mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:50:51 +02:00
Merge branch 'master' into cmake_HSC
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
name: WolfSSL CMake Autoconf Interworking Test
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ 'master', 'main', 'release/**' ]
|
||||
pull_request:
|
||||
branches: [ '*' ]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
# pull wolfSSL
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
# install cmake and autotools
|
||||
- name: Install cmake
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y cmake autoconf automake libtool
|
||||
|
||||
# build and install wolfssl via autotools for CMake consumer test
|
||||
- name: Build wolfssl with autotools
|
||||
run: |
|
||||
./autogen.sh
|
||||
./configure --prefix="$GITHUB_WORKSPACE/install-autoconf" --enable-all
|
||||
make -j $(nproc)
|
||||
make install
|
||||
|
||||
# CMake consumer test using the autotools install
|
||||
- name: CMake consumer test (autotools install)
|
||||
run: |
|
||||
mkdir -p cmake/consumer/build
|
||||
cd cmake/consumer/build
|
||||
cmake -DCMAKE_PREFIX_PATH="$GITHUB_WORKSPACE/install-autoconf" ..
|
||||
cmake --build .
|
||||
./wolfssl_consumer
|
||||
cd ..
|
||||
rm -rf build
|
||||
@@ -13,7 +13,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
# pull wolfSSL
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
# install cmake
|
||||
- name: Install cmake
|
||||
@@ -21,24 +21,16 @@ jobs:
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y cmake
|
||||
|
||||
# pull wolfssl
|
||||
- name: Checkout wolfssl
|
||||
uses: actions/checkout@master
|
||||
with:
|
||||
repository: wolfssl/wolfssl
|
||||
path: wolfssl
|
||||
|
||||
# build wolfssl
|
||||
- name: Build wolfssl
|
||||
working-directory: ./wolfssl
|
||||
run: |
|
||||
mkdir build
|
||||
cd build
|
||||
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
|
||||
-DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
|
||||
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
|
||||
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes -DWOLFSSL_AESECB:BOOL=yes \
|
||||
-DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
|
||||
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
|
||||
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESCTS:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
|
||||
-DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
|
||||
-DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
|
||||
-DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
|
||||
@@ -51,7 +43,7 @@ jobs:
|
||||
-DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
|
||||
-DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
|
||||
-DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
|
||||
-DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
|
||||
-DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_DTLS_CH_FRAG:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
|
||||
-DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
|
||||
-DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
|
||||
-DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
|
||||
@@ -80,7 +72,7 @@ jobs:
|
||||
-DWOLFSSL_MLKEM=1 -DWOLFSSL_LMS=1 -DWOLFSSL_LMSSHA256192=1 -DWOLFSSL_EXPERIMENTAL=1 \
|
||||
-DWOLFSSL_X963KDF:BOOL=yes -DWOLFSSL_DILITHIUM:BOOL=yes -DWOLFSSL_PKCS11:BOOL=yes \
|
||||
-DWOLFSSL_ECCSI:BOOL=yes -DWOLFSSL_SAKKE:BOOL=yes -DWOLFSSL_SIPHASH:BOOL=yes \
|
||||
-DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
|
||||
-DWOLFSSL_WC_RSA_DIRECT:BOOL=yes -DWOLFSSL_PUBLIC_MP:BOOL=yes \
|
||||
..
|
||||
cmake --build .
|
||||
ctest -j $(nproc)
|
||||
@@ -92,7 +84,6 @@ jobs:
|
||||
|
||||
# build "lean-tls" wolfssl
|
||||
- name: Build wolfssl with lean-tls
|
||||
working-directory: ./wolfssl
|
||||
run: |
|
||||
mkdir build
|
||||
cd build
|
||||
@@ -108,7 +99,6 @@ jobs:
|
||||
|
||||
# CMake build with user_settings.h
|
||||
- name: Build wolfssl with user_settings.h
|
||||
working-directory: ./wolfssl
|
||||
run: |
|
||||
mkdir build
|
||||
cp examples/configs/user_settings_all.h ./build/user_settings.h
|
||||
|
||||
@@ -70,6 +70,9 @@ jobs:
|
||||
'--enable-all --enable-certgencache',
|
||||
'--enable-sessionexport --enable-dtls --enable-dtls13',
|
||||
'--enable-sessionexport',
|
||||
'--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
|
||||
'--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
|
||||
'--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"',
|
||||
'--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC',
|
||||
'CPPFLAGS=-DNO_WOLFSSL_CLIENT',
|
||||
'CPPFLAGS=-DNO_WOLFSSL_SERVER',
|
||||
|
||||
+12
@@ -41,6 +41,9 @@ tags
|
||||
.tags*
|
||||
cyassl-config
|
||||
wolfssl-config
|
||||
cmake/wolfssl-config.cmake
|
||||
cmake/wolfssl-config-version.cmake
|
||||
cmake/wolfssl-targets.cmake
|
||||
cyassl.sublime*
|
||||
fips.h
|
||||
fips.c
|
||||
@@ -239,12 +242,17 @@ linuxkm/linuxkm
|
||||
linuxkm/src
|
||||
linuxkm/patches/src
|
||||
*.nds
|
||||
|
||||
# Generated during FreeBSD kernel module build.
|
||||
bsdkm/export_syms
|
||||
bsdkm/i386
|
||||
bsdkm/libwolfssl.ko
|
||||
bsdkm/machine
|
||||
bsdkm/opt_global.h
|
||||
bsdkm/x86
|
||||
bsdkm/bus_if.h
|
||||
bsdkm/cryptodev_if.h
|
||||
bsdkm/device_if.h
|
||||
|
||||
# autotools generated
|
||||
scripts/unit.test
|
||||
@@ -386,6 +394,7 @@ IDE/**/DerivedData
|
||||
CMakeFiles/
|
||||
CMakeCache.txt
|
||||
cmake_install.cmake
|
||||
!cmake/Config.cmake.in
|
||||
|
||||
# GDB Settings
|
||||
\.gdbinit
|
||||
@@ -470,3 +479,6 @@ wolfssl/debug-trace-error-codes.h
|
||||
wolfssl/debug-untrace-error-codes.h
|
||||
|
||||
AGENTS.md
|
||||
|
||||
# Code navigation files
|
||||
compile_commands.json
|
||||
|
||||
@@ -36,6 +36,7 @@ BLAKE2B_SELFTEST
|
||||
BLAKE2S_SELFTEST
|
||||
BLOCKING
|
||||
BSDKM_EXPORT_SYMS
|
||||
ENABLED_BSDKM_REGISTER
|
||||
BSP_DEFAULT_IO_CHANNEL_DEFINED
|
||||
BSP_LED_0
|
||||
BSP_LED_1
|
||||
@@ -280,7 +281,10 @@ HAVE_INTEL_QAT_SYNC
|
||||
HAVE_INTEL_SPEEDUP
|
||||
HAVE_MDK_RTX
|
||||
HAVE_NETX_BSD
|
||||
HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
|
||||
HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
|
||||
HAVE_PKCS11_STATIC
|
||||
HAVE_PKCS11_V3_STATIC
|
||||
HAVE_POCO_LIB
|
||||
HAVE_RTP_SYS
|
||||
HAVE_SECURE_GETENV
|
||||
@@ -637,7 +641,6 @@ WC_RSA_NONBLOCK
|
||||
WC_RSA_NONBLOCK_TIME
|
||||
WC_RSA_NO_FERMAT_CHECK
|
||||
WC_RWLOCK_OPS_INLINE
|
||||
WC_SHA3_HARDEN
|
||||
WC_SHA384
|
||||
WC_SHA384_DIGEST_SIZE
|
||||
WC_SHA512
|
||||
|
||||
+83
-15
@@ -427,6 +427,18 @@ if(WOLFSSL_DTLS_CID)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CID")
|
||||
endif()
|
||||
|
||||
# DTLS 1.3 Fragment ClientHello
|
||||
add_option("WOLFSSL_DTLS_CH_FRAG"
|
||||
"Enable wolfSSL DTLS 1.3 Fragment ClientHello (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_DTLS_CH_FRAG)
|
||||
if(NOT WOLFSSL_DTLS13)
|
||||
message(FATAL_ERROR "DTLS 1.3 Fragment ClientHello is supported only for DTLSv1.3")
|
||||
endif()
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CH_FRAG")
|
||||
endif()
|
||||
|
||||
# RNG
|
||||
add_option("WOLFSSL_RNG"
|
||||
"Enable compiling and using RNG (default: enabled)"
|
||||
@@ -511,9 +523,6 @@ if(WOLFSSL_WOLFSSH)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WOLFSSH")
|
||||
endif()
|
||||
|
||||
if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
|
||||
endif()
|
||||
|
||||
# TODO: - DTLS-SCTP
|
||||
# - DTLS multicast
|
||||
@@ -881,6 +890,27 @@ add_option("WOLFSSL_AESOFB"
|
||||
"Enable wolfSSL AES-OFB support (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
# AES-ECB
|
||||
add_option("WOLFSSL_AESECB"
|
||||
"Enable wolfSSL AES-ECB support (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_AESECB)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AES_ECB")
|
||||
endif()
|
||||
|
||||
# AES-CTS
|
||||
add_option("WOLFSSL_AESCTS"
|
||||
"Enable wolfSSL AES-CTS support (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_AESCTS)
|
||||
if(NOT WOLFSSL_AESCBC)
|
||||
message(FATAL_ERROR "AES-CTS requires AES-CBC.")
|
||||
endif()
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CTS")
|
||||
endif()
|
||||
|
||||
# TODO: - AES-GCM stream
|
||||
# - AES-ARM
|
||||
# - Xilinx hardened crypto
|
||||
@@ -1080,7 +1110,7 @@ if(WOLFSSL_ECCSI)
|
||||
message(FATAL_ERROR "cannot enable ECCSI without enabling ECC.")
|
||||
endif()
|
||||
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFCRYPT_HAVE_ECCSI -DWOLFSSL_PUBLIC_MP")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFCRYPT_HAVE_ECCSI")
|
||||
endif()
|
||||
|
||||
# SAKKE
|
||||
@@ -1105,6 +1135,18 @@ if(WOLFSSL_SIPHASH)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SIPHASH")
|
||||
endif()
|
||||
|
||||
add_option("WOLFSSL_PUBLIC_MP"
|
||||
"Enable public MP API (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS OR WOLFSSL_ECCSI)
|
||||
override_cache(WOLFSSL_PUBLIC_MP "yes")
|
||||
endif()
|
||||
|
||||
if(WOLFSSL_PUBLIC_MP)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
|
||||
endif()
|
||||
|
||||
# TODO: - Compressed key
|
||||
# - FP ECC, fixed point cache ECC
|
||||
# - ECC encrypt
|
||||
@@ -1310,6 +1352,15 @@ else()
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# RSA Direct
|
||||
add_option("WOLFSSL_WC_RSA_DIRECT"
|
||||
"Enable RSA Direct (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_RSA AND WOLFSSL_WC_RSA_DIRECT)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWC_RSA_DIRECT")
|
||||
endif()
|
||||
|
||||
# OAEP
|
||||
add_option("WOLFSSL_OAEP"
|
||||
"Enable RSA OAEP (default: enabled)"
|
||||
@@ -1435,6 +1486,12 @@ if(NOT WOLFSSL_AES)
|
||||
if(WOLFSSL_AESCTR)
|
||||
message(FATAL_ERROR "AESCTR requires AES.")
|
||||
endif()
|
||||
if(WOLFSSL_AESECB)
|
||||
message(FATAL_ERROR "AES-ECB requires AES.")
|
||||
endif()
|
||||
if(WOLFSSL_AESCTS)
|
||||
message(FATAL_ERROR "AES-CTS requires AES.")
|
||||
endif()
|
||||
else()
|
||||
if(WOLFSSL_LEAN_PSK)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES")
|
||||
@@ -2196,13 +2253,14 @@ if(WOLFSSL_AESOFB)
|
||||
endif()
|
||||
|
||||
if(WOLFSSL_TPM)
|
||||
override_cache(WOLFSSL_KEYGEN "yes")
|
||||
override_cache(WOLFSSL_CERTGEN "yes")
|
||||
override_cache(WOLFSSL_CRYPTOCB "yes")
|
||||
override_cache(WOLFSSL_CERTREQ "yes")
|
||||
override_cache(WOLFSSL_CERTEXT "yes")
|
||||
override_cache(WOLFSSL_PKCS7 "yes")
|
||||
override_cache(WOLFSSL_AESCFB "yes")
|
||||
override_cache(WOLFSSL_KEYGEN "yes")
|
||||
override_cache(WOLFSSL_CERTGEN "yes")
|
||||
override_cache(WOLFSSL_CRYPTOCB "yes")
|
||||
override_cache(WOLFSSL_CERTREQ "yes")
|
||||
override_cache(WOLFSSL_CERTEXT "yes")
|
||||
override_cache(WOLFSSL_PKCS7 "yes")
|
||||
override_cache(WOLFSSL_AESCFB "yes")
|
||||
override_cache(WOLFSSL_PUBLIC_MP "yes")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ALLOW_ENCODING_CA_FALSE")
|
||||
endif()
|
||||
|
||||
@@ -2600,7 +2658,7 @@ target_compile_definitions(wolfssl PRIVATE "BUILDING_WOLFSSL")
|
||||
if(${BUILD_SHARED_LIBS})
|
||||
target_compile_definitions(wolfssl PUBLIC "WOLFSSL_DLL")
|
||||
endif()
|
||||
target_compile_definitions(wolfssl PUBLIC ${WOLFSSL_DEFINITIONS})
|
||||
target_compile_definitions(wolfssl PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
|
||||
####################################################
|
||||
# Include Directories
|
||||
@@ -2663,6 +2721,7 @@ if(WOLFSSL_EXAMPLES)
|
||||
add_executable(client
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
|
||||
target_link_libraries(client wolfssl)
|
||||
target_compile_definitions(client PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
set_property(TARGET client
|
||||
PROPERTY RUNTIME_OUTPUT_DIRECTORY
|
||||
${WOLFSSL_OUTPUT_BASE}/examples/client)
|
||||
@@ -2671,6 +2730,7 @@ if(WOLFSSL_EXAMPLES)
|
||||
add_executable(server
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c)
|
||||
target_link_libraries(server wolfssl)
|
||||
target_compile_definitions(server PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
set_property(TARGET server
|
||||
PROPERTY RUNTIME_OUTPUT_DIRECTORY
|
||||
${WOLFSSL_OUTPUT_BASE}/examples/server)
|
||||
@@ -2681,6 +2741,7 @@ if(WOLFSSL_EXAMPLES)
|
||||
target_include_directories(echoclient PRIVATE
|
||||
${CMAKE_CURRENT_BINARY_DIR})
|
||||
target_link_libraries(echoclient wolfssl)
|
||||
target_compile_definitions(echoclient PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
set_property(TARGET echoclient
|
||||
PROPERTY RUNTIME_OUTPUT_DIRECTORY
|
||||
${WOLFSSL_OUTPUT_BASE}/examples/echoclient)
|
||||
@@ -2691,6 +2752,7 @@ if(WOLFSSL_EXAMPLES)
|
||||
target_include_directories(echoserver PRIVATE
|
||||
${CMAKE_CURRENT_BINARY_DIR})
|
||||
target_link_libraries(echoserver wolfssl)
|
||||
target_compile_definitions(echoserver PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
set_property(TARGET echoserver
|
||||
PROPERTY RUNTIME_OUTPUT_DIRECTORY
|
||||
${WOLFSSL_OUTPUT_BASE}/examples/echoserver)
|
||||
@@ -2700,6 +2762,7 @@ if(WOLFSSL_EXAMPLES)
|
||||
add_executable(tls_bench
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
|
||||
target_link_libraries(tls_bench wolfssl)
|
||||
target_compile_definitions(tls_bench PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
if(CMAKE_USE_PTHREADS_INIT)
|
||||
target_link_libraries(tls_bench Threads::Threads)
|
||||
endif()
|
||||
@@ -2804,6 +2867,7 @@ if(WOLFSSL_EXAMPLES)
|
||||
${CMAKE_CURRENT_BINARY_DIR})
|
||||
target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
|
||||
target_link_libraries(unit_test wolfssl)
|
||||
target_compile_definitions(unit_test PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
if(CMAKE_USE_PTHREADS_INIT)
|
||||
target_link_libraries(unit_test Threads::Threads)
|
||||
endif()
|
||||
@@ -2829,6 +2893,7 @@ if(WOLFSSL_CRYPT_TESTS)
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
|
||||
set_target_properties(wolfcrypttest_lib PROPERTIES OUTPUT_NAME "wolfcrypttest")
|
||||
target_link_libraries(wolfcrypttest_lib wolfssl)
|
||||
target_compile_definitions(wolfcrypttest_lib PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
target_compile_options(wolfcrypttest_lib PRIVATE "-DNO_MAIN_DRIVER")
|
||||
if(WOLFSSL_CRYPT_TESTS_HELP)
|
||||
target_compile_options(wolfcrypttest_lib PRIVATE "-DHAVE_WOLFCRYPT_TEST_OPTIONS")
|
||||
@@ -2839,6 +2904,7 @@ if(WOLFSSL_CRYPT_TESTS)
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
|
||||
set_target_properties(wolfcryptbench_lib PROPERTIES OUTPUT_NAME "wolfcryptbench")
|
||||
target_link_libraries(wolfcryptbench_lib wolfssl)
|
||||
target_compile_definitions(wolfcryptbench_lib PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
target_compile_options(wolfcryptbench_lib PRIVATE "-DNO_MAIN_DRIVER")
|
||||
endif()
|
||||
|
||||
@@ -2846,6 +2912,7 @@ if(WOLFSSL_CRYPT_TESTS)
|
||||
add_executable(wolfcrypttest
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
|
||||
target_link_libraries(wolfcrypttest wolfssl)
|
||||
target_compile_definitions(wolfcrypttest PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
set_property(TARGET wolfcrypttest
|
||||
PROPERTY RUNTIME_OUTPUT_DIRECTORY
|
||||
${WOLFSSL_OUTPUT_BASE}/wolfcrypt/test)
|
||||
@@ -2865,6 +2932,7 @@ if(WOLFSSL_CRYPT_TESTS)
|
||||
target_include_directories(wolfcryptbench PRIVATE
|
||||
${CMAKE_CURRENT_BINARY_DIR})
|
||||
target_link_libraries(wolfcryptbench wolfssl)
|
||||
target_compile_definitions(wolfcryptbench PRIVATE ${WOLFSSL_DEFINITIONS})
|
||||
set_property(TARGET wolfcryptbench
|
||||
PROPERTY RUNTIME_OUTPUT_DIRECTORY
|
||||
${WOLFSSL_OUTPUT_BASE}/wolfcrypt/benchmark)
|
||||
@@ -3019,9 +3087,9 @@ if(WOLFSSL_INSTALL)
|
||||
# Install the library
|
||||
install(TARGETS wolfssl
|
||||
EXPORT wolfssl-targets
|
||||
LIBRARY DESTINATION lib
|
||||
ARCHIVE DESTINATION lib
|
||||
RUNTIME DESTINATION bin
|
||||
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
|
||||
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
|
||||
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
|
||||
)
|
||||
# Install the headers
|
||||
install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
</storageModule>
|
||||
<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
|
||||
<option id="toolchain.id" value="Renesas_RXC"/>
|
||||
<option id="toolchain.version" value="v3.03.00"/>
|
||||
<option id="toolchain.version" value="v3.06.00"/>
|
||||
<option id="toolchain.enable" value="true"/>
|
||||
</storageModule>
|
||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
||||
@@ -24,13 +24,13 @@
|
||||
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.808325012" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
|
||||
<builder buildPath="${workspace_loc:/test}/HardwareDebug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.65531188" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1710373085" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="Output debug information (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="Endian of output data value (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.385785132" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="Instruction set architecture (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture.1826562770" name="RX Architecture" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture" useByScannerDiscovery="false" value="rxv3" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.2015650112" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.2015650112" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.1065149525" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.1439501151" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F572NNHxFB" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.141103170" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="R5F565NEHxFP;R5F572NNHxFB" valueType="string"/>
|
||||
@@ -39,12 +39,12 @@
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.198501700" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.898504242" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.2015079094" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX72N" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1725961285" name="倍精度浮動小数点処理命令を使用する (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="false" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1725961285" name="Use double-precision floating-point operation instructions (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU.1871678157" name="Has TFU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU" value="true" valueType="string"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.220371913" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1764475068" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.477145288" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1764475068" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.477145288" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
|
||||
<listOptionValue builtIn="false" value=""${ProjDirPath}/../test/src""/>
|
||||
<listOptionValue builtIn="false" value=""${ProjDirPath}/../common""/>
|
||||
@@ -67,33 +67,33 @@
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen}""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="Macro definition (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
|
||||
<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
|
||||
<listOptionValue builtIn="false" value="RENESAS_T4_USE"/>
|
||||
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.165256012" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.165256012" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.850666858" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.850666858" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.897672730" name="Cソース (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.862144636" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.48690443" name="出力する文字コード (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.1557621233" name="最適化レベル (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.897672730" name="C source file (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.862144636" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.48690443" name="Output character code (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.1557621233" name="Optimization level (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.1722484558" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.709788007" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler.1564576801" name="Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.1555827005" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.1555827005" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.912893655" name="追加するオプション(すべての指定オプションの後ろに追加) " superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.912893655" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.864537553" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1616986135" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.864537553" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1616986135" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/general}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}""/>
|
||||
@@ -114,29 +114,28 @@
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.502444415" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1333901009" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.2020069967" name="ROMからRAMへマップするセクション (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.2020069967" name="ROM to RAM mapped section (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value="D=R"/>
|
||||
<listOptionValue builtIn="false" value="D_1=R_1"/>
|
||||
<listOptionValue builtIn="false" value="D_2=R_2"/>
|
||||
<listOptionValue builtIn="false" value="D_8=R_8"/>
|
||||
<listOptionValue builtIn="false" value="DEXRAM=REXRAM"/>
|
||||
<listOptionValue builtIn="false" value="DEXRAM_1=REXRAM_1"/>
|
||||
<listOptionValue builtIn="false" value="DEXRAM_2=REXRAM_2"/>
|
||||
<listOptionValue builtIn="false" value="DEXRAM_8=REXRAM_8"/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,BEXRAM_1,REXRAM_1,BEXRAM_2,REXRAM_2,BEXRAM,REXRAM,BEXRAM_8,REXRAM_8,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="Sections (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/0100000,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.1724535779" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.1724535779" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value="".\src\benchmark.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\key_data.obj""/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="Address setting for unused vector area (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="Checks the section larger than the specified range of addresses (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="Memory address type assignment method (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(Linkage order list) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value="".\src/client\simple_tcp_client.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/client\simple_tls_tsip_client.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/key_data\key_data.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/server\simple_tcp_server.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/server\simple_tls_server.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/Config_TMR0\Config_TMR0.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/Config_TMR0\Config_TMR0_user.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/general\r_cg_hardware_setup.obj""/>
|
||||
@@ -173,40 +172,298 @@
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_t4_driver_rx/src\t4_driver.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_t4_driver_rx/src\timer.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_t4_rx/src\config_tcpudp.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\test.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function000.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function001.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function002.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function003.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function004.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function005.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function006.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function007.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function008.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function009.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function010.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function011.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function015.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function022.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function023.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function025.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function027.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function028.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function030.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function031.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function032.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function040.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function041.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function050.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function051.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function052.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function053.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function054.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function060.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function061.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function070.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function071.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function072.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function073.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function074.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function075.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function080.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function100.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function101.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function102.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function103.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function200.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function202.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function205.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function206.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function207.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function304.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function307.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function308.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function309.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function310.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function311.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function312.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function313.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function314.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function315.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function316.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function317.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function318.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function319.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function320.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function321.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function322.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function323.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function324.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function325.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function401.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function402.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p00.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p01.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p02.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p03.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p04.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p05.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p06.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p07.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p08.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0b.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0c.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0d.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0e.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p10.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p14.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p18.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p19.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1d.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1e.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p20.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p21.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p22.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p23.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p26.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29t.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2b.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2c.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2d.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2e.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32t.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34t.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36t.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p37.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p38.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p39.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3b.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3c.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3d.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3e.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p41f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p41i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p41u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p44f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p44i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p44u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p47f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p47i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p47u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p50f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p50i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p50u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p53.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p54.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p56.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p57.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p59.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5b.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5c.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5d.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p60.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p62.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p63.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p6a.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p6b.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p71.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p72.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p73f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p73i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p73u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p76f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p76i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p76u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p79.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p7b.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p80.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p93.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p94.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p95f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p95i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p95u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p98f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p98i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p98u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa1f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa1i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa1u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa4f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa4i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa4u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_paa.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pab.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pac.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pad.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pba.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbb.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbc.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbd.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbe.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbf.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc0.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc1.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc3.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc4.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc6.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc7.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc9.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pca.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcb.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcc.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcd.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcf.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd0.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd2.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd3.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd5.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd6f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd6i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd6u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd7.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd8.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd9f.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd9i.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd9u.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pdd.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pde.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pdf.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe0.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe1.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe2.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe3.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe4.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe5.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe6.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe7.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe8.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe9.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pea.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_peb.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pec.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_ped.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pee.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pef.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf0.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf1.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf3.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf4.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf5.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf6.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf8.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf9.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pfa.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pfb.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pfc.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc01.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc02.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc03.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc04.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\s_flash.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_aes_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_arc4_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_ecc_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_hash_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_rsa_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_rx_private.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_tdes_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_tls_rx.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/test\benchmark.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/test\test.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src/test\wolfssl_dummy.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\test_main.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\wolf_client.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\wolf_server.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\wolfssl_dummy.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\wolfssl_tsip_unit_test.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\test.lib""/>
|
||||
<listOptionValue builtIn="false" value=""${ProjDirPath}/../wolfssl/Debug/wolfssl.lib""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="Relocatable files, object files and library files (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""${ProjDirPath}/../wolfssl/Debug/wolfssl.lib""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}""/>
|
||||
</option>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1723543812" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1397073307" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.1773409552" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1397073307" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.1773409552" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.946493093" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.946493093" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.338617005" name="C言語標準ライブラリ関数の構成 (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype.1293885198" name="ctype.h(C89/C99):文字操作用ライブラリ (-head=ctype)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.338617005" name="Library configuration (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype.1293885198" name="ctype.h (C89/C99): Character classification routines (-head=ctype)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.1917108303" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.109845398" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.109845398" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.289006348" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.289006348" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.230415631" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.230415631" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.318974000" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
|
||||
</toolChain>
|
||||
@@ -246,13 +503,13 @@
|
||||
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.617132481" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
|
||||
<builder buildPath="${workspace_loc:/test}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.117543810" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1744140894" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="Output debug information (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="Endian of output data value (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.1294844059" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="Instruction set architecture (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture.1771586719" name="RX Architecture" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture" useByScannerDiscovery="false" value="rxv3" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1045346284" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1045346284" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.229476184" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.748972653" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F572NNHxFB" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.780008434" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="R5F565NEHxFP;R5F572NNHxFB" valueType="string"/>
|
||||
@@ -261,12 +518,12 @@
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.1001057208" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.963664750" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.1280023203" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX72N" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1551558655" name="倍精度浮動小数点処理命令を使用する (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1551558655" name="Use double-precision floating-point operation instructions (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU.261169670" name="Has TFU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU" value="true" valueType="string"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.278830907" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/general}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}""/>
|
||||
@@ -285,30 +542,30 @@
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen}""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="Macro definition (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
|
||||
<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.878126292" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.878126292" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.443993930" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.443993930" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.47850385" name="Cソース (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.24533273" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.542364588" name="出力する文字コード (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.47850385" name="C source file (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.24533273" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.542364588" name="Output character code (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.1919404628" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.293530100" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler.607581328" name="Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.622904140" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.622904140" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.67379527" name="追加するオプション(すべての指定オプションの後ろに追加) " superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.67379527" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1186358257" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1360045103" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" valueType="includePath">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1186358257" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1360045103" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/general}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}""/>
|
||||
@@ -329,7 +586,7 @@
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1482916460" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1516159151" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.1765662172" name="ROMからRAMへマップするセクション (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.1765662172" name="ROM to RAM mapped section (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value="D=R"/>
|
||||
<listOptionValue builtIn="false" value="D_1=R_1"/>
|
||||
<listOptionValue builtIn="false" value="D_2=R_2"/>
|
||||
@@ -339,41 +596,41 @@
|
||||
<listOptionValue builtIn="false" value="DEXRAM_2=REXRAM_2"/>
|
||||
<listOptionValue builtIn="false" value="DEXRAM_8=REXRAM_8"/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000,BEXRAM_1,REXRAM_1,BEXRAM_2,REXRAM_2,BEXRAM,REXRAM,BEXRAM_8,REXRAM_8/00800000" valueType="string"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="Sections (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000,BEXRAM_1,REXRAM_1,BEXRAM_2,REXRAM_2,BEXRAM,REXRAM,BEXRAM_8,REXRAM_8/00800000" valueType="string"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.40118921" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.40118921" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="Address setting for unused vector area (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="Checks the section larger than the specified range of addresses (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="Memory address type assignment method (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(Linkage order list) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value="".\test.lib""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="Relocatable files, object files and library files (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}""/>
|
||||
</option>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1598250045" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.665362864" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.413642487" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.665362864" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.413642487" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.322853429" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.322853429" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.1591825359" name="C言語標準ライブラリ関数の構成 (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.1591825359" name="Library configuration (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.175269062" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.1586351233" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.1586351233" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.900284814" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.900284814" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.2141918916" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.2141918916" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1118615463" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
|
||||
</toolChain>
|
||||
|
||||
@@ -24,10 +24,10 @@
|
||||
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.174341512" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
|
||||
<builder buildPath="${workspace_loc:/wolfssl}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.1547537924" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1555184586" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.317830941" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.317830941" name="Output debug information (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.566285610" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.789156168" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.789156168" name="Instruction set architecture (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.1416683217" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.738625467" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F572NNHxFB" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand.806008705" name="Device Command" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand" useByScannerDiscovery="false" value="R5F572NN" valueType="string"/>
|
||||
@@ -35,12 +35,13 @@
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.963524125" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.664031971" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX72N" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.1128940076" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="non_init;R5F572NNHxFB" valueType="string"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1794174354" name="倍精度浮動小数点処理命令を使用する (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1365779106" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1794174354" name="Use double-precision floating-point operation instructions (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="true" valueType="boolean"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1365779106" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doubleSize.1678372326" name="Suppress to change double type and long double type as float type (-dbl_size)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doubleSize" value="false" valueType="boolean"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.958103973" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1276851320" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.1381248206" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1276851320" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.1381248206" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
|
||||
<listOptionValue builtIn="false" value="${ProjDirPath}/../../../../../../../"/>
|
||||
<listOptionValue builtIn="false" value="${ProjDirPath}/../../wolfssl_demo"/>
|
||||
@@ -50,12 +51,12 @@
|
||||
<listOptionValue builtIn="false" value=""${ProjDirPath}/../test/src/smc_gen/r_config""/>
|
||||
<listOptionValue builtIn="false" value=""${ProjDirPath}/../test/src/smc_gen/r_tsip_rx""/>
|
||||
</option>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.687020263" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.687020263" name="Macro definition (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
|
||||
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
|
||||
<listOptionValue builtIn="false" value="RENESAS_T4_USE"/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.1494793389" name="Cソース (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.573554071" name="最適化レベル (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.1494793389" name="C source file (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.573554071" name="Optimization level (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.971510512" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.948214383" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
|
||||
</tool>
|
||||
@@ -63,14 +64,14 @@
|
||||
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.328050806" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.945835579" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.139100472" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.userLibrary" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.177476365" name="ROMからRAMへマップするセクション (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.139100472" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.userLibrary" valueType="enumerated"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.177476365" name="ROM to RAM mapped section (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value="D=R"/>
|
||||
<listOptionValue builtIn="false" value="D_1=R_1"/>
|
||||
<listOptionValue builtIn="false" value="D_2=R_2"/>
|
||||
</option>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1739258398" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,PIntPRG,P/0FFC00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1344120748" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1739258398" name="Sections (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,PIntPRG,P/0FFC00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
|
||||
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1344120748" name="(Linkage order list) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value="".\src\crl.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\internal.obj""/>
|
||||
<listOptionValue builtIn="false" value="".\src\keys.obj""/>
|
||||
@@ -146,11 +147,11 @@
|
||||
</option>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1901868731" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1987941672" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.820377223" name="標準ライブラリを生成する条件" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.donotAddLibrary" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1987941672" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.820377223" name="Generation mode of the standard library" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.donotAddLibrary" valueType="enumerated"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.620355579" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.1605130132" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
|
||||
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.1605130132" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
|
||||
</tool>
|
||||
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1798199560" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
|
||||
</toolChain>
|
||||
@@ -162,6 +163,7 @@
|
||||
</storageModule>
|
||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
||||
<storageModule moduleId="com.renesas.cdt.managedbuild.core.boardInfo"/>
|
||||
<storageModule moduleId="com.renesas.cdt.managedbuild.core.deviceConfiguration"/>
|
||||
</cconfiguration>
|
||||
</storageModule>
|
||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
||||
|
||||
@@ -186,64 +186,64 @@ const uint32_t encrypted_user_key_type =
|
||||
|
||||
const unsigned char ca_ecc_cert_der_sig[] =
|
||||
{
|
||||
0x58, 0x3F, 0x3C, 0x27, 0x4A, 0xC0, 0xA8, 0x35, 0x31, 0xAA,
|
||||
0xB6, 0x49, 0x4C, 0x69, 0x48, 0xF6, 0x63, 0xA5, 0x2E, 0x8C,
|
||||
0xA4, 0x1E, 0xAF, 0x18, 0x14, 0x11, 0x6A, 0xF7, 0x25, 0xF2,
|
||||
0xE1, 0x82, 0x6E, 0xAA, 0x3C, 0xE2, 0x75, 0x6E, 0x81, 0x59,
|
||||
0x2E, 0xF1, 0xED, 0xDD, 0xD1, 0x1C, 0xA3, 0xE7, 0xEC, 0x89,
|
||||
0xD3, 0x19, 0x1A, 0x59, 0xEB, 0xBA, 0x1D, 0x65, 0xFD, 0x53,
|
||||
0x4A, 0x90, 0x6F, 0xA1, 0x06, 0xB3, 0x08, 0xE4, 0x00, 0xF4,
|
||||
0x91, 0x45, 0xD8, 0xC9, 0xD8, 0x30, 0x8A, 0x94, 0x9B, 0x48,
|
||||
0x60, 0x68, 0xD1, 0x09, 0x84, 0xAE, 0x51, 0xD8, 0xD8, 0x67,
|
||||
0x58, 0x58, 0x9B, 0x57, 0x9E, 0x09, 0x9D, 0x1B, 0x3B, 0x22,
|
||||
0x67, 0x6A, 0x50, 0x91, 0xF2, 0x60, 0x5E, 0x78, 0x86, 0xF9,
|
||||
0x2F, 0xF4, 0xB4, 0xAE, 0x6A, 0xF6, 0x0D, 0xAB, 0x8B, 0xF6,
|
||||
0x60, 0x47, 0x8D, 0xD4, 0xEC, 0xE6, 0x9E, 0x57, 0x6C, 0xCC,
|
||||
0x4F, 0xF5, 0xCD, 0x20, 0xD7, 0x15, 0x70, 0x50, 0x53, 0x96,
|
||||
0x84, 0x6B, 0x9A, 0x07, 0x90, 0x41, 0x14, 0x08, 0x62, 0x87,
|
||||
0xF5, 0x20, 0x0E, 0x82, 0xE2, 0x12, 0x5C, 0x1E, 0x72, 0x73,
|
||||
0xB8, 0x18, 0x90, 0xCF, 0x98, 0x14, 0xC3, 0xE6, 0xED, 0x89,
|
||||
0xA3, 0x7C, 0x67, 0x50, 0x01, 0xCC, 0x48, 0xD2, 0x6A, 0x9C,
|
||||
0x9E, 0x4D, 0x44, 0x49, 0x82, 0x5F, 0xC1, 0x2E, 0x18, 0xBE,
|
||||
0x23, 0x53, 0xCD, 0x09, 0x85, 0x16, 0x9D, 0x5F, 0x99, 0x78,
|
||||
0xA1, 0x78, 0x51, 0xC9, 0x5A, 0x3E, 0x04, 0xBE, 0xE2, 0xF5,
|
||||
0x74, 0x7E, 0x6F, 0x89, 0xD9, 0x05, 0x29, 0xC1, 0x5B, 0x57,
|
||||
0x3D, 0xE3, 0x5E, 0xB8, 0x4B, 0x93, 0x7D, 0x68, 0x78, 0xF9,
|
||||
0x88, 0x1B, 0x8E, 0x78, 0x04, 0x00, 0x54, 0x20, 0x3F, 0x0C,
|
||||
0x99, 0x11, 0x1D, 0x90, 0x2C, 0x10, 0x4C, 0xCE, 0xA3, 0x17,
|
||||
0xA7, 0xF8, 0xB4, 0xC6, 0xF8, 0x12
|
||||
0x0B, 0x1D, 0x49, 0x40, 0xE8, 0xDA, 0x46, 0xAE, 0x1C, 0x50,
|
||||
0xC8, 0x76, 0xF3, 0x57, 0x05, 0x95, 0x89, 0xE1, 0x8B, 0x13,
|
||||
0x6B, 0x0F, 0xEB, 0x47, 0x0E, 0x1E, 0x9C, 0x87, 0xBB, 0x07,
|
||||
0x6E, 0xE4, 0x6B, 0xDF, 0x5B, 0xEF, 0xA3, 0x2C, 0xD8, 0x07,
|
||||
0x91, 0x5B, 0x4E, 0x5B, 0xA1, 0xD0, 0x3E, 0x07, 0x22, 0xAF,
|
||||
0x12, 0xF3, 0x0F, 0x62, 0x35, 0x45, 0x82, 0xFC, 0x26, 0x2B,
|
||||
0xD1, 0x03, 0x51, 0xAB, 0x35, 0xFE, 0x48, 0x80, 0xC9, 0x68,
|
||||
0xA0, 0xE0, 0x54, 0x4A, 0x8F, 0xA7, 0x59, 0xA1, 0xED, 0x57,
|
||||
0x3D, 0x9D, 0xC0, 0x6B, 0x22, 0x20, 0xDA, 0x1A, 0xFF, 0xDB,
|
||||
0x01, 0x60, 0x59, 0x21, 0x88, 0xD5, 0x5A, 0x40, 0x25, 0x82,
|
||||
0xB0, 0x27, 0x54, 0xDC, 0x37, 0x79, 0x70, 0xD1, 0x6C, 0x63,
|
||||
0x63, 0xC6, 0x98, 0x63, 0xA9, 0xE6, 0xB7, 0x6C, 0x50, 0xC1,
|
||||
0x40, 0xCF, 0xE9, 0x84, 0xC7, 0xB9, 0x8F, 0x7C, 0xC3, 0xE1,
|
||||
0xE2, 0x96, 0x67, 0xC6, 0x48, 0x25, 0xD8, 0xB3, 0x40, 0x94,
|
||||
0x13, 0xF3, 0x55, 0xF8, 0xC3, 0xEA, 0x39, 0xE1, 0xE9, 0x36,
|
||||
0xD1, 0xBE, 0xB2, 0x9C, 0x86, 0xD1, 0x78, 0xE1, 0xC7, 0x67,
|
||||
0x3B, 0xD0, 0x10, 0x57, 0x7B, 0x09, 0x33, 0x03, 0x01, 0x8A,
|
||||
0xDA, 0x30, 0x1F, 0x74, 0xED, 0x99, 0x8F, 0x93, 0xA2, 0x73,
|
||||
0x7B, 0xA6, 0x3A, 0x44, 0x74, 0x9C, 0x5E, 0x19, 0x1B, 0x0B,
|
||||
0x63, 0x3A, 0xAF, 0x5C, 0xD5, 0xB4, 0x1C, 0xF0, 0x0B, 0x3F,
|
||||
0x15, 0xB3, 0x6B, 0x10, 0x88, 0x93, 0x6C, 0xAB, 0xB4, 0x65,
|
||||
0x35, 0xCC, 0x91, 0x9A, 0x19, 0x5D, 0xDF, 0xE0, 0xAC, 0x75,
|
||||
0xC3, 0x14, 0x46, 0x2E, 0x7B, 0xF8, 0x73, 0xEB, 0x75, 0xD8,
|
||||
0x47, 0xAF, 0x1E, 0x7B, 0x5B, 0xE5, 0x09, 0x01, 0x42, 0x5C,
|
||||
0xB3, 0xC6, 0xEB, 0x92, 0xC5, 0x85, 0x6B, 0xD4, 0x22, 0x39,
|
||||
0x77, 0x92, 0x13, 0x8A, 0x42, 0x2C
|
||||
};
|
||||
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
|
||||
|
||||
/* ./ca-cert.der.sign, */
|
||||
const unsigned char ca_cert_der_sig[] =
|
||||
{
|
||||
0x55, 0x93, 0xCF, 0x28, 0xF7, 0x38, 0x1E, 0xF1, 0x29, 0x5A,
|
||||
0xDE, 0x41, 0xCD, 0x83, 0x00, 0x06, 0x79, 0xB3, 0x12, 0x56,
|
||||
0xBD, 0x04, 0xCB, 0x97, 0xCC, 0xD2, 0x39, 0x3C, 0x36, 0x94,
|
||||
0x8D, 0x66, 0xB0, 0x41, 0xF4, 0xBD, 0x82, 0x8F, 0x03, 0x24,
|
||||
0x25, 0x65, 0xA1, 0x85, 0x87, 0xCE, 0x58, 0x0A, 0x45, 0xC6,
|
||||
0xB6, 0x38, 0x27, 0x44, 0x2A, 0x7A, 0x9B, 0xA2, 0x71, 0x67,
|
||||
0x92, 0xDA, 0xFD, 0x71, 0x88, 0x52, 0xF2, 0xFE, 0x61, 0x33,
|
||||
0xCB, 0x7F, 0xB4, 0x47, 0x3D, 0x60, 0xC6, 0x3A, 0x48, 0x44,
|
||||
0x6F, 0xA2, 0x16, 0x07, 0xA2, 0x94, 0x50, 0x99, 0x09, 0x7B,
|
||||
0x43, 0x04, 0xAD, 0xCA, 0x9C, 0x34, 0xD4, 0x72, 0x4B, 0x79,
|
||||
0x31, 0xE1, 0xC5, 0x6C, 0xA7, 0xB4, 0xD8, 0xED, 0x80, 0x79,
|
||||
0xBB, 0x69, 0xA0, 0xA6, 0x7A, 0x63, 0x99, 0x02, 0xF7, 0x64,
|
||||
0xF0, 0x6D, 0xBB, 0xC5, 0xDA, 0x55, 0x0D, 0x43, 0x7C, 0x30,
|
||||
0x74, 0x21, 0x05, 0x35, 0x63, 0xAD, 0x32, 0x76, 0x11, 0xA5,
|
||||
0x75, 0xF3, 0x83, 0xEE, 0x05, 0xFB, 0x91, 0x18, 0x5E, 0xCC,
|
||||
0x71, 0x49, 0x26, 0x0D, 0xE2, 0xE3, 0xB3, 0xAD, 0xFF, 0x65,
|
||||
0xA9, 0x9B, 0xF0, 0x81, 0xE1, 0x5D, 0xC3, 0x4C, 0x82, 0x83,
|
||||
0x33, 0xDA, 0xF6, 0x29, 0xC7, 0xC2, 0xA0, 0x23, 0x5D, 0xB1,
|
||||
0xCE, 0x82, 0x94, 0x49, 0xC5, 0xC0, 0xE5, 0xED, 0x3B, 0xF6,
|
||||
0x79, 0x21, 0x3B, 0xFC, 0x6D, 0xB5, 0x2A, 0xF6, 0x6D, 0xD9,
|
||||
0x4C, 0x3E, 0xBF, 0x2E, 0x13, 0xA2, 0x75, 0x93, 0x5A, 0xB4,
|
||||
0x2B, 0xF5, 0x74, 0xEF, 0xAE, 0x48, 0xFE, 0x06, 0x2D, 0x3F,
|
||||
0xA3, 0xFE, 0x1A, 0xC9, 0x45, 0x1D, 0x15, 0xC8, 0xEF, 0x95,
|
||||
0xE2, 0x6F, 0x7D, 0x1E, 0x96, 0xCD, 0x4D, 0xC5, 0x5F, 0xEB,
|
||||
0x57, 0x85, 0x54, 0xE4, 0x7F, 0xE0, 0x0F, 0xAD, 0xC3, 0xEE,
|
||||
0xBF, 0xFB, 0x43, 0xA6, 0xAB, 0x92
|
||||
0x67, 0xBD, 0x28, 0x1E, 0x1A, 0x17, 0xFD, 0x88, 0x03, 0x8B,
|
||||
0xA2, 0x5A, 0x65, 0xB3, 0xF2, 0x17, 0x61, 0xE1, 0x7F, 0x9B,
|
||||
0xC3, 0x50, 0xEC, 0x55, 0x61, 0x46, 0x0C, 0xC1, 0x2B, 0x9D,
|
||||
0x02, 0xDB, 0x0A, 0x36, 0xA1, 0x49, 0x95, 0x42, 0xD1, 0x1A,
|
||||
0x75, 0xEC, 0x39, 0xC2, 0x10, 0xC5, 0x9F, 0xDC, 0x8C, 0xBC,
|
||||
0x4E, 0x04, 0xC9, 0x5E, 0x52, 0x6B, 0x42, 0xF0, 0x4E, 0x8D,
|
||||
0x0D, 0xDD, 0x01, 0x05, 0x14, 0x77, 0x28, 0x75, 0xB6, 0x36,
|
||||
0xA8, 0xD1, 0xA9, 0xB4, 0x46, 0xB5, 0xED, 0xD9, 0x10, 0x62,
|
||||
0xEC, 0x3B, 0xA5, 0x5B, 0x10, 0xB7, 0xE2, 0xC7, 0x67, 0x4F,
|
||||
0x1A, 0x48, 0x9B, 0xAF, 0x31, 0x9D, 0x21, 0xDC, 0x3B, 0x06,
|
||||
0xAC, 0x95, 0x78, 0xE6, 0x2D, 0x5F, 0xA8, 0xAD, 0xCC, 0xD2,
|
||||
0x4E, 0xF3, 0x4A, 0xC9, 0x7E, 0x4A, 0x28, 0x51, 0x6D, 0xBC,
|
||||
0x8D, 0xA5, 0x57, 0x49, 0x32, 0xC0, 0xE2, 0x48, 0x57, 0x8B,
|
||||
0x7D, 0x4D, 0x9B, 0x43, 0x99, 0xF0, 0xC0, 0x21, 0xD0, 0xAF,
|
||||
0x3D, 0x5B, 0xE0, 0x4F, 0xC2, 0x7C, 0xCF, 0xCC, 0xDB, 0x9A,
|
||||
0x79, 0xB6, 0x7E, 0xA0, 0x53, 0xAA, 0x4D, 0x5B, 0xD0, 0x3A,
|
||||
0xBA, 0x7F, 0xCC, 0x99, 0xD6, 0x68, 0xD7, 0x14, 0x85, 0xD7,
|
||||
0x8E, 0xE0, 0x1A, 0x6E, 0xE7, 0xC1, 0xD5, 0x2B, 0x35, 0x94,
|
||||
0x8E, 0xC1, 0x59, 0xC5, 0xAE, 0x48, 0x22, 0x87, 0x36, 0xC1,
|
||||
0xA4, 0xD9, 0x58, 0xC1, 0x2A, 0xD6, 0xFE, 0x45, 0x63, 0xCA,
|
||||
0x8F, 0x93, 0x86, 0xEC, 0x8D, 0xC2, 0xFD, 0xE3, 0x62, 0xD6,
|
||||
0x4C, 0x43, 0xFE, 0x82, 0x4F, 0xC9, 0x9D, 0xA9, 0xD8, 0xE4,
|
||||
0x5C, 0x15, 0x6D, 0xDE, 0xF9, 0x3D, 0x76, 0xB7, 0xBA, 0xF7,
|
||||
0x1C, 0xFB, 0x90, 0x74, 0xBB, 0x60, 0x93, 0xA4, 0x0C, 0xA4,
|
||||
0xFF, 0x41, 0x1C, 0x18, 0x7E, 0xE8, 0xE3, 0x78, 0xF5, 0x52,
|
||||
0x98, 0x50, 0xFD, 0xA8, 0x07, 0xAD
|
||||
};
|
||||
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
|
||||
/* ./client-cert.der.sign, */
|
||||
|
||||
@@ -294,5 +294,3 @@
|
||||
/*-- strcasecmp */
|
||||
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
|
||||
|
||||
/* use original ASN parsing */
|
||||
#define WOLFSSL_ASN_ORIGINAL
|
||||
|
||||
@@ -16,6 +16,9 @@
|
||||
all the generated build options. This file needs to be included in your application
|
||||
before any other wolfSSL headers. Optionally your application can define
|
||||
WOLFSSL_USE_OPTIONS_H to do this automatically.
|
||||
Note: Building with configure also installs CMake package files under
|
||||
$(libdir)/cmake/wolfssl to support find_package(wolfssl). You can disable this
|
||||
with ./configure --disable-cmake-install.
|
||||
|
||||
2. Building on iOS
|
||||
|
||||
|
||||
+6
-2
@@ -78,6 +78,9 @@ CLEANFILES+= ecc-key.der \
|
||||
pkcs7encryptedDataDES3.der \
|
||||
pkcs7encryptedDataDES.der \
|
||||
pkcs7envelopedDataAES256CBC_ECDH.der \
|
||||
cmake/wolfssl-config.cmake \
|
||||
cmake/wolfssl-config-version.cmake \
|
||||
cmake/wolfssl-targets.cmake \
|
||||
pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der \
|
||||
pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der \
|
||||
pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der \
|
||||
@@ -247,8 +250,9 @@ if BUILD_BSDKM
|
||||
EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
|
||||
AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
|
||||
AM_CCASFLAGS CCASFLAGS \
|
||||
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS
|
||||
|
||||
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_BSDKM_REGISTER \
|
||||
ENABLED_ASM ENABLED_INTELASM ENABLED_AESNI ENABLED_AESNI_WITH_AVX \
|
||||
ENABLED_KERNEL_BENCHMARKS
|
||||
endif
|
||||
|
||||
|
||||
|
||||
@@ -57,6 +57,29 @@ suites are available. You can remove this error by defining
|
||||
`WOLFSSL_ALLOW_NO_SUITES` in the event that you desire that, i.e., you're
|
||||
not using TLS cipher suites.
|
||||
|
||||
### AES CryptoCB Key Import Support
|
||||
|
||||
wolfSSL supports hardware-accelerated AES operations via CryptoCB.
|
||||
|
||||
When `WOLF_CRYPTO_CB_AES_SETKEY` is defined, wolfSSL invokes a CryptoCB
|
||||
callback during AES key setup. The callback behavior determines the mode:
|
||||
|
||||
**If callback returns 0 (success):**
|
||||
- Key is imported to Secure Element/HSM
|
||||
- Key is NOT copied to wolfSSL RAM (true key isolation)
|
||||
- GCM tables are NOT generated (full hardware offload)
|
||||
- All subsequent AES operations route through CryptoCB
|
||||
|
||||
**If callback returns CRYPTOCB_UNAVAILABLE:**
|
||||
- SE doesn't support key import
|
||||
- Normal software AES path is used
|
||||
- Key is copied to devKey for CryptoCB encrypt/decrypt acceleration
|
||||
|
||||
This feature enables TLS 1.3 traffic key protection on embedded platforms
|
||||
where symmetric keys must never exist in main RAM.
|
||||
|
||||
Enable with: `CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"`
|
||||
|
||||
### Note 2
|
||||
wolfSSL takes a different approach to certificate verification than OpenSSL
|
||||
does. The default policy for the client is to verify the server, this means
|
||||
|
||||
+72
-17
@@ -1,19 +1,27 @@
|
||||
# wolfssl kernel module name and source, and root dir.
|
||||
KMOD=libwolfssl
|
||||
SRCS=wolfkmod.c
|
||||
WOLFSSL_DIR=../
|
||||
# wolfssl kernel module name and main source, and wolfssl root dir.
|
||||
KMOD = libwolfssl
|
||||
SRCS = wolfkmod.c
|
||||
WOLFSSL_DIR = ../
|
||||
|
||||
CFLAGS+=-I${WOLFSSL_DIR}
|
||||
CFLAGS+=-DWOLFSSL_IGNORE_FILE_WARN -DHAVE_CONFIG_H -DNO_MAIN_DRIVER
|
||||
CFLAGS += -I${WOLFSSL_DIR}
|
||||
CFLAGS += -DWOLFSSL_IGNORE_FILE_WARN -DHAVE_CONFIG_H -DNO_MAIN_DRIVER
|
||||
#
|
||||
# debug options
|
||||
# verbose printing:
|
||||
# CFLAGS+=-DWOLFSSL_BSDKM_VERBOSE_DEBUG
|
||||
# CFLAGS += -DWOLFSSL_BSDKM_VERBOSE_DEBUG
|
||||
#
|
||||
# print memory mallocs / frees:
|
||||
# CFLAGS+=-DWOLFSSL_BSDKM_MEMORY_DEBUG
|
||||
# CFLAGS += -DWOLFSSL_BSDKM_MEMORY_DEBUG
|
||||
#
|
||||
CFLAGS+=$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS)
|
||||
# print fpu_kern_enter / leave:
|
||||
# CFLAGS += WOLFSSL_BSDKM_FPU_DEBUG
|
||||
#
|
||||
CFLAGS += $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS)
|
||||
|
||||
.if defined(ENABLED_BSDKM_REGISTER)
|
||||
# These device header files are generated during build.
|
||||
SRCS += bus_if.h cryptodev_if.h device_if.h
|
||||
.endif
|
||||
|
||||
# FreeBSD make does not support GNU make's patsubst and related. Filter
|
||||
# through sed instead.
|
||||
@@ -21,19 +29,26 @@ WOLFSSL_OBJS != echo ${src_libwolfssl_la_OBJECTS} | \
|
||||
sed 's|src_libwolfssl_la-||g' | sed 's|\.lo|.o|g' | \
|
||||
sed 's|wolfcrypt/src/|${WOLFSSL_DIR}/wolfcrypt/src/|g'
|
||||
|
||||
# wolfcrypt test
|
||||
.if ${ENABLED_CRYPT_TESTS} == "yes"
|
||||
WOLFSSL_OBJS += ${WOLFSSL_DIR}/wolfcrypt/test/test.o
|
||||
.else
|
||||
CFLAGS+=-DNO_CRYPT_TEST
|
||||
CFLAGS += -DNO_CRYPT_TEST
|
||||
.endif
|
||||
|
||||
# wolfcrypt benchmark
|
||||
.if ${ENABLED_KERNEL_BENCHMARKS} == "yes"
|
||||
WOLFSSL_OBJS += ${WOLFSSL_DIR}/wolfcrypt/benchmark/benchmark.o
|
||||
CFLAGS += -DWOLFSSL_NO_FLOAT_FMT
|
||||
.endif
|
||||
|
||||
OBJS += ${WOLFSSL_OBJS}
|
||||
|
||||
# Export no public symbols by default.
|
||||
.if !defined(BSDKM_EXPORT_SYMS)
|
||||
EXPORT_SYMS=NO
|
||||
EXPORT_SYMS = NO
|
||||
.else
|
||||
EXPORT_SYMS=${BSDKM_EXPORT_SYMS}
|
||||
EXPORT_SYMS = ${BSDKM_EXPORT_SYMS}
|
||||
.endif
|
||||
|
||||
# Default to live kernel src tree makefile at
|
||||
@@ -45,12 +60,52 @@ OBJS += ${WOLFSSL_OBJS}
|
||||
.endif
|
||||
.include "${SYSDIR}/conf/kmod.mk"
|
||||
|
||||
#
|
||||
# To use aesni and friends in FreeBSD kernel we need to adjust build flags.
|
||||
# See these kernel makefiles for reference:
|
||||
# - /usr/src/sys/modules/aesni/Makefile
|
||||
# - /usr/src/sys/conf/kern.mk
|
||||
#
|
||||
WOLFKMOD_SIMD_BASE = -msse -msse2 -msse4.1
|
||||
WOLFKMOD_SIMD_AES = -maes -mpclmul
|
||||
WOLFKMOD_SIMD_AVX = -mavx -mavx2
|
||||
|
||||
.if ${ENABLED_AESNI} == "yes"
|
||||
CFLAGS.aes.c += ${WOLFKMOD_SIMD_BASE}
|
||||
CFLAGS.aes.c += ${WOLFKMOD_SIMD_AES}
|
||||
.if ${ENABLED_AESNI_WITH_AVX} == "yes"
|
||||
CFLAGS.aes.c += ${WOLFKMOD_SIMD_AVX}
|
||||
.endif # ENABLED_AESNI_WITH_AVX #
|
||||
CFLAGS.aes.c := ${CFLAGS.aes.c:N-nostdinc}
|
||||
CFLAGS.aes.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
|
||||
.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
|
||||
.endif # ENABLED_AESNI
|
||||
|
||||
.if ${ENABLED_ASM} == "yes"
|
||||
.for f in chacha dilithium poly1305 sha sha256 sha3 sha512
|
||||
CFLAGS.${f}.c += ${WOLFKMOD_SIMD_BASE}
|
||||
CFLAGS.${f}.c += ${WOLFKMOD_SIMD_AVX}
|
||||
CFLAGS.${f}.c := ${CFLAGS.${f}.c:N-nostdinc}
|
||||
CFLAGS.${f}.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
|
||||
.endfor
|
||||
|
||||
.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
|
||||
.endif # ENABLED_ASM == "yes"
|
||||
|
||||
# wolfcrypt benchmark always needs simd for the floating point timings.
|
||||
.if ${ENABLED_KERNEL_BENCHMARKS} == "yes"
|
||||
CFLAGS.benchmark.c += ${WOLFKMOD_SIMD_BASE}
|
||||
CFLAGS.benchmark.c := ${CFLAGS.benchmark.c:N-nostdinc}
|
||||
CFLAGS.benchmark.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
|
||||
.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
|
||||
.endif
|
||||
|
||||
# Smooth out a few inconsistencies between FreeBSD default compiler flags
|
||||
# in /usr/src/sys/conf/kern.mk, vs wolfssl harden flags in
|
||||
# m4/ax_harden_compiler_flags.m4. E.g. some FreeBSD header files shorten
|
||||
# 64 to 32 bit, and some wolfcrypt functions cast away const.
|
||||
CFLAGS+= -Wno-unused-function
|
||||
CFLAGS+= -Wno-cast-qual
|
||||
CFLAGS+= -Wno-error=cast-qual
|
||||
CFLAGS+= -Wno-shorten-64-to-32
|
||||
CFLAGS+= -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\""
|
||||
CFLAGS += -Wno-unused-function
|
||||
CFLAGS += -Wno-cast-qual
|
||||
CFLAGS += -Wno-error=cast-qual
|
||||
CFLAGS += -Wno-shorten-64-to-32
|
||||
CFLAGS += -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\""
|
||||
|
||||
+8
-6
@@ -7,10 +7,10 @@ other loadable modules to link to wolfCrypt.
|
||||
Supported features:
|
||||
- wolfCrypt in kernel.
|
||||
- FIPS-wolfcrypt.
|
||||
- crypto acceleration: AES-NI, AVX, etc.
|
||||
|
||||
Planned features:
|
||||
- crypto acceleration: AES-NI, AVX, etc.
|
||||
- kernel opencrypto driver registration.
|
||||
- kernel opencrypto driver registration (supported for internal testing presently).
|
||||
- full wolfSSL in kernel (kernel TLS).
|
||||
|
||||
## Building and Installing
|
||||
@@ -44,10 +44,12 @@ sudo kldunload libwolfssl
|
||||
|
||||
### options
|
||||
|
||||
| freebsdkm option | description |
|
||||
| :------------------------------- | :--------------------------------------- |
|
||||
| --with-bsd-export-syms=LIST | Export list of symbols as global. <br>. Options are 'all', 'none', or <br> comma separated list of symbols. |
|
||||
| --with-kernel-source=PATH | Path to kernel tree root (default `/usr/src/sys`) |
|
||||
| freebsdkm option | description |
|
||||
| :--------------------------------- | :--------------------------------------- |
|
||||
| --with-bsd-export-syms=LIST | Export list of symbols as global. <br>. Options are 'all', 'none', or <br> comma separated list of symbols. |
|
||||
| --with-kernel-source=PATH | Path to kernel tree root (default `/usr/src/sys`) |
|
||||
| --enable-kernel-benchmarks | Run wolfcrypt benchmark at module load |
|
||||
| --enable-freebsdkm-crypto-register | Register with the FreeBSD kernel opencrypto <br>framework (preliminary, for testing) |
|
||||
|
||||
### FIPS
|
||||
|
||||
|
||||
+36
-8
@@ -61,13 +61,13 @@ static inline time_t wolfkmod_time(time_t * tloc) {
|
||||
#define WOLFSSL_DEBUG_PRINTF_FN printf
|
||||
|
||||
/* str and char utility functions */
|
||||
#define XATOI(s) ({ \
|
||||
char * endptr = NULL; \
|
||||
long _xatoi_ret = strtol(s, &endptr, 10); \
|
||||
if ((s) == endptr || *endptr != '\0') { \
|
||||
_xatoi_ret = 0; \
|
||||
} \
|
||||
(int)_xatoi_ret; \
|
||||
#define XATOI(s) ({ \
|
||||
char * endptr = NULL; \
|
||||
long _xatoi_ret = strtol(s, &endptr, 10); \
|
||||
if ((s) == endptr || *endptr != '\0') { \
|
||||
_xatoi_ret = 0; \
|
||||
} \
|
||||
(int)_xatoi_ret; \
|
||||
})
|
||||
|
||||
#if !defined(XMALLOC_OVERRIDE)
|
||||
@@ -103,6 +103,33 @@ extern struct malloc_type M_WOLFSSL[1];
|
||||
})
|
||||
#endif /* WOLFSSL_BSDKM_DEBUG_MEMORY */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
|
||||
int wolfkmod_vecreg_init(void);
|
||||
void wolfkmod_vecreg_exit(void);
|
||||
int wolfkmod_vecreg_save(int flags_unused);
|
||||
void wolfkmod_vecreg_restore(void);
|
||||
/* wrapper defines for FPU_KERN(9).
|
||||
* /usr/src/sys/amd64/amd64/fpu.c
|
||||
* /usr/src/sys/amd64/include/pcb.h
|
||||
* */
|
||||
#ifndef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
#define WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
#endif
|
||||
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) { \
|
||||
int _svr_ret = wolfkmod_vecreg_save(0); \
|
||||
if (_svr_ret != 0) { \
|
||||
fail_clause \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SAVE_VECTOR_REGISTERS2() wolfkmod_vecreg_save(0)
|
||||
|
||||
#define RESTORE_VECTOR_REGISTERS() wolfkmod_vecreg_restore()
|
||||
|
||||
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS */
|
||||
|
||||
#if !defined(SINGLE_THREADED)
|
||||
#define WC_MUTEX_OPS_INLINE
|
||||
|
||||
@@ -149,7 +176,8 @@ extern struct malloc_type M_WOLFSSL[1];
|
||||
typedef volatile int wolfSSL_Atomic_Int;
|
||||
typedef volatile unsigned int wolfSSL_Atomic_Uint;
|
||||
#define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
|
||||
#define WOLFSSL_ATOMIC_LOAD(x) (int)atomic_load_acq_int(&(x))
|
||||
#define WOLFSSL_ATOMIC_LOAD(x) (int)atomic_load_acq_int(&(x))
|
||||
#define WOLFSSL_ATOMIC_LOAD_UINT(x) atomic_load_acq_int(&(x))
|
||||
#define WOLFSSL_ATOMIC_STORE(x, v) atomic_store_rel_int(&(x), (v))
|
||||
#define WOLFSSL_ATOMIC_OPS
|
||||
|
||||
|
||||
+6
-4
@@ -2,8 +2,10 @@
|
||||
# included from Top Level Makefile.am
|
||||
# All paths should be given relative to the root
|
||||
|
||||
EXTRA_DIST += m4/ax_bsdkm.m4 \
|
||||
bsdkm/Makefile \
|
||||
bsdkm/README.md \
|
||||
bsdkm/wolfkmod.c \
|
||||
EXTRA_DIST += m4/ax_bsdkm.m4 \
|
||||
bsdkm/Makefile \
|
||||
bsdkm/README.md \
|
||||
bsdkm/wolfkmod.c \
|
||||
bsdkm/wolfkmod_aes.c \
|
||||
bsdkm/x86_vecreg.c \
|
||||
bsdkm/bsdkm_wc_port.h
|
||||
|
||||
+780
-17
@@ -26,6 +26,12 @@
|
||||
#include <sys/module.h>
|
||||
#include <sys/kernel.h>
|
||||
|
||||
#if defined(BSDKM_CRYPTO_REGISTER)
|
||||
#include <opencrypto/cryptodev.h>
|
||||
#include <sys/bus.h>
|
||||
#include "cryptodev_if.h"
|
||||
#endif
|
||||
|
||||
/* wolf includes */
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
#ifdef WOLFCRYPT_ONLY
|
||||
@@ -44,15 +50,42 @@
|
||||
#if !defined(NO_CRYPT_TEST)
|
||||
#include <wolfcrypt/test/test.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_KERNEL_BENCHMARKS)
|
||||
#include <wolfcrypt/benchmark/benchmark.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
MALLOC_DEFINE(M_WOLFSSL, "libwolfssl", "wolfSSL kernel memory");
|
||||
|
||||
static int wolfkmod_init(void);
|
||||
static int wolfkmod_cleanup(void);
|
||||
static int wolfkmod_load(void);
|
||||
static int wolfkmod_unload(void);
|
||||
#if defined(BSDKM_CRYPTO_REGISTER)
|
||||
#include "bsdkm/wolfkmod_aes.c"
|
||||
#endif
|
||||
|
||||
/* common functions. */
|
||||
static int wolfkmod_init(void);
|
||||
static int wolfkmod_cleanup(void);
|
||||
#if !defined(BSDKM_CRYPTO_REGISTER)
|
||||
/* functions specific to a pure kernel module library build. */
|
||||
static int wolfkmod_load(void);
|
||||
static int wolfkmod_unload(void);
|
||||
#else
|
||||
/* functions specific to a kernel crypto driver module build. */
|
||||
static void wolfkdriv_identify(driver_t * driver, device_t parent);
|
||||
static int wolfkdriv_probe(device_t dev);
|
||||
static int wolfkdriv_attach(device_t dev);
|
||||
static int wolfkdriv_detach(device_t dev);
|
||||
static int wolfkdriv_probesession(device_t dev,
|
||||
const struct crypto_session_params *csp);
|
||||
static int wolfkdriv_newsession(device_t dev, crypto_session_t cses,
|
||||
const struct crypto_session_params *csp);
|
||||
static void wolfkdriv_freesession(device_t dev, crypto_session_t cses);
|
||||
static int wolfkdriv_process(device_t dev, struct cryptop *crp, int hint);
|
||||
#endif /* !BSDKM_CRYPTO_REGISTER */
|
||||
|
||||
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
|
||||
#include "bsdkm/x86_vecreg.c"
|
||||
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
#define WOLFKMOD_FIPS_ERR_MSG(hash) ({ \
|
||||
@@ -82,6 +115,14 @@ static int wolfkmod_init(void)
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
|
||||
error = wolfkmod_vecreg_init();
|
||||
if (error != 0) {
|
||||
printf("error: wolfkmod_vecreg_init: %d\n", error);
|
||||
return (ECANCELED);
|
||||
}
|
||||
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
error = wolfCrypt_SetCb_fips(wolfkmod_fips_cb);
|
||||
if (error != 0) {
|
||||
@@ -174,14 +215,16 @@ static int wolfkmod_cleanup(void)
|
||||
if (error != 0) {
|
||||
printf("error: wolfCrypt_Cleanup failed: %s\n",
|
||||
wc_GetErrorString(error));
|
||||
return (ECANCELED);
|
||||
error = ECANCELED;
|
||||
goto wolfkmod_cleanup_out;
|
||||
}
|
||||
#else
|
||||
error = wolfSSL_Cleanup();
|
||||
if (error != WOLFSSL_SUCCESS) {
|
||||
printf("error: wolfSSL_Cleanup failed: %s\n",
|
||||
wc_GetErrorString(error));
|
||||
return (ECANCELED);
|
||||
error = ECANCELED;
|
||||
goto wolfkmod_cleanup_out;
|
||||
}
|
||||
#endif /* WOLFCRYPT_ONLY */
|
||||
|
||||
@@ -189,10 +232,17 @@ static int wolfkmod_cleanup(void)
|
||||
printf("info: libwolfssl " LIBWOLFSSL_VERSION_STRING
|
||||
" cleanup complete.\n");
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
error = 0;
|
||||
|
||||
return (0);
|
||||
wolfkmod_cleanup_out:
|
||||
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
|
||||
wolfkmod_vecreg_exit();
|
||||
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
#if !defined(BSDKM_CRYPTO_REGISTER)
|
||||
static int wolfkmod_load(void)
|
||||
{
|
||||
int error = 0;
|
||||
@@ -212,10 +262,15 @@ static int wolfkmod_load(void)
|
||||
printf("info: wolfCrypt self-test passed.\n");
|
||||
#endif /* NO_CRYPT_TEST */
|
||||
|
||||
/**
|
||||
* todo: register wolfcrypt algs here with crypto_get_driverid
|
||||
* and related.
|
||||
* */
|
||||
#ifdef WOLFSSL_KERNEL_BENCHMARKS
|
||||
error = benchmark_test(NULL);
|
||||
if (error != 0) {
|
||||
printf("error: wolfcrypt benchmark failed: %d\n", error);
|
||||
(void)wolfkmod_cleanup();
|
||||
return (ECANCELED);
|
||||
}
|
||||
printf("info: wolfCrypt benchmark passed.\n");
|
||||
#endif /* WOLFSSL_KERNEL_BENCHMARKS */
|
||||
|
||||
printf("info: libwolfssl loaded\n");
|
||||
|
||||
@@ -239,11 +294,6 @@ static int wolfkmod_unload(void)
|
||||
|
||||
error = wolfkmod_cleanup();
|
||||
|
||||
/**
|
||||
* todo: unregister wolfcrypt algs here with crypto_unregister_all
|
||||
* and related.
|
||||
* */
|
||||
|
||||
if (error == 0) {
|
||||
printf("info: libwolfssl unloaded\n");
|
||||
}
|
||||
@@ -294,7 +344,718 @@ wolfkmod_event(struct module * m, int what, void * arg)
|
||||
|
||||
return (error);
|
||||
}
|
||||
#endif /* !BSDKM_CRYPTO_REGISTER */
|
||||
|
||||
#if defined(BSDKM_CRYPTO_REGISTER)
|
||||
/* wolfkdriv device driver software context. */
|
||||
struct wolfkdriv_softc {
|
||||
int32_t crid;
|
||||
device_t dev;
|
||||
};
|
||||
|
||||
struct km_aes_ctx {
|
||||
Aes aes_encrypt;
|
||||
Aes aes_decrypt;
|
||||
};
|
||||
|
||||
typedef struct km_aes_ctx km_aes_ctx;
|
||||
|
||||
struct wolfkdriv_session {
|
||||
km_aes_ctx aes_ctx;
|
||||
int32_t crid;
|
||||
int type;
|
||||
int ivlen;
|
||||
int klen;
|
||||
};
|
||||
|
||||
typedef struct wolfkdriv_session wolfkdriv_session_t;
|
||||
|
||||
static void km_AesFree(Aes * aes) {
|
||||
if (aes == NULL) {
|
||||
return;
|
||||
}
|
||||
wc_AesFree(aes);
|
||||
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
|
||||
ForceZero(aes, sizeof(*aes));
|
||||
#endif
|
||||
}
|
||||
|
||||
static void wolfkdriv_aes_ctx_clear(km_aes_ctx * ctx)
|
||||
{
|
||||
if (ctx != NULL) {
|
||||
km_AesFree(&ctx->aes_encrypt);
|
||||
km_AesFree(&ctx->aes_decrypt);
|
||||
}
|
||||
|
||||
#ifdef WOLFKM_DEBUG_AES
|
||||
printf("info: exiting km_AesExitCommon\n");
|
||||
#endif /* WOLFKM_DEBUG_AES */
|
||||
}
|
||||
|
||||
static void wolfkdriv_identify(driver_t * driver, device_t parent)
|
||||
{
|
||||
(void)driver;
|
||||
|
||||
/* don't double add wolfkdriv child. */
|
||||
if (device_find_child(parent, "libwolf", -1) != NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
BUS_ADD_CHILD(parent, 10, "libwolf", -1);
|
||||
}
|
||||
|
||||
static int wolfkdriv_probe(device_t dev)
|
||||
{
|
||||
device_set_desc(dev, "wolfSSL crypto");
|
||||
return (BUS_PROBE_DEFAULT);
|
||||
}
|
||||
|
||||
/*
|
||||
* unregister libwolfssl crypto driver
|
||||
*/
|
||||
static void wolfkdriv_unregister(struct wolfkdriv_softc * softc)
|
||||
{
|
||||
if (softc && softc->crid >= 0) {
|
||||
crypto_unregister_all(softc->crid);
|
||||
device_printf(softc->dev, "info: crid unregistered: %d\n", softc->crid);
|
||||
softc->crid = -1;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static int wolfkdriv_attach(device_t dev)
|
||||
{
|
||||
struct wolfkdriv_softc * softc = NULL;
|
||||
int flags = CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC |
|
||||
CRYPTOCAP_F_ACCEL_SOFTWARE | CRYPTOCAP_F_HARDWARE;
|
||||
int ret = 0;
|
||||
int crid = 0;
|
||||
int error = 0;
|
||||
|
||||
ret = wolfkmod_init();
|
||||
if (ret != 0) {
|
||||
return (ECANCELED);
|
||||
}
|
||||
|
||||
/**
|
||||
* register wolfcrypt algs here with crypto_get_driverid.
|
||||
*
|
||||
* The crid is the literal index into the kernel crypto_drivers array:
|
||||
* - crid >= 0 is valid.
|
||||
* - crid < 0 is error.
|
||||
* */
|
||||
softc = device_get_softc(dev);
|
||||
softc->dev = dev;
|
||||
|
||||
softc->crid = crypto_get_driverid(dev, sizeof(wolfkdriv_session_t), flags);
|
||||
if (softc->crid < 0) {
|
||||
device_printf(dev, "error: crypto_get_driverid failed: %d\n",
|
||||
softc->crid);
|
||||
return (ENXIO);
|
||||
}
|
||||
|
||||
/*
|
||||
* various sanity checks
|
||||
*/
|
||||
|
||||
/* 1. we should find ourself by name */
|
||||
crid = crypto_find_driver("libwolf");
|
||||
|
||||
if (crid != softc->crid) {
|
||||
device_printf(dev, "error: attach: got crid %d, expected %d\n", crid,
|
||||
softc->crid);
|
||||
error = ENXIO;
|
||||
goto attach_out;
|
||||
}
|
||||
|
||||
/* 2. test various algs */
|
||||
error = wolfkdriv_test_aes(dev, crid);
|
||||
|
||||
if (error) {
|
||||
device_printf(dev, "error: attach: test_aes: %d\n", error);
|
||||
error = ENXIO;
|
||||
goto attach_out;
|
||||
}
|
||||
|
||||
device_printf(dev, "info: driver loaded: %d\n", crid);
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: exiting attach\n");
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
attach_out:
|
||||
if (error) {
|
||||
wolfkdriv_unregister(softc);
|
||||
error = ENXIO;
|
||||
}
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
static int wolfkdriv_detach(device_t dev)
|
||||
{
|
||||
struct wolfkdriv_softc * softc = NULL;
|
||||
int ret = 0;
|
||||
|
||||
ret = wolfkmod_cleanup();
|
||||
|
||||
if (ret == 0) {
|
||||
/* unregister wolfcrypt algs */
|
||||
softc = device_get_softc(dev);
|
||||
wolfkdriv_unregister(softc);
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: exiting detach\n");
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int wolfkdriv_probesession(device_t dev,
|
||||
const struct crypto_session_params *csp)
|
||||
{
|
||||
struct wolfkdriv_softc * softc = NULL;
|
||||
int error = CRYPTODEV_PROBE_ACCEL_SOFTWARE;
|
||||
|
||||
softc = device_get_softc(dev);
|
||||
|
||||
switch (csp->csp_mode) {
|
||||
case CSP_MODE_CIPHER:
|
||||
switch (csp->csp_cipher_alg) {
|
||||
case CRYPTO_AES_CBC:
|
||||
break;
|
||||
default:
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case CSP_MODE_AEAD:
|
||||
switch (csp->csp_cipher_alg) {
|
||||
case CRYPTO_AES_NIST_GCM_16:
|
||||
break;
|
||||
default:
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case CSP_MODE_DIGEST:
|
||||
case CSP_MODE_ETA:
|
||||
default:
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
|
||||
(void)softc;
|
||||
(void)csp;
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: probesession: mode=%d, cipher_alg=%d, error=%d\n",
|
||||
csp->csp_mode, csp->csp_cipher_alg, error);
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
return (error);
|
||||
}
|
||||
|
||||
static int wolfkdriv_newsession_aes(device_t dev,
|
||||
wolfkdriv_session_t * session,
|
||||
const struct crypto_session_params *csp)
|
||||
{
|
||||
int error = 0;
|
||||
int klen = csp->csp_cipher_klen; /* key len in bytes */
|
||||
|
||||
switch (csp->csp_cipher_alg) {
|
||||
case CRYPTO_AES_NIST_GCM_16:
|
||||
session->type = CRYPTO_AES_NIST_GCM_16;
|
||||
break;
|
||||
case CRYPTO_AES_CBC:
|
||||
session->type = CRYPTO_AES_CBC;
|
||||
break;
|
||||
default:
|
||||
return (EOPNOTSUPP);
|
||||
}
|
||||
|
||||
if (klen != 16 && klen != 24 && klen != 32) {
|
||||
device_printf(dev, "info: newsession_cipher: invalid klen: %d\n", klen);
|
||||
return (EINVAL);
|
||||
}
|
||||
|
||||
session->klen = klen;
|
||||
session->ivlen = csp->csp_ivlen;
|
||||
|
||||
/* encrypt */
|
||||
error = wc_AesInit(&session->aes_ctx.aes_encrypt, NULL, INVALID_DEVID);
|
||||
if (error) {
|
||||
device_printf(dev, "error: newsession_cipher: aes init: %d\n", error);
|
||||
goto newsession_cipher_out;
|
||||
}
|
||||
|
||||
if (session->type == CRYPTO_AES_CBC) {
|
||||
/* Need a separate decrypt structure for aes-cbc. */
|
||||
error = wc_AesInit(&session->aes_ctx.aes_decrypt, NULL, INVALID_DEVID);
|
||||
if (error) {
|
||||
device_printf(dev, "error: newsession_cipher: aes init: %d\n",
|
||||
error);
|
||||
goto newsession_cipher_out;
|
||||
}
|
||||
}
|
||||
|
||||
newsession_cipher_out:
|
||||
|
||||
if (error != 0) {
|
||||
wolfkdriv_aes_ctx_clear(&session->aes_ctx);
|
||||
return (EINVAL);
|
||||
}
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
static int wolfkdriv_newsession(device_t dev, crypto_session_t cses,
|
||||
const struct crypto_session_params *csp)
|
||||
{
|
||||
wolfkdriv_session_t * session = NULL;
|
||||
int error = 0;
|
||||
|
||||
/* get the wolfkdriv_session_t context */
|
||||
session = crypto_get_driver_session(cses);
|
||||
|
||||
switch (csp->csp_mode) {
|
||||
case CSP_MODE_DIGEST:
|
||||
case CSP_MODE_ETA:
|
||||
device_printf(dev, "info: not supported: %d\n", csp->csp_mode);
|
||||
error = EOPNOTSUPP;
|
||||
break;
|
||||
case CSP_MODE_CIPHER:
|
||||
case CSP_MODE_AEAD:
|
||||
error = wolfkdriv_newsession_aes(dev, session, csp);
|
||||
break;
|
||||
default:
|
||||
__assert_unreachable();
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: newsession: mode=%d, cipher_alg=%d, error=%d\n",
|
||||
csp->csp_mode, csp->csp_cipher_alg, error);
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
static void
|
||||
wolfkdriv_freesession(device_t dev, crypto_session_t cses)
|
||||
{
|
||||
wolfkdriv_session_t * session = NULL;
|
||||
(void)dev;
|
||||
|
||||
/* get the wolfkdriv_session_t context */
|
||||
session = crypto_get_driver_session(cses);
|
||||
|
||||
/* clean it up */
|
||||
wolfkdriv_aes_ctx_clear(&session->aes_ctx);
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: exiting freesession\n");
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
return;
|
||||
}
|
||||
|
||||
static int wolfkdriv_cbc_work(device_t dev, wolfkdriv_session_t * session,
|
||||
struct cryptop * crp,
|
||||
const struct crypto_session_params * csp)
|
||||
{
|
||||
struct crypto_buffer_cursor cc_in;
|
||||
struct crypto_buffer_cursor cc_out;
|
||||
const unsigned char * in_block = NULL;
|
||||
const unsigned char * in_seg = NULL;
|
||||
unsigned char * out_block = NULL;
|
||||
unsigned char * out_seg = NULL;
|
||||
Aes aes;
|
||||
uint8_t iv[WC_AES_BLOCK_SIZE];
|
||||
uint8_t block[EALG_MAX_BLOCK_LEN];
|
||||
size_t data_len = 0;
|
||||
size_t seg_len = 0;
|
||||
size_t in_len = 0;
|
||||
size_t out_len = 0;
|
||||
int error = 0;
|
||||
int is_encrypt = 0;
|
||||
int type = AES_ENCRYPTION;
|
||||
|
||||
if (csp->csp_cipher_alg != CRYPTO_AES_CBC) {
|
||||
error = EINVAL;
|
||||
goto cbc_work_out;
|
||||
}
|
||||
|
||||
data_len = crp->crp_payload_length;
|
||||
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
|
||||
is_encrypt = 1;
|
||||
type = AES_ENCRYPTION;
|
||||
memcpy(&aes, &session->aes_ctx.aes_encrypt, sizeof(aes));
|
||||
}
|
||||
else {
|
||||
is_encrypt = 0;
|
||||
type = AES_DECRYPTION;
|
||||
memcpy(&aes, &session->aes_ctx.aes_decrypt, sizeof(aes));
|
||||
}
|
||||
|
||||
/* must be multiple of block size */
|
||||
if (data_len % WC_AES_BLOCK_SIZE) {
|
||||
error = EINVAL;
|
||||
goto cbc_work_out;
|
||||
}
|
||||
|
||||
crypto_read_iv(crp, iv);
|
||||
error = wc_AesSetKey(&aes, csp->csp_cipher_key,
|
||||
csp->csp_cipher_klen, iv, type);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesSetKey: %d\n", error);
|
||||
goto cbc_work_out;
|
||||
}
|
||||
|
||||
/* set up the crypto buffers */
|
||||
crypto_cursor_init(&cc_in, &crp->crp_buf);
|
||||
crypto_cursor_advance(&cc_in, crp->crp_payload_start);
|
||||
|
||||
in_seg = crypto_cursor_segment(&cc_in, &in_len);
|
||||
|
||||
/* handle if the user supplied a separate out buffer. */
|
||||
if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) {
|
||||
crypto_cursor_init(&cc_out, &crp->crp_obuf);
|
||||
crypto_cursor_advance(&cc_out, crp->crp_payload_output_start);
|
||||
}
|
||||
else {
|
||||
cc_out = cc_in;
|
||||
}
|
||||
|
||||
out_seg = crypto_cursor_segment(&cc_out, &out_len);
|
||||
|
||||
while (data_len) {
|
||||
/* set up input buffers */
|
||||
if (in_len < WC_AES_BLOCK_SIZE) {
|
||||
/* less than a block in segment */
|
||||
crypto_cursor_copydata(&cc_in, WC_AES_BLOCK_SIZE, block);
|
||||
in_block = block;
|
||||
in_len = WC_AES_BLOCK_SIZE;
|
||||
}
|
||||
else {
|
||||
in_block = in_seg;
|
||||
}
|
||||
|
||||
/* set up output buffers */
|
||||
if (out_len < WC_AES_BLOCK_SIZE) {
|
||||
out_block = block;
|
||||
out_len = WC_AES_BLOCK_SIZE;
|
||||
}
|
||||
else {
|
||||
out_block = out_seg;
|
||||
}
|
||||
|
||||
/* choose which of data_len, in_len, out_len, is shorter.
|
||||
* round down to multiple of aes block size. */
|
||||
seg_len = rounddown(MIN(data_len, MIN(in_len, out_len)),
|
||||
WC_AES_BLOCK_SIZE);
|
||||
|
||||
if (is_encrypt) {
|
||||
error = wc_AesCbcEncrypt(&aes, out_block, in_block, seg_len);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error);
|
||||
goto cbc_work_out;
|
||||
}
|
||||
}
|
||||
else {
|
||||
error = wc_AesCbcDecrypt(&aes, out_block, in_block, seg_len);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error);
|
||||
goto cbc_work_out;
|
||||
}
|
||||
}
|
||||
|
||||
if (out_block == block) {
|
||||
/* we used the block as local output buffer. copy to cc_out,
|
||||
* and grab the next out cursor segment. */
|
||||
crypto_cursor_copyback(&cc_out, WC_AES_BLOCK_SIZE, block);
|
||||
out_seg = crypto_cursor_segment(&cc_out, &out_len);
|
||||
} else {
|
||||
/* we worked directly in cc_out. advance the cursor. */
|
||||
crypto_cursor_advance(&cc_out, seg_len);
|
||||
out_seg += seg_len;
|
||||
out_len -= seg_len;
|
||||
}
|
||||
|
||||
if (in_block == block) {
|
||||
/* grab a new in cursor segment. */
|
||||
in_seg = crypto_cursor_segment(&cc_in, &in_len);
|
||||
} else {
|
||||
/* else advance existing in cursor. */
|
||||
crypto_cursor_advance(&cc_in, seg_len);
|
||||
in_seg += seg_len;
|
||||
in_len -= seg_len;
|
||||
}
|
||||
|
||||
data_len -= seg_len;
|
||||
}
|
||||
|
||||
cbc_work_out:
|
||||
/* cleanup. */
|
||||
wc_ForceZero(iv, sizeof(iv));
|
||||
wc_ForceZero(block, sizeof(block));
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: cbc_work: mode=%d, cipher_alg=%d, "
|
||||
"payload_length=%d, error=%d\n",
|
||||
csp->csp_mode, csp->csp_cipher_alg, crp->crp_payload_length,
|
||||
error);
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
static int wolfkdriv_gcm_work(device_t dev, wolfkdriv_session_t * session,
|
||||
struct cryptop * crp,
|
||||
const struct crypto_session_params * csp)
|
||||
{
|
||||
struct crypto_buffer_cursor cc_in;
|
||||
struct crypto_buffer_cursor cc_out;
|
||||
const unsigned char * in_seg = NULL;
|
||||
unsigned char * out_seg = NULL;
|
||||
Aes aes;
|
||||
uint8_t iv[WC_AES_BLOCK_SIZE];
|
||||
uint8_t auth_tag[WC_AES_BLOCK_SIZE];
|
||||
size_t data_len = 0;
|
||||
size_t seg_len = 0;
|
||||
size_t in_len = 0;
|
||||
size_t out_len = 0;
|
||||
int error = 0;
|
||||
int is_encrypt = 0;
|
||||
|
||||
memcpy(&aes, &session->aes_ctx.aes_encrypt, sizeof(aes));
|
||||
|
||||
if (csp->csp_cipher_alg != CRYPTO_AES_NIST_GCM_16) {
|
||||
error = EINVAL;
|
||||
goto gcm_work_out;
|
||||
}
|
||||
|
||||
data_len = crp->crp_payload_length;
|
||||
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
|
||||
is_encrypt = 1;
|
||||
}
|
||||
else {
|
||||
is_encrypt = 0;
|
||||
}
|
||||
|
||||
error = wc_AesGcmSetKey(&aes, csp->csp_cipher_key,
|
||||
csp->csp_cipher_klen);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesGcmSetKey: %d\n", error);
|
||||
goto gcm_work_out;
|
||||
}
|
||||
|
||||
crypto_read_iv(crp, iv);
|
||||
error = wc_AesGcmInit(&aes, NULL /* key */, 0 /* keylen */,
|
||||
iv, csp->csp_ivlen);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesGcmInit: %d\n", error);
|
||||
goto gcm_work_out;
|
||||
}
|
||||
|
||||
/* process aad first */
|
||||
if (crp->crp_aad != NULL) {
|
||||
/* they passed aad in separate buffer. */
|
||||
if (is_encrypt) {
|
||||
error = wc_AesGcmEncryptUpdate(&aes, NULL, NULL, 0,
|
||||
crp->crp_aad, crp->crp_aad_length);
|
||||
}
|
||||
else {
|
||||
error = wc_AesGcmDecryptUpdate(&aes, NULL, NULL, 0,
|
||||
crp->crp_aad, crp->crp_aad_length);
|
||||
}
|
||||
|
||||
if (error) {
|
||||
error = EINVAL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* we need to pull aad out of crp->crp_buf from crp_aad_start. */
|
||||
size_t aad_len = 0;
|
||||
|
||||
crypto_cursor_init(&cc_in, &crp->crp_buf);
|
||||
crypto_cursor_advance(&cc_in, crp->crp_aad_start);
|
||||
|
||||
for (aad_len = crp->crp_aad_length; aad_len > 0; aad_len -= seg_len) {
|
||||
in_seg = crypto_cursor_segment(&cc_in, &in_len);
|
||||
seg_len = MIN(aad_len, in_len);
|
||||
|
||||
if (is_encrypt) {
|
||||
error = wc_AesGcmEncryptUpdate(&aes, NULL, NULL, 0,
|
||||
in_seg, seg_len);
|
||||
}
|
||||
else {
|
||||
error = wc_AesGcmDecryptUpdate(&aes, NULL, NULL, 0,
|
||||
in_seg, seg_len);
|
||||
}
|
||||
|
||||
if (error) {
|
||||
error = EINVAL;
|
||||
goto gcm_work_out;
|
||||
}
|
||||
|
||||
crypto_cursor_advance(&cc_in, seg_len);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* process cipher/plaintext next
|
||||
*/
|
||||
|
||||
/* set up the crypto buffers */
|
||||
crypto_cursor_init(&cc_in, &crp->crp_buf);
|
||||
crypto_cursor_advance(&cc_in, crp->crp_payload_start);
|
||||
|
||||
in_seg = crypto_cursor_segment(&cc_in, &in_len);
|
||||
|
||||
/* handle if the user supplied a separate out buffer. */
|
||||
if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) {
|
||||
crypto_cursor_init(&cc_out, &crp->crp_obuf);
|
||||
crypto_cursor_advance(&cc_out, crp->crp_payload_output_start);
|
||||
}
|
||||
else {
|
||||
cc_out = cc_in;
|
||||
}
|
||||
|
||||
out_seg = crypto_cursor_segment(&cc_out, &out_len);
|
||||
|
||||
while (data_len) {
|
||||
/* process through the available segments. */
|
||||
in_seg = crypto_cursor_segment(&cc_in, &in_len);
|
||||
out_seg = crypto_cursor_segment(&cc_out, &out_len);
|
||||
seg_len = MIN(data_len, MIN(in_len, out_len));
|
||||
|
||||
if (is_encrypt) {
|
||||
error = wc_AesGcmEncryptUpdate(&aes, out_seg, in_seg, seg_len,
|
||||
NULL, 0);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesGcmEncrypt: %d\n", error);
|
||||
goto gcm_work_out;
|
||||
}
|
||||
}
|
||||
else {
|
||||
error = wc_AesGcmDecryptUpdate(&aes, out_seg, in_seg, seg_len,
|
||||
NULL, 0);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesGcmDecrypt: %d\n", error);
|
||||
goto gcm_work_out;
|
||||
}
|
||||
}
|
||||
|
||||
/* advance the cursors by amount processed */
|
||||
crypto_cursor_advance(&cc_in, seg_len);
|
||||
crypto_cursor_advance(&cc_out, seg_len);
|
||||
|
||||
data_len -= seg_len;
|
||||
}
|
||||
|
||||
/* process auth tag finally */
|
||||
if (is_encrypt) {
|
||||
error = wc_AesGcmEncryptFinal(&aes, auth_tag, WC_AES_BLOCK_SIZE);
|
||||
if (error == 0) {
|
||||
crypto_copyback(crp, crp->crp_digest_start, WC_AES_BLOCK_SIZE,
|
||||
auth_tag);
|
||||
}
|
||||
}
|
||||
else {
|
||||
crypto_copydata(crp, crp->crp_digest_start, WC_AES_BLOCK_SIZE,
|
||||
auth_tag);
|
||||
error = wc_AesGcmDecryptFinal(&aes, auth_tag, WC_AES_BLOCK_SIZE);
|
||||
if (error) {
|
||||
error = EBADMSG;
|
||||
}
|
||||
}
|
||||
|
||||
gcm_work_out:
|
||||
/* cleanup. */
|
||||
wc_ForceZero(iv, sizeof(iv));
|
||||
wc_ForceZero(auth_tag, sizeof(auth_tag));
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: gcm_work: mode=%d, cipher_alg=%d, "
|
||||
"payload_length=%d, error=%d\n",
|
||||
csp->csp_mode, csp->csp_cipher_alg, crp->crp_payload_length,
|
||||
error);
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
static int wolfkdriv_process(device_t dev, struct cryptop * crp, int hint)
|
||||
{
|
||||
const struct crypto_session_params * csp = NULL;
|
||||
wolfkdriv_session_t * session = NULL;
|
||||
int error = 0;
|
||||
(void)hint;
|
||||
|
||||
session = crypto_get_driver_session(crp->crp_session);
|
||||
csp = crypto_get_params(crp->crp_session);
|
||||
|
||||
switch (csp->csp_mode) {
|
||||
case CSP_MODE_CIPHER:
|
||||
error = wolfkdriv_cbc_work(dev, session, crp, csp);
|
||||
break;
|
||||
case CSP_MODE_DIGEST:
|
||||
case CSP_MODE_ETA:
|
||||
error = EINVAL;
|
||||
break;
|
||||
case CSP_MODE_AEAD:
|
||||
error = wolfkdriv_gcm_work(dev, session, crp, csp);
|
||||
break;
|
||||
default:
|
||||
__assert_unreachable();
|
||||
}
|
||||
|
||||
crp->crp_etype = error;
|
||||
crypto_done(crp);
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: process: mode=%d, cipher_alg=%d, error=%d\n",
|
||||
csp->csp_mode, csp->csp_cipher_alg, error);
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
/*
|
||||
* wolfkmod as a crypto device driver.
|
||||
*/
|
||||
static device_method_t wolfkdriv_methods[] = {
|
||||
/* device interface methods: called during device setup, etc. */
|
||||
DEVMETHOD(device_identify, wolfkdriv_identify),
|
||||
DEVMETHOD(device_probe, wolfkdriv_probe),
|
||||
DEVMETHOD(device_attach, wolfkdriv_attach),
|
||||
DEVMETHOD(device_detach, wolfkdriv_detach),
|
||||
|
||||
/* crypto device session methods: called during crypto session setup,
|
||||
* work, etc. */
|
||||
DEVMETHOD(cryptodev_probesession, wolfkdriv_probesession),
|
||||
DEVMETHOD(cryptodev_newsession, wolfkdriv_newsession),
|
||||
DEVMETHOD(cryptodev_freesession, wolfkdriv_freesession),
|
||||
DEVMETHOD(cryptodev_process, wolfkdriv_process),
|
||||
|
||||
DEVMETHOD_END
|
||||
};
|
||||
|
||||
static driver_t wolfkdriv_driver = {
|
||||
.name = "libwolf",
|
||||
.methods = wolfkdriv_methods,
|
||||
.size = sizeof(struct wolfkdriv_softc),
|
||||
};
|
||||
|
||||
/* on x86, software-only drivers usually attach to nexus bus. */
|
||||
DRIVER_MODULE(libwolfssl, nexus, wolfkdriv_driver, NULL, NULL);
|
||||
#endif /* BSDKM_CRYPTO_REGISTER */
|
||||
|
||||
#if !defined(BSDKM_CRYPTO_REGISTER)
|
||||
/*
|
||||
* wolfkmod as a pure kernel module.
|
||||
*/
|
||||
static moduledata_t libwolfmod = {
|
||||
#ifdef HAVE_FIPS
|
||||
"libwolfssl_fips", /* module name */
|
||||
@@ -305,6 +1066,8 @@ static moduledata_t libwolfmod = {
|
||||
NULL /* extra data, unused */
|
||||
};
|
||||
|
||||
MODULE_VERSION(libwolfssl, 1);
|
||||
DECLARE_MODULE(libwolfssl, libwolfmod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);
|
||||
#endif /* !BSDKM_CRYPTO_REGISTER */
|
||||
|
||||
MODULE_VERSION(libwolfssl, 1);
|
||||
#endif /* WOLFSSL_BSDKM */
|
||||
|
||||
@@ -0,0 +1,347 @@
|
||||
#if !defined(WC_SKIP_INCLUDED_C_FILES) && defined(BSDKM_CRYPTO_REGISTER)
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
|
||||
/*
|
||||
* the cryptodev framework always calls a callback, even when CRYPTOCAP_F_SYNC.
|
||||
*/
|
||||
static int
|
||||
wolfkdriv_test_crp_callback(struct cryptop * crp)
|
||||
{
|
||||
(void)crp;
|
||||
return (0);
|
||||
}
|
||||
|
||||
/* Test aes-cbc with a buffer larger than aes block size.
|
||||
* Verify direct wolfcrypt API and opencrypto framework return
|
||||
* same result. */
|
||||
static int wolfkdriv_test_aes_cbc_big(device_t dev, int crid)
|
||||
{
|
||||
crypto_session_t session = NULL;
|
||||
struct crypto_session_params csp;
|
||||
struct cryptop * crp = NULL;
|
||||
Aes * aes_encrypt = NULL;
|
||||
int error = 0;
|
||||
byte msg[] = {
|
||||
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
|
||||
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
|
||||
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
|
||||
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
|
||||
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
|
||||
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
|
||||
};
|
||||
byte work1[WC_AES_BLOCK_SIZE * 3]; /* wolfcrypt buffer */
|
||||
byte work2[WC_AES_BLOCK_SIZE * 3]; /* opencrypto buffer */
|
||||
/* padded to 16-bytes */
|
||||
const byte key[] = "0123456789abcdef ";
|
||||
/* padded to 16-bytes */
|
||||
const byte iv[] = "1234567890abcdef ";
|
||||
|
||||
memset(&csp, 0, sizeof(csp));
|
||||
memcpy(work1, msg, sizeof(msg)); /* wolfcrypt work buffer */
|
||||
memcpy(work2, msg, sizeof(msg)); /* opencrypto work buffer */
|
||||
|
||||
/* wolfcrypt encrypt */
|
||||
aes_encrypt = (Aes *)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES);
|
||||
if (aes_encrypt == NULL) {
|
||||
error = ENOMEM;
|
||||
device_printf(dev, "error: malloc failed\n");
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
error = wc_AesInit(aes_encrypt, NULL, INVALID_DEVID);
|
||||
if (error) {
|
||||
device_printf(dev, "error: newsession_cipher: aes init: %d\n", error);
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
error = wc_AesSetKey(aes_encrypt, key, 16, iv, AES_ENCRYPTION);
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesSetKey: %d\n", error);
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
error = wc_AesCbcEncrypt(aes_encrypt, work1, work1, sizeof(work1));
|
||||
if (error) {
|
||||
device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error);
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
/* opencrypto encrypt */
|
||||
csp.csp_mode = CSP_MODE_CIPHER;
|
||||
csp.csp_cipher_alg = CRYPTO_AES_CBC;
|
||||
csp.csp_ivlen = WC_AES_BLOCK_SIZE;
|
||||
csp.csp_cipher_key = key;
|
||||
csp.csp_cipher_klen = WC_AES_BLOCK_SIZE;
|
||||
error = crypto_newsession(&session, &csp, crid);
|
||||
if (error || session == NULL) {
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
crp = crypto_getreq(session, M_WAITOK);
|
||||
if (crp == NULL) {
|
||||
device_printf(dev, "error: test_aes: crypto_getreq failed\n");
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
crp->crp_callback = wolfkdriv_test_crp_callback;
|
||||
crp->crp_op = CRYPTO_OP_ENCRYPT;
|
||||
crp->crp_flags = CRYPTO_F_IV_SEPARATE;
|
||||
|
||||
memcpy(crp->crp_iv, iv, WC_AES_BLOCK_SIZE);
|
||||
|
||||
crypto_use_buf(crp, work2, sizeof(work2));
|
||||
crp->crp_payload_start = 0;
|
||||
crp->crp_payload_length = sizeof(work2);
|
||||
|
||||
error = crypto_dispatch(crp);
|
||||
if (error) {
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
error = XMEMCMP(work1, work2, sizeof(work2));
|
||||
if (error) {
|
||||
device_printf(dev, "error: test_aes: enc vectors diff: %d\n", error);
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
/* opencrypto decrypt */
|
||||
crp->crp_op = CRYPTO_OP_DECRYPT;
|
||||
|
||||
error = crypto_dispatch(crp);
|
||||
if (error) {
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
error = XMEMCMP(work2, msg, sizeof(msg));
|
||||
if (error) {
|
||||
device_printf(dev, "error: test_aes: dec vectors diff: %d\n", error);
|
||||
goto test_aes_cbc_big_out;
|
||||
}
|
||||
|
||||
test_aes_cbc_big_out:
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: test_aes_cbc_big: error=%d, session=%p, crp=%p\n",
|
||||
error, (void *)session, (void*)crp);
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
if (crp != NULL) {
|
||||
crypto_freereq(crp);
|
||||
crp = NULL;
|
||||
}
|
||||
|
||||
if (session != NULL) {
|
||||
crypto_freesession(session);
|
||||
session = NULL;
|
||||
}
|
||||
|
||||
if (aes_encrypt != NULL) {
|
||||
wc_AesFree(aes_encrypt);
|
||||
XFREE(aes_encrypt, NULL, DYNAMIC_TYPE_AES);
|
||||
aes_encrypt = NULL;
|
||||
}
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
/* Test aes-gcm encrypt and decrypt a small buffer with opencrypto
|
||||
* framework and wolfcrypt.
|
||||
*/
|
||||
static int wolfkdriv_test_aes_gcm(device_t dev, int crid)
|
||||
{
|
||||
crypto_session_t session = NULL;
|
||||
struct crypto_session_params csp;
|
||||
struct cryptop * crp = NULL;
|
||||
Aes * enc = NULL;
|
||||
int error = 0;
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
|
||||
{
|
||||
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
|
||||
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
|
||||
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
|
||||
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
|
||||
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
|
||||
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
|
||||
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
|
||||
0xba, 0x63, 0x7b, 0x39
|
||||
};
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
|
||||
{
|
||||
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
|
||||
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
|
||||
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
|
||||
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
|
||||
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
|
||||
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
|
||||
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
|
||||
0xbc, 0xc9, 0xf6, 0x62
|
||||
};
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC byte a[] =
|
||||
{
|
||||
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
|
||||
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
|
||||
0xab, 0xad, 0xda, 0xd2
|
||||
};
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
|
||||
{
|
||||
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
|
||||
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
|
||||
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
|
||||
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
|
||||
};
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
|
||||
{
|
||||
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
|
||||
0xde, 0xca, 0xf8, 0x88
|
||||
};
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
|
||||
{
|
||||
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
|
||||
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
|
||||
};
|
||||
|
||||
byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
|
||||
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
|
||||
byte resultC2[sizeof(p) + WC_AES_BLOCK_SIZE];
|
||||
|
||||
XMEMSET(resultT, 0, sizeof(resultT));
|
||||
XMEMSET(resultC, 0, sizeof(resultC));
|
||||
|
||||
XMEMSET(resultC2, 0, sizeof(resultC));
|
||||
XMEMCPY(resultC2, p, sizeof(p));
|
||||
|
||||
/* wolfcrypt encrypt */
|
||||
enc = (Aes *)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES);
|
||||
if (enc == NULL) {
|
||||
error = ENOMEM;
|
||||
device_printf(dev, "error: malloc failed\n");
|
||||
goto test_aes_gcm_out;
|
||||
}
|
||||
|
||||
error = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
error = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
error = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
error = XMEMCMP(resultC, c1, sizeof(c1));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
error = XMEMCMP(resultT, t1, sizeof(t1));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
/*
|
||||
* opencrypto encrypt
|
||||
* */
|
||||
|
||||
/* set crypto session params */
|
||||
memset(&csp, 0, sizeof(csp));
|
||||
csp.csp_flags |= CSP_F_SEPARATE_AAD;
|
||||
csp.csp_mode = CSP_MODE_AEAD;
|
||||
csp.csp_cipher_alg = CRYPTO_AES_NIST_GCM_16;
|
||||
csp.csp_ivlen = sizeof(iv1);
|
||||
csp.csp_cipher_key = k1;
|
||||
csp.csp_cipher_klen = sizeof(k1);
|
||||
|
||||
/* get crypto session handle */
|
||||
error = crypto_newsession(&session, &csp, crid);
|
||||
if (error || session == NULL) {
|
||||
device_printf(dev, "error: test_aes: crypto_newsession: %d, %p\n",
|
||||
error, (void *)session);
|
||||
goto test_aes_gcm_out;
|
||||
}
|
||||
|
||||
/* get a crypto op handle */
|
||||
crp = crypto_getreq(session, M_WAITOK);
|
||||
if (crp == NULL) {
|
||||
device_printf(dev, "error: test_aes: crypto_getreq failed\n");
|
||||
goto test_aes_gcm_out;
|
||||
}
|
||||
|
||||
/* configure it */
|
||||
crp->crp_callback = wolfkdriv_test_crp_callback;
|
||||
crp->crp_op = (CRYPTO_OP_ENCRYPT | CRYPTO_OP_COMPUTE_DIGEST);
|
||||
crp->crp_flags = CRYPTO_F_IV_SEPARATE;
|
||||
|
||||
memcpy(crp->crp_iv, iv1, sizeof(iv1));
|
||||
|
||||
crypto_use_buf(crp, resultC2, sizeof(resultC2));
|
||||
crp->crp_payload_start = 0;
|
||||
crp->crp_payload_length = sizeof(p);
|
||||
|
||||
crp->crp_aad = a;
|
||||
crp->crp_aad_start = 0;
|
||||
crp->crp_aad_length = sizeof(a);
|
||||
crp->crp_digest_start = crp->crp_payload_start + sizeof(p);
|
||||
|
||||
error = crypto_dispatch(crp);
|
||||
if (error) {
|
||||
goto test_aes_gcm_out;
|
||||
}
|
||||
|
||||
error = XMEMCMP(resultC2, c1, sizeof(c1));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
error = XMEMCMP(resultC2 + sizeof(p), t1, sizeof(t1));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
/* opencrypto decrypt */
|
||||
crp->crp_op = (CRYPTO_OP_DECRYPT | CRYPTO_OP_VERIFY_DIGEST);
|
||||
|
||||
error = crypto_dispatch(crp);
|
||||
if (error) {
|
||||
goto test_aes_gcm_out;
|
||||
}
|
||||
|
||||
error = XMEMCMP(resultC2, p, sizeof(p));
|
||||
if (error) { goto test_aes_gcm_out; }
|
||||
|
||||
test_aes_gcm_out:
|
||||
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
|
||||
device_printf(dev, "info: test_aes_gcm: error=%d, session=%p, crp=%p\n",
|
||||
error, (void *)session, (void*)crp);
|
||||
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
|
||||
|
||||
if (crp != NULL) {
|
||||
crypto_freereq(crp);
|
||||
crp = NULL;
|
||||
}
|
||||
|
||||
if (session != NULL) {
|
||||
crypto_freesession(session);
|
||||
session = NULL;
|
||||
}
|
||||
|
||||
if (enc != NULL) {
|
||||
wc_AesFree(enc);
|
||||
XFREE(enc, NULL, DYNAMIC_TYPE_AES);
|
||||
enc = NULL;
|
||||
}
|
||||
|
||||
return (error);
|
||||
}
|
||||
|
||||
|
||||
static int wolfkdriv_test_aes(device_t dev, int crid)
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
if (error == 0) {
|
||||
error = wolfkdriv_test_aes_cbc_big(dev, crid);
|
||||
}
|
||||
|
||||
if (error == 0) {
|
||||
error = wolfkdriv_test_aes_gcm(dev, crid);
|
||||
}
|
||||
|
||||
return (error);
|
||||
}
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES && BSDKM_CRYPTO_REGISTER */
|
||||
@@ -0,0 +1,225 @@
|
||||
/* x86_vecreg.c -- logic to save and restore vector registers
|
||||
* on amd64 in FreeBSD kernel.
|
||||
*
|
||||
* Copyright (C) 2006-2025 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* included by bsdkm/wolfkmod.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#include <sys/proc.h>
|
||||
#include <sys/smp.h>
|
||||
#include <machine/fpu.h>
|
||||
#include <machine/pcb.h>
|
||||
|
||||
struct wolfkmod_fpu_state_t {
|
||||
volatile lwpid_t td_tid;
|
||||
volatile u_int nest;
|
||||
};
|
||||
|
||||
typedef struct wolfkmod_fpu_state_t wolfkmod_fpu_state_t;
|
||||
|
||||
/* fpu_states array tracks thread id and nesting level of save/restore
|
||||
* and push/pop vector registers macro calls. It is indexed by raw cpu id,
|
||||
* and only accessed after the thread calls fpu_kern_enter(), and before
|
||||
* calling fpu_kern_leave(), and only indexed by the thread's PCPU_GET(cpuid).
|
||||
*
|
||||
* after calling fpu_kern_enter():
|
||||
* - kernel fpu is enabled
|
||||
* - migration is disabled
|
||||
* - soft preempts are disabled
|
||||
* Hard irq are still possible , but hard irq are forbidden from using FPU
|
||||
* in FreeBSD kernel.
|
||||
* */
|
||||
static wolfkmod_fpu_state_t * fpu_states = NULL;
|
||||
|
||||
/* check for active td_tid with atomic before proceeding.
|
||||
* technically not necessary because fpu_kern_enter() gives thread pinning
|
||||
* to cpu, but just to be safe...
|
||||
* */
|
||||
#define wolfkmod_fpu_get_tid() \
|
||||
atomic_load_acq_int(&fpu_states[PCPU_GET(cpuid)].td_tid)
|
||||
|
||||
int wolfkmod_vecreg_init(void)
|
||||
{
|
||||
if (mp_ncpus <= 0) {
|
||||
printf("error: wolfkmod_vecreg_init: mp_ncpus = %d\n", mp_ncpus);
|
||||
return (EINVAL);
|
||||
}
|
||||
|
||||
fpu_states = malloc(mp_ncpus * sizeof(wolfkmod_fpu_state_t),
|
||||
M_WOLFSSL, M_WAITOK | M_ZERO);
|
||||
if (fpu_states == NULL) {
|
||||
printf("error: wolfkmod_vecreg_init: malloc(%lu) failed\n",
|
||||
mp_ncpus * sizeof(wolfkmod_fpu_state_t));
|
||||
return (ENOMEM);
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
void wolfkmod_vecreg_exit(void)
|
||||
{
|
||||
int i = 0;
|
||||
|
||||
if (fpu_states == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 0; i < mp_ncpus; ++i) {
|
||||
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
|
||||
printf("info: wolfkmod_vecreg_exit: fpu_states[%d] = %d, %d\n",
|
||||
i, fpu_states[i].nest, fpu_states[i].td_tid);
|
||||
#endif /* WOLFSSL_BSDKM_FPU_DEBUG */
|
||||
|
||||
if (fpu_states[i].nest != 0 || fpu_states[i].td_tid != 0) {
|
||||
/* Check for orphaned fpu state. There's nothing we can do
|
||||
* but log the event and zero the nesting level. */
|
||||
printf("error: wolfkmod_vecreg_exit: fpu_states[%d] = %d, %d\n",
|
||||
i, fpu_states[i].nest, fpu_states[i].td_tid);
|
||||
fpu_states[i].nest = 0;
|
||||
}
|
||||
}
|
||||
|
||||
free(fpu_states, M_WOLFSSL);
|
||||
fpu_states = NULL;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/* fpu_kern_enter() and fpu_kern_leave() wrapper defines.
|
||||
* Build with WOLFSSL_BSDKM_FPU_DEBUG to see verbose FPU logging.
|
||||
*/
|
||||
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
|
||||
#define wolfkmod_print_curthread(what) \
|
||||
printf("%s: cpuid = %d, curthread: td_tid = %d, pid = %d (%s), " \
|
||||
"td_critnest = %d, kernfpu = %02x\n", \
|
||||
(what), PCPU_GET(cpuid), curthread->td_tid, \
|
||||
curthread->td_proc ? curthread->td_proc->p_pid : -1, \
|
||||
curthread->td_proc ? curthread->td_proc->p_comm : "noproc", \
|
||||
curthread->td_critnest, \
|
||||
curthread->td_pcb->pcb_flags & PCB_KERNFPU);
|
||||
|
||||
#define wolfkmod_fpu_kern_enter() \
|
||||
wolfkmod_print_curthread("fpu_kern_enter"); \
|
||||
fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX);
|
||||
|
||||
#define wolfkmod_fpu_kern_leave() \
|
||||
wolfkmod_print_curthread("fpu_kern_leave"); \
|
||||
fpu_kern_leave(curthread, NULL);
|
||||
#else
|
||||
#define wolfkmod_fpu_kern_enter() \
|
||||
fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX);
|
||||
|
||||
#define wolfkmod_fpu_kern_leave() \
|
||||
fpu_kern_leave(curthread, NULL);
|
||||
#endif /* WOLFSSL_BSDKM_FPU_DEBUG */
|
||||
|
||||
int wolfkmod_vecreg_save(int flags_unused)
|
||||
{
|
||||
(void)flags_unused;
|
||||
|
||||
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
|
||||
wolfkmod_print_curthread("wolfkmod_vecreg_save");
|
||||
#endif
|
||||
|
||||
if (is_fpu_kern_thread(0)) {
|
||||
/* kernel fpu threads are special, do nothing. They own a
|
||||
* persistent, dedicated fpu context. */
|
||||
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
|
||||
printf("info: wolfkmod_vecreg_save: is fpu kern thread\n");
|
||||
#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (curthread->td_pcb->pcb_flags & PCB_KERNFPU) {
|
||||
/* kern fpu is active for this thread. check td_tid and
|
||||
* increment nesting level. */
|
||||
lwpid_t td_tid = wolfkmod_fpu_get_tid();
|
||||
if (td_tid != curthread->td_tid) {
|
||||
printf("error: wolfkmod_vecreg_save: got tid = %d, expected %d\n",
|
||||
td_tid, curthread->td_tid);
|
||||
return (EINVAL);
|
||||
}
|
||||
fpu_states[PCPU_GET(cpuid)].nest++;
|
||||
}
|
||||
else {
|
||||
/* kern fpu not active for this thread, call fpu_kern_enter().
|
||||
* after calling fpu_kern_enter():
|
||||
* - kernel fpu is enabled
|
||||
* - migration is disabled
|
||||
* - soft preempts are disabled */
|
||||
lwpid_t td_tid = 0;
|
||||
wolfkmod_fpu_kern_enter();
|
||||
td_tid = wolfkmod_fpu_get_tid();
|
||||
|
||||
if (fpu_states[PCPU_GET(cpuid)].nest != 0 || td_tid != 0) {
|
||||
printf("error: wolfkmod_fpu_kern_enter() with nest: %d, %d\n",
|
||||
fpu_states[PCPU_GET(cpuid)].nest, td_tid);
|
||||
return (EINVAL);
|
||||
}
|
||||
|
||||
/* increment nest and save td_tid. */
|
||||
fpu_states[PCPU_GET(cpuid)].nest++;
|
||||
fpu_states[PCPU_GET(cpuid)].td_tid = curthread->td_tid;
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
void wolfkmod_vecreg_restore(void)
|
||||
{
|
||||
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
|
||||
wolfkmod_print_curthread("wolfkmod_vecreg_restore");
|
||||
#endif
|
||||
|
||||
if (is_fpu_kern_thread(0)) {
|
||||
/* kernel fpu threads are special, do nothing. They own a
|
||||
* persistent, dedicated fpu context. */
|
||||
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
|
||||
printf("info: wolfkmod_vecreg_restore: is fpu kern thread\n");
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
if (curthread->td_pcb->pcb_flags & PCB_KERNFPU) {
|
||||
/* kern fpu is active for this thread. check tid and nesting level. */
|
||||
lwpid_t td_tid = wolfkmod_fpu_get_tid();
|
||||
if (td_tid != curthread->td_tid) {
|
||||
printf("error: wolfkmod_vecreg_restore: got tid = %d, "
|
||||
"expected %d\n", td_tid, curthread->td_tid);
|
||||
return;
|
||||
}
|
||||
|
||||
/* decrement the nesting level. */
|
||||
if (fpu_states[PCPU_GET(cpuid)].nest > 0) {
|
||||
fpu_states[PCPU_GET(cpuid)].nest--;
|
||||
}
|
||||
|
||||
/* if last level, zero the thread id then call fpu_kern_leave */
|
||||
if (fpu_states[PCPU_GET(cpuid)].nest == 0) {
|
||||
fpu_states[PCPU_GET(cpuid)].td_tid = 0;
|
||||
wolfkmod_fpu_kern_leave();
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
@@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDUDCCAjigAwIBAgIUQy4lyOzJcvFVekNsQWuUegW0kGgwDQYJKoZIhvcNAQEL
|
||||
BQAwGzEZMBcGA1UEAwwQd29sZnNzbC1haWEtdGVzdDAeFw0yNjAxMjYyMzE1NTZa
|
||||
Fw0yNzAxMjYyMzE1NTZaMBsxGTAXBgNVBAMMEHdvbGZzc2wtYWlhLXRlc3QwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM1vUyiX+qtPFhhEqZq3bCUKpd
|
||||
6QtswO7YWj+us79yh99mIGE7EZlSfTv0n3rn2//m5bQ7a+TSYMkDyNjPEH6Z+ub2
|
||||
qW4EJyc4J9DfC+T9gJM4dvsij+F8TUne/o5iCwFdiZEycEj0vtyYh53du3oqlZTY
|
||||
yt8q4k5INoTl+ELCX/L0YqR/+Fl2qaloK7YHUb3EdSqBEGoa/IEfnxHMreZWhVYd
|
||||
pSdDnT9rfNqT5Kb2e+eZbZZSouEmebhx9ioRfIXDadSCCa1JNp4fO3YlcDmmEahx
|
||||
6TcjEmhUt80+hjhJhqrh4vPlxI24qHmfOe+k2qSimpJse/AUuz7wGRjx6ktfAgMB
|
||||
AAGjgYswgYgwHQYDVR0OBBYEFMvT3KE5dvI6t3KNrcuctkm6wvXMMB8GA1UdIwQY
|
||||
MBaAFMvT3KE5dvI6t3KNrcuctkm6wvXMMA8GA1UdEwEB/wQFMAMBAf8wNQYIKwYB
|
||||
BQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vZXhhbXBsZS5jb20vY2EucGVt
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQCjxEHOlxVfmE8xgcQCnr1b4IK5EBuIMUaS7lko
|
||||
AHmHvj7z9rr2cxbJhGYQxcttZ4/SQldRqpmiB0cUmko4LbD9yos4FKlyGe3xWvKa
|
||||
W17SdpJU2PREShGLLqP7bwiWV6wVyo6puwDHLYSjH5vYr+IcSNNc0GuMZg1OhTWt
|
||||
2PYG2vGbHoNR0/UyNibGmaPBimg0nb2GTizY7yWm+N/yXnWa6Wc5yyiF1zExw/GO
|
||||
8O/rF0Lg/Gy/v6LnnNmhSOr9ENPKgQEAHFmJRXBXqDYUNhcm2U3PzlfBa06SHFcr
|
||||
b59n5jgJmcNSwYDJAYKEhMvjBL40DmiWaRfol2DPoIZ7YtRf
|
||||
-----END CERTIFICATE-----
|
||||
@@ -0,0 +1,23 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDwTCCAqmgAwIBAgIUEcNoHSMtIkVhW/MmkmUEsVoJVQEwDQYJKoZIhvcNAQEL
|
||||
BQAwITEfMB0GA1UEAwwWd29sZnNzbC1haWEtbXVsdGktdGVzdDAeFw0yNjAxMjcw
|
||||
MTUwNDRaFw0yNzAxMjcwMTUwNDRaMCExHzAdBgNVBAMMFndvbGZzc2wtYWlhLW11
|
||||
bHRpLXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVdogPQ2I
|
||||
/nErbxSaNGoYhkwoj1qt+Be1/qWnvZzJ0EBOG4EdioMRIkJzP6W3HoAhkGBrueXf
|
||||
riN07M3XLocRfE+9C1+jZQxBGRxysns9z7K+i0pBtPN/AXV2RCSz13FFyVyLhLks
|
||||
2YAL9By36X9R0wsL+Nd4EAQ4ouf0GglmTmtb5rHf2GIno4xFg9tpWosiUTytwgDC
|
||||
K9lQEQnTnPG6E43N2bszqBc4roOPrYDnd7raNTqcv9yTHM8zwffGJuCogE/Fbr2R
|
||||
yVubLW28n5/O1Pb47hHuPJv6oHMZgct2SV5OB/mwVgI0eoFMSQZ35o6BpHD0C497
|
||||
L2IcoMi8A9rFAgMBAAGjgfAwge0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAoQw
|
||||
gbAGCCsGAQUFBwEBBIGjMIGgMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4x
|
||||
OjIyMjIxMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMCkGCCsG
|
||||
AQUFBzAChh1odHRwOi8vd3d3LndvbGZzc2wuY29tL2NhLnBlbTArBggrBgEFBQcw
|
||||
AoYfaHR0cHM6Ly93d3cud29sZnNzbC5jb20vY2EyLnBlbTAdBgNVHQ4EFgQU1GNm
|
||||
eP/LXQk0tFaTeWoNHyLhLZkwDQYJKoZIhvcNAQELBQADggEBACwuXdKYI2Q/Vhd7
|
||||
TJFvKdp7BuUopQGEQ+4vR+FoesYXc9MHjZJfMqEffv1MArTeY46At/zvcTeszagi
|
||||
io+jjGBLOutsAf9WK3PnKMIkGGfro6btZ8QFyKiZ6unMMlqe6cGqrCrNKp8jLP3k
|
||||
CKZltR5c+MIPhpjoOhNDMOcPMwZBGQJWubwOb4uOu3wv7UWJk/ovKP9WJCUn6wLH
|
||||
soDs+MHMICkxOvDfPf+F4URVqTbzE8IvSMv38z4cAqsyEfWxr32Dg34S/NmeePFV
|
||||
7sSDpksvyITGsxjnQulSuUFSmldumQ6GnA4ZUXvCNdJ0zbD/Iib9ud6K05VdWYZP
|
||||
uyCRkjY=
|
||||
-----END CERTIFICATE-----
|
||||
@@ -0,0 +1,26 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEcDCCA1igAwIBAgIUN5kIU1GLRP5bRKctP271p7IGFVowDQYJKoZIhvcNAQEL
|
||||
BQAwJDEiMCAGA1UEAwwZd29sZnNzbC1haWEtb3ZlcmZsb3ctdGVzdDAeFw0yNjAx
|
||||
MjcwMTU1NTBaFw0yNzAxMjcwMTU1NTBaMCQxIjAgBgNVBAMMGXdvbGZzc2wtYWlh
|
||||
LW92ZXJmbG93LXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS
|
||||
eHeAzVuCe44SU8bcyIWLwkA2AABw/ctSBWKAFEd7DYHduRr3diblHERU1Fv5JzYx
|
||||
JnZquj1IO/qsnSFJYDc9sQmYea89iW8KNPVXKDzdbzhpiQLZL7Yq71ICxxqVLfRr
|
||||
91lyAj0+Syncrp96olSpMJochVnQ6PqLcc/Gq7CMtrKn5KAN7Mn3+LdAQYU8JjRa
|
||||
zqEJ8fmkBKbS5watzgnkP2o5jWSpWzpDOxTdw85hju4H9m5Gmun3XVO9dEAN/dqK
|
||||
vklkzgQGvAMMQMIcgOzw0HxAuvsSNtjgEpIlOir0M7YiC0pYqtMO+thSCmVCvsDR
|
||||
/nG/iqe6YBSXh6oszGwTAgMBAAGjggGYMIIBlDAMBgNVHRMEBTADAQH/MAsGA1Ud
|
||||
DwQEAwIChDCCAVYGCCsGAQUFBwEBBIIBSDCCAUQwIgYIKwYBBQUHMAGGFmh0dHA6
|
||||
Ly8xMjcuMC4wLjE6MjIyMjAwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6
|
||||
MjIyMjEwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjIwIgYIKwYB
|
||||
BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjMwIgYIKwYBBQUHMAGGFmh0dHA6
|
||||
Ly8xMjcuMC4wLjE6MjIyMjQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6
|
||||
MjIyMjUwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjYwIgYIKwYB
|
||||
BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjcwIgYIKwYBBQUHMAGGFmh0dHA6
|
||||
Ly8xMjcuMC4wLjE6MjIyMjgwHQYDVR0OBBYEFJt6TNgqMFBebotXaauIYPpUJi1S
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQA5noHB343sKQqVmmLds0gC/k1UhVA5iftAGmes
|
||||
uRdNOOCdo2i739DmRAXggetgtatcjDfjxkrvq0Qi+geozZra6uX9FT/hgfw6kDpU
|
||||
HKzJFy4E0G0HTM8mtJi+aGDZL3Lts+h272eahkT1jVKGAPFugqfz7fKRsMce6eCE
|
||||
UD5cvtQXX16fGhBxxmUCZPnxMKcj2oNl7RliHphK6ofXuNbKjqjVQfxsTUXSQDyS
|
||||
ApH5w6iUnAvC5l19qYrBcCVOB6CNJ2CdmvFI//Ox8Jc56HRYYDIdVp2Q3FFA5Z4s
|
||||
gTLvlumVgihAekD+0zVF9q+AJ4TSbE3cqsQgHF/+p84KxWid
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
@@ -0,0 +1,10 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBdDCCARkCAQEwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
|
||||
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
|
||||
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
|
||||
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAyMDQwMzU0Mjla
|
||||
Fw0yNjAzMDYwMzU0MjlaMFAwEgIBAhcNMjYwMjA0MDM1NDI5WjASAgEDFw0yNjAy
|
||||
MDQwMzU0MjlaMBICAQQXDTI2MDIwNDAzNTQyOVowEgIBAxcNMjYwMjA0MDM1NDI5
|
||||
WjAKBggqhkjOPQQDAgNJADBGAiEA6xz109x9tZwaxxs3iLvW65h9AGL8+e1gTnbr
|
||||
GoEsXaQCIQDzxO4LU1d6seHETQDKjUEXivHuvC6f0Nq5uARmWX0DOA==
|
||||
-----END X509 CRL-----
|
||||
Binary file not shown.
@@ -0,0 +1,14 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIICMTCCARkCAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
|
||||
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
|
||||
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
|
||||
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAyMDQwMzU0Mjla
|
||||
Fw0yNjAzMDYwMzU0MjlaMFAwEgIBAhcNMjYwMjA0MDM1NDI5WjASAgEDFw0yNjAy
|
||||
MDQwMzU0MjlaMBICAQQXDTI2MDIwNDAzNTQyOVowEgIBARcNMjYwMjA0MDM1NDI5
|
||||
WjANBgkqhkiG9w0BAQsFAAOCAQEAid2CDa/invAbnAJaeVVkS8mRjI/kR0aPHwt1
|
||||
/Sz6w+j163+KZnBwUNgrMmLSMbssm8oxQ8i8zNvBeYd6u1x2N/jw/cwH2rxhZ3zQ
|
||||
bOkDQKKe2eRYXMykAl1uj2VwCeu8/ivqbimYReq7iloEHo8PUiizs1Pj6zJ59I1u
|
||||
LRZDDlS9wiY+VVkKx28dxyClsqtJNCvz5ezNB8GeH+gekaJ1tJVbd3TujBajPPAx
|
||||
R6FobbOOavCZPyGkeZlU/T9S5FwIi07qga5Zuq/9Dy7YwiVya3sAZ/nTYY++HKDQ
|
||||
DL0Bs3/05Lf8BLaf2CX2vGvan4JCQv9CMdnlYBifwvQCeUToyQ==
|
||||
-----END X509 CRL-----
|
||||
@@ -22,7 +22,9 @@ EXTRA_DIST += \
|
||||
EXTRA_DIST += \
|
||||
certs/crl/crl.revoked \
|
||||
certs/crl/extra-crls/ca-int-cert-revoked.pem \
|
||||
certs/crl/extra-crls/general-server-crl.pem
|
||||
certs/crl/extra-crls/general-server-crl.pem \
|
||||
certs/crl/extra-crls/large_crlnum.pem \
|
||||
certs/crl/extra-crls/large_crlnum2.pem
|
||||
|
||||
# Intermediate cert CRL's
|
||||
EXTRA_DIST += \
|
||||
|
||||
+5
-1
@@ -85,6 +85,11 @@ EXTRA_DIST += \
|
||||
certs/dh-pub-2048.pem \
|
||||
certs/dsa2048.pem
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/aia/ca-issuers-cert.pem \
|
||||
certs/aia/multi-aia-cert.pem \
|
||||
certs/aia/overflow-aia-cert.pem
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/ca-key.der \
|
||||
certs/ca-cert.der \
|
||||
@@ -154,4 +159,3 @@ include certs/sphincs/include.am
|
||||
include certs/rpk/include.am
|
||||
include certs/acert/include.am
|
||||
include certs/mldsa/include.am
|
||||
|
||||
|
||||
@@ -31,6 +31,9 @@
|
||||
# fpki-cert.der
|
||||
# fpki-certpol-cert.der
|
||||
# rid-cert.der
|
||||
# aia/ca-issuers-cert.pem
|
||||
# aia/multi-aia-cert.pem
|
||||
# aia/overflow-aia-cert.pem
|
||||
# updates the following crls:
|
||||
# crl/cliCrl.pem
|
||||
# crl/crl.pem
|
||||
@@ -292,6 +295,60 @@ run_renewcerts(){
|
||||
echo "End of section"
|
||||
echo "---------------------------------------------------------------------"
|
||||
############################################################
|
||||
########## update AIA test certs ###########################
|
||||
############################################################
|
||||
echo "Updating AIA test certs"
|
||||
echo ""
|
||||
mkdir -p aia
|
||||
|
||||
echo "Updating aia/ca-issuers-cert.pem"
|
||||
echo ""
|
||||
openssl req -new -newkey rsa:2048 -nodes -keyout aia/ca-issuers-key.pem -subj "/CN=wolfssl-aia-test" -out aia/ca-issuers-cert.csr
|
||||
check_result $? "Step AIA-1"
|
||||
|
||||
openssl x509 -req -in aia/ca-issuers-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_ca_issuers -signkey aia/ca-issuers-key.pem -out aia/ca-issuers-cert.pem
|
||||
check_result $? "Step AIA-2"
|
||||
rm aia/ca-issuers-cert.csr
|
||||
|
||||
openssl x509 -in aia/ca-issuers-cert.pem -text > tmp.pem
|
||||
check_result $? "Step AIA-3"
|
||||
mv tmp.pem aia/ca-issuers-cert.pem
|
||||
rm aia/ca-issuers-key.pem
|
||||
echo "End of section"
|
||||
echo "---------------------------------------------------------------------"
|
||||
|
||||
echo "Updating aia/multi-aia-cert.pem"
|
||||
echo ""
|
||||
openssl req -new -newkey rsa:2048 -nodes -keyout aia/multi-aia-key.pem -subj "/CN=wolfssl-aia-multi-test" -out aia/multi-aia-cert.csr
|
||||
check_result $? "Step AIA-4"
|
||||
|
||||
openssl x509 -req -in aia/multi-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_multi -signkey aia/multi-aia-key.pem -out aia/multi-aia-cert.pem
|
||||
check_result $? "Step AIA-5"
|
||||
rm aia/multi-aia-cert.csr
|
||||
|
||||
openssl x509 -in aia/multi-aia-cert.pem -text > tmp.pem
|
||||
check_result $? "Step AIA-6"
|
||||
mv tmp.pem aia/multi-aia-cert.pem
|
||||
rm aia/multi-aia-key.pem
|
||||
echo "End of section"
|
||||
echo "---------------------------------------------------------------------"
|
||||
|
||||
echo "Updating aia/overflow-aia-cert.pem"
|
||||
echo ""
|
||||
openssl req -new -newkey rsa:2048 -nodes -keyout aia/overflow-aia-key.pem -subj "/CN=wolfssl-aia-overflow-test" -out aia/overflow-aia-cert.csr
|
||||
check_result $? "Step AIA-7"
|
||||
|
||||
openssl x509 -req -in aia/overflow-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_overflow -signkey aia/overflow-aia-key.pem -out aia/overflow-aia-cert.pem
|
||||
check_result $? "Step AIA-8"
|
||||
rm aia/overflow-aia-cert.csr
|
||||
|
||||
openssl x509 -in aia/overflow-aia-cert.pem -text > tmp.pem
|
||||
check_result $? "Step AIA-9"
|
||||
mv tmp.pem aia/overflow-aia-cert.pem
|
||||
rm aia/overflow-aia-key.pem
|
||||
echo "End of section"
|
||||
echo "---------------------------------------------------------------------"
|
||||
############################################################
|
||||
########## update the self-signed ca-cert-chain.der ########
|
||||
############################################################
|
||||
echo "Updating ca-cert-chain.der"
|
||||
|
||||
@@ -321,6 +321,45 @@ keyUsage=critical, digitalSignature, keyCertSign, cRLSign
|
||||
[ crl_dist_points ]
|
||||
crlDistributionPoints=URI:http://www.wolfssl.com/crl.pem
|
||||
|
||||
# AIA test certs
|
||||
[ aia_ca_issuers ]
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
basicConstraints=critical,CA:true
|
||||
authorityInfoAccess=@aia_ca_issuers_info
|
||||
|
||||
[ aia_ca_issuers_info ]
|
||||
caIssuers;URI.0=http://example.com/ca.pem
|
||||
|
||||
[ aia_multi ]
|
||||
subjectKeyIdentifier=hash
|
||||
basicConstraints=CA:true
|
||||
keyUsage=digitalSignature, keyCertSign
|
||||
authorityInfoAccess=@aia_multi_info
|
||||
|
||||
[ aia_multi_info ]
|
||||
OCSP;URI.0=http://127.0.0.1:22221
|
||||
OCSP;URI.1=http://127.0.0.1:22222
|
||||
caIssuers;URI.0=http://www.wolfssl.com/ca.pem
|
||||
caIssuers;URI.1=https://www.wolfssl.com/ca2.pem
|
||||
|
||||
[ aia_overflow ]
|
||||
subjectKeyIdentifier=hash
|
||||
basicConstraints=CA:true
|
||||
keyUsage=digitalSignature, keyCertSign
|
||||
authorityInfoAccess=@aia_overflow_info
|
||||
|
||||
[ aia_overflow_info ]
|
||||
OCSP;URI.0=http://127.0.0.1:22220
|
||||
OCSP;URI.1=http://127.0.0.1:22221
|
||||
OCSP;URI.2=http://127.0.0.1:22222
|
||||
OCSP;URI.3=http://127.0.0.1:22223
|
||||
OCSP;URI.4=http://127.0.0.1:22224
|
||||
OCSP;URI.5=http://127.0.0.1:22225
|
||||
OCSP;URI.6=http://127.0.0.1:22226
|
||||
OCSP;URI.7=http://127.0.0.1:22227
|
||||
OCSP;URI.8=http://127.0.0.1:22228
|
||||
|
||||
#tsa default
|
||||
[ tsa ]
|
||||
default_tsa = tsa_config1
|
||||
@@ -404,4 +443,3 @@ DNS.1 = www.example.org
|
||||
URI.1 = https://www.wolfssl.com/
|
||||
otherName.2 = 2.16.840.1.101.3.6.6;FORMAT:HEX,OCT:D1:38:10:D8:28:AF:2C:10:84:35:15:A1:68:58:28:AF:02:10:86:A2:84:E7:39:C3:EB
|
||||
|
||||
|
||||
|
||||
@@ -1,4 +1,9 @@
|
||||
@PACKAGE_INIT@
|
||||
# Autoconf-generated configs won't define PACKAGE_PREFIX_DIR; fall back to the
|
||||
# configured install prefix for non-relocatable packages.
|
||||
if (NOT DEFINED PACKAGE_PREFIX_DIR)
|
||||
set(PACKAGE_PREFIX_DIR "@WOLFSSL_PREFIX_ABS@")
|
||||
endif()
|
||||
|
||||
include(CMakeFindDependencyMacro)
|
||||
if (@HAVE_PTHREAD@)
|
||||
|
||||
+3
-1
@@ -3,6 +3,9 @@
|
||||
This directory contains some supplementary functions for the [CMakeLists.txt](../CMakeLists.txt) in the root.
|
||||
|
||||
See also cmake notes in the [INSTALL](../INSTALL) documentation file.
|
||||
When building with autoconf/automake, CMake package files are installed by default
|
||||
under $(libdir)/cmake/wolfssl to support find_package(wolfssl). Disable with
|
||||
./configure --disable-cmake-install.
|
||||
|
||||
If new CMake build options are added `cmake/options.h.in` must also be updated.
|
||||
|
||||
@@ -56,4 +59,3 @@ See the Microsoft [CMakeSettings.json schema reference](https://learn.microsoft.
|
||||
* Specific environment variables
|
||||
* *UI-related tweaks
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
cmake_minimum_required(VERSION 3.10)
|
||||
|
||||
project(wolfssl_consumer C)
|
||||
|
||||
find_package(wolfssl CONFIG REQUIRED)
|
||||
|
||||
add_executable(wolfssl_consumer main.c)
|
||||
target_link_libraries(wolfssl_consumer PRIVATE wolfssl::wolfssl)
|
||||
@@ -0,0 +1,12 @@
|
||||
# CMake consumer test
|
||||
|
||||
This is a minimal CMake project that consumes the installed wolfSSL
|
||||
package config.
|
||||
|
||||
## Build
|
||||
|
||||
```
|
||||
cmake -S . -B build -DCMAKE_PREFIX_PATH=/path/to/wolfssl/install
|
||||
cmake --build build
|
||||
./build/wolfssl_consumer
|
||||
```
|
||||
@@ -0,0 +1,11 @@
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
int main(void)
|
||||
{
|
||||
if (wolfSSL_Init() != WOLFSSL_SUCCESS) {
|
||||
return 1;
|
||||
}
|
||||
wolfSSL_Cleanup();
|
||||
return 0;
|
||||
}
|
||||
@@ -1,7 +1,19 @@
|
||||
EXTRA_DIST += cmake/README.md
|
||||
EXTRA_DIST += cmake/Config.cmake.in
|
||||
EXTRA_DIST += cmake/wolfssl-config-version.cmake.in
|
||||
EXTRA_DIST += cmake/wolfssl-targets.cmake.in
|
||||
EXTRA_DIST += cmake/consumer/CMakeLists.txt
|
||||
EXTRA_DIST += cmake/consumer/main.c
|
||||
EXTRA_DIST += cmake/consumer/README.md
|
||||
EXTRA_DIST += cmake/config.in
|
||||
EXTRA_DIST += cmake/functions.cmake
|
||||
EXTRA_DIST += cmake/options.h.in
|
||||
EXTRA_DIST += cmake/modules/FindARIA.cmake
|
||||
EXTRA_DIST += cmake/modules/FindOQS.cmake
|
||||
|
||||
if CMAKE_INSTALL
|
||||
cmakedir = $(libdir)/cmake/wolfssl
|
||||
cmake_DATA = cmake/wolfssl-config.cmake \
|
||||
cmake/wolfssl-config-version.cmake \
|
||||
cmake/wolfssl-targets.cmake
|
||||
endif
|
||||
|
||||
@@ -270,6 +270,10 @@ extern "C" {
|
||||
#cmakedefine WOLFSSL_AES_OFB
|
||||
#undef WOLFSSL_AES_SIV
|
||||
#cmakedefine WOLFSSL_AES_SIV
|
||||
#undef HAVE_AES_ECB
|
||||
#cmakedefine HAVE_AES_ECB
|
||||
#undef WOLFSSL_AES_CTS
|
||||
#cmakedefine WOLFSSL_AES_CTS
|
||||
#undef WOLFSSL_ALT_CERT_CHAINS
|
||||
#cmakedefine WOLFSSL_ALT_CERT_CHAINS
|
||||
#undef WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
|
||||
@@ -302,6 +306,8 @@ extern "C" {
|
||||
#cmakedefine WOLFSSL_DTLS_CID
|
||||
#undef WOLFSSL_DTLS13
|
||||
#cmakedefine WOLFSSL_DTLS13
|
||||
#undef WOLFSSL_DTLS_CH_FRAG
|
||||
#cmakedefine WOLFSSL_DTLS_CH_FRAG
|
||||
#undef WOLFSSL_EITHER_SIDE
|
||||
#cmakedefine WOLFSSL_EITHER_SIDE
|
||||
#undef WOLFSSL_ENCRYPTED_KEYS
|
||||
@@ -402,6 +408,8 @@ extern "C" {
|
||||
#cmakedefine WOLFSSL_WC_XMSS
|
||||
#undef HAVE_SECRET_CALLBACK
|
||||
#cmakedefine HAVE_SECRET_CALLBACK
|
||||
#undef WC_RSA_DIRECT
|
||||
#cmakedefine WC_RSA_DIRECT
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
# Generated by autoconf; do not edit.
|
||||
|
||||
set(PACKAGE_VERSION "@PACKAGE_VERSION@")
|
||||
|
||||
# Keep behavior aligned with the native CMake build's AnyNewerVersion semantics:
|
||||
# compatible when the installed version is >= the requested version.
|
||||
set(PACKAGE_VERSION_COMPATIBLE FALSE)
|
||||
set(PACKAGE_VERSION_EXACT FALSE)
|
||||
|
||||
if (PACKAGE_VERSION VERSION_LESS PACKAGE_FIND_VERSION)
|
||||
# not compatible
|
||||
else ()
|
||||
set(PACKAGE_VERSION_COMPATIBLE TRUE)
|
||||
if (PACKAGE_FIND_VERSION STREQUAL PACKAGE_VERSION)
|
||||
set(PACKAGE_VERSION_EXACT TRUE)
|
||||
endif ()
|
||||
endif ()
|
||||
@@ -0,0 +1,27 @@
|
||||
# Generated by autoconf; do not edit.
|
||||
|
||||
if (NOT TARGET wolfssl::wolfssl)
|
||||
add_library(wolfssl::wolfssl UNKNOWN IMPORTED)
|
||||
|
||||
set(_wolfssl_libdir "@WOLFSSL_LIBDIR_ABS@")
|
||||
set(_wolfssl_includedir "@WOLFSSL_INCLUDEDIR_ABS@")
|
||||
|
||||
find_library(WOLFSSL_LIBRARY NAMES wolfssl PATHS "${_wolfssl_libdir}" NO_DEFAULT_PATH)
|
||||
if (NOT WOLFSSL_LIBRARY)
|
||||
find_library(WOLFSSL_LIBRARY NAMES wolfssl)
|
||||
endif()
|
||||
if (NOT WOLFSSL_LIBRARY)
|
||||
message(FATAL_ERROR "wolfssl library not found. Looked in: ${_wolfssl_libdir}")
|
||||
endif()
|
||||
|
||||
set_target_properties(wolfssl::wolfssl PROPERTIES
|
||||
IMPORTED_LOCATION "${WOLFSSL_LIBRARY}"
|
||||
INTERFACE_INCLUDE_DIRECTORIES "${_wolfssl_includedir}"
|
||||
)
|
||||
|
||||
if (@WOLFSSL_HAVE_PTHREAD@)
|
||||
set_property(TARGET wolfssl::wolfssl APPEND PROPERTY
|
||||
INTERFACE_LINK_LIBRARIES Threads::Threads
|
||||
)
|
||||
endif()
|
||||
endif()
|
||||
+70
-15
@@ -33,6 +33,13 @@ m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
|
||||
|
||||
AC_ARG_PROGRAM
|
||||
|
||||
# Optional CMake package install (enabled by default)
|
||||
AC_ARG_ENABLE([cmake-install],
|
||||
[AS_HELP_STRING([--disable-cmake-install],[Disable installation of CMake package files])],
|
||||
[ ENABLED_CMAKE_INSTALL=$enableval ],
|
||||
[ ENABLED_CMAKE_INSTALL=yes ])
|
||||
AM_CONDITIONAL([CMAKE_INSTALL],[test "x$ENABLED_CMAKE_INSTALL" = "xyes"])
|
||||
|
||||
AC_CONFIG_HEADERS([config.h:config.in])
|
||||
|
||||
LT_PREREQ([2.4.2])
|
||||
@@ -123,9 +130,18 @@ then
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
|
||||
fi
|
||||
|
||||
# Kernel module benchmark
|
||||
ENABLED_KERNEL_BENCHMARKS=""
|
||||
AC_ARG_ENABLE([kernel-benchmarks],
|
||||
[AS_HELP_STRING([--enable-kernel-benchmarks],[Enable crypto benchmarking autorun at module load time for kernel module (default: disabled)])],
|
||||
[ENABLED_KERNEL_BENCHMARKS=$enableval])
|
||||
if test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_BENCHMARKS"
|
||||
fi
|
||||
AC_SUBST([ENABLED_KERNEL_BENCHMARKS])
|
||||
|
||||
# Linux Kernel Module options (more options later)
|
||||
|
||||
AC_ARG_ENABLE([linuxkm],
|
||||
[AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
|
||||
[ENABLED_LINUXKM=$enableval],
|
||||
@@ -145,6 +161,12 @@ AC_ARG_ENABLE([freebsdkm],
|
||||
[ENABLED_BSDKM=no]
|
||||
)
|
||||
|
||||
AC_ARG_ENABLE([freebsdkm-crypto-register],
|
||||
[AS_HELP_STRING([--enable-freebsdkm-crypto-register],[Register wolfCrypt implementations with the FreeBSD kernel opencrypto framework. (default: disabled)])],
|
||||
[ENABLED_BSDKM_REGISTER=$enableval],
|
||||
[ENABLED_BSDKM_REGISTER=no]
|
||||
)
|
||||
|
||||
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])
|
||||
AC_CHECK_LIB([network],[socket])
|
||||
AC_C_BIGENDIAN
|
||||
@@ -727,10 +749,8 @@ AC_SUBST([ENABLED_LINUXKM_PIE])
|
||||
|
||||
AC_ARG_ENABLE([linuxkm-benchmarks],
|
||||
[AS_HELP_STRING([--enable-linuxkm-benchmarks],[Enable crypto benchmarking autorun at module load time for Linux kernel module (default: disabled)])],
|
||||
[ENABLED_KERNEL_BENCHMARKS=$enableval],
|
||||
[ENABLED_KERNEL_BENCHMARKS=no]
|
||||
)
|
||||
if test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
|
||||
[ENABLED_KERNEL_BENCHMARKS=$enableval])
|
||||
if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM_BENCHMARKS"
|
||||
fi
|
||||
@@ -819,17 +839,15 @@ AC_ARG_WITH([bsd-export-syms],
|
||||
|
||||
if test "x$ENABLED_BSDKM" = "xyes"
|
||||
then
|
||||
# wolfcrypt only, no-asm supported for now.
|
||||
# note: bsdkm is wolfcrypt only for now.
|
||||
HAVE_KERNEL_MODE=yes
|
||||
KERNEL_MODE_DEFAULTS=yes
|
||||
ENABLED_NO_LIBRARY=yes
|
||||
ENABLED_BENCHMARK=no
|
||||
ENABLED_ASM=no
|
||||
|
||||
output_objdir="$(realpath "$output_objdir")/bsdkm"
|
||||
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BSDKM -DWC_SIPHASH_NO_ASM"
|
||||
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO"
|
||||
AM_CFLAGS="$AM_CFLAGS -DXMALLOC_OVERRIDE -DWOLFCRYPT_ONLY"
|
||||
@@ -846,7 +864,16 @@ then
|
||||
fi
|
||||
AC_SUBST([KERNEL_ROOT])
|
||||
AC_SUBST([BSDKM_EXPORT_SYMS])
|
||||
fi
|
||||
|
||||
if test "x$ENABLED_BSDKM_REGISTER" = "xyes"
|
||||
then
|
||||
if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$enable_aesgcm_stream" != "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 6); then
|
||||
ENABLED_AESGCM_STREAM=yes
|
||||
fi
|
||||
|
||||
AM_CFLAGS="$AM_CFLAGS -DBSDKM_CRYPTO_REGISTER"
|
||||
AC_SUBST([ENABLED_BSDKM_REGISTER])
|
||||
fi
|
||||
# end FreeBSD configure
|
||||
|
||||
@@ -1383,13 +1410,13 @@ then
|
||||
esac
|
||||
fi
|
||||
|
||||
# 32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM. Disable
|
||||
# RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM. Disable
|
||||
# implicit activation, and error on explicit activation.
|
||||
if test "$enable_riscv_asm" = "yes" || (test "$enable_armasm" = "yes" && test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
|
||||
if test "$enable_riscv_asm" = "yes"
|
||||
then
|
||||
if test "$enable_aesgcm_stream" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
|
||||
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
|
||||
fi
|
||||
enable_aesgcm_stream=no
|
||||
fi
|
||||
@@ -2061,9 +2088,11 @@ AC_ARG_ENABLE([singlethreaded],
|
||||
[ ENABLED_SINGLETHREADED=$enableval ],
|
||||
[ ENABLED_SINGLETHREADED=no ])
|
||||
|
||||
WOLFSSL_HAVE_PTHREAD=0
|
||||
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
|
||||
AX_PTHREAD([
|
||||
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
|
||||
WOLFSSL_HAVE_PTHREAD=1
|
||||
# If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
|
||||
# versions of clang don't need the -Q flag when using pthreads.
|
||||
AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
|
||||
@@ -3969,6 +3998,8 @@ then
|
||||
ENABLED_X86_ASM=yes
|
||||
fi
|
||||
fi
|
||||
AC_SUBST([ENABLED_AESNI])
|
||||
AC_SUBST([ENABLED_AESNI_WITH_AVX])
|
||||
|
||||
AC_ARG_ENABLE([aligndata],
|
||||
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
|
||||
@@ -10689,11 +10720,9 @@ then
|
||||
if test "$ENABLED_AESGCM" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.])
|
||||
elif test "$ENABLED_RISCV_ASM" = "yes" || \
|
||||
(test "$ENABLED_ARMASM" = "yes" && \
|
||||
test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
|
||||
elif test "$ENABLED_RISCV_ASM" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
|
||||
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
|
||||
@@ -11263,6 +11292,26 @@ AC_SUBST([LIB_ADD])
|
||||
AC_SUBST([LIB_STATIC_ADD])
|
||||
AC_SUBST([LIBM])
|
||||
AC_SUBST([PC_LIBS_PRIVATE])
|
||||
AC_SUBST([WOLFSSL_HAVE_PTHREAD])
|
||||
HAVE_PTHREAD=$WOLFSSL_HAVE_PTHREAD
|
||||
AC_SUBST([HAVE_PTHREAD])
|
||||
PACKAGE_INIT=''
|
||||
AC_SUBST([PACKAGE_INIT])
|
||||
WOLFSSL_PREFIX_ABS=$prefix
|
||||
if test "x$WOLFSSL_PREFIX_ABS" = "xNONE"; then
|
||||
WOLFSSL_PREFIX_ABS=$ac_default_prefix
|
||||
fi
|
||||
WOLFSSL_EXEC_PREFIX_ABS=$exec_prefix
|
||||
if test "x$WOLFSSL_EXEC_PREFIX_ABS" = "xNONE"; then
|
||||
WOLFSSL_EXEC_PREFIX_ABS=$WOLFSSL_PREFIX_ABS
|
||||
fi
|
||||
prefix=$WOLFSSL_PREFIX_ABS
|
||||
exec_prefix=$WOLFSSL_EXEC_PREFIX_ABS
|
||||
eval WOLFSSL_LIBDIR_ABS=\"$libdir\"
|
||||
eval WOLFSSL_INCLUDEDIR_ABS=\"$includedir\"
|
||||
AC_SUBST([WOLFSSL_PREFIX_ABS])
|
||||
AC_SUBST([WOLFSSL_LIBDIR_ABS])
|
||||
AC_SUBST([WOLFSSL_INCLUDEDIR_ABS])
|
||||
|
||||
# FINAL
|
||||
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
|
||||
@@ -11275,6 +11324,12 @@ AC_CONFIG_FILES([Makefile
|
||||
rpm/spec
|
||||
wolfcrypt/test/test_paths.h
|
||||
])
|
||||
AS_IF([ test "x$ENABLED_CMAKE_INSTALL" = "xyes" ],[
|
||||
AC_CONFIG_FILES([cmake/wolfssl-config.cmake:cmake/Config.cmake.in
|
||||
cmake/wolfssl-config-version.cmake:cmake/wolfssl-config-version.cmake.in
|
||||
cmake/wolfssl-targets.cmake:cmake/wolfssl-targets.cmake.in
|
||||
])
|
||||
])
|
||||
AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test])
|
||||
AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])
|
||||
|
||||
|
||||
Vendored
+1
@@ -2,5 +2,6 @@ usr/include/
|
||||
usr/lib/*/libwolfssl.so
|
||||
usr/lib/*/libwolfssl.a
|
||||
usr/lib/*/pkgconfig/wolfssl.pc
|
||||
usr/lib/*/cmake/wolfssl/*
|
||||
usr/bin/wolfssl-config
|
||||
usr/share/doc/wolfssl/
|
||||
|
||||
@@ -180,3 +180,63 @@ void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb);
|
||||
\sa wc_CryptoCb_RegisterDevice
|
||||
*/
|
||||
void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
|
||||
|
||||
/*!
|
||||
\ingroup CryptoCb
|
||||
|
||||
\brief Import an AES key into a CryptoCB device for hardware offload.
|
||||
|
||||
This function allows AES keys to be handled by an external device
|
||||
(e.g. Secure Element or HSM). When supported, the device callback stores
|
||||
the key internally and sets an opaque handle in aes->devCtx.
|
||||
|
||||
When CryptoCB AES SetKey support is enabled
|
||||
(WOLF_CRYPTO_CB_AES_SETKEY), wolfCrypt routes AES-GCM operations
|
||||
through the CryptoCB interface.
|
||||
|
||||
**TLS Builds (Default):**
|
||||
- Key bytes ARE stored in wolfCrypt memory (devKey) for fallback
|
||||
- GCM tables ARE generated for software fallback
|
||||
- Provides hardware acceleration with automatic fallback
|
||||
|
||||
**Crypto-Only Builds (--disable-tls):**
|
||||
- Key bytes NOT stored in wolfCrypt memory (true key isolation)
|
||||
- GCM tables skipped (true hardware offload)
|
||||
- Callback must handle all GCM operations (SetKey, Encrypt, Decrypt, Free)
|
||||
|
||||
If the callback returns success (0), full AES-GCM offload is assumed.
|
||||
The callback must handle SetKey, Encrypt, Decrypt, and Free operations.
|
||||
|
||||
\param aes AES context
|
||||
\param key Pointer to raw AES key material
|
||||
\param keySz Size of key in bytes
|
||||
|
||||
\return 0 on success
|
||||
\return CRYPTOCB_UNAVAILABLE if device does not support this operation
|
||||
\return BAD_FUNC_ARG on invalid parameters
|
||||
|
||||
_Example_
|
||||
\code
|
||||
#include <wolfssl/wolfcrypt/cryptocb.h>
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
|
||||
Aes aes;
|
||||
byte key[32] = { /* 256-bit key */ };
|
||||
int devId = 1;
|
||||
|
||||
/* Register your CryptoCB callback first */
|
||||
wc_CryptoCb_RegisterDevice(devId, myCryptoCallback, NULL);
|
||||
|
||||
wc_AesInit(&aes, NULL, devId);
|
||||
/* wc_AesGcmSetKey internally calls wc_CryptoCb_AesSetKey */
|
||||
if (wc_CryptoCb_AesSetKey(&aes, key, sizeof(key)) == 0) {
|
||||
/* Key successfully imported to device via callback */
|
||||
/* aes.devCtx now contains device handle */
|
||||
/* Full GCM offload is assumed - callback must handle all operations */
|
||||
}
|
||||
\endcode
|
||||
|
||||
\sa wc_CryptoCb_RegisterDevice
|
||||
\sa wc_AesInit
|
||||
*/
|
||||
int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz);
|
||||
|
||||
@@ -74,4 +74,27 @@
|
||||
- \ref SAKKE_RSK
|
||||
- \ref SAKKE_Operations
|
||||
*/
|
||||
/*!
|
||||
\page AES_CryptoCB_KeyImport AES CryptoCB Key Import
|
||||
|
||||
When enabled via WOLF_CRYPTO_CB_AES_SETKEY, wolfSSL invokes a CryptoCB
|
||||
callback during AES key setup. The callback behavior determines the mode:
|
||||
|
||||
**If callback returns 0 (success):**
|
||||
- Key is imported to Secure Element/HSM
|
||||
- Key is NOT copied to wolfSSL RAM (true key isolation)
|
||||
- GCM tables are NOT generated (full hardware offload)
|
||||
- All subsequent AES operations route through CryptoCB
|
||||
|
||||
**If callback returns CRYPTOCB_UNAVAILABLE:**
|
||||
- SE doesn't support key import
|
||||
- Normal software AES path is used
|
||||
- Key is copied to devKey for CryptoCB encrypt/decrypt acceleration
|
||||
|
||||
This mode is compatible with Secure Elements and hardware-backed
|
||||
key storage and is intended for protecting TLS traffic keys.
|
||||
|
||||
\sa wc_CryptoCb_AesSetKey
|
||||
\sa \ref Crypto Callbacks
|
||||
*/
|
||||
|
||||
|
||||
@@ -376,7 +376,8 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats);
|
||||
buffers to themselves for their lifetime.
|
||||
WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running
|
||||
|
||||
\return none This function does not return a value.
|
||||
\return Returns 0 on success.
|
||||
\return Returns a non-zero integer on failure.
|
||||
|
||||
\param pHint WOLFSSL_HEAP_HINT structure to use
|
||||
\param buf memory to use for all operations.
|
||||
@@ -396,7 +397,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats);
|
||||
// load in memory for use
|
||||
|
||||
ret = wc_LoadStaticMemory(&hint, memory, memorySz, flag, 0);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
if (ret) {
|
||||
// handle error case
|
||||
}
|
||||
...
|
||||
@@ -419,7 +420,8 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf,
|
||||
into functions. This extended version allows for custom bucket sizes and distributions
|
||||
instead of using the default predefined sizes.
|
||||
|
||||
\return none This function does not return a value.
|
||||
\return Returns 0 on success.
|
||||
\return Returns a non-zero integer on failure.
|
||||
|
||||
\param pHint WOLFSSL_HEAP_HINT handle to initialize
|
||||
\param listSz number of entries in the size and distribution lists
|
||||
@@ -447,7 +449,7 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf,
|
||||
|
||||
ret = wc_LoadStaticMemory_ex(&hint, listSz, sizeList, distList,
|
||||
memory, memorySz, flag, 0);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
if (ret) {
|
||||
// handle error case
|
||||
}
|
||||
...
|
||||
|
||||
@@ -545,9 +545,10 @@
|
||||
* to assure that calls to get_random_bytes() in random.c are gated out
|
||||
* (they would recurse, potentially infinitely).
|
||||
*/
|
||||
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
|
||||
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
|
||||
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
|
||||
#if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
|
||||
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
|
||||
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \
|
||||
!defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \
|
||||
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
|
||||
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
|
||||
#endif
|
||||
|
||||
+25
-16
@@ -30,6 +30,22 @@
|
||||
#error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported.
|
||||
#endif
|
||||
|
||||
#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */
|
||||
#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
|
||||
(defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || \
|
||||
defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
|
||||
#ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#define LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#endif
|
||||
#else
|
||||
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
|
||||
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/sha.h>
|
||||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
|
||||
@@ -94,7 +110,14 @@
|
||||
* exhaustion. A caller that really needs PR can pass in seed data in its call
|
||||
* to our rng_alg.generate() implementation.
|
||||
*/
|
||||
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX)
|
||||
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
|
||||
WOLFKM_DRIVER_SUFFIX_BASE \
|
||||
"-with-global-replace")
|
||||
#else
|
||||
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
|
||||
WOLFKM_DRIVER_SUFFIX_BASE)
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA_ALL
|
||||
#define LINUXKM_LKCAPI_REGISTER_SHA1
|
||||
@@ -388,7 +411,7 @@
|
||||
#else
|
||||
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DRBG) && \
|
||||
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG)
|
||||
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3
|
||||
#error Config conflict: target kernel has CONFIG_CRYPTO_DRBG, but module is missing HAVE_HASHDRBG
|
||||
#endif
|
||||
#undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
#endif
|
||||
@@ -1257,20 +1280,6 @@ static struct rng_alg wc_linuxkm_drbg = {
|
||||
};
|
||||
static int wc_linuxkm_drbg_loaded = 0;
|
||||
|
||||
#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
|
||||
(defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
|
||||
#ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#define LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#endif
|
||||
#else
|
||||
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
|
||||
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
|
||||
|
||||
#ifndef WOLFSSL_SMALL_STACK_CACHE
|
||||
|
||||
@@ -17,10 +17,16 @@ MAINTAINERCLEANFILES+= $(FIPS_FILES)
|
||||
EXTRA_DIST += src/bio.c
|
||||
EXTRA_DIST += src/conf.c
|
||||
EXTRA_DIST += src/pk.c
|
||||
EXTRA_DIST += src/pk_rsa.c
|
||||
EXTRA_DIST += src/pk_ec.c
|
||||
EXTRA_DIST += src/ssl_api_cert.c
|
||||
EXTRA_DIST += src/ssl_api_crl_ocsp.c
|
||||
EXTRA_DIST += src/ssl_api_pk.c
|
||||
EXTRA_DIST += src/ssl_asn1.c
|
||||
EXTRA_DIST += src/ssl_bn.c
|
||||
EXTRA_DIST += src/ssl_certman.c
|
||||
EXTRA_DIST += src/ssl_crypto.c
|
||||
EXTRA_DIST += src/ssl_ech.c
|
||||
EXTRA_DIST += src/ssl_load.c
|
||||
EXTRA_DIST += src/ssl_misc.c
|
||||
EXTRA_DIST += src/ssl_p7p12.c
|
||||
|
||||
@@ -13848,6 +13848,34 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
}
|
||||
x509->authInfoSet = dCert->extAuthInfoSet;
|
||||
x509->authInfoCrit = dCert->extAuthInfoCrit;
|
||||
x509->authInfoListSz = dCert->extAuthInfoListSz;
|
||||
x509->authInfoListOverflow = dCert->extAuthInfoListOverflow;
|
||||
if (x509->authInfoListSz > WOLFSSL_MAX_AIA_ENTRIES) {
|
||||
x509->authInfoListSz = WOLFSSL_MAX_AIA_ENTRIES;
|
||||
x509->authInfoListOverflow = 1;
|
||||
}
|
||||
if (x509->authInfoListSz > 0) {
|
||||
int i;
|
||||
for (i = 0; i < x509->authInfoListSz; i++) {
|
||||
x509->authInfoList[i].method = dCert->extAuthInfoList[i].method;
|
||||
x509->authInfoList[i].uriSz = dCert->extAuthInfoList[i].uriSz;
|
||||
x509->authInfoList[i].uri = NULL;
|
||||
|
||||
if (dCert->extAuthInfoList[i].uri != NULL &&
|
||||
dCert->source != NULL && dCert->maxIdx > 0 &&
|
||||
x509->derCert != NULL && x509->derCert->buffer != NULL) {
|
||||
word32 offset = (word32)
|
||||
(dCert->extAuthInfoList[i].uri - dCert->source);
|
||||
if (offset < (word32)dCert->maxIdx) {
|
||||
x509->authInfoList[i].uri =
|
||||
x509->derCert->buffer + offset;
|
||||
}
|
||||
else {
|
||||
x509->authInfoList[i].uriSz = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) {
|
||||
x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
|
||||
+5558
File diff suppressed because it is too large
Load Diff
+3943
File diff suppressed because it is too large
Load Diff
+1740
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,634 @@
|
||||
/* ssl_api_crl_ocsp.c
|
||||
*
|
||||
* Copyright (C) 2006-2025 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#if !defined(WOLFSSL_SSL_API_CRL_OCSP_INCLUDED)
|
||||
#ifndef WOLFSSL_IGNORE_FILE_WARN
|
||||
#warning ssl_api_crl_ocsp.c is not compiled separately from ssl.c
|
||||
#endif
|
||||
#else
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
|
||||
int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
long sz, int type)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer");
|
||||
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type);
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff,
|
||||
long sz, int type)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer");
|
||||
|
||||
if (ssl == NULL || ssl->ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type);
|
||||
}
|
||||
|
||||
int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_EnableCRL");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_DisableCRL(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_DisableCRL");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl));
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_LoadCRL");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_LoadCRLFile");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif
|
||||
|
||||
int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CRL_IO
|
||||
int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif
|
||||
|
||||
int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerEnableCRL(ctx->cm, options);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerDisableCRL(ctx->cm);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path,
|
||||
int type, int monitor)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_LoadCRLFile(WOLFSSL_CTX* ctx, const char* file,
|
||||
int type)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerLoadCRLFile(ctx->cm, file, type);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CRL_IO
|
||||
int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_CRL */
|
||||
|
||||
|
||||
#ifdef HAVE_OCSP
|
||||
int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_EnableOCSP");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_DisableOCSP(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_DisableOCSP");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl));
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl));
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl));
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
|
||||
CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
|
||||
if (ssl) {
|
||||
SSL_CM_WARNING(ssl);
|
||||
ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */
|
||||
return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl),
|
||||
ioCb, respFreeCb, NULL);
|
||||
}
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerEnableOCSP(ctx->cm, options);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerDisableOCSP(ctx->cm);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb,
|
||||
CbOCSPRespFree respFreeCb, void* ioCbCtx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb,
|
||||
respFreeCb, ioCbCtx);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
||||
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||
int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPMustStaple");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerEnableOCSPMustStaple(ctx->cm);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPMustStaple");
|
||||
if (ctx)
|
||||
return wolfSSL_CertManagerDisableOCSPMustStaple(ctx->cm);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || \
|
||||
* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
/* Not an OpenSSL API. */
|
||||
int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response)
|
||||
{
|
||||
*response = ssl->ocspCsrResp[0].buffer;
|
||||
return ssl->ocspCsrResp[0].length;
|
||||
}
|
||||
|
||||
/* Not an OpenSSL API. */
|
||||
char* wolfSSL_get_ocsp_url(WOLFSSL* ssl)
|
||||
{
|
||||
return ssl->url;
|
||||
}
|
||||
|
||||
/* Not an OpenSSL API. */
|
||||
int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
ssl->url = url;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
#if !defined(NO_ASN_TIME)
|
||||
int wolfSSL_get_ocsp_producedDate(
|
||||
WOLFSSL *ssl,
|
||||
byte *producedDate,
|
||||
size_t producedDate_space,
|
||||
int *producedDateFormat)
|
||||
{
|
||||
if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) &&
|
||||
(ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((producedDate == NULL) || (producedDateFormat == NULL))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space)
|
||||
return BUFFER_E;
|
||||
|
||||
XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate,
|
||||
producedDate_space);
|
||||
*producedDateFormat = ssl->ocspProducedDateFormat;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) {
|
||||
int idx = 0;
|
||||
|
||||
if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) &&
|
||||
(ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (produced_tm == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (ExtractDate(ssl->ocspProducedDate,
|
||||
(unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx,
|
||||
MAX_DATE_SZ))
|
||||
return 0;
|
||||
else
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
#endif /* !NO_ASN_TIME */
|
||||
#endif /* HAVE_OCSP */
|
||||
|
||||
#if !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
|
||||
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
|
||||
|
||||
int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_UseOCSPStapling");
|
||||
|
||||
if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
|
||||
options, NULL, ssl->heap, ssl->devId);
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type,
|
||||
byte options)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_UseOCSPStapling");
|
||||
|
||||
if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type,
|
||||
options, NULL, ctx->heap, ctx->devId);
|
||||
}
|
||||
|
||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
|
||||
|
||||
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
|
||||
|
||||
int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options)
|
||||
{
|
||||
if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type,
|
||||
options, ssl->heap, ssl->devId);
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, byte status_type,
|
||||
byte options)
|
||||
{
|
||||
if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type,
|
||||
options, ctx->heap, ctx->devId);
|
||||
}
|
||||
|
||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
|
||||
#endif /* !NO_TLS && !NO_WOLFSSL_CLIENT */
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
|
||||
long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type");
|
||||
|
||||
if (s == NULL){
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){
|
||||
int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0,
|
||||
s, s->heap, s->devId);
|
||||
return (long)r;
|
||||
} else {
|
||||
WOLFSSL_MSG(
|
||||
"SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type.");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
long wolfSSL_get_tlsext_status_type(WOLFSSL *s)
|
||||
{
|
||||
TLSX* extension;
|
||||
|
||||
if (s == NULL)
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST);
|
||||
return (extension != NULL) ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp :
|
||||
WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
|
||||
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||
int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb)
|
||||
{
|
||||
if (ctx == NULL || ctx->cm == NULL || cb == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
||||
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
|
||||
if (ctx->cm->ocsp_stapling == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
*cb = ctx->cm->ocsp_stapling->statusCb;
|
||||
#else
|
||||
(void)cb;
|
||||
*cb = NULL;
|
||||
#endif
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb)
|
||||
{
|
||||
if (ctx == NULL || ctx->cm == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
||||
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
|
||||
/* Ensure stapling is on for callback to be used. */
|
||||
wolfSSL_CTX_EnableOCSPStapling(ctx);
|
||||
|
||||
if (ctx->cm->ocsp_stapling == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
ctx->cm->ocsp_stapling->statusCb = cb;
|
||||
#else
|
||||
(void)cb;
|
||||
#endif
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg)
|
||||
{
|
||||
if (ctx == NULL || ctx->cm == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
||||
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
|
||||
/* Ensure stapling is on for callback to be used. */
|
||||
wolfSSL_CTX_EnableOCSPStapling(ctx);
|
||||
|
||||
if (ctx->cm->ocsp_stapling == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
ctx->cm->ocsp_stapling->statusCbArg = arg;
|
||||
#else
|
||||
(void)arg;
|
||||
#endif
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char **resp)
|
||||
{
|
||||
if (ssl == NULL || resp == NULL)
|
||||
return 0;
|
||||
|
||||
*resp = ssl->ocspCsrResp[0].buffer;
|
||||
return (long)ssl->ocspCsrResp[0].length;
|
||||
}
|
||||
|
||||
long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char *resp,
|
||||
int len)
|
||||
{
|
||||
return wolfSSL_set_tlsext_status_ocsp_resp_multi(ssl, resp, len, 0);
|
||||
}
|
||||
|
||||
int wolfSSL_set_tlsext_status_ocsp_resp_multi(WOLFSSL* ssl, unsigned char *resp,
|
||||
int len, word32 idx)
|
||||
{
|
||||
if (ssl == NULL || idx >= XELEM_CNT(ssl->ocspCsrResp) || len < 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
if (!((resp == NULL) ^ (len > 0)))
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
XFREE(ssl->ocspCsrResp[idx].buffer, NULL, 0);
|
||||
ssl->ocspCsrResp[idx].buffer = resp;
|
||||
ssl->ocspCsrResp[idx].length = (word32)len;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
void wolfSSL_CTX_set_ocsp_status_verify_cb(WOLFSSL_CTX* ctx,
|
||||
ocspVerifyStatusCb cb, void* cbArg)
|
||||
{
|
||||
if (ctx != NULL) {
|
||||
ctx->ocspStatusVerifyCb = cb;
|
||||
ctx->ocspStatusVerifyCbArg = cbArg;
|
||||
}
|
||||
}
|
||||
#endif /* NO_WOLFSSL_SERVER */
|
||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST ||
|
||||
* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
#endif /* !WOLFSSL_SSL_API_CRL_OCSP_INCLUDED */
|
||||
|
||||
+1611
File diff suppressed because it is too large
Load Diff
+8
-4
@@ -3334,7 +3334,8 @@ const char* wolfSSL_ASN1_tag2str(int tag)
|
||||
const char* str = "(unknown)";
|
||||
|
||||
/* Clear negative flag. */
|
||||
if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
|
||||
if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) ||
|
||||
(tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
|
||||
tag &= ~WOLFSSL_V_ASN1_NEG;
|
||||
}
|
||||
/* Check for known basic types. */
|
||||
@@ -4194,7 +4195,8 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
|
||||
}
|
||||
|
||||
/* Get time as human readable string. */
|
||||
if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len, t->length)) {
|
||||
if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len,
|
||||
t->length)) {
|
||||
buf = NULL;
|
||||
}
|
||||
|
||||
@@ -4717,9 +4719,11 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
|
||||
|
||||
int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
|
||||
{
|
||||
if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL
|
||||
|| a->value.ptr != NULL))
|
||||
if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN ||
|
||||
a->type == WOLFSSL_V_ASN1_NULL ||
|
||||
a->value.ptr != NULL)) {
|
||||
return a->type;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
+818
-3
@@ -25,7 +25,7 @@
|
||||
|
||||
#if !defined(WOLFSSL_SSL_CERTMAN_INCLUDED)
|
||||
#ifndef WOLFSSL_IGNORE_FILE_WARN
|
||||
#warning ssl_certman.c does not need to be compiled separately from ssl.c
|
||||
#warning ssl_certman.c not to be compiled separately from ssl.c
|
||||
#endif
|
||||
#else
|
||||
|
||||
@@ -2142,8 +2142,8 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
|
||||
/* Initialize the OCSP object. */
|
||||
if (InitOCSP(cm->ocsp, cm) != 0) {
|
||||
WOLFSSL_MSG("Init OCSP failed");
|
||||
/* Dispose of OCSP object - indicating dynamically allocated.
|
||||
*/
|
||||
/* Dispose of OCSP object - indicating dynamically
|
||||
* allocated. */
|
||||
FreeOCSP(cm->ocsp, 1);
|
||||
cm->ocsp = NULL;
|
||||
ret = 0;
|
||||
@@ -2533,6 +2533,821 @@ int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm, CbOCSPIO ioCb,
|
||||
|
||||
#endif /* HAVE_OCSP */
|
||||
|
||||
/******************************************************************************
|
||||
* Internal APIs that use WOLFSSL_CERT_MANAGER
|
||||
******************************************************************************/
|
||||
|
||||
/* hash is the SHA digest of name, just use first 32 bits as hash */
|
||||
static WC_INLINE word32 HashSigner(const byte* hash)
|
||||
{
|
||||
return MakeWordFromHash(hash) % CA_TABLE_SIZE;
|
||||
}
|
||||
|
||||
|
||||
/* does CA already exist on signer list */
|
||||
int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
|
||||
{
|
||||
Signer* signers;
|
||||
int ret = 0;
|
||||
word32 row;
|
||||
|
||||
if (cm == NULL || hash == NULL) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
row = HashSigner(hash);
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0) {
|
||||
return ret;
|
||||
}
|
||||
signers = cm->caTable[row];
|
||||
while (signers) {
|
||||
byte* subjectHash;
|
||||
|
||||
#ifndef NO_SKID
|
||||
subjectHash = signers->subjectKeyIdHash;
|
||||
#else
|
||||
subjectHash = signers->subjectNameHash;
|
||||
#endif
|
||||
|
||||
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
|
||||
ret = 1; /* success */
|
||||
break;
|
||||
}
|
||||
signers = signers->next;
|
||||
}
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
/* hash is the SHA digest of name, just use first 32 bits as hash */
|
||||
static WC_INLINE word32 TrustedPeerHashSigner(const byte* hash)
|
||||
{
|
||||
return MakeWordFromHash(hash) % TP_TABLE_SIZE;
|
||||
}
|
||||
|
||||
/* does trusted peer already exist on signer list */
|
||||
int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert)
|
||||
{
|
||||
TrustedPeerCert* tp;
|
||||
int ret = 0;
|
||||
word32 row = TrustedPeerHashSigner(cert->subjectHash);
|
||||
|
||||
if (wc_LockMutex(&cm->tpLock) != 0)
|
||||
return ret;
|
||||
tp = cm->tpTable[row];
|
||||
while (tp) {
|
||||
if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
|
||||
SIGNER_DIGEST_SIZE) == 0)
|
||||
#ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
|
||||
&& (XMEMCMP(cert->issuerHash, tp->issuerHash,
|
||||
SIGNER_DIGEST_SIZE) == 0)
|
||||
#endif
|
||||
)
|
||||
ret = 1;
|
||||
#ifndef NO_SKID
|
||||
if (cert->extSubjKeyIdSet) {
|
||||
/* Compare SKID as well if available */
|
||||
if (ret == 1 && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash,
|
||||
SIGNER_DIGEST_SIZE) != 0)
|
||||
ret = 0;
|
||||
}
|
||||
#endif
|
||||
if (ret == 1)
|
||||
break;
|
||||
tp = tp->next;
|
||||
}
|
||||
wc_UnLockMutex(&cm->tpLock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* return Trusted Peer if found, otherwise NULL
|
||||
type is what to match on
|
||||
*/
|
||||
TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert)
|
||||
{
|
||||
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
|
||||
TrustedPeerCert* ret = NULL;
|
||||
TrustedPeerCert* tp = NULL;
|
||||
word32 row;
|
||||
|
||||
if (cm == NULL || cert == NULL)
|
||||
return NULL;
|
||||
|
||||
row = TrustedPeerHashSigner(cert->subjectHash);
|
||||
|
||||
if (wc_LockMutex(&cm->tpLock) != 0)
|
||||
return ret;
|
||||
|
||||
tp = cm->tpTable[row];
|
||||
while (tp) {
|
||||
if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
|
||||
SIGNER_DIGEST_SIZE) == 0)
|
||||
#ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
|
||||
&& (XMEMCMP(cert->issuerHash, tp->issuerHash,
|
||||
SIGNER_DIGEST_SIZE) == 0)
|
||||
#endif
|
||||
)
|
||||
ret = tp;
|
||||
#ifndef NO_SKID
|
||||
if (cert->extSubjKeyIdSet) {
|
||||
/* Compare SKID as well if available */
|
||||
if (ret != NULL && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash,
|
||||
SIGNER_DIGEST_SIZE) != 0)
|
||||
ret = NULL;
|
||||
}
|
||||
#endif
|
||||
if (ret != NULL)
|
||||
break;
|
||||
tp = tp->next;
|
||||
}
|
||||
wc_UnLockMutex(&cm->tpLock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert)
|
||||
{
|
||||
if (tp == NULL || cert == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* subject key id or subject hash has been compared when searching
|
||||
tpTable for the cert from function GetTrustedPeer */
|
||||
|
||||
/* compare signatures */
|
||||
if (tp->sigLen == cert->sigLength) {
|
||||
if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
}
|
||||
else {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
||||
|
||||
/* return CA if found, otherwise NULL */
|
||||
Signer* GetCA(void* vp, byte* hash)
|
||||
{
|
||||
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
|
||||
Signer* ret = NULL;
|
||||
Signer* signers;
|
||||
word32 row = 0;
|
||||
|
||||
if (cm == NULL || hash == NULL)
|
||||
return NULL;
|
||||
|
||||
row = HashSigner(hash);
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0)
|
||||
return ret;
|
||||
|
||||
signers = cm->caTable[row];
|
||||
while (signers) {
|
||||
byte* subjectHash;
|
||||
#ifndef NO_SKID
|
||||
subjectHash = signers->subjectKeyIdHash;
|
||||
#else
|
||||
subjectHash = signers->subjectNameHash;
|
||||
#endif
|
||||
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
|
||||
ret = signers;
|
||||
break;
|
||||
}
|
||||
signers = signers->next;
|
||||
}
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(HAVE_OCSP)
|
||||
Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
|
||||
{
|
||||
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
|
||||
Signer* ret = NULL;
|
||||
Signer* signers;
|
||||
int row;
|
||||
|
||||
if (cm == NULL || keyHash == NULL)
|
||||
return NULL;
|
||||
|
||||
/* try lookup using keyHash as subjKeyID first */
|
||||
ret = GetCA(vp, (byte*)keyHash);
|
||||
if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* if we can't find the cert, we have to scan the full table */
|
||||
if (wc_LockMutex(&cm->caLock) != 0)
|
||||
return NULL;
|
||||
|
||||
/* Unfortunately we need to look through the entire table */
|
||||
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
|
||||
for (signers = cm->caTable[row]; signers != NULL;
|
||||
signers = signers->next) {
|
||||
if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
|
||||
ret = signers;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
|
||||
const byte* serial, word32 serialSz)
|
||||
{
|
||||
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
|
||||
Signer* ret = NULL;
|
||||
Signer* signers;
|
||||
byte nameHash[SIGNER_DIGEST_SIZE];
|
||||
byte serialHash[SIGNER_DIGEST_SIZE];
|
||||
word32 row;
|
||||
|
||||
if (cm == NULL || issuer == NULL || issuerSz == 0 ||
|
||||
serial == NULL || serialSz == 0)
|
||||
return NULL;
|
||||
|
||||
if (CalcHashId(issuer, issuerSz, nameHash) != 0 ||
|
||||
CalcHashId(serial, serialSz, serialHash) != 0)
|
||||
return NULL;
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0)
|
||||
return ret;
|
||||
|
||||
/* Unfortunately we need to look through the entire table */
|
||||
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
|
||||
for (signers = cm->caTable[row]; signers != NULL;
|
||||
signers = signers->next) {
|
||||
if (XMEMCMP(signers->issuerNameHash, nameHash, SIGNER_DIGEST_SIZE)
|
||||
== 0 && XMEMCMP(signers->serialHash, serialHash,
|
||||
SIGNER_DIGEST_SIZE) == 0) {
|
||||
ret = signers;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef NO_SKID
|
||||
/* return CA if found, otherwise NULL. Walk through hash table. */
|
||||
Signer* GetCAByName(void* vp, byte* hash)
|
||||
{
|
||||
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
|
||||
Signer* ret = NULL;
|
||||
Signer* signers;
|
||||
word32 row;
|
||||
|
||||
if (cm == NULL)
|
||||
return NULL;
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0)
|
||||
return ret;
|
||||
|
||||
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
|
||||
signers = cm->caTable[row];
|
||||
while (signers && ret == NULL) {
|
||||
if (XMEMCMP(hash, signers->subjectNameHash,
|
||||
SIGNER_DIGEST_SIZE) == 0) {
|
||||
ret = signers;
|
||||
}
|
||||
signers = signers->next;
|
||||
}
|
||||
}
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
/* add a trusted peer cert to linked list */
|
||||
int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
|
||||
{
|
||||
int ret = 0;
|
||||
int row = 0;
|
||||
TrustedPeerCert* peerCert;
|
||||
DecodedCert* cert;
|
||||
DerBuffer* der = *pDer;
|
||||
|
||||
WOLFSSL_MSG("Adding a Trusted Peer Cert");
|
||||
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
|
||||
DYNAMIC_TYPE_DCERT);
|
||||
if (cert == NULL) {
|
||||
FreeDer(&der);
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
InitDecodedCert(cert, der->buffer, der->length, cm->heap);
|
||||
if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
|
||||
FreeDecodedCert(cert);
|
||||
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
|
||||
FreeDer(&der);
|
||||
return ret;
|
||||
}
|
||||
WOLFSSL_MSG("\tParsed new trusted peer cert");
|
||||
|
||||
peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap,
|
||||
DYNAMIC_TYPE_CERT);
|
||||
if (peerCert == NULL) {
|
||||
FreeDecodedCert(cert);
|
||||
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
|
||||
FreeDer(&der);
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
|
||||
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
if (peerCert->permittedNames)
|
||||
FreeNameSubtrees(peerCert->permittedNames, cm->heap);
|
||||
if (peerCert->excludedNames)
|
||||
FreeNameSubtrees(peerCert->excludedNames, cm->heap);
|
||||
#endif
|
||||
|
||||
if (AlreadyTrustedPeer(cm, cert)) {
|
||||
WOLFSSL_MSG("\tAlready have this CA, not adding again");
|
||||
FreeTrustedPeer(peerCert, cm->heap);
|
||||
(void)ret;
|
||||
}
|
||||
else {
|
||||
/* add trusted peer signature */
|
||||
peerCert->sigLen = cert->sigLength;
|
||||
peerCert->sig = (byte *)XMALLOC(cert->sigLength, cm->heap,
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (peerCert->sig == NULL) {
|
||||
FreeDecodedCert(cert);
|
||||
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
|
||||
FreeTrustedPeer(peerCert, cm->heap);
|
||||
FreeDer(&der);
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMCPY(peerCert->sig, cert->signature, cert->sigLength);
|
||||
|
||||
/* add trusted peer name */
|
||||
peerCert->nameLen = cert->subjectCNLen;
|
||||
peerCert->name = cert->subjectCN;
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
peerCert->permittedNames = cert->permittedNames;
|
||||
peerCert->excludedNames = cert->excludedNames;
|
||||
#endif
|
||||
|
||||
/* add SKID when available and hash of name */
|
||||
#ifndef NO_SKID
|
||||
XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId,
|
||||
SIGNER_DIGEST_SIZE);
|
||||
#endif
|
||||
XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
|
||||
SIGNER_DIGEST_SIZE);
|
||||
#ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
|
||||
XMEMCPY(peerCert->issuerHash, cert->issuerHash,
|
||||
SIGNER_DIGEST_SIZE);
|
||||
#endif
|
||||
/* If Key Usage not set, all uses valid. */
|
||||
peerCert->next = NULL;
|
||||
cert->subjectCN = 0;
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
cert->permittedNames = NULL;
|
||||
cert->excludedNames = NULL;
|
||||
#endif
|
||||
|
||||
row = (int)TrustedPeerHashSigner(peerCert->subjectNameHash);
|
||||
|
||||
if (wc_LockMutex(&cm->tpLock) == 0) {
|
||||
peerCert->next = cm->tpTable[row];
|
||||
cm->tpTable[row] = peerCert; /* takes ownership */
|
||||
wc_UnLockMutex(&cm->tpLock);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed");
|
||||
FreeDecodedCert(cert);
|
||||
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
|
||||
FreeTrustedPeer(peerCert, cm->heap);
|
||||
FreeDer(&der);
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("\tFreeing parsed trusted peer cert");
|
||||
FreeDecodedCert(cert);
|
||||
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
|
||||
WOLFSSL_MSG("\tFreeing der trusted peer cert");
|
||||
FreeDer(&der);
|
||||
WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert");
|
||||
WOLFSSL_LEAVE("AddTrustedPeer", ret);
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
||||
|
||||
int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s)
|
||||
{
|
||||
byte* subjectHash;
|
||||
Signer* signers;
|
||||
word32 row;
|
||||
|
||||
if (cm == NULL || s == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifndef NO_SKID
|
||||
subjectHash = s->subjectKeyIdHash;
|
||||
#else
|
||||
subjectHash = s->subjectNameHash;
|
||||
#endif
|
||||
|
||||
if (AlreadySigner(cm, subjectHash)) {
|
||||
FreeSigner(s, cm->heap);
|
||||
return 0;
|
||||
}
|
||||
|
||||
row = HashSigner(subjectHash);
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0)
|
||||
return BAD_MUTEX_E;
|
||||
|
||||
signers = cm->caTable[row];
|
||||
s->next = signers;
|
||||
cm->caTable[row] = s;
|
||||
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* owns der, internal now uses too */
|
||||
/* type flag ids from user or from chain received during verify
|
||||
don't allow chain ones to be added w/o isCA extension */
|
||||
int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
{
|
||||
int ret;
|
||||
Signer* signer = NULL;
|
||||
word32 row;
|
||||
byte* subjectHash;
|
||||
WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
|
||||
DerBuffer* der = *pDer;
|
||||
|
||||
WOLFSSL_MSG_CERT_LOG("Adding a CA");
|
||||
|
||||
if (cm == NULL) {
|
||||
FreeDer(pDer);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
|
||||
if (cert == NULL) {
|
||||
FreeDer(pDer);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
InitDecodedCert(cert, der->buffer, der->length, cm->heap);
|
||||
|
||||
#ifdef WC_ASN_UNKNOWN_EXT_CB
|
||||
if (cm->unknownExtCallback != NULL) {
|
||||
wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
|
||||
}
|
||||
#endif
|
||||
|
||||
WOLFSSL_MSG_CERT("\tParsing new CA");
|
||||
ret = ParseCert(cert, CA_TYPE, verify, cm);
|
||||
|
||||
WOLFSSL_MSG("\tParsed new CA");
|
||||
#ifdef WOLFSSL_DEBUG_CERTS
|
||||
{
|
||||
const char* err_msg;
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer: '%s'",
|
||||
cert->issuer);
|
||||
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'",
|
||||
cert->subject);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG_CERT(
|
||||
WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA");
|
||||
err_msg = wc_GetErrorString(ret);
|
||||
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s",
|
||||
ret, err_msg);
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_DEBUG_CERTS */
|
||||
|
||||
#ifndef NO_SKID
|
||||
subjectHash = cert->extSubjKeyId;
|
||||
#else
|
||||
subjectHash = cert->subjectHash;
|
||||
#endif
|
||||
|
||||
/* check CA key size */
|
||||
if (verify && (ret == 0 )) {
|
||||
switch (cert->keyOID) {
|
||||
#ifndef NO_RSA
|
||||
#ifdef WC_RSA_PSS
|
||||
case RSAPSSk:
|
||||
#endif
|
||||
case RSAk:
|
||||
if (cm->minRsaKeySz < 0 ||
|
||||
cert->pubKeySize < (word16)cm->minRsaKeySz) {
|
||||
ret = RSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error");
|
||||
WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; "
|
||||
"minRsaKeySz = %d",
|
||||
cert->pubKeySize, cm->minRsaKeySz);
|
||||
}
|
||||
break;
|
||||
#endif /* !NO_RSA */
|
||||
#ifdef HAVE_ECC
|
||||
case ECDSAk:
|
||||
if (cm->minEccKeySz < 0 ||
|
||||
cert->pubKeySize < (word16)cm->minEccKeySz) {
|
||||
ret = ECC_KEY_SIZE_E;
|
||||
WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error");
|
||||
WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; "
|
||||
"minEccKeySz = %d",
|
||||
cert->pubKeySize, cm->minEccKeySz);
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_ECC */
|
||||
#ifdef HAVE_ED25519
|
||||
case ED25519k:
|
||||
if (cm->minEccKeySz < 0 ||
|
||||
ED25519_KEY_SIZE < (word16)cm->minEccKeySz) {
|
||||
ret = ECC_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ECC key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_ED25519 */
|
||||
#ifdef HAVE_ED448
|
||||
case ED448k:
|
||||
if (cm->minEccKeySz < 0 ||
|
||||
ED448_KEY_SIZE < (word16)cm->minEccKeySz) {
|
||||
ret = ECC_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ECC key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_ED448 */
|
||||
#if defined(HAVE_FALCON)
|
||||
case FALCON_LEVEL1k:
|
||||
if (cm->minFalconKeySz < 0 ||
|
||||
FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) {
|
||||
ret = FALCON_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Falcon level 1 key size error");
|
||||
}
|
||||
break;
|
||||
case FALCON_LEVEL5k:
|
||||
if (cm->minFalconKeySz < 0 ||
|
||||
FALCON_LEVEL5_KEY_SIZE < (word16)cm->minFalconKeySz) {
|
||||
ret = FALCON_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Falcon level 5 key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL3k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL5k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
case ML_DSA_LEVEL2k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL3k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL5k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("\tNo key size check done on CA");
|
||||
break; /* no size check if key type is not in switch */
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA &&
|
||||
type != WOLFSSL_TEMP_CA) {
|
||||
WOLFSSL_MSG("\tCan't add as CA if not actually one");
|
||||
ret = NOT_CA_ERROR;
|
||||
}
|
||||
#ifndef ALLOW_INVALID_CERTSIGN
|
||||
else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
|
||||
type != WOLFSSL_TEMP_CA && !cert->selfSigned &&
|
||||
(cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
|
||||
/* Intermediate CA certs are required to have the keyCertSign
|
||||
* extension set. User loaded root certs are not. */
|
||||
WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
|
||||
ret = NOT_CA_ERROR;
|
||||
}
|
||||
#endif
|
||||
else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
|
||||
WOLFSSL_MSG("\tAlready have this CA, not adding again");
|
||||
(void)ret;
|
||||
}
|
||||
else if (ret == 0) {
|
||||
/* take over signer parts */
|
||||
signer = MakeSigner(cm->heap);
|
||||
if (!signer)
|
||||
ret = MEMORY_ERROR;
|
||||
}
|
||||
if (ret == 0 && signer != NULL) {
|
||||
ret = FillSigner(signer, cert, type, der);
|
||||
|
||||
if (ret == 0){
|
||||
#ifndef NO_SKID
|
||||
row = HashSigner(signer->subjectKeyIdHash);
|
||||
#else
|
||||
row = HashSigner(signer->subjectNameHash);
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
|
||||
/* Verify CA by TSIP so that generated tsip key is going to */
|
||||
/* be able to be used for peer's cert verification */
|
||||
/* TSIP is only able to handle USER CA, and only one CA. */
|
||||
/* Therefore, it doesn't need to call TSIP again if there is already */
|
||||
/* verified CA. */
|
||||
if ( ret == 0 && signer != NULL ) {
|
||||
signer->cm_idx = row;
|
||||
if (type == WOLFSSL_USER_CA) {
|
||||
if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
|
||||
cert->maxIdx,
|
||||
cert->sigCtx.CertAtt.pubkey_n_start,
|
||||
cert->sigCtx.CertAtt.pubkey_n_len - 1,
|
||||
cert->sigCtx.CertAtt.pubkey_e_start,
|
||||
cert->sigCtx.CertAtt.pubkey_e_len - 1,
|
||||
row/* cm index */))
|
||||
< 0)
|
||||
WOLFSSL_MSG("Renesas_RootCertVerify() failed");
|
||||
else
|
||||
WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
|
||||
}
|
||||
}
|
||||
#endif /* TSIP or SCE */
|
||||
|
||||
if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
|
||||
signer->next = cm->caTable[row];
|
||||
cm->caTable[row] = signer; /* takes ownership */
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
if (cm->caCacheCallback)
|
||||
cm->caCacheCallback(der->buffer, (int)der->length, type);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("\tCA Mutex Lock failed");
|
||||
ret = BAD_MUTEX_E;
|
||||
}
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("\tFreeing Parsed CA");
|
||||
FreeDecodedCert(cert);
|
||||
if (ret != 0 && signer != NULL)
|
||||
FreeSigner(signer, cm->heap);
|
||||
WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT);
|
||||
WOLFSSL_MSG("\tFreeing der CA");
|
||||
FreeDer(pDer);
|
||||
WOLFSSL_MSG("\t\tOK Freeing der CA");
|
||||
|
||||
WOLFSSL_LEAVE("AddCA", ret);
|
||||
|
||||
return ret == 0 ? WOLFSSL_SUCCESS : ret;
|
||||
}
|
||||
|
||||
/* Removes the CA with the passed in subject hash from the
|
||||
cert manager's CA cert store. */
|
||||
int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
|
||||
{
|
||||
Signer* current;
|
||||
Signer** prev;
|
||||
int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
|
||||
word32 row;
|
||||
|
||||
WOLFSSL_MSG("Removing a CA");
|
||||
|
||||
if (cm == NULL || hash == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
row = HashSigner(hash);
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0) {
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
current = cm->caTable[row];
|
||||
prev = &cm->caTable[row];
|
||||
while (current) {
|
||||
byte* subjectHash;
|
||||
|
||||
#ifndef NO_SKID
|
||||
subjectHash = current->subjectKeyIdHash;
|
||||
#else
|
||||
subjectHash = current->subjectNameHash;
|
||||
#endif
|
||||
|
||||
if ((current->type == type) &&
|
||||
(XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0)) {
|
||||
*prev = current->next;
|
||||
FreeSigner(current, cm->heap);
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
break;
|
||||
}
|
||||
prev = ¤t->next;
|
||||
current = current->next;
|
||||
}
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
|
||||
WOLFSSL_LEAVE("RemoveCA", ret);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Sets the CA with the passed in subject hash
|
||||
to the provided type. */
|
||||
int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
|
||||
{
|
||||
Signer* current;
|
||||
int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
|
||||
word32 row;
|
||||
|
||||
WOLFSSL_MSG_EX("Setting CA to type %d", type);
|
||||
|
||||
if (cm == NULL || hash == NULL ||
|
||||
type < WOLFSSL_USER_CA || type > WOLFSSL_USER_INTER) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
row = HashSigner(hash);
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0) {
|
||||
return ret;
|
||||
}
|
||||
current = cm->caTable[row];
|
||||
while (current) {
|
||||
byte* subjectHash;
|
||||
|
||||
#ifndef NO_SKID
|
||||
subjectHash = current->subjectKeyIdHash;
|
||||
#else
|
||||
subjectHash = current->subjectNameHash;
|
||||
#endif
|
||||
|
||||
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
|
||||
current->type = (byte)type;
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
break;
|
||||
}
|
||||
current = current->next;
|
||||
}
|
||||
wc_UnLockMutex(&cm->caLock);
|
||||
|
||||
WOLFSSL_LEAVE("SetCAType", ret);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* NO_CERTS */
|
||||
|
||||
#endif /* !WOLFSSL_SSL_CERTMAN_INCLUDED */
|
||||
|
||||
+8
-5
@@ -3071,8 +3071,8 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
|
||||
WOLFSSL_MSG("Null argument passed in");
|
||||
}
|
||||
else
|
||||
#if !defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0)))
|
||||
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
|
||||
(defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0)))
|
||||
/* Decrypt a block with wolfCrypt AES. */
|
||||
if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) {
|
||||
WOLFSSL_MSG("wc_AesDecryptDirect failed");
|
||||
@@ -3203,7 +3203,8 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
|
||||
* AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
|
||||
*/
|
||||
void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
|
||||
size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, const int enc)
|
||||
size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num,
|
||||
const int enc)
|
||||
{
|
||||
#ifndef WOLFSSL_AES_CFB
|
||||
WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB");
|
||||
@@ -3435,13 +3436,15 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
|
||||
* Use 0 buffer as IV to do straight decryption.
|
||||
* This places the Cn-1 block at lastBlk */
|
||||
XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ);
|
||||
(*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPTION);
|
||||
(*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk,
|
||||
AES_DECRYPTION);
|
||||
/* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn
|
||||
* to create En. */
|
||||
XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
|
||||
/* Cn and Cn-1 can now be decrypted */
|
||||
(*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
|
||||
(*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
|
||||
(*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv,
|
||||
AES_DECRYPTION);
|
||||
XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen);
|
||||
}
|
||||
|
||||
|
||||
+738
@@ -0,0 +1,738 @@
|
||||
/* ssl_ech.c
|
||||
*
|
||||
* Copyright (C) 2006-2025 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#if !defined(WOLFSSL_SSL_ECH_INCLUDED)
|
||||
#ifndef WOLFSSL_IGNORE_FILE_WARN
|
||||
#warning ssl_ech.c does not need to be compiled separately from ssl.c
|
||||
#endif
|
||||
#else
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
||||
|
||||
/* create the hpke key and ech config to send to clients */
|
||||
int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
|
||||
word16 kemId, word16 kdfId, word16 aeadId)
|
||||
{
|
||||
int ret = 0;
|
||||
word16 encLen = DHKEM_X25519_ENC_LEN;
|
||||
WOLFSSL_EchConfig* newConfig;
|
||||
WOLFSSL_EchConfig* parentConfig;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
Hpke* hpke = NULL;
|
||||
WC_RNG* rng;
|
||||
#else
|
||||
Hpke hpke[1];
|
||||
WC_RNG rng[1];
|
||||
#endif
|
||||
|
||||
if (ctx == NULL || publicName == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
WC_ALLOC_VAR_EX(rng, WC_RNG, 1, ctx->heap, DYNAMIC_TYPE_RNG,
|
||||
return MEMORY_E);
|
||||
ret = wc_InitRng(rng);
|
||||
if (ret != 0) {
|
||||
WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG);
|
||||
return ret;
|
||||
}
|
||||
|
||||
newConfig = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
|
||||
ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (newConfig == NULL)
|
||||
ret = MEMORY_E;
|
||||
else
|
||||
XMEMSET(newConfig, 0, sizeof(WOLFSSL_EchConfig));
|
||||
|
||||
/* set random config id */
|
||||
if (ret == 0)
|
||||
ret = wc_RNG_GenerateByte(rng, &newConfig->configId);
|
||||
|
||||
/* if 0 is selected for algorithms use default, may change with draft */
|
||||
if (kemId == 0)
|
||||
kemId = DHKEM_X25519_HKDF_SHA256;
|
||||
|
||||
if (kdfId == 0)
|
||||
kdfId = HKDF_SHA256;
|
||||
|
||||
if (aeadId == 0)
|
||||
aeadId = HPKE_AES_128_GCM;
|
||||
|
||||
if (ret == 0) {
|
||||
/* set the kem id */
|
||||
newConfig->kemId = kemId;
|
||||
|
||||
/* set the cipher suite, only 1 for now */
|
||||
newConfig->numCipherSuites = 1;
|
||||
newConfig->cipherSuites =
|
||||
(EchCipherSuite*)XMALLOC(sizeof(EchCipherSuite), ctx->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (newConfig->cipherSuites == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
newConfig->cipherSuites[0].kdfId = kdfId;
|
||||
newConfig->cipherSuites[0].aeadId = aeadId;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (ret == 0) {
|
||||
hpke = (Hpke*)XMALLOC(sizeof(Hpke), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (hpke == NULL)
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0)
|
||||
ret = wc_HpkeInit(hpke, kemId, kdfId, aeadId, ctx->heap);
|
||||
|
||||
/* generate the receiver private key */
|
||||
if (ret == 0)
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, &newConfig->receiverPrivkey, rng);
|
||||
|
||||
/* done with RNG */
|
||||
wc_FreeRng(rng);
|
||||
|
||||
/* serialize the receiver key */
|
||||
if (ret == 0)
|
||||
ret = wc_HpkeSerializePublicKey(hpke, newConfig->receiverPrivkey,
|
||||
newConfig->receiverPubkey, &encLen);
|
||||
|
||||
if (ret == 0) {
|
||||
newConfig->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1,
|
||||
ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (newConfig->publicName == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(newConfig->publicName, publicName,
|
||||
XSTRLEN(publicName) + 1);
|
||||
}
|
||||
}
|
||||
|
||||
if (ret != 0) {
|
||||
if (newConfig) {
|
||||
XFREE(newConfig->cipherSuites, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(newConfig->publicName, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(newConfig, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
}
|
||||
else {
|
||||
parentConfig = ctx->echConfigs;
|
||||
|
||||
if (parentConfig == NULL) {
|
||||
ctx->echConfigs = newConfig;
|
||||
}
|
||||
else {
|
||||
while (parentConfig->next != NULL) {
|
||||
parentConfig = parentConfig->next;
|
||||
}
|
||||
|
||||
parentConfig->next = newConfig;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0)
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
|
||||
WC_FREE_VAR_EX(hpke, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx, const char* echConfigs64,
|
||||
word32 echConfigs64Len)
|
||||
{
|
||||
int ret = 0;
|
||||
word32 decodedLen = echConfigs64Len * 3 / 4 + 1;
|
||||
byte* decodedConfigs;
|
||||
|
||||
if (ctx == NULL || echConfigs64 == NULL || echConfigs64Len == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
decodedConfigs = (byte*)XMALLOC(decodedLen, ctx->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (decodedConfigs == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
decodedConfigs[decodedLen - 1] = 0;
|
||||
|
||||
/* decode the echConfigs */
|
||||
ret = Base64_Decode((const byte*)echConfigs64, echConfigs64Len,
|
||||
decodedConfigs, &decodedLen);
|
||||
|
||||
if (ret != 0) {
|
||||
XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = wolfSSL_CTX_SetEchConfigs(ctx, decodedConfigs, decodedLen);
|
||||
|
||||
XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx, const byte* echConfigs,
|
||||
word32 echConfigsLen)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (ctx == NULL || echConfigs == NULL || echConfigsLen == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
FreeEchConfigs(ctx->echConfigs, ctx->heap);
|
||||
ctx->echConfigs = NULL;
|
||||
ret = SetEchConfigsEx(&ctx->echConfigs, ctx->heap, echConfigs,
|
||||
echConfigsLen);
|
||||
|
||||
if (ret == 0)
|
||||
return WOLFSSL_SUCCESS;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* get the ech configs that the server context is using */
|
||||
int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
|
||||
word32* outputLen) {
|
||||
if (ctx == NULL || outputLen == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* if we don't have ech configs */
|
||||
if (ctx->echConfigs == NULL)
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
return GetEchConfigsEx(ctx->echConfigs, output, outputLen);
|
||||
}
|
||||
|
||||
void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable)
|
||||
{
|
||||
if (ctx != NULL) {
|
||||
ctx->disableECH = !enable;
|
||||
if (ctx->disableECH) {
|
||||
TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap);
|
||||
FreeEchConfigs(ctx->echConfigs, ctx->heap);
|
||||
ctx->echConfigs = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* set the ech config from base64 for our client ssl object, base64 is the
|
||||
* format ech configs are sent using dns records */
|
||||
int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
|
||||
word32 echConfigs64Len)
|
||||
{
|
||||
int ret = 0;
|
||||
word32 decodedLen = echConfigs64Len * 3 / 4 + 1;
|
||||
byte* decodedConfigs;
|
||||
|
||||
if (ssl == NULL || echConfigs64 == NULL || echConfigs64Len == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* already have ech configs */
|
||||
if (ssl->options.useEch == 1) {
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
decodedConfigs = (byte*)XMALLOC(decodedLen, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (decodedConfigs == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
decodedConfigs[decodedLen - 1] = 0;
|
||||
|
||||
/* decode the echConfigs */
|
||||
ret = Base64_Decode((byte*)echConfigs64, echConfigs64Len,
|
||||
decodedConfigs, &decodedLen);
|
||||
|
||||
if (ret != 0) {
|
||||
XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = wolfSSL_SetEchConfigs(ssl, decodedConfigs, decodedLen);
|
||||
|
||||
XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* set the ech config from a raw buffer, this is the format ech configs are
|
||||
* sent using retry_configs from the ech server */
|
||||
int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
|
||||
word32 echConfigsLen)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (ssl == NULL || echConfigs == NULL || echConfigsLen == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* already have ech configs */
|
||||
if (ssl->options.useEch == 1) {
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
ret = SetEchConfigsEx(&ssl->echConfigs, ssl->heap, echConfigs,
|
||||
echConfigsLen);
|
||||
|
||||
/* if we found valid configs */
|
||||
if (ret == 0) {
|
||||
ssl->options.useEch = 1;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* get the raw ech config from our struct */
|
||||
int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
|
||||
{
|
||||
int i;
|
||||
word16 totalLen = 0;
|
||||
|
||||
if (config == NULL || (output == NULL && outputLen == NULL))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* 2 for version */
|
||||
totalLen += 2;
|
||||
/* 2 for length */
|
||||
totalLen += 2;
|
||||
/* 1 for configId */
|
||||
totalLen += 1;
|
||||
/* 2 for kemId */
|
||||
totalLen += 2;
|
||||
/* 2 for hpke_len */
|
||||
totalLen += 2;
|
||||
|
||||
/* hpke_pub_key */
|
||||
switch (config->kemId) {
|
||||
case DHKEM_P256_HKDF_SHA256:
|
||||
totalLen += DHKEM_P256_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_P384_HKDF_SHA384:
|
||||
totalLen += DHKEM_P384_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_P521_HKDF_SHA512:
|
||||
totalLen += DHKEM_P521_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_X25519_HKDF_SHA256:
|
||||
totalLen += DHKEM_X25519_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_X448_HKDF_SHA512:
|
||||
totalLen += DHKEM_X448_ENC_LEN;
|
||||
break;
|
||||
}
|
||||
|
||||
/* cipherSuitesLen */
|
||||
totalLen += 2;
|
||||
/* cipherSuites */
|
||||
totalLen += config->numCipherSuites * 4;
|
||||
/* public name len */
|
||||
totalLen += 2;
|
||||
|
||||
/* public name */
|
||||
totalLen += XSTRLEN(config->publicName);
|
||||
/* trailing zeros */
|
||||
totalLen += 2;
|
||||
|
||||
if (output == NULL) {
|
||||
*outputLen = totalLen;
|
||||
return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
|
||||
}
|
||||
|
||||
if (totalLen > *outputLen) {
|
||||
*outputLen = totalLen;
|
||||
return INPUT_SIZE_E;
|
||||
}
|
||||
|
||||
/* version */
|
||||
c16toa(TLSX_ECH, output);
|
||||
output += 2;
|
||||
|
||||
/* length - 4 for version and length itself */
|
||||
c16toa(totalLen - 4, output);
|
||||
output += 2;
|
||||
|
||||
/* configId */
|
||||
*output = config->configId;
|
||||
output++;
|
||||
/* kemId */
|
||||
c16toa(config->kemId, output);
|
||||
output += 2;
|
||||
|
||||
/* length and key itself */
|
||||
switch (config->kemId) {
|
||||
case DHKEM_P256_HKDF_SHA256:
|
||||
c16toa(DHKEM_P256_ENC_LEN, output);
|
||||
output += 2;
|
||||
XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN);
|
||||
output += DHKEM_P256_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_P384_HKDF_SHA384:
|
||||
c16toa(DHKEM_P384_ENC_LEN, output);
|
||||
output += 2;
|
||||
XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN);
|
||||
output += DHKEM_P384_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_P521_HKDF_SHA512:
|
||||
c16toa(DHKEM_P521_ENC_LEN, output);
|
||||
output += 2;
|
||||
XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN);
|
||||
output += DHKEM_P521_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_X25519_HKDF_SHA256:
|
||||
c16toa(DHKEM_X25519_ENC_LEN, output);
|
||||
output += 2;
|
||||
XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN);
|
||||
output += DHKEM_X25519_ENC_LEN;
|
||||
break;
|
||||
case DHKEM_X448_HKDF_SHA512:
|
||||
c16toa(DHKEM_X448_ENC_LEN, output);
|
||||
output += 2;
|
||||
XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN);
|
||||
output += DHKEM_X448_ENC_LEN;
|
||||
break;
|
||||
}
|
||||
|
||||
/* cipherSuites len */
|
||||
c16toa(config->numCipherSuites * 4, output);
|
||||
output += 2;
|
||||
|
||||
/* cipherSuites */
|
||||
for (i = 0; i < config->numCipherSuites; i++) {
|
||||
c16toa(config->cipherSuites[i].kdfId, output);
|
||||
output += 2;
|
||||
c16toa(config->cipherSuites[i].aeadId, output);
|
||||
output += 2;
|
||||
}
|
||||
|
||||
/* set maximum name length to 0 */
|
||||
*output = 0;
|
||||
output++;
|
||||
|
||||
/* publicName len */
|
||||
*output = XSTRLEN(config->publicName);
|
||||
output++;
|
||||
|
||||
/* publicName */
|
||||
XMEMCPY(output, config->publicName,
|
||||
XSTRLEN(config->publicName));
|
||||
output += XSTRLEN(config->publicName);
|
||||
|
||||
/* terminating zeros */
|
||||
c16toa(0, output);
|
||||
/* output += 2; */
|
||||
|
||||
*outputLen = totalLen;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* wrapper function to get ech configs from application code */
|
||||
int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen)
|
||||
{
|
||||
if (ssl == NULL || outputLen == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* if we don't have ech configs */
|
||||
if (ssl->options.useEch != 1) {
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
return GetEchConfigsEx(ssl->echConfigs, output, outputLen);
|
||||
}
|
||||
|
||||
void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable)
|
||||
{
|
||||
if (ssl != NULL) {
|
||||
ssl->options.disableECH = !enable;
|
||||
if (ssl->options.disableECH) {
|
||||
TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap);
|
||||
FreeEchConfigs(ssl->echConfigs, ssl->heap);
|
||||
ssl->echConfigs = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
|
||||
const byte* echConfigs, word32 echConfigsLen)
|
||||
{
|
||||
int ret = 0;
|
||||
int i;
|
||||
int j;
|
||||
word16 totalLength;
|
||||
word16 version;
|
||||
word16 length;
|
||||
word16 hpkePubkeyLen;
|
||||
word16 cipherSuitesLen;
|
||||
word16 publicNameLen;
|
||||
WOLFSSL_EchConfig* configList = NULL;
|
||||
WOLFSSL_EchConfig* workingConfig = NULL;
|
||||
WOLFSSL_EchConfig* lastConfig = NULL;
|
||||
byte* echConfig = NULL;
|
||||
|
||||
if (outputConfigs == NULL || echConfigs == NULL || echConfigsLen == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* check that the total length is well formed */
|
||||
ato16(echConfigs, &totalLength);
|
||||
|
||||
if (totalLength != echConfigsLen - 2) {
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
/* skip the total length uint16_t */
|
||||
i = 2;
|
||||
|
||||
do {
|
||||
echConfig = (byte*)echConfigs + i;
|
||||
ato16(echConfig, &version);
|
||||
ato16(echConfig + 2, &length);
|
||||
|
||||
/* if the version does not match */
|
||||
if (version != TLSX_ECH) {
|
||||
/* we hit the end of the configs */
|
||||
if ( (word32)i + 2 >= echConfigsLen ) {
|
||||
break;
|
||||
}
|
||||
|
||||
/* skip this config, +4 for version and length */
|
||||
i += length + 4;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* check if the length will overrun the buffer */
|
||||
if ((word32)i + length + 4 > echConfigsLen) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (workingConfig == NULL) {
|
||||
workingConfig =
|
||||
(WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
configList = workingConfig;
|
||||
if (workingConfig != NULL) {
|
||||
workingConfig->next = NULL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
lastConfig = workingConfig;
|
||||
workingConfig->next =
|
||||
(WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
|
||||
heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
workingConfig = workingConfig->next;
|
||||
}
|
||||
|
||||
if (workingConfig == NULL) {
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
|
||||
XMEMSET(workingConfig, 0, sizeof(WOLFSSL_EchConfig));
|
||||
|
||||
/* rawLen */
|
||||
workingConfig->rawLen = length + 4;
|
||||
|
||||
/* raw body */
|
||||
workingConfig->raw = (byte*)XMALLOC(workingConfig->rawLen,
|
||||
heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (workingConfig->raw == NULL) {
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
|
||||
XMEMCPY(workingConfig->raw, echConfig, workingConfig->rawLen);
|
||||
|
||||
/* skip over version and length */
|
||||
echConfig += 4;
|
||||
|
||||
/* configId, 1 byte */
|
||||
workingConfig->configId = *(echConfig);
|
||||
echConfig++;
|
||||
/* kemId, 2 bytes */
|
||||
ato16(echConfig, &workingConfig->kemId);
|
||||
echConfig += 2;
|
||||
/* hpke public_key length, 2 bytes */
|
||||
ato16(echConfig, &hpkePubkeyLen);
|
||||
echConfig += 2;
|
||||
/* hpke public_key */
|
||||
XMEMCPY(workingConfig->receiverPubkey, echConfig, hpkePubkeyLen);
|
||||
echConfig += hpkePubkeyLen;
|
||||
/* cipherSuitesLen */
|
||||
ato16(echConfig, &cipherSuitesLen);
|
||||
|
||||
workingConfig->cipherSuites = (EchCipherSuite*)XMALLOC(cipherSuitesLen,
|
||||
heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (workingConfig->cipherSuites == NULL) {
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
|
||||
echConfig += 2;
|
||||
workingConfig->numCipherSuites = cipherSuitesLen / 4;
|
||||
/* cipherSuites */
|
||||
for (j = 0; j < workingConfig->numCipherSuites; j++) {
|
||||
ato16(echConfig + j * 4, &workingConfig->cipherSuites[j].kdfId);
|
||||
ato16(echConfig + j * 4 + 2,
|
||||
&workingConfig->cipherSuites[j].aeadId);
|
||||
}
|
||||
echConfig += cipherSuitesLen;
|
||||
/* ignore the maximum name length */
|
||||
echConfig++;
|
||||
/* publicNameLen */
|
||||
publicNameLen = *(echConfig);
|
||||
workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1,
|
||||
heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (workingConfig->publicName == NULL) {
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
echConfig++;
|
||||
/* publicName */
|
||||
XMEMCPY(workingConfig->publicName, echConfig, publicNameLen);
|
||||
/* null terminated */
|
||||
workingConfig->publicName[publicNameLen] = 0;
|
||||
|
||||
/* add length to go to next config, +4 for version and length */
|
||||
i += length + 4;
|
||||
|
||||
/* check that we support this config */
|
||||
for (j = 0; j < HPKE_SUPPORTED_KEM_LEN; j++) {
|
||||
if (hpkeSupportedKem[j] == workingConfig->kemId)
|
||||
break;
|
||||
}
|
||||
|
||||
/* if we don't support the kem or at least one cipher suite */
|
||||
if (j >= HPKE_SUPPORTED_KEM_LEN ||
|
||||
EchConfigGetSupportedCipherSuite(workingConfig) < 0)
|
||||
{
|
||||
XFREE(workingConfig->cipherSuites, heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(workingConfig->publicName, heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(workingConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
workingConfig = lastConfig;
|
||||
}
|
||||
} while ((word32)i < echConfigsLen);
|
||||
|
||||
/* if we found valid configs */
|
||||
if (ret == 0 && configList != NULL) {
|
||||
*outputConfigs = configList;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
workingConfig = configList;
|
||||
|
||||
while (workingConfig != NULL) {
|
||||
lastConfig = workingConfig;
|
||||
workingConfig = workingConfig->next;
|
||||
|
||||
XFREE(lastConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lastConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lastConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
XFREE(lastConfig, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
|
||||
if (ret == 0)
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* get the raw ech configs from our linked list of ech config structs */
|
||||
int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
|
||||
{
|
||||
int ret = 0;
|
||||
WOLFSSL_EchConfig* workingConfig = NULL;
|
||||
byte* outputStart = output;
|
||||
word32 totalLen = 2;
|
||||
word32 workingOutputLen = 0;
|
||||
|
||||
if (configs == NULL || outputLen == NULL ||
|
||||
(output != NULL && *outputLen < totalLen)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
/* skip over total length which we fill in later */
|
||||
if (output != NULL) {
|
||||
workingOutputLen = *outputLen - totalLen;
|
||||
output += 2;
|
||||
}
|
||||
else {
|
||||
/* caller getting the size only, set current 2 byte length size */
|
||||
*outputLen = totalLen;
|
||||
}
|
||||
|
||||
workingConfig = configs;
|
||||
|
||||
while (workingConfig != NULL) {
|
||||
/* get this config */
|
||||
ret = GetEchConfig(workingConfig, output, &workingOutputLen);
|
||||
|
||||
if (output != NULL)
|
||||
output += workingOutputLen;
|
||||
|
||||
/* add this config's length to the total length */
|
||||
totalLen += workingOutputLen;
|
||||
|
||||
if (totalLen > *outputLen)
|
||||
workingOutputLen = 0;
|
||||
else
|
||||
workingOutputLen = *outputLen - totalLen;
|
||||
|
||||
/* only error we break on, other 2 we need to keep finding length */
|
||||
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
workingConfig = workingConfig->next;
|
||||
}
|
||||
|
||||
if (output == NULL) {
|
||||
*outputLen = totalLen;
|
||||
return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
|
||||
}
|
||||
|
||||
if (totalLen > *outputLen) {
|
||||
*outputLen = totalLen;
|
||||
return INPUT_SIZE_E;
|
||||
}
|
||||
|
||||
/* total size -2 for size itself */
|
||||
c16toa(totalLen - 2, outputStart);
|
||||
|
||||
*outputLen = totalLen;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_TLS13 && HAVE_ECH */
|
||||
|
||||
#endif /* !WOLFSSL_SSL_ECH_INCLUDED */
|
||||
|
||||
+49
-20
@@ -928,7 +928,8 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
if (ret == 0) {
|
||||
/* Decode as a Dilithium private key. */
|
||||
idx = 0;
|
||||
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length);
|
||||
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key,
|
||||
der->length);
|
||||
if (ret == 0) {
|
||||
ret = dilithium_get_oid_sum(key, &keyFormatTemp);
|
||||
if (ret == 0) {
|
||||
@@ -1079,11 +1080,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
#ifdef WC_RSA_PSS
|
||||
if((ret == 0) && (*keyFormat == RSAPSSk)) {
|
||||
/*
|
||||
Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK),
|
||||
and to detect that the der is RSAPSSk (when *keyFormat == 0).
|
||||
*/
|
||||
|
||||
/* Require logic to verify that the der is RSAPSSk
|
||||
* (when *keyFormat == RSAPSSK), and to detect that the der is RSAPSSk
|
||||
* (when *keyFormat == 0). */
|
||||
matchAnyKey = 1;
|
||||
}
|
||||
#endif /* WC_RSA_PSS */
|
||||
@@ -2138,7 +2137,8 @@ static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
* certificates so we can inject them at verification time */
|
||||
if (ret == 1 && ctx->doAppleNativeCertValidationFlag == 1) {
|
||||
WOLFSSL_MSG("ANCV Test: Appending CA to cert list");
|
||||
ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf, (int)derLen);
|
||||
ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf,
|
||||
(int)derLen);
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("ANCV Test: Clearing CA table");
|
||||
/* Clear the CA table so we can ensure they won't be used for
|
||||
@@ -2949,8 +2949,8 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
|
||||
NULL, verify);
|
||||
#else
|
||||
/* Load the DER formatted CA file */
|
||||
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, 0,
|
||||
NULL, verify);
|
||||
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL,
|
||||
0, NULL, verify);
|
||||
#endif
|
||||
#ifndef NO_WOLFSSL_DIR
|
||||
if (ret == 1) {
|
||||
@@ -3234,8 +3234,8 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
|
||||
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
|
||||
GET_VERIFY_SETTING_CTX(ctx));
|
||||
#else
|
||||
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1, NULL,
|
||||
GET_VERIFY_SETTING_CTX(ctx));
|
||||
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1,
|
||||
NULL, GET_VERIFY_SETTING_CTX(ctx));
|
||||
#endif
|
||||
|
||||
/* Return 1 on success or 0 on failure. */
|
||||
@@ -4157,6 +4157,8 @@ int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
|
||||
{
|
||||
int ret = 1;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Id");
|
||||
|
||||
/* Dispose of old private key and allocate and copy in id. */
|
||||
FreeDer(&ctx->privateKey);
|
||||
if (AllocCopyDer(&ctx->privateKey, id, (word32)sz, PRIVATEKEY_TYPE,
|
||||
@@ -4182,6 +4184,7 @@ int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
|
||||
#endif
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Id", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -4198,12 +4201,17 @@ int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
|
||||
int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
|
||||
long sz, int devId, long keySz)
|
||||
{
|
||||
int ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId);
|
||||
int ret;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_id");
|
||||
|
||||
ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId);
|
||||
if (ret == 1) {
|
||||
/* Set the key size which normally is calculated during decoding. */
|
||||
ctx->privateKeySz = (int)keySz;
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_id", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -4221,6 +4229,8 @@ int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
|
||||
int ret = 1;
|
||||
word32 sz = (word32)XSTRLEN(label) + 1;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Label");
|
||||
|
||||
/* Dispose of old private key and allocate and copy in label. */
|
||||
FreeDer(&ctx->privateKey);
|
||||
if (AllocCopyDer(&ctx->privateKey, (const byte*)label, (word32)sz,
|
||||
@@ -4246,6 +4256,7 @@ int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
|
||||
#endif
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Label", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -4255,6 +4266,8 @@ int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
|
||||
{
|
||||
int ret = 1;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Id");
|
||||
|
||||
if ((ctx == NULL) || (id == NULL)) {
|
||||
ret = 0;
|
||||
}
|
||||
@@ -4277,17 +4290,23 @@ int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
|
||||
}
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Id", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_use_AltPrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
|
||||
long sz, int devId, long keySz)
|
||||
{
|
||||
int ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
|
||||
int ret;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_id");
|
||||
|
||||
ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
|
||||
if (ret == 1) {
|
||||
ctx->altPrivateKeySz = (word32)keySz;
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_id", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -4297,6 +4316,8 @@ int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
|
||||
int ret = 1;
|
||||
word32 sz;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Label");
|
||||
|
||||
if ((ctx == NULL) || (label == NULL)) {
|
||||
ret = 0;
|
||||
}
|
||||
@@ -4320,6 +4341,7 @@ int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
|
||||
}
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Label", ret);
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
||||
@@ -4871,7 +4893,8 @@ static int wolfssl_ctx_add_to_chain(WOLFSSL_CTX* ctx, const byte* der,
|
||||
|
||||
if (res == 1) {
|
||||
/* Add chain to DER buffer. */
|
||||
res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz, ctx->heap);
|
||||
res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz,
|
||||
ctx->heap);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
/* Update count of certificates. */
|
||||
ctx->certChainCnt++;
|
||||
@@ -5417,7 +5440,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
|
||||
}
|
||||
#else
|
||||
/* OpenSSL's implementation of this API does not require loading the
|
||||
system CA cert directory. Allow skipping this without erroring out. */
|
||||
* system CA cert directory. Allow skipping this without erroring out.
|
||||
*/
|
||||
ret = 1;
|
||||
#endif
|
||||
}
|
||||
@@ -5538,8 +5562,10 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
|
||||
|
||||
if (ret == 1) {
|
||||
/* Allocate buffers for p and g to be assigned into SSL. */
|
||||
pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if ((pAlloc == NULL) || (gAlloc == NULL)) {
|
||||
/* Memory will be freed below in the (ret != 1) block */
|
||||
ret = MEMORY_E;
|
||||
@@ -5590,7 +5616,8 @@ static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g,
|
||||
/* Initialize a DH object. */
|
||||
if ((ret = wc_InitDhKey(checkKey)) == 0) {
|
||||
/* Check DH parameters. */
|
||||
ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, NULL, 0, 0, &rng);
|
||||
ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz,
|
||||
NULL, 0, 0, &rng);
|
||||
/* Dispose of DH object. */
|
||||
wc_FreeDhKey(checkKey);
|
||||
}
|
||||
@@ -5686,8 +5713,10 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
|
||||
|
||||
if (ret == 1) {
|
||||
/* Allocate buffers for p and g to be assigned into SSL context. */
|
||||
pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if ((pAlloc == NULL) || (gAlloc == NULL)) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
|
||||
+6
-4
@@ -1029,7 +1029,8 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
|
||||
|
||||
XMEMSET(pem, 0, pemSz);
|
||||
|
||||
if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL, CERT_TYPE) < 0) {
|
||||
if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL,CERT_TYPE)
|
||||
< 0) {
|
||||
goto error;
|
||||
}
|
||||
if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) {
|
||||
@@ -1368,8 +1369,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
|
||||
WOLFSSL_MSG("Error base64 decoding S/MIME message.");
|
||||
goto error;
|
||||
}
|
||||
pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, (int)outLen,
|
||||
bcontMem, (word32)bcontMemSz);
|
||||
pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out,
|
||||
(int)outLen, bcontMem, (word32)bcontMemSz);
|
||||
|
||||
wc_MIME_free_hdrs(allHdrs);
|
||||
XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7);
|
||||
@@ -1912,7 +1913,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
DYNAMIC_TYPE_X509);
|
||||
InitX509(x509, 1, heap);
|
||||
InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL)
|
||||
!= 0) {
|
||||
WOLFSSL_MSG("Issue with parsing certificate");
|
||||
FreeDecodedCert(DeCert);
|
||||
wolfSSL_X509_free(x509);
|
||||
|
||||
+18
-12
@@ -968,7 +968,8 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
|
||||
}
|
||||
|
||||
/* start from most recently used */
|
||||
count = (int)min((word32)ClientCache[row].totalCount, CLIENT_SESSIONS_PER_ROW);
|
||||
count = (int)min((word32)ClientCache[row].totalCount,
|
||||
CLIENT_SESSIONS_PER_ROW);
|
||||
idx = ClientCache[row].nextIdx - 1;
|
||||
if (idx < 0 || idx >= CLIENT_SESSIONS_PER_ROW) {
|
||||
/* if back to front, the previous was end */
|
||||
@@ -997,7 +998,8 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
|
||||
#else
|
||||
current = &sessRow->Sessions[clSess[idx].serverIdx];
|
||||
#endif
|
||||
if (current && XMEMCMP(current->serverID, id, (unsigned long)len) == 0) {
|
||||
if (current && XMEMCMP(current->serverID, id,
|
||||
(unsigned long)len) == 0) {
|
||||
WOLFSSL_MSG("Found a serverid match for client");
|
||||
if (LowResTimer() < (current->bornOn + current->timeout)) {
|
||||
WOLFSSL_MSG("Session valid");
|
||||
@@ -1265,8 +1267,8 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
|
||||
#endif
|
||||
if (output->ticketLenAlloc)
|
||||
XFREE(output->ticket, output->heap, DYNAMIC_TYPE_SESSION_TICK);
|
||||
output->ticket = tmpTicket; /* cppcheck-suppress autoVariables
|
||||
*/
|
||||
/* cppcheck-suppress autoVariables */
|
||||
output->ticket = tmpTicket;
|
||||
output->ticketLenAlloc = PREALLOC_SESSION_TICKET_LEN;
|
||||
output->ticketLen = 0;
|
||||
tmpBufSet = 1;
|
||||
@@ -1394,7 +1396,8 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
|
||||
output->ticketLen = 0;
|
||||
}
|
||||
if (error == WOLFSSL_SUCCESS) {
|
||||
XMEMCPY(output->ticket, tmpTicket, output->ticketLen); /* cppcheck-suppress uninitvar */
|
||||
/* cppcheck-suppress uninitvar */
|
||||
XMEMCPY(output->ticket, tmpTicket, output->ticketLen);
|
||||
}
|
||||
}
|
||||
WC_FREE_VAR_EX(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1839,8 +1842,9 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
|
||||
if (SESSION_ROW_WR_LOCK(sessRow) != 0) {
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
|
||||
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
|
||||
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
|
||||
FIPS_VERSION_GE(5,3)))
|
||||
XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
|
||||
#endif
|
||||
#endif
|
||||
@@ -1879,8 +1883,9 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
|
||||
if (cacheSession == NULL) {
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
|
||||
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
|
||||
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
|
||||
FIPS_VERSION_GE(5,3)))
|
||||
XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
|
||||
#endif
|
||||
#endif
|
||||
@@ -2028,8 +2033,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
|
||||
|
||||
#ifndef NO_CLIENT_CACHE
|
||||
if (ret == 0 && clientCacheEntry != NULL) {
|
||||
ClientSession* clientCache = AddSessionToClientCache(side, row, (int)idx,
|
||||
addSession->serverID, addSession->idLen, id, useTicket);
|
||||
ClientSession* clientCache = AddSessionToClientCache(side, row,
|
||||
(int)idx, addSession->serverID, addSession->idLen, id, useTicket);
|
||||
if (clientCache != NULL)
|
||||
*clientCacheEntry = clientCache;
|
||||
}
|
||||
@@ -4088,7 +4093,8 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
|
||||
ForceZero(session->sessionID, ID_LEN);
|
||||
|
||||
if (session->type == WOLFSSL_SESSION_TYPE_HEAP) {
|
||||
XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */
|
||||
/* // NOLINTNEXTLINE(clang-analyzer-unix.Malloc) */
|
||||
XFREE(session, session->heap, DYNAMIC_TYPE_SESSION);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -259,6 +259,50 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Pushes the node onto the back of the stack.
|
||||
*
|
||||
* If *stack is NULL, node becomes the head.
|
||||
*
|
||||
* @param [in, out] stack Stack of nodes.
|
||||
* @param [in] node Node to append.
|
||||
*
|
||||
* @return WOLFSSL_SUCCESS on success
|
||||
* @return WOLFSSL_FAILURE when stack or node is NULL.
|
||||
*/
|
||||
int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node)
|
||||
{
|
||||
int ret = WOLFSSL_SUCCESS;
|
||||
|
||||
/* Validate parameters. */
|
||||
if (stack == NULL || node == NULL) {
|
||||
ret = WOLFSSL_FAILURE;
|
||||
}
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
node->next = NULL;
|
||||
/* Tail node has num of 1, indicating 1 node till the end */
|
||||
node->num = 1;
|
||||
|
||||
if (*stack == NULL) {
|
||||
/* First node. */
|
||||
*stack = node;
|
||||
}
|
||||
else {
|
||||
/* Walk to the end and append. Each node's num field holds the
|
||||
* count of nodes from that node to the tail (inclusive), so
|
||||
* every existing node's num increases by one. */
|
||||
WOLFSSL_STACK* cur = *stack;
|
||||
while (cur->next != NULL) {
|
||||
cur->num++;
|
||||
cur = cur->next;
|
||||
}
|
||||
cur->num++;
|
||||
cur->next = node;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Removes the node at the index from the stack and returns data.
|
||||
*
|
||||
* This is an internal API.
|
||||
|
||||
@@ -9894,7 +9894,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
|
||||
ato16(&input[offset], &keLen);
|
||||
offset += OPAQUE16_LEN;
|
||||
if (keLen == 0)
|
||||
return INVALID_PARAMETER;
|
||||
return BUFFER_ERROR;
|
||||
if (keLen > length - offset)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
|
||||
+2
-2
@@ -5497,8 +5497,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
suite[1] = ssl->options.cipherSuite;
|
||||
if (!FindSuiteSSL(ssl, suite)) {
|
||||
WOLFSSL_MSG("Cipher suite not supported on client");
|
||||
WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR);
|
||||
return MATCH_SUITE_ERROR;
|
||||
WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
|
||||
return INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
#if defined(HAVE_ECH)
|
||||
|
||||
+93
-25
@@ -14986,41 +14986,109 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
|
||||
|
||||
void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
|
||||
{
|
||||
WOLFSSL_STACK *curr;
|
||||
wolfSSL_sk_pop_free(sk, NULL);
|
||||
}
|
||||
|
||||
while (sk != NULL) {
|
||||
curr = sk;
|
||||
sk = sk->next;
|
||||
static int x509_aia_append_string(WOLFSSL_STACK** head,
|
||||
const byte* uri, word32 uriSz)
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
char* url;
|
||||
|
||||
XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
url = (char*)XMALLOC(uriSz + 1, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
if (url == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
XMEMCPY(url, uri, uriSz);
|
||||
url[uriSz] = '\0';
|
||||
|
||||
node = wolfSSL_sk_new_node(*head != NULL ? (*head)->heap : NULL);
|
||||
if (node == NULL) {
|
||||
XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
node->type = STACK_TYPE_STRING;
|
||||
node->data.string = url;
|
||||
|
||||
if (wolfSSL_sk_push_back_node(head, node) != WOLFSSL_SUCCESS) {
|
||||
XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
wolfSSL_sk_free_node(node);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method,
|
||||
const byte* fallback, int fallbackSz)
|
||||
{
|
||||
WOLFSSL_STACK* head = NULL;
|
||||
int i;
|
||||
|
||||
if (x == NULL)
|
||||
return NULL;
|
||||
|
||||
/* Collect matching URIs from the multi-entry list into a new stack;
|
||||
* fall back to the legacy single-entry field for compatibility. */
|
||||
if (x->authInfoListSz > 0) {
|
||||
for (i = 0; i < x->authInfoListSz; i++) {
|
||||
if (x->authInfoList[i].method != method ||
|
||||
x->authInfoList[i].uri == NULL ||
|
||||
x->authInfoList[i].uriSz == 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (x509_aia_append_string(&head, x->authInfoList[i].uri,
|
||||
x->authInfoList[i].uriSz) != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_sk_pop_free(head, NULL);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (head == NULL && fallback != NULL && fallbackSz > 0) {
|
||||
if (x509_aia_append_string(&head, fallback, (word32)fallbackSz)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_sk_pop_free(head, NULL);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
return head;
|
||||
}
|
||||
|
||||
WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x)
|
||||
{
|
||||
WOLFSSL_STACK* list = NULL;
|
||||
char* url;
|
||||
|
||||
if (x == NULL || x->authInfoSz == 0)
|
||||
if (x == NULL)
|
||||
return NULL;
|
||||
|
||||
list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + x->authInfoSz + 1,
|
||||
NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
if (list == NULL)
|
||||
return NULL;
|
||||
|
||||
url = (char*)list;
|
||||
url += sizeof(WOLFSSL_STACK);
|
||||
XMEMCPY(url, x->authInfo, x->authInfoSz);
|
||||
url[x->authInfoSz] = '\0';
|
||||
|
||||
list->data.string = url;
|
||||
list->next = NULL;
|
||||
list->num = 1;
|
||||
|
||||
return list;
|
||||
return x509_get1_aia_by_method(x, AIA_OCSP_OID, x->authInfo, x->authInfoSz);
|
||||
}
|
||||
|
||||
int wolfSSL_X509_get_aia_overflow(WOLFSSL_X509 *x)
|
||||
{
|
||||
int overflow = 0;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_X509_get_aia_overflow");
|
||||
|
||||
if (x != NULL) {
|
||||
overflow = x->authInfoListOverflow;
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_X509_get_aia_overflow", overflow);
|
||||
|
||||
return overflow;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers(WOLFSSL_X509 *x)
|
||||
{
|
||||
if (x == NULL)
|
||||
return NULL;
|
||||
return x509_get1_aia_by_method(x, AIA_CA_ISSUER_OID, x->authInfoCaIssuer,
|
||||
x->authInfoCaIssuerSz);
|
||||
}
|
||||
#endif /* WOLFSSL_ASN_CA_ISSUER */
|
||||
|
||||
int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
|
||||
{
|
||||
WOLFSSL_X509_NAME *issuerName = wolfSSL_X509_get_issuer_name(subject);
|
||||
|
||||
+106
@@ -19199,6 +19199,109 @@ static int test_wolfSSL_OCSP_REQ_CTX(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_wolfSSL_X509_get1_ca_issuers(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \
|
||||
defined(WOLFSSL_ASN_CA_ISSUER) && !defined(NO_FILESYSTEM) && \
|
||||
!defined(NO_RSA)
|
||||
X509* cert = NULL;
|
||||
STACK_OF(WOLFSSL_STRING) *skStr = NULL;
|
||||
WOLFSSL_STRING url = NULL;
|
||||
const char* expected = "http://example.com/ca.pem";
|
||||
|
||||
ExpectNull(wolfSSL_X509_get1_ca_issuers(NULL));
|
||||
ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
|
||||
"certs/aia/ca-issuers-cert.pem", WOLFSSL_FILETYPE_PEM));
|
||||
ExpectNotNull(skStr = wolfSSL_X509_get1_ca_issuers(cert));
|
||||
ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(skStr), 1);
|
||||
ExpectNotNull(url = wolfSSL_sk_WOLFSSL_STRING_value(skStr, 0));
|
||||
ExpectIntEQ(XSTRCMP(url, expected), 0);
|
||||
|
||||
wolfSSL_X509_email_free(skStr);
|
||||
wolfSSL_X509_free(cert);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_wolfSSL_X509_get1_aia_multi(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \
|
||||
defined(WOLFSSL_ASN_CA_ISSUER) && !defined(NO_FILESYSTEM) && \
|
||||
!defined(NO_RSA)
|
||||
X509* cert = NULL;
|
||||
STACK_OF(WOLFSSL_STRING) *ocsp = NULL;
|
||||
STACK_OF(WOLFSSL_STRING) *ca = NULL;
|
||||
const char* ocspExp1 = "http://127.0.0.1:22221";
|
||||
const char* ocspExp2 = "http://127.0.0.1:22222";
|
||||
const char* caExp1 = "http://www.wolfssl.com/ca.pem";
|
||||
const char* caExp2 = "https://www.wolfssl.com/ca2.pem";
|
||||
int i;
|
||||
int ocspFound1 = 0, ocspFound2 = 0;
|
||||
int caFound1 = 0, caFound2 = 0;
|
||||
|
||||
ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
|
||||
"certs/aia/multi-aia-cert.pem", WOLFSSL_FILETYPE_PEM));
|
||||
ExpectIntEQ(wolfSSL_X509_get_aia_overflow(cert), 0);
|
||||
|
||||
ExpectNotNull(ocsp = wolfSSL_X509_get1_ocsp(cert));
|
||||
ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(ocsp), 2);
|
||||
for (i = 0; i < wolfSSL_sk_WOLFSSL_STRING_num(ocsp); i++) {
|
||||
WOLFSSL_STRING url = wolfSSL_sk_WOLFSSL_STRING_value(ocsp, i);
|
||||
if (url == NULL)
|
||||
continue;
|
||||
if (XSTRCMP(url, ocspExp1) == 0) ocspFound1 = 1;
|
||||
if (XSTRCMP(url, ocspExp2) == 0) ocspFound2 = 1;
|
||||
}
|
||||
ExpectIntEQ(ocspFound1, 1);
|
||||
ExpectIntEQ(ocspFound2, 1);
|
||||
|
||||
ExpectNotNull(ca = wolfSSL_X509_get1_ca_issuers(cert));
|
||||
ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(ca), 2);
|
||||
for (i = 0; i < wolfSSL_sk_WOLFSSL_STRING_num(ca); i++) {
|
||||
WOLFSSL_STRING url = wolfSSL_sk_WOLFSSL_STRING_value(ca, i);
|
||||
if (url == NULL)
|
||||
continue;
|
||||
if (XSTRCMP(url, caExp1) == 0) caFound1 = 1;
|
||||
if (XSTRCMP(url, caExp2) == 0) caFound2 = 1;
|
||||
}
|
||||
ExpectIntEQ(caFound1, 1);
|
||||
ExpectIntEQ(caFound2, 1);
|
||||
|
||||
wolfSSL_X509_email_free(ocsp);
|
||||
wolfSSL_X509_email_free(ca);
|
||||
wolfSSL_X509_free(cert);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_wolfSSL_X509_get1_aia_overflow(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
|
||||
X509* cert = NULL;
|
||||
STACK_OF(WOLFSSL_STRING) *ocsp = NULL;
|
||||
int count;
|
||||
|
||||
ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
|
||||
"certs/aia/overflow-aia-cert.pem", WOLFSSL_FILETYPE_PEM));
|
||||
|
||||
ExpectNotNull(ocsp = wolfSSL_X509_get1_ocsp(cert));
|
||||
count = wolfSSL_sk_WOLFSSL_STRING_num(ocsp);
|
||||
ExpectIntEQ(count, 8);
|
||||
ExpectIntEQ(wolfSSL_X509_get_aia_overflow(cert), 1);
|
||||
|
||||
wolfSSL_X509_email_free(ocsp);
|
||||
wolfSSL_X509_free(cert);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_no_op_functions(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
@@ -31666,6 +31769,9 @@ TEST_CASE testCases[] = {
|
||||
TEST_DECL(test_wolfSSL_OCSP_resp_get0),
|
||||
TEST_DECL(test_wolfSSL_OCSP_parse_url),
|
||||
TEST_DECL(test_wolfSSL_OCSP_REQ_CTX),
|
||||
TEST_DECL(test_wolfSSL_X509_get1_ca_issuers),
|
||||
TEST_DECL(test_wolfSSL_X509_get1_aia_multi),
|
||||
TEST_DECL(test_wolfSSL_X509_get1_aia_overflow),
|
||||
|
||||
TEST_DECL(test_wolfSSL_PEM_read),
|
||||
|
||||
|
||||
@@ -5222,3 +5222,742 @@ int test_wc_AesEaxDecryptAuth(void)
|
||||
* (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
|
||||
*/
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| CryptoCB AES SetKey Test
|
||||
*----------------------------------------------------------------------------*/
|
||||
|
||||
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
|
||||
!defined(NO_AES) && defined(HAVE_AESGCM)
|
||||
|
||||
#include <wolfssl/wolfcrypt/cryptocb.h>
|
||||
|
||||
#define TEST_CRYPTOCB_AES_DEVID 7
|
||||
|
||||
/* Test state tracking */
|
||||
static int cryptoCbAesSetKeyCalled = 0;
|
||||
static int cryptoCbAesFreeCalled = 0;
|
||||
|
||||
/* Simulated SE key storage - in real SE this would be in secure hardware */
|
||||
typedef struct {
|
||||
byte key[AES_256_KEY_SIZE];
|
||||
word32 keySz;
|
||||
int valid;
|
||||
} MockSeKeySlot;
|
||||
|
||||
static MockSeKeySlot mockSeKey = {0};
|
||||
|
||||
/* Mock handle pointing to our key slot */
|
||||
static void* cryptoCbAesMockHandle = (void*)&mockSeKey;
|
||||
|
||||
/* Test CryptoCB callback for AES key import operations
|
||||
* This emulates a Secure Element by:
|
||||
* - Storing the key on SetKey (simulating SE key import)
|
||||
* - Using stored key for encrypt/decrypt (simulating SE crypto)
|
||||
* - Clearing key on Free (simulating SE key deletion)
|
||||
*/
|
||||
static int test_CryptoCb_Aes_Cb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
{
|
||||
(void)ctx;
|
||||
|
||||
if (devId != TEST_CRYPTOCB_AES_DEVID)
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
|
||||
/* AES SetKey operation - simulate SE key import */
|
||||
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
|
||||
info->cipher.type == WC_CIPHER_AES &&
|
||||
info->cipher.aessetkey.aes != NULL) {
|
||||
|
||||
Aes* aes = info->cipher.aessetkey.aes;
|
||||
const byte* key = info->cipher.aessetkey.key;
|
||||
word32 keySz = info->cipher.aessetkey.keySz;
|
||||
|
||||
/* Validate key */
|
||||
if (key == NULL || keySz == 0 || keySz > AES_256_KEY_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* "Import" key to simulated SE storage */
|
||||
XMEMCPY(mockSeKey.key, key, keySz);
|
||||
mockSeKey.keySz = keySz;
|
||||
mockSeKey.valid = 1;
|
||||
|
||||
/* Store handle in aes->devCtx - this is what wolfSSL will use */
|
||||
aes->devCtx = cryptoCbAesMockHandle;
|
||||
|
||||
|
||||
cryptoCbAesSetKeyCalled++;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* AES-GCM Encrypt - simulate SE encryption using stored key */
|
||||
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
|
||||
info->cipher.type == WC_CIPHER_AES_GCM &&
|
||||
info->cipher.enc) {
|
||||
|
||||
Aes* aes = info->cipher.aesgcm_enc.aes;
|
||||
MockSeKeySlot* slot;
|
||||
Aes tempAes;
|
||||
int ret;
|
||||
|
||||
/* Verify handle points to our key slot */
|
||||
if (aes == NULL || aes->devCtx != cryptoCbAesMockHandle) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
slot = (MockSeKeySlot*)aes->devCtx;
|
||||
if (!slot->valid) {
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
|
||||
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
|
||||
XMEMSET(&tempAes, 0, sizeof(tempAes));
|
||||
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); /* No CryptoCB for internal use */
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
|
||||
if (ret != 0) {
|
||||
wc_AesFree(&tempAes);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Perform the actual encryption */
|
||||
ret = wc_AesGcmEncrypt(&tempAes,
|
||||
info->cipher.aesgcm_enc.out,
|
||||
info->cipher.aesgcm_enc.in,
|
||||
info->cipher.aesgcm_enc.sz,
|
||||
info->cipher.aesgcm_enc.iv,
|
||||
info->cipher.aesgcm_enc.ivSz,
|
||||
info->cipher.aesgcm_enc.authTag,
|
||||
info->cipher.aesgcm_enc.authTagSz,
|
||||
info->cipher.aesgcm_enc.authIn,
|
||||
info->cipher.aesgcm_enc.authInSz);
|
||||
|
||||
wc_AesFree(&tempAes);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* AES-GCM Decrypt - simulate SE decryption using stored key */
|
||||
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
|
||||
info->cipher.type == WC_CIPHER_AES_GCM &&
|
||||
!info->cipher.enc) {
|
||||
|
||||
Aes* aes = info->cipher.aesgcm_dec.aes;
|
||||
MockSeKeySlot* slot;
|
||||
Aes tempAes;
|
||||
int ret;
|
||||
|
||||
/* Verify handle points to our key slot */
|
||||
if (aes == NULL || aes->devCtx != cryptoCbAesMockHandle) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
slot = (MockSeKeySlot*)aes->devCtx;
|
||||
if (!slot->valid) {
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
|
||||
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
|
||||
XMEMSET(&tempAes, 0, sizeof(tempAes));
|
||||
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
|
||||
if (ret != 0) {
|
||||
wc_AesFree(&tempAes);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Perform the actual decryption */
|
||||
ret = wc_AesGcmDecrypt(&tempAes,
|
||||
info->cipher.aesgcm_dec.out,
|
||||
info->cipher.aesgcm_dec.in,
|
||||
info->cipher.aesgcm_dec.sz,
|
||||
info->cipher.aesgcm_dec.iv,
|
||||
info->cipher.aesgcm_dec.ivSz,
|
||||
info->cipher.aesgcm_dec.authTag,
|
||||
info->cipher.aesgcm_dec.authTagSz,
|
||||
info->cipher.aesgcm_dec.authIn,
|
||||
info->cipher.aesgcm_dec.authInSz);
|
||||
|
||||
wc_AesFree(&tempAes);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB_FREE
|
||||
/* Free operation - simulate SE key deletion */
|
||||
if (info->algo_type == WC_ALGO_TYPE_FREE &&
|
||||
info->free.algo == WC_ALGO_TYPE_CIPHER &&
|
||||
info->free.type == WC_CIPHER_AES) {
|
||||
|
||||
Aes* aes = (Aes*)info->free.obj;
|
||||
|
||||
if (aes != NULL && aes->devCtx == cryptoCbAesMockHandle) {
|
||||
/* "Delete" key from simulated SE */
|
||||
ForceZero(&mockSeKey, sizeof(mockSeKey));
|
||||
cryptoCbAesFreeCalled++;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Test: CryptoCB AES SetKey hook for key import / secure element support
|
||||
*/
|
||||
int test_wc_CryptoCb_AesSetKey(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
Aes* aes = NULL;
|
||||
byte* key = NULL;
|
||||
byte* iv = NULL;
|
||||
byte* plain = NULL;
|
||||
byte* cipher = NULL;
|
||||
byte* decrypted = NULL;
|
||||
byte* authTag = NULL;
|
||||
#else
|
||||
Aes aes[1];
|
||||
byte key[AES_128_KEY_SIZE];
|
||||
byte iv[GCM_NONCE_MID_SZ];
|
||||
byte plain[16];
|
||||
byte cipher[16];
|
||||
byte decrypted[16];
|
||||
byte authTag[AES_BLOCK_SIZE];
|
||||
#endif
|
||||
int ret;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
key = (byte*)XMALLOC(AES_128_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
iv = (byte*)XMALLOC(GCM_NONCE_MID_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
plain = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
cipher = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
decrypted = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (aes == NULL || key == NULL || iv == NULL || plain == NULL ||
|
||||
cipher == NULL || decrypted == NULL || authTag == NULL) {
|
||||
ret = MEMORY_E;
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Initialize key, iv, plain arrays */
|
||||
{
|
||||
static const byte keyData[AES_128_KEY_SIZE] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
|
||||
};
|
||||
static const byte plainData[16] = {
|
||||
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77,
|
||||
0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x21, 0x00
|
||||
};
|
||||
XMEMCPY(key, keyData, AES_128_KEY_SIZE);
|
||||
XMEMSET(iv, 0, GCM_NONCE_MID_SZ);
|
||||
XMEMCPY(plain, plainData, 16);
|
||||
}
|
||||
|
||||
XMEMSET(aes, 0, sizeof(Aes));
|
||||
XMEMSET(&mockSeKey, 0, sizeof(mockSeKey));
|
||||
|
||||
/* Reset test state */
|
||||
cryptoCbAesSetKeyCalled = 0;
|
||||
cryptoCbAesFreeCalled = 0;
|
||||
|
||||
/* Register test callback */
|
||||
ret = wc_CryptoCb_RegisterDevice(TEST_CRYPTOCB_AES_DEVID,
|
||||
test_CryptoCb_Aes_Cb, NULL);
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Initialize Aes with device ID */
|
||||
ret = wc_AesInit(aes, NULL, TEST_CRYPTOCB_AES_DEVID);
|
||||
ExpectIntEQ(ret, 0);
|
||||
ExpectIntEQ(aes->devId, TEST_CRYPTOCB_AES_DEVID);
|
||||
|
||||
/* Set key - should trigger CryptoCB and "import" to mock SE */
|
||||
ret = wc_AesGcmSetKey(aes, key, sizeof(key));
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Verify callback was invoked */
|
||||
ExpectIntEQ(cryptoCbAesSetKeyCalled, 1);
|
||||
|
||||
/* Verify handle stored in devCtx */
|
||||
ExpectPtrEq(aes->devCtx, cryptoCbAesMockHandle);
|
||||
|
||||
/* Verify key was "imported" to mock SE */
|
||||
ExpectIntEQ(mockSeKey.valid, 1);
|
||||
ExpectIntEQ(mockSeKey.keySz, (int)sizeof(key));
|
||||
|
||||
/* Verify keylen metadata stored in Aes struct */
|
||||
ExpectIntEQ(aes->keylen, (int)sizeof(key));
|
||||
|
||||
/* After SetKey succeeds via CryptoCB, verify key NOT in devKey */
|
||||
{
|
||||
byte zeroKey[AES_128_KEY_SIZE] = {0};
|
||||
/* Key should NOT be copied to devKey - SE owns it */
|
||||
ExpectIntEQ(XMEMCMP(aes->devKey, zeroKey, sizeof(key)), 0);
|
||||
}
|
||||
|
||||
/* Test encrypt - callback performs crypto using stored key */
|
||||
ret = wc_AesGcmEncrypt(aes, cipher, plain, sizeof(plain),
|
||||
iv, sizeof(iv), authTag, sizeof(authTag),
|
||||
NULL, 0);
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Test decrypt - callback performs crypto using stored key */
|
||||
ret = wc_AesGcmDecrypt(aes, decrypted, cipher, sizeof(cipher),
|
||||
iv, sizeof(iv), authTag, sizeof(authTag),
|
||||
NULL, 0);
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Verify round-trip */
|
||||
ExpectIntEQ(XMEMCMP(plain, decrypted, sizeof(plain)), 0);
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB_FREE
|
||||
/* Free should trigger callback and "delete" key from mock SE */
|
||||
cryptoCbAesFreeCalled = 0;
|
||||
wc_AesFree(aes);
|
||||
|
||||
/* Verify free callback invoked */
|
||||
ExpectIntEQ(cryptoCbAesFreeCalled, 1);
|
||||
|
||||
/* Verify devCtx cleared */
|
||||
ExpectPtrEq(aes->devCtx, NULL);
|
||||
|
||||
/* Verify key was "deleted" from mock SE */
|
||||
ExpectIntEQ(mockSeKey.valid, 0);
|
||||
#else
|
||||
wc_AesFree(aes);
|
||||
#endif
|
||||
|
||||
/* Cleanup */
|
||||
wc_CryptoCb_UnRegisterDevice(TEST_CRYPTOCB_AES_DEVID);
|
||||
|
||||
/* Test software path (no devId) still works */
|
||||
XMEMSET(aes, 0, sizeof(Aes));
|
||||
cryptoCbAesSetKeyCalled = 0;
|
||||
|
||||
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
ret = wc_AesGcmSetKey(aes, key, sizeof(key));
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Callback should NOT have been invoked */
|
||||
ExpectIntEQ(cryptoCbAesSetKeyCalled, 0);
|
||||
|
||||
/* devCtx should be NULL */
|
||||
ExpectPtrEq(aes->devCtx, NULL);
|
||||
|
||||
wc_AesFree(aes);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
out:
|
||||
XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(cipher, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(authTag, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_AES_SETKEY && !NO_AES && HAVE_AESGCM */
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| CryptoCB AES-GCM End-to-End Offload Test
|
||||
*----------------------------------------------------------------------------*/
|
||||
|
||||
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
|
||||
!defined(NO_AES) && defined(HAVE_AESGCM)
|
||||
|
||||
#define TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID 8
|
||||
|
||||
/* Test state tracking for end-to-end offload test */
|
||||
static int cryptoCbAesGcmSetKeyCalled = 0;
|
||||
static int cryptoCbAesGcmEncryptCalled = 0;
|
||||
static int cryptoCbAesGcmDecryptCalled = 0;
|
||||
static int cryptoCbAesGcmFreeCalled = 0;
|
||||
|
||||
/* Mock SE key storage for offload test */
|
||||
typedef struct {
|
||||
byte key[AES_256_KEY_SIZE];
|
||||
word32 keySz;
|
||||
int valid;
|
||||
} MockSeKeySlotOffload;
|
||||
|
||||
static MockSeKeySlotOffload mockSeKeyOffload = {0};
|
||||
|
||||
/* Mock handle pointing to our key slot */
|
||||
static void* cryptoCbAesGcmMockHandle = (void*)&mockSeKeyOffload;
|
||||
|
||||
/* Mock CryptoCB callback for end-to-end AES-GCM offload test
|
||||
* This emulates a Secure Element that:
|
||||
* - Stores the key on SetKey (simulating SE key import)
|
||||
* - Performs encryption/decryption using stored key (simulating SE crypto)
|
||||
* - Tracks all callback invocations to verify offload is working
|
||||
* - Uses software AES internally (simulating SE internal operation)
|
||||
*/
|
||||
static int test_CryptoCb_AesGcm_Offload_Cb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
{
|
||||
(void)ctx;
|
||||
|
||||
if (devId != TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID)
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
|
||||
/* AES SetKey operation - simulate SE key import */
|
||||
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
|
||||
info->cipher.type == WC_CIPHER_AES &&
|
||||
info->cipher.aessetkey.aes != NULL) {
|
||||
|
||||
Aes* aes = info->cipher.aessetkey.aes;
|
||||
const byte* key = info->cipher.aessetkey.key;
|
||||
word32 keySz = info->cipher.aessetkey.keySz;
|
||||
|
||||
/* Validate key */
|
||||
if (key == NULL || keySz == 0 || keySz > AES_256_KEY_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* "Import" key to simulated SE storage */
|
||||
XMEMCPY(mockSeKeyOffload.key, key, keySz);
|
||||
mockSeKeyOffload.keySz = keySz;
|
||||
mockSeKeyOffload.valid = 1;
|
||||
|
||||
/* Store handle in aes->devCtx - this is what wolfSSL will use */
|
||||
aes->devCtx = cryptoCbAesGcmMockHandle;
|
||||
|
||||
|
||||
cryptoCbAesGcmSetKeyCalled++;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* AES-GCM Encrypt - simulate SE encryption using stored key */
|
||||
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
|
||||
info->cipher.type == WC_CIPHER_AES_GCM &&
|
||||
info->cipher.enc) {
|
||||
|
||||
Aes* aes = info->cipher.aesgcm_enc.aes;
|
||||
MockSeKeySlotOffload* slot;
|
||||
Aes tempAes;
|
||||
int ret;
|
||||
|
||||
/* Verify handle points to our key slot */
|
||||
if (aes == NULL || aes->devCtx != cryptoCbAesGcmMockHandle) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
slot = (MockSeKeySlotOffload*)aes->devCtx;
|
||||
if (!slot->valid) {
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
|
||||
/* Track that encrypt callback was invoked */
|
||||
cryptoCbAesGcmEncryptCalled++;
|
||||
|
||||
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
|
||||
XMEMSET(&tempAes, 0, sizeof(tempAes));
|
||||
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); /* No CryptoCB for internal use */
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
|
||||
if (ret != 0) {
|
||||
wc_AesFree(&tempAes);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Perform the actual encryption using software AES (simulating SE internal operation) */
|
||||
ret = wc_AesGcmEncrypt(&tempAes,
|
||||
info->cipher.aesgcm_enc.out,
|
||||
info->cipher.aesgcm_enc.in,
|
||||
info->cipher.aesgcm_enc.sz,
|
||||
info->cipher.aesgcm_enc.iv,
|
||||
info->cipher.aesgcm_enc.ivSz,
|
||||
info->cipher.aesgcm_enc.authTag,
|
||||
info->cipher.aesgcm_enc.authTagSz,
|
||||
info->cipher.aesgcm_enc.authIn,
|
||||
info->cipher.aesgcm_enc.authInSz);
|
||||
|
||||
wc_AesFree(&tempAes);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* AES-GCM Decrypt - simulate SE decryption using stored key */
|
||||
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
|
||||
info->cipher.type == WC_CIPHER_AES_GCM &&
|
||||
!info->cipher.enc) {
|
||||
|
||||
Aes* aes = info->cipher.aesgcm_dec.aes;
|
||||
MockSeKeySlotOffload* slot;
|
||||
Aes tempAes;
|
||||
int ret;
|
||||
|
||||
/* Verify handle points to our key slot */
|
||||
if (aes == NULL || aes->devCtx != cryptoCbAesGcmMockHandle) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
slot = (MockSeKeySlotOffload*)aes->devCtx;
|
||||
if (!slot->valid) {
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
|
||||
/* Track that decrypt callback was invoked */
|
||||
cryptoCbAesGcmDecryptCalled++;
|
||||
|
||||
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
|
||||
XMEMSET(&tempAes, 0, sizeof(tempAes));
|
||||
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
|
||||
if (ret != 0) {
|
||||
wc_AesFree(&tempAes);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Perform the actual decryption using software AES (simulating SE internal operation) */
|
||||
ret = wc_AesGcmDecrypt(&tempAes,
|
||||
info->cipher.aesgcm_dec.out,
|
||||
info->cipher.aesgcm_dec.in,
|
||||
info->cipher.aesgcm_dec.sz,
|
||||
info->cipher.aesgcm_dec.iv,
|
||||
info->cipher.aesgcm_dec.ivSz,
|
||||
info->cipher.aesgcm_dec.authTag,
|
||||
info->cipher.aesgcm_dec.authTagSz,
|
||||
info->cipher.aesgcm_dec.authIn,
|
||||
info->cipher.aesgcm_dec.authInSz);
|
||||
|
||||
wc_AesFree(&tempAes);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB_FREE
|
||||
/* Free operation - simulate SE key deletion */
|
||||
if (info->algo_type == WC_ALGO_TYPE_FREE &&
|
||||
info->free.algo == WC_ALGO_TYPE_CIPHER &&
|
||||
info->free.type == WC_CIPHER_AES) {
|
||||
|
||||
Aes* aes = (Aes*)info->free.obj;
|
||||
|
||||
if (aes != NULL && aes->devCtx == cryptoCbAesGcmMockHandle) {
|
||||
/* "Delete" key from simulated SE */
|
||||
ForceZero(&mockSeKeyOffload, sizeof(mockSeKeyOffload));
|
||||
cryptoCbAesGcmFreeCalled++;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Test: End-to-End AES-GCM Offload via CryptoCB
|
||||
* This test verifies that:
|
||||
* - AES-GCM encryption/decryption operations are routed through CryptoCb
|
||||
* - Software AES is bypassed when offload is enabled
|
||||
* - Encrypted output and auth tag are correct
|
||||
* - Decryption via CryptoCb restores the original plaintext
|
||||
*/
|
||||
int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
Aes* aes = NULL;
|
||||
byte* key = NULL;
|
||||
byte* iv = NULL;
|
||||
byte* aad = NULL;
|
||||
byte* plaintext = NULL;
|
||||
byte* ciphertext = NULL;
|
||||
byte* decrypted = NULL;
|
||||
byte* authTag = NULL;
|
||||
#else
|
||||
Aes aes[1];
|
||||
byte key[AES_128_KEY_SIZE];
|
||||
byte iv[GCM_NONCE_MID_SZ];
|
||||
byte aad[16];
|
||||
byte plaintext[32];
|
||||
byte ciphertext[32];
|
||||
byte decrypted[32];
|
||||
byte authTag[AES_BLOCK_SIZE];
|
||||
#endif
|
||||
int ret;
|
||||
int i;
|
||||
int hasNonZero = 0;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
key = (byte*)XMALLOC(AES_128_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
iv = (byte*)XMALLOC(GCM_NONCE_MID_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
aad = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
plaintext = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ciphertext = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
decrypted = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (aes == NULL || key == NULL || iv == NULL || aad == NULL ||
|
||||
plaintext == NULL || ciphertext == NULL || decrypted == NULL ||
|
||||
authTag == NULL) {
|
||||
ret = MEMORY_E;
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Initialize key, iv, aad, plaintext arrays */
|
||||
{
|
||||
static const byte keyData[AES_128_KEY_SIZE] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
|
||||
};
|
||||
static const byte ivData[GCM_NONCE_MID_SZ] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b
|
||||
};
|
||||
static const byte aadData[16] = {
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
|
||||
};
|
||||
static const byte plaintextData[32] = {
|
||||
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77,
|
||||
0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x21, 0x00,
|
||||
0x54, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73,
|
||||
0x73, 0x61, 0x67, 0x65, 0x20, 0x32, 0x21, 0x00
|
||||
};
|
||||
XMEMCPY(key, keyData, AES_128_KEY_SIZE);
|
||||
XMEMCPY(iv, ivData, GCM_NONCE_MID_SZ);
|
||||
XMEMCPY(aad, aadData, 16);
|
||||
XMEMCPY(plaintext, plaintextData, 32);
|
||||
}
|
||||
|
||||
XMEMSET(aes, 0, sizeof(Aes));
|
||||
XMEMSET(&mockSeKeyOffload, 0, sizeof(mockSeKeyOffload));
|
||||
XMEMSET(ciphertext, 0, 32);
|
||||
XMEMSET(decrypted, 0, 32);
|
||||
XMEMSET(authTag, 0, AES_BLOCK_SIZE);
|
||||
|
||||
/* Reset test state */
|
||||
cryptoCbAesGcmSetKeyCalled = 0;
|
||||
cryptoCbAesGcmEncryptCalled = 0;
|
||||
cryptoCbAesGcmDecryptCalled = 0;
|
||||
cryptoCbAesGcmFreeCalled = 0;
|
||||
|
||||
/* Register test callback */
|
||||
ret = wc_CryptoCb_RegisterDevice(TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID,
|
||||
test_CryptoCb_AesGcm_Offload_Cb, NULL);
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Initialize Aes with device ID */
|
||||
ret = wc_AesInit(aes, NULL, TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID);
|
||||
ExpectIntEQ(ret, 0);
|
||||
ExpectIntEQ(aes->devId, TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID);
|
||||
|
||||
/* Set key - should trigger CryptoCB and "import" to mock SE */
|
||||
ret = wc_AesGcmSetKey(aes, key, sizeof(key));
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Verify SetKey callback was invoked */
|
||||
ExpectIntEQ(cryptoCbAesGcmSetKeyCalled, 1);
|
||||
|
||||
/* Verify handle stored in devCtx */
|
||||
ExpectPtrEq(aes->devCtx, cryptoCbAesGcmMockHandle);
|
||||
|
||||
/* Verify key was "imported" to mock SE */
|
||||
ExpectIntEQ(mockSeKeyOffload.valid, 1);
|
||||
ExpectIntEQ(mockSeKeyOffload.keySz, (int)sizeof(key));
|
||||
|
||||
/* Verify keylen metadata stored in Aes struct */
|
||||
ExpectIntEQ(aes->keylen, (int)sizeof(key));
|
||||
|
||||
/* Encrypt via wolfCrypt API - should route through CryptoCb */
|
||||
ret = wc_AesGcmEncrypt(aes, ciphertext, plaintext, 32,
|
||||
iv, sizeof(iv), authTag, sizeof(authTag),
|
||||
aad, 16);
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Assert: Encrypt callback was invoked */
|
||||
ExpectIntEQ(cryptoCbAesGcmEncryptCalled, 1);
|
||||
|
||||
/* Assert: Ciphertext is different from plaintext */
|
||||
ExpectIntNE(XMEMCMP(plaintext, ciphertext, 32), 0);
|
||||
|
||||
/* Assert: Auth tag is non-zero */
|
||||
hasNonZero = 0;
|
||||
for (i = 0; i < (int)sizeof(authTag); i++) {
|
||||
if (authTag[i] != 0) {
|
||||
hasNonZero = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
ExpectIntEQ(hasNonZero, 1);
|
||||
|
||||
/* Decrypt via wolfCrypt API - should route through CryptoCb */
|
||||
ret = wc_AesGcmDecrypt(aes, decrypted, ciphertext, 32,
|
||||
iv, sizeof(iv), authTag, sizeof(authTag),
|
||||
aad, 16);
|
||||
ExpectIntEQ(ret, 0);
|
||||
|
||||
/* Assert: Decrypt callback was invoked */
|
||||
ExpectIntEQ(cryptoCbAesGcmDecryptCalled, 1);
|
||||
|
||||
/* Assert: Decrypted plaintext matches original */
|
||||
ExpectIntEQ(XMEMCMP(plaintext, decrypted, 32), 0);
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB_FREE
|
||||
/* Free should trigger callback and "delete" key from mock SE */
|
||||
cryptoCbAesGcmFreeCalled = 0;
|
||||
wc_AesFree(aes);
|
||||
|
||||
/* Verify free callback invoked */
|
||||
ExpectIntEQ(cryptoCbAesGcmFreeCalled, 1);
|
||||
|
||||
/* Verify devCtx cleared */
|
||||
ExpectPtrEq(aes->devCtx, NULL);
|
||||
|
||||
/* Verify key was "deleted" from mock SE */
|
||||
ExpectIntEQ(mockSeKeyOffload.valid, 0);
|
||||
#else
|
||||
wc_AesFree(aes);
|
||||
#endif
|
||||
|
||||
/* Cleanup */
|
||||
wc_CryptoCb_UnRegisterDevice(TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID);
|
||||
|
||||
/* Verify lifecycle: SetKey -> Encrypt -> Decrypt -> Free */
|
||||
ExpectIntEQ(cryptoCbAesGcmSetKeyCalled, 1);
|
||||
ExpectIntEQ(cryptoCbAesGcmEncryptCalled, 1);
|
||||
ExpectIntEQ(cryptoCbAesGcmDecryptCalled, 1);
|
||||
#ifdef WOLF_CRYPTO_CB_FREE
|
||||
ExpectIntEQ(cryptoCbAesGcmFreeCalled, 1);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
out:
|
||||
XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(aad, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(plaintext, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ciphertext, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(authTag, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_AES_SETKEY && !NO_AES && HAVE_AESGCM */
|
||||
|
||||
|
||||
+15
-1
@@ -53,6 +53,19 @@ int test_wc_AesEaxDecryptAuth(void);
|
||||
|
||||
int test_wc_GmacSetKey(void);
|
||||
int test_wc_GmacUpdate(void);
|
||||
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
|
||||
!defined(NO_AES) && defined(HAVE_AESGCM)
|
||||
int test_wc_CryptoCb_AesSetKey(void);
|
||||
int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void);
|
||||
#endif
|
||||
|
||||
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
|
||||
!defined(NO_AES) && defined(HAVE_AESGCM)
|
||||
#define TEST_CRYPTOCB_AES_SETKEY_DECL , TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesSetKey), \
|
||||
TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesGcm_EncryptDecrypt)
|
||||
#else
|
||||
#define TEST_CRYPTOCB_AES_SETKEY_DECL
|
||||
#endif
|
||||
|
||||
#define TEST_AES_DECLS \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesSetKey), \
|
||||
@@ -74,7 +87,8 @@ int test_wc_GmacUpdate(void);
|
||||
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt)
|
||||
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt) \
|
||||
TEST_CRYPTOCB_AES_SETKEY_DECL
|
||||
|
||||
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
|
||||
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
|
||||
|
||||
@@ -36,9 +36,8 @@
|
||||
#include <tests/api/api.h>
|
||||
#include <tests/api/test_ossl_x509_str.h>
|
||||
|
||||
#if defined(OPENSSL_ALL) && \
|
||||
!defined(NO_RSA) && !defined(NO_FILESYSTEM)
|
||||
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
|
||||
!defined(NO_ASN_TIME)
|
||||
static int last_errcodes[10];
|
||||
static int last_errdepths[10];
|
||||
static int err_index = 0;
|
||||
@@ -187,8 +186,7 @@ int test_wolfSSL_X509_STORE_check_time(void)
|
||||
wolfSSL_X509_free(cert);
|
||||
cert = NULL;
|
||||
|
||||
#if defined(OPENSSL_ALL) && \
|
||||
!defined(NO_RSA) && !defined(NO_FILESYSTEM)
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
|
||||
|
||||
err_index = 0;
|
||||
|
||||
|
||||
+175
-5
@@ -388,12 +388,15 @@ int test_wc_PKCS7_EncodeData(void)
|
||||
|
||||
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
|
||||
!defined(NO_RSA) && !defined(NO_SHA256)
|
||||
/* RSA sign raw digest callback */
|
||||
/* RSA sign raw digest callback
|
||||
* This callback demonstrates HSM/secure element use case where the private
|
||||
* key is not passed through PKCS7 structure but obtained independently.
|
||||
*/
|
||||
static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
|
||||
byte* out, word32 outSz, byte* privateKey,
|
||||
word32 privateKeySz, int devid, int hashOID)
|
||||
{
|
||||
/* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
|
||||
/* specific DigestInfo ASN.1 encoding prefix for a SHA256 digest */
|
||||
byte digInfoEncoding[] = {
|
||||
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
||||
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
|
||||
@@ -407,6 +410,11 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
|
||||
word32 idx = 0;
|
||||
RsaKey rsa;
|
||||
|
||||
/* privateKey may be NULL in HSM/secure element use case - we load it
|
||||
* independently in this callback to simulate that scenario */
|
||||
(void)privateKey;
|
||||
(void)privateKeySz;
|
||||
|
||||
/* SHA-256 required only for this example callback due to above
|
||||
* digInfoEncoding[] */
|
||||
if (pkcs7 == NULL || digest == NULL || out == NULL ||
|
||||
@@ -427,7 +435,33 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
|
||||
/* Load key from test buffer - simulates HSM/secure element access */
|
||||
#if defined(USE_CERT_BUFFERS_2048)
|
||||
ret = wc_RsaPrivateKeyDecode(client_key_der_2048, &idx, &rsa,
|
||||
sizeof_client_key_der_2048);
|
||||
#elif defined(USE_CERT_BUFFERS_1024)
|
||||
ret = wc_RsaPrivateKeyDecode(client_key_der_1024, &idx, &rsa,
|
||||
sizeof_client_key_der_1024);
|
||||
#else
|
||||
{
|
||||
XFILE fp;
|
||||
byte keyBuf[ONEK_BUF];
|
||||
int keySz;
|
||||
|
||||
fp = XFOPEN("./certs/client-key.der", "rb");
|
||||
if (fp == XBADFILE) {
|
||||
wc_FreeRsaKey(&rsa);
|
||||
return -1;
|
||||
}
|
||||
keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp);
|
||||
XFCLOSE(fp);
|
||||
if (keySz <= 0) {
|
||||
wc_FreeRsaKey(&rsa);
|
||||
return -1;
|
||||
}
|
||||
ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &rsa, (word32)keySz);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* sign DigestInfo */
|
||||
if (ret == 0) {
|
||||
@@ -451,6 +485,102 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \
|
||||
defined(HAVE_ECC) && !defined(NO_SHA256)
|
||||
/* ECC sign raw digest callback
|
||||
* This callback demonstrates HSM/secure element use case where the private
|
||||
* key is not passed through PKCS7 structure but obtained independently.
|
||||
* Note: This example callback is hash-agnostic and will work with any
|
||||
* hash algorithm. The hashOID parameter can be used to validate or select
|
||||
* different signing behavior if needed.
|
||||
*/
|
||||
static int eccSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
|
||||
byte* out, word32 outSz, byte* privateKey,
|
||||
word32 privateKeySz, int devid, int hashOID)
|
||||
{
|
||||
int ret;
|
||||
word32 idx = 0;
|
||||
word32 sigSz = outSz;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
ecc_key* ecc = NULL;
|
||||
#else
|
||||
ecc_key ecc[1];
|
||||
#endif
|
||||
|
||||
/* privateKey may be NULL in HSM/secure element use case - we load it
|
||||
* independently in this callback to simulate that scenario */
|
||||
(void)privateKey;
|
||||
(void)privateKeySz;
|
||||
(void)hashOID;
|
||||
|
||||
if (pkcs7 == NULL || digest == NULL || out == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap, DYNAMIC_TYPE_ECC);
|
||||
if (ecc == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* set up ECC key */
|
||||
ret = wc_ecc_init_ex(ecc, pkcs7->heap, devid);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Load key from test buffer - simulates HSM/secure element access */
|
||||
#if defined(USE_CERT_BUFFERS_256)
|
||||
ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, ecc,
|
||||
sizeof_ecc_clikey_der_256);
|
||||
#else
|
||||
{
|
||||
XFILE fp;
|
||||
byte keyBuf[ONEK_BUF];
|
||||
int keySz;
|
||||
|
||||
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
|
||||
if (fp == XBADFILE) {
|
||||
wc_ecc_free(ecc);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp);
|
||||
XFCLOSE(fp);
|
||||
if (keySz <= 0) {
|
||||
wc_ecc_free(ecc);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, ecc, (word32)keySz);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* sign digest */
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_sign_hash(digest, digestSz, out, &sigSz, pkcs7->rng, ecc);
|
||||
if (ret == 0) {
|
||||
ret = (int)sigSz;
|
||||
}
|
||||
}
|
||||
|
||||
wc_ecc_free(ecc);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
|
||||
typedef struct encodeSignedDataStream {
|
||||
byte out[FOURK_BUF*3];
|
||||
@@ -757,8 +887,7 @@ int test_wc_PKCS7_EncodeSignedData(void)
|
||||
if (pkcs7 != NULL) {
|
||||
pkcs7->content = data;
|
||||
pkcs7->contentSz = (word32)sizeof(data);
|
||||
pkcs7->privateKey = key;
|
||||
pkcs7->privateKeySz = (word32)sizeof(key);
|
||||
/* privateKey not set - callback simulates HSM/secure element access */
|
||||
pkcs7->encryptOID = RSAk;
|
||||
pkcs7->hashOID = SHA256h;
|
||||
pkcs7->rng = &rng;
|
||||
@@ -769,6 +898,47 @@ int test_wc_PKCS7_EncodeSignedData(void)
|
||||
ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \
|
||||
defined(HAVE_ECC) && !defined(NO_SHA256)
|
||||
/* test ECC sign raw digest callback, if using ECC and compiled in.
|
||||
* Example callback assumes SHA-256, so only run test if compiled in. */
|
||||
{
|
||||
#if defined(USE_CERT_BUFFERS_256)
|
||||
byte eccCert[sizeof(cliecc_cert_der_256)];
|
||||
word32 eccCertSz = (word32)sizeof(eccCert);
|
||||
XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
|
||||
#else
|
||||
byte eccCert[ONEK_BUF];
|
||||
int eccCertSz;
|
||||
XFILE eccFp = XBADFILE;
|
||||
|
||||
ExpectTrue((eccFp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
|
||||
XBADFILE);
|
||||
ExpectIntGT(eccCertSz = (int)XFREAD(eccCert, 1, ONEK_BUF, eccFp), 0);
|
||||
if (eccFp != XBADFILE)
|
||||
XFCLOSE(eccFp);
|
||||
#endif
|
||||
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
pkcs7 = NULL;
|
||||
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, (word32)eccCertSz), 0);
|
||||
|
||||
if (pkcs7 != NULL) {
|
||||
pkcs7->content = data;
|
||||
pkcs7->contentSz = (word32)sizeof(data);
|
||||
/* privateKey not set - callback simulates HSM/secure element access */
|
||||
pkcs7->encryptOID = ECDSAk;
|
||||
pkcs7->hashOID = SHA256h;
|
||||
pkcs7->rng = &rng;
|
||||
}
|
||||
|
||||
ExpectIntEQ(wc_PKCS7_SetEccSignRawDigestCb(pkcs7, eccSignRawDigestCb), 0);
|
||||
|
||||
ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
DoExpectIntEQ(wc_FreeRng(&rng), 0);
|
||||
|
||||
|
||||
@@ -2683,9 +2683,9 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
|
||||
#define bench_stats_start(count, start) do { \
|
||||
SAVE_VECTOR_REGISTERS(pr_err( \
|
||||
SAVE_VECTOR_REGISTERS(WOLFSSL_DEBUG_PRINTF( \
|
||||
"ERROR: SAVE_VECTOR_REGISTERS failed for benchmark run."); \
|
||||
return; ); \
|
||||
bench_stats_start(count, start); \
|
||||
@@ -3161,7 +3161,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
|
||||
(void)useDeviceID;
|
||||
(void)ret;
|
||||
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#elif defined(WOLFSSL_LINUXKM)
|
||||
kernel_fpu_end();
|
||||
@@ -3559,7 +3559,7 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
|
||||
(void)useDeviceID;
|
||||
(void)ret;
|
||||
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#elif defined(WOLFSSL_LINUXKM)
|
||||
kernel_fpu_end();
|
||||
@@ -16024,6 +16024,20 @@ void bench_sphincsKeySign(byte level, byte optim)
|
||||
return (double)ns / 1000000000.0;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_BSDKM)
|
||||
|
||||
#include <sys/timex.h>
|
||||
double current_time(int reset)
|
||||
{
|
||||
(void)reset;
|
||||
struct timespec ts;
|
||||
int64_t result = 0;
|
||||
|
||||
getnanouptime(&ts);
|
||||
result = (int64_t) ts.tv_sec + (int64_t) ts.tv_nsec / NANOSECOND;
|
||||
return (double)result;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_GAISLER_BCC)
|
||||
|
||||
#include <bcc/bcc.h>
|
||||
|
||||
+82
-25
@@ -4365,6 +4365,24 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (aes->devId != INVALID_DEVID) {
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
|
||||
if (ret == 0) {
|
||||
/* Callback succeeded - SE owns the key */
|
||||
aes->keylen = (int)keylen;
|
||||
if (iv != NULL)
|
||||
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
|
||||
else
|
||||
XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
|
||||
return 0;
|
||||
}
|
||||
else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
||||
aes->devCtx = NULL;
|
||||
return ret;
|
||||
}
|
||||
/* CRYPTOCB_UNAVAILABLE: continue to software setup */
|
||||
#endif
|
||||
/* Standard CryptoCB path - copy key to devKey for encrypt/decrypt offload */
|
||||
if (keylen > sizeof(aes->devKey)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -4791,6 +4809,33 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (aes->devId != INVALID_DEVID) {
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
|
||||
if (ret == 0) {
|
||||
/* Callback succeeded - SE owns the key */
|
||||
aes->keylen = (int)keylen;
|
||||
if (iv != NULL)
|
||||
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
|
||||
else
|
||||
XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
|
||||
return 0;
|
||||
}
|
||||
else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
||||
aes->devCtx = NULL;
|
||||
return ret;
|
||||
}
|
||||
/* CRYPTOCB_UNAVAILABLE: continue to software setup */
|
||||
#endif
|
||||
/* Standard CryptoCB path - copy key to devKey */
|
||||
if (keylen > sizeof(aes->devKey)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
XMEMCPY(aes->devKey, userKey, keylen);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
|
||||
if (wc_MAXQ10XX_AesSetKey(aes, userKey, keylen) != 0) {
|
||||
return WC_HW_E;
|
||||
@@ -7454,46 +7499,55 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
|
||||
}
|
||||
#else
|
||||
#if !defined(FREESCALE_LTC_AES_GCM) && !defined(WOLFSSL_PSOC6_CRYPTO)
|
||||
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
if ((ret == 0) && (aes->devId != INVALID_DEVID && aes->devCtx != NULL)) {
|
||||
/* SE owns key - skip H and M table generation */
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
/* AES-NI code generates its own H value, but generate it here too, to
|
||||
* assure pure-C fallback is always usable.
|
||||
*/
|
||||
|
||||
/* Generate H = AES_Encrypt(key, 0^128) */
|
||||
ret = wc_AesEncrypt(aes, iv, aes->gcm.H);
|
||||
|
||||
if (ret == 0) {
|
||||
#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
|
||||
#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
|
||||
#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT)
|
||||
if (aes->use_aesni) {
|
||||
#if defined(WC_C_DYNAMIC_FALLBACK)
|
||||
#ifdef HAVE_INTEL_AVX2
|
||||
if (IS_INTEL_AVX2(intel_flags)) {
|
||||
GCM_generate_m0_avx2(aes->gcm.H, (byte*)aes->gcm.M0);
|
||||
GCM_generate_m0_avx2(aes->gcm.H,
|
||||
(byte*)aes->gcm.M0);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(HAVE_INTEL_AVX1)
|
||||
if (IS_INTEL_AVX1(intel_flags)) {
|
||||
GCM_generate_m0_avx1(aes->gcm.H, (byte*)aes->gcm.M0);
|
||||
GCM_generate_m0_avx1(aes->gcm.H,
|
||||
(byte*)aes->gcm.M0);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
GCM_generate_m0_aesni(aes->gcm.H, (byte*)aes->gcm.M0);
|
||||
GCM_generate_m0_aesni(aes->gcm.H,
|
||||
(byte*)aes->gcm.M0);
|
||||
}
|
||||
#endif
|
||||
#endif /* WC_C_DYNAMIC_FALLBACK */
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif /* AESNI */
|
||||
{
|
||||
GenerateM0(&aes->gcm);
|
||||
}
|
||||
#endif /* GCM_TABLE || GCM_TABLE_4BIT */
|
||||
#endif /* GCM_TABLE || GCM_TABLE_4BIT */
|
||||
}
|
||||
|
||||
VECTOR_REGISTERS_POP;
|
||||
}
|
||||
|
||||
#endif /* !FREESCALE_LTC_AES_GCM && !WOLFSSL_PSOC6_CRYPTO */
|
||||
#endif
|
||||
|
||||
@@ -7503,7 +7557,15 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (aes->devId != INVALID_DEVID) {
|
||||
XMEMCPY(aes->devKey, key, len);
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
if (aes->devCtx != NULL) {
|
||||
/* SE owns key - don't copy to devKey */
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
XMEMCPY(aes->devKey, key, len);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -13302,6 +13364,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
|
||||
|
||||
#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
|
||||
aes->devId = devId;
|
||||
aes->devCtx = NULL;
|
||||
#else
|
||||
(void)devId;
|
||||
#endif
|
||||
@@ -13383,10 +13446,6 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
|
||||
/* Free Aes resources */
|
||||
void wc_AesFree(Aes* aes)
|
||||
{
|
||||
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
|
||||
int ret = 0;
|
||||
#endif
|
||||
|
||||
if (aes == NULL) {
|
||||
return;
|
||||
}
|
||||
@@ -13396,19 +13455,17 @@ void wc_AesFree(Aes* aes)
|
||||
if (aes->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_Free(aes->devId, WC_ALGO_TYPE_CIPHER,
|
||||
WC_CIPHER_AES, (void*)aes);
|
||||
/* If they want the standard free, they can call it themselves */
|
||||
/* via their callback setting devId to INVALID_DEVID */
|
||||
/* otherwise assume the callback handled it */
|
||||
int ret = wc_CryptoCb_Free(aes->devId, WC_ALGO_TYPE_CIPHER,
|
||||
WC_CIPHER_AES, aes);
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
aes->devCtx = NULL; /* Clear device context handle */
|
||||
#endif
|
||||
/* If callback wants standard free, it can set devId to INVALID_DEVID.
|
||||
* Otherwise assume the callback handled cleanup. */
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return;
|
||||
/* fall-through when unavailable */
|
||||
}
|
||||
|
||||
/* silence compiler warning */
|
||||
(void)ret;
|
||||
|
||||
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_FREE */
|
||||
|
||||
#ifdef WC_DEBUG_CIPHER_LIFECYCLE
|
||||
|
||||
+65
-23
@@ -13839,7 +13839,18 @@ static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx,
|
||||
ret = ASN_PARSE_E;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
cert->sigCtx.CertAtt.pubkey_n_start =
|
||||
cert->sigCtx.CertAtt.pubkey_e_start =
|
||||
GetASNItem_DataIdx(
|
||||
dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY], source) + 1;
|
||||
cert->sigCtx.CertAtt.pubkey_n_len =
|
||||
((dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY].data.ref.length - 1) >> 1);
|
||||
cert->sigCtx.CertAtt.pubkey_e_start +=
|
||||
cert->sigCtx.CertAtt.pubkey_n_len;
|
||||
cert->sigCtx.CertAtt.pubkey_e_len =
|
||||
cert->sigCtx.CertAtt.pubkey_n_len;
|
||||
#endif
|
||||
#ifdef WOLFSSL_MAXQ10XX_TLS
|
||||
cert->publicKeyIndex =
|
||||
GetASNItem_DataIdx(dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY], source)
|
||||
@@ -21195,6 +21206,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
||||
int length = 0;
|
||||
byte b = 0;
|
||||
word32 oid;
|
||||
int aiaIdx;
|
||||
|
||||
WOLFSSL_ENTER("DecodeAuthInfo");
|
||||
|
||||
@@ -21219,14 +21231,29 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
||||
if (GetLength(input, &idx, &length, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* Set ocsp entry */
|
||||
if (b == GENERALNAME_URI) {
|
||||
/* Add to AIA list if space. */
|
||||
aiaIdx = cert->extAuthInfoListSz;
|
||||
if (aiaIdx < WOLFSSL_MAX_AIA_ENTRIES) {
|
||||
cert->extAuthInfoList[aiaIdx].method = oid;
|
||||
cert->extAuthInfoList[aiaIdx].uri = input + idx;
|
||||
cert->extAuthInfoList[aiaIdx].uriSz = (word32)length;
|
||||
cert->extAuthInfoListSz++;
|
||||
}
|
||||
else {
|
||||
cert->extAuthInfoListOverflow = 1;
|
||||
WOLFSSL_MSG("AIA list overflow");
|
||||
}
|
||||
}
|
||||
|
||||
/* Set first ocsp entry */
|
||||
if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
|
||||
cert->extAuthInfo == NULL) {
|
||||
cert->extAuthInfoSz = length;
|
||||
cert->extAuthInfo = input + idx;
|
||||
}
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
/* Set CaIssuers entry */
|
||||
/* Set first CaIssuers entry */
|
||||
else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
|
||||
cert->extAuthInfoCaIssuer == NULL)
|
||||
{
|
||||
@@ -21242,6 +21269,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
||||
word32 idx = 0;
|
||||
int length = 0;
|
||||
int ret = 0;
|
||||
int aiaIdx;
|
||||
|
||||
WOLFSSL_ENTER("DecodeAuthInfo");
|
||||
|
||||
@@ -21263,27 +21291,41 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
||||
if (ret == 0) {
|
||||
word32 sz32;
|
||||
|
||||
/* Check we have OCSP and URI. */
|
||||
if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) &&
|
||||
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
|
||||
(cert->extAuthInfo == NULL)) {
|
||||
/* Store URI for OCSP lookup. */
|
||||
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
|
||||
&cert->extAuthInfo, &sz32);
|
||||
cert->extAuthInfoSz = (int)sz32;
|
||||
if (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) {
|
||||
const byte* uri = NULL;
|
||||
|
||||
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], &uri, &sz32);
|
||||
|
||||
/* Add to AIA list if space. */
|
||||
aiaIdx = cert->extAuthInfoListSz;
|
||||
if (aiaIdx < WOLFSSL_MAX_AIA_ENTRIES) {
|
||||
cert->extAuthInfoList[aiaIdx].method =
|
||||
dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum;
|
||||
cert->extAuthInfoList[aiaIdx].uri = uri;
|
||||
cert->extAuthInfoList[aiaIdx].uriSz = sz32;
|
||||
cert->extAuthInfoListSz++;
|
||||
}
|
||||
else {
|
||||
cert->extAuthInfoListOverflow = 1;
|
||||
WOLFSSL_MSG("AIA list overflow");
|
||||
}
|
||||
|
||||
/* Set first OCSP entry. */
|
||||
if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
|
||||
AIA_OCSP_OID) && (cert->extAuthInfo == NULL)) {
|
||||
cert->extAuthInfo = uri;
|
||||
cert->extAuthInfoSz = (int)sz32;
|
||||
}
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
/* Set first CA Issuer entry. */
|
||||
else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
|
||||
AIA_CA_ISSUER_OID) &&
|
||||
(cert->extAuthInfoCaIssuer == NULL)) {
|
||||
cert->extAuthInfoCaIssuer = uri;
|
||||
cert->extAuthInfoCaIssuerSz = (int)sz32;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
/* Check we have CA Issuer and URI. */
|
||||
else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
|
||||
AIA_CA_ISSUER_OID) &&
|
||||
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
|
||||
(cert->extAuthInfoCaIssuer == NULL)) {
|
||||
/* Set CaIssuers entry */
|
||||
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
|
||||
&cert->extAuthInfoCaIssuer, &sz32);
|
||||
cert->extAuthInfoCaIssuerSz = (int)sz32;
|
||||
}
|
||||
#endif
|
||||
/* Otherwise skip. */
|
||||
}
|
||||
}
|
||||
|
||||
@@ -113,7 +113,11 @@
|
||||
|
||||
static WC_INLINE void cpuid_set_flags(void)
|
||||
{
|
||||
#ifdef WOLFSSL_BSDKM
|
||||
if (WOLFSSL_ATOMIC_LOAD_UINT(cpuid_flags) == WC_CPUID_INITIALIZER) {
|
||||
#else
|
||||
if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
|
||||
#endif
|
||||
cpuid_flags_t new_cpuid_flags = 0,
|
||||
old_cpuid_flags = WC_CPUID_INITIALIZER;
|
||||
if (cpuid_flag(1, 0, ECX, 28)) { new_cpuid_flags |= CPUID_AVX1 ; }
|
||||
|
||||
@@ -1537,6 +1537,36 @@ int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
|
||||
return wc_CryptoCb_TranslateErrorCode(ret);
|
||||
}
|
||||
#endif /* HAVE_AES_ECB */
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz)
|
||||
{
|
||||
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
|
||||
CryptoCb* dev;
|
||||
|
||||
if (aes == NULL || key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (aes->devId == INVALID_DEVID)
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
|
||||
/* locate registered callback */
|
||||
dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
|
||||
if (dev && dev->cb) {
|
||||
wc_CryptoInfo cryptoInfo;
|
||||
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
|
||||
cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER;
|
||||
cryptoInfo.cipher.type = WC_CIPHER_AES;
|
||||
cryptoInfo.cipher.aessetkey.aes = aes;
|
||||
cryptoInfo.cipher.aessetkey.key = key;
|
||||
cryptoInfo.cipher.aessetkey.keySz = keySz;
|
||||
|
||||
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
|
||||
}
|
||||
|
||||
return wc_CryptoCb_TranslateErrorCode(ret);
|
||||
}
|
||||
#endif /* WOLF_CRYPTO_CB_AES_SETKEY */
|
||||
#endif /* !NO_AES */
|
||||
|
||||
#ifndef NO_DES3
|
||||
|
||||
+4
-4
@@ -13214,7 +13214,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
err = add_entry(idx1, A);
|
||||
}
|
||||
}
|
||||
if (err == MP_OKAY && idx1 != -1) {
|
||||
if (err == MP_OKAY && idx1 != -1 && fp_cache[idx1].lru_count < (INT_MAX-1)) {
|
||||
/* increment LRU */
|
||||
++(fp_cache[idx1].lru_count);
|
||||
}
|
||||
@@ -13231,7 +13231,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
}
|
||||
}
|
||||
|
||||
if (err == MP_OKAY && idx2 != -1) {
|
||||
if (err == MP_OKAY && idx2 != -1 && fp_cache[idx2].lru_count < (INT_MAX-1)) {
|
||||
/* increment LRU */
|
||||
++(fp_cache[idx2].lru_count);
|
||||
}
|
||||
@@ -13368,7 +13368,7 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
if (idx >= 0)
|
||||
err = add_entry(idx, G);
|
||||
}
|
||||
if (err == MP_OKAY && idx >= 0) {
|
||||
if (err == MP_OKAY && idx >= 0 && fp_cache[idx].lru_count < (INT_MAX-1)) {
|
||||
/* increment LRU */
|
||||
++(fp_cache[idx].lru_count);
|
||||
}
|
||||
@@ -13539,7 +13539,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
if (idx >= 0)
|
||||
err = add_entry(idx, G);
|
||||
}
|
||||
if (err == MP_OKAY && idx >= 0) {
|
||||
if (err == MP_OKAY && idx >= 0 && fp_cache[idx].lru_count < (INT_MAX-1)) {
|
||||
/* increment LRU */
|
||||
++(fp_cache[idx].lru_count);
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -12,6 +12,7 @@ MAINTAINERCLEANFILES+= $(ASYNC_FILES)
|
||||
|
||||
EXTRA_DIST += wolfcrypt/src/misc.c
|
||||
EXTRA_DIST += wolfcrypt/src/evp.c
|
||||
EXTRA_DIST += wolfcrypt/src/evp_pk.c
|
||||
EXTRA_DIST += wolfcrypt/src/asm.c
|
||||
EXTRA_DIST += wolfcrypt/src/aes_asm.asm
|
||||
EXTRA_DIST += wolfcrypt/src/aes_gcm_asm.asm
|
||||
|
||||
+3
-2
@@ -896,8 +896,7 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
|
||||
block[i] = 0;
|
||||
}
|
||||
XMEMCPY(block + WC_SRTP_MAX_SALT - saltSz, salt, saltSz);
|
||||
block[WC_SRTP_MAX_SALT] = 0;
|
||||
/* block[15] is counter. */
|
||||
/* block[14-15] are counter. */
|
||||
|
||||
/* When kdrIdx is -1, don't XOR in index. */
|
||||
if (kdrIdx >= 0) {
|
||||
@@ -947,6 +946,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label,
|
||||
block[WC_SRTP_MAX_SALT - idxSz - 1] ^= label;
|
||||
for (i = 0; (ret == 0) && (i < blocks); i++) {
|
||||
/* Set counter. */
|
||||
block[14] = (byte)(i >> 8);
|
||||
block[15] = (byte)i;
|
||||
/* Encrypt block into key buffer. */
|
||||
ret = wc_AesEcbEncrypt(aes, key, block, WC_AES_BLOCK_SIZE);
|
||||
@@ -959,6 +959,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label,
|
||||
if ((ret == 0) && (keySz > 0)) {
|
||||
byte enc[WC_AES_BLOCK_SIZE];
|
||||
/* Set counter. */
|
||||
block[14] = (byte)(i >> 8);
|
||||
block[15] = (byte)i;
|
||||
/* Encrypt block into temporary. */
|
||||
ret = wc_AesEcbEncrypt(aes, enc, block, WC_AES_BLOCK_SIZE);
|
||||
|
||||
@@ -1794,6 +1794,16 @@ static int wc_PKCS7_ImportRSA(wc_PKCS7* pkcs7, RsaKey* privKey)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
|
||||
else if (pkcs7->rsaSignRawDigestCb != NULL && pkcs7->publicKeySz > 0) {
|
||||
/* When using raw sign callback (e.g., HSM/secure element), private
|
||||
* key may not be available. Use public key from signer certificate
|
||||
* for signature size calculation. */
|
||||
idx = 0;
|
||||
ret = wc_RsaPublicKeyDecode(pkcs7->publicKey, &idx, privKey,
|
||||
pkcs7->publicKeySz);
|
||||
}
|
||||
#endif
|
||||
else if (pkcs7->devId == INVALID_DEVID) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -1874,6 +1884,16 @@ static int wc_PKCS7_ImportECC(wc_PKCS7* pkcs7, ecc_key* privKey)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
|
||||
else if (pkcs7->eccSignRawDigestCb != NULL && pkcs7->publicKeySz > 0) {
|
||||
/* When using raw sign callback (e.g., HSM/secure element), private
|
||||
* key may not be available. Use public key from signer certificate
|
||||
* for signature size calculation. */
|
||||
idx = 0;
|
||||
ret = wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, privKey,
|
||||
pkcs7->publicKeySz);
|
||||
}
|
||||
#endif
|
||||
else if (pkcs7->devId == INVALID_DEVID) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -2398,6 +2418,28 @@ static int wc_PKCS7_SignedDataBuildSignature(wc_PKCS7* pkcs7,
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
case ECDSAk:
|
||||
#ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
|
||||
if (pkcs7->eccSignRawDigestCb != NULL) {
|
||||
/* get hash OID */
|
||||
int eccHashOID = wc_HashGetOID(esd->hashType);
|
||||
if (eccHashOID < 0) {
|
||||
ret = eccHashOID;
|
||||
break;
|
||||
}
|
||||
|
||||
/* user signing plain digest */
|
||||
ret = pkcs7->eccSignRawDigestCb(pkcs7,
|
||||
esd->contentAttribsDigest, hashSz,
|
||||
esd->encContentDigest, sizeof(esd->encContentDigest),
|
||||
pkcs7->privateKey, pkcs7->privateKeySz, pkcs7->devId,
|
||||
eccHashOID);
|
||||
/* validate return value doesn't exceed buffer size */
|
||||
if (ret > 0 && (word32)ret > sizeof(esd->encContentDigest)) {
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
/* CMS with ECDSA does not sign DigestInfo structure
|
||||
* like PKCS#7 with RSA does */
|
||||
ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest,
|
||||
@@ -3986,6 +4028,30 @@ int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* NO_RSA */
|
||||
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
|
||||
#ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
|
||||
/* register raw ECC sign digest callback */
|
||||
int wc_PKCS7_SetEccSignRawDigestCb(wc_PKCS7* pkcs7, CallbackEccSignRawDigest cb)
|
||||
{
|
||||
if (pkcs7 == NULL || cb == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
pkcs7->eccSignRawDigestCb = cb;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
|
||||
#ifndef NO_RSA
|
||||
|
||||
/* returns size of signature put into out, negative on error */
|
||||
static int wc_PKCS7_RsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
|
||||
byte* hash, word32 hashSz)
|
||||
|
||||
@@ -1147,7 +1147,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
rng->drbg_scratch = NULL;
|
||||
#endif
|
||||
}
|
||||
/* else swc_RNG_HealthTestLocal was successful */
|
||||
/* else wc_RNG_HealthTestLocal was successful */
|
||||
|
||||
if (ret == DRBG_SUCCESS) {
|
||||
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
||||
|
||||
+434
-136
@@ -68,10 +68,6 @@
|
||||
#endif
|
||||
|
||||
|
||||
/* Maximum length of the EC parameter string. */
|
||||
#define MAX_EC_PARAM_LEN 16
|
||||
|
||||
|
||||
#if defined(HAVE_ECC) && !defined(NO_PKCS11_ECDH)
|
||||
/* Pointer to false required for templates. */
|
||||
static CK_BBOOL ckFalse = CK_FALSE;
|
||||
@@ -110,7 +106,9 @@ typedef struct CK_AES_CTR_PARAMS {
|
||||
} CK_AES_CTR_PARAMS;
|
||||
#endif
|
||||
|
||||
#if !defined(NO_CERTS)
|
||||
static CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS11
|
||||
/* Enable logging of PKCS#11 calls and return value. */
|
||||
@@ -120,6 +118,9 @@ static CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
|
||||
/* Enable logging of PKCS#11 template. */
|
||||
#define PKCS11_DUMP_TEMPLATE(name, templ, cnt) \
|
||||
pkcs11_dump_template(name, templ, cnt)
|
||||
/* Enable logging of PKCS#11 mechanism info. */
|
||||
#define PKCS11_DUMP_MECHANSIM(name, mechanism) \
|
||||
pkcs11_dump_mechanism(name, mechanism)
|
||||
|
||||
/* Formats of template items - used to instruct how to log information. */
|
||||
enum PKCS11_TYPE_FORMATS {
|
||||
@@ -141,7 +142,7 @@ static struct PKCS11_TYPE_STR {
|
||||
int format;
|
||||
} typeStr[] = {
|
||||
{ CKA_CLASS, "CKA_CLASS", PKCS11_FMT_CLASS },
|
||||
{ CKA_TOKEN, "CKA_TOKEN", PKCS11_FMT_POINTER },
|
||||
{ CKA_TOKEN, "CKA_TOKEN", PKCS11_FMT_BOOLEAN },
|
||||
{ CKA_PRIVATE, "CKA_PRIVATE", PKCS11_FMT_BOOLEAN },
|
||||
{ CKA_LABEL, "CKA_LABEL", PKCS11_FMT_STRING },
|
||||
{ CKA_VALUE, "CKA_VALUE", PKCS11_FMT_DATA },
|
||||
@@ -327,6 +328,11 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
|
||||
WOLFSSL_MSG(line);
|
||||
break;
|
||||
case PKCS11_FMT_DATA:
|
||||
if (templ[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) {
|
||||
XSNPRINTF(line, sizeof(line), "%25s: unavailable", type);
|
||||
WOLFSSL_MSG(line);
|
||||
break;
|
||||
}
|
||||
XSNPRINTF(line, sizeof(line), "%25s: %ld", type,
|
||||
templ[i].ulValueLen);
|
||||
WOLFSSL_MSG(line);
|
||||
@@ -340,7 +346,7 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
|
||||
char hex[6];
|
||||
XSNPRINTF(hex, sizeof(hex), "0x%02x,",
|
||||
((byte*)templ[i].pValue)[j]);
|
||||
XSTRNCAT(line, hex, 5);
|
||||
XSTRNCAT(line, hex, sizeof(line) - XSTRLEN(line) - 1);
|
||||
if ((j % 8) == 7) {
|
||||
WOLFSSL_MSG(line);
|
||||
XSNPRINTF(line, sizeof(line), "%27s", "");
|
||||
@@ -365,6 +371,64 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
|
||||
}
|
||||
}
|
||||
|
||||
/* Information for logging a mechanism */
|
||||
static struct PKCS11_MECHANISM_STR {
|
||||
/** Mechanism. */
|
||||
CK_MECHANISM_TYPE mech;
|
||||
/** String to log corresponding mechanism. */
|
||||
const char* str;
|
||||
} mechStr[] = {
|
||||
{ CKM_RSA_PKCS_KEY_PAIR_GEN, "CKM_RSA_PKCS_KEY_PAIR_GEN" },
|
||||
{ CKM_RSA_X_509, "CKM_RSA_X_509" },
|
||||
{ CKM_DH_PKCS_KEY_PAIR_GEN, "CKM_DH_PKCS_KEY_PAIR_GEN" },
|
||||
{ CKM_DH_PKCS_DERIVE, "CKM_DH_PKCS_DERIVE" },
|
||||
{ CKM_MD5_HMAC, "CKM_MD5_HMAC" },
|
||||
{ CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC" },
|
||||
{ CKM_SHA256_HMAC, "CKM_SHA256_HMAC" },
|
||||
{ CKM_SHA224_HMAC, "CKM_SHA224_HMAC" },
|
||||
{ CKM_SHA384_HMAC, "CKM_SHA384_HMAC" },
|
||||
{ CKM_SHA512_HMAC, "CKM_SHA512_HMAC" },
|
||||
{ CKM_GENERIC_SECRET_KEY_GEN, "CKM_GENERIC_SECRET_KEY_GEN" },
|
||||
{ CKM_EC_KEY_PAIR_GEN, "CKM_EC_KEY_PAIR_GEN" },
|
||||
{ CKM_ECDSA, "CKM_ECDSA" },
|
||||
{ CKM_ECDH1_DERIVE, "CKM_ECDH1_DERIVE" },
|
||||
{ CKM_ECDH1_COFACTOR_DERIVE, "CKM_ECDH1_COFACTOR_DERIVE" },
|
||||
{ CKM_AES_KEY_GEN, "CKM_AES_KEY_GEN" },
|
||||
{ CKM_AES_CBC, "CKM_AES_CBC" },
|
||||
{ CKM_AES_GCM, "CKM_AES_GCM" },
|
||||
};
|
||||
/* Count of known mechanism for logging. */
|
||||
#define PKCS11_MECH_STR_CNT ((int)(sizeof(mechStr) / sizeof(*mechStr)))
|
||||
|
||||
/*
|
||||
* Dump/log the PKCS #11 mechanism.
|
||||
*
|
||||
* This is only for debugging purposes. Only the values needed are recognised.
|
||||
*
|
||||
* @param [in] op PKCS #11 operation that was attempted.
|
||||
* @param [in] mech PKCS #11 mechanism to dump.
|
||||
*/
|
||||
static void pkcs11_dump_mechanism(const char* op, CK_MECHANISM_TYPE mech)
|
||||
{
|
||||
char line[80];
|
||||
const char *mechName = NULL;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < PKCS11_MECH_STR_CNT; i++) {
|
||||
if (mech == mechStr[i].mech) {
|
||||
mechName = mechStr[i].str;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (i == PKCS11_TYPE_STR_CNT) {
|
||||
mechName = "UNKNOWN";
|
||||
}
|
||||
|
||||
XSNPRINTF(line, 80, "%s: %s", op, mechName);
|
||||
|
||||
WOLFSSL_MSG(line);
|
||||
}
|
||||
|
||||
/*
|
||||
* Log a PKCS #11 return value with the name of function called.
|
||||
*
|
||||
@@ -416,6 +480,8 @@ static void pkcs11_val(const char* op, CK_ULONG val)
|
||||
#define PKCS11_VAL(op, val) WC_DO_NOTHING
|
||||
/* Disable logging of PKCS#11 template. */
|
||||
#define PKCS11_DUMP_TEMPLATE(name, templ, cnt) WC_DO_NOTHING
|
||||
/* Disable logging of PKCS#11 mechanism info. */
|
||||
#define PKCS11_DUMP_MECHANSIM(name, mechanism) WC_DO_NOTHING
|
||||
#endif
|
||||
|
||||
/**
|
||||
@@ -432,7 +498,7 @@ static void pkcs11_val(const char* op, CK_ULONG val)
|
||||
*/
|
||||
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
|
||||
{
|
||||
return wc_Pkcs11_Initialize_ex(dev, library, heap, NULL);
|
||||
return wc_Pkcs11_Initialize_v3(dev, library, heap, NULL, NULL, NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -451,52 +517,270 @@ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
|
||||
*/
|
||||
int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library, void* heap,
|
||||
CK_RV* rvp)
|
||||
{
|
||||
return wc_Pkcs11_Initialize_v3(dev, library, heap, NULL, NULL, rvp);
|
||||
}
|
||||
|
||||
/**
|
||||
* Load library, get function list and initialize PKCS#11.
|
||||
*
|
||||
* @param [in] dev Device object.
|
||||
* @param [in] library Library name including path.
|
||||
* @param [in] heap Heap hint.
|
||||
* @param [in,out] version On in, desired version of interface.
|
||||
* On out, actual obtained version of interface.
|
||||
* @param [in] interfaceName Name of the interface to use.
|
||||
* @param [out] rvp PKCS#11 return value. Last return value seen.
|
||||
* May be NULL.
|
||||
* @return BAD_FUNC_ARG when dev or library are NULL pointers.
|
||||
* @return BAD_PATH_ERROR when dynamic library cannot be opened.
|
||||
* @return WC_INIT_E when the initialization PKCS#11 fails.
|
||||
* @return WC_HW_E when unable to get PKCS#11 function list.
|
||||
* @return 0 on success.
|
||||
*/
|
||||
int wc_Pkcs11_Initialize_v3(Pkcs11Dev* dev, const char* library,
|
||||
void* heap, int* version, const char* interfaceName, CK_RV* rvp)
|
||||
{
|
||||
int ret = 0;
|
||||
CK_RV rv = CKR_OK;
|
||||
#ifndef HAVE_PKCS11_STATIC
|
||||
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
|
||||
void* func;
|
||||
#endif
|
||||
CK_C_INITIALIZE_ARGS args;
|
||||
CK_VERSION_PTR version_ptr = NULL;
|
||||
|
||||
if (dev == NULL || library == NULL)
|
||||
if (dev == NULL)
|
||||
ret = BAD_FUNC_ARG;
|
||||
|
||||
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
|
||||
if (library == NULL)
|
||||
ret = BAD_FUNC_ARG;
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
dev->heap = heap;
|
||||
#ifndef HAVE_PKCS11_STATIC
|
||||
#if defined(HAVE_PKCS11_V3_STATIC)
|
||||
CK_INTERFACE_PTR interface = NULL;
|
||||
CK_VERSION pkcs11_version = {0, 0};
|
||||
|
||||
if (version != NULL) {
|
||||
if (*version == WC_PCKS11VERSION_2_20) {
|
||||
pkcs11_version.major = 2;
|
||||
pkcs11_version.minor = 20;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_2_20) {
|
||||
pkcs11_version.major = 2;
|
||||
pkcs11_version.minor = 40;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_3_0) {
|
||||
pkcs11_version.major = 3;
|
||||
pkcs11_version.minor = 0;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_3_1) {
|
||||
pkcs11_version.major = 3;
|
||||
pkcs11_version.minor = 1;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_3_2) {
|
||||
pkcs11_version.major = 3;
|
||||
pkcs11_version.minor = 2;
|
||||
}
|
||||
version_ptr = &pkcs11_version;
|
||||
}
|
||||
else {
|
||||
version_ptr = NULL;
|
||||
}
|
||||
|
||||
rv = C_GetInterface((CK_UTF8CHAR_PTR) interfaceName, version_ptr,
|
||||
&interface, 0);
|
||||
|
||||
if (rv == CKR_OK) {
|
||||
dev->func = interface->pFunctionList;
|
||||
version_ptr = (CK_VERSION_PTR) interface->pFunctionList;
|
||||
if (version_ptr->major == 2 && version_ptr->minor == 20) {
|
||||
dev->version = WC_PCKS11VERSION_2_20;
|
||||
}
|
||||
else if (version_ptr->major == 2 &&
|
||||
version_ptr->minor == 40) {
|
||||
dev->version = WC_PCKS11VERSION_2_40;
|
||||
}
|
||||
else if (version_ptr->major == 3 &&
|
||||
version_ptr->minor == 0) {
|
||||
dev->version = WC_PCKS11VERSION_3_0;
|
||||
}
|
||||
else if (version_ptr->major == 3 &&
|
||||
version_ptr->minor == 1) {
|
||||
dev->version = WC_PCKS11VERSION_3_1;
|
||||
}
|
||||
else if (version_ptr->major == 3 &&
|
||||
version_ptr->minor == 2) {
|
||||
dev->version = WC_PCKS11VERSION_3_2;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
|
||||
version_ptr->major, version_ptr->minor);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
PKCS11_RV("CK_C_GetInterface", rv);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
#elif defined(HAVE_PKCS11_STATIC)
|
||||
rv = C_GetFunctionList(&dev->func);
|
||||
if (rv == CKR_OK) {
|
||||
version_ptr = (CK_VERSION_PTR) dev->func;
|
||||
if (version_ptr->major == 2 &&
|
||||
version_ptr->minor == 20) {
|
||||
dev->version = WC_PCKS11VERSION_2_20;
|
||||
}
|
||||
else if (version_ptr->major == 2 &&
|
||||
version_ptr->minor == 40) {
|
||||
dev->version = WC_PCKS11VERSION_2_40;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
|
||||
version_ptr->major,
|
||||
version_ptr->minor);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
PKCS11_RV("CK_C_GetFunctionList", rv);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
#else
|
||||
/* Load dynamic library */
|
||||
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
|
||||
if (dev->dlHandle == NULL) {
|
||||
WOLFSSL_MSG(dlerror());
|
||||
ret = BAD_PATH_ERROR;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* Check if the library supports PKCS#11 version 3.0 (or above) by
|
||||
* looking for the C_GetInterface method (only present for >= V3.0).
|
||||
*/
|
||||
func = dlsym(dev->dlHandle, "C_GetInterface");
|
||||
if (func != NULL) {
|
||||
/* Function is present, use it */
|
||||
CK_INTERFACE_PTR interface = NULL;
|
||||
CK_VERSION pkcs11_version = {0, 0};
|
||||
if (version != NULL) {
|
||||
if (*version == WC_PCKS11VERSION_2_20) {
|
||||
pkcs11_version.major = 2;
|
||||
pkcs11_version.minor = 20;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_2_40) {
|
||||
pkcs11_version.major = 2;
|
||||
pkcs11_version.minor = 40;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_3_0) {
|
||||
pkcs11_version.major = 3;
|
||||
pkcs11_version.minor = 0;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_3_1) {
|
||||
pkcs11_version.major = 3;
|
||||
pkcs11_version.minor = 1;
|
||||
}
|
||||
else if (*version == WC_PCKS11VERSION_3_2) {
|
||||
pkcs11_version.major = 3;
|
||||
pkcs11_version.minor = 2;
|
||||
}
|
||||
version_ptr = &pkcs11_version;
|
||||
}
|
||||
else {
|
||||
version_ptr = NULL;
|
||||
}
|
||||
|
||||
rv = ((CK_C_GetInterface)func)((CK_UTF8CHAR_PTR) interfaceName,
|
||||
version_ptr, &interface, 0);
|
||||
if (rv == CKR_OK) {
|
||||
dev->func = interface->pFunctionList;
|
||||
version_ptr = (CK_VERSION_PTR) interface->pFunctionList;
|
||||
if (version_ptr->major == 2 && version_ptr->minor == 20) {
|
||||
dev->version = WC_PCKS11VERSION_2_20;
|
||||
}
|
||||
else if (version_ptr->major == 2 &&
|
||||
version_ptr->minor == 40) {
|
||||
dev->version = WC_PCKS11VERSION_2_40;
|
||||
}
|
||||
else if (version_ptr->major == 3 &&
|
||||
version_ptr->minor == 0) {
|
||||
dev->version = WC_PCKS11VERSION_3_0;
|
||||
}
|
||||
else if (version_ptr->major == 3 &&
|
||||
version_ptr->minor == 1) {
|
||||
dev->version = WC_PCKS11VERSION_3_1;
|
||||
}
|
||||
else if (version_ptr->major == 3 &&
|
||||
version_ptr->minor == 2) {
|
||||
dev->version = WC_PCKS11VERSION_3_2;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
|
||||
version_ptr->major, version_ptr->minor);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
PKCS11_RV("CK_C_GetInterface", rv);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* Function not present, try a 2.x library by looking for
|
||||
* C_GetFunctionList. */
|
||||
func = dlsym(dev->dlHandle, "C_GetFunctionList");
|
||||
if (func == NULL) {
|
||||
#if defined(_WIN32)
|
||||
WOLFSSL_MSG_EX("GetProcAddress(): %d", GetLastError());
|
||||
#else
|
||||
WOLFSSL_MSG(dlerror());
|
||||
#endif
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
if (ret == 0) {
|
||||
rv = ((CK_C_GetFunctionList)func)(&dev->func);
|
||||
if (rv == CKR_OK) {
|
||||
version_ptr = (CK_VERSION_PTR) dev->func;
|
||||
if (version_ptr->major == 2 &&
|
||||
version_ptr->minor == 20) {
|
||||
dev->version = WC_PCKS11VERSION_2_20;
|
||||
}
|
||||
else if (version_ptr->major == 2 &&
|
||||
version_ptr->minor == 40) {
|
||||
dev->version = WC_PCKS11VERSION_2_40;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
|
||||
version_ptr->major,
|
||||
version_ptr->minor);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
PKCS11_RV("CK_C_GetFunctionList", rv);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
dev->func = NULL;
|
||||
func = dlsym(dev->dlHandle, "C_GetFunctionList");
|
||||
if (func == NULL) {
|
||||
WOLFSSL_MSG(dlerror());
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
rv = ((CK_C_GetFunctionList)func)(&dev->func);
|
||||
#else
|
||||
rv = C_GetFunctionList(&dev->func);
|
||||
#endif
|
||||
if (rv != CKR_OK) {
|
||||
PKCS11_RV("CK_C_GetFunctionList", ret);
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
if (ret == 0 && version != NULL)
|
||||
*version = dev->version;
|
||||
|
||||
if (ret == 0) {
|
||||
XMEMSET(&args, 0x00, sizeof(args));
|
||||
args.flags = CKF_OS_LOCKING_OK;
|
||||
rv = dev->func->C_Initialize(&args);
|
||||
if (rv != CKR_OK) {
|
||||
PKCS11_RV("C_Initialize", ret);
|
||||
if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) {
|
||||
WOLFSSL_MSG("PKCS#11 already initialized");
|
||||
rv = CKR_OK;
|
||||
}
|
||||
else if (rv != CKR_OK) {
|
||||
PKCS11_RV("C_Initialize", rv);
|
||||
ret = WC_INIT_E;
|
||||
}
|
||||
}
|
||||
@@ -520,7 +804,7 @@ int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library, void* heap,
|
||||
void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
|
||||
{
|
||||
if (dev != NULL
|
||||
#ifndef HAVE_PKCS11_STATIC
|
||||
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
|
||||
&& dev->dlHandle != NULL
|
||||
#endif
|
||||
) {
|
||||
@@ -528,7 +812,7 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
|
||||
dev->func->C_Finalize(NULL);
|
||||
dev->func = NULL;
|
||||
}
|
||||
#ifndef HAVE_PKCS11_STATIC
|
||||
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
|
||||
dlclose(dev->dlHandle);
|
||||
dev->dlHandle = NULL;
|
||||
#endif
|
||||
@@ -633,6 +917,7 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
|
||||
token->userPin = NULL_PTR;
|
||||
token->userPinSz = 0;
|
||||
token->userPinLogin = 0;
|
||||
token->version = dev->version;
|
||||
}
|
||||
|
||||
XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -809,6 +1094,7 @@ static int Pkcs11OpenSession(Pkcs11Token* token, Pkcs11Session* session,
|
||||
if (ret == 0) {
|
||||
session->func = token->func;
|
||||
session->slotId = token->slotId;
|
||||
session->version = token->version;
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -1060,13 +1346,24 @@ static int Pkcs11EccSetParams(ecc_key* key, CK_ATTRIBUTE* tmpl, int idx)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (key->dp != NULL && key->dp->oid != NULL) {
|
||||
if (key != NULL && key->dp != NULL && key->dp->oid != NULL) {
|
||||
unsigned char* derParams = tmpl[idx].pValue;
|
||||
#if defined(HAVE_OID_ENCODING)
|
||||
word32 oidSz = ECC_MAX_OID_LEN - 2;
|
||||
ret = wc_EncodeObjectId(key->dp->oid, key->dp->oidSz, derParams+2, &oidSz);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
tmpl[idx].ulValueLen = oidSz + 2;
|
||||
derParams[0] = ASN_OBJECT_ID;
|
||||
derParams[1] = oidSz;
|
||||
#else
|
||||
/* ASN.1 encoding: OBJ + ecc parameters OID */
|
||||
tmpl[idx].ulValueLen = key->dp->oidSz + 2;
|
||||
derParams[0] = ASN_OBJECT_ID;
|
||||
derParams[1] = key->dp->oidSz;
|
||||
XMEMCPY(derParams + 2, key->dp->oid, key->dp->oidSz);
|
||||
#endif
|
||||
}
|
||||
else
|
||||
ret = NOT_COMPILED_IN;
|
||||
@@ -1096,7 +1393,7 @@ static int Pkcs11CreateEccPublicKey(CK_OBJECT_HANDLE* publicKey,
|
||||
unsigned char* ecPoint = NULL;
|
||||
word32 len;
|
||||
CK_RV rv;
|
||||
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
|
||||
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
|
||||
/* Empty entries for optional label/ID. */
|
||||
CK_ATTRIBUTE keyTemplate[] = {
|
||||
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
|
||||
@@ -1180,7 +1477,7 @@ static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey,
|
||||
{
|
||||
int ret = 0;
|
||||
CK_RV rv;
|
||||
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
|
||||
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
|
||||
/* Empty entries for optional label/ID. */
|
||||
CK_ATTRIBUTE keyTemplate[] = {
|
||||
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
|
||||
@@ -1209,16 +1506,30 @@ static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey,
|
||||
|
||||
ret = Pkcs11EccSetParams(private_key, keyTemplate, 3);
|
||||
if (ret == 0) {
|
||||
keyTemplate[4].pValue = wc_ecc_key_get_priv(private_key)->raw.buf;
|
||||
keyTemplate[4].ulValueLen = wc_ecc_key_get_priv(private_key)->raw.len;
|
||||
|
||||
PKCS11_DUMP_TEMPLATE("Ec Private Key", keyTemplate, keyTmplCnt);
|
||||
rv = session->func->C_CreateObject(session->handle, keyTemplate,
|
||||
keyTmplCnt, privateKey);
|
||||
PKCS11_RV("C_CreateObject", rv);
|
||||
if (rv != CKR_OK) {
|
||||
ret = WC_HW_E;
|
||||
word32 privLen = private_key->dp->size;
|
||||
byte* priv = (byte*)XMALLOC(privLen, private_key->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (priv == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
if (ret == 0) {
|
||||
PRIVATE_KEY_LOCK();
|
||||
ret = wc_ecc_export_private_only(private_key, priv, &privLen);
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
}
|
||||
if (ret == 0) {
|
||||
keyTemplate[4].pValue = priv;
|
||||
keyTemplate[4].ulValueLen = privLen;
|
||||
|
||||
PKCS11_DUMP_TEMPLATE("Ec Private Key", keyTemplate, keyTmplCnt);
|
||||
rv = session->func->C_CreateObject(session->handle, keyTemplate,
|
||||
keyTmplCnt, privateKey);
|
||||
PKCS11_RV("C_CreateObject", rv);
|
||||
if (rv != CKR_OK) {
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
XFREE(priv, private_key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -1230,22 +1541,28 @@ static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey,
|
||||
/**
|
||||
* Check if mechanism is available in session on token.
|
||||
*
|
||||
* @param [in] session Session object.
|
||||
* @param [in] mech Mechanism to look for.
|
||||
* @param [in] session Session object.
|
||||
* @param [in] mech Mechanism to look for.
|
||||
* @param [out] mechInfoPtr Mechanism info return data (optional).
|
||||
* @return NOT_COMPILED_IN when mechanism not available.
|
||||
* @return 0 when mechanism is available.
|
||||
*/
|
||||
static int Pkcs11MechAvail(Pkcs11Session* session, CK_MECHANISM_TYPE mech)
|
||||
static int Pkcs11MechAvail(Pkcs11Session* session, CK_MECHANISM_TYPE mech,
|
||||
CK_MECHANISM_INFO_PTR mechInfoPtr)
|
||||
{
|
||||
int ret = 0;
|
||||
CK_RV rv;
|
||||
CK_MECHANISM_INFO mechInfo;
|
||||
|
||||
PKCS11_DUMP_MECHANSIM("PKCS#11: Check if mechanism is available", mech);
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, mech, &mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
}
|
||||
if (mechInfoPtr != NULL) {
|
||||
*mechInfoPtr = mechInfo;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -1335,7 +1652,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
case PKCS11_KEY_TYPE_AES_GCM: {
|
||||
Aes* aes = (Aes*)key;
|
||||
|
||||
ret = Pkcs11MechAvail(&session, CKM_AES_GCM);
|
||||
ret = Pkcs11MechAvail(&session, CKM_AES_GCM, NULL);
|
||||
if (ret == 0) {
|
||||
ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES,
|
||||
(unsigned char*)aes->devKey,
|
||||
@@ -1353,7 +1670,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
case PKCS11_KEY_TYPE_AES_CBC: {
|
||||
Aes* aes = (Aes*)key;
|
||||
|
||||
ret = Pkcs11MechAvail(&session, CKM_AES_CBC);
|
||||
ret = Pkcs11MechAvail(&session, CKM_AES_CBC, NULL);
|
||||
if (ret == 0) {
|
||||
ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES,
|
||||
(unsigned char*)aes->devKey,
|
||||
@@ -1378,7 +1695,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
break;
|
||||
|
||||
if (ret == 0)
|
||||
ret = Pkcs11MechAvail(&session, mechType);
|
||||
ret = Pkcs11MechAvail(&session, mechType, NULL);
|
||||
if (ret == 0) {
|
||||
ret = Pkcs11CreateSecretKey(&privKey, &session, keyType,
|
||||
(unsigned char*)hmac->keyRaw,
|
||||
@@ -1403,7 +1720,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
case PKCS11_KEY_TYPE_RSA: {
|
||||
RsaKey* rsaKey = (RsaKey*)key;
|
||||
|
||||
ret = Pkcs11MechAvail(&session, CKM_RSA_X_509);
|
||||
ret = Pkcs11MechAvail(&session, CKM_RSA_X_509, NULL);
|
||||
if (ret == 0)
|
||||
ret = Pkcs11CreateRsaPrivateKey(&privKey, &session, rsaKey,
|
||||
1);
|
||||
@@ -1426,7 +1743,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
#ifndef NO_PKCS11_ECDH
|
||||
if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) {
|
||||
/* Try ECDH mechanism first. */
|
||||
ret = Pkcs11MechAvail(&session, CKM_ECDH1_DERIVE);
|
||||
ret = Pkcs11MechAvail(&session, CKM_ECDH1_DERIVE, NULL);
|
||||
if (ret == 0) {
|
||||
ret = Pkcs11CreateEccPrivateKey(&privKey, &session,
|
||||
eccKey, CKA_DERIVE);
|
||||
@@ -1435,7 +1752,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
#endif
|
||||
if (ret == 0 || ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
|
||||
/* Try ECDSA mechanism next. */
|
||||
ret2 = Pkcs11MechAvail(&session, CKM_ECDSA);
|
||||
ret2 = Pkcs11MechAvail(&session, CKM_ECDSA, NULL);
|
||||
if (ret2 == 0) {
|
||||
ret2 = Pkcs11CreateEccPrivateKey(&privKey, &session,
|
||||
eccKey, CKA_SIGN);
|
||||
@@ -2188,7 +2505,6 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
|
||||
static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
{
|
||||
int ret = 0;
|
||||
CK_RV rv;
|
||||
CK_MECHANISM_INFO mechInfo;
|
||||
CK_MECHANISM_TYPE mechanism = 0x0UL;
|
||||
int sessionKey = 0;
|
||||
@@ -2214,12 +2530,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
}
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, mechanism,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
}
|
||||
ret = Pkcs11MechAvail(session, mechanism, &mechInfo);
|
||||
|
||||
if (ret == 0) {
|
||||
if ((type == RSA_PUBLIC_ENCRYPT) || (type == RSA_PUBLIC_DECRYPT)) {
|
||||
@@ -2318,7 +2629,7 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
int privTmplCnt = 2;
|
||||
int i;
|
||||
|
||||
ret = Pkcs11MechAvail(session, CKM_RSA_PKCS_KEY_PAIR_GEN);
|
||||
ret = Pkcs11MechAvail(session, CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: RSA Key Generation Operation");
|
||||
|
||||
@@ -2394,9 +2705,8 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
|
||||
int i;
|
||||
unsigned char* ecPoint = NULL;
|
||||
word32 len = 0;
|
||||
CK_RV rv;
|
||||
CK_ULONG count;
|
||||
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
|
||||
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
|
||||
CK_ATTRIBUTE keyTemplate[] = {
|
||||
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
|
||||
{ CKA_KEY_TYPE, &ecKeyType, sizeof(ecKeyType) },
|
||||
@@ -2433,26 +2743,7 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
|
||||
attrCnt++;
|
||||
}
|
||||
if (ret == 0) {
|
||||
PKCS11_DUMP_TEMPLATE("Find Ec Key", keyTemplate, attrCnt);
|
||||
rv = session->func->C_FindObjectsInit(session->handle, keyTemplate,
|
||||
attrCnt);
|
||||
PKCS11_RV("C_FindObjectsInit", rv);
|
||||
if (rv != CKR_OK) {
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
rv = session->func->C_FindObjects(session->handle, key, 1, &count);
|
||||
PKCS11_RV("C_FindObjects", rv);
|
||||
PKCS11_VAL("C_FindObjects Count", count);
|
||||
if (rv != CKR_OK) {
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
rv = session->func->C_FindObjectsFinal(session->handle);
|
||||
PKCS11_RV("C_FindObjectsFinal", rv);
|
||||
if (rv != CKR_OK) {
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
ret = Pkcs11FindKeyByTemplate(key, session, keyTemplate, attrCnt, &count);
|
||||
}
|
||||
|
||||
XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC);
|
||||
@@ -2560,7 +2851,7 @@ static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
CK_RV rv;
|
||||
CK_OBJECT_HANDLE pubKey = NULL_PTR, privKey = NULL_PTR;
|
||||
CK_MECHANISM mech;
|
||||
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
|
||||
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
|
||||
CK_ATTRIBUTE pubKeyTmpl[] = {
|
||||
{ CKA_EC_PARAMS, params, 0 },
|
||||
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
|
||||
@@ -2584,7 +2875,7 @@ static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
/* Mandatory entries + 2 optional. */
|
||||
int privTmplCnt = 1;
|
||||
|
||||
ret = Pkcs11MechAvail(session, CKM_EC_KEY_PAIR_GEN);
|
||||
ret = Pkcs11MechAvail(session, CKM_EC_KEY_PAIR_GEN, NULL);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: EC Key Generation Operation");
|
||||
|
||||
@@ -2670,7 +2961,9 @@ static int Pkcs11ExtractSecret(Pkcs11Session* session, CK_OBJECT_HANDLE secret,
|
||||
}
|
||||
PKCS11_DUMP_TEMPLATE("Secret Length", tmpl, tmplCnt);
|
||||
if (ret == 0) {
|
||||
if (tmpl[0].ulValueLen > *outLen)
|
||||
if (tmpl[0].ulValueLen == CK_UNAVAILABLE_INFORMATION)
|
||||
ret = WC_HW_E;
|
||||
else if (tmpl[0].ulValueLen > *outLen)
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
if (ret == 0) {
|
||||
@@ -2720,7 +3013,7 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
};
|
||||
CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
|
||||
|
||||
ret = Pkcs11MechAvail(session, CKM_ECDH1_DERIVE);
|
||||
ret = Pkcs11MechAvail(session, CKM_ECDH1_DERIVE, NULL);
|
||||
if (ret == 0 && info->pk.ecdh.outlen == NULL) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -3008,12 +3301,10 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
CK_OBJECT_HANDLE privateKey = NULL_PTR;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_ECDSA, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_SIGN) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0 && info->pk.eccsign.outlen == NULL) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -3105,20 +3396,20 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
{
|
||||
int ret = 0;
|
||||
int sessionKey = 0;
|
||||
CK_RV rv;
|
||||
CK_MECHANISM mech;
|
||||
CK_MECHANISM_INFO mechInfo;
|
||||
CK_OBJECT_HANDLE publicKey = NULL_PTR;
|
||||
unsigned char* sig = NULL;
|
||||
word32 sz = info->pk.eccverify.key->dp->size;
|
||||
ecc_key* key = info->pk.eccverify.key;
|
||||
word32 sz = key->dp->size;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_VERIFY) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_ECDSA, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_VERIFY) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0 && info->pk.eccverify.res == NULL) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -3126,12 +3417,32 @@ static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: EC Verification Operation");
|
||||
|
||||
ret = Pkcs11CreateEccPublicKey(&publicKey, session,
|
||||
info->pk.eccverify.key, CKA_VERIFY);
|
||||
if (key->labelLen > 0) {
|
||||
ret = Pkcs11FindKeyByLabel(&publicKey, CKO_PUBLIC_KEY, CKK_EC,
|
||||
session, key->label, key->labelLen);
|
||||
if (ret == 0 && key->dp == NULL) {
|
||||
ret = Pkcs11GetEccParams(session, publicKey, key);
|
||||
}
|
||||
}
|
||||
else if (key->idLen > 0) {
|
||||
ret = Pkcs11FindKeyById(&publicKey, CKO_PUBLIC_KEY, CKK_EC,
|
||||
session, key->id, key->idLen);
|
||||
if (ret == 0 && key->dp == NULL) {
|
||||
ret = Pkcs11GetEccParams(session, publicKey, key);
|
||||
}
|
||||
}
|
||||
else if (!mp_iszero(key->pubkey.x)) {
|
||||
ret = Pkcs11CreateEccPublicKey(&publicKey, session, key,
|
||||
CKA_VERIFY);
|
||||
sessionKey = 1;
|
||||
}
|
||||
else
|
||||
ret = Pkcs11FindEccKey(&publicKey, CKO_PUBLIC_KEY, session,
|
||||
info->pk.eccsign.key, CKA_VERIFY);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
sig = (unsigned char *)XMALLOC(sz * 2, info->pk.eccverify.key->heap,
|
||||
sig = (unsigned char *)XMALLOC(sz * 2, key->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (sig == NULL)
|
||||
ret = MEMORY_E;
|
||||
@@ -3168,7 +3479,7 @@ static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
*info->pk.eccverify.res = 1;
|
||||
}
|
||||
|
||||
if (publicKey != NULL_PTR)
|
||||
if (sessionKey && publicKey != NULL_PTR)
|
||||
session->func->C_DestroyObject(session->handle, publicKey);
|
||||
|
||||
if (sig != NULL)
|
||||
@@ -3429,12 +3740,10 @@ static int Pkcs11AesGcmEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
CK_ULONG outLen;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_AES_GCM, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: AES-GCM Encryption Operation");
|
||||
|
||||
@@ -3524,12 +3833,10 @@ static int Pkcs11AesGcmDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
word32 len;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_AES_GCM, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: AES-GCM Decryption Operation");
|
||||
|
||||
@@ -3633,12 +3940,10 @@ static int Pkcs11AesCbcEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
CK_ULONG outLen;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_AES_CBC, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: AES-CBC Encryption Operation");
|
||||
|
||||
@@ -3709,12 +4014,10 @@ static int Pkcs11AesCbcDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
CK_ULONG outLen;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_AES_CBC, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: AES-CBC Decryption Operation");
|
||||
|
||||
@@ -3789,12 +4092,10 @@ static int Pkcs11AesCtrEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
CK_ULONG outLen;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CTR,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_AES_CTR, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: AES-CTR Encryption Operation");
|
||||
|
||||
@@ -3870,12 +4171,10 @@ static int Pkcs11AesCtrDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
CK_ULONG outLen;
|
||||
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CTR,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
|
||||
ret = Pkcs11MechAvail(session, CKM_AES_CTR, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
|
||||
}
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: AES-CTR Decryption Operation");
|
||||
|
||||
@@ -3960,11 +4259,10 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
ret = Pkcs11HmacTypes(info->hmac.macType, &mechType, &keyType);
|
||||
if (ret == 0) {
|
||||
/* Check operation is supported. */
|
||||
rv = session->func->C_GetMechanismInfo(session->slotId, mechType,
|
||||
&mechInfo);
|
||||
PKCS11_RV("C_GetMechanismInfo", rv);
|
||||
if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0)
|
||||
ret = Pkcs11MechAvail(session, mechType, &mechInfo);
|
||||
if (ret == 0 && (mechInfo.flags & CKF_SIGN) == 0) {
|
||||
ret = NOT_COMPILED_IN;
|
||||
}
|
||||
}
|
||||
|
||||
/* Check whether key been used to initialized. */
|
||||
|
||||
@@ -31783,6 +31783,8 @@ typedef struct Srtp_Kdf_Tv {
|
||||
word32 ksSz;
|
||||
} Srtp_Kdf_Tv;
|
||||
|
||||
#define SRTP_KDF_LONG_KEY 5000
|
||||
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
|
||||
{
|
||||
wc_test_ret_t ret = 0;
|
||||
@@ -32034,6 +32036,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
|
||||
unsigned char keyE[32];
|
||||
unsigned char keyA[20];
|
||||
unsigned char keyS[14];
|
||||
#ifndef BENCH_EMBEDDED
|
||||
WC_DECLARE_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
|
||||
WC_DECLARE_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
|
||||
WC_DECLARE_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
|
||||
#endif
|
||||
|
||||
#ifndef BENCH_EMBEDDED
|
||||
WC_ALLOC_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
|
||||
WC_ALLOC_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
|
||||
WC_ALLOC_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
|
||||
#endif
|
||||
|
||||
WOLFSSL_ENTER("srtpkdf_test");
|
||||
|
||||
for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
|
||||
@@ -32284,6 +32298,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
|
||||
return WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
|
||||
#ifndef BENCH_EMBEDDED
|
||||
/* Check that long messages can be created. */
|
||||
ret = wc_SRTP_KDF(tv[0].key, tv[0].keySz, tv[0].salt, tv[0].saltSz,
|
||||
tv[0].kdfIdx, tv[0].index_c, keyELong, SRTP_KDF_LONG_KEY, keyALong,
|
||||
SRTP_KDF_LONG_KEY, keySLong, SRTP_KDF_LONG_KEY);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
|
||||
/* Check that two bytes of counter are being used. */
|
||||
if (XMEMCMP(keyELong, keyELong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
|
||||
return WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
if (XMEMCMP(keyELong, keyALong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
|
||||
return WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
if (XMEMCMP(keyELong, keySLong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
|
||||
return WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
|
||||
WC_FREE_VAR(keyELong, HEAP_HINT);
|
||||
WC_FREE_VAR(keyALong, HEAP_HINT);
|
||||
WC_FREE_VAR(keySLong, HEAP_HINT);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -5335,6 +5335,19 @@ struct WOLFSSL_X509_NAME {
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_AIA_ENTRY_DEFINED
|
||||
#ifndef WOLFSSL_MAX_AIA_ENTRIES
|
||||
#define WOLFSSL_MAX_AIA_ENTRIES 8
|
||||
#endif
|
||||
|
||||
#define WOLFSSL_AIA_ENTRY_DEFINED
|
||||
typedef struct WOLFSSL_AIA_ENTRY {
|
||||
word32 method; /* AIA method OID sum (e.g., AIA_OCSP_OID). */
|
||||
const byte* uri; /* Pointer into cert DER for the URI. */
|
||||
word32 uriSz; /* Length of URI data. */
|
||||
} WOLFSSL_AIA_ENTRY;
|
||||
#endif /* WOLFSSL_AIA_ENTRY_DEFINED */
|
||||
|
||||
struct WOLFSSL_X509 {
|
||||
int version;
|
||||
int serialSz;
|
||||
@@ -5405,6 +5418,9 @@ struct WOLFSSL_X509 {
|
||||
byte* authInfoCaIssuer;
|
||||
int authInfoCaIssuerSz;
|
||||
#endif
|
||||
WOLFSSL_AIA_ENTRY authInfoList[WOLFSSL_MAX_AIA_ENTRIES];
|
||||
byte authInfoListSz:7;
|
||||
byte authInfoListOverflow:1;
|
||||
word32 pathLength;
|
||||
word16 keyUsage;
|
||||
int rawCRLInfoSz;
|
||||
|
||||
@@ -1917,6 +1917,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
|
||||
WOLFSSL_API int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack,
|
||||
WOLFSSL_STACK* in);
|
||||
|
||||
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk);
|
||||
@@ -5796,6 +5798,11 @@ WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
|
||||
|
||||
WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk);
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x);
|
||||
WOLFSSL_API int wolfSSL_X509_get_aia_overflow(WOLFSSL_X509 *x);
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers(
|
||||
WOLFSSL_X509 *x);
|
||||
#endif /* WOLFSSL_ASN_CA_ISSUER */
|
||||
|
||||
WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
|
||||
WOLFSSL_X509 *subject);
|
||||
|
||||
@@ -334,7 +334,7 @@ struct Aes {
|
||||
#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
|
||||
#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
|
||||
int devId;
|
||||
void* devCtx;
|
||||
void* devCtx; /* Opaque handle for CryptoCB device */
|
||||
#endif
|
||||
#ifdef WOLF_PRIVATE_KEY_ID
|
||||
byte id[AES_MAX_ID_LEN];
|
||||
|
||||
+21
-2
@@ -1702,6 +1702,19 @@ typedef struct TrustedPeerCert TrustedPeerCert;
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
||||
typedef struct SignatureCtx SignatureCtx;
|
||||
|
||||
#ifndef WOLFSSL_AIA_ENTRY_DEFINED
|
||||
#ifndef WOLFSSL_MAX_AIA_ENTRIES
|
||||
#define WOLFSSL_MAX_AIA_ENTRIES 8
|
||||
#endif
|
||||
|
||||
#define WOLFSSL_AIA_ENTRY_DEFINED
|
||||
typedef struct WOLFSSL_AIA_ENTRY {
|
||||
word32 method; /* AIA method OID sum (e.g., AIA_OCSP_OID). */
|
||||
const byte* uri; /* Pointer into cert DER for the URI. */
|
||||
word32 uriSz; /* Length of URI data. */
|
||||
} WOLFSSL_AIA_ENTRY;
|
||||
#endif /* WOLFSSL_AIA_ENTRY_DEFINED */
|
||||
|
||||
#ifdef WC_ASN_UNKNOWN_EXT_CB
|
||||
typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit,
|
||||
const unsigned char* der, word32 derSz);
|
||||
@@ -2060,6 +2073,10 @@ struct DecodedCert {
|
||||
WC_BITFIELD extAltSigAlgCrit:1;
|
||||
WC_BITFIELD extAltSigValCrit:1;
|
||||
#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
||||
|
||||
WOLFSSL_AIA_ENTRY extAuthInfoList[WOLFSSL_MAX_AIA_ENTRIES];
|
||||
WC_BITFIELD extAuthInfoListSz:7;
|
||||
WC_BITFIELD extAuthInfoListOverflow:1;
|
||||
};
|
||||
|
||||
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
|
||||
@@ -2209,6 +2226,8 @@ typedef enum MimeStatus
|
||||
#define GetShortInt wc_GetShortInt
|
||||
#define SetShortInt wc_SetShortInt
|
||||
#define GetLength wc_GetLength
|
||||
#define SetLength wc_SetLength
|
||||
#define SetSequence wc_SetSequence
|
||||
#define GetASNInt wc_GetASNInt
|
||||
#define GetASNTag wc_GetASNTag
|
||||
#define SetAlgoID wc_SetAlgoID
|
||||
@@ -2468,11 +2487,11 @@ WOLFSSL_LOCAL word32 SetASNImplicit(byte tag,byte number, word32 len,
|
||||
WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
|
||||
|
||||
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
|
||||
WOLFSSL_ASN_API word32 SetLength(word32 length, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef);
|
||||
WOLFSSL_LOCAL word32 SetHeader(byte tag, word32 len, byte* output,
|
||||
byte isIndef);
|
||||
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
|
||||
WOLFSSL_ASN_API word32 SetSequence(word32 len, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef);
|
||||
WOLFSSL_LOCAL word32 SetIndefEnd(byte* output);
|
||||
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
|
||||
|
||||
@@ -122,7 +122,11 @@ typedef word32 cpuid_flags_t;
|
||||
* accurate.
|
||||
*/
|
||||
static WC_INLINE int cpuid_get_flags_atomic(cpuid_flags_atomic_t *flags) {
|
||||
#ifdef WOLFSSL_BSDKM
|
||||
if (WOLFSSL_ATOMIC_LOAD_UINT(*flags) == WC_CPUID_INITIALIZER) {
|
||||
#else
|
||||
if (WOLFSSL_ATOMIC_LOAD(*flags) == WC_CPUID_INITIALIZER) {
|
||||
#endif /* WOLFSSL_BSDKM */
|
||||
cpuid_flags_t old_cpuid_flags = WC_CPUID_INITIALIZER;
|
||||
return wolfSSL_Atomic_Uint_CompareExchange
|
||||
(flags, &old_cpuid_flags, cpuid_get_flags());
|
||||
|
||||
@@ -376,6 +376,13 @@ typedef struct wc_CryptoInfo {
|
||||
const byte* in;
|
||||
word32 sz;
|
||||
} des3;
|
||||
#endif
|
||||
#if !defined(NO_AES) && defined(WOLF_CRYPTO_CB_AES_SETKEY)
|
||||
struct {
|
||||
Aes* aes;
|
||||
const byte* key;
|
||||
word32 keySz;
|
||||
} aessetkey;
|
||||
#endif
|
||||
void* ctx;
|
||||
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
|
||||
@@ -678,6 +685,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out,
|
||||
WOLFSSL_LOCAL int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
|
||||
const byte* in, word32 sz);
|
||||
#endif /* HAVE_AES_ECB */
|
||||
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
|
||||
WOLFSSL_API int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz);
|
||||
#endif /* WOLF_CRYPTO_CB_AES_SETKEY */
|
||||
#endif /* !NO_AES */
|
||||
|
||||
#ifndef NO_DES3
|
||||
|
||||
+562
-1
@@ -34,6 +34,7 @@ extern "C" {
|
||||
|
||||
|
||||
#define CK_INVALID_HANDLE 0UL
|
||||
#define CK_UNAVAILABLE_INFORMATION (~0UL)
|
||||
|
||||
#define CKN_SURRENDER 0UL
|
||||
|
||||
@@ -184,6 +185,7 @@ extern "C" {
|
||||
#define CKR_OK 0x00000000UL
|
||||
#define CKR_MECHANISM_INVALID 0x00000070UL
|
||||
#define CKR_SIGNATURE_INVALID 0x000000C0UL
|
||||
#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL
|
||||
|
||||
#define CKD_NULL 0x00000001UL
|
||||
#define CKZ_DATA_SPECIFIED 0x00000001UL
|
||||
@@ -384,15 +386,47 @@ typedef struct CK_RSA_PKCS_OAEP_PARAMS {
|
||||
} CK_RSA_PKCS_OAEP_PARAMS;
|
||||
typedef CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR;
|
||||
|
||||
typedef struct CK_ASYNC_DATA {
|
||||
CK_ULONG ulVersion;
|
||||
CK_BYTE_PTR pValue;
|
||||
CK_ULONG ulValueLen;
|
||||
CK_OBJECT_HANDLE hObject;
|
||||
CK_OBJECT_HANDLE hAdditionalObject;
|
||||
} CK_ASYNC_DATA;
|
||||
typedef CK_ASYNC_DATA* CK_ASYNC_DATA_PTR;
|
||||
|
||||
/* Function list types. */
|
||||
typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
|
||||
typedef struct CK_FUNCTION_LIST_3_0 CK_FUNCTION_LIST_3_0;
|
||||
typedef struct CK_FUNCTION_LIST_3_2 CK_FUNCTION_LIST_3_2;
|
||||
|
||||
typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR;
|
||||
typedef CK_FUNCTION_LIST_3_0* CK_FUNCTION_LIST_3_0_PTR;
|
||||
typedef CK_FUNCTION_LIST_3_2* CK_FUNCTION_LIST_3_2_PTR;
|
||||
|
||||
typedef CK_FUNCTION_LIST_PTR* CK_FUNCTION_LIST_PTR_PTR;
|
||||
typedef CK_FUNCTION_LIST_3_0_PTR* CK_FUNCTION_LIST_3_0_PTR_PTR;
|
||||
typedef CK_FUNCTION_LIST_3_2_PTR* CK_FUNCTION_LIST_3_2_PTR_PTR;
|
||||
|
||||
typedef CK_RV (*CK_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
|
||||
|
||||
#ifdef HAVE_PKCS11_STATIC
|
||||
typedef struct CK_INTERFACE {
|
||||
CK_UTF8CHAR_PTR pInterfaceName;
|
||||
CK_VOID_PTR pFunctionList;
|
||||
CK_FLAGS flags;
|
||||
} CK_INTERFACE;
|
||||
|
||||
typedef CK_INTERFACE* CK_INTERFACE_PTR;
|
||||
typedef CK_INTERFACE_PTR* CK_INTERFACE_PTR_PTR;
|
||||
|
||||
typedef CK_RV (*CK_C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName,
|
||||
CK_VERSION_PTR pVersion, CK_INTERFACE_PTR_PTR ppInterface, CK_FLAGS flags);
|
||||
|
||||
#if defined(HAVE_PKCS11_STATIC)
|
||||
CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
|
||||
#elif defined(HAVE_PKCS11_V3_STATIC)
|
||||
CK_RV C_GetInterface(CK_UTF8CHAR_PTR pInterfaceName, CK_VERSION_PTR pVersion,
|
||||
CK_INTERFACE_PTR_PTR ppInterface, CK_FLAGS flags);
|
||||
#endif
|
||||
|
||||
struct CK_FUNCTION_LIST {
|
||||
@@ -578,6 +612,533 @@ struct CK_FUNCTION_LIST {
|
||||
|
||||
};
|
||||
|
||||
struct CK_FUNCTION_LIST_3_0 {
|
||||
CK_VERSION version;
|
||||
|
||||
CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs);
|
||||
CK_RV (*C_Finalize)(CK_VOID_PTR pReserved);
|
||||
CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
|
||||
CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
|
||||
CK_ULONG_PTR pulCount);
|
||||
CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID,
|
||||
CK_MECHANISM_TYPE_PTR pMechanismList,
|
||||
CK_ULONG_PTR pulCount);
|
||||
CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
|
||||
CK_MECHANISM_INFO_PTR pInfo);
|
||||
CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin,
|
||||
CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel);
|
||||
CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin,
|
||||
CK_ULONG ulPinLen);
|
||||
CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
|
||||
CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin,
|
||||
CK_ULONG ulNewLen);
|
||||
CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags,
|
||||
CK_VOID_PTR pApplication, CK_NOTIFY Notify,
|
||||
CK_SESSION_HANDLE_PTR phSession);
|
||||
CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID);
|
||||
CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession,
|
||||
CK_SESSION_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pOperationState,
|
||||
CK_ULONG_PTR pulOperationStateLen);
|
||||
CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pOperationState,
|
||||
CK_ULONG ulOperationStateLen,
|
||||
CK_OBJECT_HANDLE hEncryptionKey,
|
||||
CK_OBJECT_HANDLE hAuthenticationKey);
|
||||
CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
|
||||
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
|
||||
CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phObject);
|
||||
CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phNewObject);
|
||||
CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject);
|
||||
CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize);
|
||||
CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE_PTR phObject,
|
||||
CK_ULONG ulMaxObjectCount,
|
||||
CK_ULONG_PTR pulObjectCount);
|
||||
CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
|
||||
CK_ULONG_PTR pulEncryptedDataLen);
|
||||
CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG_PTR pulEncryptedPartLen);
|
||||
CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pLastEncryptedPart,
|
||||
CK_ULONG_PTR pulLastEncryptedPartLen);
|
||||
CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
|
||||
CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG_PTR pulDataLen);
|
||||
CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
|
||||
CK_ULONG_PTR pulPartLen);
|
||||
CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
|
||||
CK_ULONG_PTR pulLastPartLen);
|
||||
CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism);
|
||||
CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
|
||||
CK_ULONG_PTR pulDigestLen);
|
||||
CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
|
||||
CK_ULONG_PTR pulDigestLen);
|
||||
CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
|
||||
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
|
||||
CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG_PTR pulEncryptedPartLen);
|
||||
CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG ulEncryptedPartLen,
|
||||
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
|
||||
CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG_PTR pulEncryptedPartLen);
|
||||
CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG ulEncryptedPartLen,
|
||||
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
|
||||
CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phKey);
|
||||
CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
||||
CK_ULONG ulPublicKeyAttributeCount,
|
||||
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
|
||||
CK_ULONG ulPrivateKeyAttributeCount,
|
||||
CK_OBJECT_HANDLE_PTR phPublicKey,
|
||||
CK_OBJECT_HANDLE_PTR phPrivateKey);
|
||||
CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
|
||||
CK_BYTE_PTR pWrappedKey,
|
||||
CK_ULONG_PTR pulWrappedKeyLen);
|
||||
CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hUnwrappingKey,
|
||||
CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_OBJECT_HANDLE_PTR phKey);
|
||||
CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hBaseKey,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_OBJECT_HANDLE_PTR phKey);
|
||||
CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
|
||||
CK_ULONG ulSeedLen);
|
||||
CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen);
|
||||
CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
|
||||
CK_VOID_PTR pReserved);
|
||||
/* PKCS#11 V 3.0 functions */
|
||||
CK_RV (*C_GetInterfaceList)(CK_INTERFACE_PTR pInterfacesList,
|
||||
CK_ULONG_PTR pulCount);
|
||||
CK_RV (*C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName,
|
||||
CK_VERSION_PTR pVersion,
|
||||
CK_INTERFACE_PTR_PTR ppInterface,
|
||||
CK_FLAGS flags);
|
||||
CK_RV (*C_LoginUser)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
|
||||
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
|
||||
CK_UTF8CHAR_PTR pUsername, CK_ULONG ulUsernameLen);
|
||||
CK_RV (*C_SessionCancel)(CK_SESSION_HANDLE hSession, CK_FLAGS flags);
|
||||
CK_RV (*C_MessageEncryptInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_EncryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pPlaintext,
|
||||
CK_ULONG ulPlaintextLen, CK_BYTE_PTR pCiphertext,
|
||||
CK_ULONG_PTR pulCiphertextLen);
|
||||
CK_RV (*C_EncryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen);
|
||||
CK_RV (*C_EncryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pPlaintextPart,
|
||||
CK_ULONG ulPlaintextPartLen, CK_BYTE_PTR pCiphertextPart,
|
||||
CK_ULONG_PTR pulCiphertextPartLen, CK_FLAGS flags);
|
||||
CK_RV (*C_MessageEncryptFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_MessageDecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_DecryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pCiphertext,
|
||||
CK_ULONG ulCiphertextLen, CK_BYTE_PTR pPlaintext,
|
||||
CK_ULONG_PTR pulPlaintextLen);
|
||||
CK_RV (*C_DecryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen);
|
||||
CK_RV (*C_DecryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pCiphertextPart,
|
||||
CK_ULONG ulCiphertextPartLen, CK_BYTE_PTR pPlaintextPart,
|
||||
CK_ULONG_PTR pulPlaintextPartLen, CK_FLAGS flags);
|
||||
CK_RV (*C_MessageDecryptFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_MessageSignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_SignMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_SignMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen);
|
||||
CK_RV (*C_SignMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_MessageSignFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_MessageVerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_VerifyMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_VerifyMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen);
|
||||
CK_RV (*C_VerifyMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_MessageVerifyFinal)(CK_SESSION_HANDLE hSession);
|
||||
};
|
||||
|
||||
struct CK_FUNCTION_LIST_3_2 {
|
||||
CK_VERSION version;
|
||||
|
||||
CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs);
|
||||
CK_RV (*C_Finalize)(CK_VOID_PTR pReserved);
|
||||
CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
|
||||
CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
|
||||
CK_ULONG_PTR pulCount);
|
||||
CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID,
|
||||
CK_MECHANISM_TYPE_PTR pMechanismList,
|
||||
CK_ULONG_PTR pulCount);
|
||||
CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
|
||||
CK_MECHANISM_INFO_PTR pInfo);
|
||||
CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin,
|
||||
CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel);
|
||||
CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin,
|
||||
CK_ULONG ulPinLen);
|
||||
CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
|
||||
CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin,
|
||||
CK_ULONG ulNewLen);
|
||||
CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags,
|
||||
CK_VOID_PTR pApplication, CK_NOTIFY Notify,
|
||||
CK_SESSION_HANDLE_PTR phSession);
|
||||
CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID);
|
||||
CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession,
|
||||
CK_SESSION_INFO_PTR pInfo);
|
||||
CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pOperationState,
|
||||
CK_ULONG_PTR pulOperationStateLen);
|
||||
CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pOperationState,
|
||||
CK_ULONG ulOperationStateLen,
|
||||
CK_OBJECT_HANDLE hEncryptionKey,
|
||||
CK_OBJECT_HANDLE hAuthenticationKey);
|
||||
CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
|
||||
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
|
||||
CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phObject);
|
||||
CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phNewObject);
|
||||
CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject);
|
||||
CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize);
|
||||
CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE_PTR phObject,
|
||||
CK_ULONG ulMaxObjectCount,
|
||||
CK_ULONG_PTR pulObjectCount);
|
||||
CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
|
||||
CK_ULONG_PTR pulEncryptedDataLen);
|
||||
CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG_PTR pulEncryptedPartLen);
|
||||
CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pLastEncryptedPart,
|
||||
CK_ULONG_PTR pulLastEncryptedPartLen);
|
||||
CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
|
||||
CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG_PTR pulDataLen);
|
||||
CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
|
||||
CK_ULONG_PTR pulPartLen);
|
||||
CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
|
||||
CK_ULONG_PTR pulLastPartLen);
|
||||
CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism);
|
||||
CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
|
||||
CK_ULONG_PTR pulDigestLen);
|
||||
CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
|
||||
CK_ULONG_PTR pulDigestLen);
|
||||
CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
|
||||
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
|
||||
CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG_PTR pulEncryptedPartLen);
|
||||
CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG ulEncryptedPartLen,
|
||||
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
|
||||
CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG_PTR pulEncryptedPartLen);
|
||||
CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pEncryptedPart,
|
||||
CK_ULONG ulEncryptedPartLen,
|
||||
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
|
||||
CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phKey);
|
||||
CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
||||
CK_ULONG ulPublicKeyAttributeCount,
|
||||
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
|
||||
CK_ULONG ulPrivateKeyAttributeCount,
|
||||
CK_OBJECT_HANDLE_PTR phPublicKey,
|
||||
CK_OBJECT_HANDLE_PTR phPrivateKey);
|
||||
CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
|
||||
CK_BYTE_PTR pWrappedKey,
|
||||
CK_ULONG_PTR pulWrappedKeyLen);
|
||||
CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hUnwrappingKey,
|
||||
CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_OBJECT_HANDLE_PTR phKey);
|
||||
CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hBaseKey,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_OBJECT_HANDLE_PTR phKey);
|
||||
CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
|
||||
CK_ULONG ulSeedLen);
|
||||
CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen);
|
||||
CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
|
||||
CK_VOID_PTR pReserved);
|
||||
|
||||
/* PKCS#11 V 3.0 functions */
|
||||
CK_RV (*C_GetInterfaceList)(CK_INTERFACE_PTR pInterfacesList,
|
||||
CK_ULONG_PTR pulCount);
|
||||
CK_RV (*C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName,
|
||||
CK_VERSION_PTR pVersion,
|
||||
CK_INTERFACE_PTR_PTR ppInterface,
|
||||
CK_FLAGS flags);
|
||||
CK_RV (*C_LoginUser)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
|
||||
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
|
||||
CK_UTF8CHAR_PTR pUsername, CK_ULONG ulUsernameLen);
|
||||
CK_RV (*C_SessionCancel)(CK_SESSION_HANDLE hSession, CK_FLAGS flags);
|
||||
CK_RV (*C_MessageEncryptInit)(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_EncryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pPlaintext,
|
||||
CK_ULONG ulPlaintextLen, CK_BYTE_PTR pCiphertext,
|
||||
CK_ULONG_PTR pulCiphertextLen);
|
||||
CK_RV (*C_EncryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen);
|
||||
CK_RV (*C_EncryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pPlaintextPart,
|
||||
CK_ULONG ulPlaintextPartLen, CK_BYTE_PTR pCiphertextPart,
|
||||
CK_ULONG_PTR pulCiphertextPartLen, CK_FLAGS flags);
|
||||
CK_RV (*C_MessageEncryptFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_MessageDecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_DecryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pCiphertext,
|
||||
CK_ULONG ulCiphertextLen, CK_BYTE_PTR pPlaintext,
|
||||
CK_ULONG_PTR pulPlaintextLen);
|
||||
CK_RV (*C_DecryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
|
||||
CK_ULONG ulAssociatedDataLen);
|
||||
CK_RV (*C_DecryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pCiphertextPart,
|
||||
CK_ULONG ulCiphertextPartLen, CK_BYTE_PTR pPlaintextPart,
|
||||
CK_ULONG_PTR pulPlaintextPartLen, CK_FLAGS flags);
|
||||
CK_RV (*C_MessageDecryptFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_MessageSignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_SignMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_SignMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen);
|
||||
CK_RV (*C_SignMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG_PTR pulSignatureLen);
|
||||
CK_RV (*C_MessageSignFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_MessageVerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV (*C_VerifyMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_VerifyMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen);
|
||||
CK_RV (*C_VerifyMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
|
||||
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_MessageVerifyFinal)(CK_SESSION_HANDLE hSession);
|
||||
|
||||
/* PKCS#11 V 3.2 functions */
|
||||
CK_RV (*C_EncapsulateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hPublicKey, CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey,
|
||||
CK_BYTE_PTR pCiphertext, CK_ULONG_PTR pulCiphertextLen);
|
||||
CK_RV (*C_DecapsulateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hPrivateKey, CK_BYTE_PTR pCiphertext,
|
||||
CK_ULONG ulCiphertextLen, CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
|
||||
CK_RV (*C_VerifySignatureInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pSignature,
|
||||
CK_ULONG ulSignatureLen);
|
||||
CK_RV (*C_VerifySignature)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
|
||||
CK_ULONG ulDataLen);
|
||||
CK_RV (*C_VerifySignatureUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV (*C_VerifySignatureFinal)(CK_SESSION_HANDLE hSession);
|
||||
CK_RV (*C_GetSessionValidationFlags)(CK_SESSION_HANDLE hSession, CK_ULONG type,
|
||||
CK_FLAGS * pFlags);
|
||||
CK_RV (*C_AsyncComplete)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName,
|
||||
CK_ASYNC_DATA_PTR pResult);
|
||||
CK_RV (*C_AsyncGetID)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName,
|
||||
CK_ULONG_PTR pulID);
|
||||
CK_RV (*C_AsyncJoin)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName,
|
||||
CK_ULONG ulID, CK_BYTE_PTR pData, CK_ULONG ulData);
|
||||
};
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -229,6 +229,14 @@ typedef int (*CallbackRsaSignRawDigest)(wc_PKCS7* pkcs7, byte* digest,
|
||||
int devId, int hashOID);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC)
|
||||
/* ECC sign raw digest callback, user signs hash directly */
|
||||
typedef int (*CallbackEccSignRawDigest)(wc_PKCS7* pkcs7, byte* digest,
|
||||
word32 digestSz, byte* out, word32 outSz,
|
||||
byte* privateKey, word32 privateKeySz,
|
||||
int devId, int hashOID);
|
||||
#endif
|
||||
|
||||
|
||||
/* Public Structure Warning:
|
||||
* Existing members must not be changed to maintain backwards compatibility!
|
||||
@@ -376,6 +384,10 @@ struct wc_PKCS7 {
|
||||
|
||||
CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb;
|
||||
|
||||
#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC)
|
||||
CallbackEccSignRawDigest eccSignRawDigestCb;
|
||||
#endif
|
||||
|
||||
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
|
||||
};
|
||||
|
||||
@@ -511,6 +523,11 @@ WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
|
||||
CallbackRsaSignRawDigest cb);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC)
|
||||
WOLFSSL_API int wc_PKCS7_SetEccSignRawDigestCb(wc_PKCS7* pkcs7,
|
||||
CallbackEccSignRawDigest cb);
|
||||
#endif
|
||||
|
||||
/* CMS/PKCS#7 EnvelopedData */
|
||||
WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7,
|
||||
byte* output, word32 outputSz);
|
||||
|
||||
@@ -4990,6 +4990,10 @@ extern void uITRON4_free(void *p) ;
|
||||
#error "If TLS is enabled please make sure either client or server is enabled."
|
||||
#endif
|
||||
|
||||
#if defined(WC_RNG_BANK_SUPPORT) && defined(NO_ASN_TIME)
|
||||
#undef WC_RNG_BANK_SUPPORT
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
@@ -37,13 +37,21 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
enum Pkcs11InterfaceVersionType {
|
||||
WC_PCKS11VERSION_2_20,
|
||||
WC_PCKS11VERSION_2_40,
|
||||
WC_PCKS11VERSION_3_0,
|
||||
WC_PCKS11VERSION_3_1,
|
||||
WC_PCKS11VERSION_3_2,
|
||||
};
|
||||
|
||||
typedef struct Pkcs11Dev {
|
||||
#ifndef HAVE_PKCS11_STATIC
|
||||
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
|
||||
void* dlHandle; /* Handle to library */
|
||||
#endif
|
||||
CK_FUNCTION_LIST* func; /* Array of functions */
|
||||
void* heap;
|
||||
int version; /* Pkcs11InterfaceVersionType */
|
||||
} Pkcs11Dev;
|
||||
|
||||
typedef struct Pkcs11Token {
|
||||
@@ -53,12 +61,14 @@ typedef struct Pkcs11Token {
|
||||
CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */
|
||||
CK_ULONG userPinSz; /* Size of user's PIN in bytes */
|
||||
byte userPinLogin:1; /* Login with User's PIN */
|
||||
int version; /* Pkcs11InterfaceVersionType */
|
||||
} Pkcs11Token;
|
||||
|
||||
typedef struct Pkcs11Session {
|
||||
CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
|
||||
CK_SLOT_ID slotId; /* Id of slot to use */
|
||||
CK_SESSION_HANDLE handle; /* Handle to active session */
|
||||
int version; /* Pkcs11InterfaceVersionType */
|
||||
} Pkcs11Session;
|
||||
|
||||
/* Types of keys that can be stored. */
|
||||
@@ -74,6 +84,8 @@ WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
|
||||
void* heap);
|
||||
WOLFSSL_API int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library,
|
||||
void* heap, CK_RV* rvp);
|
||||
WOLFSSL_API int wc_Pkcs11_Initialize_v3(Pkcs11Dev* dev, const char* library,
|
||||
void* heap, int* version, const char* interfaceName, CK_RV* rvp);
|
||||
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
|
||||
|
||||
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,
|
||||
|
||||
@@ -6,6 +6,10 @@ all:
|
||||
test:
|
||||
+$(MAKE) -C wolfssl-wolfcrypt test
|
||||
|
||||
.PHONY: testfips
|
||||
testfips:
|
||||
+$(MAKE) -C wolfssl-wolfcrypt testfips
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
+$(MAKE) -C wolfssl-wolfcrypt clean
|
||||
|
||||
@@ -6,7 +6,11 @@ all:
|
||||
|
||||
.PHONY: test
|
||||
test:
|
||||
cargo test
|
||||
cargo test -- --test-threads=1
|
||||
|
||||
.PHONY: testfips
|
||||
testfips:
|
||||
cargo test --lib --bins --tests -- --test-threads=1
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
|
||||
@@ -19,6 +19,7 @@ fn main() {
|
||||
/// Returns `Ok(())` if successful, or an error if any step fails.
|
||||
fn run_build() -> Result<()> {
|
||||
generate_bindings()?;
|
||||
generate_fips_aliases()?;
|
||||
setup_wolfssl_link()?;
|
||||
scan_cfg()?;
|
||||
Ok(())
|
||||
@@ -64,6 +65,79 @@ fn generate_bindings() -> Result<()> {
|
||||
})
|
||||
}
|
||||
|
||||
/// Generate FIPS symbol aliases.
|
||||
///
|
||||
/// Since Rust can't use fips.h's #defines which map the "regular" wc function
|
||||
/// name to the _fips variant, and since bindgen has only seen the _fips
|
||||
/// variant, we will generate aliases that allow the non-_fips variant function
|
||||
/// name to be called without the _fips prefix by Rust sources in a manner
|
||||
/// similar to which C sources would be able to call the non-_fips variant
|
||||
/// function name.
|
||||
///
|
||||
/// Returns `Ok(())` if successful, or an error if generation fails.
|
||||
fn generate_fips_aliases() -> Result<()> {
|
||||
let binding = read_file(bindings_path())?;
|
||||
let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
|
||||
let aliases_path = out_dir.join("fips_aliases.rs");
|
||||
|
||||
let mut aliases = String::new();
|
||||
|
||||
// Find all _fips symbol names
|
||||
let fips_sym_re = Regex::new(r"pub fn (wc_\w+)_fips\s*\(").unwrap();
|
||||
|
||||
for cap in fips_sym_re.captures_iter(&binding) {
|
||||
let mut base_name = &cap[1];
|
||||
let fips_name = format!("{}_fips", base_name);
|
||||
|
||||
// Exception mappings: (standard_name, fips_name)
|
||||
// For cases where FIPS name doesn't follow the simple <name>_fips pattern
|
||||
let exceptions: &[(&str, &str)] = &[
|
||||
// _ex suffix changed to Ex before _fips
|
||||
("wc_InitRsaKey_ex", "wc_InitRsaKeyEx_fips"),
|
||||
("wc_RsaPublicEncrypt_ex", "wc_RsaPublicEncryptEx_fips"),
|
||||
("wc_RsaPrivateDecryptInline_ex", "wc_RsaPrivateDecryptInlineEx_fips"),
|
||||
("wc_RsaPrivateDecrypt_ex", "wc_RsaPrivateDecryptEx_fips"),
|
||||
("wc_RsaPSS_Sign_ex", "wc_RsaPSS_SignEx_fips"),
|
||||
("wc_RsaPSS_VerifyInline_ex", "wc_RsaPSS_VerifyInlineEx_fips"),
|
||||
("wc_RsaPSS_Verify_ex", "wc_RsaPSS_VerifyEx_fips"),
|
||||
("wc_RsaPSS_CheckPadding_ex", "wc_RsaPSS_CheckPaddingEx_fips"),
|
||||
("wc_DhSetKey_ex", "wc_DhSetKeyEx_fips"),
|
||||
("wc_DhCheckPubKey_ex", "wc_DhCheckPubKeyEx_fips"),
|
||||
("wc_DhCheckPrivKey_ex", "wc_DhCheckPrivKeyEx_fips"),
|
||||
|
||||
// Name change
|
||||
("wc_PRF_TLS", "wc_PRF_TLSv12_fips"),
|
||||
];
|
||||
|
||||
// Handle exceptions
|
||||
for (exc_base_name, exc_fips_name) in exceptions {
|
||||
if fips_name == *exc_fips_name {
|
||||
base_name = exc_base_name;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Check if the non-_fips version exists in bindings
|
||||
let non_fips_pattern = format!(r"pub fn {}\s*\(", regex::escape(base_name));
|
||||
let non_fips_re = Regex::new(&non_fips_pattern).unwrap();
|
||||
|
||||
if non_fips_re.is_match(&binding) {
|
||||
// Add any new known names defined with both a _fips suffix and not
|
||||
// here. Warn if any new ones are discovered.
|
||||
if base_name != "wc_AesGcmEncrypt" {
|
||||
println!("cargo:warning=Skipping FIPS symbols alias for {}", base_name);
|
||||
}
|
||||
} else {
|
||||
// Only alias if the base name doesn't already exist
|
||||
aliases.push_str(&format!("pub use {} as {};\n", fips_name, base_name));
|
||||
}
|
||||
}
|
||||
|
||||
fs::write(&aliases_path, aliases)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Instruct cargo to link against wolfssl C library
|
||||
///
|
||||
/// Returns `Ok(())` if successful, or an error if any step fails.
|
||||
@@ -93,7 +167,7 @@ fn read_file(path: String) -> Result<String> {
|
||||
}
|
||||
|
||||
fn check_cfg(binding: &str, function_name: &str, cfg_name: &str) {
|
||||
let pattern = format!(r"\b{}\b", function_name);
|
||||
let pattern = format!(r"\b{}(_fips)?\b", function_name);
|
||||
let re = match Regex::new(&pattern) {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
@@ -181,6 +255,9 @@ fn scan_cfg() -> Result<()> {
|
||||
check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify");
|
||||
check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify");
|
||||
|
||||
/* fips */
|
||||
check_cfg(&binding, "wc_SetSeed_Cb_fips", "fips");
|
||||
|
||||
/* hkdf */
|
||||
check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf");
|
||||
|
||||
@@ -213,6 +290,8 @@ fn scan_cfg() -> Result<()> {
|
||||
check_cfg(&binding, "wc_InitSha256", "sha256");
|
||||
check_cfg(&binding, "wc_InitSha384", "sha384");
|
||||
check_cfg(&binding, "wc_InitSha512", "sha512");
|
||||
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_224", "sha512_224");
|
||||
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_256", "sha512_256");
|
||||
check_cfg(&binding, "wc_InitSha3_224", "sha3");
|
||||
check_cfg(&binding, "wc_InitShake128", "shake128");
|
||||
check_cfg(&binding, "wc_InitShake256", "shake256");
|
||||
|
||||
@@ -711,7 +711,7 @@ impl ECC {
|
||||
}
|
||||
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
|
||||
let priv_size = priv_buf.len() as u32;
|
||||
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_size = pub_buf.len() as u32;
|
||||
let rc = unsafe {
|
||||
sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size,
|
||||
@@ -785,7 +785,7 @@ impl ECC {
|
||||
}
|
||||
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
|
||||
let priv_size = priv_buf.len() as u32;
|
||||
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_size = pub_buf.len() as u32;
|
||||
let rc = unsafe {
|
||||
sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size,
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
#![cfg(fips)]
|
||||
|
||||
use crate::sys;
|
||||
|
||||
/// Enables or disables the ability to read private key data in FIPS mode.
|
||||
///
|
||||
/// In FIPS mode, private keys are protected and cannot be read by default.
|
||||
/// This function allows temporarily enabling private key reads for operations
|
||||
/// that require access to the raw key material, such as key export or backup.
|
||||
///
|
||||
/// # Arguments
|
||||
///
|
||||
/// * `enabled` - Set to `1` to enable private key reads, or `0` to disable.
|
||||
///
|
||||
/// # Returns
|
||||
///
|
||||
/// * `Ok(())` - The operation succeeded.
|
||||
/// * `Err(i32)` - The operation failed, returning the wolfSSL error code.
|
||||
///
|
||||
/// # Note
|
||||
///
|
||||
/// This function applies to all key types (`WC_KEYTYPE_ALL`). Private key
|
||||
/// reading should be disabled again after the required operation is complete
|
||||
/// to maintain FIPS compliance.
|
||||
pub fn set_private_key_read_enable(enabled: i32) -> Result<(), i32> {
|
||||
let rc = unsafe {
|
||||
sys::wolfCrypt_SetPrivateKeyReadEnable_fips(enabled, sys::wc_KeyType_WC_KEYTYPE_ALL)
|
||||
};
|
||||
if rc != 0 {
|
||||
Err(rc)
|
||||
} else {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user