_tls13(void);
|
||||
int test_wolfSSL_CTX_add_session_ext_dtls13(void);
|
||||
int test_wolfSSL_CTX_add_session_ext_tls12(void);
|
||||
int test_wolfSSL_CTX_add_session_ext_dtls12(void);
|
||||
int test_wolfSSL_CTX_add_session_ext_tls11(void);
|
||||
int test_wolfSSL_CTX_add_session_ext_dtls1(void);
|
||||
int test_wolfSSL_SESSION(void);
|
||||
int test_wolfSSL_SESSION_expire_downgrade(void);
|
||||
int test_wolfSSL_CTX_sess_set_remove_cb(void);
|
||||
int test_wolfSSL_ticket_keys(void);
|
||||
int test_wolfSSL_SESSION_get_ex_new_index(void);
|
||||
|
||||
#define TEST_SESSION_DECLS \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_tls13), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_dtls13), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_tls12), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_dtls12), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_tls11), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_dtls1), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_SESSION), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_SESSION_expire_downgrade), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_CTX_sess_set_remove_cb), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_ticket_keys), \
|
||||
TEST_DECL_GROUP("session", test_wolfSSL_SESSION_get_ex_new_index)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_SESSION_H */
|
||||
@@ -6310,3 +6310,216 @@ int test_tls13_cipher_fuzz_aes128_ccm_8_sha256(void)
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* Regression test for the AEAD record-protection limit constants in
|
||||
* internal.h. The macros expand to w64From32(hi, lo). A prior version split
|
||||
* the intended 32-bit constants into 16-bit halves and passed each half as
|
||||
* a separate 32-bit argument, producing a 64-bit value many orders of
|
||||
* magnitude larger than RFC 8446 / RFC 9147 require. That made
|
||||
* CheckTLS13AEADSendLimit's key-update trigger effectively unreachable.
|
||||
* Compare against the hard-coded spec values so a recurrence is caught even
|
||||
* if the macro is reused on both sides of the comparison. */
|
||||
int test_tls13_AEAD_limit_macros(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS)
|
||||
w64wrapper limit;
|
||||
|
||||
/* RFC 8446 5.5: 2^24.5 ~= 23726566 (0x016A09E6). */
|
||||
limit = AEAD_AES_LIMIT;
|
||||
ExpectIntEQ(w64GetHigh32(limit), 0);
|
||||
ExpectIntEQ(w64GetLow32(limit), 0x016A09E6);
|
||||
|
||||
#ifdef WOLFSSL_DTLS13
|
||||
/* RFC 9147 (AES-CCM integrity): 2^23.5 ~= 11863283 (0x00B504F3). */
|
||||
limit = DTLS_AEAD_AES_CCM_FAIL_LIMIT;
|
||||
ExpectIntEQ(w64GetHigh32(limit), 0);
|
||||
ExpectIntEQ(w64GetLow32(limit), 0x00B504F3);
|
||||
|
||||
/* Key-update threshold is half the fail limit: 5931641 (0x005A8279). */
|
||||
limit = DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT;
|
||||
ExpectIntEQ(w64GetHigh32(limit), 0);
|
||||
ExpectIntEQ(w64GetLow32(limit), 0x005A8279);
|
||||
#endif
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
|
||||
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
|
||||
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
(defined(BUILD_TLS_AES_128_GCM_SHA256) || \
|
||||
defined(BUILD_TLS_AES_256_GCM_SHA384) || \
|
||||
defined(BUILD_TLS_AES_128_CCM_SHA256) || \
|
||||
defined(BUILD_TLS_AES_128_CCM_8_SHA256))
|
||||
/* Drive the client's encrypt sequence number towards the spec limit for
|
||||
* `suite` and verify CheckTLS13AEADSendLimit's KeyUpdate trigger fires at
|
||||
* exactly the right boundary.
|
||||
*
|
||||
* Two writes are exercised:
|
||||
* 1. Counter set to limit - 2. After the write the counter must read
|
||||
* limit - 1 (record incremented it by 1) and no KeyUpdate must have
|
||||
* been emitted. CheckTLS13AEADSendLimit uses `seq >= limit`, so neither
|
||||
* the pre-send check nor the trailing loop check (which runs once more
|
||||
* after the last record before wolfSSL_write exits) is allowed to fire.
|
||||
* 2. A second write follows with the counter already sitting at limit - 1
|
||||
* from the previous record. The user record goes out at seq = limit-1,
|
||||
* which bumps the counter to limit; the trailing limit check then
|
||||
* fires SendTls13KeyUpdate. SetKeysSide zeroes the encrypt counter, so
|
||||
* the post-write counter is 0.
|
||||
*
|
||||
* With the previous broken AEAD-limit macros the limit was unreachable, no
|
||||
* KeyUpdate would ever fire, and the counter would simply advance to
|
||||
* limit_lo + 1 in the second case instead of being reset.
|
||||
*
|
||||
* The AEAD nonce mixes in the record sequence number on both sides, so the
|
||||
* server's decrypt counter has to be advanced in lockstep with the client's
|
||||
* encrypt counter or the record fails the integrity check. */
|
||||
static int test_tls13_AEAD_limit_triggers_KeyUpdate_cs(const char* suite,
|
||||
word32 limit_hi, word32 limit_lo, int expected_bulk_cipher)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
struct test_memio_ctx test_ctx;
|
||||
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||
const char msg[] = "post-limit-record";
|
||||
char buf[sizeof(msg)];
|
||||
int written;
|
||||
|
||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||
test_ctx.c_ciphers = suite;
|
||||
test_ctx.s_ciphers = suite;
|
||||
|
||||
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
||||
wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
|
||||
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||
|
||||
if (EXPECT_SUCCESS() && ssl_c != NULL && ssl_s != NULL) {
|
||||
/* Sanity check: the negotiated bulk cipher matches what the caller
|
||||
* intends to exercise. If a build flag combination falls through to
|
||||
* a different suite, the limit constant would be wrong. */
|
||||
ExpectIntEQ(ssl_c->specs.bulk_cipher_algorithm, expected_bulk_cipher);
|
||||
|
||||
/* Stage the counters two below the limit so the first write stays
|
||||
* comfortably below the trigger threshold. */
|
||||
ssl_c->keys.sequence_number_hi = limit_hi;
|
||||
ssl_c->keys.sequence_number_lo = limit_lo - 2;
|
||||
ssl_s->keys.peer_sequence_number_hi = limit_hi;
|
||||
ssl_s->keys.peer_sequence_number_lo = limit_lo - 2;
|
||||
}
|
||||
|
||||
/* First write: below the limit, no KeyUpdate expected. */
|
||||
written = wolfSSL_write(ssl_c, msg, (int)sizeof(msg));
|
||||
ExpectIntEQ(written, (int)sizeof(msg));
|
||||
|
||||
if (EXPECT_SUCCESS() && ssl_c != NULL) {
|
||||
/* The record bumped the counter from limit-2 to limit-1. A
|
||||
* KeyUpdate would have zeroed it via SetKeysSide and bumped to 1. */
|
||||
ExpectIntEQ((int)ssl_c->keys.sequence_number_hi, (int)limit_hi);
|
||||
ExpectIntEQ(ssl_c->keys.sequence_number_lo, limit_lo - 1);
|
||||
}
|
||||
|
||||
/* Server consumes the below-limit record with its existing keys. */
|
||||
XMEMSET(buf, 0, sizeof(buf));
|
||||
ExpectIntEQ(wolfSSL_read(ssl_s, buf, (int)sizeof(buf)), (int)sizeof(msg));
|
||||
ExpectIntEQ(XMEMCMP(buf, msg, sizeof(msg)), 0);
|
||||
|
||||
/* Second write: the client's counter is now at limit-1. Sending this
|
||||
* record will push it to limit, at which point the trailing check
|
||||
* inside SendData's loop fires SendTls13KeyUpdate. No manual counter
|
||||
* adjustment is needed -- the counter is allowed to "naturally" reach
|
||||
* the limit through the previous send. */
|
||||
written = wolfSSL_write(ssl_c, msg, (int)sizeof(msg));
|
||||
ExpectIntEQ(written, (int)sizeof(msg));
|
||||
|
||||
if (EXPECT_SUCCESS() && ssl_c != NULL) {
|
||||
/* SendTls13KeyUpdate -> DeriveTls13Keys -> SetKeysSide zeroes the
|
||||
* encrypt sequence number. The user record went out before the
|
||||
* trigger fired, so no record was sent on the new keys. */
|
||||
ExpectIntEQ((int)ssl_c->keys.sequence_number_hi, 0);
|
||||
ExpectIntEQ((int)ssl_c->keys.sequence_number_lo, 0);
|
||||
}
|
||||
|
||||
/* The server reads the user record (sent under the pre-update keys at
|
||||
* seq = limit - 1) before it sees the KeyUpdate record. The KeyUpdate
|
||||
* is consumed transparently on a subsequent read; for the test we just
|
||||
* need to confirm the user data round-trips. */
|
||||
XMEMSET(buf, 0, sizeof(buf));
|
||||
{
|
||||
int r = -1, attempts;
|
||||
for (attempts = 0; attempts < 5; attempts++) {
|
||||
r = wolfSSL_read(ssl_s, buf, (int)sizeof(buf));
|
||||
if (r > 0)
|
||||
break;
|
||||
if (wolfSSL_get_error(ssl_s, r) != WOLFSSL_ERROR_WANT_READ)
|
||||
break;
|
||||
}
|
||||
ExpectIntEQ(r, (int)sizeof(msg));
|
||||
}
|
||||
ExpectIntEQ(XMEMCMP(buf, msg, sizeof(msg)), 0);
|
||||
|
||||
wolfSSL_free(ssl_c);
|
||||
wolfSSL_free(ssl_s);
|
||||
wolfSSL_CTX_free(ctx_c);
|
||||
wolfSSL_CTX_free(ctx_s);
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif
|
||||
|
||||
int test_tls13_AEAD_limit_KU_aes128_gcm_sha256(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
|
||||
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
|
||||
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(BUILD_TLS_AES_128_GCM_SHA256)
|
||||
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
|
||||
"TLS13-AES128-GCM-SHA256", 0, 0x016A09E6, wolfssl_aes_gcm),
|
||||
TEST_SUCCESS);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_tls13_AEAD_limit_KU_aes256_gcm_sha384(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
|
||||
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
|
||||
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(BUILD_TLS_AES_256_GCM_SHA384)
|
||||
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
|
||||
"TLS13-AES256-GCM-SHA384", 0, 0x016A09E6, wolfssl_aes_gcm),
|
||||
TEST_SUCCESS);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_tls13_AEAD_limit_KU_aes128_ccm_sha256(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
|
||||
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
|
||||
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(BUILD_TLS_AES_128_CCM_SHA256)
|
||||
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
|
||||
"TLS13-AES128-CCM-SHA256", 0, 0x016A09E6, wolfssl_aes_ccm),
|
||||
TEST_SUCCESS);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_tls13_AEAD_limit_KU_aes128_ccm_8_sha256(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
|
||||
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
|
||||
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(BUILD_TLS_AES_128_CCM_8_SHA256)
|
||||
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
|
||||
"TLS13-AES128-CCM-8-SHA256", 0, 0x016A09E6, wolfssl_aes_ccm),
|
||||
TEST_SUCCESS);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
|
||||
+11
-1
@@ -76,6 +76,11 @@ int test_tls13_cipher_fuzz_aes256_gcm_sha384(void);
|
||||
int test_tls13_cipher_fuzz_chacha20_poly1305_sha256(void);
|
||||
int test_tls13_cipher_fuzz_aes128_ccm_sha256(void);
|
||||
int test_tls13_cipher_fuzz_aes128_ccm_8_sha256(void);
|
||||
int test_tls13_AEAD_limit_macros(void);
|
||||
int test_tls13_AEAD_limit_KU_aes128_gcm_sha256(void);
|
||||
int test_tls13_AEAD_limit_KU_aes256_gcm_sha384(void);
|
||||
int test_tls13_AEAD_limit_KU_aes128_ccm_sha256(void);
|
||||
int test_tls13_AEAD_limit_KU_aes128_ccm_8_sha256(void);
|
||||
|
||||
#define TEST_TLS13_DECLS \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_apis), \
|
||||
@@ -129,6 +134,11 @@ int test_tls13_cipher_fuzz_aes128_ccm_8_sha256(void);
|
||||
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes256_gcm_sha384), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_chacha20_poly1305_sha256), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes128_ccm_sha256), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes128_ccm_8_sha256)
|
||||
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes128_ccm_8_sha256), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_macros), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes128_gcm_sha256), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes256_gcm_sha384), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes128_ccm_sha256), \
|
||||
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes128_ccm_8_sha256)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_TLS13_H */
|
||||
|
||||
@@ -87,6 +87,15 @@ int test_memio_modify_message_len(struct test_memio_ctx *ctx, int client, int ms
|
||||
int test_memio_remove_from_buffer(struct test_memio_ctx *ctx, int client, int off, int sz);
|
||||
#endif
|
||||
|
||||
/* Shared TLS server/client thread bodies, defined in tests/api.c. The
|
||||
* definitions are gated on ENABLE_TLS_CALLBACK_TEST (a composite condition
|
||||
* locally #defined inside api.c) or (WOLFSSL_DTLS && WOLFSSL_SESSION_EXPORT).
|
||||
* Declared unconditionally here so api.c itself sees the prototype regardless
|
||||
* of which side of the local #define triggers; absent the definition the
|
||||
* prototypes are harmless and any caller would get a link error. */
|
||||
THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args);
|
||||
void run_wolfssl_client(void* args);
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
|
||||
defined(DEBUG_UNIT_TEST_CERTS)
|
||||
void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName);
|
||||
|
||||
@@ -1298,9 +1298,6 @@ static const bench_alg bench_other_opt[] = {
|
||||
#endif
|
||||
{ NULL, 0}
|
||||
};
|
||||
#endif /* MAIN_NO_ARGS */
|
||||
|
||||
#endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */
|
||||
|
||||
#if defined(BENCH_PQ_STATEFUL_HBS)
|
||||
typedef struct bench_pq_hash_sig_alg {
|
||||
@@ -1353,6 +1350,10 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = {
|
||||
};
|
||||
#endif /* BENCH_PQ_STATEFUL_HBS */
|
||||
|
||||
#endif /* MAIN_NO_ARGS */
|
||||
|
||||
#endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */
|
||||
|
||||
#if !defined(WOLFSSL_BENCHMARK_ALL) && !defined(MAIN_NO_ARGS)
|
||||
#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
|
||||
defined(WOLFSSL_HAVE_MLDSA)
|
||||
|
||||
+262
-19
@@ -977,6 +977,30 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
|
||||
}
|
||||
#endif /* HAVE_AES_DECRYPT && WOLFSSL_AES_DIRECT */
|
||||
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
|
||||
#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) || \
|
||||
defined(WOLFSSL_AESGCM_STREAM) || defined(HAVE_AESGCM)
|
||||
static WARN_UNUSED_RESULT int wc_AesEncrypt(Aes* aes, const byte* inBlock,
|
||||
byte* outBlock)
|
||||
{
|
||||
AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
|
||||
(int)aes->rounds);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT)
|
||||
static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
|
||||
byte* outBlock)
|
||||
{
|
||||
AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
|
||||
(int)aes->rounds);
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_AES_DECRYPT && WOLFSSL_AES_DIRECT */
|
||||
|
||||
#elif defined(FREESCALE_MMCAU)
|
||||
/* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes
|
||||
* through the CAU/mmCAU library. Documentation located in
|
||||
@@ -1285,12 +1309,14 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
|
||||
#if !defined(WOLFSSL_ESP32_CRYPT) || \
|
||||
(defined(NO_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES) || \
|
||||
defined(NEED_AES_HW_FALLBACK))
|
||||
#ifndef WOLFSSL_PPC64_ASM
|
||||
static const FLASH_QUALIFIER word32 rcon[] = {
|
||||
0x01000000, 0x02000000, 0x04000000, 0x08000000,
|
||||
0x10000000, 0x20000000, 0x40000000, 0x80000000,
|
||||
0x1B000000, 0x36000000,
|
||||
/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
|
||||
};
|
||||
#endif
|
||||
#endif /* ESP32 */
|
||||
#endif /* __aarch64__ || !WOLFSSL_ARMASM */
|
||||
|
||||
@@ -4637,6 +4663,102 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
|
||||
return AesSetKey(aes, userKey, keylen, iv, dir);
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
|
||||
/* AES-CTR and AES-DIRECT need to use this for key setup */
|
||||
/* This function allows key sizes that are not 128/192/256 bits */
|
||||
int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
|
||||
const byte* iv, int dir)
|
||||
{
|
||||
if (aes == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
if (keylen > sizeof(aes->key)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
return AesSetKey(aes, userKey, keylen, iv, dir);
|
||||
}
|
||||
#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
static int AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
|
||||
const byte* iv, int dir)
|
||||
{
|
||||
#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
|
||||
defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \
|
||||
defined(WOLFSSL_AES_CTS)
|
||||
aes->left = 0;
|
||||
#endif
|
||||
|
||||
aes->keylen = (int)keylen;
|
||||
aes->rounds = (keylen/4) + 6;
|
||||
|
||||
AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
|
||||
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
if (dir == AES_DECRYPTION) {
|
||||
AES_invert_key((byte*)aes->key, aes->rounds);
|
||||
}
|
||||
#else
|
||||
(void)dir;
|
||||
#endif
|
||||
return wc_AesSetIV(aes, iv);
|
||||
}
|
||||
|
||||
int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
|
||||
const byte* iv, int dir)
|
||||
{
|
||||
if ((aes == NULL) || (userKey == NULL)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
switch (keylen) {
|
||||
#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \
|
||||
defined(WOLFSSL_AES_128)
|
||||
case 16:
|
||||
#endif
|
||||
#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \
|
||||
defined(WOLFSSL_AES_192)
|
||||
case 24:
|
||||
#endif
|
||||
#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \
|
||||
defined(WOLFSSL_AES_256)
|
||||
case 32:
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (aes->devId != INVALID_DEVID) {
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
|
||||
if (ret == 0) {
|
||||
/* Callback succeeded - SE owns the key */
|
||||
aes->keylen = (int)keylen;
|
||||
if (iv != NULL)
|
||||
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
|
||||
else
|
||||
XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
|
||||
return 0;
|
||||
}
|
||||
else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
||||
aes->devCtx = NULL;
|
||||
return ret;
|
||||
}
|
||||
/* CRYPTOCB_UNAVAILABLE: continue to software setup */
|
||||
#endif
|
||||
/* Standard CryptoCB path - copy key to devKey for encrypt/decrypt offload */
|
||||
if (keylen > sizeof(aes->devKey)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
XMEMCPY(aes->devKey, userKey, keylen);
|
||||
}
|
||||
#endif
|
||||
|
||||
return AesSetKey(aes, userKey, keylen, iv, dir);
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
|
||||
/* AES-CTR and AES-DIRECT need to use this for key setup */
|
||||
/* This function allows key sizes that are not 128/192/256 bits */
|
||||
@@ -6598,7 +6720,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
||||
|
||||
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
#if !defined(WOLFSSL_ARMASM)
|
||||
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
|
||||
word32 blocks;
|
||||
int ret;
|
||||
#endif
|
||||
@@ -6611,7 +6733,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_ARMASM)
|
||||
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
|
||||
blocks = sz / WC_AES_BLOCK_SIZE;
|
||||
#endif
|
||||
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
|
||||
@@ -6687,6 +6809,10 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key,
|
||||
aes->rounds, (unsigned char*)aes->reg);
|
||||
return 0;
|
||||
#else
|
||||
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
|
||||
/* Implemented in wolfcrypt/src/port/nxp/se050_port.c */
|
||||
@@ -6788,7 +6914,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
/* Software AES - CBC Decrypt */
|
||||
int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
#if !defined(WOLFSSL_ARMASM)
|
||||
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
|
||||
word32 blocks;
|
||||
int ret;
|
||||
#endif
|
||||
@@ -6816,7 +6942,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_ARMASM)
|
||||
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
|
||||
blocks = sz / WC_AES_BLOCK_SIZE;
|
||||
#endif
|
||||
if (sz % WC_AES_BLOCK_SIZE) {
|
||||
@@ -6909,6 +7035,10 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
#endif
|
||||
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
|
||||
return 0;
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key,
|
||||
aes->rounds, (unsigned char*)aes->reg);
|
||||
return 0;
|
||||
#else
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
|
||||
@@ -7266,7 +7396,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
#endif
|
||||
#if !defined(WOLFSSL_ARMASM)
|
||||
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
|
||||
int ret = 0;
|
||||
#endif
|
||||
word32 processed;
|
||||
@@ -7389,6 +7519,47 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
}
|
||||
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
|
||||
return 0;
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
{
|
||||
word32 numBlocks;
|
||||
byte* tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
|
||||
/* consume any unused bytes left in aes->tmp */
|
||||
while ((aes->left != 0) && (sz != 0)) {
|
||||
*(out++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
sz--;
|
||||
}
|
||||
|
||||
/* do as many block size ops as possible */
|
||||
numBlocks = sz / WC_AES_BLOCK_SIZE;
|
||||
if (numBlocks > 0) {
|
||||
AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE,
|
||||
(byte*)aes->key, aes->rounds, (byte*)aes->reg);
|
||||
|
||||
sz -= numBlocks * WC_AES_BLOCK_SIZE;
|
||||
out += numBlocks * WC_AES_BLOCK_SIZE;
|
||||
in += numBlocks * WC_AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
/* handle non block size remaining */
|
||||
if (sz) {
|
||||
byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0 };
|
||||
|
||||
AES_CTR_encrypt(zeros, (byte*)aes->tmp,
|
||||
WC_AES_BLOCK_SIZE, (byte*)aes->key, aes->rounds,
|
||||
(byte*)aes->reg);
|
||||
|
||||
aes->left = WC_AES_BLOCK_SIZE;
|
||||
tmp = (byte*)aes->tmp;
|
||||
|
||||
while (sz--) {
|
||||
*(out++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
#else
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
|
||||
@@ -7640,6 +7811,13 @@ void GenerateM0(Gcm* gcm)
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_PPC64_ASM)
|
||||
for (i = 1; i < 256; i++) {
|
||||
word64* m64 = (word64*)gcm->M0[i];
|
||||
m64[0] = ByteReverseWord64(m64[0]);
|
||||
m64[1] = ByteReverseWord64(m64[1]);
|
||||
}
|
||||
#endif
|
||||
XMEMSET(m[0], 0, WC_AES_BLOCK_SIZE);
|
||||
}
|
||||
|
||||
@@ -7725,7 +7903,6 @@ void GenerateM0(Gcm* gcm)
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
#endif /* GCM_TABLE */
|
||||
@@ -8125,6 +8302,37 @@ static void GCM_gmult_len_armasm_C(
|
||||
#elif defined(WOLFSSL_ARMASM)
|
||||
#define GCM_GMULT_LEN(gcm, x, a, len) \
|
||||
GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len)
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
static void GCM_gmult_len_armasm_C(
|
||||
byte* x, const byte* h, const unsigned char* a, unsigned long len)
|
||||
{
|
||||
byte Z[AES_BLOCK_SIZE];
|
||||
byte V[AES_BLOCK_SIZE];
|
||||
int i;
|
||||
int j;
|
||||
|
||||
while (len >= AES_BLOCK_SIZE) {
|
||||
xorbuf(x, a, AES_BLOCK_SIZE);
|
||||
XMEMSET(Z, 0, AES_BLOCK_SIZE);
|
||||
XMEMCPY(V, x, AES_BLOCK_SIZE);
|
||||
for (i = 0; i < AES_BLOCK_SIZE; i++) {
|
||||
byte y = h[i];
|
||||
for (j = 0; j < 8; j++) {
|
||||
if (y & 0x80) {
|
||||
xorbuf(Z, V, AES_BLOCK_SIZE);
|
||||
}
|
||||
RIGHTSHIFTX(V);
|
||||
y = y << 1;
|
||||
}
|
||||
}
|
||||
XMEMCPY(x, Z, AES_BLOCK_SIZE);
|
||||
len -= AES_BLOCK_SIZE;
|
||||
a += AES_BLOCK_SIZE;
|
||||
}
|
||||
}
|
||||
|
||||
#define GCM_GMULT_LEN(gcm, x, a, len) \
|
||||
GCM_gmult_len_armasm_C(x, (gcm)->H, a, len)
|
||||
#endif
|
||||
|
||||
#elif defined(GCM_TABLE)
|
||||
@@ -8138,6 +8346,9 @@ static void GCM_gmult_len_armasm_C(
|
||||
#define GCM_GMULT_LEN(gcm, x, a, len) \
|
||||
GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len)
|
||||
#endif
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
#define GCM_GMULT_LEN(gcm, x, a, len) \
|
||||
GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len)
|
||||
#else
|
||||
ALIGN16 static const byte R[256][2] = {
|
||||
{0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
|
||||
@@ -8400,7 +8611,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
/* end GCM_TABLE */
|
||||
#elif defined(GCM_TABLE_4BIT)
|
||||
|
||||
/* ARM assembly */
|
||||
#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \
|
||||
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
|
||||
#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__)
|
||||
@@ -8414,6 +8625,14 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
|
||||
#define GMULT(x, m) \
|
||||
GCM_gmult(x, (const byte**)m)
|
||||
#endif
|
||||
|
||||
/* PPC64 assembly */
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
#define GCM_GMULT_LEN(gcm, x, a, len) \
|
||||
GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len)
|
||||
#define GMULT(x, m) \
|
||||
GCM_gmult(x, (const byte**)m)
|
||||
|
||||
#else
|
||||
/* remainder = x^7 + x^2 + x^1 + 1 => 0xe1
|
||||
* R shifts right a reverse bit pair of bytes such that:
|
||||
@@ -9928,7 +10147,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
|
||||
|
||||
#endif /* STM32_CRYPTO_AES_GCM */
|
||||
|
||||
#if !defined(WOLFSSL_ARMASM)
|
||||
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
|
||||
#ifdef WOLFSSL_AESNI
|
||||
/* For performance reasons, this code needs to be not inlined. */
|
||||
WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
|
||||
@@ -10048,8 +10267,9 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
|
||||
|
||||
return ret;
|
||||
}
|
||||
#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
|
||||
static int AES_GCM_encrypt_ARM(Aes* aes, byte* out, const byte* in,
|
||||
#elif (defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) || \
|
||||
defined(WOLFSSL_PPC64_ASM)
|
||||
static int AES_GCM_encrypt_ASM(Aes* aes, byte* out, const byte* in,
|
||||
word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
|
||||
const byte* authIn, word32 authInSz)
|
||||
{
|
||||
@@ -10305,10 +10525,13 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
|
||||
#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
|
||||
{
|
||||
ret = AES_GCM_encrypt_ARM(aes, out, in, sz, iv, ivSz, authTag,
|
||||
ret = AES_GCM_encrypt_ASM(aes, out, in, sz, iv, ivSz, authTag,
|
||||
authTagSz, authIn, authInSz);
|
||||
}
|
||||
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
ret = AES_GCM_encrypt_ASM(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
|
||||
authIn, authInSz);
|
||||
#else
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
@@ -10653,7 +10876,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
|
||||
|
||||
#endif /* STM32_CRYPTO_AES_GCM */
|
||||
|
||||
#if !defined(WOLFSSL_ARMASM)
|
||||
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
|
||||
#ifdef WOLFSSL_AESNI
|
||||
/* For performance reasons, this code needs to be not inlined. */
|
||||
int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
|
||||
@@ -10802,8 +11025,9 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
|
||||
static int AES_GCM_decrypt_ARM(Aes* aes, byte* out, const byte* in,
|
||||
#elif (defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) || \
|
||||
defined(WOLFSSL_PPC64_ASM)
|
||||
static int AES_GCM_decrypt_ASM(Aes* aes, byte* out, const byte* in,
|
||||
word32 sz, const byte* iv, word32 ivSz, const byte* authTag,
|
||||
word32 authTagSz, const byte* authIn, word32 authInSz)
|
||||
{
|
||||
@@ -11057,10 +11281,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
|
||||
#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
|
||||
{
|
||||
ret = AES_GCM_decrypt_ARM(aes, out, in, sz, iv, ivSz, authTag,
|
||||
ret = AES_GCM_decrypt_ASM(aes, out, in, sz, iv, ivSz, authTag,
|
||||
authTagSz, authIn, authInSz);
|
||||
}
|
||||
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
{
|
||||
ret = AES_GCM_decrypt_ASM(aes, out, in, sz, iv, ivSz, authTag,
|
||||
authTagSz, authIn, authInSz);
|
||||
}
|
||||
#else
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
@@ -14233,6 +14462,9 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
|
||||
aes->rounds);
|
||||
}
|
||||
#endif
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
AES_ECB_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds);
|
||||
ret = 0;
|
||||
#else
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
@@ -14325,6 +14557,9 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
|
||||
aes->rounds);
|
||||
}
|
||||
#endif
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
AES_ECB_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds);
|
||||
ret = 0;
|
||||
#else
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
@@ -15584,8 +15819,8 @@ static WARN_UNUSED_RESULT int _AesXtsHelper(
|
||||
*/
|
||||
/* Software AES - XTS Encrypt */
|
||||
|
||||
#if !defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
|
||||
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
|
||||
#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
|
||||
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))) && !defined(WOLFSSL_PPC64_ASM)
|
||||
static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
|
||||
word32 sz,
|
||||
byte *i);
|
||||
@@ -15825,6 +16060,10 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
||||
ret = 0;
|
||||
}
|
||||
#endif
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
AES_XTS_encrypt(in, out, sz, i, (byte*)xaes->aes.key,
|
||||
(byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds);
|
||||
ret = 0;
|
||||
#else
|
||||
ret = AesXtsEncrypt_sw(xaes, out, in, sz, i);
|
||||
#endif
|
||||
@@ -16043,8 +16282,8 @@ int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
||||
*/
|
||||
/* Software AES - XTS Decrypt */
|
||||
|
||||
#if !defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
|
||||
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
|
||||
#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
|
||||
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))) && !defined(WOLFSSL_PPC64_ASM)
|
||||
static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
|
||||
word32 sz, byte *i);
|
||||
|
||||
@@ -16302,6 +16541,10 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
||||
ret = 0;
|
||||
}
|
||||
#endif
|
||||
#elif defined(WOLFSSL_PPC64_ASM)
|
||||
AES_XTS_decrypt(in, out, sz, i, (byte*)xaes->aes.key,
|
||||
(byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds);
|
||||
ret = 0;
|
||||
#else
|
||||
ret = AesXtsDecrypt_sw(xaes, out, in, sz, i);
|
||||
#endif
|
||||
|
||||
+317
-34
@@ -8743,9 +8743,8 @@ int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, int* keySz,
|
||||
#endif /* NO_RSA */
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
/* ASN.1 template for a PKCS #8 key.
|
||||
* Ignoring optional attributes and public key.
|
||||
* PKCS #8: RFC 5958, 2 - PrivateKeyInfo
|
||||
/* ASN.1 template for a PKCS #8 PrivateKeyInfo / RFC 5958 OneAsymmetricKey.
|
||||
* Includes the optional [0] attributes and [1] publicKey trailing fields.
|
||||
*/
|
||||
static const ASNItem pkcs8KeyASN[] = {
|
||||
/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
|
||||
@@ -8758,9 +8757,10 @@ static const ASNItem pkcs8KeyASN[] = {
|
||||
/* PKEY_ALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 },
|
||||
#endif
|
||||
/* PKEY_DATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
|
||||
/* OPTIONAL Attributes IMPLICIT [0] */
|
||||
/* Attributes [0] OPTIONAL */
|
||||
{ 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
|
||||
/* [[2: publicKey [1] PublicKey OPTIONAL ]] */
|
||||
/* publicKey [1] OPTIONAL */
|
||||
{ 1, ASN_CONTEXT_SPECIFIC | 1, 0, 0, 1 },
|
||||
};
|
||||
enum {
|
||||
PKCS8KEYASN_IDX_SEQ = 0,
|
||||
@@ -8774,6 +8774,7 @@ enum {
|
||||
#endif
|
||||
PKCS8KEYASN_IDX_PKEY_DATA,
|
||||
PKCS8KEYASN_IDX_PKEY_ATTRIBUTES,
|
||||
PKCS8KEYASN_IDX_PKEY_PUBKEY,
|
||||
WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX)
|
||||
};
|
||||
|
||||
@@ -8833,13 +8834,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
|
||||
/* Key type OID. */
|
||||
oid = dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY].data.oid.sum;
|
||||
|
||||
/* Version 1 includes an optional public key.
|
||||
* If public key is included then the parsing will fail as it did not
|
||||
* use all the data.
|
||||
*/
|
||||
/* Only v1(0) and v2(1) are supported (RFC 5958). The [1] publicKey
|
||||
* trailer is permitted only when version == v1. */
|
||||
if (version > PKCS8v1) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
else if ((version < PKCS8v1) &&
|
||||
(dataASN[PKCS8KEYASN_IDX_PKEY_PUBKEY].tag != 0)) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
switch (oid) {
|
||||
@@ -8935,9 +8938,71 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
/* DSAk not supported. */
|
||||
/* Falcon, Dilithium and SLH-DSA not supported. */
|
||||
/* Ignore OID lookup failures. */
|
||||
#ifdef HAVE_FALCON
|
||||
case FALCON_LEVEL1k:
|
||||
case FALCON_LEVEL5k:
|
||||
/* Neither NULL item nor OBJECT_ID item allowed. */
|
||||
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
|
||||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
#endif
|
||||
case ML_DSA_LEVEL2k:
|
||||
case ML_DSA_LEVEL3k:
|
||||
case ML_DSA_LEVEL5k:
|
||||
/* Neither NULL item nor OBJECT_ID item allowed. */
|
||||
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
|
||||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_HAVE_SLHDSA
|
||||
case SLH_DSA_SHA2_128Sk:
|
||||
case SLH_DSA_SHA2_128Fk:
|
||||
case SLH_DSA_SHA2_192Sk:
|
||||
case SLH_DSA_SHA2_192Fk:
|
||||
case SLH_DSA_SHA2_256Sk:
|
||||
case SLH_DSA_SHA2_256Fk:
|
||||
case SLH_DSA_SHAKE_128Sk:
|
||||
case SLH_DSA_SHAKE_128Fk:
|
||||
case SLH_DSA_SHAKE_192Sk:
|
||||
case SLH_DSA_SHAKE_192Fk:
|
||||
case SLH_DSA_SHAKE_256Sk:
|
||||
case SLH_DSA_SHAKE_256Fk:
|
||||
/* Neither NULL item nor OBJECT_ID item allowed. */
|
||||
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
|
||||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_HAVE_LMS
|
||||
case HSS_LMSk:
|
||||
/* Neither NULL item nor OBJECT_ID item allowed. */
|
||||
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
|
||||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_HAVE_XMSS
|
||||
case XMSSk:
|
||||
/* Neither NULL item nor OBJECT_ID item allowed. */
|
||||
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
|
||||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
/* Other OIDs (DSAk), no parameter validation. */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -9037,9 +9102,9 @@ int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz)
|
||||
int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
|
||||
int algoID, const byte* curveOID, word32 oidSz)
|
||||
{
|
||||
/* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional
|
||||
* set of attributes */
|
||||
DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1);
|
||||
/* pkcs8KeyASN_Length-2, the -2 is because we are not adding the optional
|
||||
* set of attributes or publicKey */
|
||||
DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-2);
|
||||
word32 sz = 0;
|
||||
int ret = 0;
|
||||
word32 keyIdx = 0;
|
||||
@@ -9066,7 +9131,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
|
||||
#endif
|
||||
|
||||
if (ret == 0)
|
||||
CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL);
|
||||
CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-2, ret, NULL);
|
||||
|
||||
if (ret == 0) {
|
||||
/* Only support default PKCS #8 format - v0. */
|
||||
@@ -9092,7 +9157,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
|
||||
SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz);
|
||||
|
||||
/* Get the size of the DER encoding. */
|
||||
ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz);
|
||||
ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-2, &sz);
|
||||
}
|
||||
if ((ret == 0) || (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
|
||||
/* Always return the calculated size. */
|
||||
@@ -9105,7 +9170,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Encode PKCS #8 key into buffer. */
|
||||
SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out);
|
||||
SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-2, out);
|
||||
ret = (int)sz;
|
||||
}
|
||||
|
||||
@@ -17833,12 +17898,31 @@ int wolfssl_local_MatchBaseName(int type, const char* name, int nameSz,
|
||||
const char* base, int baseSz)
|
||||
{
|
||||
if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 ||
|
||||
name[0] == '.' || nameSz < baseSz ||
|
||||
name[0] == '.' ||
|
||||
(type != ASN_RFC822_TYPE && type != ASN_DNS_TYPE &&
|
||||
type != ASN_DIR_TYPE)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (type == ASN_DNS_TYPE) {
|
||||
/* MatchDomainName treats one trailing dot as the absolute-FQDN marker.
|
||||
* Apply the same normalization before enforcing DNS name constraints.
|
||||
*/
|
||||
if (name[nameSz - 1] == '.') {
|
||||
nameSz--;
|
||||
}
|
||||
if (base[baseSz - 1] == '.') {
|
||||
baseSz--;
|
||||
}
|
||||
if (nameSz <= 0 || baseSz <= 0) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (nameSz < baseSz) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (type == ASN_DIR_TYPE)
|
||||
return XMEMCMP(name, base, (size_t)baseSz) == 0;
|
||||
|
||||
@@ -17927,8 +18011,8 @@ int wolfssl_local_MatchBaseName(int type, const char* name, int nameSz,
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int MatchUriNameConstraint(const char* uri, int uriSz, const char* base,
|
||||
int baseSz)
|
||||
int wolfssl_local_MatchUriNameConstraint(const char* uri, int uriSz,
|
||||
const char* base, int baseSz)
|
||||
{
|
||||
const char* hostStart;
|
||||
const char* hostEnd;
|
||||
@@ -17936,7 +18020,10 @@ static int MatchUriNameConstraint(const char* uri, int uriSz, const char* base,
|
||||
const char* uriEnd;
|
||||
int hostSz;
|
||||
|
||||
if (uri == NULL || uriSz <= 0 || base == NULL || baseSz <= 0) {
|
||||
/* Need at least 3 bytes for the "://" scheme separator; rejecting short
|
||||
* inputs early also keeps the loop bound (uriEnd - 2) from forming a
|
||||
* pointer before `uri`. */
|
||||
if (uri == NULL || uriSz < 3 || base == NULL || baseSz <= 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -17992,8 +18079,168 @@ static int MatchUriNameConstraint(const char* uri, int uriSz, const char* base,
|
||||
return 0;
|
||||
}
|
||||
|
||||
return wolfssl_local_MatchBaseName(ASN_DNS_TYPE, hostStart, hostSz, base,
|
||||
baseSz);
|
||||
/* RFC 5280 4.2.1.10: for URIs the constraint applies to the host part.
|
||||
* A constraint that begins with a '.' matches any host with one or more
|
||||
* additional leading labels (the bare host is excluded) - this is the
|
||||
* DNS subtree behaviour. A constraint without a leading '.' specifies a
|
||||
* single host and must match it exactly. */
|
||||
if (base[0] == '.') {
|
||||
return wolfssl_local_MatchBaseName(ASN_DNS_TYPE, hostStart, hostSz,
|
||||
base, baseSz);
|
||||
}
|
||||
else {
|
||||
int i;
|
||||
if (hostSz != baseSz) {
|
||||
return 0;
|
||||
}
|
||||
for (i = 0; i < baseSz; i++) {
|
||||
if (XTOLOWER((unsigned char)hostStart[i]) !=
|
||||
XTOLOWER((unsigned char)base[i])) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Locate the right-most label of `s` that ends (exclusive) at index `end`.
|
||||
* Sets *outStart to its starting index (the index of its first byte). If
|
||||
* outHasWild is non-NULL, sets *outHasWild to 1 iff the label contains '*'.
|
||||
* The '.' immediately before *outStart (if any) is the label separator and is
|
||||
* not part of either the current or the preceding label. */
|
||||
static void PrevDnsLabel(const char* s, int end, int* outStart,
|
||||
int* outHasWild)
|
||||
{
|
||||
int start = end;
|
||||
int hasWild = 0;
|
||||
while (start > 0 && s[start - 1] != '.') {
|
||||
if (s[start - 1] == '*') {
|
||||
hasWild = 1;
|
||||
}
|
||||
start--;
|
||||
}
|
||||
*outStart = start;
|
||||
if (outHasWild != NULL) {
|
||||
*outHasWild = hasWild;
|
||||
}
|
||||
}
|
||||
|
||||
/* Match a wildcard DNS SAN against a DNS name-constraint subtree.
|
||||
*
|
||||
* A wildcard SAN denotes the set of names its '*'(s) can expand to. Because a
|
||||
* '*' never crosses a label boundary (see MatchDomainName), every expansion
|
||||
* has the same number of labels and only the content of '*'-bearing labels
|
||||
* varies. Matching is therefore done label-by-label from the right against the
|
||||
* constraint base.
|
||||
*
|
||||
* permitted != 0: containment. Accept only if EVERY expansion stays inside the
|
||||
* subtree, i.e. each of the right-most base-length labels of the name is
|
||||
* wildcard-free and equal to the corresponding base label. Extra labels to
|
||||
* the left may be anything (adding labels on the left stays in-subtree).
|
||||
*
|
||||
* permitted == 0: intersection (for excluded subtrees). Reject if SOME
|
||||
* expansion falls inside the subtree. A label containing a '*' is
|
||||
* conservatively treated as able to match any single base label; a literal
|
||||
* label must equal the base label.
|
||||
*
|
||||
* A leading '.' on the base denotes a proper subtree (the apex is excluded),
|
||||
* which requires at least one extra label on the left of the name.
|
||||
*
|
||||
* Returns 1 on match (contained / intersecting), 0 otherwise.
|
||||
*/
|
||||
int wolfssl_local_MatchDnsConstraintWildcard(const char* name, int nameSz,
|
||||
const char* base, int baseSz, int permitted)
|
||||
{
|
||||
int baseLead;
|
||||
int ni, bi;
|
||||
|
||||
if (name == NULL || base == NULL || nameSz <= 0 || baseSz <= 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* MatchDomainName treats one trailing dot as the absolute-FQDN marker.
|
||||
* Apply the same normalization before label-wise constraint matching.
|
||||
*/
|
||||
if (name[nameSz - 1] == '.') {
|
||||
nameSz--;
|
||||
}
|
||||
if (base[baseSz - 1] == '.') {
|
||||
baseSz--;
|
||||
}
|
||||
if (nameSz <= 0 || baseSz <= 0 || name[0] == '.') {
|
||||
return 0;
|
||||
}
|
||||
|
||||
baseLead = (base[0] == '.');
|
||||
if (baseLead) {
|
||||
base++;
|
||||
baseSz--;
|
||||
}
|
||||
/* A base of only dots (".", "..") has no labels to match. */
|
||||
if (baseSz <= 0 || base[0] == '.') {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ni = nameSz; /* exclusive end of the unconsumed name */
|
||||
bi = baseSz; /* exclusive end of the unconsumed base */
|
||||
|
||||
/* Compare each base label (right to left) with the aligned name label. */
|
||||
while (bi > 0) {
|
||||
int nStart, bStart, nLen, bLen, k;
|
||||
int hasWild = 0;
|
||||
|
||||
/* Base labels remain but the name has none left -> name is shorter in
|
||||
* labels and cannot contain the base. */
|
||||
if (ni <= 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
PrevDnsLabel(name, ni, &nStart, &hasWild);
|
||||
PrevDnsLabel(base, bi, &bStart, NULL);
|
||||
nLen = ni - nStart;
|
||||
bLen = bi - bStart;
|
||||
|
||||
/* Empty label (e.g. "a..b" or an extra trailing dot) is invalid. */
|
||||
if (nLen == 0 || bLen == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (hasWild) {
|
||||
/* permitted: a wildcard label cannot prove containment.
|
||||
* excluded: a wildcard label is conservatively treated as
|
||||
* compatible, so nothing more to check. */
|
||||
if (permitted) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* Literal label: both modes require exact case-insensitive
|
||||
* equality with the base label. */
|
||||
if (nLen != bLen) {
|
||||
return 0;
|
||||
}
|
||||
for (k = 0; k < bLen; k++) {
|
||||
if (XTOLOWER((unsigned char)name[nStart + k]) !=
|
||||
XTOLOWER((unsigned char)base[bStart + k])) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Consume both labels and the '.' that precedes them (if any). */
|
||||
ni = nStart - 1;
|
||||
bi = bStart - 1;
|
||||
}
|
||||
|
||||
/* All base labels matched. ni >= 0 means name[ni] == '.' and at least one
|
||||
* extra label remains on the left; ni < 0 means the name had exactly the
|
||||
* base's label count (an apex match). A leading-dot base is a proper
|
||||
* subtree and requires at least one extra left label. */
|
||||
if (baseLead && ni < 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Check if IP address matches a name constraint.
|
||||
@@ -18046,6 +18293,18 @@ static int MatchOtherNameConstraint(DNS_entry* name, Base_entry* current)
|
||||
return XMEMCMP(name->name, current->name, (size_t)current->nameSz) == 0;
|
||||
}
|
||||
|
||||
/* Return 1 if the name contains a wildcard '*' character. */
|
||||
static int DnsNameHasWildcard(const char* name, int nameSz)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < nameSz; i++) {
|
||||
if (name[i] == '*') {
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Search through the list to find if the name is permitted.
|
||||
* name The DNS name to search for
|
||||
* dnsList The list to search through
|
||||
@@ -18073,7 +18332,7 @@ static int PermittedListOk(DNS_entry* name, Base_entry* dnsList, byte nameType)
|
||||
}
|
||||
}
|
||||
else if (nameType == ASN_URI_TYPE) {
|
||||
if (MatchUriNameConstraint(name->name, name->len,
|
||||
if (wolfssl_local_MatchUriNameConstraint(name->name, name->len,
|
||||
current->name, current->nameSz)) {
|
||||
match = 1;
|
||||
break;
|
||||
@@ -18096,6 +18355,17 @@ static int PermittedListOk(DNS_entry* name, Base_entry* dnsList, byte nameType)
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (nameType == ASN_DNS_TYPE &&
|
||||
DnsNameHasWildcard(name->name, name->len)) {
|
||||
/* Wildcard DNS SAN: a '*' can expand to a longer label, so the
|
||||
* byte-length guard used for literal names below is invalid.
|
||||
* Permit only if every expansion stays inside the subtree. */
|
||||
if (wolfssl_local_MatchDnsConstraintWildcard(name->name,
|
||||
name->len, current->name, current->nameSz, 1)) {
|
||||
match = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (name->len >= current->nameSz &&
|
||||
wolfssl_local_MatchBaseName(nameType, name->name, name->len,
|
||||
current->name, current->nameSz)) {
|
||||
@@ -18137,7 +18407,7 @@ static int IsInExcludedList(DNS_entry* name, Base_entry* dnsList, byte nameType)
|
||||
}
|
||||
}
|
||||
else if (nameType == ASN_URI_TYPE) {
|
||||
if (MatchUriNameConstraint(name->name, name->len,
|
||||
if (wolfssl_local_MatchUriNameConstraint(name->name, name->len,
|
||||
current->name, current->nameSz)) {
|
||||
ret = 1;
|
||||
break;
|
||||
@@ -18159,6 +18429,17 @@ static int IsInExcludedList(DNS_entry* name, Base_entry* dnsList, byte nameType)
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (nameType == ASN_DNS_TYPE &&
|
||||
DnsNameHasWildcard(name->name, name->len)) {
|
||||
/* Wildcard DNS SAN: a '*' can expand to a longer label, so the
|
||||
* byte-length guard used for literal names below is invalid.
|
||||
* Exclude if any expansion can fall inside the subtree. */
|
||||
if (wolfssl_local_MatchDnsConstraintWildcard(name->name,
|
||||
name->len, current->name, current->nameSz, 0)) {
|
||||
ret = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (name->len >= current->nameSz &&
|
||||
wolfssl_local_MatchBaseName(nameType, name->name, name->len,
|
||||
current->name, current->nameSz)) {
|
||||
@@ -18579,7 +18860,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
|
||||
}
|
||||
WOLFSSL_MSG("\tPutting URI into list but not using");
|
||||
|
||||
#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
|
||||
#ifndef WOLFSSL_NO_ASN_STRICT
|
||||
/* Verify RFC 5280 Sec 4.2.1.6 rule:
|
||||
"The name MUST NOT be a relative URI"
|
||||
As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
|
||||
@@ -18595,9 +18876,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
|
||||
break;
|
||||
}
|
||||
if (input[idx + (word32)i] == '/') {
|
||||
i = len; /* error, found relative path since '/' was
|
||||
* encountered before ':'. Returning error
|
||||
* value in next if statement. */
|
||||
/* path is relative since '/' was encountered before ':'. */
|
||||
return ASN_ALT_NAME_E;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18669,6 +18949,10 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
|
||||
* - CheckForAltNames (TLS hostname matching): skips ASN_RID_TYPE
|
||||
* unconditionally and excludes them from *checkCN, so a cert
|
||||
* with only registeredID SANs still falls back to CN.
|
||||
* - CheckForAltNames (TLS hostname matching): skips ASN_URI_TYPE
|
||||
* for DNS hostname checks (RFC 9525 Sec. 6.3) but URI SAN presence
|
||||
* still suppresses CN fallback because URI-ID is a distinct presented
|
||||
* identifier.
|
||||
* - DNS_to_GENERAL_NAME (used by wolfSSL_X509_get_ext) and the
|
||||
* ALT_NAMES_OID arm of wolfSSL_X509_get_ext_d2i: build a proper
|
||||
* ASN1_OBJECT in d.registeredID from raw OID bytes regardless
|
||||
@@ -37657,7 +37941,7 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
|
||||
else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
|
||||
WOLFSSL_MSG("\tPutting URI into list but not using");
|
||||
|
||||
#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
|
||||
#ifndef WOLFSSL_NO_ASN_STRICT
|
||||
/* Verify RFC 5280 Sec 4.2.1.6 rule:
|
||||
"The name MUST NOT be a relative URI"
|
||||
As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
|
||||
@@ -37673,9 +37957,8 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
|
||||
break;
|
||||
}
|
||||
if (input[idx + (word32)i] == '/') {
|
||||
i = len; /* error, found relative path since '/' was
|
||||
* encountered before ':'. Returning error
|
||||
* value in next if statement. */
|
||||
/* path is relative since '/' was encountered before ':'. */
|
||||
return ASN_ALT_NAME_E;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -750,81 +750,6 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
|
||||
static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
|
||||
word32 inSz, word32* key_n,
|
||||
word32* key_n_len, word32* key_e,
|
||||
word32* key_e_len)
|
||||
{
|
||||
int ret = 0;
|
||||
int length = 0;
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
|
||||
byte b;
|
||||
#endif
|
||||
|
||||
if (input == NULL || inOutIdx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
|
||||
if ((*inOutIdx + 1) > inSz)
|
||||
return BUFFER_E;
|
||||
|
||||
b = input[*inOutIdx];
|
||||
if (b != ASN_INTEGER) {
|
||||
/* not from decoded cert, will have algo id, skip past */
|
||||
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if (SkipObjectId(input, inOutIdx, inSz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* Option NULL ASN.1 tag */
|
||||
if (*inOutIdx >= inSz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
if (input[*inOutIdx] == ASN_TAG_NULL) {
|
||||
ret = GetASNNull(input, inOutIdx, inSz);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
}
|
||||
/* TODO: support RSA PSS */
|
||||
|
||||
/* should have bit tag length and seq next */
|
||||
ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
/* Get modulus */
|
||||
ret = GetASNInt(input, inOutIdx, &length, inSz);
|
||||
*key_n += *inOutIdx;
|
||||
if (ret < 0) {
|
||||
return ASN_RSA_KEY_E;
|
||||
}
|
||||
if (key_n_len)
|
||||
*key_n_len = length;
|
||||
*inOutIdx += length;
|
||||
|
||||
/* Get exponent */
|
||||
ret = GetASNInt(input, inOutIdx, &length, inSz);
|
||||
*key_e += *inOutIdx;
|
||||
if (ret < 0) {
|
||||
return ASN_RSA_KEY_E;
|
||||
}
|
||||
if (key_e_len)
|
||||
*key_e_len = length;
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz,
|
||||
const byte** n, word32* nSz, const byte** e, word32* eSz)
|
||||
{
|
||||
@@ -3420,7 +3345,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
|
||||
#ifndef WOLFSSL_NO_ASN_STRICT
|
||||
/* Verify RFC 5280 Sec 4.2.1.6 rule:
|
||||
"The name MUST NOT be a relative URI"
|
||||
As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
|
||||
|
||||
@@ -2033,10 +2033,20 @@ int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
|
||||
word32 inSz, byte* digest, size_t digestSz)
|
||||
word32 inSz, byte* digest
|
||||
#if !(defined(HAVE_FIPS) && FIPS_VERSION_LT(7,0))
|
||||
, size_t digestSz
|
||||
#endif
|
||||
)
|
||||
{
|
||||
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
|
||||
CryptoCb* dev;
|
||||
#if defined(HAVE_FIPS) && FIPS_VERSION_LT(7,0)
|
||||
/* Older FIPS sha512.c snapshots call the 4-arg API (no digestSz). Treat as
|
||||
* full-size SHA-512 with no variant dispatch, matching pre-digestSz
|
||||
* behavior. */
|
||||
size_t digestSz = WC_SHA512_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
/* locate registered callback */
|
||||
#ifndef NO_SHA2_CRYPTO_CB
|
||||
|
||||
+4
-44
@@ -57,14 +57,6 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
/*
|
||||
Possible DH enable options:
|
||||
* NO_RSA: Overall control of DH default: on (not defined)
|
||||
@@ -1425,8 +1417,6 @@ int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
ret = GeneratePublicDh(key, priv, privSz, pub, pubSz);
|
||||
|
||||
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
|
||||
@@ -1436,8 +1426,6 @@ int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
|
||||
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz);
|
||||
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1451,8 +1439,6 @@ static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
ret = GeneratePrivateDh(key, rng, priv, privSz);
|
||||
|
||||
if (ret == 0)
|
||||
@@ -1464,9 +1450,6 @@ static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
|
||||
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, *privSz);
|
||||
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
|
||||
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* !WOLFSSL_KCAPI_DH */
|
||||
@@ -1589,8 +1572,6 @@ static int _ffc_validate_public_key(DhKey* key, const byte* pub, word32 pubSz,
|
||||
return MP_INIT_E;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) {
|
||||
ret = MP_READ_E;
|
||||
}
|
||||
@@ -1679,8 +1660,6 @@ static int _ffc_validate_public_key(DhKey* key, const byte* pub, word32 pubSz,
|
||||
mp_clear(p);
|
||||
mp_clear(q);
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
XFREE(q, key->heap, DYNAMIC_TYPE_DH);
|
||||
XFREE(p, key->heap, DYNAMIC_TYPE_DH);
|
||||
@@ -1919,8 +1898,6 @@ static int _ffc_pairwise_consistency_test(DhKey* key,
|
||||
return MP_INIT_E;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
/* Load the private and public keys into big integers. */
|
||||
if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY ||
|
||||
mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) {
|
||||
@@ -1979,8 +1956,6 @@ static int _ffc_pairwise_consistency_test(DhKey* key,
|
||||
mp_clear(publicKey);
|
||||
mp_clear(checkKey);
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
|
||||
XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
|
||||
@@ -2174,8 +2149,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
|
||||
ret = MP_INIT_E;
|
||||
|
||||
if (ret == 0) {
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
|
||||
ret = MP_READ_E;
|
||||
|
||||
@@ -2201,8 +2174,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
|
||||
}
|
||||
|
||||
mp_clear(y);
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
}
|
||||
|
||||
/* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
|
||||
@@ -2253,8 +2224,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
|
||||
}
|
||||
#endif
|
||||
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
|
||||
ret = MP_READ_E;
|
||||
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
||||
@@ -2313,8 +2282,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
|
||||
mp_clear(y);
|
||||
mp_forcezero(x);
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#else
|
||||
(void)ct;
|
||||
ret = WC_KEY_SIZE_E;
|
||||
@@ -2601,8 +2568,6 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
if (ret == 0) {
|
||||
/* may have leading 0 */
|
||||
if (p[0] == 0) {
|
||||
@@ -2714,8 +2679,6 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
|
||||
mp_clear(keyP);
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -3204,8 +3167,6 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
}
|
||||
#endif
|
||||
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
if (ret == 0) {
|
||||
/* force magnitude */
|
||||
buf[0] |= 0xC0;
|
||||
@@ -3264,9 +3225,10 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
if (ret != 0 || primeCheck == MP_YES)
|
||||
break;
|
||||
|
||||
/* linuxkm: release the kernel for a moment before iterating. */
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret; break;);
|
||||
ret = WC_CHECK_FOR_INTR_SIGNALS();
|
||||
if (ret != 0)
|
||||
break;
|
||||
WC_RELAX_LONG_LOOP();
|
||||
};
|
||||
}
|
||||
|
||||
@@ -3308,8 +3270,6 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
mp_clear(&dh->g);
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#ifndef WOLFSSL_NO_MALLOC
|
||||
if (buf != NULL)
|
||||
#endif
|
||||
|
||||
+5
-16
@@ -36,14 +36,6 @@
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
#ifdef _MSC_VER
|
||||
/* disable for while(0) cases (MSVC bug) */
|
||||
#pragma warning(disable:4127)
|
||||
@@ -269,8 +261,6 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
|
||||
}
|
||||
#endif
|
||||
|
||||
SAVE_VECTOR_REGISTERS(;);
|
||||
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), dsa->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
@@ -338,8 +328,6 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
|
||||
mp_clear(tmpQ);
|
||||
#endif
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -454,6 +442,11 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
|
||||
break;
|
||||
loop_check_prime++;
|
||||
}
|
||||
|
||||
err = WC_CHECK_FOR_INTR_SIGNALS();
|
||||
if (err != 0)
|
||||
break;
|
||||
WC_RELAX_LONG_LOOP();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -794,8 +787,6 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
do {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
k = (mp_int *)XMALLOC(sizeof *k, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1040,8 +1031,6 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
|
||||
}
|
||||
} while (0);
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (k) {
|
||||
if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
|
||||
|
||||
+5
-118
@@ -275,14 +275,6 @@ ECC Curve Sizes:
|
||||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_MICROCHIP_TA100) && \
|
||||
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
|
||||
@@ -5150,8 +5142,6 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
switch (private_key->state) {
|
||||
case ECC_STATE_NONE:
|
||||
case ECC_STATE_SHARED_SEC_GEN:
|
||||
@@ -5194,8 +5184,6 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
|
||||
err = BAD_STATE_E;
|
||||
} /* switch */
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
/* if async pending then return and skip done cleanup below */
|
||||
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
|
||||
return err;
|
||||
@@ -5280,8 +5268,6 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
ALLOC_CURVE_SPECS(3, err);
|
||||
if (err == MP_OKAY) {
|
||||
err = wc_ecc_curve_load(wc_ecc_get_curve_params(curve_idx), &curve,
|
||||
@@ -5296,8 +5282,6 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
|
||||
wc_ecc_curve_free(curve);
|
||||
FREE_CURVE_SPECS();
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -5456,8 +5440,6 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
#ifdef HAVE_ECC_MAKE_PUB
|
||||
/* if ecc_point passed in then use it as output for public key point */
|
||||
if (pubOut != NULL) {
|
||||
@@ -5603,8 +5585,6 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
|
||||
key->type = ECC_PRIVATEKEY;
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -6107,8 +6087,6 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
|
||||
{
|
||||
int err;
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
err = _ecc_make_key_ex(rng, keysize, key, curve_id, flags);
|
||||
|
||||
#if (FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)) && \
|
||||
@@ -6132,8 +6110,6 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
|
||||
}
|
||||
#endif
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -7195,6 +7171,11 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
|
||||
mp_clear(pubkey->pubkey.z);
|
||||
#endif
|
||||
mp_forcezero(pubkey->k);
|
||||
|
||||
err = WC_CHECK_FOR_INTR_SIGNALS();
|
||||
if (err != 0)
|
||||
break;
|
||||
WC_RELAX_LONG_LOOP();
|
||||
}
|
||||
mp_forcezero(b);
|
||||
FREE_MP_INT_SIZE(b, key->heap, DYNAMIC_TYPE_ECC);
|
||||
@@ -7244,10 +7225,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
|
||||
{
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_sign_256(in, inlen, rng, ecc_get_k(key), r, s,
|
||||
sign_k, key->heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -7256,10 +7235,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
|
||||
if (ecc_sets[key->idx].id == ECC_SM2P256V1) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_sign_sm2_256(in, inlen, rng, ecc_get_k(key), r, s,
|
||||
sign_k, key->heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -7284,10 +7261,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
|
||||
{
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_sign_384(in, inlen, rng, ecc_get_k(key), r, s,
|
||||
sign_k, key->heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -7314,10 +7289,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
|
||||
{
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_sign_521(in, inlen, rng, ecc_get_k(key), r, s,
|
||||
sign_k, key->heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -8938,10 +8911,8 @@ static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
|
||||
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
|
||||
{
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_verify_256(hash, hashlen, key->pubkey.x,
|
||||
key->pubkey.y, key->pubkey.z, r, s, res, key->heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -8982,10 +8953,8 @@ static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
|
||||
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
|
||||
{
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_verify_384(hash, hashlen, key->pubkey.x,
|
||||
key->pubkey.y, key->pubkey.z, r, s, res, key->heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -9011,10 +8980,8 @@ static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
|
||||
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
|
||||
{
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_verify_521(hash, hashlen, key->pubkey.x,
|
||||
key->pubkey.y, key->pubkey.z, r, s, res, key->heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -9652,8 +9619,6 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
|
||||
if (err != MP_OKAY)
|
||||
return MEMORY_E;
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
/* check for point type (4, 2, or 3) */
|
||||
pointType = in[0];
|
||||
if (pointType != ECC_POINT_UNCOMP && pointType != ECC_POINT_COMP_EVEN &&
|
||||
@@ -9845,8 +9810,6 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
|
||||
mp_clear(point->z);
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -10197,8 +10160,6 @@ static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
|
||||
return err;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(err = _svr_ret;);
|
||||
|
||||
/* compute y^2 */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_sqr(ecp->y, t1);
|
||||
@@ -10267,8 +10228,6 @@ static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
|
||||
mp_clear(t1);
|
||||
mp_clear(t2);
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
WC_FREE_VAR_EX(t2, NULL, DYNAMIC_TYPE_ECC);
|
||||
WC_FREE_VAR_EX(t1, NULL, DYNAMIC_TYPE_ECC);
|
||||
|
||||
@@ -10718,8 +10677,6 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
|
||||
DECLARE_CURVE_SPECS(4);
|
||||
#endif
|
||||
|
||||
ASSERT_SAVED_VECTOR_REGISTERS();
|
||||
|
||||
if (key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
@@ -10871,9 +10828,7 @@ WOLFSSL_ABI
|
||||
int wc_ecc_check_key(ecc_key* key)
|
||||
{
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = _ecc_validate_public_key(key, 0, 1);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -10938,8 +10893,6 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
|
||||
mp_forcezero(key->kb);
|
||||
#endif
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
/* check for point type (4, 2, or 3) */
|
||||
pointType = in[0];
|
||||
if (pointType != ECC_POINT_UNCOMP && pointType != ECC_POINT_COMP_EVEN &&
|
||||
@@ -11271,8 +11224,6 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
|
||||
mp_forcezero(key->k);
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -11691,10 +11642,6 @@ static int _ecc_import_private_key_ex(const byte* priv, word32 privSz,
|
||||
}
|
||||
#else
|
||||
|
||||
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
|
||||
ret = mp_read_unsigned_bin(key->k, priv, privSz);
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
if (ret == 0 && wc_bigint_from_unsigned_bin(&key->k->raw, priv,
|
||||
@@ -11745,10 +11692,6 @@ static int _ecc_import_private_key_ex(const byte* priv, word32 privSz,
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
|
||||
if ((ret == 0) && (key->devId != INVALID_DEVID)) {
|
||||
ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
|
||||
@@ -12137,10 +12080,6 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
|
||||
/* import private key */
|
||||
if (err == MP_OKAY) {
|
||||
if (d != NULL) {
|
||||
@@ -12234,10 +12173,6 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
|
||||
if (err == MP_OKAY) {
|
||||
err = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
|
||||
@@ -13858,8 +13793,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
}
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
|
||||
SAVE_VECTOR_REGISTERS(err = _svr_ret;);
|
||||
|
||||
/* find point */
|
||||
idx1 = find_base(A);
|
||||
|
||||
@@ -13942,8 +13875,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
}
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#ifndef HAVE_THREAD_LS
|
||||
wc_UnLockMutex(&ecc_fp_lock);
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
@@ -14011,8 +13942,6 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
got_ecc_fp_lock = 1;
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
|
||||
SAVE_VECTOR_REGISTERS(err = _svr_ret; goto out;);
|
||||
|
||||
/* find point */
|
||||
idx = find_base(G);
|
||||
|
||||
@@ -14061,8 +13990,6 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
}
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
out:
|
||||
|
||||
#ifndef HAVE_THREAD_LS
|
||||
@@ -14088,36 +14015,28 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
|
||||
if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret);
|
||||
ret = sp_ecc_mulmod_sm2_256(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifndef WOLFSSL_SP_NO_256
|
||||
if (mp_count_bits(modulus) == 256) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_mulmod_256(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SP_384
|
||||
if (mp_count_bits(modulus) == 384) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_mulmod_384(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SP_521
|
||||
if (mp_count_bits(modulus) == 521) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_mulmod_521(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -14182,8 +14101,6 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
got_ecc_fp_lock = 1;
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
|
||||
SAVE_VECTOR_REGISTERS(err = _svr_ret; goto out;);
|
||||
|
||||
/* find point */
|
||||
idx = find_base(G);
|
||||
|
||||
@@ -14232,8 +14149,6 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
}
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
out:
|
||||
|
||||
#ifndef HAVE_THREAD_LS
|
||||
@@ -14262,36 +14177,28 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
|
||||
if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_mulmod_sm2_256(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifndef WOLFSSL_SP_NO_256
|
||||
if (mp_count_bits(modulus) == 256) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_mulmod_256(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SP_384
|
||||
if (mp_count_bits(modulus) == 384) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_mulmod_384(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SP_521
|
||||
if (mp_count_bits(modulus) == 521) {
|
||||
int ret;
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = sp_ecc_mulmod_521(k, G, R, map, heap);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -14887,8 +14794,6 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
}
|
||||
#endif
|
||||
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
#ifdef WOLFSSL_ECIES_ISO18033
|
||||
XMEMCPY(sharedSecret, out - pubKeySz, pubKeySz);
|
||||
sharedSz -= pubKeySz;
|
||||
@@ -15105,8 +15010,6 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
#endif
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
ForceZero(sharedSecret, sharedSz);
|
||||
ForceZero(keys, (word32)keysLen);
|
||||
WC_FREE_VAR_EX(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
@@ -15266,8 +15169,6 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
}
|
||||
#endif
|
||||
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
#ifndef WOLFSSL_ECIES_OLD
|
||||
if (pubKey == NULL) {
|
||||
WC_ALLOC_VAR_EX(peerKey, ecc_key, 1, ctx->heap,
|
||||
@@ -15501,8 +15402,6 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
if (ret == 0)
|
||||
*outSz = msgSz - digestSz;
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#ifndef WOLFSSL_ECIES_OLD
|
||||
if (pubKey == peerKey)
|
||||
wc_ecc_free(peerKey);
|
||||
@@ -15576,8 +15475,6 @@ static int mp_jacobi(mp_int* a, mp_int* n, int* c)
|
||||
return res;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
if ((res = mp_mod(a, n, a1)) != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
@@ -15635,8 +15532,6 @@ static int mp_jacobi(mp_int* a, mp_int* n, int* c)
|
||||
|
||||
done:
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
/* cleanup */
|
||||
mp_clear(n1);
|
||||
mp_clear(a1);
|
||||
@@ -15674,8 +15569,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
res = mp_init(&e);
|
||||
if (res == MP_OKAY)
|
||||
res = mp_mod_d(prime, 8, &i);
|
||||
@@ -15699,8 +15592,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
|
||||
|
||||
mp_clear(&e);
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return res;
|
||||
#else
|
||||
int res, legendre, done = 0;
|
||||
@@ -15720,8 +15611,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
|
||||
mp_int t1[1], C[1], Q[1], S[1], Z[1], M[1], T[1], R[1], N[1], two[1];
|
||||
#endif
|
||||
|
||||
SAVE_VECTOR_REGISTERS(res = _svr_ret; goto out;);
|
||||
|
||||
if ((mp_init_multi(t1, C, Q, S, Z, M) != MP_OKAY) ||
|
||||
(mp_init_multi(T, R, N, two, NULL, NULL) != MP_OKAY)) {
|
||||
res = MP_INIT_E;
|
||||
@@ -15933,8 +15822,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
|
||||
|
||||
out:
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (t1) {
|
||||
if (res != WC_NO_ERR_TRACE(MP_INIT_E))
|
||||
|
||||
@@ -36,14 +36,6 @@
|
||||
#include <wolfssl/wolfcrypt/sp.h>
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
|
||||
/* FIPS build has replaced ecc.h. */
|
||||
#define wc_ecc_key_get_priv(key) (&((key)->k))
|
||||
@@ -1507,8 +1499,6 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
|
||||
if (err != 0)
|
||||
return err;
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
params = &key->params;
|
||||
hs = &key->tmp;
|
||||
res = &key->pubkey.pubkey;
|
||||
@@ -1563,8 +1553,6 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
|
||||
}
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -2231,8 +2219,6 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
|
||||
if (err != 0)
|
||||
return err;
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
/* Decode the signature into components. */
|
||||
r = wc_ecc_key_get_priv(&key->pubkey);
|
||||
pvt = &key->pubkey.pubkey;
|
||||
@@ -2318,8 +2304,6 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
|
||||
*verified = ((err == 0) && (mp_cmp(jx, r) == MP_EQ));
|
||||
}
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return err;
|
||||
}
|
||||
#endif /* WOLFCRYPT_ECCSI_CLIENT */
|
||||
|
||||
+72
-3
@@ -205,6 +205,64 @@ static int ed25519_hash(ed25519_key* key, const byte* in, word32 inLen,
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Reject small-order Ed25519 public keys: h*A vanishes during verification
|
||||
* so any (R = [S]B, S) verifies for an arbitrary message. */
|
||||
static int ed25519_is_small_order(const byte p[ED25519_PUB_KEY_SIZE])
|
||||
{
|
||||
/* y-coordinates of every order-1/2/4/8 point plus the two non-canonical
|
||||
* encodings y = p / y = p+1. Sign bit masked before compare. Only
|
||||
* {y, y + p} fits in 32 bytes (2p overflows the 255-bit y field), so
|
||||
* listing y and y + p exhausts the reachable encodings for each
|
||||
* small-order y. */
|
||||
static const byte small_order_y[][ED25519_PUB_KEY_SIZE] = {
|
||||
/* order 4: y = 0 */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
|
||||
/* order 1: y = 1 (identity) */
|
||||
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
|
||||
/* order 8 */
|
||||
{0x26,0xe8,0x95,0x8f,0xc2,0xb2,0x27,0xb0,
|
||||
0x45,0xc3,0xf4,0x89,0xf2,0xef,0x98,0xf0,
|
||||
0xd5,0xdf,0xac,0x05,0xd3,0xc6,0x33,0x39,
|
||||
0xb1,0x38,0x02,0x88,0x6d,0x53,0xfc,0x05},
|
||||
/* order 8 */
|
||||
{0xc7,0x17,0x6a,0x70,0x3d,0x4d,0xd8,0x4f,
|
||||
0xba,0x3c,0x0b,0x76,0x0d,0x10,0x67,0x0f,
|
||||
0x2a,0x20,0x53,0xfa,0x2c,0x39,0xcc,0xc6,
|
||||
0x4e,0xc7,0xfd,0x77,0x92,0xac,0x03,0x7a},
|
||||
/* order 2: y = p - 1 */
|
||||
{0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
|
||||
/* non-canonical y = p (decodes to y = 0) */
|
||||
{0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
|
||||
/* non-canonical y = p + 1 (decodes to y = 1) */
|
||||
{0xee,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
|
||||
};
|
||||
byte y[ED25519_PUB_KEY_SIZE];
|
||||
word32 i;
|
||||
|
||||
XMEMCPY(y, p, ED25519_PUB_KEY_SIZE);
|
||||
y[ED25519_PUB_KEY_SIZE - 1] &= 0x7f;
|
||||
for (i = 0; i < sizeof(small_order_y) / ED25519_PUB_KEY_SIZE; i++) {
|
||||
if (XMEMCMP(y, small_order_y[i], ED25519_PUB_KEY_SIZE) == 0)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ED25519_MAKE_KEY
|
||||
#if FIPS_VERSION3_GE(6,0,0)
|
||||
/* Performs a Pairwise Consistency Test on an Ed25519 key pair.
|
||||
@@ -808,6 +866,13 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
|
||||
if (i == -1)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* Defence in depth: also catch small-order keys imported with trusted=1. */
|
||||
if (ed25519_is_small_order(key->p)) {
|
||||
WOLFSSL_MSG("Ed25519 small-order public key rejected during "
|
||||
"signature verification");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* uncompress A (public key), test if valid, and negate it */
|
||||
#ifndef FREESCALE_LTC_ECC
|
||||
if (ge_frombytes_negate_vartime(&A, key->p) != 0)
|
||||
@@ -1502,6 +1567,13 @@ int wc_ed25519_check_key(ed25519_key* key)
|
||||
ret = PUBLIC_KEY_E;
|
||||
}
|
||||
|
||||
/* Reject small-order pub key before the priv-vs-pub compare so the
|
||||
* diagnostic isn't masked by a "mismatch" error. */
|
||||
if ((ret == 0) && ed25519_is_small_order(key->p)) {
|
||||
WOLFSSL_MSG("Ed25519 small-order public key rejected during key check");
|
||||
ret = PUBLIC_KEY_E;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ED25519_MAKE_KEY
|
||||
/* If we have a private key just make the public key and compare. */
|
||||
if ((ret == 0) && (key->privKeySet)) {
|
||||
@@ -1521,9 +1593,6 @@ int wc_ed25519_check_key(ed25519_key* key)
|
||||
&& (!key->privKeySet)
|
||||
#endif
|
||||
) {
|
||||
/* Verify that Q is not identity element 0.
|
||||
* 0 has no representation for Ed25519. */
|
||||
|
||||
/* Verify that xQ and yQ are integers in the interval [0, p - 1].
|
||||
* Only have yQ so check that ordinate. p = 2^255 - 19 */
|
||||
if ((key->p[ED25519_PUB_KEY_SIZE - 1] & 0x7f) == 0x7f) {
|
||||
|
||||
+83
-27
@@ -238,6 +238,77 @@ static int ed448_pairwise_consistency_test(ed448_key* key, WC_RNG* rng)
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Reject small-order Ed448 public keys: h*A vanishes during verification
|
||||
* so any (R = [S]B, S) verifies for an arbitrary message. Cofactor is 4. */
|
||||
static int ed448_is_small_order(const byte p[ED448_PUB_KEY_SIZE])
|
||||
{
|
||||
/* y-coordinates of every order-1/2/4 point plus the non-canonical
|
||||
* encodings y = p / y = p+1. Byte 56 is cleared in both table and
|
||||
* input before compare, masking the x-sign bit and the
|
||||
* spec-mandated-zero (but decoder-ignored) bits 0-6. The decoder
|
||||
* (fe448_from_bytes) reads bytes 0-55 modulo p with no canonical-form
|
||||
* check, so y = p decodes to 0 and y = p+1 decodes to 1; both must
|
||||
* be rejected here. Only {y, y + p} fits in 56 bytes (2p overflows),
|
||||
* so listing y and y + p exhausts the reachable encodings. */
|
||||
static const byte small_order_y[][ED448_PUB_KEY_SIZE] = {
|
||||
/* order 1: identity y = 1, x = 0 */
|
||||
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00},
|
||||
/* order 4: y = 0 (x = +/-1; sign bit covered by mask) */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00},
|
||||
/* order 2: y = p - 1, x = 0; p = 2^448 - 2^224 - 1 */
|
||||
{0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x00},
|
||||
/* non-canonical y = p (decodes to y = 0) */
|
||||
{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x00},
|
||||
/* non-canonical y = p + 1 (decodes to y = 1) */
|
||||
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
||||
0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
||||
0x00},
|
||||
};
|
||||
byte y[ED448_PUB_KEY_SIZE];
|
||||
word32 i;
|
||||
|
||||
XMEMCPY(y, p, ED448_PUB_KEY_SIZE);
|
||||
y[ED448_PUB_KEY_SIZE - 1] = 0;
|
||||
for (i = 0; i < sizeof(small_order_y) / ED448_PUB_KEY_SIZE; i++) {
|
||||
if (XMEMCMP(y, small_order_y[i], ED448_PUB_KEY_SIZE) == 0)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Derive the public key for the private key.
|
||||
*
|
||||
* key [in] Ed448 key object.
|
||||
@@ -731,16 +802,11 @@ static int ed448_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
|
||||
if (i == -1)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* Reject identity public key (0,1): 0x01 followed by 56 zero bytes. */
|
||||
{
|
||||
int isIdentity = (key->p[0] == 0x01);
|
||||
int j;
|
||||
for (j = 1; j < ED448_PUB_KEY_SIZE && isIdentity; j++) {
|
||||
if (key->p[j] != 0x00)
|
||||
isIdentity = 0;
|
||||
}
|
||||
if (isIdentity)
|
||||
return BAD_FUNC_ARG;
|
||||
/* Defence in depth: also catch small-order keys imported with trusted=1. */
|
||||
if (ed448_is_small_order(key->p)) {
|
||||
WOLFSSL_MSG("Ed448 small-order public key rejected during "
|
||||
"signature verification");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* uncompress A (public key), test if valid, and negate it */
|
||||
@@ -1412,6 +1478,13 @@ int wc_ed448_check_key(ed448_key* key)
|
||||
ret = PUBLIC_KEY_E;
|
||||
}
|
||||
|
||||
/* Reject small-order pub key before the priv-vs-pub compare so the
|
||||
* diagnostic isn't masked by a "mismatch" error. */
|
||||
if ((ret == 0) && ed448_is_small_order(key->p)) {
|
||||
WOLFSSL_MSG("Ed448 small-order public key rejected during key check");
|
||||
ret = PUBLIC_KEY_E;
|
||||
}
|
||||
|
||||
/* If we have a private key just make the public key and compare. */
|
||||
if ((ret == 0) && key->privKeySet) {
|
||||
ret = wc_ed448_make_public(key, pubKey, sizeof(pubKey));
|
||||
@@ -1421,23 +1494,6 @@ int wc_ed448_check_key(ed448_key* key)
|
||||
}
|
||||
/* No private key, check Y is valid. */
|
||||
else if ((ret == 0) && (!key->privKeySet)) {
|
||||
/* Reject the identity element (0, 1).
|
||||
* Encoding: 0x01 followed by 56 zero bytes. */
|
||||
{
|
||||
int isIdentity = 1;
|
||||
int i;
|
||||
if (key->p[0] != 0x01)
|
||||
isIdentity = 0;
|
||||
for (i = 1; i < ED448_PUB_KEY_SIZE && isIdentity; i++) {
|
||||
if (key->p[i] != 0x00)
|
||||
isIdentity = 0;
|
||||
}
|
||||
if (isIdentity) {
|
||||
WOLFSSL_MSG("Ed448 public key is the identity element");
|
||||
ret = PUBLIC_KEY_E;
|
||||
}
|
||||
}
|
||||
|
||||
/* Verify that xQ and yQ are integers in the interval [0, p - 1].
|
||||
* Only have yQ so check that ordinate.
|
||||
* p = 2^448-2^224-1 = 0xff..fe..ff
|
||||
|
||||
+143
-1
@@ -47,6 +47,12 @@
|
||||
#ifdef HAVE_ED448
|
||||
#include <wolfssl/wolfcrypt/ed448.h>
|
||||
#endif
|
||||
#ifdef HAVE_CURVE25519
|
||||
#include <wolfssl/wolfcrypt/curve25519.h>
|
||||
#endif
|
||||
#ifdef HAVE_CURVE448
|
||||
#include <wolfssl/wolfcrypt/curve448.h>
|
||||
#endif
|
||||
|
||||
static const struct s_ent {
|
||||
const enum wc_HashType macType;
|
||||
@@ -2767,7 +2773,7 @@ int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
|
||||
#endif /* NO_WOLFSSL_STUB */
|
||||
|
||||
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) || \
|
||||
defined(HAVE_HKDF)
|
||||
defined(HAVE_HKDF) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
|
||||
int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
|
||||
{
|
||||
int len;
|
||||
@@ -2884,6 +2890,54 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
|
||||
*keylen = (size_t)len;
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_CURVE25519
|
||||
case WC_EVP_PKEY_X25519:
|
||||
if (!ctx->pkey->curve25519 || !ctx->peerKey->curve25519) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
len = CURVE25519_KEYSIZE;
|
||||
if (key) {
|
||||
word32 len32 = (word32)*keylen;
|
||||
if (*keylen < (size_t)len) {
|
||||
WOLFSSL_MSG("buffer too short");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
/* X25519 shared secret is little-endian (RFC 7748). */
|
||||
if (wc_curve25519_shared_secret_ex(ctx->pkey->curve25519,
|
||||
ctx->peerKey->curve25519, key, &len32,
|
||||
EC25519_LITTLE_ENDIAN) != 0) {
|
||||
WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
len = (int)len32;
|
||||
}
|
||||
*keylen = (size_t)len;
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_CURVE448
|
||||
case WC_EVP_PKEY_X448:
|
||||
if (!ctx->pkey->curve448 || !ctx->peerKey->curve448) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
len = CURVE448_KEY_SIZE;
|
||||
if (key) {
|
||||
word32 len32 = (word32)*keylen;
|
||||
if (*keylen < (size_t)len) {
|
||||
WOLFSSL_MSG("buffer too short");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
/* X448 shared secret is little-endian (RFC 7748). */
|
||||
if (wc_curve448_shared_secret_ex(ctx->pkey->curve448,
|
||||
ctx->peerKey->curve448, key, &len32,
|
||||
EC448_LITTLE_ENDIAN) != 0) {
|
||||
WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
len = (int)len32;
|
||||
}
|
||||
*keylen = (size_t)len;
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_HKDF
|
||||
case WC_EVP_PKEY_HKDF:
|
||||
(void)len;
|
||||
@@ -3761,6 +3815,12 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
|
||||
if (ctx->pkey == NULL ||
|
||||
(ctx->pkey->type != WC_EVP_PKEY_EC &&
|
||||
ctx->pkey->type != WC_EVP_PKEY_RSA &&
|
||||
#ifdef HAVE_CURVE25519
|
||||
ctx->pkey->type != WC_EVP_PKEY_X25519 &&
|
||||
#endif
|
||||
#ifdef HAVE_CURVE448
|
||||
ctx->pkey->type != WC_EVP_PKEY_X448 &&
|
||||
#endif
|
||||
ctx->pkey->type != WC_EVP_PKEY_DH)) {
|
||||
WOLFSSL_MSG("Key not set or key type not supported");
|
||||
return WOLFSSL_FAILURE;
|
||||
@@ -3821,6 +3881,57 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
|
||||
}
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_CURVE25519
|
||||
case WC_EVP_PKEY_X25519:
|
||||
if (pkey->curve25519 == NULL) {
|
||||
pkey->curve25519 = (curve25519_key*)XMALLOC(
|
||||
sizeof(curve25519_key), pkey->heap, DYNAMIC_TYPE_CURVE25519);
|
||||
if (pkey->curve25519 == NULL) {
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
if (wc_curve25519_init_ex(pkey->curve25519, pkey->heap,
|
||||
INVALID_DEVID) != 0) {
|
||||
XFREE(pkey->curve25519, pkey->heap, DYNAMIC_TYPE_CURVE25519);
|
||||
pkey->curve25519 = NULL;
|
||||
break;
|
||||
}
|
||||
#ifdef WOLFSSL_CURVE25519_BLINDING
|
||||
/* Use the EVP_PKEY's RNG for scalar blinding on derive. */
|
||||
(void)wc_curve25519_set_rng(pkey->curve25519, &pkey->rng);
|
||||
#endif
|
||||
pkey->ownCurve25519 = 1;
|
||||
}
|
||||
/* Reuse the RNG already initialized on the EVP_PKEY. */
|
||||
if (wc_curve25519_make_key(&pkey->rng, CURVE25519_KEYSIZE,
|
||||
pkey->curve25519) == 0) {
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_CURVE448
|
||||
case WC_EVP_PKEY_X448:
|
||||
if (pkey->curve448 == NULL) {
|
||||
pkey->curve448 = (curve448_key*)XMALLOC(sizeof(curve448_key),
|
||||
pkey->heap, DYNAMIC_TYPE_CURVE448);
|
||||
if (pkey->curve448 == NULL) {
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
if (wc_curve448_init(pkey->curve448) != 0) {
|
||||
XFREE(pkey->curve448, pkey->heap, DYNAMIC_TYPE_CURVE448);
|
||||
pkey->curve448 = NULL;
|
||||
break;
|
||||
}
|
||||
pkey->ownCurve448 = 1;
|
||||
}
|
||||
/* Reuse the RNG already initialized on the EVP_PKEY. */
|
||||
if (wc_curve448_make_key(&pkey->rng, CURVE448_KEY_SIZE,
|
||||
pkey->curve448) == 0) {
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
break;
|
||||
@@ -3871,6 +3982,16 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
|
||||
return wc_ecc_sig_size((ecc_key*)(pkey->ecc->internal));
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#ifdef HAVE_CURVE25519
|
||||
case WC_EVP_PKEY_X25519:
|
||||
return CURVE25519_KEYSIZE;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CURVE448
|
||||
case WC_EVP_PKEY_X448:
|
||||
return CURVE448_KEY_SIZE;
|
||||
#endif
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -11822,6 +11943,27 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
|
||||
break;
|
||||
#endif /* HAVE_ED448 */
|
||||
|
||||
#ifdef HAVE_CURVE25519
|
||||
case WC_EVP_PKEY_X25519:
|
||||
if (key->curve25519 != NULL && key->ownCurve25519 == 1) {
|
||||
wc_curve25519_free(key->curve25519);
|
||||
XFREE(key->curve25519, key->heap,
|
||||
DYNAMIC_TYPE_CURVE25519);
|
||||
key->curve25519 = NULL;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_CURVE25519 */
|
||||
|
||||
#ifdef HAVE_CURVE448
|
||||
case WC_EVP_PKEY_X448:
|
||||
if (key->curve448 != NULL && key->ownCurve448 == 1) {
|
||||
wc_curve448_free(key->curve448);
|
||||
XFREE(key->curve448, key->heap, DYNAMIC_TYPE_CURVE448);
|
||||
key->curve448 = NULL;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_CURVE448 */
|
||||
|
||||
#ifdef HAVE_HKDF
|
||||
case WC_EVP_PKEY_HKDF:
|
||||
XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
|
||||
|
||||
+153
-3
@@ -439,6 +439,64 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_public_key(int type,
|
||||
ok = 1;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_CURVE25519
|
||||
case WC_EVP_PKEY_X25519: {
|
||||
curve25519_key* cKey;
|
||||
if (len != CURVE25519_PUB_KEY_SIZE) {
|
||||
break;
|
||||
}
|
||||
cKey = (curve25519_key*)XMALLOC(sizeof(curve25519_key), pkey->heap,
|
||||
DYNAMIC_TYPE_CURVE25519);
|
||||
if (cKey == NULL) {
|
||||
break;
|
||||
}
|
||||
if (wc_curve25519_init_ex(cKey, pkey->heap, INVALID_DEVID) != 0) {
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
|
||||
break;
|
||||
}
|
||||
/* Raw X25519 keys are little-endian (RFC 7748). */
|
||||
if (wc_curve25519_import_public_ex(pub, (word32)len, cKey,
|
||||
EC25519_LITTLE_ENDIAN) != 0) {
|
||||
wc_curve25519_free(cKey);
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
|
||||
break;
|
||||
}
|
||||
pkey->type = WC_EVP_PKEY_X25519;
|
||||
pkey->curve25519 = cKey;
|
||||
pkey->ownCurve25519 = 1;
|
||||
ok = 1;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_CURVE448
|
||||
case WC_EVP_PKEY_X448: {
|
||||
curve448_key* cKey;
|
||||
if (len != CURVE448_PUB_KEY_SIZE) {
|
||||
break;
|
||||
}
|
||||
cKey = (curve448_key*)XMALLOC(sizeof(curve448_key), pkey->heap,
|
||||
DYNAMIC_TYPE_CURVE448);
|
||||
if (cKey == NULL) {
|
||||
break;
|
||||
}
|
||||
if (wc_curve448_init(cKey) != 0) {
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
|
||||
break;
|
||||
}
|
||||
/* Raw X448 keys are little-endian (RFC 7748). */
|
||||
if (wc_curve448_import_public_ex(pub, (word32)len, cKey,
|
||||
EC448_LITTLE_ENDIAN) != 0) {
|
||||
wc_curve448_free(cKey);
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
|
||||
break;
|
||||
}
|
||||
pkey->type = WC_EVP_PKEY_X448;
|
||||
pkey->curve448 = cKey;
|
||||
pkey->ownCurve448 = 1;
|
||||
ok = 1;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
default:
|
||||
break;
|
||||
@@ -526,6 +584,68 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_private_key(int type,
|
||||
ok = 1;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_CURVE25519
|
||||
case WC_EVP_PKEY_X25519: {
|
||||
curve25519_key* cKey;
|
||||
if (len != CURVE25519_KEYSIZE) {
|
||||
break;
|
||||
}
|
||||
cKey = (curve25519_key*)XMALLOC(sizeof(curve25519_key), pkey->heap,
|
||||
DYNAMIC_TYPE_CURVE25519);
|
||||
if (cKey == NULL) {
|
||||
break;
|
||||
}
|
||||
if (wc_curve25519_init_ex(cKey, pkey->heap, INVALID_DEVID) != 0) {
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
|
||||
break;
|
||||
}
|
||||
#ifdef WOLFSSL_CURVE25519_BLINDING
|
||||
/* Use the EVP_PKEY's RNG for scalar blinding on shared-secret. */
|
||||
(void)wc_curve25519_set_rng(cKey, &pkey->rng);
|
||||
#endif
|
||||
/* Raw X25519 keys are little-endian (RFC 7748). */
|
||||
if (wc_curve25519_import_private_ex(priv, (word32)len, cKey,
|
||||
EC25519_LITTLE_ENDIAN) != 0) {
|
||||
wc_curve25519_free(cKey);
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
|
||||
break;
|
||||
}
|
||||
pkey->type = WC_EVP_PKEY_X25519;
|
||||
pkey->curve25519 = cKey;
|
||||
pkey->ownCurve25519 = 1;
|
||||
ok = 1;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_CURVE448
|
||||
case WC_EVP_PKEY_X448: {
|
||||
curve448_key* cKey;
|
||||
if (len != CURVE448_KEY_SIZE) {
|
||||
break;
|
||||
}
|
||||
cKey = (curve448_key*)XMALLOC(sizeof(curve448_key), pkey->heap,
|
||||
DYNAMIC_TYPE_CURVE448);
|
||||
if (cKey == NULL) {
|
||||
break;
|
||||
}
|
||||
if (wc_curve448_init(cKey) != 0) {
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
|
||||
break;
|
||||
}
|
||||
/* Raw X448 keys are little-endian (RFC 7748). */
|
||||
if (wc_curve448_import_private_ex(priv, (word32)len, cKey,
|
||||
EC448_LITTLE_ENDIAN) != 0) {
|
||||
wc_curve448_free(cKey);
|
||||
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
|
||||
break;
|
||||
}
|
||||
pkey->type = WC_EVP_PKEY_X448;
|
||||
pkey->curve448 = cKey;
|
||||
pkey->ownCurve448 = 1;
|
||||
ok = 1;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
default:
|
||||
break;
|
||||
@@ -942,7 +1062,8 @@ static int d2iTryMlDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_DILITHIUM);
|
||||
/* Copy the consumed DER into pkey->pkey.ptr when the input was DER */
|
||||
return d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DILITHIUM);
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
@@ -1696,6 +1817,10 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
|
||||
DerBuffer rawDer;
|
||||
EncryptedInfo info;
|
||||
int advanceLen = 0;
|
||||
#ifdef HAVE_DILITHIUM
|
||||
word32 outerIdx = 0;
|
||||
int outerLen = 0;
|
||||
#endif
|
||||
|
||||
/* Clear the encryption information and DER buffer. */
|
||||
XMEMSET(&info, 0, sizeof(info));
|
||||
@@ -1737,15 +1862,40 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
|
||||
}
|
||||
if (algId == DHk) {
|
||||
/* Special case for DH as we expect the DER buffer to be always
|
||||
* be in PKCS8 format */
|
||||
* in PKCS8 format */
|
||||
rawDer.buffer = pkcs8Der->buffer;
|
||||
rawDer.length = inOutIdx + (word32)ret;
|
||||
}
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if (
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
(algId == DILITHIUM_LEVEL2k) ||
|
||||
(algId == DILITHIUM_LEVEL3k) ||
|
||||
(algId == DILITHIUM_LEVEL5k) ||
|
||||
#endif
|
||||
(algId == ML_DSA_LEVEL2k) ||
|
||||
(algId == ML_DSA_LEVEL3k) ||
|
||||
(algId == ML_DSA_LEVEL5k)) {
|
||||
|
||||
/* Keep full PKCS#8 wrapper for level recovery from
|
||||
* AlgorithmIdentifier parameters */
|
||||
rawDer.buffer = pkcs8Der->buffer;
|
||||
if (GetSequence(pkcs8Der->buffer, &outerIdx, &outerLen,
|
||||
pkcs8Der->length) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
else {
|
||||
rawDer.length = outerIdx + (word32)outerLen;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
rawDer.buffer = pkcs8Der->buffer + inOutIdx;
|
||||
rawDer.length = (word32)ret;
|
||||
}
|
||||
ret = 0; /* good DER */
|
||||
if (ret > 0) {
|
||||
ret = 0; /* good DER */
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -4639,6 +4639,7 @@ L_curve25519_base_x64_3:
|
||||
adcq $0x00, %r8
|
||||
adcq $0x00, %r9
|
||||
adcq $0x00, %r10
|
||||
andq %rax, %r10
|
||||
# Store
|
||||
movq %rcx, (%rdi)
|
||||
movq %r8, 8(%rdi)
|
||||
@@ -7054,6 +7055,7 @@ L_curve25519_x64_3:
|
||||
adcq $0x00, %r9
|
||||
adcq $0x00, %r10
|
||||
adcq $0x00, %r11
|
||||
andq %rax, %r11
|
||||
# Store
|
||||
movq %rcx, (%rdi)
|
||||
movq %r9, 8(%rdi)
|
||||
@@ -15107,6 +15109,7 @@ L_curve25519_base_avx2_last_3:
|
||||
adcq $0x00, %r9
|
||||
adcq $0x00, %r10
|
||||
adcq $0x00, %r11
|
||||
andq %rcx, %r11
|
||||
# Store
|
||||
movq %r8, (%rdi)
|
||||
movq %r9, 8(%rdi)
|
||||
@@ -17116,6 +17119,7 @@ L_curve25519_avx2_last_3:
|
||||
adcq $0x00, %r10
|
||||
adcq $0x00, %r11
|
||||
adcq $0x00, %r12
|
||||
andq %rcx, %r12
|
||||
# Store
|
||||
movq %r9, (%rdi)
|
||||
movq %r10, 8(%rdi)
|
||||
|
||||
@@ -657,9 +657,9 @@ static int wc_Pic32HashFinal(hashUpdCache* cache, byte* stdBuf,
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
|
||||
static void wc_Pic32HashFree(hashUpdCache* cache, void* stdBuf, void* heap)
|
||||
{
|
||||
if (cache && cache->buf && !cache->isCopy) {
|
||||
if (cache && cache->buf && cache->buf != stdBuf && !cache->isCopy) {
|
||||
XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP);
|
||||
cache->buf = NULL;
|
||||
}
|
||||
@@ -713,7 +713,7 @@ static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
|
||||
void wc_Md5Pic32Free(wc_Md5* md5)
|
||||
{
|
||||
if (md5) {
|
||||
wc_Pic32HashFree(&md5->cache, md5->heap);
|
||||
wc_Pic32HashFree(&md5->cache, (byte*)md5->buffer, md5->heap);
|
||||
}
|
||||
}
|
||||
#endif /* !NO_MD5 */
|
||||
@@ -764,7 +764,7 @@ static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
|
||||
void wc_ShaPic32Free(wc_Sha* sha)
|
||||
{
|
||||
if (sha) {
|
||||
wc_Pic32HashFree(&sha->cache, sha->heap);
|
||||
wc_Pic32HashFree(&sha->cache, (byte*)sha->buffer, sha->heap);
|
||||
}
|
||||
}
|
||||
#endif /* !NO_SHA */
|
||||
@@ -815,7 +815,7 @@ static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
|
||||
void wc_Sha256Pic32Free(wc_Sha256* sha256)
|
||||
{
|
||||
if (sha256) {
|
||||
wc_Pic32HashFree(&sha256->cache, sha256->heap);
|
||||
wc_Pic32HashFree(&sha256->cache, (byte*)sha256->buffer, sha256->heap);
|
||||
}
|
||||
}
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1871,8 +1871,7 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
|
||||
static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
|
||||
{
|
||||
__asm__ __volatile__ (
|
||||
"ld t2, 0(%[in])\n\t"
|
||||
"ld t3, 8(%[in])\n\t"
|
||||
UNALIGNED_LD2(t2, t3, 0, %[in], t0)
|
||||
"ld a3, 0(%[key])\n\t"
|
||||
"ld a4, 8(%[key])\n\t"
|
||||
"ld a5, 16(%[key])\n\t"
|
||||
@@ -1897,8 +1896,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
|
||||
AESENC_2_ROUNDS(208, 216, 224, 232)
|
||||
"L_aes_encrypt_done:\n\t"
|
||||
AESENC_LAST_ROUND()
|
||||
"sd t2, 0(%[out])\n\t"
|
||||
"sd t3, 8(%[out])\n\t"
|
||||
UNALIGNED_SD2(t2, t3, 0, %[out], t0)
|
||||
:
|
||||
: [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
|
||||
[rounds] "r" (aes->rounds)
|
||||
@@ -1918,8 +1916,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
|
||||
static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
|
||||
{
|
||||
__asm__ __volatile__ (
|
||||
"ld t2, 0(%[in])\n\t"
|
||||
"ld t3, 8(%[in])\n\t"
|
||||
UNALIGNED_LD2(t2, t3, 0, %[in], t0)
|
||||
"ld a3, 0(%[key])\n\t"
|
||||
"ld a4, 8(%[key])\n\t"
|
||||
"ld a5, 16(%[key])\n\t"
|
||||
@@ -1944,8 +1941,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
|
||||
AESDEC_2_ROUNDS(208, 216, 224, 232)
|
||||
"L_aes_decrypt_done:\n\t"
|
||||
AESDEC_LAST_ROUND()
|
||||
"sd t2, 0(%[out])\n\t"
|
||||
"sd t3, 8(%[out])\n\t"
|
||||
UNALIGNED_SD2(t2, t3, 0, %[out], t0)
|
||||
:
|
||||
: [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
|
||||
[rounds] "r" (aes->rounds)
|
||||
@@ -3209,8 +3205,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
|
||||
LOAD_WORD_REV(t2, 8, %[in])
|
||||
LOAD_WORD_REV(t3, 12, %[in])
|
||||
#else
|
||||
"ld t1, 0(%[in])\n\t"
|
||||
"ld t3, 8(%[in])\n\t"
|
||||
UNALIGNED_LD2(t1, t3, 0, %[in], t0)
|
||||
REV8(REG_T1, REG_T1)
|
||||
REV8(REG_T3, REG_T3)
|
||||
"srli t0, t1, 32\n\t"
|
||||
@@ -3376,16 +3371,14 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
|
||||
REV8(REG_T1, REG_T1)
|
||||
REV8(REG_T3, REG_T3)
|
||||
/* Write encrypted block to output. */
|
||||
"sd t1, 0(%[out])\n\t"
|
||||
"sd t3, 8(%[out])\n\t"
|
||||
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
|
||||
#else
|
||||
PACK(REG_T1, REG_A5, REG_A4)
|
||||
PACK(REG_T3, REG_A7, REG_A6)
|
||||
REV8(REG_T1, REG_T1)
|
||||
REV8(REG_T3, REG_T3)
|
||||
/* Write encrypted block to output. */
|
||||
"sd t1, 0(%[out])\n\t"
|
||||
"sd t3, 8(%[out])\n\t"
|
||||
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
|
||||
#endif
|
||||
|
||||
:
|
||||
@@ -3641,8 +3634,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
|
||||
LOAD_WORD_REV(t2, 8, %[in])
|
||||
LOAD_WORD_REV(t3, 12, %[in])
|
||||
#else
|
||||
"ld t1, 0(%[in])\n\t"
|
||||
"ld t3, 8(%[in])\n\t"
|
||||
UNALIGNED_LD2(t1, t3, 0, %[in], t0)
|
||||
REV8(REG_T1, REG_T1)
|
||||
REV8(REG_T3, REG_T3)
|
||||
"srli t0, t1, 32\n\t"
|
||||
@@ -3793,16 +3785,14 @@ static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
|
||||
REV8(REG_T1, REG_T1)
|
||||
REV8(REG_T3, REG_T3)
|
||||
/* Write encrypted block to output. */
|
||||
"sd t1, 0(%[out])\n\t"
|
||||
"sd t3, 8(%[out])\n\t"
|
||||
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
|
||||
#else
|
||||
PACK(REG_T1, REG_A5, REG_A4)
|
||||
PACK(REG_T3, REG_A7, REG_A6)
|
||||
REV8(REG_T1, REG_T1)
|
||||
REV8(REG_T3, REG_T3)
|
||||
/* Write encrypted block to output. */
|
||||
"sd t1, 0(%[out])\n\t"
|
||||
"sd t3, 8(%[out])\n\t"
|
||||
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
|
||||
#endif
|
||||
|
||||
:
|
||||
@@ -4113,7 +4103,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
|
||||
*/
|
||||
int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
word32 processed;
|
||||
int ret = 0;
|
||||
|
||||
@@ -4563,8 +4553,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
|
||||
byte* s, word32 sSz)
|
||||
{
|
||||
if (gcm != NULL) {
|
||||
byte x[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
byte* h = gcm->H;
|
||||
|
||||
__asm__ __volatile__ (
|
||||
@@ -4896,8 +4886,8 @@ static void GMULT(byte* x, byte* y)
|
||||
void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
|
||||
byte* s, word32 sSz)
|
||||
{
|
||||
byte x[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
word32 blocks, partial;
|
||||
byte* h;
|
||||
|
||||
@@ -5163,8 +5153,7 @@ static void ghash_blocks(byte* x, byte* y, const byte* in, word32 blocks)
|
||||
|
||||
"L_ghash_loop:\n\t"
|
||||
/* Load input block. */
|
||||
"ld t5, 0(%[in])\n\t"
|
||||
"ld a5, 8(%[in])\n\t"
|
||||
UNALIGNED_LD2(t5, a5, 0, %[in], t4)
|
||||
/* Reverse bits to match x. */
|
||||
#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
|
||||
BREV8(REG_T5, REG_T5)
|
||||
@@ -5307,8 +5296,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
|
||||
byte* s, word32 sSz)
|
||||
{
|
||||
if (gcm != NULL) {
|
||||
byte x[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
word32 blocks, partial;
|
||||
byte* h = gcm->H;
|
||||
|
||||
@@ -5388,8 +5377,8 @@ static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
|
||||
const byte* aad, word32 aadSz)
|
||||
{
|
||||
byte counter[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
/* Noticed different optimization levels treated head of array different.
|
||||
* Some cases was stack pointer plus offset others was a register containing
|
||||
* address. To make uniform for passing in to inline assembly code am using
|
||||
@@ -5886,8 +5875,8 @@ static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
|
||||
const byte* aad, word32 aadSz)
|
||||
{
|
||||
byte counter[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
/* Noticed different optimization levels treated head of array different.
|
||||
* Some cases was stack pointer plus offset others was a register containing
|
||||
* address. To make uniform for passing in to inline assembly code am using
|
||||
@@ -6398,8 +6387,8 @@ static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
|
||||
const byte* aad, word32 aadSz)
|
||||
{
|
||||
byte counter[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
/* Noticed different optimization levels treated head of array different.
|
||||
* Some cases was stack pointer plus offset others was a register containing
|
||||
* address. To make uniform for passing in to inline assembly code am using
|
||||
@@ -7003,8 +6992,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
const byte* aad, word32 aadSz)
|
||||
{
|
||||
int ret = 0;
|
||||
byte counter[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
/* Noticed different optimization levels treated head of array different.
|
||||
* Some cases was stack pointer plus offset others was a register containing
|
||||
* address. To make uniform for passing in to inline assembly code am using
|
||||
@@ -7512,8 +7501,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
const byte* aad, word32 aadSz)
|
||||
{
|
||||
int ret = 0;
|
||||
byte counter[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
/* Noticed different optimization levels treated head of array different.
|
||||
* Some cases was stack pointer plus offset others was a register containing
|
||||
* address. To make uniform for passing in to inline assembly code am using
|
||||
@@ -8035,8 +8024,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
const byte* aad, word32 aadSz)
|
||||
{
|
||||
int ret = 0;
|
||||
byte counter[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
/* Noticed different optimization levels treated head of array different.
|
||||
* Some cases was stack pointer plus offset others was a register containing
|
||||
* address. To make uniform for passing in to inline assembly code am using
|
||||
@@ -8733,8 +8722,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
|
||||
byte* s, word32 sSz)
|
||||
{
|
||||
if (gcm != NULL) {
|
||||
byte x[WC_AES_BLOCK_SIZE];
|
||||
byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
word32 blocks, partial;
|
||||
|
||||
XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
|
||||
@@ -8834,9 +8823,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
word32 partial = sz % WC_AES_BLOCK_SIZE;
|
||||
const byte* p = in;
|
||||
byte* c = out;
|
||||
ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte initialCounter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
|
||||
/* Validate parameters. */
|
||||
if ((aes == NULL) || (nonce == NULL) || (nonceSz == 0) || (tag == NULL) ||
|
||||
@@ -8934,10 +8923,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
word32 partial = sz % WC_AES_BLOCK_SIZE;
|
||||
const byte* c = in;
|
||||
byte* p = out;
|
||||
ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE];
|
||||
ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte Tprime[WC_AES_BLOCK_SIZE];
|
||||
ALIGN8 byte EKY0[WC_AES_BLOCK_SIZE];
|
||||
sword32 res;
|
||||
|
||||
/* Validate parameters. */
|
||||
|
||||
@@ -1825,9 +1825,9 @@ static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m,
|
||||
VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000)
|
||||
VMV_X_S(REG_T0, REG_V0)
|
||||
VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
|
||||
"ld t1, (%[m])\n\t"
|
||||
UNALIGNED_LD(t1, 0, %[m], t2)
|
||||
"xor t1, t1, t0\n\t"
|
||||
"sd t1, (%[c])\n\t"
|
||||
UNALIGNED_SD(t1, 0, %[c], t2)
|
||||
"addi %[bytes], %[bytes], -8\n\t"
|
||||
"addi %[c], %[c], 8\n\t"
|
||||
"addi %[m], %[m], 8\n\t"
|
||||
@@ -2155,10 +2155,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
"bltz %[bytes], L_chacha20_riscv_over\n\t"
|
||||
|
||||
#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
|
||||
"ld t0, 0(%[m])\n\t"
|
||||
"ld t1, 8(%[m])\n\t"
|
||||
"ld t2, 16(%[m])\n\t"
|
||||
"ld s1, 24(%[m])\n\t"
|
||||
UNALIGNED_LD4(t0, t1, t2, s1, 0, %[m], a3)
|
||||
"xor a4, a4, t0\n\t"
|
||||
"xor a6, a6, t1\n\t"
|
||||
"xor t3, t3, t2\n\t"
|
||||
@@ -2171,10 +2168,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
"xor a7, a7, t1\n\t"
|
||||
"xor t4, t4, t2\n\t"
|
||||
"xor t6, t6, s1\n\t"
|
||||
"ld t0, 32(%[m])\n\t"
|
||||
"ld t1, 40(%[m])\n\t"
|
||||
"ld t2, 48(%[m])\n\t"
|
||||
"ld s1, 56(%[m])\n\t"
|
||||
UNALIGNED_LD4(t0, t1, t2, s1, 32, %[m], a3)
|
||||
"xor s2, s2, t0\n\t"
|
||||
"xor s4, s4, t1\n\t"
|
||||
"xor s6, s6, t2\n\t"
|
||||
@@ -2187,22 +2181,8 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
"xor s5, s5, t1\n\t"
|
||||
"xor s7, s7, t2\n\t"
|
||||
"xor s9, s9, s1\n\t"
|
||||
"sw a4, 0(%[c])\n\t"
|
||||
"sw a5, 4(%[c])\n\t"
|
||||
"sw a6, 8(%[c])\n\t"
|
||||
"sw a7, 12(%[c])\n\t"
|
||||
"sw t3, 16(%[c])\n\t"
|
||||
"sw t4, 20(%[c])\n\t"
|
||||
"sw t5, 24(%[c])\n\t"
|
||||
"sw t6, 28(%[c])\n\t"
|
||||
"sw s2, 32(%[c])\n\t"
|
||||
"sw s3, 36(%[c])\n\t"
|
||||
"sw s4, 40(%[c])\n\t"
|
||||
"sw s5, 44(%[c])\n\t"
|
||||
"sw s6, 48(%[c])\n\t"
|
||||
"sw s7, 52(%[c])\n\t"
|
||||
"sw s8, 56(%[c])\n\t"
|
||||
"sw s9, 60(%[c])\n\t"
|
||||
UNALIGNED_SW8(a4, a5, a6, a7, t3, t4, t5, t6, 0, %[c], t0)
|
||||
UNALIGNED_SW8(s2, s3, s4, s5, s6, s7, s8, s9, 32, %[c], t0)
|
||||
#else
|
||||
PACK(REG_A4, REG_A4, REG_A5)
|
||||
PACK(REG_A6, REG_A6, REG_A7)
|
||||
@@ -2212,14 +2192,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
PACK(REG_S4, REG_S4, REG_S5)
|
||||
PACK(REG_S6, REG_S6, REG_S7)
|
||||
PACK(REG_S8, REG_S8, REG_S9)
|
||||
"ld a5, 0(%[m])\n\t"
|
||||
"ld a7, 8(%[m])\n\t"
|
||||
"ld t4, 16(%[m])\n\t"
|
||||
"ld t6, 24(%[m])\n\t"
|
||||
"ld s3, 32(%[m])\n\t"
|
||||
"ld s5, 40(%[m])\n\t"
|
||||
"ld s7, 48(%[m])\n\t"
|
||||
"ld s9, 56(%[m])\n\t"
|
||||
UNALIGNED_LD8(a5, a7, t4, t6, s3, s5, s7, s9, 0, %[m], t0)
|
||||
"xor a4, a4, a5\n\t"
|
||||
"xor a6, a6, a7\n\t"
|
||||
"xor t3, t3, t4\n\t"
|
||||
@@ -2228,14 +2201,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
"xor s4, s4, s5\n\t"
|
||||
"xor s6, s6, s7\n\t"
|
||||
"xor s8, s8, s9\n\t"
|
||||
"sd a4, 0(%[c])\n\t"
|
||||
"sd a6, 8(%[c])\n\t"
|
||||
"sd t3, 16(%[c])\n\t"
|
||||
"sd t5, 24(%[c])\n\t"
|
||||
"sd s2, 32(%[c])\n\t"
|
||||
"sd s4, 40(%[c])\n\t"
|
||||
"sd s6, 48(%[c])\n\t"
|
||||
"sd s8, 56(%[c])\n\t"
|
||||
UNALIGNED_SD8(a4, a6, t3, t5, s2, s4, s6, s8, 0, %[c], t0)
|
||||
#endif
|
||||
|
||||
"addi %[m], %[m], 64\n\t"
|
||||
@@ -2268,10 +2234,10 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
"bltz t0, L_chacha20_riscv_32bit\n\t"
|
||||
"addi a3, a3, -1\n\t"
|
||||
"L_chacha20_riscv_64bit_loop:\n\t"
|
||||
"ld t0, (%[m])\n\t"
|
||||
UNALIGNED_LD(t0, 0, %[m], t2)
|
||||
"ld t1, (%[over])\n\t"
|
||||
"xor t0, t0, t1\n\t"
|
||||
"sd t0, (%[c])\n\t"
|
||||
UNALIGNED_SD(t0, 0, %[c], t2)
|
||||
"addi %[m], %[m], 8\n\t"
|
||||
"addi %[c], %[c], 8\n\t"
|
||||
"addi %[over], %[over], 8\n\t"
|
||||
@@ -2282,10 +2248,10 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
"L_chacha20_riscv_32bit:\n\t"
|
||||
"addi t0, a3, -4\n\t"
|
||||
"bltz t0, L_chacha20_riscv_16bit\n\t"
|
||||
"lw t0, (%[m])\n\t"
|
||||
UNALIGNED_LW(t0, 0, %[m], t2)
|
||||
"lw t1, (%[over])\n\t"
|
||||
"xor t0, t0, t1\n\t"
|
||||
"sw t0, (%[c])\n\t"
|
||||
UNALIGNED_SW(t0, 0, %[c], t2)
|
||||
"addi %[m], %[m], 4\n\t"
|
||||
"addi %[c], %[c], 4\n\t"
|
||||
"addi %[over], %[over], 4\n\t"
|
||||
@@ -2293,10 +2259,10 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
|
||||
"L_chacha20_riscv_16bit:\n\t"
|
||||
"addi t0, a3, -2\n\t"
|
||||
"bltz t0, L_chacha20_riscv_8bit\n\t"
|
||||
"lh t0, (%[m])\n\t"
|
||||
UNALIGNED_LH(t0, 0, %[m], t2)
|
||||
"lh t1, (%[over])\n\t"
|
||||
"xor t0, t0, t1\n\t"
|
||||
"sh t0, (%[c])\n\t"
|
||||
UNALIGNED_SH(t0, 0, %[c], t2)
|
||||
"addi %[m], %[m], 2\n\t"
|
||||
"addi %[c], %[c], 2\n\t"
|
||||
"addi %[over], %[over], 2\n\t"
|
||||
|
||||
@@ -145,8 +145,7 @@ static WC_INLINE void poly1305_blocks_riscv64_16(Poly1305* ctx,
|
||||
|
||||
"L_poly1305_riscv64_16_64_loop_%=:\n\t"
|
||||
/* Load m */
|
||||
"ld t0, (%[m])\n\t"
|
||||
"ld t1, 8(%[m])\n\t"
|
||||
UNALIGNED_LD2(t0, t1, 0, %[m], t5)
|
||||
/* Split m into 26, 52, 52 */
|
||||
SPLIT_130(t2, t3, t4, t0, t1, %[notLast], t5)
|
||||
|
||||
@@ -285,8 +284,7 @@ void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
|
||||
|
||||
"L_poly1305_riscv64_vec_loop_%=:\n\t"
|
||||
/* m0 + nfin */
|
||||
"ld t0, 0(%[m])\n\t"
|
||||
"ld t1, 8(%[m])\n\t"
|
||||
UNALIGNED_LD2(t0, t1, 0, %[m], t5)
|
||||
"li t6, 1\n\t"
|
||||
/* Split m into 24, 52, 52 */
|
||||
SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
|
||||
@@ -294,8 +292,7 @@ void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
|
||||
VMV_S_X(REG_V12, REG_T3)
|
||||
VMV_S_X(REG_V13, REG_T4)
|
||||
/* m1+ nfin */
|
||||
"ld t0, 16(%[m])\n\t"
|
||||
"ld t1, 24(%[m])\n\t"
|
||||
UNALIGNED_LD2(t0, t1, 16, %[m], t5)
|
||||
/* Split m into 24, 52, 52 */
|
||||
SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
|
||||
VMV_S_X(REG_V14, REG_T2)
|
||||
@@ -464,10 +461,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
|
||||
|
||||
__asm__ __volatile__ (
|
||||
/* Load key material */
|
||||
"ld t0, 0(%[key])\n\t"
|
||||
"ld t1, 8(%[key])\n\t"
|
||||
"ld t2, 16(%[key])\n\t"
|
||||
"ld t3, 24(%[key])\n\t"
|
||||
UNALIGNED_LD4(t0, t1, t2, t3, 0, %[key], t4)
|
||||
/* Load clamp */
|
||||
"ld t4, 0(%[clamp])\n\t"
|
||||
"ld t5, 8(%[clamp])\n\t"
|
||||
@@ -636,8 +630,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
|
||||
"sltu t3, t1, t3\n\t"
|
||||
"add t2, t2, t3\n\t"
|
||||
"andi t2, t2, 3\n\t"
|
||||
"sd t0, 0(%[mac])\n\t"
|
||||
"sd t1, 8(%[mac])\n\t"
|
||||
UNALIGNED_SD2(t0, t1, 0, %[mac], t2)
|
||||
/* Zero out h. */
|
||||
"sd x0, %[ctx_h_0]\n\t"
|
||||
"sd x0, %[ctx_h_1]\n\t"
|
||||
|
||||
@@ -484,14 +484,7 @@ static WC_OMIT_FRAME_POINTER WC_INLINE void Sha256Transform(wc_Sha256* sha256,
|
||||
LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7)
|
||||
LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7)
|
||||
#else
|
||||
"lwu a4, 0(%[data])\n\t"
|
||||
"lwu s0, 4(%[data])\n\t"
|
||||
"lwu a5, 8(%[data])\n\t"
|
||||
"lwu s1, 12(%[data])\n\t"
|
||||
"lwu a6, 16(%[data])\n\t"
|
||||
"lwu s2, 20(%[data])\n\t"
|
||||
"lwu a7, 24(%[data])\n\t"
|
||||
"lwu s3, 28(%[data])\n\t"
|
||||
UNALIGNED_LWU8(a4, s0, a5, s1, a6, s2, a7, s3, 0, %[data], t4)
|
||||
PACK_BB(s0, s0, a4, REG_S0, REG_S0, REG_A4)
|
||||
PACK_BB(s1, s1, a5, REG_S1, REG_S1, REG_A5)
|
||||
PACK_BB(s2, s2, a6, REG_S2, REG_S2, REG_A6)
|
||||
@@ -500,14 +493,7 @@ static WC_OMIT_FRAME_POINTER WC_INLINE void Sha256Transform(wc_Sha256* sha256,
|
||||
REV8(REG_S1, REG_S1)
|
||||
REV8(REG_S2, REG_S2)
|
||||
REV8(REG_S3, REG_S3)
|
||||
"lwu a4, 32(%[data])\n\t"
|
||||
"lwu s4, 36(%[data])\n\t"
|
||||
"lwu a5, 40(%[data])\n\t"
|
||||
"lwu s5, 44(%[data])\n\t"
|
||||
"lwu a6, 48(%[data])\n\t"
|
||||
"lwu s6, 52(%[data])\n\t"
|
||||
"lwu a7, 56(%[data])\n\t"
|
||||
"lwu s7, 60(%[data])\n\t"
|
||||
UNALIGNED_LWU8(a4, s4, a5, s5, a6, s6, a7, s7, 32, %[data], t4)
|
||||
PACK_BB(s4, s4, a4, REG_S4, REG_S4, REG_A4)
|
||||
PACK_BB(s5, s5, a5, REG_S5, REG_S5, REG_A5)
|
||||
PACK_BB(s6, s6, a6, REG_S6, REG_S6, REG_A6)
|
||||
@@ -840,31 +826,18 @@ static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash)
|
||||
"srli t2, t3, 32\n\t"
|
||||
"srli a4, a5, 32\n\t"
|
||||
"srli a6, a7, 32\n\t"
|
||||
"sw t0, 0(%[hash])\n\t"
|
||||
"sw t1, 4(%[hash])\n\t"
|
||||
"sw t2, 8(%[hash])\n\t"
|
||||
"sw t3, 12(%[hash])\n\t"
|
||||
"sw a4, 16(%[hash])\n\t"
|
||||
"sw a5, 20(%[hash])\n\t"
|
||||
"sw a6, 24(%[hash])\n\t"
|
||||
"sw a7, 28(%[hash])\n\t"
|
||||
UNALIGNED_SW8(t0, t1, t2, t3, a4, a5, a6, a7, 0, %[hash], t4)
|
||||
#else
|
||||
LOAD_WORD_REV(t0, 0, %[digest], t2, t3, t4)
|
||||
LOAD_WORD_REV(t1, 4, %[digest], t2, t3, t4)
|
||||
LOAD_WORD_REV(a4, 8, %[digest], t2, t3, t4)
|
||||
LOAD_WORD_REV(a5, 12, %[digest], t2, t3, t4)
|
||||
"sw t0, 0(%[hash])\n\t"
|
||||
"sw t1, 4(%[hash])\n\t"
|
||||
"sw a4, 8(%[hash])\n\t"
|
||||
"sw a5, 12(%[hash])\n\t"
|
||||
UNALIGNED_SW4(t0, t1, a4, a5, 0, %[hash], t2)
|
||||
LOAD_WORD_REV(t0, 16, %[digest], t2, t3, t4)
|
||||
LOAD_WORD_REV(t1, 20, %[digest], t2, t3, t4)
|
||||
LOAD_WORD_REV(a4, 24, %[digest], t2, t3, t4)
|
||||
LOAD_WORD_REV(a5, 28, %[digest], t2, t3, t4)
|
||||
"sw t0, 16(%[hash])\n\t"
|
||||
"sw t1, 20(%[hash])\n\t"
|
||||
"sw a4, 24(%[hash])\n\t"
|
||||
"sw a5, 28(%[hash])\n\t"
|
||||
UNALIGNED_SW4(t0, t1, a4, a5, 16, %[hash], t2)
|
||||
#endif
|
||||
:
|
||||
: [digest] "r" (sha256->digest), [hash] "r" (hash)
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user