From 57e2ae5a2108851692a67f95e76c647907537372 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 9 Jul 2025 12:45:04 -0400 Subject: [PATCH 001/346] Abort TLS connection if legacy version field indicates TLS 1.3 or higher. --- src/tls13.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/tls13.c b/src/tls13.c index 135f78407..a4b3850a0 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6817,6 +6817,22 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ERROR_OUT(VERSION_ERROR, exit_dch); } +#ifndef WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION + /* Check for TLS 1.3 version (0x0304) in legacy version field. RFC 8446 + * Section 4.2.1 allows this action: + * + * "Servers MAY abort the handshake upon receiving a ClientHello with + * legacy_version 0x0304 or later." + * + * Note that if WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION is defined then the + * semantics of RFC 5246 Appendix E will be followed. A ServerHello with + * version 1.2 will be sent. */ + if (args->pv.major == SSLv3_MAJOR && args->pv.minor >= TLSv1_3_MINOR) { + WOLFSSL_MSG("Legacy version field is TLS 1.3 or later. Aborting."); + ERROR_OUT(VERSION_ERROR, exit_dch); + } +#endif /* WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION */ + #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls && args->pv.major == DTLS_MAJOR && args->pv.minor > DTLSv1_2_MINOR) { From 4bd2835cf1890b7de56a68bebda8356fefad2544 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 10 Jul 2025 10:40:12 -0400 Subject: [PATCH 002/346] Change suggested by SparkiDev --- src/tls13.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index a4b3850a0..dce053278 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6817,22 +6817,6 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ERROR_OUT(VERSION_ERROR, exit_dch); } -#ifndef WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION - /* Check for TLS 1.3 version (0x0304) in legacy version field. RFC 8446 - * Section 4.2.1 allows this action: - * - * "Servers MAY abort the handshake upon receiving a ClientHello with - * legacy_version 0x0304 or later." - * - * Note that if WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION is defined then the - * semantics of RFC 5246 Appendix E will be followed. A ServerHello with - * version 1.2 will be sent. */ - if (args->pv.major == SSLv3_MAJOR && args->pv.minor >= TLSv1_3_MINOR) { - WOLFSSL_MSG("Legacy version field is TLS 1.3 or later. Aborting."); - ERROR_OUT(VERSION_ERROR, exit_dch); - } -#endif /* WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION */ - #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls && args->pv.major == DTLS_MAJOR && args->pv.minor > DTLSv1_2_MINOR) { @@ -6842,6 +6826,22 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* WOLFSSL_DTLS13 */ if (!ssl->options.dtls) { +#ifndef WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION + /* Check for TLS 1.3 version (0x0304) in legacy version field. RFC 8446 + * Section 4.2.1 allows this action: + * + * "Servers MAY abort the handshake upon receiving a ClientHello with + * legacy_version 0x0304 or later." + * + * Note that if WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION is defined then the + * semantics of RFC 5246 Appendix E will be followed. A ServerHello with + * version 1.2 will be sent. */ + if (args->pv.major == SSLv3_MAJOR && args->pv.minor >= TLSv1_3_MINOR) { + WOLFSSL_MSG("Legacy version field is TLS 1.3 or later. Aborting."); + ERROR_OUT(VERSION_ERROR, exit_dch); + } +#endif /* WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION */ + /* Legacy protocol version cannot negotiate TLS 1.3 or higher. */ if (args->pv.major > SSLv3_MAJOR || (args->pv.major == SSLv3_MAJOR && args->pv.minor >= TLSv1_3_MINOR)) { From f0459eb1cf10a486e5c6fd7d906656ba4c4d8798 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 4 Jun 2025 15:19:43 -0700 Subject: [PATCH 003/346] Allow larger pathLen values in Basic Constraints. --- wolfcrypt/src/asn.c | 7 +------ wolfssl/wolfcrypt/asn.h | 6 +++--- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index eff679df5..6abeb22a7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20631,7 +20631,7 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) if (ret == 0) { /* Get the CA boolean and path length when present. */ GetASN_Boolean(&dataASN[BASICCONSASN_IDX_CA], &isCA); - GetASN_Int8Bit(&dataASN[BASICCONSASN_IDX_PLEN], &cert->pathLength); + GetASN_Int16Bit(&dataASN[BASICCONSASN_IDX_PLEN], &cert->pathLength); ret = GetASN_Items(basicConsASN, dataASN, basicConsASN_Length, 1, input, &idx, (word32)sz); @@ -20648,11 +20648,6 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) ret = ASN_PARSE_E; } #endif - /* Path length must be a 7-bit value. */ - if ((ret == 0) && (cert->pathLength >= (1 << 7))) { - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - ret = ASN_PARSE_E; - } if ((ret == 0) && cert->pathLength > WOLFSSL_MAX_PATH_LEN) { WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E); ret = ASN_PATHLEN_SIZE_E; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 7937351a9..5aab67207 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1642,8 +1642,8 @@ struct DecodedCert { const byte* extAuthKeyIdIssuerSN; /* Authority Key ID authorityCertSerialNumber */ word32 extAuthKeyIdIssuerSNSz; /* Authority Key ID authorityCertSerialNumber length */ #endif - byte pathLength; /* CA basic constraint path length */ - byte maxPathLen; /* max_path_len see RFC 5280 section + word16 pathLength; /* CA basic constraint path length */ + word16 maxPathLen; /* max_path_len see RFC 5280 section * 6.1.2 "Initialization" - (k) for * description of max_path_len */ byte policyConstSkip; /* Policy Constraints skip certs value */ @@ -1943,7 +1943,7 @@ struct Signer { word32 pubKeySize; word32 keyOID; /* key type */ word16 keyUsage; - byte maxPathLen; + word16 maxPathLen; WC_BITFIELD selfSigned:1; const byte* publicKey; int nameLen; From bfacbf9764ff9cb4b94e302eeb6cde682e9e5f9b Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 10 Jul 2025 11:47:47 -0700 Subject: [PATCH 004/346] Update ASN original to also allow larger pathLen values in Basic Constraints. --- wolfcrypt/src/asn.c | 6 +++--- wolfssl/wolfcrypt/asn.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 6abeb22a7..bf859b1e6 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2744,7 +2744,7 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len, } #ifndef WOLFSSL_ASN_TEMPLATE -#ifndef NO_CERTS +#if !defined(NO_CERTS) && defined(WOLFSSL_CUSTOM_CURVES) /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than * 7 bits. * @@ -2776,7 +2776,7 @@ static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx) } #endif /* !NO_CERTS */ -#if defined(WC_RSA_PSS) && !defined(NO_RSA) +#if ((defined(WC_RSA_PSS) && !defined(NO_RSA)) || !defined(NO_CERTS)) /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than * 16 bits. * @@ -20611,7 +20611,7 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) return 0; } - ret = GetInteger7Bit(input, &idx, (word32)sz); + ret = GetInteger16Bit(input, &idx, (word32)sz); if (ret < 0) return ret; cert->pathLength = (byte)ret; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 5aab67207..a2e63e5c5 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1943,7 +1943,7 @@ struct Signer { word32 pubKeySize; word32 keyOID; /* key type */ word16 keyUsage; - word16 maxPathLen; + word16 maxPathLen; WC_BITFIELD selfSigned:1; const byte* publicKey; int nameLen; From 13b8a972ead9ee5ba6cf27c1c6f305319e68bb11 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 10 Jul 2025 13:40:27 -0600 Subject: [PATCH 005/346] remove WOLFSSL_API in source code when already used in header file for function decleration --- wolfcrypt/src/pkcs7.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 36c6a4def..8509ab9b5 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -12308,7 +12308,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in, * the secret key for decryption a EnvelopedData KEKRI RecipientInfo. * * Returns 0 on success, negative upon error */ -WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz) +int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz) { if (pkcs7 == NULL || key == NULL || keySz == 0) return BAD_FUNC_ARG; @@ -12358,7 +12358,7 @@ static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz) /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */ -WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, +int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, byte* output, word32 outputSz) { @@ -13486,7 +13486,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, /* unwrap and decrypt PKCS#7 AuthEnvelopedData object, return decoded size */ -WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, +int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, byte* output, word32 outputSz) { From 01cd91cbea504cc9155a9c556caad34e1dc2bf50 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 10 Jul 2025 16:44:28 -0600 Subject: [PATCH 006/346] removing more locations of WOLFSSL_API used with function implementations --- src/bio.c | 2 +- src/ssl.c | 12 ++++++------ src/ssl_sess.c | 2 +- src/wolfio.c | 2 +- src/x509.c | 14 +++++++------- src/x509_str.c | 2 +- wolfcrypt/src/asn.c | 2 +- wolfcrypt/src/cryptocb.c | 2 +- wolfcrypt/src/dh.c | 2 +- wolfcrypt/src/logging.c | 4 ++-- 10 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/bio.c b/src/bio.c index 0b52a6c17..1d01b407c 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1404,7 +1404,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) } #endif -WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg) +long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg) { (void) bp; (void) cmd; diff --git a/src/ssl.c b/src/ssl.c index 736c2db5f..fe6ed9d04 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8722,7 +8722,7 @@ static int isArrayUnique(const char* buf, size_t len) * Takes byte array containing cert types the caller can provide to its peer. * Cert types are in preferred order in the array. */ -WOLFSSL_API int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, +int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int bufLen) { int i; @@ -8757,7 +8757,7 @@ WOLFSSL_API int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, * Takes byte array containing cert types the caller can provide to its peer. * Cert types are in preferred order in the array. */ -WOLFSSL_API int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, +int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int bufLen) { int i; @@ -8792,7 +8792,7 @@ WOLFSSL_API int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, * Takes byte array containing cert types the caller can provide to its peer. * Cert types are in preferred order in the array. */ -WOLFSSL_API int wolfSSL_set_client_cert_type(WOLFSSL* ssl, +int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int bufLen) { int i; @@ -8829,7 +8829,7 @@ WOLFSSL_API int wolfSSL_set_client_cert_type(WOLFSSL* ssl, * Takes byte array containing cert types the caller can provide to its peer. * Cert types are in preferred order in the array. */ -WOLFSSL_API int wolfSSL_set_server_cert_type(WOLFSSL* ssl, +int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int bufLen) { int i; @@ -8871,7 +8871,7 @@ WOLFSSL_API int wolfSSL_set_server_cert_type(WOLFSSL* ssl, * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for * cert type. */ -WOLFSSL_API int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp) +int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp) { int ret = WOLFSSL_SUCCESS; @@ -8902,7 +8902,7 @@ WOLFSSL_API int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp) * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for * cert type. */ -WOLFSSL_API int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp) +int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp) { int ret = WOLFSSL_SUCCESS; diff --git a/src/ssl_sess.c b/src/ssl_sess.c index 24d74e0af..c06dfbf9d 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -290,7 +290,7 @@ WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) } /* session is a private struct, return if it is setup or not */ -WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session) +int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session) { if (session != NULL) return session->isSetup; diff --git a/src/wolfio.c b/src/wolfio.c index d0b82faa0..a4713f308 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -2121,7 +2121,7 @@ static const char* ocspAppStrList[] = { NULL }; -WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO( +int wolfIO_HttpProcessResponseOcspGenericIO( WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, void* heap) { diff --git a/src/x509.c b/src/x509.c index 0139ad0a9..4cfde98f8 100644 --- a/src/x509.c +++ b/src/x509.c @@ -8327,7 +8327,7 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) /* @param file file name to load */ /* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */ /* @return a number of loading CRL or certificate, otherwise zero */ -WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, +int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type) { WOLFSSL_X509 *x509 = NULL; @@ -8464,7 +8464,7 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, #ifdef HAVE_CRL #ifndef NO_BIO -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, +WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **x) { int derSz; @@ -8502,7 +8502,7 @@ WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) /* @param file a file to read */ /* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */ /* @return WOLFSSL_SUCCESS(1) on successful, otherwise WOLFSSL_FAILURE(0)*/ -WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, +int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type) { #ifndef NO_BIO @@ -12339,7 +12339,7 @@ err_exit: return NULL; } -WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, +WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u) { return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, @@ -12347,7 +12347,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, } #if defined(HAVE_CRL) -WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, +WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl, wc_pem_password_cb *cb, void *u) { return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, @@ -15604,7 +15604,7 @@ int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, * Returns WOLFSSL_SUCCESS on success. * Returns BAD_FUNC_ARG if input pointers are null. * */ -WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, +int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, const byte ** rawAttr, word32 * rawAttrLen) { @@ -15619,7 +15619,7 @@ WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, } #ifndef NO_WOLFSSL_STUB -WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, +int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, WOLFSSL_EVP_PKEY * pkey, const WOLFSSL_EVP_MD * md) { diff --git a/src/x509_str.c b/src/x509_str.c index 2c054c114..65c8e609a 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1584,7 +1584,7 @@ static int X509StoreLoadFile(WOLFSSL_X509_STORE *str, * a file or directory. * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs. */ -WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, +int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir) { WOLFSSL_CTX* ctx; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index faf50eed9..a7087b4b9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -24975,7 +24975,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, * @return BAD_FUNC_ARG if certDer is NULL, certSz is 0, or pubKeyDerSz is NULL * @return BUFFER_E if the provided buffer is too small */ -WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer, +int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer, word32 certDerSz, byte* pubKeyDer, word32* pubKeyDerSz) diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 7476245f9..cbee89d25 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -172,7 +172,7 @@ static const char* GetCryptoCbCmdTypeStr(int type) } #endif -WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) +void wc_CryptoCb_InfoString(wc_CryptoInfo* info) { if (info == NULL) return; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 40d320599..d3cd47221 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1378,7 +1378,7 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz, * Given a DhKey with set params and a priv key, generate the corresponding * public key. If fips, does pub key validation. * */ -WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz, +int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz, byte* pub, word32* pubSz) { int ret = 0; diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 5e9182cdb..c145bbd08 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -176,7 +176,7 @@ void wolfSSL_Debugging_OFF(void) #endif } -WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix) +void wolfSSL_SetLoggingPrefix(const char* prefix) { #ifdef DEBUG_WOLFSSL log_prefix = prefix; @@ -490,7 +490,7 @@ void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret) #endif #endif -WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void) +int WOLFSSL_IS_DEBUG_ON(void) { return loggingEnabled; } From 0a0b9a3c249db4ef92ddf0fb6d7d0c9ab3ce6a7d Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 11 Jul 2025 14:16:03 +0900 Subject: [PATCH 007/346] Make properties related to TLS handshake hidden for TSIP TLS user context structure --- src/keys.c | 2 +- src/tls.c | 2 +- wolfcrypt/src/port/Renesas/renesas_common.c | 18 +- wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 77 +++-- wolfcrypt/src/port/Renesas/renesas_tsip_sha.c | 18 +- .../src/port/Renesas/renesas_tsip_util.c | 294 +++++++++--------- wolfcrypt/src/random.c | 2 +- wolfcrypt/src/wc_port.c | 2 +- wolfssl/internal.h | 2 +- .../port/Renesas/renesas-tsip-crypt.h | 161 +--------- .../port/Renesas/renesas_tsip_internal.h | 171 ++++++++++ 11 files changed, 406 insertions(+), 343 deletions(-) create mode 100644 wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h diff --git a/src/keys.c b/src/keys.c index ff20b9658..a2e09d3f9 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3559,7 +3559,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) cbInfo->side = side; #elif defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; - cbInfo->key_side = side; + _ACCESSOR(cbInfo)->key_side = side; #endif ret = ssl->ctx->EncryptKeysCb(ssl, ctx); } diff --git a/src/tls.c b/src/tls.c index 1593f28d8..2b3869bac 100644 --- a/src/tls.c +++ b/src/tls.c @@ -52,7 +52,7 @@ #endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) - #include + #include #endif #include diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index b02e93eac..d1c87febc 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -40,7 +40,7 @@ #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - #include + #include #define cmn_hw_lock tsip_hw_lock #define cmn_hw_unlock tsip_hw_unlock @@ -494,7 +494,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) if (gdevId < 0) { gdevId = INITIAL_DEVID; } - cbInfo->devId = gdevId++; + _ACCESSOR(cbInfo)->devId = gdevId++; cmn_hw_unlock(); } else { @@ -502,7 +502,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) return INVALID_DEVID; } - if (wc_CryptoCb_RegisterDevice(cbInfo->devId, + if (wc_CryptoCb_RegisterDevice(_ACCESSOR(cbInfo)->devId, Renesas_cmn_CryptoDevCb, cbInfo) < 0) { /* undo devId number */ gdevId--; @@ -513,12 +513,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \ !defined(HAVE_RENESAS_SYNC) if (ssl) - wolfSSL_SetDevId(ssl, cbInfo->devId); + wolfSSL_SetDevId(ssl, _ACCESSOR(cbInfo)->devId); #endif - gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo; + gCbCtx[_ACCESSOR(cbInfo)->devId - INITIAL_DEVID] = (void*)cbInfo; - return cbInfo->devId; + return _ACCESSOR(cbInfo)->devId; } /* Renesas Security Library Common Method @@ -764,8 +764,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; - if (cbInfo->session_key_set == 1) { - switch(cbInfo->key_side) { + if (_ACCESSOR(cbInfo)->session_key_set == 1) { + switch(_ACCESSOR(cbInfo)->key_side) { #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; @@ -820,7 +820,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); if (Renesas_cmn_usable(ssl, 0)) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId); + ret = wc_tsip_generateSessionKey(ssl, cbInfo, _ACCESSOR(cbInfo)->devId); #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId); #endif diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index 0ecbb58ca..232fbc8a6 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -40,7 +40,7 @@ #include #endif #include -#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" +#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h" #ifdef NO_INLINE #include #else @@ -100,7 +100,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; - TsipUserCtx* tuc = NULL; + TsipUserCtx_Internal* tuc = NULL; e_tsip_tls13_cipher_suite_t cs; word32 cipher[(WC_AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) / sizeof(word32)]; @@ -122,7 +122,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( } /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = (TsipUserCtx_Internal*)((TsipUserCtx*)ssl->RenesasUserCtx)->internal; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); return CRYPTOCB_UNAVAILABLE; @@ -247,7 +247,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; - TsipUserCtx* tuc = NULL; + TsipUserCtx_Internal* tuc = NULL; e_tsip_tls13_cipher_suite_t cs; word32 cipher[WC_AES_BLOCK_SIZE / sizeof(word32)]; word32 plain[WC_AES_BLOCK_SIZE / sizeof(word32)]; @@ -269,7 +269,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( } /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = (TsipUserCtx_Internal*)((TsipUserCtx*)(ssl->RenesasUserCtx))->internal; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); return CRYPTOCB_UNAVAILABLE; @@ -414,11 +414,11 @@ static int _tsip_cpAesKeyIndex2AesCtx(wc_CryptoInfo* info, TsipUserCtx* cb) } if (aes && cb->user_aes256_key_set == 1) { - XMEMCPY(&aes->ctx.tsip_keyIdx,&cb->user_aes256_key_index, + XMEMCPY(&aes->ctx.tsip_keyIdx, &cb->user_aes256_key_index, sizeof(tsip_aes_key_index_t)); aes->ctx.keySize = 32; }else if (aes && cb->user_aes128_key_set == 1) { - XMEMCPY(&aes->ctx.tsip_keyIdx,&cb->user_aes128_key_index, + XMEMCPY(&aes->ctx.tsip_keyIdx, &cb->user_aes128_key_index, sizeof(tsip_aes_key_index_t)); aes->ctx.keySize = 16; } else @@ -439,16 +439,25 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) } (void)devIdArg; - + (void)_tsip_cpAesKeyIndex2AesCtx; if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #if !defined(NO_AES) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM #ifdef WOLFSSL_RENESAS_TSIP_TLS - && cbInfo != NULL && cbInfo->session_key_set == 1 + && cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 #endif ) { - ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); + /* prioritize TLS Session Key than User TSIP Aes Key */ + /* TODO : identify if Aes API is called through */ + /* while doing TLS handshake or Crypt API */ + #ifdef WOLFSSL_RENESAS_TSIP_TLS + if (_ACCESSOR(cbInfo)->session_key_set == 1) + ret = 0; + else + #else + ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); + #endif if (ret != 0) { WOLFSSL_MSG("Failed to copy Aes Key Index from " "UserCtx to AES Ctx"); @@ -489,12 +498,18 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef WOLFSSL_AES_COUNTER if (info->cipher.type == WC_CIPHER_AES_CTR #ifdef WOLFSSL_RENESAS_TSIP_TLS - && cbInfo != NULL && cbInfo->session_key_set == 1 + && cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 #endif ) { int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE); if (remain == 0) { - ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); + #ifdef WOLFSSL_RENESAS_TSIP_TLS + if (_ACCESSOR(cbInfo)->session_key_set == 1) + ret = 0; + else + #else + ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); + #endif if (ret != 0) { WOLFSSL_MSG("Failed to copy Aes Key Index from " "UserCtx to AES Ctx"); @@ -513,10 +528,16 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef HAVE_AES_CBC if (info->cipher.type == WC_CIPHER_AES_CBC #ifdef WOLFSSL_RENESAS_TSIP_TLS - && cbInfo != NULL && cbInfo->session_key_set == 1 + && cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 #endif ) { - ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); + #ifdef WOLFSSL_RENESAS_TSIP_TLS + if (_ACCESSOR(cbInfo)->session_key_set == 1) + ret = 0; + else + #else + ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); + #endif if (ret != 0) { WOLFSSL_MSG("Failed to copy Aes Key Index from " "UserCtx to AES Ctx"); @@ -790,7 +811,7 @@ int wc_tsip_AesGcmEncrypt( uint32_t ivSz_l = 0; tsip_aes_key_index_t key_client_aes; - TsipUserCtx *userCtx; + TsipUserCtx* userCtx; WOLFSSL_ENTER("wc_tsip_AesGcmEncrypt"); @@ -819,7 +840,7 @@ int wc_tsip_AesGcmEncrypt( finalFn = R_TSIP_Aes256GcmEncryptFinal; } - userCtx = (TsipUserCtx*)ctx; + userCtx = ((TsipUserCtx*)ctx); /* buffer for cipher data output must be multiple of WC_AES_BLOCK_SIZE */ cipherBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE; @@ -850,15 +871,15 @@ int wc_tsip_AesGcmEncrypt( #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ret == 0 && - userCtx->session_key_set == 1) { + _ACCESSOR(userCtx)->session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ err = R_TSIP_TlsGenerateSessionKey( - userCtx->tsip_cipher, - (uint32_t*)userCtx->tsip_masterSecret, - (uint8_t*) userCtx->tsip_clientRandom, - (uint8_t*) userCtx->tsip_serverRandom, + _ACCESSOR(userCtx)->tsip_cipher, + (uint32_t*)_ACCESSOR(userCtx)->tsip_masterSecret, + (uint8_t*) _ACCESSOR(userCtx)->tsip_clientRandom, + (uint8_t*) _ACCESSOR(userCtx)->tsip_serverRandom, &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ NULL, NULL, @@ -988,7 +1009,7 @@ int wc_tsip_AesGcmDecrypt( uint32_t ivSz_l = 0; tsip_aes_key_index_t key_server_aes; - TsipUserCtx *userCtx; + TsipUserCtx* userCtx; WOLFSSL_ENTER("wc_tsip_AesGcmDecrypt"); @@ -1018,7 +1039,7 @@ int wc_tsip_AesGcmDecrypt( finalFn = R_TSIP_Aes256GcmDecryptFinal; } - userCtx = (TsipUserCtx *)ctx; + userCtx = ((TsipUserCtx *)ctx); /* buffer for plain data output must be multiple of WC_AES_BLOCK_SIZE */ plainBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE; @@ -1049,15 +1070,15 @@ int wc_tsip_AesGcmDecrypt( #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ret == 0 && - userCtx->session_key_set == 1) { + _ACCESSOR(userCtx)->session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ err = R_TSIP_TlsGenerateSessionKey( - userCtx->tsip_cipher, - (uint32_t*)userCtx->tsip_masterSecret, - (uint8_t*) userCtx->tsip_clientRandom, - (uint8_t*) userCtx->tsip_serverRandom, + _ACCESSOR(userCtx)->tsip_cipher, + (uint32_t*)_ACCESSOR(userCtx)->tsip_masterSecret, + (uint8_t*) _ACCESSOR(userCtx)->tsip_clientRandom, + (uint8_t*) _ACCESSOR(userCtx)->tsip_serverRandom, (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ NULL, NULL, diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c index f85553834..6e663dc2a 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c @@ -43,7 +43,7 @@ #include #include -#include +#include extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint; @@ -82,7 +82,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (tuc == NULL) { ret = CRYPTOCB_UNAVAILABLE; } - else if (!tuc->HandshakeClientTrafficKey_set) { + else if (!_ACCESSOR(tuc)->HandshakeClientTrafficKey_set) { WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP"); ret = CRYPTOCB_UNAVAILABLE; } @@ -97,8 +97,8 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - err = R_TSIP_Sha256HmacGenerateInit(&(tuc->hmacFinished13Handle), - &(tuc->clientFinished13Idx)); + err = R_TSIP_Sha256HmacGenerateInit(&(_ACCESSOR(tuc)->hmacFinished13Handle), + &(_ACCESSOR(tuc)->clientFinished13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed"); @@ -108,7 +108,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { err = R_TSIP_Sha256HmacGenerateUpdate( - &(tuc->hmacFinished13Handle), + &(_ACCESSOR(tuc)->hmacFinished13Handle), (uint8_t*)hash, WC_SHA256_DIGEST_SIZE); @@ -120,7 +120,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { err = R_TSIP_Sha256HmacGenerateFinal( - &(tuc->hmacFinished13Handle), mac); + &(_ACCESSOR(tuc)->hmacFinished13Handle), mac); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed"); ret = WC_HW_E; @@ -185,7 +185,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, /* check if TSIP is used for this session */ if (ret == 0) { - if (!tuc->Dhe_key_set) { + if (!_ACCESSOR(tuc)->Dhe_key_set) { WOLFSSL_MSG("DH key not set."); ret = CRYPTOCB_UNAVAILABLE; } @@ -195,7 +195,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, if (ret == 0) { c24to32(&data[1], &messageSz); - bag = &(tuc->messageBag); + bag = &(_ACCESSOR(tuc)->messageBag); if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES || bag->buffIdx + sz > MSGBAG_SIZE) { @@ -246,7 +246,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash, if (tuc == NULL) { ret = CRYPTOCB_UNAVAILABLE; } - bag = &(tuc->messageBag); + bag = &(_ACCESSOR(tuc)->messageBag); } if (ret == 0) { diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 842a5bc69..bc6d31cbe 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -45,7 +45,7 @@ #include #include #endif -#include +#include #include #include @@ -138,7 +138,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl, if (ret == 0){ tuc = ssl->RenesasUserCtx; - tuc->wrappedPublicKey = (uint8_t*)keyBuf; + _ACCESSOR(tuc)->wrappedPublicKey = (uint8_t*)keyBuf; tuc->wrappedKeyType = keyType; } @@ -167,12 +167,12 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, if (ret == 0){ tuc = ssl->RenesasUserCtx; - tuc->wrappedPrivateKey = (uint8_t*)keyBuf; + _ACCESSOR(tuc)->wrappedPrivateKey = (uint8_t*)keyBuf; tuc->wrappedKeyType = keyType; /* store keyType as Id since Id capacity is 32 bytes */ ret = wolfSSL_use_PrivateKey_Id(ssl, - (const unsigned char*)keyBuf, 32, tuc->devId); + (const unsigned char*)keyBuf, 32, _ACCESSOR(tuc)->devId); if (ret == WOLFSSL_SUCCESS) { ret = 0; } @@ -197,7 +197,6 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType) { int ret = 0; - TsipUserCtx* tuc = NULL; WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt"); @@ -206,9 +205,8 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, } if (ret == 0){ - tuc = uc; - tuc->wrappedPublicKey = (uint8_t*)keyBuf; - tuc->wrappedKeyType = keyType; + _ACCESSOR(uc)->wrappedPublicKey = (uint8_t*)keyBuf; + uc->wrappedKeyType = keyType; } WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret); @@ -226,7 +224,6 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType) { int ret = 0; - TsipUserCtx* tuc = NULL; WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt"); @@ -234,10 +231,8 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, ret = BAD_FUNC_ARG; } if (ret == 0){ - tuc = uc; - - tuc->wrappedPrivateKey = (uint8_t*)keyBuf; - tuc->wrappedKeyType = keyType; + _ACCESSOR(uc)->wrappedPrivateKey = (uint8_t*)keyBuf; + uc->wrappedKeyType = keyType; } WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret); @@ -287,7 +282,7 @@ static void tsipFlushMessages(struct WOLFSSL* ssl) return; } - bag = &(tuc->messageBag); + bag = &(_ACCESSOR(tuc)->messageBag); ForceZero(bag, sizeof(MsgBag)); @@ -310,6 +305,12 @@ int tsip_TlsCleanup(struct WOLFSSL* ssl) /* free stored messages */ tsipFlushMessages(ssl); + /* free internal structure */ + XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + tuc->internal = NULL; + + /* zero clear */ + ForceZero(tuc, sizeof(TsipUserCtx)); return ret; } @@ -401,19 +402,19 @@ int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->Dhe_key_set =0; + _ACCESSOR(tuc)->Dhe_key_set =0; err = R_TSIP_GenerateTls13P256EccKeyIndex( - &(tuc->handle13), + &(_ACCESSOR(tuc)->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->EcdhPrivKey13Idx), /* private key index */ + &(_ACCESSOR(tuc)->EcdhPrivKey13Idx), /* private key index */ &(kse->pubKey[1])); /* generated public key */ if (err != TSIP_SUCCESS){ret = WC_HW_E;} if (ret == 0) { WOLFSSL_MSG("ECDH private key-index is stored by TSIP"); - tuc->Dhe_key_set =1; + _ACCESSOR(tuc)->Dhe_key_set =1; } tsip_hw_unlock(); @@ -483,7 +484,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, } if (ret == 0) { - if (!tuc->Dhe_key_set) { + if (!_ACCESSOR(tuc)->Dhe_key_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -492,15 +493,15 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->SharedSecret_set = 0; + _ACCESSOR(tuc)->SharedSecret_set = 0; pubkeyraw = kse->ke + 1; /* peer's raw public key data */ /* derive shared secret */ err = R_TSIP_Tls13GenerateEcdheSharedSecret( TSIP_TLS13_MODE_FULL_HANDSHAKE, pubkeyraw, /* peer's ECDHE public key */ - &(tuc->EcdhPrivKey13Idx), /*(out) own ECDHE priv key */ - &(tuc->sharedSecret13Idx)); /*(out) PreMasterSecret */ + &(_ACCESSOR(tuc)->EcdhPrivKey13Idx), /*(out) own ECDHE priv key */ + &(_ACCESSOR(tuc)->sharedSecret13Idx)); /*(out) PreMasterSecret */ if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error"); @@ -508,7 +509,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, } if (ret == 0) { /* set flag for later tsip operations */ - tuc->SharedSecret_set = 1; + _ACCESSOR(tuc)->SharedSecret_set = 1; } tsip_hw_unlock(); @@ -539,7 +540,7 @@ int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) ret = CRYPTOCB_UNAVAILABLE; } else { - tuc->EarlySecret_set = 1; + _ACCESSOR(tuc)->EarlySecret_set = 1; } } @@ -588,7 +589,7 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) if (ret == 0) { /* check if pre-master secret is generated by tsip */ - if (!tuc->SharedSecret_set) { + if (!_ACCESSOR(tuc)->SharedSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -597,18 +598,18 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->HandshakeSecret_set = 0; + _ACCESSOR(tuc)->HandshakeSecret_set = 0; err = R_TSIP_Tls13GenerateHandshakeSecret( - &(tuc->sharedSecret13Idx), - &(tuc->handshakeSecret13Idx)); + &(_ACCESSOR(tuc)->sharedSecret13Idx), + &(_ACCESSOR(tuc)->handshakeSecret13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error"); ret = WC_HW_E; } if (ret == 0) { - tuc->HandshakeSecret_set = 1; + _ACCESSOR(tuc)->HandshakeSecret_set = 1; } tsip_hw_unlock(); } @@ -655,7 +656,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure client handshake secret is generated by tsip */ - if (!tuc->HandshakeSecret_set) { + if (!_ACCESSOR(tuc)->HandshakeSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -669,15 +670,15 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->HandshakeClientTrafficKey_set = 0; + _ACCESSOR(tuc)->HandshakeClientTrafficKey_set = 0; err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey( - &(tuc->handle13), + &(_ACCESSOR(tuc)->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->handshakeSecret13Idx), + &(_ACCESSOR(tuc)->handshakeSecret13Idx), hash, - &(tuc->clientWriteKey13Idx), - &(tuc->clientFinished13Idx)); + &(_ACCESSOR(tuc)->clientWriteKey13Idx), + &(_ACCESSOR(tuc)->clientFinished13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -687,7 +688,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) /* key derivation succeeded */ if (ret == 0) { - tuc->HandshakeClientTrafficKey_set = 1; + _ACCESSOR(tuc)->HandshakeClientTrafficKey_set = 1; } tsip_hw_unlock(); @@ -735,7 +736,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure client handshake secret is generated by tsip */ - if (!tuc->HandshakeSecret_set) { + if (!_ACCESSOR(tuc)->HandshakeSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -749,15 +750,15 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->HandshakeServerTrafficKey_set = 0; + _ACCESSOR(tuc)->HandshakeServerTrafficKey_set = 0; err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey( - &(tuc->handle13), + &(_ACCESSOR(tuc)->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->handshakeSecret13Idx), + &(_ACCESSOR(tuc)->handshakeSecret13Idx), hash, - &(tuc->serverWriteKey13Idx), - &(tuc->serverFinished13Idx)); + &(_ACCESSOR(tuc)->serverWriteKey13Idx), + &(_ACCESSOR(tuc)->serverFinished13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -767,7 +768,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) /* key derivation succeeded */ if (ret == 0) { - tuc->HandshakeServerTrafficKey_set = 1; + _ACCESSOR(tuc)->HandshakeServerTrafficKey_set = 1; } tsip_hw_unlock(); @@ -815,7 +816,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure master secret is generated by tsip */ - if (!tuc->MasterSecret_set) { + if (!_ACCESSOR(tuc)->MasterSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -829,20 +830,20 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->ServerTrafficSecret_set = 0; - tuc->ClientTrafficSecret_set = 0; - tuc->ServerWriteTrafficKey_set = 0; - tuc->ClientWriteTrafficKey_set = 0; + _ACCESSOR(tuc)->ServerTrafficSecret_set = 0; + _ACCESSOR(tuc)->ClientTrafficSecret_set = 0; + _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 0; + _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 0; err = R_TSIP_Tls13GenerateApplicationTrafficKey( - &(tuc->handle13), + &(_ACCESSOR(tuc)->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->masterSecret13Idx), + &(_ACCESSOR(tuc)->masterSecret13Idx), (uint8_t*)hash, - &(tuc->serverAppTraffic13Secret), - &(tuc->clientAppTraffic13Secret), - &(tuc->serverAppWriteKey13Idx), - &(tuc->clientAppWriteKey13Idx)); + &(_ACCESSOR(tuc)->serverAppTraffic13Secret), + &(_ACCESSOR(tuc)->clientAppTraffic13Secret), + &(_ACCESSOR(tuc)->serverAppWriteKey13Idx), + &(_ACCESSOR(tuc)->clientAppWriteKey13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -852,10 +853,10 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) /* key derivation succeeded */ if (ret == 0) { - tuc->ServerTrafficSecret_set = 1; - tuc->ClientTrafficSecret_set = 1; - tuc->ServerWriteTrafficKey_set = 1; - tuc->ClientWriteTrafficKey_set = 1; + _ACCESSOR(tuc)->ServerTrafficSecret_set = 1; + _ACCESSOR(tuc)->ClientTrafficSecret_set = 1; + _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 1; + _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 1; } tsip_hw_unlock(); @@ -902,7 +903,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure application secret is generated by tsip */ - if (!tuc->ClientTrafficSecret_set) { + if (!_ACCESSOR(tuc)->ClientTrafficSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -910,21 +911,21 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->ClientWriteTrafficKey_set = 0; + _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 0; err = R_TSIP_Tls13UpdateApplicationTrafficKey( - &(tuc->handle13), + &(_ACCESSOR(tuc)->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_UPDATE_CLIENT_KEY, - &(tuc->clientAppTraffic13Secret), - &(tuc->clientAppTraffic13Secret), - &(tuc->clientAppWriteKey13Idx)); + &(_ACCESSOR(tuc)->clientAppTraffic13Secret), + &(_ACCESSOR(tuc)->clientAppTraffic13Secret), + &(_ACCESSOR(tuc)->clientAppWriteKey13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); ret = WC_HW_E; } else { - tuc->ClientWriteTrafficKey_set = 1; + _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 1; } tsip_hw_unlock(); } @@ -970,7 +971,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure application secret is generated by tsip */ - if (!tuc->ServerTrafficSecret_set) { + if (!_ACCESSOR(tuc)->ServerTrafficSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -978,21 +979,21 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->ServerWriteTrafficKey_set = 0; + _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 0; err = R_TSIP_Tls13UpdateApplicationTrafficKey( - &(tuc->handle13), + &(_ACCESSOR(tuc)->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_UPDATE_SERVER_KEY, - &(tuc->serverAppTraffic13Secret), - &(tuc->serverAppTraffic13Secret), - &(tuc->serverAppWriteKey13Idx)); + &(_ACCESSOR(tuc)->serverAppTraffic13Secret), + &(_ACCESSOR(tuc)->serverAppTraffic13Secret), + &(_ACCESSOR(tuc)->serverAppWriteKey13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); ret = WC_HW_E; } else { - tuc->ServerWriteTrafficKey_set = 1; + _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 1; } tsip_hw_unlock(); } @@ -1131,8 +1132,8 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) } if (ret == 0) { /* make sure handshake secret and verify data has been set by TSIP */ - if (!tuc->HandshakeSecret_set || - !tuc->HandshakeVerifiedData_set) { + if (!_ACCESSOR(tuc)->HandshakeSecret_set || + !_ACCESSOR(tuc)->HandshakeVerifiedData_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -1140,14 +1141,14 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->MasterSecret_set = 0; + _ACCESSOR(tuc)->MasterSecret_set = 0; err = R_TSIP_Tls13GenerateMasterSecret( - &(tuc->handle13), + &(_ACCESSOR(tuc)->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->handshakeSecret13Idx), - (uint32_t*)tuc->verifyData13Idx, - &(tuc->masterSecret13Idx)); + &(_ACCESSOR(tuc)->handshakeSecret13Idx), + (uint32_t*)_ACCESSOR(tuc)->verifyData13Idx, + &(_ACCESSOR(tuc)->masterSecret13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -1156,7 +1157,7 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) } if (ret == 0) { - tuc->MasterSecret_set = 1; + _ACCESSOR(tuc)->MasterSecret_set = 1; } tsip_hw_unlock(); @@ -1210,7 +1211,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, if (ret == 0) { /* make sure handshake secret is generated by tsip */ - if (!tuc->HandshakeServerTrafficKey_set) { + if (!_ACCESSOR(tuc)->HandshakeServerTrafficKey_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -1223,14 +1224,14 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - tuc->HandshakeVerifiedData_set = 0; + _ACCESSOR(tuc)->HandshakeVerifiedData_set = 0; err = R_TSIP_Tls13ServerHandshakeVerification( TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->serverFinished13Idx), + &(_ACCESSOR(tuc)->serverFinished13Idx), (uint8_t*)msgHash, (uint8_t*)hash, - (uint32_t*)(tuc->verifyData13Idx)); + (uint32_t*)(_ACCESSOR(tuc)->verifyData13Idx)); if (err == TSIP_ERR_VERIFICATION_FAIL) { WOLFSSL_MSG("Handshake verification error"); @@ -1242,7 +1243,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, } if (ret == 0) { WOLFSSL_MSG("Verified handshake"); - tuc->HandshakeVerifiedData_set = 1; + _ACCESSOR(tuc)->HandshakeVerifiedData_set = 1; } tsip_hw_unlock(); @@ -1545,10 +1546,10 @@ int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, if (ret == 0) { /* create sign data */ - sigData = tuc->sigDataCertVerify; + sigData = _ACCESSOR(tuc)->sigDataCertVerify; idx = 0; - ForceZero(sigData, sizeof(tuc->sigDataCertVerify)); + ForceZero(sigData, sizeof(_ACCESSOR(tuc)->sigDataCertVerify)); XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, TSIP_SIGNING_DATA_PREFIX_SZ); @@ -1686,12 +1687,12 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) if (ret == 0) { if (isRsa) { - if (!tuc->ClientRsa2048PrivKey_set) { + if (!_ACCESSOR(tuc)->ClientRsa2048PrivKey_set) { ret = NO_PRIVATE_KEY; } } else { - if (!tuc->ClientEccPrivKey_set) { + if (!_ACCESSOR(tuc)->ClientEccPrivKey_set) { ret = NO_PRIVATE_KEY; } } @@ -1724,7 +1725,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) if ((ret = tsip_hw_lock()) == 0) { if (isRsa) { err = R_TSIP_Tls13CertificateVerifyGenerate( - (uint32_t*)&(tuc->Rsa2048PrivateKeyIdx), + (uint32_t*)&(_ACCESSOR(tuc)->Rsa2048PrivateKeyIdx), TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256, hash, message + HANDSHAKE_HEADER_SZ, @@ -1732,7 +1733,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } else { err = R_TSIP_Tls13CertificateVerifyGenerate( - (uint32_t*)&(tuc->EcdsaPrivateKeyIdx), + (uint32_t*)&(_ACCESSOR(tuc)->EcdsaPrivateKeyIdx), TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, hash, message + HANDSHAKE_HEADER_SZ, @@ -1762,7 +1763,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) if (ret == 0) { if (isRsa) { - if (!tuc->ClientRsa2048PubKey_set) { + if (!_ACCESSOR(tuc)->ClientRsa2048PubKey_set) { ret = NO_PRIVATE_KEY; } } @@ -1776,10 +1777,10 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } if (ret == 0) { - sigData = tuc->sigDataCertVerify; + sigData = _ACCESSOR(tuc)->sigDataCertVerify; idx = 0; - ForceZero(sigData, sizeof(tuc->sigDataCertVerify)); + ForceZero(sigData, sizeof(_ACCESSOR(tuc)->sigDataCertVerify)); XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, TSIP_SIGNING_DATA_PREFIX_SZ); @@ -1822,7 +1823,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) err = R_TSIP_RsassaPss2048SignatureVerification( &rsa_sig, &rsa_hash, - &tuc->Rsa2048PublicKeyIdx, + &(_ACCESSOR(tuc))->Rsa2048PublicKeyIdx, R_TSIP_RSA_HASH_SHA256); WOLFSSL_MSG("Perform self-verify for rsa signature"); } @@ -2009,7 +2010,7 @@ static int tsip_ServerKeyExVerify( (uint8_t*) peerkey, (uint8_t*) sig, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, - (uint32_t*)userCtx->encrypted_ephemeral_ecdh_public_key); + (uint32_t*)_ACCESSOR(userCtx)->encrypted_ephemeral_ecdh_public_key); if (ret !=TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed"); @@ -2166,21 +2167,21 @@ int wc_tsip_EccSharedSecret( if ((ret = tsip_hw_lock()) == 0) { /* Generate ECC public key for key exchange */ ret = R_TSIP_GenerateTlsP256EccKeyIndex( - &usrCtx->ecc_p256_wrapped_key, - (uint8_t*)&usrCtx->ecc_ecdh_public_key); + &(_ACCESSOR(usrCtx))->ecc_p256_wrapped_key, + (uint8_t*)&(_ACCESSOR(usrCtx))->ecc_ecdh_public_key); if (ret == TSIP_SUCCESS) { /* copy generated ecdh public key into buffer */ pubKeyDer[0] = ECC_POINT_UNCOMP; - *pubKeySz = 1 + sizeof(usrCtx->ecc_ecdh_public_key); - XMEMCPY(&pubKeyDer[1], &usrCtx->ecc_ecdh_public_key, - sizeof(usrCtx->ecc_ecdh_public_key)); + *pubKeySz = 1 + sizeof((_ACCESSOR(usrCtx))->ecc_ecdh_public_key); + XMEMCPY(&pubKeyDer[1], &(_ACCESSOR(usrCtx))->ecc_ecdh_public_key, + sizeof(_ACCESSOR(usrCtx)->ecc_ecdh_public_key)); /* Generate Premaster Secret */ ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key( - (uint32_t*)&usrCtx->encrypted_ephemeral_ecdh_public_key, - &usrCtx->ecc_p256_wrapped_key, + (uint32_t*)&(_ACCESSOR(usrCtx))->encrypted_ephemeral_ecdh_public_key, + &(_ACCESSOR(usrCtx))->ecc_p256_wrapped_key, (uint32_t*)out/* pre-master secret 64 bytes */); } if (ret == TSIP_SUCCESS) { @@ -2242,14 +2243,27 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) TsipUserCtx* uCtx = (TsipUserCtx*)user_ctx; if (user_ctx == NULL) { - WOLFSSL_LEAVE("tsip_set_callback_ctx", 0); - return 0; + WOLFSSL_MSG("user ctx is null"); + return BAD_FUNC_ARG; } + ForceZero(uCtx, sizeof(TsipUserCtx)); - uCtx->ssl = ssl; - uCtx->ctx = ssl->ctx; - uCtx->heap = ssl->heap; - uCtx->side = ssl->ctx->method->side; + + uCtx->internal = (TsipUserCtx_Internal*)XMALLOC(sizeof(TsipUserCtx_Internal), + ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + + if (!uCtx->internal) { + printf("Failed to allocate memory for user ctx internal"); + return MEMORY_E; + } + + ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal)); + + _ACCESSOR(uCtx)->ssl = ssl; + _ACCESSOR(uCtx)->ctx = ssl->ctx; + _ACCESSOR(uCtx)->heap = ssl->heap; + _ACCESSOR(uCtx)->side = ssl->ctx->method->side; ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */ @@ -2316,7 +2330,7 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType) if (tuc == NULL) return BAD_FUNC_ARG; - encPrivKey = tuc->wrappedPrivateKey; + encPrivKey = _ACCESSOR(tuc)->wrappedPrivateKey; if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) { WOLFSSL_MSG("Missing some key materials used for import" ); @@ -2336,12 +2350,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType) #if !defined(NO_RSA) case TSIP_KEY_TYPE_RSA2048: - tuc->ClientRsa2048PrivKey_set = 0; + _ACCESSOR(tuc)->ClientRsa2048PrivKey_set = 0; err = R_TSIP_GenerateRsa2048PrivateKeyIndex( provisioning_key, iv, (uint8_t*)encPrivKey, - &(tuc->Rsa2048PrivateKeyIdx)); + &(_ACCESSOR(tuc)->Rsa2048PrivateKeyIdx)); if (err == TSIP_SUCCESS) { - tuc->ClientRsa2048PrivKey_set = 1; + _ACCESSOR(tuc)->ClientRsa2048PrivKey_set = 1; } else { ret = WC_HW_E; @@ -2357,12 +2371,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType) #if defined(HAVE_ECC) case TSIP_KEY_TYPE_ECDSAP256: - tuc->ClientEccPrivKey_set = 0; + _ACCESSOR(tuc)->ClientEccPrivKey_set = 0; err = R_TSIP_GenerateEccP256PrivateKeyIndex( provisioning_key, iv, (uint8_t*)encPrivKey, - &(tuc->EcdsaPrivateKeyIdx)); + &(_ACCESSOR(tuc)->EcdsaPrivateKeyIdx)); if (err == TSIP_SUCCESS) { - tuc->ClientEccPrivKey_set = 1; + _ACCESSOR(tuc)->ClientEccPrivKey_set = 1; } else { ret = WC_HW_E; @@ -2409,7 +2423,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) return BAD_FUNC_ARG; } - encPubKey = tuc->wrappedPublicKey; + encPubKey = tuc->internal->wrappedPublicKey; if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) { WOLFSSL_MSG("Missing some key materials used for import" ); @@ -2431,7 +2445,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) (defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1)) case TSIP_KEY_TYPE_RSA2048: #if defined(WOLFSSL_RENESAS_TSIP_TLS) - tuc->ClientRsa2048PubKey_set = 0; + _ACCESSOR(tuc)->ClientRsa2048PubKey_set = 0; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0; @@ -2446,14 +2460,14 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) err = R_TSIP_GenerateRsa2048PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, #if defined(WOLFSSL_RENESAS_TSIP_TLS) - &(tuc->Rsa2048PublicKeyIdx) + &(_ACCESSOR(tuc)->Rsa2048PublicKeyIdx) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->rsa2048pub_keyIdx #endif ); if (err == TSIP_SUCCESS) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - tuc->ClientRsa2048PubKey_set = 1; + _ACCESSOR(tuc)->ClientRsa2048PubKey_set = 1; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1; #endif @@ -2473,7 +2487,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP384: #if defined(WOLFSSL_RENESAS_TSIP_TLS) - tuc->ClientEccPubKey_set = 0; + _ACCESSOR(tuc)->ClientEccPubKey_set = 0; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->keyflgs_crypt.bits.eccpub_key_set = 0; #endif @@ -2482,7 +2496,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) err = R_TSIP_GenerateEccP256PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, #if defined(WOLFSSL_RENESAS_TSIP_TLS) - &(tuc->EcdsaPublicKeyIdx) + &(_ACCESSOR(tuc)->EcdsaPublicKeyIdx) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) &tuc->eccpub_keyIdx #endif @@ -2496,7 +2510,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) err = R_TSIP_GenerateEccP384PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, #if defined(WOLFSSL_RENESAS_TSIP_TLS) - &(tuc->EcdsaPublicKeyIdx) + &(_ACCESSOR(tuc)->EcdsaPublicKeyIdx) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) &tuc->eccpub_keyIdx #endif @@ -2507,7 +2521,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) } if (err == TSIP_SUCCESS) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - tuc->ClientEccPubKey_set = 1; + _ACCESSOR(tuc)->ClientEccPubKey_set = 1; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->keyflgs_crypt.bits.eccpub_key_set = 1; #endif @@ -3253,9 +3267,9 @@ int wc_tsip_generateSessionKey( /* ready-for-use flag will be set when SetKeySide() is called */ } - if (ctx->tsip_cipher == + if (_ACCESSOR(ctx)->tsip_cipher == R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || - ctx->tsip_cipher == + _ACCESSOR(ctx)->tsip_cipher == R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { enc->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ; @@ -3264,7 +3278,7 @@ int wc_tsip_generateSessionKey( enc->aes->devId = devId; dec->aes->devId = devId; - ctx->session_key_set = 1; + _ACCESSOR(ctx)->session_key_set = 1; } /* unlock hw */ tsip_hw_unlock(); @@ -3367,13 +3381,13 @@ int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx) ret = BAD_FUNC_ARG; if (ret == 0) { - XMEMCPY(userCtx->tsip_masterSecret, ssl->arrays->tsip_masterSecret, - TSIP_TLS_MASTERSECRET_SIZE); - XMEMCPY(userCtx->tsip_clientRandom, ssl->arrays->clientRandom, - TSIP_TLS_CLIENTRANDOM_SZ); - XMEMCPY(userCtx->tsip_serverRandom, ssl->arrays->serverRandom, - TSIP_TLS_SERVERRANDOM_SZ); - userCtx->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0, + XMEMCPY(_ACCESSOR(userCtx)->tsip_masterSecret, + ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE); + XMEMCPY(_ACCESSOR(userCtx)->tsip_clientRandom, + ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ); + XMEMCPY(_ACCESSOR(userCtx)->tsip_serverRandom, + ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ); + _ACCESSOR(userCtx)->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0, ssl->options.cipherSuite); } @@ -3671,7 +3685,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) if (info == NULL || tuc == NULL #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY - || tuc->ssl == NULL + || _ACCESSOR(tuc)->ssl == NULL #endif ) { ret = BAD_FUNC_ARG; @@ -3679,7 +3693,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) #ifdef WOLFSSL_RENESAS_TSIP_TLS if (ret == 0) { - ssl = tuc->ssl; + ssl = _ACCESSOR(tuc)->ssl; if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { @@ -3776,7 +3790,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) err = R_TSIP_RsassaPkcs2048SignatureGenerate( &hashData, &sigData, #ifdef WOLFSSL_RENESAS_TSIP_TLS - &tuc->Rsa2048PrivateKeyIdx, + &(_ACCESSOR(tuc))->Rsa2048PrivateKeyIdx, #else (tsip_rsa2048_private_key_index_t*) tuc->rsa2048pri_keyIdx, @@ -3877,7 +3891,7 @@ int tsip_VerifyRsaPkcsCb( case TSIP_KEY_TYPE_RSA2048: err = R_TSIP_RsassaPkcs2048SignatureVerification( &sigData, &hashData, - &tuc->Rsa2048PublicKeyIdx, + &(_ACCESSOR(tuc))->Rsa2048PublicKeyIdx, tsip_hash_type); if (err == TSIP_ERR_AUTHENTICATION) { @@ -3949,7 +3963,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) } if (ret == 0) { - ssl = tuc->ssl; + ssl = _ACCESSOR(tuc)->ssl; if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { @@ -3984,7 +3998,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) offsetForWork; err = R_TSIP_EcdsaP256SignatureGenerate( &hashData, &sigData, - &tuc->EcdsaPrivateKeyIdx); + &(_ACCESSOR(tuc))->EcdsaPrivateKeyIdx); if (err != TSIP_SUCCESS) { ret = WC_HW_E; break; diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index dc85e4b7b..d03d43b28 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -142,7 +142,7 @@ This library contains implementation for the random number generator. #elif defined(WOLFSSL_TELIT_M2MB) #elif defined(WOLFSSL_RENESAS_TSIP) /* for wc_tsip_GenerateRandBlock */ - #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" + #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h" #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #elif defined(WOLFSSL_IMXRT1170_CAAM) #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index bf69834ce..cc30eabe9 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -60,7 +60,7 @@ #include #endif #if defined(WOLFSSL_RENESAS_TSIP) - #include + #include #endif #if defined(WOLFSSL_RENESAS_FSPSM) #include diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 1fcc6c01b..d4b48b121 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -291,7 +291,7 @@ #endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) - #include + #include #endif #include diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 832163ea3..33de8d7fc 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -148,157 +148,13 @@ struct tsip_keyflgs_crypt { }; #endif +typedef struct TsipUserCtx_Internal TsipUserCtx_Internal; /* * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format. */ typedef struct TsipUserCtx { - /* unique number for each session */ - int devId; - - /* client key pair wrapped by provisioning key */ - byte* wrappedPrivateKey; - byte* wrappedPublicKey; - - int wrappedKeyType; - -#ifdef WOLFSSL_RENESAS_TSIP_TLS - /* 0:working as a TLS client, 1: as a server */ - byte side; - /* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */ - byte key_side; - /* public key index for verification of RootCA cert */ - uint32_t user_key_id; - - /* WOLFSSL object associated with */ - struct WOLFSSL* ssl; - struct WOLFSSL_CTX* ctx; - - /* HEAP_HINT */ - void* heap; - - /* TLSv1.3 handshake related members, mainly keys */ - - /* handle is used as work area for Tls13 handshake */ - tsip_tls13_handle_t handle13; - -#if !defined(NO_RSA) - /* RSA-2048bit private and public key-index for client authentication */ - tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx; - tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx; -#endif /* !NO_RSA */ -#if defined(HAVE_ECC) - /* ECC private and public key-index for client authentication */ - tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx; - tsip_ecc_public_key_index_t EcdsaPublicKeyIdx; -#endif /* HAVE_ECC */ - - /* ECDHE private key index for Tls13 handshake */ - tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx; - - /* ECDHE pre-master secret */ - tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx; - - /* Handshake secret for Tls13 handshake */ - tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx; - - /* the key to decrypt server-finished message */ - tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx; - - /* key for Sha256-Hmac to gen "Client Finished" */ - tsip_hmac_sha_key_index_t clientFinished13Idx; - - /* AES decryption key for handshake */ - tsip_aes_key_index_t serverWriteKey13Idx; - - /* AES encryption key for handshake */ - tsip_aes_key_index_t clientWriteKey13Idx; - - /* Handshake verified data used for master secret */ - word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ]; - - /* master secret for TLS1.3 */ - tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx; - - /* server app traffic secret */ - tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret; - - /* client app traffic secret */ - tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret; - - /* server write key */ - tsip_aes_key_index_t serverAppWriteKey13Idx; - - /* client write key */ - tsip_aes_key_index_t clientAppWriteKey13Idx; - - /* hash handle for transcript hash of handshake messages */ - tsip_hmac_sha_handle_t hmacFinished13Handle; - - /* storage for handshake messages */ - MsgBag messageBag; - - /* signature data area for TLS1.3 CertificateVerify message */ - byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ]; - -#if (WOLFSSL_RENESAS_TSIP_VER >=109) - /* out from R_SCE_TLS_ServerKeyExchangeVerify */ - uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ]; - - /* ephemeral ECDH pubkey index - * got from R_TSIP_GenerateTlsP256EccKeyIndex. - * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key. - */ - tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key; - - /* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit) - * got from R_TSIP_GenerateTlsP256EccKeyIndex. - * Should be sent to peer(server) in Client Key Exchange msg. - */ - uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ]; -#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */ - - /* info to generate session key */ - uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4]; - uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; - uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; - - /* TSIP defined cipher suite number */ - uint32_t tsip_cipher; - - /* flags */ -#if !defined(NO_RSA) - uint8_t ClientRsa2048PrivKey_set:1; - uint8_t ClientRsa2048PubKey_set:1; -#endif -#if defined(HAVE_ECC) - uint8_t ClientEccPrivKey_set:1; - uint8_t ClientEccPubKey_set:1; -#endif - - uint8_t HmacInitialized:1; - uint8_t RootCAverified:1; - uint8_t EcdsaPrivKey_set:1; - uint8_t Dhe_key_set:1; - uint8_t SharedSecret_set:1; - uint8_t EarlySecret_set:1; - uint8_t HandshakeSecret_set:1; - uint8_t HandshakeClientTrafficKey_set:1; - uint8_t HandshakeServerTrafficKey_set:1; - uint8_t HandshakeVerifiedData_set:1; - uint8_t MasterSecret_set:1; - uint8_t ServerTrafficSecret_set:1; - uint8_t ClientTrafficSecret_set:1; - uint8_t ServerWriteTrafficKey_set:1; - uint8_t ClientWriteTrafficKey_set:1; - uint8_t session_key_set:1; -#endif /* WOLFSSL_RENESAS_TSIP_TLS */ - - /* installed key handling */ - tsip_aes_key_index_t user_aes256_key_index; - uint8_t user_aes256_key_set:1; - tsip_aes_key_index_t user_aes128_key_index; - uint8_t user_aes128_key_set:1; + int wrappedKeyType; /* for tsip crypt only mode */ #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifndef NO_RSA @@ -330,17 +186,18 @@ typedef struct TsipUserCtx { } keyflgs_crypt; #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ + /* installed key handling */ + tsip_aes_key_index_t user_aes256_key_index; + uint8_t user_aes256_key_set:1; + tsip_aes_key_index_t user_aes128_key_index; + uint8_t user_aes128_key_set:1; + + TsipUserCtx_Internal* internal; } TsipUserCtx; typedef TsipUserCtx RenesasUserCtx; typedef TsipUserCtx user_PKCbInfo; -typedef struct -{ - TsipUserCtx* userCtx; -} TsipPKCbInfo; - - typedef struct { #if (WOLFSSL_RENESAS_TSIP_VER >=109) diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h new file mode 100644 index 000000000..a4f37957c --- /dev/null +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h @@ -0,0 +1,171 @@ +/* renesas_tsip_internal.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _RENESAS_TSIP_INTERNAL_H_ +#define _RENESAS_TSIP_INTERNAL_H_ + +#include "renesas-tsip-crypt.h" + +#define _ACCESSOR(p) (p->internal) + +struct TsipUserCtx_Internal { + + /* unique number for each session */ + int devId; + + /* client key pair wrapped by provisioning key */ + byte* wrappedPrivateKey; + byte* wrappedPublicKey; + + +#ifdef WOLFSSL_RENESAS_TSIP_TLS + /* 0:working as a TLS client, 1: as a server */ + byte side; + /* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */ + byte key_side; + /* public key index for verification of RootCA cert */ + uint32_t user_key_id; + + /* WOLFSSL object associated with */ + struct WOLFSSL* ssl; + struct WOLFSSL_CTX* ctx; + + /* HEAP_HINT */ + void* heap; + + /* TLSv1.3 handshake related members, mainly keys */ + + /* handle is used as work area for Tls13 handshake */ + tsip_tls13_handle_t handle13; + +#if !defined(NO_RSA) + /* RSA-2048bit private and public key-index for client authentication */ + tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx; + tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx; +#endif /* !NO_RSA */ +#if defined(HAVE_ECC) + /* ECC private and public key-index for client authentication */ + tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx; + tsip_ecc_public_key_index_t EcdsaPublicKeyIdx; +#endif /* HAVE_ECC */ + + /* ECDHE private key index for Tls13 handshake */ + tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx; + + /* ECDHE pre-master secret */ + tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx; + + /* Handshake secret for Tls13 handshake */ + tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx; + + /* the key to decrypt server-finished message */ + tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx; + + /* key for Sha256-Hmac to gen "Client Finished" */ + tsip_hmac_sha_key_index_t clientFinished13Idx; + + /* AES decryption key for handshake */ + tsip_aes_key_index_t serverWriteKey13Idx; + + /* AES encryption key for handshake */ + tsip_aes_key_index_t clientWriteKey13Idx; + + /* Handshake verified data used for master secret */ + word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ]; + + /* master secret for TLS1.3 */ + tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx; + + /* server app traffic secret */ + tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret; + + /* client app traffic secret */ + tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret; + + /* server write key */ + tsip_aes_key_index_t serverAppWriteKey13Idx; + + /* client write key */ + tsip_aes_key_index_t clientAppWriteKey13Idx; + + /* hash handle for transcript hash of handshake messages */ + tsip_hmac_sha_handle_t hmacFinished13Handle; + + /* storage for handshake messages */ + MsgBag messageBag; + + /* signature data area for TLS1.3 CertificateVerify message */ + byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ]; + +#if (WOLFSSL_RENESAS_TSIP_VER >=109) + /* out from R_SCE_TLS_ServerKeyExchangeVerify */ + uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ]; + + /* ephemeral ECDH pubkey index + * got from R_TSIP_GenerateTlsP256EccKeyIndex. + * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key. + */ + tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key; + + /* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit) + * got from R_TSIP_GenerateTlsP256EccKeyIndex. + * Should be sent to peer(server) in Client Key Exchange msg. + */ + uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ]; +#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */ + + /* info to generate session key */ + uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4]; + uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; + uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; + + /* TSIP defined cipher suite number */ + uint32_t tsip_cipher; + /* flags */ +#if !defined(NO_RSA) + uint8_t ClientRsa2048PrivKey_set:1; + uint8_t ClientRsa2048PubKey_set:1; +#endif +#if defined(HAVE_ECC) + uint8_t ClientEccPrivKey_set:1; + uint8_t ClientEccPubKey_set:1; +#endif + + uint8_t HmacInitialized:1; + uint8_t RootCAverified:1; + uint8_t EcdsaPrivKey_set:1; + uint8_t Dhe_key_set:1; + uint8_t SharedSecret_set:1; + uint8_t EarlySecret_set:1; + uint8_t HandshakeSecret_set:1; + uint8_t HandshakeClientTrafficKey_set:1; + uint8_t HandshakeServerTrafficKey_set:1; + uint8_t HandshakeVerifiedData_set:1; + uint8_t MasterSecret_set:1; + uint8_t ServerTrafficSecret_set:1; + uint8_t ClientTrafficSecret_set:1; + uint8_t ServerWriteTrafficKey_set:1; + uint8_t ClientWriteTrafficKey_set:1; + uint8_t session_key_set:1; +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +}; + +#endif From e9def03585eb003a568f053b46105b68bd301ade Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 11 Jul 2025 17:48:36 +0900 Subject: [PATCH 008/346] Null check before accessing instance --- wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 6 ++++-- wolfcrypt/src/port/Renesas/renesas_tsip_util.c | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index 232fbc8a6..15b378ca0 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -113,7 +113,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( WOLFSSL_ENTER("tsip_Tls13AesEncrypt"); - if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) { + if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) || + (ssl->RenesasUserCtx == NULL)) { return BAD_FUNC_ARG; } @@ -260,7 +261,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( WOLFSSL_ENTER("tsip_Tls13AesDecrypt"); - if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) { + if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) || + (ssl->RenesasUserCtx == NULL)) { return BAD_FUNC_ARG; } diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index bc6d31cbe..028f0cafd 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -132,7 +132,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl, WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS"); if (ssl == NULL - || keyBuf == NULL || keyBufLen == 0) { + || keyBuf == NULL || keyBufLen == 0 || ssl->RenesasUserCtx == NULL) { ret = BAD_FUNC_ARG; } @@ -161,7 +161,8 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS"); - if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ) { + if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 || + ssl->RenesasUserCtx == NULL) { ret = BAD_FUNC_ARG; } if (ret == 0){ From c4a178f02947978005e8641d0b87ee919a55465a Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 11 Jul 2025 22:12:49 +0900 Subject: [PATCH 009/346] Remove trailing whitespace --- wolfcrypt/src/port/Renesas/renesas_tsip_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 028f0cafd..d9dcbfc8a 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -161,7 +161,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS"); - if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 || + if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 || ssl->RenesasUserCtx == NULL) { ret = BAD_FUNC_ARG; } From 1a0a3283a0e07252cf21e4af7cc805086c0efb5f Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 10 Jul 2025 12:52:43 -0400 Subject: [PATCH 010/346] Add a test. --- src/tls13.c | 3 +- tests/api.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index dce053278..d597d03c7 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6835,7 +6835,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * * Note that if WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION is defined then the * semantics of RFC 5246 Appendix E will be followed. A ServerHello with - * version 1.2 will be sent. */ + * version 1.2 will be sent. The same is true if TLS 1.3 is not enabled. + */ if (args->pv.major == SSLv3_MAJOR && args->pv.minor >= TLSv1_3_MINOR) { WOLFSSL_MSG("Legacy version field is TLS 1.3 or later. Aborting."); ERROR_OUT(VERSION_ERROR, exit_dch); diff --git a/tests/api.c b/tests/api.c index 0b2bbeb14..c5730f1ed 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13237,6 +13237,87 @@ static int test_tls_ext_duplicate(void) return EXPECT_RESULT(); } + +/* Test TLS connection abort when legacy version field indicates TLS 1.3 or + * higher. Based on test_tls_ext_duplicate() but with legacy version modified + * to 0x0304. + */ +static int test_tls_bad_legacy_version(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION) +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) + /* This is exactly the same as the buffer in test_tls_ext_duplicate() except + * the 11th byte is set to 0x04. That change means the legacy protocol + * version field is invalid. That will be caught before the dulplicate + * signature algorithms extension. */ + const unsigned char clientHelloBadLegacyVersion[] = { + 0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00, + 0x66, 0x03, 0x04, 0xf4, 0x65, 0xbd, 0x22, 0xfe, + 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, + 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, + 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, + 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, + 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, + 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01, + 0x00, 0x9e, 0x01, 0x00, + /* Extensions - duplicate signature algorithms. */ + 0x00, 0x19, 0x00, 0x0d, + 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, 0x00, 0x0d, + 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, + /* Supported Versions extension for TLS 1.3. */ + 0x00, 0x2b, + 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03 + }; + + WOLFSSL_BUFFER_INFO msg; + const char* testCertFile; + const char* testKeyFile; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + WOLFSSL_FILETYPE_PEM)); + + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, BufferInfoRecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, DummySend); + + ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl); + + msg.buffer = (unsigned char*)clientHelloBadLegacyVersion; + msg.length = (unsigned int)sizeof(clientHelloBadLegacyVersion); + wolfSSL_SetIOReadCtx(ssl, &msg); + + ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); + /* Connection should fail due to bad legacy version field. When that + * happens the return code is VERSION_ERROR but that gets transformed into + * SOCKET_ERROR_E. */ + ExpectIntEQ(wolfSSL_get_error(ssl, 0), WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif +#endif + return EXPECT_RESULT(); +} /*----------------------------------------------------------------------------* | X509 Tests *----------------------------------------------------------------------------*/ @@ -68400,6 +68481,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation), TEST_DECL(test_wolfSSL_SCR_Reconnect), TEST_DECL(test_tls_ext_duplicate), + TEST_DECL(test_tls_bad_legacy_version), #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) TEST_DECL(test_wolfSSL_Tls13_ECH_params), From 9fa1d2e75fbecfb3aaf0d5453f5ac3d3c0349f3e Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 11 Jul 2025 11:53:33 -0700 Subject: [PATCH 011/346] Enforce WOLFSSL_MAX_PATH_LEN for ASN original as well. --- wolfcrypt/src/asn.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bf859b1e6..34fdf8e3c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20614,7 +20614,12 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) ret = GetInteger16Bit(input, &idx, (word32)sz); if (ret < 0) return ret; - cert->pathLength = (byte)ret; + else if (ret > WOLFSSL_MAX_PATH_LEN) { + WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E); + return ASN_PATHLEN_SIZE_E; + } + + cert->pathLength = (word16)ret; cert->pathLengthSet = 1; return 0; From dc3209b797a5771d948f06b1bafe2bd810d5ac86 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Fri, 11 Jul 2025 14:59:43 -0400 Subject: [PATCH 012/346] Add macro to .wolfssl_known_macro_extras --- .wolfssl_known_macro_extras | 1 + 1 file changed, 1 insertion(+) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 941708511..9e7a6d4d9 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -611,6 +611,7 @@ WOLFSSL_AESNI_BY6 WOLFSSL_AES_CTR_EXAMPLE WOLFSSL_AFTER_DATE_CLOCK_SKEW WOLFSSL_ALGO_HW_MUTEX +WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION WOLFSSL_ALLOW_CRIT_AIA WOLFSSL_ALLOW_CRIT_AKID WOLFSSL_ALLOW_CRIT_SKID From eb8a3afe3885f6d959df8e36ef2b205e6d6785c7 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 12 Jul 2025 09:49:09 +0900 Subject: [PATCH 013/346] Addressed code review comments --- src/keys.c | 2 +- wolfcrypt/src/port/Renesas/renesas_common.c | 17 +- wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 33 +-- wolfcrypt/src/port/Renesas/renesas_tsip_sha.c | 16 +- .../src/port/Renesas/renesas_tsip_util.c | 253 +++++++++--------- wolfssl/wolfcrypt/include.am | 1 + .../port/Renesas/renesas_tsip_internal.h | 2 - 7 files changed, 163 insertions(+), 161 deletions(-) diff --git a/src/keys.c b/src/keys.c index a2e09d3f9..3b8ce51c7 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3559,7 +3559,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) cbInfo->side = side; #elif defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; - _ACCESSOR(cbInfo)->key_side = side; + cbInfo->internal->key_side = side; #endif ret = ssl->ctx->EncryptKeysCb(ssl, ctx); } diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index d1c87febc..b007fa68b 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -494,7 +494,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) if (gdevId < 0) { gdevId = INITIAL_DEVID; } - _ACCESSOR(cbInfo)->devId = gdevId++; + cbInfo->internal->devId = gdevId++; cmn_hw_unlock(); } else { @@ -502,7 +502,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) return INVALID_DEVID; } - if (wc_CryptoCb_RegisterDevice(_ACCESSOR(cbInfo)->devId, + if (wc_CryptoCb_RegisterDevice(cbInfo->internal->devId, Renesas_cmn_CryptoDevCb, cbInfo) < 0) { /* undo devId number */ gdevId--; @@ -513,12 +513,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \ !defined(HAVE_RENESAS_SYNC) if (ssl) - wolfSSL_SetDevId(ssl, _ACCESSOR(cbInfo)->devId); + wolfSSL_SetDevId(ssl, cbInfo->internal->devId); #endif - gCbCtx[_ACCESSOR(cbInfo)->devId - INITIAL_DEVID] = (void*)cbInfo; + gCbCtx[cbInfo->internal->devId - INITIAL_DEVID] = (void*)cbInfo; - return _ACCESSOR(cbInfo)->devId; + return cbInfo->internal->devId; } /* Renesas Security Library Common Method @@ -764,8 +764,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; - if (_ACCESSOR(cbInfo)->session_key_set == 1) { - switch(_ACCESSOR(cbInfo)->key_side) { + if (cbInfo->internal->session_key_set == 1) { + switch(cbInfo->internal->key_side) { #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; @@ -820,7 +820,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); if (Renesas_cmn_usable(ssl, 0)) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - ret = wc_tsip_generateSessionKey(ssl, cbInfo, _ACCESSOR(cbInfo)->devId); + ret = wc_tsip_generateSessionKey(ssl, cbInfo, + cbInfo->internal->devId); #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId); #endif diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index 15b378ca0..606a48237 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -447,14 +447,15 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM #ifdef WOLFSSL_RENESAS_TSIP_TLS - && cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 + && cbInfo != NULL && + cbInfo->internal->session_key_set == 1 #endif ) { /* prioritize TLS Session Key than User TSIP Aes Key */ /* TODO : identify if Aes API is called through */ /* while doing TLS handshake or Crypt API */ #ifdef WOLFSSL_RENESAS_TSIP_TLS - if (_ACCESSOR(cbInfo)->session_key_set == 1) + if (cbInfo->internal->session_key_set == 1) ret = 0; else #else @@ -500,13 +501,13 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef WOLFSSL_AES_COUNTER if (info->cipher.type == WC_CIPHER_AES_CTR #ifdef WOLFSSL_RENESAS_TSIP_TLS - && cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 + && cbInfo != NULL && cbInfo->internal->session_key_set == 1 #endif ) { int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE); if (remain == 0) { #ifdef WOLFSSL_RENESAS_TSIP_TLS - if (_ACCESSOR(cbInfo)->session_key_set == 1) + if (cbInfo->internal->session_key_set == 1) ret = 0; else #else @@ -530,11 +531,11 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef HAVE_AES_CBC if (info->cipher.type == WC_CIPHER_AES_CBC #ifdef WOLFSSL_RENESAS_TSIP_TLS - && cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 + && cbInfo != NULL && cbInfo->internal->session_key_set == 1 #endif ) { #ifdef WOLFSSL_RENESAS_TSIP_TLS - if (_ACCESSOR(cbInfo)->session_key_set == 1) + if (cbInfo->internal->session_key_set == 1) ret = 0; else #else @@ -873,15 +874,15 @@ int wc_tsip_AesGcmEncrypt( #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ret == 0 && - _ACCESSOR(userCtx)->session_key_set == 1) { + userCtx->internal->session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ err = R_TSIP_TlsGenerateSessionKey( - _ACCESSOR(userCtx)->tsip_cipher, - (uint32_t*)_ACCESSOR(userCtx)->tsip_masterSecret, - (uint8_t*) _ACCESSOR(userCtx)->tsip_clientRandom, - (uint8_t*) _ACCESSOR(userCtx)->tsip_serverRandom, + userCtx->internal->tsip_cipher, + (uint32_t*)userCtx->internal->tsip_masterSecret, + (uint8_t*) userCtx->internal->tsip_clientRandom, + (uint8_t*) userCtx->internal->tsip_serverRandom, &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ NULL, NULL, @@ -1072,15 +1073,15 @@ int wc_tsip_AesGcmDecrypt( #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ret == 0 && - _ACCESSOR(userCtx)->session_key_set == 1) { + userCtx->internal->session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ err = R_TSIP_TlsGenerateSessionKey( - _ACCESSOR(userCtx)->tsip_cipher, - (uint32_t*)_ACCESSOR(userCtx)->tsip_masterSecret, - (uint8_t*) _ACCESSOR(userCtx)->tsip_clientRandom, - (uint8_t*) _ACCESSOR(userCtx)->tsip_serverRandom, + userCtx->internal->tsip_cipher, + (uint32_t*)userCtx->internal->tsip_masterSecret, + (uint8_t*) userCtx->internal->tsip_clientRandom, + (uint8_t*) userCtx->internal->tsip_serverRandom, (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ NULL, NULL, diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c index 6e663dc2a..b805e1e19 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c @@ -82,7 +82,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (tuc == NULL) { ret = CRYPTOCB_UNAVAILABLE; } - else if (!_ACCESSOR(tuc)->HandshakeClientTrafficKey_set) { + else if (!tuc->internal->HandshakeClientTrafficKey_set) { WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP"); ret = CRYPTOCB_UNAVAILABLE; } @@ -97,8 +97,8 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - err = R_TSIP_Sha256HmacGenerateInit(&(_ACCESSOR(tuc)->hmacFinished13Handle), - &(_ACCESSOR(tuc)->clientFinished13Idx)); + err = R_TSIP_Sha256HmacGenerateInit(&(tuc->internal->hmacFinished13Handle), + &(tuc->internal->clientFinished13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed"); @@ -108,7 +108,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { err = R_TSIP_Sha256HmacGenerateUpdate( - &(_ACCESSOR(tuc)->hmacFinished13Handle), + &(tuc->internal->hmacFinished13Handle), (uint8_t*)hash, WC_SHA256_DIGEST_SIZE); @@ -120,7 +120,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { err = R_TSIP_Sha256HmacGenerateFinal( - &(_ACCESSOR(tuc)->hmacFinished13Handle), mac); + &(tuc->internal->hmacFinished13Handle), mac); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed"); ret = WC_HW_E; @@ -185,7 +185,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, /* check if TSIP is used for this session */ if (ret == 0) { - if (!_ACCESSOR(tuc)->Dhe_key_set) { + if (!tuc->internal->Dhe_key_set) { WOLFSSL_MSG("DH key not set."); ret = CRYPTOCB_UNAVAILABLE; } @@ -195,7 +195,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, if (ret == 0) { c24to32(&data[1], &messageSz); - bag = &(_ACCESSOR(tuc)->messageBag); + bag = &(tuc->internal->messageBag); if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES || bag->buffIdx + sz > MSGBAG_SIZE) { @@ -246,7 +246,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash, if (tuc == NULL) { ret = CRYPTOCB_UNAVAILABLE; } - bag = &(_ACCESSOR(tuc)->messageBag); + bag = &(tuc->internal->messageBag); } if (ret == 0) { diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index d9dcbfc8a..02db9a5a5 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -138,7 +138,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl, if (ret == 0){ tuc = ssl->RenesasUserCtx; - _ACCESSOR(tuc)->wrappedPublicKey = (uint8_t*)keyBuf; + tuc->internal->wrappedPublicKey = (uint8_t*)keyBuf; tuc->wrappedKeyType = keyType; } @@ -168,12 +168,13 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, if (ret == 0){ tuc = ssl->RenesasUserCtx; - _ACCESSOR(tuc)->wrappedPrivateKey = (uint8_t*)keyBuf; + tuc->internal->wrappedPrivateKey = (uint8_t*)keyBuf; tuc->wrappedKeyType = keyType; /* store keyType as Id since Id capacity is 32 bytes */ ret = wolfSSL_use_PrivateKey_Id(ssl, - (const unsigned char*)keyBuf, 32, _ACCESSOR(tuc)->devId); + (const unsigned char*)keyBuf, 32, + tuc->internal->devId); if (ret == WOLFSSL_SUCCESS) { ret = 0; } @@ -206,7 +207,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, } if (ret == 0){ - _ACCESSOR(uc)->wrappedPublicKey = (uint8_t*)keyBuf; + uc->internal->wrappedPublicKey = (uint8_t*)keyBuf; uc->wrappedKeyType = keyType; } @@ -232,7 +233,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, ret = BAD_FUNC_ARG; } if (ret == 0){ - _ACCESSOR(uc)->wrappedPrivateKey = (uint8_t*)keyBuf; + uc->internal->wrappedPrivateKey = (uint8_t*)keyBuf; uc->wrappedKeyType = keyType; } @@ -283,7 +284,7 @@ static void tsipFlushMessages(struct WOLFSSL* ssl) return; } - bag = &(_ACCESSOR(tuc)->messageBag); + bag = &(tuc->internal->messageBag); ForceZero(bag, sizeof(MsgBag)); @@ -403,19 +404,19 @@ int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->Dhe_key_set =0; + tuc->internal->Dhe_key_set =0; err = R_TSIP_GenerateTls13P256EccKeyIndex( - &(_ACCESSOR(tuc)->handle13), + &(tuc->internal->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(_ACCESSOR(tuc)->EcdhPrivKey13Idx), /* private key index */ + &(tuc->internal->EcdhPrivKey13Idx), /* private key index */ &(kse->pubKey[1])); /* generated public key */ if (err != TSIP_SUCCESS){ret = WC_HW_E;} if (ret == 0) { WOLFSSL_MSG("ECDH private key-index is stored by TSIP"); - _ACCESSOR(tuc)->Dhe_key_set =1; + tuc->internal->Dhe_key_set =1; } tsip_hw_unlock(); @@ -485,7 +486,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, } if (ret == 0) { - if (!_ACCESSOR(tuc)->Dhe_key_set) { + if (!tuc->internal->Dhe_key_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -494,15 +495,15 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->SharedSecret_set = 0; + tuc->internal->SharedSecret_set = 0; pubkeyraw = kse->ke + 1; /* peer's raw public key data */ /* derive shared secret */ err = R_TSIP_Tls13GenerateEcdheSharedSecret( TSIP_TLS13_MODE_FULL_HANDSHAKE, pubkeyraw, /* peer's ECDHE public key */ - &(_ACCESSOR(tuc)->EcdhPrivKey13Idx), /*(out) own ECDHE priv key */ - &(_ACCESSOR(tuc)->sharedSecret13Idx)); /*(out) PreMasterSecret */ + &(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */ + &(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */ if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error"); @@ -510,7 +511,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, } if (ret == 0) { /* set flag for later tsip operations */ - _ACCESSOR(tuc)->SharedSecret_set = 1; + tuc->internal->SharedSecret_set = 1; } tsip_hw_unlock(); @@ -541,7 +542,7 @@ int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) ret = CRYPTOCB_UNAVAILABLE; } else { - _ACCESSOR(tuc)->EarlySecret_set = 1; + tuc->internal->EarlySecret_set = 1; } } @@ -590,7 +591,7 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) if (ret == 0) { /* check if pre-master secret is generated by tsip */ - if (!_ACCESSOR(tuc)->SharedSecret_set) { + if (!tuc->internal->SharedSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -599,18 +600,18 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->HandshakeSecret_set = 0; + tuc->internal->HandshakeSecret_set = 0; err = R_TSIP_Tls13GenerateHandshakeSecret( - &(_ACCESSOR(tuc)->sharedSecret13Idx), - &(_ACCESSOR(tuc)->handshakeSecret13Idx)); + &(tuc->internal->sharedSecret13Idx), + &(tuc->internal->handshakeSecret13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error"); ret = WC_HW_E; } if (ret == 0) { - _ACCESSOR(tuc)->HandshakeSecret_set = 1; + tuc->internal->HandshakeSecret_set = 1; } tsip_hw_unlock(); } @@ -657,7 +658,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure client handshake secret is generated by tsip */ - if (!_ACCESSOR(tuc)->HandshakeSecret_set) { + if (!tuc->internal->HandshakeSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -671,15 +672,15 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->HandshakeClientTrafficKey_set = 0; + tuc->internal->HandshakeClientTrafficKey_set = 0; err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey( - &(_ACCESSOR(tuc)->handle13), + &(tuc->internal->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(_ACCESSOR(tuc)->handshakeSecret13Idx), + &(tuc->internal->handshakeSecret13Idx), hash, - &(_ACCESSOR(tuc)->clientWriteKey13Idx), - &(_ACCESSOR(tuc)->clientFinished13Idx)); + &(tuc->internal->clientWriteKey13Idx), + &(tuc->internal->clientFinished13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -689,7 +690,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) /* key derivation succeeded */ if (ret == 0) { - _ACCESSOR(tuc)->HandshakeClientTrafficKey_set = 1; + tuc->internal->HandshakeClientTrafficKey_set = 1; } tsip_hw_unlock(); @@ -737,7 +738,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure client handshake secret is generated by tsip */ - if (!_ACCESSOR(tuc)->HandshakeSecret_set) { + if (!tuc->internal->HandshakeSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -751,15 +752,15 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->HandshakeServerTrafficKey_set = 0; + tuc->internal->HandshakeServerTrafficKey_set = 0; err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey( - &(_ACCESSOR(tuc)->handle13), + &(tuc->internal->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(_ACCESSOR(tuc)->handshakeSecret13Idx), + &(tuc->internal->handshakeSecret13Idx), hash, - &(_ACCESSOR(tuc)->serverWriteKey13Idx), - &(_ACCESSOR(tuc)->serverFinished13Idx)); + &(tuc->internal->serverWriteKey13Idx), + &(tuc->internal->serverFinished13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -769,7 +770,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) /* key derivation succeeded */ if (ret == 0) { - _ACCESSOR(tuc)->HandshakeServerTrafficKey_set = 1; + tuc->internal->HandshakeServerTrafficKey_set = 1; } tsip_hw_unlock(); @@ -817,7 +818,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure master secret is generated by tsip */ - if (!_ACCESSOR(tuc)->MasterSecret_set) { + if (!tuc->internal->MasterSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -831,20 +832,20 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->ServerTrafficSecret_set = 0; - _ACCESSOR(tuc)->ClientTrafficSecret_set = 0; - _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 0; - _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 0; + tuc->internal->ServerTrafficSecret_set = 0; + tuc->internal->ClientTrafficSecret_set = 0; + tuc->internal->ServerWriteTrafficKey_set = 0; + tuc->internal->ClientWriteTrafficKey_set = 0; err = R_TSIP_Tls13GenerateApplicationTrafficKey( - &(_ACCESSOR(tuc)->handle13), + &(tuc->internal->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(_ACCESSOR(tuc)->masterSecret13Idx), + &(tuc->internal->masterSecret13Idx), (uint8_t*)hash, - &(_ACCESSOR(tuc)->serverAppTraffic13Secret), - &(_ACCESSOR(tuc)->clientAppTraffic13Secret), - &(_ACCESSOR(tuc)->serverAppWriteKey13Idx), - &(_ACCESSOR(tuc)->clientAppWriteKey13Idx)); + &(tuc->internal->serverAppTraffic13Secret), + &(tuc->internal->clientAppTraffic13Secret), + &(tuc->internal->serverAppWriteKey13Idx), + &(tuc->internal->clientAppWriteKey13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -854,10 +855,10 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) /* key derivation succeeded */ if (ret == 0) { - _ACCESSOR(tuc)->ServerTrafficSecret_set = 1; - _ACCESSOR(tuc)->ClientTrafficSecret_set = 1; - _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 1; - _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 1; + tuc->internal->ServerTrafficSecret_set = 1; + tuc->internal->ClientTrafficSecret_set = 1; + tuc->internal->ServerWriteTrafficKey_set = 1; + tuc->internal->ClientWriteTrafficKey_set = 1; } tsip_hw_unlock(); @@ -904,7 +905,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure application secret is generated by tsip */ - if (!_ACCESSOR(tuc)->ClientTrafficSecret_set) { + if (!tuc->internal->ClientTrafficSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -912,21 +913,21 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 0; + tuc->internal->ClientWriteTrafficKey_set = 0; err = R_TSIP_Tls13UpdateApplicationTrafficKey( - &(_ACCESSOR(tuc)->handle13), + &(tuc->internal->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_UPDATE_CLIENT_KEY, - &(_ACCESSOR(tuc)->clientAppTraffic13Secret), - &(_ACCESSOR(tuc)->clientAppTraffic13Secret), - &(_ACCESSOR(tuc)->clientAppWriteKey13Idx)); + &(tuc->internal->clientAppTraffic13Secret), + &(tuc->internal->clientAppTraffic13Secret), + &(tuc->internal->clientAppWriteKey13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); ret = WC_HW_E; } else { - _ACCESSOR(tuc)->ClientWriteTrafficKey_set = 1; + tuc->internal->ClientWriteTrafficKey_set = 1; } tsip_hw_unlock(); } @@ -972,7 +973,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* make sure application secret is generated by tsip */ - if (!_ACCESSOR(tuc)->ServerTrafficSecret_set) { + if (!tuc->internal->ServerTrafficSecret_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -980,21 +981,21 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 0; + tuc->internal->ServerWriteTrafficKey_set = 0; err = R_TSIP_Tls13UpdateApplicationTrafficKey( - &(_ACCESSOR(tuc)->handle13), + &(tuc->internal->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_UPDATE_SERVER_KEY, - &(_ACCESSOR(tuc)->serverAppTraffic13Secret), - &(_ACCESSOR(tuc)->serverAppTraffic13Secret), - &(_ACCESSOR(tuc)->serverAppWriteKey13Idx)); + &(tuc->internal->serverAppTraffic13Secret), + &(tuc->internal->serverAppTraffic13Secret), + &(tuc->internal->serverAppWriteKey13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); ret = WC_HW_E; } else { - _ACCESSOR(tuc)->ServerWriteTrafficKey_set = 1; + tuc->internal->ServerWriteTrafficKey_set = 1; } tsip_hw_unlock(); } @@ -1133,8 +1134,8 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) } if (ret == 0) { /* make sure handshake secret and verify data has been set by TSIP */ - if (!_ACCESSOR(tuc)->HandshakeSecret_set || - !_ACCESSOR(tuc)->HandshakeVerifiedData_set) { + if (!tuc->internal->HandshakeSecret_set || + !tuc->internal->HandshakeVerifiedData_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -1142,14 +1143,14 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->MasterSecret_set = 0; + tuc->internal->MasterSecret_set = 0; err = R_TSIP_Tls13GenerateMasterSecret( - &(_ACCESSOR(tuc)->handle13), + &(tuc->internal->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(_ACCESSOR(tuc)->handshakeSecret13Idx), - (uint32_t*)_ACCESSOR(tuc)->verifyData13Idx, - &(_ACCESSOR(tuc)->masterSecret13Idx)); + &(tuc->internal->handshakeSecret13Idx), + (uint32_t*)tuc->internal->verifyData13Idx, + &(tuc->internal->masterSecret13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG( @@ -1158,7 +1159,7 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) } if (ret == 0) { - _ACCESSOR(tuc)->MasterSecret_set = 1; + tuc->internal->MasterSecret_set = 1; } tsip_hw_unlock(); @@ -1212,7 +1213,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, if (ret == 0) { /* make sure handshake secret is generated by tsip */ - if (!_ACCESSOR(tuc)->HandshakeServerTrafficKey_set) { + if (!tuc->internal->HandshakeServerTrafficKey_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; } @@ -1225,14 +1226,14 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - _ACCESSOR(tuc)->HandshakeVerifiedData_set = 0; + tuc->internal->HandshakeVerifiedData_set = 0; err = R_TSIP_Tls13ServerHandshakeVerification( TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(_ACCESSOR(tuc)->serverFinished13Idx), + &(tuc->internal->serverFinished13Idx), (uint8_t*)msgHash, (uint8_t*)hash, - (uint32_t*)(_ACCESSOR(tuc)->verifyData13Idx)); + (uint32_t*)(tuc->internal->verifyData13Idx)); if (err == TSIP_ERR_VERIFICATION_FAIL) { WOLFSSL_MSG("Handshake verification error"); @@ -1244,7 +1245,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, } if (ret == 0) { WOLFSSL_MSG("Verified handshake"); - _ACCESSOR(tuc)->HandshakeVerifiedData_set = 1; + tuc->internal->HandshakeVerifiedData_set = 1; } tsip_hw_unlock(); @@ -1547,10 +1548,10 @@ int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, if (ret == 0) { /* create sign data */ - sigData = _ACCESSOR(tuc)->sigDataCertVerify; + sigData = tuc->internal->sigDataCertVerify; idx = 0; - ForceZero(sigData, sizeof(_ACCESSOR(tuc)->sigDataCertVerify)); + ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify)); XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, TSIP_SIGNING_DATA_PREFIX_SZ); @@ -1688,12 +1689,12 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) if (ret == 0) { if (isRsa) { - if (!_ACCESSOR(tuc)->ClientRsa2048PrivKey_set) { + if (!tuc->internal->ClientRsa2048PrivKey_set) { ret = NO_PRIVATE_KEY; } } else { - if (!_ACCESSOR(tuc)->ClientEccPrivKey_set) { + if (!tuc->internal->ClientEccPrivKey_set) { ret = NO_PRIVATE_KEY; } } @@ -1726,7 +1727,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) if ((ret = tsip_hw_lock()) == 0) { if (isRsa) { err = R_TSIP_Tls13CertificateVerifyGenerate( - (uint32_t*)&(_ACCESSOR(tuc)->Rsa2048PrivateKeyIdx), + (uint32_t*)&(tuc->internal->Rsa2048PrivateKeyIdx), TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256, hash, message + HANDSHAKE_HEADER_SZ, @@ -1734,7 +1735,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } else { err = R_TSIP_Tls13CertificateVerifyGenerate( - (uint32_t*)&(_ACCESSOR(tuc)->EcdsaPrivateKeyIdx), + (uint32_t*)&(tuc->internal->EcdsaPrivateKeyIdx), TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, hash, message + HANDSHAKE_HEADER_SZ, @@ -1764,7 +1765,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) if (ret == 0) { if (isRsa) { - if (!_ACCESSOR(tuc)->ClientRsa2048PubKey_set) { + if (!tuc->internal->ClientRsa2048PubKey_set) { ret = NO_PRIVATE_KEY; } } @@ -1778,10 +1779,10 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } if (ret == 0) { - sigData = _ACCESSOR(tuc)->sigDataCertVerify; + sigData = tuc->internal->sigDataCertVerify; idx = 0; - ForceZero(sigData, sizeof(_ACCESSOR(tuc)->sigDataCertVerify)); + ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify)); XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, TSIP_SIGNING_DATA_PREFIX_SZ); @@ -1824,7 +1825,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl) err = R_TSIP_RsassaPss2048SignatureVerification( &rsa_sig, &rsa_hash, - &(_ACCESSOR(tuc))->Rsa2048PublicKeyIdx, + &(tuc->internal)->Rsa2048PublicKeyIdx, R_TSIP_RSA_HASH_SHA256); WOLFSSL_MSG("Perform self-verify for rsa signature"); } @@ -2011,7 +2012,7 @@ static int tsip_ServerKeyExVerify( (uint8_t*) peerkey, (uint8_t*) sig, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, - (uint32_t*)_ACCESSOR(userCtx)->encrypted_ephemeral_ecdh_public_key); + (uint32_t*)userCtx->internal->encrypted_ephemeral_ecdh_public_key); if (ret !=TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed"); @@ -2168,21 +2169,21 @@ int wc_tsip_EccSharedSecret( if ((ret = tsip_hw_lock()) == 0) { /* Generate ECC public key for key exchange */ ret = R_TSIP_GenerateTlsP256EccKeyIndex( - &(_ACCESSOR(usrCtx))->ecc_p256_wrapped_key, - (uint8_t*)&(_ACCESSOR(usrCtx))->ecc_ecdh_public_key); + &(usrCtx->internal->ecc_p256_wrapped_key), + (uint8_t*)&(usrCtx->internal->ecc_ecdh_public_key)); if (ret == TSIP_SUCCESS) { /* copy generated ecdh public key into buffer */ pubKeyDer[0] = ECC_POINT_UNCOMP; - *pubKeySz = 1 + sizeof((_ACCESSOR(usrCtx))->ecc_ecdh_public_key); - XMEMCPY(&pubKeyDer[1], &(_ACCESSOR(usrCtx))->ecc_ecdh_public_key, - sizeof(_ACCESSOR(usrCtx)->ecc_ecdh_public_key)); + *pubKeySz = 1 + sizeof(usrCtx->internal->ecc_ecdh_public_key); + XMEMCPY(&pubKeyDer[1], &(usrCtx->internal->ecc_ecdh_public_key), + sizeof(usrCtx->internal->ecc_ecdh_public_key)); /* Generate Premaster Secret */ ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key( - (uint32_t*)&(_ACCESSOR(usrCtx))->encrypted_ephemeral_ecdh_public_key, - &(_ACCESSOR(usrCtx))->ecc_p256_wrapped_key, + (uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key), + &(usrCtx->internal->ecc_p256_wrapped_key), (uint32_t*)out/* pre-master secret 64 bytes */); } if (ret == TSIP_SUCCESS) { @@ -2261,10 +2262,10 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal)); - _ACCESSOR(uCtx)->ssl = ssl; - _ACCESSOR(uCtx)->ctx = ssl->ctx; - _ACCESSOR(uCtx)->heap = ssl->heap; - _ACCESSOR(uCtx)->side = ssl->ctx->method->side; + uCtx->internal->ssl = ssl; + uCtx->internal->ctx = ssl->ctx; + uCtx->internal->heap = ssl->heap; + uCtx->internal->side = ssl->ctx->method->side; ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */ @@ -2331,7 +2332,7 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType) if (tuc == NULL) return BAD_FUNC_ARG; - encPrivKey = _ACCESSOR(tuc)->wrappedPrivateKey; + encPrivKey = tuc->internal->wrappedPrivateKey; if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) { WOLFSSL_MSG("Missing some key materials used for import" ); @@ -2351,12 +2352,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType) #if !defined(NO_RSA) case TSIP_KEY_TYPE_RSA2048: - _ACCESSOR(tuc)->ClientRsa2048PrivKey_set = 0; + tuc->internal->ClientRsa2048PrivKey_set = 0; err = R_TSIP_GenerateRsa2048PrivateKeyIndex( provisioning_key, iv, (uint8_t*)encPrivKey, - &(_ACCESSOR(tuc)->Rsa2048PrivateKeyIdx)); + &(tuc->internal->Rsa2048PrivateKeyIdx)); if (err == TSIP_SUCCESS) { - _ACCESSOR(tuc)->ClientRsa2048PrivKey_set = 1; + tuc->internal->ClientRsa2048PrivKey_set = 1; } else { ret = WC_HW_E; @@ -2372,12 +2373,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType) #if defined(HAVE_ECC) case TSIP_KEY_TYPE_ECDSAP256: - _ACCESSOR(tuc)->ClientEccPrivKey_set = 0; + tuc->internal->ClientEccPrivKey_set = 0; err = R_TSIP_GenerateEccP256PrivateKeyIndex( provisioning_key, iv, (uint8_t*)encPrivKey, - &(_ACCESSOR(tuc)->EcdsaPrivateKeyIdx)); + &(tuc->internal->EcdsaPrivateKeyIdx)); if (err == TSIP_SUCCESS) { - _ACCESSOR(tuc)->ClientEccPrivKey_set = 1; + tuc->internal->ClientEccPrivKey_set = 1; } else { ret = WC_HW_E; @@ -2446,7 +2447,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) (defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1)) case TSIP_KEY_TYPE_RSA2048: #if defined(WOLFSSL_RENESAS_TSIP_TLS) - _ACCESSOR(tuc)->ClientRsa2048PubKey_set = 0; + tuc->internal->ClientRsa2048PubKey_set = 0; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0; @@ -2461,14 +2462,14 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) err = R_TSIP_GenerateRsa2048PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, #if defined(WOLFSSL_RENESAS_TSIP_TLS) - &(_ACCESSOR(tuc)->Rsa2048PublicKeyIdx) + &(tuc->internal->Rsa2048PublicKeyIdx) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->rsa2048pub_keyIdx #endif ); if (err == TSIP_SUCCESS) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - _ACCESSOR(tuc)->ClientRsa2048PubKey_set = 1; + tuc->internal->ClientRsa2048PubKey_set = 1; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1; #endif @@ -2488,7 +2489,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP384: #if defined(WOLFSSL_RENESAS_TSIP_TLS) - _ACCESSOR(tuc)->ClientEccPubKey_set = 0; + tuc->internal->ClientEccPubKey_set = 0; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->keyflgs_crypt.bits.eccpub_key_set = 0; #endif @@ -2497,7 +2498,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) err = R_TSIP_GenerateEccP256PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, #if defined(WOLFSSL_RENESAS_TSIP_TLS) - &(_ACCESSOR(tuc)->EcdsaPublicKeyIdx) + &(tuc->internal->EcdsaPublicKeyIdx) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) &tuc->eccpub_keyIdx #endif @@ -2511,7 +2512,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) err = R_TSIP_GenerateEccP384PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, #if defined(WOLFSSL_RENESAS_TSIP_TLS) - &(_ACCESSOR(tuc)->EcdsaPublicKeyIdx) + &(tuc->internal->EcdsaPublicKeyIdx) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) &tuc->eccpub_keyIdx #endif @@ -2522,7 +2523,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) } if (err == TSIP_SUCCESS) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - _ACCESSOR(tuc)->ClientEccPubKey_set = 1; + tuc->internal->ClientEccPubKey_set = 1; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) tuc->keyflgs_crypt.bits.eccpub_key_set = 1; #endif @@ -3268,9 +3269,9 @@ int wc_tsip_generateSessionKey( /* ready-for-use flag will be set when SetKeySide() is called */ } - if (_ACCESSOR(ctx)->tsip_cipher == + if (ctx->internal->tsip_cipher == R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || - _ACCESSOR(ctx)->tsip_cipher == + ctx->internal->tsip_cipher == R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { enc->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ; @@ -3279,7 +3280,7 @@ int wc_tsip_generateSessionKey( enc->aes->devId = devId; dec->aes->devId = devId; - _ACCESSOR(ctx)->session_key_set = 1; + ctx->internal->session_key_set = 1; } /* unlock hw */ tsip_hw_unlock(); @@ -3382,13 +3383,13 @@ int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx) ret = BAD_FUNC_ARG; if (ret == 0) { - XMEMCPY(_ACCESSOR(userCtx)->tsip_masterSecret, + XMEMCPY(userCtx->internal->tsip_masterSecret, ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE); - XMEMCPY(_ACCESSOR(userCtx)->tsip_clientRandom, + XMEMCPY(userCtx->internal->tsip_clientRandom, ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ); - XMEMCPY(_ACCESSOR(userCtx)->tsip_serverRandom, + XMEMCPY(userCtx->internal->tsip_serverRandom, ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ); - _ACCESSOR(userCtx)->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0, + userCtx->internal->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0, ssl->options.cipherSuite); } @@ -3686,7 +3687,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) if (info == NULL || tuc == NULL #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY - || _ACCESSOR(tuc)->ssl == NULL + || tuc->internal->ssl == NULL #endif ) { ret = BAD_FUNC_ARG; @@ -3694,7 +3695,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) #ifdef WOLFSSL_RENESAS_TSIP_TLS if (ret == 0) { - ssl = _ACCESSOR(tuc)->ssl; + ssl = tuc->internal->ssl; if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { @@ -3791,7 +3792,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) err = R_TSIP_RsassaPkcs2048SignatureGenerate( &hashData, &sigData, #ifdef WOLFSSL_RENESAS_TSIP_TLS - &(_ACCESSOR(tuc))->Rsa2048PrivateKeyIdx, + &(tuc->internal->Rsa2048PrivateKeyIdx), #else (tsip_rsa2048_private_key_index_t*) tuc->rsa2048pri_keyIdx, @@ -3892,7 +3893,7 @@ int tsip_VerifyRsaPkcsCb( case TSIP_KEY_TYPE_RSA2048: err = R_TSIP_RsassaPkcs2048SignatureVerification( &sigData, &hashData, - &(_ACCESSOR(tuc))->Rsa2048PublicKeyIdx, + &(tuc->internal->Rsa2048PublicKeyIdx), tsip_hash_type); if (err == TSIP_ERR_AUTHENTICATION) { @@ -3964,7 +3965,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) } if (ret == 0) { - ssl = _ACCESSOR(tuc)->ssl; + ssl = tuc->internal->ssl; if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { @@ -3999,7 +4000,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) offsetForWork; err = R_TSIP_EcdsaP256SignatureGenerate( &hashData, &sigData, - &(_ACCESSOR(tuc))->EcdsaPrivateKeyIdx); + &(tuc->internal->EcdsaPrivateKeyIdx)); if (err != TSIP_SUCCESS) { ret = WC_HW_E; break; diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index bf798d366..a19af7426 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -120,6 +120,7 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \ wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \ wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \ + wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h \ wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \ wolfssl/wolfcrypt/port/maxim/max3266x.h \ wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h index a4f37957c..1459cd8ea 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h @@ -23,8 +23,6 @@ #include "renesas-tsip-crypt.h" -#define _ACCESSOR(p) (p->internal) - struct TsipUserCtx_Internal { /* unique number for each session */ From ec252a73e234bb9893b651727ee60238408ea39f Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 12 Jul 2025 10:26:28 +0900 Subject: [PATCH 014/346] fix whitespace and long line --- wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 5 +- wolfcrypt/src/port/Renesas/renesas_tsip_sha.c | 13 +++-- .../src/port/Renesas/renesas_tsip_util.c | 58 ++++++++++--------- 3 files changed, 40 insertions(+), 36 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index 606a48237..dd9677889 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -271,7 +271,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( } /* get user context for TSIP */ - tuc = (TsipUserCtx_Internal*)((TsipUserCtx*)(ssl->RenesasUserCtx))->internal; + tuc = (TsipUserCtx_Internal*) + ((TsipUserCtx*)(ssl->RenesasUserCtx))->internal; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); return CRYPTOCB_UNAVAILABLE; @@ -447,7 +448,7 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM #ifdef WOLFSSL_RENESAS_TSIP_TLS - && cbInfo != NULL && + && cbInfo != NULL && cbInfo->internal->session_key_set == 1 #endif ) { diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c index b805e1e19..ae838b44c 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c @@ -97,8 +97,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - err = R_TSIP_Sha256HmacGenerateInit(&(tuc->internal->hmacFinished13Handle), - &(tuc->internal->clientFinished13Idx)); + err = R_TSIP_Sha256HmacGenerateInit( + &(tuc->internal->hmacFinished13Handle), + &(tuc->internal->clientFinished13Idx)); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed"); @@ -108,9 +109,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { err = R_TSIP_Sha256HmacGenerateUpdate( - &(tuc->internal->hmacFinished13Handle), - (uint8_t*)hash, - WC_SHA256_DIGEST_SIZE); + &(tuc->internal->hmacFinished13Handle), + (uint8_t*)hash, + WC_SHA256_DIGEST_SIZE); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate failed"); @@ -120,7 +121,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) if (ret == 0) { err = R_TSIP_Sha256HmacGenerateFinal( - &(tuc->internal->hmacFinished13Handle), mac); + &(tuc->internal->hmacFinished13Handle), mac); if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed"); ret = WC_HW_E; diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 02db9a5a5..b9c7536da 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -407,10 +407,10 @@ int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) tuc->internal->Dhe_key_set =0; err = R_TSIP_GenerateTls13P256EccKeyIndex( - &(tuc->internal->handle13), - TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->internal->EcdhPrivKey13Idx), /* private key index */ - &(kse->pubKey[1])); /* generated public key */ + &(tuc->internal->handle13), + TSIP_TLS13_MODE_FULL_HANDSHAKE, + &(tuc->internal->EcdhPrivKey13Idx),/* private key index */ + &(kse->pubKey[1])); /* generated public key */ if (err != TSIP_SUCCESS){ret = WC_HW_E;} @@ -500,10 +500,10 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, /* derive shared secret */ err = R_TSIP_Tls13GenerateEcdheSharedSecret( - TSIP_TLS13_MODE_FULL_HANDSHAKE, - pubkeyraw, /* peer's ECDHE public key */ - &(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */ - &(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */ + TSIP_TLS13_MODE_FULL_HANDSHAKE, + pubkeyraw, /* peer's ECDHE public key */ + &(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */ + &(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */ if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error"); @@ -1229,11 +1229,11 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, tuc->internal->HandshakeVerifiedData_set = 0; err = R_TSIP_Tls13ServerHandshakeVerification( - TSIP_TLS13_MODE_FULL_HANDSHAKE, - &(tuc->internal->serverFinished13Idx), - (uint8_t*)msgHash, - (uint8_t*)hash, - (uint32_t*)(tuc->internal->verifyData13Idx)); + TSIP_TLS13_MODE_FULL_HANDSHAKE, + &(tuc->internal->serverFinished13Idx), + (uint8_t*)msgHash, + (uint8_t*)hash, + (uint32_t*)(tuc->internal->verifyData13Idx)); if (err == TSIP_ERR_VERIFICATION_FAIL) { WOLFSSL_MSG("Handshake verification error"); @@ -2182,9 +2182,9 @@ int wc_tsip_EccSharedSecret( /* Generate Premaster Secret */ ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key( - (uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key), - &(usrCtx->internal->ecc_p256_wrapped_key), - (uint32_t*)out/* pre-master secret 64 bytes */); + (uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key), + &(usrCtx->internal->ecc_p256_wrapped_key), + (uint32_t*)out/* pre-master secret 64 bytes */); } if (ret == TSIP_SUCCESS) { *outlen = 64; @@ -2251,9 +2251,10 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) ForceZero(uCtx, sizeof(TsipUserCtx)); - uCtx->internal = (TsipUserCtx_Internal*)XMALLOC(sizeof(TsipUserCtx_Internal), - ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + uCtx->internal = + (TsipUserCtx_Internal*)XMALLOC(sizeof(TsipUserCtx_Internal), + ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (!uCtx->internal) { printf("Failed to allocate memory for user ctx internal"); @@ -3389,8 +3390,9 @@ int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx) ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ); XMEMCPY(userCtx->internal->tsip_serverRandom, ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ); - userCtx->internal->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0, - ssl->options.cipherSuite); + userCtx->internal->tsip_cipher = GetTsipCipherSuite( + ssl->options.cipherSuite0, + ssl->options.cipherSuite); } WOLFSSL_LEAVE("tsip_storeKeyCtx", ret); @@ -3792,9 +3794,9 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) err = R_TSIP_RsassaPkcs2048SignatureGenerate( &hashData, &sigData, #ifdef WOLFSSL_RENESAS_TSIP_TLS - &(tuc->internal->Rsa2048PrivateKeyIdx), + &(tuc->internal->Rsa2048PrivateKeyIdx), #else - (tsip_rsa2048_private_key_index_t*) + (tsip_rsa2048_private_key_index_t*) tuc->rsa2048pri_keyIdx, #endif tsip_hash_type); @@ -3892,9 +3894,9 @@ int tsip_VerifyRsaPkcsCb( #if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1 case TSIP_KEY_TYPE_RSA2048: err = R_TSIP_RsassaPkcs2048SignatureVerification( - &sigData, &hashData, - &(tuc->internal->Rsa2048PublicKeyIdx), - tsip_hash_type); + &sigData, &hashData, + &(tuc->internal->Rsa2048PublicKeyIdx), + tsip_hash_type); if (err == TSIP_ERR_AUTHENTICATION) { ret = VERIFY_CERT_ERROR; @@ -3999,8 +4001,8 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) sigData.pdata = (uint8_t*)info->pk.eccsign.out + offsetForWork; err = R_TSIP_EcdsaP256SignatureGenerate( - &hashData, &sigData, - &(tuc->internal->EcdsaPrivateKeyIdx)); + &hashData, &sigData, + &(tuc->internal->EcdsaPrivateKeyIdx)); if (err != TSIP_SUCCESS) { ret = WC_HW_E; break; From 429ccd54565bd5b3269f06685b41736112f1cf93 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Fri, 11 Jul 2025 16:08:53 -0400 Subject: [PATCH 015/346] Add callback functions for custom AES key wrap/unwrap operations --- doc/dox_comments/header_files/pkcs7.h | 48 +++++++++ tests/api.c | 136 ++++++++++++++++++++++++++ wolfcrypt/src/pkcs7.c | 72 ++++++++++---- wolfssl/wolfcrypt/pkcs7.h | 9 ++ 4 files changed, 246 insertions(+), 19 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index be5a75c43..577ae7c11 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -1,3 +1,19 @@ +/*! + \ingroup PKCS7 + + \brief Callback used for a custom AES key wrap/unwrap operation. + + key/keySz specify the key to use. + in/inSz specify the input data to wrap/unwrap. + out/outSz specify the output buffer. + + The size of the wrapped/unwrapped key written to the output buffer should + be returned on success. A 0 return value or error code (< 0) indicates a + failure. +*/ +typedef int (*CallbackAESKeyWrap)(const byte* key, word32 keySz, + const byte* in, word32 inSz, byte* out, word32 outSz); + /*! \ingroup PKCS7 @@ -477,6 +493,38 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, word32 pkiMsgFootSz); +/*! + \ingroup PKCS7 + + \brief Set the callback function to be used to perform a custom AES key + wrap operation. + + \retval 0 Callback function was set successfully + \retval BAD_FUNC_ARG Parameter pkcs7 is NULL + + \param pkcs7 pointer to the PKCS7 structure + \param aesKeyWrapCb pointer to custom AES key wrap function + + \sa wc_PKCS7_SetAESKeyUnwrapCb +*/ +int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyWrapCb); + +/*! + \ingroup PKCS7 + + \brief Set the callback function to be used to perform a custom AES key + unwrap operation. + + \retval 0 Callback function was set successfully + \retval BAD_FUNC_ARG Parameter pkcs7 is NULL + + \param pkcs7 pointer to the PKCS7 structure + \param aesKeyUnwrapCb pointer to custom AES key unwrap function + + \sa wc_PKCS7_SetAESKeyWrapCb +*/ +int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyUnwrapCb); + /*! \ingroup PKCS7 diff --git a/tests/api.c b/tests/api.c index 49b6f4634..2ce79d779 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17995,6 +17995,141 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) } /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */ +#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) +static int wasAESKeyWrapCbCalled = 0; +static int wasAESKeyUnwrapCbCalled = 0; + +static int testAESKeyWrapCb(const byte* key, word32 keySz, + const byte* in, word32 inSz, byte* out, word32 outSz) +{ + (void)key; + (void)keySz; + wasAESKeyWrapCbCalled = 1; + XMEMSET(out, 0xEE, outSz); + if (inSz <= outSz) { + XMEMCPY(out, in, inSz); + } + return inSz; +} + +static int testAESKeyUnwrapCb(const byte* key, word32 keySz, + const byte* in, word32 inSz, byte* out, word32 outSz) +{ + (void)key; + (void)keySz; + wasAESKeyUnwrapCbCalled = 1; + XMEMSET(out, 0xEE, outSz); + if (inSz <= outSz) { + XMEMCPY(out, in, inSz); + } + return inSz; +} +#endif + + +/* + * Test custom AES key wrap/unwrap callback + */ +static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + static const char input[] = "Test input for AES key wrapping"; + PKCS7 * pkcs7 = NULL; + byte * eccCert = NULL; + byte * eccPrivKey = NULL; + word32 eccCertSz = 0; + word32 eccPrivKeySz = 0; + byte output[ONEK_BUF]; + byte decoded[sizeof(input)/sizeof(char)]; + int decodedSz = 0; +#ifdef ECC_TIMING_RESISTANT + WC_RNG rng; +#endif + + /* Load test certs */ + #ifdef USE_CERT_BUFFERS_256 + ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + /* Init buffer. */ + eccCertSz = (word32)sizeof_cliecc_cert_der_256; + if (eccCert != NULL) { + XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); + } + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; + if (eccPrivKey != NULL) { + XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); + } + #else /* File system. */ + ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE); + eccCertSz = (word32)FOURK_BUF; + ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, + certFile)) > 0); + if (certFile != XBADFILE) { + XFCLOSE(certFile); + } + ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE); + eccPrivKeySz = (word32)FOURK_BUF; + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, + keyFile)) > 0); + if (keyFile != XBADFILE) { + XFCLOSE(keyFile); + } + #endif /* USE_CERT_BUFFERS_256 */ + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, eccCertSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = (byte*)input; + pkcs7->contentSz = sizeof(input); + pkcs7->contentOID = DATA; + pkcs7->encryptOID = AES256CBCb; + pkcs7->keyWrapOID = AES256_WRAP; + pkcs7->keyAgreeOID = dhSinglePass_stdDH_sha256kdf_scheme; + pkcs7->privateKey = eccPrivKey; + pkcs7->privateKeySz = eccPrivKeySz; + pkcs7->singleCert = eccCert; + pkcs7->singleCertSz = (word32)eccCertSz; +#ifdef ECC_TIMING_RESISTANT + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + pkcs7->rng = &rng; +#endif + } + + /* Test custom AES key wrap/unwrap callback */ + ExpectIntEQ(wc_PKCS7_SetAESKeyWrapCb(pkcs7, testAESKeyWrapCb), 0); + ExpectIntEQ(wc_PKCS7_SetAESKeyUnwrapCb(pkcs7, testAESKeyUnwrapCb), 0); + + ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, + (word32)sizeof(output)), 0); + + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)); + ExpectIntGE(decodedSz, 0); + /* Verify the size of each buffer. */ + ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz); + + ExpectIntEQ(wasAESKeyWrapCbCalled, 1); + ExpectIntEQ(wasAESKeyUnwrapCbCalled, 1); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef ECC_TIMING_RESISTANT + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif +#endif + return EXPECT_RESULT(); +} + /* * Testing wc_PKCS7_EncodeEncryptedData() */ @@ -67781,6 +67916,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_PKCS7_VerifySignedData_ECC), TEST_DECL(test_wc_PKCS7_DecodeEnvelopedData_stream), TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData), + TEST_DECL(test_wc_PKCS7_SetAESKeyWrapUnwrapCb), TEST_DECL(test_wc_PKCS7_EncodeEncryptedData), TEST_DECL(test_wc_PKCS7_DecodeEncryptedKeyPackage), TEST_DECL(test_wc_PKCS7_Degenerate), diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index b2d2bd9f6..6b134e25f 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6814,8 +6814,9 @@ static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len) } -/* wrap CEK (content encryption key) with KEK, 0 on success, < 0 on error */ -static int wc_PKCS7_KeyWrap(byte* cek, word32 cekSz, byte* kek, +/* wrap CEK (content encryption key) with KEK, returns output size (> 0) on + * success, < 0 on error */ +static int wc_PKCS7_KeyWrap(wc_PKCS7 * pkcs7, byte* cek, word32 cekSz, byte* kek, word32 kekSz, byte* out, word32 outSz, int keyWrapAlgo, int direction) { @@ -6837,14 +6838,24 @@ static int wc_PKCS7_KeyWrap(byte* cek, word32 cekSz, byte* kek, #endif if (direction == AES_ENCRYPTION) { - - ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz, - out, outSz, NULL); + if (pkcs7->aesKeyWrapCb != NULL) { + ret = pkcs7->aesKeyWrapCb(kek, kekSz, cek, cekSz, + out, outSz); + } + else { + ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz, + out, outSz, NULL); + } } else if (direction == AES_DECRYPTION) { - - ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz, - out, outSz, NULL); + if (pkcs7->aesKeyUnwrapCb != NULL) { + ret = pkcs7->aesKeyUnwrapCb(kek, kekSz, cek, cekSz, + out, outSz); + } + else { + ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz, + out, outSz, NULL); + } } else { WOLFSSL_MSG("Bad key un/wrap direction"); return BAD_FUNC_ARG; @@ -7548,7 +7559,7 @@ int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz, } /* encrypt CEK with KEK */ - keySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kari->kek, + keySz = wc_PKCS7_KeyWrap(pkcs7, pkcs7->cek, pkcs7->cekSz, kari->kek, kari->kekSz, encryptedKey, encryptedKeySz, keyWrapOID, direction); if (keySz <= 0) { @@ -9630,9 +9641,8 @@ int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek, direction = DES_ENCRYPTION; #endif - encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz, - encryptedKey, (word32)encryptedKeySz, keyWrapOID, - direction); + encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7, pkcs7->cek, pkcs7->cekSz, kek, + kekSz, encryptedKey, (word32)encryptedKeySz, keyWrapOID, direction); if (encryptedKeySz < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11082,6 +11092,30 @@ int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb) return 0; } + +/* return 0 on success */ +int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyWrapCb) +{ + if (pkcs7 == NULL) + return BAD_FUNC_ARG; + + pkcs7->aesKeyWrapCb = aesKeyWrapCb; + + return 0; +} + + +/* return 0 on success */ +int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyUnwrapCb) +{ + if (pkcs7 == NULL) + return BAD_FUNC_ARG; + + pkcs7->aesKeyUnwrapCb = aesKeyUnwrapCb; + + return 0; +} + /* Decrypt ASN.1 OtherRecipientInfo (ori), as defined by: * * OtherRecipientInfo ::= SEQUENCE { @@ -11529,10 +11563,9 @@ static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz, (int)PKCS7_KEKRI, direction); } else { - keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length, - pkcs7->privateKey, pkcs7->privateKeySz, - decryptedKey, *decryptedKeySz, - (int)keyWrapOID, direction); + keySz = wc_PKCS7_KeyWrap(pkcs7, pkiMsg + *idx, (word32)length, + pkcs7->privateKey, pkcs7->privateKeySz, decryptedKey, + *decryptedKeySz, (int)keyWrapOID, direction); } if (keySz <= 0) return keySz; @@ -11795,9 +11828,10 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, } /* decrypt CEK with KEK */ - keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz, - kari->kek, kari->kekSz, decryptedKey, *decryptedKeySz, - (int)keyWrapOID, direction); + keySz = wc_PKCS7_KeyWrap(pkcs7, encryptedKey, + (word32)encryptedKeySz, kari->kek, kari->kekSz, + decryptedKey, *decryptedKeySz, (int)keyWrapOID, + direction); } if (keySz <= 0) { wc_PKCS7_KariFree(kari); diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 9248eddac..f7f22a691 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -213,6 +213,8 @@ typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* originKey, word32 originKeySz, byte* out, word32 outSz, int keyWrapAlgo, int type, int dir); +typedef int (*CallbackAESKeyWrap)(const byte* key, word32 keySz, + const byte* in, word32 inSz, byte* out, word32 outSz); /* Callbacks for supporting different stream cases */ typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx); @@ -371,6 +373,9 @@ struct wc_PKCS7 { } decryptKey; #endif + CallbackAESKeyWrap aesKeyWrapCb; + CallbackAESKeyWrap aesKeyUnwrapCb; + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; @@ -498,6 +503,10 @@ WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt c int options); WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK wrapCEKCb); +WOLFSSL_API int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, + CallbackAESKeyWrap aesKeyWrapCb); +WOLFSSL_API int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, + CallbackAESKeyWrap aesKeyUnwrapCb); #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, From af3296a836a6e96316cb6d49f8d2889c723d3619 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Mon, 14 Jul 2025 17:28:23 -0400 Subject: [PATCH 016/346] wc_PKCS7_KeyWrap(): mark pointers as to const and check for NULL --- wolfcrypt/src/pkcs7.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 6b134e25f..dfad85fb3 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6816,13 +6816,13 @@ static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len) /* wrap CEK (content encryption key) with KEK, returns output size (> 0) on * success, < 0 on error */ -static int wc_PKCS7_KeyWrap(wc_PKCS7 * pkcs7, byte* cek, word32 cekSz, byte* kek, - word32 kekSz, byte* out, word32 outSz, - int keyWrapAlgo, int direction) +static int wc_PKCS7_KeyWrap(wc_PKCS7 const * pkcs7, byte const * cek, + word32 cekSz, byte const * kek, word32 kekSz, byte * out, word32 outSz, + int keyWrapAlgo, int direction) { int ret = 0; - if (cek == NULL || kek == NULL || out == NULL) + if (pkcs7 == NULL || cek == NULL || kek == NULL || out == NULL) return BAD_FUNC_ARG; switch (keyWrapAlgo) { From 66650a95d8f9c372945873e1a3b8946078f34bdc Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 16 Jul 2025 12:04:05 -0700 Subject: [PATCH 017/346] Improve WOLFSSL_USER_IO defaults --- IDE/WIN/user_settings.h | 9 ++++++++- wolfssl/wolfcrypt/wc_port.h | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h index a1011abf8..82ae8c15d 100644 --- a/IDE/WIN/user_settings.h +++ b/IDE/WIN/user_settings.h @@ -6,7 +6,14 @@ #error This user_settings.h header is only designed for Windows #endif -#define USE_WOLFSSL_IO +/* Optionally use custom IO, uncomment this line: */ +/* #define WOLFSSL_USER_IO */ +#ifdef WOLFSSL_USER_IO + #define WOLFSSL_NO_SOCK +#else + #define USE_WOLFSSL_IO +#endif + #define HAVE_AESGCM #define WOLFSSL_TLS13 #define HAVE_HKDF diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index c0fd47f62..7db79a0f8 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1132,6 +1132,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif #ifndef SOCKET_INVALID + #ifndef INVALID_SOCKET + #define INVALID_SOCKET ((SOCKET_T)(-1)) + #endif #define SOCKET_INVALID INVALID_SOCKET #endif #else From a08b93347f66302eb3195252ac6e2b512b5a30b2 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 16 Jul 2025 15:18:14 -0700 Subject: [PATCH 018/346] Revised sockets for USE_WOLFSSL_IO, USE_WOLFSSL_IO --- IDE/WIN/user_settings.h | 9 +-------- wolfssl/internal.h | 3 ++- wolfssl/wolfcrypt/wc_port.h | 3 --- wolfssl/wolfio.h | 8 ++++---- 4 files changed, 7 insertions(+), 16 deletions(-) diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h index 82ae8c15d..a1011abf8 100644 --- a/IDE/WIN/user_settings.h +++ b/IDE/WIN/user_settings.h @@ -6,14 +6,7 @@ #error This user_settings.h header is only designed for Windows #endif -/* Optionally use custom IO, uncomment this line: */ -/* #define WOLFSSL_USER_IO */ -#ifdef WOLFSSL_USER_IO - #define WOLFSSL_NO_SOCK -#else - #define USE_WOLFSSL_IO -#endif - +#define USE_WOLFSSL_IO #define HAVE_AESGCM #define WOLFSSL_TLS13 #define HAVE_HKDF diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 07b75f2d6..6ee042ba5 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6806,7 +6806,8 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); #endif /* !defined(NO_WOLFSSL_SERVER) */ -#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO) +#if !defined(WOLFCRYPT_ONLY) && \ + (defined(USE_WOLFSSL_IO) || defined(WOLFSSL_USER_IO)) WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen); #endif diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7db79a0f8..c0fd47f62 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1132,9 +1132,6 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif #ifndef SOCKET_INVALID - #ifndef INVALID_SOCKET - #define INVALID_SOCKET ((SOCKET_T)(-1)) - #endif #define SOCKET_INVALID INVALID_SOCKET #endif #else diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 0673b88ad..3a01e6693 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -50,9 +50,8 @@ #endif #endif - -#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) - +#if defined(USE_WOLFSSL_IO) || defined(WOLFSSL_USER_IO) || \ + defined(HAVE_HTTP_CLIENT) #ifdef HAVE_LIBZ #include "zlib.h" #endif @@ -82,6 +81,8 @@ #include #endif #elif defined(USE_WINDOWS_API) + #include + #include #else #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) /* lwIP needs to be configured to use sockets API in this mode */ @@ -219,7 +220,6 @@ #if defined(WOLFSSL_EMBOS) #include #endif - #endif /* USE_WINDOWS_API */ #ifdef __sun From cc123d7c3a4a9653083a9f7df538e8b4a393b25c Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 17 Jul 2025 18:16:40 +0900 Subject: [PATCH 019/346] Make properties related to SCE TLS hidden - Fix RSA Crypt callback - Eliminate WOLFSSL_LOCAL --- .../e2studio/RA6M4/common/user_settings.h | 6 +- .../e2studio/RA6M4/test/src/wolf_client.c | 2 +- .../RA6M4/test/src/wolfssl_sce_unit_test.c | 15 +- src/keys.c | 2 +- wolfcrypt/src/port/Renesas/renesas_common.c | 88 +----- .../src/port/Renesas/renesas_fspsm_aes.c | 122 ++++++-- .../src/port/Renesas/renesas_fspsm_rsa.c | 2 +- .../src/port/Renesas/renesas_fspsm_sha.c | 2 +- .../src/port/Renesas/renesas_fspsm_util.c | 182 ++++++++---- wolfcrypt/src/wc_port.c | 2 +- wolfssl/wolfcrypt/aes.h | 2 +- .../port/Renesas/renesas-fspsm-crypt.h | 260 +--------------- .../port/Renesas/renesas_fspsm_internal.h | 281 ++++++++++++++++++ wolfssl/wolfcrypt/rsa.h | 2 +- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 2 +- 16 files changed, 543 insertions(+), 429 deletions(-) create mode 100644 wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h diff --git a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h index d6a98a90a..99c1bde05 100644 --- a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h +++ b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h @@ -108,10 +108,10 @@ #define WC_USE_DEVID 7890 #define NO_AES_192 #define NO_SW_BENCH -#endif - -#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + /* Use SCE RSAES-PKCS1-V1_5 RSA Function */ + #define WOLF_CRYPTO_CB_RSA_PAD #define WOLFSSL_KEY_GEN + #define RSA_MIN_SIZE 512 #endif #define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c index 1517e61f8..99d5f36c1 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c @@ -28,6 +28,7 @@ #include "wolfssl/wolfcrypt/settings.h" #include "wolfssl/ssl.h" #include "wolfssl/certs_test.h" +#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" uint32_t g_encrypted_root_public_key[140]; WOLFSSL_CTX *client_ctx = NULL; @@ -198,7 +199,6 @@ int wolfSSL_TLS_client_do(void *pvParam) #if !defined(TLS_MULTITHREAD_TEST) XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST)); - guser_PKCbInfo.devId = 0; wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo); #else diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c index 2dedc35a8..be48717d7 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c @@ -798,10 +798,8 @@ int sce_crypt_test() /* sets wrapped rsa 1024 bits key */ gCbInfo.wrapped_key_rsapri1024 = &g_wrapped_pair_1024key.priv_key; - gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1; gCbInfo.wrapped_key_rsapub1024 = &g_wrapped_pair_1024key.pub_key; - gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1; } err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key); @@ -809,11 +807,8 @@ int sce_crypt_test() /* sets wrapped rsa 1024 bits key */ gCbInfo.wrapped_key_rsapri2048 = &g_wrapped_pair_2048key.priv_key; - gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1; - gCbInfo.wrapped_key_rsapub2048 = - &g_wrapped_pair_2048key.pub_key; - gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1; + &g_wrapped_pair_2048key.pub_key;; } /* Key generation for multi testing */ @@ -834,6 +829,10 @@ int sce_crypt_test() if (ret == 0) { printf(" sce_rsa_test(1024)"); + gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1; + gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1; + gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 0; + gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 0; ret = sce_rsa_test(1, 1024); RESULT_STR(ret) } @@ -846,6 +845,10 @@ int sce_crypt_test() if (ret == 0) { printf(" sce_rsa_test(2048)"); + gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 0; + gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 0; + gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1; + gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1; ret = sce_rsa_test(1, 2048); RESULT_STR(ret) } diff --git a/src/keys.c b/src/keys.c index e42a6eba3..aa68bd54d 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3556,7 +3556,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) void* ctx = wolfSSL_GetEncryptKeysCtx(ssl); #if defined(WOLFSSL_RENESAS_FSPSM_TLS) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; - cbInfo->side = side; + cbInfo->internal->side = side; #elif defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; cbInfo->key_side = side; diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 941ab123a..8695633db 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -33,7 +33,7 @@ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - #include + #include #define cmn_hw_lock wc_fspsm_hw_lock #define cmn_hw_unlock wc_fspsm_hw_unlock @@ -87,6 +87,8 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_TlsCleanup(ssl); +#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) + wc_fspsm_TlsCleanup(ssl); #endif WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret); @@ -166,6 +168,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; + (void)cbInfo; #endif if (info == NULL || ctx == NULL) @@ -276,88 +279,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #if !defined(NO_AES) - #ifdef HAVE_AESGCM - if (info->cipher.type == WC_CIPHER_AES_GCM) { - - if (info->cipher.enc && - (cbInfo->keyflgs_tls.bits.session_key_set == 1 || - (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && - info->cipher.aesgcm_enc.aes->keylen == 32) || - (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && - info->cipher.aesgcm_enc.aes->keylen == 16))) { - - ret = wc_fspsm_AesGcmEncrypt( - info->cipher.aesgcm_enc.aes, - (byte*)info->cipher.aesgcm_enc.out, - (byte*)info->cipher.aesgcm_enc.in, - info->cipher.aesgcm_enc.sz, - (byte*)info->cipher.aesgcm_enc.iv, - info->cipher.aesgcm_enc.ivSz, - (byte*)info->cipher.aesgcm_enc.authTag, - info->cipher.aesgcm_enc.authTagSz, - (byte*)info->cipher.aesgcm_enc.authIn, - info->cipher.aesgcm_enc.authInSz, - (void*)ctx); - - } - else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 || - (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && - info->cipher.aesgcm_dec.aes->keylen == 32) || - (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && - info->cipher.aesgcm_dec.aes->keylen == 16)) { - - ret = wc_fspsm_AesGcmDecrypt( - info->cipher.aesgcm_dec.aes, - (byte*)info->cipher.aesgcm_dec.out, - (byte*)info->cipher.aesgcm_dec.in, - info->cipher.aesgcm_dec.sz, - (byte*)info->cipher.aesgcm_dec.iv, - info->cipher.aesgcm_dec.ivSz, - (byte*)info->cipher.aesgcm_dec.authTag, - info->cipher.aesgcm_dec.authTagSz, - (byte*)info->cipher.aesgcm_dec.authIn, - info->cipher.aesgcm_dec.authInSz, - (void*)ctx); - } - } - #endif /* HAVE_AESGCM */ - #ifdef HAVE_AES_CBC - if ((info->cipher.type == WC_CIPHER_AES_CBC) && - (cbInfo->keyflgs_tls.bits.session_key_set == 1 || - (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 32) || - (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 16))) { - if (info->cipher.enc) { - ret = wc_fspsm_AesCbcEncrypt( - info->cipher.aescbc.aes, - (byte*)info->cipher.aescbc.out, - (byte*)info->cipher.aescbc.in, - info->cipher.aescbc.sz); - } - else { - ret = wc_fspsm_AesCbcDecrypt( - info->cipher.aescbc.aes, - (byte*)info->cipher.aescbc.out, - (byte*)info->cipher.aescbc.in, - info->cipher.aescbc.sz); - } - } - #endif /* HAVE_AES_CBC */ + ret = wc_fspsm_AesCipher(devIdArg, info, ctx); #endif /* !NO_AES */ } #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) else if (info->algo_type == WC_ALGO_TYPE_PK) { #if defined(WOLFSSL_KEY_GEN) - if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && - (info->pk.rsakg.size == 1024 || - info->pk.rsakg.size == 2048)) { + if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, (void*)ctx); } #endif - if (info->pk.type == WC_PK_TYPE_RSA) { + if (info->pk.type == WC_PK_TYPE_RSA_PKCS) { /* to perform RSA on SCE, wrapped keys should be installed * in advance. SCE supports 1024 or 2048 bits key size. * otherwise, falls-through happens. @@ -367,10 +301,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set || cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) { - ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo); - if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) - return ret; - if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ) { @@ -769,8 +699,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; - if (cbInfo->keyflgs_tls.bits.session_key_set == 1) { - switch(cbInfo->side) { + if (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) { + switch(cbInfo->internal->side) { #endif case 1:/* ENCRYPT_SIDE_ONLY */ ssl->encrypt.setup = 1; diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index c01ff6dba..6340bf411 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -30,6 +30,8 @@ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_AES) +#include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h" + #include #include #include @@ -37,7 +39,6 @@ #ifdef WOLF_CRYPTO_CB #include #endif -#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" #ifdef NO_INLINE #include @@ -243,7 +244,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, (void) key_server_aes; /* sanity check */ - if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { + if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || info == NULL) { return BAD_FUNC_ARG; } @@ -296,7 +297,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, #if defined(WOLFSSL_RENESAS_FSPSM_TLS) if (ret == 0 && - info->keyflgs_tls.bits.session_key_set == 1) { + info->internal->keyflgs_tls.bits.session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ @@ -312,10 +313,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, } ret = FSPSM_SESSIONKEY_GEN_FUNC( - info->cipher, - (uint32_t*)info->masterSecret, - (uint8_t*) info->clientRandom, - (uint8_t*) info->serverRandom, + info->internal->cipher, + (uint32_t*)info->internal->masterSecret, + (uint8_t*) info->internal->clientRandom, + (uint8_t*) info->internal->serverRandom, &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ &key_client_mac, &key_server_mac, @@ -397,10 +398,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); - if (info->keyflgs_tls.bits.session_key_set == 1 && + if (info->internal->keyflgs_tls.bits.session_key_set == 1 && key_client_aes != NULL) XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES); - if (info->keyflgs_tls.bits.session_key_set == 1 && + if (info->internal->keyflgs_tls.bits.session_key_set == 1 && key_server_aes != NULL) XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES); wc_fspsm_hw_unlock(); @@ -452,7 +453,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, FSPSM_AES_PWKEY key_server_aes = NULL; (void) key_client_aes; /* sanity check */ - if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { + if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || info == NULL) { return BAD_FUNC_ARG; } @@ -500,7 +501,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, } #if defined(WOLFSSL_RENESAS_FSPSM_TLS) if (ret == 0 && - info->keyflgs_tls.bits.session_key_set == 1) { + info->internal->keyflgs_tls.bits.session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ @@ -516,10 +517,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, } ret = FSPSM_SESSIONKEY_GEN_FUNC( - info->cipher, - (uint32_t*)info->masterSecret, - (uint8_t*) info->clientRandom, - (uint8_t*) info->serverRandom, + info->internal->cipher, + (uint32_t*)info->internal->masterSecret, + (uint8_t*) info->internal->clientRandom, + (uint8_t*) info->internal->serverRandom, (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ &key_client_mac, &key_server_mac, @@ -537,7 +538,6 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, #endif if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 || info->keyflgs_crypt.bits.aes128_installedkey_set == 1) { - key_server_aes = aes->ctx.wrapped_key; iv_l = iv; ivSz_l = ivSz; @@ -596,10 +596,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); - if (info->keyflgs_tls.bits.session_key_set == 1 && + if (info->internal->keyflgs_tls.bits.session_key_set == 1 && key_client_aes != NULL) XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES); - if (info->keyflgs_tls.bits.session_key_set == 1 && + if (info->internal->keyflgs_tls.bits.session_key_set == 1 && key_server_aes != NULL) XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES); wc_fspsm_hw_unlock(); @@ -811,6 +811,92 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return wc_AesSetIV(aes, iv); } #endif + +WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; + (void)devIdArg; + + WOLFSSL_ENTER("wc_fspsm_AesCipher"); + + if (info == NULL || ctx == NULL) { + return BAD_FUNC_ARG; + } + + #if !defined(NO_AES) + #ifdef HAVE_AESGCM + if (info->cipher.type == WC_CIPHER_AES_GCM) { + if (info->cipher.enc && + (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 || + (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && + info->cipher.aesgcm_enc.aes->keylen == 32) || + (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && + info->cipher.aesgcm_enc.aes->keylen == 16))) { + + ret = wc_fspsm_AesGcmEncrypt( + info->cipher.aesgcm_enc.aes, + (byte*)info->cipher.aesgcm_enc.out, + (byte*)info->cipher.aesgcm_enc.in, + info->cipher.aesgcm_enc.sz, + (byte*)info->cipher.aesgcm_enc.iv, + info->cipher.aesgcm_enc.ivSz, + (byte*)info->cipher.aesgcm_enc.authTag, + info->cipher.aesgcm_enc.authTagSz, + (byte*)info->cipher.aesgcm_enc.authIn, + info->cipher.aesgcm_enc.authInSz, + (void*)ctx); + + } + else if (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 || + (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && + info->cipher.aesgcm_dec.aes->keylen == 32) || + (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && + info->cipher.aesgcm_dec.aes->keylen == 16)) { + + ret = wc_fspsm_AesGcmDecrypt( + info->cipher.aesgcm_dec.aes, + (byte*)info->cipher.aesgcm_dec.out, + (byte*)info->cipher.aesgcm_dec.in, + info->cipher.aesgcm_dec.sz, + (byte*)info->cipher.aesgcm_dec.iv, + info->cipher.aesgcm_dec.ivSz, + (byte*)info->cipher.aesgcm_dec.authTag, + info->cipher.aesgcm_dec.authTagSz, + (byte*)info->cipher.aesgcm_dec.authIn, + info->cipher.aesgcm_dec.authInSz, + (void*)ctx); + } + } + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AES_CBC + if ((info->cipher.type == WC_CIPHER_AES_CBC) && + (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 || + (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && + info->cipher.aescbc.aes->keylen == 32) || + (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && + info->cipher.aescbc.aes->keylen == 16))) { + if (info->cipher.enc) { + ret = wc_fspsm_AesCbcEncrypt( + info->cipher.aescbc.aes, + (byte*)info->cipher.aescbc.out, + (byte*)info->cipher.aescbc.in, + info->cipher.aescbc.sz); + } + else { + ret = wc_fspsm_AesCbcDecrypt( + info->cipher.aescbc.aes, + (byte*)info->cipher.aescbc.out, + (byte*)info->cipher.aescbc.in, + info->cipher.aescbc.sz); + } + } + #endif /* HAVE_AES_CBC */ + #endif /* !NO_AES */ + (void)cbInfo; + WOLFSSL_LEAVE("wc_fspsm_AesCipher", ret); + return ret; +} #endif /* WOLFSSL_RENESAS_FSPSM_TLS WOLFSSL_RENESAS_FSPSM_CRYPTONLY NO_WOLFSSL_RENESAS_FSPSM_AES */ diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c index 5110dc2a4..553cb7dca 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c @@ -34,7 +34,7 @@ #include #include #include -#include +#include #if defined(WOLFSSL_RENESAS_RSIP) extern FSPSM_INSTANCE gFSPSM_ctrl; diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c index 8b0ade139..da011d32d 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c @@ -35,7 +35,7 @@ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include -#include +#include #if defined(WOLFSSL_RENESAS_RSIP) extern FSPSM_INSTANCE gFSPSM_ctrl; diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index 84554e2e0..4f586d201 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -39,13 +39,19 @@ extern FSPSM_CONFIG gFSPSM_cfg; #include #include -#include +#include #include #include #include #include #include #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif #include @@ -55,18 +61,16 @@ extern FSPSM_CONFIG gFSPSM_cfg; #define WOLFSSL_PKMSG(_f_, ...) WC_DO_NOTHING #endif -#if defined(WOLFSSL_RENESAS_FSPSM_ECC) -WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo; -#endif - - #ifdef WOLFSSL_RENESAS_FSPSM_TLS static const byte* ca_cert_sig; static fspsm_key_data g_user_key_info; static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE]; extern uint32_t g_CAscm_Idx; /* index of CM table */ -static uint32_t fspsm_sess_idx = 0; +//#define USE_GLOBAL_INTERNAL +#if !defined(USE_GLOBAL_INTERNAL) +FSPSM_ST_Internal g_internal; +#endif #endif #endif /* WOLFSSL_RENESAS_FSPSM*/ @@ -95,7 +99,7 @@ static int fspsm_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) * lock hw engine * this should be called before using engine. */ -WOLFSSL_LOCAL int wc_fspsm_hw_lock() +int wc_fspsm_hw_lock() { int ret = 0; @@ -122,13 +126,13 @@ WOLFSSL_LOCAL int wc_fspsm_hw_lock() /* * release hw engine */ -WOLFSSL_LOCAL void wc_fspsm_hw_unlock(void) +void wc_fspsm_hw_unlock(void) { fspsm_CryptHwMutexUnLock(&fspsm_mutex); } /* Open sce driver for use */ -WOLFSSL_LOCAL int wc_fspsm_Open() +int wc_fspsm_Open() { WOLFSSL_ENTER("wc_fspsm_Open"); int ret; @@ -167,7 +171,7 @@ WOLFSSL_LOCAL int wc_fspsm_Open() } /* close SCE driver */ -WOLFSSL_LOCAL void wc_fspsm_Close() +void wc_fspsm_Close() { WOLFSSL_ENTER("sce Close"); int ret; @@ -188,7 +192,7 @@ WOLFSSL_LOCAL void wc_fspsm_Close() } #define RANDGEN_WORDS 4 -WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) +int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) { /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */ int ret = 0; @@ -201,7 +205,7 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) len = sz; } /* return 4 words random number*/ - ret = R_RANDOM_GEN((uint8_t* const)fspbuf); + ret = R_RANDOM_GEN((uint32_t*)fspbuf); if(ret == FSP_SUCCESS) { XMEMCPY(output, &fspbuf, len); output += len; @@ -266,15 +270,15 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, (uint8_t*) peerkey, (uint8_t*) sig, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, - (uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key); + (uint32_t*)cbInfo->internal->encrypted_ephemeral_ecdh_public_key); if (ret != FSP_SUCCESS) { WOLFSSL_MSG("failed R_fspsm_TLS_ServerKeyExchangeVerify"); - cbInfo->keyflgs_tls.bits.pk_key_set = 0; + cbInfo->internal->keyflgs_tls.bits.pk_key_set = 0; } else { ret = WOLFSSL_SUCCESS; - cbInfo->keyflgs_tls.bits.pk_key_set = 1; + cbInfo->internal->keyflgs_tls.bits.pk_key_set = 1; } } else { @@ -288,7 +292,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, return ret; } /* Callback for Rsa Verify */ -WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz, +int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz, uint8_t** out, const byte* key, uint32_t keySz, void* ctx) { int ret = WOLFSSL_FAILURE; @@ -311,7 +315,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz, return ret; } /* Callback for Ecc Verify */ -WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig, +int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, int* result, void* ctx) { @@ -389,7 +393,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig, defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) /* Callback for ECC shared secret */ -WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, +int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, uint8_t* pubKeyDer, unsigned int* pubKeySz, uint8_t* out, unsigned int* outlen, int side, void* ctx) { @@ -410,35 +414,39 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n", side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id); - if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) { + if (cbInfo->internal->keyflgs_tls.bits.pk_key_set == 1) { if ((ret = wc_fspsm_hw_lock()) == 0) { /* Generate ECC PUblic key pair */ ret = FSPSM_TLS_ECCS256R1_KPG( - &cbInfo->ecc_p256_wrapped_key, - (uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ ); + &cbInfo->internal->ecc_p256_wrapped_key, + /* Qx 32 bytes and Qy 32 bytes*/ + (uint8_t*)&cbInfo->internal->ecc_ecdh_public_key ); if (ret != FSP_SUCCESS) { - WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret); + WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate" + " %d\n", ret); return ret; } /* copy generated ecdh public key into buffer */ pubKeyDer[0] = ECC_POINT_UNCOMP; - *pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key); - XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key, - sizeof(cbInfo->ecc_ecdh_public_key)); + *pubKeySz = 1 + sizeof(cbInfo->internal->ecc_ecdh_public_key); + XMEMCPY(&pubKeyDer[1], &cbInfo->internal->ecc_ecdh_public_key, + sizeof(cbInfo->internal->ecc_ecdh_public_key)); /* Generate Premaster Secret */ ret = FSPSM_TLS_PREMASTERGEN( - (uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key, - &cbInfo->ecc_p256_wrapped_key, - (uint32_t*)out/* pre-master secret 64 bytes */); + (uint32_t*) + &cbInfo->internal->encrypted_ephemeral_ecdh_public_key, + &cbInfo->internal->ecc_p256_wrapped_key, + (uint32_t*)out/* pre-master secret 64 bytes */); if (ret != FSP_SUCCESS) { WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret); return ret; } else { /* set master secret generation callback for use */ - wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); + wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, + Renesas_cmn_genMasterSecret); wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo); } } @@ -450,7 +458,8 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, wc_fspsm_hw_unlock(); *outlen = 64; - WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen); + WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", + ret, *pubKeySz, *outlen); } return ret; @@ -523,7 +532,7 @@ static uint32_t GetSceCipherSuite( /* ssl : a pointer to WOLFSSL object */ /* session_key_generated : if session key has been generated */ /* return 1 for usable, 0 for unusable */ -WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl, +int wc_fspsm_usable(const WOLFSSL *ssl, uint8_t session_key_generated) { WOLFSSL_ENTER("fspsm_usable"); @@ -575,7 +584,7 @@ WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl, } /* Generate Hmac by sha256*/ -WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl, +int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl, const uint8_t* myInner, uint32_t innerSz,const uint8_t* in, uint32_t sz, byte* digest) { @@ -627,7 +636,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl, } /* Verify hmac */ -WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl, +int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl, const uint8_t* message, uint32_t messageSz, uint32_t macSz, uint32_t content) { @@ -649,7 +658,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl, } wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, myInner, - (word32)messageSz, (int)content, 1); + (word32)messageSz, (int)content, 1); ret = FSPSM_S256HMAC_VInt( &_handle, @@ -684,7 +693,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl, } /* generate Verify Data based on master secret */ -WOLFSSL_LOCAL int wc_fspsm_generateVerifyData( +int wc_fspsm_generateVerifyData( const uint8_t *ms, /* master secret */ const uint8_t *side, const uint8_t *handshake_hash, uint8_t *hashes /* out */) @@ -717,7 +726,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateVerifyData( } /* generate keys for TLS communication */ -WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, +int wc_fspsm_generateSessionKey(WOLFSSL *ssl, FSPSM_ST* cbInfo, int devId) { WOLFSSL_MSG("fspsm_generateSessionKey()"); @@ -843,8 +852,10 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, /* ready-for-use flag will be set when SetKeySide() is called */ } - if (cbInfo->cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || - cbInfo->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { + if (cbInfo->internal->cipher == + SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || + cbInfo->internal->cipher == + SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { enc->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ; } @@ -852,7 +863,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, dec->aes->devId = devId; /* marked as session key is set */ - cbInfo->keyflgs_tls.bits.session_key_set = 1; + cbInfo->internal->keyflgs_tls.bits.session_key_set = 1; } XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES); @@ -871,7 +882,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, } /* generate master secret based on pre-master which is generated by SCE */ -WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret( +int wc_fspsm_generateMasterSecret( uint8_t cipherSuiteFirst, uint8_t cipherSuite, const uint8_t *pr, /* pre-master */ @@ -909,7 +920,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret( } /* generate pre-Master secrete by SCE */ -WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster, +int wc_fspsm_generatePremasterSecret(uint8_t *premaster, uint32_t preSz) { WOLFSSL_ENTER("fspsm_generatePremasterSecret"); @@ -940,7 +951,7 @@ WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster, /* * generate encrypted pre-Master secrete by SCE */ -WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret( +int wc_fspsm_generateEncryptPreMasterSecret( WOLFSSL* ssl, uint8_t* out, uint32_t* outSz) @@ -983,7 +994,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret( /* Certificate verification by SCE */ -WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify( +int wc_fspsm_tls_CertVerify( const uint8_t* cert, uint32_t certSz, const uint8_t* signature, uint32_t sigSz, uint32_t key_n_start,uint32_t key_n_len, @@ -1080,7 +1091,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify( } /* Root Certificate verification */ -WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify( +int wc_fspsm_tls_RootCertVerify( const uint8_t* cert, uint32_t cert_len, uint32_t key_n_start, uint32_t key_n_len, uint32_t key_e_start, uint32_t key_e_len, @@ -1130,23 +1141,27 @@ WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify( /* store elements for session key generation into ssl->keys. * return 0 on success, negative value on failure */ -WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info) +int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info) { int ret = 0; WOLFSSL_ENTER("fspsm_storeKeyCtx"); - if (ssl == NULL || info == NULL) + if (ssl == NULL || info == NULL || info->internal == NULL) ret = BAD_FUNC_ARG; if (ret == 0) { - XMEMCPY(info->masterSecret, ssl->arrays->fspsm_masterSecret, - FSPSM_TLS_MASTERSECRET_SIZE); - XMEMCPY(info->clientRandom, ssl->arrays->clientRandom, 32); - XMEMCPY(info->serverRandom, ssl->arrays->serverRandom, 32); + XMEMCPY(info->internal->masterSecret, + ssl->arrays->fspsm_masterSecret, + FSPSM_TLS_MASTERSECRET_SIZE); + XMEMCPY(info->internal->clientRandom, + ssl->arrays->clientRandom, 32); + XMEMCPY(info->internal->serverRandom, + ssl->arrays->serverRandom, 32); - info->cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0, - ssl->options.cipherSuite); + info->internal->cipher = (uint8_t)GetSceCipherSuite( + ssl->options.cipherSuite0, + ssl->options.cipherSuite); } WOLFSSL_LEAVE("fspsm_storeKeyCtx", ret); return ret; @@ -1213,6 +1228,36 @@ WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx) /* reset callbacks */ wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); } +/* +* Clean up Renesas Ctx +* ssl WOLFSSL object +* return none +*/ +void wc_fspsm_TlsCleanup(WOLFSSL* ssl) +{ + FSPSM_ST* tuc = NULL; + + if (ssl == NULL) + return; + + tuc = ssl->RenesasUserCtx; + + if (tuc == NULL) + return; + /* free internal structure */ + if (tuc->internal) { +#if !defined(USE_GLOBAL_INTERNAL) + XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + tuc->internal = NULL; +#else + ForceZero(tuc->internal, sizeof(FSPSM_ST_Internal)); +#endif + } + + /* zero clear */ + ForceZero(tuc, sizeof(FSPSM_ST)); + ssl->RenesasUserCtx = NULL; +} /* Set callback contexts needed for sce TLS api handling */ #if defined(WOLFSSL_RENESAS_SCEPROTECT) WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) @@ -1220,14 +1265,29 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) #endif { - if (fspsm_sess_idx > MAX_FSPSM_CBINDEX) { - WOLFSSL_MSG("exceeds maximum session index"); - return -1; + FSPSM_ST* uCtx = (FSPSM_ST*)user_ctx; + + if (ssl == NULL || user_ctx == NULL) { + return BAD_FUNC_ARG; } - gPKCbInfo.user_PKCbInfo[fspsm_sess_idx] = (FSPSM_ST*)user_ctx; - gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.pk_key_set = 0; - gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.session_key_set - = 0; + + ForceZero(uCtx, sizeof(FSPSM_ST)); +#if !defined(USE_GLOBAL_INTERNAL) + uCtx->internal = (FSPSM_ST_Internal*)XMALLOC(sizeof(FSPSM_ST_Internal), + ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); +#else + printf("sizeof (FSPSM_ST_Internal) = %d\n", sizeof(FSPSM_ST_Internal)); + uCtx->internal = &g_internal; +#endif + if (!uCtx->internal) { + WOLFSSL_MSG("Failed to allocate memory for user ctx internal"); + return MEMORY_E; + } + + ForceZero(uCtx->internal, sizeof(FSPSM_ST_Internal)); + + ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */ wolfSSL_SetEccVerifyCtx(ssl, user_ctx); wolfSSL_SetRsaEncCtx(ssl, user_ctx); @@ -1239,8 +1299,6 @@ WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) /* set up crypt callback */ wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx); - gPKCbInfo.num_session = ++fspsm_sess_idx; - return 0; } #endif /* !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 3c63d2662..82d9bd735 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -63,7 +63,7 @@ #include #endif #if defined(WOLFSSL_RENESAS_FSPSM) - #include + #include #endif #if defined(WOLFSSL_RENESAS_RX64_HASH) #include diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 90c9f4762..b2e543628 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -148,7 +148,7 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, #endif #if defined(WOLFSSL_RENESAS_FSPSM) - #include + #include #endif #ifdef WOLFSSL_MAXQ10XX_CRYPTO diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h index ea16de751..48be879a9 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h @@ -21,9 +21,6 @@ #ifndef __RENESAS_FSPSM_CRYPT_H__ #define __RENESAS_FSPSM_CRYPT_H__ - -#include - #ifdef __cplusplus extern "C" { #endif @@ -33,12 +30,6 @@ extern "C" { typedef void* FSPSM_W_KEYVAR; -/* flsgas related to TLS */ -struct FSPSM_tls_flg_ST { - uint8_t pk_key_set:1; - uint8_t session_key_set:1; -}; - /* flags Crypt Only */ struct FSPSM_key_flg_ST { uint8_t aes256_installedkey_set:1; @@ -50,25 +41,12 @@ struct FSPSM_key_flg_ST { uint8_t message_type:1;/*message 0, hashed 1*/ }; +typedef struct FSPSM_ST_Internal FSPSM_ST_Internal; + typedef struct FSPSM_tag_ST { /* unique number for each session */ int devId; - #if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \ - !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - /* out from R_SCE_TLS_ServerKeyExchangeVerify */ - uint32_t - encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ]; - /* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */ - sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key; - uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE]; - - uint32_t masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4]; - uint8_t clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ]; - uint8_t serverRandom[FSPSM_TLS_SERVERRANDOM_SZ]; - uint8_t cipher; - uint8_t side; /* for key set side */ - #endif - + /* installed key handling */ /* aes */ FSPSM_W_KEYVAR wrapped_key_aes256; @@ -85,228 +63,27 @@ typedef struct FSPSM_tag_ST { #if defined(WOLFSSL_RENESAS_RSIP) uint8_t hash_type; #endif - /* key status flags */ - /* flag whether encrypted ec key is set */ - union { - uint8_t chr; - struct FSPSM_tls_flg_ST bits; - } keyflgs_tls; + /* key status flags */ /* flags shows status if wrapped keys are installed */ union { uint8_t chr; struct FSPSM_key_flg_ST bits; } keyflgs_crypt; + + FSPSM_ST_Internal* internal; + } FSPSM_ST; -typedef struct tagPKCbInfo { - FSPSM_ST *user_PKCbInfo[MAX_FSPSM_CBINDEX]; - uint32_t num_session; -} FSPSM_ST_PKC; - -#ifdef WOLFSSL_RENESAS_FSPSM_TLS -typedef struct -{ - uint8_t *encrypted_provisioning_key; - uint8_t *iv; - uint8_t *encrypted_user_tls_key; - uint32_t encrypted_user_tls_key_type; - FSPSM_CACERT_PUB_WKEY user_rsa2048_tls_wrappedkey; -} fspsm_key_data; -#endif - struct WOLFSSL; struct WOLFSSL_CTX; struct ecc_key; - -WOLFSSL_LOCAL int wc_fspsm_Open(); -WOLFSSL_LOCAL void wc_fspsm_Close(); -WOLFSSL_LOCAL int wc_fspsm_hw_lock(); -WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void ); -WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl, - uint8_t session_key_generated); - -typedef struct { - FSPSM_AES_PWKEY wrapped_key; - word32 keySize; -#ifdef WOLFSSL_RENESAS_FSPSM_TLS - byte setup; -#endif -} FSPSM_AES_CTX; - +struct wc_CryptoInfo; struct Aes; -WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes); -WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out, - const byte* in, word32 sz); -WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out, - const byte* in, word32 sz); -WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, - const byte* in, word32 sz, - byte* iv, word32 ivSz, - byte* authTag, word32 authTagSz, - const byte* authIn, word32 authInSz, - void* ctx); - -WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, - const byte* in, word32 sz, - const byte* iv, word32 ivSz, - const byte* authTag, word32 authTagSz, - const byte* authIn, word32 authInSz, - void* ctx); - -#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \ - defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \ - !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) - -typedef enum { -#if defined(WOLFSSL_RENESAS_SCEPROTECT) - FSPSM_SHA256 = 1, -#elif defined(WOLFSSL_RENESAS_RSIP) - FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1, - FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224, - FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256, - FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384, - FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512, - FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224, - FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256, -#endif -} FSPSM_SHA_TYPE; - -typedef struct { - void* heap; - word32 sha_type; -#if defined(WOLFSSL_RENESAS_SCEPROTECT) - word32 used; - word32 len; - byte* msg; -#endif -#if defined(WOLFSSL_RENESAS_RSIP) - FSPSM_SHA_HANDLE handle; -#endif -#if defined(WOLF_CRYPTO_CB) - word32 flags; - int devId; -#endif -} wolfssl_FSPSM_Hash; - -/* RAW hash function APIs are not implemented with SCE */ -#undef WOLFSSL_NO_HASH_RAW -#define WOLFSSL_NO_HASH_RAW - -#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP) - typedef wolfssl_FSPSM_Hash wc_Sha; -#endif - -#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP) - typedef wolfssl_FSPSM_Hash wc_Sha224; - #define WC_SHA224_TYPE_DEFINED -#endif - -#if !defined(NO_SHA256) && \ - (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP)) - typedef wolfssl_FSPSM_Hash wc_Sha256; -#endif - -#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP) - typedef wolfssl_FSPSM_Hash wc_Sha384; - #define WC_SHA384_TYPE_DEFINED -#endif - -#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP) - typedef wolfssl_FSPSM_Hash wc_Sha512; - typedef wolfssl_FSPSM_Hash wc_Sha512_224; - typedef wolfssl_FSPSM_Hash wc_Sha512_256; - #define WC_SHA512_TYPE_DEFINED -#endif - -#endif /* NO_SHA */ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \ !defined(WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY) - -WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify( - const uint8_t* cert, uint32_t cert_len, - uint32_t key_n_start, uint32_t key_n_len, - uint32_t key_e_start, uint32_t key_e_len, - uint32_t cm_row); - -WOLFSSL_LOCAL int wc_sce_tls_CertVerify( - const uint8_t* cert, uint32_t certSz, - const uint8_t* signature, uint32_t sigSz, - uint32_t key_n_start, uint32_t key_n_len, - uint32_t key_e_start, uint32_t key_e_len, - uint8_t* sce_encRsaKeyIdx); - - -WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret( - uint8_t* premaster, - uint32_t preSz); - -WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret( - struct WOLFSSL* ssl, - uint8_t* out, - uint32_t* outSz); - -WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac( - const struct WOLFSSL *ssl, - const uint8_t* myInner, - uint32_t innerSz, - const uint8_t* in, - uint32_t sz, - uint8_t* digest); - -WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac( - const struct WOLFSSL *ssl, - const uint8_t* message, - uint32_t messageSz, - uint32_t macSz, - uint32_t content); - -WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx( - struct WOLFSSL* ssl, - FSPSM_ST* info); - -WOLFSSL_LOCAL int wc_fspsm_generateVerifyData( - const uint8_t* ms, /* master secret */ - const uint8_t* side, - const uint8_t* handshake_hash, - uint8_t* hashes /* out */); - -WOLFSSL_LOCAL int wc_fspsm_generateSessionKey( - struct WOLFSSL* ssl, - FSPSM_ST* cbInfo, - int devId); - -WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret( - uint8_t cipherSuiteFirst, - uint8_t cipherSuite, - const uint8_t *pr, /* pre-master */ - const uint8_t *cr, /* client random */ - const uint8_t *sr, /* server random */ - uint8_t *ms); - -WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig, - uint32_t sigSz, uint8_t** out, - const byte* key, uint32_t keySz, void* ctx); -WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl, - const uint8_t* sig, uint32_t sigSz, - const uint8_t* hash, uint32_t hashSz, - const uint8_t* key, uint32_t keySz, - int* result, void* ctx); -WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify( - const uint8_t* cert, uint32_t certSz, - const uint8_t* signature, uint32_t sigSz, - uint32_t key_n_start,uint32_t key_n_len, - uint32_t key_e_start,uint32_t key_e_len, - uint8_t* fspsm_encPublickey); - -/* Callback for EccShareSecret */ -WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl, - struct ecc_key* otherKey, - uint8_t* pubKeyDer, unsigned int* pubKeySz, - uint8_t* out, unsigned int* outlen, int side, void* ctx); - /* user API */ WOLFSSL_API void FSPSM_INFORM_FUNC( uint8_t* encrypted_provisioning_key, @@ -318,28 +95,7 @@ WOLFSSL_API void FSPSM_CALLBACK_FUNC(struct WOLFSSL_CTX* ctx); WOLFSSL_API int FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx); WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign); - #endif /* WOLFSSL_RENESAS_FSPSM_TLS && * !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */ -typedef struct FSPSM_RSA_CTX { - FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key; - FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key; - FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key; - FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key; - word32 keySz; -} FSPSM_RSA_CTX; - -/* rsa */ -struct RsaKey; -struct WC_RNG; -WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key); -WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, - word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng); -WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx); -WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, - word32* outLen, struct RsaKey* key, void* ctx); -WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, - word32* outLen,struct RsaKey* key, void* ctx); -WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 size); #endif /* __RENESAS_FSPSM_CRYPT_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h new file mode 100644 index 000000000..89ad9ab67 --- /dev/null +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h @@ -0,0 +1,281 @@ +/* renesas_fspsm_internal.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _RENESAS_FSPSM_INTERNAL_H_ +#define _RENESAS_FSPSM_INTERNAL_H_ + +#include +#include + +/* flsgas related to TLS */ +struct FSPSM_tls_flg_ST { + uint8_t pk_key_set:1; + uint8_t session_key_set:1; +}; + +struct FSPSM_ST_Internal { + +#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \ + !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + /* out from R_SCE_TLS_ServerKeyExchangeVerify */ + uint32_t + encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ]; + /* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */ + sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key; + uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE]; + + uint32_t masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4]; + uint8_t clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ]; + uint8_t serverRandom[FSPSM_TLS_SERVERRANDOM_SZ]; + uint8_t cipher; + uint8_t side; /* for key set side */ +#endif + /* key status flags */ + /* flag whether encrypted ec key is set */ + union { + uint8_t chr; + struct FSPSM_tls_flg_ST bits; + } keyflgs_tls; + +}; + +#ifdef WOLFSSL_RENESAS_FSPSM_TLS +typedef struct +{ + uint8_t *encrypted_provisioning_key; + uint8_t *iv; + uint8_t *encrypted_user_tls_key; + uint32_t encrypted_user_tls_key_type; + FSPSM_CACERT_PUB_WKEY user_rsa2048_tls_wrappedkey; +} fspsm_key_data; +#endif + +typedef struct { + FSPSM_AES_PWKEY wrapped_key; + word32 keySize; +#ifdef WOLFSSL_RENESAS_FSPSM_TLS + byte setup; +#endif +} FSPSM_AES_CTX; + +typedef struct FSPSM_RSA_CTX { + FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key; + FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key; + FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key; + FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key; + word32 keySz; +} FSPSM_RSA_CTX; + + +#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \ + defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + +typedef struct { + void* heap; + word32 sha_type; +#if defined(WOLFSSL_RENESAS_SCEPROTECT) + word32 used; + word32 len; + byte* msg; +#endif +#if defined(WOLFSSL_RENESAS_RSIP) + FSPSM_SHA_HANDLE handle; +#endif +#if defined(WOLF_CRYPTO_CB) + word32 flags; + int devId; +#endif +}wolfssl_FSPSM_Hash; + +typedef enum { +#if defined(WOLFSSL_RENESAS_SCEPROTECT) + FSPSM_SHA256 = 1, +#elif defined(WOLFSSL_RENESAS_RSIP) + FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1, + FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224, + FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256, + FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384, + FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512, + FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224, + FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256, +#endif +} FSPSM_SHA_TYPE; + +/* RAW hash function APIs are not implemented with SCE */ +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW + +#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP) + typedef wolfssl_FSPSM_Hash wc_Sha; +#endif + +#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP) + typedef wolfssl_FSPSM_Hash wc_Sha224; + #define WC_SHA224_TYPE_DEFINED +#endif + +#if !defined(NO_SHA256) && \ + (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP)) + typedef wolfssl_FSPSM_Hash wc_Sha256; +#endif + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP) + typedef wolfssl_FSPSM_Hash wc_Sha384; + #define WC_SHA384_TYPE_DEFINED +#endif + +#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP) + typedef wolfssl_FSPSM_Hash wc_Sha512; + typedef wolfssl_FSPSM_Hash wc_Sha512_224; + typedef wolfssl_FSPSM_Hash wc_Sha512_256; + #define WC_SHA512_TYPE_DEFINED +#endif + +#endif /* NO_SHA */ + +struct WOLFSSL; +struct Aes; +WOLFSSL_LOCAL void wc_fspsm_TlsCleanup(struct WOLFSSL* ssl); +WOLFSSL_LOCAL int wc_fspsm_Open(); +WOLFSSL_LOCAL void wc_fspsm_Close(); +WOLFSSL_LOCAL int wc_fspsm_hw_lock(); +WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void ); +WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl, + uint8_t session_key_generated); +WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes); +WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out, + const byte* in, word32 sz); + +WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, + const byte* in, word32 sz, + byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, + void* ctx); + +WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, + void* ctx); + +WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, struct wc_CryptoInfo* info, + void* ctx); +WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify( + const uint8_t* cert, uint32_t cert_len, + uint32_t key_n_start, uint32_t key_n_len, + uint32_t key_e_start, uint32_t key_e_len, + uint32_t cm_row); + +WOLFSSL_LOCAL int wc_sce_tls_CertVerify( + const uint8_t* cert, uint32_t certSz, + const uint8_t* signature, uint32_t sigSz, + uint32_t key_n_start, uint32_t key_n_len, + uint32_t key_e_start, uint32_t key_e_len, + uint8_t* sce_encRsaKeyIdx); + + +WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret( + uint8_t* premaster, + uint32_t preSz); + +WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret( + struct WOLFSSL* ssl, + uint8_t* out, + uint32_t* outSz); + +WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac( + const struct WOLFSSL *ssl, + const uint8_t* myInner, + uint32_t innerSz, + const uint8_t* in, + uint32_t sz, + uint8_t* digest); + +WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac( + const struct WOLFSSL *ssl, + const uint8_t* message, + uint32_t messageSz, + uint32_t macSz, + uint32_t content); + +WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx( + struct WOLFSSL* ssl, + FSPSM_ST* info); + +WOLFSSL_LOCAL int wc_fspsm_generateVerifyData( + const uint8_t* ms, /* master secret */ + const uint8_t* side, + const uint8_t* handshake_hash, + uint8_t* hashes /* out */); + +WOLFSSL_LOCAL int wc_fspsm_generateSessionKey( + struct WOLFSSL* ssl, + FSPSM_ST* cbInfo, + int devId); + +WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret( + uint8_t cipherSuiteFirst, + uint8_t cipherSuite, + const uint8_t *pr, /* pre-master */ + const uint8_t *cr, /* client random */ + const uint8_t *sr, /* server random */ + uint8_t *ms); + +WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig, + uint32_t sigSz, uint8_t** out, + const byte* key, uint32_t keySz, void* ctx); +WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl, + const uint8_t* sig, uint32_t sigSz, + const uint8_t* hash, uint32_t hashSz, + const uint8_t* key, uint32_t keySz, + int* result, void* ctx); +WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify( + const uint8_t* cert, uint32_t certSz, + const uint8_t* signature, uint32_t sigSz, + uint32_t key_n_start,uint32_t key_n_len, + uint32_t key_e_start,uint32_t key_e_len, + uint8_t* fspsm_encPublickey); + +/* Callback for EccShareSecret */ +WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl, + struct ecc_key* otherKey, + uint8_t* pubKeyDer, unsigned int* pubKeySz, + uint8_t* out, unsigned int* outlen, int side, void* ctx); +/* rsa */ +struct RsaKey; +struct WC_RNG; +WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key); +WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, + word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng); +WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx); +WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, + word32* outLen, struct RsaKey* key, void* ctx); +WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, + word32* outLen,struct RsaKey* key, void* ctx); +WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 size); + +#endif /* RENESAS_FSPSM_INTERNAL_H */ + diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index ff959d68c..f405c17aa 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -90,7 +90,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #endif #if defined(WOLFSSL_RENESAS_FSPSM) - #include + #include #endif #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index f203dad12..468e4d1db 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -141,7 +141,7 @@ enum { #elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ defined(WOLFSSL_RENESAS_RSIP)) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) - #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" + #include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h" #elif defined(WOLFSSL_RENESAS_RX64_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h" #else diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index b90e2b204..b41400721 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -129,7 +129,7 @@ enum { #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" #elif defined(WOLFSSL_RENESAS_RSIP) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) - #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" + #include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h" #else #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) From 59659ef8fb56c0c9d6704faa0e6ddbb0c54f141f Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 17 Jul 2025 18:26:55 +0900 Subject: [PATCH 020/346] fix long line and trailing whitespaces --- .../src/port/Renesas/renesas_fspsm_aes.c | 11 +++++--- .../src/port/Renesas/renesas_fspsm_util.c | 27 +++++-------------- .../port/Renesas/renesas-fspsm-crypt.h | 2 +- .../port/Renesas/renesas_fspsm_internal.h | 2 +- 4 files changed, 16 insertions(+), 26 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index 6340bf411..1fb11207a 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -244,7 +244,8 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, (void) key_server_aes; /* sanity check */ - if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || info == NULL) { + if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || + info == NULL) { return BAD_FUNC_ARG; } @@ -453,7 +454,8 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, FSPSM_AES_PWKEY key_server_aes = NULL; (void) key_client_aes; /* sanity check */ - if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || info == NULL) { + if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || + info == NULL) { return BAD_FUNC_ARG; } @@ -812,14 +814,15 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, } #endif -WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) +WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info, + void* ctx) { int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; (void)devIdArg; WOLFSSL_ENTER("wc_fspsm_AesCipher"); - + if (info == NULL || ctx == NULL) { return BAD_FUNC_ARG; } diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index 4f586d201..d17865a22 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -67,10 +67,6 @@ static fspsm_key_data g_user_key_info; static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE]; extern uint32_t g_CAscm_Idx; /* index of CM table */ -//#define USE_GLOBAL_INTERNAL -#if !defined(USE_GLOBAL_INTERNAL) -FSPSM_ST_Internal g_internal; -#endif #endif #endif /* WOLFSSL_RENESAS_FSPSM*/ @@ -445,7 +441,7 @@ int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, } else { /* set master secret generation callback for use */ - wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, + wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo); } @@ -458,7 +454,7 @@ int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, wc_fspsm_hw_unlock(); *outlen = 64; - WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", + WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen); } @@ -852,9 +848,9 @@ int wc_fspsm_generateSessionKey(WOLFSSL *ssl, /* ready-for-use flag will be set when SetKeySide() is called */ } - if (cbInfo->internal->cipher == + if (cbInfo->internal->cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || - cbInfo->internal->cipher == + cbInfo->internal->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { enc->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ; @@ -1151,12 +1147,12 @@ int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info) ret = BAD_FUNC_ARG; if (ret == 0) { - XMEMCPY(info->internal->masterSecret, + XMEMCPY(info->internal->masterSecret, ssl->arrays->fspsm_masterSecret, FSPSM_TLS_MASTERSECRET_SIZE); - XMEMCPY(info->internal->clientRandom, + XMEMCPY(info->internal->clientRandom, ssl->arrays->clientRandom, 32); - XMEMCPY(info->internal->serverRandom, + XMEMCPY(info->internal->serverRandom, ssl->arrays->serverRandom, 32); info->internal->cipher = (uint8_t)GetSceCipherSuite( @@ -1246,12 +1242,8 @@ void wc_fspsm_TlsCleanup(WOLFSSL* ssl) return; /* free internal structure */ if (tuc->internal) { -#if !defined(USE_GLOBAL_INTERNAL) XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); tuc->internal = NULL; -#else - ForceZero(tuc->internal, sizeof(FSPSM_ST_Internal)); -#endif } /* zero clear */ @@ -1272,14 +1264,9 @@ WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) } ForceZero(uCtx, sizeof(FSPSM_ST)); -#if !defined(USE_GLOBAL_INTERNAL) uCtx->internal = (FSPSM_ST_Internal*)XMALLOC(sizeof(FSPSM_ST_Internal), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); -#else - printf("sizeof (FSPSM_ST_Internal) = %d\n", sizeof(FSPSM_ST_Internal)); - uCtx->internal = &g_internal; -#endif if (!uCtx->internal) { WOLFSSL_MSG("Failed to allocate memory for user ctx internal"); return MEMORY_E; diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h index 48be879a9..dc341bdce 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h @@ -46,7 +46,7 @@ typedef struct FSPSM_ST_Internal FSPSM_ST_Internal; typedef struct FSPSM_tag_ST { /* unique number for each session */ int devId; - + /* installed key handling */ /* aes */ FSPSM_W_KEYVAR wrapped_key_aes256; diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h index 89ad9ab67..4acf44e5a 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h @@ -180,7 +180,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz, void* ctx); - + WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, struct wc_CryptoInfo* info, void* ctx); WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify( From ba358b8fb8614c14fba09dc7216ce25420ba6a0d Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 17 Jul 2025 18:51:57 +0900 Subject: [PATCH 021/346] Sanity check before free --- wolfcrypt/src/port/Renesas/renesas_tsip_util.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index b9c7536da..2e57ba085 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -308,8 +308,10 @@ int tsip_TlsCleanup(struct WOLFSSL* ssl) /* free stored messages */ tsipFlushMessages(ssl); /* free internal structure */ - XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - tuc->internal = NULL; + if (tuc->internal) { + XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + tuc->internal = NULL; + } /* zero clear */ ForceZero(tuc, sizeof(TsipUserCtx)); From f3ee192a96b62e4f2247c72b64f3096f27c70cdd Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Thu, 17 Jul 2025 12:01:39 -0700 Subject: [PATCH 022/346] Set out ptr properly for RSA pad crypto cb inline --- wolfcrypt/src/rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 78c0c9ec4..a45339f34 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3601,6 +3601,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, ret = wc_CryptoCb_RsaPad(in, inLen, out, &outLen, rsa_type, key, rng, &padding); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + if (outPtr != NULL) { + *outPtr = out; + } if (ret == 0) { ret = (int)outLen; } From e57198805941edb916160aab2ac14babaf14a554 Mon Sep 17 00:00:00 2001 From: jordan Date: Thu, 17 Jul 2025 15:15:11 -0500 Subject: [PATCH 023/346] dual alg certs: fix dual alg certs build, and asn cleanup. --- src/ssl.c | 4 +- wolfcrypt/src/asn.c | 104 +++++++++++++++++++++------------------- wolfssl/wolfcrypt/asn.h | 4 ++ 3 files changed, 60 insertions(+), 52 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4191557cf..95efa2edb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7217,8 +7217,8 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WOLFSSL_SUCCESS && altDevId != INVALID_DEVID) { /* We have to decode the public key first */ word32 idx = 0; - /* Dilithium has the largest public key at the moment */ - word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; + /* Default to max pub key size. */ + word32 pubKeyLen = MAX_PUBLIC_KEY_SZ; byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (decodedPubKey == NULL) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ec34c9535..6e1c753b9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8954,9 +8954,8 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, #ifdef WOLFSSL_DUAL_ALG_CERTS if (checkAlt && der->sapkiDer != NULL) { /* We have to decode the public key first */ - word32 idx = 0; - /* Dilithium has the largest public key at the moment */ - word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; + /* Default to max pub key size. */ + word32 pubKeyLen = MAX_PUBLIC_KEY_SZ; byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (decodedPubKey == NULL) { @@ -8969,9 +8968,14 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, pubKeyLen = der->sapkiLen; } else { + #if defined(WC_ENABLE_ASYM_KEY_IMPORT) + word32 idx = 0; ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, der->sapkiLen, decodedPubKey, &pubKeyLen, der->sapkiOID); + #else + ret = NOT_COMPILED_IN; + #endif /* WC_ENABLE_ASYM_KEY_IMPORT */ } } if (ret == 0) { @@ -36917,10 +36921,11 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, #ifdef WC_ENABLE_ASYM_KEY_IMPORT #ifdef WOLFSSL_ASN_TEMPLATE -/* ASN.1 template for Ed25519 and Ed448 private key. +/* ASN.1 template for a general asymmetric private key: Ed25519, Ed448, + * falcon, dilithium, etc. * RFC 8410, 7 - Private Key Format (but public value is EXPLICIT OCTET_STRING) */ -static const ASNItem edKeyASN[] = { +static const ASNItem privateKeyASN[] = { /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* Version */ /* VER */ { 1, ASN_INTEGER, 0, 0, 0 }, @@ -36938,20 +36943,20 @@ static const ASNItem edKeyASN[] = { /* PUBKEY */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY, 0, 0, 1 }, }; enum { - EDKEYASN_IDX_SEQ = 0, - EDKEYASN_IDX_VER, - EDKEYASN_IDX_PKEYALGO_SEQ, - EDKEYASN_IDX_PKEYALGO_OID, - EDKEYASN_IDX_PKEY, - EDKEYASN_IDX_PKEY_CURVEPKEY, - EDKEYASN_IDX_PKEY_MLDSASEQ, - EDKEYASN_IDX_ATTRS, - EDKEYASN_IDX_PUBKEY + PRIVKEYASN_IDX_SEQ = 0, + PRIVKEYASN_IDX_VER, + PRIVKEYASN_IDX_PKEYALGO_SEQ, + PRIVKEYASN_IDX_PKEYALGO_OID, + PRIVKEYASN_IDX_PKEY, + PRIVKEYASN_IDX_PKEY_CURVEPKEY, + PRIVKEYASN_IDX_PKEY_MLDSASEQ, + PRIVKEYASN_IDX_ATTRS, + PRIVKEYASN_IDX_PUBKEY }; -/* Number of items in ASN.1 template for Ed25519 and Ed448 private key. */ -#define edKeyASN_Length (sizeof(edKeyASN) / sizeof(ASNItem)) -#endif +/* Number of items in ASN.1 template for private key. */ +#define privateKeyASN_Length (sizeof(privateKeyASN) / sizeof(ASNItem)) +#endif /* WOLFSSL_ASN_TEMPLATE */ #if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \ || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \ @@ -36971,8 +36976,8 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, const byte* pub; #else int ret = 0; - DECL_ASNGETDATA(dataASN, edKeyASN_Length); - CALLOC_ASNGETDATA(dataASN, edKeyASN_Length, ret, NULL); + DECL_ASNGETDATA(dataASN, privateKeyASN_Length); + CALLOC_ASNGETDATA(dataASN, privateKeyASN_Length, ret, NULL); #endif if (input == NULL || inOutIdx == NULL || inSz == 0 || @@ -37069,21 +37074,21 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, /* Explicit OID check - use expected type */ const byte* oidDerBytes = OidFromId((word32)*inOutKeyType, oidKeyType, &oidSz); - GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidDerBytes, + GetASN_ExpBuffer(&dataASN[PRIVKEYASN_IDX_PKEYALGO_OID], oidDerBytes, oidSz); } else { /* Auto-detect OID using template */ - GetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidKeyType); + GetASN_OID(&dataASN[PRIVKEYASN_IDX_PKEYALGO_OID], oidKeyType); } /* Parse full private key. */ - ret = GetASN_Items(edKeyASN, dataASN, edKeyASN_Length, 1, input, + ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1, input, inOutIdx, inSz); if (ret != 0) { /* Parse just the OCTET_STRING. */ - ret = GetASN_Items(&edKeyASN[EDKEYASN_IDX_PKEY_CURVEPKEY], - &dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], 1, 0, input, + ret = GetASN_Items(&privateKeyASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], + &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], 1, 0, input, inOutIdx, inSz); if (ret != 0) { ret = ASN_PARSE_E; @@ -37093,16 +37098,16 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, /* Store detected OID if requested */ if (ret == 0 && *inOutKeyType == ANONk) { *inOutKeyType = - (int)dataASN[EDKEYASN_IDX_PKEYALGO_OID].data.oid.sum; + (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum; } } - if (ret == 0 && dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { + if (ret == 0 && dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { /* Import private value. */ - *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; - *privKey = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; + *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; } else if (ret == 0 && - dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length != 0) { + dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length != 0) { if (*inOutKeyType != ML_DSA_LEVEL2k && *inOutKeyType != ML_DSA_LEVEL3k && *inOutKeyType != ML_DSA_LEVEL5k) { @@ -37110,11 +37115,11 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, } else { /* Import private value. */ - *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length; - *privKey = dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.data; + *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.data; } } - if ((ret == 0) && dataASN[EDKEYASN_IDX_PUBKEY].tag == 0) { + if ((ret == 0) && dataASN[PRIVKEYASN_IDX_PUBKEY].tag == 0) { /* Set public length to 0 as not seen. */ if (pubKeyLen != NULL) *pubKeyLen = 0; @@ -37122,9 +37127,9 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, else if (ret == 0) { /* Import public value. */ if (pubKeyLen != NULL) - *pubKeyLen = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length; + *pubKeyLen = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length; if (pubKey != NULL && pubKeyLen != NULL) - *pubKey = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data; + *pubKey = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.data; } FREE_ASNGETDATA(dataASN, NULL); @@ -37267,7 +37272,6 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, FREE_ASNGETDATA(dataASN, NULL); #endif /* WOLFSSL_ASN_TEMPLATE */ return ret; - } int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, @@ -37295,7 +37299,7 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, return ret; } -#endif +#endif /* HAVE_ED25519 || etc... || HAVE_DILITHIUM || HAVE_SPHINCS */ #endif /* WC_ENABLE_ASYM_KEY_IMPORT */ #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) @@ -37466,7 +37470,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz; #else - DECL_ASNSETDATA(dataASN, edKeyASN_Length); + DECL_ASNSETDATA(dataASN, privateKeyASN_Length); int sz = 0; #endif @@ -37525,32 +37529,32 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, } #else - CALLOC_ASNSETDATA(dataASN, edKeyASN_Length, ret, NULL); + CALLOC_ASNSETDATA(dataASN, privateKeyASN_Length, ret, NULL); if (ret == 0) { /* Set version = 0 */ - SetASN_Int8Bit(&dataASN[EDKEYASN_IDX_VER], 0); + SetASN_Int8Bit(&dataASN[PRIVKEYASN_IDX_VER], 0); /* Set OID. */ - SetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], (word32)keyType, + SetASN_OID(&dataASN[PRIVKEYASN_IDX_PKEYALGO_OID], (word32)keyType, oidKeyType); /* Leave space for private key. */ - SetASN_Buffer(&dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); + SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); /* Don't write out attributes. */ - dataASN[EDKEYASN_IDX_ATTRS].noOut = 1; + dataASN[PRIVKEYASN_IDX_ATTRS].noOut = 1; /* Don't write sequence. */ - dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].noOut = 1; + dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].noOut = 1; if (pubKey) { /* Leave space for public key. */ - SetASN_Buffer(&dataASN[EDKEYASN_IDX_PUBKEY], NULL, pubKeyLen); + SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PUBKEY], NULL, pubKeyLen); } else { /* Don't put out public part. */ - SetASNItem_NoOutNode(dataASN, edKeyASN, EDKEYASN_IDX_PUBKEY, - edKeyASN_Length); + SetASNItem_NoOutNode(dataASN, privateKeyASN, PRIVKEYASN_IDX_PUBKEY, + privateKeyASN_Length); } /* Calculate the size of encoding. */ - ret = SizeASN_Items(edKeyASN, dataASN, edKeyASN_Length, &sz); + ret = SizeASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, &sz); } /* Check buffer is big enough. */ @@ -37559,15 +37563,15 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, } if ((ret == 0) && (output != NULL)) { /* Encode private key. */ - SetASN_Items(edKeyASN, dataASN, edKeyASN_Length, output); + SetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, output); /* Put private value into space provided. */ - XMEMCPY((byte*)dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data, + XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data, privKey, privKeyLen); if (pubKey != NULL) { /* Put public value into space provided. */ - XMEMCPY((byte*)dataASN[EDKEYASN_IDX_PUBKEY].data.buffer.data, + XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PUBKEY].data.buffer.data, pubKey, pubKeyLen); } } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 03ebfd31d..a121ec911 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2341,14 +2341,18 @@ WOLFSSL_LOCAL int StoreDSAParams(byte*, word32*, const mp_int*, const mp_int*, WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); +#ifdef WC_ENABLE_ASYM_KEY_EXPORT WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, byte* output, word32 outLen, int keyType, int withHeader); +#endif /* WC_ENABLE_ASYM_KEY_EXPORT */ +#ifdef WC_ENABLE_ASYM_KEY_IMPORT WOLFSSL_LOCAL int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, const byte** pubKey, word32* pubKeyLen, int* keyType); WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, byte* pubKey, word32* pubKeyLen, int keyType); +#endif /* WC_ENABLE_ASYM_KEY_IMPORT */ #ifndef NO_CERTS From 70587dd2d593473ae63b6f36f85c1d5c63df82e5 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 18 Jul 2025 07:51:04 +0900 Subject: [PATCH 024/346] Addressed code review by devin --- wolfcrypt/src/port/Renesas/renesas_common.c | 5 ++-- .../src/port/Renesas/renesas_fspsm_aes.c | 2 +- .../src/port/Renesas/renesas_fspsm_util.c | 26 +++++++++++-------- .../port/Renesas/renesas_fspsm_internal.h | 2 +- 4 files changed, 20 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 8695633db..8152b5b62 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -88,7 +88,7 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_TlsCleanup(ssl); #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) - wc_fspsm_TlsCleanup(ssl); + ret = wc_fspsm_TlsCleanup(ssl); #endif WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret); @@ -699,7 +699,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; - if (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) { + if (cbInfo != NULL && cbInfo->internal != NULL && + cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) { switch(cbInfo->internal->side) { #endif case 1:/* ENCRYPT_SIDE_ONLY */ diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index 1fb11207a..3de502718 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -823,7 +823,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info, WOLFSSL_ENTER("wc_fspsm_AesCipher"); - if (info == NULL || ctx == NULL) { + if (info == NULL || cbInfo == NULL || cbInfo->internal == NULL) { return BAD_FUNC_ARG; } diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index d17865a22..0b429c475 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -224,7 +224,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, uint32_t sigSz, void* ctx) { int ret = WOLFSSL_FAILURE; - FSPSM_ST* cbInfo; + FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES]; byte *peerkey = NULL; @@ -232,11 +232,10 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, (void) sigSz; /* sanity check */ - if (ssl == NULL || sig == NULL || ctx == NULL) + if (ssl == NULL || sig == NULL || cbInfo == NULL || + cbInfo->internal == NULL) return ret; - cbInfo = (FSPSM_ST*)ctx; - /* export public peer public key */ ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen); WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen); @@ -246,7 +245,8 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, } /* make peer ecc key data for SCE */ /* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */ - peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL, DYNAMIC_TYPE_TMP_BUFFER); + peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (peerkey == NULL) { WOLFSSL_MSG("failed to malloc ecc key"); return WOLFSSL_FAILURE; @@ -404,7 +404,8 @@ int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, /* sanity check */ if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL || - out == NULL || outlen == NULL || ctx == NULL) + out == NULL || outlen == NULL || cbInfo == NULL|| + cbInfo->internal == NULL) return WOLFSSL_FAILURE; WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n", @@ -738,7 +739,7 @@ int wc_fspsm_generateSessionKey(WOLFSSL *ssl, uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0, ssl->options.cipherSuite); - if (ssl== NULL || cbInfo == NULL) + if (ssl== NULL || cbInfo == NULL || cbInfo->internal == NULL) return BAD_FUNC_ARG; @@ -1227,19 +1228,20 @@ WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx) /* * Clean up Renesas Ctx * ssl WOLFSSL object -* return none +* return 0 successful */ -void wc_fspsm_TlsCleanup(WOLFSSL* ssl) +int wc_fspsm_TlsCleanup(WOLFSSL* ssl) { + int ret = 0; FSPSM_ST* tuc = NULL; if (ssl == NULL) - return; + return ret; tuc = ssl->RenesasUserCtx; if (tuc == NULL) - return; + return ret; /* free internal structure */ if (tuc->internal) { XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1249,6 +1251,8 @@ void wc_fspsm_TlsCleanup(WOLFSSL* ssl) /* zero clear */ ForceZero(tuc, sizeof(FSPSM_ST)); ssl->RenesasUserCtx = NULL; + + return ret; } /* Set callback contexts needed for sce TLS api handling */ #if defined(WOLFSSL_RENESAS_SCEPROTECT) diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h index 4acf44e5a..ff7b6407c 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h @@ -154,7 +154,7 @@ typedef enum { struct WOLFSSL; struct Aes; -WOLFSSL_LOCAL void wc_fspsm_TlsCleanup(struct WOLFSSL* ssl); +WOLFSSL_LOCAL int wc_fspsm_TlsCleanup(struct WOLFSSL* ssl); WOLFSSL_LOCAL int wc_fspsm_Open(); WOLFSSL_LOCAL void wc_fspsm_Close(); WOLFSSL_LOCAL int wc_fspsm_hw_lock(); From 7a03b9fea639bd670cccf3c79734ec7265406162 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 18 Jul 2025 07:54:45 +0900 Subject: [PATCH 025/346] fix trailing whitespaces --- wolfcrypt/src/port/Renesas/renesas_common.c | 2 +- wolfcrypt/src/port/Renesas/renesas_fspsm_util.c | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 8152b5b62..94911d54c 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -699,7 +699,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; - if (cbInfo != NULL && cbInfo->internal != NULL && + if (cbInfo != NULL && cbInfo->internal != NULL && cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) { switch(cbInfo->internal->side) { #endif diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index 0b429c475..2dfd81946 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -1251,7 +1251,6 @@ int wc_fspsm_TlsCleanup(WOLFSSL* ssl) /* zero clear */ ForceZero(tuc, sizeof(FSPSM_ST)); ssl->RenesasUserCtx = NULL; - return ret; } /* Set callback contexts needed for sce TLS api handling */ From 8e4668722324ec1179250100deb0f2c772f8d126 Mon Sep 17 00:00:00 2001 From: jordan Date: Fri, 18 Jul 2025 09:30:17 -0500 Subject: [PATCH 026/346] dual alg certs: add missing WC_ENABLE_ASYM_KEY_IMPORT guard. --- src/ssl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 95efa2edb..e8b066826 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7216,7 +7216,6 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, #ifdef WOLF_PRIVATE_KEY_ID if (ret == WOLFSSL_SUCCESS && altDevId != INVALID_DEVID) { /* We have to decode the public key first */ - word32 idx = 0; /* Default to max pub key size. */ word32 pubKeyLen = MAX_PUBLIC_KEY_SZ; byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, @@ -7232,9 +7231,14 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, ret = 0; } else { + #if defined(WC_ENABLE_ASYM_KEY_IMPORT) + word32 idx = 0; ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, der->sapkiLen, decodedPubKey, &pubKeyLen, der->sapkiOID); + #else + ret = NOT_COMPILED_IN; + #endif /* WC_ENABLE_ASYM_KEY_IMPORT */ } } if (ret == 0) { From 06d86af67cfde1f6ce164126f8faac100f63b2e3 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Sat, 19 Jul 2025 16:59:15 -0400 Subject: [PATCH 027/346] Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects --- doc/dox_comments/header_files/pkcs7.h | 94 +++++++++ tests/api.c | 264 ++++++++++++++++++++++++++ tests/api/test_asn.c | 44 +++++ tests/api/test_asn.h | 4 +- wolfcrypt/src/asn.c | 55 ++++++ wolfcrypt/src/error.c | 3 + wolfcrypt/src/pkcs7.c | 107 ++++++++++- wolfssl/wolfcrypt/asn.h | 2 + wolfssl/wolfcrypt/error-crypt.h | 11 +- wolfssl/wolfcrypt/pkcs7.h | 10 +- 10 files changed, 585 insertions(+), 9 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index be5a75c43..801f96627 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -712,3 +712,97 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, */ int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, byte * pkiMsg, word32 pkiMsgSz, byte * output, word32 outputSz); + +/*! + \ingroup PKCS7 + + \brief This function provides access to a SymmetricKeyPackage attribute. + + \param[in] skp Input buffer containing the SymmetricKeyPackage object. + \param[in] skpSz Size of the SymmetricKeyPackage object. + \param[in] index Index of the attribute to access. + \param[out] attr Buffer in which to store the pointer to the requested + attribute object. + \param[out] attrSz Buffer in which to store the size of the requested + attribute object. + + \retval 0 The requested attribute has been successfully located. + attr and attrSz output variables are populated with the address and size of + the attribute. The attribute will be in the same buffer passed in via the + skp input pointer. + \retval BAD_FUNC_ARG One of the input parameters is invalid. + \retval ASN_PARSE_E An error was encountered parsing the input object. + \retval BAD_INDEX_E The requested attribute index was invalid. +*/ +int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, + word32 skpSz, size_t index, byte const ** attr, word32 * attrSz); + +/*! + \ingroup PKCS7 + + \brief This function provides access to a SymmetricKeyPackage key. + + \param[in] skp Input buffer containing the SymmetricKeyPackage object. + \param[in] skpSz Size of the SymmetricKeyPackage object. + \param[in] index Index of the key to access. + \param[out] key Buffer in which to store the pointer to the requested + key object. + \param[out] keySz Buffer in which to store the size of the requested + key object. + + \retval 0 The requested key has been successfully located. + key and keySz output variables are populated with the address and size of + the key. The key will be in the same buffer passed in via the + skp input pointer. + \retval BAD_FUNC_ARG One of the input parameters is invalid. + \retval ASN_PARSE_E An error was encountered parsing the input object. + \retval BAD_INDEX_E The requested key index was invalid. +*/ +int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, + word32 skpSz, size_t index, byte const ** key, word32 * keySz); + +/*! + \ingroup PKCS7 + + \brief This function provides access to a OneSymmetricKey attribute. + + \param[in] osk Input buffer containing the OneSymmetricKey object. + \param[in] oskSz Size of the OneSymmetricKey object. + \param[in] index Index of the attribute to access. + \param[out] attr Buffer in which to store the pointer to the requested + attribute object. + \param[out] attrSz Buffer in which to store the size of the requested + attribute object. + + \retval 0 The requested attribute has been successfully located. + attr and attrSz output variables are populated with the address and size of + the attribute. The attribute will be in the same buffer passed in via the + osk input pointer. + \retval BAD_FUNC_ARG One of the input parameters is invalid. + \retval ASN_PARSE_E An error was encountered parsing the input object. + \retval BAD_INDEX_E The requested attribute index was invalid. +*/ +int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, + word32 oskSz, size_t index, byte const ** attr, word32 * attrSz); + +/*! + \ingroup PKCS7 + + \brief This function provides access to a OneSymmetricKey key. + + \param[in] osk Input buffer containing the OneSymmetricKey object. + \param[in] oskSz Size of the OneSymmetricKey object. + \param[out] key Buffer in which to store the pointer to the requested + key object. + \param[out] keySz Buffer in which to store the size of the requested + key object. + + \retval 0 The requested key has been successfully located. + key and keySz output variables are populated with the address and size of + the key. The key will be in the same buffer passed in via the + osk input pointer. + \retval BAD_FUNC_ARG One of the input parameters is invalid. + \retval ASN_PARSE_E An error was encountered parsing the input object. +*/ +int wc_PKCS7_DecodeOneSymmetricKeyKey(byte const * osk, + word32 oskSz, byte const ** key, word32 * keySz); diff --git a/tests/api.c b/tests/api.c index 92272d02e..5a5bef57a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18461,6 +18461,268 @@ static int test_wc_PKCS7_DecodeEncryptedKeyPackage(void) } /* END test_wc_PKCS7_DecodeEncryptedKeyPackage() */ +/* + * Test wc_PKCS7_DecodeSymmetricKeyPackage(). + */ +static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + byte const * item; + word32 itemSz; + int ret; + + { + static const byte one_key[] = { + 0x30, 0x08, + 0x02, 0x01, 0x01, + 0x30, 0x03, + 0x02, 0x01, 0x01, + }; + /* NULL input data pointer */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + NULL, sizeof(one_key), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output item pointer */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 0, NULL, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output size pointer */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 0, &item, NULL); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid key index 0 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &one_key[7]); + ExpectIntEQ(itemSz, 3); + + /* Key index 1 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 1, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Attribute index 0 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + one_key, sizeof(one_key), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Attribute index 1 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + one_key, sizeof(one_key), 1, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + } + + /* Invalid SKP SEQUENCE header. */ + { + static const byte bad_seq_header[] = { + 0x02, 0x01, 0x42, + }; + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + bad_seq_header, sizeof(bad_seq_header), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + + /* Missing version object */ + { + static const byte missing_version[] = { + 0x30, 0x05, + 0x30, 0x03, + 0x02, 0x01, 0x01, + }; + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + missing_version, sizeof(missing_version), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + + /* Invalid version number */ + { + static const byte bad_version[] = { + 0x30, 0x08, + 0x02, 0x01, 0x00, + 0x30, 0x03, + 0x02, 0x01, 0x01, + }; + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + bad_version, sizeof(bad_version), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + + { + static const byte key3_attr2[] = { + 0x30, 0x18, + 0x02, 0x01, 0x01, + 0xA0, 0x08, + 0x30, 0x06, + 0x02, 0x01, 0x40, + 0x02, 0x01, 0x41, + 0x30, 0x09, + 0x02, 0x01, 0x0A, + 0x02, 0x01, 0x0B, + 0x02, 0x01, 0x0C, + }; + + /* Valid attribute index 0 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[9]); + ExpectIntEQ(itemSz, 3); + + /* Valid attribute index 1 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[12]); + ExpectIntEQ(itemSz, 3); + + /* Attribute index 2 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Valid key index 0 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[17]); + ExpectIntEQ(itemSz, 3); + + /* Valid key index 1 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[20]); + ExpectIntEQ(itemSz, 3); + + /* Valid key index 2 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[23]); + ExpectIntEQ(itemSz, 3); + + /* Key index 3 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 3, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + } +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_DecodeSymmetricKeyPackage() */ + + +/* + * Test wc_PKCS7_DecodeOneSymmetricKey(). + */ +static int test_wc_PKCS7_DecodeOneSymmetricKey(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + byte const * item; + word32 itemSz; + int ret; + + { + static const byte key1_attr2[] = { + 0x30, 0x0E, + 0x30, 0x06, + 0x02, 0x01, 0x0A, + 0x02, 0x01, 0x0B, + 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD + }; + + /* NULL input data pointer */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + NULL, sizeof(key1_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output pointer */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 0, NULL, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output size pointer */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 0, &item, NULL); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid attribute 0 access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key1_attr2[4]); + ExpectIntEQ(itemSz, 3); + + /* Valid attribute 1 access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 1, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key1_attr2[7]); + ExpectIntEQ(itemSz, 3); + + /* Attribute index 2 out of range */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 2, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Valid key access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyKey( + key1_attr2, sizeof(key1_attr2), &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key1_attr2[12]); + ExpectIntEQ(itemSz, 4); + } + + { + static const byte no_attrs[] = { + 0x30, 0x06, + 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD + }; + + /* Attribute index 0 out of range */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + no_attrs, sizeof(no_attrs), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Valid key access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyKey( + no_attrs, sizeof(no_attrs), &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &no_attrs[4]); + ExpectIntEQ(itemSz, 4); + } + + { + static const byte key0_attr2[] = { + 0x30, 0x08, + 0x30, 0x06, + 0x02, 0x01, 0x0A, + 0x02, 0x01, 0x0B, + }; + + /* Valid attribute 0 access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key0_attr2, sizeof(key0_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key0_attr2[4]); + ExpectIntEQ(itemSz, 3); + + /* Invalid key access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyKey( + key0_attr2, sizeof(key0_attr2), &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_DecodeOneSymmetricKey() */ + + /* * Testing wc_PKCS7_Degenerate() */ @@ -67937,6 +68199,8 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData), TEST_DECL(test_wc_PKCS7_EncodeEncryptedData), TEST_DECL(test_wc_PKCS7_DecodeEncryptedKeyPackage), + TEST_DECL(test_wc_PKCS7_DecodeSymmetricKeyPackage), + TEST_DECL(test_wc_PKCS7_DecodeOneSymmetricKey), TEST_DECL(test_wc_PKCS7_Degenerate), TEST_DECL(test_wc_PKCS7_BER), TEST_DECL(test_wc_PKCS7_signed_enveloped), diff --git a/tests/api/test_asn.c b/tests/api/test_asn.c index afd1fdfe2..2c36989c0 100644 --- a/tests/api/test_asn.c +++ b/tests/api/test_asn.c @@ -177,3 +177,47 @@ int test_SetShortInt(void) return EXPECT_RESULT(); } + + +int test_IndexSequenceOf(void) +{ + EXPECT_DECLS; + +#ifndef NO_ASN + static const byte int_seq[] = { + 0x30, 0x0A, + 0x02, 0x01, 0x0A, + 0x02, 0x02, 0x00, 0xF0, + 0x02, 0x01, 0x7F, + }; + static const byte bad_seq[] = { + 0xA0, 0x01, 0x01, + }; + static const byte empty_seq[] = { + 0x30, 0x00, + }; + + byte const * element; + word32 elementSz; + + ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 0U, &element, &elementSz), 0); + ExpectPtrEq(element, &int_seq[2]); + ExpectIntEQ(elementSz, 3); + + ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 1U, &element, &elementSz), 0); + ExpectPtrEq(element, &int_seq[5]); + ExpectIntEQ(elementSz, 4); + + ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 2U, &element, &elementSz), 0); + ExpectPtrEq(element, &int_seq[9]); + ExpectIntEQ(elementSz, 3); + + ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 3U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); + + ExpectIntEQ(IndexSequenceOf(bad_seq, sizeof(bad_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(ASN_PARSE_E)); + + ExpectIntEQ(IndexSequenceOf(empty_seq, sizeof(empty_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); +#endif + + return EXPECT_RESULT(); +} diff --git a/tests/api/test_asn.h b/tests/api/test_asn.h index 2fad6d644..b73da7bb2 100644 --- a/tests/api/test_asn.h +++ b/tests/api/test_asn.h @@ -25,8 +25,10 @@ #include int test_SetShortInt(void); +int test_IndexSequenceOf(void); #define TEST_ASN_DECLS \ - TEST_DECL_GROUP("asn", test_SetShortInt) \ + TEST_DECL_GROUP("asn", test_SetShortInt), \ + TEST_DECL_GROUP("asn", test_IndexSequenceOf) #endif /* WOLFCRYPT_TEST_ASN_H */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ec34c9535..c5767aca5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2570,6 +2570,61 @@ int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, maxIdx, check); } +/** + * Index a SEQUENCE OF object to get to a specific element. + * + * @param[in] seqOf Buffer holding DER/BER SEQUENCE OF object. + * @param[in] seqOfSz Size of the seqOf SEQUENCE OF object. + * @param[in] seqIndex Index of the SEQUENCE OF element being requested. + * @param[out] out Buffer in which to store pointer to the th element + * of the SEQUENCE OF object. + * @param[out] outSz Buffer in which to store the length of the th + * element of the SEQUENCE OF object. + * + * @retval 0 on success. + * @retval BUFFER_E when there is not enough data to parse. + * @retval BAD_INDEX_E when the given seqIndex is out of range. + * @retval ASN_PARSE_E when the seqOf is not in the expected format. + */ +int IndexSequenceOf(byte const * seqOf, word32 seqOfSz, size_t seqIndex, + byte const ** out, word32 * outSz) +{ + int length; + word32 seqOfIdx = 0U; + byte tagFound; + size_t i; + word32 elementIdx = 0U; + + /* Validate the SEQUENCE OF header. */ + if (GetSequence(seqOf, &seqOfIdx, &length, seqOfSz) < 0) + return ASN_PARSE_E; + + seqOfSz = seqOfIdx + (word32)length; + + for (i = 0U; i <= seqIndex; i++) { + if (seqOfIdx >= seqOfSz) + return BAD_INDEX_E; + + elementIdx = seqOfIdx; + + /* Validate the element tag. */ + if (GetASNTag(seqOf, &seqOfIdx, &tagFound, seqOfSz) != 0) + return ASN_PARSE_E; + + /* Validate and get the element's encoded length. */ + if (GetLength(seqOf, &seqOfIdx, &length, seqOfSz) < 0) + return ASN_PARSE_E; + + seqOfIdx += (word32)length; + } + + /* If the tag and length checks above passed then we've found the requested + * element and validated it fits within seqOfSz. */ + *out = &seqOf[elementIdx]; + *outSz = (seqOfIdx - elementIdx); + return 0; +} + /* Decode the header of a BER/DER encoded SET. * * @param [in] input Buffer holding DER/BER encoded data. diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 014345a1a..3713dbaed 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -650,6 +650,9 @@ const char* wc_GetErrorString(int error) case WC_ACCEL_INHIBIT_E: return "Crypto acceleration is currently inhibited"; + case BAD_INDEX_E: + return "Bad index"; + case MAX_CODE_E: case WC_SPAN1_MIN_CODE_E: case MIN_CODE_E: diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 1b4fcf687..16f9b7927 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -15305,6 +15305,112 @@ int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ +static int wc_PKCS7_DecodeSymmetricKeyPackage(byte const * skp, word32 skpSz, + size_t index, byte const ** out, word32 * outSz, int getKey) +{ + word32 skpIndex = 0; + int length = 0; + int version = 0; + + if (skp == NULL || out == NULL || outSz == NULL) + return BAD_FUNC_ARG; + + /* Expect a SEQUENCE header to start the SymmetricKeyPackage object. */ + if (GetSequence(skp, &skpIndex, &length, skpSz) < 0) + return ASN_PARSE_E; + + /* Expect version v1 */ + if (GetMyVersion(skp, &skpIndex, &version, skpSz) < 0) + return ASN_PARSE_E; + + if (version != 1) + return ASN_PARSE_E; + + if (GetASNHeader(skp, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, + &skpIndex, &length, skpSz) >= 0) { + /* sKeyPkgAttrs [0] tag found so there are attributes present. */ + if (getKey != 0) { + /* Key was requested, not attribute, so skip the attributes. */ + skpIndex += (word32)length; + } + else { + /* sKeyPkgAttrs is present at &skp[skpIndex], length in length */ + return IndexSequenceOf(&skp[skpIndex], (word32)length, index, out, outSz); + } + } + + if (getKey == 0) { + /* An attribute was requested, but none are present. */ + return BAD_INDEX_E; + } + + /* sKeys is present at &skp[skpIndex]. */ + return IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index, out, outSz); +} + +int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, + word32 skpSz, size_t index, byte const ** attr, word32 * attrSz) +{ + return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, attr, attrSz, 0); +} + +int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, + word32 skpSz, size_t index, byte const ** key, word32 * keySz) +{ + return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, key, keySz, 1); +} + +int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, + word32 oskSz, size_t index, byte const ** attr, word32 * attrSz) +{ + word32 oskIndex = 0; + word32 tmpIndex; + int length = 0; + + if (osk == NULL || attr == NULL || attrSz == NULL) + return BAD_FUNC_ARG; + + /* Expect a SEQUENCE header to start the OneSymmetricKey object. */ + if (GetSequence(osk, &oskIndex, &length, oskSz) < 0) + return ASN_PARSE_E; + + tmpIndex = oskIndex; + + if (GetSequence(osk, &tmpIndex, &length, oskSz) < 0) { + /* sKeyAttrs is not present. */ + return BAD_INDEX_E; + } + + /* Index the sKeyAttrs SEQUENCE OF object with the given index. */ + return IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr, attrSz); +} + +int wc_PKCS7_DecodeOneSymmetricKeyKey(byte const * osk, + word32 oskSz, byte const ** key, word32 * keySz) +{ + word32 oskIndex = 0; + int length = 0; + + if (osk == NULL || key == NULL || keySz == NULL) + return BAD_FUNC_ARG; + + /* Expect a SEQUENCE header to start the OneSymmetricKey object. */ + if (GetSequence(osk, &oskIndex, &length, oskSz) < 0) + return ASN_PARSE_E; + + if (GetSequence(osk, &oskIndex, &length, oskSz) >= 0) { + /* sKeyAttrs is present. Skip it. */ + oskIndex += (word32)length; + } + + if (GetASNHeader(osk, ASN_OCTET_STRING, &oskIndex, &length, oskSz) < 0) + return ASN_PARSE_E; + + *key = &osk[oskIndex]; + *keySz = (word32)length; + return 0; +} + #else /* HAVE_PKCS7 */ @@ -15315,4 +15421,3 @@ int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, #endif /* HAVE_PKCS7 */ - diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 03ebfd31d..79089227a 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2219,6 +2219,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check); +WOLFSSL_TEST_VIS int IndexSequenceOf(byte const * seqOf, word32 seqOfSz, + size_t seqIndex, byte const ** out, word32 * outSz); WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len, diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index d95e5277a..87692ddce 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -305,14 +305,13 @@ enum wolfCrypt_ErrorCodes { DEADLOCK_AVERTED_E = -1000, /* Deadlock averted -- retry the call */ ASCON_AUTH_E = -1001, /* ASCON Authentication check failure */ WC_ACCEL_INHIBIT_E = -1002, /* Crypto acceleration is currently inhibited */ + BAD_INDEX_E = -1003, /* Bad index */ + + WC_SPAN2_LAST_E = -1003, /* Update to indicate last used error code */ + WC_LAST_E = -1003, /* the last code used either here or in + * error-ssl.h */ - WC_SPAN2_LAST_E = -1002, /* Update to indicate last used error code */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ - - WC_LAST_E = -1002, /* the last code used either here or in - * error-ssl.h - */ - MIN_CODE_E = -1999 /* the last code allocated either here or in * error-ssl.h */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 011fec9a3..8a8eed11f 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -552,10 +552,18 @@ WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 outputSz); #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ +WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, + word32 skpSz, size_t index, byte const ** attr, word32 * attrSz); +WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, + word32 skpSz, size_t index, byte const ** key, word32 * keySz); +WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, + word32 oskSz, size_t index, byte const ** attr, word32 * attrSz); +WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyKey(byte const * osk, + word32 oskSz, byte const ** key, word32 * keySz); + #ifdef __cplusplus } /* extern "C" */ #endif #endif /* HAVE_PKCS7 */ #endif /* WOLF_CRYPT_PKCS7_H */ - From 2e25c65129132075c6a2a9a7d75fd5b420c03e67 Mon Sep 17 00:00:00 2001 From: Albert Ribes Date: Mon, 21 Jul 2025 10:34:19 +0200 Subject: [PATCH 028/346] wolfcrypt test: Fix build on 32 bit machines Declare a 64 bit variable using W64LIT to avoid warnings on 32 bit machines --- wolfcrypt/test/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a47809b16..c05cb23cd 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13171,7 +13171,7 @@ static wc_test_ret_t aes_xts_sector_test(void) 0x24, 0xe7, 0x3d, 0x6f }; - word64 s3 = 0x000000ffffffffff; + word64 s3 = W64LIT(0x000000ffffffffff); #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) From b2463f167c237953e16a999474674365d38ccd4a Mon Sep 17 00:00:00 2001 From: Albert Ribes Date: Mon, 21 Jul 2025 10:57:50 +0200 Subject: [PATCH 029/346] Avoid bogus warning on uninitialized variables on old versions of GCC gcc-4.3.3 erroneously complains that some variables may be used uninitialized. Silence it assigning NULL on declaration, as is already done with many other variables. --- src/ssl.c | 2 +- tests/api.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4191557cf..cecc7feba 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3855,7 +3855,7 @@ WOLFSSL_ABI int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, word32 protocol_name_listSz, byte options) { - char *list, *ptr, **token; + char *list, *ptr = NULL, **token; word16 len; int idx = 0; int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); diff --git a/tests/api.c b/tests/api.c index 92272d02e..f0b1169f8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -47339,7 +47339,7 @@ static int test_sk_X509_CRL(void) #endif WOLFSSL_X509_REVOKED revoked; WOLFSSL_ASN1_INTEGER* asnInt = NULL; - const WOLFSSL_ASN1_INTEGER* sn; + const WOLFSSL_ASN1_INTEGER* sn = NULL; #if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \ !defined(NO_BIO) @@ -56468,7 +56468,7 @@ static int test_wolfSSL_EC_KEY_private_key(void) WOLFSSL_EC_KEY* key = NULL; WOLFSSL_BIGNUM* priv = NULL; WOLFSSL_BIGNUM* priv2 = NULL; - WOLFSSL_BIGNUM* bn; + WOLFSSL_BIGNUM* bn = NULL; ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); ExpectNotNull(priv = wolfSSL_BN_new()); From 6f8e0f128a89a5ede72e9db3a4b4c1be623fd39b Mon Sep 17 00:00:00 2001 From: Albert Ribes Date: Mon, 21 Jul 2025 12:34:39 +0200 Subject: [PATCH 030/346] Support CFLAGS="-Wno-shadow" Avoid appending "-Wshadow" in the end of compiler flags if the user provided CFLAGS="-Wno-shadow" --- m4/ax_harden_compiler_flags.m4 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index d4377a70e..f33e00748 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -145,7 +145,9 @@ AX_APPEND_COMPILE_FLAGS([-Wpointer-arith],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wpointer-sign],,[$ax_append_compile_cflags_extra]) dnl AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cflags_extra]) - AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cflags_extra]) + AS_CASE([$CFLAGS], [*-Wno-shadow*], [], [ + AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cflags_extra]) + ]) AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wsign-compare],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1],,[$ax_append_compile_cflags_extra]) @@ -207,7 +209,9 @@ dnl AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cflags AX_APPEND_COMPILE_FLAGS([-Woverloaded-virtual],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wpointer-arith],,[$ax_append_compile_cxxflags_extra]) dnl AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cxxflags_extra]) - AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cxxflags_extra]) + AS_CASE([$CFLAGS], [*-Wno-shadow*], [], [ + AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cxxflags_extra]) + ]) AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wsign-compare],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1],,[$ax_append_compile_cxxflags_extra]) From 90bd374c166676b4e79345b79878ece990adbca6 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Fri, 11 Jul 2025 12:48:12 -0600 Subject: [PATCH 031/346] Add logic to match IPv6 domain addresses --- src/internal.c | 39 +++++++++++++++++++++++++++++++++++++++ wolfssl/wolfio.h | 3 +++ 2 files changed, 42 insertions(+) diff --git a/src/internal.c b/src/internal.c index c74bcf36f..d8f1d0ba9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12947,6 +12947,39 @@ int CipherRequires(byte first, byte second, int requirement) #endif /* !NO_TLS */ #ifndef NO_CERTS +#ifdef WOLFSSL_IP_ALT_NAME +static int MatchIPv6(const char* pattern, int patternLen, + const char* str, word32 strLen) +{ + WOLFSSL_SOCKADDR_IN6 addr1, addr2; + char patBuf[WOLFSSL_MAX_IPSTR] = {0}; + char strBuf[WOLFSSL_MAX_IPSTR] = {0}; + + if ((word32)patternLen >= sizeof(patBuf) || strLen >= sizeof(strBuf)) + return 0; + + XMEMSET(patBuf, 0, WOLFSSL_MAX_IPSTR); + XMEMSET(strBuf, 0, WOLFSSL_MAX_IPSTR); + + /* Make sure strings are null-terminated and safely copied */ + XMEMCPY(patBuf, pattern, patternLen); + patBuf[patternLen] = '\0'; + XMEMCPY(strBuf, str, strLen); + strBuf[strLen] = '\0'; + + XMEMSET(&addr1, 0, sizeof(addr1)); + XMEMSET(&addr2, 0, sizeof(addr2)); + + /* Try parsing both as IPv6 */ + if (XINET_PTON(WOLFSSL_IP6, patBuf, &addr1) != 1) + return 0; + if (XINET_PTON(WOLFSSL_IP6, strBuf, &addr2) != 1) + return 0; + + /* Compare raw address bytes */ + return XMEMCMP(&addr1, &addr2, sizeof(WOLFSSL_SOCKADDR_IN6)) == 0; +} +#endif /* Match names with wildcards, each wildcard can represent a single name component or fragment but not multiple names, i.e., @@ -12966,6 +12999,12 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) return 0; +#ifdef WOLFSSL_IP_ALT_NAME + /* First try to match IPv6 addresses */ + if (MatchIPv6(pattern, patternLen, str, strLen)) + return 1; +#endif + while (patternLen > 0) { /* Get the next pattern char to evaluate */ char p = (char)XTOLOWER((unsigned char)*pattern); diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 0673b88ad..b5330bed1 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -959,6 +959,9 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); #define WOLFSSL_IP6 AF_INET6 #endif +#ifndef WOLFSSL_SOCKADDR_IN6 + #define WOLFSSL_SOCKADDR_IN6 struct sockaddr_in6 +#endif #ifdef __cplusplus } /* extern "C" */ From f9afdfd8e2ef21f443b7935f68c96900cf8d8b25 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Fri, 11 Jul 2025 13:11:08 -0600 Subject: [PATCH 032/346] Don't need to initialize with {0} --- src/internal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index d8f1d0ba9..3488b5612 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12952,8 +12952,8 @@ static int MatchIPv6(const char* pattern, int patternLen, const char* str, word32 strLen) { WOLFSSL_SOCKADDR_IN6 addr1, addr2; - char patBuf[WOLFSSL_MAX_IPSTR] = {0}; - char strBuf[WOLFSSL_MAX_IPSTR] = {0}; + char patBuf[WOLFSSL_MAX_IPSTR]; + char strBuf[WOLFSSL_MAX_IPSTR]; if ((word32)patternLen >= sizeof(patBuf) || strLen >= sizeof(strBuf)) return 0; From b306e88d1a61df4bddec583d4c2cb7153a221d52 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Fri, 11 Jul 2025 15:44:26 -0600 Subject: [PATCH 033/346] Guard for WOLFSSL_USER_IO case --- src/internal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index 3488b5612..e9ea3f3cf 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12947,7 +12947,7 @@ int CipherRequires(byte first, byte second, int requirement) #endif /* !NO_TLS */ #ifndef NO_CERTS -#ifdef WOLFSSL_IP_ALT_NAME +#if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO) static int MatchIPv6(const char* pattern, int patternLen, const char* str, word32 strLen) { @@ -12979,7 +12979,7 @@ static int MatchIPv6(const char* pattern, int patternLen, /* Compare raw address bytes */ return XMEMCMP(&addr1, &addr2, sizeof(WOLFSSL_SOCKADDR_IN6)) == 0; } -#endif +#endif /* WOLFSSL_IP_ALT_NAME && !WOLFSSL_USER_IO */ /* Match names with wildcards, each wildcard can represent a single name component or fragment but not multiple names, i.e., @@ -12999,7 +12999,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) return 0; -#ifdef WOLFSSL_IP_ALT_NAME +#if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO) /* First try to match IPv6 addresses */ if (MatchIPv6(pattern, patternLen, str, strLen)) return 1; From 8df20d6966bab1daa0dcd664a6d49f3815058f81 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Mon, 21 Jul 2025 10:45:43 -0600 Subject: [PATCH 034/346] Check that u value isn't zero in RsaFunctionPrivate --- wolfcrypt/src/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 78c0c9ec4..29275e101 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2593,7 +2593,7 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng) } #else if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) || - mp_iszero(&key->dP) || mp_iszero(&key->dQ))) { + mp_iszero(&key->dP) || mp_iszero(&key->dQ) || mp_iszero(&key->u))) { if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) { ret = MP_EXPTMOD_E; } From 98c70fb77e3673864370e0cac742febd6b91e968 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 21 Jul 2025 15:15:31 -0600 Subject: [PATCH 035/346] fix mldsa test case for buffer size and expire date --- tests/api/test_mldsa.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 52c7076c1..873a085c9 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -16820,7 +16820,10 @@ int test_mldsa_pkcs12(void) const word32 inKeyMaxSz = inKeyHeaderSz + DILITHIUM_MAX_PRV_KEY_SIZE; const word32 certConstSz = 412; const word32 inCertMaxSz = - certConstSz + DILITHIUM_MAX_SIG_SIZE + DILITHIUM_MAX_PUB_KEY_SIZE; + certConstSz + DILITHIUM_MAX_PUB_KEY_SIZE + + WOLFSSL_ASN_MAX_LENGTH_SZ + DILITHIUM_MAX_SIG_SIZE; + /* max signature size + ASN1 encoding */ + const word32 pkcs8HeaderSz = 24; WC_RNG rng; dilithium_key mldsa_key; @@ -16913,7 +16916,7 @@ int test_mldsa_pkcs12(void) XSTRNCPY((char*)cert.beforeDate, "\x18\x0f""20250101000000Z", CTC_DATE_SIZE); cert.beforeDateSz = 17; - XSTRNCPY((char*)cert.afterDate, "\x18\x0f""20493112115959Z", + XSTRNCPY((char*)cert.afterDate, "\x18\x0f""20491231115959Z", CTC_DATE_SIZE); cert.afterDateSz = 17; cert.selfSigned = 1; From 0495f2cc209af8ba0ea2f4f335899b528559c8ee Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 21 Jul 2025 19:34:00 -0500 Subject: [PATCH 036/346] linuxkm/linuxkm_wc_port.h: add WC_LKM_INDIRECT_SYM() macro; on x86, use wolfssl_linuxkm_pie_redirect_table directly for indirect calls from PIE container, otherwise use wolfssl_linuxkm_get_pie_redirect_table() to avoid e.g. R_AARCH64_LD64_GOT_LO12_NC relocations; linuxkm/Kbuild: remove -fno-stack-protector from default PIE_FLAGS. --- linuxkm/Kbuild | 5 +- linuxkm/linuxkm_wc_port.h | 147 ++++++++++++++++++++------------------ wolfcrypt/src/wc_port.c | 8 +-- 3 files changed, 85 insertions(+), 75 deletions(-) diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 282bd7ad0..931335162 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -101,7 +101,7 @@ $(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS $(obj)/wolfcrypt/src/aes.o: ccflags-y = $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS) ifeq "$(ENABLED_LINUXKM_PIE)" "yes" - PIE_FLAGS := -fPIE -fno-stack-protector -fno-toplevel-reorder + PIE_FLAGS := -fPIE -fno-toplevel-reorder PIE_SUPPORT_FLAGS := -DUSE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE ifeq "$(KERNEL_ARCH_X86)" "yes" PIE_FLAGS += -mcmodel=small @@ -121,7 +121,8 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" endif $(WOLFCRYPT_PIE_FILES): ccflags-y += $(PIE_SUPPORT_FLAGS) $(PIE_FLAGS) $(WOLFCRYPT_PIE_FILES): ccflags-remove-y += -pg - # disabling retpoline generation leads to profuse warnings without this: + # using inline retpolines leads to "unannotated intra-function call" + # warnings from objtool without this: $(WOLFCRYPT_PIE_FILES): OBJECT_FILES_NON_STANDARD := y $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS) endif diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 214eccf04..c6bece99c 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -867,136 +867,145 @@ }; extern const struct wolfssl_linuxkm_pie_redirect_table *wolfssl_linuxkm_get_pie_redirect_table(void); + extern struct wolfssl_linuxkm_pie_redirect_table wolfssl_linuxkm_pie_redirect_table; + + #if defined(CONFIG_X86) + #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_pie_redirect_table.x) + #elif defined(CONFIG_ARM64) + #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_get_pie_redirect_table()->x) + #else + #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_get_pie_redirect_table()->x) + #endif #ifdef __PIE__ #ifndef __ARCH_MEMCMP_NO_REDIRECT - #define memcmp (wolfssl_linuxkm_get_pie_redirect_table()->memcmp) + #define memcmp WC_LKM_INDIRECT_SYM(memcmp) #endif #ifndef __ARCH_MEMCPY_NO_REDIRECT - #define memcpy (wolfssl_linuxkm_get_pie_redirect_table()->memcpy) + #define memcpy WC_LKM_INDIRECT_SYM(memcpy) #endif #ifndef __ARCH_MEMSET_NO_REDIRECT - #define memset (wolfssl_linuxkm_get_pie_redirect_table()->memset) + #define memset WC_LKM_INDIRECT_SYM(memset) #endif #ifndef __ARCH_MEMMOVE_NO_REDIRECT - #define memmove (wolfssl_linuxkm_get_pie_redirect_table()->memmove) + #define memmove WC_LKM_INDIRECT_SYM(memmove) #endif #ifndef __ARCH_STRCMP_NO_REDIRECT - #define strcmp (wolfssl_linuxkm_get_pie_redirect_table()->strcmp) + #define strcmp WC_LKM_INDIRECT_SYM(strcmp) #endif #ifndef __ARCH_STRNCMP_NO_REDIRECT - #define strncmp (wolfssl_linuxkm_get_pie_redirect_table()->strncmp) + #define strncmp WC_LKM_INDIRECT_SYM(strncmp) #endif #ifndef __ARCH_STRCASECMP_NO_REDIRECT - #define strcasecmp (wolfssl_linuxkm_get_pie_redirect_table()->strcasecmp) + #define strcasecmp WC_LKM_INDIRECT_SYM(strcasecmp) #endif #ifndef __ARCH_STRNCASECMP_NO_REDIRECT - #define strncasecmp (wolfssl_linuxkm_get_pie_redirect_table()->strncasecmp) + #define strncasecmp WC_LKM_INDIRECT_SYM(strncasecmp) #endif #ifndef __ARCH_STRLEN_NO_REDIRECT - #define strlen (wolfssl_linuxkm_get_pie_redirect_table()->strlen) + #define strlen WC_LKM_INDIRECT_SYM(strlen) #endif #ifndef __ARCH_STRSTR_NO_REDIRECT - #define strstr (wolfssl_linuxkm_get_pie_redirect_table()->strstr) + #define strstr WC_LKM_INDIRECT_SYM(strstr) #endif #ifndef __ARCH_STRNCPY_NO_REDIRECT - #define strncpy (wolfssl_linuxkm_get_pie_redirect_table()->strncpy) + #define strncpy WC_LKM_INDIRECT_SYM(strncpy) #endif #ifndef __ARCH_STRNCAT_NO_REDIRECT - #define strncat (wolfssl_linuxkm_get_pie_redirect_table()->strncat) + #define strncat WC_LKM_INDIRECT_SYM(strncat) #endif - #define kstrtoll (wolfssl_linuxkm_get_pie_redirect_table()->kstrtoll) + #define kstrtoll WC_LKM_INDIRECT_SYM(kstrtoll) #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)) || \ (defined(RHEL_MAJOR) && \ ((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5)))) - #define _printk (wolfssl_linuxkm_get_pie_redirect_table()->_printk) + #define _printk WC_LKM_INDIRECT_SYM(_printk) #else - #define printk (wolfssl_linuxkm_get_pie_redirect_table()->printk) + #define printk WC_LKM_INDIRECT_SYM(printk) #endif #ifdef CONFIG_FORTIFY_SOURCE - #define __warn_printk (wolfssl_linuxkm_get_pie_redirect_table()->__warn_printk) + #define __warn_printk WC_LKM_INDIRECT_SYM(__warn_printk) #endif - #define snprintf (wolfssl_linuxkm_get_pie_redirect_table()->snprintf) + #define snprintf WC_LKM_INDIRECT_SYM(snprintf) - #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype) + #define _ctype WC_LKM_INDIRECT_SYM(_ctype) #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) /* see include/linux/alloc_tag.h and include/linux/slab.h */ - #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof) - #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof) - #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof) - #define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof) - #define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof) - #define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof) + #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof) + #define krealloc_noprof WC_LKM_INDIRECT_SYM(krealloc_noprof) + #define kzalloc_noprof WC_LKM_INDIRECT_SYM(kzalloc_noprof) + #define __kvmalloc_node_noprof WC_LKM_INDIRECT_SYM(__kvmalloc_node_noprof) + #define __kmalloc_cache_noprof WC_LKM_INDIRECT_SYM(__kmalloc_cache_noprof) + #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof) #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) /* see include/linux/alloc_tag.h and include/linux/slab.h */ - #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof) - #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof) - #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof) - #define kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node_noprof) - #define kmalloc_trace_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace_noprof) - #define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof) + #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof) + #define krealloc_noprof WC_LKM_INDIRECT_SYM(krealloc_noprof) + #define kzalloc_noprof WC_LKM_INDIRECT_SYM(kzalloc_noprof) + #define kvmalloc_node_noprof WC_LKM_INDIRECT_SYM(kvmalloc_node_noprof) + #define kmalloc_trace_noprof WC_LKM_INDIRECT_SYM(kmalloc_trace_noprof) + #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof) #else /* <6.10.0 */ - #define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc) - #define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc) + #define kmalloc WC_LKM_INDIRECT_SYM(kmalloc) + #define krealloc WC_LKM_INDIRECT_SYM(krealloc) #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO) #ifdef HAVE_KVMALLOC - #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node) + #define kvmalloc_node WC_LKM_INDIRECT_SYM(kvmalloc_node) #endif #ifdef HAVE_KVREALLOC - #define kvrealloc (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc) + #define kvrealloc WC_LKM_INDIRECT_SYM(kvrealloc) #endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) || \ (defined(RHEL_MAJOR) && \ ((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5)))) - #define kmalloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace) + #define kmalloc_trace WC_LKM_INDIRECT_SYM(kmalloc_trace) #else - #define kmem_cache_alloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmem_cache_alloc_trace) - #define kmalloc_order_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_order_trace) + #define kmem_cache_alloc_trace WC_LKM_INDIRECT_SYM(kmem_cache_alloc_trace) + #define kmalloc_order_trace WC_LKM_INDIRECT_SYM(kmalloc_order_trace) #endif #endif /* <6.10.0 */ - #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree) + #define kfree WC_LKM_INDIRECT_SYM(kfree) #ifdef HAVE_KVMALLOC - #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree) + #define kvfree WC_LKM_INDIRECT_SYM(kvfree) #endif - #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize) + #define ksize WC_LKM_INDIRECT_SYM(ksize) - #define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes) + #define get_random_bytes WC_LKM_INDIRECT_SYM(get_random_bytes) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #define getnstimeofday (wolfssl_linuxkm_get_pie_redirect_table()->getnstimeofday) + #define getnstimeofday WC_LKM_INDIRECT_SYM(getnstimeofday) #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) - #define current_kernel_time64 (wolfssl_linuxkm_get_pie_redirect_table()->current_kernel_time64) + #define current_kernel_time64 WC_LKM_INDIRECT_SYM(current_kernel_time64) #else - #define ktime_get_coarse_real_ts64 (wolfssl_linuxkm_get_pie_redirect_table()->ktime_get_coarse_real_ts64) + #define ktime_get_coarse_real_ts64 WC_LKM_INDIRECT_SYM(ktime_get_coarse_real_ts64) #endif #undef get_current - #define get_current (wolfssl_linuxkm_get_pie_redirect_table()->get_current) + #define get_current WC_LKM_INDIRECT_SYM(get_current) #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) - #define allocate_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->allocate_wolfcrypt_linuxkm_fpu_states) - #define can_save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->can_save_vector_registers_x86) - #define free_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->free_wolfcrypt_linuxkm_fpu_states) - #define restore_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->restore_vector_registers_x86) - #define save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->save_vector_registers_x86) + #define allocate_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(allocate_wolfcrypt_linuxkm_fpu_states) + #define can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(can_save_vector_registers_x86) + #define free_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(free_wolfcrypt_linuxkm_fpu_states) + #define restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(restore_vector_registers_x86) + #define save_vector_registers_x86 WC_LKM_INDIRECT_SYM(save_vector_registers_x86) #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ - #define __mutex_init (wolfssl_linuxkm_get_pie_redirect_table()->__mutex_init) + #define __mutex_init WC_LKM_INDIRECT_SYM(__mutex_init) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #define mutex_lock_nested (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock_nested) + #define mutex_lock_nested WC_LKM_INDIRECT_SYM(mutex_lock_nested) #else - #define mutex_lock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock) + #define mutex_lock WC_LKM_INDIRECT_SYM(mutex_lock) #endif - #define mutex_unlock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_unlock) + #define mutex_unlock WC_LKM_INDIRECT_SYM(mutex_unlock) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #define mutex_destroy (wolfssl_linuxkm_get_pie_redirect_table()->mutex_destroy) + #define mutex_destroy WC_LKM_INDIRECT_SYM(mutex_destroy) #endif /* per linux/ctype.h, tolower() and toupper() are macros bound to static inlines @@ -1009,45 +1018,45 @@ #define toupper(c) (isupper(c) ? (c) : ((c) - ('a'-'A'))) #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) - #define GetCA (wolfssl_linuxkm_get_pie_redirect_table()->GetCA) + #define GetCA WC_LKM_INDIRECT_SYM(GetCA) #ifndef NO_SKID - #define GetCAByName (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByName) + #define GetCAByName WC_LKM_INDIRECT_SYM(GetCAByName) #ifdef HAVE_OCSP - #define GetCAByKeyHash (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByKeyHash) + #define GetCAByKeyHash WC_LKM_INDIRECT_SYM(GetCAByKeyHash) #endif /* HAVE_OCSP */ #endif /* NO_SKID */ #ifdef WOLFSSL_AKID_NAME - #define GetCAByAKID (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByAKID) + #define GetCAByAKID WC_LKM_INDIRECT_SYM(GetCAByAKID) #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - #define wolfSSL_X509_NAME_add_entry_by_NID (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_add_entry_by_NID) - #define wolfSSL_X509_NAME_free (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_free) - #define wolfSSL_X509_NAME_new_ex (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_new_ex) + #define wolfSSL_X509_NAME_add_entry_by_NID WC_LKM_INDIRECT_SYM(wolfSSL_X509_NAME_add_entry_by_NID) + #define wolfSSL_X509_NAME_free WC_LKM_INDIRECT_SYM(wolfSSL_X509_NAME_free) + #define wolfSSL_X509_NAME_new_ex WC_LKM_INDIRECT_SYM(wolfSSL_X509_NAME_new_ex) #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES - #define dump_stack (wolfssl_linuxkm_get_pie_redirect_table()->dump_stack) + #define dump_stack WC_LKM_INDIRECT_SYM(dump_stack) #endif #undef preempt_count /* just in case -- not a macro on x86. */ - #define preempt_count (wolfssl_linuxkm_get_pie_redirect_table()->preempt_count) + #define preempt_count WC_LKM_INDIRECT_SYM(preempt_count) #ifndef WOLFSSL_LINUXKM_USE_MUTEXES #ifndef _raw_spin_lock_irqsave - #define _raw_spin_lock_irqsave (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_lock_irqsave) + #define _raw_spin_lock_irqsave WC_LKM_INDIRECT_SYM(_raw_spin_lock_irqsave) #endif #ifndef _raw_spin_trylock - #define _raw_spin_trylock (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_trylock) + #define _raw_spin_trylock WC_LKM_INDIRECT_SYM(_raw_spin_trylock) #endif #ifndef _raw_spin_unlock_irqrestore - #define _raw_spin_unlock_irqrestore (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_unlock_irqrestore) + #define _raw_spin_unlock_irqrestore WC_LKM_INDIRECT_SYM(_raw_spin_unlock_irqrestore) #endif #endif - #define _cond_resched (wolfssl_linuxkm_get_pie_redirect_table()->_cond_resched) + #define _cond_resched WC_LKM_INDIRECT_SYM(_cond_resched) /* this is defined in linux/spinlock.h as an inline that calls the unshimmed * raw_spin_unlock_irqrestore(). use a macro here to supersede it. @@ -1190,7 +1199,7 @@ */ static __always_inline int wc_LockMutex(wolfSSL_Mutex *m) { - return (wolfssl_linuxkm_get_pie_redirect_table()->wc_lkm_LockMutex)(m); + return WC_LKM_INDIRECT_SYM(wc_lkm_LockMutex)(m); } #else /* !__PIE__ */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 3c63d2662..f1d2ee364 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -4628,13 +4628,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr, __le32 *updptr, int nr_inst) { - return (wolfssl_linuxkm_get_pie_redirect_table()-> - alt_cb_patch_nops)(alt, origptr, updptr, nr_inst); + return WC_LKM_INDIRECT_SYM(alt_cb_patch_nops) + (alt, origptr, updptr, nr_inst); } void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val) { - return (wolfssl_linuxkm_get_pie_redirect_table()-> - queued_spin_lock_slowpath)(lock, val); + return WC_LKM_INDIRECT_SYM(queued_spin_lock_slowpath) + (lock, val); } #endif From 525f1cc39e0b683173367578bcce970bff280ee5 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 08:19:01 -0400 Subject: [PATCH 037/346] Update style per code review comments --- doc/dox_comments/header_files/pkcs7.h | 15 +++++++++------ wolfcrypt/src/pkcs7.c | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index 577ae7c11..5884b97f7 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -3,13 +3,16 @@ \brief Callback used for a custom AES key wrap/unwrap operation. - key/keySz specify the key to use. - in/inSz specify the input data to wrap/unwrap. - out/outSz specify the output buffer. + \return The size of the wrapped/unwrapped key written to the output buffer + should be returned on success. A 0 return value or error code (< 0) + indicates a failure. - The size of the wrapped/unwrapped key written to the output buffer should - be returned on success. A 0 return value or error code (< 0) indicates a - failure. + \param[in] key Specify the key to use. + \param[in] keySz Size of the key to use. + \param[in] in Specify the input data to wrap/unwrap. + \param[in] inSz Size of the input data. + \param[out] out Specify the output buffer. + \param[out] outSz Size of the output buffer. */ typedef int (*CallbackAESKeyWrap)(const byte* key, word32 keySz, const byte* in, word32 inSz, byte* out, word32 outSz); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index dfad85fb3..7a910c833 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6816,7 +6816,7 @@ static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len) /* wrap CEK (content encryption key) with KEK, returns output size (> 0) on * success, < 0 on error */ -static int wc_PKCS7_KeyWrap(wc_PKCS7 const * pkcs7, byte const * cek, +static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, byte const * cek, word32 cekSz, byte const * kek, word32 kekSz, byte * out, word32 outSz, int keyWrapAlgo, int direction) { From e03fc6858b09abb1b017f15bbd53aa70b5221e49 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 08:24:22 -0400 Subject: [PATCH 038/346] Update Doxygen comment style per code review comments --- doc/dox_comments/header_files/pkcs7.h | 62 +++++++++++++-------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index 801f96627..60b2cc698 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -718,6 +718,14 @@ int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, \brief This function provides access to a SymmetricKeyPackage attribute. + \return 0 The requested attribute has been successfully located. + attr and attrSz output variables are populated with the address and size of + the attribute. The attribute will be in the same buffer passed in via the + skp input pointer. + \return BAD_FUNC_ARG One of the input parameters is invalid. + \return ASN_PARSE_E An error was encountered parsing the input object. + \return BAD_INDEX_E The requested attribute index was invalid. + \param[in] skp Input buffer containing the SymmetricKeyPackage object. \param[in] skpSz Size of the SymmetricKeyPackage object. \param[in] index Index of the attribute to access. @@ -725,14 +733,6 @@ int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, attribute object. \param[out] attrSz Buffer in which to store the size of the requested attribute object. - - \retval 0 The requested attribute has been successfully located. - attr and attrSz output variables are populated with the address and size of - the attribute. The attribute will be in the same buffer passed in via the - skp input pointer. - \retval BAD_FUNC_ARG One of the input parameters is invalid. - \retval ASN_PARSE_E An error was encountered parsing the input object. - \retval BAD_INDEX_E The requested attribute index was invalid. */ int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, word32 skpSz, size_t index, byte const ** attr, word32 * attrSz); @@ -742,6 +742,14 @@ int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, \brief This function provides access to a SymmetricKeyPackage key. + \return 0 The requested key has been successfully located. + key and keySz output variables are populated with the address and size of + the key. The key will be in the same buffer passed in via the + skp input pointer. + \return BAD_FUNC_ARG One of the input parameters is invalid. + \return ASN_PARSE_E An error was encountered parsing the input object. + \return BAD_INDEX_E The requested key index was invalid. + \param[in] skp Input buffer containing the SymmetricKeyPackage object. \param[in] skpSz Size of the SymmetricKeyPackage object. \param[in] index Index of the key to access. @@ -749,14 +757,6 @@ int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, key object. \param[out] keySz Buffer in which to store the size of the requested key object. - - \retval 0 The requested key has been successfully located. - key and keySz output variables are populated with the address and size of - the key. The key will be in the same buffer passed in via the - skp input pointer. - \retval BAD_FUNC_ARG One of the input parameters is invalid. - \retval ASN_PARSE_E An error was encountered parsing the input object. - \retval BAD_INDEX_E The requested key index was invalid. */ int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, word32 skpSz, size_t index, byte const ** key, word32 * keySz); @@ -766,6 +766,14 @@ int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, \brief This function provides access to a OneSymmetricKey attribute. + \return 0 The requested attribute has been successfully located. + attr and attrSz output variables are populated with the address and size of + the attribute. The attribute will be in the same buffer passed in via the + osk input pointer. + \return BAD_FUNC_ARG One of the input parameters is invalid. + \return ASN_PARSE_E An error was encountered parsing the input object. + \return BAD_INDEX_E The requested attribute index was invalid. + \param[in] osk Input buffer containing the OneSymmetricKey object. \param[in] oskSz Size of the OneSymmetricKey object. \param[in] index Index of the attribute to access. @@ -773,14 +781,6 @@ int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, attribute object. \param[out] attrSz Buffer in which to store the size of the requested attribute object. - - \retval 0 The requested attribute has been successfully located. - attr and attrSz output variables are populated with the address and size of - the attribute. The attribute will be in the same buffer passed in via the - osk input pointer. - \retval BAD_FUNC_ARG One of the input parameters is invalid. - \retval ASN_PARSE_E An error was encountered parsing the input object. - \retval BAD_INDEX_E The requested attribute index was invalid. */ int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, word32 oskSz, size_t index, byte const ** attr, word32 * attrSz); @@ -790,19 +790,19 @@ int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, \brief This function provides access to a OneSymmetricKey key. + \return 0 The requested key has been successfully located. + key and keySz output variables are populated with the address and size of + the key. The key will be in the same buffer passed in via the + osk input pointer. + \return BAD_FUNC_ARG One of the input parameters is invalid. + \return ASN_PARSE_E An error was encountered parsing the input object. + \param[in] osk Input buffer containing the OneSymmetricKey object. \param[in] oskSz Size of the OneSymmetricKey object. \param[out] key Buffer in which to store the pointer to the requested key object. \param[out] keySz Buffer in which to store the size of the requested key object. - - \retval 0 The requested key has been successfully located. - key and keySz output variables are populated with the address and size of - the key. The key will be in the same buffer passed in via the - osk input pointer. - \retval BAD_FUNC_ARG One of the input parameters is invalid. - \retval ASN_PARSE_E An error was encountered parsing the input object. */ int wc_PKCS7_DecodeOneSymmetricKeyKey(byte const * osk, word32 oskSz, byte const ** key, word32 * keySz); From aa986a2b241a8670c610af5188520532e96f933e Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 08:27:00 -0400 Subject: [PATCH 039/346] Update doxygen comment style per code review comments --- wolfcrypt/src/asn.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c5767aca5..1e9d3369e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2581,10 +2581,10 @@ int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, * @param[out] outSz Buffer in which to store the length of the th * element of the SEQUENCE OF object. * - * @retval 0 on success. - * @retval BUFFER_E when there is not enough data to parse. - * @retval BAD_INDEX_E when the given seqIndex is out of range. - * @retval ASN_PARSE_E when the seqOf is not in the expected format. + * @return 0 on success. + * @return BUFFER_E when there is not enough data to parse. + * @return BAD_INDEX_E when the given seqIndex is out of range. + * @return ASN_PARSE_E when the seqOf is not in the expected format. */ int IndexSequenceOf(byte const * seqOf, word32 seqOfSz, size_t seqIndex, byte const ** out, word32 * outSz) From dc345553dfc21a440a88adb702d53011615b3db1 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Mon, 14 Jul 2025 17:07:58 -0600 Subject: [PATCH 040/346] wrap res assignment in else statement --- wolfcrypt/src/memory.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 17663b3e0..5df4d15fc 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -1376,7 +1376,9 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) WOLFSSL_MSG("Error IO memory was not large enough"); res = NULL; /* return NULL in error case */ } - res = pt->buffer; + else { + res = pt->buffer; + } } else #endif From 42b80878d9d8f8de44af2fcac88396d3f755b690 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 15 Jul 2025 08:50:10 -0600 Subject: [PATCH 041/346] str_len check includes any value less than 0 --- src/ssl_asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index f2ffbc6f3..fe5e67c46 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -3549,7 +3549,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, } } - if ((!err) && (str_len != -1)) { + if ((!err) && (str_len >= 0)) { /* Include any characters written for type. */ str_len += type_len; } From 828b9b7024b9292175293303165d01f5d1b0b510 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 15 Jul 2025 13:12:30 -0600 Subject: [PATCH 042/346] remove mac_alg check, mac_alg is always no_mac on subsequent iterations --- src/internal.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index c74bcf36f..b096f7f5e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -28814,10 +28814,6 @@ int SetSuitesHashSigAlgo(Suites* suites, const char* list) do { if (*list == '+') { - if (mac_alg != 0) { - ret = 0; - break; - } sig_alg = GetSigAlgFromName(s, (int)(list - s)); if (sig_alg == 0) { ret = 0; From 3759c6f1a1c6a47584f724f69ffc10333f990bcf Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 22 Jul 2025 09:21:26 -0600 Subject: [PATCH 043/346] fix changelog formatting --- ChangeLog.md | 3 ++- README | 3 ++- README.md | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 09728ee1e..093debee0 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -68,7 +68,8 @@ Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 * Implemented distro fix for the Linux Kernel Module. (PR #8994) * Fixed page-flags-h in the Linux Kernel Module. (PR #9001) * Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) -* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms + +### Post-Quantum Cryptography (PQC) & Asymmetric Algorithms * Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) * Backward compatibility has been implemented for ML_KEM IDs (PR #8827) * ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) diff --git a/README b/README index a8e5f76eb..642fcef62 100644 --- a/README +++ b/README @@ -140,7 +140,8 @@ Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 * Implemented distro fix for the Linux Kernel Module. (PR #8994) * Fixed page-flags-h in the Linux Kernel Module. (PR #9001) * Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) -* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms + +### Post-Quantum Cryptography (PQC) & Asymmetric Algorithms * Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) * Backward compatibility has been implemented for ML_KEM IDs (PR #8827) * ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) diff --git a/README.md b/README.md index c3809fd76..051901292 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,8 @@ Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 * Implemented distro fix for the Linux Kernel Module. (PR #8994) * Fixed page-flags-h in the Linux Kernel Module. (PR #9001) * Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) -* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms + +### Post-Quantum Cryptography (PQC) & Asymmetric Algorithms * Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) * Backward compatibility has been implemented for ML_KEM IDs (PR #8827) * ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) From 22b01bcda96b367512a31b08254e0908bc2dd962 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Tue, 22 Jul 2025 10:05:36 -0600 Subject: [PATCH 044/346] Remove unnecessary memset --- src/internal.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index e9ea3f3cf..e5d0071b8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12958,9 +12958,6 @@ static int MatchIPv6(const char* pattern, int patternLen, if ((word32)patternLen >= sizeof(patBuf) || strLen >= sizeof(strBuf)) return 0; - XMEMSET(patBuf, 0, WOLFSSL_MAX_IPSTR); - XMEMSET(strBuf, 0, WOLFSSL_MAX_IPSTR); - /* Make sure strings are null-terminated and safely copied */ XMEMCPY(patBuf, pattern, patternLen); patBuf[patternLen] = '\0'; From 01fd36b8409b8ecdd965ca98bd1fdf97e7362e84 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 16 Jul 2025 11:11:14 -0600 Subject: [PATCH 045/346] set a->length to 0 if old data is not kept --- src/ssl_asn1.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index fe5e67c46..f60d45036 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -1043,7 +1043,6 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, int ret = 1; byte* data; byte* oldData = a->intData; - int oldLen = a->length; if (a->isDynamic && (len > (int)a->dataMax)) { oldData = a->data; @@ -1051,7 +1050,6 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, a->data = a->intData; a->dataMax = (unsigned int)sizeof(a->intData); } - a->length = 0; if ((!a->isDynamic) && (len > (int)a->dataMax)) { /* Create a new buffer to hold large integer value. */ data = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL); @@ -1068,10 +1066,10 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, if (keepOldData) { if (oldData != a->data) { /* Copy old data into new buffer. */ - XMEMCPY(a->data, oldData, (size_t)oldLen); + XMEMCPY(a->data, oldData, (size_t)a->length); } - /* Restore old length. */ - a->length = oldLen; + } else { + a->length = 0; } if (oldData != a->intData) { /* Dispose of the old dynamic data. */ From 29288640ab9b1cdbb24032142c40b0f8b5f6d0ad Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 22 Jul 2025 10:48:06 -0600 Subject: [PATCH 046/346] add additional check so dead code can be reached --- wolfcrypt/src/ed448.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c index be8582f57..59b411005 100644 --- a/wolfcrypt/src/ed448.c +++ b/wolfcrypt/src/ed448.c @@ -1017,7 +1017,9 @@ int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key, ret = BAD_FUNC_ARG; } - if ((inLen != ED448_PUB_KEY_SIZE) && (inLen != ED448_PUB_KEY_SIZE + 1)) { + if ((inLen != ED448_PUB_KEY_SIZE) && + (inLen != ED448_PUB_KEY_SIZE + 1) && + (inLen != 2 * ED448_PUB_KEY_SIZE + 1)) { ret = BAD_FUNC_ARG; } From 97c2e9f973087ef2c3d8e6c48d56552c47b1460a Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 22 Jul 2025 11:34:47 -0700 Subject: [PATCH 047/346] Add wolfSSL_GetAllocators PSRAM support for Espressif ESP32 --- wolfcrypt/src/port/Espressif/esp32_sha.c | 7 +- .../src/port/Espressif/esp_sdk_mem_lib.c | 107 +++++++++++++++++- .../wolfcrypt/port/Espressif/esp-sdk-lib.h | 15 +++ wolfssl/wolfcrypt/settings.h | 48 ++++++-- 4 files changed, 159 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index 6722a9308..474a0c571 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -1311,7 +1311,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) } } -#ifdef ESP_MONITOR_HW_TASK_LOCK +#if defined(ESP_MONITOR_HW_TASK_LOCK) || \ + (defined(WOLFSSL_DEBUG_MUTEX) && WOLFSSL_DEBUG_MUTEX) /* Nothing happening here other than messages based on mutex states */ if (mutex_ctx_task == 0 || mutex_ctx_owner == 0) { /* no known stray mutex task owner */ @@ -1347,13 +1348,15 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) } /* mutex owner ESP32_SHA_FREED check */ } /* mutex_ctx_task is current task */ else { +#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task."); ESP_LOGW(TAG, "Locking task: 0x%x", (word32)mutex_ctx_task); ESP_LOGW(TAG, "This xTaskGetCurrentTaskHandle: 0x%x", (word32)xTaskGetCurrentTaskHandle()); +#endif } } -#endif /* ESP_MONITOR_HW_TASK_LOCK */ +#endif /* ESP_MONITOR_HW_TASK_LOCK || WOLFSSL_DEBUG_MUTEX */ /* check if this SHA has been operated as SW or HW, or not yet init */ if (ctx->mode == ESP32_SHA_INIT) { diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index d1e51a5f0..727a12f89 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -189,7 +189,8 @@ int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) } /* Show all known linker memory segment names, starting & ending addresses. */ -int sdk_init_meminfo(void) { +int sdk_init_meminfo(void) +{ void* sample_heap_var; int sample_stack_var = 0; @@ -241,7 +242,8 @@ int sdk_init_meminfo(void) { } /* Returns ESP_OK if found in known memory map, ESP_FAIL otherwise */ -esp_err_t sdk_var_whereis(const char* v_name, void* v) { +esp_err_t sdk_var_whereis(const char* v_name, void* v) +{ esp_err_t ret = ESP_FAIL; for (enum sdk_memory_segment m = 0 ;m < SDK_MEMORY_SEGMENT_COUNT; m++) { @@ -289,15 +291,110 @@ esp_err_t esp_sdk_mem_lib_init(void) return ret; } +#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL) void* wc_debug_pvPortMalloc(size_t size, - const char* file, int line, const char* fname) { + const char* file, int line, const char* fname) +#else +void* wc_pvPortMalloc(size_t size) +#endif +{ void* ret = NULL; - ret = pvPortMalloc(size); + wolfSSL_Malloc_cb mc; + wolfSSL_Free_cb fc; + wolfSSL_Realloc_cb rc; + wolfSSL_GetAllocators(&mc, &fc, &rc); + + if (mc == NULL) { + ret = pvPortMalloc(size); + } + else { +#if defined(USE_WOLFSSL_MEMORY) && !defined(NO_WOLFSSL_MEMORY) + ret = mc(size); +#else + ret = pvPortMalloc(size); +#endif + } + +#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL) if (ret == NULL) { ESP_LOGE("malloc", "%s:%d (%s)", file, line, fname); ESP_LOGE("malloc", "Failed Allocating memory of size: %d bytes", size); } +#endif return ret; -} +} /* wc_debug_pvPortMalloc */ + +#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL) +void wc_debug_pvPortFree(void *ptr, + const char* file, int line, const char* fname) +#else +void wc_pvPortFree(void *ptr) +#endif +{ + wolfSSL_Malloc_cb mc; + wolfSSL_Free_cb fc; + wolfSSL_Realloc_cb rc; + if (ptr == NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + /* It's ok to free a null pointer, and that happens quite frequently */ +#endif + } + else { + wolfSSL_GetAllocators(&mc, &fc, &rc); + + if (fc == NULL) { + vPortFree(ptr); + } + else { +#if defined(USE_WOLFSSL_MEMORY) && !defined(NO_WOLFSSL_MEMORY) + fc(ptr); +#else + vPortFree(ptr); +#endif + } + } +} /* wc_debug_pvPortFree */ + +#ifndef WOLFSSL_NO_REALLOC +/* see XREALLOC(p, n, h, t) */ +#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL) +void* wc_debug_pvPortRealloc(void* ptr, size_t size, + const char* file, int line, const char* fname) +#else +void* wc_pvPortRealloc(void* ptr, size_t size) +#endif +{ + void* ret = NULL; + wolfSSL_Malloc_cb mc; + wolfSSL_Free_cb fc; + wolfSSL_Realloc_cb rc; + wolfSSL_GetAllocators(&mc, &fc, &rc); + + if (mc == NULL) { + ret = realloc(ptr, size); + } + else { +#if defined(USE_WOLFSSL_MEMORY) && !defined(NO_WOLFSSL_MEMORY) + if (rc != NULL) { + ret = rc(ptr, size); /* (void *ptr, size_t size) */ + } + else { + ret = realloc(ptr, size); + } +#else + ret = realloc(ptr, size); +#endif + } + +#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL) + if (ret == NULL) { + ESP_LOGE("realloc", "%s:%d (%s)", file, line, fname); + ESP_LOGE("realloc", "Failed Re-allocating memory of size: %d bytes", + size); + } +#endif + return ret; +} /* wc_debug_pvPortRealloc */ +#endif /* WOLFSSL_NO_REALLOC */ #endif diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h index 829e9b168..977a95902 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -212,8 +212,23 @@ WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void); * Debug helpers ******************************************************************************/ WOLFSSL_LOCAL esp_err_t sdk_init_meminfo(void); + +#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL) WOLFSSL_LOCAL void* wc_debug_pvPortMalloc(size_t size, const char* file, int line, const char* fname); +WOLFSSL_LOCAL void wc_debug_pvPortFree(void *ptr, + const char* file, int line, const char* fname); +#ifndef WOLFSSL_NO_REALLOC +WOLFSSL_LOCAL void* wc_debug_pvPortRealloc(void* ptr, size_t size, + const char* file, int line, const char* fname); +#endif +#else +WOLFSSL_LOCAL void* wc_pvPortMalloc(size_t size); +WOLFSSL_LOCAL void wc_pvPortFree(void *ptr); +#ifndef WOLFSSL_NO_REALLOC +WOLFSSL_LOCAL void* wc_pvPortRealloc(void* ptr, size_t size); +#endif +#endif /*DEBUG_WOLFSSL_MALLOC || DEBUG_WOLFSSL */ #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index fc08d66e2..c1d386b12 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1497,27 +1497,53 @@ extern void uITRON4_free(void *p) ; #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY) - /* XMALLOC */ - #if defined(WOLFSSL_ESPIDF) && \ - (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC)) + #if defined(WOLFSSL_ESPIDF) #include - #define XMALLOC(s, h, type) \ - ((void)(h), (void)(type), wc_debug_pvPortMalloc( \ - (s), (__FILE__), (__LINE__), (__FUNCTION__) )) + #endif + + /* XMALLOC */ + #if defined(WOLFSSL_ESPIDF) + #if (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC)) + #define XMALLOC(s, h, type) \ + ((void)(h), (void)(type), wc_debug_pvPortMalloc( \ + (s), (__FILE__), (__LINE__), (__FUNCTION__) )) + #else + #define XMALLOC(s, h, type) \ + ((void)(h), (void)(type), wc_pvPortMalloc((s))) /* native heap */ + #endif #else #define XMALLOC(s, h, type) \ ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */ #endif /* XFREE */ - #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) /* native heap */ + #if defined(WOLFSSL_ESPIDF) + #if (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC)) + #define XFREE(p, h, type) \ + ((void)(h), (void)(type), wc_debug_pvPortFree( \ + (p), (__FILE__), (__LINE__), (__FUNCTION__) )) + #else + #define XFREE(p, h, type) \ + ((void)(h), (void)(type), wc_pvPortFree((p))) + #endif + #else + #define XFREE(p, h, type) \ + ((void)(h), (void)(type), vPortFree((p))) /* native heap */ + #endif /* XREALLOC */ #if defined(WOLFSSL_ESPIDF) - /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to - * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) - * There's no pvPortRealloc available: */ - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */ + #if (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC)) + #define XREALLOC(p, n, h, t) \ + ((void)(h), (void)(t), wc_debug_pvPortRealloc( \ + (p), (n),(__FILE__), (__LINE__), (__FUNCTION__) )) + #else + /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to + * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) + * There's no pvPortRealloc available, use native heap: */ + #define XREALLOC(p, n, h, t) \ + ((void)(h), (void)(t), wc_pvPortRealloc((p), (n))) + #endif #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_ALL) /* FreeRTOS pvPortRealloc() implementation can be found here: From 77bace5010ba3fd1a28b42a7131dc28d90b08dcb Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 14:47:22 -0400 Subject: [PATCH 048/346] Update style per code review comments --- doc/dox_comments/header_files/pkcs7.h | 16 +++++++-------- tests/api/test_asn.c | 8 ++++---- wolfcrypt/src/pkcs7.c | 29 +++++++++++++++------------ wolfssl/wolfcrypt/pkcs7.h | 16 +++++++-------- 4 files changed, 36 insertions(+), 33 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index 60b2cc698..3923aec68 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -734,8 +734,8 @@ int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, \param[out] attrSz Buffer in which to store the size of the requested attribute object. */ -int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, - word32 skpSz, size_t index, byte const ** attr, word32 * attrSz); +int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp, + word32 skpSz, size_t index, const byte ** attr, word32 * attrSz); /*! \ingroup PKCS7 @@ -758,8 +758,8 @@ int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, \param[out] keySz Buffer in which to store the size of the requested key object. */ -int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, - word32 skpSz, size_t index, byte const ** key, word32 * keySz); +int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp, + word32 skpSz, size_t index, const byte ** key, word32 * keySz); /*! \ingroup PKCS7 @@ -782,8 +782,8 @@ int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, \param[out] attrSz Buffer in which to store the size of the requested attribute object. */ -int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, - word32 oskSz, size_t index, byte const ** attr, word32 * attrSz); +int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk, + word32 oskSz, size_t index, const byte ** attr, word32 * attrSz); /*! \ingroup PKCS7 @@ -804,5 +804,5 @@ int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, \param[out] keySz Buffer in which to store the size of the requested key object. */ -int wc_PKCS7_DecodeOneSymmetricKeyKey(byte const * osk, - word32 oskSz, byte const ** key, word32 * keySz); +int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk, + word32 oskSz, const byte ** key, word32 * keySz); diff --git a/tests/api/test_asn.c b/tests/api/test_asn.c index 2c36989c0..520150a8f 100644 --- a/tests/api/test_asn.c +++ b/tests/api/test_asn.c @@ -184,20 +184,20 @@ int test_IndexSequenceOf(void) EXPECT_DECLS; #ifndef NO_ASN - static const byte int_seq[] = { + const byte int_seq[] = { 0x30, 0x0A, 0x02, 0x01, 0x0A, 0x02, 0x02, 0x00, 0xF0, 0x02, 0x01, 0x7F, }; - static const byte bad_seq[] = { + const byte bad_seq[] = { 0xA0, 0x01, 0x01, }; - static const byte empty_seq[] = { + const byte empty_seq[] = { 0x30, 0x00, }; - byte const * element; + const byte * element; word32 elementSz; ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 0U, &element, &elementSz), 0); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 16f9b7927..6866ac152 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -15305,8 +15305,8 @@ int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ -static int wc_PKCS7_DecodeSymmetricKeyPackage(byte const * skp, word32 skpSz, - size_t index, byte const ** out, word32 * outSz, int getKey) +static int wc_PKCS7_DecodeSymmetricKeyPackage(const byte * skp, word32 skpSz, + size_t index, const byte ** out, word32 * outSz, int getKey) { word32 skpIndex = 0; int length = 0; @@ -15335,7 +15335,8 @@ static int wc_PKCS7_DecodeSymmetricKeyPackage(byte const * skp, word32 skpSz, } else { /* sKeyPkgAttrs is present at &skp[skpIndex], length in length */ - return IndexSequenceOf(&skp[skpIndex], (word32)length, index, out, outSz); + return IndexSequenceOf(&skp[skpIndex], (word32)length, index, out, + outSz); } } @@ -15348,20 +15349,21 @@ static int wc_PKCS7_DecodeSymmetricKeyPackage(byte const * skp, word32 skpSz, return IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index, out, outSz); } -int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, - word32 skpSz, size_t index, byte const ** attr, word32 * attrSz) +int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp, + word32 skpSz, size_t index, const byte ** attr, word32 * attrSz) { - return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, attr, attrSz, 0); + return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, attr, attrSz, + 0); } -int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, - word32 skpSz, size_t index, byte const ** key, word32 * keySz) +int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp, + word32 skpSz, size_t index, const byte ** key, word32 * keySz) { return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, key, keySz, 1); } -int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, - word32 oskSz, size_t index, byte const ** attr, word32 * attrSz) +int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk, + word32 oskSz, size_t index, const byte ** attr, word32 * attrSz) { word32 oskIndex = 0; word32 tmpIndex; @@ -15382,11 +15384,12 @@ int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, } /* Index the sKeyAttrs SEQUENCE OF object with the given index. */ - return IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr, attrSz); + return IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr, + attrSz); } -int wc_PKCS7_DecodeOneSymmetricKeyKey(byte const * osk, - word32 oskSz, byte const ** key, word32 * keySz) +int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk, + word32 oskSz, const byte ** key, word32 * keySz) { word32 oskIndex = 0; int length = 0; diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 8a8eed11f..617ff5177 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -552,14 +552,14 @@ WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 outputSz); #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ -WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(byte const * skp, - word32 skpSz, size_t index, byte const ** attr, word32 * attrSz); -WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageKey(byte const * skp, - word32 skpSz, size_t index, byte const ** key, word32 * keySz); -WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyAttribute(byte const * osk, - word32 oskSz, size_t index, byte const ** attr, word32 * attrSz); -WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyKey(byte const * osk, - word32 oskSz, byte const ** key, word32 * keySz); +WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp, + word32 skpSz, size_t index, const byte ** attr, word32 * attrSz); +WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp, + word32 skpSz, size_t index, const byte ** key, word32 * keySz); +WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk, + word32 oskSz, size_t index, const byte ** attr, word32 * attrSz); +WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk, + word32 oskSz, const byte ** key, word32 * keySz); #ifdef __cplusplus } /* extern "C" */ From 15c8730ef7ababf2237f378499e13f2e8ecd84f3 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 14:50:42 -0400 Subject: [PATCH 049/346] Use wc_ prefix for IndexSequenceOf() --- tests/api/test_asn.c | 14 +++++++------- tests/api/test_asn.h | 4 ++-- wolfcrypt/src/asn.c | 2 +- wolfcrypt/src/pkcs7.c | 9 +++++---- wolfssl/wolfcrypt/asn.h | 2 +- 5 files changed, 16 insertions(+), 15 deletions(-) diff --git a/tests/api/test_asn.c b/tests/api/test_asn.c index 520150a8f..9bc236e19 100644 --- a/tests/api/test_asn.c +++ b/tests/api/test_asn.c @@ -179,7 +179,7 @@ int test_SetShortInt(void) } -int test_IndexSequenceOf(void) +int test_wc_IndexSequenceOf(void) { EXPECT_DECLS; @@ -200,23 +200,23 @@ int test_IndexSequenceOf(void) const byte * element; word32 elementSz; - ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 0U, &element, &elementSz), 0); + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 0U, &element, &elementSz), 0); ExpectPtrEq(element, &int_seq[2]); ExpectIntEQ(elementSz, 3); - ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 1U, &element, &elementSz), 0); + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 1U, &element, &elementSz), 0); ExpectPtrEq(element, &int_seq[5]); ExpectIntEQ(elementSz, 4); - ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 2U, &element, &elementSz), 0); + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 2U, &element, &elementSz), 0); ExpectPtrEq(element, &int_seq[9]); ExpectIntEQ(elementSz, 3); - ExpectIntEQ(IndexSequenceOf(int_seq, sizeof(int_seq), 3U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 3U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); - ExpectIntEQ(IndexSequenceOf(bad_seq, sizeof(bad_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(ASN_PARSE_E)); + ExpectIntEQ(wc_IndexSequenceOf(bad_seq, sizeof(bad_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(ASN_PARSE_E)); - ExpectIntEQ(IndexSequenceOf(empty_seq, sizeof(empty_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); + ExpectIntEQ(wc_IndexSequenceOf(empty_seq, sizeof(empty_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); #endif return EXPECT_RESULT(); diff --git a/tests/api/test_asn.h b/tests/api/test_asn.h index b73da7bb2..aeea0f735 100644 --- a/tests/api/test_asn.h +++ b/tests/api/test_asn.h @@ -25,10 +25,10 @@ #include int test_SetShortInt(void); -int test_IndexSequenceOf(void); +int test_wc_IndexSequenceOf(void); #define TEST_ASN_DECLS \ TEST_DECL_GROUP("asn", test_SetShortInt), \ - TEST_DECL_GROUP("asn", test_IndexSequenceOf) + TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf) #endif /* WOLFCRYPT_TEST_ASN_H */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1e9d3369e..000c8923a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2586,7 +2586,7 @@ int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, * @return BAD_INDEX_E when the given seqIndex is out of range. * @return ASN_PARSE_E when the seqOf is not in the expected format. */ -int IndexSequenceOf(byte const * seqOf, word32 seqOfSz, size_t seqIndex, +int wc_IndexSequenceOf(byte const * seqOf, word32 seqOfSz, size_t seqIndex, byte const ** out, word32 * outSz) { int length; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 6866ac152..ad5918597 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -15335,8 +15335,8 @@ static int wc_PKCS7_DecodeSymmetricKeyPackage(const byte * skp, word32 skpSz, } else { /* sKeyPkgAttrs is present at &skp[skpIndex], length in length */ - return IndexSequenceOf(&skp[skpIndex], (word32)length, index, out, - outSz); + return wc_IndexSequenceOf(&skp[skpIndex], (word32)length, index, + out, outSz); } } @@ -15346,7 +15346,8 @@ static int wc_PKCS7_DecodeSymmetricKeyPackage(const byte * skp, word32 skpSz, } /* sKeys is present at &skp[skpIndex]. */ - return IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index, out, outSz); + return wc_IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index, + out, outSz); } int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp, @@ -15384,7 +15385,7 @@ int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk, } /* Index the sKeyAttrs SEQUENCE OF object with the given index. */ - return IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr, + return wc_IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr, attrSz); } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 79089227a..cb335e57a 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2219,7 +2219,7 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check); -WOLFSSL_TEST_VIS int IndexSequenceOf(byte const * seqOf, word32 seqOfSz, +WOLFSSL_TEST_VIS int wc_IndexSequenceOf(byte const * seqOf, word32 seqOfSz, size_t seqIndex, byte const ** out, word32 * outSz); WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); From 7bcb346dd7d5052f9fdb2a1be2c85b9b5e346daf Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 14:58:26 -0400 Subject: [PATCH 050/346] Remove early function returns per code review comments --- wolfcrypt/src/pkcs7.c | 73 +++++++++++++++++++++++++------------------ 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index ad5918597..5861656b0 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -15311,22 +15311,23 @@ static int wc_PKCS7_DecodeSymmetricKeyPackage(const byte * skp, word32 skpSz, word32 skpIndex = 0; int length = 0; int version = 0; + int ret = 0; if (skp == NULL || out == NULL || outSz == NULL) - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; /* Expect a SEQUENCE header to start the SymmetricKeyPackage object. */ - if (GetSequence(skp, &skpIndex, &length, skpSz) < 0) - return ASN_PARSE_E; + if (ret == 0 && GetSequence(skp, &skpIndex, &length, skpSz) < 0) + ret = ASN_PARSE_E; /* Expect version v1 */ - if (GetMyVersion(skp, &skpIndex, &version, skpSz) < 0) - return ASN_PARSE_E; + if (ret == 0 && GetMyVersion(skp, &skpIndex, &version, skpSz) < 0) + ret = ASN_PARSE_E; - if (version != 1) - return ASN_PARSE_E; + if (ret == 0 && version != 1) + ret = ASN_PARSE_E; - if (GetASNHeader(skp, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, + if (ret == 0 && GetASNHeader(skp, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &skpIndex, &length, skpSz) >= 0) { /* sKeyPkgAttrs [0] tag found so there are attributes present. */ if (getKey != 0) { @@ -15335,19 +15336,22 @@ static int wc_PKCS7_DecodeSymmetricKeyPackage(const byte * skp, word32 skpSz, } else { /* sKeyPkgAttrs is present at &skp[skpIndex], length in length */ - return wc_IndexSequenceOf(&skp[skpIndex], (word32)length, index, + ret = wc_IndexSequenceOf(&skp[skpIndex], (word32)length, index, out, outSz); } } - - if (getKey == 0) { + else if (ret == 0 && getKey == 0) { /* An attribute was requested, but none are present. */ - return BAD_INDEX_E; + ret = BAD_INDEX_E; } - /* sKeys is present at &skp[skpIndex]. */ - return wc_IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index, - out, outSz); + if (ret == 0 && getKey != 0) { + /* sKeys is present at &skp[skpIndex]. */ + ret = wc_IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index, + out, outSz); + } + + return ret; } int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp, @@ -15369,24 +15373,28 @@ int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk, word32 oskIndex = 0; word32 tmpIndex; int length = 0; + int ret = 0; if (osk == NULL || attr == NULL || attrSz == NULL) - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; /* Expect a SEQUENCE header to start the OneSymmetricKey object. */ - if (GetSequence(osk, &oskIndex, &length, oskSz) < 0) - return ASN_PARSE_E; + if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) < 0) + ret = ASN_PARSE_E; tmpIndex = oskIndex; - if (GetSequence(osk, &tmpIndex, &length, oskSz) < 0) { + if (ret == 0 && GetSequence(osk, &tmpIndex, &length, oskSz) < 0) { /* sKeyAttrs is not present. */ - return BAD_INDEX_E; + ret = BAD_INDEX_E; } /* Index the sKeyAttrs SEQUENCE OF object with the given index. */ - return wc_IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr, + if (ret == 0) + ret = wc_IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr, attrSz); + + return ret; } int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk, @@ -15394,25 +15402,30 @@ int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk, { word32 oskIndex = 0; int length = 0; + int ret = 0; if (osk == NULL || key == NULL || keySz == NULL) - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; /* Expect a SEQUENCE header to start the OneSymmetricKey object. */ - if (GetSequence(osk, &oskIndex, &length, oskSz) < 0) - return ASN_PARSE_E; + if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) < 0) + ret = ASN_PARSE_E; - if (GetSequence(osk, &oskIndex, &length, oskSz) >= 0) { + if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) >= 0) { /* sKeyAttrs is present. Skip it. */ oskIndex += (word32)length; } - if (GetASNHeader(osk, ASN_OCTET_STRING, &oskIndex, &length, oskSz) < 0) - return ASN_PARSE_E; + if (ret == 0 && GetASNHeader(osk, ASN_OCTET_STRING, &oskIndex, &length, + oskSz) < 0) + ret = ASN_PARSE_E; - *key = &osk[oskIndex]; - *keySz = (word32)length; - return 0; + if (ret == 0) { + *key = &osk[oskIndex]; + *keySz = (word32)length; + } + + return ret; } #else /* HAVE_PKCS7 */ From c26f6ded142ec03f62243a111d1db9aa3c2175e5 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Jul 2025 14:40:45 -0500 Subject: [PATCH 051/346] linuxkm/linuxkm_wc_port.h: use more flexible logic to define WC_LKM_INDIRECT_SYM(), allowing various overrides and orthogonalizing the definitions proper, and add explanatory comments. --- linuxkm/linuxkm_wc_port.h | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index c6bece99c..1d15bbedd 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -869,12 +869,32 @@ extern const struct wolfssl_linuxkm_pie_redirect_table *wolfssl_linuxkm_get_pie_redirect_table(void); extern struct wolfssl_linuxkm_pie_redirect_table wolfssl_linuxkm_pie_redirect_table; - #if defined(CONFIG_X86) - #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_pie_redirect_table.x) + + #if defined(WC_LKM_INDIRECT_SYM) + /* keep user-supplied override definition. */ + #elif defined(WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY) || \ + defined(WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ) + /* keep user-supplied override method. */ + #elif defined(CONFIG_X86) + #define WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ #elif defined(CONFIG_ARM64) - #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_get_pie_redirect_table()->x) + /* direct access to wolfssl_linuxkm_pie_redirect_table.x on aarch64 + * produces GOT relocations, e.g. R_AARCH64_LD64_GOT_LO12_NC. + */ + #define WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY #else + /* for other archs, by default use the safe way. */ + #define WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY + #endif + + #if defined(WC_LKM_INDIRECT_SYM) + /* keep user-supplied override definition. */ + #elif defined(WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY) #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_get_pie_redirect_table()->x) + #elif defined(WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ) + #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_pie_redirect_table.x) + #else + #error no WC_LKM_INDIRECT_SYM method defined. #endif #ifdef __PIE__ From 27f0ef8789c19198a14f4b2b450a2bfa663d8f26 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 16:34:37 -0400 Subject: [PATCH 052/346] Combine AES key wrap/unwrap callbacks --- doc/dox_comments/header_files/pkcs7.h | 30 +++++++-------------------- tests/api.c | 26 +++++++---------------- wolfcrypt/src/pkcs7.c | 27 +++++++----------------- wolfssl/wolfcrypt/pkcs7.h | 13 +++++------- 4 files changed, 28 insertions(+), 68 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index 5884b97f7..b2c344d9b 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -11,11 +11,12 @@ \param[in] keySz Size of the key to use. \param[in] in Specify the input data to wrap/unwrap. \param[in] inSz Size of the input data. + \param[in] wrap 1 if the requested operation is a key wrap, 0 for unwrap. \param[out] out Specify the output buffer. \param[out] outSz Size of the output buffer. */ -typedef int (*CallbackAESKeyWrap)(const byte* key, word32 keySz, - const byte* in, word32 inSz, byte* out, word32 outSz); +typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz, + const byte* in, word32 inSz, int wrap, byte* out, word32 outSz); /*! \ingroup PKCS7 @@ -500,33 +501,16 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, \ingroup PKCS7 \brief Set the callback function to be used to perform a custom AES key - wrap operation. + wrap/unwrap operation. \retval 0 Callback function was set successfully \retval BAD_FUNC_ARG Parameter pkcs7 is NULL \param pkcs7 pointer to the PKCS7 structure - \param aesKeyWrapCb pointer to custom AES key wrap function - - \sa wc_PKCS7_SetAESKeyUnwrapCb + \param aesKeyWrapCb pointer to custom AES key wrap/unwrap function */ -int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyWrapCb); - -/*! - \ingroup PKCS7 - - \brief Set the callback function to be used to perform a custom AES key - unwrap operation. - - \retval 0 Callback function was set successfully - \retval BAD_FUNC_ARG Parameter pkcs7 is NULL - - \param pkcs7 pointer to the PKCS7 structure - \param aesKeyUnwrapCb pointer to custom AES key unwrap function - - \sa wc_PKCS7_SetAESKeyWrapCb -*/ -int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyUnwrapCb); +int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, + CallbackAESKeyWrapUnwrap aesKeyWrapCb); /*! \ingroup PKCS7 diff --git a/tests/api.c b/tests/api.c index 2ce79d779..8b407acbd 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17999,25 +17999,16 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) static int wasAESKeyWrapCbCalled = 0; static int wasAESKeyUnwrapCbCalled = 0; -static int testAESKeyWrapCb(const byte* key, word32 keySz, - const byte* in, word32 inSz, byte* out, word32 outSz) +static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz, + const byte* in, word32 inSz, int wrap, byte* out, word32 outSz) { (void)key; (void)keySz; - wasAESKeyWrapCbCalled = 1; - XMEMSET(out, 0xEE, outSz); - if (inSz <= outSz) { - XMEMCPY(out, in, inSz); - } - return inSz; -} - -static int testAESKeyUnwrapCb(const byte* key, word32 keySz, - const byte* in, word32 inSz, byte* out, word32 outSz) -{ - (void)key; - (void)keySz; - wasAESKeyUnwrapCbCalled = 1; + (void)wrap; + if (wrap) + wasAESKeyWrapCbCalled = 1; + else + wasAESKeyUnwrapCbCalled = 1; XMEMSET(out, 0xEE, outSz); if (inSz <= outSz) { XMEMCPY(out, in, inSz); @@ -18104,8 +18095,7 @@ static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void) } /* Test custom AES key wrap/unwrap callback */ - ExpectIntEQ(wc_PKCS7_SetAESKeyWrapCb(pkcs7, testAESKeyWrapCb), 0); - ExpectIntEQ(wc_PKCS7_SetAESKeyUnwrapCb(pkcs7, testAESKeyUnwrapCb), 0); + ExpectIntEQ(wc_PKCS7_SetAESKeyWrapUnwrapCb(pkcs7, testAESKeyWrapUnwrapCb), 0); ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, (word32)sizeof(output)), 0); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 7a910c833..57eaec484 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6838,9 +6838,9 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, byte const * cek, #endif if (direction == AES_ENCRYPTION) { - if (pkcs7->aesKeyWrapCb != NULL) { - ret = pkcs7->aesKeyWrapCb(kek, kekSz, cek, cekSz, - out, outSz); + if (pkcs7->aesKeyWrapUnwrapCb != NULL) { + ret = pkcs7->aesKeyWrapUnwrapCb(kek, kekSz, cek, cekSz, 1, + out, outSz); } else { ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz, @@ -6848,9 +6848,9 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, byte const * cek, } } else if (direction == AES_DECRYPTION) { - if (pkcs7->aesKeyUnwrapCb != NULL) { - ret = pkcs7->aesKeyUnwrapCb(kek, kekSz, cek, cekSz, - out, outSz); + if (pkcs7->aesKeyWrapUnwrapCb != NULL) { + ret = pkcs7->aesKeyWrapUnwrapCb(kek, kekSz, cek, cekSz, 0, + out, outSz); } else { ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz, @@ -11094,28 +11094,17 @@ int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb) /* return 0 on success */ -int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyWrapCb) +int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb) { if (pkcs7 == NULL) return BAD_FUNC_ARG; - pkcs7->aesKeyWrapCb = aesKeyWrapCb; + pkcs7->aesKeyWrapUnwrapCb = aesKeyWrapUnwrapCb; return 0; } -/* return 0 on success */ -int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyUnwrapCb) -{ - if (pkcs7 == NULL) - return BAD_FUNC_ARG; - - pkcs7->aesKeyUnwrapCb = aesKeyUnwrapCb; - - return 0; -} - /* Decrypt ASN.1 OtherRecipientInfo (ori), as defined by: * * OtherRecipientInfo ::= SEQUENCE { diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index f7f22a691..54e428651 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -213,8 +213,8 @@ typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* originKey, word32 originKeySz, byte* out, word32 outSz, int keyWrapAlgo, int type, int dir); -typedef int (*CallbackAESKeyWrap)(const byte* key, word32 keySz, - const byte* in, word32 inSz, byte* out, word32 outSz); +typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz, + const byte* in, word32 inSz, int wrap, byte* out, word32 outSz); /* Callbacks for supporting different stream cases */ typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx); @@ -373,8 +373,7 @@ struct wc_PKCS7 { } decryptKey; #endif - CallbackAESKeyWrap aesKeyWrapCb; - CallbackAESKeyWrap aesKeyUnwrapCb; + CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb; /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; @@ -503,10 +502,8 @@ WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt c int options); WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK wrapCEKCb); -WOLFSSL_API int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, - CallbackAESKeyWrap aesKeyWrapCb); -WOLFSSL_API int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, - CallbackAESKeyWrap aesKeyUnwrapCb); +WOLFSSL_API int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, + CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb); #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, From 13fb6b83cd7d404e950b7da67d5bba6df35152db Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 16:38:13 -0400 Subject: [PATCH 053/346] Update style per code review comments --- wolfcrypt/src/pkcs7.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 57eaec484..68ff9f99d 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6816,8 +6816,8 @@ static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len) /* wrap CEK (content encryption key) with KEK, returns output size (> 0) on * success, < 0 on error */ -static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, byte const * cek, - word32 cekSz, byte const * kek, word32 kekSz, byte * out, word32 outSz, +static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek, + word32 cekSz, const byte * kek, word32 kekSz, byte * out, word32 outSz, int keyWrapAlgo, int direction) { int ret = 0; From 6043274d96191f50c13454d6e807b1e897729055 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Jul 2025 16:45:06 -0500 Subject: [PATCH 054/346] linuxkm/Kbuild: revert change to base PIE_FLAGS -- we need -fno-stack-protector to avoid compiler-generated references to __stack_chk_fail. --- linuxkm/Kbuild | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 931335162..5e15ce1d4 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -101,7 +101,9 @@ $(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS $(obj)/wolfcrypt/src/aes.o: ccflags-y = $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS) ifeq "$(ENABLED_LINUXKM_PIE)" "yes" - PIE_FLAGS := -fPIE -fno-toplevel-reorder + # note, we need -fno-stack-protector to avoid references to + # "__stack_chk_fail" from the wolfCrypt container. + PIE_FLAGS := -fPIE -fno-stack-protector -fno-toplevel-reorder PIE_SUPPORT_FLAGS := -DUSE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE ifeq "$(KERNEL_ARCH_X86)" "yes" PIE_FLAGS += -mcmodel=small From 5e77253577e1a23b14f57be2a4bf5e90e9500604 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 23 Jul 2025 07:44:30 +0900 Subject: [PATCH 055/346] Addressed code review comments --- .../e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c | 2 +- wolfcrypt/src/port/Renesas/renesas_fspsm_util.c | 9 +++++---- wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c index be48717d7..ac359efb9 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c @@ -808,7 +808,7 @@ int sce_crypt_test() gCbInfo.wrapped_key_rsapri2048 = &g_wrapped_pair_2048key.priv_key; gCbInfo.wrapped_key_rsapub2048 = - &g_wrapped_pair_2048key.pub_key;; + &g_wrapped_pair_2048key.pub_key; } /* Key generation for multi testing */ diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index 2dfd81946..ca7051263 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -192,7 +192,7 @@ int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) { /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */ int ret = 0; - word32 fspbuf[RANDGEN_WORDS]; + uint32_t fspbuf[RANDGEN_WORDS]; while (sz > 0) { word32 len = sizeof(buffer); @@ -201,8 +201,8 @@ int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) len = sz; } /* return 4 words random number*/ - ret = R_RANDOM_GEN((uint32_t*)fspbuf); - if(ret == FSP_SUCCESS) { + ret = R_RANDOM_GEN(fspbuf); + if (ret == FSP_SUCCESS) { XMEMCPY(output, &fspbuf, len); output += len; sz -= len; @@ -404,7 +404,7 @@ int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, /* sanity check */ if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL || - out == NULL || outlen == NULL || cbInfo == NULL|| + out == NULL || outlen == NULL || cbInfo == NULL || cbInfo->internal == NULL) return WOLFSSL_FAILURE; @@ -1251,6 +1251,7 @@ int wc_fspsm_TlsCleanup(WOLFSSL* ssl) /* zero clear */ ForceZero(tuc, sizeof(FSPSM_ST)); ssl->RenesasUserCtx = NULL; + return ret; } /* Set callback contexts needed for sce TLS api handling */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h index ff7b6407c..cf44e2ace 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h @@ -25,7 +25,7 @@ #include #include -/* flsgas related to TLS */ +/* Wrapped TLS FSP Key Set Flags */ struct FSPSM_tls_flg_ST { uint8_t pk_key_set:1; uint8_t session_key_set:1; From 7762fa9b14e9ffc62c322380fdc77a850e2cb5b9 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 20:09:55 -0400 Subject: [PATCH 056/346] Update style per code review comments --- tests/api.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/api.c b/tests/api.c index 5a5bef57a..1a4233ace 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18468,12 +18468,12 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) { EXPECT_DECLS; #if defined(HAVE_PKCS7) - byte const * item; + const byte * item; word32 itemSz; int ret; { - static const byte one_key[] = { + const byte one_key[] = { 0x30, 0x08, 0x02, 0x01, 0x01, 0x30, 0x03, @@ -18519,7 +18519,7 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) /* Invalid SKP SEQUENCE header. */ { - static const byte bad_seq_header[] = { + const byte bad_seq_header[] = { 0x02, 0x01, 0x42, }; ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( @@ -18529,7 +18529,7 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) /* Missing version object */ { - static const byte missing_version[] = { + const byte missing_version[] = { 0x30, 0x05, 0x30, 0x03, 0x02, 0x01, 0x01, @@ -18541,7 +18541,7 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) /* Invalid version number */ { - static const byte bad_version[] = { + const byte bad_version[] = { 0x30, 0x08, 0x02, 0x01, 0x00, 0x30, 0x03, @@ -18553,7 +18553,7 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) } { - static const byte key3_attr2[] = { + const byte key3_attr2[] = { 0x30, 0x18, 0x02, 0x01, 0x01, 0xA0, 0x08, @@ -18623,12 +18623,12 @@ static int test_wc_PKCS7_DecodeOneSymmetricKey(void) { EXPECT_DECLS; #if defined(HAVE_PKCS7) - byte const * item; + const byte * item; word32 itemSz; int ret; { - static const byte key1_attr2[] = { + const byte key1_attr2[] = { 0x30, 0x0E, 0x30, 0x06, 0x02, 0x01, 0x0A, @@ -18679,7 +18679,7 @@ static int test_wc_PKCS7_DecodeOneSymmetricKey(void) } { - static const byte no_attrs[] = { + const byte no_attrs[] = { 0x30, 0x06, 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD }; @@ -18698,7 +18698,7 @@ static int test_wc_PKCS7_DecodeOneSymmetricKey(void) } { - static const byte key0_attr2[] = { + const byte key0_attr2[] = { 0x30, 0x08, 0x30, 0x06, 0x02, 0x01, 0x0A, From 86d7d42eb60204f1f45a04bf5b6875ea727d6b03 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 20:29:44 -0400 Subject: [PATCH 057/346] Comment test ASN DER sequences --- tests/api.c | 66 ++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/tests/api.c b/tests/api.c index 1a4233ace..430fb5aec 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18474,10 +18474,10 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) { const byte one_key[] = { - 0x30, 0x08, - 0x02, 0x01, 0x01, - 0x30, 0x03, - 0x02, 0x01, 0x01, + 0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */ + 0x02, 0x01, 0x01, /* version v1 */ + 0x30, 0x03, /* sKeys SEQUENCE OF */ + 0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */ }; /* NULL input data pointer */ ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( @@ -18520,7 +18520,7 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) /* Invalid SKP SEQUENCE header. */ { const byte bad_seq_header[] = { - 0x02, 0x01, 0x42, + 0x02, 0x01, 0x42, /* Invalid SymmetricKeyPackage SEQUENCE header */ }; ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( bad_seq_header, sizeof(bad_seq_header), 0, &item, &itemSz); @@ -18530,9 +18530,9 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) /* Missing version object */ { const byte missing_version[] = { - 0x30, 0x05, - 0x30, 0x03, - 0x02, 0x01, 0x01, + 0x30, 0x05, /* SymmetricKeyPackage SEQUENCE header */ + 0x30, 0x03, /* sKeys SEQUENCE OF */ + 0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */ }; ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( missing_version, sizeof(missing_version), 0, &item, &itemSz); @@ -18542,10 +18542,10 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) /* Invalid version number */ { const byte bad_version[] = { - 0x30, 0x08, - 0x02, 0x01, 0x00, - 0x30, 0x03, - 0x02, 0x01, 0x01, + 0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */ + 0x02, 0x01, 0x00, /* version 0 (invalid) */ + 0x30, 0x03, /* sKeys SEQUENCE OF */ + 0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */ }; ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( bad_version, sizeof(bad_version), 0, &item, &itemSz); @@ -18554,16 +18554,16 @@ static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) { const byte key3_attr2[] = { - 0x30, 0x18, - 0x02, 0x01, 0x01, - 0xA0, 0x08, - 0x30, 0x06, - 0x02, 0x01, 0x40, - 0x02, 0x01, 0x41, - 0x30, 0x09, - 0x02, 0x01, 0x0A, - 0x02, 0x01, 0x0B, - 0x02, 0x01, 0x0C, + 0x30, 0x18, /* SymmetricKeyPackage SEQUENCE header */ + 0x02, 0x01, 0x01, /* version v1 */ + 0xA0, 0x08, /* sKeyPkgAttrs EXPLICIT [0] header */ + 0x30, 0x06, /* sKeyPkgAttrs SEQUENCE OF header */ + 0x02, 0x01, 0x40, /* INTEGER standin for Attribute 0 */ + 0x02, 0x01, 0x41, /* INTEGER standin for Attribute 1 */ + 0x30, 0x09, /* sKeys SEQUENCE OF header */ + 0x02, 0x01, 0x0A, /* INTEGER standin for OneSymmetricKey 0 */ + 0x02, 0x01, 0x0B, /* INTEGER standin for OneSymmetricKey 1 */ + 0x02, 0x01, 0x0C, /* INTEGER standin for OneSymmetricKey 2 */ }; /* Valid attribute index 0 extraction */ @@ -18629,11 +18629,11 @@ static int test_wc_PKCS7_DecodeOneSymmetricKey(void) { const byte key1_attr2[] = { - 0x30, 0x0E, - 0x30, 0x06, - 0x02, 0x01, 0x0A, - 0x02, 0x01, 0x0B, - 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD + 0x30, 0x0E, /* OneSymmetricKey SEQUENCE header */ + 0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */ + 0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */ + 0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */ + 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */ }; /* NULL input data pointer */ @@ -18680,8 +18680,8 @@ static int test_wc_PKCS7_DecodeOneSymmetricKey(void) { const byte no_attrs[] = { - 0x30, 0x06, - 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD + 0x30, 0x06, /* OneSymmetricKey SEQUENCE header */ + 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */ }; /* Attribute index 0 out of range */ @@ -18699,10 +18699,10 @@ static int test_wc_PKCS7_DecodeOneSymmetricKey(void) { const byte key0_attr2[] = { - 0x30, 0x08, - 0x30, 0x06, - 0x02, 0x01, 0x0A, - 0x02, 0x01, 0x0B, + 0x30, 0x08, /* OneSymmetricKey SEQUENCE header */ + 0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */ + 0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */ + 0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */ }; /* Valid attribute 0 access */ From 0d48911ae4038156e1799f859e023a83a9b244bf Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 20:30:44 -0400 Subject: [PATCH 058/346] Update style per code review comments --- wolfcrypt/src/asn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 000c8923a..a03c99a04 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2586,8 +2586,8 @@ int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, * @return BAD_INDEX_E when the given seqIndex is out of range. * @return ASN_PARSE_E when the seqOf is not in the expected format. */ -int wc_IndexSequenceOf(byte const * seqOf, word32 seqOfSz, size_t seqIndex, - byte const ** out, word32 * outSz) +int wc_IndexSequenceOf(const byte * seqOf, word32 seqOfSz, size_t seqIndex, + const byte ** out, word32 * outSz) { int length; word32 seqOfIdx = 0U; From 2f2f999657fd19f362c5eebe4f92e4e925152917 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 22 Jul 2025 20:35:28 -0400 Subject: [PATCH 059/346] Rework to remove early function returns --- wolfcrypt/src/asn.c | 48 ++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a03c99a04..52bcd5153 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2594,35 +2594,47 @@ int wc_IndexSequenceOf(const byte * seqOf, word32 seqOfSz, size_t seqIndex, byte tagFound; size_t i; word32 elementIdx = 0U; + int ret = 0; /* Validate the SEQUENCE OF header. */ - if (GetSequence(seqOf, &seqOfIdx, &length, seqOfSz) < 0) - return ASN_PARSE_E; + if (GetSequence(seqOf, &seqOfIdx, &length, seqOfSz) < 0) { + ret = ASN_PARSE_E; + } + else { + seqOfSz = seqOfIdx + (word32)length; - seqOfSz = seqOfIdx + (word32)length; + for (i = 0U; i <= seqIndex; i++) { + if (seqOfIdx >= seqOfSz) { + ret = BAD_INDEX_E; + break; + } - for (i = 0U; i <= seqIndex; i++) { - if (seqOfIdx >= seqOfSz) - return BAD_INDEX_E; + elementIdx = seqOfIdx; - elementIdx = seqOfIdx; + /* Validate the element tag. */ + if (GetASNTag(seqOf, &seqOfIdx, &tagFound, seqOfSz) != 0) { + ret = ASN_PARSE_E; + break; + } - /* Validate the element tag. */ - if (GetASNTag(seqOf, &seqOfIdx, &tagFound, seqOfSz) != 0) - return ASN_PARSE_E; + /* Validate and get the element's encoded length. */ + if (GetLength(seqOf, &seqOfIdx, &length, seqOfSz) < 0) { + ret = ASN_PARSE_E; + break; + } - /* Validate and get the element's encoded length. */ - if (GetLength(seqOf, &seqOfIdx, &length, seqOfSz) < 0) - return ASN_PARSE_E; - - seqOfIdx += (word32)length; + seqOfIdx += (word32)length; + } } /* If the tag and length checks above passed then we've found the requested * element and validated it fits within seqOfSz. */ - *out = &seqOf[elementIdx]; - *outSz = (seqOfIdx - elementIdx); - return 0; + if (ret == 0) { + *out = &seqOf[elementIdx]; + *outSz = (seqOfIdx - elementIdx); + } + + return ret; } /* Decode the header of a BER/DER encoded SET. From 53607383510fc2ac93864a114a899800ab0a0aeb Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Jul 2025 11:17:31 -0500 Subject: [PATCH 060/346] wolfssl/internal.h: don't gate in prototype for sockAddrEqual() if defined(WOLFSSL_NO_SOCK). --- wolfssl/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index cc9ae816a..212986e9a 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6806,7 +6806,7 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); #endif /* !defined(NO_WOLFSSL_SERVER) */ -#if !defined(WOLFCRYPT_ONLY) && \ +#if !defined(WOLFCRYPT_ONLY) && !defined(WOLFSSL_NO_SOCK) && \ (defined(USE_WOLFSSL_IO) || defined(WOLFSSL_USER_IO)) WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen); From 8d7009e9de511f26433c36925f4b8776cc6490d5 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Jul 2025 12:02:07 -0500 Subject: [PATCH 061/346] src/tls.c: in TLSX_KeyShare_GenPqcKeyClient(), add smallstack coverage to !WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ code paths. --- src/tls.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/tls.c b/src/tls.c index b2964ad95..e676e18f4 100644 --- a/src/tls.c +++ b/src/tls.c @@ -8537,7 +8537,11 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) int ret = 0; int type = 0; #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ - KyberKey kem[1]; + #ifdef WOLFSSL_SMALL_STACK + KyberKey *kem = NULL; + #else + KyberKey kem[1]; + #endif byte* privKey = NULL; word32 privSz = 0; #else @@ -8559,6 +8563,18 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) } #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + + #ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + kem = (KyberKey *)XMALLOC(sizeof(*kem), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); + if (kem == NULL) { + WOLFSSL_MSG("KEM memory allocation failure"); + ret = MEMORY_ERROR; + } + } + #endif /* WOLFSSL_SMALL_STACK */ + if (ret == 0) { ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId); if (ret != 0) { @@ -8638,6 +8654,9 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); kse->pubKey = NULL; #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + #ifdef WOLFSSL_SMALL_STACK + XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + #endif if (privKey) { ForceZero(privKey, privSz); XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); @@ -8658,6 +8677,11 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) #endif } + #if !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ) && \ + defined(WOLFSSL_SMALL_STACK) + XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + #endif + return ret; } From a447a991b0db66f817209eb0d9c9337195977d81 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Jul 2025 14:31:52 -0500 Subject: [PATCH 062/346] linuxkm/Kbuild: add KERNEL_EXTRA_CFLAGS_REMOVE; linuxkm/linuxkm_wc_port.h: fix version threshold for HAVE_KVREALLOC (6.12.0, not 6.11.0), and add manual overrides. --- .wolfssl_known_macro_extras | 4 ++++ linuxkm/Kbuild | 4 ++++ linuxkm/linuxkm_wc_port.h | 32 +++++++++++++++++++++----------- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 236de6627..3e039f6fc 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -193,6 +193,10 @@ DILITHIUM_MUL_QINV_SLOW DILITHIUM_MUL_Q_SLOW DILITHIUM_MUL_SLOW DILITHIUM_USE_HINT_CT +DONT_HAVE_KVMALLOC +DONT_HAVE_KVREALLOC +DONT_USE_KVMALLOC +DONT_USE_KVREALLOC DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER ECCSI_ORDER_MORE_BITS_THAN_PRIME ECC_DUMP_OID diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 5e15ce1d4..ab0399131 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -129,6 +129,10 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS) endif +ifdef KERNEL_EXTRA_CFLAGS_REMOVE + ccflags-remove-y += KERNEL_EXTRA_CFLAGS_REMOVE +endif + $(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION -DWOLFSSL_NO_OPTIONS_H $(obj)/wolfcrypt/benchmark/benchmark.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 1d15bbedd..0caedae70 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -81,28 +81,38 @@ * kvrealloc() added in de2860f463, merged for 5.15, backported to 5.10.137. * moved to ultimate home (slab.h) in 8587ca6f34, merged for 5.16. * - * however, until 6.11, it took an extra argument, oldsize, that makes it - * incompatible with traditional libc usage patterns, so we don't try to use it. + * however, until 6.12 (commit 590b9d576c), it took an extra argument, + * oldsize, that makes it incompatible with traditional libc usage patterns, + * so we don't try to use it. */ - #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) && \ + !defined(DONT_HAVE_KVMALLOC) && !defined(HAVE_KVMALLOC) #define HAVE_KVMALLOC #endif - #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) + #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) && \ + !defined(DONT_HAVE_KVREALLOC) && !defined(HAVE_KVREALLOC) #define HAVE_KVREALLOC #endif #ifdef WOLFCRYPT_ONLY - #ifdef HAVE_KVMALLOC + #if defined(HAVE_KVMALLOC) && \ + !defined(DONT_USE_KVMALLOC) && !defined(USE_KVMALLOC) #define USE_KVMALLOC #endif - #ifdef HAVE_KVREALLOC + #ifdef HAVE_KVREALLOC && \ + !defined(DONT_USE_KVREALLOC) && !defined(USE_KVREALLOC) #define USE_KVREALLOC #endif #else /* functioning realloc() is needed for the TLS stack. */ - #if defined(HAVE_KVMALLOC) && defined(HAVE_KVREALLOC) - #define USE_KVMALLOC - #define USE_KVREALLOC + #if defined(HAVE_KVMALLOC) && defined(HAVE_KVREALLOC) && \ + !defined(DONT_USE_KVMALLOC) && !defined(DONT_USE_KVREALLOC) + #ifndef USE_KVMALLOC + #define USE_KVMALLOC + #endif + #ifndef USE_KVREALLOC + #define USE_KVREALLOC + #endif #endif #endif @@ -680,7 +690,7 @@ const unsigned char *_ctype; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) typeof(kmalloc_noprof) *kmalloc_noprof; typeof(krealloc_noprof) *krealloc_noprof; typeof(kzalloc_noprof) *kzalloc_noprof; @@ -953,7 +963,7 @@ #define _ctype WC_LKM_INDIRECT_SYM(_ctype) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) /* see include/linux/alloc_tag.h and include/linux/slab.h */ #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof) #define krealloc_noprof WC_LKM_INDIRECT_SYM(krealloc_noprof) From 53de4a582e92e45e0a4b10c35a57ee12081a9bd8 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Jul 2025 14:43:33 -0500 Subject: [PATCH 063/346] add .github/workflows/linuxkm.yml; linuxkm/Makefile: add support for FORCE_NO_MODULE_SIG. --- .github/workflows/linuxkm.yml | 47 +++++++++++++++++++++++++++++++++++ linuxkm/Makefile | 4 +++ 2 files changed, 51 insertions(+) create mode 100644 .github/workflows/linuxkm.yml diff --git a/.github/workflows/linuxkm.yml b/.github/workflows/linuxkm.yml new file mode 100644 index 000000000..8ea51b234 --- /dev/null +++ b/.github/workflows/linuxkm.yml @@ -0,0 +1,47 @@ +name: Kernel Module Build + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_library: + strategy: + matrix: + config: [ + 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests --enable-reproducible-build CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384' + ] + name: build module + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v4 + name: Checkout wolfSSL + + - name: Build libwolfssl.ko, targeting GitHub ubuntu-latest, with --enable-all, PQC, and smallstack and stack depth warnings + run: | + echo "updating linux-headers" + sudo apt-get update || $(exit 2) + sudo apt-get install linux-headers-$(uname -r) -y || $(exit 3) + echo "preparing target kernel $(uname -r)" + pushd "/lib/modules/$(uname -r)/build" || $(exit 4) + if [ -f /proc/config.gz ]; then gzip -dc /proc/config.gz > /tmp/.config && sudo mv /tmp/.config . || $(exit 5); elif [ -f "/boot/config-$(uname -r)" ]; then sudo cp -p "/boot/config-$(uname -r)" .config || $(exit 6); fi + sudo make -j 4 oldconfig || $(exit 7) + sudo make M="$(pwd)" modules_prepare || $(exit 8) + popd >/dev/null + ./autogen.sh || $(exit 9) + echo "running ./configure ... ${{ matrix.config }}" + ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }} || $(exit 10) + # try to remove profiling (-pg) because it leads to "_mcleanup: gmon.out: Permission denied" + make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11) + ls -l linuxkm/libwolfssl.ko || $(exit 12) + echo "Successful linuxkm build." diff --git a/linuxkm/Makefile b/linuxkm/Makefile index 98198f35c..7fb380cea 100644 --- a/linuxkm/Makefile +++ b/linuxkm/Makefile @@ -98,6 +98,9 @@ else endif libwolfssl.ko.signed: libwolfssl.ko +ifdef FORCE_NO_MODULE_SIG + @echo 'Skipping module signature operation because FORCE_NO_MODULE_SIG.' +else @cd '$(KERNEL_ROOT)' || exit $$?; \ while read configline; do \ case "$$configline" in \ @@ -127,6 +130,7 @@ libwolfssl.ko.signed: libwolfssl.ko echo " Module $@ signed by $${CONFIG_MODULE_SIG_KEY}."; \ fi \ fi +endif .PHONY: install modules_install From b7b0ab6dbfaaf33647b2f48ee3a31a2262900f0d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Jul 2025 16:18:22 -0500 Subject: [PATCH 064/346] src/tls.c: fix double free just added to TLSX_KeyShare_GenPqcKeyClient(). --- src/tls.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/tls.c b/src/tls.c index e676e18f4..2f13d558b 100644 --- a/src/tls.c +++ b/src/tls.c @@ -8654,9 +8654,6 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); kse->pubKey = NULL; #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ - #ifdef WOLFSSL_SMALL_STACK - XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - #endif if (privKey) { ForceZero(privKey, privSz); XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); From ca6a12769f24892457f27f88096e30deed126799 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Jul 2025 16:57:24 -0500 Subject: [PATCH 065/346] linuxkm/linuxkm_wc_port.h: additional fixes for version gates; .github/workflows/linuxkm.yml: add a second scenario with --enable-linuxkm-pie. --- .github/workflows/linuxkm.yml | 13 ++++++++++--- linuxkm/linuxkm_wc_port.h | 18 ++++++++++++------ linuxkm/module_hooks.c | 4 ++++ 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/.github/workflows/linuxkm.yml b/.github/workflows/linuxkm.yml index 8ea51b234..931e2d4c7 100644 --- a/.github/workflows/linuxkm.yml +++ b/.github/workflows/linuxkm.yml @@ -17,7 +17,8 @@ jobs: strategy: matrix: config: [ - 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests --enable-reproducible-build CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384' + 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384', + 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384' ] name: build module if: github.repository_owner == 'wolfssl' @@ -27,7 +28,7 @@ jobs: - uses: actions/checkout@v4 name: Checkout wolfSSL - - name: Build libwolfssl.ko, targeting GitHub ubuntu-latest, with --enable-all, PQC, and smallstack and stack depth warnings + - name: Prepare target kernel for module builds run: | echo "updating linux-headers" sudo apt-get update || $(exit 2) @@ -38,8 +39,14 @@ jobs: sudo make -j 4 oldconfig || $(exit 7) sudo make M="$(pwd)" modules_prepare || $(exit 8) popd >/dev/null + + - name: autogen.sh + run: | ./autogen.sh || $(exit 9) - echo "running ./configure ... ${{ matrix.config }}" + + - name: Build libwolfssl.ko, targeting GitHub ubuntu-latest, with --enable-all, PQC, and smallstack and stack depth warnings + run: | + echo "running ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }}" ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }} || $(exit 10) # try to remove profiling (-pg) because it leads to "_mcleanup: gmon.out: Permission denied" make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 0caedae70..96e3be3a1 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -99,7 +99,7 @@ !defined(DONT_USE_KVMALLOC) && !defined(USE_KVMALLOC) #define USE_KVMALLOC #endif - #ifdef HAVE_KVREALLOC && \ + #if defined(HAVE_KVREALLOC) && \ !defined(DONT_USE_KVREALLOC) && !defined(USE_KVREALLOC) #define USE_KVREALLOC #endif @@ -690,13 +690,15 @@ const unsigned char *_ctype; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) typeof(kmalloc_noprof) *kmalloc_noprof; typeof(krealloc_noprof) *krealloc_noprof; typeof(kzalloc_noprof) *kzalloc_noprof; typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof; typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof; - typeof(kvrealloc_noprof) *kvrealloc_noprof; + #ifdef HAVE_KVREALLOC + typeof(kvrealloc_noprof) *kvrealloc_noprof; + #endif #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) typeof(kmalloc_noprof) *kmalloc_noprof; typeof(krealloc_noprof) *krealloc_noprof; @@ -963,14 +965,16 @@ #define _ctype WC_LKM_INDIRECT_SYM(_ctype) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) /* see include/linux/alloc_tag.h and include/linux/slab.h */ #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof) #define krealloc_noprof WC_LKM_INDIRECT_SYM(krealloc_noprof) #define kzalloc_noprof WC_LKM_INDIRECT_SYM(kzalloc_noprof) #define __kvmalloc_node_noprof WC_LKM_INDIRECT_SYM(__kvmalloc_node_noprof) #define __kmalloc_cache_noprof WC_LKM_INDIRECT_SYM(__kmalloc_cache_noprof) - #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof) + #ifdef HAVE_KVREALLOC + #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof) + #endif #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) /* see include/linux/alloc_tag.h and include/linux/slab.h */ #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof) @@ -978,7 +982,9 @@ #define kzalloc_noprof WC_LKM_INDIRECT_SYM(kzalloc_noprof) #define kvmalloc_node_noprof WC_LKM_INDIRECT_SYM(kvmalloc_node_noprof) #define kmalloc_trace_noprof WC_LKM_INDIRECT_SYM(kmalloc_trace_noprof) - #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof) + #ifdef HAVE_KVREALLOC + #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof) + #endif #else /* <6.10.0 */ #define kmalloc WC_LKM_INDIRECT_SYM(kmalloc) #define krealloc WC_LKM_INDIRECT_SYM(krealloc) diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 389ff1f59..3d002e5d9 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -556,14 +556,18 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof; wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof; +#ifdef HAVE_KVREALLOC wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof; +#endif #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof; wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof; wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; wolfssl_linuxkm_pie_redirect_table.kvmalloc_node_noprof = kvmalloc_node_noprof; wolfssl_linuxkm_pie_redirect_table.kmalloc_trace_noprof = kmalloc_trace_noprof; +#ifdef HAVE_KVREALLOC wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof; +#endif #else wolfssl_linuxkm_pie_redirect_table.kmalloc = kmalloc; wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc; From 5e57ec5c9390b5b4db71fba1f5212a23a9c2b3b8 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Jul 2025 17:30:14 -0500 Subject: [PATCH 066/346] linuxkm/Kbuild: if ENABLED_LINUXKM_PIE, disable KASAN and UBSAN, to avoid external references (__ubsan_handle_out_of_bounds() etc.). --- linuxkm/Kbuild | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index ab0399131..93c332fe9 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -105,6 +105,10 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" # "__stack_chk_fail" from the wolfCrypt container. PIE_FLAGS := -fPIE -fno-stack-protector -fno-toplevel-reorder PIE_SUPPORT_FLAGS := -DUSE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE + # the kernel sanitizers generate external references to + # __ubsan_handle_out_of_bounds(), __ubsan_handle_shift_out_of_bounds(), etc. + KASAN_SANITIZE := n + UBSAN_SANITIZE := n ifeq "$(KERNEL_ARCH_X86)" "yes" PIE_FLAGS += -mcmodel=small ifeq "$(CONFIG_MITIGATION_RETPOLINE)" "y" From 551ff3f1b6f8a8d6264cf43ea3e0a62ea498f15a Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 Jul 2025 15:59:08 -0700 Subject: [PATCH 067/346] Fixes for building with MD5 and SHA1 to support Hash `WC_HASH_TYPE_MD5_SHA`. ZD 20269. --- tests/api/test_hash.c | 4 ++-- wolfssl/wolfcrypt/hash.h | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/api/test_hash.c b/tests/api/test_hash.c index 717c0849d..ac0b635ff 100644 --- a/tests/api/test_hash.c +++ b/tests/api/test_hash.c @@ -214,9 +214,9 @@ int test_wc_HashInit(void) for (i = 0; i < notSupportedHashLen; i++) { /* check for null ptr */ - ExpectIntEQ(wc_HashInit(NULL, supportedHash[i]), + ExpectIntEQ(wc_HashInit(NULL, notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashInit_ex(NULL, supportedHash[i], HEAP_HINT, + ExpectIntEQ(wc_HashInit_ex(NULL, notSupportedHash[i], HEAP_HINT, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 9ac6cff2a..99bcea00a 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -137,6 +137,9 @@ typedef struct { #elif defined(WOLFSSL_SHA384) #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE #define WC_MAX_BLOCK_SIZE WC_SHA384_BLOCK_SIZE +#elif !defined(NO_SHA) && !defined(NO_MD5) + #define WC_MAX_DIGEST_SIZE (WC_SHA_DIGEST_SIZE + WC_MD5_DIGEST_SIZE) + #define WC_MAX_BLOCK_SIZE WC_SHA_BLOCK_SIZE #elif !defined(NO_SHA256) #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE #define WC_MAX_BLOCK_SIZE WC_SHA256_BLOCK_SIZE From 09de113145599274041303ff87d9effc51b1bc36 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Thu, 24 Jul 2025 16:13:00 +0200 Subject: [PATCH 068/346] Fix warning with WOLFSSL_RSA_VERIFY_ONLY PR #8830 introduces a warning when WOLFSSL_NO_CT_OPS is selected. However, in WOLFSSL_RSA_VERIFY_ONLY mode this is enforced in wolfssl/wolfcrypt/settings.h:4035, forcing this warning to appear when this configuration is used. This PR takes into account the special case, allowing WOLFSSL_NO_CT_OPS when WOLFSSL_RSA_VERIFY_ONLY, and removing the warning. --- wolfcrypt/src/misc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index e681d2bbd..066134a22 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -634,7 +634,8 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, #endif -#if defined(WOLFSSL_NO_CT_OPS) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)) +#if defined(WOLFSSL_NO_CT_OPS) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)) \ + && (!defined(WOLFSSL_RSA_VERIFY_ONLY)) /* constant time operations with mask are required for RSA and TLS operations */ #warning constant time operations required unless using NO_RSA & WOLFCRYPT_ONLY #endif From cf843c8b8215e550cf05db52f9985fb6d9c5ef69 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Wed, 23 Jul 2025 21:39:18 -0400 Subject: [PATCH 069/346] Add wc_PKCS7_GetEnvelopedDataKariRid() Allow access to recipient ID before attempting to decrypt content. --- certs/renewcerts.sh | 8 ++ certs/test/client-ecc-cert-ski.hex | 1 + certs/test/include.am | 4 +- certs/test/kari-keyid-cms.msg | Bin 0 -> 275 bytes doc/dox_comments/header_files/pkcs7.h | 25 ++++++ tests/api.c | 67 ++++++++++++++++ wolfcrypt/src/pkcs7.c | 110 ++++++++++++++++++++++++++ wolfssl/wolfcrypt/pkcs7.h | 2 + 8 files changed, 216 insertions(+), 1 deletion(-) create mode 100644 certs/test/client-ecc-cert-ski.hex create mode 100644 certs/test/kari-keyid-cms.msg diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index 693a50cf8..609726cc1 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -523,6 +523,11 @@ run_renewcerts(){ openssl x509 -in client-ecc-cert.pem -text > tmp.pem check_result $? "Step 3" mv tmp.pem client-ecc-cert.pem + + # Extract the Subject Key Identifier from the generated certificate + # for unit test use. + openssl x509 -in client-ecc-cert.pem -noout -text | grep -A1 'Subject Key Identifier' | tail -n +2 | sed -e 's/[ :]//g' > test/client-ecc-cert-ski.hex + check_result $? "Step 4" echo "End of section" echo "---------------------------------------------------------------------" ############################################################ @@ -792,6 +797,9 @@ run_renewcerts(){ cd ./test || { echo "Failed to switch to dir ./test"; exit 1; } echo "test" | openssl cms -encrypt -binary -keyid -out ktri-keyid-cms.msg -outform der -recip ../client-cert.pem -nocerts check_result $? "generate ktri-keyid-cms.msg" + # Generate an EnvelopedData with KARI recipient for testing. + echo "testkari" | openssl cms -encrypt -binary -keyid -out kari-keyid-cms.msg -outform der -recip ../client-ecc-cert.pem -nocerts + check_result $? "generate kari-keyid-cms.msg" echo "testencrypt" | openssl cms -EncryptedData_encrypt -binary -keyid -aes-128-cbc -secretkey 0123456789ABCDEF0011223344556677 -out encrypteddata.msg -outform der -recip ../client-cert.pem -nocerts check_result $? "generate encrypteddata.msg" cd ../ || exit 1 diff --git a/certs/test/client-ecc-cert-ski.hex b/certs/test/client-ecc-cert-ski.hex new file mode 100644 index 000000000..d8f3582e8 --- /dev/null +++ b/certs/test/client-ecc-cert-ski.hex @@ -0,0 +1 @@ +EBD44B596B95613F5157B6044D894188445CABF2 diff --git a/certs/test/include.am b/certs/test/include.am index facc4a5c4..afe2aca67 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -36,7 +36,8 @@ EXTRA_DIST += \ certs/test/cert-over-max-altnames.cfg \ certs/test/cert-over-max-altnames.pem \ certs/test/cert-over-max-nc.cfg \ - certs/test/cert-over-max-nc.pem + certs/test/cert-over-max-nc.pem \ + certs/test/client-ecc-cert-ski.hex # The certs/server-cert with the last byte (signature byte) changed EXTRA_DIST += \ @@ -69,6 +70,7 @@ EXTRA_DIST += \ certs/test/server-localhost.pem \ certs/test/ossl-trusted-cert.pem \ certs/test/ktri-keyid-cms.msg \ + certs/test/kari-keyid-cms.msg \ certs/test/encrypteddata.msg \ certs/test/smime-test.p7s \ certs/test/smime-test-canon.p7s \ diff --git a/certs/test/kari-keyid-cms.msg b/certs/test/kari-keyid-cms.msg new file mode 100644 index 0000000000000000000000000000000000000000..9721cf7a3f8fda97f76437cad06dc00615e7e8cd GIT binary patch literal 275 zcmXqLV&rGz)N1o+`_9YA&b*+Bk-?zxFB2n^VdKt)joX+QnHK~u^f%ySW7lf)IA_bm z$n3Rx9^H-F||1Yif*TM+SyJ&ZoGf3 z*Kne=ZJA&52D`gw5KeEhI4uxk z5qW*ZJ2HD}qJ3caHWuGb#}1d6)t^{2jF+yMJTYSK3t8JKjVjjy{_T6e{lrC^+rp{5 z+^2bGE}D@uf-yu@ZnGIne+1`>l3W9tJ#_p8w6JFaadK~ PBLB?MSn>DFx 0); + if (cmsFile != XBADFILE) + XFCLOSE(cmsFile); + + skiHexFile = XFOPEN("./certs/test/client-ecc-cert-ski.hex", "rb"); + ExpectTrue(skiHexFile != XBADFILE); + skiHexSz = (word32)XFREAD(skiHex, 1, sizeof(skiHex), skiHexFile); + ExpectTrue(skiHexSz > 0); + if (skiHexFile != XBADFILE) + XFCLOSE(skiHexFile); + + ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz); + ExpectIntEQ(ret, 0); + ExpectIntGT(ridSz, ridKeyIdentifierOffset); + /* The Subject Key Identifier hex file should have 2 hex characters for each + * byte of the key identifier in the returned recipient ID (rid), plus a + * terminating new line character. */ + ExpectIntGE(skiHexSz, ((ridSz - ridKeyIdentifierOffset) * 2) + 1); + for (i = 0; i < (ridSz - ridKeyIdentifierOffset); i++) + { + size_t j; + byte ridKeyIdByte = rid[ridKeyIdentifierOffset + i]; + byte skiByte = 0; + for (j = 0; j <= 1; j++) + { + byte hexChar = skiHex[i * 2 + j]; + skiByte = skiByte << 4; + if ('0' <= hexChar && hexChar <= '9') + skiByte |= (hexChar - '0'); + else if ('A' <= hexChar && hexChar <= 'F') + skiByte |= (hexChar - 'A' + 10); + else + ExpectTrue(0); + } + ExpectIntEQ(ridKeyIdByte, skiByte); + } +#endif +#endif /* HAVE_PKCS7 */ + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_GetEnvelopedDataKariRid() */ + + /* * Testing wc_PKCS7_EncodeEncryptedData() */ @@ -68404,6 +68470,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_PKCS7_DecodeEnvelopedData_stream), TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData), TEST_DECL(test_wc_PKCS7_SetAESKeyWrapUnwrapCb), + TEST_DECL(test_wc_PKCS7_GetEnvelopedDataKariRid), TEST_DECL(test_wc_PKCS7_EncodeEncryptedData), TEST_DECL(test_wc_PKCS7_DecodeEncryptedKeyPackage), TEST_DECL(test_wc_PKCS7_DecodeSymmetricKeyPackage), diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index e9d4d548f..3807a8709 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -12957,6 +12957,116 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, } +int wc_PKCS7_GetEnvelopedDataKariRid(const byte * in, word32 inSz, + byte * out, word32 * outSz) +{ + int ret = 0; + word32 idx = 0; + int length = 0; + word32 contentType = 0; + word32 ridIdx = 0; + byte ridTag = 0; + + if (in == NULL || inSz == 0 || out == NULL || outSz == NULL) { + ret = BAD_FUNC_ARG; + } + /* Consume ContentInfo SEQUENCE header. */ + else if (GetSequence(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Validate the EnvelopedData OBJECT IDENTIFIER. */ + else if (wc_GetContentType(in, &idx, &contentType, inSz) < 0) { + ret = ASN_PARSE_E; + } + else if (contentType != ENVELOPED_DATA) { + WOLFSSL_MSG("PKCS#7 input not of type EnvelopedData"); + ret = PKCS7_OID_E; + } + /* Consume EXPLICIT content [0] header. */ + else if (GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx, + &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume EnvelopedData SEQUENCE header. */ + else if (GetSequence(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume version. */ + else if (GetMyVersion(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume originatorInfo if present. */ + else if (GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx, + &length, inSz) >= 0) { + idx += (word32)length; + } + /* Consume recipientInfos SET OF header. */ + if (ret == 0 && GetSet(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume kari [1] header. */ + if (ret == 0 && GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1, + &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume KARI version. */ + if (ret == 0 && GetMyVersion(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume KARI originator [0] header. */ + if (ret == 0 && GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, + &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Skip originator [0] content. */ + if (ret == 0) + idx += (word32)length; + /* Consume KARI ukm [1] if present. */ + if (ret == 0 && GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1, + &idx, &length, inSz) >= 0) { + idx += (word32) length; + } + /* Consume KARI keyEncryptionAlgorithm. */ + if (ret == 0 && GetSequence(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Skip keyEncryptionAlgorithm content. */ + if (ret == 0) + idx += (word32)length; + /* Consume RecipientEncryptedKeys SEQUENCE OF header. */ + if (ret == 0 && GetSequence(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume RecipientEncryptedKey SEQUENCE header. */ + if (ret == 0 && GetSequence(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + if (ret == 0) + ridIdx = idx; + /* Consume KeyAgreeRecipientIdentifier tag. */ + if (ret == 0 && GetASNTag(in, &idx, &ridTag, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Consume KeyAgreeRecipientIdentifier length. */ + if (ret == 0 && GetLength(in, &idx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + if (ret == 0) { + word32 ridSz = (idx + (word32)length) - ridIdx; + if (ridSz > *outSz) { + /* Not enough room in output buffer. */ + ret = BUFFER_E; + } + else { + /* Copy KeyAgreeRecipientIdentifier to output buffer. */ + XMEMCPY(out, &in[ridIdx], ridSz); + *outSz = ridSz; + } + } + return ret; +} + + /* build PKCS#7 authEnvelopedData content type, return enveloped size */ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index e69dc955d..b65c442c6 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -516,6 +516,8 @@ WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); +WOLFSSL_API int wc_PKCS7_GetEnvelopedDataKariRid(const byte * in, word32 inSz, + byte * out, word32 * outSz); /* CMS/PKCS#7 AuthEnvelopedData */ WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, From 6309b241cdd6e6f312528aa459c08d635d836588 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Thu, 24 Jul 2025 15:42:55 -0400 Subject: [PATCH 070/346] Fix some clang-tidy warnings in unit test --- tests/api.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/tests/api.c b/tests/api.c index 7190f1812..e81283f58 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18325,17 +18325,16 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void) size_t i; const word32 ridKeyIdentifierOffset = 4; - cmsFile = XFOPEN("./certs/test/kari-keyid-cms.msg", "rb"); - ExpectTrue(cmsFile != XBADFILE); - cmsSz = (word32)XFREAD(cms, 1, sizeof(cms), cmsFile); - ExpectTrue(cmsSz > 0); + ExpectTrue((cmsFile = XFOPEN("./certs/test/kari-keyid-cms.msg", "rb")) + != XBADFILE); + ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, sizeof(cms), cmsFile)) > 0); if (cmsFile != XBADFILE) XFCLOSE(cmsFile); - skiHexFile = XFOPEN("./certs/test/client-ecc-cert-ski.hex", "rb"); - ExpectTrue(skiHexFile != XBADFILE); - skiHexSz = (word32)XFREAD(skiHex, 1, sizeof(skiHex), skiHexFile); - ExpectTrue(skiHexSz > 0); + ExpectTrue((skiHexFile = XFOPEN("./certs/test/client-ecc-cert-ski.hex", + "rb")) != XBADFILE); + ExpectTrue((skiHexSz = (word32)XFREAD(skiHex, 1, sizeof(skiHex), + skiHexFile)) > 0); if (skiHexFile != XBADFILE) XFCLOSE(skiHexFile); From 71bd9e2f6e27349f394c27030e5256745cc4547b Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Thu, 24 Jul 2025 15:46:01 -0400 Subject: [PATCH 071/346] Make unit test more resilient to earlier errors --- tests/api.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/tests/api.c b/tests/api.c index e81283f58..c66f2170f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18338,30 +18338,34 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void) if (skiHexFile != XBADFILE) XFCLOSE(skiHexFile); - ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz); + if (EXPECT_SUCCESS()) { + ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz); + } ExpectIntEQ(ret, 0); ExpectIntGT(ridSz, ridKeyIdentifierOffset); /* The Subject Key Identifier hex file should have 2 hex characters for each * byte of the key identifier in the returned recipient ID (rid), plus a * terminating new line character. */ ExpectIntGE(skiHexSz, ((ridSz - ridKeyIdentifierOffset) * 2) + 1); - for (i = 0; i < (ridSz - ridKeyIdentifierOffset); i++) - { - size_t j; - byte ridKeyIdByte = rid[ridKeyIdentifierOffset + i]; - byte skiByte = 0; - for (j = 0; j <= 1; j++) + if (EXPECT_SUCCESS()) { + for (i = 0; i < (ridSz - ridKeyIdentifierOffset); i++) { - byte hexChar = skiHex[i * 2 + j]; - skiByte = skiByte << 4; - if ('0' <= hexChar && hexChar <= '9') - skiByte |= (hexChar - '0'); - else if ('A' <= hexChar && hexChar <= 'F') - skiByte |= (hexChar - 'A' + 10); - else - ExpectTrue(0); + size_t j; + byte ridKeyIdByte = rid[ridKeyIdentifierOffset + i]; + byte skiByte = 0; + for (j = 0; j <= 1; j++) + { + byte hexChar = skiHex[i * 2 + j]; + skiByte = skiByte << 4; + if ('0' <= hexChar && hexChar <= '9') + skiByte |= (hexChar - '0'); + else if ('A' <= hexChar && hexChar <= 'F') + skiByte |= (hexChar - 'A' + 10); + else + ExpectTrue(0); + } + ExpectIntEQ(ridKeyIdByte, skiByte); } - ExpectIntEQ(ridKeyIdByte, skiByte); } #endif #endif /* HAVE_PKCS7 */ From 1226dedeb897496c28c33bda0a88f543f75a9983 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Thu, 24 Jul 2025 15:52:34 -0400 Subject: [PATCH 072/346] Check that we don't run out of space for the RID structure --- tests/api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/api.c b/tests/api.c index c66f2170f..6fb012986 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18313,6 +18313,8 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void) #if defined(HAVE_PKCS7) #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) || \ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) + /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure. + * Reserve a bit more than that in case it might grow. */ byte rid[256]; byte cms[1024]; XFILE cmsFile = XBADFILE; @@ -18342,6 +18344,7 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void) ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz); } ExpectIntEQ(ret, 0); + ExpectIntLT(ridSz, sizeof(rid)); ExpectIntGT(ridSz, ridKeyIdentifierOffset); /* The Subject Key Identifier hex file should have 2 hex characters for each * byte of the key identifier in the returned recipient ID (rid), plus a From 804c4f20b518e98a5698c1507b238b35c1970a9c Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Thu, 24 Jul 2025 18:51:58 -0400 Subject: [PATCH 073/346] Explicitly initialize some unit test variables to avoid warnings --- tests/api.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index 6fb012986..f37b03d90 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18322,9 +18322,9 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void) word32 ridSz = sizeof(rid); XFILE skiHexFile = XBADFILE; byte skiHex[256]; - word32 cmsSz; - word32 skiHexSz; - size_t i; + word32 cmsSz = 0; + word32 skiHexSz = 0; + size_t i = 0; const word32 ridKeyIdentifierOffset = 4; ExpectTrue((cmsFile = XFOPEN("./certs/test/kari-keyid-cms.msg", "rb")) From c7e054a7a76dfe035562f1cb4ea469036d21f1d4 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Fri, 25 Jul 2025 13:27:26 -0400 Subject: [PATCH 074/346] Rename ML-KEM hybrids to match IETF Draft. --- INSTALL | 10 +- examples/benchmark/tls_bench.c | 16 ++-- examples/client/client.c | 61 +++++++----- examples/server/server.c | 61 +++++++----- src/internal.c | 16 ++-- src/ssl.c | 112 +++++++++++----------- src/tls.c | 130 +++++++++++++------------- tests/test-dtls13-pq-hybrid-frag.conf | 24 ++--- tests/test-tls13-pq-hybrid.conf | 32 +++---- wolfssl/ssl.h | 16 ++-- 10 files changed, 250 insertions(+), 228 deletions(-) diff --git a/INSTALL b/INSTALL index 4176fb063..ca9df34eb 100644 --- a/INSTALL +++ b/INSTALL @@ -208,13 +208,13 @@ For a quick start, you can run the client and server like this: - $ ./examples/server/server -v 4 --pqc P521_ML_KEM_1024 - $ ./examples/client/client -v 4 --pqc P521_ML_KEM_1024 + $ ./examples/server/server -v 4 --pqc SecP521r1MLKEM1024 + $ ./examples/client/client -v 4 --pqc SecP521r1MLKEM1024 Look for the following line in the output of the server and client: ``` - Using Post-Quantum KEM: P521_ML_KEM_1024 + Using Post-Quantum KEM: SecP521r1MLKEM1024 ``` For authentication, you can generate a certificate chain using the Open @@ -236,13 +236,13 @@ -A certs/mldsa87_root_cert.pem \ -c certs/mldsa44_entity_cert.pem \ -k certs/mldsa44_entity_key.pem \ - --pqc P521_ML_KEM_1024 + --pqc SecP521r1MLKEM1024 $ examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \ -A certs/mldsa44_root_cert.pem \ -c certs/mldsa87_entity_cert.pem \ -k certs/mldsa87_entity_key.pem \ - --pqc P521_ML_KEM_1024 + --pqc SecP521r1MLKEM1024 Congratulations! You have just achieved a fully quantum-safe TLS 1.3 connection! diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index ecde30c5d..c191b2782 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -296,14 +296,14 @@ static struct group_info groups[] = { { WOLFSSL_ML_KEM_512, "ML_KEM_512" }, { WOLFSSL_ML_KEM_768, "ML_KEM_768" }, { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" }, - { WOLFSSL_P256_ML_KEM_512, "P256_ML_KEM_512" }, - { WOLFSSL_P384_ML_KEM_768, "P384_ML_KEM_768" }, - { WOLFSSL_P256_ML_KEM_768, "P256_ML_KEM_768" }, - { WOLFSSL_P521_ML_KEM_1024, "P521_ML_KEM_1024" }, - { WOLFSSL_P384_ML_KEM_1024, "P384_ML_KEM_1024" }, - { WOLFSSL_X25519_ML_KEM_512, "X25519_ML_KEM_512" }, - { WOLFSSL_X448_ML_KEM_768, "X448_ML_KEM_768" }, - { WOLFSSL_X25519_ML_KEM_768, "X25519_ML_KEM_768" }, + { WOLFSSL_SECP256R1MLKEM512, "SecP256r1MLKEM512" }, + { WOLFSSL_SECP384R1MLKEM768, "SecP384r1MLKEM768" }, + { WOLFSSL_SECP256R1MLKEM768, "SecP256r1MLKEM768" }, + { WOLFSSL_SECP521R1MLKEM1024, "SecP521r1MLKEM1024" }, + { WOLFSSL_SECP384R1MLKEM1024, "SecP384r1MLKEM1024" }, + { WOLFSSL_X25519MLKEM512, "X25519MLKEM512" }, + { WOLFSSL_X448MLKEM768, "X448MLKEM768" }, + { WOLFSSL_X25519MLKEM768, "X25519MLKEM768" }, #endif #ifdef WOLFSSL_MLKEM_KYBER { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" }, diff --git a/examples/client/client.c b/examples/client/client.c index 578508dc6..1c0b3bb8a 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -422,44 +422,44 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, else #endif #ifndef WOLFSSL_NO_ML_KEM_512 - if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) { - group = WOLFSSL_P256_ML_KEM_512; + if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) { + group = WOLFSSL_SECP256R1MLKEM512; } else #endif #ifndef WOLFSSL_NO_ML_KEM_768 - if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) { - group = WOLFSSL_P384_ML_KEM_768; + if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) { + group = WOLFSSL_SECP384R1MLKEM768; } - else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) { - group = WOLFSSL_P256_ML_KEM_768; + else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { + group = WOLFSSL_SECP256R1MLKEM768; } else #endif #ifndef WOLFSSL_NO_ML_KEM_1024 - if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) { - group = WOLFSSL_P521_ML_KEM_1024; + if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) { + group = WOLFSSL_SECP521R1MLKEM1024; } - else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) { - group = WOLFSSL_P384_ML_KEM_1024; + else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { + group = WOLFSSL_SECP384R1MLKEM1024; } else #endif #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) - if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) { - group = WOLFSSL_X25519_ML_KEM_512; + if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) { + group = WOLFSSL_X25519MLKEM512; } else #endif #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) - if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) { - group = WOLFSSL_X25519_ML_KEM_768; + if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) { + group = WOLFSSL_X25519MLKEM768; } else #endif #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) - if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) { - group = WOLFSSL_X448_ML_KEM_768; + if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) { + group = WOLFSSL_X448MLKEM768; } else #endif @@ -1421,12 +1421,16 @@ static const char* client_usage_msg[][78] = { #ifdef HAVE_PQC "--pqc Key Share with specified post-quantum algorithm only:\n" #ifndef WOLFSSL_NO_ML_KEM - " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," - "\n" - " P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n" - " P384_ML_KEM_1024, X25519_ML_KEM_512, " - "X25519_ML_KEM_768,\n" - " X448_ML_KEM_768\n" + " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n" + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" #endif #ifdef WOLFSSL_MLKEM_KYBER " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " @@ -1675,9 +1679,16 @@ static const char* client_usage_msg[][78] = { #ifdef HAVE_PQC "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" #ifndef WOLFSSL_NO_ML_KEM - " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," - "\n" - " P384_ML_KEM_768, P521_ML_KEM_1024\n" + " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n" + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" #endif #ifdef WOLFSSL_MLKEM_KYBER " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " diff --git a/examples/server/server.c b/examples/server/server.c index ab672cc8b..d2e4ceb89 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -735,44 +735,44 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, else #endif #ifndef WOLFSSL_NO_ML_KEM_512 - if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) { - groups[count] = WOLFSSL_P256_ML_KEM_512; + if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) { + groups[count] = WOLFSSL_SECP256R1MLKEM512; } else #endif #ifndef WOLFSSL_NO_ML_KEM_768 - if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) { - groups[count] = WOLFSSL_P384_ML_KEM_768; + if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) { + groups[count] = WOLFSSL_SECP384R1MLKEM768; } - else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) { - groups[count] = WOLFSSL_P256_ML_KEM_768; + else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { + groups[count] = WOLFSSL_SECP256R1MLKEM768; } else #endif #ifndef WOLFSSL_NO_ML_KEM_1024 - if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) { - groups[count] = WOLFSSL_P521_ML_KEM_1024; + if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) { + groups[count] = WOLFSSL_SECP521R1MLKEM1024; } - else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) { - groups[count] = WOLFSSL_P384_ML_KEM_1024; + else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { + groups[count] = WOLFSSL_SECP384R1MLKEM1024; } else #endif #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) - if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) { - groups[count] = WOLFSSL_X25519_ML_KEM_512; + if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) { + groups[count] = WOLFSSL_X25519MLKEM512; } else #endif #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) - if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) { - groups[count] = WOLFSSL_X25519_ML_KEM_768; + if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) { + groups[count] = WOLFSSL_X25519MLKEM768; } else #endif #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) - if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) { - groups[count] = WOLFSSL_X448_ML_KEM_768; + if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) { + groups[count] = WOLFSSL_X448MLKEM768; } else #endif @@ -1070,12 +1070,16 @@ static const char* server_usage_msg[][66] = { #ifdef HAVE_PQC "--pqc Key Share with specified post-quantum algorithm only:\n" #ifndef WOLFSSL_NO_ML_KEM - " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," - "\n" - " P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n" - " P384_ML_KEM_1024, X25519_ML_KEM_512, " - "X25519_ML_KEM_768,\n" - " X448_ML_KEM_768\n" + " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n" + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" #endif #ifdef WOLFSSL_MLKEM_KYBER " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " @@ -1282,9 +1286,16 @@ static const char* server_usage_msg[][66] = { #ifdef HAVE_PQC "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" #ifndef WOLFSSL_NO_ML_KEM - " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," - "\n" - " P384_ML_KEM_768, P521_ML_KEM_1024\n" + " ML_KEM_512, ML_KEM_768, ML_KEM_1024," + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" #endif #ifdef WOLFSSL_MLKEM_KYBER " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " diff --git a/src/internal.c b/src/internal.c index d2e53dccb..5d6cd160d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -35414,14 +35414,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { switch (group) { #ifndef WOLFSSL_NO_ML_KEM - case WOLFSSL_P256_ML_KEM_768: - case WOLFSSL_X25519_ML_KEM_768: - case WOLFSSL_P384_ML_KEM_1024: - case WOLFSSL_P256_ML_KEM_512: - case WOLFSSL_P384_ML_KEM_768: - case WOLFSSL_P521_ML_KEM_1024: - case WOLFSSL_X25519_ML_KEM_512: - case WOLFSSL_X448_ML_KEM_768: + case WOLFSSL_SECP256R1MLKEM768: + case WOLFSSL_X25519MLKEM768: + case WOLFSSL_SECP384R1MLKEM1024: + case WOLFSSL_SECP256R1MLKEM512: + case WOLFSSL_SECP384R1MLKEM768: + case WOLFSSL_SECP521R1MLKEM1024: + case WOLFSSL_X25519MLKEM512: + case WOLFSSL_X448MLKEM768: #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS case WOLFSSL_P256_ML_KEM_512_OLD: case WOLFSSL_P384_ML_KEM_768_OLD: diff --git a/src/ssl.c b/src/ssl.c index 14725f509..5f05649ea 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3715,14 +3715,14 @@ static int isValidCurveGroup(word16 name) case WOLFSSL_ML_KEM_768: case WOLFSSL_ML_KEM_1024: #if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS) - case WOLFSSL_P256_ML_KEM_512: - case WOLFSSL_P384_ML_KEM_768: - case WOLFSSL_P521_ML_KEM_1024: - case WOLFSSL_P384_ML_KEM_1024: - case WOLFSSL_X25519_ML_KEM_512: - case WOLFSSL_X448_ML_KEM_768: - case WOLFSSL_X25519_ML_KEM_768: - case WOLFSSL_P256_ML_KEM_768: + case WOLFSSL_SECP256R1MLKEM512: + case WOLFSSL_SECP384R1MLKEM768: + case WOLFSSL_SECP521R1MLKEM1024: + case WOLFSSL_SECP384R1MLKEM1024: + case WOLFSSL_X25519MLKEM512: + case WOLFSSL_X448MLKEM768: + case WOLFSSL_X25519MLKEM768: + case WOLFSSL_SECP256R1MLKEM768: #endif #endif /* !WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER @@ -15616,48 +15616,48 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) #ifndef WOLFSSL_NO_ML_KEM_512 case WOLFSSL_ML_KEM_512: return "ML_KEM_512"; - case WOLFSSL_P256_ML_KEM_512: - return "P256_ML_KEM_512"; + case WOLFSSL_SECP256R1MLKEM512: + return "SecP256r1MLKEM512"; #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS case WOLFSSL_P256_ML_KEM_512_OLD: return "P256_ML_KEM_512_OLD"; #endif #ifdef HAVE_CURVE25519 - case WOLFSSL_X25519_ML_KEM_512: - return "X25519_ML_KEM_512"; + case WOLFSSL_X25519MLKEM512: + return "X25519MLKEM512"; #endif #endif #ifndef WOLFSSL_NO_ML_KEM_768 case WOLFSSL_ML_KEM_768: return "ML_KEM_768"; - case WOLFSSL_P384_ML_KEM_768: - return "P384_ML_KEM_768"; + case WOLFSSL_SECP384R1MLKEM768: + return "SecP384r1MLKEM768"; #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS case WOLFSSL_P384_ML_KEM_768_OLD: return "P384_ML_KEM_768_OLD"; #endif - case WOLFSSL_P256_ML_KEM_768: - return "P256_ML_KEM_768"; + case WOLFSSL_SECP256R1MLKEM768: + return "SecP256r1MLKEM768"; #ifdef HAVE_CURVE25519 - case WOLFSSL_X25519_ML_KEM_768: - return "X25519_ML_KEM_768"; + case WOLFSSL_X25519MLKEM768: + return "X25519MLKEM768"; #endif #ifdef HAVE_CURVE448 - case WOLFSSL_X448_ML_KEM_768: - return "X448_ML_KEM_768"; + case WOLFSSL_X448MLKEM768: + return "X448MLKEM768"; #endif #endif #ifndef WOLFSSL_NO_ML_KEM_1024 case WOLFSSL_ML_KEM_1024: return "ML_KEM_1024"; - case WOLFSSL_P521_ML_KEM_1024: - return "P521_ML_KEM_1024"; + case WOLFSSL_SECP521R1MLKEM1024: + return "SecP521r1MLKEM1024"; #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS case WOLFSSL_P521_ML_KEM_1024_OLD: return "P521_ML_KEM_1024_OLD"; #endif - case WOLFSSL_P384_ML_KEM_1024: - return "P384_ML_KEM_1024"; + case WOLFSSL_SECP384R1MLKEM1024: + return "SecP384r1MLKEM1024"; #endif #elif defined(HAVE_LIBOQS) case WOLFSSL_ML_KEM_512: @@ -15666,25 +15666,25 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) return "ML_KEM_768"; case WOLFSSL_ML_KEM_1024: return "ML_KEM_1024"; - case WOLFSSL_P256_ML_KEM_512: - return "P256_ML_KEM_512"; - case WOLFSSL_P384_ML_KEM_768: - return "P384_ML_KEM_768"; - case WOLFSSL_P256_ML_KEM_768: - return "P256_ML_KEM_768"; - case WOLFSSL_P521_ML_KEM_1024: - return "P521_ML_KEM_1024"; - case WOLFSSL_P384_ML_KEM_1024: - return "P384_ML_KEM_1024"; + case WOLFSSL_SECP256R1MLKEM512: + return "SecP256r1MLKEM512"; + case WOLFSSL_SECP384R1MLKEM768: + return "SecP384r1MLKEM768"; + case WOLFSSL_SECP256R1MLKEM768: + return "SecP256r1MLKEM768"; + case WOLFSSL_SECP521R1MLKEM1024: + return "SecP521r1MLKEM1024"; + case WOLFSSL_SECP384R1MLKEM1024: + return "SecP384r1MLKEM1024"; #ifdef HAVE_CURVE25519 - case WOLFSSL_X25519_ML_KEM_512: - return "X25519_ML_KEM_512"; - case WOLFSSL_X25519_ML_KEM_768: - return "X25519_ML_KEM_768"; + case WOLFSSL_X25519MLKEM512: + return "X25519MLKEM512"; + case WOLFSSL_X25519MLKEM768: + return "X25519MLKEM768"; #endif #ifdef HAVE_CURVE448 - case WOLFSSL_X448_ML_KEM_768: - return "X448_ML_KEM_768"; + case WOLFSSL_X448MLKEM768: + return "X448MLKEM768"; #endif #endif /* WOLFSSL_WC_MLKEM */ #endif /* WOLFSSL_NO_ML_KEM */ @@ -23260,22 +23260,22 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768}, {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024}, #if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) - {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512, - WOLFSSL_P256_ML_KEM_512}, - {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768, - WOLFSSL_P384_ML_KEM_768}, - {CURVE_NAME("P256_ML_KEM_768"), WOLFSSL_P256_ML_KEM_768, - WOLFSSL_P256_ML_KEM_768}, - {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024, - WOLFSSL_P521_ML_KEM_1024}, - {CURVE_NAME("P384_ML_KEM_1024"), WOLFSSL_P384_ML_KEM_1024, - WOLFSSL_P384_ML_KEM_1024}, - {CURVE_NAME("X25519_ML_KEM_512"), WOLFSSL_X25519_ML_KEM_512, - WOLFSSL_X25519_ML_KEM_512}, - {CURVE_NAME("X448_ML_KEM_768"), WOLFSSL_X448_ML_KEM_768, - WOLFSSL_X448_ML_KEM_768}, - {CURVE_NAME("X25519_ML_KEM_768"), WOLFSSL_X25519_ML_KEM_768, - WOLFSSL_X25519_ML_KEM_768}, + {CURVE_NAME("SecP256r1MLKEM512"), WOLFSSL_SECP256R1MLKEM512, + WOLFSSL_SECP256R1MLKEM512}, + {CURVE_NAME("SecP384r1MLKEM768"), WOLFSSL_SECP384R1MLKEM768, + WOLFSSL_SECP384R1MLKEM768}, + {CURVE_NAME("SecP256r1MLKEM768"), WOLFSSL_SECP256R1MLKEM768, + WOLFSSL_SECP256R1MLKEM768}, + {CURVE_NAME("SecP521r1MLKEM1024"), WOLFSSL_SECP521R1MLKEM1024, + WOLFSSL_SECP521R1MLKEM1024}, + {CURVE_NAME("SecP384r1MLKEM1024"), WOLFSSL_SECP384R1MLKEM1024, + WOLFSSL_SECP384R1MLKEM1024}, + {CURVE_NAME("X25519MLKEM512"), WOLFSSL_X25519MLKEM512, + WOLFSSL_X25519MLKEM512}, + {CURVE_NAME("X448MLKEM768"), WOLFSSL_X448MLKEM768, + WOLFSSL_X448MLKEM768}, + {CURVE_NAME("X25519MLKEM768"), WOLFSSL_X25519MLKEM768, + WOLFSSL_X25519MLKEM768}, #endif #endif /* !WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER diff --git a/src/tls.c b/src/tls.c index 2f13d558b..8bb77f025 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4580,26 +4580,26 @@ static int TLSX_IsGroupSupported(int namedGroup) #ifdef WOLFSSL_WC_MLKEM #ifndef WOLFSSL_NO_ML_KEM_512 case WOLFSSL_ML_KEM_512: - case WOLFSSL_P256_ML_KEM_512: + case WOLFSSL_SECP256R1MLKEM512: #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - case WOLFSSL_X25519_ML_KEM_512: + case WOLFSSL_X25519MLKEM512: #endif #endif #ifndef WOLFSSL_NO_ML_KEM_768 case WOLFSSL_ML_KEM_768: - case WOLFSSL_P384_ML_KEM_768: - case WOLFSSL_P256_ML_KEM_768: + case WOLFSSL_SECP384R1MLKEM768: + case WOLFSSL_SECP256R1MLKEM768: #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - case WOLFSSL_X25519_ML_KEM_768: + case WOLFSSL_X25519MLKEM768: #endif #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - case WOLFSSL_X448_ML_KEM_768: + case WOLFSSL_X448MLKEM768: #endif #endif #ifndef WOLFSSL_NO_ML_KEM_1024 case WOLFSSL_ML_KEM_1024: - case WOLFSSL_P521_ML_KEM_1024: - case WOLFSSL_P384_ML_KEM_1024: + case WOLFSSL_SECP521R1MLKEM1024: + case WOLFSSL_SECP384R1MLKEM1024: break; #endif #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS @@ -4626,14 +4626,14 @@ static int TLSX_IsGroupSupported(int namedGroup) break; } - case WOLFSSL_P256_ML_KEM_512: - case WOLFSSL_P384_ML_KEM_768: - case WOLFSSL_P256_ML_KEM_768: - case WOLFSSL_P521_ML_KEM_1024: - case WOLFSSL_P384_ML_KEM_1024: - case WOLFSSL_X25519_ML_KEM_512: - case WOLFSSL_X448_ML_KEM_768: - case WOLFSSL_X25519_ML_KEM_768: + case WOLFSSL_SECP256R1MLKEM512: + case WOLFSSL_SECP384R1MLKEM768: + case WOLFSSL_SECP256R1MLKEM768: + case WOLFSSL_SECP521R1MLKEM1024: + case WOLFSSL_SECP384R1MLKEM1024: + case WOLFSSL_X25519MLKEM512: + case WOLFSSL_X448MLKEM768: + case WOLFSSL_X25519MLKEM768: { int ret; int id; @@ -5884,15 +5884,15 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) if (ret != 0) return ret; #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS - if (name == WOLFSSL_P256_ML_KEM_512) { + if (name == WOLFSSL_SECP256R1MLKEM512) { ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, WOLFSSL_P256_ML_KEM_512_OLD, heap); } - else if (name == WOLFSSL_P384_ML_KEM_768) { + else if (name == WOLFSSL_SECP384R1MLKEM768) { ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, WOLFSSL_P384_ML_KEM_768_OLD, heap); } - else if (name == WOLFSSL_P521_ML_KEM_1024) { + else if (name == WOLFSSL_SECP521R1MLKEM1024) { ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, WOLFSSL_P521_ML_KEM_1024_OLD, heap); } @@ -8465,22 +8465,22 @@ typedef struct PqcHybridMapping { static const PqcHybridMapping pqc_hybrid_mapping[] = { #ifndef WOLFSSL_NO_ML_KEM - {WOLFSSL_P256_ML_KEM_512, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0}, - {WOLFSSL_P384_ML_KEM_768, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0}, - {WOLFSSL_P256_ML_KEM_768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0}, - {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, - {WOLFSSL_P384_ML_KEM_1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0}, + {WOLFSSL_SECP256R1MLKEM512, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0}, + {WOLFSSL_SECP384R1MLKEM768, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0}, + {WOLFSSL_SECP256R1MLKEM768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0}, + {WOLFSSL_SECP521R1MLKEM1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, + {WOLFSSL_SECP384R1MLKEM1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0}, #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS {WOLFSSL_P256_ML_KEM_512_OLD, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0}, {WOLFSSL_P384_ML_KEM_768_OLD, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0}, {WOLFSSL_P521_ML_KEM_1024_OLD, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, #endif #ifdef HAVE_CURVE25519 - {WOLFSSL_X25519_ML_KEM_512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1}, - {WOLFSSL_X25519_ML_KEM_768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1}, + {WOLFSSL_X25519MLKEM512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1}, + {WOLFSSL_X25519MLKEM768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1}, #endif #ifdef HAVE_CURVE448 - {WOLFSSL_X448_ML_KEM_768, WOLFSSL_ECC_X448, WOLFSSL_ML_KEM_768, 1}, + {WOLFSSL_X448MLKEM768, WOLFSSL_ECC_X448, WOLFSSL_ML_KEM_768, 1}, #endif #endif /* WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER @@ -10603,11 +10603,11 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, while (keyShareEntry != NULL) { #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS if ((group == WOLFSSL_P256_ML_KEM_512_OLD && - keyShareEntry->group == WOLFSSL_P256_ML_KEM_512) || + keyShareEntry->group == WOLFSSL_SECP256R1MLKEM512) || (group == WOLFSSL_P384_ML_KEM_768_OLD && - keyShareEntry->group == WOLFSSL_P384_ML_KEM_768) || + keyShareEntry->group == WOLFSSL_SECP384R1MLKEM768) || (group == WOLFSSL_P521_ML_KEM_1024_OLD && - keyShareEntry->group == WOLFSSL_P521_ML_KEM_1024)) { + keyShareEntry->group == WOLFSSL_SECP521R1MLKEM1024)) { keyShareEntry->group = group; break; } @@ -10734,43 +10734,43 @@ static const word16 preferredGroup[] = { #ifdef WOLFSSL_WC_MLKEM #ifndef WOLFSSL_NO_ML_KEM_512 WOLFSSL_ML_KEM_512, - WOLFSSL_P256_ML_KEM_512, + WOLFSSL_SECP256R1MLKEM512, #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_X25519_ML_KEM_512, + WOLFSSL_X25519MLKEM512, #endif #endif #ifndef WOLFSSL_NO_ML_KEM_768 WOLFSSL_ML_KEM_768, - WOLFSSL_P384_ML_KEM_768, - WOLFSSL_P256_ML_KEM_768, + WOLFSSL_SECP384R1MLKEM768, + WOLFSSL_SECP256R1MLKEM768, #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_X25519_ML_KEM_768, + WOLFSSL_X25519MLKEM768, #endif #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - WOLFSSL_X448_ML_KEM_768, + WOLFSSL_X448MLKEM768, #endif #endif #ifndef WOLFSSL_NO_ML_KEM_1024 WOLFSSL_ML_KEM_1024, - WOLFSSL_P521_ML_KEM_1024, - WOLFSSL_P384_ML_KEM_1024, + WOLFSSL_SECP521R1MLKEM1024, + WOLFSSL_SECP384R1MLKEM1024, #endif #elif defined(HAVE_LIBOQS) /* These require a runtime call to TLSX_IsGroupSupported to use */ WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_1024, - WOLFSSL_P256_ML_KEM_512, - WOLFSSL_P384_ML_KEM_768, - WOLFSSL_P256_ML_KEM_768, - WOLFSSL_P521_ML_KEM_1024, - WOLFSSL_P384_ML_KEM_1024, + WOLFSSL_SECP256R1MLKEM512, + WOLFSSL_SECP384R1MLKEM768, + WOLFSSL_SECP256R1MLKEM768, + WOLFSSL_SECP521R1MLKEM1024, + WOLFSSL_SECP384R1MLKEM1024, #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_X25519_ML_KEM_512, - WOLFSSL_X25519_ML_KEM_768, + WOLFSSL_X25519MLKEM512, + WOLFSSL_X25519MLKEM768, #endif #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - WOLFSSL_X448_ML_KEM_768, + WOLFSSL_X448MLKEM768, #endif #endif #endif /* !WOLFSSL_NO_ML_KEM */ @@ -10853,11 +10853,11 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group) for (i = 0; i < numGroups; i++) { #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS if ((group == WOLFSSL_P256_ML_KEM_512_OLD && - groups[i] == WOLFSSL_P256_ML_KEM_512) || + groups[i] == WOLFSSL_SECP256R1MLKEM512) || (group == WOLFSSL_P384_ML_KEM_768_OLD && - groups[i] == WOLFSSL_P384_ML_KEM_768) || + groups[i] == WOLFSSL_SECP384R1MLKEM768) || (group == WOLFSSL_P521_ML_KEM_1024_OLD && - groups[i] == WOLFSSL_P521_ML_KEM_1024)) { + groups[i] == WOLFSSL_SECP521R1MLKEM1024)) { return i; } #endif @@ -14462,11 +14462,11 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512, ssl->heap); #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM512, ssl->heap); #endif #endif @@ -14475,19 +14475,19 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM768, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768, ssl->heap); #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768, ssl->heap); #endif #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768, ssl->heap); #endif #endif @@ -14496,10 +14496,10 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP521R1MLKEM1024, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024, ssl->heap); #endif #elif defined(HAVE_LIBOQS) @@ -14511,31 +14511,31 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM768, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP521R1MLKEM1024, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024, ssl->heap); #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM512, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768, ssl->heap); #endif #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768, ssl->heap); #endif #endif /* HAVE_LIBOQS */ diff --git a/tests/test-dtls13-pq-hybrid-frag.conf b/tests/test-dtls13-pq-hybrid-frag.conf index c9edc6907..267468887 100644 --- a/tests/test-dtls13-pq-hybrid-frag.conf +++ b/tests/test-dtls13-pq-hybrid-frag.conf @@ -2,73 +2,73 @@ -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_768 +--pqc SecP384r1MLKEM768 # client DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_768 +--pqc SecP384r1MLKEM768 # server DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_768 +--pqc SecP256r1MLKEM768 # client DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_768 +--pqc SecP256r1MLKEM768 # server DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P521_ML_KEM_1024 +--pqc SecP521r1MLKEM1024 # client DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P521_ML_KEM_1024 +--pqc SecP521r1MLKEM1024 # server DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_1024 +--pqc SecP384r1MLKEM1024 # client DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_1024 +--pqc SecP384r1MLKEM1024 # server DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_768 +--pqc X25519MLKEM768 # client DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_768 +--pqc X25519MLKEM768 # server DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X448_ML_KEM_768 +--pqc X448MLKEM768 # client DTLSv1.3 with post-quantum hybrid group -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X448_ML_KEM_768 +--pqc X448MLKEM768 # server DTLSv1.3 with post-quantum hybrid group -u diff --git a/tests/test-tls13-pq-hybrid.conf b/tests/test-tls13-pq-hybrid.conf index 242cd3089..76c8e5769 100644 --- a/tests/test-tls13-pq-hybrid.conf +++ b/tests/test-tls13-pq-hybrid.conf @@ -1,82 +1,82 @@ # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_512 +--pqc SecP256r1MLKEM512 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_512 +--pqc SecP256r1MLKEM512 # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_768 +--pqc SecP384r1MLKEM768 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_768 +--pqc SecP384r1MLKEM768 # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_768 +--pqc SecP256r1MLKEM768 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_768 +--pqc SecP256r1MLKEM768 # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P521_ML_KEM_1024 +--pqc SecP521r1MLKEM1024 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P521_ML_KEM_1024 +--pqc SecP521r1MLKEM1024 # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_1024 +--pqc SecP384r1MLKEM1024 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc P384_ML_KEM_1024 +--pqc SecP384r1MLKEM1024 # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_512 +--pqc X25519MLKEM512 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_512 +--pqc X25519MLKEM512 # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_768 +--pqc X25519MLKEM768 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_768 +--pqc X25519MLKEM768 # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X448_ML_KEM_768 +--pqc X448MLKEM768 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X448_ML_KEM_768 +--pqc X448MLKEM768 # server TLSv1.3 with post-quantum hybrid group -v 4 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 3e6865b41..9d3c814ca 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4618,9 +4618,9 @@ enum { * https://github.com/post-quantum-cryptography/ * draft-kwiatkowski-tls-ecdhe-mlkem/ */ - WOLFSSL_P256_ML_KEM_768 = 4587, - WOLFSSL_X25519_ML_KEM_768 = 4588, - WOLFSSL_P384_ML_KEM_1024 = 4589, + WOLFSSL_SECP256R1MLKEM768 = 4587, + WOLFSSL_X25519MLKEM768 = 4588, + WOLFSSL_SECP384R1MLKEM1024 = 4589, /* Taken from OQS's openssl provider, see: * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/ @@ -4631,11 +4631,11 @@ enum { WOLFSSL_P384_ML_KEM_768_OLD = 12104, WOLFSSL_P521_ML_KEM_1024_OLD = 12105, #endif - WOLFSSL_P256_ML_KEM_512 = 12107, - WOLFSSL_P384_ML_KEM_768 = 12108, - WOLFSSL_P521_ML_KEM_1024 = 12109, - WOLFSSL_X25519_ML_KEM_512 = 12214, - WOLFSSL_X448_ML_KEM_768 = 12215, + WOLFSSL_SECP256R1MLKEM512 = 12107, + WOLFSSL_SECP384R1MLKEM768 = 12108, + WOLFSSL_SECP521R1MLKEM1024 = 12109, + WOLFSSL_X25519MLKEM512 = 12214, + WOLFSSL_X448MLKEM768 = 12215, #endif /* WOLFSSL_NO_ML_KEM */ #endif /* HAVE_PQC */ WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H) From 77dccc0c32e5f1010f92576b538127e649a2b50a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 25 Jul 2025 15:56:48 -0500 Subject: [PATCH 075/346] linuxkm: * add wc_linuxkm_check_for_intr_signals(), wc_linuxkm_relax_long_loop(), WC_CHECK_FOR_INTR_SIGNALS(), WC_RELAX_LONG_LOOP(), SAVE_NO_VECTOR_REGISTERS(), RESTORE_NO_VECTOR_REGISTERS(), and new error code INTERRUPTED_E ("Process interrupted"); * update the no-asm remaps in the PK implementations to use SAVE_NO_VECTOR_REGISTERS() and RESTORE_NO_VECTOR_REGISTERS(), so that inner loops in them are always covered by the new logic. --- .wolfssl_known_macro_extras | 1 + linuxkm/linuxkm_wc_port.h | 25 ++++++++++++++ linuxkm/lkcapi_glue.c | 23 ++++++++++--- linuxkm/module_hooks.c | 55 ++++++++++++++++++++++++++++++ linuxkm/x86_vector_register_glue.c | 10 ++++++ wolfcrypt/src/curve25519.c | 4 +-- wolfcrypt/src/dh.c | 4 +-- wolfcrypt/src/dsa.c | 4 +-- wolfcrypt/src/ecc.c | 4 +-- wolfcrypt/src/eccsi.c | 4 +-- wolfcrypt/src/error.c | 3 ++ wolfcrypt/src/rsa.c | 4 +-- wolfcrypt/src/sakke.c | 4 +-- wolfcrypt/src/sp_int.c | 4 +-- wolfssl/wolfcrypt/error-crypt.h | 5 +-- wolfssl/wolfcrypt/types.h | 29 ++++++++++++++-- 16 files changed, 158 insertions(+), 25 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 3e039f6fc..8f41ad601 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -127,6 +127,7 @@ CONFIG_POSIX_API CONFIG_POSIX_THREADS CONFIG_PREEMPT_COUNT CONFIG_PTHREAD_IPC +CONFIG_SCHED_INFO CONFIG_SMP CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH CONFIG_TIMER_TASK_STACK_DEPTH diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 96e3be3a1..3e6035980 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -126,6 +126,15 @@ extern int wc_lkm_LockMutex(struct wolfSSL_Mutex* m); #endif + #ifndef WC_LINUXKM_INTR_SIGNALS + #define WC_LINUXKM_INTR_SIGNALS { SIGKILL, SIGABRT, SIGHUP, SIGINT } + #endif + extern int wc_linuxkm_check_for_intr_signals(void); + #ifndef WC_LINUXKM_MAX_NS_WITHOUT_YIELD + #define WC_LINUXKM_MAX_NS_WITHOUT_YIELD 1000000000 + #endif + extern void wc_linuxkm_relax_long_loop(void); + #ifdef BUILDING_WOLFSSL #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \ @@ -351,6 +360,8 @@ #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) /* for signal_pending() */ #include + /* for sched_clock_cpu() */ + #include #endif #include @@ -424,6 +435,13 @@ #endif #endif + #ifndef WC_CHECK_FOR_INTR_SIGNALS + #define WC_CHECK_FOR_INTR_SIGNALS() wc_linuxkm_check_for_intr_signals() + #endif + #ifndef WC_RELAX_LONG_LOOP + #define WC_RELAX_LONG_LOOP() wc_linuxkm_relax_long_loop() + #endif + /* benchmarks.c uses floating point math, so needs a working * SAVE_VECTOR_REGISTERS(). */ @@ -527,6 +545,7 @@ #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. + #define RESTORE_VECTOR_REGISTERS() WC_RELAX_LONG_LOOP(); #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ _Pragma("GCC diagnostic pop"); @@ -875,6 +894,9 @@ typeof(wc_lkm_LockMutex) *wc_lkm_LockMutex; #endif + typeof(wc_linuxkm_check_for_intr_signals) *wc_linuxkm_check_for_intr_signals; + typeof(wc_linuxkm_relax_long_loop) *wc_linuxkm_relax_long_loop; + const void *_last_slot; }; @@ -1099,6 +1121,9 @@ */ #define spin_unlock_irqrestore(lock, flags) raw_spin_unlock_irqrestore(&((lock)->rlock), flags) + #define wc_linuxkm_check_for_intr_signals WC_LKM_INDIRECT_SYM(wc_linuxkm_check_for_intr_signals) + #define wc_linuxkm_relax_long_loop WC_LKM_INDIRECT_SYM(wc_linuxkm_relax_long_loop) + #endif /* __PIE__ */ #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */ diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index 8511ac421..b62b82a83 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -310,6 +310,7 @@ static int linuxkm_lkcapi_sysfs_deinstall(void) { return 0; } +static volatile int linuxkm_lkcapi_registering_now = 0; static int linuxkm_lkcapi_registered = 0; static int linuxkm_lkcapi_n_registered = 0; @@ -318,9 +319,11 @@ static int linuxkm_lkcapi_register(void) int ret = -1; int seen_err = 0; + linuxkm_lkcapi_registering_now = 1; + ret = linuxkm_lkcapi_sysfs_install(); if (ret) - return ret; + goto out; #if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \ defined(CONFIG_CRYPTO_SELFTESTS_FULL) @@ -704,11 +707,14 @@ static int linuxkm_lkcapi_register(void) if (ret == -1) { /* no installations occurred */ - if (linuxkm_lkcapi_registered) - return -EEXIST; + if (linuxkm_lkcapi_registered) { + ret = -EEXIST; + goto out; + } else { linuxkm_lkcapi_registered = 1; - return 0; + ret = 0; + goto out; } } else { @@ -716,8 +722,15 @@ static int linuxkm_lkcapi_register(void) * occurred. */ linuxkm_lkcapi_registered = 1; - return seen_err; + ret = seen_err; + goto out; } + +out: + + linuxkm_lkcapi_registering_now = 0; + + return ret; } static int linuxkm_lkcapi_unregister(void) diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 3d002e5d9..18a8887a7 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -198,6 +198,58 @@ WC_MAYBE_UNUSED static int linuxkm_lkcapi_sysfs_deinstall_node(struct kobj_attri #include "linuxkm/lkcapi_glue.c" #endif +int wc_linuxkm_check_for_intr_signals(void) { + static const int intr_signals[] = WC_LINUXKM_INTR_SIGNALS; + if (preempt_count() != 0) + return 0; + +#if defined(HAVE_FIPS) && defined(LINUXKM_LKCAPI_REGISTER) + /* ignore signals during FIPS startup sequence -- failed alg tests cause + * kernel panics on FIPS kernels. + */ + if (linuxkm_lkcapi_registering_now) + return 0; +#endif + if (signal_pending(current)) { + int i; + for (i = 0; + i < (int)sizeof(intr_signals) / (int)sizeof(intr_signals[0]); + ++i) + { + if (sigismember(¤t->pending.signal, intr_signals[i])) { +#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG + pr_err("INFO: wc_linuxkm_check_for_intr_signals returning " + "-EINTR on signal %d\n", intr_signals[i]); +#endif + return INTERRUPTED_E; + } + } + } + return 0; +} + +void wc_linuxkm_relax_long_loop(void) { +#if WC_LINUXKM_MAX_NS_WITHOUT_YIELD >= 0 + if (preempt_count() == 0) { +#if (WC_LINUXKM_MAX_NS_WITHOUT_YIELD == 0) || !defined(CONFIG_SCHED_INFO) + cond_resched(); +#else + u64 now = local_clock(); + u64 current_last_arrival = current->sched_info.last_arrival; + s64 delta = (s64)(now - current_last_arrival); + if (delta > WC_LINUXKM_MAX_NS_WITHOUT_YIELD) { + cond_resched(); + /* note, if nothing else is runnable, cond_resched() is a no-op and + * doesn't even update .last_arrival. we could force update by + * sleeping, but there's no need. we've been nice enough by just + * cond_resched()ing. + */ + } +#endif + } +#endif +} + #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) #include "linuxkm/x86_vector_register_glue.c" #endif @@ -745,6 +797,9 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { wolfssl_linuxkm_pie_redirect_table.queued_spin_lock_slowpath = queued_spin_lock_slowpath; #endif + wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_check_for_intr_signals = wc_linuxkm_check_for_intr_signals; + wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_relax_long_loop = wc_linuxkm_relax_long_loop; + /* runtime assert that the table has no null slots after initialization. */ { unsigned long *i; diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c index a6f6ebbac..68a0e230d 100644 --- a/linuxkm/x86_vector_register_glue.c +++ b/linuxkm/x86_vector_register_glue.c @@ -372,6 +372,14 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) __builtin_unreachable(); } + { + int ret = WC_CHECK_FOR_INTR_SIGNALS(); + if (ret) + return ret; + } + + WC_RELAX_LONG_LOOP(); + if (flags & WC_SVR_FLAG_INHIBIT) { if ((preempt_count() != 0) && !may_use_simd()) return WC_ACCEL_INHIBIT_E; /* not an error here, just a @@ -507,5 +515,7 @@ void restore_vector_registers_x86(void) migrate_enable(); #endif + WC_RELAX_LONG_LOOP(); + return; } diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 1b383e7e6..41493ce95 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -60,9 +60,9 @@ #if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif const curve25519_set_type curve25519_sets[] = { diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index d27138ad7..e41dd73f4 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -60,9 +60,9 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif /* diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index cc455487e..2bbf4dbda 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -38,9 +38,9 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif #ifdef _MSC_VER diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 03eaf138b..b90883029 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -224,9 +224,9 @@ ECC Curve Sizes: #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index 2717607d3..db3ea2f56 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -39,9 +39,9 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 3713dbaed..1d5c90d10 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -653,6 +653,9 @@ const char* wc_GetErrorString(int error) case BAD_INDEX_E: return "Bad index"; + case INTERRUPTED_E: + return "Process interrupted"; + case MAX_CODE_E: case WC_SPAN1_MIN_CODE_E: case MIN_CODE_E: diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 488a7213e..e53d97037 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -59,9 +59,9 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif /* diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index 3e8db9231..35678ddac 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -40,9 +40,9 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index ebccf39f2..b5c832d3e 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -111,9 +111,9 @@ This library provides single precision (SP) integer math functions. #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif /* DECL_SP_INT: Declare one variable of type 'sp_int'. */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 87692ddce..74e441c6a 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -306,9 +306,10 @@ enum wolfCrypt_ErrorCodes { ASCON_AUTH_E = -1001, /* ASCON Authentication check failure */ WC_ACCEL_INHIBIT_E = -1002, /* Crypto acceleration is currently inhibited */ BAD_INDEX_E = -1003, /* Bad index */ + INTERRUPTED_E = -1004, /* Process interrupted */ - WC_SPAN2_LAST_E = -1003, /* Update to indicate last used error code */ - WC_LAST_E = -1003, /* the last code used either here or in + WC_SPAN2_LAST_E = -1004, /* Update to indicate last used error code */ + WC_LAST_E = -1004, /* the last code used either here or in * error-ssl.h */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 01ca1b7fe..5ae526dfc 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1935,8 +1935,32 @@ WOLFSSL_API word32 CheckRunTimeSettings(void); #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif +#ifndef WC_RELAX_LONG_LOOP + #define WC_RELAX_LONG_LOOP() WC_DO_NOTHING +#endif +#ifndef WC_CHECK_FOR_INTR_SIGNALS + #define WC_CHECK_FOR_INTR_SIGNALS() 0 + #ifndef SAVE_NO_VECTOR_REGISTERS + #define SAVE_NO_VECTOR_REGISTERS(fail_clause) WC_RELAX_LONG_LOOP() + #endif +#else + #ifndef SAVE_NO_VECTOR_REGISTERS + #define SAVE_NO_VECTOR_REGISTERS(fail_clause) { \ + int _svr_ret = WC_CHECK_FOR_INTR_SIGNALS(); \ + if (_svr_ret != 0) { fail_clause } \ + WC_RELAX_LONG_LOOP(); \ + } + #endif +#endif +#ifndef SAVE_NO_VECTOR_REGISTERS2 + #define SAVE_NO_VECTOR_REGISTERS2() 0 +#endif +#ifndef RESTORE_NO_VECTOR_REGISTERS + #define RESTORE_NO_VECTOR_REGISTERS() WC_RELAX_LONG_LOOP() +#endif + #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) #endif #ifndef SAVE_VECTOR_REGISTERS2 #define SAVE_VECTOR_REGISTERS2() 0 @@ -1956,8 +1980,9 @@ WOLFSSL_API word32 CheckRunTimeSettings(void); #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #endif #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif + #ifdef WOLFSSL_NO_ASM /* We define fallback no-op definitions for these only if asm is disabled, * otherwise the using code must detect that these macros are undefined and From 5b888f809f0bd8b635bdd94cbf15ca6f9344009f Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 25 Jul 2025 15:50:38 -0700 Subject: [PATCH 076/346] Fix size used by signature context struct. This matches the size used by sigCpy/sigSz when building without WOLFSSL_NO_MALLOC. --- wolfssl/wolfcrypt/asn.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 136735876..2657bbc06 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1383,7 +1383,7 @@ struct SignatureCtx { #endif #if !defined(NO_RSA) || !defined(NO_DSA) #ifdef WOLFSSL_NO_MALLOC - byte sigCpy[MAX_SIG_SZ]; + byte sigCpy[MAX_ENCODED_SIG_SZ]; #else byte* sigCpy; #endif From b0f6829614a5443d5eec91de8598894e454831e3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 26 Jul 2025 08:27:43 -0500 Subject: [PATCH 077/346] 20250725-wc_linuxkm_relax_long_loop: improvements from peer review: fix, clarify, and extend comments, improve indentation, and snip out a stray redundant preprocessor definition. --- linuxkm/linuxkm_wc_port.h | 3 +-- linuxkm/module_hooks.c | 24 ++++++++++++++++-------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 3e6035980..78dbdb84d 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -360,7 +360,7 @@ #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) /* for signal_pending() */ #include - /* for sched_clock_cpu() */ + /* for local_clock() */ #include #endif #include @@ -545,7 +545,6 @@ #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. - #define RESTORE_VECTOR_REGISTERS() WC_RELAX_LONG_LOOP(); #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ _Pragma("GCC diagnostic pop"); diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 18a8887a7..e0674868a 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -219,7 +219,7 @@ int wc_linuxkm_check_for_intr_signals(void) { if (sigismember(¤t->pending.signal, intr_signals[i])) { #ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG pr_err("INFO: wc_linuxkm_check_for_intr_signals returning " - "-EINTR on signal %d\n", intr_signals[i]); + "INTERRUPTED_E on signal %d\n", intr_signals[i]); #endif return INTERRUPTED_E; } @@ -229,25 +229,33 @@ int wc_linuxkm_check_for_intr_signals(void) { } void wc_linuxkm_relax_long_loop(void) { -#if WC_LINUXKM_MAX_NS_WITHOUT_YIELD >= 0 + #if WC_LINUXKM_MAX_NS_WITHOUT_YIELD >= 0 if (preempt_count() == 0) { -#if (WC_LINUXKM_MAX_NS_WITHOUT_YIELD == 0) || !defined(CONFIG_SCHED_INFO) + #if (WC_LINUXKM_MAX_NS_WITHOUT_YIELD == 0) || !defined(CONFIG_SCHED_INFO) cond_resched(); -#else + #else + /* note that local_clock() wraps a local_clock_noinstr() in a + * preempt_disable_notrace(), which sounds expensive but isn't -- + * preempt_disable_notrace() is actually just a nonlocking integer + * increment of current_thread_info()->preempt.count, protected only by + * various compiler optimizer barriers. + */ u64 now = local_clock(); u64 current_last_arrival = current->sched_info.last_arrival; s64 delta = (s64)(now - current_last_arrival); if (delta > WC_LINUXKM_MAX_NS_WITHOUT_YIELD) { cond_resched(); - /* note, if nothing else is runnable, cond_resched() is a no-op and + /* if nothing else is runnable, cond_resched() is a no-op and * doesn't even update .last_arrival. we could force update by * sleeping, but there's no need. we've been nice enough by just - * cond_resched()ing. + * cond_resched()ing, and it's actually preferable to call + * cond_resched() frequently once computation has looped + * continuously for longer than WC_LINUXKM_MAX_NS_WITHOUT_YIELD. */ } -#endif + #endif } -#endif + #endif } #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) From a82d1a6b12f4e40e07c95a11f559e380cd05ffc1 Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Mon, 14 Jul 2025 10:35:31 +0900 Subject: [PATCH 078/346] Support importing seed of ML-DSA key --- tests/api/test_mldsa.c | 253 ++++++++++++++++++++++++++++++++------ tests/api/test_mldsa.h | 32 ++--- wolfcrypt/src/asn.c | 134 ++++++++++++-------- wolfcrypt/src/dilithium.c | 112 ++++++++--------- wolfssl/wolfcrypt/asn.h | 10 +- 5 files changed, 376 insertions(+), 165 deletions(-) diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 873a085c9..132b797c9 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -16658,7 +16658,219 @@ int test_wc_dilithium_verify_kats(void) return EXPECT_RESULT(); } -int test_mldsa_pkcs8(void) +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) +static struct { + const char* fileName; + byte level; + /* 0: Unsupported, 1: Supported*/ + int p8_lv; /* Support PKCS8 format with specifying level */ + int p8_nolv; /* Support PKCS8 format without specifying level */ + int trad_lv; /* Support traditional format with specifying level */ + int trad_nolv; /* Support traditional format without specifying level */ +} ossl_form[] = { + /* + * Generated test files with the following commands: + * openssl genpkey -outform DER -algorithm ${ALGO} \ + * -provparam ml-dsa.output_formats=${OUT_FORM} -out ${OUT_FILE} + */ + + /* ALGO=ML-DSA-44, OUT_FORM=seed-only, OUT_FILE=mldsa44_seed-only.der */ + {"certs/mldsa/mldsa44_seed-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=priv-only, OUT_FILE=mldsa44_priv-only.der */ + {"certs/mldsa/mldsa44_priv-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=seed-priv, OUT_FILE=mldsa44_seed-priv.der */ + {"certs/mldsa/mldsa44_seed-priv.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=oqskeypair, OUT_FILE=mldsa44_oqskeypair.der */ + {"certs/mldsa/mldsa44_oqskeypair.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=bare-seed, OUT_FILE=mldsa44_bare-seed.der */ + {"certs/mldsa/mldsa44_bare-seed.der", WC_ML_DSA_44, 0, 0, 0, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=bare-priv, OUT_FILE=mldsa44_bare-priv.der */ + {"certs/mldsa/mldsa44_bare-priv.der", WC_ML_DSA_44, 0, 0, 0, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=seed-only, OUT_FILE=mldsa65_seed-only.der */ + {"certs/mldsa/mldsa65_seed-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=priv-only, OUT_FILE=mldsa65_priv-only.der */ + {"certs/mldsa/mldsa65_priv-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=seed-priv, OUT_FILE=mldsa65_seed-priv.der */ + {"certs/mldsa/mldsa65_seed-priv.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=oqskeypair, OUT_FILE=mldsa65_oqskeypair.der */ + {"certs/mldsa/mldsa65_oqskeypair.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=bare-seed, OUT_FILE=mldsa65_bare-seed.der */ + {"certs/mldsa/mldsa65_bare-seed.der", WC_ML_DSA_65, 0, 0, 0, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=bare-priv, OUT_FILE=mldsa65_bare-priv.der */ + {"certs/mldsa/mldsa65_bare-priv.der", WC_ML_DSA_65, 0, 0, 0, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=seed-only, OUT_FILE=mldsa87_seed-only.der */ + {"certs/mldsa/mldsa87_seed-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=priv-only, OUT_FILE=mldsa87_priv-only.der */ + {"certs/mldsa/mldsa87_priv-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=seed-priv, OUT_FILE=mldsa87_seed-priv.der */ + {"certs/mldsa/mldsa87_seed-priv.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=oqskeypair, OUT_FILE=mldsa87_oqskeypair.der */ + {"certs/mldsa/mldsa87_oqskeypair.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=bare-seed, OUT_FILE=mldsa87_bare-seed.der */ + {"certs/mldsa/mldsa87_bare-seed.der", WC_ML_DSA_87, 0, 0, 0, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=bare-priv, OUT_FILE=mldsa87_bare-priv.der */ + {"certs/mldsa/mldsa87_bare-priv.der", WC_ML_DSA_87, 0, 0, 0, 0} +}; +#endif + +int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void) +{ + EXPECT_DECLS; + +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) + + byte* der = NULL; + size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; + size_t derSz = 0; + FILE* fp = NULL; + word32 inOutIdx = 0; + word32 inOutIdx2 = 0; + dilithium_key key; + int expect = 0; + int pkeySz = 0; + byte level = 0; + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { + ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); + ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); + ExpectIntEQ(XFCLOSE(fp), 0); + + /* Specify a level with PKCS8 format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); + inOutIdx = 0; + expect = ossl_form[i].p8_lv ? 0 : ASN_PARSE_E; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, + (word32)derSz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Not specify a level with PKCS8 format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + inOutIdx = 0; + expect = ossl_form[i].p8_nolv ? 0 : ASN_PARSE_E; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, + (word32)derSz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Specify a level with traditional format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); + inOutIdx = 0; + expect = ossl_form[i].trad_lv ? 0 : ASN_PARSE_E; + ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); + inOutIdx2 = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, + &key, (word32)pkeySz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Not specify a level with traditional format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + inOutIdx = 0; + expect = ossl_form[i].trad_nolv ? 0 : ASN_PARSE_E; + ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); + inOutIdx2 = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, + &key, (word32)pkeySz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + } + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_mldsa_pkcs8_import_OpenSSL_form(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + + byte* der = NULL; + size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; + size_t derSz = 0; + WOLFSSL_CTX* ctx = NULL; + FILE* fp = NULL; +#ifdef WOLFSSL_DER_TO_PEM + byte* pem = NULL; + size_t pemMaxSz = ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE; + size_t pemSz = 0; +#endif /* WOLFSSL_DER_TO_PEM */ + int expect = 0; + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); +#ifdef WOLFSSL_DER_TO_PEM + ExpectNotNull(pem = (byte*) XMALLOC(pemMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); +#endif /* WOLFSSL_DER_TO_PEM */ + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif /* NO_WOLFSSL_SERVER */ + + for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { + ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); + ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); + ExpectIntEQ(XFCLOSE(fp), 0); + + /* DER */ + expect = ossl_form[i].p8_nolv ? WOLFSSL_SUCCESS : WOLFSSL_BAD_FILE; + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), expect); + +#ifdef WOLFSSL_DER_TO_PEM + /* PEM */ + ExpectIntGT(pemSz = wc_DerToPem(der, (word32)derSz, pem, + (word32)pemMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); + expect = ossl_form[i].p8_nolv ? WOLFSSL_SUCCESS : ASN_PARSE_E; + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz, + WOLFSSL_FILETYPE_PEM), expect); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_DER_TO_PEM + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_DER_TO_PEM */ +#endif + return EXPECT_RESULT(); +} + +int test_mldsa_pkcs8_export_import_wolfSSL_form(void) { EXPECT_DECLS; #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ @@ -16676,10 +16888,8 @@ int test_mldsa_pkcs8(void) byte* temp = NULL; /* Store PEM or intermediate key */ word32 derSz = 0; word32 pemSz = 0; - word32 keySz = 0; dilithium_key mldsa_key; WC_RNG rng; - word32 size; int ret; struct { @@ -16746,43 +16956,6 @@ int test_mldsa_pkcs8(void) ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); -#ifdef WOLFSSL_DER_TO_PEM - ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, - PKCS8_PRIVATEKEY_TYPE), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#endif /* WOLFSSL_DER_TO_PEM */ - } - - /* Test private + public key (integrated format) */ - for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { - ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), - 0); - ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); - - if (EXPECT_FAIL()) - break; - - keySz = 0; - temp[0] = 0x04; /* ASN.1 OCTET STRING */ - temp[1] = 0x82; /* 2 bytes length field */ - temp[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */ - temp[3] = test_variant[i].keySz & 0xff; /* LSB of the length */ - keySz += 4; - size = tempMaxSz - keySz; - ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz, - &size), 0); - keySz += size; - size = tempMaxSz - keySz; - ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size), - 0); - keySz += size; - derSz = derMaxSz; - ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz, - test_variant[i].oidSum, NULL, 0), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_DER_TO_PEM ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); diff --git a/tests/api/test_mldsa.h b/tests/api/test_mldsa.h index d1322e571..488c3a2b3 100644 --- a/tests/api/test_mldsa.h +++ b/tests/api/test_mldsa.h @@ -35,22 +35,26 @@ int test_wc_dilithium_der(void); int test_wc_dilithium_make_key_from_seed(void); int test_wc_dilithium_sig_kats(void); int test_wc_dilithium_verify_kats(void); -int test_mldsa_pkcs8(void); +int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void); +int test_mldsa_pkcs8_import_OpenSSL_form(void); +int test_mldsa_pkcs8_export_import_wolfSSL_form(void); int test_mldsa_pkcs12(void); -#define TEST_MLDSA_DECLS \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ - TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8), \ +#define TEST_MLDSA_DECLS \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form), \ TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12) #endif /* WOLFCRYPT_TEST_MLDSA_H */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 83159ad65..bd448c355 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -36991,6 +36991,7 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, /* ASN.1 template for a general asymmetric private key: Ed25519, Ed448, * falcon, dilithium, etc. * RFC 8410, 7 - Private Key Format (but public value is EXPLICIT OCTET_STRING) + * Check draft-ietf-lamps-dilithium-certificates of draft RFC also. */ static const ASNItem privateKeyASN[] = { /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, @@ -37001,9 +37002,13 @@ static const ASNItem privateKeyASN[] = { /* PKEYALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 1 }, /* privateKey */ /* PKEY */ { 1, ASN_OCTET_STRING, 0, 1, 0 }, - /* CurvePrivateKey */ + /* CurvePrivateKey */ /* PKEY_CURVEPKEY */ { 2, ASN_OCTET_STRING, 0, 0, 2 }, -/* PKEY_MLDSASEQ */ { 2, ASN_SEQUENCE, 1, 0, 2 }, +/* PKEY_SEED_ONLY */ { 2, ASN_CONTEXT_SPECIFIC | ASN_PKEY_SEED, + 0, 0, 2 }, +/* PKEY_BOTH_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 2 }, +/* PKEY_BOTH_SEED */ { 3, ASN_OCTET_STRING, 0, 0, 0 }, +/* PKEY_BOTH_KEY */ { 3, ASN_OCTET_STRING, 0, 0, 0 }, /* attributes */ /* ATTRS */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_ATTRS, 1, 1, 1 }, /* publicKey */ @@ -37016,7 +37021,10 @@ enum { PRIVKEYASN_IDX_PKEYALGO_OID, PRIVKEYASN_IDX_PKEY, PRIVKEYASN_IDX_PKEY_CURVEPKEY, - PRIVKEYASN_IDX_PKEY_MLDSASEQ, + PRIVKEYASN_IDX_PKEY_SEED_ONLY, + PRIVKEYASN_IDX_PKEY_BOTH_SEQ, + PRIVKEYASN_IDX_PKEY_BOTH_SEED, + PRIVKEYASN_IDX_PKEY_BOTH_KEY, PRIVKEYASN_IDX_ATTRS, PRIVKEYASN_IDX_PUBKEY }; @@ -37033,9 +37041,11 @@ enum { int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, + const byte** seed, word32* seedLen, const byte** privKey, word32* privKeyLen, const byte** pubKey, word32* pubKeyLen, int* inOutKeyType) { + int allowSeed = 0; #ifndef WOLFSSL_ASN_TEMPLATE word32 oid; int version, length, endKeyIdx, privSz, pubSz; @@ -37048,14 +37058,27 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, #endif if (input == NULL || inOutIdx == NULL || inSz == 0 || - privKey == NULL || privKeyLen == NULL || inOutKeyType == NULL) { + privKey == NULL || privKeyLen == NULL || + pubKey == NULL || pubKeyLen == NULL || + inOutKeyType == NULL) { #ifdef WOLFSSL_ASN_TEMPLATE FREE_ASNGETDATA(dataASN, NULL); #endif return BAD_FUNC_ARG; } + if ((seed == NULL && seedLen != NULL) || + (seed != NULL && seedLen == NULL)) { + return BAD_FUNC_ARG; + } + + allowSeed = (seed != NULL && seedLen != NULL); #ifndef WOLFSSL_ASN_TEMPLATE + /* The seed can't be parsed without WOLF_ASN_TEMPLATE */ + if (allowSeed) { + return ASN_PARSE_E; + } + if (GetSequence(input, inOutIdx, &length, inSz) >= 0) { endKeyIdx = (int)*inOutIdx + length; @@ -37083,13 +37106,7 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, return ASN_PARSE_E; if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) { - if (oid != ML_DSA_LEVEL2k && oid != ML_DSA_LEVEL3k && - oid != ML_DSA_LEVEL5k) { - return ASN_PARSE_E; - } - if (GetSequence(input, inOutIdx, &privSz, inSz) < 0) { - return ASN_PARSE_E; - } + return ASN_PARSE_E; } priv = input + *inOutIdx; @@ -37150,53 +37167,69 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, } /* Parse full private key. */ - ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1, input, - inOutIdx, inSz); - if (ret != 0) { - /* Parse just the OCTET_STRING. */ + ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1, + input, inOutIdx, inSz); + if (ret == 0) { + /* Store detected OID if requested */ + if (ret == 0 && *inOutKeyType == ANONk) { + *inOutKeyType = + (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum; + } + } + /* Parse traditional format (a part of full private key). */ + else if (ret != 0) { ret = GetASN_Items(&privateKeyASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], - &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], 1, 0, input, - inOutIdx, inSz); + &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], + PRIVKEYASN_IDX_ATTRS - PRIVKEYASN_IDX_PKEY_CURVEPKEY, 0, + input, inOutIdx, inSz); if (ret != 0) { ret = ASN_PARSE_E; } } - - /* Store detected OID if requested */ - if (ret == 0 && *inOutKeyType == ANONk) { - *inOutKeyType = - (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum; + } + if (ret == 0) { + /* priv-only */ + if (dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { + if (allowSeed) { + *seedLen = 0; + *seed = NULL; + } + *privKeyLen + = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; } - } - if (ret == 0 && dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { - /* Import private value. */ - *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; - *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; - } - else if (ret == 0 && - dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length != 0) { - if (*inOutKeyType != ML_DSA_LEVEL2k && - *inOutKeyType != ML_DSA_LEVEL3k && - *inOutKeyType != ML_DSA_LEVEL5k) { - ret = ASN_PARSE_E; + /* seed-only */ + else if (allowSeed && + dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length != 0) { + *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length; + *seed = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.data; + *privKeyLen = 0; + *privKey = NULL; + } + /* seed-priv */ + else if (allowSeed && + dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEQ].data.ref.length != 0) { + *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.length; + *seed = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.data; + *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.data; } else { - /* Import private value. */ - *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length; - *privKey = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.data; + ret = ASN_PARSE_E; } } - if ((ret == 0) && dataASN[PRIVKEYASN_IDX_PUBKEY].tag == 0) { - /* Set public length to 0 as not seen. */ - if (pubKeyLen != NULL) - *pubKeyLen = 0; - } - else if (ret == 0) { - /* Import public value. */ - if (pubKeyLen != NULL) + + if (ret == 0) { + if (dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length != 0) { + /* Import public value. */ *pubKeyLen = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length; - if (pubKey != NULL && pubKeyLen != NULL) *pubKey = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.data; + } + else { + /* Set public length to 0 as not seen. */ + *pubKeyLen = 0; + *pubKey = NULL; + } } FREE_ASNGETDATA(dataASN, NULL); @@ -37219,8 +37252,8 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, } if (ret == 0) { - ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr, - &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType); + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, NULL, NULL, + &privKeyPtr, &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType); } if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) { ret = BUFFER_E; @@ -37606,10 +37639,11 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, oidKeyType); /* Leave space for private key. */ SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); + /* Don't write ML-DSA specific things. */ + SetASNItem_NoOut(dataASN, PRIVKEYASN_IDX_PKEY_SEED_ONLY, + PRIVKEYASN_IDX_ATTRS); /* Don't write out attributes. */ dataASN[PRIVKEYASN_IDX_ATTRS].noOut = 1; - /* Don't write sequence. */ - dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].noOut = 1; if (pubKey) { /* Leave space for public key. */ SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PUBKEY], NULL, pubKeyLen); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index ac8e5d810..ea0219c48 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9659,31 +9659,6 @@ int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) { #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) -/* OCT OCT */ -#define ALT_PRIV_DER_PREFIX (2 + 32 + 4) -/* SEQ [ OCT OCT ] */ -#define ALT_PRIV_DER_PREFIX_SEQ (4 + 2 + 32 + 4) - -/* Get the private only key size for the ML-DSA level/parameter id. - * - * @param [in] level Level of the ML-DSA key. - * @return Private key only encoding size for key level on success. - * @return 0 on failure. - */ -static word32 dilithium_get_priv_size(int level) -{ - switch (level) { - case WC_ML_DSA_44: - return ML_DSA_LEVEL2_KEY_SIZE; - case WC_ML_DSA_65: - return ML_DSA_LEVEL3_KEY_SIZE; - case WC_ML_DSA_87: - return ML_DSA_LEVEL5_KEY_SIZE; - default: - return 0; - } -} - /* Decode the DER encoded Dilithium key. * * @param [in] input Array holding DER encoded data. @@ -9708,11 +9683,14 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz) { int ret = 0; + const byte* seed = NULL; const byte* privKey = NULL; const byte* pubKey = NULL; + word32 seedLen = 0; word32 privKeyLen = 0; word32 pubKeyLen = 0; int keyType = 0; + int autoKeyType = ANONk; /* Validate parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { @@ -9756,34 +9734,45 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Decode the asymmetric key and get out private and public key data. */ +#ifndef WOLFSSL_ASN_TEMPLATE ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, + NULL, NULL, &privKey, &privKeyLen, - &pubKey, &pubKeyLen, &keyType); - if (ret == 0 -#ifdef WOLFSSL_WC_DILITHIUM - && key->params == NULL -#endif - ) { + &pubKey, &pubKeyLen, &autoKeyType); +#else + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, + &seed, &seedLen, + &privKey, &privKeyLen, + &pubKey, &pubKeyLen, &autoKeyType); +#endif /* WOLFSSL_ASN_TEMPLATE */ + } + + if (ret == 0) { + if (keyType == ANONk && autoKeyType != ANONk) { /* Set the security level based on the decoded key. */ - ret = mapOidToSecLevel(keyType); + ret = mapOidToSecLevel(autoKeyType); if (ret > 0) { ret = wc_dilithium_set_level(key, (byte)ret); } } - /* If it failed to decode try alternative DER encoding. */ - else if (ret != 0) { - word32 levelSize = dilithium_get_priv_size(key->level); - privKey = input + *inOutIdx; - privKeyLen = inSz - *inOutIdx; - - /* Check for an alternative DER encoding. */ - if (privKeyLen == ALT_PRIV_DER_PREFIX_SEQ + levelSize) { - privKey += ALT_PRIV_DER_PREFIX_SEQ; - privKeyLen -= ALT_PRIV_DER_PREFIX_SEQ; + else if (keyType != ANONk && autoKeyType != ANONk) { + if (keyType == autoKeyType) ret = 0; - } + else + ret = ASN_PARSE_E; + } + else if (keyType != ANONk && autoKeyType == ANONk) { + ret = 0; + } + else { /* keyType == ANONk && autoKeyType == ANONk */ + /* + * When decoding traditional format with not specifying a level will + * cause this error. + */ + ret = ASN_PARSE_E; } } + if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { /* Check if the public key is included in the private key. */ #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) @@ -9828,32 +9817,39 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE; } - else { - word32 levelSize = dilithium_get_priv_size(key->level); - - if (privKeyLen == ALT_PRIV_DER_PREFIX + levelSize) { - privKey += ALT_PRIV_DER_PREFIX; - privKeyLen -= ALT_PRIV_DER_PREFIX; - } - } } if (ret == 0) { - /* Check whether public key data was found. */ -#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) - if (pubKeyLen == 0) + /* Generate a key pair if seed exists and decoded key pair is ignored */ + if (seedLen != 0) { +#if defined(WOLFSSL_WC_DILITHIUM) + if (seedLen == DILITHIUM_SEED_SZ) { + ret = wc_dilithium_make_key_from_seed(key, seed); + } + else { + ret = ASN_PARSE_E; + } +#else + ret = NOT_COMPILED_IN; #endif - { - /* No public key data, only import private key data. */ - ret = wc_dilithium_import_private(privKey, privKeyLen, key); } #if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) - else { + /* Check whether public key data was found. */ + else if (pubKeyLen != 0 && privKeyLen != 0) { /* Import private and public key data. */ ret = wc_dilithium_import_key(privKey, privKeyLen, pubKey, pubKeyLen, key); } #endif + else if (pubKeyLen == 0 && privKeyLen != 0) + { + /* No public key data, only import private key data. */ + ret = wc_dilithium_import_private(privKey, privKeyLen, key); + } + else { + /* Not a problem of ASN.1 structure, but the contents is invalid */ + ret = ASN_PARSE_E; + } } (void)pubKey; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 136735876..cffd587e3 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -204,7 +204,10 @@ enum ASN_Tags { /* OneAsymmetricKey Fields */ ASN_ASYMKEY_ATTRS = 0x00, - ASN_ASYMKEY_PUBKEY = 0x01 + ASN_ASYMKEY_PUBKEY = 0x01, + + /* PKEY Fields */ + ASN_PKEY_SEED = 0x00 }; /* NOTE: If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified @@ -2727,8 +2730,9 @@ WOLFSSL_LOCAL int VerifyX509Acert(const byte* cert, word32 certSz, || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \ || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)) WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, - word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey, - word32* pubKeyLen, int* inOutKeyType); + word32 inSz, const byte** seed, word32* seedLen, const byte** privKey, + word32* privKeyLen, const byte** pubKey, word32* pubKeyLen, + int* inOutKeyType); WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey, From 778dcbaafb28ae80a8478b13648d944069372664 Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Mon, 14 Jul 2025 11:00:36 +0900 Subject: [PATCH 079/346] Add test data --- certs/include.am | 1 + certs/mldsa/include.am | 23 +++++++++++++++++++++++ certs/mldsa/mldsa44_bare-priv.der | Bin 0 -> 2584 bytes certs/mldsa/mldsa44_bare-seed.der | Bin 0 -> 52 bytes certs/mldsa/mldsa44_oqskeypair.der | Bin 0 -> 3900 bytes certs/mldsa/mldsa44_priv-only.der | Bin 0 -> 2588 bytes certs/mldsa/mldsa44_seed-only.der | Bin 0 -> 54 bytes certs/mldsa/mldsa44_seed-priv.der | Bin 0 -> 2626 bytes certs/mldsa/mldsa65_bare-priv.der | Bin 0 -> 4056 bytes certs/mldsa/mldsa65_bare-seed.der | Bin 0 -> 52 bytes certs/mldsa/mldsa65_oqskeypair.der | Bin 0 -> 6012 bytes certs/mldsa/mldsa65_priv-only.der | Bin 0 -> 4060 bytes certs/mldsa/mldsa65_seed-only.der | Bin 0 -> 54 bytes certs/mldsa/mldsa65_seed-priv.der | Bin 0 -> 4098 bytes certs/mldsa/mldsa87_bare-priv.der | Bin 0 -> 4920 bytes certs/mldsa/mldsa87_bare-seed.der | Bin 0 -> 52 bytes certs/mldsa/mldsa87_oqskeypair.der | Bin 0 -> 7516 bytes certs/mldsa/mldsa87_priv-only.der | Bin 0 -> 4924 bytes certs/mldsa/mldsa87_seed-only.der | Bin 0 -> 54 bytes certs/mldsa/mldsa87_seed-priv.der | Bin 0 -> 4962 bytes 20 files changed, 24 insertions(+) create mode 100644 certs/mldsa/include.am create mode 100644 certs/mldsa/mldsa44_bare-priv.der create mode 100644 certs/mldsa/mldsa44_bare-seed.der create mode 100644 certs/mldsa/mldsa44_oqskeypair.der create mode 100644 certs/mldsa/mldsa44_priv-only.der create mode 100644 certs/mldsa/mldsa44_seed-only.der create mode 100644 certs/mldsa/mldsa44_seed-priv.der create mode 100644 certs/mldsa/mldsa65_bare-priv.der create mode 100644 certs/mldsa/mldsa65_bare-seed.der create mode 100644 certs/mldsa/mldsa65_oqskeypair.der create mode 100644 certs/mldsa/mldsa65_priv-only.der create mode 100644 certs/mldsa/mldsa65_seed-only.der create mode 100644 certs/mldsa/mldsa65_seed-priv.der create mode 100644 certs/mldsa/mldsa87_bare-priv.der create mode 100644 certs/mldsa/mldsa87_bare-seed.der create mode 100644 certs/mldsa/mldsa87_oqskeypair.der create mode 100644 certs/mldsa/mldsa87_priv-only.der create mode 100644 certs/mldsa/mldsa87_seed-only.der create mode 100644 certs/mldsa/mldsa87_seed-priv.der diff --git a/certs/include.am b/certs/include.am index 90e66c997..e4f6a0e6c 100644 --- a/certs/include.am +++ b/certs/include.am @@ -152,4 +152,5 @@ include certs/dilithium/include.am include certs/sphincs/include.am include certs/rpk/include.am include certs/acert/include.am +include certs/mldsa/include.am diff --git a/certs/mldsa/include.am b/certs/mldsa/include.am new file mode 100644 index 000000000..94868dc61 --- /dev/null +++ b/certs/mldsa/include.am @@ -0,0 +1,23 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/mldsa/mldsa44_seed-only.der \ + certs/mldsa/mldsa44_priv-only.der \ + certs/mldsa/mldsa44_seed-priv.der \ + certs/mldsa/mldsa44_oqskeypair.der \ + certs/mldsa/mldsa44_bare-seed.der \ + certs/mldsa/mldsa44_bare-priv.der \ + certs/mldsa/mldsa65_seed-only.der \ + certs/mldsa/mldsa65_priv-only.der \ + certs/mldsa/mldsa65_seed-priv.der \ + certs/mldsa/mldsa65_oqskeypair.der \ + certs/mldsa/mldsa65_bare-seed.der \ + certs/mldsa/mldsa65_bare-priv.der \ + certs/mldsa/mldsa87_seed-only.der \ + certs/mldsa/mldsa87_priv-only.der \ + certs/mldsa/mldsa87_seed-priv.der \ + certs/mldsa/mldsa87_oqskeypair.der \ + certs/mldsa/mldsa87_bare-seed.der \ + certs/mldsa/mldsa87_bare-priv.der diff --git a/certs/mldsa/mldsa44_bare-priv.der b/certs/mldsa/mldsa44_bare-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..56a03bf9c1f6a44c7efdf3cd1fbb9dfe78dc046e GIT binary patch literal 2584 zcmXqL;u2wEWH8`n<4kDtU`%CZVHRX*;$n~pVqCr;d*YQ%ZHr#y--}^CbltQ=+dlD8 z&CC+-r^h?&REw8Qei_LgDL32N{A){6lh7ic%a0?r??3*?ieqi#iE4)2E0#Kc80Pj_ z%g^1RA&~Ur{sHb^_s_HFf7qlK<7lrGb9_~tjN{qVSqlz3YU+P@R{id+vFC?0#iKea zlbL2%evDk8619Q%_M(gj25nvw5^jn#2x=-lI^lRjBTdFLFv%pTQGrv6!S&H0&&elz zZ%ZgBx#vh&CUT4MNHV#psCr4b=XJ3)1Twks9BMrv;VLP{&|uUT$db^~lA>&=>C(_~ zLdig;Q;{Xnvw}rIU?QU{=VK#} zCI(hvWiEk}feZ&TyV>{{jRaUkeOZneCbB5Za7yf9>SJPQlU|U(?XD(a*>F=L@YISP z34??g9swMZO$?n0f}9&{^HbntYjR1HYRQo_ZW3PMpe(HG z)#56(Ep>_$3$tq*L!;*fw_F!Do;zxSvm1DVCa9jW@ameP>BJ$xyrETPvuofERfR1D z!XmjhgqRMr@iwx#@GQ#V-d4!n>3PYBg<)l`mx9C11uAzY_&Ckz6<~4T63aQzATZHP z<>G-(86lyAQ#@`cs5HA2FfW`iv7v**IO~o+lG$964rB;UWbp6^e8^G|BjUh3L-E7{o|!IrirX5bHwP?I(vhCP65!Dz z)7aSI<{Ql5d$GyIM`4oWi4G67Mim7&?yZ{LOB!Z7BuqA9d9q34<^<$T6 z;U_klTfX00n!2^F;lj(f?DLIIi?^(MW_A5t`!kV=qB#pT&R*9k@sC?_`m$?3-GXmE zoh`Lw@1hg3pNr>gbW7+gJu1&!S91EH=Z&Yq%IAY5_+D63Pe{iUzT4X<`m?Jp?fQj`789fE zaUO@7-Z9_eYQ3=5cGip6`?lOYl6Nxmiphl6EsrKfPS1G!scrs>mc=20)|)a}z1*%c zuUan0e&^?vJkE1_mnJ;CI4Ss~ zXpx$MQlR|`#nZByre1%i+FdJX&umYPvg2;;o6@{}gPeb0j}LeJISu(W7Y;5B=XqtM z{3LyS?j7$^@%t&WLY}zm>-;cCi>l>w>zl-q5NGPJJ)~~x`b3qjGtSn$6})bB@KT8R zvmZSYEJ}hLXXm~<3~cb@GDCYE*!TD<-xw-$daZP?-QZ+ELrYTOm+-!oE;{yA)5 znfb6-aOx5D>1TA7teffmC+FhSD~7j>9M1>u5U35w4mf>6wCMSn^nGL&nY}(Ikb`@1z<5S&oiEG=gb9dFel8*j-5z!Rh#+eiG>GsR} z>>Xx1OZc9iFRNtuU-rT^bkD7BbwTF;-YjXRFOINB8l02nwV1B)bWh8I^`*Uq>f&2} zozB^}FnFQh_3P@&|8tX9HQ(wl=sMJHkRm^yJM7kJ!5H6XJ}j4eW8%eK*EYsBigt8g zcsQ@RD(Ue)o{ukz8ML|9_qJKA{}XE;%Tp|_2FG_b>9o&?7zP+IDU@3cCx{TMIpxS>#zOY6UMvATRY?W>8YXt z&Qh#-N0%|Yw0e8r*Y@v^|3BHQSY13al5(c%^I3Hzdb--a&FxO`F1U4S#*W$tfA6g| z|Iy2nqxo^2DQ8RydK1;XmZgE!Fe|LSt<0&Vmf8m%YzeGT-I74ser`x+% z+}rZ>V$jh!f7m&i7mDw{7Pw>9KK-5|J@bM`x*h@PC9kIm+0PIC?0u(N;Kp?3cJA{b zHsz0;Uxjv9FSZb5iV70WShrNKtvE?v@z!@`<`A(Q)*pYoSI&H%-6uQe!SNsRbp|(o9br0lg(v0xV!PMAx$kHD-S=|7 z`bT~L-mG_Dr1`j>-n5%#9x?d_?_}lA-*mP$CRy2fS@*t7x}kN8Ic2%2O7tl${#m&< zYTkF(ay>sN8t}Y*f627V48jT4@)M2Xbj~tzFJ&zW75OzY*rm*+yynII??Q)u%5LI5 zEqtMP;^ki_4a#0Fs8HM_xT=4fSNrUM+O)Q-_v1hNKWP8OX8Fj}B0al)ddjLN4%VwS zJ)5<&iHpIQc|RY|o~F>(GrqsiXn(hj&u+t`b+eYs?hvT{voz*L&>N5N!p*lA9bmj2 z^!HWlp+LtbAI23+mPH-cmltv0x7;;R@6fIZv9%#Js~aSlAG}^Y!(j3Ect2b5uqT$= z7Ay3YZ%XsFKh$n4-6go&>*_mM-yT0!z6XXns=toem4=*uxj*qj&cs8}7bdf;o86M< GcLo3+O^g@- literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa44_bare-seed.der b/certs/mldsa/mldsa44_bare-seed.der new file mode 100644 index 0000000000000000000000000000000000000000..809ef71501e7665459d25cf92fdba029f1f6ba44 GIT binary patch literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(WKnSE_^iQlLe)HWTF}yKOZ|gxU8y*;@Va?J!jm+H I;D)3(09sNK2LJ#7 literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa44_oqskeypair.der b/certs/mldsa/mldsa44_oqskeypair.der new file mode 100644 index 0000000000000000000000000000000000000000..4669c183e65869ad2d03c71ff6780d63f267869d GIT binary patch literal 3900 zcmXqL;b~Q zUG?;fZ%O`p+FQY1)Me)<|8zImFFB%7DN_tYj;{O}wprqaZpf*v;f9AN{`HV#{P9xh zmtCj4LSn!p)AKE@hI%t@883geeLK^_aMyKJKSE5Vo#vGKo$_hHb#p1VtTj)f1PnCx zPOjd|G1VbOILdf7V zyOz{)ALULT0adqC4F%jzS&<5y5`q&O4he7@rA98|Sm59j!otC&>GNny3xh?`Z5AHJ zgFXii=_+qlnZwkY#E_A=gyp0g(`*5ODQ;W|8&nuM8oCXbggFhl+f@ZcUA!FB9&Awb zmhg~JPFZ5&>mpEa=@4t9$V5rWo*s?Hq-m_mlX?^cixQQT6x77Z4=F?_F>xwP z@=!2PkZg)v)^bLH<%o#i>>Z6u8VV9jPVp%rffr#2djl^3lT#HRKl_V3KMN;oD zaosp%s30+c*{D^TwIi@aS74!Hw1m#ZX`KN~yo~0WT*6!;j4Ip{awj%Tm}1s8tEp#_ zTgHNhf-VP+MJ6qelmZi&CU7XYFgf&eb!Z&iR?sQNbws2=fWu43g(=0%Wj2d~GlPee zyT%lW-b)jBI@B6?Ci@6Cr9>Z4JY&IeV@g1eO98`9Lx$;%7ba*bX(~i7D3ns@RMP02 zz^25+qB_UGP0HCiziAPcbvkKz+z&wutk-_AeVWE$4!Ua z$xJ%RqA3%dQi7b4CNfM65lQG#(mY@m$l%JRq@=>Lz(<%vp?O-Xh@#sWF_uF|3=T}= z5Hx8yti-^fuA(f;a9V^>kcla6>gIR1U#h>Gb)Z8y-7AE7=G*YP+bu^DTKR8B zm#6&MWmufFZ^i8yoJC0{sy{UXU9!}y#k;>>c(_no-S^w%OBp5Xm*4Pmus2(&|8`8g zyig|Jbi&zC>!g!{t8Bx6$`)81kVx8aT5HM5Yk%zYIkqzXO;Yj^&iYv&uWkRoe-V!* zU$|8w|Ki5RZ3lZ-m9upHKB^;OwzKny;zy>8Br`L`f42{8f4s1BgF}+oZKqmm7f-$k z)$3CGRCeiIuT6*yo^g2Z^@r+5j`(YuCmxOW3uzTUAu4*U^_$9eZ&%J5X|+;8)t+)qlN?8u1r@5EMH8RJ@ zvUi!z6_L&1KfCvWhVItN53>zscMEKj%+)i9*|K-LSKt=^_frcE|MR@wrx#WgKRa+D zn^)_--f22Lckt13tQ*N zJ=0a%Cu7F$e>dc$l(jWd{ew74@F_eR}iPh@57tnRgza(=}Mu@?!m|hP#u> zohvWj-XD2v5~G7V^H#^~9tfcxW48P`ZA-(vg|}9Nyg$DdRhld|qpQYDk0x>q@Wo3m*>ebc;|go32?u z<<9JEql=Y}!9TKR2u17+tg~7w`fN>EORrLHXson_-CK?&;Uk9G<*Ha`S0_I!ci3wG^epS0V>Q$F3LL&{YJ2I-BRBimfj=@MQ#aq$;8d2} zyMD&U{s)I9{n~wJxpef(qmORwe9&_6^45g)ZBKoJr)ImE>!~z0?RZo8b=3dn1;vCLBLwZZ2?J>t6JJY5f&ME2j_gOU2{OFsbwv&BT?Ic&YeCaK? zS7dx|i8$|tl4tMPO+LD@z{E+bP{NBQGeF4ieAZo-z;E*e^!e*ZOWU|}cEQzOG`}Bj9_jlIKI#$*yU)FLbR55ufMFG~qOlNmZ=08jtVk zN1lwiTQ?ehGe2=`$5Jmf{t2sQ+}GrKudDQrPm5*$3x-=36aClE)_pVW;*HE{?zLaa zYAVd#PG;MCu^ic&-m7(NmEQXs`?k-neIv1~fOTKkhuq(BrPe`;Z$8RqED?!$FStqR z=l4EYbKNlau8U7|uBBE9EsR^z9cXa%)8}e|WzVmuoR|7~>+rKB%XVyW@?QBmc#ivm z^q7(H1^Z6* z?O@rv&2>0XG=3*$r44i-6)fA~8z#UFC#Rxc2;VB2wIXQ^giMf;nRbN~8! zzGg4FwR!pJw%sYygX&MT9bK;GyU<)c#&(&D(YDTfGb67}64eTlC0`@URrh@gFI0IQ zc)C{PXu|o9S zc@;(GkgOY%*qdJL2-NwX)tBz}U+ar{f8!GdoyymfADr9s@SI=gk-ec!!4C>Py?W!o zV9^`8Uo}$yN`2d(y#6_FMdYn!&0FIdW_o<@)6gl3q5PquzqVJt%PsxPF=wvTiC5)e z7M%wznAsgCFBXf>l$*UGb@D!g)wX^@Gu~WU{-EVq>$&Lx*K&=$-f>My|7UwgT(V)N z>>T4G&yv`;E_UZz>Chc|_o7tQTf_hVlDDyFOmw*}SJ?hl**L>kK|SV{m(Ierm0E9d z{v7HtaC$N?e3R(u(`M1jGGs4Sueh+G`fS3Nv<>%o*DdYSc%JU=(i3+!a_uhp)2A1I z-8iv0m0M?v)M+-^&e?g@uU<;;^=jL&Vv=9Q#Qx0%rGfpS6N=BW>NyqPtv@pFUD)~T zf`sYGc5K3%g>M?`YG?4Iu66U4Xi@7l{MT@d#kO>o@rN!+EA`2jS%3OY&v;ZK!#BnC z@8mmDEIO?oOCA3{-*ThK`D&BNq^6c@OJB%;757`@tm0|1%U5Z7=J6-bWqa5+waj>R ze(}lPFYkA+zZM_&d|H&>{<%VzB-Ot&Sl)>apH?;hO-15D&Y92m^&el~k&*dmo!AA9 z^kYv?>^?U~o~L2KlufQ*1#e|-xn5|&dQ>#qLig~VCGXdr(Q&Yt*OfYF=3=E_#~JCT z7*Fy4p85Qt_TO6zoWy3>?cMF8t++AxyGbC65wF?F143(fybizO+9PuLM~r*wxocg0 z4COPKVg=(Yk48PquUz@aQ!FZ3H23bFyS}yo*3UT1n14txEtWMn+~sWlc-kD}n1&VC z-SX$R{jZrmZDV@Tf|N^)q5P}OEerx(Pkd7C(P`kzRy(%P6wr4)X7;>3Or0hsnrM^$_1yyA;L+J7(0Y#rIYTGBDe5r5{jl^Kp6} zTUk7JmPP5AUz#o7+&f~Eyon2D?3CuCmcGixjJ;O$*-ps>s5pgK2a%? z-S|`c`kgsDmIYdRh6WY(vhoMsn8CmP&N9a67hY-a{@K}$~V@>wVTV(yP*N0kZg;{R`khn?rCaa7=`sau}xVJi5(Q!>R9(=EIjQ{X*wGI5^b*bE>u;{+$#&xCFPt|gsoi5zM}WMpdGzra_e~6| zpJp69CVi)1{jbXSTaSIq|C_ze{i8Ge+R7vMmPtH!=y7UU=rC1@y*8Gk%f7!lC(~{j E0BNn|^#A|> literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa44_priv-only.der b/certs/mldsa/mldsa44_priv-only.der new file mode 100644 index 0000000000000000000000000000000000000000..81fec03b65110013c2cee6dda09e99701c6e6689 GIT binary patch literal 2588 zcmXqL;*wxuWH8`n<4kDtU`%CZVHRX*;$mTG;$mR=Ue%Ttv3cR#zB{Yeo>VuQnsBpd zYhvJ}#C@dU?4 z>;5mkr7_7dH+Y*%?#z>s8;?h?%Mzb%%~=^K8v0oF?xTe=?^Ki%8T=)Tbepk z#X?`%@#pRc{~Mbaou>%~O0;pd_i!)PQPB`mHga32z>zDLqkZ+C23K@jA0WZ0TXlU1c~juN(UX2UHqo7H7+pA^*-UCFCLTds8ldwQ;^D<8t zmq5jZo!lE8T$c1osTZVdYm7L?D?F7!VUf?11wKridR!if4}~!rP`M@2dc}n4 zk(es?(%wmjdS)qfavbUrP}NeAbc?p&Q#9dfoYZn>NiLI0!J@WCmSw#z5}J~SbvT@q zPEJzoc2hmXF>#Vc;9@2(DZ!vqDg_b-F2YL^nP+qaOh~z`WOz}@;mM)`L5UXT%?&I^ zJ05RiVKj13P-S2cNa`{v6yZ?0?3BaY;ld(WD6qn{Q9@?{N2WK21G5GLlj9_X39LLF zo}CjWOi<}L=w_%eAyH_j=8cvKkGJ$Bi*+8FVURG1_2woX1=9(F!Y+YEiYlU6B2zL$ z6cihja+O?Fden?=Fu5eExOl0k#Z1vz;^C^Kn$m2f5^^k{Nkl_LV3N|39w~P&&Xt_r zX1q*`5~rNtY!Py~WYVCxP~p)r%}5o)S(8*FIdmpY(U3gW!8s{+ibH3FQXQ_fj3f1sPlm9XME1QXF(-W~!X%@aZ;l zjN0VswT&}if@AWOL?(4dM;F$}i5b)Do8u~(-zOw2`@xqk7+-OD*?XpgNxQQ>eBB+N zpM1|0`Y(O=Hm7;ppV(F8qWIY;bA4)z7fpdHA(tj+Umtn%(>2b51yH>CcQk_?in)3sLq z__wmD^F!y^$x|lmX?S{PQDUh5u|)!>Zdn*!m^|fdV$h_-Yo8x{TOwwdGe*KZOz`|-f=(M|E_zYU267s)*WW z&-$FXGh;Km#`G=g&Ut;__HR{F`RtXy&WP@``;@b{_G`K0+E*-p#Ix7LD_(c~%=&eX zSf}mf?}t~I&wISOB$AUou6gPCTPtF29Lh02o8RShGP=3;=>DiDxyk~0v2yKs=FGb` ze|b5X|L?rruLA4;#IFu^e&Qg!E%7MpnTMU8o~IliPi#2fdQP>L%X5yzj(Z2%vy^0e zO8wo~7X-7uOP+OcPhWbI?eE)@3RN#VKDo5%*B|3Zy{}u#e>WUC(r=u%aBgJn8WrES z?l&a{`Xo_OJ;4BbI*QVYtkRA zxOQ2qpoS=;SCq|;kK4<2f4^1}R!QZbH9PYAo4k;$83ijfN>;3@{It$;>gD3ru!Z8C zPmJ3c#hv}RcP~Ebxkc)g)t*x4W4}y~9^CePSI*|=3}V4cUR@|rUsCq&($Nz(hkqV; z_W$=Ot#eaf{MOSy>?e?Lb>;7UoxTpwMW$|@f3+uP5$o;7eMJeCwH-~D3)oa79Bwe^ zN#1|McKw7&q0OG>dE1wn*vOb)jLD9E+nBoV$AhR{X1{7hM5XUJep7uvo?V2xmQfsoeqC~ZZnRrY~i-;1{G z4`Yq7-mkS&Vrsd?Tb6(8=N~HnDfdo6XxG;E|1ArOUhyw=c-HCuTzb#8oEJ3}Dx3T# zGR)!h*}E^LwRKx9*A~lHpEuMw=C3k;qZbupa#)?Sr*3s1`|4|FwySj7wSRSq3)yzy zgFNT_yxZJ-r*^!Keeq)VL-q^uG0H}rb=*gb=dJvIe(TC#EomxpR(E<9t$8glQ;wk_ zH2-?p!URsqJ10#xzP@poGx^)6=U*S%n!e0CCMlA`o!|C*KV{11o$>AE>WASbgE*ea?MX^zX~BPJb}_m1`RBx|;`NZnB(9v=MqB zxc+h3v%{v$BGs$2>^y$_oIk(uyj%b3Rlh=&7aq|qvoKtB=O}O1?gT%XprYFo-v3*9 z|ENIal`rSE&)?-AEx4j%lR(Bh_owTf`rG-69{yf-jbW+q-0#NBSDrrHc9zq+i|wPH z#g2c9)o1k5a)UA=%DefEoKsC3-fR{f6eyZ-!-&h>*>_^%Z zwjYC4)}@($IrhGJvQ=~F z;(yl{O_%e#c|UIA14F;`qOJ)qH4Z&LWho+D@abRFiK6!v%F|9QJE3yKOG|=VRoP6 TmsVMI(H+j`Lk^m(U$q?ocy^>5 literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa44_seed-only.der b/certs/mldsa/mldsa44_seed-only.der new file mode 100644 index 0000000000000000000000000000000000000000..82d0a73845f3ad0e74d8b0f8fe56bf81e0718e6e GIT binary patch literal 54 zcmXpoVPa%3;AZ1YX!Br9WoBU(WKn8RNSB@!vZbhTuk6O@t8-Hhqf1k}na z)g?{7XEdMV*tYv6n*>V}7sK4@wANXhPv4h3y6Vvyt;+Qu|32E$JMq@nzP2qBZA7(% zj?M5)ej9MQk~hNn6GNYAysEy<>D4z`S`}pDLOZ6UnEPK&>D>3|^qpyEl4ge8Q|q~B zAd&X-ru4`2Mn@|=m{>Mhi`l+hk<-XF|4U|hU7N|$yBj?f9_Wi}-%0v8IZiy#!mEkH zgH46QBVp2(Kw(x5sU5wYTQnxDNa1O8d3>z1MU2md$$@*i?oE$LjG`${78z3NeZs;) z42DccnAAj^d<8TnC>R-CvRc;_fkXwDj>U@-m=-lkZYh`}*3!u2 zsI+zBC5}KL6UWOt1UVFqoLo{FJTfP_2`NoUJhZLg(Tv{9YMd=fT%0?3eKw>ptLQOK zYnjO+IQxX)Vxb8Alhjfl$!VP`YKa1FJqIN`WF&K0X7qNuF)>ZxjS))q5-DOjm@2L48)K2n?AWtJ zjjwZ2gO`Jv%*@P2A%nvXib`&YO3p=0?rH)HIUAMO4lC)U7zr_MVvL;T%3{iKcw4WC zK@QJUp2Z#w$qoSw3Tk&0R2ba~A36jc65>4~;K1Xo!ep$*bb>`nnd5<2*Q^b?!VVnH zN=7agxffj~TxsLar5dH$Q5=A3^wz6xXkr|5~Ig52BC=s%9|aSR;1o`Vtc@r^>|vM$COlO zrOZ1@t+QJ?BPCLtHz;(k(2Oup;S%o?bktSZq1q{;AmTVtd69~uxT4@j7UmWoZsnwa zw$u8VGU@*N@zRXRz0@dRKi^kbBJ~~f^4B6W53J77TWh#L zwEnNqVeYnGS$@erox2CmeJVX<|Nrow+8Bp`#;cP~-sucuU`a_+UwOd!Z0xmX$6Ho> zV7j&V({=SVK?a+r2AdelvwbSr6%llPC-+55yM%u?LyLajjM1GJA3OE&57k_e0+k=4 zEGikIaz1ks&<=Wt531dSh*#6LWQu#outn!ELTIjCjRceBbya0 zc2Bb7`LsV9w+cR==$CYC$&S?=^`&gC+#$&owOlPJ(-zNlDgGu_;$|waXwJUq0}tbl ztWa6~@K9us*o~9h>>}3wK4F$x_p#4^;)zF}mtWRcouoKzn&JC}>tE`b{o{Q7vG>>S z2+PIiT%X9_?NM2I-MHcFZdSpd(|a~^is*6Ob$O!S+TzD~i(8>0QEO-VoR$Z#cTc@w z7~4EibievnIn|R#Jyxvh`SU8F>g@DMtJ#mw;||&5c&Gk*XOYmmR*5$02QCl&t4nRw zzc;5vDH%9MKjwQmYYWHoah%*b!>{n zrKi(tu1<^%4}1APD&^;i|5{PI&heg4=iI29e6*{ylc-uB-ej zW`9~ATQsTdoIud!yP~40D=ZGpPP%6v3 zBm0iwYlE-6-d#_V^2tYm+={+~lkjwkd2@eelEb)ydk^ z7BiTq&YGFI?h21wfJts^ma%>hbJh~6ziYZoI9_&aTd;H5a!2#}=Z7w?f0~fN_OGC^ zVavboxgBqgO|W1wQIXye-sW&g^36gs!T(AoJ%;wl3;oZf7sph@ww}1*5an>c!}fFT zm)YAi_p{%<8K}N&`lkHE_cALPgS0OQJ#kp}O0{8ELt^{V-nv50jNivN^k?WiUv04E zp5?Z}|3(uMQ-2;2tGjiCwVeCo&j$x;MZ)tvcD;IVbaH~o;~!b+o9=|YFt3kHjw!$N zczJQ~oZc^MUb1(|>|5?DpI|oMcd^S{e~nA(}t!}2}lLD~gxugYl! zVYk_Dt!KCx@`im4r|Lwvi~joqUOo#co_PFsy76m9={v4bcNR}G%_*F{?74R8RNZxr zTpETSwB|8BYSw?SB=yuJFMcD}tEmNYtzk@6CJ*t`Ps3nh|_HT!lN~>CSO_Su}W{^WPRy0yLP_23*;nwRqyY&Y`R}n zQ!{nbUUhBTviGbOf4VH(a<8tk%wBow>-@ishy0iJ2u)bb{OoUKmPcmJ;R=JfmCG8J ze|dS{Z*Bymz*`-4y_i)eE`+~lUHW`}FZ=TA9<0>`;%gpX@#36xq_2g!Bq}kHPl`vr z$M0s&G^aI_xvz-i+)(G6y|bM6>fI)eubsDD+IlzXtYC}Z<5R5u&q&S2xcQdENdU`Q Bny3H( literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_bare-priv.der b/certs/mldsa/mldsa65_bare-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..07d42314eb60fa6697b6b1644b9a430c3c0de975 GIT binary patch literal 4056 zcmXqL;=jVg$Y8+D#+lIO!I;X-!Ystn#DC!D*_usXIn%v#FLwL>dm}!t()9M{rR*VY zJJq(f^8DP+^{esIR2mKU(73y8CMWGI$1goim5X#};1v|hgf^QC3bQGcrE+8_G#7}3I0>tk zCn*X9m8J@)F)*+?Xs|dlv9>XrySld)dW5=LG&-~emNJTp6;!kYXQVS4m$sCvr5UM7 z6u5?lHJV9SG#eI`IR+_|h<60BizKJ3r6a;HD1}HVKvNEMaFjlBHg$p!> z2o{(paxgWhI~1BT2o@HFv#|&=Sadj*aioZt7zQ(oi=?wNacBgJw=*ybg)#>kiH4gb z3o03zh^HxuG8G##h8Qy_uoil-3pJ;ixfqoui7~k~h6y)zXsElh6bhuXH<|{TnMtsR zh?cOnb0i2VXQUX3ClqH0ngnqK3cI%(3VSezSriwAC`Yh6FsWoXi#WD8MYIP6s;fzu zh$XgE2&)E_D=8G4h$aa+C5fgR3MI8NvAa94Iw)7TnJbow8H;m7s2R4nCIyFuHkXJC zh?X)Ll(3Zsd9;VPIuw*kG_#f|6}gBTWF#cGvo@+Gb+k2#YbZ3kgcye_F-nAbq-2D! zho`%wsVca+v?~W$G`59yFqgP1geI~YGPINwHn;}`I~570sxWw{voNQ#nKKu#m!>MU zHSJhG(=nFo=n%D=`U(CzzWHM2M6av$H3Zm$@f$m9uRHH(&-Fqs;ahqkJ^ zJ2|ni7P33Cgq9bDBs!Fb2Xr(mu(z9ZIJpG~xwn<6JDDg7h6=Nk8%mUx8MmiJxCWXg z1v)YW8K;J6NEj6~mPeGcw;P2RHnKV-aEKVNvXrQY8)Y=ATV#lfGclxzhAOhVsi&K} zhY5(dl(;sgq#CBDF=!|!3%Mwnai8dOzdt|VsNi=g5 zC5NRmrkOHYv?!YxF$9JqU3 zH7GTSsdl)8v#13$X}CqGDF>RCGzY3Tv!w=%PK2)C9gF)%P%v@oiuGqq%xMJSk;1veCkxrGZjo0TwXI5sGj1eFJ-39u`< z2%4y|xk#udwncD=B&4c`wi^|MBpDcZ6sZ)LTO?^PB^zpV2t>3QSd;}fiiiq126_ml zvKJR6ilsP&8#bjBwU#z{B&4UZw?rhgJ9?Nkx>_)@HB=}xs3sVgvvHX3LYF*Pu& z7dm*Ph@_So1#1W}h^QqRin|9Esx>L4wip?62&reVdoWp~Ie9QSixz|>r5cKg2^zb4 zs8^Inv}Y*0sI?gzrb(DpB!>xwSGXrOgt?Texv?gfRwRc8rIo3gI-9n%c?6jXmXv9@ zWf&H+sdtz*87Hkcc{|gz$A1cQ^%xP(0;g>v0){?S60e*OdRr)SYV{o+kCC*NAv zv99mwv3WOpv)$YyeY0m=4hzlaX%mPo+IY>ZzpwMvm&}8au1ms>8OblV)+u=HrM&Cn zRUMWcF5DL{eTl5O`R`z{>%racG`_r@mh!=2zhqv|MpJI*u;HkW#6aH^PZ_A$*N6)m_7Cw@!3^dMu zRLlE5^~04Oqr~#ef5!}^r0Ze@97>i>h&*%C@YTO-8~Hj7c;-dkyEl7b^X2$aROGk+lC zFLeBC_l2z!J{co;m@p|Cnt7`yRGkVP2K(9|3h{}rp>R{oVup7 zMD!&N@Web=ojgxs!C~M1qE5<%v#PS!SkBwaHQn|yOVu&Q73KQ1JF30XcAd8p^W^<> zX~WCnbtjGq{N;#qIXYML#oLtMMLVPU#dQ9;=v~XceP~{)hTEEk+75}U4crT#t`xi3 z%qY2XZ}`ST%g!=6?&nWhnKQFG)-73Byn1!7^0s+jJ$dD;7bV}5+}*qJSE-3k%vqk9 z8j&Zf=RTP7yp74Q;8d0-pX}GC32xE%t$E{Q=QQOmOl|T^-C~hz95&&?2TKOgsQ-5= z=kCgm44l+%+Wlhru9q8{7{mRJZ@e(Kr?n@tbgsjIo6edg2G zn&d0jm)!pAb;|Ov>_%PTC$?e&M>nfz?EiQ^^rh3Z`%BC#FU)B#__FMjiSX4EoL~QL zn7FNE)t@UOA=~N`cDqC`np3^!Rm=iCCGF--$C5+mSe%|F$IJ9WtMf=g+@e+XfBo<2 z2iiY%F;AAhU@(n6CGh0dySmvYzN;_HJGo1275{$La;fjz&)(Uw>_xrNeRbjVpYN~T z{Cef$>a@ec-bX(t3Of8TJ{oJPU167-^Z!uJ;;)a-P5vDCu3q4YRSXl0Y@{~#kKadM z-hC-E`-Rx|i-)ea?6chQ>3(XXOvnS9RTT{Jp?A2SvHoIt`uQw>8gI0-dx_zxcsolNm=O5eTkl^L`$`rXr4HegWnF!{W>Mgb%zy~NV^LrZ?i8^@Te$c4`o*F0Hwx?!Kz zTb65rmRp{$ami2Rd$H@c=GIlk=@*~rzkQLmVs+-CmxlLWTYt|k&@0OIuCKa2r+M=AEl&j}-~KCgAU)z)#r-KWte6nN5@1PXPZ6s6jT)ccvOOMk8qa%%?;MVa}MymigMa~aoIVa4;!`4eIK~v&++ukWm*g6vOm4tza;#g=WM(0%YClih*wG3Co|=gN9yq(Z|+?U z{BrQlql;8S9Wuex0E$dbNA&d*k5yV~t`-kKp+l6l1P`>Q*P z(@TUReOn_WzP*{LlJsZm{kxI|`m*A;{)F85#5PeYMpJWvXuHGYrp%j{F6^Cn+t}ve z6WYmv)1Rg)tQSWFkDgl6V5BLVW(OvkL{)YY5(1Cs9iYw|H}9FvO}g9 zbI$)wu~_l=^4nwo1E$7*W54@RA%E$v(|o)f$;F#CRup{rf4}#L=)$NycB}9D+*!@( znX1Ej?o?>oTGhjzTX|h&JZ!fI7pP0l);&HW*zUt8r{_}AR!bVgD?cl2jA@6|hoID!C@+Mcq$VzSCQqGBVb# zJ0Vl`vtY}PReR>lJ|o@C%`@)`L(FXLuCzr?;gdKukEPe~w2ZQr}FuK%LC^Z5FSO=v_NLrO`Iu=g-#Ld-xl!-C7+g88cWKh|M$pu967ZW@=`b871>iq)pv{Jz7S<&&9Bgvw3Dm5=OQB}J88Q{~TJ3!Z+rzI99A)%Ox^uRYry zZc*XpKK4j&)7CumH!sh#Wk2`b%k-M-d;$CKY^5dB1;26ja7w(s_*`tZ_x5QST-S9u zsv5!*OLdYMx@MTq;GVQn=>Eb}8_b!nMYJ7rIJ4)(8sV2g|KF_K;mEL}KDy@ z&SlDWuWg?Cmgp{iaLvOi)-AQD+hS?t#4D=Xx6eE&_e?F&cFM86;p`iJ9{8{!@!MPh zHeXx68Q+ctByKqU<=~@pRzlXZHFs@!_IXQ#|JnUFZz|g)?Tzj0QM>v`ru^WiMemBe zcP~1#HPqzh#<{MA0mjbm6SsWX(yj2!rh411g<2UBPtRU*_SmHtV>*SS#&QeO-b1HF zJ1<_7a7;SawC@+MpzYar%I^;C>oAhtw(;9aCe~Y9`2_ZtpZrhfMwd5Y%1P9 zKMj1Zt^8zv|Nhq;xp$Xhc)aU5(gn&Sm9<>VeJw5RlUiEO-n|>alzJN2{EZt&Hzs1p2q+H literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_bare-seed.der b/certs/mldsa/mldsa65_bare-seed.der new file mode 100644 index 0000000000000000000000000000000000000000..53011bcfdfbca2c2a699ecaad75d4769740fe9f5 GIT binary patch literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(Vo}hJ*I0Uc^}5#|*&S5Bx_mH<&*JUw>@2@){&ya4 I@sEJ*0CDOP$p8QV literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_oqskeypair.der b/certs/mldsa/mldsa65_oqskeypair.der new file mode 100644 index 0000000000000000000000000000000000000000..4c43bdfd74aff3836b0a116a0dbb0ba76be206fc GIT binary patch literal 6012 zcmXqL60cxlWH8`n<4kDtU`%CZVHRR(5>H`i5>L2g@_EMErcXv!>b0Yye=G>uc|PXA z`j=V>hfeHQd7+%9qfr-e_h!=6Emwb4weQUCpT;+5ZLz#p(ZA_NZ5sp_ce_iT_TJ*? zz3z&rsqUtE70UD8q_QhL`L@*GE#$n+r2414lgjzMkJDi$IlL|RnSc}C<+Eq(iU5z~0Ef@mX1l$r+3^ELx*;1IyO&Z!A zm|2*ND@qeXLN&sY0z6WaoYPrNEf`q?i%QeOT|$dJN|_iVOiY@B8d5rhoEg)_4N}9! z4BI-?LY)QFo0C&ZUD%XO)ma#YCD@83ic88=N}SBx+|q@LN&-bS8Z(^Jgi9L2lfzO} zTsvGPScJs{g~NqR%nC~yRl^ch)0-*;Ow1bu8yy@>gGHG{n8cU@A`%PLSXvnh8<|52 z9V?Oq3xN<@-Vi=9GEoI^TN(+l0qBLpmx8jV^UjFQvR zG74ETL>gTU#Y`JH+>_c8T#Fr)n2THsG@4C988Qr=lS;zH*qkaDjZ4xU8%;t(n$y?{ zn$pBdLlVUp8<;}G96gK_oh%wuh0GZPTapqw*e%$@LRl>W%b3K&TP;}90vpOrJKUU$ zGMa+jEX)mB%Q{-h6-Oi;LKmgwvafOPXB* zEEJoJI)Z~0Q^Q$GOG?ZXA`;pfRoU7S%ZpqslEcMYJw!`H3)2eKiXBQqBs7|XS(B2( z6Wd)i6ggajO&JQrRn1it$`!&hTEqf^jm<&@SUpVGofDkW7>XR49nuv=RLmO0l3ZQc zTf>C~JeX3|4a>_CQ#%Tp4VoQY3>Y)g%`{v@MN~4{1)Lk185B9fHNx9NnblZ|Rhdmq zP1q~aT^xl|Ma4>;6iYoSRGbPU(t{IJ|16bgbP%8V_icJkn*wV#Y z0t4Mmf(%uJ3KQB45=_I@D-xLmOEs8;&4Zd*)dW>cI7~`495h%HI4aDQ(?T6nA`DeS zTFphxjNFw?8pH$D6GI%-8BHUE#mYh*1j2*VO-ho4l@i3nMc5sRgc(Gb#l=I6%bYrb z1w9&5#DY0Qo19C+!=o~MPicHQVt1t|&c7|W?RMM%L5HRG zwA9^P@KNlvaMxCW)ITZ-4D&v+%rr6+)ER-JK?9SWo$7 zZLN{_mp|elTUywfSe#Q+Ze>>?dwKu1T}Mi?I*WAPbU$-He>F)g;q-!uHzn#HxkO0` zzF)wp&h)#y3=^Z z>$|zC*9^ROF>pA&&6)4ocOvkB=As#=)Nih{nEhEd%t1`&-T#BrXUM%jsJ794>imb- zQkn&QCL}+c@Mm#DR9da^d!NJG*ZKuJU&-I~b?cY++BZKYirL>i|Mb$8=j*-%CMHPV zFy6s0yXo}yf*ltVH&5Iaovhy}^uqG$pB+E;JnHYiy{^JP!1&aI1;2ky-2XBApXvu5uTQ^&G#BY4~{qDi3zWQRja?YtvJi)R&c4jxX z;;cxo>LoXyx4v^4J-pkfr+NR8neahVtB@I= zj8xxhq^emhQh2g`!c-%n-A`%?=URYiD~+*g@& z)>66R#^)_D9!sB3b{}9Z)`6XA`UU^9CQcYgpFZ)xq%(BW}(MC|j{;gTxE5(od&e zSLyYi*#G_I%nJ+F79WpST=%K?+44`bwzHd;`CL*=tr(a zXffB);>Ehsi@6ug|M*`Z&GGV`od)aY&*D6vm0^BdW8>MZb!L-4)_0!XuwnJVMJ0AojFrWSzaPw%u2%keTM|?r80PwJ&nLAz9rr{! z7guazK9Rb|q-0x>QI30nx@K{zQg!NTW6$PH;kU}1tLht>C$-5qPV{r*Hb*|7-<){ zwNPnGsdi$}_1vrf4^8y{lX7c&F}jVx9mVbJM-)S&$Jomx361de_cb- z=AMA%>SJr&6vS;FO>#W@aC6|xZ|73)-@M0>{pq+C-{G1Lj^1-0KYv^p5g?b8#K)1i zI&IyA^mzt)cltc{-`{lbU;-bG$~)U-e*PM%R(<8$D_V5{=Af>ND9_l1tUFu41< zWO;F>w+hdNf>Y*NymQX0otWBEcfi2&2pJ~sy72cymUagB z`sIl;r0(3+nx$=gUgMzEuY)!d+IjT++kVLWve=kgI;)yh{GafV$oy$$ua>xnok(b2 z{G(;<(zL1jm-y|Nx36)2_Nv%Pt@)p7MR&<=4f)`+?Y`XN)2ve46sLH-@Csmlrm(Z` zmPEv)cf~r9DuFKw=8HIR+Ba@!uPlj|Kc2JU6GP}MPe(mv|M=p6`wG80xXxEuwqg@+ z>W?pLF9`f=z7zGOtXZ#FSHunD!sa4*$*sPrjRMooYJ4x9A3Y!`O#l{2e7%Vl`CxN2rnozRpe z#XIX#TS_V|Ib|%5ni;08Hkj~wp&n!9ZWh*0iq$fQPMgRT-;tlQ?ZEG7{;f?X^c&h2 z_jJ2wE-yR%u#j&_=$3nhuI)?fi%XWjV2xOzf9aoK|0}0&yE%_K-zmS+D%9%ZeUDK8 z-JfeM!<}idEFb=9F+1KjG$~nj{r^epKsNtfZtEIZKU`npTDkP90C(h+mP>C!XNtC( zYc@^1`tik_o}^{$CM6~lFUNHpkc+cDS7^?B#=C~)SRT{e6K7}sSUoA7U2p269STdG z`QAG0oba*Zd~uWYpB%m5)qGzrXg3J2$$4GrF)iB9dhv0aDqEkE9b7HBMrWS7&9Y?Q zA+e*rTHS{G=#ga}zpM9jHZ*QH+q$pw__t>-c555oPrPVg{G~a)+{F36&<)W~7gF__ zw!ICT61ep2ghXu)&dL6UGxqI_-D}Q$!uMita+k!HEr%y;t9W#5qW#xbW}ny!8qVu3 z==&Wkqc@XNMIx7Nl1{ap&eT=m46omx|Mt_I>!6AD`B%v*vu7|pVYwW4Cq?wvZ@I&Z ze0(x>CciuO&Ca!D%euJ%*{2L%-(7Z;=S1EVO*VI*jh8iZ&l!Zf{$BfY)rU@Q77pWZ z-N}p7j2(@uSo<)6jL-mq&b2$(^~oQIWA;IsMI&n5CKg?%WCU{4=BH*(jxF z=igi#a&7Zj$DK=O19WLpa;t_fe6erBNTe73UrIFvHKSWmMOvkJ5`2myD z?%oM2^S-NeT%Py92ZNi22e?#!Oxymhn7e#^zXMnN*4<)}$KMu$}|_qMfZ7M{`4`Frod6WQvqX|Fp!EwP)jZ_zU`?f81dE6X;l{5>=G zZ(8SOP2rVY(hfe~nKs+TL~neVQxKO|F20UUZ>jQbi}{61QxD{ZH_x?H(AlZO(iZYz z!Iewvk9?VZG_JKJ;K#~ly)P^~|5|REx9i6FCD(V${{DJqdi8;iP2%w%ZmfK;Qf~U8 z=$5u!mjZhqEUUY5afhg1O;FJpN$%5IyDDegF_?BUO09C@vLJ`oUsvRJJz5gR&z4_k zTq5v;<)->X$H>&S5O0p~TMmcSoH{p6JAW)pT>kaT<*a2)L9DF|=Qc%Toc(5C85ubH zX4IXNPo=hm&VRgbx?KLDGq10$()Uf>#sB8{zl-&$xu>q^Km0GaY1sxD-q60EQtI)3 zGVa|8>=sV94{**;y0}i#IZf(M%-Mgl*SxS#*ti+ON<*<)38-Q)sdK4&gH~&F_`D-!uj>7z=fIbC!3pU(ONS zdhfvzQwgo#CpU?db4sTF>g-Q&pEUo@{OEwRMa8o`D-3@5Xnr+dF;{DtKFPC|qo-n8 zuhg#(b*}`bPGx!e^m$Zy^URFYxhC9)A1-N*s_2r@Qm;H%9$e*RU)ht&XCB_}Bq;3g zQoY;P-16eP$#zR-&J7CP`03iEs}rjiGH0w}<(yp9zeiihpi)>m$WGvZ-?|;^%anyf z^^5c7htIc9)O5Cceq!&rmA4cuiv8^cq_!#bzjRHrKm7Qf+k+c3w!Pe)(KvPUWjUs* zR$5mU*nhWM_J{56% z-H{IlWjC_l*{4o0T6B{C!k4UECAlT%wm%N*oM`)~>8X8J(#J0wtGeDDF!>>D5H?Tj ziB|5V{S!Ct-=zQU=(EYMzx_wiOw%Xg{BQ>h6^Qv2AZcW-45- zWaxd9wAplP{p9L@Fkq{Ure*d@b zmqV9duh%V&*}}ea>8Y8bXBWCoQdzM(m$${trN5s`^oc@fqvOT9`QH_-6-0~rt>q8B zT6{0zPtx()oO-VA=BA8ojzX^;pI9ooU-~$y`tm!|{?}_3wsKz%JU{t;;HlPxjR2bI BdFKEC literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_priv-only.der b/certs/mldsa/mldsa65_priv-only.der new file mode 100644 index 0000000000000000000000000000000000000000..bdf04a2cade148ee20c46f6ed8b23c10ef3bdee4 GIT binary patch literal 4060 zcmXqL;=jSf$Y8+D#+lIO!I;X-!Ystn#D9dPiT?oWG;5K&p^uXuJ$i91Kw}l>i5rCn z?=dmokKHco?6Ius>=CJs3)bMJ!xP!adki8&#W<9E({hBE(oyQytlrL)<(ilpW9fMia8%6K919vH1k*KG*owkS5``=jIT*{+*b6!wSxhXFOiWBW zL_&-?B7{pB(+z`~3mS~o961!y9gE#V%M;rJ$_pfzTMX14#LQJV#FPR{k`yaSnvDZX zGzuL#ijp!I+5?$7B0`nISOl3$*__myQv}~aa8X^>hJ4DLMTonZ? zGCUevo5c-E0?f=BA~@1m9Fy3URM|sR*qFtd*vdoPJUWsMHN*>9m{>C08r4KZL(5&1 zMAKXy6jU{m70lC_4HTUd1Kl*7m5R)m#R}YmLWKk@l+{!X4H<=1IFvJ*I*K(ij1q#} zT3J&%S{aJi5;8PWLOPPl)eM4)%#Bh#%ESePiv!q1jKdAhJ;W6f*fk8*jRh)PQW%WX zg+m!=9aR}r zjWrqrRLj*P8bk#}0z?9p3d&td)EZdKJOovW9K+L684@)jnoC`oK?$B-P{9=4T>3!0^5{|MAOPx4NC)@ zoWtA&**z@El)~K|on2E^1(YNd!qN<#ncZ8>QW+`=GfJ4-6-tyUBuq;iQi26kn44PK zniAmLIo4k6+}y0 z8xzFajXR8lB!rn80s{!$b?24Jue1Gs2r$Lf8UY*%%{&(?Ww(6^c~?6`fKwN)tE? zmED+4nUj(fQ#i!iR9G4_f;dtF3tWU#7z+#&1td(&-I|?E+So&!3X0X4+0+t@g4@Fc z*+fj66kIrx*@G21Dv~oagbNdd+n7UHQbbLQLz)~K7|oc)Sp!89%{3Z~i^@6}*c)3y z6Iomu3o6YHfz?|cXywx?!3acFe9VrW#Y8*%8v}C>4#bF zzFDNTt(;RejxTV*fuFIxy>9Xc3mtZEGdb86J@r)Q`BT?k{>VL{a44kY=&t$qoaW`< z77@)#X)`SfKKk(AADk6HRAxOv&{oVY8@){%Yz3p7usC)_aY{mLLR(f-M- z&o}d#vTK*-X@6bVk-6CGcu>hySEil(f(0h;j~Tq*bm>QsONfe^?)52}s&xfC<}XB- z3*CJsFSDVoKYo6|!_N=1*cF_YKe?`SB0X#R_O~g*mB*OhcinUod-=ycC6jHAJDY>{ zTKk6$OSfp6=%1au)xwp^qlsU&3V%~bv-HX&yUaiGuz)Lx}UFc?GyRz#`{|u3@X1$v!cc9&7MSdPCV%2soRpx=U)zDv|I!x|LCz4zMX#?(A4y&t@;Fzb@gd8DXBoC@+pFKct>FKA zjMGNRl==RJU)Srl?F>CHXf@~1My8cJw!L>f?)52Gyxv5`a?ASV(l?XK8$8@Qejm0I z6+6v+=f{z64f&6{uBaTzG!%KbL1v-kW~JU07dp}|hfPXsJAL9z%BIqdKV?@aHVNG= zQ95}pdQbA2Yfkl7Z-0>P->~$`obJ^Zcrs7id>(s^-_rB!)U}5=zOPhgp1t_V^R-_? zUxhy43SM~Ed!4eQL@JlS{JSjThcC7+pSAS(dy9SHzfT>XB>eZcghcyFkv~%AB8lfx zy#Fg+oxRa7QzWA=Tx!>$h`;Bbo;tJOP^DnSRtDckztj>cSc*(;-*|m?`x4&u`(ElV zlluG5{f`j4KwJ>FXBz2ebMOVR%b7eEP3Y`tkdPblj+{iJBt?liZXdngr^ZHdQT`Y3RPlyTWZ%aY;aXYUQVXztZjJ)b;I8KqVI-`@5wTEA1}GWSC@#h%}nXYB7hB@-oM`rz%V zx*$He+1x*ORR}!ZJnOZ*RcCzlE=9@IFK!VxC$G5IkSDY0^V0U<-1#<6_6y(azsr@r zbu{=9n(<5cz1yaJ zcX&#ylpYH!9LTtQCgV7{BA3yK27KoeE$7i|w@j6sMq#3cbH;4;A@v zuMfC<>od=sFPEiH&6*bZT~}cibKSbik_lOL`wKSqzWuv>c3a0@PEOHfPxEIzI$OF>v}UCqpE|BbGkLs35S=6iqp#qHvi=6Y_o>!sr<$rrSm z3yWfoO=ZIgW zCO3-`7C)_i_uZseH%qG|l*jL%%tVn#?o5%p-u7F(51;zjPC~wDdRg<9$#K)qv++#* zC0bz@vmi4_Y03$K)fY2cDyC`Au5PpiZ9|8diYlyqo*Kn7z4ixoO$LlWZf1O8+Vn1^@~lf%c5GGfr@24( zBxcWuHLzsZU=R}ME2LeN)AfeOOe1gBp11cBPNqukJNsZ$bZMQa>*a?x+yrcHzY+_0 zNB11Ur}pfv|89T(@cvn`Damw14*)1;ZrPa~g+Y}k7yCrsaS@hXusE%~XF z(zeg~zkS~n%Uj!hOxzCMxYBotdD*2G3w|8Ebl7A`!z;#n>sTMJ=31hZ7=P-f%!Hzw z@2#hlxBQCXR9x4dZ@Do#eZlz^O$#D_A7BcUc3waA&1#WTg{AG{anIY@B+QoYnLQH# DXBVNw literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_seed-only.der b/certs/mldsa/mldsa65_seed-only.der new file mode 100644 index 0000000000000000000000000000000000000000..f7e0ba696cb37f659e33863dfbf23549bee3e5d3 GIT binary patch literal 54 zcmXpoVPa%3;AZ1YX!Br9WoBU(Vo_>PI92=Mzt#Cg1uL|9-eu2xJICVw4)g6#&mD8< Ls@6XJWTO)R#yl1q literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_seed-priv.der b/certs/mldsa/mldsa65_seed-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..005825f555001a7f09b2cf5158cf6b3dd18504d4 GIT binary patch literal 4098 zcmXqL;{V6Q$Y8+D#+lIO!I;X-!Ystn#Q(~miT@dk0>_=jW|=1&zxte(F*5qG(BSau z_{S^HiSGHF)^kSZ#h0}#P5cMuIn4bwE9%(qDg2FDEn#uXwq@S>$(uf-=%xFjkb;|q z|C*-UU|;&aTd{b1i6Z9%2lm4oa^qxLH~R)@&R<;_SUI09ea@`ULFaYccfYwacay}` z<=yh4caAjg*dQVu)+i(W(mSo{($iVnRu>n{_QK? z31zr4q!~IUGr5~KGL@Gxw<)sinAgh_VWZ2bC8Esu~5br!}QmG>L^4mS>cgIYb0^6qgvQD@q8qYq**@ zD3=?SF(?|i7gU&<6gruQm$oE_rM0;ksz?|rl%$zCcvOfPm6(aUi6Ts3j={au|dZstPwdXEcYEq>6KRcqqD;C#YC7NmQ7nWT+&zxhjVVs|vF^B%6yj zF@>`h7OF67uyGW+v>60BrWO~OrD<`&P2q+pBv>Pd@D-^3|hz2V(lnO93rwFNtNN^;I zG*xgUGPspCG>Mib7nmrErx+Qzn3M?_FekV*XB3%;xH+4MB!?H92{8$ZBsqi%77K*4 z7!(z$q-r>obrdVR83ZW_s41$JnKKq7a%2dGDM_S=8y1>1J4+}jF$V=O2$hDWHiem4 z2qdwUnrNsd79qfvay9KI|~N7nK}!&F}AueF$OsVCJCe@ zF{+j&ml!rCG_iY#3aYrVSO{taHz%c6{-knlqv*8G%2bHh_^?Cx3;w^x{H*yl!%L{hpQ*E zmx!0EvnEA^iyKrFvIrTsn2v!%E(yDGGFm>8C)r%E`OwJ@hQ2OBD|BrqF> zo2MuTH8O=cF$5VpF&hMSB&v9XdQ=EXhz6IrBq=zXnX9?DhKEY9F|}qCrY8i3h$|P0 z1Ua~77#cYyB_^`4rz*EAG?_4kC#Y8lrKlJnQ~~Pvy`@U6bU*gh_N-hvkH_s znl&qMq_sMQhX{BCGkBO6F|)fhl?5t_hC5U+vappYCoq{YsCtApg&PP52#N~`sR|}I zvKJ_)1hOZj8Y+ibD783?Brt>)mn*S2s)?{Er#A(e3OE)TF|fOTAXFr_6IGbEcZMu@YD6>6jzB${%hmX^Ag1u_+Dm^-$IMzn;MG%+=m z85yK-G%AK!6eb9YIEViS1^?p3MaG+B%2l` zWw5--E!Z_Nd^|_r1fib$RB&4_oIo${jj4XQkuzS-*dNy{paboR_rcpj?j5 zicJe5U`TP?$veOqieU(b!r^KPrCE& zamD>&`nO!vyVE4C{oUk_I<~{-1w}cU3UX&u7$kY<7nPapNUyvrBWlK+b!{WV?Js{l z{pW0ccklN-rPJK^Chhy^Sfl-Oin(o}%-L}Wo76UCh8>gLe0lwIUbZXE7%WbII;%0k&Zk+KB}p#O&gjK_ zh1f}3SEnyXc-A+Cvv(d>ew*>!Uklitd=8l-&?w80_V2EO-5jleTII`12fadWpZ;*Y z#`bl&{?;hbQz55Y_fw3KarX4G(pe_z_Y;!UweD=n z+{*AA4c#aDrnl1V4^?Mfxu^f|2e0Xo@Al2jh$;3u6@2cizrE85VUfW6SG#6Cv=UvTAgk&io_F5i^Q>oH z)`godUeTGM_n}2zN59M8<^KM+C)R2hhj=&n>ECS-)wVV*P=CAAI=8-kPw(kTto%l= zy>4#5nCEz)@>|Qnqqz#%f^R)+)~?@fcB`^`+oqMqtM3TT{+AZ2c|3M@TWVkQ2mOal z-&Q&$Y`rG;v&g*flBkept>?x=iyroh`Ti3%;A*c4-?iU)o#tJuyR93WUrA>lIVdc! z%%M+BPF(Oqy?IOI?$p^=jFLD`R~kDVD0QCv>x6?Fhr*Zt+`b8_MP4T_%ImGV z^5K7USoT9ll|`0YeWS$1SG`a2R+&2WWc%(9$G=UBTYUS~PrD}(uT^5SGv4a@Wa)Sw z_!|8%%fRYl&!i6FV^`TO_)K?LapYcpGVbfkmI`Fs~unFBvtY@wl zt?KGIDzfE#^!ZrUMppBsi~k*|KjcuCr^uLHdHu=cI}5U8ov&HD=-k&^+Pi1U!ix;P z>la=5-Fj__%A1KH_Fw#ym!DFfv)_A`=(oMw4qlS@cRWDrkapxq8MEvu!bn;m{J zHDK${EppkDzjM4Ox?4O|U3BV4-h7+vQ2xlnk5sombyRp)$X~6kGxc5oucU6|p4n3; ziShpbB2yt_>~(uXP;4gKQJHi3=NVU}T{TNIQd9d^@#}`F!lXT`{#o1ZEcN7QnCqD7 zR5|TOwbBjK9}ky)IhUUE?eiLu18H{{j9M-BoM&6;tWp(o=XUt1&j<5diiCcauw1N~ zXU(iy_EsYWm1zb}_6 zt?Y1|eo|wTsYd6esGRC!p02&!y~&DKc845D%l_b(Zpjh2?qj3Ls?D#Td^omTxLJ#7 zy~N~qJ0^!~uHfA~=|p{}ZjJuZ-e8T%Pe^Uz11aW#J9`ZuG=TFtqW>)G~d$ zcaP)QB&Q`4Jfgl%{9+Qxr)Uac5*!Y&Hm?>yjdN0W7V;R zF;3fvZ2-VKVrwp0ZogeZt-B@#D^67@E8LdlnJ{vE+zTzswtB`jd&)2s2 zTx4I!@L;KI`hM5v6Pv$;{gCMX?ehJ16_5G>+hZ?Ut8ZilO<(l&^Ea00*Z=d^)}Q}7 zOZMkBPfq8{KmFFWt3FmqZ+DgJa5DVNa!l*P><>*DMwJ^gZl7Gz<#P4=F)`(eXOQHOvAY9J@}~&iE$(fcyKeN3F$%H9hi;Q+}?OXIRgEma#~) z^ry#`)-BR91%>wKKDo#D?_XGRZze-n*hj|~2cBqfD)1a=OkmMDaH;q9)iT5AtA7`o zCeMGT^JvzqfUml-`5yfTnQ!$}KG90tDX1)aH)ZM!#}##!+osp?lklzUuh3{xM=A^>8GxmJhBN3xgK;aENV%tsa*Uh?zo8;@9Q^yn;9P$zq6h6 zFw}33$$@X6{b_TiGk;ci5i8~x8IoN6+d{6k&Y`;O@2&gG z1NMGeraJLN`o&8g>lceYNuSfn`az06QuMcp>zuY$eeu6pvqUNjj%B0MsuA9Hk`{{L)Yvr>OCi=PjZ#`vkA;D#` z(dK#FF_|^f&RU;Tn`%0_(ZH(f~zD> zKg$v|a&j*5)4X9F_tE-(`iq?_B_?lG`|`0w|GW6Wf;ms#oSL!cZcN^eHwK(G8>T=1 z^3}1-TsC~O+eOjOG669riSIPR4QtzGN}rS6pY!C-fx~rQCq#eunPnX}_3at{h1#Z> zwKEt`ANn*kpyRyM@3_L|Z@)Hud2)W$qwc$+nSShxj!)RWYE#6*55ij(FqiEM%J1`z z$Xx%1jk8m7nxW*06p5`FK}Je5mgHVBaJsxn@W2$!=xGWK5=Kr3Se-2tg;;_(9J^+* zaYV2<#2EQZ+2q0EsdC0d=)xfuC$S`k?Vgj_S`I1c`Irdtuq#b6YngCFKtWYekfSJR zN8kek0i{WTvyM3~-jOnSg6|@Zi7Xp)98D4gR zfeoHL96HRd4R_pl54z|~Q4y4yEVxL`r^|%x(J{`+LRvGIOuQrD6(hu>!q}$BlBaMi zbB%or1#zm|u1|BYK zO)`!d5@IRJ>=`Frx&%#f1DXURSsOh)bgyjVWD?++!cugwBSVGLZPE#!NEMy~O07yA z8X`L!XE+HaD=2X~b52z8TDYwD5>ucegV32{DU24HGiSIY?O;(^+`?(ndXXvj@ia}D zZHfyf2|Th;Y!G0%aAKl|g~9Engd-wF0&bctoN5H zX;3tgMMH9$#)Bz_liNB3or4&sCc0>7T#zt`XyCbM-?lNne~Gx;<&^&FVsqof|-E#Y=kgORJnP|8wkriT;Lu|N(n zp-2u-7B&qPRn4AhI?7I}g3f{|lM-)FX<$+}JgwxGU?6mR0>_yahZ7zhlaDDX85G_U z%ZOB%kZ{0bAycCaD_iseU#9J?O2!N_EjovGbg)d)O>7G2Xq%wy$lKLWcx4Og2{%3E znSwHgO+vcKqKHF=TBMV8KPhQccbjLOPfLd==2o4`HQwR?uD@`8lP5-Gt`csQ1OI5;qHbxv?J@R`Fh zL3ugnY%!J_O)d)Usf^onBN+H3EP3X*v`m`jB4XIc%$mBufm7sAM;C)nw+5@il$HsH z7$QzIC@HB%FzI%4C^CDdEoxGgndEwh$*ZfQHOR#1q=M0frkoCkuE--A!p9vwER0Ti zXel@8dK&TFQgCDB?37{&V&TkD5fo%_?@f}(iC)yn)!^VYBQw#gDa0)+WkcpIp@0-N z)lpRvix>qVWFHuNk88cx2@}D zd8V&m(n-?Xwdm#b*Zi~2wRW!BZGUy`SN@5O$?|T}MfZ-S{xjdUMEUocg@^P-&Ng_( zA76Q2c+DKQQbkt3iLp6zaeV=8c@>K3{k^fT{Ft5|&=8t)4 z?R=WQ;K@YMXR`(ScdoE@s7*V4&t)aEy6exYh8^#EtNCIhT2Fu57Q~^X0;uE(Hw+{l*uz6AaJYOuP}I^<>8D2|LzpGyeJ@ z!`1t1XOh^I-mQ$g%Qm<{`srYN-uEFmq~j$6nB?*{5qo=7w{`cqVcVGP>%g-XZSt^J5NdJSJ-IJEId|~8q zk`r|Fp11N!%(jWz!s|~*Xq`MByzpLUfkdYgH>1}FIhW$a*W_MU?foZmsiQ}#Zf*T} zg;U=yt36xY6EOX-`2&BsS4|gP8ox=t4e1kq!PUFtM$6Qs)syU2@|!FQdC+#_A7kZ) z)>}K0_tge%`n<^aOIgePv}Ex{wco|duI%7r5}5M-WmLz0zS&o%2Bvkl^{#8Wd1>-1 zG3Uwp_DP0y%;!x-%fx3}3tC(gmaEq)ds?n{*?7*MEo{mMpT})Bvikp;Yh9b!hV$_v zMX_ladpB;Hw&o3EZRLzF3Y|f}a~B`C|HRjxaVS1hb$<8p&+qq7I-u_HM1Aw-TXh%Q zcy~GJr9?&g@LMnls`k}qZ_9EF-jcHVGS`BxpJ5!)(+dPs!e;O)hTWLr5*cqV^_3}d zew)quFGk`oW)$x-a5Sh~{bi!f$5&_9tezvYTHwe+iJyL=)w891u02}Z&*yg2=fsy! zoh#=uoGmMJJld~SSMBY6BlX>})tiz(?XOCh8J9U<{%F*c;4R{A5mTDKe+e-8w#nR3 z^wj;Hm8`bAx6k>#f8NX7P91IK*$GGNQ&&Z?6m4FrGAT1DZll@CN+WgG)q3@@*S8(+ znfpUzv#s^vFRgiJb2M1|G(}Ul)Vycexi$CKE2YH0w&r&%o=E4{E5Hb zfA#D%ABMkf=I=cYr#J8!v*f(#7S`xEc<{r9j}zW@3D2rK;PZgHaoabg=e#yp} z_r~yH-)iR{$5u{tJ9eUf{_)cJn6qN~wr(KbmtQGX>w{v96*PbQW1+!Tce1hB9FW5cIefOm6)Gfn%ckF(ZWG=Kk zV<`6`+U?*4`va$fpM80srP$Q${p!c-&=*Zy4_NZfiw39$9FUplbK!)zt>4K>HFZIC zZ};|0kx&kK?R}#w{eN53|6ex+j?55QEyL#TWPbMyv$pK*j2n_}4zFZ4pJn@Y*Ynl= zYV8|o_g0t8`TLZOdFQ|Sf>o1r^A1+Xh6YU2C=hGPIbW1-$KU9azAvz1YDDH@pB2+i zFSwOy#Kjg448 z)!@UC&;L5yug;xvbsd{c*5i)jMQUCB(^|U(9DL&DUHf5t+Wl3y;G9GE3(9WRzOGN2 za(VBODSdl)tcVKw{&(w@dD20XOrxC^p9?=@ek|zCiJ~R)Er#rl^F7YDubs5$%Yn3G z&WFV#{W8KL)6TN2oMZQVxqsprvqcHPr8Cwh1TUX8Gq&`Oxz9QKvo04*SMSK~VER7M zz(H+6-D{TD3m4}GE^O3Q6F4Akab~LX)v`sRXVo556@~?jaB_C zr4khUj!*d#azrim-u0)?HR2z{u#`PvJtBQBq_OF~!uDUk-z+dT+$I^mnc>EoN3+-( z-_N`BWmlhb>f)XqB9$LnBo-IEnpNZ2oAJP(cV1Gw`qtTvW+wG=GoJc#*)mJ@f3=$% z+V*UJ^{vxQ^-qOE%KqNndR|V`dWoTI-p7u+M}Bv%{QpG8{Me^}Z^ok2i<0^ezlxjs zm3LYu_u;Oc|*-L=}@&G)}HHaWg1swM24HIo{ewEgt1dK@3KD<47TSiIN+Bznc?hlW4WZDbI6?#d2*fe>T!R(wqeT}v4tGc|kju#w# z`q0?GShwIdlUGj;%M#UW;hRaSnpI)XCSRHz@7p)+`8jX*s-s%-eIABh%4pk~?e(%w zY^vMtG`{#L=ih66h_vcks-LFQUi6W31LMIxeL|cM<20mY+Bv`J7*C5TJ2{=JAlYGd zZP8!X*>m_8E{lJ*|JrkrHihqRmo+G^-&Dw^V=vV9mofgHu)KWv5fkUxX0j{&8U8D} zzE%6dpj-TEOO$<^Qt4!-$?M$m8K>JgvadL+F4QH@Et(j$R_Baz>8HypY9BLfa$2=V zaPpkvwVTd&y>)HbmiBb!r6UXK4nJ+L{k2=PA3A>}S z?XXSkwb`)`XX#Adq_8N)CoFECarVh2-U^RyeUhkRI%2i*zh2StS;-e)u8H*6#5uvD z(lRn^QM|fO$IR1j@2srbus+O;S>`6sZ=Lh$-`6(X4as+@^pd zoR`_pJD&>>?Z5GR&v%i=n)ojz_fIgpP5ag^RotU%Zy8gN*K~6F$I~)N&v(eKxHEzG z;;f6+$#;C2BW$fE2ABqFMEMyMpG`hFX}9nchewIN3y){KxT0O<^ut(e_G0PV3;F#{ zc|7RlHghTe^UgEQzHxf#@1EK@Q#v=UxVyJ_ zO=IoKj;LdsP9EXS+cWvd{2Mk}IsQ`9?1P(YY|HfoM63KREs&iZ%;V6h7tQ|UR=Ve; zoS2YHN3+(isNXF!L15`W)?%3*Q)BzRBOixxeqm~jdmy14e)kMh~N=OUIhmlFPe zQ;yLxDJ~b?AdaK;czU6y-+0Wa(p@kXo z4ttb^CM5lZLnSxeQknMxzO9AOdku5 z+BjalT>kmi1=p7?!3!05(kq_}h;9+M8CdQjBYeX{tXM`*-edZSb1ct}*S>TK{_6VM zu`oq=uh$$&DYn?Hc+woV$5)PH&p0J0ma6m0QT;Oo2}OP<#gFKPZpUY zDiZ^Cg)HD*;az=s`_aAr@AglSW9@4-HFS2rrkwlfhl0qi$fWlH2{Zh98=C}cXRp1^ K@wY(GFbx2L){yT2 literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa87_bare-seed.der b/certs/mldsa/mldsa87_bare-seed.der new file mode 100644 index 0000000000000000000000000000000000000000..bf0dcc7c36efae130dad78daff8a0dd8955b990b GIT binary patch literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(W>Huh-z;cyLrCcRZu|L(UVZX1``a~AH(ofmV>0u~ I!q{(W09Eo4TmS$7 literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa87_oqskeypair.der b/certs/mldsa/mldsa87_oqskeypair.der new file mode 100644 index 0000000000000000000000000000000000000000..d81717730772c5a64627466dec075f3d9fec57d4 GIT binary patch literal 7516 zcmXqLl8s`#yJAVF3JaZs!x?g& zGGpTBF0{NqV|w@B@0IGStS8;uxLm4Yi}`YHgEfy@bcBk13;Q?FlU?0=YF<;-MrbFtt?mltx97d>D6xwF$oXXnFT3pykEz5o8P z^s_e4nzXmRwVYEkaFK#X0~439qRYi4tS8J^Rm3tFrzc1Xrpd6dB(r24nV^}h!RYCd zuvn+M;q&rReqyMMhDL2MY{67YGV? zdMT==OcZfsl$hu|qu|Uo50-^FX9QAwJPMOlc%2-2g;#WRCq-QcgE?inu2RiZL8=&=g=!3}W)QID?T#IQ7v2Mk&TliK7!v z905a3~Fk+SGiWM#axBivGgK4=h1qz_iX=LHSU7VYPZ4bC&^h4IwnRi=(w5W< zY6=bwxq@s82OJof3@1Ke<7i&OA?cv@gh5wgS;7;g1OW*bk*N+!9l28s+@81zN(p5~ zDDW+r(tFd0?}@3lvtu76Q95oh888m z2!^6$HX(_rEDVgAGnIT*RtC-x^Xafi5_V&fbSj8B;>f_Rz_7&7bB039F---LzDWx- zAF8z}OzChwlsbut%Y(zflc}}QEaR4hk&hTJ;}U}=AzvPk07XaMQznd!3py3HOpw{a z>NCTUdqqGr(?rGPfkJMYhuz!)nbM+__)?fMt~9wco3SvPcE(s}IxR>!AmkLIl69hq zHR?pdjV+o23j@0u6c`w}l#C{HPE&X=Aw#6Yr?EjmqP_5lLkqJq)2tn>4GJnf4q6i8 zDgv4T&Q3v!%X^tvi$aV76f8TgsBkD72V7p_(8-kG;^z5yl7fh45c47)7bT@65!C>T zj>$)I9G4kJF)4OT5?pj`G4U`*UxZPY^i~xP<(7j>0v~E5O;YJiG)cY9lp(=r*y)lrN1*ML zNbeH{w;5Y9yr%@pFe^-QGq^P)mva%ztd<-Gx7+{|RvtFa$r_46mW_={3NoghoN7ga z8U8!=E%azxy(Rl=ftKqpI{ap=9#%% z$_=x`c!IXDrZ^NyDQGB|X5Hw>on#i^eIlcoiHFNP^^}p*?GBD$w^U_OL61$n3Y#^U zx9BKIy3KLmy1b1?#MGzfNTA|oK>@V_rp1BGVx5U1O(B1WFf>Y9m8YNrka1W07C zSh}7NNqe$MRY^$ju?FYiWtt)?fr8EkK8tu6+$SmuaC(~Y2#f2TS(Mu#(wHLF!0f=t>X9hX z>7dk@ydm&WNAC;?UIoPoLR(n4wqyvgO_X6snrNWIt)VJC!H2<__l!^`r?Oy!%A^w} zE-ceJRW$n?4y4SOq|#!R73raJTEb^JQs<2Suu zb#wN+g(=Tjuk58!JCm zw%M_9W$o`-A@B7iJ3q$HVSn`Euuz_U%ZDtcip<0LPybr;Sx!Iwjdy;UNp{69#e$Ye z@tj zm6P8#S6p*Hn)vd|F}1$=9hGM{G-PsI_tLYUU+t}PY>_di?erw(|MOdpBr$$2kEu^| z+_1_{eSXBXTN?xU-s)-vODM1Do)n_&oOa>XkIrT3d+Vhl`{r=Z*!TOG%&+2;e5wgH zt`~|n?p`^$YVxZ8AMYof5dVIBM!Kt9(#7lB=jkUd)BC!h$oRaJkEGvQ*yR)OX2Z<*e^BhO!u z_D)H;e%xsP-D7UNjPkakc3Ia0{~g~qd-{ZZ4}$9KvbRcI6g+#hIdgWyTdSJeN%9FT zI^lm}l$ZK{@!G8SqgdrjIXhp{+tP9?VYlKm?T2UL7_KeVShb<1Amu=H=t(!hJ~fqR zQnrN?qzc~#&wbUhM6cFCabtwULh;4HhKgL=S*P3gF~>R1=I?Xa%@p@4=aFX3>$^;^ zKKE66`Ihfpx!%-szr%|K$C77RD3pD1FU;uUU;2&9p*v{9oe4E(()Ba`&$#yLbwEnt zar>A!mcwb@Ut5Lv?7pkDS}Z#Aw!q`I-}{Y*4IAgZu`8Ro`TAxJZq^TiFMFRZh!0$0 z6wn~%v^!w6-tMda+vLR08~FFNIIk<*t^Fk`XWCn>B9}${Q~VgFytrv@>v*%eCA1=9 z*&F_*+e};DK34v&d)uVbzauK)>g2255~&TLo5bB1ujU2ciS4PoYBiy3iS<#AQ!Zke zKlwtPqZKAJO=a~^d;R;;jToW1syd!sm-=1apJP_Cbtr)$602d+-z4X=`k_bQ+dKik6#z+0#bTTWn~t-Sw0GR zpu_evk0tt1_N}jrJ584CDVRICIJ*2!Ol&}Zed5fcPaD|}PX185?3C-bla~MZeYUCb zZZ~xdW-oL&YdFhgx zu<2x<$i+V7KB6!udYlpTlbUR}DeP;L3UX_i6Dw4NSx)|x-_>x0L8 zc6@(mnlvjzLWL*tlpfdQ%iJ4xbA{iUBDo>{V7+aDcmDL-*;t z=D$jH>(xDOrB0P$nRV@pm>}m?hDR53pZ{qR*|6DS#;U@asQlBeLY7slBj2ZVo#F@< zs?U4%!*MkuU!Q_4Lk3U9udOM8-+ygo4>JjPm^S&P)V9C~7q_J8ue=)9yI18LDvHi*h(i?IEpItq)=`y=}@zU;ar+16n{~Q%bdd>8H=?1?kj*M2G=eKhm zsXDRi0P|O_E9VPeZ3v%|`$^)n=qg)zXU^VoCQXaDk0%s1akTCUNOE`HarMjG&5tvC zHMrPYikd7P=A2veH?iiznW;0g{ub+q=n5r-oMfAJCiG&k{#VBBZNE74ru;3xzl1OA zG^_1DeL3C>@z0x<^d5Xr6mjEGde9r5Ht!EN;v5Q>EGl08F6#a2nP1vj@2ZPE)}Ob; zI{w;)-P<+1Ua#M4xAo<(4KjRces^3PwWmZ&7T!)zv8g&(Zoz*cb(4PB7f7@JTlIG1 zuA_-PsZY!oF~+b&EWP9_xA|Y+!lkcD_Zy4n__w^?@A`S`F^lDq|L!nNy`+AI>rKq= z+KE38uZoH&QhuLvS7_n?^JjB^*!WEo5)_<2H{0pc+Jzea3>7llNy2TxHkX~(K4|TTtDo{~+q90K zt6o(YWjye!IH9UK_v`1(?skig<=l$QKMZm#*&-96>8yFXf7x zSC~(&iM@D!X7s|ug8>X*ggV`{n~HB1Oq*);D$C+TSb8|`w1|COCEBmuYb+lmefhTg zv2|y%@G7a?Qhm&M8%jWYmWY7{da58nHi_tIAb-R zeHA_Eo%Xpcv0J10doq*JiSkK)=i8SxEvpQFwnOIowD8mOxOsamwZFWauCMsA_@=*R zeut2!qHiQagn8WI__fcuEFT@etI!^7x32qPXC!Y-?v~GoP4<;MH$9mX@~Yq^tL?vt z21Zdk#>)Box<0>Vyu-IOl0lqrCd0Aifz^#i-_Q8+x~`^sC3CTx_w_H&wBi^p77QO}-}RC;d}( zpMNU<8l~{Rwe6o;GT%MAd2rSy-^BX|CT^K}$d}LAXUS6UDORV%qLie<1o+x@s_gx3 zGhb=UKA<@DIVS_#M$`N2L|166dhspOthu1;{bg;x{7cqhht|IAD)_#iNVmorYbzn>_wV>?4D)479ZK2H3Y<812jO5W+Tl0ia%NnC}->CUwpzA=t( z4te_8znD;1JMF&n;l91W?J}ij^S?>T>CT_v{@8c7eVE>)yQ%rDFC*`8U)E{QSSa$l zxgasK>C~bVy953<)kpk4Fp*k)>V^ADQLH=9DXN3yVA*xfdl|IWhIsa{tCZlApN z*T(132e0=%8IKot?A>~x+o9v%r20q6BARZo?($swZ?qon;K@04RPNYauJf8YKa77w zWE}o@rh59_n%hro%O9UGuw~%ret4< zUKZ1I&{pmIlmG{zpMho%7Rg(Fy77)}InN*YAE8|``!~IKw>f5l*V8>uXB39tGmF)@ z=6U?Y*_nwpTEemuOeXHlyd^ZFs3^;DqsHE{0~JzNi(MW{Oud-cyyweO^GRupPs>lF z%ZY@4VW~7fYH8hn``L-ZvFA=*Ztvz?J2{%auK1|*29Z^M&*IAFy;R+?L*Diw+sni= zY@hEfcs}{Hx`Lu~y)T2t?&!4BVyjL)y(`c1?#Q!(Wg4z)*WKPNc_7bs||o zUW~3@Vm<4H+i~BIj-Lej&h5M=mwoJA=7j4_*14NP``nK_y;<|ROJn-f>sOck2oN-B zOnCY7nbBQtp(2;f=VV37{Ja^Bp16d3Gg~cM>C*ar$(j@YUkF*>Em2Cfoi?@b{Jtw9 zhkqRumDB}wC@rR%-XuBPC@6??Y)x^^)7xm{knEZ?2Nk^YrR56@{0ACQ>s?Q zO*=PHXWq-88rJD+)URG=*qu`PNv?1D^ShRgz2(K{7@uVetXok2JGa_fs6>|c%lXh0 zr_w79yJ9Q*C;pp!|2Ja_(&zw_*i6HISjFJ;@E;J@{&d&$z}>knHcL@StVYdUw| zU_yV8>eX3$R`OmI*2pfqY-bbiygl_w=EMUBZ~j$LU%dC;mynM;*#+2k9)9w1ru_5w z?I|C%WtZ`O$@?56n6*#Yf9ZtnllJxR6x!?hY44&E4wobKl~vQGn0ftQbZ&1ym%XFw zE%wXC%i~fH=U;8Rz2@k;kMFL=zIlITN|TUK^!qnwS(1-@`ZjU;Yq_#Ne_~dwZHP^p z7_{@KGt=>j#({^_Y+o?2g&R!m)u_Fi%&785-tEtOi^mIv(;HaRD$lDPo;PoC${O>~ zdCdpKcDTO2?>OffbDwt!gYS7AzOw@FcDab`bGph_(eg*gruoo=y zMyKWbo%ri-r+@NfxS%VSqQg^k)Z*Q(swC-&A>ED2Z{1Fxd;Nmd?A+O+_j)_oeak1f z8SFcDD9>7d+IESQ{!-K)*WBc_r8=ua3 zpZc{jbn>Ygx;GwY-kiH`k@&~;g?BFctc%xan}6Svuf8i;?n6cBsYiQ4YEIp5i`HGS zK4dSWf@R2pT(?QDW~@CPV{yzO*7%B0X7i_=ug|Z!AiO&IlC!kkY`e2eQAa;>X4iyk zzWT4hy?J}|r8W_jGwciM^k$oJM9Jz-w>RqbOkTYA?8WJmIgdMhKYpp|WRU8*9XCqF zDtasKeiBYQ_#sY3{=(;p#UJiy{WPC`OI!El8x1~JVe{wh433d5qHOO>nxPT=!l+i^V2K`Oem~t-MfD)xXq8!kv$Q%Mxt~&56mapVwDc z9y)i@?D34`i7U6Xo}IOvG5<=$SKEsQcU6<;w!2tLZGE+5$ldfubv)IEv)tkJmQ?b&#jW}1BDiUyhpo4IlmkP)4f`P>zK1LHM7N7g zX}b4fSIj@J)U+^x*@vI2++m8?6z5bM^6^^o$N3yqJrmoG&1EdQ>gczYkNwzn_o?r4 zZ7&KWbQkXHFK~Rdb)wRzZ~BFj3%J%*NY`yB6V9F$sW#!$F~(DRY%A7Qe_AENTDt74 zP;Rooxvkl%XC7`dKgqaP+%CRzPlbm=wq5nJ*OFIa9Ah)3pBF!$_UQzd;EeX0YxmuV zy4@Nz>H6lidur}j{C&>-Slz*ObAe{Y$EjV$Rw9YJue{1TH)-wH{Y4%(edhGspY(a} zcD|>HR<5(8^p+kfRJq#!w32DoEvGdv9N#b8dwH4IkuzV9Dwp{#o&S7Zdi4I?pQfeW zU%zkjf}QhypZglNzL?JN)_qdd!m1M!UOv0>TyLZmr5$)vT@=Q&dyWael%|(u-@A#u7-uixay!-Xfxs2@X)+|m!Z%l&R zzJBPpmSlTjxO>@!^{T4V|NEVgJlMF8Yk!h~;tVo;&wY9S#4!qzahS;LWBF4-^5vSZ^)Yj z?fJ?Q&1wCuXvOIa>AKf9E>3Ff)^ajpjYzf=G43~NvMow#J6!+ZzVQnt;dqh6A5+8k zo}9{}wz4$F$ewqmq^Hq$$H&WTFTHv_FVtq&`SOB}v!0AI0~amio&EAoN&M2U2RKD4 zdhYIDae89!U;qFB literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa87_priv-only.der b/certs/mldsa/mldsa87_priv-only.der new file mode 100644 index 0000000000000000000000000000000000000000..7b94ea37f95867bd0ca08975465326219f74abf0 GIT binary patch literal 4924 zcmXqL61HGsWH8`n<4kDtU`%CZVHRd-5>{bp5?1&l{F7n5#pal0$*Xufj-BNfHREbi z;#YhZFm>PenM>wtq!jlbiU_PK{2sZ6!F9)}lDqB;s*cDV+U229QvW)zB!B--EDZT3+|vw; zKb_^X(B*u$%tI$573EZpt&I`_LQJMEE(dxd7#JB_dX>afd1kUQFAiW{nyPr%fMa6g z%pDvIhOUQJv_>rG3}%|pWMp)DgDQ(6Q<6cWuzOm|F~S@2A7B1WQ7*b1rxXx zG(;vcG;L}0^2m&K5KLj>aA-=r)sVrmS>e$M-@_t`&PM_-Yc$=mn5g8LF{8!vQVYjv zmE6mRGA@WsVm``nXUBxwI|RHfTDcT5CyTJ0Sd`1j*pST8ddAI-X@yIonWD(ClsTI+ zh14DAh)q=HXq?5O*f4>&(=8>2jYUDi(1oq_NsFqGN8?NeFGgbzmK_e4)e3^Q88n-? zGH)^TK4!?wnj$>a=de-1FiZTF5Bj!gPd< zkHJttXuB$>VPeRpMg_r+#crH;T$H#plB6AU4;UGA3#iRzNaM8hyK;bWp;=E-OU7go z4~C@$ij6Hy4LQs#8X|^m-a>)O9K3S`dd^t*FdC#>Fq+tTLQp}at#L!oDTPdzWgRLl zj*mB}&TMkLz?Q(Y%r}N5O_054l0#l&1LI9M1!)UiE+x(ulf+9#0aAw?Bo}Jlc4?6^ zQIOc28g0U(a4gYln@`g*mj^C6Nh=(hl^9r96>oUBo)Ku|RBt;X#MH3ClX3IJJ4*x_ zJ9HDp*k+vQY_Ui-FqEo^VHN^#+CZsF~n0P3)fq*=7xwV8MjZQ%wXaQ z3nNF{38gOP>5d}eK^(2FCq0^yL?-yS@f}nMl5%xA zvQ3A3Mvfy>jxrM`$0P+65jPP7#TbPg5f3)*Eg2FTeU}*oCb(p(sHIL3NjtqISJ1FS zn4{}bgGv_*%cMntT<(R8OFV8IE1cpsF;Xc&LPST>OfS-e^|YEGqe;SLjYRHNA1R?p z3|k!>cl5}#HnJEgs<3iJ&ge+!&=i>3`q-swK~u(Mx84pBmn$YY3q(A;Cp1X3=y15C z9cWP$R#)?x!098T8Pn8obBSuRgur8kE{9D%31*&&CZ5WiJr7)(V$@QUR19u$GzNR9 zD06ltZRil*9-y$9fpfct$C1`a6L>vcR67q9FfK8e;=%ji81D_XMu{z%O%9p@7A!La zJm(k~avJw4Ol4Rg;xT)Xz(kLpAP2VFOj-&p2B#$iIc79Q%t$$Nj8SL;&mj(1M-8VV z9)d0{fle)+0zz3A7V)%5^xYQ8IKX6dU`xSc4^QP~E)pCrAsSi=0)C4QInH!5ik!xK zLWK8Vi-V-wgpN%Do@Sas0(mzlDID3Mcv&Ik!itFrlT=vDm}V&WBr6CwGdT$5TmF^ppn3W6{!NM0*{4!n2sB;9O8}C=)1hb^Ma6CoBWTBbxf&qlm*t#|Ftl~ z`f=F?d%*=O-InH@(OtZM=6}~abE_G==ZBa+*dc!0iLFCMYFWi6H_wkx?MriN^F#ao1X|^!lrG$Q@nBYhT<00(fYcV<)B0g| z3eMJaY}NW*(6-Sj^vtdu8th9rmR;}O;cDT^;UuzP){K>Fr?I%{SigG%=O;TWW8dx~GuvBDITVyqAUj95hl3zMXUY(lb%Eb9rKj zoAmi6^PJ^2W=>c0YeGF6o=6w2u=Ey;uQ{NXB)oT#u*^(W{~sN)Z}?}Ysqi?eLk6mu8j zedYE}`p^55ySVEU^5sqXpFIC+(N(s~JgoD6Qr(g%tE?jD-N=8&`1S%;ty?ydg1Z(-%F5sTE26|Mv1qd06AkMfB0n5B zB#s$2ZJE%p(b@V)!08Xp0yo4=gjlsNTdwP1$UUgy^7^HjvE#y-msqPEreBe0x%Fy8 zz$vAQKi2&Hw`3+Pz4GXDlEH_2uP*b2cii8}z}j+k8*@zD zvn{JDQeLT^PWJ3)aa$;RbzkJQ8HqD4m{}O`K9tm0_9OnbS$B&KFT=w(PoH*nIC=Z` zhCMUc^X{Vgw*KvmzU$S(f~N&={9NYFD7Is6>V@FLlON4~5xOPIQ{aWJW#98RXD>J$ zd%0weNf)Q$&ZRr7_imrla_M!qOKNPKYlPqZqKhfK9Z9j-k9nJ&E4yS3ugZ3aY~tF& zc{iGUDzp9v``lIHA(x}I&qQCp=yBHm#hYumZ>r$it#vF;_RX=s zem_uUXiBelKmBpl&3Kumepx)e2XCBoObXn8;9B;5+V^)<87m;GBB+WGSIjMQtFJ6$G~@i5KG3V(KSsmU5)m+%%rO)f6$xy>sI&NN6p zUnNpydU{q2Ytn^%zPaB8bnC9jOJ(@+Eb@0gf1ge3@T1(xm1R0EcRsT0XP;a9c}B&5 zhoz2R{X^udoyu=N+O*}OhqPsMOdIzE)dW}m+W{RL`!=3d)pb3-{=-iXMsw>boz}3t zw1Bfk%%v-O=j<=4ejaj_?eQD#e!2b+K527`+poAe=lZ>M;VBb4d%<(w{@VIE z3;5S8Oxbl~*W-Y@yvaRhf*PtA&7N#5imfp^!N0`5-tJGn)B*SZuCoj-xm2J1+!o}= z`a*Iw=g(gu)1T|~u5ox)^0oWYQ=dm!lYNe>ELc9NhUInYii(O>n}eT0|DX1Br*uxbQ0#wr=9zB3jfI!~-0G;)yE@V0zrl@nKWhW#ZZ|1tyzu#;@@6{D7WV2es zbUovNc4Ob2S%u%q_b>3i`E<>s5RDBnCU*ZlB`18b6xknVaKK<{*wRa8TrumfeP7cR zc*UwEx~hopW-k9(%Tq^|t#En1+#|ksZJOrfe_KT3W*yya;b+1w>E7REc+}=vwps}cCz0+FX$7~ zoq}anzyC}>tZuQEW&PnJh4-%XYESk(l#sAZbHf`8+XO{pR*h!u9P8$pvu1Zhmu*&c znmK<{ds5c{z0GNh-d@SxevPq$sVTH>BKyX>yByDcTE$@R78Md}$>00Kxo~ZCtHQ!9 z(T{)L&GOL{Fx&V^duCnk5i{}Ei8FYYZ{gt6kD4!8J9SOahMgV7;>xTgXSg@s_O)LY zd#cgwXys$a#IDz;EjJVjOWx_YX>0jk{`JZYR>_S|0~#z6Gu(t-cY6zksBL+7&?@!S z^nD%~$JTM2G&jBYd_%nVe~n!sR-0GFnVok%tHdhJ>3L>B+T2&F7Z=X3{?(tEW%lce z;el!QtJ*iNVYx6ZqO~SwP0hba_iYa>i9ZqKH=)Ohb6RD<)4P*C?-Aixa%Spl85dL2 zxPUgHZPyQM-fZ8@*_qIx>vVK)*gv^*pPuTiPjh5jYV|(Fd}THJ_Gc=Bb3!s6Yg+O5 zUlZe)cW-{-cD+5X?oOIl(y;N{neM8VG}X=ZaqPk#OTUX>E8lkCFnOmYUusCjg3mSl z^X*0FYS!MF{^h9s&Uq(zPHr%ekTA;=`1JRuswdwp&Vx%M>wkWJD{_FtTcEsP$HKSY zd7I{~x%OeJ*qz_IOZfZ}g{wqfyo?HvmqeHJ~DdNyUQX8q!O8@8^0 z(Y4d5-R548>Axq(x^uUDth(gpr_XjMNJ8qp)`!wpZ?dKoz3~#TJN@m~D|rcSkL=GS z^=k~CdVb7_d$9A*z5mN@eHXcOK~m^dxxl8Yv*h1jnS1EjN%yt?W~D3_vkZ>7*Xdkg zSorXp%gNlE_s#ikEdFJ*BV^{$r}v};gVN_jYrMP5|KZ7T^=_Ac2@4{>hzsc*m7RGs z%l?3(>?7Y?W&fFf7>idv*cIHU-TcCkr|!SYM9pdMHe~PjQt6H4XQ-K&>wP?=CfIaB z`mDBI=6!+}1WK8UPcKQav^^CyTTOY1+Uwte*-EcdoTq;IzINH3W6jnFe#9)>mG)Hp z(fx-H4&CScJ&8?^v%q}zZ3W+dX@)JA+=xBf;CU|=Y-=!`^9``kWhUR_Rbzw&QRMkD{?Yh;g0t_~{ZOopzqle>2)^67D$*PN_Pc*+_ zpEgHx^HYhuRU0@oqz=wzU${5DikmB||C#30>U^Jc=4X{9*;XGW@p@m*bl0<4+_;XZ zWa_?zjjNewcrJ-=JijR-My>xgyO4fH2-ok$wn?Y|8C;#~aC5DNZ1o;-?wI2ZGoya) zs@s)+hk1eId4un}Uj16Qef7)N;rfIAmMjyCYXRy^pNRRbHOoQdP2rWqV@7$Bpy*cXz!LxLDb`V2{k31-iO`A28|eztB2+upvM4z)>bhfi=m@W@%m zzx2k}n#ZMj1$G}dcJ*=8Z8kk>HGyCERLt?j#Vo5VV?Ej}mc*U@zR>sHgfG22E3*GD Nc<33C>{9DG2LQ)pp(y|W literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa87_seed-only.der b/certs/mldsa/mldsa87_seed-only.der new file mode 100644 index 0000000000000000000000000000000000000000..6ec75512b722643297a10afd19693e77cf6433d0 GIT binary patch literal 54 zcmXpoVPa%3;AZ1YX!Br9WoBU(W>IQTINPAI_XAK?>rrRuO zho%|IxTU6;wa%WQ5wJqQlOs=JqJW~3uaYq9tqHkHSe$~CaxSf4Y++zxG+=8y(86LF z5Pih6g`tb7BcVsgLBN&a5ktZa2F(X<9nL#4lwEZNJXvA{1Qg9(1w{)3B;1rvwsw1P zHfR){#FbeyEX#m(Bvqv+AN#lb^GKxDEHhvK9T2g55Zf)X=1Ty}Kcn&cTXDW}VY zm(zKY%8Y;`E_s}ssY`?=Np^Zfsw7Hk1kP?rk=&9xVUvoYqRUAo)&~s*v$qKznbskE z!bf;Z!;B-XS1h!++c~F*BuFh!xFyjcG0l^UQ&m`4$9Y1p(6S6>$({uUj#tz?1eIGa zZfIayWN>0dYY$TbqpOhfp};3XoHw@UOlAq1z`($=O!K5$YY2m3634{Z+Y*JEc$6$P zBo!KkB-C0Cv@nP(a5H*Hs3|e2G77kPb_ub0v@`^WWeN!j&C%$3B9<_VY2r+KMUHfMP0Mkbmb!RGCX0h%_qN=H5|a*jqzZHD9XY`G=vZ%zi{5NC zwaFp{5e7NT%{h-|xOPlRJ?tVFDA4lQXhIZ6s;8MA_i@HxhqRlE8WdGp4;|utv?-Ho z>BProte$Q@2e!045NhIP$ZRy|>R6FDWeKO?_MRysTp|n(LK_Q&G+crjd>4puHc#;s zoT16NJmsWYgV5H3W(I>((>w(%6}a3p71i{FnK_h?PE_6?Fvo=@p+$9(Nsq`OPahA~ z?g^?cM>2&4auwWEJO%g|Jro{0^-h}5BjMtp;*>Pm$@54<4}+qRgka{Rwni3{qRGot zWQ=orcBDv(bslu^3{nXQUXdETXrkbf97YS?Ga`&4#vRh0K8gx~4^}ifnyK`h=Y%-~98^eSKAD%YF0~1`G*whq+ zRT2bvrX0vr5zoBTlFQ-Hd+~sQ;xvVj1B{HW9^FO`$w~|^CP`d7InOXP-QZ}O?4)ys zq4APH3y*Q4u!NBiV}askUTKjWZlNT>8HSuIHE)lYqT-T5;TE3YHi0MugDXk_LY^+o7J?Ur^1MVe6c0@dG0Bw?X1!^^!D6Ay z?dqA_;MhE+VahbtXtsh`Mut-aT9_>Ilvs>pIExl}s9o^j=`!=YX`(P`3d^ER42f!) z$=eVTyInx!gCo6zWzy1-3O%AoCpMbLyM zo&{`z9&R~v1e&^*IXq%eyfDLX(t*^OYypq9WD0I>P+r~{!q6psveBD^@zIIa8EOrU z4!S}tT0R=N!lFzvTM9Tu6&f_OCK@P7PiWvc(x{}`7A2yRxU403Nr#t6VH1;T<0L^Q zvyMg&2jS_iEQ)NLTPB>@rpd8A@kxiqzaWxn#Zs-=zJ+vPnjA!eS<6l`^hh-7m$A?-*9IS*=Unkm1IwTDpJps=H@D7_i6|EZX$f zNb>8?m&$h>)v|jl1G*-O`gAi$R6G&iSNHwr{B?h83d;=~9~N|8Km6&=H>FEGB|F`E zeAlko_4BME`;Q|$#Pbes=+d1lJ^zO3 zx+7Wa_mU;OAFzEAG(D)KUA3~Q+1tQVkjF>$X44~$Uq#DQ_ty1$>$YDuEBwTE$CO2> zYodtT+DkXss#%V|cp}$!A%nf>FSl3C8~!$Z@p8{++v|DveY(5*kMpo!fTJE~iwrjOX#~@)lWGD8lsLcG9)j%J;vIEKqnY-~VxL!|M6vX{&BZez~d6 zJL%FDhHd+P=&0}toSUE7u=ve^Xr^bUu19yaR9v5)d(Pj<(&y4WW1h}4H(Il8_xCNT z{;#&{q`l6Rm#^Q+zbh@iGBYdv_0QJJ)?Zz#bQWDMurhvo$U*i>@mEt_+b4(CvALgi z6y=e*Ua>hPKzpmJS=qsWV|)J{Tju-1Ke78y{M8pVWCF^y8maz~mb- z8a~qgMg|-!q$and@2ra9y7j;0e4@Id-Y16F=k^?so@#L0>+Ium2crV5w!C!aw9qb} zw{eQRV4G{f?1$!Y8~JJuWmm>u-#C@?$%MO&j%_n4;!nRgx;eWtKL-j%t2ySY_njc@Ae z_wzP3NWPn+-X%NhfzPT6gV{m?E^~Ki%Kl(fZqPrvXOZC^t%{>&cGLXlCH*;`{7@tN zn3fj5e|qDbS+e_0CK?LWcPO0UT()J2rJ20wcfFKT&LL;T-vnRr>y?2!y;WOTs}wB9-jy~qu(1a`RCTGSxU-Y`*u7E zp1bNt!0pM0Cp@^ZB_wHgu=UNEF0+iK?|K+Yvus&*#({ZXMwQG*wO_xzCdKSh3h%Wt z(eIshV(+o9tNtCF?(!mIQ`y5*A2FG2Cu?m~?rydCkR;Zi;dE)Oc9XYGPWtwZsy_d@ zZ++{W-m%{;B;v<`u-CPQYU{3EoBr9DG5yK9_&b^*e2=}QN=<%y9~+xpxZ!;@L7#_$IvjKU-eSq$ zy2|eMC4oQd-tTzVFx}^U*Xd%97D=B2`}a*|4&kUO^RRuk$zbu5_m_Tz73#CF ztka$`y+LqK_K~g9M~^311@7DYrv2yRre53ccV?(D>vJ46ueVf)+k4~Y%AT3(9ozr= zGRWKiO*|_;b<@*G=Oe$5npUl;Yzzrt-Eov>!PjNmqhJ0xet*H7-;8-aeGkvo%%AEZ zw8&0Uv6PbQhUjD!r76q2f_+Sb=ldzU#B{mmp%5D@_pAaWBKXV2Aq#Kar(DW{Z*SfvP0gabl1y-)CO>pw?R8b0Xyl^;H)?3i{bVGCok-&6sHbE5H0pRPrmpQifnKy+p5*`Bkx zDjqBecaPjPu1oBlSGzv#&FK$UGqprRELOZ`+$E4x>|``Czuhi9;i0qfGbd&~|2Iai zM^FBkKk-x2?5p>_wf`?INw@crUHaDlSdh@NaIvdDe#IU>%*V9tRX}9tlRD<#ck8Yt z9G)x^Qgfw)uQfVk!C}vM52cxAB5N}Jik zUiF=xxKeiSMX_I3JJO~-KBK$bF6j1;E#;=B$Ir{%V|>=xxao=P`_t1>kHzna`n5aWKgZ^sYm;tSNvAIfVKw<`axuC@=2WGOLCli}YLDX| z8wMt6@NJ(Lr@j4WDQoe!%l8&AI`GX@I4t>4uVxX8&e{A|CQ)zBt=H~8`F`2_zR4YN zJPWyf<)-ba6xFMlGyk`#`mXl|{@XO2A}4!HHY6e^w&om^WEv~qVkmQ zU(aNZx~=!8sBm04e%GgZ_eqhw1-A~gUDkYdWOBTzXu%PkH6It)Wh$i3n!h}(_^ZEi zwn&`DMHXT9#HmR?dCE+u?+DrYe(H>*UVqm^Ei87^N{&cqm^gdn-R1I<;+k6R=wMY5 z?zm}P|2er?C5c;{%2I6V=I+#GAK4|m;3COoGO_F6qVD$`u}+voebRVz&1JG=LD1Y5s( z<}SHs&;RLbH(4be(>!y#`$n0=MUl6!UwAIg-MHjzb(y{YeY0bhH!j#L-5=Y0Kl17K zr^3gTE(>Xu{qR}bmHKyv!p{F{iT2-5a&a7!G7I6Pmv=5k6rh!IjJ!17faOd)?Lk+*00Uj zUrn$JJYd1^l(4@c;=9;%b?0|EVS2x>H#9%3-;h`1&av|3jQjZ($5UUe3onV{RS^hhv&;$q}U(zv=pZ@P38kJEwKC-*nD>|WITtoz^W__ZPjw|#x) z!M^0zkNqxw4UTXAiBCUpZC_|fT$vV|@U_&ZTCDFF1vQ1T3TtkiR+`EA)-2@y7uK_N zLZN19p^_oik9^GRa;BK-?MlnJY~H`&UO0PRU+sZ8bCQy#yt*ada#2@J;^cX5!On%A zdsiO3wCc!C-U(_G19l!f#4_Q-!pohzGyblazsdN{z8l-79{d}%y!P7D+4qR0mp*Y z-1PpDR++r!MEt?Gq2HAv9g_FEhOE%)n!7_#O!`GqQdLX%m4Y~kAe@2d&l zv%23u3%vGTUaTi#RU!JM&MvX(<0Y?>&G|)cvR8$-tzWyjr{ognlHJAcNh)t+bnJNj<#1KA>ocC$7CiK;staj~IWzm7%Y%&TYLO0` z4o*A!E|{BPp7)YN-K_CDUwB3pgdWa$EfDyKM`LcmM{yJOzu#`$|EAD7(_&%B)YmJs E0J*Wb5C8xG literal 0 HcmV?d00001 From bbcdfe92e05f9abf99fbd676803fe5e43c20974c Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Mon, 28 Jul 2025 17:39:42 +0900 Subject: [PATCH 080/346] Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE --- tests/api/test_mldsa.c | 34 +++++++++++++++++++++++++++++++++- wolfcrypt/src/asn.c | 5 +++++ wolfcrypt/test/test.c | 6 +++--- 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 132b797c9..445412cff 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -3004,8 +3004,13 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, + 0 ), BAD_FUNC_ARG); +#else ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL, 0 ), 0); +#endif ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, @@ -3015,13 +3020,23 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der , 0 ), WC_NO_ERR_TRACE(BUFFER_E)); /* Get length only. */ +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, + DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); +#else ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), privDerLen); +#endif ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, 0 ), + BAD_FUNC_ARG); +#else ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0 ), 0 ); +#endif ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE), @@ -3031,8 +3046,13 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0 ), WC_NO_ERR_TRACE(BUFFER_E)); /* Get length only. */ +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); +#else ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), keyDerLen); +#endif ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); @@ -3081,15 +3101,25 @@ int test_wc_dilithium_der(void) idx = 0; ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); +#else ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), privDerLen); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); +#endif +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); +#else ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), keyDerLen); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); +#endif wc_dilithium_free(key); @@ -3097,6 +3127,8 @@ int test_wc_dilithium_der(void) XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + (void)keyDerLen; #endif return EXPECT_RESULT(); } @@ -16878,7 +16910,7 @@ int test_mldsa_pkcs8_export_import_wolfSSL_form(void) (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ - !defined(WOLFSSL_DILITHIUM_NO_ASN1) + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) WOLFSSL_CTX* ctx = NULL; size_t i; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bd448c355..d1e892dcc 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -37583,6 +37583,11 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, } #ifndef WOLFSSL_ASN_TEMPLATE + if (privKeyLen >= 128 || pubKeyLen >= 128) { + /* privKeyLen and pubKeyLen are assumed to be less than 128 */ + return BAD_FUNC_ARG; + } + /* calculate size */ if (pubKey) { pubSz = 2 + pubKeyLen; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c05cb23cd..a0850bbd9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -46932,7 +46932,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, int isPublicOnlyKey) { int ret = 0; -#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) /* Size the buffer to accommodate the largest encoded key size */ const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE; word32 derSz; @@ -46982,7 +46982,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, #endif } -#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) /* Export raw key as DER */ if (ret == 0) { #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY @@ -47056,7 +47056,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, ret = WC_TEST_RET_ENC_NC; } #endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ -#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */ /* Cleanup */ wc_dilithium_free(key); From 26a4ea93ebe48aa64c42ab71687deca774046385 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Thu, 24 Jul 2025 12:26:45 -0400 Subject: [PATCH 081/346] Allow building with HAVE_PKCS7 set and HAVE_AES_KEYWRAP unset --- doc/dox_comments/header_files/pkcs7.h | 7 ++++ tests/api.c | 25 +++++++----- wolfcrypt/src/pkcs7.c | 8 ++++ wolfcrypt/test/test.c | 58 +++++++++++++++------------ wolfssl/wolfcrypt/settings.h | 3 -- 5 files changed, 64 insertions(+), 37 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index d5e0cea40..01e161649 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -573,6 +573,13 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, type, decoding the message into output. It uses the private key of the PKCS7 object passed in to decrypt the message. + Note that if the EnvelopedData is encrypted using an ECC key and the + KeyAgreementRecipientInfo structure, then either the HAVE_AES_KEYWRAP + build option should be enabled to enable the wolfcrypt built-in AES key + wrap/unwrap functionality, or a custom AES key wrap/unwrap callback should + be set with wc_PKCS7_SetAESKeyWrapUnwrapCb(). If neither of these is true, + decryption will fail. + \return On successfully extracting the information from the message, returns the bytes written to output \return BAD_FUNC_ARG Returned if one of the input parameters is invalid diff --git a/tests/api.c b/tests/api.c index f37b03d90..9812c296a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17487,7 +17487,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void) #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ - defined(WOLFSSL_AES_256) + defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP) static const byte defKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -17496,6 +17496,7 @@ static const byte defKey[] = { }; static byte aesHandle[32]; /* simulated hardware key handle */ + /* return 0 on success */ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, @@ -17585,7 +17586,8 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, return BAD_KEYWRAP_ALG_E; }; } -#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */ +#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && + HAVE_AES_KEYWRAP */ #if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) @@ -17691,8 +17693,10 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) #ifdef ECC_TIMING_RESISTANT WC_RNG rng; #endif +#ifdef HAVE_AES_KEYWRAP word32 tempWrd32 = 0; byte* tmpBytePtr = NULL; +#endif const char input[] = "Test data to encode."; int i; int testSz = 0; @@ -17842,7 +17846,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif /* NO_DES3 */ - #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, @@ -17859,7 +17863,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) #endif /* NO_RSA */ #if defined(HAVE_ECC) - #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, @@ -17875,7 +17879,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif - #endif /* NO_AES && HAVE_AES_CBC*/ + #endif /* NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ #endif /* END HAVE_ECC */ }; /* END pkcs7EnvelopedVector */ @@ -18031,7 +18035,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ -#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) +#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(HAVE_AES_KEYWRAP) /* only a failure for KARI test cases */ if (pkcs7 != NULL) { tempWrd32 = pkcs7->singleCertSz; @@ -18069,11 +18074,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) pkcs7->singleCert = tmpBytePtr; } #endif +#ifdef HAVE_AES_KEYWRAP if (pkcs7 != NULL) { tempWrd32 = pkcs7->privateKeySz; pkcs7->privateKeySz = 0; } - ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); @@ -18089,11 +18094,13 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) if (pkcs7 != NULL) { pkcs7->privateKey = tmpBytePtr; } +#endif wc_PKCS7_Free(pkcs7); pkcs7 = NULL; -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_KEYWRAP) /* test of decrypt callback with KEKRI enveloped data */ { int envelopedSz = 0; @@ -18124,7 +18131,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) wc_PKCS7_Free(pkcs7); pkcs7 = NULL; } -#endif /* !NO_AES && WOLFSSL_AES_256 */ +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */ #ifndef NO_RSA XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 810c7c84d..424942b75 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6843,8 +6843,12 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek, out, outSz); } else { + #ifdef HAVE_AES_KEYWRAP ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz, out, outSz, NULL); + #else + ret = NOT_COMPILED_IN; + #endif } } else if (direction == AES_DECRYPTION) { @@ -6853,8 +6857,12 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek, out, outSz); } else { + #ifdef HAVE_AES_KEYWRAP ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz, out, outSz, NULL); + #else + ret = NOT_COMPILED_IN; + #endif } } else { WOLFSSL_MSG("Bad key un/wrap direction"); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c05cb23cd..c2f79acc6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -52135,14 +52135,14 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, }; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ - defined(HAVE_ECC) && defined(WOLFSSL_SHA512) + defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && defined(HAVE_AES_KEYWRAP) byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; #endif /* !NO_AES */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ - !defined(NO_SHA) + !defined(NO_SHA) && defined(HAVE_AES_KEYWRAP) /* encryption key for kekri recipient types */ WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, @@ -52156,7 +52156,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \ - !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) #ifndef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */ @@ -52203,7 +52204,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, "pkcs7envelopedDataDES3.der"); #endif - #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, @@ -52239,11 +52240,11 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"); #endif - #endif /* !NO_AES && HAVE_AES_CBC */ + #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ #endif /* key agreement key encryption technique*/ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7ENVELOPEDVECTOR( @@ -52283,7 +52284,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif /* kekri (KEKRecipientInfo) recipient types */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, @@ -52292,11 +52293,12 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES128CBC_KEKRI.der"); #endif -#endif /* !NO_AES && HAVE_AES_CBC */ +#endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ /* pwri (PasswordRecipientInfo) recipient types */ #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, @@ -52306,7 +52308,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #endif -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) /* ori (OtherRecipientInfo) recipient types */ ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, @@ -52752,7 +52755,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer }; byte senderNonce[PKCS7_NONCE_SZ + 2]; #ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, @@ -52768,13 +52771,14 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) + defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; #endif /* !NO_AES */ -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) /* encryption key for kekri recipient types */ WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, @@ -52788,7 +52792,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) #ifndef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; @@ -52826,7 +52831,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer { /* key transport key encryption technique */ #ifndef NO_RSA - #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, @@ -52876,12 +52881,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer (void)rsaCertSz; (void)rsaPrivKey; (void)rsaPrivKeySz; - #endif /* !NO_AES && !HAVE_AESGCM */ + #endif /* !NO_AES && !HAVE_AESGCM && HAVE_AES_KEYWRAP */ #endif /* key agreement key encryption technique*/ #ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, @@ -52958,11 +52963,11 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"); #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* !NO_AES && HAVE_AESGCM */ + #endif /* !NO_AES && HAVE_AESGCM && HAVE_AES_KEYWRAP */ #endif /* kekri (KEKRecipientInfo) recipient types */ -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, @@ -52974,7 +52979,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, @@ -52985,7 +52991,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif #endif -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 /* ori (OtherRecipientInfo) recipient types */ ADD_PKCS7AUTHENVELOPEDVECTOR( @@ -53271,7 +53277,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer (void)eccCertSz; (void)eccPrivKey; (void)eccPrivKeySz; -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) (void)secretKey; (void)secretKeyId; #endif @@ -53381,7 +53388,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void) #endif /* HAVE_AESGCM || HAVE_AESCCM */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_KEYWRAP) static const byte p7DefKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -53813,7 +53821,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert return ret; } -#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */ +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */ #ifndef NO_PKCS7_ENCRYPTED_DATA @@ -55417,7 +55425,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void) eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ - defined(WOLFSSL_AES_256) + defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP) if (ret >= 0) ret = pkcs7callback_test( rsaClientCertBuf, (word32)rsaClientCertBufSz, diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c1d386b12..8fb193836 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3416,9 +3416,6 @@ extern void uITRON4_free(void *p) ; #if defined(NO_AES) && defined(NO_DES3) #error PKCS7 needs either AES or 3DES enabled, please enable one #endif - #ifndef HAVE_AES_KEYWRAP - #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP - #endif #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF) #error PKCS7 requires X963 KDF please define HAVE_X963_KDF #endif From 189ba201f302f38604485712daa0430203eb8d86 Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Tue, 29 Jul 2025 07:15:32 +0900 Subject: [PATCH 082/346] Follow copilot review --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d1e892dcc..b9edf8e30 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -37074,7 +37074,7 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, allowSeed = (seed != NULL && seedLen != NULL); #ifndef WOLFSSL_ASN_TEMPLATE - /* The seed can't be parsed without WOLF_ASN_TEMPLATE */ + /* The seed can't be parsed without WOLFSSL_ASN_TEMPLATE */ if (allowSeed) { return ASN_PARSE_E; } From 9aace4818900d8cfe8f82c0f3675d345da3f70de Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 28 Jul 2025 17:04:33 -0600 Subject: [PATCH 083/346] remove QEMU test host name lookup feature --- .wolfssl_known_macro_extras | 1 - src/wolfio.c | 63 ------------------------------------- wolfssl/test.h | 55 +------------------------------- 3 files changed, 1 insertion(+), 118 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 8f41ad601..fafab6e0e 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -881,7 +881,6 @@ WOLFSSL_USER_THREADING WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW WOLFSSL_USE_FLASHMEM WOLFSSL_USE_OPTIONS_H -WOLFSSL_USE_POPEN_HOST WOLFSSL_VALIDATE_DH_KEYGEN WOLFSSL_WC_LMS_SERIALIZE_STATE WOLFSSL_WC_XMSS_NO_SHA256 diff --git a/src/wolfio.c b/src/wolfio.c index d03ab6482..f5d45de67 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1347,7 +1347,6 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) char strPort[6]; #else /* use gethostbyname */ -#if !defined(WOLFSSL_USE_POPEN_HOST) #if defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_MISC) && \ !defined(SINGLE_THREADED) HOSTENT entry_buf, *entry = NULL; @@ -1356,7 +1355,6 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #else HOSTENT *entry; #endif -#endif /* !WOLFSSL_USE_POPEN_HOST */ #ifdef WOLFSSL_IPV6 SOCKADDR_IN6 *sin; #else @@ -1405,67 +1403,6 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) sockaddr_len = answer->ai_addrlen; XMEMCPY(&addr, answer->ai_addr, (size_t)sockaddr_len); freeaddrinfo(answer); -#elif defined(WOLFSSL_USE_POPEN_HOST) && !defined(WOLFSSL_IPV6) - { - char host_ipaddr[4] = { 127, 0, 0, 1 }; - int found = 1; - - if ((XSTRNCMP(ip, "localhost", 10) != 0) && - (XSTRNCMP(ip, "127.0.0.1", 10) != 0)) { - FILE* fp; - char host_out[100]; - char cmd[100]; - - XSTRNCPY(cmd, "host ", 6); - XSTRNCAT(cmd, ip, 99 - XSTRLEN(cmd)); - found = 0; - fp = popen(cmd, "r"); - if (fp != NULL) { - while (fgets(host_out, sizeof(host_out), fp) != NULL) { - int i; - int j = 0; - for (j = 0; host_out[j] != '\0'; j++) { - if ((host_out[j] >= '0') && (host_out[j] <= '9')) { - break; - } - } - found = (host_out[j] >= '0') && (host_out[j] <= '9'); - if (!found) { - continue; - } - - for (i = 0; i < 4; i++) { - host_ipaddr[i] = atoi(host_out + j); - while ((host_out[j] >= '0') && (host_out[j] <= '9')) { - j++; - } - if (host_out[j] == '.') { - j++; - found &= (i != 3); - } - else { - found &= (i == 3); - break; - } - } - if (found) { - break; - } - } - pclose(fp); - } - } - if (found) { - sin = (SOCKADDR_IN *)&addr; - sin->sin_family = AF_INET; - sin->sin_port = XHTONS(port); - XMEMCPY(&sin->sin_addr.s_addr, host_ipaddr, sizeof(host_ipaddr)); - } - else { - WOLFSSL_MSG("no addr info for responder"); - return WOLFSSL_FATAL_ERROR; - } - } #else #if defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_MISC) && \ !defined(SINGLE_THREADED) diff --git a/wolfssl/test.h b/wolfssl/test.h index ecce2178b..14fc939e9 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1302,60 +1302,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, #ifndef TEST_IPV6 /* peer could be in human readable form */ if ( ((size_t)peer != INADDR_ANY) && isalpha((unsigned char)peer[0])) { - #ifdef WOLFSSL_USE_POPEN_HOST - char host_ipaddr[4] = { 127, 0, 0, 1 }; - int found = 1; - - if ((XSTRCMP(peer, "localhost") != 0) && - (XSTRCMP(peer, "127.0.0.1") != 0)) { - FILE* fp; - char cmd[100]; - - XSTRNCPY(cmd, "host ", 6); - XSTRNCAT(cmd, peer, 99 - XSTRLEN(cmd)); - found = 0; - fp = popen(cmd, "r"); - if (fp != NULL) { - char host_out[100]; - while (fgets(host_out, sizeof(host_out), fp) != NULL) { - int i; - int j = 0; - for (j = 0; host_out[j] != '\0'; j++) { - if ((host_out[j] >= '0') && (host_out[j] <= '9')) { - break; - } - } - found = (host_out[j] >= '0') && (host_out[j] <= '9'); - if (!found) { - continue; - } - - for (i = 0; i < 4; i++) { - host_ipaddr[i] = atoi(host_out + j); - while ((host_out[j] >= '0') && (host_out[j] <= '9')) { - j++; - } - if (host_out[j] == '.') { - j++; - found &= (i != 3); - } - else { - found &= (i == 3); - break; - } - } - if (found) { - break; - } - } - pclose(fp); - } - } - if (found) { - XMEMCPY(&addr->sin_addr.s_addr, host_ipaddr, sizeof(host_ipaddr)); - useLookup = 1; - } - #elif !defined(WOLFSSL_USE_GETADDRINFO) + #if !defined(WOLFSSL_USE_GETADDRINFO) #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) int err; struct hostent* entry = gethostbyname(peer, &err); From df7e105fb71d3b3fb019a80e85c05ae9b2ef0096 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Fri, 25 Jul 2025 15:44:12 -0400 Subject: [PATCH 084/346] Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset --- doc/dox_comments/header_files/pkcs7.h | 4 ++++ tests/api.c | 24 +++++++++++++----------- wolfcrypt/src/pkcs7.c | 12 ++++++------ wolfcrypt/test/test.c | 14 +++++++++----- wolfssl/wolfcrypt/settings.h | 3 --- 5 files changed, 32 insertions(+), 25 deletions(-) diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index 01e161649..31498ef9c 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -532,6 +532,8 @@ int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, number generator for encryption \return DRBG_FAILED Returned if there is an error generating numbers with the random number generator used for encryption + \return NOT_COMPILED_IN may be returned if using an ECC key and wolfssl was + built without HAVE_X963_KDF support \param pkcs7 pointer to the PKCS7 structure to encode \param output pointer to the buffer in which to store the encoded @@ -617,6 +619,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, verification \return MP_MEM may be returned if there is an error during signature verification + \return NOT_COMPILED_IN may be returned if the EnvelopedData is encrypted + using an ECC key and wolfssl was built without HAVE_X963_KDF support \param pkcs7 pointer to the PKCS7 structure containing the private key with which to decode the enveloped data package diff --git a/tests/api.c b/tests/api.c index 9812c296a..4223847f7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17714,8 +17714,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) rsaPrivKeySz = (word32)sizeof(rsaClientKey); #endif #endif - #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ - !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) + #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \ + !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512)) byte* eccCert = NULL; byte* eccPrivKey = NULL; word32 eccCertSz; @@ -17793,8 +17793,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) #endif /* NO_RSA */ /* ECC */ -#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ - !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \ + !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512)) #ifdef USE_CERT_BUFFERS_256 ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, @@ -17862,7 +17862,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) #endif /* NO_AES && HAVE_AES_CBC */ #endif /* NO_RSA */ -#if defined(HAVE_ECC) +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, @@ -18036,7 +18036,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ - defined(HAVE_AES_KEYWRAP) + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) /* only a failure for KARI test cases */ if (pkcs7 != NULL) { tempWrd32 = pkcs7->singleCertSz; @@ -18137,7 +18137,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif /* NO_RSA */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif /* HAVE_ECC */ @@ -18186,7 +18186,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) } /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */ -#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) +#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \ + !defined(NO_SHA256) && defined(WOLFSSL_AES_256) static int wasAESKeyWrapCbCalled = 0; static int wasAESKeyUnwrapCbCalled = 0; @@ -18215,7 +18216,8 @@ static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz, static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void) { EXPECT_DECLS; -#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) +#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \ + !defined(NO_SHA256) && defined(WOLFSSL_AES_256) static const char input[] = "Test input for AES key wrapping"; PKCS7 * pkcs7 = NULL; byte * eccCert = NULL; @@ -18318,8 +18320,8 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void) { EXPECT_DECLS; #if defined(HAVE_PKCS7) -#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) || \ - !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \ + !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512)) /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure. * Reserve a bit more than that in case it might grow. */ byte rid[256]; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 424942b75..686d06856 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -7372,16 +7372,16 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng, return BAD_FUNC_ARG; }; +#ifdef HAVE_X963_KDF ret = wc_X963_KDF(kdfType, secret, secretSz, kari->sharedInfo, kari->sharedInfoSz, kari->kek, kari->kekSz); - if (ret != 0) { - XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7); - return ret; - } +#else + (void)kdfType; + ret = NOT_COMPILED_IN; +#endif XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7); - - return 0; + return ret; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c2f79acc6..b86ac6f56 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -52135,7 +52135,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, }; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ - defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && defined(HAVE_AES_KEYWRAP) + defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; @@ -52244,7 +52245,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif /* key agreement key encryption technique*/ -#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) +#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7ENVELOPEDVECTOR( @@ -52755,7 +52756,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer }; byte senderNonce[PKCS7_NONCE_SZ + 2]; #ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, @@ -52771,7 +52773,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) + defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; @@ -52886,7 +52889,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer /* key agreement key encryption technique*/ #ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 8fb193836..50aa25df4 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3416,9 +3416,6 @@ extern void uITRON4_free(void *p) ; #if defined(NO_AES) && defined(NO_DES3) #error PKCS7 needs either AES or 3DES enabled, please enable one #endif - #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF) - #error PKCS7 requires X963 KDF please define HAVE_X963_KDF - #endif #endif #ifndef NO_PKCS12 From f130a9d44d5bdc5aef828d81fc987b66f5459d6c Mon Sep 17 00:00:00 2001 From: Kareem Date: Tue, 29 Jul 2025 13:58:35 -0700 Subject: [PATCH 085/346] Alias MAX_SIG_SZ to MAX_ENCODED_SIG_SZ for backwards compatibility. --- wolfssl/wolfcrypt/types.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 01ca1b7fe..5898d135f 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -2046,7 +2046,6 @@ enum Max_ASN { #else MAX_ENCODED_SIG_SZ = 64, #endif - MAX_SIG_SZ = 256, MAX_ALGO_SZ = 20, MAX_LENGTH_SZ = WOLFSSL_ASN_MAX_LENGTH_SZ, /* Max length size for DER encoding */ MAX_SHORT_SZ = (1 + 1 + 5), /* asn int + byte len + 5 byte length */ @@ -2103,6 +2102,8 @@ enum Max_ASN { #define WC_MAX_BLOCK_SIZE 128 #endif +#define MAX_SIG_SZ MAX_ENCODED_SIG_SZ + #ifdef WOLFSSL_CERT_GEN /* Used in asn.c MakeSignature for ECC and RSA non-blocking/async */ enum CertSignState { From 42e2dd999075c452b8780b62f683e1bcf386a579 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 30 Jul 2025 14:16:52 +0200 Subject: [PATCH 086/346] Zero sha->buffer msan reported it as an uninitialized buffer --- wolfcrypt/src/sha.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 8dc96625c..4537e964e 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -403,6 +403,7 @@ sha->digest[4] = 0xC3D2E1F0L; sha->buffLen = 0; + XMEMSET(sha->buffer, 0, sizeof(sha->buffer)); sha->loLen = 0; sha->hiLen = 0; #ifdef WOLFSSL_HASH_FLAGS From ccb463dd1de7522346b800c06922f8038e13d50c Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Wed, 30 Jul 2025 10:37:28 -0400 Subject: [PATCH 087/346] Fix unit test coverity defect in test_wc_PKCS7_SetAESKeyWrapUnwrapCb() --- tests/api.c | 77 +++++++++++++++++++++++---------------------- wolfcrypt/src/asn.c | 2 +- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/tests/api.c b/tests/api.c index 9812c296a..a68a06e01 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18229,41 +18229,46 @@ static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void) WC_RNG rng; #endif - /* Load test certs */ - #ifdef USE_CERT_BUFFERS_256 - ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - /* Init buffer. */ - eccCertSz = (word32)sizeof_cliecc_cert_der_256; - if (eccCert != NULL) { - XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); - } - ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; - if (eccPrivKey != NULL) { - XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); - } - #else /* File system. */ - ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE); - eccCertSz = (word32)FOURK_BUF; - ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, - certFile)) > 0); - if (certFile != XBADFILE) { - XFCLOSE(certFile); - } - ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE); - eccPrivKeySz = (word32)FOURK_BUF; - ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, - keyFile)) > 0); - if (keyFile != XBADFILE) { - XFCLOSE(keyFile); - } - #endif /* USE_CERT_BUFFERS_256 */ +#ifdef ECC_TIMING_RESISTANT + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + +/* Load test certs */ +#ifdef USE_CERT_BUFFERS_256 + ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + /* Init buffer. */ + eccCertSz = (word32)sizeof_cliecc_cert_der_256; + if (eccCert != NULL) { + XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); + } + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; + if (eccPrivKey != NULL) { + XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); + } +#else /* File system. */ + ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE); + eccCertSz = (word32)FOURK_BUF; + ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, + certFile)) > 0); + if (certFile != XBADFILE) { + XFCLOSE(certFile); + } + ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE); + eccPrivKeySz = (word32)FOURK_BUF; + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, + keyFile)) > 0); + if (keyFile != XBADFILE) { + XFCLOSE(keyFile); + } +#endif /* USE_CERT_BUFFERS_256 */ ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, eccCertSz), 0); @@ -18279,8 +18284,6 @@ static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void) pkcs7->singleCert = eccCert; pkcs7->singleCertSz = (word32)eccCertSz; #ifdef ECC_TIMING_RESISTANT - XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_InitRng(&rng), 0); pkcs7->rng = &rng; #endif } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b9edf8e30..9700eb510 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16513,7 +16513,7 @@ static int ValidateGmtime(struct tm* inTime) #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)) /* Set current time string, either UTC or GeneralizedTime. - * (void*) tm should be a pointer to time_t, output is placed in buf. + * (void*) currTime should be a pointer to time_t, output is placed in buf. * * Return time string length placed in buf on success, negative on error */ int GetAsnTimeString(void* currTime, byte* buf, word32 len) From 40646964b4d71ee202a90e4ac0eca7cd078af2dc Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 30 Jul 2025 15:39:47 -0500 Subject: [PATCH 088/346] Revert "Follow copilot review" This reverts commit 189ba201f302f38604485712daa0430203eb8d86. --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 9700eb510..c366d9526 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -37074,7 +37074,7 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, allowSeed = (seed != NULL && seedLen != NULL); #ifndef WOLFSSL_ASN_TEMPLATE - /* The seed can't be parsed without WOLFSSL_ASN_TEMPLATE */ + /* The seed can't be parsed without WOLF_ASN_TEMPLATE */ if (allowSeed) { return ASN_PARSE_E; } From d0bf9c4b3c5e806441922ace2dffd8de58065f6d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 30 Jul 2025 15:39:53 -0500 Subject: [PATCH 089/346] Revert "Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE" This reverts commit bbcdfe92e05f9abf99fbd676803fe5e43c20974c. --- tests/api/test_mldsa.c | 34 +--------------------------------- wolfcrypt/src/asn.c | 5 ----- wolfcrypt/test/test.c | 6 +++--- 3 files changed, 4 insertions(+), 41 deletions(-) diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 445412cff..132b797c9 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -3004,13 +3004,8 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, - 0 ), BAD_FUNC_ARG); -#else ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL, 0 ), 0); -#endif ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, @@ -3020,23 +3015,13 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der , 0 ), WC_NO_ERR_TRACE(BUFFER_E)); /* Get length only. */ -#ifndef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, - DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); -#else ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), privDerLen); -#endif ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, 0 ), - BAD_FUNC_ARG); -#else ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0 ), 0 ); -#endif ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE), @@ -3046,13 +3031,8 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0 ), WC_NO_ERR_TRACE(BUFFER_E)); /* Get length only. */ -#ifndef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), - BAD_FUNC_ARG); -#else ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), keyDerLen); -#endif ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); @@ -3101,25 +3081,15 @@ int test_wc_dilithium_der(void) idx = 0; ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); -#ifndef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, - DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); -#else ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), privDerLen); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); -#endif -#ifndef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), - BAD_FUNC_ARG); -#else ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), keyDerLen); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); -#endif wc_dilithium_free(key); @@ -3127,8 +3097,6 @@ int test_wc_dilithium_der(void) XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - (void)keyDerLen; #endif return EXPECT_RESULT(); } @@ -16910,7 +16878,7 @@ int test_mldsa_pkcs8_export_import_wolfSSL_form(void) (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ - !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) + !defined(WOLFSSL_DILITHIUM_NO_ASN1) WOLFSSL_CTX* ctx = NULL; size_t i; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c366d9526..5daa44312 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -37583,11 +37583,6 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, } #ifndef WOLFSSL_ASN_TEMPLATE - if (privKeyLen >= 128 || pubKeyLen >= 128) { - /* privKeyLen and pubKeyLen are assumed to be less than 128 */ - return BAD_FUNC_ARG; - } - /* calculate size */ if (pubKey) { pubSz = 2 + pubKeyLen; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3b03179ba..b86ac6f56 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -46932,7 +46932,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, int isPublicOnlyKey) { int ret = 0; -#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 /* Size the buffer to accommodate the largest encoded key size */ const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE; word32 derSz; @@ -46982,7 +46982,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, #endif } -#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 /* Export raw key as DER */ if (ret == 0) { #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY @@ -47056,7 +47056,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, ret = WC_TEST_RET_ENC_NC; } #endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ -#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ /* Cleanup */ wc_dilithium_free(key); From f6437d30720c67f65094092c9b81933b565566e1 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 30 Jul 2025 15:39:55 -0500 Subject: [PATCH 090/346] Revert "Add test data" This reverts commit 778dcbaafb28ae80a8478b13648d944069372664. --- certs/include.am | 1 - certs/mldsa/include.am | 23 ----------------------- certs/mldsa/mldsa44_bare-priv.der | Bin 2584 -> 0 bytes certs/mldsa/mldsa44_bare-seed.der | Bin 52 -> 0 bytes certs/mldsa/mldsa44_oqskeypair.der | Bin 3900 -> 0 bytes certs/mldsa/mldsa44_priv-only.der | Bin 2588 -> 0 bytes certs/mldsa/mldsa44_seed-only.der | Bin 54 -> 0 bytes certs/mldsa/mldsa44_seed-priv.der | Bin 2626 -> 0 bytes certs/mldsa/mldsa65_bare-priv.der | Bin 4056 -> 0 bytes certs/mldsa/mldsa65_bare-seed.der | Bin 52 -> 0 bytes certs/mldsa/mldsa65_oqskeypair.der | Bin 6012 -> 0 bytes certs/mldsa/mldsa65_priv-only.der | Bin 4060 -> 0 bytes certs/mldsa/mldsa65_seed-only.der | Bin 54 -> 0 bytes certs/mldsa/mldsa65_seed-priv.der | Bin 4098 -> 0 bytes certs/mldsa/mldsa87_bare-priv.der | Bin 4920 -> 0 bytes certs/mldsa/mldsa87_bare-seed.der | Bin 52 -> 0 bytes certs/mldsa/mldsa87_oqskeypair.der | Bin 7516 -> 0 bytes certs/mldsa/mldsa87_priv-only.der | Bin 4924 -> 0 bytes certs/mldsa/mldsa87_seed-only.der | Bin 54 -> 0 bytes certs/mldsa/mldsa87_seed-priv.der | Bin 4962 -> 0 bytes 20 files changed, 24 deletions(-) delete mode 100644 certs/mldsa/include.am delete mode 100644 certs/mldsa/mldsa44_bare-priv.der delete mode 100644 certs/mldsa/mldsa44_bare-seed.der delete mode 100644 certs/mldsa/mldsa44_oqskeypair.der delete mode 100644 certs/mldsa/mldsa44_priv-only.der delete mode 100644 certs/mldsa/mldsa44_seed-only.der delete mode 100644 certs/mldsa/mldsa44_seed-priv.der delete mode 100644 certs/mldsa/mldsa65_bare-priv.der delete mode 100644 certs/mldsa/mldsa65_bare-seed.der delete mode 100644 certs/mldsa/mldsa65_oqskeypair.der delete mode 100644 certs/mldsa/mldsa65_priv-only.der delete mode 100644 certs/mldsa/mldsa65_seed-only.der delete mode 100644 certs/mldsa/mldsa65_seed-priv.der delete mode 100644 certs/mldsa/mldsa87_bare-priv.der delete mode 100644 certs/mldsa/mldsa87_bare-seed.der delete mode 100644 certs/mldsa/mldsa87_oqskeypair.der delete mode 100644 certs/mldsa/mldsa87_priv-only.der delete mode 100644 certs/mldsa/mldsa87_seed-only.der delete mode 100644 certs/mldsa/mldsa87_seed-priv.der diff --git a/certs/include.am b/certs/include.am index e4f6a0e6c..90e66c997 100644 --- a/certs/include.am +++ b/certs/include.am @@ -152,5 +152,4 @@ include certs/dilithium/include.am include certs/sphincs/include.am include certs/rpk/include.am include certs/acert/include.am -include certs/mldsa/include.am diff --git a/certs/mldsa/include.am b/certs/mldsa/include.am deleted file mode 100644 index 94868dc61..000000000 --- a/certs/mldsa/include.am +++ /dev/null @@ -1,23 +0,0 @@ -# vim:ft=automake -# All paths should be given relative to the root -# - -EXTRA_DIST += \ - certs/mldsa/mldsa44_seed-only.der \ - certs/mldsa/mldsa44_priv-only.der \ - certs/mldsa/mldsa44_seed-priv.der \ - certs/mldsa/mldsa44_oqskeypair.der \ - certs/mldsa/mldsa44_bare-seed.der \ - certs/mldsa/mldsa44_bare-priv.der \ - certs/mldsa/mldsa65_seed-only.der \ - certs/mldsa/mldsa65_priv-only.der \ - certs/mldsa/mldsa65_seed-priv.der \ - certs/mldsa/mldsa65_oqskeypair.der \ - certs/mldsa/mldsa65_bare-seed.der \ - certs/mldsa/mldsa65_bare-priv.der \ - certs/mldsa/mldsa87_seed-only.der \ - certs/mldsa/mldsa87_priv-only.der \ - certs/mldsa/mldsa87_seed-priv.der \ - certs/mldsa/mldsa87_oqskeypair.der \ - certs/mldsa/mldsa87_bare-seed.der \ - certs/mldsa/mldsa87_bare-priv.der diff --git a/certs/mldsa/mldsa44_bare-priv.der b/certs/mldsa/mldsa44_bare-priv.der deleted file mode 100644 index 56a03bf9c1f6a44c7efdf3cd1fbb9dfe78dc046e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2584 zcmXqL;u2wEWH8`n<4kDtU`%CZVHRX*;$n~pVqCr;d*YQ%ZHr#y--}^CbltQ=+dlD8 z&CC+-r^h?&REw8Qei_LgDL32N{A){6lh7ic%a0?r??3*?ieqi#iE4)2E0#Kc80Pj_ z%g^1RA&~Ur{sHb^_s_HFf7qlK<7lrGb9_~tjN{qVSqlz3YU+P@R{id+vFC?0#iKea zlbL2%evDk8619Q%_M(gj25nvw5^jn#2x=-lI^lRjBTdFLFv%pTQGrv6!S&H0&&elz zZ%ZgBx#vh&CUT4MNHV#psCr4b=XJ3)1Twks9BMrv;VLP{&|uUT$db^~lA>&=>C(_~ zLdig;Q;{Xnvw}rIU?QU{=VK#} zCI(hvWiEk}feZ&TyV>{{jRaUkeOZneCbB5Za7yf9>SJPQlU|U(?XD(a*>F=L@YISP z34??g9swMZO$?n0f}9&{^HbntYjR1HYRQo_ZW3PMpe(HG z)#56(Ep>_$3$tq*L!;*fw_F!Do;zxSvm1DVCa9jW@ameP>BJ$xyrETPvuofERfR1D z!XmjhgqRMr@iwx#@GQ#V-d4!n>3PYBg<)l`mx9C11uAzY_&Ckz6<~4T63aQzATZHP z<>G-(86lyAQ#@`cs5HA2FfW`iv7v**IO~o+lG$964rB;UWbp6^e8^G|BjUh3L-E7{o|!IrirX5bHwP?I(vhCP65!Dz z)7aSI<{Ql5d$GyIM`4oWi4G67Mim7&?yZ{LOB!Z7BuqA9d9q34<^<$T6 z;U_klTfX00n!2^F;lj(f?DLIIi?^(MW_A5t`!kV=qB#pT&R*9k@sC?_`m$?3-GXmE zoh`Lw@1hg3pNr>gbW7+gJu1&!S91EH=Z&Yq%IAY5_+D63Pe{iUzT4X<`m?Jp?fQj`789fE zaUO@7-Z9_eYQ3=5cGip6`?lOYl6Nxmiphl6EsrKfPS1G!scrs>mc=20)|)a}z1*%c zuUan0e&^?vJkE1_mnJ;CI4Ss~ zXpx$MQlR|`#nZByre1%i+FdJX&umYPvg2;;o6@{}gPeb0j}LeJISu(W7Y;5B=XqtM z{3LyS?j7$^@%t&WLY}zm>-;cCi>l>w>zl-q5NGPJJ)~~x`b3qjGtSn$6})bB@KT8R zvmZSYEJ}hLXXm~<3~cb@GDCYE*!TD<-xw-$daZP?-QZ+ELrYTOm+-!oE;{yA)5 znfb6-aOx5D>1TA7teffmC+FhSD~7j>9M1>u5U35w4mf>6wCMSn^nGL&nY}(Ikb`@1z<5S&oiEG=gb9dFel8*j-5z!Rh#+eiG>GsR} z>>Xx1OZc9iFRNtuU-rT^bkD7BbwTF;-YjXRFOINB8l02nwV1B)bWh8I^`*Uq>f&2} zozB^}FnFQh_3P@&|8tX9HQ(wl=sMJHkRm^yJM7kJ!5H6XJ}j4eW8%eK*EYsBigt8g zcsQ@RD(Ue)o{ukz8ML|9_qJKA{}XE;%Tp|_2FG_b>9o&?7zP+IDU@3cCx{TMIpxS>#zOY6UMvATRY?W>8YXt z&Qh#-N0%|Yw0e8r*Y@v^|3BHQSY13al5(c%^I3Hzdb--a&FxO`F1U4S#*W$tfA6g| z|Iy2nqxo^2DQ8RydK1;XmZgE!Fe|LSt<0&Vmf8m%YzeGT-I74ser`x+% z+}rZ>V$jh!f7m&i7mDw{7Pw>9KK-5|J@bM`x*h@PC9kIm+0PIC?0u(N;Kp?3cJA{b zHsz0;Uxjv9FSZb5iV70WShrNKtvE?v@z!@`<`A(Q)*pYoSI&H%-6uQe!SNsRbp|(o9br0lg(v0xV!PMAx$kHD-S=|7 z`bT~L-mG_Dr1`j>-n5%#9x?d_?_}lA-*mP$CRy2fS@*t7x}kN8Ic2%2O7tl${#m&< zYTkF(ay>sN8t}Y*f627V48jT4@)M2Xbj~tzFJ&zW75OzY*rm*+yynII??Q)u%5LI5 zEqtMP;^ki_4a#0Fs8HM_xT=4fSNrUM+O)Q-_v1hNKWP8OX8Fj}B0al)ddjLN4%VwS zJ)5<&iHpIQc|RY|o~F>(GrqsiXn(hj&u+t`b+eYs?hvT{voz*L&>N5N!p*lA9bmj2 z^!HWlp+LtbAI23+mPH-cmltv0x7;;R@6fIZv9%#Js~aSlAG}^Y!(j3Ect2b5uqT$= z7Ay3YZ%XsFKh$n4-6go&>*_mM-yT0!z6XXns=toem4=*uxj*qj&cs8}7bdf;o86M< GcLo3+O^g@- diff --git a/certs/mldsa/mldsa44_bare-seed.der b/certs/mldsa/mldsa44_bare-seed.der deleted file mode 100644 index 809ef71501e7665459d25cf92fdba029f1f6ba44..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(WKnSE_^iQlLe)HWTF}yKOZ|gxU8y*;@Va?J!jm+H I;D)3(09sNK2LJ#7 diff --git a/certs/mldsa/mldsa44_oqskeypair.der b/certs/mldsa/mldsa44_oqskeypair.der deleted file mode 100644 index 4669c183e65869ad2d03c71ff6780d63f267869d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3900 zcmXqL;b~Q zUG?;fZ%O`p+FQY1)Me)<|8zImFFB%7DN_tYj;{O}wprqaZpf*v;f9AN{`HV#{P9xh zmtCj4LSn!p)AKE@hI%t@883geeLK^_aMyKJKSE5Vo#vGKo$_hHb#p1VtTj)f1PnCx zPOjd|G1VbOILdf7V zyOz{)ALULT0adqC4F%jzS&<5y5`q&O4he7@rA98|Sm59j!otC&>GNny3xh?`Z5AHJ zgFXii=_+qlnZwkY#E_A=gyp0g(`*5ODQ;W|8&nuM8oCXbggFhl+f@ZcUA!FB9&Awb zmhg~JPFZ5&>mpEa=@4t9$V5rWo*s?Hq-m_mlX?^cixQQT6x77Z4=F?_F>xwP z@=!2PkZg)v)^bLH<%o#i>>Z6u8VV9jPVp%rffr#2djl^3lT#HRKl_V3KMN;oD zaosp%s30+c*{D^TwIi@aS74!Hw1m#ZX`KN~yo~0WT*6!;j4Ip{awj%Tm}1s8tEp#_ zTgHNhf-VP+MJ6qelmZi&CU7XYFgf&eb!Z&iR?sQNbws2=fWu43g(=0%Wj2d~GlPee zyT%lW-b)jBI@B6?Ci@6Cr9>Z4JY&IeV@g1eO98`9Lx$;%7ba*bX(~i7D3ns@RMP02 zz^25+qB_UGP0HCiziAPcbvkKz+z&wutk-_AeVWE$4!Ua z$xJ%RqA3%dQi7b4CNfM65lQG#(mY@m$l%JRq@=>Lz(<%vp?O-Xh@#sWF_uF|3=T}= z5Hx8yti-^fuA(f;a9V^>kcla6>gIR1U#h>Gb)Z8y-7AE7=G*YP+bu^DTKR8B zm#6&MWmufFZ^i8yoJC0{sy{UXU9!}y#k;>>c(_no-S^w%OBp5Xm*4Pmus2(&|8`8g zyig|Jbi&zC>!g!{t8Bx6$`)81kVx8aT5HM5Yk%zYIkqzXO;Yj^&iYv&uWkRoe-V!* zU$|8w|Ki5RZ3lZ-m9upHKB^;OwzKny;zy>8Br`L`f42{8f4s1BgF}+oZKqmm7f-$k z)$3CGRCeiIuT6*yo^g2Z^@r+5j`(YuCmxOW3uzTUAu4*U^_$9eZ&%J5X|+;8)t+)qlN?8u1r@5EMH8RJ@ zvUi!z6_L&1KfCvWhVItN53>zscMEKj%+)i9*|K-LSKt=^_frcE|MR@wrx#WgKRa+D zn^)_--f22Lckt13tQ*N zJ=0a%Cu7F$e>dc$l(jWd{ew74@F_eR}iPh@57tnRgza(=}Mu@?!m|hP#u> zohvWj-XD2v5~G7V^H#^~9tfcxW48P`ZA-(vg|}9Nyg$DdRhld|qpQYDk0x>q@Wo3m*>ebc;|go32?u z<<9JEql=Y}!9TKR2u17+tg~7w`fN>EORrLHXson_-CK?&;Uk9G<*Ha`S0_I!ci3wG^epS0V>Q$F3LL&{YJ2I-BRBimfj=@MQ#aq$;8d2} zyMD&U{s)I9{n~wJxpef(qmORwe9&_6^45g)ZBKoJr)ImE>!~z0?RZo8b=3dn1;vCLBLwZZ2?J>t6JJY5f&ME2j_gOU2{OFsbwv&BT?Ic&YeCaK? zS7dx|i8$|tl4tMPO+LD@z{E+bP{NBQGeF4ieAZo-z;E*e^!e*ZOWU|}cEQzOG`}Bj9_jlIKI#$*yU)FLbR55ufMFG~qOlNmZ=08jtVk zN1lwiTQ?ehGe2=`$5Jmf{t2sQ+}GrKudDQrPm5*$3x-=36aClE)_pVW;*HE{?zLaa zYAVd#PG;MCu^ic&-m7(NmEQXs`?k-neIv1~fOTKkhuq(BrPe`;Z$8RqED?!$FStqR z=l4EYbKNlau8U7|uBBE9EsR^z9cXa%)8}e|WzVmuoR|7~>+rKB%XVyW@?QBmc#ivm z^q7(H1^Z6* z?O@rv&2>0XG=3*$r44i-6)fA~8z#UFC#Rxc2;VB2wIXQ^giMf;nRbN~8! zzGg4FwR!pJw%sYygX&MT9bK;GyU<)c#&(&D(YDTfGb67}64eTlC0`@URrh@gFI0IQ zc)C{PXu|o9S zc@;(GkgOY%*qdJL2-NwX)tBz}U+ar{f8!GdoyymfADr9s@SI=gk-ec!!4C>Py?W!o zV9^`8Uo}$yN`2d(y#6_FMdYn!&0FIdW_o<@)6gl3q5PquzqVJt%PsxPF=wvTiC5)e z7M%wznAsgCFBXf>l$*UGb@D!g)wX^@Gu~WU{-EVq>$&Lx*K&=$-f>My|7UwgT(V)N z>>T4G&yv`;E_UZz>Chc|_o7tQTf_hVlDDyFOmw*}SJ?hl**L>kK|SV{m(Ierm0E9d z{v7HtaC$N?e3R(u(`M1jGGs4Sueh+G`fS3Nv<>%o*DdYSc%JU=(i3+!a_uhp)2A1I z-8iv0m0M?v)M+-^&e?g@uU<;;^=jL&Vv=9Q#Qx0%rGfpS6N=BW>NyqPtv@pFUD)~T zf`sYGc5K3%g>M?`YG?4Iu66U4Xi@7l{MT@d#kO>o@rN!+EA`2jS%3OY&v;ZK!#BnC z@8mmDEIO?oOCA3{-*ThK`D&BNq^6c@OJB%;757`@tm0|1%U5Z7=J6-bWqa5+waj>R ze(}lPFYkA+zZM_&d|H&>{<%VzB-Ot&Sl)>apH?;hO-15D&Y92m^&el~k&*dmo!AA9 z^kYv?>^?U~o~L2KlufQ*1#e|-xn5|&dQ>#qLig~VCGXdr(Q&Yt*OfYF=3=E_#~JCT z7*Fy4p85Qt_TO6zoWy3>?cMF8t++AxyGbC65wF?F143(fybizO+9PuLM~r*wxocg0 z4COPKVg=(Yk48PquUz@aQ!FZ3H23bFyS}yo*3UT1n14txEtWMn+~sWlc-kD}n1&VC z-SX$R{jZrmZDV@Tf|N^)q5P}OEerx(Pkd7C(P`kzRy(%P6wr4)X7;>3Or0hsnrM^$_1yyA;L+J7(0Y#rIYTGBDe5r5{jl^Kp6} zTUk7JmPP5AUz#o7+&f~Eyon2D?3CuCmcGixjJ;O$*-ps>s5pgK2a%? z-S|`c`kgsDmIYdRh6WY(vhoMsn8CmP&N9a67hY-a{@K}$~V@>wVTV(yP*N0kZg;{R`khn?rCaa7=`sau}xVJi5(Q!>R9(=EIjQ{X*wGI5^b*bE>u;{+$#&xCFPt|gsoi5zM}WMpdGzra_e~6| zpJp69CVi)1{jbXSTaSIq|C_ze{i8Ge+R7vMmPtH!=y7UU=rC1@y*8Gk%f7!lC(~{j E0BNn|^#A|> diff --git a/certs/mldsa/mldsa44_priv-only.der b/certs/mldsa/mldsa44_priv-only.der deleted file mode 100644 index 81fec03b65110013c2cee6dda09e99701c6e6689..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2588 zcmXqL;*wxuWH8`n<4kDtU`%CZVHRX*;$mTG;$mR=Ue%Ttv3cR#zB{Yeo>VuQnsBpd zYhvJ}#C@dU?4 z>;5mkr7_7dH+Y*%?#z>s8;?h?%Mzb%%~=^K8v0oF?xTe=?^Ki%8T=)Tbepk z#X?`%@#pRc{~Mbaou>%~O0;pd_i!)PQPB`mHga32z>zDLqkZ+C23K@jA0WZ0TXlU1c~juN(UX2UHqo7H7+pA^*-UCFCLTds8ldwQ;^D<8t zmq5jZo!lE8T$c1osTZVdYm7L?D?F7!VUf?11wKridR!if4}~!rP`M@2dc}n4 zk(es?(%wmjdS)qfavbUrP}NeAbc?p&Q#9dfoYZn>NiLI0!J@WCmSw#z5}J~SbvT@q zPEJzoc2hmXF>#Vc;9@2(DZ!vqDg_b-F2YL^nP+qaOh~z`WOz}@;mM)`L5UXT%?&I^ zJ05RiVKj13P-S2cNa`{v6yZ?0?3BaY;ld(WD6qn{Q9@?{N2WK21G5GLlj9_X39LLF zo}CjWOi<}L=w_%eAyH_j=8cvKkGJ$Bi*+8FVURG1_2woX1=9(F!Y+YEiYlU6B2zL$ z6cihja+O?Fden?=Fu5eExOl0k#Z1vz;^C^Kn$m2f5^^k{Nkl_LV3N|39w~P&&Xt_r zX1q*`5~rNtY!Py~WYVCxP~p)r%}5o)S(8*FIdmpY(U3gW!8s{+ibH3FQXQ_fj3f1sPlm9XME1QXF(-W~!X%@aZ;l zjN0VswT&}if@AWOL?(4dM;F$}i5b)Do8u~(-zOw2`@xqk7+-OD*?XpgNxQQ>eBB+N zpM1|0`Y(O=Hm7;ppV(F8qWIY;bA4)z7fpdHA(tj+Umtn%(>2b51yH>CcQk_?in)3sLq z__wmD^F!y^$x|lmX?S{PQDUh5u|)!>Zdn*!m^|fdV$h_-Yo8x{TOwwdGe*KZOz`|-f=(M|E_zYU267s)*WW z&-$FXGh;Km#`G=g&Ut;__HR{F`RtXy&WP@``;@b{_G`K0+E*-p#Ix7LD_(c~%=&eX zSf}mf?}t~I&wISOB$AUou6gPCTPtF29Lh02o8RShGP=3;=>DiDxyk~0v2yKs=FGb` ze|b5X|L?rruLA4;#IFu^e&Qg!E%7MpnTMU8o~IliPi#2fdQP>L%X5yzj(Z2%vy^0e zO8wo~7X-7uOP+OcPhWbI?eE)@3RN#VKDo5%*B|3Zy{}u#e>WUC(r=u%aBgJn8WrES z?l&a{`Xo_OJ;4BbI*QVYtkRA zxOQ2qpoS=;SCq|;kK4<2f4^1}R!QZbH9PYAo4k;$83ijfN>;3@{It$;>gD3ru!Z8C zPmJ3c#hv}RcP~Ebxkc)g)t*x4W4}y~9^CePSI*|=3}V4cUR@|rUsCq&($Nz(hkqV; z_W$=Ot#eaf{MOSy>?e?Lb>;7UoxTpwMW$|@f3+uP5$o;7eMJeCwH-~D3)oa79Bwe^ zN#1|McKw7&q0OG>dE1wn*vOb)jLD9E+nBoV$AhR{X1{7hM5XUJep7uvo?V2xmQfsoeqC~ZZnRrY~i-;1{G z4`Yq7-mkS&Vrsd?Tb6(8=N~HnDfdo6XxG;E|1ArOUhyw=c-HCuTzb#8oEJ3}Dx3T# zGR)!h*}E^LwRKx9*A~lHpEuMw=C3k;qZbupa#)?Sr*3s1`|4|FwySj7wSRSq3)yzy zgFNT_yxZJ-r*^!Keeq)VL-q^uG0H}rb=*gb=dJvIe(TC#EomxpR(E<9t$8glQ;wk_ zH2-?p!URsqJ10#xzP@poGx^)6=U*S%n!e0CCMlA`o!|C*KV{11o$>AE>WASbgE*ea?MX^zX~BPJb}_m1`RBx|;`NZnB(9v=MqB zxc+h3v%{v$BGs$2>^y$_oIk(uyj%b3Rlh=&7aq|qvoKtB=O}O1?gT%XprYFo-v3*9 z|ENIal`rSE&)?-AEx4j%lR(Bh_owTf`rG-69{yf-jbW+q-0#NBSDrrHc9zq+i|wPH z#g2c9)o1k5a)UA=%DefEoKsC3-fR{f6eyZ-!-&h>*>_^%Z zwjYC4)}@($IrhGJvQ=~F z;(yl{O_%e#c|UIA14F;`qOJ)qH4Z&LWho+D@abRFiK6!v%F|9QJE3yKOG|=VRoP6 TmsVMI(H+j`Lk^m(U$q?ocy^>5 diff --git a/certs/mldsa/mldsa44_seed-only.der b/certs/mldsa/mldsa44_seed-only.der deleted file mode 100644 index 82d0a73845f3ad0e74d8b0f8fe56bf81e0718e6e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 54 zcmXpoVPa%3;AZ1YX!Br9WoBU(WKn8RNSB@!vZbhTuk6O@t8-Hhqf1k}na z)g?{7XEdMV*tYv6n*>V}7sK4@wANXhPv4h3y6Vvyt;+Qu|32E$JMq@nzP2qBZA7(% zj?M5)ej9MQk~hNn6GNYAysEy<>D4z`S`}pDLOZ6UnEPK&>D>3|^qpyEl4ge8Q|q~B zAd&X-ru4`2Mn@|=m{>Mhi`l+hk<-XF|4U|hU7N|$yBj?f9_Wi}-%0v8IZiy#!mEkH zgH46QBVp2(Kw(x5sU5wYTQnxDNa1O8d3>z1MU2md$$@*i?oE$LjG`${78z3NeZs;) z42DccnAAj^d<8TnC>R-CvRc;_fkXwDj>U@-m=-lkZYh`}*3!u2 zsI+zBC5}KL6UWOt1UVFqoLo{FJTfP_2`NoUJhZLg(Tv{9YMd=fT%0?3eKw>ptLQOK zYnjO+IQxX)Vxb8Alhjfl$!VP`YKa1FJqIN`WF&K0X7qNuF)>ZxjS))q5-DOjm@2L48)K2n?AWtJ zjjwZ2gO`Jv%*@P2A%nvXib`&YO3p=0?rH)HIUAMO4lC)U7zr_MVvL;T%3{iKcw4WC zK@QJUp2Z#w$qoSw3Tk&0R2ba~A36jc65>4~;K1Xo!ep$*bb>`nnd5<2*Q^b?!VVnH zN=7agxffj~TxsLar5dH$Q5=A3^wz6xXkr|5~Ig52BC=s%9|aSR;1o`Vtc@r^>|vM$COlO zrOZ1@t+QJ?BPCLtHz;(k(2Oup;S%o?bktSZq1q{;AmTVtd69~uxT4@j7UmWoZsnwa zw$u8VGU@*N@zRXRz0@dRKi^kbBJ~~f^4B6W53J77TWh#L zwEnNqVeYnGS$@erox2CmeJVX<|Nrow+8Bp`#;cP~-sucuU`a_+UwOd!Z0xmX$6Ho> zV7j&V({=SVK?a+r2AdelvwbSr6%llPC-+55yM%u?LyLajjM1GJA3OE&57k_e0+k=4 zEGikIaz1ks&<=Wt531dSh*#6LWQu#outn!ELTIjCjRceBbya0 zc2Bb7`LsV9w+cR==$CYC$&S?=^`&gC+#$&owOlPJ(-zNlDgGu_;$|waXwJUq0}tbl ztWa6~@K9us*o~9h>>}3wK4F$x_p#4^;)zF}mtWRcouoKzn&JC}>tE`b{o{Q7vG>>S z2+PIiT%X9_?NM2I-MHcFZdSpd(|a~^is*6Ob$O!S+TzD~i(8>0QEO-VoR$Z#cTc@w z7~4EibievnIn|R#Jyxvh`SU8F>g@DMtJ#mw;||&5c&Gk*XOYmmR*5$02QCl&t4nRw zzc;5vDH%9MKjwQmYYWHoah%*b!>{n zrKi(tu1<^%4}1APD&^;i|5{PI&heg4=iI29e6*{ylc-uB-ej zW`9~ATQsTdoIud!yP~40D=ZGpPP%6v3 zBm0iwYlE-6-d#_V^2tYm+={+~lkjwkd2@eelEb)ydk^ z7BiTq&YGFI?h21wfJts^ma%>hbJh~6ziYZoI9_&aTd;H5a!2#}=Z7w?f0~fN_OGC^ zVavboxgBqgO|W1wQIXye-sW&g^36gs!T(AoJ%;wl3;oZf7sph@ww}1*5an>c!}fFT zm)YAi_p{%<8K}N&`lkHE_cALPgS0OQJ#kp}O0{8ELt^{V-nv50jNivN^k?WiUv04E zp5?Z}|3(uMQ-2;2tGjiCwVeCo&j$x;MZ)tvcD;IVbaH~o;~!b+o9=|YFt3kHjw!$N zczJQ~oZc^MUb1(|>|5?DpI|oMcd^S{e~nA(}t!}2}lLD~gxugYl! zVYk_Dt!KCx@`im4r|Lwvi~joqUOo#co_PFsy76m9={v4bcNR}G%_*F{?74R8RNZxr zTpETSwB|8BYSw?SB=yuJFMcD}tEmNYtzk@6CJ*t`Ps3nh|_HT!lN~>CSO_Su}W{^WPRy0yLP_23*;nwRqyY&Y`R}n zQ!{nbUUhBTviGbOf4VH(a<8tk%wBow>-@ishy0iJ2u)bb{OoUKmPcmJ;R=JfmCG8J ze|dS{Z*Bymz*`-4y_i)eE`+~lUHW`}FZ=TA9<0>`;%gpX@#36xq_2g!Bq}kHPl`vr z$M0s&G^aI_xvz-i+)(G6y|bM6>fI)eubsDD+IlzXtYC}Z<5R5u&q&S2xcQdENdU`Q Bny3H( diff --git a/certs/mldsa/mldsa65_bare-priv.der b/certs/mldsa/mldsa65_bare-priv.der deleted file mode 100644 index 07d42314eb60fa6697b6b1644b9a430c3c0de975..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4056 zcmXqL;=jVg$Y8+D#+lIO!I;X-!Ystn#DC!D*_usXIn%v#FLwL>dm}!t()9M{rR*VY zJJq(f^8DP+^{esIR2mKU(73y8CMWGI$1goim5X#};1v|hgf^QC3bQGcrE+8_G#7}3I0>tk zCn*X9m8J@)F)*+?Xs|dlv9>XrySld)dW5=LG&-~emNJTp6;!kYXQVS4m$sCvr5UM7 z6u5?lHJV9SG#eI`IR+_|h<60BizKJ3r6a;HD1}HVKvNEMaFjlBHg$p!> z2o{(paxgWhI~1BT2o@HFv#|&=Sadj*aioZt7zQ(oi=?wNacBgJw=*ybg)#>kiH4gb z3o03zh^HxuG8G##h8Qy_uoil-3pJ;ixfqoui7~k~h6y)zXsElh6bhuXH<|{TnMtsR zh?cOnb0i2VXQUX3ClqH0ngnqK3cI%(3VSezSriwAC`Yh6FsWoXi#WD8MYIP6s;fzu zh$XgE2&)E_D=8G4h$aa+C5fgR3MI8NvAa94Iw)7TnJbow8H;m7s2R4nCIyFuHkXJC zh?X)Ll(3Zsd9;VPIuw*kG_#f|6}gBTWF#cGvo@+Gb+k2#YbZ3kgcye_F-nAbq-2D! zho`%wsVca+v?~W$G`59yFqgP1geI~YGPINwHn;}`I~570sxWw{voNQ#nKKu#m!>MU zHSJhG(=nFo=n%D=`U(CzzWHM2M6av$H3Zm$@f$m9uRHH(&-Fqs;ahqkJ^ zJ2|ni7P33Cgq9bDBs!Fb2Xr(mu(z9ZIJpG~xwn<6JDDg7h6=Nk8%mUx8MmiJxCWXg z1v)YW8K;J6NEj6~mPeGcw;P2RHnKV-aEKVNvXrQY8)Y=ATV#lfGclxzhAOhVsi&K} zhY5(dl(;sgq#CBDF=!|!3%Mwnai8dOzdt|VsNi=g5 zC5NRmrkOHYv?!YxF$9JqU3 zH7GTSsdl)8v#13$X}CqGDF>RCGzY3Tv!w=%PK2)C9gF)%P%v@oiuGqq%xMJSk;1veCkxrGZjo0TwXI5sGj1eFJ-39u`< z2%4y|xk#udwncD=B&4c`wi^|MBpDcZ6sZ)LTO?^PB^zpV2t>3QSd;}fiiiq126_ml zvKJR6ilsP&8#bjBwU#z{B&4UZw?rhgJ9?Nkx>_)@HB=}xs3sVgvvHX3LYF*Pu& z7dm*Ph@_So1#1W}h^QqRin|9Esx>L4wip?62&reVdoWp~Ie9QSixz|>r5cKg2^zb4 zs8^Inv}Y*0sI?gzrb(DpB!>xwSGXrOgt?Texv?gfRwRc8rIo3gI-9n%c?6jXmXv9@ zWf&H+sdtz*87Hkcc{|gz$A1cQ^%xP(0;g>v0){?S60e*OdRr)SYV{o+kCC*NAv zv99mwv3WOpv)$YyeY0m=4hzlaX%mPo+IY>ZzpwMvm&}8au1ms>8OblV)+u=HrM&Cn zRUMWcF5DL{eTl5O`R`z{>%racG`_r@mh!=2zhqv|MpJI*u;HkW#6aH^PZ_A$*N6)m_7Cw@!3^dMu zRLlE5^~04Oqr~#ef5!}^r0Ze@97>i>h&*%C@YTO-8~Hj7c;-dkyEl7b^X2$aROGk+lC zFLeBC_l2z!J{co;m@p|Cnt7`yRGkVP2K(9|3h{}rp>R{oVup7 zMD!&N@Web=ojgxs!C~M1qE5<%v#PS!SkBwaHQn|yOVu&Q73KQ1JF30XcAd8p^W^<> zX~WCnbtjGq{N;#qIXYML#oLtMMLVPU#dQ9;=v~XceP~{)hTEEk+75}U4crT#t`xi3 z%qY2XZ}`ST%g!=6?&nWhnKQFG)-73Byn1!7^0s+jJ$dD;7bV}5+}*qJSE-3k%vqk9 z8j&Zf=RTP7yp74Q;8d0-pX}GC32xE%t$E{Q=QQOmOl|T^-C~hz95&&?2TKOgsQ-5= z=kCgm44l+%+Wlhru9q8{7{mRJZ@e(Kr?n@tbgsjIo6edg2G zn&d0jm)!pAb;|Ov>_%PTC$?e&M>nfz?EiQ^^rh3Z`%BC#FU)B#__FMjiSX4EoL~QL zn7FNE)t@UOA=~N`cDqC`np3^!Rm=iCCGF--$C5+mSe%|F$IJ9WtMf=g+@e+XfBo<2 z2iiY%F;AAhU@(n6CGh0dySmvYzN;_HJGo1275{$La;fjz&)(Uw>_xrNeRbjVpYN~T z{Cef$>a@ec-bX(t3Of8TJ{oJPU167-^Z!uJ;;)a-P5vDCu3q4YRSXl0Y@{~#kKadM z-hC-E`-Rx|i-)ea?6chQ>3(XXOvnS9RTT{Jp?A2SvHoIt`uQw>8gI0-dx_zxcsolNm=O5eTkl^L`$`rXr4HegWnF!{W>Mgb%zy~NV^LrZ?i8^@Te$c4`o*F0Hwx?!Kz zTb65rmRp{$ami2Rd$H@c=GIlk=@*~rzkQLmVs+-CmxlLWTYt|k&@0OIuCKa2r+M=AEl&j}-~KCgAU)z)#r-KWte6nN5@1PXPZ6s6jT)ccvOOMk8qa%%?;MVa}MymigMa~aoIVa4;!`4eIK~v&++ukWm*g6vOm4tza;#g=WM(0%YClih*wG3Co|=gN9yq(Z|+?U z{BrQlql;8S9Wuex0E$dbNA&d*k5yV~t`-kKp+l6l1P`>Q*P z(@TUReOn_WzP*{LlJsZm{kxI|`m*A;{)F85#5PeYMpJWvXuHGYrp%j{F6^Cn+t}ve z6WYmv)1Rg)tQSWFkDgl6V5BLVW(OvkL{)YY5(1Cs9iYw|H}9FvO}g9 zbI$)wu~_l=^4nwo1E$7*W54@RA%E$v(|o)f$;F#CRup{rf4}#L=)$NycB}9D+*!@( znX1Ej?o?>oTGhjzTX|h&JZ!fI7pP0l);&HW*zUt8r{_}AR!bVgD?cl2jA@6|hoID!C@+Mcq$VzSCQqGBVb# zJ0Vl`vtY}PReR>lJ|o@C%`@)`L(FXLuCzr?;gdKukEPe~w2ZQr}FuK%LC^Z5FSO=v_NLrO`Iu=g-#Ld-xl!-C7+g88cWKh|M$pu967ZW@=`b871>iq)pv{Jz7S<&&9Bgvw3Dm5=OQB}J88Q{~TJ3!Z+rzI99A)%Ox^uRYry zZc*XpKK4j&)7CumH!sh#Wk2`b%k-M-d;$CKY^5dB1;26ja7w(s_*`tZ_x5QST-S9u zsv5!*OLdYMx@MTq;GVQn=>Eb}8_b!nMYJ7rIJ4)(8sV2g|KF_K;mEL}KDy@ z&SlDWuWg?Cmgp{iaLvOi)-AQD+hS?t#4D=Xx6eE&_e?F&cFM86;p`iJ9{8{!@!MPh zHeXx68Q+ctByKqU<=~@pRzlXZHFs@!_IXQ#|JnUFZz|g)?Tzj0QM>v`ru^WiMemBe zcP~1#HPqzh#<{MA0mjbm6SsWX(yj2!rh411g<2UBPtRU*_SmHtV>*SS#&QeO-b1HF zJ1<_7a7;SawC@+MpzYar%I^;C>oAhtw(;9aCe~Y9`2_ZtpZrhfMwd5Y%1P9 zKMj1Zt^8zv|Nhq;xp$Xhc)aU5(gn&Sm9<>VeJw5RlUiEO-n|>alzJN2{EZt&Hzs1p2q+H diff --git a/certs/mldsa/mldsa65_bare-seed.der b/certs/mldsa/mldsa65_bare-seed.der deleted file mode 100644 index 53011bcfdfbca2c2a699ecaad75d4769740fe9f5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(Vo}hJ*I0Uc^}5#|*&S5Bx_mH<&*JUw>@2@){&ya4 I@sEJ*0CDOP$p8QV diff --git a/certs/mldsa/mldsa65_oqskeypair.der b/certs/mldsa/mldsa65_oqskeypair.der deleted file mode 100644 index 4c43bdfd74aff3836b0a116a0dbb0ba76be206fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6012 zcmXqL60cxlWH8`n<4kDtU`%CZVHRR(5>H`i5>L2g@_EMErcXv!>b0Yye=G>uc|PXA z`j=V>hfeHQd7+%9qfr-e_h!=6Emwb4weQUCpT;+5ZLz#p(ZA_NZ5sp_ce_iT_TJ*? zz3z&rsqUtE70UD8q_QhL`L@*GE#$n+r2414lgjzMkJDi$IlL|RnSc}C<+Eq(iU5z~0Ef@mX1l$r+3^ELx*;1IyO&Z!A zm|2*ND@qeXLN&sY0z6WaoYPrNEf`q?i%QeOT|$dJN|_iVOiY@B8d5rhoEg)_4N}9! z4BI-?LY)QFo0C&ZUD%XO)ma#YCD@83ic88=N}SBx+|q@LN&-bS8Z(^Jgi9L2lfzO} zTsvGPScJs{g~NqR%nC~yRl^ch)0-*;Ow1bu8yy@>gGHG{n8cU@A`%PLSXvnh8<|52 z9V?Oq3xN<@-Vi=9GEoI^TN(+l0qBLpmx8jV^UjFQvR zG74ETL>gTU#Y`JH+>_c8T#Fr)n2THsG@4C988Qr=lS;zH*qkaDjZ4xU8%;t(n$y?{ zn$pBdLlVUp8<;}G96gK_oh%wuh0GZPTapqw*e%$@LRl>W%b3K&TP;}90vpOrJKUU$ zGMa+jEX)mB%Q{-h6-Oi;LKmgwvafOPXB* zEEJoJI)Z~0Q^Q$GOG?ZXA`;pfRoU7S%ZpqslEcMYJw!`H3)2eKiXBQqBs7|XS(B2( z6Wd)i6ggajO&JQrRn1it$`!&hTEqf^jm<&@SUpVGofDkW7>XR49nuv=RLmO0l3ZQc zTf>C~JeX3|4a>_CQ#%Tp4VoQY3>Y)g%`{v@MN~4{1)Lk185B9fHNx9NnblZ|Rhdmq zP1q~aT^xl|Ma4>;6iYoSRGbPU(t{IJ|16bgbP%8V_icJkn*wV#Y z0t4Mmf(%uJ3KQB45=_I@D-xLmOEs8;&4Zd*)dW>cI7~`495h%HI4aDQ(?T6nA`DeS zTFphxjNFw?8pH$D6GI%-8BHUE#mYh*1j2*VO-ho4l@i3nMc5sRgc(Gb#l=I6%bYrb z1w9&5#DY0Qo19C+!=o~MPicHQVt1t|&c7|W?RMM%L5HRG zwA9^P@KNlvaMxCW)ITZ-4D&v+%rr6+)ER-JK?9SWo$7 zZLN{_mp|elTUywfSe#Q+Ze>>?dwKu1T}Mi?I*WAPbU$-He>F)g;q-!uHzn#HxkO0` zzF)wp&h)#y3=^Z z>$|zC*9^ROF>pA&&6)4ocOvkB=As#=)Nih{nEhEd%t1`&-T#BrXUM%jsJ794>imb- zQkn&QCL}+c@Mm#DR9da^d!NJG*ZKuJU&-I~b?cY++BZKYirL>i|Mb$8=j*-%CMHPV zFy6s0yXo}yf*ltVH&5Iaovhy}^uqG$pB+E;JnHYiy{^JP!1&aI1;2ky-2XBApXvu5uTQ^&G#BY4~{qDi3zWQRja?YtvJi)R&c4jxX z;;cxo>LoXyx4v^4J-pkfr+NR8neahVtB@I= zj8xxhq^emhQh2g`!c-%n-A`%?=URYiD~+*g@& z)>66R#^)_D9!sB3b{}9Z)`6XA`UU^9CQcYgpFZ)xq%(BW}(MC|j{;gTxE5(od&e zSLyYi*#G_I%nJ+F79WpST=%K?+44`bwzHd;`CL*=tr(a zXffB);>Ehsi@6ug|M*`Z&GGV`od)aY&*D6vm0^BdW8>MZb!L-4)_0!XuwnJVMJ0AojFrWSzaPw%u2%keTM|?r80PwJ&nLAz9rr{! z7guazK9Rb|q-0x>QI30nx@K{zQg!NTW6$PH;kU}1tLht>C$-5qPV{r*Hb*|7-<){ zwNPnGsdi$}_1vrf4^8y{lX7c&F}jVx9mVbJM-)S&$Jomx361de_cb- z=AMA%>SJr&6vS;FO>#W@aC6|xZ|73)-@M0>{pq+C-{G1Lj^1-0KYv^p5g?b8#K)1i zI&IyA^mzt)cltc{-`{lbU;-bG$~)U-e*PM%R(<8$D_V5{=Af>ND9_l1tUFu41< zWO;F>w+hdNf>Y*NymQX0otWBEcfi2&2pJ~sy72cymUagB z`sIl;r0(3+nx$=gUgMzEuY)!d+IjT++kVLWve=kgI;)yh{GafV$oy$$ua>xnok(b2 z{G(;<(zL1jm-y|Nx36)2_Nv%Pt@)p7MR&<=4f)`+?Y`XN)2ve46sLH-@Csmlrm(Z` zmPEv)cf~r9DuFKw=8HIR+Ba@!uPlj|Kc2JU6GP}MPe(mv|M=p6`wG80xXxEuwqg@+ z>W?pLF9`f=z7zGOtXZ#FSHunD!sa4*$*sPrjRMooYJ4x9A3Y!`O#l{2e7%Vl`CxN2rnozRpe z#XIX#TS_V|Ib|%5ni;08Hkj~wp&n!9ZWh*0iq$fQPMgRT-;tlQ?ZEG7{;f?X^c&h2 z_jJ2wE-yR%u#j&_=$3nhuI)?fi%XWjV2xOzf9aoK|0}0&yE%_K-zmS+D%9%ZeUDK8 z-JfeM!<}idEFb=9F+1KjG$~nj{r^epKsNtfZtEIZKU`npTDkP90C(h+mP>C!XNtC( zYc@^1`tik_o}^{$CM6~lFUNHpkc+cDS7^?B#=C~)SRT{e6K7}sSUoA7U2p269STdG z`QAG0oba*Zd~uWYpB%m5)qGzrXg3J2$$4GrF)iB9dhv0aDqEkE9b7HBMrWS7&9Y?Q zA+e*rTHS{G=#ga}zpM9jHZ*QH+q$pw__t>-c555oPrPVg{G~a)+{F36&<)W~7gF__ zw!ICT61ep2ghXu)&dL6UGxqI_-D}Q$!uMita+k!HEr%y;t9W#5qW#xbW}ny!8qVu3 z==&Wkqc@XNMIx7Nl1{ap&eT=m46omx|Mt_I>!6AD`B%v*vu7|pVYwW4Cq?wvZ@I&Z ze0(x>CciuO&Ca!D%euJ%*{2L%-(7Z;=S1EVO*VI*jh8iZ&l!Zf{$BfY)rU@Q77pWZ z-N}p7j2(@uSo<)6jL-mq&b2$(^~oQIWA;IsMI&n5CKg?%WCU{4=BH*(jxF z=igi#a&7Zj$DK=O19WLpa;t_fe6erBNTe73UrIFvHKSWmMOvkJ5`2myD z?%oM2^S-NeT%Py92ZNi22e?#!Oxymhn7e#^zXMnN*4<)}$KMu$}|_qMfZ7M{`4`Frod6WQvqX|Fp!EwP)jZ_zU`?f81dE6X;l{5>=G zZ(8SOP2rVY(hfe~nKs+TL~neVQxKO|F20UUZ>jQbi}{61QxD{ZH_x?H(AlZO(iZYz z!Iewvk9?VZG_JKJ;K#~ly)P^~|5|REx9i6FCD(V${{DJqdi8;iP2%w%ZmfK;Qf~U8 z=$5u!mjZhqEUUY5afhg1O;FJpN$%5IyDDegF_?BUO09C@vLJ`oUsvRJJz5gR&z4_k zTq5v;<)->X$H>&S5O0p~TMmcSoH{p6JAW)pT>kaT<*a2)L9DF|=Qc%Toc(5C85ubH zX4IXNPo=hm&VRgbx?KLDGq10$()Uf>#sB8{zl-&$xu>q^Km0GaY1sxD-q60EQtI)3 zGVa|8>=sV94{**;y0}i#IZf(M%-Mgl*SxS#*ti+ON<*<)38-Q)sdK4&gH~&F_`D-!uj>7z=fIbC!3pU(ONS zdhfvzQwgo#CpU?db4sTF>g-Q&pEUo@{OEwRMa8o`D-3@5Xnr+dF;{DtKFPC|qo-n8 zuhg#(b*}`bPGx!e^m$Zy^URFYxhC9)A1-N*s_2r@Qm;H%9$e*RU)ht&XCB_}Bq;3g zQoY;P-16eP$#zR-&J7CP`03iEs}rjiGH0w}<(yp9zeiihpi)>m$WGvZ-?|;^%anyf z^^5c7htIc9)O5Cceq!&rmA4cuiv8^cq_!#bzjRHrKm7Qf+k+c3w!Pe)(KvPUWjUs* zR$5mU*nhWM_J{56% z-H{IlWjC_l*{4o0T6B{C!k4UECAlT%wm%N*oM`)~>8X8J(#J0wtGeDDF!>>D5H?Tj ziB|5V{S!Ct-=zQU=(EYMzx_wiOw%Xg{BQ>h6^Qv2AZcW-45- zWaxd9wAplP{p9L@Fkq{Ure*d@b zmqV9duh%V&*}}ea>8Y8bXBWCoQdzM(m$${trN5s`^oc@fqvOT9`QH_-6-0~rt>q8B zT6{0zPtx()oO-VA=BA8ojzX^;pI9ooU-~$y`tm!|{?}_3wsKz%JU{t;;HlPxjR2bI BdFKEC diff --git a/certs/mldsa/mldsa65_priv-only.der b/certs/mldsa/mldsa65_priv-only.der deleted file mode 100644 index bdf04a2cade148ee20c46f6ed8b23c10ef3bdee4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4060 zcmXqL;=jSf$Y8+D#+lIO!I;X-!Ystn#D9dPiT?oWG;5K&p^uXuJ$i91Kw}l>i5rCn z?=dmokKHco?6Ius>=CJs3)bMJ!xP!adki8&#W<9E({hBE(oyQytlrL)<(ilpW9fMia8%6K919vH1k*KG*owkS5``=jIT*{+*b6!wSxhXFOiWBW zL_&-?B7{pB(+z`~3mS~o961!y9gE#V%M;rJ$_pfzTMX14#LQJV#FPR{k`yaSnvDZX zGzuL#ijp!I+5?$7B0`nISOl3$*__myQv}~aa8X^>hJ4DLMTonZ? zGCUevo5c-E0?f=BA~@1m9Fy3URM|sR*qFtd*vdoPJUWsMHN*>9m{>C08r4KZL(5&1 zMAKXy6jU{m70lC_4HTUd1Kl*7m5R)m#R}YmLWKk@l+{!X4H<=1IFvJ*I*K(ij1q#} zT3J&%S{aJi5;8PWLOPPl)eM4)%#Bh#%ESePiv!q1jKdAhJ;W6f*fk8*jRh)PQW%WX zg+m!=9aR}r zjWrqrRLj*P8bk#}0z?9p3d&td)EZdKJOovW9K+L684@)jnoC`oK?$B-P{9=4T>3!0^5{|MAOPx4NC)@ zoWtA&**z@El)~K|on2E^1(YNd!qN<#ncZ8>QW+`=GfJ4-6-tyUBuq;iQi26kn44PK zniAmLIo4k6+}y0 z8xzFajXR8lB!rn80s{!$b?24Jue1Gs2r$Lf8UY*%%{&(?Ww(6^c~?6`fKwN)tE? zmED+4nUj(fQ#i!iR9G4_f;dtF3tWU#7z+#&1td(&-I|?E+So&!3X0X4+0+t@g4@Fc z*+fj66kIrx*@G21Dv~oagbNdd+n7UHQbbLQLz)~K7|oc)Sp!89%{3Z~i^@6}*c)3y z6Iomu3o6YHfz?|cXywx?!3acFe9VrW#Y8*%8v}C>4#bF zzFDNTt(;RejxTV*fuFIxy>9Xc3mtZEGdb86J@r)Q`BT?k{>VL{a44kY=&t$qoaW`< z77@)#X)`SfKKk(AADk6HRAxOv&{oVY8@){%Yz3p7usC)_aY{mLLR(f-M- z&o}d#vTK*-X@6bVk-6CGcu>hySEil(f(0h;j~Tq*bm>QsONfe^?)52}s&xfC<}XB- z3*CJsFSDVoKYo6|!_N=1*cF_YKe?`SB0X#R_O~g*mB*OhcinUod-=ycC6jHAJDY>{ zTKk6$OSfp6=%1au)xwp^qlsU&3V%~bv-HX&yUaiGuz)Lx}UFc?GyRz#`{|u3@X1$v!cc9&7MSdPCV%2soRpx=U)zDv|I!x|LCz4zMX#?(A4y&t@;Fzb@gd8DXBoC@+pFKct>FKA zjMGNRl==RJU)Srl?F>CHXf@~1My8cJw!L>f?)52Gyxv5`a?ASV(l?XK8$8@Qejm0I z6+6v+=f{z64f&6{uBaTzG!%KbL1v-kW~JU07dp}|hfPXsJAL9z%BIqdKV?@aHVNG= zQ95}pdQbA2Yfkl7Z-0>P->~$`obJ^Zcrs7id>(s^-_rB!)U}5=zOPhgp1t_V^R-_? zUxhy43SM~Ed!4eQL@JlS{JSjThcC7+pSAS(dy9SHzfT>XB>eZcghcyFkv~%AB8lfx zy#Fg+oxRa7QzWA=Tx!>$h`;Bbo;tJOP^DnSRtDckztj>cSc*(;-*|m?`x4&u`(ElV zlluG5{f`j4KwJ>FXBz2ebMOVR%b7eEP3Y`tkdPblj+{iJBt?liZXdngr^ZHdQT`Y3RPlyTWZ%aY;aXYUQVXztZjJ)b;I8KqVI-`@5wTEA1}GWSC@#h%}nXYB7hB@-oM`rz%V zx*$He+1x*ORR}!ZJnOZ*RcCzlE=9@IFK!VxC$G5IkSDY0^V0U<-1#<6_6y(azsr@r zbu{=9n(<5cz1yaJ zcX&#ylpYH!9LTtQCgV7{BA3yK27KoeE$7i|w@j6sMq#3cbH;4;A@v zuMfC<>od=sFPEiH&6*bZT~}cibKSbik_lOL`wKSqzWuv>c3a0@PEOHfPxEIzI$OF>v}UCqpE|BbGkLs35S=6iqp#qHvi=6Y_o>!sr<$rrSm z3yWfoO=ZIgW zCO3-`7C)_i_uZseH%qG|l*jL%%tVn#?o5%p-u7F(51;zjPC~wDdRg<9$#K)qv++#* zC0bz@vmi4_Y03$K)fY2cDyC`Au5PpiZ9|8diYlyqo*Kn7z4ixoO$LlWZf1O8+Vn1^@~lf%c5GGfr@24( zBxcWuHLzsZU=R}ME2LeN)AfeOOe1gBp11cBPNqukJNsZ$bZMQa>*a?x+yrcHzY+_0 zNB11Ur}pfv|89T(@cvn`Damw14*)1;ZrPa~g+Y}k7yCrsaS@hXusE%~XF z(zeg~zkS~n%Uj!hOxzCMxYBotdD*2G3w|8Ebl7A`!z;#n>sTMJ=31hZ7=P-f%!Hzw z@2#hlxBQCXR9x4dZ@Do#eZlz^O$#D_A7BcUc3waA&1#WTg{AG{anIY@B+QoYnLQH# DXBVNw diff --git a/certs/mldsa/mldsa65_seed-only.der b/certs/mldsa/mldsa65_seed-only.der deleted file mode 100644 index f7e0ba696cb37f659e33863dfbf23549bee3e5d3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 54 zcmXpoVPa%3;AZ1YX!Br9WoBU(Vo_>PI92=Mzt#Cg1uL|9-eu2xJICVw4)g6#&mD8< Ls@6XJWTO)R#yl1q diff --git a/certs/mldsa/mldsa65_seed-priv.der b/certs/mldsa/mldsa65_seed-priv.der deleted file mode 100644 index 005825f555001a7f09b2cf5158cf6b3dd18504d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4098 zcmXqL;{V6Q$Y8+D#+lIO!I;X-!Ystn#Q(~miT@dk0>_=jW|=1&zxte(F*5qG(BSau z_{S^HiSGHF)^kSZ#h0}#P5cMuIn4bwE9%(qDg2FDEn#uXwq@S>$(uf-=%xFjkb;|q z|C*-UU|;&aTd{b1i6Z9%2lm4oa^qxLH~R)@&R<;_SUI09ea@`ULFaYccfYwacay}` z<=yh4caAjg*dQVu)+i(W(mSo{($iVnRu>n{_QK? z31zr4q!~IUGr5~KGL@Gxw<)sinAgh_VWZ2bC8Esu~5br!}QmG>L^4mS>cgIYb0^6qgvQD@q8qYq**@ zD3=?SF(?|i7gU&<6gruQm$oE_rM0;ksz?|rl%$zCcvOfPm6(aUi6Ts3j={au|dZstPwdXEcYEq>6KRcqqD;C#YC7NmQ7nWT+&zxhjVVs|vF^B%6yj zF@>`h7OF67uyGW+v>60BrWO~OrD<`&P2q+pBv>Pd@D-^3|hz2V(lnO93rwFNtNN^;I zG*xgUGPspCG>Mib7nmrErx+Qzn3M?_FekV*XB3%;xH+4MB!?H92{8$ZBsqi%77K*4 z7!(z$q-r>obrdVR83ZW_s41$JnKKq7a%2dGDM_S=8y1>1J4+}jF$V=O2$hDWHiem4 z2qdwUnrNsd79qfvay9KI|~N7nK}!&F}AueF$OsVCJCe@ zF{+j&ml!rCG_iY#3aYrVSO{taHz%c6{-knlqv*8G%2bHh_^?Cx3;w^x{H*yl!%L{hpQ*E zmx!0EvnEA^iyKrFvIrTsn2v!%E(yDGGFm>8C)r%E`OwJ@hQ2OBD|BrqF> zo2MuTH8O=cF$5VpF&hMSB&v9XdQ=EXhz6IrBq=zXnX9?DhKEY9F|}qCrY8i3h$|P0 z1Ua~77#cYyB_^`4rz*EAG?_4kC#Y8lrKlJnQ~~Pvy`@U6bU*gh_N-hvkH_s znl&qMq_sMQhX{BCGkBO6F|)fhl?5t_hC5U+vappYCoq{YsCtApg&PP52#N~`sR|}I zvKJ_)1hOZj8Y+ibD783?Brt>)mn*S2s)?{Er#A(e3OE)TF|fOTAXFr_6IGbEcZMu@YD6>6jzB${%hmX^Ag1u_+Dm^-$IMzn;MG%+=m z85yK-G%AK!6eb9YIEViS1^?p3MaG+B%2l` zWw5--E!Z_Nd^|_r1fib$RB&4_oIo${jj4XQkuzS-*dNy{paboR_rcpj?j5 zicJe5U`TP?$veOqieU(b!r^KPrCE& zamD>&`nO!vyVE4C{oUk_I<~{-1w}cU3UX&u7$kY<7nPapNUyvrBWlK+b!{WV?Js{l z{pW0ccklN-rPJK^Chhy^Sfl-Oin(o}%-L}Wo76UCh8>gLe0lwIUbZXE7%WbII;%0k&Zk+KB}p#O&gjK_ zh1f}3SEnyXc-A+Cvv(d>ew*>!Uklitd=8l-&?w80_V2EO-5jleTII`12fadWpZ;*Y z#`bl&{?;hbQz55Y_fw3KarX4G(pe_z_Y;!UweD=n z+{*AA4c#aDrnl1V4^?Mfxu^f|2e0Xo@Al2jh$;3u6@2cizrE85VUfW6SG#6Cv=UvTAgk&io_F5i^Q>oH z)`godUeTGM_n}2zN59M8<^KM+C)R2hhj=&n>ECS-)wVV*P=CAAI=8-kPw(kTto%l= zy>4#5nCEz)@>|Qnqqz#%f^R)+)~?@fcB`^`+oqMqtM3TT{+AZ2c|3M@TWVkQ2mOal z-&Q&$Y`rG;v&g*flBkept>?x=iyroh`Ti3%;A*c4-?iU)o#tJuyR93WUrA>lIVdc! z%%M+BPF(Oqy?IOI?$p^=jFLD`R~kDVD0QCv>x6?Fhr*Zt+`b8_MP4T_%ImGV z^5K7USoT9ll|`0YeWS$1SG`a2R+&2WWc%(9$G=UBTYUS~PrD}(uT^5SGv4a@Wa)Sw z_!|8%%fRYl&!i6FV^`TO_)K?LapYcpGVbfkmI`Fs~unFBvtY@wl zt?KGIDzfE#^!ZrUMppBsi~k*|KjcuCr^uLHdHu=cI}5U8ov&HD=-k&^+Pi1U!ix;P z>la=5-Fj__%A1KH_Fw#ym!DFfv)_A`=(oMw4qlS@cRWDrkapxq8MEvu!bn;m{J zHDK${EppkDzjM4Ox?4O|U3BV4-h7+vQ2xlnk5sombyRp)$X~6kGxc5oucU6|p4n3; ziShpbB2yt_>~(uXP;4gKQJHi3=NVU}T{TNIQd9d^@#}`F!lXT`{#o1ZEcN7QnCqD7 zR5|TOwbBjK9}ky)IhUUE?eiLu18H{{j9M-BoM&6;tWp(o=XUt1&j<5diiCcauw1N~ zXU(iy_EsYWm1zb}_6 zt?Y1|eo|wTsYd6esGRC!p02&!y~&DKc845D%l_b(Zpjh2?qj3Ls?D#Td^omTxLJ#7 zy~N~qJ0^!~uHfA~=|p{}ZjJuZ-e8T%Pe^Uz11aW#J9`ZuG=TFtqW>)G~d$ zcaP)QB&Q`4Jfgl%{9+Qxr)Uac5*!Y&Hm?>yjdN0W7V;R zF;3fvZ2-VKVrwp0ZogeZt-B@#D^67@E8LdlnJ{vE+zTzswtB`jd&)2s2 zTx4I!@L;KI`hM5v6Pv$;{gCMX?ehJ16_5G>+hZ?Ut8ZilO<(l&^Ea00*Z=d^)}Q}7 zOZMkBPfq8{KmFFWt3FmqZ+DgJa5DVNa!l*P><>*DMwJ^gZl7Gz<#P4=F)`(eXOQHOvAY9J@}~&iE$(fcyKeN3F$%H9hi;Q+}?OXIRgEma#~) z^ry#`)-BR91%>wKKDo#D?_XGRZze-n*hj|~2cBqfD)1a=OkmMDaH;q9)iT5AtA7`o zCeMGT^JvzqfUml-`5yfTnQ!$}KG90tDX1)aH)ZM!#}##!+osp?lklzUuh3{xM=A^>8GxmJhBN3xgK;aENV%tsa*Uh?zo8;@9Q^yn;9P$zq6h6 zFw}33$$@X6{b_TiGk;ci5i8~x8IoN6+d{6k&Y`;O@2&gG z1NMGeraJLN`o&8g>lceYNuSfn`az06QuMcp>zuY$eeu6pvqUNjj%B0MsuA9Hk`{{L)Yvr>OCi=PjZ#`vkA;D#` z(dK#FF_|^f&RU;Tn`%0_(ZH(f~zD> zKg$v|a&j*5)4X9F_tE-(`iq?_B_?lG`|`0w|GW6Wf;ms#oSL!cZcN^eHwK(G8>T=1 z^3}1-TsC~O+eOjOG669riSIPR4QtzGN}rS6pY!C-fx~rQCq#eunPnX}_3at{h1#Z> zwKEt`ANn*kpyRyM@3_L|Z@)Hud2)W$qwc$+nSShxj!)RWYE#6*55ij(FqiEM%J1`z z$Xx%1jk8m7nxW*06p5`FK}Je5mgHVBaJsxn@W2$!=xGWK5=Kr3Se-2tg;;_(9J^+* zaYV2<#2EQZ+2q0EsdC0d=)xfuC$S`k?Vgj_S`I1c`Irdtuq#b6YngCFKtWYekfSJR zN8kek0i{WTvyM3~-jOnSg6|@Zi7Xp)98D4gR zfeoHL96HRd4R_pl54z|~Q4y4yEVxL`r^|%x(J{`+LRvGIOuQrD6(hu>!q}$BlBaMi zbB%or1#zm|u1|BYK zO)`!d5@IRJ>=`Frx&%#f1DXURSsOh)bgyjVWD?++!cugwBSVGLZPE#!NEMy~O07yA z8X`L!XE+HaD=2X~b52z8TDYwD5>ucegV32{DU24HGiSIY?O;(^+`?(ndXXvj@ia}D zZHfyf2|Th;Y!G0%aAKl|g~9Engd-wF0&bctoN5H zX;3tgMMH9$#)Bz_liNB3or4&sCc0>7T#zt`XyCbM-?lNne~Gx;<&^&FVsqof|-E#Y=kgORJnP|8wkriT;Lu|N(n zp-2u-7B&qPRn4AhI?7I}g3f{|lM-)FX<$+}JgwxGU?6mR0>_yahZ7zhlaDDX85G_U z%ZOB%kZ{0bAycCaD_iseU#9J?O2!N_EjovGbg)d)O>7G2Xq%wy$lKLWcx4Og2{%3E znSwHgO+vcKqKHF=TBMV8KPhQccbjLOPfLd==2o4`HQwR?uD@`8lP5-Gt`csQ1OI5;qHbxv?J@R`Fh zL3ugnY%!J_O)d)Usf^onBN+H3EP3X*v`m`jB4XIc%$mBufm7sAM;C)nw+5@il$HsH z7$QzIC@HB%FzI%4C^CDdEoxGgndEwh$*ZfQHOR#1q=M0frkoCkuE--A!p9vwER0Ti zXel@8dK&TFQgCDB?37{&V&TkD5fo%_?@f}(iC)yn)!^VYBQw#gDa0)+WkcpIp@0-N z)lpRvix>qVWFHuNk88cx2@}D zd8V&m(n-?Xwdm#b*Zi~2wRW!BZGUy`SN@5O$?|T}MfZ-S{xjdUMEUocg@^P-&Ng_( zA76Q2c+DKQQbkt3iLp6zaeV=8c@>K3{k^fT{Ft5|&=8t)4 z?R=WQ;K@YMXR`(ScdoE@s7*V4&t)aEy6exYh8^#EtNCIhT2Fu57Q~^X0;uE(Hw+{l*uz6AaJYOuP}I^<>8D2|LzpGyeJ@ z!`1t1XOh^I-mQ$g%Qm<{`srYN-uEFmq~j$6nB?*{5qo=7w{`cqVcVGP>%g-XZSt^J5NdJSJ-IJEId|~8q zk`r|Fp11N!%(jWz!s|~*Xq`MByzpLUfkdYgH>1}FIhW$a*W_MU?foZmsiQ}#Zf*T} zg;U=yt36xY6EOX-`2&BsS4|gP8ox=t4e1kq!PUFtM$6Qs)syU2@|!FQdC+#_A7kZ) z)>}K0_tge%`n<^aOIgePv}Ex{wco|duI%7r5}5M-WmLz0zS&o%2Bvkl^{#8Wd1>-1 zG3Uwp_DP0y%;!x-%fx3}3tC(gmaEq)ds?n{*?7*MEo{mMpT})Bvikp;Yh9b!hV$_v zMX_ladpB;Hw&o3EZRLzF3Y|f}a~B`C|HRjxaVS1hb$<8p&+qq7I-u_HM1Aw-TXh%Q zcy~GJr9?&g@LMnls`k}qZ_9EF-jcHVGS`BxpJ5!)(+dPs!e;O)hTWLr5*cqV^_3}d zew)quFGk`oW)$x-a5Sh~{bi!f$5&_9tezvYTHwe+iJyL=)w891u02}Z&*yg2=fsy! zoh#=uoGmMJJld~SSMBY6BlX>})tiz(?XOCh8J9U<{%F*c;4R{A5mTDKe+e-8w#nR3 z^wj;Hm8`bAx6k>#f8NX7P91IK*$GGNQ&&Z?6m4FrGAT1DZll@CN+WgG)q3@@*S8(+ znfpUzv#s^vFRgiJb2M1|G(}Ul)Vycexi$CKE2YH0w&r&%o=E4{E5Hb zfA#D%ABMkf=I=cYr#J8!v*f(#7S`xEc<{r9j}zW@3D2rK;PZgHaoabg=e#yp} z_r~yH-)iR{$5u{tJ9eUf{_)cJn6qN~wr(KbmtQGX>w{v96*PbQW1+!Tce1hB9FW5cIefOm6)Gfn%ckF(ZWG=Kk zV<`6`+U?*4`va$fpM80srP$Q${p!c-&=*Zy4_NZfiw39$9FUplbK!)zt>4K>HFZIC zZ};|0kx&kK?R}#w{eN53|6ex+j?55QEyL#TWPbMyv$pK*j2n_}4zFZ4pJn@Y*Ynl= zYV8|o_g0t8`TLZOdFQ|Sf>o1r^A1+Xh6YU2C=hGPIbW1-$KU9azAvz1YDDH@pB2+i zFSwOy#Kjg448 z)!@UC&;L5yug;xvbsd{c*5i)jMQUCB(^|U(9DL&DUHf5t+Wl3y;G9GE3(9WRzOGN2 za(VBODSdl)tcVKw{&(w@dD20XOrxC^p9?=@ek|zCiJ~R)Er#rl^F7YDubs5$%Yn3G z&WFV#{W8KL)6TN2oMZQVxqsprvqcHPr8Cwh1TUX8Gq&`Oxz9QKvo04*SMSK~VER7M zz(H+6-D{TD3m4}GE^O3Q6F4Akab~LX)v`sRXVo556@~?jaB_C zr4khUj!*d#azrim-u0)?HR2z{u#`PvJtBQBq_OF~!uDUk-z+dT+$I^mnc>EoN3+-( z-_N`BWmlhb>f)XqB9$LnBo-IEnpNZ2oAJP(cV1Gw`qtTvW+wG=GoJc#*)mJ@f3=$% z+V*UJ^{vxQ^-qOE%KqNndR|V`dWoTI-p7u+M}Bv%{QpG8{Me^}Z^ok2i<0^ezlxjs zm3LYu_u;Oc|*-L=}@&G)}HHaWg1swM24HIo{ewEgt1dK@3KD<47TSiIN+Bznc?hlW4WZDbI6?#d2*fe>T!R(wqeT}v4tGc|kju#w# z`q0?GShwIdlUGj;%M#UW;hRaSnpI)XCSRHz@7p)+`8jX*s-s%-eIABh%4pk~?e(%w zY^vMtG`{#L=ih66h_vcks-LFQUi6W31LMIxeL|cM<20mY+Bv`J7*C5TJ2{=JAlYGd zZP8!X*>m_8E{lJ*|JrkrHihqRmo+G^-&Dw^V=vV9mofgHu)KWv5fkUxX0j{&8U8D} zzE%6dpj-TEOO$<^Qt4!-$?M$m8K>JgvadL+F4QH@Et(j$R_Baz>8HypY9BLfa$2=V zaPpkvwVTd&y>)HbmiBb!r6UXK4nJ+L{k2=PA3A>}S z?XXSkwb`)`XX#Adq_8N)CoFECarVh2-U^RyeUhkRI%2i*zh2StS;-e)u8H*6#5uvD z(lRn^QM|fO$IR1j@2srbus+O;S>`6sZ=Lh$-`6(X4as+@^pd zoR`_pJD&>>?Z5GR&v%i=n)ojz_fIgpP5ag^RotU%Zy8gN*K~6F$I~)N&v(eKxHEzG z;;f6+$#;C2BW$fE2ABqFMEMyMpG`hFX}9nchewIN3y){KxT0O<^ut(e_G0PV3;F#{ zc|7RlHghTe^UgEQzHxf#@1EK@Q#v=UxVyJ_ zO=IoKj;LdsP9EXS+cWvd{2Mk}IsQ`9?1P(YY|HfoM63KREs&iZ%;V6h7tQ|UR=Ve; zoS2YHN3+(isNXF!L15`W)?%3*Q)BzRBOixxeqm~jdmy14e)kMh~N=OUIhmlFPe zQ;yLxDJ~b?AdaK;czU6y-+0Wa(p@kXo z4ttb^CM5lZLnSxeQknMxzO9AOdku5 z+BjalT>kmi1=p7?!3!05(kq_}h;9+M8CdQjBYeX{tXM`*-edZSb1ct}*S>TK{_6VM zu`oq=uh$$&DYn?Hc+woV$5)PH&p0J0ma6m0QT;Oo2}OP<#gFKPZpUY zDiZ^Cg)HD*;az=s`_aAr@AglSW9@4-HFS2rrkwlfhl0qi$fWlH2{Zh98=C}cXRp1^ K@wY(GFbx2L){yT2 diff --git a/certs/mldsa/mldsa87_bare-seed.der b/certs/mldsa/mldsa87_bare-seed.der deleted file mode 100644 index bf0dcc7c36efae130dad78daff8a0dd8955b990b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(W>Huh-z;cyLrCcRZu|L(UVZX1``a~AH(ofmV>0u~ I!q{(W09Eo4TmS$7 diff --git a/certs/mldsa/mldsa87_oqskeypair.der b/certs/mldsa/mldsa87_oqskeypair.der deleted file mode 100644 index d81717730772c5a64627466dec075f3d9fec57d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7516 zcmXqLl8s`#yJAVF3JaZs!x?g& zGGpTBF0{NqV|w@B@0IGStS8;uxLm4Yi}`YHgEfy@bcBk13;Q?FlU?0=YF<;-MrbFtt?mltx97d>D6xwF$oXXnFT3pykEz5o8P z^s_e4nzXmRwVYEkaFK#X0~439qRYi4tS8J^Rm3tFrzc1Xrpd6dB(r24nV^}h!RYCd zuvn+M;q&rReqyMMhDL2MY{67YGV? zdMT==OcZfsl$hu|qu|Uo50-^FX9QAwJPMOlc%2-2g;#WRCq-QcgE?inu2RiZL8=&=g=!3}W)QID?T#IQ7v2Mk&TliK7!v z905a3~Fk+SGiWM#axBivGgK4=h1qz_iX=LHSU7VYPZ4bC&^h4IwnRi=(w5W< zY6=bwxq@s82OJof3@1Ke<7i&OA?cv@gh5wgS;7;g1OW*bk*N+!9l28s+@81zN(p5~ zDDW+r(tFd0?}@3lvtu76Q95oh888m z2!^6$HX(_rEDVgAGnIT*RtC-x^Xafi5_V&fbSj8B;>f_Rz_7&7bB039F---LzDWx- zAF8z}OzChwlsbut%Y(zflc}}QEaR4hk&hTJ;}U}=AzvPk07XaMQznd!3py3HOpw{a z>NCTUdqqGr(?rGPfkJMYhuz!)nbM+__)?fMt~9wco3SvPcE(s}IxR>!AmkLIl69hq zHR?pdjV+o23j@0u6c`w}l#C{HPE&X=Aw#6Yr?EjmqP_5lLkqJq)2tn>4GJnf4q6i8 zDgv4T&Q3v!%X^tvi$aV76f8TgsBkD72V7p_(8-kG;^z5yl7fh45c47)7bT@65!C>T zj>$)I9G4kJF)4OT5?pj`G4U`*UxZPY^i~xP<(7j>0v~E5O;YJiG)cY9lp(=r*y)lrN1*ML zNbeH{w;5Y9yr%@pFe^-QGq^P)mva%ztd<-Gx7+{|RvtFa$r_46mW_={3NoghoN7ga z8U8!=E%azxy(Rl=ftKqpI{ap=9#%% z$_=x`c!IXDrZ^NyDQGB|X5Hw>on#i^eIlcoiHFNP^^}p*?GBD$w^U_OL61$n3Y#^U zx9BKIy3KLmy1b1?#MGzfNTA|oK>@V_rp1BGVx5U1O(B1WFf>Y9m8YNrka1W07C zSh}7NNqe$MRY^$ju?FYiWtt)?fr8EkK8tu6+$SmuaC(~Y2#f2TS(Mu#(wHLF!0f=t>X9hX z>7dk@ydm&WNAC;?UIoPoLR(n4wqyvgO_X6snrNWIt)VJC!H2<__l!^`r?Oy!%A^w} zE-ceJRW$n?4y4SOq|#!R73raJTEb^JQs<2Suu zb#wN+g(=Tjuk58!JCm zw%M_9W$o`-A@B7iJ3q$HVSn`Euuz_U%ZDtcip<0LPybr;Sx!Iwjdy;UNp{69#e$Ye z@tj zm6P8#S6p*Hn)vd|F}1$=9hGM{G-PsI_tLYUU+t}PY>_di?erw(|MOdpBr$$2kEu^| z+_1_{eSXBXTN?xU-s)-vODM1Do)n_&oOa>XkIrT3d+Vhl`{r=Z*!TOG%&+2;e5wgH zt`~|n?p`^$YVxZ8AMYof5dVIBM!Kt9(#7lB=jkUd)BC!h$oRaJkEGvQ*yR)OX2Z<*e^BhO!u z_D)H;e%xsP-D7UNjPkakc3Ia0{~g~qd-{ZZ4}$9KvbRcI6g+#hIdgWyTdSJeN%9FT zI^lm}l$ZK{@!G8SqgdrjIXhp{+tP9?VYlKm?T2UL7_KeVShb<1Amu=H=t(!hJ~fqR zQnrN?qzc~#&wbUhM6cFCabtwULh;4HhKgL=S*P3gF~>R1=I?Xa%@p@4=aFX3>$^;^ zKKE66`Ihfpx!%-szr%|K$C77RD3pD1FU;uUU;2&9p*v{9oe4E(()Ba`&$#yLbwEnt zar>A!mcwb@Ut5Lv?7pkDS}Z#Aw!q`I-}{Y*4IAgZu`8Ro`TAxJZq^TiFMFRZh!0$0 z6wn~%v^!w6-tMda+vLR08~FFNIIk<*t^Fk`XWCn>B9}${Q~VgFytrv@>v*%eCA1=9 z*&F_*+e};DK34v&d)uVbzauK)>g2255~&TLo5bB1ujU2ciS4PoYBiy3iS<#AQ!Zke zKlwtPqZKAJO=a~^d;R;;jToW1syd!sm-=1apJP_Cbtr)$602d+-z4X=`k_bQ+dKik6#z+0#bTTWn~t-Sw0GR zpu_evk0tt1_N}jrJ584CDVRICIJ*2!Ol&}Zed5fcPaD|}PX185?3C-bla~MZeYUCb zZZ~xdW-oL&YdFhgx zu<2x<$i+V7KB6!udYlpTlbUR}DeP;L3UX_i6Dw4NSx)|x-_>x0L8 zc6@(mnlvjzLWL*tlpfdQ%iJ4xbA{iUBDo>{V7+aDcmDL-*;t z=D$jH>(xDOrB0P$nRV@pm>}m?hDR53pZ{qR*|6DS#;U@asQlBeLY7slBj2ZVo#F@< zs?U4%!*MkuU!Q_4Lk3U9udOM8-+ygo4>JjPm^S&P)V9C~7q_J8ue=)9yI18LDvHi*h(i?IEpItq)=`y=}@zU;ar+16n{~Q%bdd>8H=?1?kj*M2G=eKhm zsXDRi0P|O_E9VPeZ3v%|`$^)n=qg)zXU^VoCQXaDk0%s1akTCUNOE`HarMjG&5tvC zHMrPYikd7P=A2veH?iiznW;0g{ub+q=n5r-oMfAJCiG&k{#VBBZNE74ru;3xzl1OA zG^_1DeL3C>@z0x<^d5Xr6mjEGde9r5Ht!EN;v5Q>EGl08F6#a2nP1vj@2ZPE)}Ob; zI{w;)-P<+1Ua#M4xAo<(4KjRces^3PwWmZ&7T!)zv8g&(Zoz*cb(4PB7f7@JTlIG1 zuA_-PsZY!oF~+b&EWP9_xA|Y+!lkcD_Zy4n__w^?@A`S`F^lDq|L!nNy`+AI>rKq= z+KE38uZoH&QhuLvS7_n?^JjB^*!WEo5)_<2H{0pc+Jzea3>7llNy2TxHkX~(K4|TTtDo{~+q90K zt6o(YWjye!IH9UK_v`1(?skig<=l$QKMZm#*&-96>8yFXf7x zSC~(&iM@D!X7s|ug8>X*ggV`{n~HB1Oq*);D$C+TSb8|`w1|COCEBmuYb+lmefhTg zv2|y%@G7a?Qhm&M8%jWYmWY7{da58nHi_tIAb-R zeHA_Eo%Xpcv0J10doq*JiSkK)=i8SxEvpQFwnOIowD8mOxOsamwZFWauCMsA_@=*R zeut2!qHiQagn8WI__fcuEFT@etI!^7x32qPXC!Y-?v~GoP4<;MH$9mX@~Yq^tL?vt z21Zdk#>)Box<0>Vyu-IOl0lqrCd0Aifz^#i-_Q8+x~`^sC3CTx_w_H&wBi^p77QO}-}RC;d}( zpMNU<8l~{Rwe6o;GT%MAd2rSy-^BX|CT^K}$d}LAXUS6UDORV%qLie<1o+x@s_gx3 zGhb=UKA<@DIVS_#M$`N2L|166dhspOthu1;{bg;x{7cqhht|IAD)_#iNVmorYbzn>_wV>?4D)479ZK2H3Y<812jO5W+Tl0ia%NnC}->CUwpzA=t( z4te_8znD;1JMF&n;l91W?J}ij^S?>T>CT_v{@8c7eVE>)yQ%rDFC*`8U)E{QSSa$l zxgasK>C~bVy953<)kpk4Fp*k)>V^ADQLH=9DXN3yVA*xfdl|IWhIsa{tCZlApN z*T(132e0=%8IKot?A>~x+o9v%r20q6BARZo?($swZ?qon;K@04RPNYauJf8YKa77w zWE}o@rh59_n%hro%O9UGuw~%ret4< zUKZ1I&{pmIlmG{zpMho%7Rg(Fy77)}InN*YAE8|``!~IKw>f5l*V8>uXB39tGmF)@ z=6U?Y*_nwpTEemuOeXHlyd^ZFs3^;DqsHE{0~JzNi(MW{Oud-cyyweO^GRupPs>lF z%ZY@4VW~7fYH8hn``L-ZvFA=*Ztvz?J2{%auK1|*29Z^M&*IAFy;R+?L*Diw+sni= zY@hEfcs}{Hx`Lu~y)T2t?&!4BVyjL)y(`c1?#Q!(Wg4z)*WKPNc_7bs||o zUW~3@Vm<4H+i~BIj-Lej&h5M=mwoJA=7j4_*14NP``nK_y;<|ROJn-f>sOck2oN-B zOnCY7nbBQtp(2;f=VV37{Ja^Bp16d3Gg~cM>C*ar$(j@YUkF*>Em2Cfoi?@b{Jtw9 zhkqRumDB}wC@rR%-XuBPC@6??Y)x^^)7xm{knEZ?2Nk^YrR56@{0ACQ>s?Q zO*=PHXWq-88rJD+)URG=*qu`PNv?1D^ShRgz2(K{7@uVetXok2JGa_fs6>|c%lXh0 zr_w79yJ9Q*C;pp!|2Ja_(&zw_*i6HISjFJ;@E;J@{&d&$z}>knHcL@StVYdUw| zU_yV8>eX3$R`OmI*2pfqY-bbiygl_w=EMUBZ~j$LU%dC;mynM;*#+2k9)9w1ru_5w z?I|C%WtZ`O$@?56n6*#Yf9ZtnllJxR6x!?hY44&E4wobKl~vQGn0ftQbZ&1ym%XFw zE%wXC%i~fH=U;8Rz2@k;kMFL=zIlITN|TUK^!qnwS(1-@`ZjU;Yq_#Ne_~dwZHP^p z7_{@KGt=>j#({^_Y+o?2g&R!m)u_Fi%&785-tEtOi^mIv(;HaRD$lDPo;PoC${O>~ zdCdpKcDTO2?>OffbDwt!gYS7AzOw@FcDab`bGph_(eg*gruoo=y zMyKWbo%ri-r+@NfxS%VSqQg^k)Z*Q(swC-&A>ED2Z{1Fxd;Nmd?A+O+_j)_oeak1f z8SFcDD9>7d+IESQ{!-K)*WBc_r8=ua3 zpZc{jbn>Ygx;GwY-kiH`k@&~;g?BFctc%xan}6Svuf8i;?n6cBsYiQ4YEIp5i`HGS zK4dSWf@R2pT(?QDW~@CPV{yzO*7%B0X7i_=ug|Z!AiO&IlC!kkY`e2eQAa;>X4iyk zzWT4hy?J}|r8W_jGwciM^k$oJM9Jz-w>RqbOkTYA?8WJmIgdMhKYpp|WRU8*9XCqF zDtasKeiBYQ_#sY3{=(;p#UJiy{WPC`OI!El8x1~JVe{wh433d5qHOO>nxPT=!l+i^V2K`Oem~t-MfD)xXq8!kv$Q%Mxt~&56mapVwDc z9y)i@?D34`i7U6Xo}IOvG5<=$SKEsQcU6<;w!2tLZGE+5$ldfubv)IEv)tkJmQ?b&#jW}1BDiUyhpo4IlmkP)4f`P>zK1LHM7N7g zX}b4fSIj@J)U+^x*@vI2++m8?6z5bM^6^^o$N3yqJrmoG&1EdQ>gczYkNwzn_o?r4 zZ7&KWbQkXHFK~Rdb)wRzZ~BFj3%J%*NY`yB6V9F$sW#!$F~(DRY%A7Qe_AENTDt74 zP;Rooxvkl%XC7`dKgqaP+%CRzPlbm=wq5nJ*OFIa9Ah)3pBF!$_UQzd;EeX0YxmuV zy4@Nz>H6lidur}j{C&>-Slz*ObAe{Y$EjV$Rw9YJue{1TH)-wH{Y4%(edhGspY(a} zcD|>HR<5(8^p+kfRJq#!w32DoEvGdv9N#b8dwH4IkuzV9Dwp{#o&S7Zdi4I?pQfeW zU%zkjf}QhypZglNzL?JN)_qdd!m1M!UOv0>TyLZmr5$)vT@=Q&dyWael%|(u-@A#u7-uixay!-Xfxs2@X)+|m!Z%l&R zzJBPpmSlTjxO>@!^{T4V|NEVgJlMF8Yk!h~;tVo;&wY9S#4!qzahS;LWBF4-^5vSZ^)Yj z?fJ?Q&1wCuXvOIa>AKf9E>3Ff)^ajpjYzf=G43~NvMow#J6!+ZzVQnt;dqh6A5+8k zo}9{}wz4$F$ewqmq^Hq$$H&WTFTHv_FVtq&`SOB}v!0AI0~amio&EAoN&M2U2RKD4 zdhYIDae89!U;qFB diff --git a/certs/mldsa/mldsa87_priv-only.der b/certs/mldsa/mldsa87_priv-only.der deleted file mode 100644 index 7b94ea37f95867bd0ca08975465326219f74abf0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4924 zcmXqL61HGsWH8`n<4kDtU`%CZVHRd-5>{bp5?1&l{F7n5#pal0$*Xufj-BNfHREbi z;#YhZFm>PenM>wtq!jlbiU_PK{2sZ6!F9)}lDqB;s*cDV+U229QvW)zB!B--EDZT3+|vw; zKb_^X(B*u$%tI$573EZpt&I`_LQJMEE(dxd7#JB_dX>afd1kUQFAiW{nyPr%fMa6g z%pDvIhOUQJv_>rG3}%|pWMp)DgDQ(6Q<6cWuzOm|F~S@2A7B1WQ7*b1rxXx zG(;vcG;L}0^2m&K5KLj>aA-=r)sVrmS>e$M-@_t`&PM_-Yc$=mn5g8LF{8!vQVYjv zmE6mRGA@WsVm``nXUBxwI|RHfTDcT5CyTJ0Sd`1j*pST8ddAI-X@yIonWD(ClsTI+ zh14DAh)q=HXq?5O*f4>&(=8>2jYUDi(1oq_NsFqGN8?NeFGgbzmK_e4)e3^Q88n-? zGH)^TK4!?wnj$>a=de-1FiZTF5Bj!gPd< zkHJttXuB$>VPeRpMg_r+#crH;T$H#plB6AU4;UGA3#iRzNaM8hyK;bWp;=E-OU7go z4~C@$ij6Hy4LQs#8X|^m-a>)O9K3S`dd^t*FdC#>Fq+tTLQp}at#L!oDTPdzWgRLl zj*mB}&TMkLz?Q(Y%r}N5O_054l0#l&1LI9M1!)UiE+x(ulf+9#0aAw?Bo}Jlc4?6^ zQIOc28g0U(a4gYln@`g*mj^C6Nh=(hl^9r96>oUBo)Ku|RBt;X#MH3ClX3IJJ4*x_ zJ9HDp*k+vQY_Ui-FqEo^VHN^#+CZsF~n0P3)fq*=7xwV8MjZQ%wXaQ z3nNF{38gOP>5d}eK^(2FCq0^yL?-yS@f}nMl5%xA zvQ3A3Mvfy>jxrM`$0P+65jPP7#TbPg5f3)*Eg2FTeU}*oCb(p(sHIL3NjtqISJ1FS zn4{}bgGv_*%cMntT<(R8OFV8IE1cpsF;Xc&LPST>OfS-e^|YEGqe;SLjYRHNA1R?p z3|k!>cl5}#HnJEgs<3iJ&ge+!&=i>3`q-swK~u(Mx84pBmn$YY3q(A;Cp1X3=y15C z9cWP$R#)?x!098T8Pn8obBSuRgur8kE{9D%31*&&CZ5WiJr7)(V$@QUR19u$GzNR9 zD06ltZRil*9-y$9fpfct$C1`a6L>vcR67q9FfK8e;=%ji81D_XMu{z%O%9p@7A!La zJm(k~avJw4Ol4Rg;xT)Xz(kLpAP2VFOj-&p2B#$iIc79Q%t$$Nj8SL;&mj(1M-8VV z9)d0{fle)+0zz3A7V)%5^xYQ8IKX6dU`xSc4^QP~E)pCrAsSi=0)C4QInH!5ik!xK zLWK8Vi-V-wgpN%Do@Sas0(mzlDID3Mcv&Ik!itFrlT=vDm}V&WBr6CwGdT$5TmF^ppn3W6{!NM0*{4!n2sB;9O8}C=)1hb^Ma6CoBWTBbxf&qlm*t#|Ftl~ z`f=F?d%*=O-InH@(OtZM=6}~abE_G==ZBa+*dc!0iLFCMYFWi6H_wkx?MriN^F#ao1X|^!lrG$Q@nBYhT<00(fYcV<)B0g| z3eMJaY}NW*(6-Sj^vtdu8th9rmR;}O;cDT^;UuzP){K>Fr?I%{SigG%=O;TWW8dx~GuvBDITVyqAUj95hl3zMXUY(lb%Eb9rKj zoAmi6^PJ^2W=>c0YeGF6o=6w2u=Ey;uQ{NXB)oT#u*^(W{~sN)Z}?}Ysqi?eLk6mu8j zedYE}`p^55ySVEU^5sqXpFIC+(N(s~JgoD6Qr(g%tE?jD-N=8&`1S%;ty?ydg1Z(-%F5sTE26|Mv1qd06AkMfB0n5B zB#s$2ZJE%p(b@V)!08Xp0yo4=gjlsNTdwP1$UUgy^7^HjvE#y-msqPEreBe0x%Fy8 zz$vAQKi2&Hw`3+Pz4GXDlEH_2uP*b2cii8}z}j+k8*@zD zvn{JDQeLT^PWJ3)aa$;RbzkJQ8HqD4m{}O`K9tm0_9OnbS$B&KFT=w(PoH*nIC=Z` zhCMUc^X{Vgw*KvmzU$S(f~N&={9NYFD7Is6>V@FLlON4~5xOPIQ{aWJW#98RXD>J$ zd%0weNf)Q$&ZRr7_imrla_M!qOKNPKYlPqZqKhfK9Z9j-k9nJ&E4yS3ugZ3aY~tF& zc{iGUDzp9v``lIHA(x}I&qQCp=yBHm#hYumZ>r$it#vF;_RX=s zem_uUXiBelKmBpl&3Kumepx)e2XCBoObXn8;9B;5+V^)<87m;GBB+WGSIjMQtFJ6$G~@i5KG3V(KSsmU5)m+%%rO)f6$xy>sI&NN6p zUnNpydU{q2Ytn^%zPaB8bnC9jOJ(@+Eb@0gf1ge3@T1(xm1R0EcRsT0XP;a9c}B&5 zhoz2R{X^udoyu=N+O*}OhqPsMOdIzE)dW}m+W{RL`!=3d)pb3-{=-iXMsw>boz}3t zw1Bfk%%v-O=j<=4ejaj_?eQD#e!2b+K527`+poAe=lZ>M;VBb4d%<(w{@VIE z3;5S8Oxbl~*W-Y@yvaRhf*PtA&7N#5imfp^!N0`5-tJGn)B*SZuCoj-xm2J1+!o}= z`a*Iw=g(gu)1T|~u5ox)^0oWYQ=dm!lYNe>ELc9NhUInYii(O>n}eT0|DX1Br*uxbQ0#wr=9zB3jfI!~-0G;)yE@V0zrl@nKWhW#ZZ|1tyzu#;@@6{D7WV2es zbUovNc4Ob2S%u%q_b>3i`E<>s5RDBnCU*ZlB`18b6xknVaKK<{*wRa8TrumfeP7cR zc*UwEx~hopW-k9(%Tq^|t#En1+#|ksZJOrfe_KT3W*yya;b+1w>E7REc+}=vwps}cCz0+FX$7~ zoq}anzyC}>tZuQEW&PnJh4-%XYESk(l#sAZbHf`8+XO{pR*h!u9P8$pvu1Zhmu*&c znmK<{ds5c{z0GNh-d@SxevPq$sVTH>BKyX>yByDcTE$@R78Md}$>00Kxo~ZCtHQ!9 z(T{)L&GOL{Fx&V^duCnk5i{}Ei8FYYZ{gt6kD4!8J9SOahMgV7;>xTgXSg@s_O)LY zd#cgwXys$a#IDz;EjJVjOWx_YX>0jk{`JZYR>_S|0~#z6Gu(t-cY6zksBL+7&?@!S z^nD%~$JTM2G&jBYd_%nVe~n!sR-0GFnVok%tHdhJ>3L>B+T2&F7Z=X3{?(tEW%lce z;el!QtJ*iNVYx6ZqO~SwP0hba_iYa>i9ZqKH=)Ohb6RD<)4P*C?-Aixa%Spl85dL2 zxPUgHZPyQM-fZ8@*_qIx>vVK)*gv^*pPuTiPjh5jYV|(Fd}THJ_Gc=Bb3!s6Yg+O5 zUlZe)cW-{-cD+5X?oOIl(y;N{neM8VG}X=ZaqPk#OTUX>E8lkCFnOmYUusCjg3mSl z^X*0FYS!MF{^h9s&Uq(zPHr%ekTA;=`1JRuswdwp&Vx%M>wkWJD{_FtTcEsP$HKSY zd7I{~x%OeJ*qz_IOZfZ}g{wqfyo?HvmqeHJ~DdNyUQX8q!O8@8^0 z(Y4d5-R548>Axq(x^uUDth(gpr_XjMNJ8qp)`!wpZ?dKoz3~#TJN@m~D|rcSkL=GS z^=k~CdVb7_d$9A*z5mN@eHXcOK~m^dxxl8Yv*h1jnS1EjN%yt?W~D3_vkZ>7*Xdkg zSorXp%gNlE_s#ikEdFJ*BV^{$r}v};gVN_jYrMP5|KZ7T^=_Ac2@4{>hzsc*m7RGs z%l?3(>?7Y?W&fFf7>idv*cIHU-TcCkr|!SYM9pdMHe~PjQt6H4XQ-K&>wP?=CfIaB z`mDBI=6!+}1WK8UPcKQav^^CyTTOY1+Uwte*-EcdoTq;IzINH3W6jnFe#9)>mG)Hp z(fx-H4&CScJ&8?^v%q}zZ3W+dX@)JA+=xBf;CU|=Y-=!`^9``kWhUR_Rbzw&QRMkD{?Yh;g0t_~{ZOopzqle>2)^67D$*PN_Pc*+_ zpEgHx^HYhuRU0@oqz=wzU${5DikmB||C#30>U^Jc=4X{9*;XGW@p@m*bl0<4+_;XZ zWa_?zjjNewcrJ-=JijR-My>xgyO4fH2-ok$wn?Y|8C;#~aC5DNZ1o;-?wI2ZGoya) zs@s)+hk1eId4un}Uj16Qef7)N;rfIAmMjyCYXRy^pNRRbHOoQdP2rWqV@7$Bpy*cXz!LxLDb`V2{k31-iO`A28|eztB2+upvM4z)>bhfi=m@W@%m zzx2k}n#ZMj1$G}dcJ*=8Z8kk>HGyCERLt?j#Vo5VV?Ej}mc*U@zR>sHgfG22E3*GD Nc<33C>{9DG2LQ)pp(y|W diff --git a/certs/mldsa/mldsa87_seed-only.der b/certs/mldsa/mldsa87_seed-only.der deleted file mode 100644 index 6ec75512b722643297a10afd19693e77cf6433d0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 54 zcmXpoVPa%3;AZ1YX!Br9WoBU(W>IQTINPAI_XAK?>rrRuO zho%|IxTU6;wa%WQ5wJqQlOs=JqJW~3uaYq9tqHkHSe$~CaxSf4Y++zxG+=8y(86LF z5Pih6g`tb7BcVsgLBN&a5ktZa2F(X<9nL#4lwEZNJXvA{1Qg9(1w{)3B;1rvwsw1P zHfR){#FbeyEX#m(Bvqv+AN#lb^GKxDEHhvK9T2g55Zf)X=1Ty}Kcn&cTXDW}VY zm(zKY%8Y;`E_s}ssY`?=Np^Zfsw7Hk1kP?rk=&9xVUvoYqRUAo)&~s*v$qKznbskE z!bf;Z!;B-XS1h!++c~F*BuFh!xFyjcG0l^UQ&m`4$9Y1p(6S6>$({uUj#tz?1eIGa zZfIayWN>0dYY$TbqpOhfp};3XoHw@UOlAq1z`($=O!K5$YY2m3634{Z+Y*JEc$6$P zBo!KkB-C0Cv@nP(a5H*Hs3|e2G77kPb_ub0v@`^WWeN!j&C%$3B9<_VY2r+KMUHfMP0Mkbmb!RGCX0h%_qN=H5|a*jqzZHD9XY`G=vZ%zi{5NC zwaFp{5e7NT%{h-|xOPlRJ?tVFDA4lQXhIZ6s;8MA_i@HxhqRlE8WdGp4;|utv?-Ho z>BProte$Q@2e!045NhIP$ZRy|>R6FDWeKO?_MRysTp|n(LK_Q&G+crjd>4puHc#;s zoT16NJmsWYgV5H3W(I>((>w(%6}a3p71i{FnK_h?PE_6?Fvo=@p+$9(Nsq`OPahA~ z?g^?cM>2&4auwWEJO%g|Jro{0^-h}5BjMtp;*>Pm$@54<4}+qRgka{Rwni3{qRGot zWQ=orcBDv(bslu^3{nXQUXdETXrkbf97YS?Ga`&4#vRh0K8gx~4^}ifnyK`h=Y%-~98^eSKAD%YF0~1`G*whq+ zRT2bvrX0vr5zoBTlFQ-Hd+~sQ;xvVj1B{HW9^FO`$w~|^CP`d7InOXP-QZ}O?4)ys zq4APH3y*Q4u!NBiV}askUTKjWZlNT>8HSuIHE)lYqT-T5;TE3YHi0MugDXk_LY^+o7J?Ur^1MVe6c0@dG0Bw?X1!^^!D6Ay z?dqA_;MhE+VahbtXtsh`Mut-aT9_>Ilvs>pIExl}s9o^j=`!=YX`(P`3d^ER42f!) z$=eVTyInx!gCo6zWzy1-3O%AoCpMbLyM zo&{`z9&R~v1e&^*IXq%eyfDLX(t*^OYypq9WD0I>P+r~{!q6psveBD^@zIIa8EOrU z4!S}tT0R=N!lFzvTM9Tu6&f_OCK@P7PiWvc(x{}`7A2yRxU403Nr#t6VH1;T<0L^Q zvyMg&2jS_iEQ)NLTPB>@rpd8A@kxiqzaWxn#Zs-=zJ+vPnjA!eS<6l`^hh-7m$A?-*9IS*=Unkm1IwTDpJps=H@D7_i6|EZX$f zNb>8?m&$h>)v|jl1G*-O`gAi$R6G&iSNHwr{B?h83d;=~9~N|8Km6&=H>FEGB|F`E zeAlko_4BME`;Q|$#Pbes=+d1lJ^zO3 zx+7Wa_mU;OAFzEAG(D)KUA3~Q+1tQVkjF>$X44~$Uq#DQ_ty1$>$YDuEBwTE$CO2> zYodtT+DkXss#%V|cp}$!A%nf>FSl3C8~!$Z@p8{++v|DveY(5*kMpo!fTJE~iwrjOX#~@)lWGD8lsLcG9)j%J;vIEKqnY-~VxL!|M6vX{&BZez~d6 zJL%FDhHd+P=&0}toSUE7u=ve^Xr^bUu19yaR9v5)d(Pj<(&y4WW1h}4H(Il8_xCNT z{;#&{q`l6Rm#^Q+zbh@iGBYdv_0QJJ)?Zz#bQWDMurhvo$U*i>@mEt_+b4(CvALgi z6y=e*Ua>hPKzpmJS=qsWV|)J{Tju-1Ke78y{M8pVWCF^y8maz~mb- z8a~qgMg|-!q$and@2ra9y7j;0e4@Id-Y16F=k^?so@#L0>+Ium2crV5w!C!aw9qb} zw{eQRV4G{f?1$!Y8~JJuWmm>u-#C@?$%MO&j%_n4;!nRgx;eWtKL-j%t2ySY_njc@Ae z_wzP3NWPn+-X%NhfzPT6gV{m?E^~Ki%Kl(fZqPrvXOZC^t%{>&cGLXlCH*;`{7@tN zn3fj5e|qDbS+e_0CK?LWcPO0UT()J2rJ20wcfFKT&LL;T-vnRr>y?2!y;WOTs}wB9-jy~qu(1a`RCTGSxU-Y`*u7E zp1bNt!0pM0Cp@^ZB_wHgu=UNEF0+iK?|K+Yvus&*#({ZXMwQG*wO_xzCdKSh3h%Wt z(eIshV(+o9tNtCF?(!mIQ`y5*A2FG2Cu?m~?rydCkR;Zi;dE)Oc9XYGPWtwZsy_d@ zZ++{W-m%{;B;v<`u-CPQYU{3EoBr9DG5yK9_&b^*e2=}QN=<%y9~+xpxZ!;@L7#_$IvjKU-eSq$ zy2|eMC4oQd-tTzVFx}^U*Xd%97D=B2`}a*|4&kUO^RRuk$zbu5_m_Tz73#CF ztka$`y+LqK_K~g9M~^311@7DYrv2yRre53ccV?(D>vJ46ueVf)+k4~Y%AT3(9ozr= zGRWKiO*|_;b<@*G=Oe$5npUl;Yzzrt-Eov>!PjNmqhJ0xet*H7-;8-aeGkvo%%AEZ zw8&0Uv6PbQhUjD!r76q2f_+Sb=ldzU#B{mmp%5D@_pAaWBKXV2Aq#Kar(DW{Z*SfvP0gabl1y-)CO>pw?R8b0Xyl^;H)?3i{bVGCok-&6sHbE5H0pRPrmpQifnKy+p5*`Bkx zDjqBecaPjPu1oBlSGzv#&FK$UGqprRELOZ`+$E4x>|``Czuhi9;i0qfGbd&~|2Iai zM^FBkKk-x2?5p>_wf`?INw@crUHaDlSdh@NaIvdDe#IU>%*V9tRX}9tlRD<#ck8Yt z9G)x^Qgfw)uQfVk!C}vM52cxAB5N}Jik zUiF=xxKeiSMX_I3JJO~-KBK$bF6j1;E#;=B$Ir{%V|>=xxao=P`_t1>kHzna`n5aWKgZ^sYm;tSNvAIfVKw<`axuC@=2WGOLCli}YLDX| z8wMt6@NJ(Lr@j4WDQoe!%l8&AI`GX@I4t>4uVxX8&e{A|CQ)zBt=H~8`F`2_zR4YN zJPWyf<)-ba6xFMlGyk`#`mXl|{@XO2A}4!HHY6e^w&om^WEv~qVkmQ zU(aNZx~=!8sBm04e%GgZ_eqhw1-A~gUDkYdWOBTzXu%PkH6It)Wh$i3n!h}(_^ZEi zwn&`DMHXT9#HmR?dCE+u?+DrYe(H>*UVqm^Ei87^N{&cqm^gdn-R1I<;+k6R=wMY5 z?zm}P|2er?C5c;{%2I6V=I+#GAK4|m;3COoGO_F6qVD$`u}+voebRVz&1JG=LD1Y5s( z<}SHs&;RLbH(4be(>!y#`$n0=MUl6!UwAIg-MHjzb(y{YeY0bhH!j#L-5=Y0Kl17K zr^3gTE(>Xu{qR}bmHKyv!p{F{iT2-5a&a7!G7I6Pmv=5k6rh!IjJ!17faOd)?Lk+*00Uj zUrn$JJYd1^l(4@c;=9;%b?0|EVS2x>H#9%3-;h`1&av|3jQjZ($5UUe3onV{RS^hhv&;$q}U(zv=pZ@P38kJEwKC-*nD>|WITtoz^W__ZPjw|#x) z!M^0zkNqxw4UTXAiBCUpZC_|fT$vV|@U_&ZTCDFF1vQ1T3TtkiR+`EA)-2@y7uK_N zLZN19p^_oik9^GRa;BK-?MlnJY~H`&UO0PRU+sZ8bCQy#yt*ada#2@J;^cX5!On%A zdsiO3wCc!C-U(_G19l!f#4_Q-!pohzGyblazsdN{z8l-79{d}%y!P7D+4qR0mp*Y z-1PpDR++r!MEt?Gq2HAv9g_FEhOE%)n!7_#O!`GqQdLX%m4Y~kAe@2d&l zv%23u3%vGTUaTi#RU!JM&MvX(<0Y?>&G|)cvR8$-tzWyjr{ognlHJAcNh)t+bnJNj<#1KA>ocC$7CiK;staj~IWzm7%Y%&TYLO0` z4o*A!E|{BPp7)YN-K_CDUwB3pgdWa$EfDyKM`LcmM{yJOzu#`$|EAD7(_&%B)YmJs E0J*Wb5C8xG From 26806cda7b0d9ce4d8f8bc4f55082087aa86aa03 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 30 Jul 2025 15:39:57 -0500 Subject: [PATCH 091/346] Revert "Support importing seed of ML-DSA key" This reverts commit a82d1a6b12f4e40e07c95a11f559e380cd05ffc1. --- tests/api/test_mldsa.c | 253 ++++++-------------------------------- tests/api/test_mldsa.h | 32 +++-- wolfcrypt/src/asn.c | 138 ++++++++------------- wolfcrypt/src/dilithium.c | 112 +++++++++-------- wolfssl/wolfcrypt/asn.h | 10 +- 5 files changed, 167 insertions(+), 378 deletions(-) diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 132b797c9..873a085c9 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -16658,219 +16658,7 @@ int test_wc_dilithium_verify_kats(void) return EXPECT_RESULT(); } -#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ - defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) -static struct { - const char* fileName; - byte level; - /* 0: Unsupported, 1: Supported*/ - int p8_lv; /* Support PKCS8 format with specifying level */ - int p8_nolv; /* Support PKCS8 format without specifying level */ - int trad_lv; /* Support traditional format with specifying level */ - int trad_nolv; /* Support traditional format without specifying level */ -} ossl_form[] = { - /* - * Generated test files with the following commands: - * openssl genpkey -outform DER -algorithm ${ALGO} \ - * -provparam ml-dsa.output_formats=${OUT_FORM} -out ${OUT_FILE} - */ - - /* ALGO=ML-DSA-44, OUT_FORM=seed-only, OUT_FILE=mldsa44_seed-only.der */ - {"certs/mldsa/mldsa44_seed-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, - /* ALGO=ML-DSA-44, OUT_FORM=priv-only, OUT_FILE=mldsa44_priv-only.der */ - {"certs/mldsa/mldsa44_priv-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, - /* ALGO=ML-DSA-44, OUT_FORM=seed-priv, OUT_FILE=mldsa44_seed-priv.der */ - {"certs/mldsa/mldsa44_seed-priv.der", WC_ML_DSA_44, 1, 1, 1, 0}, - /* ALGO=ML-DSA-44, OUT_FORM=oqskeypair, OUT_FILE=mldsa44_oqskeypair.der */ - {"certs/mldsa/mldsa44_oqskeypair.der", WC_ML_DSA_44, 1, 1, 1, 0}, - /* ALGO=ML-DSA-44, OUT_FORM=bare-seed, OUT_FILE=mldsa44_bare-seed.der */ - {"certs/mldsa/mldsa44_bare-seed.der", WC_ML_DSA_44, 0, 0, 0, 0}, - /* ALGO=ML-DSA-44, OUT_FORM=bare-priv, OUT_FILE=mldsa44_bare-priv.der */ - {"certs/mldsa/mldsa44_bare-priv.der", WC_ML_DSA_44, 0, 0, 0, 0}, - /* ALGO=ML-DSA-65, OUT_FORM=seed-only, OUT_FILE=mldsa65_seed-only.der */ - {"certs/mldsa/mldsa65_seed-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, - /* ALGO=ML-DSA-65, OUT_FORM=priv-only, OUT_FILE=mldsa65_priv-only.der */ - {"certs/mldsa/mldsa65_priv-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, - /* ALGO=ML-DSA-65, OUT_FORM=seed-priv, OUT_FILE=mldsa65_seed-priv.der */ - {"certs/mldsa/mldsa65_seed-priv.der", WC_ML_DSA_65, 1, 1, 1, 0}, - /* ALGO=ML-DSA-65, OUT_FORM=oqskeypair, OUT_FILE=mldsa65_oqskeypair.der */ - {"certs/mldsa/mldsa65_oqskeypair.der", WC_ML_DSA_65, 1, 1, 1, 0}, - /* ALGO=ML-DSA-65, OUT_FORM=bare-seed, OUT_FILE=mldsa65_bare-seed.der */ - {"certs/mldsa/mldsa65_bare-seed.der", WC_ML_DSA_65, 0, 0, 0, 0}, - /* ALGO=ML-DSA-65, OUT_FORM=bare-priv, OUT_FILE=mldsa65_bare-priv.der */ - {"certs/mldsa/mldsa65_bare-priv.der", WC_ML_DSA_65, 0, 0, 0, 0}, - /* ALGO=ML-DSA-87, OUT_FORM=seed-only, OUT_FILE=mldsa87_seed-only.der */ - {"certs/mldsa/mldsa87_seed-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, - /* ALGO=ML-DSA-87, OUT_FORM=priv-only, OUT_FILE=mldsa87_priv-only.der */ - {"certs/mldsa/mldsa87_priv-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, - /* ALGO=ML-DSA-87, OUT_FORM=seed-priv, OUT_FILE=mldsa87_seed-priv.der */ - {"certs/mldsa/mldsa87_seed-priv.der", WC_ML_DSA_87, 1, 1, 1, 0}, - /* ALGO=ML-DSA-87, OUT_FORM=oqskeypair, OUT_FILE=mldsa87_oqskeypair.der */ - {"certs/mldsa/mldsa87_oqskeypair.der", WC_ML_DSA_87, 1, 1, 1, 0}, - /* ALGO=ML-DSA-87, OUT_FORM=bare-seed, OUT_FILE=mldsa87_bare-seed.der */ - {"certs/mldsa/mldsa87_bare-seed.der", WC_ML_DSA_87, 0, 0, 0, 0}, - /* ALGO=ML-DSA-87, OUT_FORM=bare-priv, OUT_FILE=mldsa87_bare-priv.der */ - {"certs/mldsa/mldsa87_bare-priv.der", WC_ML_DSA_87, 0, 0, 0, 0} -}; -#endif - -int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void) -{ - EXPECT_DECLS; - -#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ - defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) - - byte* der = NULL; - size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; - size_t derSz = 0; - FILE* fp = NULL; - word32 inOutIdx = 0; - word32 inOutIdx2 = 0; - dilithium_key key; - int expect = 0; - int pkeySz = 0; - byte level = 0; - - ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER)); - - for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { - ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); - ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); - ExpectIntEQ(XFCLOSE(fp), 0); - - /* Specify a level with PKCS8 format */ - XMEMSET(&key, 0, sizeof(key)); - ExpectIntEQ(wc_dilithium_init(&key), 0); - ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); - inOutIdx = 0; - expect = ossl_form[i].p8_lv ? 0 : ASN_PARSE_E; - ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, - (word32)derSz), expect); - if (expect == 0) { - ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); - ExpectIntEQ(level, ossl_form[i].level); - } - wc_dilithium_free(&key); - - /* Not specify a level with PKCS8 format */ - XMEMSET(&key, 0, sizeof(key)); - ExpectIntEQ(wc_dilithium_init(&key), 0); - inOutIdx = 0; - expect = ossl_form[i].p8_nolv ? 0 : ASN_PARSE_E; - ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, - (word32)derSz), expect); - if (expect == 0) { - ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); - ExpectIntEQ(level, ossl_form[i].level); - } - wc_dilithium_free(&key); - - /* Specify a level with traditional format */ - XMEMSET(&key, 0, sizeof(key)); - ExpectIntEQ(wc_dilithium_init(&key), 0); - ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); - inOutIdx = 0; - expect = ossl_form[i].trad_lv ? 0 : ASN_PARSE_E; - ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, - (word32)derSz), 0); - inOutIdx2 = 0; - ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, - &key, (word32)pkeySz), expect); - if (expect == 0) { - ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); - ExpectIntEQ(level, ossl_form[i].level); - } - wc_dilithium_free(&key); - - /* Not specify a level with traditional format */ - XMEMSET(&key, 0, sizeof(key)); - ExpectIntEQ(wc_dilithium_init(&key), 0); - inOutIdx = 0; - expect = ossl_form[i].trad_nolv ? 0 : ASN_PARSE_E; - ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, - (word32)derSz), 0); - inOutIdx2 = 0; - ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, - &key, (word32)pkeySz), expect); - if (expect == 0) { - ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); - ExpectIntEQ(level, ossl_form[i].level); - } - wc_dilithium_free(&key); - } - - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - return EXPECT_RESULT(); -} - -int test_mldsa_pkcs8_import_OpenSSL_form(void) -{ - EXPECT_DECLS; -#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ - defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) && \ - !defined(NO_TLS) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) - - byte* der = NULL; - size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; - size_t derSz = 0; - WOLFSSL_CTX* ctx = NULL; - FILE* fp = NULL; -#ifdef WOLFSSL_DER_TO_PEM - byte* pem = NULL; - size_t pemMaxSz = ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE; - size_t pemSz = 0; -#endif /* WOLFSSL_DER_TO_PEM */ - int expect = 0; - - ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER)); -#ifdef WOLFSSL_DER_TO_PEM - ExpectNotNull(pem = (byte*) XMALLOC(pemMaxSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER)); -#endif /* WOLFSSL_DER_TO_PEM */ - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#endif /* NO_WOLFSSL_SERVER */ - - for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { - ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); - ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); - ExpectIntEQ(XFCLOSE(fp), 0); - - /* DER */ - expect = ossl_form[i].p8_nolv ? WOLFSSL_SUCCESS : WOLFSSL_BAD_FILE; - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1), expect); - -#ifdef WOLFSSL_DER_TO_PEM - /* PEM */ - ExpectIntGT(pemSz = wc_DerToPem(der, (word32)derSz, pem, - (word32)pemMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); - expect = ossl_form[i].p8_nolv ? WOLFSSL_SUCCESS : ASN_PARSE_E; - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz, - WOLFSSL_FILETYPE_PEM), expect); -#endif /* WOLFSSL_DER_TO_PEM */ - } - - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef WOLFSSL_DER_TO_PEM - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_DER_TO_PEM */ -#endif - return EXPECT_RESULT(); -} - -int test_mldsa_pkcs8_export_import_wolfSSL_form(void) +int test_mldsa_pkcs8(void) { EXPECT_DECLS; #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ @@ -16888,8 +16676,10 @@ int test_mldsa_pkcs8_export_import_wolfSSL_form(void) byte* temp = NULL; /* Store PEM or intermediate key */ word32 derSz = 0; word32 pemSz = 0; + word32 keySz = 0; dilithium_key mldsa_key; WC_RNG rng; + word32 size; int ret; struct { @@ -16956,6 +16746,43 @@ int test_mldsa_pkcs8_export_import_wolfSSL_form(void) ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, + PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + /* Test private + public key (integrated format) */ + for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), + 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + if (EXPECT_FAIL()) + break; + + keySz = 0; + temp[0] = 0x04; /* ASN.1 OCTET STRING */ + temp[1] = 0x82; /* 2 bytes length field */ + temp[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */ + temp[3] = test_variant[i].keySz & 0xff; /* LSB of the length */ + keySz += 4; + size = tempMaxSz - keySz; + ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz, + &size), 0); + keySz += size; + size = tempMaxSz - keySz; + ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size), + 0); + keySz += size; + derSz = derMaxSz; + ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz, + test_variant[i].oidSum, NULL, 0), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_DER_TO_PEM ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); diff --git a/tests/api/test_mldsa.h b/tests/api/test_mldsa.h index 488c3a2b3..d1322e571 100644 --- a/tests/api/test_mldsa.h +++ b/tests/api/test_mldsa.h @@ -35,26 +35,22 @@ int test_wc_dilithium_der(void); int test_wc_dilithium_make_key_from_seed(void); int test_wc_dilithium_sig_kats(void); int test_wc_dilithium_verify_kats(void); -int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void); -int test_mldsa_pkcs8_import_OpenSSL_form(void); -int test_mldsa_pkcs8_export_import_wolfSSL_form(void); +int test_mldsa_pkcs8(void); int test_mldsa_pkcs12(void); -#define TEST_MLDSA_DECLS \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ - TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \ - TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \ - TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form), \ +#define TEST_MLDSA_DECLS \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8), \ TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12) #endif /* WOLFCRYPT_TEST_MLDSA_H */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5daa44312..bea0cd351 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -36991,7 +36991,6 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, /* ASN.1 template for a general asymmetric private key: Ed25519, Ed448, * falcon, dilithium, etc. * RFC 8410, 7 - Private Key Format (but public value is EXPLICIT OCTET_STRING) - * Check draft-ietf-lamps-dilithium-certificates of draft RFC also. */ static const ASNItem privateKeyASN[] = { /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, @@ -37002,13 +37001,9 @@ static const ASNItem privateKeyASN[] = { /* PKEYALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 1 }, /* privateKey */ /* PKEY */ { 1, ASN_OCTET_STRING, 0, 1, 0 }, - /* CurvePrivateKey */ + /* CurvePrivateKey */ /* PKEY_CURVEPKEY */ { 2, ASN_OCTET_STRING, 0, 0, 2 }, -/* PKEY_SEED_ONLY */ { 2, ASN_CONTEXT_SPECIFIC | ASN_PKEY_SEED, - 0, 0, 2 }, -/* PKEY_BOTH_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 2 }, -/* PKEY_BOTH_SEED */ { 3, ASN_OCTET_STRING, 0, 0, 0 }, -/* PKEY_BOTH_KEY */ { 3, ASN_OCTET_STRING, 0, 0, 0 }, +/* PKEY_MLDSASEQ */ { 2, ASN_SEQUENCE, 1, 0, 2 }, /* attributes */ /* ATTRS */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_ATTRS, 1, 1, 1 }, /* publicKey */ @@ -37021,10 +37016,7 @@ enum { PRIVKEYASN_IDX_PKEYALGO_OID, PRIVKEYASN_IDX_PKEY, PRIVKEYASN_IDX_PKEY_CURVEPKEY, - PRIVKEYASN_IDX_PKEY_SEED_ONLY, - PRIVKEYASN_IDX_PKEY_BOTH_SEQ, - PRIVKEYASN_IDX_PKEY_BOTH_SEED, - PRIVKEYASN_IDX_PKEY_BOTH_KEY, + PRIVKEYASN_IDX_PKEY_MLDSASEQ, PRIVKEYASN_IDX_ATTRS, PRIVKEYASN_IDX_PUBKEY }; @@ -37041,11 +37033,9 @@ enum { int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, - const byte** seed, word32* seedLen, const byte** privKey, word32* privKeyLen, const byte** pubKey, word32* pubKeyLen, int* inOutKeyType) { - int allowSeed = 0; #ifndef WOLFSSL_ASN_TEMPLATE word32 oid; int version, length, endKeyIdx, privSz, pubSz; @@ -37058,27 +37048,14 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, #endif if (input == NULL || inOutIdx == NULL || inSz == 0 || - privKey == NULL || privKeyLen == NULL || - pubKey == NULL || pubKeyLen == NULL || - inOutKeyType == NULL) { + privKey == NULL || privKeyLen == NULL || inOutKeyType == NULL) { #ifdef WOLFSSL_ASN_TEMPLATE FREE_ASNGETDATA(dataASN, NULL); #endif return BAD_FUNC_ARG; } - if ((seed == NULL && seedLen != NULL) || - (seed != NULL && seedLen == NULL)) { - return BAD_FUNC_ARG; - } - - allowSeed = (seed != NULL && seedLen != NULL); #ifndef WOLFSSL_ASN_TEMPLATE - /* The seed can't be parsed without WOLF_ASN_TEMPLATE */ - if (allowSeed) { - return ASN_PARSE_E; - } - if (GetSequence(input, inOutIdx, &length, inSz) >= 0) { endKeyIdx = (int)*inOutIdx + length; @@ -37106,7 +37083,13 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, return ASN_PARSE_E; if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) { - return ASN_PARSE_E; + if (oid != ML_DSA_LEVEL2k && oid != ML_DSA_LEVEL3k && + oid != ML_DSA_LEVEL5k) { + return ASN_PARSE_E; + } + if (GetSequence(input, inOutIdx, &privSz, inSz) < 0) { + return ASN_PARSE_E; + } } priv = input + *inOutIdx; @@ -37167,70 +37150,54 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, } /* Parse full private key. */ - ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1, - input, inOutIdx, inSz); - if (ret == 0) { - /* Store detected OID if requested */ - if (ret == 0 && *inOutKeyType == ANONk) { - *inOutKeyType = - (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum; - } - } - /* Parse traditional format (a part of full private key). */ - else if (ret != 0) { + ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1, input, + inOutIdx, inSz); + if (ret != 0) { + /* Parse just the OCTET_STRING. */ ret = GetASN_Items(&privateKeyASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], - &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], - PRIVKEYASN_IDX_ATTRS - PRIVKEYASN_IDX_PKEY_CURVEPKEY, 0, - input, inOutIdx, inSz); + &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], 1, 0, input, + inOutIdx, inSz); if (ret != 0) { ret = ASN_PARSE_E; } } + + /* Store detected OID if requested */ + if (ret == 0 && *inOutKeyType == ANONk) { + *inOutKeyType = + (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum; + } } - if (ret == 0) { - /* priv-only */ - if (dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { - if (allowSeed) { - *seedLen = 0; - *seed = NULL; - } - *privKeyLen - = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; - *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; - } - /* seed-only */ - else if (allowSeed && - dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length != 0) { - *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length; - *seed = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.data; - *privKeyLen = 0; - *privKey = NULL; - } - /* seed-priv */ - else if (allowSeed && - dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEQ].data.ref.length != 0) { - *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.length; - *seed = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.data; - *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.length; - *privKey = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.data; - } - else { + if (ret == 0 && dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { + /* Import private value. */ + *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; + } + else if (ret == 0 && + dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length != 0) { + if (*inOutKeyType != ML_DSA_LEVEL2k && + *inOutKeyType != ML_DSA_LEVEL3k && + *inOutKeyType != ML_DSA_LEVEL5k) { ret = ASN_PARSE_E; } - } - - if (ret == 0) { - if (dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length != 0) { - /* Import public value. */ - *pubKeyLen = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length; - *pubKey = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.data; - } else { - /* Set public length to 0 as not seen. */ - *pubKeyLen = 0; - *pubKey = NULL; + /* Import private value. */ + *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.data; } } + if ((ret == 0) && dataASN[PRIVKEYASN_IDX_PUBKEY].tag == 0) { + /* Set public length to 0 as not seen. */ + if (pubKeyLen != NULL) + *pubKeyLen = 0; + } + else if (ret == 0) { + /* Import public value. */ + if (pubKeyLen != NULL) + *pubKeyLen = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length; + if (pubKey != NULL && pubKeyLen != NULL) + *pubKey = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.data; + } FREE_ASNGETDATA(dataASN, NULL); return ret; @@ -37252,8 +37219,8 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, } if (ret == 0) { - ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, NULL, NULL, - &privKeyPtr, &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType); + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr, + &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType); } if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) { ret = BUFFER_E; @@ -37639,11 +37606,10 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, oidKeyType); /* Leave space for private key. */ SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); - /* Don't write ML-DSA specific things. */ - SetASNItem_NoOut(dataASN, PRIVKEYASN_IDX_PKEY_SEED_ONLY, - PRIVKEYASN_IDX_ATTRS); /* Don't write out attributes. */ dataASN[PRIVKEYASN_IDX_ATTRS].noOut = 1; + /* Don't write sequence. */ + dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].noOut = 1; if (pubKey) { /* Leave space for public key. */ SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PUBKEY], NULL, pubKeyLen); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index ea0219c48..ac8e5d810 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9659,6 +9659,31 @@ int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) { #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) +/* OCT OCT */ +#define ALT_PRIV_DER_PREFIX (2 + 32 + 4) +/* SEQ [ OCT OCT ] */ +#define ALT_PRIV_DER_PREFIX_SEQ (4 + 2 + 32 + 4) + +/* Get the private only key size for the ML-DSA level/parameter id. + * + * @param [in] level Level of the ML-DSA key. + * @return Private key only encoding size for key level on success. + * @return 0 on failure. + */ +static word32 dilithium_get_priv_size(int level) +{ + switch (level) { + case WC_ML_DSA_44: + return ML_DSA_LEVEL2_KEY_SIZE; + case WC_ML_DSA_65: + return ML_DSA_LEVEL3_KEY_SIZE; + case WC_ML_DSA_87: + return ML_DSA_LEVEL5_KEY_SIZE; + default: + return 0; + } +} + /* Decode the DER encoded Dilithium key. * * @param [in] input Array holding DER encoded data. @@ -9683,14 +9708,11 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz) { int ret = 0; - const byte* seed = NULL; const byte* privKey = NULL; const byte* pubKey = NULL; - word32 seedLen = 0; word32 privKeyLen = 0; word32 pubKeyLen = 0; int keyType = 0; - int autoKeyType = ANONk; /* Validate parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { @@ -9734,45 +9756,34 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Decode the asymmetric key and get out private and public key data. */ -#ifndef WOLFSSL_ASN_TEMPLATE ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, - NULL, NULL, &privKey, &privKeyLen, - &pubKey, &pubKeyLen, &autoKeyType); -#else - ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, - &seed, &seedLen, - &privKey, &privKeyLen, - &pubKey, &pubKeyLen, &autoKeyType); -#endif /* WOLFSSL_ASN_TEMPLATE */ - } - - if (ret == 0) { - if (keyType == ANONk && autoKeyType != ANONk) { + &pubKey, &pubKeyLen, &keyType); + if (ret == 0 +#ifdef WOLFSSL_WC_DILITHIUM + && key->params == NULL +#endif + ) { /* Set the security level based on the decoded key. */ - ret = mapOidToSecLevel(autoKeyType); + ret = mapOidToSecLevel(keyType); if (ret > 0) { ret = wc_dilithium_set_level(key, (byte)ret); } } - else if (keyType != ANONk && autoKeyType != ANONk) { - if (keyType == autoKeyType) + /* If it failed to decode try alternative DER encoding. */ + else if (ret != 0) { + word32 levelSize = dilithium_get_priv_size(key->level); + privKey = input + *inOutIdx; + privKeyLen = inSz - *inOutIdx; + + /* Check for an alternative DER encoding. */ + if (privKeyLen == ALT_PRIV_DER_PREFIX_SEQ + levelSize) { + privKey += ALT_PRIV_DER_PREFIX_SEQ; + privKeyLen -= ALT_PRIV_DER_PREFIX_SEQ; ret = 0; - else - ret = ASN_PARSE_E; - } - else if (keyType != ANONk && autoKeyType == ANONk) { - ret = 0; - } - else { /* keyType == ANONk && autoKeyType == ANONk */ - /* - * When decoding traditional format with not specifying a level will - * cause this error. - */ - ret = ASN_PARSE_E; + } } } - if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { /* Check if the public key is included in the private key. */ #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) @@ -9817,39 +9828,32 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE; } + else { + word32 levelSize = dilithium_get_priv_size(key->level); + + if (privKeyLen == ALT_PRIV_DER_PREFIX + levelSize) { + privKey += ALT_PRIV_DER_PREFIX; + privKeyLen -= ALT_PRIV_DER_PREFIX; + } + } } if (ret == 0) { - /* Generate a key pair if seed exists and decoded key pair is ignored */ - if (seedLen != 0) { -#if defined(WOLFSSL_WC_DILITHIUM) - if (seedLen == DILITHIUM_SEED_SZ) { - ret = wc_dilithium_make_key_from_seed(key, seed); - } - else { - ret = ASN_PARSE_E; - } -#else - ret = NOT_COMPILED_IN; + /* Check whether public key data was found. */ +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) + if (pubKeyLen == 0) #endif + { + /* No public key data, only import private key data. */ + ret = wc_dilithium_import_private(privKey, privKeyLen, key); } #if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) - /* Check whether public key data was found. */ - else if (pubKeyLen != 0 && privKeyLen != 0) { + else { /* Import private and public key data. */ ret = wc_dilithium_import_key(privKey, privKeyLen, pubKey, pubKeyLen, key); } #endif - else if (pubKeyLen == 0 && privKeyLen != 0) - { - /* No public key data, only import private key data. */ - ret = wc_dilithium_import_private(privKey, privKeyLen, key); - } - else { - /* Not a problem of ASN.1 structure, but the contents is invalid */ - ret = ASN_PARSE_E; - } } (void)pubKey; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 74a849fbc..2657bbc06 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -204,10 +204,7 @@ enum ASN_Tags { /* OneAsymmetricKey Fields */ ASN_ASYMKEY_ATTRS = 0x00, - ASN_ASYMKEY_PUBKEY = 0x01, - - /* PKEY Fields */ - ASN_PKEY_SEED = 0x00 + ASN_ASYMKEY_PUBKEY = 0x01 }; /* NOTE: If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified @@ -2730,9 +2727,8 @@ WOLFSSL_LOCAL int VerifyX509Acert(const byte* cert, word32 certSz, || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \ || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)) WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, - word32 inSz, const byte** seed, word32* seedLen, const byte** privKey, - word32* privKeyLen, const byte** pubKey, word32* pubKeyLen, - int* inOutKeyType); + word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey, + word32* pubKeyLen, int* inOutKeyType); WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey, From 6a01122c476e89e78319d77d8b69aa6f802cd246 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 30 Jul 2025 14:50:44 -0600 Subject: [PATCH 092/346] add static memory doxygen comments for APIs --- doc/dox_comments/header_files/memory.h | 219 +++++++++++++++++++++++++ 1 file changed, 219 insertions(+) diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h index fbc2172fc..4a869a9a3 100644 --- a/doc/dox_comments/header_files/memory.h +++ b/doc/dox_comments/header_files/memory.h @@ -409,3 +409,222 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats); */ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz, int flag, int max); + +/*! + \ingroup Memory + + \brief This function is used to set aside static memory for wolfCrypt use with custom + bucket sizes and distributions. Memory can be used by passing the created heap hint + into functions. This extended version allows for custom bucket sizes and distributions + instead of using the default predefined sizes. + + \return If successful, 0 will be returned. + \return All unsuccessful return values will be less than 0. + + \param hint WOLFSSL_HEAP_HINT structure to use + \param buf memory to use for all operations. + \param sz size of memory buffer being passed in. + \param flag type of memory. + \param max max concurrent operations (handshakes, IO). + \param bucket_sizes array of bucket sizes to use + \param bucket_count number of bucket sizes in the array + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS; + word16 bucket_sizes[] = {64, 128, 256, 512, 1024}; + int bucket_count = 5; + ... + + // load in memory for use with custom bucket sizes + + ret = wc_LoadStaticMemory_ex(&hint, memory, memorySz, flag, 0, + bucket_sizes, bucket_count); + if (ret != SSL_SUCCESS) { + // handle error case + } + ... + + ret = wc_InitRng_ex(&rng, hint, 0); + + // check ret value + \endcode + + \sa wc_LoadStaticMemory + \sa wc_UnloadStaticMemory +*/ +int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz, + int flag, int max, word16* bucket_sizes, int bucket_count); + +/*! + \ingroup Memory + + \brief This function sets a global heap hint that will be used when NULL heap hint + is passed to memory allocation functions. This allows for setting a default heap + hint that will be used across the entire application. + + \return Returns the previous global heap hint that was set. + + \param hint WOLFSSL_HEAP_HINT structure to use as the global heap hint + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + WOLFSSL_HEAP_HINT* prev_hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + ... + + // load in memory for use + ret = wc_LoadStaticMemory(&hint, memory, memorySz, WOLFMEM_GENERAL, 0); + if (ret != SSL_SUCCESS) { + // handle error case + } + + // set as global heap hint + prev_hint = wolfSSL_SetGlobalHeapHint(&hint); + if (prev_hint != NULL) { + // there was a previous global heap hint + } + \endcode + + \sa wolfSSL_GetGlobalHeapHint + \sa wc_LoadStaticMemory +*/ +WOLFSSL_HEAP_HINT* wolfSSL_SetGlobalHeapHint(WOLFSSL_HEAP_HINT* hint); + +/*! + \ingroup Memory + + \brief This function gets the current global heap hint that is used when NULL + heap hint is passed to memory allocation functions. + + \return Returns the current global heap hint, or NULL if none is set. + + \param none No parameters. + + _Example_ + \code + WOLFSSL_HEAP_HINT* current_hint; + ... + + current_hint = wolfSSL_GetGlobalHeapHint(); + if (current_hint != NULL) { + // there is a global heap hint set + // can use current_hint for operations + } + \endcode + + \sa wolfSSL_SetGlobalHeapHint + \sa wc_LoadStaticMemory +*/ +WOLFSSL_HEAP_HINT* wolfSSL_GetGlobalHeapHint(void); + +/*! + \ingroup Memory + + \brief This function sets a debug callback function for static memory allocation + tracking. Used with WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK build option. The callback + function will be called during memory allocation and deallocation operations to + provide debugging information. + + \return If successful, 0 will be returned. + \return All unsuccessful return values will be less than 0. + + \param cb debug callback function to set + + _Example_ + \code + static void debug_memory_cb(const char* func, const char* file, int line, + void* ptr, size_t size, int type) + { + printf("Memory %s: %s:%d ptr=%p size=%zu type=%d\n", + func, file, line, ptr, size, type); + } + ... + + // set debug callback + int ret = wolfSSL_SetDebugMemoryCb(debug_memory_cb); + if (ret != 0) { + // handle error case + } + \endcode + + \sa none +*/ +int wolfSSL_SetDebugMemoryCb(wolfSSL_DebugMemoryCb cb); + +/*! + \ingroup Memory + + \brief This function frees static memory heap and associated mutex. Should be + called when done using static memory allocation to properly clean up resources. + + \return If successful, 0 will be returned. + \return All unsuccessful return values will be less than 0. + + \param hint WOLFSSL_HEAP_HINT structure to unload + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + ... + + // load in memory for use + ret = wc_LoadStaticMemory(&hint, memory, memorySz, WOLFMEM_GENERAL, 0); + if (ret != SSL_SUCCESS) { + // handle error case + } + + // use memory for operations + ... + + // cleanup when done + ret = wc_UnloadStaticMemory(&hint); + if (ret != 0) { + // handle error case + } + \endcode + + \sa wc_LoadStaticMemory + \sa wc_LoadStaticMemory_ex +*/ +int wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* hint); + +/*! + \ingroup Memory + + \brief This function calculates the required buffer size for static memory allocation + with custom bucket sizes and distributions. This extended version allows for custom + bucket sizes instead of using the default predefined sizes. + + \return On successfully completing buffer size calculations a positive value is returned. + \return All negative values are considered to be error cases. + + \param bucket_sizes array of bucket sizes to use + \param bucket_count number of bucket sizes in the array + \param flag desired type of memory ie WOLFMEM_GENERAL or WOLFMEM_IO_POOL + + _Example_ + \code + word16 bucket_sizes[] = {64, 128, 256, 512, 1024}; + int bucket_count = 5; + int optimum; + optimum = wolfSSL_StaticBufferSz_ex(bucket_sizes, bucket_count, WOLFMEM_GENERAL); + if (optimum < 0) { //handle error case } + printf("The optimum buffer size with custom buckets is %d\n", optimum); + ... + \endcode + + \sa wolfSSL_StaticBufferSz + \sa wc_LoadStaticMemory_ex +*/ +int wolfSSL_StaticBufferSz_ex(word16* bucket_sizes, int bucket_count, int flag); From ee4e511a010a661a88ac351a11e663016439a583 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 30 Jul 2025 17:02:23 -0600 Subject: [PATCH 093/346] remove trailing white spaces --- doc/dox_comments/header_files/memory.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h index 4a869a9a3..328004d93 100644 --- a/doc/dox_comments/header_files/memory.h +++ b/doc/dox_comments/header_files/memory.h @@ -442,7 +442,7 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned in // load in memory for use with custom bucket sizes - ret = wc_LoadStaticMemory_ex(&hint, memory, memorySz, flag, 0, + ret = wc_LoadStaticMemory_ex(&hint, memory, memorySz, flag, 0, bucket_sizes, bucket_count); if (ret != SSL_SUCCESS) { // handle error case @@ -543,7 +543,7 @@ WOLFSSL_HEAP_HINT* wolfSSL_GetGlobalHeapHint(void); static void debug_memory_cb(const char* func, const char* file, int line, void* ptr, size_t size, int type) { - printf("Memory %s: %s:%d ptr=%p size=%zu type=%d\n", + printf("Memory %s: %s:%d ptr=%p size=%zu type=%d\n", func, file, line, ptr, size, type); } ... From 9b7caac3efe05bacaea35423c98e788daa1ce7d0 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 26 Jul 2025 18:35:44 +0900 Subject: [PATCH 094/346] Update RZ examples - Use xSPI0 boot mode - Update FSP from v1.3 to v2.0.0 - Simplify UART - Migrate new User Ctx - Update README - Fix SCE TLS on RA6M4 --- IDE/Renesas/e2studio/RZN2L/README.md | 182 ++++++++++--- .../e2studio/RZN2L/common/user_settings.h | 6 + IDE/Renesas/e2studio/RZN2L/include.am | 2 +- IDE/Renesas/e2studio/RZN2L/test/.cproject | 83 +++++- .../RZN2L/test/script/fsp_ram_execution.ld | 243 ------------------ .../RZN2L/test/src/local_system_init.c | 54 ++++ .../RZN2L/test/src/rzn2l_tst_thread_entry.c | 106 ++++---- .../RZN2L/test/src/serial_io/.gitignore | 2 - .../RZN2L/test/src/serial_io/app_print.c | 83 ++++++ .../test/src/test/wolfssl_rsip_unit_test.c | 41 +-- .../e2studio/RZN2L/test/src/wolfssl_dummy.c | 25 +- wolfcrypt/src/port/Renesas/renesas_common.c | 89 +++++-- .../src/port/Renesas/renesas_fspsm_aes.c | 178 +++++++++++-- .../src/port/Renesas/renesas_fspsm_sha.c | 142 +++++++++- .../src/port/Renesas/renesas_fspsm_util.c | 5 + .../src/port/Renesas/renesas_tsip_util.c | 2 +- wolfcrypt/src/sha.c | 1 + wolfcrypt/src/sha256.c | 3 +- wolfcrypt/src/sha512.c | 6 +- wolfcrypt/test/test.c | 2 +- .../port/Renesas/renesas-fspsm-crypt.h | 6 +- .../port/Renesas/renesas-fspsm-types.h | 17 +- .../port/Renesas/renesas_fspsm_internal.h | 15 +- wolfssl/wolfcrypt/sha.h | 2 +- 24 files changed, 870 insertions(+), 425 deletions(-) delete mode 100644 IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld create mode 100644 IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c delete mode 100644 IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore create mode 100644 IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c diff --git a/IDE/Renesas/e2studio/RZN2L/README.md b/IDE/Renesas/e2studio/RZN2L/README.md index c53605b79..40fc58522 100644 --- a/IDE/Renesas/e2studio/RZN2L/README.md +++ b/IDE/Renesas/e2studio/RZN2L/README.md @@ -21,37 +21,49 @@ The example project summary is listed below and is relevant for every project. ### Project Summary |Item|Name/Version| |:--|:--| +|e2Studio|2025-04.1 (25.4.1)| |Board|RZN2L| |Device|R9A07G084M08GBG| |Toolchain|GCC for Renesas RZ| |Toolchain Version|10.3.1.20210824| -|FSP Version|1.2.0| +|FSP Version|2.0.0| #### Selected software components |Components|Version|Note| |:--|:--|:--| -|Board Support Package Common Files|v1.20|| -|I/O Port|v1.2.0|| -|Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1|| -|Board support package for R9A07G084M04GBG|v1.2.0|Note1| -|Board support package for RZN2L|v1.2.0|| -|Board support package for RZN2L - FSP Data|v1.2.0|| -|RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0|| -|FreeRTOS - Buffer Allocation 2|v1.2.0|| -|FreeRTOS - Memory Management - Heap 4|v1.2.0|| -|FreeRTOS+TCP|v1.2.0|| -|Ethernet PHY |v1.2.0|| -|Ethernet Selector|v1.2.0|| -|Ethernet|v1.2.0|| -|Ethernet Switch|v1.2.0|| -|SCI UART|v1.2.0|| -|r_ether to FreeRTOS+TCP Wrapper|v1.2.0|| -|Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| -|RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| +|Board Support Package Common Files|v2.0.0|| +|I/O Port|v2.0.0|| +|Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1.fsp.2.0.0|| +|Board support package for R9A07G084M04GBG|v2.0.0|Note1| +|Board support package for RZN2L|v2.0.0|| +|Board support package for RZN2L - FSP Data|v2.0.0|| +|RSK+RZN2L Board Support Files (xSPI0 x1 boot mode)|v2.0.0|| +|FreeRTOS - Buffer Allocation 2|v2.0.0|| +|FreeRTOS - Memory Management - Heap 4|v2.0.0|| +|FreeRTOS+TCP|v2.0.0|| +|Ethernet PHY |v2.0.0|| +|Ethernet Selector|v2.0.0|| +|Ethernet|v2.0.0|| +|Ethernet Switch|v2.0.0|| +|SCI UART|v2.0.0|| +|r_ether to FreeRTOS+TCP Wrapper|v2.0.0|| +|Renesas Secure IP Driver|v1.5.0+fsp.1.3.0|| +|RSIP Engine for RZ/N2L|v1.5.0+fsp.1.3.0|| Note1:\ - To use RSIP driver, a device type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue. + To use RSIP driver, a device type should be `R9A07G084M08GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue. + +## Board Settings +This example program uses `xSPI0 boot`. Therefore, the board's switch and jumper settings required to run the sample program from external flash are shown below. For details on each setting, see the Renesas Starter Kit+ for RZN2L User's Manual. + +|Project|SW4-1|SW4-2|SW4-3|SW4-4|SW4-7| +|:--|:--|:--|:--|:--|:--| +|xSPI0 boot mode|ON|ON|ON|ON|OFF| + +|Project|CN8|CN24| +|:--|:--|:--| +|xSPI0 boot mode|Short 2-3|Short2-3| ## Setup Steps and Build wolfSSL Library @@ -63,7 +75,7 @@ Note1:\ + Click File->New->`RZ/N C/C++ FSP Project`. + Enter project name `dummy_application`. -+ Select Board: to `RSK+RZN2L (RAM execution without flash memory)`. ++ Select Board: to `RSK+RZN2L (xSPI0 x1 boot mode)`. + Select Device: to `R9A07G084M04GBG`. Click Next. + Check to `Executable` + Select FreeRTOS from RTOS selection. Click Finish. @@ -93,31 +105,125 @@ Note1:\ + Click `Generate Project Content` on FSP configuration GUI 3.) Prepare UART to logging - -+ Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk) ++ Download Example packages from [RZ/N2L Group Example program](https://www.renesas.com/us/en/document/scd/rzn2l-group-example-program?r=1622651) and unzip the archived file. ++ unzip RZN2L_RSK_sci_uart_Rev200.zip ++ unzip RZN2L_RSK_sci_uart_Rev200/basis/gcc/RZN2L_RSK_sci_uart_Rev200a.zip ++ + Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`\ -um_serial_io_uart.c\ -um_serial_io_task_writer.c\ -um_serial_io_cfg.h\ -um_common_api.h\ -um_common_cfg.h\ -um_serial_io.c\ -um_serial_io.h\ -um_serial_io_api.h\ -um_serial_io_internal.h +sio_char.h\ +siochar.c +4.) Prepare loader project ++ Download Example packages from [RZ/N2L Group Example of separating loader program and application program projects](https://www.renesas.com/en/document/scd/11691006?language=en&r=1622651) and unzip the archived file. ++ Unzip `RZN2L_loader_application\gcc\xspi0bootx1\Loader_application_projects.zip ++ Copy `RZN2L_bsp_xspi0bootx1_loader` and `RZN2L_bsp_xspi0bootx1_app` to `\IDE\Renesas\e2studio\RZN2L` folder ++ Import `RZN2L_bsp_xspi0bootx1_loader` from `e2studio` -+ Open um_serial_io_task_writer.c and re-name printf to uart_printf +## Build `test_RZN2L` +1). Modify `fsp/src/bsp/cmsis/Device/RENESAS/Source/cr/startup_core.c`: +ORIGINAL +``` +BSP_TARGET_ARM BSP_ATTRIBUTE_STACKLESS void __Vectors (void) +{ + __asm volatile ( + " ldr pc,=Reset_Handler \n" +``` +==> -3.) Build `test_RZN2L` project +MODIFIED +``` +BSP_TARGET_ARM BSP_ATTRIBUTE_STACKLESS void __Vectors (void) +{ + __asm volatile ( +#if 0 + " ldr pc,=Reset_Handler \n" +#else + " ldr pc,=local_system_init \n" +#endif +``` +1). Modify `fsp/src/bsp/cmsis/Device/RENESAS/Source/startup.c`: -## Run `test_RZN2L` +ORIGINAL +``` +void SystemInit (void) +{ +#if BSP_CFG_EARLY_INIT +... +#if BSP_CFG_C_RUNTIME_INIT -1). Right click the project and Select menu `Debug` -> `Renesas GDB Hardware debugging` + /* Copy the loader data from external Flash to internal RAM. */ + bsp_loader_data_init(); -2). Select J-Link ARM and R9A07G084M04 + /* Clear loader bss section in internal RAM. */ + bsp_loader_bss_init(); +#endif +... +#if !(BSP_CFG_RAM_EXECUTION) -3). Break at Entry point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da + /* Copy the application program from external Flash to internal RAM. */ + bsp_copy_to_ram(); + + /* Clear bss section in internal RAM. */ + bsp_application_bss_init(); +#endif +... +} +``` + +==> + +MODIFIED +``` +BSP_TARGET_ARM void mpu_cache_init (void) +{ +... +if BSP_CFG_C_RUNTIME_INIT && !defined(EXTERNAL_LOADER_APP) + + /* Copy the loader data from external Flash to internal RAM. */ + bsp_loader_data_init(); + + /* Clear loader bss section in internal RAM. */ + bsp_loader_bss_init(); +#endif +... +#if !(BSP_CFG_RAM_EXECUTION) && !defined(EXTERNAL_LOADER_APP) + + /* Copy the application program from external Flash to internal RAM. */ + /* bsp_copy_to_ram(); */ + + /* Clear bss section in internal RAM. */ + bsp_application_bss_init(); +#endif +... +} +``` +2). Copy contenst of `fsp_xspi0_boot_app.ld` of `RZN2L_bsp_xspi0bootx1_app\script\` to `test_RZN2L\script\fsp_xspi0_boot.ld` + +3). Right click the project and Select menu `Debug` -> `Renesas GDB Hardware debugging` + +4). Select J-Link ARM and R9A07G084M04 +5). Build `test_RZN2L` + +## Build loader project ++ Modify `src/Flash_section.s`: + +ORIGINAL +``` +.incbin "../../RZN2L_bsp_xspi0bootx1_app/Debug/RZN2L_bsp_xspi0bootx1_app.bin" +``` + +==> + +MODIFIED +``` +.incbin "../../test/Debug/test_RZN2L.bin" +``` ++ Modify `Load Image and Symbol`. Open `Debug Configuration` -> Open `Statup` tab -> Replace `RZN2L_bsp_xspi0bootx1_app.elf` to `test_RZN2L.elf` + +## Run loader and `test_RZN2L` ++ Run the loader project ++ Loader download `test_RZN2L` binary from flash to system ram and execute it. ++ Note: It recommends to re-build the loader project when re-building `test_RZN2L` ## Run TLS 1.3 Client 1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h` diff --git a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h index 345f9b150..8aa255aea 100644 --- a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h +++ b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h @@ -20,6 +20,7 @@ */ /* Operating Environment and Threading */ #if defined(WOLFSSL_RENESAS_RSIP) + #define WOLFSSL_RENESAS_RZFSP_VER 200 /* FSP SM stands for Flexible Software Package Security Module * WOLFSSL_RENESAS_FSPSM enables fundamental code when it uses. * e.g. Open/Close/Random generator @@ -104,7 +105,9 @@ #endif #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY) + #define WOLF_CRYPTO_CB_RSA_PAD #define WOLFSSL_KEY_GEN + #define RSA_MIN_SIZE 512 #endif int uart_printf (const char *__restrict format, ...); @@ -112,4 +115,7 @@ int uart_printf (const char *__restrict format, ...); #define printf uart_printf #define TEST_SLEEP() vTaskDelay(50) +#if defined(WOLFSSL_RENESAS_RSIP) #define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock +#endif + diff --git a/IDE/Renesas/e2studio/RZN2L/include.am b/IDE/Renesas/e2studio/RZN2L/include.am index 88ccadfc7..7e1cc471f 100644 --- a/IDE/Renesas/e2studio/RZN2L/include.am +++ b/IDE/Renesas/e2studio/RZN2L/include.am @@ -10,7 +10,7 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c -EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h diff --git a/IDE/Renesas/e2studio/RZN2L/test/.cproject b/IDE/Renesas/e2studio/RZN2L/test/.cproject index 98caa7842..561cbf7d7 100644 --- a/IDE/Renesas/e2studio/RZN2L/test/.cproject +++ b/IDE/Renesas/e2studio/RZN2L/test/.cproject @@ -43,7 +43,7 @@ @@ -154,7 +184,7 @@