diff --git a/tests/api.c b/tests/api.c index ca91439ab1..e1c19fc653 100644 --- a/tests/api.c +++ b/tests/api.c @@ -16192,6 +16192,7 @@ static void test_wc_PKCS7_Degenerate(void) static int test_wc_SignatureGetSize_ecc(void) { int ret = 0; + #ifndef NO_SIG_WRAPPER #if defined(HAVE_ECC) && !defined(NO_ECC256) enum wc_SignatureType sig_type; word32 key_len; @@ -16248,6 +16249,7 @@ static int test_wc_SignatureGetSize_ecc(void) } printf(resultFmt, ret == 0 ? passed : failed); + #endif /* NO_SIG_WRAPPER */ return ret; }/* END test_wc_SignatureGetSize_ecc() */ @@ -16255,6 +16257,7 @@ static int test_wc_SignatureGetSize_ecc(void) static int test_wc_SignatureGetSize_rsa(void) { int ret = 0; + #ifndef NO_SIG_WRAPPER #ifndef NO_RSA enum wc_SignatureType sig_type; word32 key_len; @@ -16351,6 +16354,7 @@ static int test_wc_SignatureGetSize_rsa(void) } printf(resultFmt, ret == 0 ? passed : failed); + #endif /* NO_SIG_WRAPPER */ return ret; }/* END test_wc_SignatureGetSize_rsa(void) */ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index a2162568b9..ed1959e5e1 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4189,7 +4189,6 @@ void bench_rsa(int doAsync) goto exit_bench_rsa; #endif -#ifndef WOLFSSL_RSA_PUBLIC_ONLY /* decode the private key */ idx = 0; if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey[i], @@ -4197,35 +4196,6 @@ void bench_rsa(int doAsync) printf("wc_RsaPrivateKeyDecode failed! %d\n", ret); goto exit_bench_rsa; } -#else - #ifdef USE_CERT_BUFFERS_2048 - ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[12], 256); - if (ret != 0) { - printf("Setting modulus failed! %d\n", ret); - goto exit_bench_rsa; - } - ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT); - if (ret != 0) { - printf("Setting public exponent failed! %d\n", ret); - goto exit_bench_rsa; - } - #elif defined(USE_CERT_BUFFERS_3072) - ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[12], 384); - if (ret != 0) { - printf("Setting modulus failed! %d\n", ret); - goto exit_bench_rsa; - } - ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT); - if (ret != 0) { - printf("Setting public exponent failed! %d\n", ret); - goto exit_bench_rsa; - } - #else - #error Not supported yet! - #endif - (void)idx; - (void)bytes; -#endif } bench_rsa_helper(doAsync, rsaKey, rsaKeySz); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 254e404e07..122987de49 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -784,7 +784,8 @@ int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx) return 0; } -#if !defined(WOLFSSL_KEY_GEN) && !defined(OPENSSL_EXTRA) && defined(RSA_LOW_MEM) +#if (!defined(WOLFSSL_KEY_GEN) && !defined(OPENSSL_EXTRA) && defined(RSA_LOW_MEM)) \ + || defined(WOLFSSL_RSA_PUBLIC_ONLY) #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx) { @@ -2241,10 +2242,19 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, if (GetInt(&key->n, input, inOutIdx, inSz) < 0 || GetInt(&key->e, input, inOutIdx, inSz) < 0 || +#ifndef WOLFSSL_RSA_PUBLIC_ONLY GetInt(&key->d, input, inOutIdx, inSz) < 0 || GetInt(&key->p, input, inOutIdx, inSz) < 0 || - GetInt(&key->q, input, inOutIdx, inSz) < 0) return ASN_RSA_KEY_E; -#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + GetInt(&key->q, input, inOutIdx, inSz) < 0) +#else + SkipInt(input, inOutIdx, inSz) < 0 || + SkipInt(input, inOutIdx, inSz) < 0 || + SkipInt(input, inOutIdx, inSz) < 0 ) + +#endif + return ASN_RSA_KEY_E; +#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) \ + && !defined(WOLFSSL_RSA_PUBLIC_ONLY) if (GetInt(&key->dP, input, inOutIdx, inSz) < 0 || GetInt(&key->dQ, input, inOutIdx, inSz) < 0 || GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index f297890e19..3a8abf2b3d 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -696,6 +696,7 @@ static int RsaMGF(int type, byte* seed, word32 seedSz, byte* out, /* Padding */ +#ifndef WOLFSSL_RSA_VERIFY_ONLY #ifndef WC_NO_RNG #ifndef WC_NO_RSA_OAEP static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, @@ -993,6 +994,7 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; } #else + (void)rng; return RSA_WRONG_TYPE_E; #endif } @@ -1004,7 +1006,6 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, } #endif /* !WC_NO_RNG */ -#ifndef WOLFSSL_RSA_VERIFY_ONLY /* helper function to direct which padding is used */ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType, @@ -1079,6 +1080,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, return ret; } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ /* UnPadding */ @@ -1166,7 +1168,6 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, return pkcsBlockLen - idx; } #endif /* WC_NO_RSA_OAEP */ -#endif #ifdef WC_RSA_PSS /* 0x00 .. 0x00 0x01 | Salt | Gen Hash | 0xbc @@ -1251,7 +1252,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte **output, byte padValue) { - int ret; + int ret = BAD_FUNC_ARG; word32 i; #ifndef WOLFSSL_RSA_VERIFY_ONLY byte invalid = 0; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 65785be574..f8824026c2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9024,7 +9024,7 @@ int certext_test(void) } #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */ -#ifndef NO_ASN +#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_VERIFY_ONLY) static int rsa_flatten_test(RsaKey* key) { int ret; @@ -9118,7 +9118,8 @@ static int rsa_flatten_test(RsaKey* key) } #endif /* NO_ASN */ -#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ + && !defined(WOLFSSL_RSA_VERIFY_ONLY) static int rsa_export_key_test(RsaKey* key) { int ret; @@ -10129,6 +10130,7 @@ int rsa_no_pad_test(void) #endif /* test encrypt and decrypt using WC_RSA_NO_PAD */ +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -10141,7 +10143,9 @@ int rsa_no_pad_test(void) if (ret < 0) { ERROR_OUT(-6912, exit_rsa_nopadding); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ +#ifndef WOLFSSL_RSA_PUBLIC_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -10158,6 +10162,7 @@ int rsa_no_pad_test(void) if (XMEMCMP(plain, tmp, inLen) != 0) { ERROR_OUT(-6914, exit_rsa_nopadding); } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ /* test some bad arguments */ ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, -1, @@ -11063,6 +11068,7 @@ int rsa_test(void) #ifndef NO_SHA XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11075,8 +11081,10 @@ int rsa_test(void) if (ret < 0) { ERROR_OUT(-7016, exit_rsa); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11093,10 +11101,12 @@ int rsa_test(void) if (XMEMCMP(plain, in, inLen)) { ERROR_OUT(-7018, exit_rsa); } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ #endif /* NO_SHA */ #ifndef NO_SHA256 XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11109,8 +11119,10 @@ int rsa_test(void) if (ret < 0) { ERROR_OUT(-7019, exit_rsa); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11127,7 +11139,9 @@ int rsa_test(void) if (XMEMCMP(plain, in, inLen)) { ERROR_OUT(-7021, exit_rsa); } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ +#ifndef WOLFSSL_RSA_PUBLIC_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11146,9 +11160,11 @@ int rsa_test(void) if (XMEMCMP(res, in, inLen)) { ERROR_OUT(-7024, exit_rsa); } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ /* check fails if not using the same optional label */ XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11161,9 +11177,10 @@ int rsa_test(void) if (ret < 0) { ERROR_OUT(-7025, exit_rsa); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ -#ifndef HAVE_CAVIUM +#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) idx = (word32)ret; do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -11182,6 +11199,7 @@ int rsa_test(void) /* check using optional label with encrypt/decrypt */ XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11194,8 +11212,10 @@ int rsa_test(void) if (ret < 0) { ERROR_OUT(-7027, exit_rsa); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11212,10 +11232,12 @@ int rsa_test(void) if (XMEMCMP(plain, in, inLen)) { ERROR_OUT(-7029, exit_rsa); } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ #ifndef NO_SHA /* check fail using mismatch hash algorithms */ XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11228,9 +11250,10 @@ int rsa_test(void) if (ret < 0) { ERROR_OUT(-7030, exit_rsa); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ -#ifndef HAVE_CAVIUM +#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) idx = (word32)ret; do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -11257,6 +11280,7 @@ int rsa_test(void) BAD_FUNC_ARG is returned when this case is not met */ if (wc_RsaEncryptSize(&key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) { XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11269,8 +11293,10 @@ int rsa_test(void) if (ret < 0) { ERROR_OUT(-7032, exit_rsa); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ idx = ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11287,11 +11313,13 @@ int rsa_test(void) if (XMEMCMP(plain, in, inLen)) { ERROR_OUT(-7034, exit_rsa); } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ } #endif /* WOLFSSL_SHA512 */ /* check using pkcsv15 padding with _ex API */ XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11304,8 +11332,10 @@ int rsa_test(void) if (ret < 0) { ERROR_OUT(-7035, exit_rsa); } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -11322,16 +11352,18 @@ int rsa_test(void) if (XMEMCMP(plain, in, inLen)) { ERROR_OUT(-7037, exit_rsa); } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ #endif /* WC_NO_RSA_OAEP */ -#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ + && !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_export_key_test(&key); if (ret != 0) return ret; #endif -#ifndef NO_ASN +#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_flatten_test(&key); if (ret != 0) return ret; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c3240ed277..1a00bb1628 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1839,7 +1839,8 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NO_INT_DECODE #endif -#if defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_RSA_VERIFY_ONLY) +#if defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + defined(WC_NO_RSA_OAEP) #undef WOLFSSL_NO_CT_OPS #define WOLFSSL_NO_CT_OPS #endif