From d3a379adacfd6fb0fc3f0080c04c7d3f289eb8b0 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 10 Mar 2022 18:21:07 +0900 Subject: [PATCH 1/3] add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC --- tests/suites.c | 3 +- testsuite/testsuite.c | 6 +- wolfcrypt/src/ecc.c | 102 ++++++- wolfcrypt/src/error.c | 4 + wolfcrypt/src/rsa.c | 30 +- wolfcrypt/test/test.c | 499 +++++++++++++++++++++++++++++--- wolfssl/wolfcrypt/error-crypt.h | 3 +- wolfssl/wolfcrypt/types.h | 1 - 8 files changed, 584 insertions(+), 64 deletions(-) diff --git a/tests/suites.c b/tests/suites.c index a36516408..86bdcf20c 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -778,7 +778,8 @@ static void test_harness(void* vargs) int SuiteTest(int argc, char** argv) { -#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) func_args args; char argv0[3][80]; char* myArgv[3]; diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 811151ba2..4bbbf367c 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -97,7 +97,8 @@ static void *echoclient_test_wrapper(void* args) { int testsuite_test(int argc, char** argv) { -#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)) func_args server_args; tcp_ready ready; @@ -242,7 +243,8 @@ int testsuite_test(int argc, char** argv) return EXIT_SUCCESS; } -#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)) /* Perform a basic TLS handshake. * * First connection to echo a file. diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index c1df29ff6..343a0caa6 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -212,7 +212,8 @@ ECC Curve Sizes: #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_ECC) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(NO_ECC_MAKE_PUB) + !defined(WOLFSSL_CRYPTOCELL) && !defined(NO_ECC_MAKE_PUB) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) #undef HAVE_ECC_MAKE_PUB #define HAVE_ECC_MAKE_PUB #endif @@ -1258,7 +1259,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen #if !defined(WOLFSSL_SP_MATH) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ - !defined(WOLFSSL_SE050) + !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order); #endif @@ -1649,7 +1650,7 @@ static void alt_fp_init(mp_int* a) #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL) @@ -4192,6 +4193,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outlen) { int err; + #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) CRYS_ECDH_TempData_t tempBuff; @@ -4204,12 +4206,22 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, #ifdef WOLF_CRYPTO_CB if (private_key->devId != INVALID_DEVID) { err = wc_CryptoCb_Ecdh(private_key, public_key, out, outlen); + #ifndef WOLF_CRYPTO_CB_ONLY_ECC if (err != CRYPTOCB_UNAVAILABLE) return err; /* fall-through when unavailable */ + #else + return err; + #endif } + #ifdef WOLF_CRYPTO_CB_ONLY_ECC + else { + return NO_VALID_DEVID; + } + #endif #endif +#ifndef WOLF_CRYPTO_CB_ONLY_ECC /* type valid? */ if (private_key->type != ECC_PRIVATEKEY && private_key->type != ECC_PRIVATEKEY_ONLY) { @@ -4260,11 +4272,13 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, #endif /* WOLFSSL_ATECC508A */ return err; +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ } #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC) + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, byte* out, word32* outlen) @@ -4544,6 +4558,7 @@ int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point, return err; } +#ifndef WOLF_CRYPTO_CB_ONLY_ECC /** Create an ECC shared secret between private key and public point private_key The private ECC key (heap hint based on private key) @@ -4628,6 +4643,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, return err; } +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ #elif defined(WOLFSSL_KCAPI_ECC) int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen) @@ -4711,7 +4727,7 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx) #endif /* USE_ECC_B_PARAM */ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) /* return 1 if point is at infinity, 0 if not, < 0 on error */ int wc_ecc_point_is_at_infinity(ecc_point* p) { @@ -5037,12 +5053,22 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { err = wc_CryptoCb_MakeEccKey(rng, keysize, key, curve_id); + #ifndef WOLF_CRYPTO_CB_ONLY_ECC if (err != CRYPTOCB_UNAVAILABLE) return err; /* fall-through when unavailable */ + #else + return err; + #endif } + #ifdef WOLF_CRYPTO_CB_ONLY_ECC + else { + return NO_VALID_DEVID; + } + #endif #endif +#ifndef WOLF_CRYPTO_CB_ONLY_ECC #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { #ifdef HAVE_CAVIUM @@ -5234,6 +5260,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #endif /* HAVE_ECC_MAKE_PUB */ return err; +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ } @@ -5751,6 +5778,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, WC_RNG* rng, ecc_key* key) { int err; + #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(WC_ASYNC_ENABLE_ECC) #ifdef WOLFSSL_SMALL_STACK mp_int *r = NULL, *s = NULL; @@ -5766,12 +5794,22 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { err = wc_CryptoCb_EccSign(in, inlen, out, outlen, rng, key); + #ifndef WOLF_CRYPTO_CB_ONLY_ECC if (err != CRYPTOCB_UNAVAILABLE) return err; /* fall-through when unavailable */ + #else + return err; + #endif } + #ifdef WOLF_CRYPTO_CB_ONLY_ECC + else { + return NO_VALID_DEVID; + } + #endif #endif +#ifndef WOLF_CRYPTO_CB_ONLY_ECC if (rng == NULL) { WOLFSSL_MSG("ECC sign RNG missing"); return ECC_BAD_ARG_E; @@ -5836,6 +5874,13 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, #endif /* WOLFSSL_ASYNC_CRYPT */ return err; +#else + (void)rng; + (void)inlen; + (void)s; + (void)r; +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ + } #endif /* !NO_ASN */ @@ -6854,7 +6899,8 @@ int wc_ecc_free(ecc_key* key) } #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH) + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) /* Handles add failure cases: * * Before add: @@ -6966,7 +7012,7 @@ int ecc_projective_dbl_point_safe(ecc_point *P, ecc_point *R, mp_int* a, #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL) && \ - !defined(WOLFSSL_KCAPI_ECC) + !defined(WOLFSSL_KCAPI_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) #ifdef ECC_SHAMIR /** Computes kA*A + kB*B = C using Shamir's Trick @@ -7321,6 +7367,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* res, ecc_key* key) { int err; + mp_int *r = NULL, *s = NULL; #if (!defined(WOLFSSL_ASYNC_CRYPT) || !defined(WC_ASYNC_ENABLE_ECC)) && \ !defined(WOLFSSL_SMALL_STACK) @@ -7337,12 +7384,23 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { err = wc_CryptoCb_EccVerify(sig, siglen, hash, hashlen, res, key); + #ifndef WOLF_CRYPTO_CB_ONLY_ECC if (err != CRYPTOCB_UNAVAILABLE) return err; /* fall-through when unavailable */ + #else + return err; + #endif } + #ifdef WOLF_CRYPTO_CB_ONLY_ECC + else { + return NO_VALID_DEVID; + } + #endif #endif +#ifndef WOLF_CRYPTO_CB_ONLY_ECC + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) err = wc_ecc_alloc_async(key); if (err != 0) @@ -7444,10 +7502,22 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, wc_ecc_reset(key); return err; +#else + (void)siglen; + (void)hashlen; + #ifndef WOLFSSL_SMALL_STACK + (void)s_lcl; + (void)r_lcl; + #endif + (void)s; + (void)r; +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ + } #endif /* !NO_ASN */ -#if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) +#if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) { int err = MP_OKAY; @@ -7489,7 +7559,7 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) key The corresponding public ECC key return MP_OKAY if successful (even if the signature is not valid) */ - +#ifndef WOLF_CRYPTO_CB_ONLY_ECC int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, word32 hashlen, int* res, ecc_key* key) #if defined(WOLFSSL_STM32_PKA) @@ -8035,6 +8105,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, return err; } #endif /* WOLFSSL_STM32_PKA */ +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ #endif /* HAVE_ECC_VERIFY */ #ifdef HAVE_ECC_KEY_IMPORT @@ -8552,7 +8623,8 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) /* is ecc point on curve described by dp ? */ int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) @@ -9035,7 +9107,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #ifndef WOLFSSL_SP_MATH #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ - !defined(WOLFSSL_SE050) + !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) mp_int* b = NULL; #ifdef USE_ECC_B_PARAM DECLARE_CURVE_SPECS(4); @@ -9084,10 +9157,13 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #ifndef WOLFSSL_SP_MATH #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \ - defined(WOLFSSL_SE050) + defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) /* consider key check success on HW crypto - * ex: ATECC508/608A, CryptoCell and Silabs */ + * ex: ATECC508/608A, CryptoCell and Silabs + * + * consider key check success on Crypt Cb + */ err = MP_OKAY; #else diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 57de940ab..b083bf717 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -563,6 +563,10 @@ const char* wc_GetErrorString(int error) case PROTOCOLCB_UNAVAILABLE: return "Protocol callback unavailable"; + + case NO_VALID_DEVID: + return "No valid device ID set"; + default: return "unknown error number"; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index ca5299477..7e6e3cdda 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2259,6 +2259,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return ret; } #else +#ifndef WOLF_CRYPTO_CB_ONLY_RSA static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) { @@ -2611,6 +2612,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return ret; #endif /* WOLFSSL_SP_MATH */ } +#endif /* WOLF_CRYPTO_CB_ONLY_RSA */ #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) @@ -2896,13 +2898,23 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng); + #ifndef WOLF_CRYPTO_CB_ONLY_RSA if (ret != CRYPTOCB_UNAVAILABLE) return ret; /* fall-through when unavailable */ ret = 0; /* reset error code and try using software */ + #else + return ret; + #endif } + #ifdef WOLF_CRYPTO_CB_ONLY_RSA + else { + return NO_VALID_DEVID; + } + #endif #endif +#ifndef WOLF_CRYPTO_CB_ONLY_RSA SAVE_VECTOR_REGISTERS(return _svr_ret;); #ifndef WOLFSSL_RSA_VERIFY_ONLY @@ -2994,8 +3006,10 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, key->state = RSA_STATE_NONE; wc_RsaCleanup(key); } - return ret; +#else + (void)rng; +#endif /* WOLF_CRYPTO_CB_ONLY_RSA */ } @@ -4441,12 +4455,23 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { err = wc_CryptoCb_MakeRsaKey(key, size, e, rng); + #ifndef WOLF_CRYPTO_CB_ONLY_RSA if (err != CRYPTOCB_UNAVAILABLE) goto out; /* fall-through when unavailable */ + #else + goto out; + #endif } + #ifdef WOLF_CRYPTO_CB_ONLY_RSA + else { + err = NO_VALID_DEVID; + goto out; + } + #endif #endif +#ifndef WOLF_CRYPTO_CB_ONLY_RSA #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ defined(WC_ASYNC_ENABLE_RSA_KEYGEN) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) { @@ -4703,7 +4728,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif err = 0; - +#endif /* WOLF_CRYPTO_CB_ONLY_RSA */ out: #ifdef WOLFSSL_SMALL_STACK @@ -4720,6 +4745,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif return err; + #else return NOT_COMPILED_IN; #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 789d0891c..3f9a7f095 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -36,7 +36,7 @@ #define HAVE_WOLFCRYPT_TEST_OPTIONS #endif -#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS +#if defined(HAVE_WOLFCRYPT_TEST_OPTIONS) #include #define err_sys err_sys_remap /* remap err_sys */ #include @@ -467,7 +467,8 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void); #endif #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ - defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) /* skip for ATECC508/608A, cannot import private key buffers */ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void); #endif @@ -1158,7 +1159,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_PASS("CAMELLIA test passed!\n"); #endif -#ifndef NO_RSA +#if !defined(NO_RSA) #ifdef WC_RSA_NO_PADDING if ( (ret = rsa_no_pad_test()) != 0) return err_sys("RSA NOPAD test failed!\n", ret); @@ -1229,7 +1230,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) PRIVATE_KEY_UNLOCK(); if ( (ret = ecc_test()) != 0) return err_sys("ECC test failed!\n", ret); @@ -1245,7 +1246,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ - defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) /* skip for ATECC508/608A, cannot import private key buffers */ if ( (ret = ecc_test_buffers()) != 0) return err_sys("ECC buffer test failed!\n", ret); @@ -1581,8 +1583,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ /* helper to save DER, convert to PEM and save PEM */ #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \ - (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) - +(!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) \ + && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB) #else @@ -11829,11 +11832,13 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void) static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem"; static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der"; #endif - #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem"; static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der"; static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der"; - #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) + #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der"; #endif #endif /* HAVE_ECC_KEY_EXPORT */ @@ -12691,7 +12696,11 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) if (ret != 0) #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) /* async may not require RNG */ + #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + if (ret != NO_VALID_DEVID) + #else if (ret != 0 && ret != MISSING_RNG_E) + #endif #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING) /* FIPS140 implementation does not do blinding */ if (ret != 0) @@ -12740,7 +12749,9 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) if (ret != SIG_TYPE_E) return -7666; #endif - +#if defined(WOLF_CRYPTO_CB_ONLY_RSA) + return 0; +#endif /* Use APIs. */ ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); if (ret != modLen) @@ -13184,7 +13195,8 @@ done: #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */ /* Need to create known good signatures to test with this. */ -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ +!defined(WOLF_CRYPTO_CB_ONLY_RSA) static int rsa_pss_test(WC_RNG* rng, RsaKey* key) { byte digest[WC_MAX_DIGEST_SIZE]; @@ -14579,7 +14591,8 @@ exit_rsa: #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \ !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \ + && !defined(WOLF_CRYPTO_CB_ONLY_RSA) static int rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng) { int ret = 0; @@ -15099,7 +15112,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) #endif #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WC_NO_RNG) + !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -15217,7 +15230,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \ ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ - defined(WOLFSSL_PUBLIC_MP)) + defined(WOLFSSL_PUBLIC_MP)) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) idx = (word32)ret; XMEMSET(plain, 0, plainSz); do { @@ -15265,7 +15278,8 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \ + && !defined(WOLF_CRYPTO_CB_ONLY_RSA) ret = rsa_oaep_padding_test(key, &rng); if (ret != 0) return ret; @@ -15514,7 +15528,8 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */ /* Need to create known good signatures to test with this. */ -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) ret = rsa_pss_test(&rng, key); if (ret != 0) goto exit_rsa; @@ -20449,6 +20464,7 @@ typedef struct eccVector { #endif } eccVector; +#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_test_vector_item(const eccVector* vector) { int ret = 0, verify = 0; @@ -20797,6 +20813,7 @@ static int ecc_test_vector(int keySize) return 0; } +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_DETERMINISTIC_K) static int ecc_test_deterministic_k(WC_RNG* rng) @@ -21255,7 +21272,8 @@ static int ecc_test_make_pub(WC_RNG* rng) byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else ecc_key key[1]; -#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) ecc_key pub[1]; #endif byte exportBuf[ECC_BUFSIZE]; @@ -21386,7 +21404,8 @@ static int ecc_test_make_pub(WC_RNG* rng) #endif #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \ - (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) + (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) tmpSz = ECC_BUFSIZE; ret = 0; do { @@ -21460,6 +21479,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } #endif /* WOLFSSL_QNX_CAAM */ +#ifndef WOLF_CRYPTO_CB_ONLY_ECC /* make public key for shared secret */ wc_ecc_init_ex(pub, HEAP_HINT, devId); ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub); @@ -21497,7 +21517,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } TEST_SLEEP(); #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */ - +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ ret = 0; done: @@ -21524,7 +21544,8 @@ done: return ret; } -#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ + !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_test_key_decode(WC_RNG* rng, int keySize) { int ret; @@ -21605,7 +21626,8 @@ static int ecc_test_key_decode(WC_RNG* rng, int keySize) #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ #endif /* HAVE_ECC_KEY_IMPORT */ -#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ + !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_test_key_gen(WC_RNG* rng, int keySize) { int ret = 0; @@ -21800,6 +21822,12 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif +#ifdef WOLF_CRYPTO_CB_ONLY_ECC + if (ret == NO_VALID_DEVID) { + ret = 0; + goto done; /* no software case */ + } #endif if (ret == ECC_CURVE_OID_E) goto done; /* catch case, where curve is not supported */ @@ -22158,6 +22186,7 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) return ret; } } +#ifndef WOLF_CRYPTO_CB_ONLY_ECC #ifdef HAVE_ECC_VECTOR_TEST ret = ecc_test_vector(keySize); @@ -22193,14 +22222,14 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) } } #endif - +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ return 0; } #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WOLFSSL_NO_MALLOC) + !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_point_test(void) { int ret; @@ -22443,7 +22472,7 @@ done: } #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ -#ifndef NO_SIG_WRAPPER +#if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_sig_test(WC_RNG* rng, ecc_key* key) { int ret; @@ -22495,7 +22524,8 @@ static int ecc_sig_test(WC_RNG* rng, ecc_key* key) } #endif -#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_exp_imp_test(ecc_key* key) { @@ -22626,7 +22656,7 @@ done: #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \ - !defined(WOLFSSL_CRYPTOCELL) + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_mulmod_test(ecc_key* key1) { int ret; @@ -22690,7 +22720,8 @@ done: } #endif -#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int ecc_ssh_test(ecc_key* key, WC_RNG* rng) { int ret; @@ -22769,7 +22800,7 @@ static int ecc_def_curve_test(WC_RNG *rng) ret = -10091; goto done; } - +#ifndef WOLF_CRYPTO_CB_ONLY_ECC #ifndef WC_NO_RNG ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -22786,7 +22817,8 @@ static int ecc_def_curve_test(WC_RNG *rng) #endif TEST_SLEEP(); - #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) + #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) ret = ecc_ssh_test(key, rng); if (ret < 0) goto done; @@ -22832,7 +22864,10 @@ static int ecc_def_curve_test(WC_RNG *rng) goto done; #endif #endif - +#else + (void)rng; + (void)idx; +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ done: wc_ecc_free(key); @@ -23398,7 +23433,8 @@ exit: } #endif /* WOLFSSL_CERT_GEN */ -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ static int ecc_test_allocator(WC_RNG* rng) { @@ -24064,7 +24100,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) } #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WOLFSSL_NO_MALLOC) + !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) ret = ecc_point_test(); if (ret < 0) { goto done; @@ -24147,7 +24183,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) } #endif #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) + !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) ret = ecc_test_make_pub(&rng); if (ret != 0) { printf("ecc_test_make_pub failed!: %d\n", ret); @@ -24163,7 +24200,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) goto done; } #endif -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) ret = ecc_test_allocator(&rng); if (ret != 0) { printf("ecc_test_allocator failed!: %d\n", ret); @@ -24807,7 +24845,8 @@ done: #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ - defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void) { size_t bytes; @@ -38332,9 +38371,321 @@ WOLFSSL_TEST_SUBROUTINE int blob_test(void) /* Example custom context for crypto callback */ typedef struct { - int exampleVar; /* example, not used */ + int exampleVar; /* flag for testing if only crypt is enabled. */ } myCryptoDevCtx; +#ifdef WOLF_CRYPTO_CB_ONLY_RSA +/* Testing rsa cb when CB_ONLY_RSA is enabled + * When CB_ONLY_RSA is enabled, software imple. is not available. + * + * ctx callback ctx + * returen 0 on success, otherwise return -8000 - -8007 + */ +static int rsa_onlycb_test(myCryptoDevCtx *ctx) +{ + int ret = 0; +#if !defined(NO_RSA) + +#ifdef WOLFSSL_SMALL_STACK + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + RsaKey key[1]; +#endif + size_t bytes; + const word32 inLen = (word32)TEST_STRING_SZ; + word32 idx = 0; + + word32 sigSz; + WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING; + byte out[RSA_TEST_BYTES]; + +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ + !defined(NO_FILESYSTEM) + XFILE file; +#endif + +#ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_cert_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + bytes = (size_t)sizeof_client_key_der_3072; + if (bytes < (size_t)sizeof_client_cert_der_3072) + bytes = (size_t)sizeof_client_cert_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + bytes = (size_t)sizeof_client_key_der_4096; + if (bytes < (size_t)sizeof_client_cert_der_4096) + bytes = (size_t)sizeof_client_cert_der_4096; +#else + bytes = FOURK_BUF; +#endif + +#ifdef WOLFSSL_SMALL_STACK + byte* tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + ERROR_OUT(-8000, exit_onlycb); +#else + byte tmp[bytes]; +#endif + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(clientKey, "rb"); + if (!file) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", -40); + ERROR_OUT(-8001, exit_onlycb); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#endif + +#ifdef WOLFSSL_KEY_GEN + WC_RNG rng; + /* wc_CryptoCb_MakeRsaKey cb test, no actual making key + * wc_MakeRsaKey() -> rsa cb -> + * myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID) + * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success) + */ + ctx->exampleVar = 99; + ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng); + if (ret != 0) { + ERROR_OUT(-8002, exit_onlycb); + } + /* wc_MakeRsaKey() -> rsa cb -> + * myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID) + * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure) + */ + ctx->exampleVar = 1; + ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng); + if (ret != NO_VALID_DEVID) { + ERROR_OUT(-8003, exit_onlycb); + } else + /* reset return code */ + ret = 0; +#endif + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-8004, exit_onlycb); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes); + if (ret != 0) { + ERROR_OUT(-8005, exit_onlycb); + } + + sigSz = (word32)wc_RsaEncryptSize(key); + + /* wc_CryptoCb_Rsa cb test, no actual rsa operation */ + if (ret == 0) { + /* wc_SignatureGenerate() -> rsa cb -> + * myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID) + * wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success) + */ + ctx->exampleVar = 99; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, sizeof(*key), NULL); + if (ret != 0) { + ERROR_OUT(-8006, exit_onlycb); + } + } + if (ret == 0) { + /* wc_SignatureGenerate() -> rsa cb -> + * myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID) + * wc_SignatureGenerate(INVALID_DEVID) expects to + * return NO_VALID_DEVID(failure) + */ + ctx->exampleVar = 1; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, sizeof(*key), NULL); + if (ret != NO_VALID_DEVID) { + ERROR_OUT(-8007, exit_onlycb); + } else + /* reset return code */ + ret = 0; + } + +exit_onlycb: + +#ifdef WOLFSSL_SMALL_STACK + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + wc_FreeRsaKey(key); +#endif + +#endif + return ret; +} +#endif + +#ifdef WOLF_CRYPTO_CB_ONLY_ECC +/* Testing rsa cb when CB_ONLY_ECC is enabled + * When CB_ONLY_ECC is enabled, software imple. is not available. + * + * ctx callback ctx + * returen 0 on success, otherwise return -8008 - -8018 + */ +static int ecc_onlycb_test(myCryptoDevCtx *ctx) +{ + int ret = 0; +#if defined(HAVE_ECC) + +#ifdef WOLFSSL_SMALL_STACK + ecc_key* key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte* out = (byte*)XMALLOC(sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key key[1]; + ecc_key pub[1]; + byte out[256]; +#endif + + WC_RNG rng; + EncryptedInfo encInfo; + int keyFormat = 0; + word32 keyIdx = 0; + + byte in[] = "Everyone gets Friday off. ecc p"; + word32 inLen = (word32)XSTRLEN((char*)in); + word32 outLen; + int verify; + +#ifdef WOLFSSL_SMALL_STACK + if (key == NULL || pub == NULL) { + ERROR_OUT(-8008, exit_onlycb); + } +#endif + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-8009, exit_onlycb); + } + + /* wc_CryptoCb_MakeEccKey cb test, , no actual testing */ + ctx->exampleVar = 99; + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key); + if (ret != 0) { + ERROR_OUT(-8010, exit_onlycb); + } + ctx->exampleVar = 1; + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key); + if (ret != NO_VALID_DEVID) { + ERROR_OUT(-8011, exit_onlycb); + } else + /* reset return code */ + ret = 0; + +#ifdef USE_CERT_BUFFERS_256 + if (ret == 0) { + /* load ECC private key and perform private transform */ + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx, + key, sizeof_ecc_key_der_256); + } + if (ret != 0) { + ERROR_OUT(-8012, exit_onlycb); + } + /* wc_CryptoCb_EccSign cb test, no actual testing */ + ctx->exampleVar = 99; + if (ret == 0) { + ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key); + } + if (ret != 0) { + ERROR_OUT(-8013, exit_onlycb); + } + ctx->exampleVar = 1; + if (ret == 0) { + ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key); + } + if (ret != NO_VALID_DEVID) { + ERROR_OUT(-8014, exit_onlycb); + } + else + ret = 0; + + /* wc_CryptoCb_EccVerify cb test, no actual testing */ + ctx->exampleVar = 99; + if (ret == 0) { + ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key); + } + if (ret != 0) { + ERROR_OUT(-8015, exit_onlycb); + } + + ctx->exampleVar = 1; + if (ret == 0) { + ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key); + } + if (ret != NO_VALID_DEVID) { + ERROR_OUT(-8016, exit_onlycb); + } + else + ret = 0; + + /* wc_CryptoCb_Ecdh cb test, no actual testing */ + + /* make public key for shared secret */ + wc_ecc_init_ex(pub, HEAP_HINT, devId); + + ctx->exampleVar = 99; + if (ret == 0) { + ret = wc_ecc_shared_secret(key, pub, out, &outLen); + } + if (ret != 0) { + ERROR_OUT(-8017, exit_onlycb); + } + ctx->exampleVar = 1; + if (ret == 0) { + ret = wc_ecc_shared_secret(key, pub, out, &outLen); + } + if (ret != NO_VALID_DEVID) { + ERROR_OUT(-8016, exit_onlycb); + } + else + ret = 0; +#else + (void)verify; + (void)outLen; + (void)inLen; + (void)out; + (void)pub; +#endif + (void)keyFormat; + (void)encInfo; + +exit_onlycb: +#if defined(WOLFSSL_SMALL_STACK) + if (key != NULL) { + wc_ecc_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (pub != NULL) { + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out != NULL) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(key); +#endif + +#endif /* HAVE_ECC */ + return ret; +} +#endif /* Example crypto dev callback function that calls software version */ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) @@ -38390,7 +38741,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) if (info->pk.type == WC_PK_TYPE_RSA) { /* set devId to invalid, so software is used */ info->pk.rsa.key->devId = INVALID_DEVID; - + #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.rsa.key->devId = devIdArg; + return 0; + } + #endif switch (info->pk.rsa.type) { case RSA_PUBLIC_ENCRYPT: case RSA_PUBLIC_DECRYPT: @@ -38416,7 +38775,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef WOLFSSL_KEY_GEN else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { info->pk.rsakg.key->devId = INVALID_DEVID; - + #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.rsakg.key->devId = devIdArg; + return 0; + } + #endif #ifdef HAVE_FIPS for (;;) { #endif @@ -38438,7 +38805,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { /* set devId to invalid, so software is used */ info->pk.eckg.key->devId = INVALID_DEVID; - + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.eckg.key->devId = devIdArg; + return 0; + } + #endif ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, info->pk.eckg.key, info->pk.eckg.curveId); @@ -38448,7 +38823,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { /* set devId to invalid, so software is used */ info->pk.eccsign.key->devId = INVALID_DEVID; - + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.eccsign.key->devId = devIdArg; + return 0; + } + #endif ret = wc_ecc_sign_hash( info->pk.eccsign.in, info->pk.eccsign.inlen, info->pk.eccsign.out, info->pk.eccsign.outlen, @@ -38460,7 +38843,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { /* set devId to invalid, so software is used */ info->pk.eccverify.key->devId = INVALID_DEVID; - + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.eccverify.key->devId = devIdArg; + return 0; + } + #endif ret = wc_ecc_verify_hash( info->pk.eccverify.sig, info->pk.eccverify.siglen, info->pk.eccverify.hash, info->pk.eccverify.hashlen, @@ -38472,7 +38863,15 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) else if (info->pk.type == WC_PK_TYPE_ECDH) { /* set devId to invalid, so software is used */ info->pk.ecdh.private_key->devId = INVALID_DEVID; - + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.ecdh.private_key->devId = devIdArg; + return 0; + } + #endif ret = wc_ecc_shared_secret( info->pk.ecdh.private_key, info->pk.ecdh.public_key, info->pk.ecdh.out, info->pk.ecdh.outlen); @@ -38859,18 +39258,30 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) if (ret == 0) ret = random_test(); #endif /* WC_NO_RNG */ -#ifndef NO_RSA +#if !defined(NO_RSA) PRIVATE_KEY_UNLOCK(); if (ret == 0) ret = rsa_test(); PRIVATE_KEY_LOCK(); #endif -#ifdef HAVE_ECC +#if defined(WOLF_CRYPTO_CB_ONLY_RSA) + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = rsa_onlycb_test(&myCtx); + PRIVATE_KEY_LOCK(); +#endif +#if defined(HAVE_ECC) PRIVATE_KEY_UNLOCK(); if (ret == 0) ret = ecc_test(); PRIVATE_KEY_LOCK(); #endif +#if defined(WOLF_CRYPTO_CB_ONLY_ECC) + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = ecc_onlycb_test(&myCtx); + PRIVATE_KEY_LOCK(); +#endif #ifdef HAVE_ED25519 if (ret == 0) ret = ed25519_test(); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 4d5e502d4..25a95ea51 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -248,8 +248,9 @@ enum { FIPS_PRIVATE_KEY_LOCKED_E = -287, /* Cannot export private key. */ PROTOCOLCB_UNAVAILABLE = -288, /* Protocol callback unavailable */ AES_SIV_AUTH_E = -289, /* AES-SIV authentication failed */ + NO_VALID_DEVID = -290, /* no valid device ID */ - WC_LAST_E = -289, /* Update this to indicate last error */ + WC_LAST_E = -290, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 44519a595..605cc3bd2 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1080,7 +1080,6 @@ decouple library dependencies with standard string, memory and so on. /* invalid device id */ #define INVALID_DEVID (-2) - /* AESNI requires alignment and ARMASM gains some performance from it * Xilinx RSA operations require alignment */ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ From 99af84f1e2cd280e373fcb65877198e5f341a47f Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 31 Mar 2022 09:14:58 -0700 Subject: [PATCH 2/3] Whitespace cleanups. --- wolfcrypt/src/ecc.c | 4 ++-- wolfcrypt/test/test.c | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 343a0caa6..3c1c8c475 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -9160,8 +9160,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) /* consider key check success on HW crypto - * ex: ATECC508/608A, CryptoCell and Silabs - * + * ex: ATECC508/608A, CryptoCell and Silabs + * * consider key check success on Crypt Cb */ err = MP_OKAY; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3f9a7f095..51b7d1851 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1585,7 +1585,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \ (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) \ && !defined(WOLF_CRYPTO_CB_ONLY_ECC) - + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB) #else @@ -38377,11 +38377,11 @@ typedef struct { #ifdef WOLF_CRYPTO_CB_ONLY_RSA /* Testing rsa cb when CB_ONLY_RSA is enabled * When CB_ONLY_RSA is enabled, software imple. is not available. - * + * * ctx callback ctx * returen 0 on success, otherwise return -8000 - -8007 */ -static int rsa_onlycb_test(myCryptoDevCtx *ctx) +static int rsa_onlycb_test(myCryptoDevCtx *ctx) { int ret = 0; #if !defined(NO_RSA) @@ -38503,7 +38503,7 @@ static int rsa_onlycb_test(myCryptoDevCtx *ctx) if (ret == 0) { /* wc_SignatureGenerate() -> rsa cb -> * myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID) - * wc_SignatureGenerate(INVALID_DEVID) expects to + * wc_SignatureGenerate(INVALID_DEVID) expects to * return NO_VALID_DEVID(failure) */ ctx->exampleVar = 1; @@ -38536,7 +38536,7 @@ exit_onlycb: #ifdef WOLF_CRYPTO_CB_ONLY_ECC /* Testing rsa cb when CB_ONLY_ECC is enabled * When CB_ONLY_ECC is enabled, software imple. is not available. - * + * * ctx callback ctx * returen 0 on success, otherwise return -8008 - -8018 */ @@ -38615,7 +38615,7 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx) } else ret = 0; - + /* wc_CryptoCb_EccVerify cb test, no actual testing */ ctx->exampleVar = 99; if (ret == 0) { @@ -38624,7 +38624,7 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx) if (ret != 0) { ERROR_OUT(-8015, exit_onlycb); } - + ctx->exampleVar = 1; if (ret == 0) { ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key); @@ -38634,12 +38634,12 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx) } else ret = 0; - + /* wc_CryptoCb_Ecdh cb test, no actual testing */ - + /* make public key for shared secret */ wc_ecc_init_ex(pub, HEAP_HINT, devId); - + ctx->exampleVar = 99; if (ret == 0) { ret = wc_ecc_shared_secret(key, pub, out, &outLen); From 8e4abb0011b49a6f8d3997aa710494db8cfd9234 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 2 Apr 2022 09:18:28 +0900 Subject: [PATCH 3/3] addressed code review comment --- wolfcrypt/test/test.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 51b7d1851..65b95be46 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -38387,9 +38387,12 @@ static int rsa_onlycb_test(myCryptoDevCtx *ctx) #if !defined(NO_RSA) #ifdef WOLFSSL_SMALL_STACK - RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte* tmp = NULL; #else RsaKey key[1]; + byte tmp[FOURK_BUF]; #endif size_t bytes; const word32 inLen = (word32)TEST_STRING_SZ; @@ -38405,6 +38408,10 @@ static int rsa_onlycb_test(myCryptoDevCtx *ctx) XFILE file; #endif +#ifdef WOLFSSL_KEY_GEN + WC_RNG rng; +#endif + #ifdef USE_CERT_BUFFERS_1024 bytes = (size_t)sizeof_client_key_der_1024; if (bytes < (size_t)sizeof_client_cert_der_1024) @@ -38426,11 +38433,9 @@ static int rsa_onlycb_test(myCryptoDevCtx *ctx) #endif #ifdef WOLFSSL_SMALL_STACK - byte* tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) ERROR_OUT(-8000, exit_onlycb); -#else - byte tmp[bytes]; #endif #ifdef USE_CERT_BUFFERS_1024 @@ -38453,7 +38458,6 @@ static int rsa_onlycb_test(myCryptoDevCtx *ctx) #endif #ifdef WOLFSSL_KEY_GEN - WC_RNG rng; /* wc_CryptoCb_MakeRsaKey cb test, no actual making key * wc_MakeRsaKey() -> rsa cb -> * myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID) @@ -38494,8 +38498,8 @@ static int rsa_onlycb_test(myCryptoDevCtx *ctx) * wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success) */ ctx->exampleVar = 99; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, sizeof(*key), NULL); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + in, inLen, out, &sigSz, key, sizeof(*key), NULL); if (ret != 0) { ERROR_OUT(-8006, exit_onlycb); } @@ -38507,8 +38511,8 @@ static int rsa_onlycb_test(myCryptoDevCtx *ctx) * return NO_VALID_DEVID(failure) */ ctx->exampleVar = 1; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, sizeof(*key), NULL); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + in, inLen, out, &sigSz, key, sizeof(*key), NULL); if (ret != NO_VALID_DEVID) { ERROR_OUT(-8007, exit_onlycb); } else @@ -38546,9 +38550,12 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx) #if defined(HAVE_ECC) #ifdef WOLFSSL_SMALL_STACK - ecc_key* key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - byte* out = (byte*)XMALLOC(sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key* key = (ecc_key *)XMALLOC(sizeof *key, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte* out = (byte*)XMALLOC(sizeof(byte), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else ecc_key key[1]; ecc_key pub[1];