From 85776f00699629186ffda92e68e8824d2246a7c9 Mon Sep 17 00:00:00 2001 From: Satoshi Yamaguchi Date: Wed, 31 Aug 2022 23:52:52 +0900 Subject: [PATCH] Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API --- tests/api.c | 31 +++++++++++++++++++++++++++ wolfcrypt/src/evp.c | 50 +++++++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/evp.h | 7 ++++++ wolfssl/ssl.h | 6 ++++++ 4 files changed, 94 insertions(+) diff --git a/tests/api.c b/tests/api.c index 5bec3d5bc..88c61d5ad 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32935,6 +32935,36 @@ static int test_wolfSSL_EVP_PKEY_new_mac_key(void) return 0; } + + +static int test_wolfSSL_EVP_PKEY_new_CMAC_key(void) +{ +#ifdef OPENSSL_EXTRA +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + + const char *priv = "ABCDEFGHIJKLMNOP"; + int len = strlen(priv); + const WOLFSSL_EVP_CIPHER* cipher = EVP_aes_128_cbc(); + WOLFSSL_EVP_PKEY* key = NULL; + printf(testingFmt, "wolfSSL_EVP_PKEY_new_CMAC_key()"); + + AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, NULL, len, cipher)); + AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, (const unsigned char *)priv, 0, cipher)); + AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, (const unsigned char *)priv, len, NULL)); + + AssertNotNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, (const unsigned char *)priv, len, cipher)); + + printf(resultFmt, passed); +#endif /* defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) */ +#endif /* OPENSSL_EXTRA */ + + return 0; +} + static int test_wolfSSL_EVP_Digest(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) @@ -57566,6 +57596,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_EVP_Digest), TEST_DECL(test_wolfSSL_EVP_Digest_all), TEST_DECL(test_wolfSSL_EVP_PKEY_new_mac_key), + TEST_DECL(test_wolfSSL_EVP_PKEY_new_CMAC_key), TEST_DECL(test_wolfSSL_EVP_MD_hmac_signing), TEST_DECL(test_wolfSSL_EVP_MD_rsa_signing), TEST_DECL(test_wolfSSL_EVP_MD_ecc_signing), diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 818dacac8..40d20418d 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -3397,6 +3397,56 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e, } +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) +WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e, + const unsigned char* priv, size_t len, const WOLFSSL_EVP_CIPHER *cipher) +{ + WOLFSSL_EVP_PKEY* pkey; + WOLFSSL_CMAC_CTX* ctx; + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_CMAC_key"); + + if (priv == NULL || len == 0 || cipher == NULL) { + WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", BAD_FUNC_ARG); + return NULL; + } + + ctx = wolfSSL_CMAC_CTX_new(); + if (ctx == NULL) { + WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0); + return NULL; + } + + ret = wolfSSL_CMAC_Init(ctx, priv, len, cipher, e); + if (ret == WOLFSSL_FAILURE) { + WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0); + return NULL; + } + + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey != NULL) { + pkey->pkey.ptr = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL && len > 0) { + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_CMAC_CTX_free(ctx); + } + else { + if (len) { + XMEMCPY(pkey->pkey.ptr, priv, len); + } + pkey->pkey_sz = len; + pkey->type = pkey->save_type = EVP_PKEY_CMAC; + pkey->cmacCtx = ctx; + } + } + + WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0); + return pkey; +} +#endif /* defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) */ + const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey, size_t* len) { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index c6cab8496..233f46c84 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -265,6 +265,7 @@ enum { NID_cast5_ofb64 = 111, EVP_PKEY_DH = NID_dhKeyAgreement, EVP_PKEY_HMAC = NID_hmac, + EVP_PKEY_CMAC = NID_cmac, EVP_PKEY_HKDF = NID_hkdf, EVP_PKEY_FALCON = 300, /* Randomly picked value. */ EVP_PKEY_DILITHIUM= 301, /* Randomly picked value. */ @@ -776,6 +777,11 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, /* EVP ENGINE API's */ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e, const unsigned char* key, int keylen); + +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e, + const unsigned char* priv, size_t len, + const WOLFSSL_EVP_CIPHER* cipher); + WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type, WOLFSSL_ENGINE *impl); @@ -992,6 +998,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_PKEY_get0_EC_KEY wolfSSL_EVP_PKEY_get0_EC_KEY #define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac #define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key +#define EVP_PKEY_new_CMAC_key wolfSSL_EVP_PKEY_new_CMAC_key #define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy #define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex #define EVP_PKEY_sign_init wolfSSL_EVP_PKEY_sign_init diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2601feb86..efac56042 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -89,6 +89,9 @@ #ifndef WOLFCRYPT_ONLY #include #endif + #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + #include + #endif /* We need the old SSL names */ #ifdef NO_OLD_SSL_NAMES @@ -411,6 +414,9 @@ struct WOLFSSL_EVP_PKEY { word32 hkdfInfoSz; int hkdfMode; #endif + #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + WOLFSSL_CMAC_CTX* cmacCtx; + #endif #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef HAVE_ECC int pkey_curve;