Merge master into harden-chain-depth-and-parser-bounds

Master's test reorg (c674cec4a) moved test_dtls13_oversized_cert_chain into
the new tests/api/test_dtls13.c. This branch removes that test, so resolve by
taking master's test_dtls.{c,h} and re-applying the removal in test_dtls13.{c,h}.
This commit is contained in:
Colton Willey
2026-06-04 10:10:52 -07:00
162 changed files with 33543 additions and 35073 deletions
+182 -3
View File
@@ -7,6 +7,7 @@
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
@@ -14,9 +15,10 @@
"port": "gcc-arm",
"board": "cortex-m4-min-ecc",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
@@ -24,9 +26,10 @@
"port": "gcc-arm",
"board": "cortex-m4-tls12",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
@@ -34,9 +37,185 @@
"port": "gcc-arm",
"board": "cortex-m4-baremetal",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m0plus",
"port": "gcc-arm",
"board": "cortex-m0plus",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m3",
"port": "gcc-arm",
"board": "cortex-m3",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m7",
"port": "gcc-arm",
"board": "cortex-m7",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-tls13",
"port": "gcc-arm",
"board": "cortex-m4-tls13",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-dtls13",
"port": "gcc-arm",
"board": "cortex-m4-dtls13",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_dtls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_dtls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-pq",
"port": "gcc-arm",
"board": "cortex-m4-pq",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-rsa-only",
"port": "gcc-arm",
"board": "cortex-m4-rsa-only",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_rsa_only.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_rsa_only.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-pkcs7",
"port": "gcc-arm",
"board": "cortex-m4-pkcs7",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_pkcs7.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pkcs7.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-openssl-compat",
"port": "gcc-arm",
"board": "cortex-m4-openssl-compat",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_openssl_compat.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_openssl_compat.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define SMALL_SESSION_CACHE\\n#undef HAVE_OCSP\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define USER_TICKS\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-sp-math",
"port": "gcc-arm",
"board": "cortex-m4-sp-math",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#define WOLFSSL_SP_MATH\\n#define WOLFSSL_SP_NO_ASM\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m4-crypto-only",
"port": "gcc-arm",
"board": "cortex-m4-crypto-only",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "mkdir -p IDE/GCC-ARM/Header-gen && printf '#ifndef WOLFSSL_USER_SETTINGS_H\\n#define WOLFSSL_USER_SETTINGS_H\\n#define WOLFCRYPT_ONLY\\n#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define HAVE_AESGCM\\n#define HAVE_AES_DECRYPT\\n#define HAVE_ECC\\n#define HAVE_CHACHA\\n#define HAVE_POLY1305\\n#define WOLFSSL_SHA512\\n#define WOLFSSL_SHA384\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#endif\\n' > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m7-tls13",
"port": "gcc-arm",
"board": "cortex-m7-tls13",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "gcc-arm-cortex-m7-pq",
"port": "gcc-arm",
"board": "cortex-m7-pq",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
"map_file": "IDE/GCC-ARM/Build/WolfCryptTest.map",
"linker_vars": ""
},
{
"target_name": "stm32-sim-stm32h753",
"port": "stm32-sim",
"board": "stm32h753",
"apt_packages": "build-essential ca-certificates cmake ninja-build python3 git gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib wget unzip",
"build_cmd": "if [ ! -d simulators ]; then git clone --depth 1 https://github.com/wolfSSL/simulators simulators; fi && sudo mkdir -p /opt && if [ ! -d /opt/cmsis-device-h7 ]; then sudo git clone --depth 1 https://github.com/STMicroelectronics/cmsis-device-h7.git /opt/cmsis-device-h7; fi && if [ ! -d /opt/CMSIS_5 ]; then sudo git clone --depth 1 https://github.com/ARM-software/CMSIS_5.git /opt/CMSIS_5; fi && if [ ! -d /opt/STM32CubeH7 ]; then (sudo git clone --depth 1 --branch v1.11.2 --recurse-submodules https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 || (sudo git clone --depth 1 --branch v1.11.2 https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 && cd /opt/STM32CubeH7 && sudo git submodule update --init --recursive --depth 1)); fi && sudo rm -rf /opt/firmware-stm32sim-h7 /opt/wolfssl-stm32sim && sudo mkdir -p /opt/firmware-stm32sim-h7 && sudo cp -r simulators/STM32Sim/firmware/wolfcrypt-test-h7/. /opt/firmware-stm32sim-h7/ && sudo cp /opt/firmware-stm32sim-h7/stm32h7xx_hal_conf.h /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/ && sudo cp -r . /opt/wolfssl-stm32sim && sudo rm -f /opt/wolfssl-stm32sim/config.h && cd /opt/firmware-stm32sim-h7 && sudo cmake -G Ninja -DWOLFSSL_USER_SETTINGS=ON -DUSER_SETTINGS_FILE=/opt/firmware-stm32sim-h7/user_settings.h -DCMAKE_TOOLCHAIN_FILE=/opt/firmware-stm32sim-h7/toolchain-arm-none-eabi.cmake -DCMAKE_BUILD_TYPE=Release -DWOLFSSL_CRYPT_TESTS=OFF -DWOLFSSL_EXAMPLES=OFF -DWOLFSSL_ROOT=/opt/wolfssl-stm32sim -B /opt/firmware-stm32sim-h7/build -S /opt/firmware-stm32sim-h7 && sudo cmake --build /opt/firmware-stm32sim-h7/build && sudo cp /opt/firmware-stm32sim-h7/build/wolfcrypt_test.elf $GITHUB_WORKSPACE/wolfcrypt_test.elf",
"elf": "wolfcrypt_test.elf",
"ld": "simulators/STM32Sim/firmware/wolfcrypt-test-h7/stm32h753.ld",
"linker_vars": ""
},
{
"target_name": "linuxkm-standard",
"port": "linuxkm",
"board": "linux-kernel-module-standard",
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
"elf": "linuxkm/libwolfssl.ko",
"ld": "linuxkm/wolfcrypt.lds",
"linker_vars": "",
"apt_cache": "false"
},
{
"target_name": "linuxkm-pie",
"port": "linuxkm",
"board": "linux-kernel-module-pie",
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
"elf": "linuxkm/libwolfssl.ko",
"ld": "linuxkm/wolfcrypt.lds",
"linker_vars": "",
"apt_cache": "false"
}
]
+21
View File
@@ -112,6 +112,9 @@ LOG_DIR="${SCRIPT_DIR}/logs"
mkdir -p "${LOG_DIR}"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
LOG_FILE="${LOG_DIR}/${BOARD_SLUG}_${TIMESTAMP}.log"
ARTIFACTS_DIR="${SCRIPT_DIR}/artifacts/${BOARD_SLUG}-${SAMPLE_NAME}"
mkdir -p "${ARTIFACTS_DIR}"
chmod 0755 "${ARTIFACTS_DIR}"
echo "==> wolfSSL repo: ${WOLFSSL_REPO}"
echo "==> wolfSSL branch: ${WOLFSSL_BRANCH}"
@@ -256,6 +259,23 @@ else
echo ""
echo "==> [container] Build succeeded!"
# Stage Membrowse-relevant artifacts on the host-mounted volume.
# /artifacts is bind-mounted by the host wrapper; if it isn't writable
# (e.g. interactive runs without the mount), skip silently.
if [[ -d /artifacts && -w /artifacts ]]; then
BUILD_OUT="${WORKDIR}/zephyrproject/build/zephyr"
if [[ -f "${BUILD_OUT}/zephyr.elf" ]]; then
cp "${BUILD_OUT}/zephyr.elf" /artifacts/zephyr.elf
fi
if [[ -f "${BUILD_OUT}/linker.cmd" ]]; then
cp "${BUILD_OUT}/linker.cmd" /artifacts/linker.cmd
fi
# Map file enables Membrowse library/object attribution
if [[ -f "${BUILD_OUT}/zephyr.map" ]]; then
cp "${BUILD_OUT}/zephyr.map" /artifacts/zephyr.map
fi
fi
# Run the app for emulator targets and watch for completion
case "${BOARD_TARGET}" in
native_sim*|qemu_*)
@@ -342,6 +362,7 @@ docker rm -f "${CONTAINER_NAME}" 2>/dev/null || true
DOCKER_ARGS=(
--name "${CONTAINER_NAME}"
--rm
-v "${ARTIFACTS_DIR}:/artifacts"
)
if [[ "$INTERACTIVE" == "1" ]]; then
+14 -1
View File
@@ -19,7 +19,8 @@ jobs:
matrix:
config: [
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384'
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-tls13 --enable-dtls --enable-dtls13'
]
name: build module
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
@@ -55,3 +56,15 @@ jobs:
make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11)
ls -l linuxkm/libwolfssl.ko || $(exit 12)
echo "Successful linuxkm build."
- name: Verify DTLS 1.3 symbols are exported (when WOLFSSL_DTLS13 is configured)
run: |
if grep -q '^#define WOLFSSL_DTLS13' wolfssl/options.h; then
echo "WOLFSSL_DTLS13 defined; checking GPL exports in libwolfssl.ko..."
objdump -t linuxkm/libwolfssl.ko \
| grep -qE '__ksymtab_wolfDTLSv1_3_(client|server)_method$' \
|| { echo "::error::DTLS 1.3 entry points not exported from libwolfssl.ko"; exit 13; }
echo "DTLS 1.3 export check: PASS"
else
echo "WOLFSSL_DTLS13 not defined for this matrix entry; skipping symbol check."
fi
+32
View File
@@ -0,0 +1,32 @@
name: Membrowse Comment
on:
workflow_run:
workflows: [Membrowse Memory Report]
types:
- completed
jobs:
post-comment:
runs-on: ubuntu-24.04
timeout-minutes: 10
# Run the comment job even if some of the builds fail
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion != 'cancelled'
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Post Membrowse PR comment
if: ${{ env.MEMBROWSE_API_KEY != '' }}
uses: membrowse/membrowse-action/comment-action@v1
with:
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
commit: ${{ github.event.workflow_run.head_sha }}
env:
MEMBROWSE_API_KEY: ${{ secrets.MEMBROWSE_API_KEY }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+7 -2
View File
@@ -11,6 +11,9 @@ on:
jobs:
load-targets:
# Only run from the wolfssl org to avoid burning forks' CI minutes
# and reporting fork builds to the membrowse backend.
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 10
outputs:
@@ -25,12 +28,13 @@ jobs:
onboard:
needs: load-targets
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 10
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.load-targets.outputs.matrix) }}
include: ${{ fromJson(needs.load-targets.outputs.matrix || '[]') }}
steps:
- name: Checkout repository
@@ -43,6 +47,7 @@ jobs:
uses: ./.github/actions/install-apt-deps
with:
packages: ${{ matrix.apt_packages }}
cache: ${{ matrix.apt_cache || 'true' }}
- name: Run Membrowse Onboard Action
uses: membrowse/membrowse-action/onboard-action@v1
+59 -16
View File
@@ -1,20 +1,21 @@
name: Membrowse Memory Report
# Runs nightly instead of per-PR - the report is for trend tracking, not
# gating individual PRs, and the build matrix is too heavy to run on every
# push. Use workflow_dispatch to trigger an ad-hoc run.
on:
schedule:
- cron: '0 4 * * *' # daily at 04:00 UTC
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
push:
branches: [master]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
jobs:
load-targets:
# Only run from the wolfssl org to avoid burning forks' CI minutes
# and reporting fork builds to the membrowse backend.
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || github.event.pull_request.draft == false)
runs-on: ubuntu-24.04
timeout-minutes: 10
outputs:
@@ -27,28 +28,68 @@ jobs:
id: set-matrix
run: echo "matrix=$(jq -c '.' .github/membrowse-targets.json)" >> $GITHUB_OUTPUT
analyze:
needs: load-targets
check-changes:
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || github.event.pull_request.draft == false)
runs-on: ubuntu-24.04
timeout-minutes: 10
timeout-minutes: 5
outputs:
needs_build: ${{ steps.filter.outputs.code == 'true' || github.event_name == 'workflow_dispatch' }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Detect binary-affecting changes
id: filter
if: github.event_name == 'pull_request' || github.event_name == 'push'
uses: dorny/paths-filter@v4
with:
predicate-quantifier: every
filters: |
code:
- '!**.md'
- '!**/README*'
- '!doc/**'
- '!AUTHORS'
- '!COPYING*'
- '!LICENSE*'
- '!LICENSING'
- '!INSTALL'
- '!ChangeLog*'
- '!SCRIPTS-LIST'
- '!.gitignore'
- '!.editorconfig'
- '!.codespellexcludelines'
- '!.cyignore'
- '!.wolfssl_known_macro_extras'
- '!.github/ISSUE_TEMPLATE/**'
- '!.github/PULL_REQUEST_TEMPLATE.md'
analyze:
needs: [load-targets, check-changes]
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || needs.check-changes.outputs.needs_build == 'true')
runs-on: ubuntu-24.04
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.load-targets.outputs.matrix) }}
include: ${{ fromJson(needs.load-targets.outputs.matrix || '[]') }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
fetch-depth: 0
submodules: recursive
fetch-depth: 2
submodules: ${{ needs.check-changes.outputs.needs_build == 'true' && 'recursive' || 'false' }}
- name: Install packages
if: needs.check-changes.outputs.needs_build == 'true'
uses: ./.github/actions/install-apt-deps
with:
packages: ${{ matrix.apt_packages }}
cache: ${{ matrix.apt_cache || 'true' }}
- name: Build firmware
if: needs.check-changes.outputs.needs_build == 'true'
run: ${{ matrix.build_cmd }}
- name: Run Membrowse PR Action
@@ -56,9 +97,11 @@ jobs:
uses: membrowse/membrowse-action@v1
with:
target_name: ${{ matrix.target_name }}
elf: ${{ matrix.elf }}
ld: ${{ matrix.ld }}
elf: ${{ needs.check-changes.outputs.needs_build == 'true' && matrix.elf || '' }}
ld: ${{ needs.check-changes.outputs.needs_build == 'true' && matrix.ld || '' }}
map_file: ${{ needs.check-changes.outputs.needs_build == 'true' && matrix.map_file || '' }}
linker_vars: ${{ matrix.linker_vars }}
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
api_url: ${{ vars.MEMBROWSE_API_URL }}
identical: ${{ needs.check-changes.outputs.needs_build != 'true' }}
verbose: INFO
+115
View File
@@ -0,0 +1,115 @@
name: Membrowse Zephyr Report
# Triggered after the heavy Zephyr 4.x test workflow completes. Pulls the
# pre-built zephyr.elf, zephyr.map and linker.cmd artifacts staged by
# zephyr-test.sh and feeds them to the Membrowse memory-tracking service.
# This avoids duplicating the (slow) Zephyr build inside the Membrowse
# matrix.
on:
workflow_run:
workflows: [Zephyr 4.x tests]
types:
- completed
concurrency:
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_sha }}
cancel-in-progress: true
jobs:
analyze:
runs-on: ubuntu-24.04
timeout-minutes: 10
# Only run from the wolfssl org to avoid burning forks' CI minutes
# and reporting fork builds to the membrowse backend.
if: >
github.event.workflow_run.conclusion == 'success' &&
github.repository_owner == 'wolfssl'
permissions:
contents: read
actions: read
strategy:
fail-fast: false
matrix:
include:
- target_name: zephyr-native_sim
artifact: membrowse-zephyr-native_sim
- target_name: zephyr-frdm_rw612
artifact: membrowse-zephyr-frdm_rw612
steps:
# Check out the commit the Zephyr workflow actually built so Membrowse
# attributes the report to the right commit. Only the last 2 commits
# are needed (current + parent) to resolve the base for comparison.
- name: Checkout repository
uses: actions/checkout@v5
with:
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 2
- name: Download Zephyr build artifact
id: download
uses: actions/download-artifact@v4
with:
name: ${{ matrix.artifact }}
path: zephyr-artifacts/${{ matrix.target_name }}
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
continue-on-error: true
- name: Verify artifact present
id: verify
run: |
ELF="zephyr-artifacts/${{ matrix.target_name }}/zephyr.elf"
LD="zephyr-artifacts/${{ matrix.target_name }}/linker.cmd"
MAP="zephyr-artifacts/${{ matrix.target_name }}/zephyr.map"
if [[ -f "$ELF" && -f "$LD" ]]; then
echo "have_artifacts=true" >> "$GITHUB_OUTPUT"
else
echo "have_artifacts=false" >> "$GITHUB_OUTPUT"
echo "::warning::Membrowse artifact for ${{ matrix.target_name }} not found; the matching cell of zephyr-4.x.yml may have been skipped or excluded."
fi
# The map file is optional; it enables library/object attribution.
if [[ -f "$MAP" ]]; then
echo "map_file=$MAP" >> "$GITHUB_OUTPUT"
else
echo "map_file=" >> "$GITHUB_OUTPUT"
fi
- name: Run Membrowse PR Action
if: steps.verify.outputs.have_artifacts == 'true'
uses: membrowse/membrowse-action@v1
with:
target_name: ${{ matrix.target_name }}
elf: zephyr-artifacts/${{ matrix.target_name }}/zephyr.elf
ld: zephyr-artifacts/${{ matrix.target_name }}/linker.cmd
map_file: ${{ steps.verify.outputs.map_file }}
linker_vars: ""
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
api_url: ${{ vars.MEMBROWSE_API_URL }}
verbose: INFO
# Refresh the consolidated Membrowse PR comment after the Zephyr targets
# have been submitted, mirroring membrowse-comment.yml.
post-comment:
needs: analyze
runs-on: ubuntu-24.04
timeout-minutes: 10
if: >
github.event.workflow_run.event == 'pull_request' &&
github.repository_owner == 'wolfssl'
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Post Membrowse PR comment
if: ${{ env.MEMBROWSE_API_KEY != '' }}
uses: membrowse/membrowse-action/comment-action@v1
with:
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
commit: ${{ github.event.workflow_run.head_sha }}
env:
MEMBROWSE_API_KEY: ${{ secrets.MEMBROWSE_API_KEY }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+4 -4
View File
@@ -117,14 +117,14 @@ jobs:
# variants of mod_exp_<words>_nb / RSA / DH wrappers.
'--enable-curve25519=nonblock --enable-ecc=nonblock --enable-rsa=nonblock --enable-dh=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK -DRSA_LOW_MEM -DSP_WORD_SIZE=32"',
'--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"',
# Minimal DTLS 1.3 client-only build. The SHA-224/384/512/3
# disables are deliberately omitted: --disable-sha384 alone
# trips a pre-existing wolfSSL bug in
# test_tls13_duplicate_extension (reproducible on clean master).
# Minimal DTLS 1.3 client-only build with the SHA-224/384/512/3
# hash families disabled. SHA-256 (used by TLS_AES_128_GCM_SHA256)
# and SHA-1 remain enabled.
'--enable-dtls13 --disable-tlsv12 --disable-oldtls --disable-rsa --disable-dh
--disable-aescbc --disable-aesecb --disable-md5 --disable-chacha
--disable-poly1305 --disable-errorstrings --disable-asn-print
--disable-eccshamir --disable-base64encode --disable-coding --disable-sni
--disable-sha224 --disable-sha384 --disable-sha512 --disable-sha3
--enable-aesgcm=small --enable-sp-math --enable-sp=smallec256 --disable-sp-asm
CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_TLS12 -DNO_SESSION_CACHE
-DWOLFSSL_AES_NO_UNROLL -DUSE_SLOW_SHA256 -DWOLFSSL_NO_ASYNC_IO
+86
View File
@@ -0,0 +1,86 @@
name: PIC32MZ simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
# Build the PIC32MZ software simulator (https://github.com/wolfSSL/simulators,
# PIC32MZSim/ subdirectory) and run the wolfCrypt test suite on emulated
# PIC32MZ EC (no FPU, CE ignores OUT_SWAP) and EF (FPU + OUT_SWAP) parts,
# through both the direct-register PIC32 port and the MPLAB Harmony 3 driver
# port.
#
# Like stm32-sim.yml, the Dockerfiles read wolfSSL from /opt/wolfssl at
# runtime via a bind mount, so no Dockerfile patching is required - the PR
# checkout is mounted directly.
jobs:
pic32mz_sim:
name: wolfCrypt on PIC32MZ ${{ matrix.chip_label }} (${{ matrix.port_label }})
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
include:
- port_label: direct
chip_label: EC
dockerfile: Dockerfile.wolfcrypt-direct
image_tag: pic32mz-wolfcrypt-direct:ci
script: run-wolfcrypt-direct-ec.sh
cache_scope: pic32mz-direct
- port_label: direct
chip_label: EF
dockerfile: Dockerfile.wolfcrypt-direct
image_tag: pic32mz-wolfcrypt-direct:ci
script: run-wolfcrypt-direct-ef.sh
cache_scope: pic32mz-direct
- port_label: harmony
chip_label: EC
dockerfile: Dockerfile.wolfcrypt-harmony
image_tag: pic32mz-wolfcrypt-harmony:ci
script: run-wolfcrypt-harmony-ec.sh
cache_scope: pic32mz-harmony
- port_label: harmony
chip_label: EF
dockerfile: Dockerfile.wolfcrypt-harmony
image_tag: pic32mz-wolfcrypt-harmony:ci
script: run-wolfcrypt-harmony-ef.sh
cache_scope: pic32mz-harmony
steps:
- name: Checkout wolfSSL (PR source)
uses: actions/checkout@v4
with:
path: wolfssl
- name: Clone PIC32MZ simulator
run: git clone --depth 1 https://github.com/wolfSSL/simulators simulators
- uses: docker/setup-buildx-action@v3
- name: Build ${{ matrix.image_tag }} image
uses: docker/build-push-action@v5
with:
context: simulators/PIC32MZSim
file: simulators/PIC32MZSim/${{ matrix.dockerfile }}
push: false
load: true
tags: ${{ matrix.image_tag }}
cache-from: type=gha,scope=${{ matrix.cache_scope }}
cache-to: type=gha,mode=max,scope=${{ matrix.cache_scope }}
- name: Run wolfCrypt tests on PIC32MZ ${{ matrix.chip_label }} (${{ matrix.port_label }})
run: |
docker run --rm \
-v "${{ github.workspace }}/wolfssl:/opt/wolfssl:ro" \
${{ matrix.image_tag }} \
/app/scripts/${{ matrix.script }}
+19
View File
@@ -79,3 +79,22 @@ jobs:
path: .github/scripts/zephyr-4.x/logs/
retention-days: 5
if-no-files-found: ignore
# Stage Membrowse artifacts only for the cells we want to track on the
# Membrowse dashboard. Keep this tight to avoid duplicate target_name
# entries on the dashboard and unnecessary artifact uploads.
- name: Upload Membrowse artifacts (selected cells only)
if: >
success() &&
matrix.zephyr-ref == 'v4.3.0' &&
matrix.sample == 'wolfssl_test' &&
matrix.extra-conf == ''
uses: actions/upload-artifact@v4
with:
name: membrowse-zephyr-${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612' }}
path: |
.github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/zephyr.elf
.github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/linker.cmd
.github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/zephyr.map
if-no-files-found: warn
retention-days: 1
+5 -1
View File
@@ -741,10 +741,10 @@ WOLFSSL_CONTIKI
WOLFSSL_CRL_ALLOW_MISSING_CDP
WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
WOLFSSL_DRBG_SHA256
WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
WOLFSSL_DTLS_DISALLOW_FUTURE
WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS
WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
WOLFSSL_DUMP_MEMIO_STREAM
WOLFSSL_DUP_CERTPOL
WOLFSSL_EARLY_DATA_NO_ANTI_REPLAY
@@ -869,6 +869,7 @@ WOLFSSL_PASSTHRU_ERR
WOLFSSL_PB
WOLFSSL_PEER_ADDRESS_CHANGES
WOLFSSL_PKCS11_RW_TOKENS
WOLFSSL_PPC64_ASM_AES_NO_HARDEN
WOLFSSL_PRCONNECT_PRO
WOLFSSL_PREFIX
WOLFSSL_PSA_NO_AES
@@ -888,6 +889,7 @@ WOLFSSL_RENESAS_RZN2L
WOLFSSL_RENESAS_TLS
WOLFSSL_RENESAS_TSIP_IAREWRX
WOLFSSL_REQUIRE_TCA
WOLFSSL_RISCV_ASM_NO_UNALIGNED
WOLFSSL_RNG_USE_FULL_SEED
WOLFSSL_RSA_CHECK_D_ON_DECRYPT
WOLFSSL_RSA_DECRYPT_TO_0_LEN
@@ -976,6 +978,7 @@ XSECURE_CACHE_DISABLE
_ABI64
_ABIO64
_ARCH_PPC64
_ARCH_PWR8
_COMPILER_VERSION
_INTPTR_T_DECLARED
_LINUX_REFCOUNT_H
@@ -1004,6 +1007,7 @@ __32MZ2048ECM144__
__32MZ2048EFM144__
__ANDROID__
__APPLE__
__ARCH_PWR8
__ARCH_STRCASECMP_NO_REDIRECT
__ARCH_STRCMP_NO_REDIRECT
__ARCH_STRNCASECMP_NO_REDIRECT
+3
View File
@@ -2942,11 +2942,14 @@ if(WOLFSSL_EXAMPLES)
tests/api/test_mldsa_legacy.c
tests/api/test_slhdsa.c
tests/api/test_signature.c
tests/api/test_lms_xmss.c
tests/api/test_dtls.c
tests/api/test_dtls13.c
tests/api/test_ocsp.c
tests/api/test_evp.c
tests/api/test_tls_ext.c
tests/api/test_tls.c
tests/api/test_session.c
tests/api/test_x509.c
tests/api/test_asn.c
tests/api/test_pkcs7.c
+2 -3
View File
@@ -469,10 +469,10 @@ extern "C" {
/* Override Current Time */
/* Allows custom "custom_time()" function to be used for benchmark */
#define WOLFSSL_USER_CURRTIME
#define WOLFSSL_GMTIME
#define TIME_OVERRIDES
#define USER_TICKS
extern unsigned long my_time(unsigned long* timer);
#define XTIME my_time
#define XGMTIME my_gmtime
/* ------------------------------------------------------------------------- */
@@ -656,4 +656,3 @@ extern unsigned int my_rng_seed_gen(void);
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */
+5
View File
@@ -89,6 +89,8 @@ SRC_C += ../../src/sniffer.c
SRC_C += ../../src/ssl.c
SRC_C += ../../src/tls.c
SRC_C += ../../src/tls13.c
SRC_C += ../../src/dtls.c
SRC_C += ../../src/dtls13.c
SRC_C += ../../src/wolfio.c
# wolfCrypt Core (FIPS)
@@ -185,6 +187,9 @@ SRC_C += ../../wolfcrypt/src/dsa.c
SRC_C += ../../wolfcrypt/src/md2.c
SRC_C += ../../wolfcrypt/src/md4.c
SRC_C += ../../wolfcrypt/src/ripemd.c
SRC_C += ../../wolfcrypt/src/wc_mldsa.c
SRC_C += ../../wolfcrypt/src/wc_mlkem.c
SRC_C += ../../wolfcrypt/src/wc_mlkem_poly.c
FILENAMES_C = $(notdir $(SRC_C))
+91 -6
View File
@@ -27,6 +27,9 @@
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#ifdef NO_ASN_TIME
#include <time.h>
#endif
/* TIME CODE */
@@ -37,21 +40,103 @@ static int hw_get_time_sec(void)
{
#warning Must implement your own time source if validating certificates
return ++gTimeMs;
return ++gTimeMs;
}
static int IsLeapYear(int year)
{
return ((year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0));
}
/* This is used by wolfCrypt asn.c for cert time checking */
unsigned long my_time(unsigned long* timer)
time_t my_time(time_t* timer)
{
(void)timer;
return hw_get_time_sec();
time_t curTime = (time_t)hw_get_time_sec();
if (timer != NULL) {
*timer = curTime;
}
return curTime;
}
struct tm* my_gmtime(const time_t* timer, struct tm* tmp)
{
static struct tm staticTime;
static const unsigned char daysPerMonth[] =
{ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
time_t curTime;
long days;
long rem;
int year;
int yearDays;
int month;
int monthDays;
if (tmp == NULL) {
tmp = &staticTime;
}
curTime = (timer != NULL) ? *timer : my_time(NULL);
if (curTime < 0) {
curTime = 0;
}
days = (long)(curTime / 86400);
rem = (long)(curTime % 86400);
tmp->tm_hour = (int)(rem / 3600);
rem %= 3600;
tmp->tm_min = (int)(rem / 60);
tmp->tm_sec = (int)(rem % 60);
tmp->tm_wday = (int)((days + 4) % 7);
year = 1970;
while (1) {
yearDays = IsLeapYear(year) ? 366 : 365;
if (days < yearDays) {
break;
}
days -= yearDays;
year++;
}
tmp->tm_year = year - 1900;
tmp->tm_yday = (int)days;
for (month = 0; month < 12; month++) {
monthDays = daysPerMonth[month];
if (month == 1 && IsLeapYear(year)) {
monthDays++;
}
if (days < monthDays) {
break;
}
days -= monthDays;
}
tmp->tm_mon = month;
tmp->tm_mday = (int)days + 1;
tmp->tm_isdst = 0;
return tmp;
}
#ifndef WOLFCRYPT_ONLY
/* This is used by TLS only */
unsigned int LowResTimer(void)
word32 LowResTimer(void)
{
return hw_get_time_sec();
return (word32)hw_get_time_sec();
}
/* This is used by TLS 1.3 ticket and PSK timeouts. */
#ifdef WOLFSSL_32BIT_MILLI_TIME
word32 TimeNowInMilliseconds(void)
#else
sword64 TimeNowInMilliseconds(void)
#endif
{
return (sword64)my_time(NULL) * 1000;
}
#endif
+1
View File
@@ -10,6 +10,7 @@ EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c
EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c
EXTRA_DIST+= IDE/GCC-ARM/Source/tls_server.c
EXTRA_DIST+= IDE/GCC-ARM/linker.ld
EXTRA_DIST+= IDE/GCC-ARM/linker_large.ld
EXTRA_DIST+= IDE/GCC-ARM/linker_fips.ld
EXTRA_DIST+= IDE/GCC-ARM/Makefile
EXTRA_DIST+= IDE/GCC-ARM/Makefile.bench
+30
View File
@@ -0,0 +1,30 @@
MEMORY
{
FLASH (wx) : ORIGIN = 0x00000000, LENGTH = 1024K
RAM (wx) : ORIGIN = 0x20000000, LENGTH = 256K
}
SECTIONS
{
__vectors_start__ = .;
.vectors : { *(.vectors) } > FLASH
__vectors_end__ = __vectors_start__ + 0x400;
.sys : { *(.sys*) } > FLASH
.text : { *(.text*) } > FLASH
.rodata : { *(.rodata*) } > FLASH
__data_load_start__ = .;
__data_start__ = .;
.data : { *(.data*) } > RAM
__data_end__ = __data_start__ + SIZEOF(.data);
__bss_start__ = .;
.bss : { *(.bss*) } > RAM
__bss_end__ = __bss_start__ + SIZEOF(.bss);
__heap_start__ = .;
.heap : { *(.heap*) } > RAM
__heap_end__ = __heap_start__ + SIZEOF(.heap);
end = .;
}
+6 -4
View File
@@ -85,6 +85,8 @@ The wolfssl Project Summary is listed below and is relevant for every project.
+ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties
+ Add Ethernet Driver by clicking `Add Ethernet Driver` element and select `New` -> `Ethernet(r_ether)`
+ Increase Heap size of `RA Common`. Go to `BSP` tab and inclease `RA Common` -> `Heap size (bytes)` to 0x2000
|Property|Value|
|:--|:--|
|Network Events call vApplicationIPNetworkEventHook|Disable|
@@ -130,7 +132,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
SEGGER_RTT_printf.c
+ To connect RTT block, you can configure RTT viewer configuration based on where RTT block is in a map file.
+ To place RTT block specific area, you can add the following line to `fsp.ld`:
+ To place RTT block specific area, you can add the following line to `fsp_gen.ld`:
```
__ram_from_flash$$ :
@@ -161,9 +163,9 @@ SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".txt.rtt_block")));
0x20000000 0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o
0x20000000 _SEGGER_RTT
````
you can specify "RTT control block" to 0x20023648 by Address
you can specify "RTT control block" to 0x20000000 by Address
OR
you can specify "RTT control block" to 0x20023000 0x1000 by Search Range
you can specify "RTT control block" to 0x20000000 0x1000 by Search Range
## Run Client
1.) Enable TLS_CLIENT definition in wolfssl_demo.h of test_RA6M4 project
@@ -174,7 +176,7 @@ SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".txt.rtt_block")));
```
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
```
+ Client IP address can be changed by the following line in wolf_client.c.
+ Server IP address can be changed by the following line in wolfssl_demo.h.
```
#define SERVER_IP "192.168.11.40"
```
@@ -115,5 +115,4 @@
#endif
#define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock
/* use original asn parsing */
#define WOLFSSL_ASN_ORIGINAL
@@ -72,32 +72,32 @@ const st_user_key_block_data_t g_key_block_data =
* This is used for Root Certificate verify by SCE */
const unsigned char ca_cert_der_sign[] =
{
0xAF, 0x76, 0x00, 0x5E, 0x2C, 0x9C, 0xCB, 0xAF, 0x96, 0x9F,
0x7A, 0x0E, 0xA1, 0x41, 0x36, 0xBE, 0x72, 0x8C, 0xED, 0x86,
0x31, 0xEF, 0x03, 0x19, 0x2D, 0x68, 0xB0, 0x17, 0xD2, 0x3F,
0x15, 0xAC, 0x51, 0x00, 0x98, 0xE9, 0xE0, 0x07, 0x39, 0x00,
0x83, 0x63, 0xE3, 0x0F, 0xCA, 0xD5, 0x8A, 0xBD, 0xBB, 0xC5,
0x5C, 0xC7, 0xE4, 0xE0, 0xCB, 0x2F, 0x9F, 0x4E, 0xE8, 0xB0,
0xBF, 0xA6, 0x12, 0x95, 0xFF, 0x5C, 0xA8, 0xF7, 0x89, 0xD4,
0xA0, 0x84, 0x74, 0x50, 0x91, 0x11, 0x16, 0xEA, 0xEC, 0x59,
0x03, 0x63, 0x2C, 0xBC, 0x7B, 0x16, 0xD5, 0xAB, 0x2F, 0x7A,
0xF8, 0xC0, 0x51, 0xC2, 0x58, 0x9C, 0x2C, 0x89, 0xFB, 0x26,
0x88, 0x13, 0x3F, 0x77, 0xD8, 0x2F, 0x3F, 0x52, 0x5C, 0x65,
0x0F, 0x04, 0xF8, 0xAC, 0x54, 0x4F, 0x9C, 0x36, 0x80, 0x4A,
0xE7, 0x54, 0x5A, 0x86, 0x6E, 0xD5, 0x34, 0xC9, 0x31, 0x12,
0x9D, 0x64, 0x8F, 0x3D, 0xA3, 0x9D, 0x07, 0x87, 0xF5, 0xD7,
0x54, 0x6E, 0xFA, 0x53, 0xF0, 0x09, 0xCE, 0x0A, 0xD3, 0xCA,
0x63, 0x23, 0x0A, 0x07, 0xF5, 0xA2, 0x28, 0x67, 0xCD, 0xC7,
0x1E, 0x0C, 0x4F, 0x15, 0x6B, 0xBA, 0x50, 0xDE, 0x08, 0x7B,
0x56, 0x18, 0x8C, 0xA2, 0xE0, 0x9C, 0x5A, 0x31, 0xBA, 0xAC,
0xD3, 0x8B, 0xFC, 0x7F, 0xE1, 0x60, 0x26, 0x93, 0x47, 0xA6,
0x42, 0x67, 0x50, 0x0F, 0x0B, 0x90, 0x27, 0xE3, 0x53, 0x35,
0xFD, 0x20, 0x2A, 0xEF, 0xB1, 0x68, 0x81, 0xF8, 0x05, 0x19,
0xB2, 0x37, 0x57, 0xE8, 0x14, 0x5E, 0xD0, 0xC8, 0x10, 0xB0,
0xAA, 0x15, 0x27, 0xA3, 0xBF, 0x09, 0xC1, 0xC4, 0xAC, 0x5B,
0xB4, 0xE4, 0x9A, 0xD3, 0x3A, 0x59, 0xF0, 0x2A, 0x05, 0xFE,
0xA6, 0xA6, 0x86, 0x96, 0x9C, 0xF7, 0x6C, 0xA3, 0x3B, 0x3A,
0x54, 0xA0, 0x38, 0x6D, 0x84, 0x73
0x4D, 0x7E, 0xE5, 0x34, 0x04, 0x8F, 0xA6, 0x81, 0x22, 0x8E,
0x2A, 0x9E, 0xEA, 0xBE, 0x1D, 0x0A, 0x1C, 0xC3, 0xEC, 0xCD,
0x99, 0x1D, 0xE0, 0x2E, 0x79, 0x42, 0x8F, 0xEA, 0x79, 0x47,
0x13, 0xC3, 0x40, 0x47, 0x83, 0xF6, 0xFE, 0x32, 0x42, 0x52,
0x26, 0xED, 0xC4, 0xCF, 0x2E, 0x86, 0xF4, 0xEC, 0xFE, 0x8F,
0x6B, 0xF4, 0x3F, 0x0F, 0xA7, 0x1E, 0x9F, 0x09, 0x37, 0xAE,
0x5E, 0x35, 0x39, 0xCD, 0x35, 0xAC, 0x6F, 0x37, 0x98, 0x01,
0x6C, 0x8B, 0x01, 0x8A, 0xAE, 0xCC, 0xAF, 0x05, 0x6E, 0x05,
0x3A, 0x0A, 0x03, 0xA2, 0xEB, 0xD4, 0x4A, 0x63, 0x64, 0x68,
0xB6, 0xE4, 0xFC, 0xDE, 0xA5, 0x6B, 0xC4, 0x3C, 0x8F, 0xCF,
0xC2, 0x5A, 0x2F, 0xBB, 0xBE, 0x70, 0xDC, 0x19, 0x07, 0x4D,
0xC3, 0x5F, 0x3E, 0xD9, 0x1A, 0x8E, 0xB9, 0x36, 0x74, 0xF6,
0x38, 0xA6, 0x62, 0x7A, 0xBD, 0x53, 0xF5, 0x91, 0xCF, 0xFD,
0xD2, 0xCA, 0x4A, 0x20, 0x47, 0xD3, 0x78, 0x15, 0x82, 0x75,
0xDC, 0x3F, 0x2D, 0xAE, 0x18, 0xFE, 0x9F, 0x22, 0x99, 0x12,
0x4D, 0xF3, 0x3E, 0xE3, 0x47, 0x33, 0xED, 0x06, 0x79, 0x42,
0x12, 0xBD, 0x07, 0x39, 0x3F, 0x0D, 0x8A, 0x64, 0xA9, 0xDC,
0xF0, 0xCF, 0x87, 0x85, 0x4F, 0x09, 0x31, 0x26, 0x6D, 0x05,
0x2B, 0xBD, 0x52, 0xFB, 0x03, 0xD9, 0xD8, 0x0E, 0x34, 0x33,
0x72, 0xC0, 0x32, 0x69, 0x6F, 0x23, 0x2A, 0xF9, 0xD3, 0xBB,
0x55, 0xD4, 0xF8, 0x85, 0xF5, 0xF8, 0x5E, 0xAB, 0x57, 0x35,
0xAC, 0x3A, 0x33, 0x1F, 0xB8, 0x29, 0x1E, 0xFA, 0x30, 0xC1,
0x32, 0xEB, 0xAB, 0xD3, 0x51, 0x15, 0x6A, 0xAE, 0xE6, 0xD1,
0x42, 0x6C, 0x93, 0x3C, 0x48, 0xE1, 0xF8, 0xBC, 0x03, 0xFB,
0x38, 0x25, 0x18, 0x8F, 0x5B, 0x60, 0xE2, 0x86, 0x15, 0x88,
0xA3, 0x09, 0xFD, 0x29, 0xB7, 0xF5
};
const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
@@ -108,32 +108,32 @@ const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
*/
const unsigned char ca_ecc_cert_der_sign[] =
{
0x5A, 0x12, 0x05, 0x7F, 0x18, 0x16, 0x41, 0x18, 0x37, 0x11,
0x67, 0x22, 0xCE, 0x03, 0x92, 0xDB, 0xCB, 0xE2, 0xD2, 0x5B,
0x35, 0x3A, 0x2E, 0x35, 0xE8, 0x86, 0x6F, 0xB6, 0x3F, 0x86,
0x99, 0xFB, 0xB7, 0x7A, 0xB1, 0x38, 0xAE, 0x79, 0x7D, 0x98,
0x2D, 0x81, 0xBD, 0x74, 0xB1, 0x7D, 0xAD, 0xCE, 0x4F, 0x63,
0xD2, 0xB3, 0x06, 0xDF, 0x00, 0x91, 0x12, 0x21, 0x53, 0xAE,
0xEB, 0x0E, 0x4E, 0xDA, 0xF1, 0xD7, 0x29, 0x2E, 0xC8, 0xF2,
0x42, 0xEB, 0x90, 0xDE, 0xE3, 0xF2, 0x4B, 0x9A, 0xC0, 0x16,
0x51, 0x4C, 0xE3, 0x54, 0xCD, 0xE7, 0x33, 0xE6, 0x0A, 0xD4,
0x0F, 0x51, 0x6D, 0xA5, 0x69, 0x5E, 0xD7, 0xDD, 0x5A, 0xF9,
0x95, 0xE7, 0x89, 0x71, 0x56, 0x22, 0x37, 0x24, 0x2D, 0x39,
0x21, 0xE4, 0xC9, 0x4F, 0x22, 0x2E, 0x01, 0xA0, 0xA1, 0x2F,
0xDC, 0x75, 0xD9, 0xED, 0x25, 0x37, 0xB6, 0x7E, 0xAB, 0xF7,
0xFA, 0xCD, 0x68, 0x9B, 0x89, 0x1F, 0x21, 0x43, 0x8C, 0xAC,
0xE6, 0x55, 0xC2, 0xDE, 0xF5, 0xCE, 0xA9, 0x1B, 0x6D, 0x7E,
0x64, 0x3D, 0x91, 0x5A, 0x8D, 0x55, 0x8D, 0x32, 0x56, 0x0D,
0xE2, 0x65, 0x73, 0xBE, 0x21, 0x2E, 0x7D, 0xFF, 0x2C, 0xA4,
0x28, 0x0F, 0x37, 0x0F, 0xEA, 0xE7, 0xC4, 0xAC, 0x73, 0x7E,
0x5F, 0x35, 0x35, 0xD2, 0xE1, 0x76, 0x5B, 0xB3, 0x44, 0xA2,
0xD7, 0x8E, 0x99, 0xE5, 0x7E, 0xD1, 0x61, 0xAB, 0x78, 0xFC,
0x70, 0x61, 0x34, 0x99, 0x41, 0x1F, 0x83, 0xFF, 0x71, 0x8D,
0x83, 0xC5, 0x03, 0x3A, 0x64, 0x54, 0xD0, 0x68, 0x83, 0xC7,
0x3B, 0x75, 0x62, 0x86, 0x7B, 0xF3, 0x4B, 0xFE, 0xAC, 0x4B,
0x6F, 0x45, 0x70, 0xC4, 0x71, 0x03, 0x9F, 0x90, 0x32, 0x35,
0xA8, 0x44, 0x63, 0x2B, 0x89, 0xF4, 0xCE, 0x38, 0x40, 0x61,
0xC4, 0x9A, 0x2E, 0x84, 0xD5, 0x08
0x10, 0xDC, 0xA3, 0x0E, 0xD9, 0xA7, 0x3C, 0xBE, 0x37, 0x6E,
0x34, 0xC1, 0xDB, 0x4E, 0x90, 0x42, 0x05, 0xCC, 0x94, 0x2B,
0xAF, 0x0D, 0xE0, 0xC9, 0xE3, 0x91, 0x5F, 0x57, 0x58, 0x48,
0x44, 0x69, 0x96, 0x4A, 0x94, 0x24, 0x17, 0xE6, 0xDC, 0x1F,
0x6B, 0xCA, 0xC5, 0xD2, 0x66, 0x25, 0xF7, 0x6F, 0x1E, 0x67,
0xC0, 0x16, 0x7D, 0x59, 0x43, 0x55, 0x52, 0x6F, 0x1C, 0x23,
0x55, 0xAC, 0x5E, 0x2C, 0x1A, 0x33, 0x9A, 0x3F, 0x8D, 0x2E,
0xA9, 0x2B, 0x2A, 0x57, 0x90, 0xA9, 0x4B, 0x5F, 0x30, 0xD1,
0xB5, 0x76, 0x10, 0xAB, 0xDA, 0x0C, 0x6A, 0x0A, 0x42, 0xEF,
0x5C, 0x4C, 0xFD, 0x4E, 0x5B, 0x4B, 0x68, 0x30, 0x23, 0x11,
0x53, 0xA8, 0xBE, 0x01, 0x2E, 0x6F, 0xEB, 0x40, 0x60, 0x1D,
0xBC, 0xE7, 0xCC, 0xCC, 0x89, 0xA0, 0xD1, 0x2E, 0x08, 0x0F,
0xE5, 0x81, 0xB1, 0xCF, 0x32, 0x95, 0xA0, 0xF6, 0x0E, 0x59,
0x88, 0x10, 0x2F, 0xB2, 0x60, 0x59, 0xA4, 0x08, 0xBA, 0x81,
0x1A, 0x6C, 0x24, 0xB8, 0xBE, 0x2B, 0x4A, 0x64, 0x3E, 0x14,
0x88, 0x46, 0x22, 0xEC, 0xAA, 0x24, 0x6E, 0x1D, 0x5F, 0xA1,
0x89, 0xA3, 0xD0, 0x5B, 0x26, 0xC1, 0x63, 0xF4, 0xDC, 0x32,
0x7F, 0xED, 0xDB, 0x0F, 0xE9, 0x0D, 0xBB, 0x24, 0xB9, 0x25,
0x87, 0x11, 0xE4, 0x90, 0xE3, 0xAE, 0x4B, 0xEE, 0x3C, 0xFB,
0x49, 0xDD, 0x5E, 0xB0, 0xF3, 0xC9, 0x13, 0xA9, 0x73, 0x78,
0x23, 0xBB, 0x66, 0x29, 0x53, 0xF2, 0xBF, 0xC6, 0x92, 0xDB,
0x09, 0x21, 0x18, 0xAF, 0x76, 0x43, 0x4C, 0x7E, 0xD7, 0x4D,
0xCA, 0xB7, 0xAA, 0x90, 0xEF, 0x6E, 0xF5, 0x3F, 0x66, 0xCA,
0x40, 0x1A, 0xCE, 0x87, 0x20, 0x9F, 0x39, 0x36, 0x03, 0x53,
0x8E, 0x2C, 0xFD, 0x31, 0x14, 0xB8, 0x7E, 0x81, 0xC7, 0x84,
0x69, 0x1B, 0xBD, 0x1A, 0x0F, 0x3A
};
static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
#endif /* USE_CERT_BUFFERS_256 */
+23 -31
View File
@@ -170,39 +170,31 @@ int client_loop(const char *peer_ip, const char *peer_name,
char randombytes[16] = {0};
/* Construct HTTP POST */
/* Header */
strcat(buff, "POST /iot/device HTTP/1.1\r\n");
strcat(buff, "Content-Type: application/json\r\n");
strcat(buff, "Content-Length: 1000\r\n");
strcat(buff, "Accept: */*\r\n");
strcat(buff, "Host: ");
strcat(buff, peer_name);
strcat(buff, ":");
strcat(buff, peer_port);
strcat(buff, "\r\n");
/* Delimiter */
strcat(buff, "\r\n");
/* Body */
srand(time(NULL));
int devid = rand() % 100;
char snum[5] = {0};
snprintf(snum, sizeof(snum), "%d", devid);
int devid = rand() % 100;
strcat(buff, "{");
strcat(buff, "\"deviceId\": \"");
strcat(buff, snum);
strcat(buff, "\",");
strcat(buff, "\"sensorType\": \"Temperature\",");
strcat(buff, "\"sensorValue\": \"");
strcat(buff, temperature);
strcat(buff, "\",");
strcat(buff, "\"sensorUnit\": \"Celsius\",");
strcat(buff, "\"sensorTime\": 1582181510");
strcat(buff, "}");
strcat(buff, "\r\n");
int n = snprintf(buff, sizeof(buff),
"POST /iot/device HTTP/1.1\r\n"
"Content-Type: application/json\r\n"
"Content-Length: 1000\r\n"
"Accept: */*\r\n"
"Host: %s:%s\r\n"
"\r\n"
"{"
"\"deviceId\": \"%d\","
"\"sensorType\": \"Temperature\","
"\"sensorValue\": \"%s\","
"\"sensorUnit\": \"Celsius\","
"\"sensorTime\": 1582181510"
"}"
"\r\n",
peer_name, peer_port, devid, temperature);
if (n < 0 || n >= (int)sizeof(buff)) {
fprintf(stderr, "ERROR: HTTP request too large for buffer\n");
ret = -1;
goto exit;
}
printf("\n\nPOST REQUEST\n\n%s\n\n", buff);
+6 -6
View File
@@ -203,27 +203,27 @@ int main(int argc, char** argv)
if (argc == 11)
{
if (strcmp(argv[1], "-ip") == 0)
strcpy((char*)&ip, argv[2]);
if (strcmp(argv[1], "-ip") == 0 && strlen(argv[2]) < sizeof(ip))
strcpy((char*)&ip, argv[2]);
else
show_usage(argv[0]);
if (strcmp(argv[3], "-h") == 0)
if (strcmp(argv[3], "-h") == 0 && strlen(argv[4]) < sizeof(name))
strcpy((char*)&name, argv[4]);
else
show_usage(argv[0]);
if (strcmp(argv[5], "-p") == 0)
if (strcmp(argv[5], "-p") == 0 && strlen(argv[6]) < sizeof(port))
strcpy((char*)&port, argv[6]);
else
show_usage(argv[0]);
if (strcmp(argv[7], "-t") == 0)
if (strcmp(argv[7], "-t") == 0 && strlen(argv[8]) < sizeof(temperature))
strcpy((char*)&temperature, argv[8]);
else
show_usage(argv[0]);
if (strcmp(argv[9], "-d") == 0)
if (strcmp(argv[9], "-d") == 0 && strlen(argv[10]) < sizeof(device))
strcpy((char*)&device, argv[10]);
else
show_usage(argv[0]);
+6 -3
View File
@@ -36,6 +36,7 @@
#ifndef CHAR_BIT
#include <sys/limits.h>
#endif /* !CHAR_BIT*/
#include <sys/proc.h>
#define NO_THREAD_LS
#define NO_ATTRIBUTE_CONSTRUCTOR
@@ -80,20 +81,22 @@ extern struct malloc_type M_WOLFSSL[1];
#if defined(WOLFSSL_BSDKM_MEMORY_DEBUG)
#define XMALLOC(s, h, t) ({ \
(void)(h); (void)(t); \
void * _ptr = malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO); \
int _wait_flag = curthread->td_critnest == 0 ? M_WAITOK : M_NOWAIT; \
void * _ptr = malloc((s), M_WOLFSSL, _wait_flag | M_ZERO); \
printf("info: malloc: %p, M_WOLFSSL, %zu\n", _ptr, (size_t) s); \
(void *)_ptr; \
})
#define XFREE(p, h, t) ({ \
void* _xp; (void)(h); (void)(t); _xp = (p); \
printf("info: free: %p, M_WOLFSSL\n", p); \
printf("info: free: %p, M_WOLFSSL\n", _xp); \
if(_xp) free(_xp, M_WOLFSSL); \
})
#else
#define XMALLOC(s, h, t) ({ \
(void)(h); (void)(t); \
void * _ptr = malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO); \
int _wait_flag = curthread->td_critnest == 0 ? M_WAITOK : M_NOWAIT; \
void * _ptr = malloc((s), M_WOLFSSL, _wait_flag | M_ZERO); \
(void *)_ptr; \
})
+15 -10
View File
@@ -249,15 +249,14 @@ static int wolfkmod_load(void)
error = wolfkmod_init();
if (error != 0) {
return (ECANCELED);
goto wolfkmod_load_out;
}
#ifndef NO_CRYPT_TEST
error = wolfcrypt_test(NULL);
if (error != 0) {
printf("error: wolfcrypt test failed: %d\n", error);
(void)wolfkmod_cleanup();
return (ECANCELED);
goto wolfkmod_load_out;
}
printf("info: wolfCrypt self-test passed.\n");
#endif /* NO_CRYPT_TEST */
@@ -266,15 +265,19 @@ static int wolfkmod_load(void)
error = benchmark_test(NULL);
if (error != 0) {
printf("error: wolfcrypt benchmark failed: %d\n", error);
(void)wolfkmod_cleanup();
return (ECANCELED);
goto wolfkmod_load_out;
}
printf("info: wolfCrypt benchmark passed.\n");
#endif /* WOLFSSL_KERNEL_BENCHMARKS */
printf("info: libwolfssl loaded\n");
return (0);
wolfkmod_load_out:
if (error != 0) {
(void)wolfkmod_cleanup();
error = ECANCELED;
}
return (error);
}
static int wolfkmod_unload(void)
@@ -435,7 +438,8 @@ static int wolfkdriv_attach(device_t dev)
ret = wolfkmod_init();
if (ret != 0) {
return (ECANCELED);
error = ECANCELED;
goto attach_out;
}
/**
@@ -452,7 +456,8 @@ static int wolfkdriv_attach(device_t dev)
if (softc->crid < 0) {
device_printf(dev, "error: crypto_get_driverid failed: %d\n",
softc->crid);
return (ENXIO);
error = ENXIO;
goto attach_out;
}
/*
@@ -487,7 +492,7 @@ static int wolfkdriv_attach(device_t dev)
attach_out:
if (error) {
wolfkdriv_unregister(softc);
error = ENXIO;
(void)wolfkmod_cleanup();
}
return (error);
+3 -3
View File
@@ -29,13 +29,13 @@
#include <machine/pcb.h>
struct wolfkmod_fpu_state_t {
volatile lwpid_t td_tid;
volatile u_int nest;
volatile lwpid_t td_tid; /* the thread currently using fpu. */
volatile u_int nest; /* the fpu nesting level. */
};
typedef struct wolfkmod_fpu_state_t wolfkmod_fpu_state_t;
/* fpu_states array tracks thread id and nesting level of save/restore
/* The fpu_states array tracks thread id and nesting level of save/restore
* and push/pop vector registers macro calls. It is indexed by raw cpu id,
* and only accessed after the thread calls fpu_kern_enter(), and before
* calling fpu_kern_leave(), and only indexed by the thread's PCPU_GET(cpuid).
+83 -13
View File
@@ -1432,6 +1432,11 @@ then
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-ppc32-asm])
fi
if test "$enable_ppc64_asm" = "no"
then
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-ppc64-asm])
fi
case "$host_cpu" in
*x86_64*|*amd64*)
if test "$enable_intelasm" = ""
@@ -1462,6 +1467,10 @@ then
fi
;;
*powerpc64*)
if test "$enable_ppc64_asm" = ""
then
enable_ppc64_asm=yes
fi
;;
*powerpc*)
if test "$enable_ppc32_asm" = ""
@@ -1513,6 +1522,7 @@ then
test "$enable_hkdf" = "" && enable_hkdf=yes
test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
test "$enable_psk" = "" && enable_psk=yes
test "$enable_cmac" = "" && enable_cmac=yes
test "$enable_cmac_kdf" = "" && enable_cmac_kdf=yes
@@ -1580,13 +1590,12 @@ then
test "$enable_aessiv" = "" && enable_aessiv=yes
# AFALG lacks AES-EAX
test "$enable_aeseax" = "" && test "$enable_afalg" != "yes" && enable_aeseax=yes
test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
if test "$KERNEL_MODE_DEFAULTS" != "yes"
then
test "$enable_cryptocb" = "" && enable_cryptocb=yes
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
fi
fi
@@ -3859,7 +3868,7 @@ do
# FSL, FSR, FSRI, CMOV, CMIX - QEMU doesn't know about these instructions
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION_TERNARY"
;;
zkn|zkned)
zkned)
# AES encrypt/decrpyt, SHA-2
ENABLED_RISCV_ASM=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_SCALAR_CRYPTO_ASM"
@@ -3934,21 +3943,70 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM"
AC_MSG_NOTICE([32-bit PowerPC assembly for SHA-256])
ENABLED_PPC32_ASM=yes
if test "$ENABLED_PPC32_ASM_INLINE" = "yes" || test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_INLINE"
else
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM"
fi
if test "$ENABLED_PPC32_ASM_SMALL" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
fi
if test "$ENABLED_PPC32_ASM_SPE" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SPE"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SPE"
fi
fi
if test "$ENABLED_PPC32_ASM_INLINE" = "yes" || test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_INLINE"
# PPC64 Assembly
AC_ARG_ENABLE([ppc64-asm],
[AS_HELP_STRING([--enable-ppc64-asm],[Enable wolfSSL PowerPC 64-bit ASM support (default: disabled).])],
[ ENABLED_PPC64_ASM=$enableval ],
[ ENABLED_PPC64_ASM=no ]
)
if test "$ENABLED_PPC64_ASM" != "no" && test "$ENABLED_ASM" = "yes"
then
ENABLED_PPC64_ASM_OPTS=$ENABLED_PPC64_ASM
for v in `echo $ENABLED_PPC64_ASM_OPTS | tr "," " "`
do
case $v in
yes)
;;
inline)
ENABLED_PPC64_ASM_INLINE=yes
;;
inline-reg)
ENABLED_PPC64_ASM_INLINE_REG=yes
;;
small)
ENABLED_PPC64_ASM_SMALL=yes
;;
*)
AC_MSG_ERROR([Invalid RISC-V option [yes,inline,small]: $ENABLED_PPC64_ASM.])
break
;;
esac
done
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
AC_MSG_NOTICE([64-bit PowerPC assembly for AES])
ENABLED_PPC64_ASM=yes
fi
if test "$ENABLED_PPC64_ASM_INLINE" = "yes" || test "$ENABLED_PPC64_ASM_INLINE_REG" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC64_ASM_INLINE"
else
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC64_ASM"
fi
if test "$ENABLED_PPC32_ASM_SMALL" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
fi
if test "$ENABLED_PPC32_ASM_SPE" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SPE"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SPE"
if test "$ENABLED_PPC64_ASM_SMALL" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC64_ASM_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC64_ASM_SMALL"
fi
# Xilinx hardened crypto
AC_ARG_ENABLE([xilinx],
[AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
@@ -12219,6 +12277,9 @@ AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"])
AM_CONDITIONAL([BUILD_PPC32_ASM],[test "x$ENABLED_PPC32_ASM" = "xyes"])
AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE],[test "x$ENABLED_PPC32_ASM_INLINE" = "xyes"])
AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE_REG],[test "x$ENABLED_PPC32_ASM_INLINE_REG" = "xyes"])
AM_CONDITIONAL([BUILD_PPC64_ASM],[test "x$ENABLED_PPC64_ASM" = "xyes"])
AM_CONDITIONAL([BUILD_PPC64_ASM_INLINE],[test "x$ENABLED_PPC64_ASM_INLINE" = "xyes"])
AM_CONDITIONAL([BUILD_PPC64_ASM_INLINE_REG],[test "x$ENABLED_PPC64_ASM_INLINE_REG" = "xyes"])
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
@@ -12925,6 +12986,15 @@ then
ENABLED_PPC32_ASM="inline C Reg"
fi
echo " * PPC32 ASM $ENABLED_PPC32_ASM"
if test "$ENABLED_PPC64_ASM_INLINE" = "yes"
then
ENABLED_PPC64_ASM="inline C"
fi
if test "$ENABLED_PPC64_ASM_INLINE_REG" = "yes"
then
ENABLED_PPC64_ASM="inline C Reg"
fi
echo " * PPC64 ASM $ENABLED_PPC64_ASM"
echo " * Write duplicate: $ENABLED_WRITEDUP"
echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
echo " * C89: $ENABLED_C89"
@@ -51,6 +51,23 @@ extern "C" {
#define HAVE_WOLFSSL_SSL_H
#define OPENSSL_COMPATIBLE_DEFAULTS
/* No-socket embedded builds still compile IP SAN helpers through OPENSSL_ALL.
* Provide local address-conversion stubs when the platform has no socket API. */
#ifdef WOLFSSL_NO_SOCK
#ifndef WOLFSSL_IP4
#define WOLFSSL_IP4 2
#endif
#ifndef WOLFSSL_IP6
#define WOLFSSL_IP6 10
#endif
#ifndef XINET_PTON
#define XINET_PTON(a,b,c) 0
#endif
#ifndef XINET_NTOP
#define XINET_NTOP(a,b,c,d) NULL
#endif
#endif
/* Avoid old name conflicts */
#define NO_OLD_RNGNAME
#define NO_OLD_WC_NAMES
+18
View File
@@ -57,6 +57,24 @@ $ sudo modprobe libwolfssl
| `--enable-intelasm` | x86/amd64 crypto acceleration |
| `--enable-cryptonly` | Omit TLS/DTLS implementation (normally recommended) |
### Enabling DTLS 1.3 in the kernel module
`--enable-linuxkm` does not implicitly enable TLS 1.3 or DTLS, so the DTLS 1.3
configure check (`configure.ac:5634-5636`) requires all three flags to be
passed explicitly:
```sh
./configure --enable-linuxkm \
--enable-tls13 --enable-dtls --enable-dtls13 \
--with-linux-source=/lib/modules/$(uname -r)/build
make -j$(nproc) module
```
The resulting `linuxkm/libwolfssl.ko` exports the DTLS 1.3 entry points
(`wolfDTLSv1_3_client_method`, `wolfDTLSv1_3_server_method`, etc.) as GPL
kernel symbols, available to other in-kernel consumers via
`EXPORT_SYMBOL_GPL`.
### Additional configuration options for verification, performance evaluation, and troubleshooting
| option | description |
+14 -11
View File
@@ -167,13 +167,14 @@
#ifndef WC_LINUXKM_INTR_SIGNALS
#define WC_LINUXKM_INTR_SIGNALS { SIGKILL, SIGABRT, SIGHUP, SIGINT }
#endif
extern int wc_linuxkm_sig_ignore_begin(void);
extern int wc_linuxkm_sig_ignore_end(void);
extern int wc_linuxkm_check_for_intr_signals(void);
WOLFSSL_API int wc_linuxkm_can_block(void);
WOLFSSL_API int wc_linuxkm_sig_ignore_begin(void);
WOLFSSL_API int wc_linuxkm_sig_ignore_end(void);
WOLFSSL_API int wc_linuxkm_check_for_intr_signals(void);
#ifndef WC_LINUXKM_MAX_NS_WITHOUT_YIELD
#define WC_LINUXKM_MAX_NS_WITHOUT_YIELD 1000000000
#endif
extern void wc_linuxkm_relax_long_loop(void);
WOLFSSL_API void wc_linuxkm_relax_long_loop(void);
#ifndef WC_SIG_IGNORE_BEGIN
#define WC_SIG_IGNORE_BEGIN() wc_linuxkm_sig_ignore_begin()
@@ -1221,6 +1222,7 @@
typeof(wc_lkm_LockMutex) *wc_lkm_LockMutex;
#endif
typeof(wc_linuxkm_can_block) *wc_linuxkm_can_block;
typeof(wc_linuxkm_sig_ignore_begin) *wc_linuxkm_sig_ignore_begin;
typeof(wc_linuxkm_sig_ignore_end) *wc_linuxkm_sig_ignore_end;
typeof(wc_linuxkm_check_for_intr_signals) *wc_linuxkm_check_for_intr_signals;
@@ -1521,8 +1523,9 @@
wolfssl_spin_unlock_irqrestore_rt((lock), (flags))
#endif
#define wc_linuxkm_sig_ignore_begin WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_begin);
#define wc_linuxkm_sig_ignore_end WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_end);
#define wc_linuxkm_can_block WC_PIE_INDIRECT_SYM(wc_linuxkm_can_block)
#define wc_linuxkm_sig_ignore_begin WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_begin)
#define wc_linuxkm_sig_ignore_end WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_end)
#define wc_linuxkm_check_for_intr_signals WC_PIE_INDIRECT_SYM(wc_linuxkm_check_for_intr_signals)
#define wc_linuxkm_relax_long_loop WC_PIE_INDIRECT_SYM(wc_linuxkm_relax_long_loop)
@@ -1905,21 +1908,21 @@
#endif
#else /* !WC_LINUXKM_USE_HEAP_WRAPPERS */
#ifdef USE_KVMALLOC
#define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
#define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(7, 2, 0)
#define free(ptr) (preempt_count() == 0 ? kvfree(ptr) : kvfree_atomic(ptr))
#define free(ptr) (wc_linuxkm_can_block() ? kvfree(ptr) : kvfree_atomic(ptr))
#else
#define free(ptr) kvfree(ptr)
#endif
#ifdef USE_KVREALLOC
#define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
#define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC))
#else
#define realloc(ptr, newsize) ((void)(ptr), (void)(newsize), NULL)
#endif
#else
#define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
#define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC))
#define free(ptr) kfree(ptr)
#define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
#define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC))
#endif
#endif /* !WC_LINUXKM_USE_HEAP_WRAPPERS */
+15 -12
View File
@@ -89,37 +89,40 @@
#include <crypto/dh.h>
#define WOLFKM_DH_NAME ("dh")
#define WOLFKM_DH_DRIVER ("dh" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
#define WOLFKM_DH_DRIVER_ISA_EXT "-avx2"
#else
#define WOLFKM_DH_DRIVER_ISA_EXT ""
#endif
#define WOLFKM_DH_DRIVER_SUFFIX WOLFKM_DH_DRIVER_ISA_EXT \
WOLFKM_DRIVER_SUFFIX_BASE
#define WOLFKM_DH_DRIVER ("dh" WOLFKM_DH_DRIVER_SUFFIX)
#ifdef HAVE_FFDHE_2048
#define WOLFKM_FFDHE2048_NAME ("ffdhe2048(dh)")
#define WOLFKM_FFDHE2048_DRIVER ("ffdhe2048" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_FFDHE2048_DRIVER ("ffdhe2048" WOLFKM_DH_DRIVER_SUFFIX)
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
#define WOLFKM_FFDHE3072_NAME ("ffdhe3072(dh)")
#define WOLFKM_FFDHE3072_DRIVER ("ffdhe3072" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_FFDHE3072_DRIVER ("ffdhe3072" WOLFKM_DH_DRIVER_SUFFIX)
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
#define WOLFKM_FFDHE4096_NAME ("ffdhe4096(dh)")
#define WOLFKM_FFDHE4096_DRIVER ("ffdhe4096" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_FFDHE4096_DRIVER ("ffdhe4096" WOLFKM_DH_DRIVER_SUFFIX)
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
#define WOLFKM_FFDHE6144_NAME ("ffdhe6144(dh)")
#define WOLFKM_FFDHE6144_DRIVER ("ffdhe6144" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_FFDHE6144_DRIVER ("ffdhe6144" WOLFKM_DH_DRIVER_SUFFIX)
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
#define WOLFKM_FFDHE8192_NAME ("ffdhe8192(dh)")
#define WOLFKM_FFDHE8192_DRIVER ("ffdhe8192" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_FFDHE8192_DRIVER ("ffdhe8192" WOLFKM_DH_DRIVER_SUFFIX)
#endif /* HAVE_FFDHE_8192 */
static int linuxkm_test_kpp_driver(const char * driver,
+12 -7
View File
@@ -63,19 +63,24 @@
#include <wolfssl/wolfcrypt/ecc.h>
#include <crypto/ecdh.h>
#define WOLFKM_ECDH_DRIVER ("ecdh-wolfcrypt")
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
#define WOLFKM_ECDH_DRIVER_ISA_EXT "-avx2"
#else
#define WOLFKM_ECDH_DRIVER_ISA_EXT ""
#endif
#define WOLFKM_ECDH_DRIVER_SUFFIX WOLFKM_ECDH_DRIVER_ISA_EXT \
WOLFKM_DRIVER_SUFFIX_BASE
#define WOLFKM_ECDH_DRIVER ("ecdh" WOLFKM_ECDH_DRIVER_SUFFIX)
#define WOLFKM_ECDH_P192_NAME ("ecdh-nist-p192")
#define WOLFKM_ECDH_P192_DRIVER ("ecdh-nist-p192" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDH_P192_DRIVER ("ecdh-nist-p192" WOLFKM_ECDH_DRIVER_SUFFIX)
#define WOLFKM_ECDH_P256_NAME ("ecdh-nist-p256")
#define WOLFKM_ECDH_P256_DRIVER ("ecdh-nist-p256" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDH_P256_DRIVER ("ecdh-nist-p256" WOLFKM_ECDH_DRIVER_SUFFIX)
#define WOLFKM_ECDH_P384_NAME ("ecdh-nist-p384")
#define WOLFKM_ECDH_P384_DRIVER ("ecdh-nist-p384" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDH_P384_DRIVER ("ecdh-nist-p384" WOLFKM_ECDH_DRIVER_SUFFIX)
static int linuxkm_test_ecdh_nist_driver(const char * driver,
const byte * b_pub,
+13 -9
View File
@@ -82,23 +82,27 @@
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/ecc.h>
#define WOLFKM_ECDSA_DRIVER ("ecdsa-wolfcrypt")
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
#define WOLFKM_ECDSA_DRIVER_ISA_EXT "-avx2"
#else
#define WOLFKM_ECDSA_DRIVER_ISA_EXT ""
#endif
#define WOLFKM_ECDSA_DRIVER_SUFFIX WOLFKM_ECDSA_DRIVER_ISA_EXT \
WOLFKM_DRIVER_SUFFIX_BASE
#define WOLFKM_ECDSA_DRIVER ("ecdsa" WOLFKM_ECDSA_DRIVER_SUFFIX)
#define WOLFKM_ECDSA_P192_NAME ("ecdsa-nist-p192")
#define WOLFKM_ECDSA_P192_DRIVER ("ecdsa-nist-p192" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDSA_P192_DRIVER ("ecdsa-nist-p192" WOLFKM_ECDSA_DRIVER_SUFFIX)
#define WOLFKM_ECDSA_P256_NAME ("ecdsa-nist-p256")
#define WOLFKM_ECDSA_P256_DRIVER ("ecdsa-nist-p256" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDSA_P256_DRIVER ("ecdsa-nist-p256" WOLFKM_ECDSA_DRIVER_SUFFIX)
#define WOLFKM_ECDSA_P384_NAME ("ecdsa-nist-p384")
#define WOLFKM_ECDSA_P384_DRIVER ("ecdsa-nist-p384" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDSA_P384_DRIVER ("ecdsa-nist-p384" WOLFKM_ECDSA_DRIVER_SUFFIX)
#define WOLFKM_ECDSA_P521_NAME ("ecdsa-nist-p521")
#define WOLFKM_ECDSA_P521_DRIVER ("ecdsa-nist-p521" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDSA_P521_DRIVER ("ecdsa-nist-p521" WOLFKM_ECDSA_DRIVER_SUFFIX)
static int linuxkm_test_ecdsa_nist_driver(const char * driver,
+19 -18
View File
@@ -99,45 +99,46 @@
#include <wolfssl/wolfcrypt/rsa.h>
#define WOLFKM_RSA_NAME ("rsa")
#define WOLFKM_RSA_DRIVER ("rsa" WOLFKM_DRIVER_FIPS "-wolfcrypt")
#if defined(WOLFSSL_SP_X86_64_ASM) && !defined(NO_AVX2_SUPPORT)
#define WOLFKM_RSA_DRIVER_ISA_EXT "-avx2"
#else
#define WOLFKM_RSA_DRIVER_ISA_EXT ""
#endif
#define WOLFKM_RSA_DRIVER_SUFFIX WOLFKM_RSA_DRIVER_ISA_EXT \
WOLFKM_DRIVER_SUFFIX_BASE
#define WOLFKM_RSA_DRIVER ("rsa" WOLFKM_RSA_DRIVER_SUFFIX)
#if defined(LINUXKM_AKCIPHER_NO_SIGNVERIFY)
/* the akcipher alg */
#define WOLFKM_PKCS1PAD_NAME ("pkcs1pad(rsa)")
#define WOLFKM_PKCS1PAD_DRIVER ("pkcs1pad(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt)")
#define WOLFKM_PKCS1PAD_NAME "pkcs1pad(rsa)"
#define WOLFKM_PKCS1PAD_DRIVER "pkcs1pad-rsa" WOLFKM_RSA_DRIVER_SUFFIX
#endif /* LINUXKM_AKCIPHER_NO_SIGNVERIFY */
/*
* pkcs1 sign verify alg names
* */
#define WOLFKM_PKCS1_SHA224_NAME (PKCS1_NAME "(rsa,sha224)")
#define WOLFKM_PKCS1_SHA224_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt,sha224)")
#define WOLFKM_PKCS1_SHA224_DRIVER ("pkcs1pad-rsa-sha224" WOLFKM_RSA_DRIVER_SUFFIX)
#define WOLFKM_PKCS1_SHA256_NAME (PKCS1_NAME "(rsa,sha256)")
#define WOLFKM_PKCS1_SHA256_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt,sha256)")
#define WOLFKM_PKCS1_SHA256_DRIVER ("pkcs1pad-rsa-sha256" WOLFKM_RSA_DRIVER_SUFFIX)
#define WOLFKM_PKCS1_SHA384_NAME (PKCS1_NAME "(rsa,sha384)")
#define WOLFKM_PKCS1_SHA384_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt,sha384)")
#define WOLFKM_PKCS1_SHA384_DRIVER ("pkcs1pad-rsa-sha384" WOLFKM_RSA_DRIVER_SUFFIX)
#define WOLFKM_PKCS1_SHA512_NAME (PKCS1_NAME "(rsa,sha512)")
#define WOLFKM_PKCS1_SHA512_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt,sha512)")
#define WOLFKM_PKCS1_SHA512_DRIVER ("pkcs1pad-rsa-sha512" WOLFKM_RSA_DRIVER_SUFFIX)
#define WOLFKM_PKCS1_SHA3_256_NAME (PKCS1_NAME "(rsa,sha3-256)")
#define WOLFKM_PKCS1_SHA3_256_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt,sha3-256)")
#define WOLFKM_PKCS1_SHA3_256_DRIVER ("pkcs1pad-rsa-sha3-256" WOLFKM_RSA_DRIVER_SUFFIX)
#define WOLFKM_PKCS1_SHA3_384_NAME (PKCS1_NAME "(rsa,sha3-384)")
#define WOLFKM_PKCS1_SHA3_384_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt,sha3-384)")
#define WOLFKM_PKCS1_SHA3_384_DRIVER ("pkcs1pad-rsa-sha3-384" WOLFKM_RSA_DRIVER_SUFFIX)
#define WOLFKM_PKCS1_SHA3_512_NAME (PKCS1_NAME "(rsa,sha3-512)")
#define WOLFKM_PKCS1_SHA3_512_DRIVER (PKCS1_NAME "(rsa" WOLFKM_DRIVER_FIPS \
"-wolfcrypt,sha3-512)")
#define WOLFKM_PKCS1_SHA3_512_DRIVER ("pkcs1pad-rsa-sha3-512" WOLFKM_RSA_DRIVER_SUFFIX)
#if defined(WOLFSSL_KEY_GEN)
#if defined(LINUXKM_DIRECT_RSA)
+4 -4
View File
@@ -1009,7 +1009,7 @@ static volatile int wc_linuxkm_rng_initing_default_bank_flag = 0;
static int linuxkm_affinity_lock(void *arg) {
(void)arg;
if (preempt_count() != 0)
if (! wc_linuxkm_can_block())
return ALREADY_E;
#if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
migrate_disable(); /* this actually makes irq_count() nonzero, so that
@@ -1118,7 +1118,7 @@ static struct wc_rng_bank_inst *linuxkm_get_drbg(struct wc_rng_bank *ctx) {
WC_RNG_BANK_FLAG_CAN_WAIT |
WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST;
if (preempt_count() == 0)
if (wc_linuxkm_can_block())
flags |= WC_RNG_BANK_FLAG_AFFINITY_LOCK;
else
flags |= WC_RNG_BANK_FLAG_NO_VECTOR_OPS;
@@ -1487,7 +1487,7 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
struct wc_rng_bank *ctx;
size_t i;
int n;
int can_sleep = (preempt_count() == 0);
int can_sleep = wc_linuxkm_can_block();
if (len == 0)
return 0;
@@ -1545,7 +1545,7 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
static int wc_crng_reseed(void) {
struct wc_rng_bank *ctx;
int can_sleep = (preempt_count() == 0);
int can_sleep = wc_linuxkm_can_block();
int ret = wc_rng_bank_default_checkout(&ctx);
if (ret) {
+6
View File
@@ -91,6 +91,12 @@
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#ifdef WOLFCRYPT_HAVE_ECCSI
#include <wolfssl/wolfcrypt/eccsi.h>
#endif
#ifdef WOLFCRYPT_HAVE_SAKKE
#include <wolfssl/wolfcrypt/sakke.h>
#endif
#ifdef HAVE_HPKE
#include <wolfssl/wolfcrypt/hpke.h>
#endif
+48 -6
View File
@@ -316,6 +316,13 @@ MODULE_PARM_DESC(rodata_dump_path,
#include "linuxkm/lkcapi_glue.c"
#endif
int wc_linuxkm_can_block(void) {
/* We can't use preemptible() for this, because we need an accurate test
* even in !CONFIG_PREEMPT_COUNT configs where preemptible() is always 0.
*/
return (preempt_count() == 0) && (! irqs_disabled());
}
/* for simplicity, we use a global count to suspend signal processing while any
* thread is running fipsEntry(), wolfCrypt_IntegrityTest_fips(),
* linuxkm_lkcapi_register(), or linuxkm_lkcapi_unregister(). This only affects
@@ -336,7 +343,7 @@ int wc_linuxkm_sig_ignore_end(void) {
int wc_linuxkm_check_for_intr_signals(void) {
static const int intr_signals[] = WC_LINUXKM_INTR_SIGNALS;
if (preempt_count() != 0)
if (! wc_linuxkm_can_block())
return 0;
if (signal_pending(current)) {
int i;
@@ -365,7 +372,7 @@ int wc_linuxkm_check_for_intr_signals(void) {
void wc_linuxkm_relax_long_loop(void) {
#if WC_LINUXKM_MAX_NS_WITHOUT_YIELD >= 0
if (preempt_count() == 0) {
if (wc_linuxkm_can_block()) {
#if (WC_LINUXKM_MAX_NS_WITHOUT_YIELD == 0) || !defined(CONFIG_SCHED_INFO)
cond_resched();
#else
@@ -662,6 +669,11 @@ static int wolfssl_init(void)
}
#endif
#if defined(WC_LINUXKM_USE_HEAP_WRAPPERS) && defined(CONFIG_HAVE_KPROBES)
/* cache the function pointer to find_vm_area(). */
(void)wc_linuxkm_malloc_usable_size(NULL);
#endif
#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
#ifdef CONFIG_MODULE_SIG
if (THIS_MODULE->sig_ok == false) {
@@ -1283,13 +1295,13 @@ static const struct wc_reloc_table_segments seg_map = {
void *wc_linuxkm_malloc(size_t size)
{
return kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE);
return kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE);
}
void wc_linuxkm_free(void *ptr)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(7, 2, 0)
if (preempt_count() == 0)
if (wc_linuxkm_can_block())
kvfree(ptr);
else
kvfree_atomic(ptr);
@@ -1300,12 +1312,41 @@ void wc_linuxkm_free(void *ptr)
void *wc_linuxkm_realloc(void *ptr, size_t newsize)
{
return kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC));
return kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (wc_linuxkm_can_block() ? GFP_KERNEL : GFP_ATOMIC));
}
#ifdef CONFIG_HAVE_KPROBES
#include <linux/vmalloc.h>
#endif
size_t wc_linuxkm_malloc_usable_size(void *ptr)
{
return ksize(ptr);
if ((ptr == NULL) || is_vmalloc_addr(ptr)) {
#ifdef CONFIG_HAVE_KPROBES
static typeof(find_vm_area) *find_vm_area_ptr = NULL;
if (find_vm_area_ptr == NULL) {
if (! wc_linuxkm_can_block())
return 0;
find_vm_area_ptr = my_kallsyms_lookup_name("find_vm_area");
}
if (find_vm_area_ptr == NULL)
return 0;
else if (ptr == NULL)
return 0;
else {
struct vm_struct *vm = find_vm_area_ptr(ptr);
if (vm)
return get_vm_area_size(vm);
else
return 0;
}
#else
return 0;
#endif
}
else {
return ksize(ptr);
}
}
#endif /* WC_LINUXKM_USE_HEAP_WRAPPERS */
@@ -1678,6 +1719,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
#endif
#endif
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_can_block = wc_linuxkm_can_block;
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_sig_ignore_begin = wc_linuxkm_sig_ignore_begin;
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_sig_ignore_end = wc_linuxkm_sig_ignore_end;
wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_check_for_intr_signals = wc_linuxkm_check_for_intr_signals;
+24
View File
@@ -247,6 +247,14 @@ endif !BUILD_ARMASM_INLINE
endif BUILD_ARMASM
endif !BUILD_ARMASM_NEON
if BUILD_PPC64_ASM
if BUILD_PPC64_ASM_INLINE
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm_c.c
else
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm.S
endif !BUILD_PPC64_ASM_INLINE
endif BUILD_PPC64_ASM
if BUILD_AESNI
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
if BUILD_X86_ASM
@@ -512,6 +520,14 @@ endif BUILD_ARMASM
endif !BUILD_ARMASM_NEON
endif BUILD_AES
if BUILD_PPC64_ASM
if BUILD_PPC64_ASM_INLINE
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm_c.c
else
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm.S
endif !BUILD_PPC64_ASM_INLINE
endif BUILD_PPC64_ASM
if BUILD_AESNI
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
if BUILD_X86_ASM
@@ -1390,6 +1406,14 @@ endif !BUILD_ARMASM_INLINE
endif BUILD_ARMASM
endif !BUILD_ARMASM_NEON
if BUILD_PPC64_ASM
if BUILD_PPC64_ASM_INLINE
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm_c.c
else
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc64/ppc64-aes-asm.S
endif !BUILD_PPC64_ASM_INLINE
endif BUILD_PPC64_ASM
if BUILD_AFALG
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_aes.c
endif BUILD_AFALG
+34 -4
View File
@@ -1423,7 +1423,9 @@ static int ExportOptions(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
exp[idx++] = options->acceptState;
exp[idx++] = options->asyncState;
if (type == WOLFSSL_EXPORT_TLS) {
/* Encrypt-Then-MAC state. Historically only serialized for TLS; export
* version 6 and later also serialize it for DTLS. */
if (type == WOLFSSL_EXPORT_TLS || ver > WOLFSSL_EXPORT_VERSION_5) {
#ifdef HAVE_ENCRYPT_THEN_MAC
exp[idx++] = options->disallowEncThenMac;
exp[idx++] = options->encThenMac;
@@ -1502,6 +1504,13 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
}
break;
case WOLFSSL_EXPORT_VERSION_5:
if (len < DTLS_EXPORT_OPT_SZ_5) {
WOLFSSL_MSG("Sanity check on buffer size failed");
return BAD_FUNC_ARG;
}
break;
case WOLFSSL_EXPORT_VERSION_4:
if (len < DTLS_EXPORT_OPT_SZ_4) {
WOLFSSL_MSG("Sanity check on buffer size failed");
@@ -1628,7 +1637,9 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
options->acceptState = exp[idx++];
options->asyncState = exp[idx++];
if (type == WOLFSSL_EXPORT_TLS) {
/* Encrypt-Then-MAC state. Historically only serialized for TLS; export
* version 6 and later also serialize it for DTLS. */
if (type == WOLFSSL_EXPORT_TLS || ver > WOLFSSL_EXPORT_VERSION_5) {
#ifdef HAVE_ENCRYPT_THEN_MAC
options->disallowEncThenMac = exp[idx++];
options->encThenMac = exp[idx++];
@@ -1723,8 +1734,8 @@ static int ImportPeerInfo(WOLFSSL* ssl, const byte* buf, word32 len, byte ver)
word16 port;
char ip[MAX_EXPORT_IP];
if (ver != WOLFSSL_EXPORT_VERSION && ver != WOLFSSL_EXPORT_VERSION_4 &&
ver != WOLFSSL_EXPORT_VERSION_3) {
if (ver != WOLFSSL_EXPORT_VERSION && ver != WOLFSSL_EXPORT_VERSION_5 &&
ver != WOLFSSL_EXPORT_VERSION_4 && ver != WOLFSSL_EXPORT_VERSION_3) {
WOLFSSL_MSG("Export version not supported");
return BAD_FUNC_ARG;
}
@@ -1982,6 +1993,15 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
}
break;
case WOLFSSL_EXPORT_VERSION_5:
if (type == WOLFSSL_EXPORT_DTLS) {
optSz = DTLS_EXPORT_OPT_SZ_5;
}
else {
optSz = TLS_EXPORT_OPT_SZ_5;
}
break;
case WOLFSSL_EXPORT_VERSION_4:
if (type == WOLFSSL_EXPORT_DTLS) {
optSz = DTLS_EXPORT_OPT_SZ_4;
@@ -13696,6 +13716,16 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
continue;
}
/* RFC 9525 Sec. 6.3: a DNS-ID reference identifier is matched only
* against dNSName SAN entries, never uniformResourceIdentifier
* (even when the URI value resembles a ostname). URI-ID matching
* requires scheme and host parsing (RFC 9525 Sec. 6.5, Sec. 7.2). */
if (!isIP && altName->type == ASN_URI_TYPE) {
WOLFSSL_MSG("\tAltName is uniformResourceIdentifier, "
"skipping for DNS hostname");
continue;
}
if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) {
match = 1;
if (checkCN != NULL) {
+22 -19
View File
@@ -776,7 +776,8 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
single = bs->single;
while (single != NULL) {
if (single->status != NULL && id->status != NULL &&
(XMEMCMP(single->status->serial, id->status->serial,
(single->status->serialSz == id->status->serialSz)
&& (XMEMCMP(single->status->serial, id->status->serial,
(size_t)single->status->serialSz) == 0)
&& (XMEMCMP(single->issuerHash, id->issuerHash, OCSP_DIGEST_SIZE) == 0)
&& (XMEMCMP(single->issuerKeyHash, id->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) {
@@ -1270,7 +1271,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
int length = 0;
int ret;
if (data == NULL)
if (data == NULL || *data == NULL || len <= 0)
return NULL;
if (response != NULL)
@@ -1283,30 +1284,27 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
XMEMSET(resp, 0, sizeof(OcspResponse));
}
if (resp->source != NULL)
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
resp->source = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (resp->source == NULL) {
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
return NULL;
if (resp->source == NULL)
goto error;
if (resp->single != NULL) {
FreeOcspEntry(resp->single, NULL);
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
}
resp->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
DYNAMIC_TYPE_OCSP_ENTRY);
if (resp->single == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
return NULL;
}
if (resp->single == NULL)
goto error;
XMEMSET(resp->single, 0, sizeof(OcspEntry));
resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
DYNAMIC_TYPE_OCSP_STATUS);
if (resp->single->status == NULL)
goto error;
resp->single->ownStatus = 1;
if (resp->single->status == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
return NULL;
}
XMEMSET(resp->single->status, 0, sizeof(CertStatus));
XMEMCPY(resp->source, *data, (size_t)len);
resp->maxIdx = (word32)len;
@@ -1314,8 +1312,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
if (ret != 0 && ret != WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E)) {
/* for just converting from a DER to an internal structure the CA may
* not yet be known to this function for signature verification */
wolfSSL_OCSP_RESPONSE_free(resp);
return NULL;
goto error;
}
if (GetSequence(*data, &idx, &length, (word32)len) >= 0)
@@ -1325,6 +1322,12 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
*response = resp;
return resp;
error:
wolfSSL_OCSP_RESPONSE_free(resp);
if (response != NULL && *response == resp)
*response = NULL;
return NULL;
}
int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
+167 -7
View File
@@ -292,11 +292,10 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
#endif
#endif
#if defined(OPENSSL_EXTRA) && \
((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
(!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
(defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN)))
#if !defined(NO_FILESYSTEM)
#if !defined(NO_FILESYSTEM) && \
((defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN) && \
!defined(NO_PWDBASED)) || \
defined(WOLFSSL_DH_EXTRA))
/* Write the DER data as PEM into file pointer.
*
* @param [in] der Buffer containing DER data.
@@ -326,8 +325,9 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif
#endif
#endif /* !NO_FILESYSTEM &&
* ((OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED) ||
* WOLFSSL_DH_EXTRA) */
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_PEM_TO_DER)
@@ -6282,6 +6282,166 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
}
#endif /* !NO_BIO */
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
!defined(NO_ASN) && !defined(NO_PWDBASED)
/* Writes a public key to a file pointer encoded in PEM format.
*
* @param [in] fp File pointer to write to.
* @param [in] key Public key to write in PEM format.
* @return 1 on success.
* @return 0 on failure.
*/
int wolfSSL_PEM_write_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY* key)
{
int err = 0;
unsigned char* derBuf = NULL;
int derSz = 0;
WOLFSSL_ENTER("wolfSSL_PEM_write_PUBKEY");
if ((fp == XBADFILE) || (key == NULL)) {
WOLFSSL_MSG("Bad Function Arguments");
err = 1;
}
if (!err) {
derSz = wolfSSL_i2d_PUBKEY(key, NULL);
if (derSz <= 0) {
WOLFSSL_MSG("Failed to get DER size for key");
err = 1;
}
}
if (!err) {
unsigned char* tmp;
derBuf = (unsigned char*)XMALLOC((size_t)derSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
WOLFSSL_MSG("Failed to allocate DER buffer");
err = 1;
}
else {
tmp = derBuf;
if (wolfSSL_i2d_PUBKEY(key, &tmp) <= 0) {
WOLFSSL_MSG("Failed to convert key to DER");
err = 1;
}
}
}
/* Write DER buffer to file as PEM. */
if ((!err) && (der_write_to_file_as_pem(derBuf, derSz, fp,
PUBLICKEY_TYPE, NULL) != 1)) {
WOLFSSL_MSG("Failed to write DER to file as PEM");
err = 1;
}
/* Dispose of the DER encoding. */
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_LEAVE("wolfSSL_PEM_write_PUBKEY", err);
return !err;
}
/* Writes a private key to a file pointer encoded in PEM format.
*
* @param [in] fp File pointer to write to.
* @param [in] key Private key to write in PEM format.
* @param [in] cipher Encryption cipher to use. May be NULL.
* @param [in] passwd Password to use when encrypting. May be NULL.
* @param [in] len Length of password.
* @param [in] cb Password callback.
* @param [in] arg Password callback argument.
* @return 1 on success.
* @return 0 on failure.
*/
int wolfSSL_PEM_write_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY* key,
const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len,
wc_pem_password_cb* cb, void* arg)
{
int err = 0;
int type = 0;
unsigned char* derBuf = NULL;
int derSz = 0;
(void)cipher;
(void)passwd;
(void)len;
(void)cb;
(void)arg;
WOLFSSL_ENTER("wolfSSL_PEM_write_PrivateKey");
/* Validate parameters. */
if ((fp == XBADFILE) || (key == NULL)) {
WOLFSSL_MSG("Bad Function Arguments");
err = 1;
}
/* Determine PEM type from key type, mirroring wolfSSL_PEM_read_PrivateKey's
* keyFormat switch. */
if (!err) {
switch (key->type) {
case WC_EVP_PKEY_RSA:
type = PRIVATEKEY_TYPE;
break;
case WC_EVP_PKEY_DSA:
type = DSA_PRIVATEKEY_TYPE;
break;
case WC_EVP_PKEY_EC:
type = ECC_PRIVATEKEY_TYPE;
break;
case WC_EVP_PKEY_DH:
type = DH_PRIVATEKEY_TYPE;
break;
default:
WOLFSSL_MSG("Unknown key type");
err = 1;
break;
}
}
if (!err) {
derSz = wolfSSL_i2d_PrivateKey(key, NULL);
if (derSz <= 0) {
WOLFSSL_MSG("Failed to get DER size for private key");
err = 1;
}
}
if (!err) {
unsigned char* tmp;
derBuf = (unsigned char*)XMALLOC((size_t)derSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
WOLFSSL_MSG("Failed to allocate DER buffer");
err = 1;
}
else {
tmp = derBuf;
if (wolfSSL_i2d_PrivateKey(key, &tmp) <= 0) {
WOLFSSL_MSG("Error encoding private key as DER");
err = 1;
}
}
}
/* Write DER buffer to file as PEM. */
if ((!err) && (der_write_to_file_as_pem(derBuf, derSz, fp, type,
NULL) != 1)) {
WOLFSSL_MSG("Error writing DER to file as PEM");
err = 1;
}
/* Dispose of the DER encoding. */
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_LEAVE("wolfSSL_PEM_write_PrivateKey", err);
return !err;
}
#endif /* !NO_FILESYSTEM && !NO_CERTS && OPENSSL_EXTRA && !NO_ASN &&
* !NO_PWDBASED */
#ifndef NO_BIO
/* Create a private key object from the data in the BIO.
*
+24 -6
View File
@@ -12978,44 +12978,62 @@ int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode)
size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count)
{
byte len = 0;
byte const * src;
WOLFSSL_ENTER("wolfSSL_get_finished");
if (!ssl || !buf || count < TLS_FINISHED_SZ) {
if (!ssl || !buf) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (ssl->options.side == WOLFSSL_SERVER_END) {
src = ssl->serverFinished;
len = ssl->serverFinished_len;
XMEMCPY(buf, ssl->serverFinished, len);
}
else {
src = ssl->clientFinished;
len = ssl->clientFinished_len;
XMEMCPY(buf, ssl->clientFinished, len);
}
if (count < len) {
WOLFSSL_MSG("Buffer too small");
return WOLFSSL_FAILURE;
}
XMEMCPY(buf, src, len);
return len;
}
size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count)
{
byte len = 0;
byte const * src;
WOLFSSL_ENTER("wolfSSL_get_peer_finished");
if (!ssl || !buf || count < TLS_FINISHED_SZ) {
if (!ssl || !buf) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (ssl->options.side == WOLFSSL_CLIENT_END) {
src = ssl->serverFinished;
len = ssl->serverFinished_len;
XMEMCPY(buf, ssl->serverFinished, len);
}
else {
src = ssl->clientFinished;
len = ssl->clientFinished_len;
XMEMCPY(buf, ssl->clientFinished, len);
}
if (count < len) {
WOLFSSL_MSG("Buffer too small");
return WOLFSSL_FAILURE;
}
XMEMCPY(buf, src, len);
return len;
}
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
+201 -124
View File
@@ -945,10 +945,20 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT);
return NULL;
}
a->length = (int)x509->pathLength;
/* RFC 5280 4.2.1.9: only populate pathLen when the
* pathLenConstraint field was actually present. When it is
* absent no limit is imposed, and pathlen must remain NULL so
* it is distinguishable from a pathLenConstraint of 0. */
if (x509->basicConstPlSet) {
a->length = (int)x509->pathLength;
/* Save ASN1_INTEGER in x509 extension */
ext->obj->pathlen = a;
/* Save ASN1_INTEGER in x509 extension */
ext->obj->pathlen = a;
}
else {
wolfSSL_ASN1_INTEGER_free(a);
ext->obj->pathlen = NULL;
}
ext->obj->ca = x509->isCa;
break;
@@ -1234,6 +1244,136 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
return WOLFSSL_SUCCESS;
}
/* Handle WC_NID_subject_alt_name for wolfSSL_X509_add_ext: iterate the
* GENERAL_NAME stack on the extension and add each entry to x509->altNames.
* Only types whose union member is WOLFSSL_ASN1_STRING* (DNS/RFC822/URI/IP/
* IA5) are read via gn->d.ia5; ASN_OTHER_TYPE is handled via SetOthername.
* Other types (DIRNAME/RID/X400/EDIPARTY) are rejected to avoid the
* type-confused union access that would XMEMCPY from a wild pointer in
* wolfSSL_X509_add_altname_ex. */
static int wolfssl_x509_add_subj_alt_name_ext(WOLFSSL_X509 *x509,
WOLFSSL_X509_EXTENSION *ext)
{
WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
while (gns) {
WOLFSSL_GENERAL_NAME* gn = gns->data.gn;
if ((gn != NULL) && (gn->type == ASN_OTHER_TYPE)) {
char *buf = NULL;
int ret = 0;
word32 len = 0;
len = SetOthername(gn->d.otherName, NULL);
if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
return WOLFSSL_FAILURE;
}
buf = (char*)XMALLOC(len, x509->heap, DYNAMIC_TYPE_X509_EXT);
if (buf == NULL) {
WOLFSSL_MSG("Couldn't allocate memory for othername");
return WOLFSSL_FAILURE;
}
/* SetOthername() cannot fail; already passed above. */
SetOthername(gn->d.otherName, (byte*)buf);
ret = wolfSSL_X509_add_altname_ex(x509, buf, len,
ASN_OTHER_TYPE);
XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT);
if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed");
return WOLFSSL_FAILURE;
}
}
/* Only types whose union member are WOLFSSL_ASN1_STRING. */
else if (gn == NULL) {
WOLFSSL_MSG("Subject alternative name missing");
return WOLFSSL_FAILURE;
}
else {
if ((gn->type != ASN_RFC822_TYPE && gn->type != ASN_DNS_TYPE &&
gn->type != ASN_URI_TYPE && gn->type != ASN_IP_TYPE &&
gn->type != WOLFSSL_GEN_IA5) || (gn->d.ia5 == NULL)) {
WOLFSSL_MSG("Subject alternative name unsupported "
"GeneralName type or missing name");
return WOLFSSL_FAILURE;
}
if (wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data,
gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to add subject alternative name");
return WOLFSSL_FAILURE;
}
}
gns = gns->next;
}
x509->subjAltNameSet = 1;
x509->subjAltNameCrit = (byte)ext->crit;
return WOLFSSL_SUCCESS;
}
#ifdef WOLFSSL_CUSTOM_OID
/* Handle the default (unrecognized NID) case of wolfSSL_X509_add_ext when
* custom-OID extensions are enabled: copy the extension OID text and value
* into the next free slot in x509->custom_exts, taking ownership of the
* allocations on success. */
static int wolfssl_x509_add_custom_ext(WOLFSSL_X509 *x509,
WOLFSSL_X509_EXTENSION *ext)
{
char *oid = NULL;
byte *val = NULL;
int err = 0;
if ((ext->obj == NULL) || (ext->value.length == 0) ||
(ext->value.data == NULL)) {
WOLFSSL_MSG("Extension has insufficient information.");
return WOLFSSL_FAILURE;
}
if ((x509->customExtCount < 0) ||
(x509->customExtCount >= NUM_CUSTOM_EXT)) {
WOLFSSL_MSG("Bad value for customExtCount.");
return WOLFSSL_FAILURE;
}
/* This is a viable custom extension. */
oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap,
DYNAMIC_TYPE_X509_EXT);
val = (byte*)XMALLOC(ext->value.length, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if ((oid == NULL) || (val == NULL)) {
WOLFSSL_MSG("Memory allocation failure.\n");
err = 1;
}
if (err == 0) {
XMEMCPY(val, ext->value.data, ext->value.length);
if (wolfSSL_OBJ_obj2txt(oid, MAX_OID_STRING_SZ, ext->obj, 1) < 0) {
err = 1;
}
}
if (err == 1) {
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
return WOLFSSL_FAILURE;
}
/* ext->crit is WOLFSSL_ASN1_BOOLEAN */
if (ext->crit != 0 && ext->crit != -1) {
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
return WOLFSSL_FAILURE;
}
/* x509->custom_exts now owns the buffers and they must be managed. */
x509->custom_exts[x509->customExtCount].oid = oid;
x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit;
x509->custom_exts[x509->customExtCount].val = val;
x509->custom_exts[x509->customExtCount].valSz = ext->value.length;
x509->customExtCount++;
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_CUSTOM_OID */
int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
int loc)
{
@@ -1272,49 +1412,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
x509->subjKeyIdCrit = (byte)ext->crit;
break;
case WC_NID_subject_alt_name:
{
WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
while (gns) {
WOLFSSL_GENERAL_NAME* gn = gns->data.gn;
if ((gn != NULL) && (gn->type == ASN_OTHER_TYPE)) {
char *buf = NULL;
int ret = 0;
word32 len = 0;
len = SetOthername(gn->d.otherName, NULL);
if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
return WOLFSSL_FAILURE;
}
buf = (char*)XMALLOC(len, x509->heap, DYNAMIC_TYPE_X509_EXT);
if (buf == NULL) {
WOLFSSL_MSG("Couldn't allocate memory for othername");
return WOLFSSL_FAILURE;
}
/* SetOthername() cannot fail; already passed above. */
SetOthername(gn->d.otherName, (byte*)buf);
ret = wolfSSL_X509_add_altname_ex(x509, buf, len,
ASN_OTHER_TYPE);
XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT);
if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed");
return WOLFSSL_FAILURE;
}
}
else if (!gn || !gn->d.ia5 ||
wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data,
gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Subject alternative name missing extension");
return WOLFSSL_FAILURE;
}
gns = gns->next;
if (wolfssl_x509_add_subj_alt_name_ext(x509, ext) != WOLFSSL_SUCCESS) {
return WOLFSSL_FAILURE;
}
x509->subjAltNameSet = 1;
x509->subjAltNameCrit = (byte)ext->crit;
break;
}
case WC_NID_key_usage:
if (ext && ext->value.data) {
if (ext->value.length == sizeof(word16)) {
@@ -1376,60 +1477,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
break;
default:
#ifdef WOLFSSL_CUSTOM_OID
{
char *oid = NULL;
byte *val = NULL;
int err = 0;
if ((ext->obj == NULL) || (ext->value.length == 0)) {
WOLFSSL_MSG("Extension has insufficient information.");
if (wolfssl_x509_add_custom_ext(x509, ext) != WOLFSSL_SUCCESS) {
return WOLFSSL_FAILURE;
}
if ((x509->customExtCount < 0) ||
(x509->customExtCount >= NUM_CUSTOM_EXT)) {
WOLFSSL_MSG("Bad value for customExtCount.");
return WOLFSSL_FAILURE;
}
/* This is a viable custom extension. */
oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap,
DYNAMIC_TYPE_X509_EXT);
val = (byte*)XMALLOC(ext->value.length, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if ((oid == NULL) || (val == NULL)) {
WOLFSSL_MSG("Memory allocation failure.\n");
err = 1;
}
if (err == 0) {
XMEMCPY(val, ext->value.data, ext->value.length);
if (wolfSSL_OBJ_obj2txt(oid, MAX_OID_STRING_SZ, ext->obj, 1) < 0) {
err = 1;
}
}
if (err == 1) {
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
return WOLFSSL_FAILURE;
}
/* ext->crit is WOLFSSL_ASN1_BOOLEAN */
if (ext->crit != 0 && ext->crit != -1) {
XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
return WOLFSSL_FAILURE;
}
/* x509->custom_exts now owns the buffers and they must be managed. */
x509->custom_exts[x509->customExtCount].oid = oid;
x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit;
x509->custom_exts[x509->customExtCount].val = val;
x509->custom_exts[x509->customExtCount].valSz = ext->value.length;
x509->customExtCount++;
break;
}
#else
WOLFSSL_MSG("Unsupported extension to add");
return WOLFSSL_FAILURE;
@@ -1529,9 +1580,9 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
WOLFSSL_MSG("Memory error");
return rc;
}
valLen = XSNPRINTF(val, (size_t)len, "%*s%s", indent, "",
str->strData);
if ((valLen < 0) || (valLen >= len)
valLen = XSNPRINTF(val, (size_t)len + indent,
"%*s%.*s", indent, "", str->length, str->data);
if ((valLen < 0) || (valLen >= len + indent)
|| ((tmpLen + valLen) >= tmpSz)) {
XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return rc;
@@ -1549,6 +1600,10 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
{
char* asn1str;
asn1str = wolfSSL_i2s_ASN1_STRING(NULL, str);
if (asn1str == NULL) {
WOLFSSL_MSG("wolfSSL_i2s_ASN1_STRING returned NULL");
return rc;
}
tmpLen = XSNPRINTF(tmp, tmpSz, "%*s%s", indent, "", asn1str);
XFREE(asn1str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmpLen >= tmpSz)
@@ -1961,7 +2016,13 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
}
/* Copy pathlen and CA into BASIC_CONSTRAINTS from object */
bc->ca = object->ca;
if (object->pathlen != NULL && object->pathlen->length > 0) {
/* RFC 5280 4.2.1.9:
* "A pathLenConstraint of zero indicates that no non-self-issued
* intermediate CA certificates may follow in a valid
* certification path."
* Check for length of 0 or greater.
*/
if ((object->pathlen != NULL) && (object->pathlen->length >= 0)) {
bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen);
if (bc->pathlen == NULL) {
WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
@@ -2433,27 +2494,31 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
switch (nid) {
case BASIC_CA_OID:
if (x509->basicConstSet) {
WOLFSSL_ASN1_INTEGER* a;
bc = wolfSSL_BASIC_CONSTRAINTS_new();
if (!bc) {
WOLFSSL_MSG("wolfSSL_BASIC_CONSTRAINTS_new error");
return NULL;
}
a = wolfSSL_ASN1_INTEGER_new();
if (!a) {
WOLFSSL_MSG("wolfSSL_ASN1_INTEGER_new error");
wolfSSL_BASIC_CONSTRAINTS_free(bc);
return NULL;
}
a->length = (int)x509->pathLength;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
defined(WOLFSSL_APACHE_HTTPD)
bc->ca = x509->isCa;
#endif
bc->pathlen = a;
/* RFC 5280 4.2.1.9: only populate pathLen when the
* pathLenConstraint field was present. When absent, no limit
* is imposed and pathlen must remain NULL so it is
* distinguishable from a pathLenConstraint of 0. */
if (x509->basicConstPlSet) {
WOLFSSL_ASN1_INTEGER* a = wolfSSL_ASN1_INTEGER_new();
if (a == NULL) {
WOLFSSL_MSG("wolfSSL_ASN1_INTEGER_new error");
wolfSSL_BASIC_CONSTRAINTS_free(bc);
return NULL;
}
a->length = (int)x509->pathLength;
bc->pathlen = a;
}
if (c != NULL) {
*c = x509->basicConstCrit;
}
@@ -2648,14 +2713,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
goto err;
}
/* gn now owned by stack. */
gn = NULL;
/* push DIST_POINT onto stack */
if (wolfSSL_sk_DIST_POINT_push(sk, dp) <= 0) {
WOLFSSL_MSG("Error pushing DIST_POINT onto stack");
goto err;
}
gn = NULL;
/* dp now owned by stack. */
dp = NULL;
}
@@ -5871,8 +5937,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
case GEN_EMAIL:
ret = wolfSSL_BIO_printf(out, "email:");
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
if (ret == WOLFSSL_SUCCESS)
{
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_ASN1_STRING_print(out, gen->d.rfc822Name);
}
break;
@@ -5881,8 +5946,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
ret = wolfSSL_BIO_printf(out, "DNS:");
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_BIO_printf(out, "%s", gen->d.dNSName->strData);
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
ret = wolfSSL_ASN1_STRING_print(out, gen->d.dNSName);
}
break;
@@ -5893,6 +5957,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
case GEN_DIRNAME:
ret = wolfSSL_BIO_printf(out, "DirName:");
ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_X509_NAME_print_ex(out, gen->d.directoryName, 0,
XN_FLAG_ONELINE);
@@ -7094,7 +7159,8 @@ static int X509PrintExtendedKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
EXTKEYUSE_EMAILPROT,
EXTKEYUSE_CODESIGN,
EXTKEYUSE_CLIENT_AUTH,
EXTKEYUSE_SERVER_AUTH
EXTKEYUSE_SERVER_AUTH,
EXTKEYUSE_ANY
};
const char* usageStrs[] = {
"OCSP Signing",
@@ -7102,7 +7168,8 @@ static int X509PrintExtendedKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
"E-mail Protection",
"Code Signing",
"TLS Web Client Authentication",
"TLS Web Server Authentication"
"TLS Web Server Authentication",
"Any Extended Key Usage"
};
if (bio == NULL || x509 == NULL) {
@@ -7483,12 +7550,22 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
ret = WOLFSSL_FAILURE;
break;
}
if ((scratchLen = XSNPRINTF(
scratch, scratchSz,
"%*sCA:%s\n",
indent + 8, "", (x509->isCa)? "TRUE": "FALSE"))
>= scratchSz)
{
/* Match OpenSSL output: print "CA:TRUE"/"CA:FALSE" and append
* ", pathlen:N" only when a pathLenConstraint is present
* (RFC 5280 4.2.1.9). An absent constraint imposes no limit
* and must not be shown as pathlen:0. */
if (x509->basicConstPlSet) {
scratchLen = XSNPRINTF(scratch, scratchSz,
"%*sCA:%s, pathlen:%u\n",
indent + 8, "", (x509->isCa) ? "TRUE" : "FALSE",
(unsigned int)x509->pathLength);
}
else {
scratchLen = XSNPRINTF(scratch, scratchSz,
"%*sCA:%s\n",
indent + 8, "", (x509->isCa) ? "TRUE" : "FALSE");
}
if (scratchLen >= scratchSz) {
ret = WOLFSSL_FAILURE;
break;
}
+435 -6345
View File
File diff suppressed because it is too large Load Diff
+6
View File
@@ -51,13 +51,16 @@ tests_unit_test_SOURCES += tests/api/test_mldsa.c
tests_unit_test_SOURCES += tests/api/test_mldsa_legacy.c
tests_unit_test_SOURCES += tests/api/test_slhdsa.c
tests_unit_test_SOURCES += tests/api/test_signature.c
tests_unit_test_SOURCES += tests/api/test_lms_xmss.c
# TLS Protocol
tests_unit_test_SOURCES += tests/api/test_dtls.c
tests_unit_test_SOURCES += tests/api/test_dtls13.c
# TLS Feature
tests_unit_test_SOURCES += tests/api/test_ocsp.c
tests_unit_test_SOURCES += tests/api/test_evp.c
tests_unit_test_SOURCES += tests/api/test_tls_ext.c
tests_unit_test_SOURCES += tests/api/test_tls.c
tests_unit_test_SOURCES += tests/api/test_session.c
# Certs
tests_unit_test_SOURCES += tests/api/test_x509.c
# ASN
@@ -157,13 +160,16 @@ EXTRA_DIST += tests/api/test_mlkem.h
EXTRA_DIST += tests/api/test_mldsa.h
EXTRA_DIST += tests/api/test_slhdsa.h
EXTRA_DIST += tests/api/test_signature.h
EXTRA_DIST += tests/api/test_lms_xmss.h
EXTRA_DIST += tests/api/test_dtls.h
EXTRA_DIST += tests/api/test_dtls13.h
EXTRA_DIST += tests/api/test_ocsp.h
EXTRA_DIST += tests/api/test_ocsp_test_blobs.h
EXTRA_DIST += tests/api/create_ocsp_test_blobs.py
EXTRA_DIST += tests/api/test_evp.h
EXTRA_DIST += tests/api/test_tls_ext.h
EXTRA_DIST += tests/api/test_tls.h
EXTRA_DIST += tests/api/test_session.h
EXTRA_DIST += tests/api/test_x509.h
EXTRA_DIST += tests/api/test_asn.h
EXTRA_DIST += tests/api/test_pkcs7.h
+664
View File
@@ -31,6 +31,12 @@
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && defined(HAVE_ED25519)
static int test_SetAsymKeyDer_once(byte* privKey, word32 privKeySz, byte* pubKey,
@@ -843,6 +849,19 @@ int test_wolfssl_local_MatchBaseName(void)
"sub.domain.com", 14, ".domain.com", 11), 1);
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
"a.b.domain.com", 14, ".domain.com", 11), 1);
/* Trailing-dot normalization: absolute DNS form is equivalent. */
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
"domain.com.", (int)XSTRLEN("domain.com."),
"domain.com", (int)XSTRLEN("domain.com")), 1);
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
"domain.com", (int)XSTRLEN("domain.com"),
"domain.com.", (int)XSTRLEN("domain.com.")), 1);
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
"domain.com.", (int)XSTRLEN("domain.com."),
"domain.com.", (int)XSTRLEN("domain.com.")), 1);
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
"sub.domain.com.", (int)XSTRLEN("sub.domain.com."),
".domain.com.", (int)XSTRLEN(".domain.com.")), 1);
/* Negative tests - should NOT match */
/* Bug #3: fakedomain.com should NOT match domain.com (no dot boundary) */
@@ -864,6 +883,10 @@ int test_wolfssl_local_MatchBaseName(void)
/* Name starting with dot */
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
".domain.com", 11, "domain.com", 10), 0);
/* More than one trailing dot leaves an empty label after normalization. */
ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE,
"domain.com..", (int)XSTRLEN("domain.com.."),
"domain.com", (int)XSTRLEN("domain.com")), 0);
/*
* Tests for email type (ASN_RFC822_TYPE = 0x01)
@@ -963,6 +986,210 @@ int test_wolfssl_local_MatchBaseName(void)
return EXPECT_RESULT();
}
#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(IGNORE_NAME_CONSTRAINTS)
/* Convenience wrappers so the cases below read as (name, base) pairs and the
* string lengths can't drift out of sync with the literals. */
static int dnsWildPermitted(const char* name, const char* base)
{
return wolfssl_local_MatchDnsConstraintWildcard(name, (int)XSTRLEN(name),
base, (int)XSTRLEN(base), 1);
}
static int dnsWildExcluded(const char* name, const char* base)
{
return wolfssl_local_MatchDnsConstraintWildcard(name, (int)XSTRLEN(name),
base, (int)XSTRLEN(base), 0);
}
static int uriNC(const char* uri, const char* base)
{
return wolfssl_local_MatchUriNameConstraint(uri, (int)XSTRLEN(uri), base,
(int)XSTRLEN(base));
}
#endif
/*
* Tests label-aware matching of a wildcard DNS SAN against a name-constraint
* subtree. The permitted variant must prove containment (every expansion of
* the wildcard stays inside the subtree); the excluded variant must detect
* intersection (some expansion falls inside the subtree). A '*' never crosses
* a label boundary, so the comparison is by label from the right.
*/
int test_wolfssl_local_MatchDnsConstraintWildcard(void)
{
EXPECT_DECLS;
#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(IGNORE_NAME_CONSTRAINTS)
/*
* PERMITTED subtree -- containment. Accept only when EVERY expansion of
* the wildcard is inside the base subtree.
*/
/* Wildcard is an extra label to the left of the base: always contained. */
ExpectIntEQ(dnsWildPermitted("*.example.com", "example.com"), 1);
ExpectIntEQ(dnsWildPermitted("*.sub.example.com", "example.com"), 1);
ExpectIntEQ(dnsWildPermitted("foo*.example.com", "example.com"), 1);
ExpectIntEQ(dnsWildPermitted("a*b.example.com", "example.com"), 1);
/* Case-insensitive on the literal tail labels. */
ExpectIntEQ(dnsWildPermitted("*.EXAMPLE.CoM", "example.com"), 1);
/* Single-label base; the matched tail "com" is literal. */
ExpectIntEQ(dnsWildPermitted("*.example.com", "com"), 1);
/* Leading-dot base requires at least one label before it -- the wildcard
* label satisfies that. */
ExpectIntEQ(dnsWildPermitted("*.example.com", ".example.com"), 1);
ExpectIntEQ(dnsWildPermitted("*.sub.example.com", ".example.com"), 1);
/* Trailing-dot normalization: absolute DNS form is equivalent. */
ExpectIntEQ(dnsWildPermitted("*.example.com.", "example.com"), 1);
ExpectIntEQ(dnsWildPermitted("*.example.com", "example.com."), 1);
ExpectIntEQ(dnsWildPermitted("*.example.com.", "example.com."), 1);
ExpectIntEQ(dnsWildPermitted("*.example.com.", ".example.com."), 1);
/* Wildcard lands on a label that must equal the base: NOT provably
* contained, because the label can expand to something else. */
ExpectIntEQ(dnsWildPermitted("*.example.com", "foo.example.com"), 0);
ExpectIntEQ(dnsWildPermitted("*.example.com.", "foo.example.com"), 0);
ExpectIntEQ(dnsWildPermitted("*.example.com", "foo.example.com."), 0);
ExpectIntEQ(dnsWildPermitted("ex*.com", "example.com"), 0);
ExpectIntEQ(dnsWildPermitted("foo.exa*ple.com", "example.com"), 0);
/* Tail labels do not match the base at all. */
ExpectIntEQ(dnsWildPermitted("*.example.com", "example.org"), 0);
ExpectIntEQ(dnsWildPermitted("*.evil.com", "example.com"), 0);
/* Leading-dot base, but wildcard would have to equal an interior base
* label. */
ExpectIntEQ(dnsWildPermitted("*.example.com", ".sub.example.com"), 0);
/* A bare '*' cannot be proven inside any multi-label-or-single subtree. */
ExpectIntEQ(dnsWildPermitted("*", "com"), 0);
/*
* EXCLUDED subtree -- intersection. Reject when SOME expansion of the
* wildcard falls inside the base subtree. A wildcard label is
* conservatively treated as able to match any single base label.
*/
ExpectIntEQ(dnsWildExcluded("*.example.com", "foo.example.com"), 1);
ExpectIntEQ(dnsWildExcluded("*.example.com.", "foo.example.com"), 1);
ExpectIntEQ(dnsWildExcluded("*.example.com", "foo.example.com."), 1);
ExpectIntEQ(dnsWildExcluded("*.example.com.", "foo.example.com."), 1);
/* Wildcard adds a label on top of the excluded subtree. */
ExpectIntEQ(dnsWildExcluded("*.example.com", "example.com"), 1);
ExpectIntEQ(dnsWildExcluded("*.example.com", "com"), 1);
ExpectIntEQ(dnsWildExcluded("*.example.com", ".example.com"), 1);
/* Wildcard in a non-left label still intersects. */
ExpectIntEQ(dnsWildExcluded("foo.*.example.com", "bar.example.com"), 1);
/* Partial-label wildcard: conservatively excluded even though "ex*"
* cannot actually expand to "foo" (over-rejection, safe). */
ExpectIntEQ(dnsWildExcluded("ex*.example.com", "foo.example.com"), 1);
/* A bare '*' can expand to the apex label of a single-label subtree. */
ExpectIntEQ(dnsWildExcluded("*", "com"), 1);
/* No intersection: literal tail labels differ from the base. */
ExpectIntEQ(dnsWildExcluded("*.example.com", "foo.other.com"), 0);
ExpectIntEQ(dnsWildExcluded("*.other.com", "example.com"), 0);
ExpectIntEQ(dnsWildExcluded("*.example.com", "example.org"), 0);
/* Leading-dot excluded base needs a label before it; the wildcard SAN has
* no room for one, so no expansion reaches the proper subtree. */
ExpectIntEQ(dnsWildExcluded("*.example.com", ".foo.example.com"), 0);
/* Same arity: '*' can expand to the apex label of the base, so the
* wildcard intersects (*.com can be example.com, which is excluded). */
ExpectIntEQ(dnsWildExcluded("*.com", "example.com"), 1);
/* But a base with MORE labels than the name cannot be reached. */
ExpectIntEQ(dnsWildExcluded("*.com", "a.example.com"), 0);
/*
* Error / degenerate inputs (both flags reject).
*/
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard(NULL, 5,
"com", 3, 1), 0);
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard("*.com", 5,
NULL, 3, 1), 0);
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard("*.com", 0,
"com", 3, 1), 0);
ExpectIntEQ(wolfssl_local_MatchDnsConstraintWildcard("*.com", 5,
"com", 0, 1), 0);
/* Name beginning with a dot is invalid. */
ExpectIntEQ(dnsWildPermitted(".x.com", "com"), 0);
ExpectIntEQ(dnsWildExcluded(".x.com", "com"), 0);
/* Base that is only dots collapses to nothing. */
ExpectIntEQ(dnsWildExcluded("*.example.com", "."), 0);
ExpectIntEQ(dnsWildExcluded("*.example.com", ".."), 0);
/* SAN has an empty interior label ("*..com"), but only the right-most
* "com" label overlaps the base "com" -- the empty label sits outside the
* compared suffix, and '*' can expand to any label, so the matcher
* conservatively reports intersection. */
ExpectIntEQ(dnsWildExcluded("*..com", "com"), 1);
#endif /* !NO_CERTS && !NO_ASN && !IGNORE_NAME_CONSTRAINTS */
return EXPECT_RESULT();
}
/*
* Tests URI name-constraint matching (RFC 5280 4.2.1.10): the constraint
* applies to the host portion of the URI. A constraint that does NOT begin
* with a dot is an exact host match; one that begins with a dot matches any
* host with one or more additional leading labels (the bare host is excluded).
*/
int test_wolfssl_local_MatchUriNameConstraint(void)
{
EXPECT_DECLS;
#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(IGNORE_NAME_CONSTRAINTS)
/*
* Exact host match (no leading dot in the constraint).
*/
ExpectIntEQ(uriNC("https://host.com/path", "host.com"), 1);
ExpectIntEQ(uriNC("https://host.com", "host.com"), 1);
ExpectIntEQ(uriNC("https://host.com:8443/x", "host.com"), 1);
ExpectIntEQ(uriNC("ftp://user@host.com/x", "host.com"), 1);
ExpectIntEQ(uriNC("https://HOST.COM", "host.com"), 1);
ExpectIntEQ(uriNC("https://host.com?q=1", "host.com"), 1);
ExpectIntEQ(uriNC("https://host.com#frag", "host.com"), 1);
/* The bug this fix closes: an exact-host constraint must NOT subtree-match
* a sub-host. */
ExpectIntEQ(uriNC("https://www.host.com/", "host.com"), 0);
ExpectIntEQ(uriNC("https://a.b.host.com", "host.com"), 0);
/* Suffix that does not respect a label boundary. */
ExpectIntEQ(uriNC("https://xhost.com", "host.com"), 0);
/* host.com is a prefix of the URI host but not the whole host. */
ExpectIntEQ(uriNC("https://host.com.evil.com", "host.com"), 0);
ExpectIntEQ(uriNC("https://other.com", "host.com"), 0);
/*
* Leading-dot constraint: proper subtree of hosts (apex excluded).
*/
ExpectIntEQ(uriNC("https://www.host.com/", ".host.com"), 1);
ExpectIntEQ(uriNC("https://a.b.host.com", ".host.com"), 1);
ExpectIntEQ(uriNC("https://www.host.com:443", ".host.com"), 1);
/* The bare host is NOT in the leading-dot subtree. */
ExpectIntEQ(uriNC("https://host.com", ".host.com"), 0);
ExpectIntEQ(uriNC("https://evilhost.com", ".host.com"), 0);
/*
* IPv6 literal host extraction ([..]) then exact match.
*/
ExpectIntEQ(uriNC("https://[2001:db8::1]:443/x", "2001:db8::1"), 1);
ExpectIntEQ(uriNC("https://[2001:db8::1]", "2001:db8::2"), 0);
/*
* Malformed / degenerate URIs and inputs (reject).
*/
ExpectIntEQ(uriNC("no-scheme-host.com", "host.com"), 0);
ExpectIntEQ(uriNC("https://", "host.com"), 0);
/* double literal to abide source-check thinking it's a c++ comment */
ExpectIntEQ(uriNC("https://" "/path", "host.com"), 0);
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint(NULL, 10,
"host.com", 8), 0);
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint("https://host.com", 16,
NULL, 8), 0);
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint("https://host.com", 0,
"host.com", 8), 0);
ExpectIntEQ(wolfssl_local_MatchUriNameConstraint("https://host.com", 16,
"host.com", 0), 0);
#endif /* !NO_CERTS && !NO_ASN && !IGNORE_NAME_CONSTRAINTS */
return EXPECT_RESULT();
}
/*
* Testing wc_DecodeRsaPssParams with known DER byte arrays.
* Exercises both WOLFSSL_ASN_TEMPLATE and non-template paths.
@@ -1363,3 +1590,440 @@ int test_wc_DecodeObjectId(void)
return EXPECT_RESULT();
}
#if defined(HAVE_PKCS8) && !defined(NO_ASN) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN)) && \
(defined(HAVE_ED25519) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
defined(WOLFSSL_KEY_GEN)) || \
(defined(HAVE_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1)))
/* Run ToTraditional_ex() on a copy of der and assert the algId, returned
* length, and the inner OCTET STRING tag/length at the start of the
* (in-place rewritten) buffer. */
static int test_ToTraditional_ex_once(const byte* der, word32 derSz,
word32 expectAlgId, word32 expectPrivKeySz)
{
EXPECT_DECLS;
byte* copy = NULL;
word32 algId = 0;
int ret;
copy = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ExpectNotNull(copy);
if (copy != NULL) {
XMEMCPY(copy, der, derSz);
ret = ToTraditional_ex(copy, derSz, &algId);
ExpectIntGT(ret, 0);
ExpectIntEQ(algId, expectAlgId);
if (ret > 0) {
/* wolfSSL writes nested OCTET STRING, but accept raw bytes
* too per RFC 5958. */
if (copy[0] == ASN_OCTET_STRING) {
if (expectPrivKeySz < 0x80) {
ExpectIntEQ(copy[1], (byte)expectPrivKeySz);
}
else if (expectPrivKeySz < 0x100) {
ExpectIntEQ(copy[1], 0x81);
ExpectIntEQ(copy[2], (byte)expectPrivKeySz);
}
else {
ExpectIntEQ(copy[1], 0x82);
ExpectIntEQ(((word32)copy[2] << 8) | copy[3],
expectPrivKeySz);
}
}
else {
ExpectIntEQ(ret, (int)expectPrivKeySz);
}
}
}
XFREE(copy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return EXPECT_RESULT();
}
#endif
/* Hand crafted PKCS#8 v0 and v1 Ed25519 buffers to test parser directly. */
int test_ToTraditional_ex_handcrafted(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS8) && defined(HAVE_ED25519) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
/* Ed25519 algorithm OID body (1.3.101.112). */
static const byte algId[] = { 43, 101, 112 };
const word32 privKeySz = ED25519_KEY_SIZE;
const word32 pubKeySz = ED25519_PUB_KEY_SIZE;
byte der[128];
word32 sz;
word32 outerLenIdx;
/* Filler bytes for the dummy private/public key bodies */
const byte keyPat = 0xCC;
const byte pubPat = 0xDD;
/* v0: SEQ { INTEGER 0, SEQ { OID }, OCTET STRING { OCTET STRING priv } } */
sz = 0;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
outerLenIdx = sz;
der[sz++] = 0; /* outer length, filled in below */
der[sz++] = ASN_INTEGER;
der[sz++] = 1;
der[sz++] = 0x00;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
der[sz++] = (byte)(sizeof(algId) + 2);
der[sz++] = ASN_OBJECT_ID;
der[sz++] = (byte)sizeof(algId);
XMEMCPY(der + sz, algId, sizeof(algId)); sz += sizeof(algId);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)(privKeySz + 2);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)privKeySz;
XMEMSET(der + sz, keyPat, privKeySz); sz += privKeySz;
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
EXPECT_TEST(test_ToTraditional_ex_once(der, sz, ED25519k, privKeySz));
/* v1: same plus [1] publicKey trailer. */
sz = 0;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
outerLenIdx = sz;
der[sz++] = 0;
der[sz++] = ASN_INTEGER;
der[sz++] = 1;
der[sz++] = 0x01;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
der[sz++] = (byte)(sizeof(algId) + 2);
der[sz++] = ASN_OBJECT_ID;
der[sz++] = (byte)sizeof(algId);
XMEMCPY(der + sz, algId, sizeof(algId)); sz += sizeof(algId);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)(privKeySz + 2);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)privKeySz;
XMEMSET(der + sz, keyPat, privKeySz); sz += privKeySz;
/* [1] publicKey trailer */
der[sz++] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY;
der[sz++] = (byte)pubKeySz;
XMEMSET(der + sz, pubPat, pubKeySz); sz += pubKeySz;
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
EXPECT_TEST(test_ToTraditional_ex_once(der, sz, ED25519k, privKeySz));
/* v1 without publicKey: should still accept per RFC 5958. */
sz = 0;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
outerLenIdx = sz;
der[sz++] = 0;
der[sz++] = ASN_INTEGER;
der[sz++] = 1;
der[sz++] = 0x01;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
der[sz++] = (byte)(sizeof(algId) + 2);
der[sz++] = ASN_OBJECT_ID;
der[sz++] = (byte)sizeof(algId);
XMEMCPY(der + sz, algId, sizeof(algId)); sz += sizeof(algId);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)(privKeySz + 2);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)privKeySz;
XMEMSET(der + sz, keyPat, privKeySz); sz += privKeySz;
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
EXPECT_TEST(test_ToTraditional_ex_once(der, sz, ED25519k, privKeySz));
#endif /* HAVE_PKCS8 && HAVE_ED25519 */
return EXPECT_RESULT();
}
/* Encoder/parser round trip: ToTraditional_ex() must accept both forms created
* by SetAsymKeyDer() (v0 with PrivateKeyToDer, v1 with KeyToDer). */
int test_ToTraditional_ex_roundtrip(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS8) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
defined(WOLFSSL_KEY_GEN)
{
ed25519_key key;
WC_RNG rng;
byte der[256];
int derSz = 0;
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&rng, 0, sizeof(rng));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_ed25519_init(&key), 0);
ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
if (EXPECT_SUCCESS()) {
ExpectIntGT(derSz = wc_Ed25519KeyToDer(&key, der, sizeof(der)), 0);
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED25519k,
ED25519_KEY_SIZE));
derSz = wc_Ed25519PrivateKeyToDer(&key, der, sizeof(der));
ExpectIntGT(derSz, 0);
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED25519k,
ED25519_KEY_SIZE));
}
wc_ed25519_free(&key);
wc_FreeRng(&rng);
}
#endif /* HAVE_ED25519 */
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
defined(WOLFSSL_KEY_GEN)
{
ed448_key key;
WC_RNG rng;
byte der[256];
int derSz = 0;
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&rng, 0, sizeof(rng));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_ed448_init(&key), 0);
ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
if (EXPECT_SUCCESS()) {
ExpectIntGT(derSz = wc_Ed448KeyToDer(&key, der, sizeof(der)), 0);
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED448k,
ED448_KEY_SIZE));
derSz = wc_Ed448PrivateKeyToDer(&key, der, sizeof(der));
ExpectIntGT(derSz, 0);
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz, ED448k,
ED448_KEY_SIZE));
}
wc_ed448_free(&key);
wc_FreeRng(&rng);
}
#endif /* HAVE_ED448 */
#if defined(HAVE_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1) && \
(!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_65) || \
!defined(WOLFSSL_NO_ML_DSA_87))
{
static const struct {
int wcLevel;
word32 oidSum;
word32 privKeySz;
} variants[] = {
#ifndef WOLFSSL_NO_ML_DSA_44
{ WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_KEY_SIZE },
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
{ WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_KEY_SIZE },
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
{ WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_KEY_SIZE },
#endif
};
const word32 derMaxSz = DILITHIUM_MAX_BOTH_KEY_DER_SIZE;
byte* der = NULL;
WC_RNG rng;
size_t i;
int derSz;
XMEMSET(&rng, 0, sizeof(rng));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectNotNull(der = (byte*)XMALLOC(derMaxSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
for (i = 0; i < sizeof(variants) / sizeof(variants[0]); i++) {
dilithium_key key;
XMEMSET(&key, 0, sizeof(key));
ExpectIntEQ(wc_dilithium_init(&key), 0);
ExpectIntEQ(wc_dilithium_set_level(&key, variants[i].wcLevel), 0);
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
if (EXPECT_SUCCESS()) {
ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&key, der, derMaxSz),
0);
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz,
variants[i].oidSum, variants[i].privKeySz));
derSz = wc_Dilithium_PrivateKeyToDer(&key, der, derMaxSz);
ExpectIntGT(derSz, 0);
EXPECT_TEST(test_ToTraditional_ex_once(der, (word32)derSz,
variants[i].oidSum, variants[i].privKeySz));
}
wc_dilithium_free(&key);
}
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PKCS8 */
return EXPECT_RESULT();
}
/* Trailing garbage that is neither [0] attributes nor [1] publicKey must
* still be rejected. */
int test_ToTraditional_ex_negative(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS8) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_KEY_EXPORT) && defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_ASN_TEMPLATE) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
ed25519_key key;
WC_RNG rng;
byte der[256];
byte copy[256];
int derSz = 0;
word32 algId;
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&rng, 0, sizeof(rng));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_ed25519_init(&key), 0);
ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
ExpectIntGT(derSz = wc_Ed25519PrivateKeyToDer(&key, der, sizeof(der)), 0);
if (EXPECT_SUCCESS() && (derSz > 0) &&
((size_t)derSz + 1 <= sizeof(copy))) {
/* Append one byte of trailing data, grow outer SEQ length to cover.
* Ed25519 PKCS#8 outer SEQ is under 128 bytes, expect DER short form
* so the negative path is always exercised. */
XMEMCPY(copy, der, (size_t)derSz);
ExpectTrue(copy[1] < 0x80);
if (EXPECT_SUCCESS() && copy[1] < 0x80) {
copy[1] = (byte)(copy[1] + 1);
copy[derSz] = 0x05;
algId = 0;
ExpectIntLT(ToTraditional_ex(copy, (word32)(derSz + 1), &algId), 0);
}
}
/* publicKey trailer is permitted only when version == v1 */
if (EXPECT_SUCCESS() && (derSz > 0) &&
((size_t)derSz + 2 + ED25519_PUB_KEY_SIZE <= sizeof(copy))) {
word32 trailerSz = 2 + ED25519_PUB_KEY_SIZE;
XMEMCPY(copy, der, (size_t)derSz);
ExpectTrue(copy[1] < (byte)(0x80 - trailerSz));
if (EXPECT_SUCCESS() && copy[1] < (byte)(0x80 - trailerSz)) {
copy[1] = (byte)(copy[1] + trailerSz);
copy[derSz] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY;
copy[derSz + 1] = ED25519_PUB_KEY_SIZE;
XMEMSET(copy + derSz + 2, 0xDD, ED25519_PUB_KEY_SIZE);
algId = 0;
ExpectIntLT(ToTraditional_ex(copy,
(word32)(derSz + (int)trailerSz), &algId), 0);
}
}
/* v1 buffer (with publicKey) plus extra trailing garbage. */
ExpectIntGT(derSz = wc_Ed25519KeyToDer(&key, der, sizeof(der)), 0);
if (EXPECT_SUCCESS() && (derSz > 0) &&
((size_t)derSz + 1 <= sizeof(copy))) {
XMEMCPY(copy, der, (size_t)derSz);
ExpectTrue(copy[1] < 0x80);
if (EXPECT_SUCCESS() && copy[1] < 0x80) {
copy[1] = (byte)(copy[1] + 1);
copy[derSz] = 0x05;
algId = 0;
ExpectIntLT(ToTraditional_ex(copy, (word32)(derSz + 1), &algId), 0);
}
}
wc_ed25519_free(&key);
wc_FreeRng(&rng);
#endif
return EXPECT_RESULT();
}
/* ML-DSA AlgorithmIdentifier has no parameters per FIPS 204. Verify
* ToTraditional_ex() rejects a PKCS#8 whose algoSeq carries trailing NULL
* or OBJECT_ID parameters. Template parser only (legacy is lenient). */
int test_ToTraditional_ex_mldsa_bad_params(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS8) && defined(HAVE_DILITHIUM) && \
defined(WOLFSSL_ASN_TEMPLATE) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN))
/* ML-DSA-65 OID body: 2.16.840.1.101.3.4.3.18 */
static const byte mldsaOid[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x03, 0x12 };
/* Single-arc OID body, used only to occupy the OBJECT_ID slot. */
static const byte extraOid[] = { 0x01 };
byte der[64];
byte copy[64];
word32 sz;
word32 outerLenIdx;
word32 algId;
const word32 privKeySz = 4;
const byte privBody = 0xAA;
/* Bad case, algoSeq = { OID, NULL } */
sz = 0;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
outerLenIdx = sz;
der[sz++] = 0; /* outer length, filled in below */
der[sz++] = ASN_INTEGER;
der[sz++] = 1;
der[sz++] = 0x00;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
der[sz++] = (byte)(sizeof(mldsaOid) + 2 + 2);
der[sz++] = ASN_OBJECT_ID;
der[sz++] = (byte)sizeof(mldsaOid);
XMEMCPY(der + sz, mldsaOid, sizeof(mldsaOid)); sz += sizeof(mldsaOid);
/* Disallowed, NULL parameter after the ML-DSA OID. */
der[sz++] = ASN_TAG_NULL;
der[sz++] = 0;
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)(privKeySz + 2);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)privKeySz;
XMEMSET(der + sz, privBody, privKeySz); sz += privKeySz;
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
XMEMCPY(copy, der, sz);
algId = 0;
ExpectIntLT(ToTraditional_ex(copy, sz, &algId), 0);
/* Bad case, algoSeq = { OID, OBJECT_ID } */
sz = 0;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
outerLenIdx = sz;
der[sz++] = 0;
der[sz++] = ASN_INTEGER;
der[sz++] = 1;
der[sz++] = 0x00;
der[sz++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
der[sz++] = (byte)(sizeof(mldsaOid) + 2 + sizeof(extraOid) + 2);
der[sz++] = ASN_OBJECT_ID;
der[sz++] = (byte)sizeof(mldsaOid);
XMEMCPY(der + sz, mldsaOid, sizeof(mldsaOid)); sz += sizeof(mldsaOid);
/* Disallowed, OBJECT_ID parameter after the ML-DSA OID. */
der[sz++] = ASN_OBJECT_ID;
der[sz++] = (byte)sizeof(extraOid);
XMEMCPY(der + sz, extraOid, sizeof(extraOid)); sz += sizeof(extraOid);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)(privKeySz + 2);
der[sz++] = ASN_OCTET_STRING;
der[sz++] = (byte)privKeySz;
XMEMSET(der + sz, privBody, privKeySz); sz += privKeySz;
der[outerLenIdx] = (byte)(sz - outerLenIdx - 1);
XMEMCPY(copy, der, sz);
algId = 0;
ExpectIntLT(ToTraditional_ex(copy, sz, &algId), 0);
#endif
return EXPECT_RESULT();
}
+13 -1
View File
@@ -30,10 +30,16 @@ int test_DecodeAsymKey_negative(void);
int test_GetSetShortInt(void);
int test_wc_IndexSequenceOf(void);
int test_wolfssl_local_MatchBaseName(void);
int test_wolfssl_local_MatchDnsConstraintWildcard(void);
int test_wolfssl_local_MatchUriNameConstraint(void);
int test_wc_DecodeRsaPssParams(void);
int test_SerialNumber0_RootCA(void);
int test_DecodeAltNames_length_underflow(void);
int test_wc_DecodeObjectId(void);
int test_ToTraditional_ex_handcrafted(void);
int test_ToTraditional_ex_roundtrip(void);
int test_ToTraditional_ex_negative(void);
int test_ToTraditional_ex_mldsa_bad_params(void);
#define TEST_ASN_DECLS \
TEST_DECL_GROUP("asn", test_SetAsymKeyDer), \
@@ -42,9 +48,15 @@ int test_wc_DecodeObjectId(void);
TEST_DECL_GROUP("asn", test_GetSetShortInt), \
TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf), \
TEST_DECL_GROUP("asn", test_wolfssl_local_MatchBaseName), \
TEST_DECL_GROUP("asn", test_wolfssl_local_MatchDnsConstraintWildcard), \
TEST_DECL_GROUP("asn", test_wolfssl_local_MatchUriNameConstraint), \
TEST_DECL_GROUP("asn", test_wc_DecodeRsaPssParams), \
TEST_DECL_GROUP("asn", test_SerialNumber0_RootCA), \
TEST_DECL_GROUP("asn", test_DecodeAltNames_length_underflow), \
TEST_DECL_GROUP("asn", test_wc_DecodeObjectId)
TEST_DECL_GROUP("asn", test_wc_DecodeObjectId), \
TEST_DECL_GROUP("asn", test_ToTraditional_ex_handcrafted), \
TEST_DECL_GROUP("asn", test_ToTraditional_ex_roundtrip), \
TEST_DECL_GROUP("asn", test_ToTraditional_ex_negative), \
TEST_DECL_GROUP("asn", test_ToTraditional_ex_mldsa_bad_params)
#endif /* WOLFCRYPT_TEST_ASN_H */
+64
View File
@@ -2109,6 +2109,70 @@ int test_wolfSSL_X509_check_host_IP_only_SAN_CN_fallback(void)
return EXPECT_RESULT();
}
int test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
/* RFC 6125 Sec. 6.4 / RFC 9525 Sec. 6.3: DNS-ID reference identifiers
* must be matched only against dNSName SANs, not uniformResourceIdentifier.
* wolfSSL_X509_add_altname() is used to attach a bare-hostname URI SAN
* (the misissue shape that can reach altNames when certificate parsing is
* built without strict URI checks). URI SAN presence still suppresses CN
* fallback per RFC 6125 Sec. 6.4.4. */
WOLFSSL_EVP_PKEY *priv = NULL;
WOLFSSL_X509_NAME* name = NULL;
const char* server_cert = "./certs/test/server-goodcn.pem";
const char hostName[] = "cnhost.local";
const char uriSan[] = "http://cnhost.local";
byte *pt;
WOLFSSL_X509 *leafUri = NULL;
WOLFSSL_X509 *leafUriDns = NULL;
pt = (byte*)server_key_der_2048;
ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
ExpectNotNull(leafUri = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
ExpectNotNull(name = X509_NAME_new());
ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)hostName, (int)XSTRLEN(hostName), -1, 0), SSL_SUCCESS);
ExpectIntEQ(wolfSSL_X509_set_subject_name(leafUri, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
name = NULL;
ExpectIntEQ(wolfSSL_X509_add_altname(leafUri, uriSan, ASN_URI_TYPE),
WOLFSSL_SUCCESS);
ExpectIntGT(wolfSSL_X509_sign(leafUri, priv, EVP_sha256()), 0);
ExpectIntEQ(wolfSSL_X509_check_host(leafUri, hostName, XSTRLEN(hostName),
0, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectNotNull(leafUriDns = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
ExpectNotNull(name = X509_NAME_new());
ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)hostName, (int)XSTRLEN(hostName), -1, 0), SSL_SUCCESS);
ExpectIntEQ(wolfSSL_X509_set_subject_name(leafUriDns, name),
WOLFSSL_SUCCESS);
X509_NAME_free(name);
name = NULL;
ExpectIntEQ(wolfSSL_X509_add_altname(leafUriDns, uriSan, ASN_URI_TYPE),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_X509_add_altname(leafUriDns, hostName, ASN_DNS_TYPE),
WOLFSSL_SUCCESS);
ExpectIntGT(wolfSSL_X509_sign(leafUriDns, priv, EVP_sha256()), 0);
ExpectIntEQ(wolfSSL_X509_check_host(leafUriDns, hostName,
XSTRLEN(hostName), 0, NULL), WOLFSSL_SUCCESS);
wolfSSL_X509_free(leafUri);
wolfSSL_X509_free(leafUriDns);
wolfSSL_EVP_PKEY_free(priv);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_CertManagerCRL(void)
{
EXPECT_DECLS;
+3
View File
@@ -40,6 +40,7 @@ int test_wolfSSL_CertManagerNameConstraint_IP_SAN(void);
int test_wolfSSL_CertManagerNameConstraint_RID_SAN(void);
int test_wolfSSL_X509_get_ext_d2i_RID_SAN(void);
int test_wolfSSL_X509_check_host_IP_only_SAN_CN_fallback(void);
int test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match(void);
int test_wolfSSL_CertManagerCRL(void);
int test_wolfSSL_CRL_reason_extensions_cleanup(void);
int test_wolfSSL_CRL_static_revoked_list(void);
@@ -70,6 +71,8 @@ int test_wolfSSL_X509_V_ERR_strings(void);
TEST_DECL_GROUP("certman", test_wolfSSL_X509_get_ext_d2i_RID_SAN), \
TEST_DECL_GROUP("certman", \
test_wolfSSL_X509_check_host_IP_only_SAN_CN_fallback), \
TEST_DECL_GROUP("certman", \
test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match), \
TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerCRL), \
TEST_DECL_GROUP("certman", test_wolfSSL_CRL_reason_extensions_cleanup), \
TEST_DECL_GROUP("certman", test_wolfSSL_CRL_static_revoked_list), \
+93
View File
@@ -398,6 +398,99 @@ int test_wc_curve25519_shared_secret_zero_check(void)
return EXPECT_RESULT();
} /* END test_wc_curve25519_shared_secret_zero_check */
/*
* Known-answer tests for wc_curve25519_shared_secret_ex.
*
* Both vectors share one private scalar and produce a shared secret that is a
* small canonical value (9 and 16, little-endian). Because the result is close
* to a multiple of the field prime, these exercise the final modular reduction
* of the X25519 computation: a result that was only reduced mod 2^256 (or left
* in [p, 2^255)) instead of fully reduced mod 2^255-19 would not match.
* All values are 32-byte little-endian encodings per RFC 7748.
*/
int test_wc_curve25519_shared_secret_ex_kat(void)
{
EXPECT_DECLS;
#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)
/* Private scalar shared by both vectors. */
static const byte kPriv[CURVE25519_KEYSIZE] = {
0x60, 0xa3, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b,
0xe4, 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84,
0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9,
0xcc, 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0x7f
};
/* Vector 1 public value, expected shared secret == 9. */
static const byte kPub1[CURVE25519_KEYSIZE] = {
0x3b, 0x18, 0xdf, 0x1e, 0x50, 0xb8, 0x99, 0xeb,
0xd5, 0x88, 0xc3, 0x16, 0x1c, 0xbd, 0x3b, 0xf9,
0x8e, 0xbc, 0xc2, 0xc1, 0xf7, 0xdf, 0x53, 0xb8,
0x11, 0xbd, 0x0e, 0x91, 0xb4, 0xd5, 0x15, 0x3d
};
static const byte kExpected1[CURVE25519_KEYSIZE] = {
0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* Vector 2 public value, expected shared secret == 16. */
static const byte kPub2[CURVE25519_KEYSIZE] = {
0xca, 0xb6, 0xf9, 0xe7, 0xd8, 0xce, 0x00, 0xdf,
0xce, 0xa9, 0xbb, 0xd8, 0xf0, 0x69, 0xef, 0x7f,
0xb2, 0xac, 0x50, 0x4a, 0xbf, 0x83, 0xb8, 0x7d,
0xb6, 0x01, 0xb5, 0xae, 0x0a, 0x7f, 0x76, 0x15
};
static const byte kExpected2[CURVE25519_KEYSIZE] = {
0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* Table-driven so both vectors run through the identical code path. */
struct {
const byte* pub;
const byte* expected;
} vec[2];
curve25519_key private_key;
curve25519_key public_key;
WC_RNG rng;
byte out[CURVE25519_KEYSIZE];
word32 outLen;
int i;
vec[0].pub = kPub1; vec[0].expected = kExpected1;
vec[1].pub = kPub2; vec[1].expected = kExpected2;
XMEMSET(&rng, 0, sizeof(WC_RNG));
ExpectIntEQ(wc_InitRng(&rng), 0);
for (i = 0; i < 2; i++) {
XMEMSET(&private_key, 0, sizeof(private_key));
XMEMSET(&public_key, 0, sizeof(public_key));
ExpectIntEQ(wc_curve25519_init(&private_key), 0);
ExpectIntEQ(wc_curve25519_init(&public_key), 0);
#ifdef WOLFSSL_CURVE25519_BLINDING
ExpectIntEQ(wc_curve25519_set_rng(&private_key, &rng), 0);
#endif
ExpectIntEQ(wc_curve25519_import_private_ex(kPriv, sizeof(kPriv),
&private_key, EC25519_LITTLE_ENDIAN), 0);
ExpectIntEQ(wc_curve25519_import_public_ex(vec[i].pub,
CURVE25519_KEYSIZE, &public_key, EC25519_LITTLE_ENDIAN), 0);
outLen = sizeof(out);
ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key,
out, &outLen, EC25519_LITTLE_ENDIAN), 0);
ExpectIntEQ(outLen, CURVE25519_KEYSIZE);
ExpectIntEQ(XMEMCMP(out, vec[i].expected, CURVE25519_KEYSIZE), 0);
wc_curve25519_free(&private_key);
wc_curve25519_free(&public_key);
}
DoExpectIntEQ(wc_FreeRng(&rng), 0);
#endif
return EXPECT_RESULT();
} /* END test_wc_curve25519_shared_secret_ex_kat */
/*
* Testing wc_curve25519_make_pub
*/
+2
View File
@@ -31,6 +31,7 @@ int test_wc_curve25519_export_key_raw_ex(void);
int test_wc_curve25519_make_key(void);
int test_wc_curve25519_shared_secret_ex(void);
int test_wc_curve25519_shared_secret_zero_check(void);
int test_wc_curve25519_shared_secret_ex_kat(void);
int test_wc_curve25519_make_pub(void);
int test_wc_curve25519_export_public_ex(void);
int test_wc_curve25519_export_private_raw_ex(void);
@@ -47,6 +48,7 @@ int test_wc_Curve25519KeyToDer_oneasymkey_version(void);
TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_key), \
TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_ex), \
TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_zero_check),\
TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_ex_kat), \
TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_pub), \
TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_public_ex), \
TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_private_raw_ex), \
+3311 -1072
View File
File diff suppressed because it is too large Load Diff
+68 -26
View File
@@ -23,15 +23,8 @@
#define TESTS_API_DTLS_H
int test_dtls12_basic_connection_id(void);
int test_dtls13_basic_connection_id(void);
int test_dtls13_hrr_want_write(void);
int test_dtls13_every_write_want_write(void);
int test_wolfSSL_dtls_cid_parse(void);
int test_wolfSSL_dtls_set_pending_peer(void);
int test_dtls13_epochs(void);
int test_dtls13_ack_order(void);
int test_dtls13_ack_overflow(void);
int test_dtls13_ack_dup_write_counter(void);
int test_dtls_version_checking(void);
int test_dtls_short_ciphertext(void);
int test_dtls12_record_length_mismatch(void);
@@ -41,34 +34,56 @@ int test_dtls13_short_read(void);
int test_records_span_network_boundaries(void);
int test_dtls_record_cross_boundaries(void);
int test_dtls_rtx_across_epoch_change(void);
int test_dtls13_ch2_rtx_no_ch1(void);
int test_dtls13_frag_ch2_with_ch1_rtx(void);
int test_dtls_drop_client_ack(void);
int test_dtls_bogus_finished_epoch_zero(void);
int test_dtls_replay(void);
int test_dtls_srtp(void);
int test_dtls_timeout(void);
int test_dtls_certreq_order(void);
int test_dtls_memio_wolfio(void);
int test_dtls_memio_wolfio_stateless(void);
int test_dtls_mtu_fragment_headroom(void);
int test_dtls_mtu_split_messages(void);
int test_dtls13_min_rtx_interval(void);
int test_dtls13_no_session_id_echo(void);
int test_dtls13_5_9_0_compat(void);
int test_dtls_set_session_min_downgrade(void);
int test_dtls12_export_import_etm(void);
/* DTLS tests moved out of tests/api.c. */
int test_dtls_msg_from_other_peer(void);
int test_dtls_ipv6_check(void);
int test_dtls_no_extensions(void);
int test_dtls_1_0_hvr_downgrade(void);
int test_dtls_downgrade_scr_server(void);
int test_dtls_downgrade_scr(void);
int test_dtls_client_hello_timeout_downgrade(void);
int test_dtls_client_hello_timeout(void);
int test_dtls_dropped_ccs(void);
int test_dtls_seq_num_downgrade(void);
int test_dtls_old_seq_number(void);
int test_dtls12_missing_finished(void);
int test_wolfSSL_dtls_export(void);
int test_wolfSSL_dtls_export_peers(void);
int test_wolfSSL_dtls_import_state_extra_window_words(void);
int test_wolfSSL_DTLS_either_side(void);
int test_generate_cookie(void);
int test_wolfSSL_dtls_set_mtu(void);
int test_wolfSSL_dtls_plaintext(void);
int test_wolfSSL_dtls_fragments(void);
int test_wolfSSL_ignore_alert_before_cookie(void);
int test_wolfSSL_dtls_bad_record(void);
int test_wolfSSL_dtls_AEAD_limit(void);
int test_wolfSSL_dtls_stateless(void);
int test_wolfSSL_dtls_stateless_hrr_group(void);
int test_wolfSSL_DtlsUpdateWindow(void);
int test_wolfSSL_DTLS_fragment_buckets(void);
int test_wolfSSL_dtls_stateless2(void);
int test_wolfSSL_dtls_stateless_maxfrag(void);
int test_wolfSSL_dtls_stateless_resume(void);
int test_wolfSSL_dtls_stateless_downgrade(void);
int test_WOLFSSL_dtls_version_alert(void);
#define TEST_DTLS_DECLS \
TEST_DECL_GROUP("dtls", test_dtls12_basic_connection_id), \
TEST_DECL_GROUP("dtls", test_dtls13_basic_connection_id), \
TEST_DECL_GROUP("dtls", test_dtls13_hrr_want_write), \
TEST_DECL_GROUP("dtls", test_dtls13_every_write_want_write), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_cid_parse), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_set_pending_peer), \
TEST_DECL_GROUP("dtls", test_dtls13_epochs), \
TEST_DECL_GROUP("dtls", test_dtls13_ack_order), \
TEST_DECL_GROUP("dtls", test_dtls13_ack_overflow), \
TEST_DECL_GROUP("dtls", test_dtls13_ack_dup_write_counter), \
TEST_DECL_GROUP("dtls", test_dtls_version_checking), \
TEST_DECL_GROUP("dtls", test_dtls_short_ciphertext), \
TEST_DECL_GROUP("dtls", test_dtls12_record_length_mismatch), \
@@ -78,20 +93,47 @@ int test_dtls_set_session_min_downgrade(void);
TEST_DECL_GROUP("dtls", test_records_span_network_boundaries), \
TEST_DECL_GROUP("dtls", test_dtls_record_cross_boundaries), \
TEST_DECL_GROUP("dtls", test_dtls_rtx_across_epoch_change), \
TEST_DECL_GROUP("dtls", test_dtls13_ch2_rtx_no_ch1), \
TEST_DECL_GROUP("dtls", test_dtls13_frag_ch2_with_ch1_rtx), \
TEST_DECL_GROUP("dtls", test_dtls_drop_client_ack), \
TEST_DECL_GROUP("dtls", test_dtls_bogus_finished_epoch_zero), \
TEST_DECL_GROUP("dtls", test_dtls_replay), \
TEST_DECL_GROUP("dtls", test_dtls_srtp), \
TEST_DECL_GROUP("dtls", test_dtls_certreq_order), \
TEST_DECL_GROUP("dtls", test_dtls_timeout), \
TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio), \
TEST_DECL_GROUP("dtls", test_dtls_mtu_fragment_headroom), \
TEST_DECL_GROUP("dtls", test_dtls_mtu_split_messages), \
TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio_stateless), \
TEST_DECL_GROUP("dtls", test_dtls13_min_rtx_interval), \
TEST_DECL_GROUP("dtls", test_dtls13_no_session_id_echo), \
TEST_DECL_GROUP("dtls", test_dtls_set_session_min_downgrade), \
TEST_DECL_GROUP("dtls", test_dtls13_5_9_0_compat)
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_export), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_export_peers), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_import_state_extra_window_words), \
TEST_DECL_GROUP("dtls", test_wolfSSL_DTLS_either_side), \
TEST_DECL_GROUP("dtls", test_generate_cookie), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_set_mtu), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_plaintext), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_fragments), \
TEST_DECL_GROUP("dtls", test_wolfSSL_ignore_alert_before_cookie), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_bad_record), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_AEAD_limit), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_hrr_group), \
TEST_DECL_GROUP("dtls", test_wolfSSL_DtlsUpdateWindow), \
TEST_DECL_GROUP("dtls", test_wolfSSL_DTLS_fragment_buckets), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless2), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_maxfrag), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_resume), \
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_stateless_downgrade), \
TEST_DECL_GROUP("dtls", test_WOLFSSL_dtls_version_alert), \
TEST_DECL_GROUP("dtls", test_dtls_msg_from_other_peer), \
TEST_DECL_GROUP("dtls", test_dtls_ipv6_check), \
TEST_DECL_GROUP("dtls", test_dtls_no_extensions), \
TEST_DECL_GROUP("dtls", test_dtls_1_0_hvr_downgrade), \
TEST_DECL_GROUP("dtls", test_dtls_downgrade_scr_server), \
TEST_DECL_GROUP("dtls", test_dtls_downgrade_scr), \
TEST_DECL_GROUP("dtls", test_dtls_client_hello_timeout_downgrade), \
TEST_DECL_GROUP("dtls", test_dtls_client_hello_timeout), \
TEST_DECL_GROUP("dtls", test_dtls_dropped_ccs), \
TEST_DECL_GROUP("dtls", test_dtls_seq_num_downgrade), \
TEST_DECL_GROUP("dtls", test_dtls_old_seq_number), \
TEST_DECL_GROUP("dtls", test_dtls12_missing_finished), \
TEST_DECL_GROUP("dtls", test_dtls12_export_import_etm)
#endif /* TESTS_API_DTLS_H */
File diff suppressed because it is too large Load Diff
+79
View File
@@ -0,0 +1,79 @@
/* test_dtls13.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef TESTS_API_DTLS13_H
#define TESTS_API_DTLS13_H
#include <tests/api/api_decl.h>
/* DTLSv1.3-only tests. None share helpers with DTLS<=1.2 tests, so they
* live in their own translation unit and register under the "dtls13"
* group. Each function is defined unconditionally with the body (or the
* whole function via #else stub) guarded by WOLFSSL_DTLS13. */
int test_dtls13_bad_epoch_ch(void);
int test_wolfSSL_dtls13_null_cipher(void);
int test_dtls13_frag_ch_pq(void);
int test_dtls_frag_ch(void);
int test_dtls_empty_keyshare_with_cookie(void);
int test_dtls13_missing_finished_client(void);
int test_dtls13_missing_finished_server(void);
int test_dtls13_finished_send_error_propagation(void);
/* DTLSv1.3-only tests moved from test_dtls.c (isolated from DTLS<=1.2 code,
* none share helpers with non-DTLS13 tests). */
int test_dtls13_basic_connection_id(void);
int test_dtls13_hrr_want_write(void);
int test_dtls13_every_write_want_write(void);
int test_dtls13_epochs(void);
int test_dtls13_ack_order(void);
int test_dtls13_ack_overflow(void);
int test_dtls13_ack_dup_write_counter(void);
int test_dtls13_ch2_rtx_no_ch1(void);
int test_dtls13_frag_ch2_with_ch1_rtx(void);
int test_dtls_srtp(void);
int test_dtls13_min_rtx_interval(void);
int test_dtls13_no_session_id_echo(void);
int test_dtls13_5_9_0_compat(void);
#define TEST_DTLS13_DECLS \
TEST_DECL_GROUP("dtls13", test_dtls13_bad_epoch_ch), \
TEST_DECL_GROUP("dtls13", test_wolfSSL_dtls13_null_cipher), \
TEST_DECL_GROUP("dtls13", test_dtls13_frag_ch_pq), \
TEST_DECL_GROUP("dtls13", test_dtls_frag_ch), \
TEST_DECL_GROUP("dtls13", test_dtls_empty_keyshare_with_cookie), \
TEST_DECL_GROUP("dtls13", test_dtls13_missing_finished_client), \
TEST_DECL_GROUP("dtls13", test_dtls13_missing_finished_server), \
TEST_DECL_GROUP("dtls13", test_dtls13_finished_send_error_propagation), \
TEST_DECL_GROUP("dtls13", test_dtls13_basic_connection_id), \
TEST_DECL_GROUP("dtls13", test_dtls13_hrr_want_write), \
TEST_DECL_GROUP("dtls13", test_dtls13_every_write_want_write), \
TEST_DECL_GROUP("dtls13", test_dtls13_epochs), \
TEST_DECL_GROUP("dtls13", test_dtls13_ack_order), \
TEST_DECL_GROUP("dtls13", test_dtls13_ack_overflow), \
TEST_DECL_GROUP("dtls13", test_dtls13_ack_dup_write_counter), \
TEST_DECL_GROUP("dtls13", test_dtls13_ch2_rtx_no_ch1), \
TEST_DECL_GROUP("dtls13", test_dtls13_frag_ch2_with_ch1_rtx), \
TEST_DECL_GROUP("dtls13", test_dtls_srtp), \
TEST_DECL_GROUP("dtls13", test_dtls13_min_rtx_interval), \
TEST_DECL_GROUP("dtls13", test_dtls13_no_session_id_echo), \
TEST_DECL_GROUP("dtls13", test_dtls13_5_9_0_compat)
#endif /* TESTS_API_DTLS13_H */
+181
View File
@@ -725,3 +725,184 @@ int test_wc_Ed25519KeyToDer_oneasymkey_version(void)
return EXPECT_RESULT();
}
/* Ed25519 identity and small-order public keys must be rejected. When
* the public key is the identity point (or any small-order point), any
* signature of the form (R = [S]B, S) verifies for arbitrary messages
* because h*A is the neutral element. Gated on FIPS_VERSION3_GE(7,0,0)
* because older FIPS-certified modules do not have this check in their
* frozen copy of ed25519.c and would fail this test. */
int test_wc_ed25519_reject_small_order_keys(void)
{
EXPECT_DECLS;
#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
/* Each entry holds an encoded small-order Ed25519 public key. The
* sign-bit variants of each y-coordinate are listed explicitly so
* the test catches both possible encodings of each y. */
static const byte small_order_keys[][ED25519_PUB_KEY_SIZE] = {
/* identity (y = 1) */
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
/* identity with x-sign bit set */
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80},
/* order 2: y = p - 1 */
{0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
/* order 2: y = p - 1 with x-sign bit set */
{0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
/* non-canonical y = p (decodes to y = 0) */
{0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
/* non-canonical y = p with x-sign bit set */
{0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
/* non-canonical y = p + 1 (decodes to y = 1) */
{0xee,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
/* non-canonical y = p + 1 with x-sign bit set */
{0xee,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
/* order 4: y = 0 */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
/* order 4 with x-sign bit set */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80},
/* order 8 */
{0x26,0xe8,0x95,0x8f,0xc2,0xb2,0x27,0xb0,
0x45,0xc3,0xf4,0x89,0xf2,0xef,0x98,0xf0,
0xd5,0xdf,0xac,0x05,0xd3,0xc6,0x33,0x39,
0xb1,0x38,0x02,0x88,0x6d,0x53,0xfc,0x05},
/* order 8 with x-sign bit set */
{0x26,0xe8,0x95,0x8f,0xc2,0xb2,0x27,0xb0,
0x45,0xc3,0xf4,0x89,0xf2,0xef,0x98,0xf0,
0xd5,0xdf,0xac,0x05,0xd3,0xc6,0x33,0x39,
0xb1,0x38,0x02,0x88,0x6d,0x53,0xfc,0x85},
/* order 8 (other y) */
{0xc7,0x17,0x6a,0x70,0x3d,0x4d,0xd8,0x4f,
0xba,0x3c,0x0b,0x76,0x0d,0x10,0x67,0x0f,
0x2a,0x20,0x53,0xfa,0x2c,0x39,0xcc,0xc6,
0x4e,0xc7,0xfd,0x77,0x92,0xac,0x03,0x7a},
/* order 8 (other y) with x-sign bit set */
{0xc7,0x17,0x6a,0x70,0x3d,0x4d,0xd8,0x4f,
0xba,0x3c,0x0b,0x76,0x0d,0x10,0x67,0x0f,
0x2a,0x20,0x53,0xfa,0x2c,0x39,0xcc,0xc6,
0x4e,0xc7,0xfd,0x77,0x92,0xac,0x03,0xfa},
};
/* Forged signature: R = B (base point), S = 1.
* With public key A = identity, S*B - h*A = B = R for any message. */
static const byte forged_sig[ED25519_SIG_SIZE] = {
0x58,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
ed25519_key key;
word32 i;
word32 num_keys = (word32)(sizeof(small_order_keys) / ED25519_PUB_KEY_SIZE);
/* (1) Untrusted wc_ed25519_import_public must reject every small-order
* encoding (it runs wc_ed25519_check_key as part of the import). */
for (i = 0; i < num_keys; i++) {
int rc;
XMEMSET(&key, 0, sizeof(key));
ExpectIntEQ(wc_ed25519_init(&key), 0);
rc = wc_ed25519_import_public(small_order_keys[i],
ED25519_PUB_KEY_SIZE, &key);
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
fprintf(stderr, "small_order_keys[%u]: import_public returned %d, "
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
}
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
wc_ed25519_free(&key);
}
/* (2) wc_ed25519_check_key called directly must also reject. Guards
* against a refactor that moves the small-order check out of
* check_key and into the import path: (1) would still pass, but the
* documented check_key contract would silently regress. */
for (i = 0; i < num_keys; i++) {
int rc;
XMEMSET(&key, 0, sizeof(key));
ExpectIntEQ(wc_ed25519_init(&key), 0);
/* trusted = 1 bypasses the import-time check_key call so the
* direct check_key below is what's under test. */
ExpectIntEQ(wc_ed25519_import_public_ex(small_order_keys[i],
ED25519_PUB_KEY_SIZE, &key, 1), 0);
rc = wc_ed25519_check_key(&key);
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
fprintf(stderr, "small_order_keys[%u]: check_key returned %d, "
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
}
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
wc_ed25519_free(&key);
}
/* (3) Even a "trusted" import (which bypasses wc_ed25519_check_key)
* must not let wc_ed25519_verify_msg accept a forged signature against
* an identity public key. Test both the canonical encoding (y = 1,
* small_order_keys[0]) and the non-canonical encoding (y = p + 1,
* small_order_keys[6]) so the verify-side check is exercised against
* the canonical-form bypass route, not just the byte-for-byte
* identity. The forged sig (R = B, S = 1) verifies for an identity
* public key only - other small-order points would reject it on the
* math alone, so they aren't useful here. */
{
static const word32 identity_indices[] = { 0, 6 };
const char* msg = "forged message";
word32 j;
for (j = 0;
j < sizeof(identity_indices)/sizeof(identity_indices[0]);
j++) {
word32 idx = identity_indices[j];
int verify_result = 1;
int rc;
XMEMSET(&key, 0, sizeof(key));
ExpectIntEQ(wc_ed25519_init(&key), 0);
ExpectIntEQ(wc_ed25519_import_public_ex(small_order_keys[idx],
ED25519_PUB_KEY_SIZE, &key, 1), 0);
rc = wc_ed25519_verify_msg(forged_sig, sizeof(forged_sig),
(const byte*)msg, (word32)XSTRLEN(msg), &verify_result, &key);
if (rc != WC_NO_ERR_TRACE(BAD_FUNC_ARG) || verify_result != 0) {
fprintf(stderr, "verify_msg with identity-equiv "
"small_order_keys[%u]: rc=%d verify_result=%d "
"(expected BAD_FUNC_ARG and 0)\n",
(unsigned)idx, rc, verify_result);
}
ExpectIntEQ(rc, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(verify_result, 0);
wc_ed25519_free(&key);
}
}
#endif
return EXPECT_RESULT();
}
+3 -1
View File
@@ -37,6 +37,7 @@ int test_wc_Ed25519PublicKeyToDer(void);
int test_wc_Ed25519KeyToDer(void);
int test_wc_Ed25519PrivateKeyToDer(void);
int test_wc_Ed25519KeyToDer_oneasymkey_version(void);
int test_wc_ed25519_reject_small_order_keys(void);
#define TEST_ED25519_DECLS \
TEST_DECL_GROUP("ed25519", test_wc_ed25519_make_key), \
@@ -51,6 +52,7 @@ int test_wc_Ed25519KeyToDer_oneasymkey_version(void);
TEST_DECL_GROUP("ed25519", test_wc_Ed25519PublicKeyToDer), \
TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer), \
TEST_DECL_GROUP("ed25519", test_wc_Ed25519PrivateKeyToDer), \
TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer_oneasymkey_version)
TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer_oneasymkey_version), \
TEST_DECL_GROUP("ed25519", test_wc_ed25519_reject_small_order_keys)
#endif /* WOLFCRYPT_TEST_ED25519_H */
+221
View File
@@ -649,3 +649,224 @@ int test_wc_Ed448KeyToDer_oneasymkey_version(void)
return EXPECT_RESULT();
}
/* Ed448 identity and small-order public keys must be rejected.
* Edwards448 has cofactor 4, so the small-order subgroup contains the
* identity, an order-2 point, and two order-4 points. With any of these
* as the public key, h*A is the neutral element and forged signatures
* verify for arbitrary messages. Gated on FIPS_VERSION3_GE(7,0,0)
* because older FIPS-certified modules do not have this check in their
* frozen copy of ed448.c. */
int test_wc_ed448_reject_small_order_keys(void)
{
EXPECT_DECLS;
#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
/* Two regressions are guarded here. Both sign-bit variants of each
* y are listed so weakening the "clear all of byte 56" mask in
* ed448_is_small_order() would be caught. The non-canonical rows
* (y = p, y = p + 1) guard against dropping the canonical-form
* coverage: fe448_from_bytes reads bytes 0-55 modulo p with no
* canonical-form check, so y = p decodes to 0 and y = p + 1
* decodes to 1, both of which are small order. */
static const byte small_order_keys[][ED448_PUB_KEY_SIZE] = {
/* identity (y = 1), sign 0 */
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00},
/* identity (y = 1), sign bit set */
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x80},
/* order 4: y = 0, x-sign 0 */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00},
/* order 4: y = 0, x-sign 1 */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x80},
/* order 2: y = p - 1, x = 0, sign 0 */
{0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x00},
/* order 2: y = p - 1, sign bit set */
{0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x80},
/* non-canonical y = p (decodes to y = 0), sign 0 */
{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x00},
/* non-canonical y = p, sign bit set */
{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x80},
/* non-canonical y = p + 1 (decodes to y = 1), sign 0 */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x00},
/* non-canonical y = p + 1, sign bit set */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x80},
};
/* Arbitrary signature bytes: S = 1 (must be below the Ed448 group
* order or wc_ed448_verify_msg() returns BAD_FUNC_ARG before the
* small-order check has a chance to fire). The R bytes do not need
* to encode a valid curve point for this test - the small-order
* defence in ed448_verify_msg_final_with_sha() rejects the public
* key before the R/S verification math runs. */
static const byte forged_sig[ED448_SIG_SIZE] = {
/* R: 57 bytes of arbitrary data (last byte 0 to satisfy the
* spec-mandated zero of byte 56 bits 0-6; sign bit doesn't
* matter here). */
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,
/* S = 1 */
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00
};
ed448_key key;
word32 i;
word32 num_keys = (word32)(sizeof(small_order_keys) / ED448_PUB_KEY_SIZE);
/* (1) Untrusted wc_ed448_import_public must reject every small-order
* encoding (it runs wc_ed448_check_key as part of the import). */
for (i = 0; i < num_keys; i++) {
int rc;
XMEMSET(&key, 0, sizeof(key));
ExpectIntEQ(wc_ed448_init(&key), 0);
rc = wc_ed448_import_public(small_order_keys[i],
ED448_PUB_KEY_SIZE, &key);
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
fprintf(stderr, "small_order_keys[%u]: import_public returned %d, "
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
}
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
wc_ed448_free(&key);
}
/* (2) wc_ed448_check_key called directly must also reject. Guards
* against a refactor that moves the small-order check out of
* check_key and into the import path: (1) would still pass, but the
* documented check_key contract would silently regress. */
for (i = 0; i < num_keys; i++) {
int rc;
XMEMSET(&key, 0, sizeof(key));
ExpectIntEQ(wc_ed448_init(&key), 0);
/* trusted = 1 bypasses the import-time check_key call so the
* direct check_key below is what's under test. */
ExpectIntEQ(wc_ed448_import_public_ex(small_order_keys[i],
ED448_PUB_KEY_SIZE, &key, 1), 0);
rc = wc_ed448_check_key(&key);
if (rc != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
fprintf(stderr, "small_order_keys[%u]: check_key returned %d, "
"expected PUBLIC_KEY_E\n", (unsigned)i, rc);
}
ExpectIntEQ(rc, WC_NO_ERR_TRACE(PUBLIC_KEY_E));
wc_ed448_free(&key);
}
/* (3) Even a "trusted" import (which bypasses wc_ed448_check_key)
* must not let wc_ed448_verify_msg accept a forged signature against
* an identity public key. Test both the canonical encoding (y = 1,
* small_order_keys[0]) and the non-canonical encoding (y = p + 1,
* small_order_keys[8]) so the verify-side check is exercised against
* the canonical-form bypass route, not just the byte-for-byte
* identity. */
{
static const word32 identity_indices[] = { 0, 8 };
const char* msg = "forged message";
word32 j;
for (j = 0;
j < sizeof(identity_indices)/sizeof(identity_indices[0]);
j++) {
word32 idx = identity_indices[j];
int verify_result = 1;
int rc;
XMEMSET(&key, 0, sizeof(key));
ExpectIntEQ(wc_ed448_init(&key), 0);
ExpectIntEQ(wc_ed448_import_public_ex(small_order_keys[idx],
ED448_PUB_KEY_SIZE, &key, 1), 0);
rc = wc_ed448_verify_msg(forged_sig, sizeof(forged_sig),
(const byte*)msg, (word32)XSTRLEN(msg), &verify_result,
&key, NULL, 0);
if (rc != WC_NO_ERR_TRACE(BAD_FUNC_ARG) || verify_result != 0) {
fprintf(stderr, "verify_msg with identity-equiv "
"small_order_keys[%u]: rc=%d verify_result=%d "
"(expected BAD_FUNC_ARG and 0)\n",
(unsigned)idx, rc, verify_result);
}
ExpectIntEQ(rc, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(verify_result, 0);
wc_ed448_free(&key);
}
}
#endif
return EXPECT_RESULT();
}
+3 -1
View File
@@ -37,6 +37,7 @@ int test_wc_Ed448PublicKeyToDer(void);
int test_wc_Ed448KeyToDer(void);
int test_wc_Ed448PrivateKeyToDer(void);
int test_wc_Ed448KeyToDer_oneasymkey_version(void);
int test_wc_ed448_reject_small_order_keys(void);
#define TEST_ED448_DECLS \
TEST_DECL_GROUP("ed448", test_wc_ed448_make_key), \
@@ -51,6 +52,7 @@ int test_wc_Ed448KeyToDer_oneasymkey_version(void);
TEST_DECL_GROUP("ed448", test_wc_Ed448PublicKeyToDer), \
TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer), \
TEST_DECL_GROUP("ed448", test_wc_Ed448PrivateKeyToDer), \
TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer_oneasymkey_version)
TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer_oneasymkey_version), \
TEST_DECL_GROUP("ed448", test_wc_ed448_reject_small_order_keys)
#endif /* WOLFCRYPT_TEST_ED448_H */
+159
View File
@@ -2702,3 +2702,162 @@ int test_wolfSSL_EVP_PKEY_ed448(void)
return EXPECT_RESULT();
}
int test_wolfSSL_EVP_PKEY_x25519(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
EVP_PKEY* pkey = NULL;
EVP_PKEY* peer = NULL;
EVP_PKEY_CTX* genCtx = NULL;
EVP_PKEY_CTX* ctx = NULL;
unsigned char rawPriv[32];
unsigned char rawPub[32];
unsigned char secretA[32];
unsigned char secretB[32];
size_t secretLen;
int i;
for (i = 0; i < 32; i++) {
rawPriv[i] = (unsigned char)i;
rawPub[i] = (unsigned char)(0x40 + i);
}
/* Raw import with the correct length reports the X25519 type. */
ExpectNotNull(pkey = EVP_PKEY_new_raw_public_key(
EVP_PKEY_X25519, NULL, rawPub, sizeof(rawPub)));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X25519);
EVP_PKEY_free(pkey);
pkey = NULL;
ExpectNotNull(pkey = EVP_PKEY_new_raw_private_key(
EVP_PKEY_X25519, NULL, rawPriv, sizeof(rawPriv)));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X25519);
/* X25519 is key-agreement only: signing must be rejected. */
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
ExpectIntNE(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
/* Wrong raw lengths are rejected. */
ExpectNull(EVP_PKEY_new_raw_public_key(
EVP_PKEY_X25519, NULL, rawPub, 16));
ExpectNull(EVP_PKEY_new_raw_private_key(
EVP_PKEY_X25519, NULL, rawPriv, 16));
/* Generate two key pairs and confirm ECDH agreement is symmetric. This
* also exercises the little-endian convention used on import/derive. */
ExpectNotNull(genCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL));
ExpectIntEQ(EVP_PKEY_keygen_init(genCtx), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &pkey), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &peer), WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(genCtx);
genCtx = NULL;
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peer), WOLFSSL_SUCCESS);
secretLen = sizeof(secretA);
ExpectIntEQ(EVP_PKEY_derive(ctx, secretA, &secretLen), WOLFSSL_SUCCESS);
ExpectIntEQ((int)secretLen, 32);
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
ExpectNotNull(ctx = EVP_PKEY_CTX_new(peer, NULL));
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, pkey), WOLFSSL_SUCCESS);
secretLen = sizeof(secretB);
ExpectIntEQ(EVP_PKEY_derive(ctx, secretB, &secretLen), WOLFSSL_SUCCESS);
ExpectIntEQ((int)secretLen, 32);
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
ExpectIntEQ(XMEMCMP(secretA, secretB, 32), 0);
EVP_PKEY_free(peer);
EVP_PKEY_free(pkey);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_EVP_PKEY_x448(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE448)
EVP_PKEY* pkey = NULL;
EVP_PKEY* peer = NULL;
EVP_PKEY_CTX* genCtx = NULL;
EVP_PKEY_CTX* ctx = NULL;
unsigned char rawPriv[56];
unsigned char rawPub[56];
unsigned char secretA[56];
unsigned char secretB[56];
size_t secretLen;
int i;
for (i = 0; i < 56; i++) {
rawPriv[i] = (unsigned char)i;
rawPub[i] = (unsigned char)(0x40 + i);
}
/* Raw import with the correct length reports the X448 type. */
ExpectNotNull(pkey = EVP_PKEY_new_raw_public_key(
EVP_PKEY_X448, NULL, rawPub, sizeof(rawPub)));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X448);
EVP_PKEY_free(pkey);
pkey = NULL;
ExpectNotNull(pkey = EVP_PKEY_new_raw_private_key(
EVP_PKEY_X448, NULL, rawPriv, sizeof(rawPriv)));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_X448);
/* X448 is key-agreement only: signing must be rejected. */
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
ExpectIntNE(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
/* Wrong raw lengths are rejected. */
ExpectNull(EVP_PKEY_new_raw_public_key(
EVP_PKEY_X448, NULL, rawPub, 16));
ExpectNull(EVP_PKEY_new_raw_private_key(
EVP_PKEY_X448, NULL, rawPriv, 16));
/* Generate two key pairs and confirm ECDH agreement is symmetric. */
ExpectNotNull(genCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL));
ExpectIntEQ(EVP_PKEY_keygen_init(genCtx), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &pkey), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_keygen(genCtx, &peer), WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(genCtx);
genCtx = NULL;
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peer), WOLFSSL_SUCCESS);
secretLen = sizeof(secretA);
ExpectIntEQ(EVP_PKEY_derive(ctx, secretA, &secretLen), WOLFSSL_SUCCESS);
ExpectIntEQ((int)secretLen, 56);
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
ExpectNotNull(ctx = EVP_PKEY_CTX_new(peer, NULL));
ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, pkey), WOLFSSL_SUCCESS);
secretLen = sizeof(secretB);
ExpectIntEQ(EVP_PKEY_derive(ctx, secretB, &secretLen), WOLFSSL_SUCCESS);
ExpectIntEQ((int)secretLen, 56);
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
ExpectIntEQ(XMEMCMP(secretA, secretB, 56), 0);
EVP_PKEY_free(peer);
EVP_PKEY_free(pkey);
#endif
return EXPECT_RESULT();
}
+5 -1
View File
@@ -66,6 +66,8 @@ int test_wolfSSL_EVP_PKEY_print_public(void);
int test_wolfSSL_EVP_PKEY_ed25519(void);
int test_wolfSSL_CTX_use_PrivateKey_ed25519(void);
int test_wolfSSL_EVP_PKEY_ed448(void);
int test_wolfSSL_EVP_PKEY_x25519(void);
int test_wolfSSL_EVP_PKEY_x448(void);
#define TEST_EVP_PKEY_DECLS \
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_CTX_new_id), \
@@ -110,6 +112,8 @@ int test_wolfSSL_EVP_PKEY_ed448(void);
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_print_public), \
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed25519), \
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_CTX_use_PrivateKey_ed25519), \
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed448)
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed448), \
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_x25519), \
TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_x448)
#endif /* WOLFCRYPT_TEST_EVP_PKEY_H */
+934
View File
@@ -0,0 +1,934 @@
/* test_lms_xmss.c
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <tests/unit.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <tests/api/api.h>
#include <tests/utils.h>
#include <tests/api/test_lms_xmss.h>
/*----------------------------------------------------------------------------*/
/* LMS tests */
/*----------------------------------------------------------------------------*/
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
#include <wolfssl/wolfcrypt/wc_lms.h>
#define LMS_TEST_PRIV_KEY_FILE "/tmp/wolfssl_test_lms.key"
static int test_lms_write_key(const byte* priv, word32 privSz, void* context)
{
FILE* f = fopen((const char*)context, "wb");
int ret = WC_LMS_RC_SAVED_TO_NV_MEMORY;
if (f == NULL)
return -1;
if (fwrite(priv, 1, privSz, f) != privSz)
ret = -1;
fclose(f);
return ret;
}
static int test_lms_read_key(byte* priv, word32 privSz, void* context)
{
FILE* f = fopen((const char*)context, "rb");
if (f == NULL)
return -1;
if (fread(priv, 1, privSz, f) == 0) {
fclose(f);
return -1;
}
fclose(f);
return WC_LMS_RC_READ_TO_MEMORY;
}
/* Helper: init an LMS key with callbacks and L1-H10-W8 params */
static int test_lms_init_key(LmsKey* key, WC_RNG* rng)
{
int ret;
ret = wc_LmsKey_Init(key, NULL, INVALID_DEVID);
if (ret != 0) return ret;
#if !defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10)
ret = wc_LmsKey_SetParameters(key, 1, 10, 8);
#else
ret = wc_LmsKey_SetParameters(key, 1, 5, 8);
#endif
if (ret != 0) return ret;
ret = wc_LmsKey_SetWriteCb(key, test_lms_write_key);
if (ret != 0) return ret;
ret = wc_LmsKey_SetReadCb(key, test_lms_read_key);
if (ret != 0) return ret;
ret = wc_LmsKey_SetContext(key, (void*)LMS_TEST_PRIV_KEY_FILE);
if (ret != 0) return ret;
(void)rng;
return 0;
}
#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_VERIFY_ONLY */
/*
* Test basic LMS sign/verify with multiple signings.
* Uses L1-H10-W8 (1024 total signatures, 32-entry leaf cache).
*/
int test_wc_LmsKey_sign_verify(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
LmsKey key;
WC_RNG rng;
byte msg[] = "test message for LMS signing";
byte sig[2048];
word32 sigSz;
int i;
int numSigs = 5;
ExpectIntEQ(wc_InitRng(&rng), 0);
remove(LMS_TEST_PRIV_KEY_FILE);
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
for (i = 0; i < numSigs; i++) {
sigSz = sizeof(sig);
ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0);
ExpectIntEQ(wc_LmsKey_Verify(&key, sig, sigSz, msg, sizeof(msg)), 0);
}
wc_LmsKey_Free(&key);
wc_FreeRng(&rng);
remove(LMS_TEST_PRIV_KEY_FILE);
#endif
return EXPECT_RESULT();
}
/*
* Test LMS key reload after advancing past the leaf cache window.
*
* Reproduces a heap-buffer-overflow bug in wc_lms_treehash_init() where the
* leaf cache write uses (i * hash_len) instead of ((i - leaf->idx) * hash_len).
* When q > max_cb (default 32), wc_LmsKey_Reload calls wc_hss_init_auth_path
* which calls wc_lms_treehash_init with q > 0, causing writes past the end of
* the leaf cache buffer.
*
* Reproduction steps:
* 1. Generate L1-H10-W8 key (cacheBits=5, max_cb=32)
* 2. Sign 33 times to advance q past the cache window
* 3. Free the key and reload from persisted state
* 4. Sign and verify after reload
*
* Without the fix: heap-buffer-overflow at wc_lms_impl.c:1965
* With the fix: all operations succeed, signatures verify
*/
int test_wc_LmsKey_reload_cache(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) && \
(!defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10))
LmsKey key;
LmsKey vkey;
WC_RNG rng;
byte msg[] = "test message for LMS signing";
byte sig[2048];
word32 sigSz;
byte pub[64];
word32 pubSz = sizeof(pub);
int i;
/* Sign 33 times to advance q past the 32-entry cache window. */
int preSigs = 33;
ExpectIntEQ(wc_InitRng(&rng), 0);
/* Phase 1: Generate key and sign past cache window */
remove(LMS_TEST_PRIV_KEY_FILE);
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
for (i = 0; i < preSigs; i++) {
sigSz = sizeof(sig);
ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0);
}
/* Save public key for verification after reload */
ExpectIntEQ(wc_LmsKey_ExportPubRaw(&key, pub, &pubSz), 0);
wc_LmsKey_Free(&key);
/* Phase 2: Reload key. Triggers wc_lms_treehash_init with q=33 */
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
ExpectIntEQ(wc_LmsKey_Reload(&key), 0);
/* Phase 3: Sign after reload and verify with separate verify-only key */
sigSz = sizeof(sig);
ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0);
ExpectIntEQ(wc_LmsKey_Init(&vkey, NULL, INVALID_DEVID), 0);
#if !defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10)
ExpectIntEQ(wc_LmsKey_SetParameters(&vkey, 1, 10, 8), 0);
#else
ExpectIntEQ(wc_LmsKey_SetParameters(&vkey, 1, 5, 8), 0);
#endif
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&vkey, pub, pubSz), 0);
ExpectIntEQ(wc_LmsKey_Verify(&vkey, sig, sigSz, msg, sizeof(msg)), 0);
wc_LmsKey_Free(&vkey);
wc_LmsKey_Free(&key);
wc_FreeRng(&rng);
remove(LMS_TEST_PRIV_KEY_FILE);
#endif
return EXPECT_RESULT();
}
/*----------------------------------------------------------------------------*/
/* RFC 9802 (HSS/LMS and XMSS/XMSS^MT in X.509) tests */
/*----------------------------------------------------------------------------*/
/* For every committed self-signed test certificate confirm:
* - wc_ParseCert succeeds on the RFC 9802 AlgorithmIdentifier encoding
* (OID-only SEQUENCE, no NULL parameters)
* - keyOID and signatureOID are set to the expected values
* - loading as a trust anchor and verifying the same bytes through
* wolfSSL_CertManagerVerifyBuffer exercises the ConfirmSignature
* path and succeeds on a valid cert
* - flipping a byte in the signature AND flipping a byte in the
* TBSCertificate both cause verification to fail.
*
* Test vectors are in certs/lms/ and certs/xmss/, generated with Bouncy
* Castle 1.81. BC's default XMSS / XMSS^MT X.509 encoding uses pre-
* standard ISARA OIDs and wraps the raw RFC 8391 pub key in an OCTET
* STRING, so the fixtures were produced with a small generator that
* overrides the AlgorithmIdentifier and SPKI to match RFC 9802. */
#if (defined(WOLFSSL_HAVE_LMS) || defined(WOLFSSL_HAVE_XMSS)) && \
!defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* Sanity bound on a test fixture cert. The largest BC-generated
* fixture we ship (XMSS^MT 40/8) is ~19 KiB; 1 MiB is well above
* any realistic RFC 9802 cert and catches a wild XFTELL. Typed as
* long to match XFTELL's return so the size comparison below isn't
* a mixed long-vs-int compare. */
#define RFC9802_TEST_MAX_CERT_SIZE ((long)(1L << 20))
/* Load a whole file into a freshly-allocated buffer. Caller frees. */
static int rfc9802_load_file(const char* path, byte** out, int* outLen)
{
EXPECT_DECLS;
XFILE f = XBADFILE;
long sz = 0;
size_t got = 0;
byte* buf = NULL;
*out = NULL;
*outLen = 0;
ExpectTrue((f = XFOPEN(path, "rb")) != XBADFILE);
if (f == XBADFILE)
return TEST_FAIL;
if (XFSEEK(f, 0, XSEEK_END) == 0)
sz = XFTELL(f);
(void)XFSEEK(f, 0, XSEEK_SET);
ExpectIntGT(sz, 0);
ExpectIntLT(sz, RFC9802_TEST_MAX_CERT_SIZE);
/* Hard-fail before XMALLOC if XFSEEK / XFTELL produced an unusable
* size: ExpectInt* records the failure but doesn't short-circuit,
* so without this guard a -1 from XFTELL would cast to a multi-GiB
* (size_t) allocation, and a 0 would request a zero-byte malloc. */
if (sz <= 0 || sz >= RFC9802_TEST_MAX_CERT_SIZE) {
XFCLOSE(f);
return TEST_FAIL;
}
ExpectNotNull(buf = (byte*)XMALLOC((size_t)sz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
if (buf != NULL) {
got = XFREAD(buf, 1, (size_t)sz, f);
ExpectIntEQ(got, (size_t)sz);
/* On a short read the caller would otherwise proceed with a
* partially-initialized buffer and produce cascading parse
* failures driven by the uninitialized tail. Free here so the
* caller's `if (buf == NULL) return TEST_FAIL;` short-circuits
* cleanly with a single recorded failure. */
if (got != (size_t)sz) {
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = NULL;
sz = 0;
}
}
XFCLOSE(f);
*out = buf;
*outLen = (int)sz;
return EXPECT_RESULT();
}
static int rfc9802_verify_one_cert(const char* path, word32 expectedKeyOID,
word32 expectedSigOID)
{
EXPECT_DECLS;
byte* buf = NULL;
byte* tampered = NULL;
int bytes = 0;
DecodedCert cert;
WOLFSSL_CERT_MANAGER* cm = NULL;
word32 certBegin = 0;
word32 sigIndex = 0;
ExpectIntEQ(rfc9802_load_file(path, &buf, &bytes), TEST_SUCCESS);
if (buf == NULL)
return TEST_FAIL;
/* Parse + check OIDs, capture certBegin and sigIndex for later tamper. */
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), 0);
ExpectIntEQ((int)cert.keyOID, (int)expectedKeyOID);
ExpectIntEQ((int)cert.signatureOID, (int)expectedSigOID);
certBegin = cert.certBegin;
sigIndex = cert.sigIndex;
wc_FreeDecodedCert(&cert);
/* Full verify against a self-installed trust anchor. */
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, buf, (long)bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
ExpectNotNull(tampered = (byte*)XMALLOC((size_t)bytes, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
/* Negative 1: flip a byte inside the signatureValue BIT STRING.
* Everything after sigIndex is the signatureAlgorithm + the BIT
* STRING payload, so flipping the last byte is always inside the
* signature content. */
if (tampered != NULL) {
XMEMCPY(tampered, buf, (size_t)bytes);
tampered[bytes - 1] ^= 0x01;
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, tampered,
(long)bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
}
/* Negative 2: flip a byte at the midpoint of the TBSCertificate. The
* TBS is the first element of the outer Certificate SEQUENCE and
* its bytes lie between (certBegin + outerSeqHeader) and sigIndex.
* Picking the midpoint ensures we're inside TBS regardless of the
* fixture's DN / extensions layout. */
if (tampered != NULL && sigIndex > certBegin + 8U) {
word32 midTbs = certBegin + 8 + ((sigIndex - (certBegin + 8)) / 2);
XMEMCPY(tampered, buf, (size_t)bytes);
tampered[midTbs] ^= 0x01;
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, tampered,
(long)bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
}
/* The fixtures MUST carry a KeyUsage extension with at least one of
* digitalSignature / nonRepudiation / keyCertSign / cRLSign set per
* RFC 9802 sec 3. Re-parse and assert that wolfSSL recorded a non-
* empty set of KeyUsage bits from one of those values. */
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), 0);
ExpectIntEQ(cert.extKeyUsageSet, 1);
ExpectIntNE(cert.extKeyUsage & (KEYUSE_DIGITAL_SIG | KEYUSE_CONTENT_COMMIT |
KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN), 0);
wc_FreeDecodedCert(&cert);
XFREE(tampered, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return EXPECT_RESULT();
}
#endif
/* Direct wolfCrypt-level negative tests for the parameter-derivation
* helpers used by the RFC 9802 parse path. These exercise failure modes
* (unknown algorithm bytes, truncated inputs, mismatches) that a real
* cert body wouldn't easily reach. */
#if defined(WOLFSSL_HAVE_LMS)
static int rfc9802_lms_import_negative(void)
{
EXPECT_DECLS;
LmsKey key;
/* 60-byte buffer matches HSS_PUBLIC_KEY_LEN(32), just like a valid
* SHA-256/M32/H5 key; the algorithm-type bytes are junk so param
* derivation must fail cleanly. */
byte junk[60];
XMEMSET(junk, 0, sizeof(junk));
/* levels=1, lmsType=0xFFFFFFFF, lmOtsType=0xFFFFFFFF. */
junk[3] = 1;
XMEMSET(junk + 4, 0xFF, 4);
XMEMSET(junk + 8, 0xFF, 4);
/* Unknown algorithm types must be rejected. */
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, junk, sizeof(junk)),
WC_NO_ERR_TRACE(NOT_COMPILED_IN));
wc_LmsKey_Free(&key);
/* Too-short buffer: only L + lmsType, no lmOtsType. */
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, junk, 8),
WC_NO_ERR_TRACE(BUFFER_E));
wc_LmsKey_Free(&key);
#if !defined(WOLFSSL_NO_LMS_SHA256_256)
/* The two cases below pin specific SHA-256/M32 parameter codes
* (L1_H5_W8, L1_H5_W4, L1_H10_W2). Skip them in builds where the
* SHA-256/M32 family is disabled -- the family-agnostic checks
* above (junk algorithm types, too-short buffer, GetSigLen on
* unconfigured key) still cover the universal invariants. */
/* Pre-set params that disagree with the raw key's algorithm bytes:
* configure H=5/W=8 but feed buffer that claims H=10 / W=2. */
XMEMSET(junk, 0, sizeof(junk));
junk[3] = 1; /* levels=1 */
junk[7] = 6; /* lmsType = LMS_SHA256_M32_H10 = 6 */
junk[11] = 2; /* lmOtsType = LMOTS_SHA256_N32_W2 = 2 */
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_LmsKey_SetParameters(&key, 1, 5, 8), 0);
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, junk, sizeof(junk)),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_LmsKey_Free(&key);
#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
/* GetSigLen on a key with no params set must not NULL-deref the
* params pointer; it must return BAD_FUNC_ARG instead. */
{
word32 sigLen = 0;
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_LmsKey_GetSigLen(&key, &sigLen),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_LmsKey_Free(&key);
}
#if !defined(WOLFSSL_NO_LMS_SHA256_256)
/* Partial-write invariant: a length mismatch after a successful
* auto-derive must leave key->params NULL. Build a buffer whose
* leading u32str(L) || lmsType || lmOtsType identifies a known
* parameter set, but truncate to one byte less than the real pub
* key length so the post-derive length check fails. */
{
byte truncated[59]; /* HSS_PUBLIC_KEY_LEN(32) is 60 */
XMEMSET(truncated, 0, sizeof(truncated));
truncated[3] = 1; /* L = 1 */
truncated[7] = 5; /* lmsType = LMS_SHA256_M32_H5 */
truncated[11] = 4; /* lmOtsType = LMOTS_SHA256_N32_W4 */
ExpectIntEQ(wc_LmsKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectNull(key.params);
ExpectIntEQ(wc_LmsKey_ImportPubRaw(&key, truncated,
sizeof(truncated)), WC_NO_ERR_TRACE(BUFFER_E));
ExpectNull(key.params);
wc_LmsKey_Free(&key);
}
#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
return EXPECT_RESULT();
}
#endif
#if defined(WOLFSSL_HAVE_XMSS)
static int rfc9802_xmss_import_negative(void)
{
EXPECT_DECLS;
XmssKey key;
byte junk[8];
XMEMSET(junk, 0, sizeof(junk));
/* Too-short buffer. */
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, junk, 2, 0),
WC_NO_ERR_TRACE(BUFFER_E));
wc_XmssKey_Free(&key);
/* Unknown OID (all-zero) for both XMSS and XMSS^MT. */
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, junk, sizeof(junk), 0),
WC_NO_ERR_TRACE(NOT_COMPILED_IN));
wc_XmssKey_Free(&key);
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, junk, sizeof(junk), 1),
WC_NO_ERR_TRACE(NOT_COMPILED_IN));
wc_XmssKey_Free(&key);
/* NULL key / input. */
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(NULL, junk, sizeof(junk), 0),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, NULL, 8, 0),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_XmssKey_Free(&key);
/* GetSigLen on a key with no params set must not NULL-deref the
* params pointer; it must return BAD_FUNC_ARG instead. */
{
word32 sigLen = 0;
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_GetSigLen(&key, &sigLen),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_XmssKey_Free(&key);
}
/* Once params have been configured (state != INITED), the OID
* prefix in the raw key MUST match key->oid and is_xmssmt MUST
* match key->is_xmssmt. Set XMSS-SHA2_10_256 and feed a valid-
* sized buffer whose 4-byte OID prefix is bogus -> BAD_FUNC_ARG. */
{
byte mismatch[XMSS_SHA256_PUBLEN];
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_SetParamStr(&key, "XMSS-SHA2_10_256"), 0);
XMEMSET(mismatch, 0, sizeof(mismatch));
mismatch[3] = 0x77; /* nonsense OID */
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, mismatch,
sizeof(mismatch), 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Same buffer with the correct OID, but is_xmssmt hint
* contradicts the configured family -> BAD_FUNC_ARG. */
mismatch[3] = 0x01; /* WC_XMSS_OID_SHA2_10_256 */
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, mismatch,
sizeof(mismatch), 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_XmssKey_Free(&key);
}
/* Partial-write invariant: a length mismatch after a successful
* auto-derive must leave the key in its INITED state, with
* key->params NULL. */
{
byte truncated[XMSS_SHA256_PUBLEN - 1];
XMEMSET(truncated, 0, sizeof(truncated));
truncated[3] = 0x01;
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectNull(key.params);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, truncated,
sizeof(truncated), 0), WC_NO_ERR_TRACE(BUFFER_E));
ExpectNull(key.params);
wc_XmssKey_Free(&key);
}
/* is_xmssmt disambiguation: XMSS oid=1 and XMSS^MT oid=1 share
* the wire-numeric value but resolve to different parameter sets.
* Importing the same 68-byte buffer with hint=0 vs hint=1 must
* land in different tables and produce distinct is_xmssmt. */
{
byte buf[XMSS_SHA256_PUBLEN];
XMEMSET(buf, 0, sizeof(buf));
buf[3] = 0x01;
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 0), 0);
ExpectIntEQ((int)key.is_xmssmt, 0);
wc_XmssKey_Free(&key);
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 1), 0);
ExpectIntEQ((int)key.is_xmssmt, 1);
wc_XmssKey_Free(&key);
}
/* Lenient state: re-importing the same pub key into a VERIFYONLY
* key (params set, no private material) succeeds. The second
* call exercises the lenient-state branch. */
{
byte buf[XMSS_SHA256_PUBLEN];
XMEMSET(buf, 0, sizeof(buf));
buf[3] = 0x01;
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 0), 0);
ExpectIntEQ((int)key.state, (int)WC_XMSS_STATE_VERIFYONLY);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 0), 0);
ExpectIntEQ((int)key.state, (int)WC_XMSS_STATE_VERIFYONLY);
wc_XmssKey_Free(&key);
}
/* Strict signature-length check: wc_XmssKey_Verify rejects any
* sigLen != key->params->sig_len. This guards every consumer
* (RFC 9802 X.509, PKCS#7, CMS, ...) against a longer wrapper that
* happens to start with a valid signature. Construct a key in
* VERIFYONLY state, then verify with sig_len + 1 and sig_len - 1
* byte buffers; both must fail with BUFFER_E before any crypto
* runs. The buffer contents are irrelevant since the length check
* fires first. */
{
byte pub[XMSS_SHA256_PUBLEN];
byte* sigBuf = NULL;
word32 sigLen = 0;
const byte msg[1] = { 0 };
XMEMSET(pub, 0, sizeof(pub));
pub[3] = 0x01;
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, pub, sizeof(pub), 0), 0);
ExpectIntEQ((int)key.state, (int)WC_XMSS_STATE_VERIFYONLY);
ExpectIntEQ(wc_XmssKey_GetSigLen(&key, &sigLen), 0);
ExpectIntGT(sigLen, 0);
ExpectNotNull(sigBuf = (byte*)XMALLOC((size_t)sigLen + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
if (sigBuf != NULL) {
XMEMSET(sigBuf, 0, (size_t)sigLen + 1);
ExpectIntEQ(wc_XmssKey_Verify(&key, sigBuf, sigLen + 1,
msg, (int)sizeof(msg)), WC_NO_ERR_TRACE(BUFFER_E));
ExpectIntEQ(wc_XmssKey_Verify(&key, sigBuf, sigLen - 1,
msg, (int)sizeof(msg)), WC_NO_ERR_TRACE(BUFFER_E));
XFREE(sigBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
wc_XmssKey_Free(&key);
}
/* BAD_STATE_E branch: WC_XMSS_STATE_OK must be rejected. Reaching
* OK normally requires a successful private-key Reload / sign,
* which is unavailable in WOLFSSL_XMSS_VERIFY_ONLY builds. Force
* the state directly to exercise the rejection without coupling
* this helper to the signing test fixture; sk stays NULL so Free
* is still safe. */
{
byte pub[XMSS_SHA256_PUBLEN];
XMEMSET(pub, 0, sizeof(pub));
pub[3] = 0x01;
ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_XmssKey_SetParamStr(&key, "XMSS-SHA2_10_256"), 0);
key.state = WC_XMSS_STATE_OK;
ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, pub, sizeof(pub), 0),
WC_NO_ERR_TRACE(BAD_STATE_E));
wc_XmssKey_Free(&key);
}
return EXPECT_RESULT();
}
#endif
/* Walk the AlgorithmIdentifier SEQUENCE that begins at sigIndex and
* locate the byte offset of the last byte of its OID content. Handles
* both short-form (length < 128) and long-form DER length encodings,
* so a future fixture-regenerator that emits longer OIDs / SEQUENCEs
* still drives this test rather than tripping the loud-fail branch.
*
* Returns 0 on success with *oidLastByte set; returns -1 on any DER
* shape mismatch. */
#if defined(WOLFSSL_HAVE_XMSS) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int rfc9802_find_sig_alg_oid_last_byte(const byte* buf, word32 bufLen,
word32 sigIndex, word32* oidLastByte)
{
word32 idx = sigIndex;
word32 oidContentLen = 0;
/* AlgorithmIdentifier ::= SEQUENCE { algorithm OID, ... } */
if (idx >= bufLen || buf[idx] != 0x30)
return -1;
idx++;
/* Skip SEQUENCE length (short or long form). */
if (idx >= bufLen)
return -1;
if (buf[idx] < 0x80) {
idx++;
}
else {
word32 nbytes = (word32)(buf[idx] & 0x7F);
if (nbytes == 0 || nbytes > 4 || idx + 1 + nbytes > bufLen)
return -1;
idx += 1 + nbytes;
}
/* algorithm OID tag. */
if (idx >= bufLen || buf[idx] != 0x06)
return -1;
idx++;
/* OID length (short or long form). */
if (idx >= bufLen)
return -1;
if (buf[idx] < 0x80) {
oidContentLen = buf[idx];
idx++;
}
else {
word32 nbytes = (word32)(buf[idx] & 0x7F);
word32 i;
if (nbytes == 0 || nbytes > 4 || idx + 1 + nbytes > bufLen)
return -1;
for (i = 0; i < nbytes; i++)
oidContentLen = (oidContentLen << 8) | buf[idx + 1 + i];
idx += 1 + nbytes;
}
if (oidContentLen == 0 || idx + oidContentLen > bufLen)
return -1;
*oidLastByte = idx + oidContentLen - 1;
return 0;
}
/* Helper: load fixture, locate last byte of outer signatureAlgorithm
* OID, patch it from `expected` to `swap`, and assert that verifying
* the patched cert against itself as a trust anchor fails. */
static int rfc9802_assert_oid_patch_breaks_verify(const char* path,
byte expectedLastByte, byte patchedLastByte)
{
EXPECT_DECLS;
byte* buf = NULL;
int bytes = 0;
DecodedCert cert;
WOLFSSL_CERT_MANAGER* cm = NULL;
word32 sigIndex = 0;
word32 lastOidByte = 0;
ExpectIntEQ(rfc9802_load_file(path, &buf, &bytes), TEST_SUCCESS);
if (buf == NULL)
return TEST_FAIL;
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), 0);
sigIndex = cert.sigIndex;
wc_FreeDecodedCert(&cert);
ExpectIntEQ(rfc9802_find_sig_alg_oid_last_byte(buf, (word32)bytes,
sigIndex, &lastOidByte), 0);
/* Sanity-check the fixture matches the family the caller asserted,
* so a future regenerator swapping fixtures fails loudly here
* rather than silently testing the wrong direction. */
ExpectIntEQ((int)buf[lastOidByte], (int)expectedLastByte);
if (lastOidByte < (word32)bytes &&
buf[lastOidByte] == expectedLastByte) {
buf[lastOidByte] = patchedLastByte;
ExpectNotNull(cm = wolfSSL_CertManagerNew());
/* After the patch the cert's outer signatureAlgorithm and SPKI
* disagree. Verification must fail somewhere (at parse, at
* load, or at ConfirmSignature). The load is best-effort -
* some shape changes get caught there, others only at verify. */
(void)wolfSSL_CertManagerLoadCABuffer(cm, buf, (long)bytes,
WOLFSSL_FILETYPE_ASN1);
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, buf,
(long)bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
}
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return EXPECT_RESULT();
}
/* X.509-level negative: swap the outer signatureAlgorithm OID byte so
* the cert declares XMSS where the SPKI is XMSS^MT, and vice versa.
* SigOidMatchesKeyOid must reject both directions before any crypto. */
static int rfc9802_xmss_sig_oid_mismatch(void)
{
EXPECT_DECLS;
/* XMSS sigOID ends 0x22; XMSS^MT sigOID ends 0x23. Patch each
* direction so the asymmetric-key path is exercised both ways -
* a regression that only stripped the check from one branch of
* SigOidMatchesKeyOid would otherwise be missed. */
ExpectIntEQ(rfc9802_assert_oid_patch_breaks_verify(
"./certs/xmss/bc_xmss_sha2_10_256_root.der",
/* expected XMSS */ 0x22, /* patched to XMSS^MT */ 0x23),
TEST_SUCCESS);
ExpectIntEQ(rfc9802_assert_oid_patch_breaks_verify(
"./certs/xmss/bc_xmssmt_sha2_20_2_256_root.der",
/* expected XMSS^MT */ 0x23, /* patched to XMSS */ 0x22),
TEST_SUCCESS);
return EXPECT_RESULT();
}
#endif
/* Exercise a real CA -> leaf certificate chain, not just self-signed.
* Loads the CA as a trust anchor and verifies the leaf against it. */
#if defined(WOLFSSL_HAVE_LMS) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int rfc9802_lms_chain_verify(void)
{
EXPECT_DECLS;
byte* caBuf = NULL;
byte* leafBuf = NULL;
int caLen = 0;
int leafLen = 0;
WOLFSSL_CERT_MANAGER* cm = NULL;
ExpectIntEQ(rfc9802_load_file("./certs/lms/bc_lms_chain_ca.der",
&caBuf, &caLen), TEST_SUCCESS);
ExpectIntEQ(rfc9802_load_file("./certs/lms/bc_lms_chain_leaf.der",
&leafBuf, &leafLen), TEST_SUCCESS);
ExpectNotNull(cm = wolfSSL_CertManagerNew());
/* Only the CA is a trust anchor; the leaf is verified against it. */
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, caBuf, (long)caLen,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* Without loading the CA the leaf must NOT verify. */
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
XFREE(leafBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(caBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return EXPECT_RESULT();
}
#endif
/* Mirror of rfc9802_lms_chain_verify but for an XMSS CA -> leaf pair. */
#if defined(WOLFSSL_HAVE_XMSS) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int rfc9802_xmss_chain_verify(void)
{
EXPECT_DECLS;
byte* caBuf = NULL;
byte* leafBuf = NULL;
int caLen = 0;
int leafLen = 0;
WOLFSSL_CERT_MANAGER* cm = NULL;
ExpectIntEQ(rfc9802_load_file("./certs/xmss/bc_xmss_chain_ca.der",
&caBuf, &caLen), TEST_SUCCESS);
ExpectIntEQ(rfc9802_load_file("./certs/xmss/bc_xmss_chain_leaf.der",
&leafBuf, &leafLen), TEST_SUCCESS);
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, caBuf, (long)caLen,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
if (cm != NULL) {
wolfSSL_CertManagerFree(cm);
cm = NULL;
}
XFREE(leafBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(caBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return EXPECT_RESULT();
}
#endif
int test_rfc9802_lms_x509_verify(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_LMS)
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)
/* Mixed single-level LMS and multi-level HSS fixtures. The HSS
* public key carries only the top-level LMS/LM-OTS types, so
* wc_LmsKey_ImportPubRaw's auto-derive path searches the map
* by (levels, lmsType, lmOtsType). The bc_lms_native_bc_root
* fixture is generated through Bouncy Castle's stock
* JcaContentSignerBuilder("LMS") + JcaX509v3CertificateBuilder
* with no overrides; including it here is the cross-impl interop
* gate (BC's native LMS X.509 path is RFC 9802-compliant for HSS/
* LMS, so wolfSSL must accept it end-to-end).
*
* All fixtures use the SHA-256/M32 family, so the whole block
* is gated on that family being compiled in. Truncated SHA-256/192
* or SHAKE-only builds skip this block. */
static const char* const lmsFiles[] = {
"./certs/lms/bc_lms_sha256_h5_w4_root.der",
#if !defined(WOLFSSL_LMS_MAX_HEIGHT) || (WOLFSSL_LMS_MAX_HEIGHT >= 10)
"./certs/lms/bc_lms_sha256_h10_w8_root.der",
#endif
#if !defined(WOLFSSL_LMS_MAX_LEVELS) || (WOLFSSL_LMS_MAX_LEVELS >= 2)
"./certs/lms/bc_hss_L2_H5_W8_root.der",
#endif
#if !defined(WOLFSSL_LMS_MAX_LEVELS) || (WOLFSSL_LMS_MAX_LEVELS >= 3)
"./certs/lms/bc_hss_L3_H5_W4_root.der",
#endif
"./certs/lms/bc_lms_native_bc_root.der",
};
size_t i;
for (i = 0; i < sizeof(lmsFiles) / sizeof(lmsFiles[0]); i++) {
ExpectIntEQ(rfc9802_verify_one_cert(lmsFiles[i],
HSS_LMSk, CTC_HSS_LMS), TEST_SUCCESS);
}
ExpectIntEQ(rfc9802_lms_chain_verify(), TEST_SUCCESS);
#endif /* !NO_FILESYSTEM && !NO_CERTS && !WOLFSSL_NO_LMS_SHA256_256 */
/* Pure wolfCrypt-level negative tests don't need filesystem or cert
* support, so they run for any LMS-enabled build. */
ExpectIntEQ(rfc9802_lms_import_negative(), TEST_SUCCESS);
#endif
return EXPECT_RESULT();
}
int test_rfc9802_xmss_x509_verify(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_XMSS)
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static const char* const xmssFiles[] = {
"./certs/xmss/bc_xmss_sha2_10_256_root.der",
"./certs/xmss/bc_xmss_sha2_16_256_root.der",
};
static const char* const xmssmtFiles[] = {
"./certs/xmss/bc_xmssmt_sha2_20_2_256_root.der",
"./certs/xmss/bc_xmssmt_sha2_20_4_256_root.der",
"./certs/xmss/bc_xmssmt_sha2_40_8_256_root.der",
};
size_t i;
for (i = 0; i < sizeof(xmssFiles) / sizeof(xmssFiles[0]); i++) {
ExpectIntEQ(rfc9802_verify_one_cert(xmssFiles[i],
XMSSk, CTC_XMSS), TEST_SUCCESS);
}
for (i = 0; i < sizeof(xmssmtFiles) / sizeof(xmssmtFiles[0]); i++) {
ExpectIntEQ(rfc9802_verify_one_cert(xmssmtFiles[i],
XMSSMTk, CTC_XMSSMT), TEST_SUCCESS);
}
ExpectIntEQ(rfc9802_xmss_sig_oid_mismatch(), TEST_SUCCESS);
ExpectIntEQ(rfc9802_xmss_chain_verify(), TEST_SUCCESS);
#endif /* !NO_FILESYSTEM && !NO_CERTS */
/* Pure wolfCrypt-level negative tests don't need filesystem or cert
* support, so they run for any XMSS-enabled build. */
ExpectIntEQ(rfc9802_xmss_import_negative(), TEST_SUCCESS);
#endif
return EXPECT_RESULT();
}
+39
View File
@@ -0,0 +1,39 @@
/* test_lms_xmss.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFCRYPT_TEST_LMS_XMSS_H
#define WOLFCRYPT_TEST_LMS_XMSS_H
#include <tests/api/api_decl.h>
int test_wc_LmsKey_sign_verify(void);
int test_wc_LmsKey_reload_cache(void);
int test_rfc9802_lms_x509_verify(void);
int test_rfc9802_xmss_x509_verify(void);
/* LMS, and RFC 9802 (HSS/LMS and XMSS/XMSS^MT in X.509). */
#define TEST_LMS_XMSS_DECLS \
TEST_DECL_GROUP("lms", test_wc_LmsKey_sign_verify), \
TEST_DECL_GROUP("lms", test_wc_LmsKey_reload_cache), \
TEST_DECL_GROUP("lms", test_rfc9802_lms_x509_verify), \
TEST_DECL_GROUP("xmss", test_rfc9802_xmss_x509_verify)
#endif /* WOLFCRYPT_TEST_LMS_XMSS_H */
+82
View File
@@ -30508,3 +30508,85 @@ WOLFSSL_MLDSA_API_CHECK_INLINE void wc_mldsa_canonical_api_check(void)
PRAGMA_CLANG_DIAG_POP
#endif /* WOLFSSL_HAVE_MLDSA */
/*----------------------------------------------------------------------------*/
/* ML-DSA / Dilithium negative length-validation tests */
/*----------------------------------------------------------------------------*/
/* ML-DSA HashML-DSA verify must reject hashLen > WC_MAX_DIGEST_SIZE */
int test_mldsa_verify_hash(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_MLDSA) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
wc_MlDsaKey key;
WC_RNG rng;
int res = 0;
byte sig[4000];
byte hash[4096]; /* larger than WC_MAX_DIGEST_SIZE */
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(sig, 0x41, sizeof(sig));
XMEMSET(hash, 'A', sizeof(hash));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
#ifndef WOLFSSL_NO_ML_DSA_65
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
#elif !defined(WOLFSSL_NO_ML_DSA_44)
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
#else
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
#endif
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
/* hashLen=4096 must be rejected, not overflow the stack */
ExpectIntEQ(wc_MlDsaKey_VerifyCtxHash(&key, sig, sizeof(sig), NULL, 0,
hash, sizeof(hash), WC_HASH_TYPE_SHA256, &res),
WC_NO_ERR_TRACE(BAD_LENGTH_E));
wc_MlDsaKey_Free(&key);
DoExpectIntEQ(wc_FreeRng(&rng), 0);
#endif
return EXPECT_RESULT();
}
/* Dilithium verify_ctx_msg must reject absurdly large msgLen */
int test_dilithium_hash(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_MLDSA) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
wc_MlDsaKey key;
WC_RNG rng;
int res = 0;
byte sig[4000];
byte msg[64];
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(sig, 0, sizeof(sig));
XMEMSET(msg, 'A', sizeof(msg));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
#ifndef WOLFSSL_NO_ML_DSA_65
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
#elif !defined(WOLFSSL_NO_ML_DSA_44)
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
#else
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
#endif
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
ExpectIntEQ(wc_MlDsaKey_VerifyCtx(&key, sig, sizeof(sig), NULL, 0,
msg, 0xFFFFFFC0, &res), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_MlDsaKey_Free(&key);
DoExpectIntEQ(wc_FreeRng(&rng), 0);
#endif
return EXPECT_RESULT();
}
+7
View File
@@ -51,6 +51,11 @@ int test_mldsa_encode_w1_large_values(void);
int test_mldsa_pkcs12(void);
int test_mldsa_x509_pubkey_sigtype(void);
/* Negative length-validation regression tests, also defined in
* tests/api/test_mldsa.c. */
int test_mldsa_verify_hash(void);
int test_dilithium_hash(void);
/* Legacy-name shim coverage defined in tests/api/test_mldsa_legacy.c.
* Single function -- compile-time wc_static_assert checks for every alias
* + one runtime smoke test that drives each arg-reordering macro family.
@@ -82,6 +87,8 @@ int test_mldsa_legacy_shim(void);
TEST_DECL_GROUP("mldsa", test_mldsa_encode_w1_large_values), \
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12), \
TEST_DECL_GROUP("mldsa", test_mldsa_x509_pubkey_sigtype), \
TEST_DECL_GROUP("mldsa", test_mldsa_verify_hash), \
TEST_DECL_GROUP("mldsa", test_dilithium_hash), \
TEST_DECL_GROUP("mldsa", test_mldsa_legacy_shim)
#endif /* WOLFCRYPT_TEST_MLDSA_H */
+66
View File
@@ -247,6 +247,15 @@ int test_ocsp_basic_verify(void)
ExpectNull(
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad)));
/* reuse failure must clear caller pointer */
ptr = (const unsigned char*)resp;
ExpectNotNull(
response = wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp)));
ptr = (const unsigned char*)resp_bad;
ExpectNull(
wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp_bad)));
ExpectNull(response);
ptr = (const unsigned char*)resp;
ExpectNotNull(
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
@@ -765,6 +774,63 @@ int test_ocsp_certid_dup(void)
}
#endif
int test_ocsp_resp_find_status_serial_prefix(void)
{
EXPECT_DECLS;
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && !defined(NO_SHA)
OcspResponse response;
OcspEntry single;
CertStatus responseStatus;
OcspEntry requestedId;
CertStatus requestedStatus;
int status;
XMEMSET(&response, 0, sizeof(response));
XMEMSET(&single, 0, sizeof(single));
XMEMSET(&responseStatus, 0, sizeof(responseStatus));
XMEMSET(&requestedId, 0, sizeof(requestedId));
XMEMSET(&requestedStatus, 0, sizeof(requestedStatus));
single.status = &responseStatus;
requestedId.status = &requestedStatus;
response.single = &single;
/* Matching issuer name and key hashes on both sides. */
XMEMSET(single.issuerHash, 0x41, OCSP_DIGEST_SIZE);
XMEMSET(single.issuerKeyHash, 0x42, OCSP_DIGEST_SIZE);
XMEMCPY(requestedId.issuerHash, single.issuerHash, OCSP_DIGEST_SIZE);
XMEMCPY(requestedId.issuerKeyHash, single.issuerKeyHash, OCSP_DIGEST_SIZE);
/* Response carries a CERT_GOOD status for serial 01:02 (2 bytes). */
responseStatus.serial[0] = 0x01;
responseStatus.serial[1] = 0x02;
responseStatus.serialSz = 2;
responseStatus.status = CERT_GOOD;
/* Sanity check: an exact serial match must be found and report CERT_GOOD. */
requestedStatus.serial[0] = 0x01;
requestedStatus.serial[1] = 0x02;
requestedStatus.serialSz = 2;
status = -1;
ExpectIntEQ(wolfSSL_OCSP_resp_find_status(&response, &requestedId, &status,
NULL, NULL, NULL, NULL), WOLFSSL_SUCCESS);
ExpectIntEQ(status, CERT_GOOD);
/* Request serial 01:02:03 (3 bytes) shares the 01:02 prefix of the
* response serial.
* The lookup must not bind the good response to this longer and
* differing serial. */
requestedStatus.serial[0] = 0x01;
requestedStatus.serial[1] = 0x02;
requestedStatus.serial[2] = 0x03;
requestedStatus.serialSz = 3;
status = -1;
ExpectIntEQ(wolfSSL_OCSP_resp_find_status(&response, &requestedId, &status,
NULL, NULL, NULL, NULL), WOLFSSL_FAILURE);
#endif
return EXPECT_RESULT();
}
#if defined(HAVE_OCSP) && defined(WOLFSSL_CERT_SETUP_CB) && \
defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_RSA) && \
(defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+1
View File
@@ -24,6 +24,7 @@
int test_ocsp_certid_enc_dec(void);
int test_ocsp_certid_dup(void);
int test_ocsp_resp_find_status_serial_prefix(void);
int test_ocsp_status_callback(void);
int test_ocsp_basic_verify(void);
int test_ocsp_responder_keyhash_binding(void);
+120
View File
@@ -755,6 +755,126 @@ int test_wolfSSL_PEM_PrivateKey(void)
return EXPECT_RESULT();
}
int test_wolfSSL_PEM_write_PrivateKey(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) && \
!defined(NO_ASN) && !defined(NO_PWDBASED)
const char* privFile = "./test-pem-write-private-key.pem";
const unsigned char* serverKey =
(const unsigned char*)server_key_der_2048;
EVP_PKEY* pkey = NULL;
EVP_PKEY* readPriv = NULL;
XFILE fp = XBADFILE;
remove(privFile);
ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &serverKey,
(long)sizeof_server_key_der_2048));
/* Bad-argument checks. */
ExpectIntEQ(PEM_write_PrivateKey(XBADFILE, pkey, NULL, NULL, 0, NULL,
NULL), 0);
ExpectIntEQ(PEM_write_PrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
NULL), 0);
/* Write private key to file. */
ExpectTrue((fp = XFOPEN(privFile, "wb")) != XBADFILE);
if (fp != XBADFILE) {
ExpectIntEQ(PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL),
1);
XFCLOSE(fp);
fp = XBADFILE;
}
/* Read it back and verify the DER content matches. */
ExpectTrue((fp = XFOPEN(privFile, "rb")) != XBADFILE);
if (fp != XBADFILE) {
ExpectNotNull(readPriv = PEM_read_PrivateKey(fp, NULL, NULL, NULL));
XFCLOSE(fp);
fp = XBADFILE;
}
if ((pkey != NULL) && (readPriv != NULL) && (pkey->pkey.ptr != NULL) &&
(readPriv->pkey.ptr != NULL)) {
ExpectIntEQ(pkey->pkey_sz, readPriv->pkey_sz);
ExpectIntEQ(XMEMCMP(pkey->pkey.ptr, readPriv->pkey.ptr,
pkey->pkey_sz), 0);
}
EVP_PKEY_free(readPriv);
EVP_PKEY_free(pkey);
if (fp != XBADFILE) {
XFCLOSE(fp);
}
remove(privFile);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_PEM_write_PUBKEY(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) && \
!defined(NO_ASN) && !defined(NO_PWDBASED)
const char* pubFile = "./test-pem-write-pubkey.pem";
const unsigned char* serverKey =
(const unsigned char*)server_key_der_2048;
EVP_PKEY* pkey = NULL;
EVP_PKEY* readPub = NULL;
unsigned char* pubDer = NULL;
unsigned char* readPubDer = NULL;
XFILE fp = XBADFILE;
int pubDerSz = 0;
int readPubDerSz = 0;
remove(pubFile);
ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &serverKey,
(long)sizeof_server_key_der_2048));
/* Bad-argument checks. */
ExpectIntEQ(PEM_write_PUBKEY(XBADFILE, pkey), 0);
ExpectIntEQ(PEM_write_PUBKEY(stderr, NULL), 0);
/* Capture the expected public-key DER for later comparison. */
ExpectIntGT(pubDerSz = wolfSSL_i2d_PUBKEY(pkey, &pubDer), 0);
/* Write public key to file. */
ExpectTrue((fp = XFOPEN(pubFile, "wb")) != XBADFILE);
if (fp != XBADFILE) {
ExpectIntEQ(PEM_write_PUBKEY(fp, pkey), 1);
XFCLOSE(fp);
fp = XBADFILE;
}
/* Read it back and verify the DER content matches. */
ExpectTrue((fp = XFOPEN(pubFile, "rb")) != XBADFILE);
if (fp != XBADFILE) {
ExpectNotNull(readPub = PEM_read_PUBKEY(fp, NULL, NULL, NULL));
XFCLOSE(fp);
fp = XBADFILE;
}
ExpectIntGT(readPubDerSz = wolfSSL_i2d_PUBKEY(readPub, &readPubDer), 0);
ExpectIntEQ(pubDerSz, readPubDerSz);
if ((pubDer != NULL) && (readPubDer != NULL) && (pubDerSz > 0) &&
(pubDerSz == readPubDerSz)) {
ExpectIntEQ(XMEMCMP(pubDer, readPubDer, pubDerSz), 0);
}
XFREE(readPubDer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(pubDer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
EVP_PKEY_free(readPub);
EVP_PKEY_free(pkey);
if (fp != XBADFILE) {
XFCLOSE(fp);
}
remove(pubFile);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_PEM_file_RSAKey(void)
{
EXPECT_DECLS;
+4
View File
@@ -32,6 +32,8 @@ int test_wolfSSL_PEM_PrivateKey_ecc(void);
int test_wolfSSL_PEM_PrivateKey_dsa(void);
int test_wolfSSL_PEM_PrivateKey_dh(void);
int test_wolfSSL_PEM_PrivateKey(void);
int test_wolfSSL_PEM_write_PrivateKey(void);
int test_wolfSSL_PEM_write_PUBKEY(void);
int test_wolfSSL_PEM_file_RSAKey(void);
int test_wolfSSL_PEM_file_RSAPrivateKey(void);
int test_wolfSSL_PEM_read_RSA_PUBKEY(void);
@@ -52,6 +54,8 @@ int test_wolfSSL_PEM_PUBKEY(void);
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dsa), \
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dh), \
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey), \
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_write_PrivateKey), \
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_write_PUBKEY), \
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAKey), \
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAPrivateKey), \
TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_RSA_PUBKEY), \
+108
View File
@@ -71,6 +71,114 @@ int test_wolfSSL_X509_check_private_key(void)
return EXPECT_RESULT();
}
/* EVP_PKCS82PKEY() must populate pkey.ptr/pkey_sz for ML-DSA so
* X509_check_private_key() (wc_CheckPrivateKey) can redecode the DER, and
* d2i_PKCS8_PKEY() must keep the full PKCS#8 wrapper for ML-DSA level recovery
* from the AlgorithmIdentifier. */
int test_wolfSSL_X509_check_private_key_mldsa(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_BIO) && !defined(NO_CHECK_PRIVATE_KEY) && \
defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
(defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)) && \
(!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_65) || \
!defined(WOLFSSL_NO_ML_DSA_87))
static const struct {
const char* keyPath;
const char* certPath;
const char* mismatchCertPath; /* NULL if no other level available */
} cases[] = {
#if !defined(WOLFSSL_NO_ML_DSA_44)
{ "./certs/mldsa/mldsa44-key.pem",
"./certs/mldsa/mldsa44-cert.der",
#if !defined(WOLFSSL_NO_ML_DSA_65)
"./certs/mldsa/mldsa65-cert.der"
#elif !defined(WOLFSSL_NO_ML_DSA_87)
"./certs/mldsa/mldsa87-cert.der"
#else
NULL
#endif
},
#endif
#if !defined(WOLFSSL_NO_ML_DSA_65)
{ "./certs/mldsa/mldsa65-key.pem",
"./certs/mldsa/mldsa65-cert.der",
#if !defined(WOLFSSL_NO_ML_DSA_87)
"./certs/mldsa/mldsa87-cert.der"
#elif !defined(WOLFSSL_NO_ML_DSA_44)
"./certs/mldsa/mldsa44-cert.der"
#else
NULL
#endif
},
#endif
#if !defined(WOLFSSL_NO_ML_DSA_87)
{ "./certs/mldsa/mldsa87-key.pem",
"./certs/mldsa/mldsa87-cert.der",
#if !defined(WOLFSSL_NO_ML_DSA_44)
"./certs/mldsa/mldsa44-cert.der"
#elif !defined(WOLFSSL_NO_ML_DSA_65)
"./certs/mldsa/mldsa65-cert.der"
#else
NULL
#endif
},
#endif
};
size_t i;
for (i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
PKCS8_PRIV_KEY_INFO* pt = NULL;
EVP_PKEY* pkey = NULL;
X509* x509 = NULL;
X509* mismatchX509 = NULL;
BIO* bio = NULL;
byte* buf = NULL;
size_t sz = 0;
ExpectIntEQ(load_file(cases[i].keyPath, &buf, &sz), 0);
ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, (int)sz));
ExpectNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
ExpectNotNull(pkey = EVP_PKCS82PKEY(pt));
if (pkey != NULL) {
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
/* pkey.ptr must hold the DER so that X509_check_private_key() to
* wc_CheckPrivateKey() can re-decode it. */
ExpectNotNull(pkey->pkey.ptr);
ExpectIntGT(pkey->pkey_sz, 0);
}
ExpectNotNull(x509 = X509_load_certificate_file(
cases[i].certPath, SSL_FILETYPE_ASN1));
ExpectIntEQ(X509_check_private_key(x509, pkey), 1);
if (cases[i].mismatchCertPath != NULL) {
ExpectNotNull(mismatchX509 = X509_load_certificate_file(
cases[i].mismatchCertPath, SSL_FILETYPE_ASN1));
ExpectIntEQ(X509_check_private_key(mismatchX509, pkey), 0);
}
/* Negative check, corrupt the outer SEQ tag so the key DER fails */
if (EXPECT_SUCCESS() && (pkey != NULL) && (pkey->pkey.ptr != NULL)) {
pkey->pkey.ptr[0] ^= 0xFF;
ExpectIntEQ(X509_check_private_key(x509, pkey), 0);
}
X509_free(mismatchX509);
X509_free(x509);
EVP_PKEY_free(pkey);
PKCS8_PRIV_KEY_INFO_free(pt);
BIO_free(bio);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_verify(void)
{
EXPECT_DECLS;
+3
View File
@@ -25,6 +25,7 @@
#include <tests/api/api_decl.h>
int test_wolfSSL_X509_check_private_key(void);
int test_wolfSSL_X509_check_private_key_mldsa(void);
int test_wolfSSL_X509_verify(void);
int test_wolfSSL_X509_sign(void);
int test_wolfSSL_X509_sign2(void);
@@ -32,6 +33,8 @@ int test_wolfSSL_make_cert(void);
#define TEST_OSSL_X509_CRYPTO_DECLS \
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_check_private_key), \
TEST_DECL_GROUP("ossl_x509_crypto", \
test_wolfSSL_X509_check_private_key_mldsa), \
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_verify), \
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign), \
TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign2), \
+162 -6
View File
@@ -593,6 +593,70 @@ int test_wolfSSL_X509_add_ext(void)
return EXPECT_RESULT();
}
int test_wolfSSL_X509_add_ext_dirname_san_rejected(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL_X509* x509 = NULL;
WOLFSSL_X509_EXTENSION* ext = NULL;
WOLFSSL_ASN1_OBJECT* obj = NULL;
WOLFSSL_GENERAL_NAME* gn = NULL;
WOLFSSL_X509_NAME* dirName = NULL;
WOLFSSL_STACK* sk = NULL;
ExpectNotNull(x509 = wolfSSL_X509_new());
ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
/* Build a GEN_DIRNAME GENERAL_NAME with a real directoryName so that
* gn->d.directoryName aliases an X509_NAME object via the union. */
ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
ExpectNotNull(dirName = wolfSSL_X509_NAME_new());
ExpectIntEQ(wolfSSL_X509_NAME_add_entry_by_NID(dirName, NID_commonName,
MBSTRING_UTF8, (unsigned char*)"dirname-san-test", -1, -1, 0), 1);
if (gn != NULL) {
/* Drop the default IA5 string and install the X509_NAME. */
wolfSSL_ASN1_STRING_free(gn->d.ia5);
gn->type = GEN_DIRNAME;
gn->d.directoryName = dirName;
dirName = NULL; /* gn owns the X509_NAME now */
}
/* Build the ext: SAN OID + ext_sk containing the DirName GENERAL_NAME. */
ExpectNotNull(sk = wolfSSL_sk_new_null());
if (sk != NULL) {
sk->type = STACK_TYPE_GEN_NAME;
}
ExpectIntGT(wolfSSL_sk_GENERAL_NAME_push(sk, gn), 0);
gn = NULL; /* sk owns gn now */
ExpectNotNull(obj = wolfSSL_OBJ_nid2obj(NID_subject_alt_name));
if (obj != NULL) {
obj->type = NID_subject_alt_name;
obj->nid = NID_subject_alt_name;
}
if ((ext != NULL) && (obj != NULL) && (sk != NULL)) {
ext->obj = obj;
obj = NULL; /* ext owns obj now */
ext->ext_sk = sk;
sk = NULL; /* ext owns sk now */
}
/* The unsupported GeneralName type must be rejected safely, NOT crash
* or read OOB via a type-confused d.ia5 dereference. */
ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
/* Cleanup. The success-path owners (set to NULL above) are no-ops. */
wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL_sk_GENERAL_NAME_pop_free(sk, wolfSSL_GENERAL_NAME_free);
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_X509_NAME_free(dirName);
wolfSSL_X509_EXTENSION_free(ext);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_get_ext_count(void)
{
EXPECT_DECLS;
@@ -1098,10 +1162,6 @@ int test_wolfSSL_X509V3_EXT_bc(void)
ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
if (pathLen != NULL) {
pathLen->length = 2;
}
if (obj != NULL) {
obj->type = NID_basic_constraints;
@@ -1109,17 +1169,47 @@ int test_wolfSSL_X509V3_EXT_bc(void)
}
ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
/* No pathlen set. */
/* No pathLenConstraint present. Per RFC 5280 4.2.1.9 no limit is imposed,
* so pathlen must be NULL (and distinguishable from a value of 0). */
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
ExpectNull(bc->pathlen);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
bc = NULL;
/* pathLenConstraint of 0 is valid and meaningful (the CA may only issue
* end-entity certificates). It must be preserved, not conflated with an
* absent constraint. */
ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
if (pathLen != NULL) {
pathLen->length = 0;
}
if ((ext != NULL) && (ext->obj != NULL)) {
ext->obj->pathlen = pathLen;
pathLen = NULL;
}
/* pathlen set. */
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
ExpectNotNull(bc->pathlen);
ExpectIntEQ(bc->pathlen->length, 0);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
bc = NULL;
/* A non-zero pathLenConstraint is preserved as-is. */
if ((ext != NULL) && (ext->obj != NULL)) {
wolfSSL_ASN1_INTEGER_free(ext->obj->pathlen);
ext->obj->pathlen = NULL;
}
ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
if (pathLen != NULL) {
pathLen->length = 2;
}
if ((ext != NULL) && (ext->obj != NULL)) {
ext->obj->pathlen = pathLen;
pathLen = NULL;
}
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
ExpectNotNull(bc->pathlen);
ExpectIntEQ(bc->pathlen->length, 2);
wolfSSL_ASN1_INTEGER_free(pathLen);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
@@ -1129,6 +1219,72 @@ int test_wolfSSL_X509V3_EXT_bc(void)
return EXPECT_RESULT();
}
int test_wolfSSL_X509_get_ext_d2i_basic_constraints(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
XFILE f = XBADFILE;
WOLFSSL_X509* x509 = NULL;
WOLFSSL_BASIC_CONSTRAINTS* bc = NULL;
int crit = 0;
/* CA certificate with basicConstraints CA:TRUE and *no* pathLenConstraint.
* Per RFC 5280 4.2.1.9 no path length limit is imposed, so the returned
* pathlen must be NULL - it must not be reported as a value of 0. */
ExpectTrue((f = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE);
ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
if (f != XBADFILE) {
XFCLOSE(f);
f = XBADFILE;
}
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509_get_ext_d2i(
x509, NID_basic_constraints, &crit, NULL));
ExpectNull(bc->pathlen);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
bc = NULL;
wolfSSL_X509_free(x509);
x509 = NULL;
/* Intermediate CA with basicConstraints CA:TRUE, pathlen:1. */
ExpectTrue((f = XFOPEN("./certs/intermediate/ca-int-cert.pem", "rb")) !=
XBADFILE);
ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
if (f != XBADFILE) {
XFCLOSE(f);
f = XBADFILE;
}
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509_get_ext_d2i(
x509, NID_basic_constraints, &crit, NULL));
ExpectNotNull(bc->pathlen);
ExpectIntEQ(bc->pathlen->length, 1);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
bc = NULL;
wolfSSL_X509_free(x509);
x509 = NULL;
/* CA with basicConstraints CA:TRUE, pathlen:0. A pathLenConstraint of 0 is
* valid and meaningful (the CA may only issue end-entity certificates) and
* must be reported (non-NULL pathlen, value 0) - it must not be conflated
* with an absent constraint. */
ExpectTrue((f = XFOPEN("./certs/test-pathlen/chainG-ICA1-pathlen0.pem",
"rb")) != XBADFILE);
ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
if (f != XBADFILE) {
XFCLOSE(f);
f = XBADFILE;
}
ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509_get_ext_d2i(
x509, NID_basic_constraints, &crit, NULL));
ExpectNotNull(bc->pathlen);
ExpectIntEQ(bc->pathlen->length, 0);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
bc = NULL;
wolfSSL_X509_free(x509);
x509 = NULL;
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509V3_EXT_san(void)
{
EXPECT_DECLS;
+6
View File
@@ -30,6 +30,7 @@ int test_wolfSSL_X509_get_ext_by_NID(void);
int test_wolfSSL_X509_get_ext_subj_alt_name(void);
int test_wolfSSL_X509_set_ext(void);
int test_wolfSSL_X509_add_ext(void);
int test_wolfSSL_X509_add_ext_dirname_san_rejected(void);
int test_wolfSSL_X509_get_ext_count(void);
int test_wolfSSL_X509_stack_extensions(void);
int test_wolfSSL_X509_EXTENSION_new(void);
@@ -42,6 +43,7 @@ int test_wolfSSL_X509V3_set_ctx(void);
int test_wolfSSL_X509V3_EXT_get(void);
int test_wolfSSL_X509V3_EXT_nconf(void);
int test_wolfSSL_X509V3_EXT_bc(void);
int test_wolfSSL_X509_get_ext_d2i_basic_constraints(void);
int test_wolfSSL_X509V3_EXT_san(void);
int test_wolfSSL_X509V3_EXT_aia(void);
int test_wolfSSL_X509V3_EXT(void);
@@ -62,6 +64,8 @@ int test_wolfSSL_NAME_CONSTRAINTS_excluded(void);
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_subj_alt_name), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_set_ext), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_add_ext), \
TEST_DECL_GROUP("ossl_x509_ext", \
test_wolfSSL_X509_add_ext_dirname_san_rejected), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_count), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_stack_extensions), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_new), \
@@ -76,6 +80,8 @@ int test_wolfSSL_NAME_CONSTRAINTS_excluded(void);
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_get), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_nconf), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_bc), \
TEST_DECL_GROUP("ossl_x509_ext", \
test_wolfSSL_X509_get_ext_d2i_basic_constraints), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_san), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_aia), \
TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT), \
+4
View File
@@ -648,10 +648,12 @@ int test_wc_PKCS12_PBKDF(void)
ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
/* iterations <= 0 must be rejected */
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), BAD_FUNC_ARG);
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), -1, 24, WC_SHA256, 1), BAD_FUNC_ARG);
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
#endif
return EXPECT_RESULT();
}
@@ -717,12 +719,14 @@ int test_wc_PKCS12_PBKDF_ex(void)
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 3, NULL), 0);
/* iterations <= 0 must be rejected */
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1, NULL),
BAD_FUNC_ARG);
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), -1, 24, WC_SHA256, 1, NULL),
BAD_FUNC_ARG);
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
#endif
return EXPECT_RESULT();
}
+2 -1
View File
@@ -29,7 +29,8 @@ int test_wc_PBKDF1_ex_iterations(void)
{
EXPECT_DECLS;
#if defined(HAVE_PBKDF1) && !defined(NO_PWDBASED) && !defined(NO_SHA) && \
!defined(HAVE_SELFTEST)
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
static const byte passwd[] = { 'p', 'a', 's', 's' };
static const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
0x5d, 0x63, 0xcb, 0x06 };
File diff suppressed because it is too large Load Diff
+54
View File
@@ -0,0 +1,54 @@
/* test_session.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFCRYPT_TEST_SESSION_H
#define WOLFCRYPT_TEST_SESSION_H
#include <tests/api/api_decl.h>
int test_wolfSSL_CTX_add_session(void);
int test_wolfSSL_CTX_add_session_ext_tls13(void);
int test_wolfSSL_CTX_add_session_ext_dtls13(void);
int test_wolfSSL_CTX_add_session_ext_tls12(void);
int test_wolfSSL_CTX_add_session_ext_dtls12(void);
int test_wolfSSL_CTX_add_session_ext_tls11(void);
int test_wolfSSL_CTX_add_session_ext_dtls1(void);
int test_wolfSSL_SESSION(void);
int test_wolfSSL_SESSION_expire_downgrade(void);
int test_wolfSSL_CTX_sess_set_remove_cb(void);
int test_wolfSSL_ticket_keys(void);
int test_wolfSSL_SESSION_get_ex_new_index(void);
#define TEST_SESSION_DECLS \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session), \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_tls13), \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_dtls13), \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_tls12), \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_dtls12), \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_tls11), \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_add_session_ext_dtls1), \
TEST_DECL_GROUP("session", test_wolfSSL_SESSION), \
TEST_DECL_GROUP("session", test_wolfSSL_SESSION_expire_downgrade), \
TEST_DECL_GROUP("session", test_wolfSSL_CTX_sess_set_remove_cb), \
TEST_DECL_GROUP("session", test_wolfSSL_ticket_keys), \
TEST_DECL_GROUP("session", test_wolfSSL_SESSION_get_ex_new_index)
#endif /* WOLFCRYPT_TEST_SESSION_H */
+213
View File
@@ -6310,3 +6310,216 @@ int test_tls13_cipher_fuzz_aes128_ccm_8_sha256(void)
#endif
return EXPECT_RESULT();
}
/* Regression test for the AEAD record-protection limit constants in
* internal.h. The macros expand to w64From32(hi, lo). A prior version split
* the intended 32-bit constants into 16-bit halves and passed each half as
* a separate 32-bit argument, producing a 64-bit value many orders of
* magnitude larger than RFC 8446 / RFC 9147 require. That made
* CheckTLS13AEADSendLimit's key-update trigger effectively unreachable.
* Compare against the hard-coded spec values so a recurrence is caught even
* if the macro is reused on both sides of the comparison. */
int test_tls13_AEAD_limit_macros(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS)
w64wrapper limit;
/* RFC 8446 5.5: 2^24.5 ~= 23726566 (0x016A09E6). */
limit = AEAD_AES_LIMIT;
ExpectIntEQ(w64GetHigh32(limit), 0);
ExpectIntEQ(w64GetLow32(limit), 0x016A09E6);
#ifdef WOLFSSL_DTLS13
/* RFC 9147 (AES-CCM integrity): 2^23.5 ~= 11863283 (0x00B504F3). */
limit = DTLS_AEAD_AES_CCM_FAIL_LIMIT;
ExpectIntEQ(w64GetHigh32(limit), 0);
ExpectIntEQ(w64GetLow32(limit), 0x00B504F3);
/* Key-update threshold is half the fail limit: 5931641 (0x005A8279). */
limit = DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT;
ExpectIntEQ(w64GetHigh32(limit), 0);
ExpectIntEQ(w64GetLow32(limit), 0x005A8279);
#endif
#endif
return EXPECT_RESULT();
}
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
(defined(BUILD_TLS_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_AES_128_CCM_SHA256) || \
defined(BUILD_TLS_AES_128_CCM_8_SHA256))
/* Drive the client's encrypt sequence number towards the spec limit for
* `suite` and verify CheckTLS13AEADSendLimit's KeyUpdate trigger fires at
* exactly the right boundary.
*
* Two writes are exercised:
* 1. Counter set to limit - 2. After the write the counter must read
* limit - 1 (record incremented it by 1) and no KeyUpdate must have
* been emitted. CheckTLS13AEADSendLimit uses `seq >= limit`, so neither
* the pre-send check nor the trailing loop check (which runs once more
* after the last record before wolfSSL_write exits) is allowed to fire.
* 2. A second write follows with the counter already sitting at limit - 1
* from the previous record. The user record goes out at seq = limit-1,
* which bumps the counter to limit; the trailing limit check then
* fires SendTls13KeyUpdate. SetKeysSide zeroes the encrypt counter, so
* the post-write counter is 0.
*
* With the previous broken AEAD-limit macros the limit was unreachable, no
* KeyUpdate would ever fire, and the counter would simply advance to
* limit_lo + 1 in the second case instead of being reset.
*
* The AEAD nonce mixes in the record sequence number on both sides, so the
* server's decrypt counter has to be advanced in lockstep with the client's
* encrypt counter or the record fails the integrity check. */
static int test_tls13_AEAD_limit_triggers_KeyUpdate_cs(const char* suite,
word32 limit_hi, word32 limit_lo, int expected_bulk_cipher)
{
EXPECT_DECLS;
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
const char msg[] = "post-limit-record";
char buf[sizeof(msg)];
int written;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
test_ctx.c_ciphers = suite;
test_ctx.s_ciphers = suite;
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
if (EXPECT_SUCCESS() && ssl_c != NULL && ssl_s != NULL) {
/* Sanity check: the negotiated bulk cipher matches what the caller
* intends to exercise. If a build flag combination falls through to
* a different suite, the limit constant would be wrong. */
ExpectIntEQ(ssl_c->specs.bulk_cipher_algorithm, expected_bulk_cipher);
/* Stage the counters two below the limit so the first write stays
* comfortably below the trigger threshold. */
ssl_c->keys.sequence_number_hi = limit_hi;
ssl_c->keys.sequence_number_lo = limit_lo - 2;
ssl_s->keys.peer_sequence_number_hi = limit_hi;
ssl_s->keys.peer_sequence_number_lo = limit_lo - 2;
}
/* First write: below the limit, no KeyUpdate expected. */
written = wolfSSL_write(ssl_c, msg, (int)sizeof(msg));
ExpectIntEQ(written, (int)sizeof(msg));
if (EXPECT_SUCCESS() && ssl_c != NULL) {
/* The record bumped the counter from limit-2 to limit-1. A
* KeyUpdate would have zeroed it via SetKeysSide and bumped to 1. */
ExpectIntEQ((int)ssl_c->keys.sequence_number_hi, (int)limit_hi);
ExpectIntEQ(ssl_c->keys.sequence_number_lo, limit_lo - 1);
}
/* Server consumes the below-limit record with its existing keys. */
XMEMSET(buf, 0, sizeof(buf));
ExpectIntEQ(wolfSSL_read(ssl_s, buf, (int)sizeof(buf)), (int)sizeof(msg));
ExpectIntEQ(XMEMCMP(buf, msg, sizeof(msg)), 0);
/* Second write: the client's counter is now at limit-1. Sending this
* record will push it to limit, at which point the trailing check
* inside SendData's loop fires SendTls13KeyUpdate. No manual counter
* adjustment is needed -- the counter is allowed to "naturally" reach
* the limit through the previous send. */
written = wolfSSL_write(ssl_c, msg, (int)sizeof(msg));
ExpectIntEQ(written, (int)sizeof(msg));
if (EXPECT_SUCCESS() && ssl_c != NULL) {
/* SendTls13KeyUpdate -> DeriveTls13Keys -> SetKeysSide zeroes the
* encrypt sequence number. The user record went out before the
* trigger fired, so no record was sent on the new keys. */
ExpectIntEQ((int)ssl_c->keys.sequence_number_hi, 0);
ExpectIntEQ((int)ssl_c->keys.sequence_number_lo, 0);
}
/* The server reads the user record (sent under the pre-update keys at
* seq = limit - 1) before it sees the KeyUpdate record. The KeyUpdate
* is consumed transparently on a subsequent read; for the test we just
* need to confirm the user data round-trips. */
XMEMSET(buf, 0, sizeof(buf));
{
int r = -1, attempts;
for (attempts = 0; attempts < 5; attempts++) {
r = wolfSSL_read(ssl_s, buf, (int)sizeof(buf));
if (r > 0)
break;
if (wolfSSL_get_error(ssl_s, r) != WOLFSSL_ERROR_WANT_READ)
break;
}
ExpectIntEQ(r, (int)sizeof(msg));
}
ExpectIntEQ(XMEMCMP(buf, msg, sizeof(msg)), 0);
wolfSSL_free(ssl_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_c);
wolfSSL_CTX_free(ctx_s);
return EXPECT_RESULT();
}
#endif
int test_tls13_AEAD_limit_KU_aes128_gcm_sha256(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
defined(BUILD_TLS_AES_128_GCM_SHA256)
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
"TLS13-AES128-GCM-SHA256", 0, 0x016A09E6, wolfssl_aes_gcm),
TEST_SUCCESS);
#endif
return EXPECT_RESULT();
}
int test_tls13_AEAD_limit_KU_aes256_gcm_sha384(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
defined(BUILD_TLS_AES_256_GCM_SHA384)
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
"TLS13-AES256-GCM-SHA384", 0, 0x016A09E6, wolfssl_aes_gcm),
TEST_SUCCESS);
#endif
return EXPECT_RESULT();
}
int test_tls13_AEAD_limit_KU_aes128_ccm_sha256(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
defined(BUILD_TLS_AES_128_CCM_SHA256)
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
"TLS13-AES128-CCM-SHA256", 0, 0x016A09E6, wolfssl_aes_ccm),
TEST_SUCCESS);
#endif
return EXPECT_RESULT();
}
int test_tls13_AEAD_limit_KU_aes128_ccm_8_sha256(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
defined(BUILD_TLS_AES_128_CCM_8_SHA256)
ExpectIntEQ(test_tls13_AEAD_limit_triggers_KeyUpdate_cs(
"TLS13-AES128-CCM-8-SHA256", 0, 0x016A09E6, wolfssl_aes_ccm),
TEST_SUCCESS);
#endif
return EXPECT_RESULT();
}
+11 -1
View File
@@ -76,6 +76,11 @@ int test_tls13_cipher_fuzz_aes256_gcm_sha384(void);
int test_tls13_cipher_fuzz_chacha20_poly1305_sha256(void);
int test_tls13_cipher_fuzz_aes128_ccm_sha256(void);
int test_tls13_cipher_fuzz_aes128_ccm_8_sha256(void);
int test_tls13_AEAD_limit_macros(void);
int test_tls13_AEAD_limit_KU_aes128_gcm_sha256(void);
int test_tls13_AEAD_limit_KU_aes256_gcm_sha384(void);
int test_tls13_AEAD_limit_KU_aes128_ccm_sha256(void);
int test_tls13_AEAD_limit_KU_aes128_ccm_8_sha256(void);
#define TEST_TLS13_DECLS \
TEST_DECL_GROUP("tls13", test_tls13_apis), \
@@ -129,6 +134,11 @@ int test_tls13_cipher_fuzz_aes128_ccm_8_sha256(void);
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes256_gcm_sha384), \
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_chacha20_poly1305_sha256), \
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes128_ccm_sha256), \
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes128_ccm_8_sha256)
TEST_DECL_GROUP("tls13", test_tls13_cipher_fuzz_aes128_ccm_8_sha256), \
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_macros), \
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes128_gcm_sha256), \
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes256_gcm_sha384), \
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes128_ccm_sha256), \
TEST_DECL_GROUP("tls13", test_tls13_AEAD_limit_KU_aes128_ccm_8_sha256)
#endif /* WOLFCRYPT_TEST_TLS13_H */
+9
View File
@@ -87,6 +87,15 @@ int test_memio_modify_message_len(struct test_memio_ctx *ctx, int client, int ms
int test_memio_remove_from_buffer(struct test_memio_ctx *ctx, int client, int off, int sz);
#endif
/* Shared TLS server/client thread bodies, defined in tests/api.c. The
* definitions are gated on ENABLE_TLS_CALLBACK_TEST (a composite condition
* locally #defined inside api.c) or (WOLFSSL_DTLS && WOLFSSL_SESSION_EXPORT).
* Declared unconditionally here so api.c itself sees the prototype regardless
* of which side of the local #define triggers; absent the definition the
* prototypes are harmless and any caller would get a link error. */
THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args);
void run_wolfssl_client(void* args);
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_UNIT_TEST_CERTS)
void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName);
+4 -3
View File
@@ -1298,9 +1298,6 @@ static const bench_alg bench_other_opt[] = {
#endif
{ NULL, 0}
};
#endif /* MAIN_NO_ARGS */
#endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */
#if defined(BENCH_PQ_STATEFUL_HBS)
typedef struct bench_pq_hash_sig_alg {
@@ -1353,6 +1350,10 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = {
};
#endif /* BENCH_PQ_STATEFUL_HBS */
#endif /* MAIN_NO_ARGS */
#endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */
#if !defined(WOLFSSL_BENCHMARK_ALL) && !defined(MAIN_NO_ARGS)
#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
defined(WOLFSSL_HAVE_MLDSA)
+262 -19
View File
@@ -977,6 +977,30 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
}
#endif /* HAVE_AES_DECRYPT && WOLFSSL_AES_DIRECT */
#elif defined(WOLFSSL_PPC64_ASM)
#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) || \
defined(WOLFSSL_AESGCM_STREAM) || defined(HAVE_AESGCM)
static WARN_UNUSED_RESULT int wc_AesEncrypt(Aes* aes, const byte* inBlock,
byte* outBlock)
{
AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
(int)aes->rounds);
return 0;
}
#endif
#if defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT)
static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
byte* outBlock)
{
AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
(int)aes->rounds);
return 0;
}
#endif /* HAVE_AES_DECRYPT && WOLFSSL_AES_DIRECT */
#elif defined(FREESCALE_MMCAU)
/* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes
* through the CAU/mmCAU library. Documentation located in
@@ -1285,12 +1309,14 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
#if !defined(WOLFSSL_ESP32_CRYPT) || \
(defined(NO_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES) || \
defined(NEED_AES_HW_FALLBACK))
#ifndef WOLFSSL_PPC64_ASM
static const FLASH_QUALIFIER word32 rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1B000000, 0x36000000,
/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
};
#endif
#endif /* ESP32 */
#endif /* __aarch64__ || !WOLFSSL_ARMASM */
@@ -4637,6 +4663,102 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
return AesSetKey(aes, userKey, keylen, iv, dir);
}
#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
/* AES-CTR and AES-DIRECT need to use this for key setup */
/* This function allows key sizes that are not 128/192/256 bits */
int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
const byte* iv, int dir)
{
if (aes == NULL) {
return BAD_FUNC_ARG;
}
if (keylen > sizeof(aes->key)) {
return BAD_FUNC_ARG;
}
return AesSetKey(aes, userKey, keylen, iv, dir);
}
#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
#elif defined(WOLFSSL_PPC64_ASM)
static int AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
const byte* iv, int dir)
{
#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \
defined(WOLFSSL_AES_CTS)
aes->left = 0;
#endif
aes->keylen = (int)keylen;
aes->rounds = (keylen/4) + 6;
AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
#ifdef HAVE_AES_DECRYPT
if (dir == AES_DECRYPTION) {
AES_invert_key((byte*)aes->key, aes->rounds);
}
#else
(void)dir;
#endif
return wc_AesSetIV(aes, iv);
}
int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
const byte* iv, int dir)
{
if ((aes == NULL) || (userKey == NULL)) {
return BAD_FUNC_ARG;
}
switch (keylen) {
#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \
defined(WOLFSSL_AES_128)
case 16:
#endif
#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \
defined(WOLFSSL_AES_192)
case 24:
#endif
#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \
defined(WOLFSSL_AES_256)
case 32:
#endif
break;
default:
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (aes->devId != INVALID_DEVID) {
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
if (ret == 0) {
/* Callback succeeded - SE owns the key */
aes->keylen = (int)keylen;
if (iv != NULL)
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
else
XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
return 0;
}
else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
aes->devCtx = NULL;
return ret;
}
/* CRYPTOCB_UNAVAILABLE: continue to software setup */
#endif
/* Standard CryptoCB path - copy key to devKey for encrypt/decrypt offload */
if (keylen > sizeof(aes->devKey)) {
return BAD_FUNC_ARG;
}
XMEMCPY(aes->devKey, userKey, keylen);
}
#endif
return AesSetKey(aes, userKey, keylen, iv, dir);
}
#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
/* AES-CTR and AES-DIRECT need to use this for key setup */
/* This function allows key sizes that are not 128/192/256 bits */
@@ -6598,7 +6720,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
word32 blocks;
int ret;
#endif
@@ -6611,7 +6733,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
return 0;
}
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
blocks = sz / WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
@@ -6687,6 +6809,10 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
}
#endif
return 0;
#elif defined(WOLFSSL_PPC64_ASM)
AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key,
aes->rounds, (unsigned char*)aes->reg);
return 0;
#else
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
/* Implemented in wolfcrypt/src/port/nxp/se050_port.c */
@@ -6788,7 +6914,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
/* Software AES - CBC Decrypt */
int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
word32 blocks;
int ret;
#endif
@@ -6816,7 +6942,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
}
#endif
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
blocks = sz / WC_AES_BLOCK_SIZE;
#endif
if (sz % WC_AES_BLOCK_SIZE) {
@@ -6909,6 +7035,10 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
#endif
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
return 0;
#elif defined(WOLFSSL_PPC64_ASM)
AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key,
aes->rounds, (unsigned char*)aes->reg);
return 0;
#else
VECTOR_REGISTERS_PUSH;
@@ -7266,7 +7396,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
byte scratch[WC_AES_BLOCK_SIZE];
#endif
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
int ret = 0;
#endif
word32 processed;
@@ -7389,6 +7519,47 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
}
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
return 0;
#elif defined(WOLFSSL_PPC64_ASM)
{
word32 numBlocks;
byte* tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
/* consume any unused bytes left in aes->tmp */
while ((aes->left != 0) && (sz != 0)) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
sz--;
}
/* do as many block size ops as possible */
numBlocks = sz / WC_AES_BLOCK_SIZE;
if (numBlocks > 0) {
AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE,
(byte*)aes->key, aes->rounds, (byte*)aes->reg);
sz -= numBlocks * WC_AES_BLOCK_SIZE;
out += numBlocks * WC_AES_BLOCK_SIZE;
in += numBlocks * WC_AES_BLOCK_SIZE;
}
/* handle non block size remaining */
if (sz) {
byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0 };
AES_CTR_encrypt(zeros, (byte*)aes->tmp,
WC_AES_BLOCK_SIZE, (byte*)aes->key, aes->rounds,
(byte*)aes->reg);
aes->left = WC_AES_BLOCK_SIZE;
tmp = (byte*)aes->tmp;
while (sz--) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
}
}
}
return 0;
#else
VECTOR_REGISTERS_PUSH;
@@ -7640,6 +7811,13 @@ void GenerateM0(Gcm* gcm)
}
}
#if defined(WOLFSSL_PPC64_ASM)
for (i = 1; i < 256; i++) {
word64* m64 = (word64*)gcm->M0[i];
m64[0] = ByteReverseWord64(m64[0]);
m64[1] = ByteReverseWord64(m64[1]);
}
#endif
XMEMSET(m[0], 0, WC_AES_BLOCK_SIZE);
}
@@ -7725,7 +7903,6 @@ void GenerateM0(Gcm* gcm)
#endif
}
#endif
}
#endif /* GCM_TABLE */
@@ -8125,6 +8302,37 @@ static void GCM_gmult_len_armasm_C(
#elif defined(WOLFSSL_ARMASM)
#define GCM_GMULT_LEN(gcm, x, a, len) \
GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len)
#elif defined(WOLFSSL_PPC64_ASM)
static void GCM_gmult_len_armasm_C(
byte* x, const byte* h, const unsigned char* a, unsigned long len)
{
byte Z[AES_BLOCK_SIZE];
byte V[AES_BLOCK_SIZE];
int i;
int j;
while (len >= AES_BLOCK_SIZE) {
xorbuf(x, a, AES_BLOCK_SIZE);
XMEMSET(Z, 0, AES_BLOCK_SIZE);
XMEMCPY(V, x, AES_BLOCK_SIZE);
for (i = 0; i < AES_BLOCK_SIZE; i++) {
byte y = h[i];
for (j = 0; j < 8; j++) {
if (y & 0x80) {
xorbuf(Z, V, AES_BLOCK_SIZE);
}
RIGHTSHIFTX(V);
y = y << 1;
}
}
XMEMCPY(x, Z, AES_BLOCK_SIZE);
len -= AES_BLOCK_SIZE;
a += AES_BLOCK_SIZE;
}
}
#define GCM_GMULT_LEN(gcm, x, a, len) \
GCM_gmult_len_armasm_C(x, (gcm)->H, a, len)
#endif
#elif defined(GCM_TABLE)
@@ -8138,6 +8346,9 @@ static void GCM_gmult_len_armasm_C(
#define GCM_GMULT_LEN(gcm, x, a, len) \
GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len)
#endif
#elif defined(WOLFSSL_PPC64_ASM)
#define GCM_GMULT_LEN(gcm, x, a, len) \
GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len)
#else
ALIGN16 static const byte R[256][2] = {
{0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
@@ -8400,7 +8611,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
#endif /* WOLFSSL_AESGCM_STREAM */
/* end GCM_TABLE */
#elif defined(GCM_TABLE_4BIT)
/* ARM assembly */
#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__)
@@ -8414,6 +8625,14 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
#define GMULT(x, m) \
GCM_gmult(x, (const byte**)m)
#endif
/* PPC64 assembly */
#elif defined(WOLFSSL_PPC64_ASM)
#define GCM_GMULT_LEN(gcm, x, a, len) \
GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len)
#define GMULT(x, m) \
GCM_gmult(x, (const byte**)m)
#else
/* remainder = x^7 + x^2 + x^1 + 1 => 0xe1
* R shifts right a reverse bit pair of bytes such that:
@@ -9928,7 +10147,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
#endif /* STM32_CRYPTO_AES_GCM */
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
#ifdef WOLFSSL_AESNI
/* For performance reasons, this code needs to be not inlined. */
WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
@@ -10048,8 +10267,9 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
return ret;
}
#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
static int AES_GCM_encrypt_ARM(Aes* aes, byte* out, const byte* in,
#elif (defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) || \
defined(WOLFSSL_PPC64_ASM)
static int AES_GCM_encrypt_ASM(Aes* aes, byte* out, const byte* in,
word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
@@ -10305,10 +10525,13 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
{
ret = AES_GCM_encrypt_ARM(aes, out, in, sz, iv, ivSz, authTag,
ret = AES_GCM_encrypt_ASM(aes, out, in, sz, iv, ivSz, authTag,
authTagSz, authIn, authInSz);
}
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
#elif defined(WOLFSSL_PPC64_ASM)
ret = AES_GCM_encrypt_ASM(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
authIn, authInSz);
#else
#ifdef WOLFSSL_AESNI
if (aes->use_aesni) {
@@ -10653,7 +10876,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
#endif /* STM32_CRYPTO_AES_GCM */
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PPC64_ASM)
#ifdef WOLFSSL_AESNI
/* For performance reasons, this code needs to be not inlined. */
int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
@@ -10802,8 +11025,9 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
#endif
return ret;
}
#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
static int AES_GCM_decrypt_ARM(Aes* aes, byte* out, const byte* in,
#elif (defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) || \
defined(WOLFSSL_PPC64_ASM)
static int AES_GCM_decrypt_ASM(Aes* aes, byte* out, const byte* in,
word32 sz, const byte* iv, word32 ivSz, const byte* authTag,
word32 authTagSz, const byte* authIn, word32 authInSz)
{
@@ -11057,10 +11281,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
{
ret = AES_GCM_decrypt_ARM(aes, out, in, sz, iv, ivSz, authTag,
ret = AES_GCM_decrypt_ASM(aes, out, in, sz, iv, ivSz, authTag,
authTagSz, authIn, authInSz);
}
#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
#elif defined(WOLFSSL_PPC64_ASM)
{
ret = AES_GCM_decrypt_ASM(aes, out, in, sz, iv, ivSz, authTag,
authTagSz, authIn, authInSz);
}
#else
#ifdef WOLFSSL_AESNI
if (aes->use_aesni) {
@@ -14233,6 +14462,9 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
aes->rounds);
}
#endif
#elif defined(WOLFSSL_PPC64_ASM)
AES_ECB_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds);
ret = 0;
#else
#ifdef WOLFSSL_AESNI
if (aes->use_aesni) {
@@ -14325,6 +14557,9 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
aes->rounds);
}
#endif
#elif defined(WOLFSSL_PPC64_ASM)
AES_ECB_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds);
ret = 0;
#else
#ifdef WOLFSSL_AESNI
if (aes->use_aesni) {
@@ -15584,8 +15819,8 @@ static WARN_UNUSED_RESULT int _AesXtsHelper(
*/
/* Software AES - XTS Encrypt */
#if !defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))) && !defined(WOLFSSL_PPC64_ASM)
static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
word32 sz,
byte *i);
@@ -15825,6 +16060,10 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
ret = 0;
}
#endif
#elif defined(WOLFSSL_PPC64_ASM)
AES_XTS_encrypt(in, out, sz, i, (byte*)xaes->aes.key,
(byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds);
ret = 0;
#else
ret = AesXtsEncrypt_sw(xaes, out, in, sz, i);
#endif
@@ -16043,8 +16282,8 @@ int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
*/
/* Software AES - XTS Decrypt */
#if !defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))
#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))) && !defined(WOLFSSL_PPC64_ASM)
static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
word32 sz, byte *i);
@@ -16302,6 +16541,10 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
ret = 0;
}
#endif
#elif defined(WOLFSSL_PPC64_ASM)
AES_XTS_decrypt(in, out, sz, i, (byte*)xaes->aes.key,
(byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds);
ret = 0;
#else
ret = AesXtsDecrypt_sw(xaes, out, in, sz, i);
#endif
+317 -34
View File
@@ -8743,9 +8743,8 @@ int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, int* keySz,
#endif /* NO_RSA */
#ifdef WOLFSSL_ASN_TEMPLATE
/* ASN.1 template for a PKCS #8 key.
* Ignoring optional attributes and public key.
* PKCS #8: RFC 5958, 2 - PrivateKeyInfo
/* ASN.1 template for a PKCS #8 PrivateKeyInfo / RFC 5958 OneAsymmetricKey.
* Includes the optional [0] attributes and [1] publicKey trailing fields.
*/
static const ASNItem pkcs8KeyASN[] = {
/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
@@ -8758,9 +8757,10 @@ static const ASNItem pkcs8KeyASN[] = {
/* PKEY_ALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 },
#endif
/* PKEY_DATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
/* OPTIONAL Attributes IMPLICIT [0] */
/* Attributes [0] OPTIONAL */
{ 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
/* [[2: publicKey [1] PublicKey OPTIONAL ]] */
/* publicKey [1] OPTIONAL */
{ 1, ASN_CONTEXT_SPECIFIC | 1, 0, 0, 1 },
};
enum {
PKCS8KEYASN_IDX_SEQ = 0,
@@ -8774,6 +8774,7 @@ enum {
#endif
PKCS8KEYASN_IDX_PKEY_DATA,
PKCS8KEYASN_IDX_PKEY_ATTRIBUTES,
PKCS8KEYASN_IDX_PKEY_PUBKEY,
WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX)
};
@@ -8833,13 +8834,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
/* Key type OID. */
oid = dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY].data.oid.sum;
/* Version 1 includes an optional public key.
* If public key is included then the parsing will fail as it did not
* use all the data.
*/
/* Only v1(0) and v2(1) are supported (RFC 5958). The [1] publicKey
* trailer is permitted only when version == v1. */
if (version > PKCS8v1) {
ret = ASN_PARSE_E;
}
else if ((version < PKCS8v1) &&
(dataASN[PKCS8KEYASN_IDX_PKEY_PUBKEY].tag != 0)) {
ret = ASN_PARSE_E;
}
}
if (ret == 0) {
switch (oid) {
@@ -8935,9 +8938,71 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
}
break;
#endif
/* DSAk not supported. */
/* Falcon, Dilithium and SLH-DSA not supported. */
/* Ignore OID lookup failures. */
#ifdef HAVE_FALCON
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
/* Neither NULL item nor OBJECT_ID item allowed. */
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
ret = ASN_PARSE_E;
}
break;
#endif
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
#endif
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
/* Neither NULL item nor OBJECT_ID item allowed. */
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
ret = ASN_PARSE_E;
}
break;
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
case SLH_DSA_SHA2_128Sk:
case SLH_DSA_SHA2_128Fk:
case SLH_DSA_SHA2_192Sk:
case SLH_DSA_SHA2_192Fk:
case SLH_DSA_SHA2_256Sk:
case SLH_DSA_SHA2_256Fk:
case SLH_DSA_SHAKE_128Sk:
case SLH_DSA_SHAKE_128Fk:
case SLH_DSA_SHAKE_192Sk:
case SLH_DSA_SHAKE_192Fk:
case SLH_DSA_SHAKE_256Sk:
case SLH_DSA_SHAKE_256Fk:
/* Neither NULL item nor OBJECT_ID item allowed. */
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
ret = ASN_PARSE_E;
}
break;
#endif
#ifdef WOLFSSL_HAVE_LMS
case HSS_LMSk:
/* Neither NULL item nor OBJECT_ID item allowed. */
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
ret = ASN_PARSE_E;
}
break;
#endif
#ifdef WOLFSSL_HAVE_XMSS
case XMSSk:
/* Neither NULL item nor OBJECT_ID item allowed. */
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
ret = ASN_PARSE_E;
}
break;
#endif
/* Other OIDs (DSAk), no parameter validation. */
default:
break;
}
@@ -9037,9 +9102,9 @@ int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz)
int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
int algoID, const byte* curveOID, word32 oidSz)
{
/* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional
* set of attributes */
DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1);
/* pkcs8KeyASN_Length-2, the -2 is because we are not adding the optional
* set of attributes or publicKey */
DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-2);
word32 sz = 0;
int ret = 0;
word32 keyIdx = 0;
@@ -9066,7 +9131,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
#endif
if (ret == 0)
CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL);
CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-2, ret, NULL);
if (ret == 0) {
/* Only support default PKCS #8 format - v0. */
@@ -9092,7 +9157,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz);
/* Get the size of the DER encoding. */
ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz);
ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-2, &sz);
}
if ((ret == 0) || (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
/* Always return the calculated size. */
@@ -9105,7 +9170,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
}
if (ret == 0) {
/* Encode PKCS #8 key into buffer. */
SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out);
SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-2, out);
ret = (int)sz;
}
@@ -17833,12 +17898,31 @@ int wolfssl_local_MatchBaseName(int type, const char* name, int nameSz,
const char* base, int baseSz)
{
if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 ||
name[0] == '.' || nameSz < baseSz ||
name[0] == '.' ||
(type != ASN_RFC822_TYPE && type != ASN_DNS_TYPE &&
type != ASN_DIR_TYPE)) {
return 0;
}
if (type == ASN_DNS_TYPE) {
/* MatchDomainName treats one trailing dot as the absolute-FQDN marker.
* Apply the same normalization before enforcing DNS name constraints.
*/
if (name[nameSz - 1] == '.') {
nameSz--;
}
if (base[baseSz - 1] == '.') {
baseSz--;
}
if (nameSz <= 0 || baseSz <= 0) {
return 0;
}
}
if (nameSz < baseSz) {
return 0;
}
if (type == ASN_DIR_TYPE)
return XMEMCMP(name, base, (size_t)baseSz) == 0;
@@ -17927,8 +18011,8 @@ int wolfssl_local_MatchBaseName(int type, const char* name, int nameSz,
return 1;
}
static int MatchUriNameConstraint(const char* uri, int uriSz, const char* base,
int baseSz)
int wolfssl_local_MatchUriNameConstraint(const char* uri, int uriSz,
const char* base, int baseSz)
{
const char* hostStart;
const char* hostEnd;
@@ -17936,7 +18020,10 @@ static int MatchUriNameConstraint(const char* uri, int uriSz, const char* base,
const char* uriEnd;
int hostSz;
if (uri == NULL || uriSz <= 0 || base == NULL || baseSz <= 0) {
/* Need at least 3 bytes for the "://" scheme separator; rejecting short
* inputs early also keeps the loop bound (uriEnd - 2) from forming a
* pointer before `uri`. */
if (uri == NULL || uriSz < 3 || base == NULL || baseSz <= 0) {
return 0;
}
@@ -17992,8 +18079,168 @@ static int MatchUriNameConstraint(const char* uri, int uriSz, const char* base,
return 0;
}
return wolfssl_local_MatchBaseName(ASN_DNS_TYPE, hostStart, hostSz, base,
baseSz);
/* RFC 5280 4.2.1.10: for URIs the constraint applies to the host part.
* A constraint that begins with a '.' matches any host with one or more
* additional leading labels (the bare host is excluded) - this is the
* DNS subtree behaviour. A constraint without a leading '.' specifies a
* single host and must match it exactly. */
if (base[0] == '.') {
return wolfssl_local_MatchBaseName(ASN_DNS_TYPE, hostStart, hostSz,
base, baseSz);
}
else {
int i;
if (hostSz != baseSz) {
return 0;
}
for (i = 0; i < baseSz; i++) {
if (XTOLOWER((unsigned char)hostStart[i]) !=
XTOLOWER((unsigned char)base[i])) {
return 0;
}
}
return 1;
}
}
/* Locate the right-most label of `s` that ends (exclusive) at index `end`.
* Sets *outStart to its starting index (the index of its first byte). If
* outHasWild is non-NULL, sets *outHasWild to 1 iff the label contains '*'.
* The '.' immediately before *outStart (if any) is the label separator and is
* not part of either the current or the preceding label. */
static void PrevDnsLabel(const char* s, int end, int* outStart,
int* outHasWild)
{
int start = end;
int hasWild = 0;
while (start > 0 && s[start - 1] != '.') {
if (s[start - 1] == '*') {
hasWild = 1;
}
start--;
}
*outStart = start;
if (outHasWild != NULL) {
*outHasWild = hasWild;
}
}
/* Match a wildcard DNS SAN against a DNS name-constraint subtree.
*
* A wildcard SAN denotes the set of names its '*'(s) can expand to. Because a
* '*' never crosses a label boundary (see MatchDomainName), every expansion
* has the same number of labels and only the content of '*'-bearing labels
* varies. Matching is therefore done label-by-label from the right against the
* constraint base.
*
* permitted != 0: containment. Accept only if EVERY expansion stays inside the
* subtree, i.e. each of the right-most base-length labels of the name is
* wildcard-free and equal to the corresponding base label. Extra labels to
* the left may be anything (adding labels on the left stays in-subtree).
*
* permitted == 0: intersection (for excluded subtrees). Reject if SOME
* expansion falls inside the subtree. A label containing a '*' is
* conservatively treated as able to match any single base label; a literal
* label must equal the base label.
*
* A leading '.' on the base denotes a proper subtree (the apex is excluded),
* which requires at least one extra label on the left of the name.
*
* Returns 1 on match (contained / intersecting), 0 otherwise.
*/
int wolfssl_local_MatchDnsConstraintWildcard(const char* name, int nameSz,
const char* base, int baseSz, int permitted)
{
int baseLead;
int ni, bi;
if (name == NULL || base == NULL || nameSz <= 0 || baseSz <= 0) {
return 0;
}
/* MatchDomainName treats one trailing dot as the absolute-FQDN marker.
* Apply the same normalization before label-wise constraint matching.
*/
if (name[nameSz - 1] == '.') {
nameSz--;
}
if (base[baseSz - 1] == '.') {
baseSz--;
}
if (nameSz <= 0 || baseSz <= 0 || name[0] == '.') {
return 0;
}
baseLead = (base[0] == '.');
if (baseLead) {
base++;
baseSz--;
}
/* A base of only dots (".", "..") has no labels to match. */
if (baseSz <= 0 || base[0] == '.') {
return 0;
}
ni = nameSz; /* exclusive end of the unconsumed name */
bi = baseSz; /* exclusive end of the unconsumed base */
/* Compare each base label (right to left) with the aligned name label. */
while (bi > 0) {
int nStart, bStart, nLen, bLen, k;
int hasWild = 0;
/* Base labels remain but the name has none left -> name is shorter in
* labels and cannot contain the base. */
if (ni <= 0) {
return 0;
}
PrevDnsLabel(name, ni, &nStart, &hasWild);
PrevDnsLabel(base, bi, &bStart, NULL);
nLen = ni - nStart;
bLen = bi - bStart;
/* Empty label (e.g. "a..b" or an extra trailing dot) is invalid. */
if (nLen == 0 || bLen == 0) {
return 0;
}
if (hasWild) {
/* permitted: a wildcard label cannot prove containment.
* excluded: a wildcard label is conservatively treated as
* compatible, so nothing more to check. */
if (permitted) {
return 0;
}
}
else {
/* Literal label: both modes require exact case-insensitive
* equality with the base label. */
if (nLen != bLen) {
return 0;
}
for (k = 0; k < bLen; k++) {
if (XTOLOWER((unsigned char)name[nStart + k]) !=
XTOLOWER((unsigned char)base[bStart + k])) {
return 0;
}
}
}
/* Consume both labels and the '.' that precedes them (if any). */
ni = nStart - 1;
bi = bStart - 1;
}
/* All base labels matched. ni >= 0 means name[ni] == '.' and at least one
* extra label remains on the left; ni < 0 means the name had exactly the
* base's label count (an apex match). A leading-dot base is a proper
* subtree and requires at least one extra left label. */
if (baseLead && ni < 0) {
return 0;
}
return 1;
}
/* Check if IP address matches a name constraint.
@@ -18046,6 +18293,18 @@ static int MatchOtherNameConstraint(DNS_entry* name, Base_entry* current)
return XMEMCMP(name->name, current->name, (size_t)current->nameSz) == 0;
}
/* Return 1 if the name contains a wildcard '*' character. */
static int DnsNameHasWildcard(const char* name, int nameSz)
{
int i;
for (i = 0; i < nameSz; i++) {
if (name[i] == '*') {
return 1;
}
}
return 0;
}
/* Search through the list to find if the name is permitted.
* name The DNS name to search for
* dnsList The list to search through
@@ -18073,7 +18332,7 @@ static int PermittedListOk(DNS_entry* name, Base_entry* dnsList, byte nameType)
}
}
else if (nameType == ASN_URI_TYPE) {
if (MatchUriNameConstraint(name->name, name->len,
if (wolfssl_local_MatchUriNameConstraint(name->name, name->len,
current->name, current->nameSz)) {
match = 1;
break;
@@ -18096,6 +18355,17 @@ static int PermittedListOk(DNS_entry* name, Base_entry* dnsList, byte nameType)
break;
}
}
else if (nameType == ASN_DNS_TYPE &&
DnsNameHasWildcard(name->name, name->len)) {
/* Wildcard DNS SAN: a '*' can expand to a longer label, so the
* byte-length guard used for literal names below is invalid.
* Permit only if every expansion stays inside the subtree. */
if (wolfssl_local_MatchDnsConstraintWildcard(name->name,
name->len, current->name, current->nameSz, 1)) {
match = 1;
break;
}
}
else if (name->len >= current->nameSz &&
wolfssl_local_MatchBaseName(nameType, name->name, name->len,
current->name, current->nameSz)) {
@@ -18137,7 +18407,7 @@ static int IsInExcludedList(DNS_entry* name, Base_entry* dnsList, byte nameType)
}
}
else if (nameType == ASN_URI_TYPE) {
if (MatchUriNameConstraint(name->name, name->len,
if (wolfssl_local_MatchUriNameConstraint(name->name, name->len,
current->name, current->nameSz)) {
ret = 1;
break;
@@ -18159,6 +18429,17 @@ static int IsInExcludedList(DNS_entry* name, Base_entry* dnsList, byte nameType)
break;
}
}
else if (nameType == ASN_DNS_TYPE &&
DnsNameHasWildcard(name->name, name->len)) {
/* Wildcard DNS SAN: a '*' can expand to a longer label, so the
* byte-length guard used for literal names below is invalid.
* Exclude if any expansion can fall inside the subtree. */
if (wolfssl_local_MatchDnsConstraintWildcard(name->name,
name->len, current->name, current->nameSz, 0)) {
ret = 1;
break;
}
}
else if (name->len >= current->nameSz &&
wolfssl_local_MatchBaseName(nameType, name->name, name->len,
current->name, current->nameSz)) {
@@ -18579,7 +18860,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
}
WOLFSSL_MSG("\tPutting URI into list but not using");
#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
#ifndef WOLFSSL_NO_ASN_STRICT
/* Verify RFC 5280 Sec 4.2.1.6 rule:
"The name MUST NOT be a relative URI"
As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
@@ -18595,9 +18876,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
break;
}
if (input[idx + (word32)i] == '/') {
i = len; /* error, found relative path since '/' was
* encountered before ':'. Returning error
* value in next if statement. */
/* path is relative since '/' was encountered before ':'. */
return ASN_ALT_NAME_E;
}
}
@@ -18669,6 +18949,10 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
* - CheckForAltNames (TLS hostname matching): skips ASN_RID_TYPE
* unconditionally and excludes them from *checkCN, so a cert
* with only registeredID SANs still falls back to CN.
* - CheckForAltNames (TLS hostname matching): skips ASN_URI_TYPE
* for DNS hostname checks (RFC 9525 Sec. 6.3) but URI SAN presence
* still suppresses CN fallback because URI-ID is a distinct presented
* identifier.
* - DNS_to_GENERAL_NAME (used by wolfSSL_X509_get_ext) and the
* ALT_NAMES_OID arm of wolfSSL_X509_get_ext_d2i: build a proper
* ASN1_OBJECT in d.registeredID from raw OID bytes regardless
@@ -37657,7 +37941,7 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
WOLFSSL_MSG("\tPutting URI into list but not using");
#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
#ifndef WOLFSSL_NO_ASN_STRICT
/* Verify RFC 5280 Sec 4.2.1.6 rule:
"The name MUST NOT be a relative URI"
As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
@@ -37673,9 +37957,8 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
break;
}
if (input[idx + (word32)i] == '/') {
i = len; /* error, found relative path since '/' was
* encountered before ':'. Returning error
* value in next if statement. */
/* path is relative since '/' was encountered before ':'. */
return ASN_ALT_NAME_E;
}
}
+1 -76
View File
@@ -750,81 +750,6 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
#endif
#endif
#ifndef NO_RSA
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
word32 inSz, word32* key_n,
word32* key_n_len, word32* key_e,
word32* key_e_len)
{
int ret = 0;
int length = 0;
#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
byte b;
#endif
if (input == NULL || inOutIdx == NULL)
return BAD_FUNC_ARG;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
if ((*inOutIdx + 1) > inSz)
return BUFFER_E;
b = input[*inOutIdx];
if (b != ASN_INTEGER) {
/* not from decoded cert, will have algo id, skip past */
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (SkipObjectId(input, inOutIdx, inSz) < 0)
return ASN_PARSE_E;
/* Option NULL ASN.1 tag */
if (*inOutIdx >= inSz) {
return BUFFER_E;
}
if (input[*inOutIdx] == ASN_TAG_NULL) {
ret = GetASNNull(input, inOutIdx, inSz);
if (ret != 0)
return ret;
}
/* TODO: support RSA PSS */
/* should have bit tag length and seq next */
ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL);
if (ret != 0)
return ret;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
}
#endif /* OPENSSL_EXTRA */
/* Get modulus */
ret = GetASNInt(input, inOutIdx, &length, inSz);
*key_n += *inOutIdx;
if (ret < 0) {
return ASN_RSA_KEY_E;
}
if (key_n_len)
*key_n_len = length;
*inOutIdx += length;
/* Get exponent */
ret = GetASNInt(input, inOutIdx, &length, inSz);
*key_e += *inOutIdx;
if (ret < 0) {
return ASN_RSA_KEY_E;
}
if (key_e_len)
*key_e_len = length;
return ret;
}
#endif
int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz,
const byte** n, word32* nSz, const byte** e, word32* eSz)
{
@@ -3420,7 +3345,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
return ASN_PARSE_E;
}
#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
#ifndef WOLFSSL_NO_ASN_STRICT
/* Verify RFC 5280 Sec 4.2.1.6 rule:
"The name MUST NOT be a relative URI"
As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
+11 -1
View File
@@ -2033,10 +2033,20 @@ int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
#ifdef WOLFSSL_SHA512
int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
word32 inSz, byte* digest, size_t digestSz)
word32 inSz, byte* digest
#if !(defined(HAVE_FIPS) && FIPS_VERSION_LT(7,0))
, size_t digestSz
#endif
)
{
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
CryptoCb* dev;
#if defined(HAVE_FIPS) && FIPS_VERSION_LT(7,0)
/* Older FIPS sha512.c snapshots call the 4-arg API (no digestSz). Treat as
* full-size SHA-512 with no variant dispatch, matching pre-digestSz
* behavior. */
size_t digestSz = WC_SHA512_DIGEST_SIZE;
#endif
/* locate registered callback */
#ifndef NO_SHA2_CRYPTO_CB
+4 -44
View File
@@ -57,14 +57,6 @@
}
#endif
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
/*
Possible DH enable options:
* NO_RSA: Overall control of DH default: on (not defined)
@@ -1425,8 +1417,6 @@ int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
return BAD_FUNC_ARG;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = GeneratePublicDh(key, priv, privSz, pub, pubSz);
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
@@ -1436,8 +1426,6 @@ int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz);
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
RESTORE_VECTOR_REGISTERS();
return ret;
}
@@ -1451,8 +1439,6 @@ static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
return BAD_FUNC_ARG;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = GeneratePrivateDh(key, rng, priv, privSz);
if (ret == 0)
@@ -1464,9 +1450,6 @@ static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, *privSz);
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif /* !WOLFSSL_KCAPI_DH */
@@ -1589,8 +1572,6 @@ static int _ffc_validate_public_key(DhKey* key, const byte* pub, word32 pubSz,
return MP_INIT_E;
}
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) {
ret = MP_READ_E;
}
@@ -1679,8 +1660,6 @@ static int _ffc_validate_public_key(DhKey* key, const byte* pub, word32 pubSz,
mp_clear(p);
mp_clear(q);
RESTORE_VECTOR_REGISTERS();
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(q, key->heap, DYNAMIC_TYPE_DH);
XFREE(p, key->heap, DYNAMIC_TYPE_DH);
@@ -1919,8 +1898,6 @@ static int _ffc_pairwise_consistency_test(DhKey* key,
return MP_INIT_E;
}
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
/* Load the private and public keys into big integers. */
if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY ||
mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) {
@@ -1979,8 +1956,6 @@ static int _ffc_pairwise_consistency_test(DhKey* key,
mp_clear(publicKey);
mp_clear(checkKey);
RESTORE_VECTOR_REGISTERS();
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
@@ -2174,8 +2149,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
ret = MP_INIT_E;
if (ret == 0) {
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
ret = MP_READ_E;
@@ -2201,8 +2174,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
}
mp_clear(y);
RESTORE_VECTOR_REGISTERS();
}
/* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
@@ -2253,8 +2224,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
}
#endif
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
ret = MP_READ_E;
#ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -2313,8 +2282,6 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
mp_clear(y);
mp_forcezero(x);
RESTORE_VECTOR_REGISTERS();
#else
(void)ct;
ret = WC_KEY_SIZE_E;
@@ -2601,8 +2568,6 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
ret = BAD_FUNC_ARG;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
if (ret == 0) {
/* may have leading 0 */
if (p[0] == 0) {
@@ -2714,8 +2679,6 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
mp_clear(keyP);
}
RESTORE_VECTOR_REGISTERS();
return ret;
}
@@ -3204,8 +3167,6 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
}
#endif
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
if (ret == 0) {
/* force magnitude */
buf[0] |= 0xC0;
@@ -3264,9 +3225,10 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
if (ret != 0 || primeCheck == MP_YES)
break;
/* linuxkm: release the kernel for a moment before iterating. */
RESTORE_VECTOR_REGISTERS();
SAVE_VECTOR_REGISTERS(ret = _svr_ret; break;);
ret = WC_CHECK_FOR_INTR_SIGNALS();
if (ret != 0)
break;
WC_RELAX_LONG_LOOP();
};
}
@@ -3308,8 +3270,6 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
mp_clear(&dh->g);
}
RESTORE_VECTOR_REGISTERS();
#ifndef WOLFSSL_NO_MALLOC
if (buf != NULL)
#endif
+5 -16
View File
@@ -36,14 +36,6 @@
#include <wolfcrypt/src/misc.c>
#endif
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
#ifdef _MSC_VER
/* disable for while(0) cases (MSVC bug) */
#pragma warning(disable:4127)
@@ -269,8 +261,6 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
}
#endif
SAVE_VECTOR_REGISTERS(;);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), dsa->heap,
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
@@ -338,8 +328,6 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
mp_clear(tmpQ);
#endif
RESTORE_VECTOR_REGISTERS();
return err;
}
@@ -454,6 +442,11 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
break;
loop_check_prime++;
}
err = WC_CHECK_FOR_INTR_SIGNALS();
if (err != 0)
break;
WC_RELAX_LONG_LOOP();
}
}
@@ -794,8 +787,6 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
return BAD_LENGTH_E;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
do {
#ifdef WOLFSSL_SMALL_STACK
k = (mp_int *)XMALLOC(sizeof *k, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1040,8 +1031,6 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
}
} while (0);
RESTORE_VECTOR_REGISTERS();
#ifdef WOLFSSL_SMALL_STACK
if (k) {
if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
+5 -118
View File
@@ -275,14 +275,6 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/hmac.h>
#endif
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
@@ -5150,8 +5142,6 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
return ECC_BAD_ARG_E;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
switch (private_key->state) {
case ECC_STATE_NONE:
case ECC_STATE_SHARED_SEC_GEN:
@@ -5194,8 +5184,6 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
err = BAD_STATE_E;
} /* switch */
RESTORE_VECTOR_REGISTERS();
/* if async pending then return and skip done cleanup below */
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
return err;
@@ -5280,8 +5268,6 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
return ECC_BAD_ARG_E;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ALLOC_CURVE_SPECS(3, err);
if (err == MP_OKAY) {
err = wc_ecc_curve_load(wc_ecc_get_curve_params(curve_idx), &curve,
@@ -5296,8 +5282,6 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
wc_ecc_curve_free(curve);
FREE_CURVE_SPECS();
RESTORE_VECTOR_REGISTERS();
return err;
}
@@ -5456,8 +5440,6 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
return BAD_FUNC_ARG;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#ifdef HAVE_ECC_MAKE_PUB
/* if ecc_point passed in then use it as output for public key point */
if (pubOut != NULL) {
@@ -5603,8 +5585,6 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
key->type = ECC_PRIVATEKEY;
}
RESTORE_VECTOR_REGISTERS();
return err;
}
@@ -6107,8 +6087,6 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
{
int err;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
err = _ecc_make_key_ex(rng, keysize, key, curve_id, flags);
#if (FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)) && \
@@ -6132,8 +6110,6 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
}
#endif
RESTORE_VECTOR_REGISTERS();
return err;
}
@@ -7195,6 +7171,11 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
mp_clear(pubkey->pubkey.z);
#endif
mp_forcezero(pubkey->k);
err = WC_CHECK_FOR_INTR_SIGNALS();
if (err != 0)
break;
WC_RELAX_LONG_LOOP();
}
mp_forcezero(b);
FREE_MP_INT_SIZE(b, key->heap, DYNAMIC_TYPE_ECC);
@@ -7244,10 +7225,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
{
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_sign_256(in, inlen, rng, ecc_get_k(key), r, s,
sign_k, key->heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -7256,10 +7235,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
if (ecc_sets[key->idx].id == ECC_SM2P256V1) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_sign_sm2_256(in, inlen, rng, ecc_get_k(key), r, s,
sign_k, key->heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -7284,10 +7261,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
{
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_sign_384(in, inlen, rng, ecc_get_k(key), r, s,
sign_k, key->heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -7314,10 +7289,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
{
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_sign_521(in, inlen, rng, ecc_get_k(key), r, s,
sign_k, key->heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -8938,10 +8911,8 @@ static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
{
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_verify_256(hash, hashlen, key->pubkey.x,
key->pubkey.y, key->pubkey.z, r, s, res, key->heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -8982,10 +8953,8 @@ static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
{
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_verify_384(hash, hashlen, key->pubkey.x,
key->pubkey.y, key->pubkey.z, r, s, res, key->heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -9011,10 +8980,8 @@ static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
#if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY))
{
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_verify_521(hash, hashlen, key->pubkey.x,
key->pubkey.y, key->pubkey.z, r, s, res, key->heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -9652,8 +9619,6 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
if (err != MP_OKAY)
return MEMORY_E;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
/* check for point type (4, 2, or 3) */
pointType = in[0];
if (pointType != ECC_POINT_UNCOMP && pointType != ECC_POINT_COMP_EVEN &&
@@ -9845,8 +9810,6 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
mp_clear(point->z);
}
RESTORE_VECTOR_REGISTERS();
return err;
}
@@ -10197,8 +10160,6 @@ static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
return err;
}
SAVE_VECTOR_REGISTERS(err = _svr_ret;);
/* compute y^2 */
if (err == MP_OKAY)
err = mp_sqr(ecp->y, t1);
@@ -10267,8 +10228,6 @@ static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
mp_clear(t1);
mp_clear(t2);
RESTORE_VECTOR_REGISTERS();
WC_FREE_VAR_EX(t2, NULL, DYNAMIC_TYPE_ECC);
WC_FREE_VAR_EX(t1, NULL, DYNAMIC_TYPE_ECC);
@@ -10718,8 +10677,6 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
DECLARE_CURVE_SPECS(4);
#endif
ASSERT_SAVED_VECTOR_REGISTERS();
if (key == NULL)
return BAD_FUNC_ARG;
@@ -10871,9 +10828,7 @@ WOLFSSL_ABI
int wc_ecc_check_key(ecc_key* key)
{
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = _ecc_validate_public_key(key, 0, 1);
RESTORE_VECTOR_REGISTERS();
return ret;
}
@@ -10938,8 +10893,6 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
mp_forcezero(key->kb);
#endif
SAVE_VECTOR_REGISTERS(return _svr_ret;);
/* check for point type (4, 2, or 3) */
pointType = in[0];
if (pointType != ECC_POINT_UNCOMP && pointType != ECC_POINT_COMP_EVEN &&
@@ -11271,8 +11224,6 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
mp_forcezero(key->k);
}
RESTORE_VECTOR_REGISTERS();
return err;
}
@@ -11691,10 +11642,6 @@ static int _ecc_import_private_key_ex(const byte* priv, word32 privSz,
}
#else
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
ret = mp_read_unsigned_bin(key->k, priv, privSz);
#ifdef HAVE_WOLF_BIGINT
if (ret == 0 && wc_bigint_from_unsigned_bin(&key->k->raw, priv,
@@ -11745,10 +11692,6 @@ static int _ecc_import_private_key_ex(const byte* priv, word32 privSz,
#endif
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
RESTORE_VECTOR_REGISTERS();
#endif
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
if ((ret == 0) && (key->devId != INVALID_DEVID)) {
ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
@@ -12137,10 +12080,6 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
}
#endif
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
/* import private key */
if (err == MP_OKAY) {
if (d != NULL) {
@@ -12234,10 +12173,6 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
}
#endif
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
RESTORE_VECTOR_REGISTERS();
#endif
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
if (err == MP_OKAY) {
err = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
@@ -13858,8 +13793,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
}
#endif /* HAVE_THREAD_LS */
SAVE_VECTOR_REGISTERS(err = _svr_ret;);
/* find point */
idx1 = find_base(A);
@@ -13942,8 +13875,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
}
}
RESTORE_VECTOR_REGISTERS();
#ifndef HAVE_THREAD_LS
wc_UnLockMutex(&ecc_fp_lock);
#endif /* HAVE_THREAD_LS */
@@ -14011,8 +13942,6 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
got_ecc_fp_lock = 1;
#endif /* HAVE_THREAD_LS */
SAVE_VECTOR_REGISTERS(err = _svr_ret; goto out;);
/* find point */
idx = find_base(G);
@@ -14061,8 +13990,6 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
}
}
RESTORE_VECTOR_REGISTERS();
out:
#ifndef HAVE_THREAD_LS
@@ -14088,36 +14015,28 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret);
ret = sp_ecc_mulmod_sm2_256(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
#ifndef WOLFSSL_SP_NO_256
if (mp_count_bits(modulus) == 256) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_mulmod_256(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
#ifdef WOLFSSL_SP_384
if (mp_count_bits(modulus) == 384) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_mulmod_384(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
#ifdef WOLFSSL_SP_521
if (mp_count_bits(modulus) == 521) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_mulmod_521(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -14182,8 +14101,6 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
got_ecc_fp_lock = 1;
#endif /* HAVE_THREAD_LS */
SAVE_VECTOR_REGISTERS(err = _svr_ret; goto out;);
/* find point */
idx = find_base(G);
@@ -14232,8 +14149,6 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
}
}
RESTORE_VECTOR_REGISTERS();
out:
#ifndef HAVE_THREAD_LS
@@ -14262,36 +14177,28 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_mulmod_sm2_256(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
#ifndef WOLFSSL_SP_NO_256
if (mp_count_bits(modulus) == 256) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_mulmod_256(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
#ifdef WOLFSSL_SP_384
if (mp_count_bits(modulus) == 384) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_mulmod_384(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
#ifdef WOLFSSL_SP_521
if (mp_count_bits(modulus) == 521) {
int ret;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = sp_ecc_mulmod_521(k, G, R, map, heap);
RESTORE_VECTOR_REGISTERS();
return ret;
}
#endif
@@ -14887,8 +14794,6 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
}
#endif
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
#ifdef WOLFSSL_ECIES_ISO18033
XMEMCPY(sharedSecret, out - pubKeySz, pubKeySz);
sharedSz -= pubKeySz;
@@ -15105,8 +15010,6 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
#endif
}
RESTORE_VECTOR_REGISTERS();
ForceZero(sharedSecret, sharedSz);
ForceZero(keys, (word32)keysLen);
WC_FREE_VAR_EX(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
@@ -15266,8 +15169,6 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
}
#endif
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
#ifndef WOLFSSL_ECIES_OLD
if (pubKey == NULL) {
WC_ALLOC_VAR_EX(peerKey, ecc_key, 1, ctx->heap,
@@ -15501,8 +15402,6 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
if (ret == 0)
*outSz = msgSz - digestSz;
RESTORE_VECTOR_REGISTERS();
#ifndef WOLFSSL_ECIES_OLD
if (pubKey == peerKey)
wc_ecc_free(peerKey);
@@ -15576,8 +15475,6 @@ static int mp_jacobi(mp_int* a, mp_int* n, int* c)
return res;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
if ((res = mp_mod(a, n, a1)) != MP_OKAY) {
goto done;
}
@@ -15635,8 +15532,6 @@ static int mp_jacobi(mp_int* a, mp_int* n, int* c)
done:
RESTORE_VECTOR_REGISTERS();
/* cleanup */
mp_clear(n1);
mp_clear(a1);
@@ -15674,8 +15569,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
return MP_VAL;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
res = mp_init(&e);
if (res == MP_OKAY)
res = mp_mod_d(prime, 8, &i);
@@ -15699,8 +15592,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
mp_clear(&e);
RESTORE_VECTOR_REGISTERS();
return res;
#else
int res, legendre, done = 0;
@@ -15720,8 +15611,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
mp_int t1[1], C[1], Q[1], S[1], Z[1], M[1], T[1], R[1], N[1], two[1];
#endif
SAVE_VECTOR_REGISTERS(res = _svr_ret; goto out;);
if ((mp_init_multi(t1, C, Q, S, Z, M) != MP_OKAY) ||
(mp_init_multi(T, R, N, two, NULL, NULL) != MP_OKAY)) {
res = MP_INIT_E;
@@ -15933,8 +15822,6 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
out:
RESTORE_VECTOR_REGISTERS();
#ifdef WOLFSSL_SMALL_STACK
if (t1) {
if (res != WC_NO_ERR_TRACE(MP_INIT_E))
-16
View File
@@ -36,14 +36,6 @@
#include <wolfssl/wolfcrypt/sp.h>
#endif
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
/* FIPS build has replaced ecc.h. */
#define wc_ecc_key_get_priv(key) (&((key)->k))
@@ -1507,8 +1499,6 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
if (err != 0)
return err;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
params = &key->params;
hs = &key->tmp;
res = &key->pubkey.pubkey;
@@ -1563,8 +1553,6 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
}
}
RESTORE_VECTOR_REGISTERS();
return err;
}
@@ -2231,8 +2219,6 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
if (err != 0)
return err;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
/* Decode the signature into components. */
r = wc_ecc_key_get_priv(&key->pubkey);
pvt = &key->pubkey.pubkey;
@@ -2318,8 +2304,6 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
*verified = ((err == 0) && (mp_cmp(jx, r) == MP_EQ));
}
RESTORE_VECTOR_REGISTERS();
return err;
}
#endif /* WOLFCRYPT_ECCSI_CLIENT */
+72 -3
View File
@@ -205,6 +205,64 @@ static int ed25519_hash(ed25519_key* key, const byte* in, word32 inLen,
return ret;
}
/* Reject small-order Ed25519 public keys: h*A vanishes during verification
* so any (R = [S]B, S) verifies for an arbitrary message. */
static int ed25519_is_small_order(const byte p[ED25519_PUB_KEY_SIZE])
{
/* y-coordinates of every order-1/2/4/8 point plus the two non-canonical
* encodings y = p / y = p+1. Sign bit masked before compare. Only
* {y, y + p} fits in 32 bytes (2p overflows the 255-bit y field), so
* listing y and y + p exhausts the reachable encodings for each
* small-order y. */
static const byte small_order_y[][ED25519_PUB_KEY_SIZE] = {
/* order 4: y = 0 */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
/* order 1: y = 1 (identity) */
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
/* order 8 */
{0x26,0xe8,0x95,0x8f,0xc2,0xb2,0x27,0xb0,
0x45,0xc3,0xf4,0x89,0xf2,0xef,0x98,0xf0,
0xd5,0xdf,0xac,0x05,0xd3,0xc6,0x33,0x39,
0xb1,0x38,0x02,0x88,0x6d,0x53,0xfc,0x05},
/* order 8 */
{0xc7,0x17,0x6a,0x70,0x3d,0x4d,0xd8,0x4f,
0xba,0x3c,0x0b,0x76,0x0d,0x10,0x67,0x0f,
0x2a,0x20,0x53,0xfa,0x2c,0x39,0xcc,0xc6,
0x4e,0xc7,0xfd,0x77,0x92,0xac,0x03,0x7a},
/* order 2: y = p - 1 */
{0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
/* non-canonical y = p (decodes to y = 0) */
{0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
/* non-canonical y = p + 1 (decodes to y = 1) */
{0xee,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f},
};
byte y[ED25519_PUB_KEY_SIZE];
word32 i;
XMEMCPY(y, p, ED25519_PUB_KEY_SIZE);
y[ED25519_PUB_KEY_SIZE - 1] &= 0x7f;
for (i = 0; i < sizeof(small_order_y) / ED25519_PUB_KEY_SIZE; i++) {
if (XMEMCMP(y, small_order_y[i], ED25519_PUB_KEY_SIZE) == 0)
return 1;
}
return 0;
}
#ifdef HAVE_ED25519_MAKE_KEY
#if FIPS_VERSION3_GE(6,0,0)
/* Performs a Pairwise Consistency Test on an Ed25519 key pair.
@@ -808,6 +866,13 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
if (i == -1)
return BAD_FUNC_ARG;
/* Defence in depth: also catch small-order keys imported with trusted=1. */
if (ed25519_is_small_order(key->p)) {
WOLFSSL_MSG("Ed25519 small-order public key rejected during "
"signature verification");
return BAD_FUNC_ARG;
}
/* uncompress A (public key), test if valid, and negate it */
#ifndef FREESCALE_LTC_ECC
if (ge_frombytes_negate_vartime(&A, key->p) != 0)
@@ -1502,6 +1567,13 @@ int wc_ed25519_check_key(ed25519_key* key)
ret = PUBLIC_KEY_E;
}
/* Reject small-order pub key before the priv-vs-pub compare so the
* diagnostic isn't masked by a "mismatch" error. */
if ((ret == 0) && ed25519_is_small_order(key->p)) {
WOLFSSL_MSG("Ed25519 small-order public key rejected during key check");
ret = PUBLIC_KEY_E;
}
#ifdef HAVE_ED25519_MAKE_KEY
/* If we have a private key just make the public key and compare. */
if ((ret == 0) && (key->privKeySet)) {
@@ -1521,9 +1593,6 @@ int wc_ed25519_check_key(ed25519_key* key)
&& (!key->privKeySet)
#endif
) {
/* Verify that Q is not identity element 0.
* 0 has no representation for Ed25519. */
/* Verify that xQ and yQ are integers in the interval [0, p - 1].
* Only have yQ so check that ordinate. p = 2^255 - 19 */
if ((key->p[ED25519_PUB_KEY_SIZE - 1] & 0x7f) == 0x7f) {
+83 -27
View File
@@ -238,6 +238,77 @@ static int ed448_pairwise_consistency_test(ed448_key* key, WC_RNG* rng)
}
#endif
/* Reject small-order Ed448 public keys: h*A vanishes during verification
* so any (R = [S]B, S) verifies for an arbitrary message. Cofactor is 4. */
static int ed448_is_small_order(const byte p[ED448_PUB_KEY_SIZE])
{
/* y-coordinates of every order-1/2/4 point plus the non-canonical
* encodings y = p / y = p+1. Byte 56 is cleared in both table and
* input before compare, masking the x-sign bit and the
* spec-mandated-zero (but decoder-ignored) bits 0-6. The decoder
* (fe448_from_bytes) reads bytes 0-55 modulo p with no canonical-form
* check, so y = p decodes to 0 and y = p+1 decodes to 1; both must
* be rejected here. Only {y, y + p} fits in 56 bytes (2p overflows),
* so listing y and y + p exhausts the reachable encodings. */
static const byte small_order_y[][ED448_PUB_KEY_SIZE] = {
/* order 1: identity y = 1, x = 0 */
{0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00},
/* order 4: y = 0 (x = +/-1; sign bit covered by mask) */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00},
/* order 2: y = p - 1, x = 0; p = 2^448 - 2^224 - 1 */
{0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x00},
/* non-canonical y = p (decodes to y = 0) */
{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x00},
/* non-canonical y = p + 1 (decodes to y = 1) */
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x00},
};
byte y[ED448_PUB_KEY_SIZE];
word32 i;
XMEMCPY(y, p, ED448_PUB_KEY_SIZE);
y[ED448_PUB_KEY_SIZE - 1] = 0;
for (i = 0; i < sizeof(small_order_y) / ED448_PUB_KEY_SIZE; i++) {
if (XMEMCMP(y, small_order_y[i], ED448_PUB_KEY_SIZE) == 0)
return 1;
}
return 0;
}
/* Derive the public key for the private key.
*
* key [in] Ed448 key object.
@@ -731,16 +802,11 @@ static int ed448_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
if (i == -1)
return BAD_FUNC_ARG;
/* Reject identity public key (0,1): 0x01 followed by 56 zero bytes. */
{
int isIdentity = (key->p[0] == 0x01);
int j;
for (j = 1; j < ED448_PUB_KEY_SIZE && isIdentity; j++) {
if (key->p[j] != 0x00)
isIdentity = 0;
}
if (isIdentity)
return BAD_FUNC_ARG;
/* Defence in depth: also catch small-order keys imported with trusted=1. */
if (ed448_is_small_order(key->p)) {
WOLFSSL_MSG("Ed448 small-order public key rejected during "
"signature verification");
return BAD_FUNC_ARG;
}
/* uncompress A (public key), test if valid, and negate it */
@@ -1412,6 +1478,13 @@ int wc_ed448_check_key(ed448_key* key)
ret = PUBLIC_KEY_E;
}
/* Reject small-order pub key before the priv-vs-pub compare so the
* diagnostic isn't masked by a "mismatch" error. */
if ((ret == 0) && ed448_is_small_order(key->p)) {
WOLFSSL_MSG("Ed448 small-order public key rejected during key check");
ret = PUBLIC_KEY_E;
}
/* If we have a private key just make the public key and compare. */
if ((ret == 0) && key->privKeySet) {
ret = wc_ed448_make_public(key, pubKey, sizeof(pubKey));
@@ -1421,23 +1494,6 @@ int wc_ed448_check_key(ed448_key* key)
}
/* No private key, check Y is valid. */
else if ((ret == 0) && (!key->privKeySet)) {
/* Reject the identity element (0, 1).
* Encoding: 0x01 followed by 56 zero bytes. */
{
int isIdentity = 1;
int i;
if (key->p[0] != 0x01)
isIdentity = 0;
for (i = 1; i < ED448_PUB_KEY_SIZE && isIdentity; i++) {
if (key->p[i] != 0x00)
isIdentity = 0;
}
if (isIdentity) {
WOLFSSL_MSG("Ed448 public key is the identity element");
ret = PUBLIC_KEY_E;
}
}
/* Verify that xQ and yQ are integers in the interval [0, p - 1].
* Only have yQ so check that ordinate.
* p = 2^448-2^224-1 = 0xff..fe..ff
+143 -1
View File
@@ -47,6 +47,12 @@
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef HAVE_CURVE25519
#include <wolfssl/wolfcrypt/curve25519.h>
#endif
#ifdef HAVE_CURVE448
#include <wolfssl/wolfcrypt/curve448.h>
#endif
static const struct s_ent {
const enum wc_HashType macType;
@@ -2767,7 +2773,7 @@ int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
#endif /* NO_WOLFSSL_STUB */
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) || \
defined(HAVE_HKDF)
defined(HAVE_HKDF) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
int len;
@@ -2884,6 +2890,54 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
*keylen = (size_t)len;
break;
#endif
#ifdef HAVE_CURVE25519
case WC_EVP_PKEY_X25519:
if (!ctx->pkey->curve25519 || !ctx->peerKey->curve25519) {
return WOLFSSL_FAILURE;
}
len = CURVE25519_KEYSIZE;
if (key) {
word32 len32 = (word32)*keylen;
if (*keylen < (size_t)len) {
WOLFSSL_MSG("buffer too short");
return WOLFSSL_FAILURE;
}
/* X25519 shared secret is little-endian (RFC 7748). */
if (wc_curve25519_shared_secret_ex(ctx->pkey->curve25519,
ctx->peerKey->curve25519, key, &len32,
EC25519_LITTLE_ENDIAN) != 0) {
WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
return WOLFSSL_FAILURE;
}
len = (int)len32;
}
*keylen = (size_t)len;
break;
#endif
#ifdef HAVE_CURVE448
case WC_EVP_PKEY_X448:
if (!ctx->pkey->curve448 || !ctx->peerKey->curve448) {
return WOLFSSL_FAILURE;
}
len = CURVE448_KEY_SIZE;
if (key) {
word32 len32 = (word32)*keylen;
if (*keylen < (size_t)len) {
WOLFSSL_MSG("buffer too short");
return WOLFSSL_FAILURE;
}
/* X448 shared secret is little-endian (RFC 7748). */
if (wc_curve448_shared_secret_ex(ctx->pkey->curve448,
ctx->peerKey->curve448, key, &len32,
EC448_LITTLE_ENDIAN) != 0) {
WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
return WOLFSSL_FAILURE;
}
len = (int)len32;
}
*keylen = (size_t)len;
break;
#endif
#ifdef HAVE_HKDF
case WC_EVP_PKEY_HKDF:
(void)len;
@@ -3761,6 +3815,12 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
if (ctx->pkey == NULL ||
(ctx->pkey->type != WC_EVP_PKEY_EC &&
ctx->pkey->type != WC_EVP_PKEY_RSA &&
#ifdef HAVE_CURVE25519
ctx->pkey->type != WC_EVP_PKEY_X25519 &&
#endif
#ifdef HAVE_CURVE448
ctx->pkey->type != WC_EVP_PKEY_X448 &&
#endif
ctx->pkey->type != WC_EVP_PKEY_DH)) {
WOLFSSL_MSG("Key not set or key type not supported");
return WOLFSSL_FAILURE;
@@ -3821,6 +3881,57 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
}
}
break;
#endif
#ifdef HAVE_CURVE25519
case WC_EVP_PKEY_X25519:
if (pkey->curve25519 == NULL) {
pkey->curve25519 = (curve25519_key*)XMALLOC(
sizeof(curve25519_key), pkey->heap, DYNAMIC_TYPE_CURVE25519);
if (pkey->curve25519 == NULL) {
ret = MEMORY_E;
break;
}
if (wc_curve25519_init_ex(pkey->curve25519, pkey->heap,
INVALID_DEVID) != 0) {
XFREE(pkey->curve25519, pkey->heap, DYNAMIC_TYPE_CURVE25519);
pkey->curve25519 = NULL;
break;
}
#ifdef WOLFSSL_CURVE25519_BLINDING
/* Use the EVP_PKEY's RNG for scalar blinding on derive. */
(void)wc_curve25519_set_rng(pkey->curve25519, &pkey->rng);
#endif
pkey->ownCurve25519 = 1;
}
/* Reuse the RNG already initialized on the EVP_PKEY. */
if (wc_curve25519_make_key(&pkey->rng, CURVE25519_KEYSIZE,
pkey->curve25519) == 0) {
ret = WOLFSSL_SUCCESS;
}
break;
#endif
#ifdef HAVE_CURVE448
case WC_EVP_PKEY_X448:
if (pkey->curve448 == NULL) {
pkey->curve448 = (curve448_key*)XMALLOC(sizeof(curve448_key),
pkey->heap, DYNAMIC_TYPE_CURVE448);
if (pkey->curve448 == NULL) {
ret = MEMORY_E;
break;
}
if (wc_curve448_init(pkey->curve448) != 0) {
XFREE(pkey->curve448, pkey->heap, DYNAMIC_TYPE_CURVE448);
pkey->curve448 = NULL;
break;
}
pkey->ownCurve448 = 1;
}
/* Reuse the RNG already initialized on the EVP_PKEY. */
if (wc_curve448_make_key(&pkey->rng, CURVE448_KEY_SIZE,
pkey->curve448) == 0) {
ret = WOLFSSL_SUCCESS;
}
break;
#endif
default:
break;
@@ -3871,6 +3982,16 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
return wc_ecc_sig_size((ecc_key*)(pkey->ecc->internal));
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519
case WC_EVP_PKEY_X25519:
return CURVE25519_KEYSIZE;
#endif
#ifdef HAVE_CURVE448
case WC_EVP_PKEY_X448:
return CURVE448_KEY_SIZE;
#endif
default:
break;
}
@@ -11822,6 +11943,27 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
break;
#endif /* HAVE_ED448 */
#ifdef HAVE_CURVE25519
case WC_EVP_PKEY_X25519:
if (key->curve25519 != NULL && key->ownCurve25519 == 1) {
wc_curve25519_free(key->curve25519);
XFREE(key->curve25519, key->heap,
DYNAMIC_TYPE_CURVE25519);
key->curve25519 = NULL;
}
break;
#endif /* HAVE_CURVE25519 */
#ifdef HAVE_CURVE448
case WC_EVP_PKEY_X448:
if (key->curve448 != NULL && key->ownCurve448 == 1) {
wc_curve448_free(key->curve448);
XFREE(key->curve448, key->heap, DYNAMIC_TYPE_CURVE448);
key->curve448 = NULL;
}
break;
#endif /* HAVE_CURVE448 */
#ifdef HAVE_HKDF
case WC_EVP_PKEY_HKDF:
XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
+153 -3
View File
@@ -439,6 +439,64 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_public_key(int type,
ok = 1;
break;
}
#endif
#ifdef HAVE_CURVE25519
case WC_EVP_PKEY_X25519: {
curve25519_key* cKey;
if (len != CURVE25519_PUB_KEY_SIZE) {
break;
}
cKey = (curve25519_key*)XMALLOC(sizeof(curve25519_key), pkey->heap,
DYNAMIC_TYPE_CURVE25519);
if (cKey == NULL) {
break;
}
if (wc_curve25519_init_ex(cKey, pkey->heap, INVALID_DEVID) != 0) {
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
break;
}
/* Raw X25519 keys are little-endian (RFC 7748). */
if (wc_curve25519_import_public_ex(pub, (word32)len, cKey,
EC25519_LITTLE_ENDIAN) != 0) {
wc_curve25519_free(cKey);
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
break;
}
pkey->type = WC_EVP_PKEY_X25519;
pkey->curve25519 = cKey;
pkey->ownCurve25519 = 1;
ok = 1;
break;
}
#endif
#ifdef HAVE_CURVE448
case WC_EVP_PKEY_X448: {
curve448_key* cKey;
if (len != CURVE448_PUB_KEY_SIZE) {
break;
}
cKey = (curve448_key*)XMALLOC(sizeof(curve448_key), pkey->heap,
DYNAMIC_TYPE_CURVE448);
if (cKey == NULL) {
break;
}
if (wc_curve448_init(cKey) != 0) {
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
break;
}
/* Raw X448 keys are little-endian (RFC 7748). */
if (wc_curve448_import_public_ex(pub, (word32)len, cKey,
EC448_LITTLE_ENDIAN) != 0) {
wc_curve448_free(cKey);
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
break;
}
pkey->type = WC_EVP_PKEY_X448;
pkey->curve448 = cKey;
pkey->ownCurve448 = 1;
ok = 1;
break;
}
#endif
default:
break;
@@ -526,6 +584,68 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_private_key(int type,
ok = 1;
break;
}
#endif
#ifdef HAVE_CURVE25519
case WC_EVP_PKEY_X25519: {
curve25519_key* cKey;
if (len != CURVE25519_KEYSIZE) {
break;
}
cKey = (curve25519_key*)XMALLOC(sizeof(curve25519_key), pkey->heap,
DYNAMIC_TYPE_CURVE25519);
if (cKey == NULL) {
break;
}
if (wc_curve25519_init_ex(cKey, pkey->heap, INVALID_DEVID) != 0) {
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
break;
}
#ifdef WOLFSSL_CURVE25519_BLINDING
/* Use the EVP_PKEY's RNG for scalar blinding on shared-secret. */
(void)wc_curve25519_set_rng(cKey, &pkey->rng);
#endif
/* Raw X25519 keys are little-endian (RFC 7748). */
if (wc_curve25519_import_private_ex(priv, (word32)len, cKey,
EC25519_LITTLE_ENDIAN) != 0) {
wc_curve25519_free(cKey);
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE25519);
break;
}
pkey->type = WC_EVP_PKEY_X25519;
pkey->curve25519 = cKey;
pkey->ownCurve25519 = 1;
ok = 1;
break;
}
#endif
#ifdef HAVE_CURVE448
case WC_EVP_PKEY_X448: {
curve448_key* cKey;
if (len != CURVE448_KEY_SIZE) {
break;
}
cKey = (curve448_key*)XMALLOC(sizeof(curve448_key), pkey->heap,
DYNAMIC_TYPE_CURVE448);
if (cKey == NULL) {
break;
}
if (wc_curve448_init(cKey) != 0) {
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
break;
}
/* Raw X448 keys are little-endian (RFC 7748). */
if (wc_curve448_import_private_ex(priv, (word32)len, cKey,
EC448_LITTLE_ENDIAN) != 0) {
wc_curve448_free(cKey);
XFREE(cKey, pkey->heap, DYNAMIC_TYPE_CURVE448);
break;
}
pkey->type = WC_EVP_PKEY_X448;
pkey->curve448 = cKey;
pkey->ownCurve448 = 1;
ok = 1;
break;
}
#endif
default:
break;
@@ -942,7 +1062,8 @@ static int d2iTryMlDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
return WOLFSSL_FATAL_ERROR;
}
return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_DILITHIUM);
/* Copy the consumed DER into pkey->pkey.ptr when the input was DER */
return d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DILITHIUM);
}
#endif /* WOLFSSL_HAVE_MLDSA */
@@ -1696,6 +1817,10 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
DerBuffer rawDer;
EncryptedInfo info;
int advanceLen = 0;
#ifdef HAVE_DILITHIUM
word32 outerIdx = 0;
int outerLen = 0;
#endif
/* Clear the encryption information and DER buffer. */
XMEMSET(&info, 0, sizeof(info));
@@ -1737,15 +1862,40 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
}
if (algId == DHk) {
/* Special case for DH as we expect the DER buffer to be always
* be in PKCS8 format */
* in PKCS8 format */
rawDer.buffer = pkcs8Der->buffer;
rawDer.length = inOutIdx + (word32)ret;
}
#ifdef HAVE_DILITHIUM
else if (
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
(algId == DILITHIUM_LEVEL2k) ||
(algId == DILITHIUM_LEVEL3k) ||
(algId == DILITHIUM_LEVEL5k) ||
#endif
(algId == ML_DSA_LEVEL2k) ||
(algId == ML_DSA_LEVEL3k) ||
(algId == ML_DSA_LEVEL5k)) {
/* Keep full PKCS#8 wrapper for level recovery from
* AlgorithmIdentifier parameters */
rawDer.buffer = pkcs8Der->buffer;
if (GetSequence(pkcs8Der->buffer, &outerIdx, &outerLen,
pkcs8Der->length) < 0) {
ret = ASN_PARSE_E;
}
else {
rawDer.length = outerIdx + (word32)outerLen;
}
}
#endif
else {
rawDer.buffer = pkcs8Der->buffer + inOutIdx;
rawDer.length = (word32)ret;
}
ret = 0; /* good DER */
if (ret > 0) {
ret = 0; /* good DER */
}
}
}
+4
View File
@@ -4639,6 +4639,7 @@ L_curve25519_base_x64_3:
adcq $0x00, %r8
adcq $0x00, %r9
adcq $0x00, %r10
andq %rax, %r10
# Store
movq %rcx, (%rdi)
movq %r8, 8(%rdi)
@@ -7054,6 +7055,7 @@ L_curve25519_x64_3:
adcq $0x00, %r9
adcq $0x00, %r10
adcq $0x00, %r11
andq %rax, %r11
# Store
movq %rcx, (%rdi)
movq %r9, 8(%rdi)
@@ -15107,6 +15109,7 @@ L_curve25519_base_avx2_last_3:
adcq $0x00, %r9
adcq $0x00, %r10
adcq $0x00, %r11
andq %rcx, %r11
# Store
movq %r8, (%rdi)
movq %r9, 8(%rdi)
@@ -17116,6 +17119,7 @@ L_curve25519_avx2_last_3:
adcq $0x00, %r10
adcq $0x00, %r11
adcq $0x00, %r12
andq %rcx, %r12
# Store
movq %r9, (%rdi)
movq %r10, 8(%rdi)
+5 -5
View File
@@ -657,9 +657,9 @@ static int wc_Pic32HashFinal(hashUpdCache* cache, byte* stdBuf,
return ret;
}
static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
static void wc_Pic32HashFree(hashUpdCache* cache, void* stdBuf, void* heap)
{
if (cache && cache->buf && !cache->isCopy) {
if (cache && cache->buf && cache->buf != stdBuf && !cache->isCopy) {
XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP);
cache->buf = NULL;
}
@@ -713,7 +713,7 @@ static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
void wc_Md5Pic32Free(wc_Md5* md5)
{
if (md5) {
wc_Pic32HashFree(&md5->cache, md5->heap);
wc_Pic32HashFree(&md5->cache, (byte*)md5->buffer, md5->heap);
}
}
#endif /* !NO_MD5 */
@@ -764,7 +764,7 @@ static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
void wc_ShaPic32Free(wc_Sha* sha)
{
if (sha) {
wc_Pic32HashFree(&sha->cache, sha->heap);
wc_Pic32HashFree(&sha->cache, (byte*)sha->buffer, sha->heap);
}
}
#endif /* !NO_SHA */
@@ -815,7 +815,7 @@ static void wc_Pic32HashFree(hashUpdCache* cache, void* heap)
void wc_Sha256Pic32Free(wc_Sha256* sha256)
{
if (sha256) {
wc_Pic32HashFree(&sha256->cache, sha256->heap);
wc_Pic32HashFree(&sha256->cache, (byte*)sha256->buffer, sha256->heap);
}
}
#endif /* !NO_SHA256 */
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
+39 -50
View File
@@ -1871,8 +1871,7 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
{
__asm__ __volatile__ (
"ld t2, 0(%[in])\n\t"
"ld t3, 8(%[in])\n\t"
UNALIGNED_LD2(t2, t3, 0, %[in], t0)
"ld a3, 0(%[key])\n\t"
"ld a4, 8(%[key])\n\t"
"ld a5, 16(%[key])\n\t"
@@ -1897,8 +1896,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
AESENC_2_ROUNDS(208, 216, 224, 232)
"L_aes_encrypt_done:\n\t"
AESENC_LAST_ROUND()
"sd t2, 0(%[out])\n\t"
"sd t3, 8(%[out])\n\t"
UNALIGNED_SD2(t2, t3, 0, %[out], t0)
:
: [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
[rounds] "r" (aes->rounds)
@@ -1918,8 +1916,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
{
__asm__ __volatile__ (
"ld t2, 0(%[in])\n\t"
"ld t3, 8(%[in])\n\t"
UNALIGNED_LD2(t2, t3, 0, %[in], t0)
"ld a3, 0(%[key])\n\t"
"ld a4, 8(%[key])\n\t"
"ld a5, 16(%[key])\n\t"
@@ -1944,8 +1941,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
AESDEC_2_ROUNDS(208, 216, 224, 232)
"L_aes_decrypt_done:\n\t"
AESDEC_LAST_ROUND()
"sd t2, 0(%[out])\n\t"
"sd t3, 8(%[out])\n\t"
UNALIGNED_SD2(t2, t3, 0, %[out], t0)
:
: [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
[rounds] "r" (aes->rounds)
@@ -3209,8 +3205,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
LOAD_WORD_REV(t2, 8, %[in])
LOAD_WORD_REV(t3, 12, %[in])
#else
"ld t1, 0(%[in])\n\t"
"ld t3, 8(%[in])\n\t"
UNALIGNED_LD2(t1, t3, 0, %[in], t0)
REV8(REG_T1, REG_T1)
REV8(REG_T3, REG_T3)
"srli t0, t1, 32\n\t"
@@ -3376,16 +3371,14 @@ static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
REV8(REG_T1, REG_T1)
REV8(REG_T3, REG_T3)
/* Write encrypted block to output. */
"sd t1, 0(%[out])\n\t"
"sd t3, 8(%[out])\n\t"
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
#else
PACK(REG_T1, REG_A5, REG_A4)
PACK(REG_T3, REG_A7, REG_A6)
REV8(REG_T1, REG_T1)
REV8(REG_T3, REG_T3)
/* Write encrypted block to output. */
"sd t1, 0(%[out])\n\t"
"sd t3, 8(%[out])\n\t"
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
#endif
:
@@ -3641,8 +3634,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
LOAD_WORD_REV(t2, 8, %[in])
LOAD_WORD_REV(t3, 12, %[in])
#else
"ld t1, 0(%[in])\n\t"
"ld t3, 8(%[in])\n\t"
UNALIGNED_LD2(t1, t3, 0, %[in], t0)
REV8(REG_T1, REG_T1)
REV8(REG_T3, REG_T3)
"srli t0, t1, 32\n\t"
@@ -3793,16 +3785,14 @@ static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
REV8(REG_T1, REG_T1)
REV8(REG_T3, REG_T3)
/* Write encrypted block to output. */
"sd t1, 0(%[out])\n\t"
"sd t3, 8(%[out])\n\t"
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
#else
PACK(REG_T1, REG_A5, REG_A4)
PACK(REG_T3, REG_A7, REG_A6)
REV8(REG_T1, REG_T1)
REV8(REG_T3, REG_T3)
/* Write encrypted block to output. */
"sd t1, 0(%[out])\n\t"
"sd t3, 8(%[out])\n\t"
UNALIGNED_SD2(t1, t3, 0, %[out], t0)
#endif
:
@@ -4113,7 +4103,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
*/
int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
word32 processed;
int ret = 0;
@@ -4563,8 +4553,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
byte* s, word32 sSz)
{
if (gcm != NULL) {
byte x[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
byte* h = gcm->H;
__asm__ __volatile__ (
@@ -4896,8 +4886,8 @@ static void GMULT(byte* x, byte* y)
void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
byte* s, word32 sSz)
{
byte x[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
word32 blocks, partial;
byte* h;
@@ -5163,8 +5153,7 @@ static void ghash_blocks(byte* x, byte* y, const byte* in, word32 blocks)
"L_ghash_loop:\n\t"
/* Load input block. */
"ld t5, 0(%[in])\n\t"
"ld a5, 8(%[in])\n\t"
UNALIGNED_LD2(t5, a5, 0, %[in], t4)
/* Reverse bits to match x. */
#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
BREV8(REG_T5, REG_T5)
@@ -5307,8 +5296,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
byte* s, word32 sSz)
{
if (gcm != NULL) {
byte x[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
word32 blocks, partial;
byte* h = gcm->H;
@@ -5388,8 +5377,8 @@ static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
const byte* aad, word32 aadSz)
{
byte counter[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
/* Noticed different optimization levels treated head of array different.
* Some cases was stack pointer plus offset others was a register containing
* address. To make uniform for passing in to inline assembly code am using
@@ -5886,8 +5875,8 @@ static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
const byte* aad, word32 aadSz)
{
byte counter[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
/* Noticed different optimization levels treated head of array different.
* Some cases was stack pointer plus offset others was a register containing
* address. To make uniform for passing in to inline assembly code am using
@@ -6398,8 +6387,8 @@ static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
const byte* aad, word32 aadSz)
{
byte counter[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
/* Noticed different optimization levels treated head of array different.
* Some cases was stack pointer plus offset others was a register containing
* address. To make uniform for passing in to inline assembly code am using
@@ -7003,8 +6992,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* aad, word32 aadSz)
{
int ret = 0;
byte counter[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
/* Noticed different optimization levels treated head of array different.
* Some cases was stack pointer plus offset others was a register containing
* address. To make uniform for passing in to inline assembly code am using
@@ -7512,8 +7501,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* aad, word32 aadSz)
{
int ret = 0;
byte counter[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
/* Noticed different optimization levels treated head of array different.
* Some cases was stack pointer plus offset others was a register containing
* address. To make uniform for passing in to inline assembly code am using
@@ -8035,8 +8024,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* aad, word32 aadSz)
{
int ret = 0;
byte counter[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
/* Noticed different optimization levels treated head of array different.
* Some cases was stack pointer plus offset others was a register containing
* address. To make uniform for passing in to inline assembly code am using
@@ -8733,8 +8722,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
byte* s, word32 sSz)
{
if (gcm != NULL) {
byte x[WC_AES_BLOCK_SIZE];
byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte x[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
word32 blocks, partial;
XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
@@ -8834,9 +8823,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
word32 partial = sz % WC_AES_BLOCK_SIZE;
const byte* p = in;
byte* c = out;
ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE];
ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte initialCounter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
/* Validate parameters. */
if ((aes == NULL) || (nonce == NULL) || (nonceSz == 0) || (tag == NULL) ||
@@ -8934,10 +8923,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
word32 partial = sz % WC_AES_BLOCK_SIZE;
const byte* c = in;
byte* p = out;
ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE];
ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE];
ALIGN8 byte counter[WC_AES_BLOCK_SIZE];
ALIGN8 byte scratch[WC_AES_BLOCK_SIZE];
ALIGN8 byte Tprime[WC_AES_BLOCK_SIZE];
ALIGN8 byte EKY0[WC_AES_BLOCK_SIZE];
sword32 res;
/* Validate parameters. */
+14 -48
View File
@@ -1825,9 +1825,9 @@ static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m,
VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000)
VMV_X_S(REG_T0, REG_V0)
VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
"ld t1, (%[m])\n\t"
UNALIGNED_LD(t1, 0, %[m], t2)
"xor t1, t1, t0\n\t"
"sd t1, (%[c])\n\t"
UNALIGNED_SD(t1, 0, %[c], t2)
"addi %[bytes], %[bytes], -8\n\t"
"addi %[c], %[c], 8\n\t"
"addi %[m], %[m], 8\n\t"
@@ -2155,10 +2155,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
"bltz %[bytes], L_chacha20_riscv_over\n\t"
#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
"ld t0, 0(%[m])\n\t"
"ld t1, 8(%[m])\n\t"
"ld t2, 16(%[m])\n\t"
"ld s1, 24(%[m])\n\t"
UNALIGNED_LD4(t0, t1, t2, s1, 0, %[m], a3)
"xor a4, a4, t0\n\t"
"xor a6, a6, t1\n\t"
"xor t3, t3, t2\n\t"
@@ -2171,10 +2168,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
"xor a7, a7, t1\n\t"
"xor t4, t4, t2\n\t"
"xor t6, t6, s1\n\t"
"ld t0, 32(%[m])\n\t"
"ld t1, 40(%[m])\n\t"
"ld t2, 48(%[m])\n\t"
"ld s1, 56(%[m])\n\t"
UNALIGNED_LD4(t0, t1, t2, s1, 32, %[m], a3)
"xor s2, s2, t0\n\t"
"xor s4, s4, t1\n\t"
"xor s6, s6, t2\n\t"
@@ -2187,22 +2181,8 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
"xor s5, s5, t1\n\t"
"xor s7, s7, t2\n\t"
"xor s9, s9, s1\n\t"
"sw a4, 0(%[c])\n\t"
"sw a5, 4(%[c])\n\t"
"sw a6, 8(%[c])\n\t"
"sw a7, 12(%[c])\n\t"
"sw t3, 16(%[c])\n\t"
"sw t4, 20(%[c])\n\t"
"sw t5, 24(%[c])\n\t"
"sw t6, 28(%[c])\n\t"
"sw s2, 32(%[c])\n\t"
"sw s3, 36(%[c])\n\t"
"sw s4, 40(%[c])\n\t"
"sw s5, 44(%[c])\n\t"
"sw s6, 48(%[c])\n\t"
"sw s7, 52(%[c])\n\t"
"sw s8, 56(%[c])\n\t"
"sw s9, 60(%[c])\n\t"
UNALIGNED_SW8(a4, a5, a6, a7, t3, t4, t5, t6, 0, %[c], t0)
UNALIGNED_SW8(s2, s3, s4, s5, s6, s7, s8, s9, 32, %[c], t0)
#else
PACK(REG_A4, REG_A4, REG_A5)
PACK(REG_A6, REG_A6, REG_A7)
@@ -2212,14 +2192,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
PACK(REG_S4, REG_S4, REG_S5)
PACK(REG_S6, REG_S6, REG_S7)
PACK(REG_S8, REG_S8, REG_S9)
"ld a5, 0(%[m])\n\t"
"ld a7, 8(%[m])\n\t"
"ld t4, 16(%[m])\n\t"
"ld t6, 24(%[m])\n\t"
"ld s3, 32(%[m])\n\t"
"ld s5, 40(%[m])\n\t"
"ld s7, 48(%[m])\n\t"
"ld s9, 56(%[m])\n\t"
UNALIGNED_LD8(a5, a7, t4, t6, s3, s5, s7, s9, 0, %[m], t0)
"xor a4, a4, a5\n\t"
"xor a6, a6, a7\n\t"
"xor t3, t3, t4\n\t"
@@ -2228,14 +2201,7 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
"xor s4, s4, s5\n\t"
"xor s6, s6, s7\n\t"
"xor s8, s8, s9\n\t"
"sd a4, 0(%[c])\n\t"
"sd a6, 8(%[c])\n\t"
"sd t3, 16(%[c])\n\t"
"sd t5, 24(%[c])\n\t"
"sd s2, 32(%[c])\n\t"
"sd s4, 40(%[c])\n\t"
"sd s6, 48(%[c])\n\t"
"sd s8, 56(%[c])\n\t"
UNALIGNED_SD8(a4, a6, t3, t5, s2, s4, s6, s8, 0, %[c], t0)
#endif
"addi %[m], %[m], 64\n\t"
@@ -2268,10 +2234,10 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
"bltz t0, L_chacha20_riscv_32bit\n\t"
"addi a3, a3, -1\n\t"
"L_chacha20_riscv_64bit_loop:\n\t"
"ld t0, (%[m])\n\t"
UNALIGNED_LD(t0, 0, %[m], t2)
"ld t1, (%[over])\n\t"
"xor t0, t0, t1\n\t"
"sd t0, (%[c])\n\t"
UNALIGNED_SD(t0, 0, %[c], t2)
"addi %[m], %[m], 8\n\t"
"addi %[c], %[c], 8\n\t"
"addi %[over], %[over], 8\n\t"
@@ -2282,10 +2248,10 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
"L_chacha20_riscv_32bit:\n\t"
"addi t0, a3, -4\n\t"
"bltz t0, L_chacha20_riscv_16bit\n\t"
"lw t0, (%[m])\n\t"
UNALIGNED_LW(t0, 0, %[m], t2)
"lw t1, (%[over])\n\t"
"xor t0, t0, t1\n\t"
"sw t0, (%[c])\n\t"
UNALIGNED_SW(t0, 0, %[c], t2)
"addi %[m], %[m], 4\n\t"
"addi %[c], %[c], 4\n\t"
"addi %[over], %[over], 4\n\t"
@@ -2293,10 +2259,10 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
"L_chacha20_riscv_16bit:\n\t"
"addi t0, a3, -2\n\t"
"bltz t0, L_chacha20_riscv_8bit\n\t"
"lh t0, (%[m])\n\t"
UNALIGNED_LH(t0, 0, %[m], t2)
"lh t1, (%[over])\n\t"
"xor t0, t0, t1\n\t"
"sh t0, (%[c])\n\t"
UNALIGNED_SH(t0, 0, %[c], t2)
"addi %[m], %[m], 2\n\t"
"addi %[c], %[c], 2\n\t"
"addi %[over], %[over], 2\n\t"
+5 -12
View File
@@ -145,8 +145,7 @@ static WC_INLINE void poly1305_blocks_riscv64_16(Poly1305* ctx,
"L_poly1305_riscv64_16_64_loop_%=:\n\t"
/* Load m */
"ld t0, (%[m])\n\t"
"ld t1, 8(%[m])\n\t"
UNALIGNED_LD2(t0, t1, 0, %[m], t5)
/* Split m into 26, 52, 52 */
SPLIT_130(t2, t3, t4, t0, t1, %[notLast], t5)
@@ -285,8 +284,7 @@ void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
"L_poly1305_riscv64_vec_loop_%=:\n\t"
/* m0 + nfin */
"ld t0, 0(%[m])\n\t"
"ld t1, 8(%[m])\n\t"
UNALIGNED_LD2(t0, t1, 0, %[m], t5)
"li t6, 1\n\t"
/* Split m into 24, 52, 52 */
SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
@@ -294,8 +292,7 @@ void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
VMV_S_X(REG_V12, REG_T3)
VMV_S_X(REG_V13, REG_T4)
/* m1+ nfin */
"ld t0, 16(%[m])\n\t"
"ld t1, 24(%[m])\n\t"
UNALIGNED_LD2(t0, t1, 16, %[m], t5)
/* Split m into 24, 52, 52 */
SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
VMV_S_X(REG_V14, REG_T2)
@@ -464,10 +461,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
__asm__ __volatile__ (
/* Load key material */
"ld t0, 0(%[key])\n\t"
"ld t1, 8(%[key])\n\t"
"ld t2, 16(%[key])\n\t"
"ld t3, 24(%[key])\n\t"
UNALIGNED_LD4(t0, t1, t2, t3, 0, %[key], t4)
/* Load clamp */
"ld t4, 0(%[clamp])\n\t"
"ld t5, 8(%[clamp])\n\t"
@@ -636,8 +630,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
"sltu t3, t1, t3\n\t"
"add t2, t2, t3\n\t"
"andi t2, t2, 3\n\t"
"sd t0, 0(%[mac])\n\t"
"sd t1, 8(%[mac])\n\t"
UNALIGNED_SD2(t0, t1, 0, %[mac], t2)
/* Zero out h. */
"sd x0, %[ctx_h_0]\n\t"
"sd x0, %[ctx_h_1]\n\t"
+5 -32
View File
@@ -484,14 +484,7 @@ static WC_OMIT_FRAME_POINTER WC_INLINE void Sha256Transform(wc_Sha256* sha256,
LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7)
LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7)
#else
"lwu a4, 0(%[data])\n\t"
"lwu s0, 4(%[data])\n\t"
"lwu a5, 8(%[data])\n\t"
"lwu s1, 12(%[data])\n\t"
"lwu a6, 16(%[data])\n\t"
"lwu s2, 20(%[data])\n\t"
"lwu a7, 24(%[data])\n\t"
"lwu s3, 28(%[data])\n\t"
UNALIGNED_LWU8(a4, s0, a5, s1, a6, s2, a7, s3, 0, %[data], t4)
PACK_BB(s0, s0, a4, REG_S0, REG_S0, REG_A4)
PACK_BB(s1, s1, a5, REG_S1, REG_S1, REG_A5)
PACK_BB(s2, s2, a6, REG_S2, REG_S2, REG_A6)
@@ -500,14 +493,7 @@ static WC_OMIT_FRAME_POINTER WC_INLINE void Sha256Transform(wc_Sha256* sha256,
REV8(REG_S1, REG_S1)
REV8(REG_S2, REG_S2)
REV8(REG_S3, REG_S3)
"lwu a4, 32(%[data])\n\t"
"lwu s4, 36(%[data])\n\t"
"lwu a5, 40(%[data])\n\t"
"lwu s5, 44(%[data])\n\t"
"lwu a6, 48(%[data])\n\t"
"lwu s6, 52(%[data])\n\t"
"lwu a7, 56(%[data])\n\t"
"lwu s7, 60(%[data])\n\t"
UNALIGNED_LWU8(a4, s4, a5, s5, a6, s6, a7, s7, 32, %[data], t4)
PACK_BB(s4, s4, a4, REG_S4, REG_S4, REG_A4)
PACK_BB(s5, s5, a5, REG_S5, REG_S5, REG_A5)
PACK_BB(s6, s6, a6, REG_S6, REG_S6, REG_A6)
@@ -840,31 +826,18 @@ static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash)
"srli t2, t3, 32\n\t"
"srli a4, a5, 32\n\t"
"srli a6, a7, 32\n\t"
"sw t0, 0(%[hash])\n\t"
"sw t1, 4(%[hash])\n\t"
"sw t2, 8(%[hash])\n\t"
"sw t3, 12(%[hash])\n\t"
"sw a4, 16(%[hash])\n\t"
"sw a5, 20(%[hash])\n\t"
"sw a6, 24(%[hash])\n\t"
"sw a7, 28(%[hash])\n\t"
UNALIGNED_SW8(t0, t1, t2, t3, a4, a5, a6, a7, 0, %[hash], t4)
#else
LOAD_WORD_REV(t0, 0, %[digest], t2, t3, t4)
LOAD_WORD_REV(t1, 4, %[digest], t2, t3, t4)
LOAD_WORD_REV(a4, 8, %[digest], t2, t3, t4)
LOAD_WORD_REV(a5, 12, %[digest], t2, t3, t4)
"sw t0, 0(%[hash])\n\t"
"sw t1, 4(%[hash])\n\t"
"sw a4, 8(%[hash])\n\t"
"sw a5, 12(%[hash])\n\t"
UNALIGNED_SW4(t0, t1, a4, a5, 0, %[hash], t2)
LOAD_WORD_REV(t0, 16, %[digest], t2, t3, t4)
LOAD_WORD_REV(t1, 20, %[digest], t2, t3, t4)
LOAD_WORD_REV(a4, 24, %[digest], t2, t3, t4)
LOAD_WORD_REV(a5, 28, %[digest], t2, t3, t4)
"sw t0, 16(%[hash])\n\t"
"sw t1, 20(%[hash])\n\t"
"sw a4, 24(%[hash])\n\t"
"sw a5, 28(%[hash])\n\t"
UNALIGNED_SW4(t0, t1, a4, a5, 16, %[hash], t2)
#endif
:
: [digest] "r" (sha256->digest), [hash] "r" (hash)

Some files were not shown because too many files have changed in this diff Show More